diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml deleted file mode 100644 index 7587445bc960..000000000000 --- a/.azure-pipelines.yml +++ /dev/null @@ -1,202 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -# Starter pipeline -# Start with a minimal pipeline that you can customize to build and deploy your code. -# Add steps that build, run tests, deploy, and more: -# https://aka.ms/yaml - -trigger: - branches: - include: - - 'master' - - '*/ci' - -pr: - branches: - include: - - 'master' - -stages: - -########################################## -### Linux jobs first -########################################## - -- stage: linux - dependsOn: [] - jobs: - - job: ubuntu - # define defaults to make sure variables are always expanded/replaced - variables: - install: '' - configure: '' - tests: '!433' - timeoutInMinutes: 60 - pool: - vmImage: 'ubuntu-latest' - strategy: - matrix: - default: - name: default - install: jsonlint - configure: --enable-debug --with-openssl - disable_ipv6: - name: w/o IPv6 - configure: --disable-ipv6 --with-openssl - disable_http_smtp_imap: - name: w/o HTTP/SMTP/IMAP - configure: --disable-http --disable-smtp --disable-imap --without-openssl - disable_thredres: - name: sync resolver - configure: --disable-threaded-resolver --with-openssl - https_only: - name: HTTPS only - configure: --disable-dict --disable-file --disable-ftp --disable-gopher --disable-imap --disable-ldap --disable-pop3 --disable-rtmp --disable-rtsp --disable-scp --disable-sftp --disable-smb --disable-smtp --disable-telnet --disable-tftp --with-openssl - torture: - name: torture - install: libnghttp2-dev - configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl - tests: -n -t --shallow=40 !FTP - steps: - - script: sudo apt-get update && sudo apt-get install -y stunnel4 python3-impacket libzstd-dev libbrotli-dev $(install) - displayName: 'apt install' - - - script: ./buildconf && ./configure --enable-warnings --enable-werror $(configure) - displayName: 'configure $(name)' - - - script: make V=1 && cd tests && make V=1 - displayName: 'compile' - - - script: make test-nonflaky - displayName: 'test' - env: - AZURE_ACCESS_TOKEN: "$(System.AccessToken)" - TFLAGS: "-r $(tests)" - -########################################## -### Windows jobs below -########################################## - -- stage: windows - dependsOn: [] - variables: - agent.preferPowerShellOnContainers: true - jobs: - - job: windows - # define defaults to make sure variables are always expanded/replaced - variables: - container_img: '' - container_cmd: '' - configure: '' - tests: '' - timeoutInMinutes: 120 - pool: - vmImage: 'windows-2019' - strategy: - matrix: - msys2_mingw32_debug_openssl: - name: 32-bit OpenSSL/libssh2 - container_img: mback2k/curl-docker-winbuildenv-msys2-mingw32:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --with-libssh2 --with-openssl - tests: ~571 ~612 ~1056 ~1299 !SCP - msys2_mingw64_debug_openssl: - name: 64-bit OpenSSL/libssh2 - container_img: mback2k/curl-docker-winbuildenv-msys2-mingw64:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --with-libssh2 --with-openssl - tests: ~571 ~612 ~1056 ~1299 !SCP - msys1_mingw_debug: - name: 32-bit (legacy) - container_img: mback2k/curl-docker-winbuildenv-msys1-mingw:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --without-ssl - tests: ~203 ~1056 ~1143 - msys1_mingw32_debug: - name: 32-bit w/o zlib - container_img: mback2k/curl-docker-winbuildenv-msys1-mingw32:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --without-zlib --without-ssl - tests: ~203 ~1056 ~1143 ~1299 - msys1_mingw64_debug: - name: 64-bit w/o zlib - container_img: mback2k/curl-docker-winbuildenv-msys1-mingw64:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --without-zlib --without-ssl - tests: ~203 ~1056 ~1143 ~1299 - msys2_mingw32_debug_schannel: - name: 32-bit Schannel/SSPI/WinIDN/libssh2 - container_img: mback2k/curl-docker-winbuildenv-msys2-mingw32:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP - msys2_mingw64_debug_schannel: - name: 64-bit Schannel/SSPI/WinIDN/libssh2 - container_img: mback2k/curl-docker-winbuildenv-msys2-mingw64:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP - msys1_mingw_debug_schannel: - name: 32-bit Schannel/SSPI/WinIDN (legacy) - container_img: mback2k/curl-docker-winbuildenv-msys1-mingw:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --enable-sspi --with-schannel --with-winidn - tests: ~203 ~305 ~310 ~311 ~312 ~313 ~404 ~1056 ~1143 ~2034 ~2035 ~2037 ~2038 ~2041 ~2042 ~2048 ~3000 ~3001 - msys1_mingw32_debug_schannel: - name: 32-bit Schannel/SSPI/WinIDN w/o zlib - container_img: mback2k/curl-docker-winbuildenv-msys1-mingw32:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --without-zlib - tests: ~203 ~310 ~1056 ~1143 ~1299 ~2034 ~2037 ~2041 ~3000 ~3001 - msys1_mingw64_debug_schannel: - name: 64-bit Schannel/SSPI/WinIDN w/o zlib - container_img: mback2k/curl-docker-winbuildenv-msys1-mingw64:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --without-zlib - tests: ~203 ~310 ~1056 ~1143 ~1299 ~2034 ~2037 ~2041 ~3000 ~3001 - container: - image: $(container_img) - env: - MSYS2_PATH_TYPE: inherit - steps: - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && $(prepare)" - displayName: 'prepare' - condition: variables.prepare - - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && ./buildconf && ./configure $(configure)" - displayName: 'configure $(name)' - - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && make V=1 && cd tests && make V=1" - displayName: 'compile' - - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && make V=1 install && PATH=/usr/bin:/bin find . -type f -path '*/.libs/*.exe' -print -execdir mv -t .. {} \;" - displayName: 'install' - - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && make V=1 test-nonflaky" - displayName: 'test' - env: - AZURE_ACCESS_TOKEN: "$(System.AccessToken)" - TFLAGS: "-vc /usr/bin/curl.exe -r -rm $(tests)" diff --git a/.circleci/config.yml b/.circleci/config.yml index 67372b6582bd..30eec16e5ae0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,56 +18,187 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/2.0/configuration-reference +# View these jobs in the browser: https://app.circleci.com/pipelines/github/curl/curl + +# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/configuration-reference/ version: 2.1 commands: + install-cares: + steps: + - run: + command: | + sudo apt-get update && sudo apt-get install -y libc-ares-dev + + install-libssh: + steps: + - run: + command: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update && sudo apt-get install -y libssh-dev + + install-deps: + steps: + - run: + command: | + sudo apt-get update && sudo apt-get install -y libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev python3-pip + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/requirements.txt + configure: steps: - run: command: | - ./buildconf - ./configure --enable-warnings --enable-werror --with-openssl + autoreconf -fi + ./configure --disable-dependency-tracking --enable-option-checking=fatal --enable-unity --enable-werror --enable-warnings \ + --with-openssl \ + || { tail -1000 config.log; false; } + + configure-no-proxy: + steps: + - run: + command: | + autoreconf -fi + ./configure --disable-dependency-tracking --enable-option-checking=fatal --enable-unity --enable-werror \ + --with-openssl --disable-proxy \ + || { tail -1000 config.log; false; } + + configure-libssh: + steps: + - run: + command: | + autoreconf -fi + ./configure --disable-dependency-tracking --enable-option-checking=fatal --enable-unity --enable-werror --enable-warnings \ + --with-openssl --with-libssh \ + || { tail -1000 config.log; false; } + + configure-cares: + steps: + - run: + command: | + autoreconf -fi + ./configure --disable-dependency-tracking --enable-option-checking=fatal --enable-unity --enable-werror --enable-warnings \ + --with-openssl --enable-ares \ + || { tail -1000 config.log; false; } + + configure-cares-debug: + steps: + - run: + command: | + autoreconf -fi + ./configure --disable-dependency-tracking --enable-option-checking=fatal --enable-unity --enable-werror --enable-debug \ + --with-openssl --enable-ares \ + || { tail -1000 config.log; false; } build: steps: - - run: make + - run: make -j3 V=1 + - run: src/curl --disable --version + - run: make -j3 V=1 examples test: steps: - - run: make test-nonflaky + - run: + command: | + source ~/venv/bin/activate + # Revert a CircleCI-specific local setting that makes test 1459 + # return 67 (CURLE_LOGIN_DENIED) instead of the + # expected 60 (CURLE_PEER_FAILED_VERIFICATION). + echo 'StrictHostKeyChecking yes' >> ~/.ssh/config + make -j3 V=1 test-ci TFLAGS='-j14' executors: ubuntu: machine: - image: ubuntu-2004:202010-01 + image: ubuntu-2204:2025.09.1 jobs: basic: executor: ubuntu steps: - checkout + - install-deps - configure - build - test + no-proxy: + executor: ubuntu + steps: + - checkout + - install-deps + - configure-no-proxy + - build + - test + + cares: + executor: ubuntu + steps: + - checkout + - install-deps + - install-cares + - configure-cares + - build + - test + + libssh: + executor: ubuntu + steps: + - checkout + - install-deps + - install-libssh + - configure-libssh + - build + - test + arm: machine: - image: ubuntu-2004:202101-01 + image: ubuntu-2204:2025.09.1 resource_class: arm.medium steps: - checkout + - install-deps - configure - build - test + arm-cares: + machine: + image: ubuntu-2204:2025.09.1 + resource_class: arm.medium + steps: + - checkout + - install-deps + - install-cares + - configure-cares-debug + - build + - test + workflows: x86-openssl: jobs: - basic + openssl-c-ares: + jobs: + - cares + + openssl-libssh: + jobs: + - libssh + + openssl-no-proxy: + jobs: + - no-proxy + arm-openssl: jobs: - arm + + arm-openssl-c-ares: + jobs: + - arm-cares diff --git a/.cirrus.yml b/.cirrus.yml deleted file mode 100644 index 33047ba2673a..000000000000 --- a/.cirrus.yml +++ /dev/null @@ -1,129 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -# Cirrus CI configuration -# https://cirrus-ci.com/github/curl/curl - -freebsd_task: - name: FreeBSD - - matrix: - # A stable 13.0 image likely won't be available before early 2021 - # image_family: freebsd-13-0-snap - - name: FreeBSD 12.2 - freebsd_instance: - image_family: freebsd-12-2 - - name: FreeBSD 11.4 - freebsd_instance: - image_family: freebsd-11-4 - - env: - CIRRUS_CLONE_DEPTH: 10 - MAKE_FLAGS: -j 2 - - pkginstall_script: - - pkg update -f - - pkg install -y autoconf automake libtool pkgconf brotli openldap-client heimdal libpsl libssh2 openssh-portable libidn2 librtmp libnghttp2 nghttp2 stunnel - - case `python -V` in - Python?3.7*) pkg install -y py37-impacket ;; - Python?2.7*) pkg install -y py27-impacket ;; - esac - - pkg delete -y curl - configure_script: - - ./buildconf - - case `uname -r` in - 12.1*) - export CC=clang; - export CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g"; - export CXXFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g"; - export LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer" ;; - esac - - ./configure --prefix="${HOME}"/install --enable-debug --with-openssl --with-libssh2 --with-brotli --with-gssapi --with-libidn2 --enable-manual --enable-ldap --enable-ldaps --with-librtmp --with-libpsl --with-nghttp2 || { tail -300 config.log; false; } - compile_script: - - make V=1 && cd tests && make V=1 - test_script: - # blackhole? - - sysctl net.inet.tcp.blackhole - # make sure we don't run blackhole != 0 - - sudo sysctl net.inet.tcp.blackhole=0 - # Some tests won't run if run as root so run them as another user. - # Make directories world writable so the test step can write wherever it needs. - - find . -type d -exec chmod 777 {} \; - # The OpenSSH server instance for the testsuite cannot be started on FreeBSD, - # therefore the SFTP and SCP tests are disabled right away from the beginning. - - sudo -u nobody make V=1 TFLAGS="-n -a -p !flaky !SFTP !SCP" test-nonflaky - install_script: - - make V=1 install - -windows_task: - name: Windows - timeout_in: 90m - windows_container: - image: ${container_img} - - matrix: - - name: Windows 32-bit shared/release Schannel/SSPI/WinIDN/libssh2 - env: - container_img: mback2k/curl-docker-winbuildenv-msys2-mingw32:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP - - name: Windows 32-bit static/release Schannel/SSPI/WinIDN/libssh2 - env: - container_img: mback2k/curl-docker-winbuildenv-msys2-mingw32:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --disable-shared --enable-static - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP - curl_LDFLAGS: -all-static - PKG_CONFIG: pkg-config --static - - name: Windows 64-bit shared/release Schannel/SSPI/WinIDN/libssh2 - env: - container_img: mback2k/curl-docker-winbuildenv-msys2-mingw64:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP - - name: Windows 64-bit static/release Schannel/SSPI/WinIDN/libssh2 - env: - container_img: mback2k/curl-docker-winbuildenv-msys2-mingw64:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --disable-shared --enable-static - tests: ~165 ~310 ~571 ~612 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001 !SCP - curl_LDFLAGS: -all-static - PKG_CONFIG: pkg-config --static - - env: - CIRRUS_CLONE_DEPTH: 10 - MSYS2_PATH_TYPE: inherit - - prepare_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && %prepare%" - configure_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && ./buildconf && ./configure %configure%" - compile_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && make V=1 && cd tests && make V=1" - install_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && make V=1 install && PATH=/usr/bin:/bin find . -type f -path '*/.libs/*.exe' -print -execdir mv -t .. {} \;" - test_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && make V=1 TFLAGS='-r -rm %tests%' test-nonflaky" diff --git a/.clang-tidy.yml b/.clang-tidy.yml new file mode 100644 index 000000000000..3b3be699de04 --- /dev/null +++ b/.clang-tidy.yml @@ -0,0 +1,48 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +--- +# https://clang.llvm.org/extra/clang-tidy/ + +# https://clang.llvm.org/extra/clang-tidy/checks/list.html +Checks: + - clang-analyzer-* + - -clang-analyzer-optin.performance.Padding + - -clang-analyzer-security.ArrayBound # due to false positives with clang-tidy v21.1.0 + - -clang-analyzer-security.insecureAPI.bzero # for FD_ZERO() (seen on macOS) + - -clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling + - -clang-diagnostic-nullability-extension + - bugprone-assert-side-effect + - bugprone-chained-comparison + - bugprone-dynamic-static-initializers + - bugprone-macro-parentheses + - bugprone-macro-repeated-side-effects + - bugprone-misplaced-operator-in-strlen-in-alloc + - bugprone-misplaced-pointer-arithmetic-in-alloc + - bugprone-not-null-terminated-result + - bugprone-posix-return + - bugprone-redundant-branch-condition + - bugprone-signed-char-misuse + - bugprone-suspicious-enum-usage + - bugprone-suspicious-memset-usage + - bugprone-suspicious-missing-comma + - bugprone-suspicious-realloc-usage + - bugprone-suspicious-semicolon + - misc-const-correctness + - misc-header-include-cycle + - portability-* + - readability-duplicate-include + - readability-math-missing-parentheses + - readability-named-parameter + - readability-redundant-control-flow + - readability-redundant-declaration + - readability-redundant-function-ptr-dereference + - readability-redundant-parentheses + - readability-redundant-preprocessor + - readability-suspicious-call-argument + - readability-uppercase-literal-suffix + +CheckOptions: + misc-header-include-cycle.IgnoredFilesList: 'curl/curl.h' + +HeaderFilterRegex: '.*' # Default in v22.1.0+ diff --git a/.dcignore b/.dcignore deleted file mode 100644 index 73b1e71692a4..000000000000 --- a/.dcignore +++ /dev/null @@ -1,3 +0,0 @@ -tests/** -docs/** -docs/examples/** diff --git a/.dir-locals.el b/.dir-locals.el index 06dc613f23ab..f6248c2eca2a 100644 --- a/.dir-locals.el +++ b/.dir-locals.el @@ -5,7 +5,7 @@ ;;; | (__| |_| | _ <| |___ ;;; \___|\___/|_| \_\_____| ;;; -;;; Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +;;; Copyright (C) Daniel Stenberg, , et al. ;;; ;;; This software is licensed as described in the file COPYING, which ;;; you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ ;;; This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ;;; KIND, either express or implied. ;;; +;;; SPDX-License-Identifier: curl +;;; ;;;*************************************************************************** ;;; Directory Local Variables ;;; See Info node `(emacs) Directory Variables' for more information. diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 000000000000..edcc4629fba9 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,18 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +root = true + +[*] +charset = utf-8 +insert_final_newline = true +indent_style = space +trim_trailing_whitespace = true + +[*.{c,h}] +indent_size = 2 +max_line_length = 79 + +[*.{pl,pm}] +indent_size = 4 diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs new file mode 100644 index 000000000000..c627bfd69bf6 --- /dev/null +++ b/.git-blame-ignore-revs @@ -0,0 +1,6 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +# Make repository REUSE compliant +ad9bc5976d6661cd5b03ebc379313bf657701c14 diff --git a/.gitattributes b/.gitattributes index 691da62282df..41a5aff8dcbc 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,4 +1,7 @@ -*.dsw -crlf +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + buildconf eol=lf configure.ac eol=lf *.m4 eol=lf @@ -7,8 +10,6 @@ configure.ac eol=lf *.sh eol=lf *.[ch] whitespace=tab-in-indent -# Batch files (bat,btm,cmd) must be run with CRLF line endings. +# Batch files must be run with CRLF line endings. # Refer to https://github.com/curl/curl/pull/6442 *.bat text eol=crlf -*.btm text eol=crlf -*.cmd text eol=crlf diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 000000000000..7e1eea50ffa6 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,3 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 48c2ba0a5baa..6121de5b8be0 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -1,23 +1,22 @@ -How to contribute to curl -========================= + - 1. Click 'watch' on the GitHub repo +# How to contribute to curl - 2. Subscribe to the suitable [mailing lists](https://curl.se/mail/) +## Join the community -Read [CONTRIBUTE](../docs/CONTRIBUTE.md) ---------------------------------------- +1. Click 'watch' on the GitHub repo +2. Subscribe to the suitable [mailing lists](https://curl.se/mail/) -Send your suggestions using one of these methods: -------------------------------------------------- +## Read [CONTRIBUTE](/docs/CONTRIBUTE.md) - 1. in a mail to the mailing list +## Send your suggestions using one of these methods: - 2. as a [pull request](https://github.com/curl/curl/pulls) +1. in a mail to the mailing list +2. as a [pull request](https://github.com/curl/curl/pulls) +3. as an [issue](https://github.com/curl/curl/issues) - 3. as an [issue](https://github.com/curl/curl/issues) - -/ The curl team! +/ The curl team diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index cbcc2747c47d..f02b2d3f1b91 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,2 +1,6 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + github: curl open_collective: curl diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 2c1baec81f4d..000000000000 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: '' -labels: '' -assignees: '' - ---- - - - -### I did this - -### I expected the following - -### curl/libcurl version - -[curl -V output] - -### operating system - - diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 000000000000..c2b79901afbd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,50 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Bug Report on code +description: Tell us about your problem with curl or libcurl + +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Only file bugs here! Ask questions on the mailing lists https://curl.se/mail/ + + **SECURITY RELATED?** Submit here: https://hackerone.com/curl + + - type: textarea + id: reproducer + attributes: + label: I did this + validations: + required: false + + - type: textarea + id: expected-behaviour + attributes: + label: I expected the following + validations: + required: false + + - type: textarea + id: version + attributes: + label: curl/libcurl version + description: | + Please paste the output of `curl -V` here. + placeholder: 'curl 8.18.0' + validations: + required: true + + - type: textarea + id: os + attributes: + label: operating system + description: | + On Unix please post the output of `uname -a` here. + placeholder: 'Fedora Linux 38' + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index b16554c6eca8..bce618da79fe 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,11 +1,18 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + blank_issues_enabled: false contact_links: - - name: Feature request - url: https://curl.se/mail/ - about: To propose new features or enhancements, please bring that discussion to a suitable curl mailing list. - - name: Question + - name: Ask a question (without email) + url: https://github.com/curl/curl/discussions + about: Use the Discussion forum here on GitHub + - name: Ask a question (using email) url: https://curl.se/mail/ - about: Questions should go to the mailing list + about: Send question to the suitable mailing list - name: Commercial support url: https://curl.se/support.html - about: Several companies are offering paid support for curl/libcurl + about: Pay for fast quality support for and help with curl/libcurl + - name: Feature request + url: https://curl.se/mail/ + about: To propose new features or enhancements, please bring that discussion to a suitable curl mailing list. diff --git a/.github/ISSUE_TEMPLATE/docs.yml b/.github/ISSUE_TEMPLATE/docs.yml new file mode 100644 index 000000000000..1b60a597adf0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/docs.yml @@ -0,0 +1,32 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Bug Report on documentation +description: Problems, errors, mistakes or typos in documentation. +labels: documentation + +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Only file documentation bugs here! Ask questions on the mailing lists https://curl.se/mail/ + + - type: textarea + id: source + attributes: + label: Specify which documentation you found a problem with + description: | + Include function name, URL, tarball version and all other relevant + details that identify the documentation source. + validations: + required: true + + - type: textarea + id: problem + attributes: + label: The problem + validations: + required: true diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000000..c68d6301ef4f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,38 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +# https://docs.github.com/code-security/dependabot/working-with-dependabot/dependabot-options-reference + +version: 2 +updates: + - package-ecosystem: 'github-actions' + directory: '/' + schedule: + interval: 'monthly' + cooldown: + default-days: 7 + groups: + gha-dependencies: + patterns: + - '*' + commit-message: + prefix: 'GHA:' + + - package-ecosystem: 'pip' + directories: + - '.github/scripts' + - 'tests' + schedule: + interval: 'monthly' + cooldown: + default-days: 7 + semver-major-days: 15 + semver-minor-days: 7 + semver-patch-days: 3 + groups: + pip-dependencies: + patterns: + - '*' + commit-message: + prefix: 'GHA:' diff --git a/.github/labeler.yml b/.github/labeler.yml new file mode 100644 index 000000000000..d619d511484b --- /dev/null +++ b/.github/labeler.yml @@ -0,0 +1,514 @@ +# Copyright (C) Daniel Fandrich, , et al. +# +# SPDX-License-Identifier: curl + +# The workflow configures the .github/workflows/label.yml action +# to add labels to pull requests. This is not (yet?) a replacement for human +# triaging, but is intended to add labels to the easy cases. If the matching +# language becomes more powerful, more cases should be able to be handled. +# +# Labels are added in two ways: the any-glob-to-all-files ones are added if all +# the files fit into the category, and the any-glob-to-any-file ones are added +# as long as any file matches. The first ones are for "major" categories (the +# PR is all about that one topic, like HTTP/3), while the second ones are +# "addendums" that give useful information about a PR that is really mostly +# something else (e.g. CI if the PR also touches CI jobs). +# +# N.B. any-glob-to-all-files is misnamed; it acts like one-glob-to-all-files. +# Therefore, to get any-glob-to-all-files semantics with multiple matching +# patterns, they must be joined with commas to a single string surrounded by +# braces. For example: '{lib/**,src/**}'. +# +# See https://github.com/actions/labeler/ for documentation on this file. +--- + +appleOS: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + .github/workflows/macos.yml,\ + lib/config-mac.h,\ + lib/macos*\ + }" + +authentication: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/mk-ca-bundle.1,\ + docs/libcurl/opts/CURLINFO_HTTPAUTH*,\ + docs/libcurl/opts/CURLINFO_PROXYAUTH*,\ + docs/libcurl/opts/CURLOPT_KRB*,\ + docs/libcurl/opts/CURLOPT_SASL*,\ + docs/libcurl/opts/CURLOPT_SERVICE_NAME*,\ + docs/libcurl/opts/CURLOPT_USERNAME*,\ + docs/libcurl/opts/CURLOPT_USERPWD*,\ + docs/libcurl/opts/CURLOPT_XOAUTH*,\ + lib/*gssapi*,\ + lib/*krb5*,\ + lib/*ntlm*,\ + lib/curl_sasl.*,\ + lib/http_aws*,\ + lib/http_digest.*,\ + lib/http_negotiate.*,\ + lib/vauth/**\ + }" + +build: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + **/CMakeLists.txt,\ + **/Makefile.am,\ + **/Makefile.inc,\ + **/*.m4,\ + **/*.mk,\ + *.m4,\ + docs/INSTALL-CMAKE.md,\ + lib/curl_config-cmake.h.in,\ + lib/libcurl*.in,\ + CMake/**,\ + CMakeLists.txt,\ + configure.ac,\ + m4/**,\ + Makefile.*,\ + projects/**,\ + lib/libcurl.def,\ + tests/cmake/**\ + }" + +CI: + - all: + - changed-files: + - any-glob-to-any-file: + - '.circleci/**' + - '.github/**' + - 'appveyor.*' + - 'scripts/ci*' + - 'tests/azure.pm' + - 'tests/appveyor.pm' + - 'tests/CI.md' + +cmake: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + **/CMakeLists.txt,\ + CMake/**,\ + docs/INSTALL-CMAKE.md,\ + lib/curl_config-cmake.h.in,\ + tests/cmake/**\ + }" + +cmdline tool: + - all: + - changed-files: + - any-glob-to-any-file: + - 'docs/cmdline-opts/**' + - 'src/**' + +connecting & proxies: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/internals/CONNECTION-FILTERS.md,\ + docs/examples/ipv6.c,\ + docs/libcurl/opts/CURLINFO_CONNECT*,\ + docs/libcurl/opts/CURLINFO_PROXY*,\ + docs/libcurl/opts/CURLOPT_ADDRESS*,\ + docs/libcurl/opts/CURLOPT_CONNECT*,\ + docs/libcurl/opts/CURLOPT_HAPROXY*,\ + docs/libcurl/opts/CURLOPT_OPENSOCKET*,\ + docs/libcurl/opts/CURLOPT_PRE_PROXY*,\ + docs/libcurl/opts/CURLOPT_PROXY*,\ + docs/libcurl/opts/CURLOPT_SOCKOPT*,\ + docs/libcurl/opts/CURLOPT_SOCKS*,\ + docs/libcurl/opts/CURLOPT_TCP*,\ + docs/libcurl/opts/CURLOPT_TIMEOUT*,\ + lib/cf-*proxy.*,\ + lib/cf-socket.*,\ + lib/cfilters.*,\ + lib/conncache.*,\ + lib/connect.*,\ + lib/http_proxy.*,\ + lib/if2ip.*,\ + lib/noproxy.*,\ + lib/socks.*,\ + tests/server/socksd.c\ + }" + +cookies: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/HTTP-COOKIES.md,\ + docs/cmdline-opts/cookie*,\ + docs/cmdline-opts/junk-session-cookies.md,\ + docs/libcurl/opts/CURLINFO_COOKIE*,\ + docs/libcurl/opts/CURLOPT_COOKIE*,\ + docs/examples/cookie_interface.c,\ + lib/cookie.*,\ + lib/psl.*\ + }" + +cryptography: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/CIPHERS.md,\ + docs/RUSTLS.md,\ + docs/libcurl/opts/CURLOPT_EGDSOCKET*,\ + lib/*sha256*,\ + lib/*sha512*,\ + lib/curl_hmac.*,\ + lib/curl_md?.*,\ + lib/curl_ntlm_core.*,\ + lib/md?.*,\ + lib/rand.*\ + }" + +DICT: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + lib/dict.*,\ + tests/dictserver.py\ + }" + +documentation: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + .github/workflows/checkdocs.yml,\ + .github/scripts/badwords.*,\ + .github/scripts/cd2cd,\ + .github/scripts/cd2nroff,\ + .github/scripts/cdall.pl,\ + .github/scripts/nroff2cd,\ + .github/scripts/verify-examples.pl,\ + .github/scripts/verify-synopsis.pl,\ + **/*.md,\ + **/*.txt,\ + **/*.1,\ + CHANGES.md,\ + docs/**,\ + LICENSES/**,\ + README,\ + RELEASE-NOTES,\ + scripts/cd*\ + }" + - all-globs-to-all-files: + # negative matches + - '!**/CMakeLists.txt' + - '!**/Makefile.am' + +FTP: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/libcurl/opts/CURLINFO_FTP*,\ + docs/libcurl/opts/CURLOPT_FTP*,\ + docs/libcurl/opts/CURLOPT_WILDCARDMATCH*,\ + docs/examples/ftp*,\ + lib/curl_fnmatch.*,\ + lib/curl_range.*,\ + lib/ftp*,\ + tests/ftp*\ + }" + +GOPHER: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + lib/gopher*\ + }" + +HTTP: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/examples/hsts*,\ + docs/examples/http-*,\ + docs/examples/httpput*,\ + docs/examples/https*,\ + docs/examples/*post*,\ + docs/HTTP-COOKIES.md,\ + docs/libcurl/opts/CURLINFO_COOKIE*,\ + docs/libcurl/opts/CURLOPT_COOKIE*,\ + docs/libcurl/opts/CURLINFO_HTTP_**,\ + docs/libcurl/opts/CURLINFO_REDIRECT*,\ + docs/libcurl/opts/CURLINFO_REFER*,\ + docs/libcurl/opts/CURLOPT_FOLLOWLOCATION*,\ + docs/libcurl/opts/CURLOPT_HSTS*,\ + docs/libcurl/opts/CURLOPT_HTTP*,\ + docs/libcurl/opts/CURLOPT_POST.*,\ + docs/libcurl/opts/CURLOPT_POSTFIELD*,\ + docs/libcurl/opts/CURLOPT_POSTREDIR*,\ + docs/libcurl/opts/CURLOPT_REDIR*,\ + docs/libcurl/opts/CURLOPT_REFER*,\ + docs/libcurl/opts/CURLOPT_TRAILER*,\ + docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING*,\ + lib/cf-https*,\ + lib/cf-h1*,\ + lib/cf-h2*,\ + lib/cookie.*,\ + lib/hsts.*,\ + lib/http*,\ + tests/http*,\ + tests/http-server.pl,\ + tests/http/*,\ + tests/nghttp*\ + }" + +HTTP/2: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + CMake/FindNGHTTP2.cmake,\ + CMake/FindQuiche.cmake,\ + docs/libcurl/opts/CURLOPT_STREAM*,\ + docs/examples/http2*,\ + lib/http2*,\ + tests/http2-server.pl\ + }" + +HTTP/3: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + .github/workflows/ngtcp2*,\ + .github/workflows/quiche*,\ + .github/workflows/osslq*,\ + CMake/FindNGHTTP3.cmake,\ + CMake/FindNGTCP2.cmake,\ + docs/HTTP3.md,\ + docs/examples/http3*,\ + lib/vquic/**,\ + tests/http3-server.pl,\ + tests/nghttpx.conf\ + }" + +IMAP: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + lib/imap*,\ + docs/examples/imap*\ + }" + +LDAP: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + lib/*ldap*\ + }" + +libcurl API: + - all: + - changed-files: + - any-glob-to-any-file: + - 'docs/libcurl/ABI.md' + - 'docs/libcurl/curl_*.md' + - 'include/curl/**' + +logging: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/cmdline-opts/trace*,\ + docs/libcurl/curl_global_trace*,\ + lib/curl_trc*,\ + tests/http/test_15_tracing.py\ + }" + +MIME: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/libcurl/curl_form*,\ + docs/libcurl/curl_mime_*,\ + docs/libcurl/opts/CURLOPT_MIME*,\ + docs/libcurl/opts/CURLOPT_HTTPPOST*,\ + lib/formdata*,\ + lib/mime*,\ + src/tool_formparse.*\ + }" + +MQTT: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + lib/mqtt*,\ + tests/server/mqttd.c\ + }" + +name lookup: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/examples/resolve.c,\ + docs/libcurl/opts/CURLINFO_NAMELOOKUP*,\ + docs/libcurl/opts/CURLOPT_DNS*,\ + docs/libcurl/opts/CURLOPT_DOH*,\ + docs/libcurl/opts/CURLOPT_RESOLVE*,\ + lib/asyn*,\ + lib/curl_gethostname.*,\ + lib/doh*,\ + lib/host*,\ + lib/idn*,\ + lib/inet_pton.*,\ + lib/socketpair*,\ + tests/server/resolve.c\ + }" + +POP3: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/examples/pop3*,\ + lib/pop3.*\ + }" + +RTSP: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/libcurl/opts/CURLINFO_RTSP*,\ + docs/libcurl/opts/CURLOPT_RTSP*,\ + lib/rtsp.*,\ + tests/rtspserver.pl,\ + tests/server/rtspd.c\ + }" + +SCP/SFTP: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + CMake/FindLibssh2.cmake,\ + docs/libcurl/opts/CURLOPT_SSH*,\ + docs/examples/sftp*,\ + lib/vssh/**,\ + tests/sshhelp.pm,\ + tests/sshserver.pl\ + }" + +script: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + **/*.pl,\ + **/*.sh,\ + curl-config.in,\ + docs/curl-config.1,\ + docs/mk-ca-bundle.1,\ + docs/THANKS-filter,\ + scripts/**\ + }" + +SMB: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + lib/smb.*,\ + tests/smbserver.py\ + }" + +SMTP: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/examples/smtp-*,\ + docs/libcurl/opts/CURLOPT_MAIL*,\ + lib/smtp.*\ + }" + +tests: + - all: + - changed-files: + - any-glob-to-any-file: + - 'tests/**' + +TFTP: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + lib/tftp.*,\ + tests/tftpserver.pl,\ + tests/server/tftp*\ + }" + +TLS: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + CMake/FindGnuTLS.cmake,\ + CMake/FindMbedTLS.cmake,\ + CMake/FindWolfSSL.cmake,\ + CMake/FindRustls.cmake,\ + docs/examples/ssl*,\ + docs/examples/*ssl.*,\ + docs/examples/*tls.*,\ + docs/SSL*,\ + docs/libcurl/curl_global_sslset*,\ + docs/libcurl/opts/CURLINFO_CA*,\ + docs/libcurl/opts/CURLINFO_CERT*,\ + docs/libcurl/opts/CURLINFO_SSL*,\ + docs/libcurl/opts/CURLINFO_TLS*,\ + docs/libcurl/opts/CURLOPT_CA*,\ + docs/libcurl/opts/CURLOPT_CERT*,\ + docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY*,\ + docs/libcurl/opts/CURLOPT_SSL*,\ + docs/libcurl/opts/CURLOPT_TLS*,\ + docs/libcurl/opts/CURLOPT_USE_SSL*,\ + lib/vtls/**,\ + m4/curl-gnutls.m4,\ + m4/curl-mbedtls.m4,\ + m4/curl-openssl.m4,\ + m4/curl-rustls.m4,\ + m4/curl-schannel.m4,\ + m4/curl-wolfssl.m4\ + }" + +URL: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/libcurl/curl_url*,\ + docs/URL-SYNTAX.md,\ + docs/examples/parseurl*,\ + include/curl/urlapi.h,\ + lib/urlapi*\ + }" + +WebSocket: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + docs/internals/WEBSOCKET.md*,\ + docs/examples/websocket*,\ + docs/libcurl/curl_ws_*,\ + docs/libcurl/libcurl-ws*,\ + docs/libcurl/opts/CURLOPT_WS_*,\ + include/curl/websockets.h,\ + lib/ws.*,\ + tests/http/clients/ws*,\ + tests/http/test_20_websockets.py,\ + tests/http/testenv/ws*\ + }" + +Windows: + - all: + - changed-files: + - any-glob-to-all-files: "{\ + appveyor.*,\ + .github/workflows/windows.yml,\ + CMake/win32-cache.cmake,\ + lib/*win32*,\ + lib/curlx/multibyte.*,\ + lib/rename.*,\ + lib/vtls/schannel*,\ + m4/curl-schannel.m4,\ + projects/**,\ + src/tool_doswin.c,\ + lib/libcurl.def\ + }" diff --git a/.github/lock.yml b/.github/lock.yml index 66e79128e45b..ab30d2a82701 100644 --- a/.github/lock.yml +++ b/.github/lock.yml @@ -1,3 +1,7 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + # Configuration for lock-threads - https://github.com/dessant/lock-threads # Number of days of inactivity before a closed issue or pull request is locked diff --git a/.github/scripts/cleancmd.pl b/.github/scripts/cleancmd.pl new file mode 100755 index 000000000000..06b38f102213 --- /dev/null +++ b/.github/scripts/cleancmd.pl @@ -0,0 +1,128 @@ +#!/usr/bin/env perl +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# Input: cmdline docs markdown files, they get modified *in place* +# +# Strip off the leading meta-data/header part, remove all known curl symbols +# and long command line options. Also clean up whatever else the spell checker +# might have a problem with that we still deem is fine. +# + +use strict; +use warnings; + +my @asyms; + +open(S, "<./docs/libcurl/symbols-in-versions") + || die "cannot find symbols-in-versions"; +while() { + if(/^([^ ]*) /) { + push @asyms, $1; + } +} +close(S); + +# init the opts table with "special" options not easy to figure out +my @aopts = ( + '--ftp-ssl-reqd', # old alias + ); + +open(O, "<./docs/options-in-versions") + || die "cannot find options-in-versions"; +while() { + chomp; + if(/^([^ ]+)/) { + my $o = $1; + push @aopts, $o; + if($o =~ /^--no-(.*)/) { + # for the --no options, also make one without it + push @aopts, "--$1"; + } + elsif($o =~ /^--disable-(.*)/) { + # for the --disable options, also make the special ones + push @aopts, "--$1"; + push @aopts, "--no-$1"; + } + } +} +close(O); + +open(C, "<./.github/scripts/spellcheck.curl") + || die "cannot find spellcheck.curl"; +while() { + if(/^\#/) { + next; + } + chomp; + if(/^([^ ]+)/) { + push @asyms, $1; + } +} +close(C); + +# longest symbols first +my @syms = sort { length($b) <=> length($a) } @asyms; + +# longest cmdline options first +my @opts = sort { length($b) <=> length($a) } @aopts; + +sub process { + my ($f) = @_; + + my $ignore = 0; + my $sepcount = 0; + my $out; + my $line = 0; + open(F, "<$f") or die; + + while() { + $line++; + if(/^---/ && ($line == 1)) { + $ignore = 1; + next; + } + elsif(/^---/ && $ignore) { + $ignore = 0; + next; + } + next if($ignore); + + my $l = $_; + + # strip out backticked words + $l =~ s/`[^`]+`//g; + + # **bold** + $l =~ s/\*\*(\S.*?)\*\*//g; + # *italics* + $l =~ s/\*(\S.*?)\*//g; + + # strip out https URLs, we do not want them spellchecked + $l =~ s!https://[a-z0-9\#_/.-]+!!gi; + + $out .= $l; + } + close(F); + + # cut out all known curl cmdline options + map { $out =~ s/$_//g; } (@opts); + + # cut out all known curl symbols + map { $out =~ s/\b$_\b//g; } (@syms); + + if(!$ignore) { + open(O, ">$f") or die; + print O $out; + close(O); + } +} + +my @filemasks = @ARGV; +open(my $git_ls_files, '-|', 'git', 'ls-files', '--', @filemasks) or die "Failed running git ls-files: $!"; +while(my $f = <$git_ls_files>) { + chomp $f; + process($f); +} +close $git_ls_files; diff --git a/.github/scripts/cmp-config.pl b/.github/scripts/cmp-config.pl new file mode 100755 index 000000000000..66cb65756325 --- /dev/null +++ b/.github/scripts/cmp-config.pl @@ -0,0 +1,137 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +use strict; +use warnings; + +my $autotools = $ARGV[0]; +my $cmake = $ARGV[1]; + +if(!$cmake) { + print "Usage: cmp-config \n"; + exit; +} + +# this lists complete lines that will be removed from the output if +# matching +my %remove = ( + '#define CURL_EXTERN_SYMBOL' => 1, + '#define CURL_OS "Linux"' => 1, + '#define CURL_OS "x86_64-pc-linux-gnu"' => 1, + '#define GETHOSTNAME_TYPE_ARG2 int' => 1, + '#define GETHOSTNAME_TYPE_ARG2 size_t' => 1, + '#define HAVE_BROTLI 1' => 1, + '#define HAVE_BROTLI_DECODE_H 1' => 1, + '#define HAVE_DLFCN_H 1' => 1, + '#define HAVE_GSSAPI_GSSAPI_GENERIC_H 1' => 1, + '#define HAVE_GSSAPI_GSSAPI_H 1' => 1, + '#define HAVE_GSSAPI_GSSAPI_KRB5_H 1' => 1, + '#define HAVE_INTTYPES_H 1' => 1, + '#define HAVE_LDAP_H 1' => 1, + '#define HAVE_LDAP_SSL 1' => 1, + '#define HAVE_LIBBROTLIDEC 1' => 1, + '#define HAVE_LIBPSL_H 1' => 1, + '#define HAVE_LIBSOCKET 1' => 1, + '#define HAVE_LIBSSH' => 1, + '#define HAVE_LIBSSH2 1' => 1, + '#define HAVE_LIBSSL 1' => 1, + '#define HAVE_LIBZSTD 1' => 1, + '#define HAVE_NGHTTP2_NGHTTP2_H 1' => 1, + '#define HAVE_NGHTTP3_NGHTTP3_H 1' => 1, + '#define HAVE_NGTCP2_NGTCP2_CRYPTO_H 1' => 1, + '#define HAVE_NGTCP2_NGTCP2_H 1' => 1, + '#define HAVE_OPENSSL_CRYPTO_H 1' => 1, + '#define HAVE_OPENSSL_ERR_H 1' => 1, + '#define HAVE_OPENSSL_PEM_H 1' => 1, + '#define HAVE_OPENSSL_RSA_H 1' => 1, + '#define HAVE_OPENSSL_SSL_H 1' => 1, + '#define HAVE_QUICHE_H 1' => 1, + '#define HAVE_SSL_SET_QUIC_TLS_CBS 1' => 1, + '#define HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT 1' => 1, + '#define HAVE_STDINT_H 1' => 1, + '#define HAVE_STDIO_H 1' => 1, + '#define HAVE_STDLIB_H 1' => 1, + '#define HAVE_STRING_H 1' => 1, + '#define HAVE_SYS_STAT_H 1' => 1, + '#define HAVE_SYS_XATTR_H 1' => 1, + '#define HAVE_UNICODE_UIDNA_H 1' => 1, + '#define HAVE_WOLFSSL_SET_QUIC_USE_LEGACY_CODEPOINT 1' => 1, + '#define HAVE_ZSTD 1' => 1, + '#define HAVE_ZSTD_H 1' => 1, + '#define LT_OBJDIR ".libs/"' => 1, + '#define NEED_LBER_H 1' => 1, + '#define PACKAGE "curl"' => 1, + '#define PACKAGE_BUGREPORT "a suitable curl mailing list: https://curl.se/mail/"' => 1, + '#define PACKAGE_NAME "curl"' => 1, + '#define PACKAGE_STRING "curl -"' => 1, + '#define PACKAGE_TARNAME "curl"' => 1, + '#define PACKAGE_URL ""' => 1, + '#define PACKAGE_VERSION "-"' => 1, + '#define VERSION "-"' => 1, + '#define _FILE_OFFSET_BITS 64' => 1, + ); + +sub filter { + my ($line) = @_; + if(!$remove{$line}) { + return "$line\n"; + } + $remove{$line}++; + return ""; +} + +sub grepit { + my ($input, $output) = @_; + my @defines; + # first get all the #define lines + open(F, "<$input"); + while() { + if($_ =~ /^#def/) { + chomp; + push @defines, $_; + } + } + close(F); + + open(O, ">$output"); + + # output the sorted list through the filter + foreach my $d(sort @defines) { + print O filter($d); + } + close(O); +} + +grepit($autotools, "/tmp/autotools"); +grepit($cmake, "/tmp/cmake"); + +foreach my $v (keys %remove) { + if($remove{$v} == 1) { + print "Ignored, never matched line: $v\n"; + } +} + +# return the exit code from diff +exit system('diff', ('-u', '/tmp/autotools', '/tmp/cmake')) >> 8; diff --git a/.github/scripts/cmp-pkg-config.sh b/.github/scripts/cmp-pkg-config.sh new file mode 100755 index 000000000000..37a316218c83 --- /dev/null +++ b/.github/scripts/cmp-pkg-config.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +# Sort list of libs, libpaths, cflags found in libcurl.pc and curl-config files, +# then diff the autotools and cmake generated ones. + +sort_lists() { + prevline='' + section='' + while IFS= read -r l; do + if [[ "${prevline}" =~ (--cc|--configure) ]]; then # curl-config + echo "" + else + # libcurl.pc + if [[ "${l}" =~ ^(Requires|Libs|Cflags)(\.private)?:\ (.+)$ ]]; then + if [ "${BASH_REMATCH[1]}" = 'Requires' ]; then + # Spec does not allow duplicates here: + # https://manpages.debian.org/unstable/pkg-config/pkg-config.1.en.html#Requires: + # "You may only mention the same package one time on the Requires: line" + val="$(printf '%s' "${BASH_REMATCH[3]}" | tr ',' '\n' | sort | tr '\n' ' ')" + else + val="$(printf '%s' "${BASH_REMATCH[3]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" + fi + l="${BASH_REMATCH[1]}${BASH_REMATCH[2]}: ${val}" + # curl-config + elif [[ "${section}" =~ (--libs|--static-libs) && "${l}" =~ ^( *echo\ \")(.+)(\")$ ]]; then + val="$(printf '%s' "${BASH_REMATCH[2]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')" + l="${BASH_REMATCH[1]}${val}${BASH_REMATCH[3]}" + section='' + fi + echo "${l}" + fi + # curl-config + prevline="${l}" + if [[ "${l}" =~ --[a-z-]+\) ]]; then + section="${BASH_REMATCH[0]}" + fi + done < "$1" +} + +am=$(mktemp -t autotools.XXX); sort_lists "$1" > "${am}" +cm=$(mktemp -t cmake.XXX) ; sort_lists "$2" > "${cm}" +diff -u "${am}" "${cm}" +res="$?" +rm -r -f "${am}" "${cm}" + +exit "${res}" diff --git a/.github/scripts/codespell-ignore.words b/.github/scripts/codespell-ignore.words new file mode 100644 index 000000000000..1a5e106400a6 --- /dev/null +++ b/.github/scripts/codespell-ignore.words @@ -0,0 +1,21 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +anonymou +aNULL +bu +clen +CNA +hel +htpts +inout +PASE +passwor +perfec +proxys +seh +ser +strat +te +UE +WONT diff --git a/.github/scripts/codespell.sh b/.github/scripts/codespell.sh new file mode 100755 index 000000000000..c5ddf90a4763 --- /dev/null +++ b/.github/scripts/codespell.sh @@ -0,0 +1,22 @@ +#!/bin/sh +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +set -eu + +cd "$(dirname "${0}")"/../.. + +git ls-files -z | xargs -0 -r \ +codespell \ + --skip '.github/scripts/pyspelling.words' \ + --skip '.github/scripts/typos.toml' \ + --skip 'docs/THANKS' \ + --skip 'projects/OS400/*' \ + --skip 'projects/vms/*' \ + --skip 'RELEASE-NOTES' \ + --skip 'scripts/wcurl' \ + --skip 'tests/unit/unit1625.c' \ + --ignore-regex '.*spellchecker:disable-line' \ + --ignore-words '.github/scripts/codespell-ignore.words' \ + -- diff --git a/.github/scripts/distfiles.sh b/.github/scripts/distfiles.sh new file mode 100755 index 000000000000..630c9900323b --- /dev/null +++ b/.github/scripts/distfiles.sh @@ -0,0 +1,55 @@ +#!/usr/bin/env bash +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +# Compare git repo files with tarball files and report a mismatch +# after excluding exceptions. + +set -eu + +gitonly=".git* +^.* +^appveyor.* +^buildconf +^GIT-INFO.md +^README.md +^renovate.json +^REUSE.toml +^SECURITY.md +^LICENSES/* +^docs/examples/adddocsref.pl +^docs/tests/CI.md +^docs/THANKS-filter +^projects/Windows/* +^scripts/contributors.sh +^scripts/contrithanks.sh +^scripts/delta +^scripts/installcheck.sh +^scripts/release-notes.pl +^scripts/singleuse.pl" + +tarfiles="$(mktemp)" +gitfiles="$(mktemp)" + +tar -tf "$1" \ + | sed -E 's|^[^/]+/||g' \ + | grep -v -E '(/|^)$' \ + | sort > "${tarfiles}" + +git -C "${2:-.}" ls-files \ + | grep -v -E "($(printf '%s' "${gitonly}" | tr $'\n' '|' | sed -e 's|\.|\\.|g' -e 's|\*|.+|g'))$" \ + | sort > "${gitfiles}" + +dif="$(diff -u "${tarfiles}" "${gitfiles}" | tail -n +3 || true)" + +rm -rf "${tarfiles:?}" "${gitfiles:?}" + +echo 'Only in tarball:' +echo "${dif}" | grep '^-' || true +echo + +echo 'Missing from tarball:' +if echo "${dif}" | grep '^+'; then + exit 1 +fi diff --git a/.github/scripts/pyspelling.words b/.github/scripts/pyspelling.words new file mode 100644 index 000000000000..dc6e93c8b42c --- /dev/null +++ b/.github/scripts/pyspelling.words @@ -0,0 +1,1017 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +AAAA +ABI +accessor +ACK +AES +AIA +AIX +al +Alessandro +aliasMode +allocator +alnum +ALPN +Altera +AltSvc +ALTSVC +amiga +AmigaOS +AmiSSL +anyauth +anycast +apache +Apache +API +APIs +APOP +AppVeyor +archivers +Archos +Arntsen +Aros +asynch +AsynchDNS +atime +auth +autobuild +autobuilds +Autoconf +autoconf +Automake +automake +autoreconf +Autotools +autotools +AVR +AWS +AWS-LC +axTLS +backend +backends +backoff +backtick +backticks +balancers +Baratov +basename +bashrc +BDFL +BearSSL +Benoit +BeOS +bitmask +bitset +bitwise +Björn +Bjørn +bool +boolean +BoringSSL +Boukris +Broadcom +brotli +bufq +bufref +bugfix +bugfixes +buildable +buildbot +Caddy +calloc +CAPA +capath +CCC +CDN +CentOS +CFLAGS +cflags +CGI's +CHACHA +chacha +Chaffraix +changelog +changeset +CharConv +charset +charsets +checkdocs +checksrc +checksums +chgrp +chmod +chown +ChromeOS +CI's +CIDR +CIFS +CLA +CLAs +cleartext +CLI +ClientHello +clientp +cliget +closesocket +CMake +cmake +CMake's +cmake's +CMakeLists +CNA +CNAME +CNAMEs +CodeQL +CODESET +codeset +CodeSonar +Comcast +commit's +Config +config +conncache +connectdata +CookieInfo +Coverity +CPUs +CR +CRL +CRLF +crontab +crt +crypto +cryptographic +cryptographically +CSEQ +CSeq +csh +cshrc +CTRL +CURLcode +curldown +CURLE +CURLECH +CURLH +curlimages +CURLINFO +curlrc +curltest +customizable +CVE +CVSS +CWD +CWE +cyassl +Cygwin +daniel +datatracker +dbg +Debian +DEBUGBUILD +decrypt +decrypted +decrypting +deepcode +defacto +DELE +DER +dereference +dereferences +DES +deselectable +deserialization +Deserialized +destructor +detections +dev +devcpp +DevOps +devtools +DHCP +DHE +dir +distro +distro's +distros +DJGPP +dlist +DLL +dll +DLLs +DNS +dns +dnsop +DNSSEC +DoH +DoT +doxygen +drftpd +dsa +DSN +dtrace +Dudka +Dymond +dynbuf +EAGAIN +EBCDIC +ECC +ECCN +ECDHE +ECH +ECHConfig +ECHConfigList +ecl +ECONNREFUSED +eCOS +ECT +EF +EFnet +EGD +EHLO +EINTR +else's +encodings +enctype +endianness +Engler +enum +enums +epoll +EPRT +EPSV +ERRNO +errno +ESNI +et +etag +ETag +ETags +exa +exe +executables +EXPN +extensibility +failsafe +Falkeborn +Fandrich +Fastly +fcpp +Fedora +Feltzing +ffi +filesize +filesystem +FindCURL +FLOSS +fnmatch +footguns +formpost +formposts +Fortnite +FOSS +FPL +fread +FreeBSD +FreeDOS +FreeRTOS +freshmeat +Frexx +FS +fseek +FTPing +fuzzer +fwrite +Garmin +gcc +GCM +gdb +Genode +Gentoo +Gergely +getaddrinfo +getenv +gethostbyname +gethostname +Getinfo +getinfo +GETing +getpwuid +ggcov +GHA +Ghedini +giga +Gisle +Glesys +glibc +globbed +globbing +gmail +GnuTLS +Golemon +GOST +GPG +GPL +GPLed +GREASE +GREASEing +Greear +groff +gsasl +GSKit +gskit +GSS +GSSAPI +GTFO +Guenter +GUIs +Gunderson +Gustafsson +gzip +Gzipped +gzipped +HackerOne +HackerOne's +HAProxy +HardenedBSD +Hards +Haxx +haxx +Heimdal +HelloRetryRequest +HELO +HH +HMAC +Hoersken +Holme +homebrew +hostname +hostnames +Housley +HRR +Hruska +HSTS +hsts +HTC +html +http +HTTPAUTH +httpd +HTTPD +httpget +HttpGet +HTTPS +https +HTTPSRR +hyper's +IANA +Icecast +ICONV +iconv +IDN +IDNA +IETF +ietf +ifdef +ifdefed +Ifdefs +ifdefs +ifhost +IIS +ILE +illumos +IMAP +imap +IMAPS +imaps +impacket +implementers +init +initializer +inlined +interop +interoperable +interoperates +IoT +ipadOS +IPCXN +IPFS +ipld +IPNS +IPv +IPv4 +IPv4/6 +IPv6 +IRIs +IRIX +Itanium +iX +Jakub +Jiri +jo +jpeg +jq +JSON +json +Julien +Kamil +Kaufmann +kB +KDE +keepalive +Keil +kerberos +Keychain +keychain +KiB +kibibyte +kickstart +Kirei +Knauf +kqueue +Krb +krb +Kubernetes +Kuhrt +Largefile +LDAP +ldap +LDAPS +ldaps +LF +LGPL +LGTM +libbacktrace +libbrotlidec +libc +libcurl +libcurl's +libcurls +libera +libev +libevent +libgsasl +libidn +libnssckbi +libnsspem +libpsl +Libre +libre +LibreSSL +librtmp +libs +libssh +libssh2 +libtest +libtests +Libtool +libtool +libuv +libWebSocket +libz +libzstd +LineageOS +linter +linux +lldb +ln +localhost +LOGDIR +logfile +lookups +loopback +LOWCOST +LOWDELAY +LPRT +LSB +lseek +Lua +lwIP +macdef +macOS +macos +Makefile +makefiles +malloc +mallocs +manpage +manpages +maprintf +Marek +Mavrogiannopoulos +Mbed +mbedTLS +md +mebibyte +Meglio +memdebug +MesaLink +mesalink +Metalink +mfprintf +Michal +Micrium +MicroBlaze +MicroOS +middlebox +MINCOST +mingw +MinGW +MINIX +misconfigured +Mishyn +mitigations +MITM +mk +mkdir +mktime +Monnerat +monospace +MorphOS +MPE +MPL +mprintf +MPTCP +MQTT +mqtt +mqtts +MSB +MSGSENT +msh +MSIE +msnprintf +msprintf +msquic +mstate +MSVC +MSYS +msys +mtime +mTLS +MUA +multicwd +multiparts +multipath +MultiSSL +mumbo +musedev +mutex +mvaprintf +mvfprintf +mvprintf +mvsnprintf +mvsprintf +MX +Nagel +Nagle +NAMELOOKUP +Natively +NATs +nc +NCR +NDK +NEC +Necko +NetBSD +netrc +netstat +NetWare +Netware +NFS +nghttp +nghttpx +ngtcp +Nikos +Nios +nitems +NixOS +NLST +nmake +nmemb +nocwd +NODELAY +NonStop +NOOP +Novell +NPN +nroff +nslookup +NSS +nss +NTLM +NTLMUSER +NTLMv +NUM +NuttX +OAuth +objcopy +OCSP +Ok +OpenBSD +OpenLDAP +OpenRISC +OpenSSF +OpenSSF's +OpenSSH +OpenSSL +OpenStep +openSUSE +openwall +Orbis +ORing +Osipov +OSS +PaaS +pac +pacman +parser's +parsers +PASE +PASV +PEM +pem +perl +permafailing +peta +PINGs +pipelining +PKCS +pkcs +PKGBUILD +PKI +pluggable +pn +PolarSSL +Polhem +pollset +POSIX +Postfix +POSTing +POSTs +PowerShell +pre +prebuilt +precompiled +prepend +prepended +prepending +prepends +preprocess +preprocessed +Preprocessing +preprocessor +Prereq +PRET +pretransfer +printf +printf's +PSL +pthreads +PTR +ptr +punycode +PWD +pwd +py +pycurl +pytest +Pytest +qname +QNX +QoS +Qubes +QUIC +quictls +quicwg +Raad +radix +RAS +RBS +ReactOS +README +realloc +Realtime +rebalances +rebase +RECV +recv +Redhat +redirections +redirs +redistributable +Redox +reentrant +Referer +referer +reinitializes +Relatedly +repo +reprioritized +resending +resends +RETR +retransmit +retrigger +RHEL +Rikard +rmdir +ROADMAP +Roadmap +Rockbox +roffit +RPC +RPG +RR +RRs +RRtype +RSA +RTMP +rtmp +rtmpdump +RTMPE +RTMPS +RTMPT +RTMPTE +RTMPTS +RTOS +RTP +RTSP +rtsp +RTT +runtests +runtime +Ruslan +rustc +Rustls +rustls +rustup +Sagula +SanDisk +SAS +SASL +Satiro +Schannel +Schindelin +SCO +SCP +scp +SDK +se +SEB +SecTrust +SEK +selectable +Serv +setopt +setsockopt +setuid +SFTP +sftp +sha +SHOUTcast +SIGALRM +SIGCHLD +SIGPIPE +singlecwd +SINIX +Sintonen +sizeof +Slowloris +SLE +slist +sln +SMB +smb +SMBS +smbs +SMBv +SMTP +smtp +smtps +SMTPS +SNI +sockd +socketopen +socketpair +sockopt +SOCKOPT +SOCKSv +Solaris +SONAME +Soref +SOVERSION +SPARC +SPDX +SPNEGO +Spotify +sprintf +src +SRP +SRWLOCK +SSI +SSL +ssl +SSLeay +SSLKEYLOGFILE +SSLS +sslv +SSLv +SSLVERSION +SSPI +stackoverflow +STARTTLS +STARTTRANSFER +stateful +statvfs +stderr +stdin +stdint +stdout +Steinar +Stenberg +STLS +STOR +strcat +strcpy +strdup +strerror +strlen +strncat +struct +structs +Structs +stunnel +subdirectories +subdirectory +submitters +substring +substrings +sudo +SunOS +SunSSH +superset +svc +svcb +SVCB +SVG +Svyatoslav +Swisscom +sws +Symbian +symlink +symlinks +syntaxes +Szakats +TABs +Tatsuhiro +TBD +TCP +tcpdump +tera +testability +testcurl +TFTP +tftp +threadsafe +Tizen +TLS +tlsv +TLSv +TODO +Tomtom +toolchain +toolchains +toolset +toplevel +TOS +TPF +TrackMemory +transcode +Tru +trurl +trustless +Tse +Tsujikawa +TTL +tvOS +txt +typedef +typedefed +Ubuntu +ucLinux +UCRT +UDP +UI +UID +UIDL +uint +Ultrix +umask +Unary +unassign +UNC +uncompress +unencoded +unencrypted +unescape +Unglobbed +Unicode +UNICOS +UnixSockets +UnixWare +unlink +unpause +unpaused +unpauses +unpausing +unsanitized +Unshare +unsharing +untrusted +unwrite +UPN +upstreaming +URI +URIs +url +URL's +urlencoded +urlget +USD +userdata +Userinfo +userinfo +USERPROFILE +UTF +UX +valgrind +Vanem +vararg +VC +vcpkg +vexxhost +Viktor +virtualized +Virtuozzo +VLAN +VM +VMS +VMware +vnd +VRF +VRFY +VSE +vsftpd +vsprintf +vt +vtls +vxWorks +wakeup +Warta +watchOS +WAV +WB +wcurl +WebDAV +WebOS +webpage +webpages +WebSocket +WEBSOCKET +Wget +WHATWG +whitespace +Whitespaces +winbind +winbuild +WinIDN +WinLDAP +winsock +Wireshark +wolfSSH +wolfSSL +ws +WS +WSS +www +Xbox +XDG +xdigit +XHTML +Xilinx +xmllint +XP +Xtensa +XYZ +Youtube +YYYY +YYYYMMDD +Zakrzewski +Zitzmann +zlib +zsh +zstd +Zuul +zuul diff --git a/.github/scripts/pyspelling.yaml b/.github/scripts/pyspelling.yaml new file mode 100644 index 000000000000..bb0585ab7ab8 --- /dev/null +++ b/.github/scripts/pyspelling.yaml @@ -0,0 +1,33 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# Docs: https://facelessuser.github.io/pyspelling/configuration/ +# Docs: https://github.com/UnicornGlobal/spellcheck-github-actions +matrix: + - name: Markdown + expect_match: false + apsell: + mode: en + dictionary: + wordlists: + - wordlist.txt + output: wordlist.dic + encoding: utf-8 + pipeline: + - pyspelling.filters.markdown: + markdown_extensions: + - markdown.extensions.extra: + - pyspelling.filters.html: + comments: true + attributes: + - title + - alt + ignores: + - ':matches(code, pre)' + - 'code' + - 'pre' + - 'strong' + - 'em' + sources: + - '**/*.md|!docs/BINDINGS.md|!docs/DISTROS.md|!docs/CIPHERS-TLS12.md|!docs/wcurl.md|!tests/data/data*.md' diff --git a/.github/scripts/randcurl.pl b/.github/scripts/randcurl.pl new file mode 100755 index 000000000000..f9c24d90db6c --- /dev/null +++ b/.github/scripts/randcurl.pl @@ -0,0 +1,251 @@ +#!/usr/bin/env perl +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# Input: number of seconds to run. +# +# 1. Figure out all existing command line options +# 2. Generate random command line using supported options +# 3. Run the command line +# 4. Verify that it does not return an unexpected return code +# 5. Iterate until the time runs out +# +# Do the same with regular command lines as well as reading the options from a +# -K config file +# +# BEWARE: this may create a large amount of files using random names in the +# directory where it runs. +# + +use strict; +use warnings; + +my $curl = "../src/curl"; +my $url = "localhost:7777"; # not listening to this + +my $seconds = $ARGV[0]; +if($ARGV[1]) { + $curl = $ARGV[1]; +} + +if(!$seconds) { + $seconds = 10; +} +print "Run $curl for $seconds seconds\n"; + +my @opt; +my %arg; +my %uniq; +my %allrc; + +my $totalargs = 0; +my $totalcmds = 0; + +my $counter = 0xabcdef + time(); +sub getnum { + my ($max) = @_; + return int(rand($max)); +} + +sub storedata { + my ($short, $long, $arg) = @_; + push @opt, "-$short" if($short); + push @opt, "--$long"; + + if($arg =~ /^ 1, + '-u' => 1, + '--user' => 1, + '--proxy-user' => 1); + +my %commonrc = ( + '0' => 1, + '1' => 1, + '2' => 1, + '26' => 1, + ); + +sub runone { + my $a; + my $nargs = getnum(60) + 1; + + $totalargs += $nargs; + $totalcmds++; + for (1 .. $nargs) { + my $o = getnum($nopts); + my $option = $opt[$o]; + my $ar = ""; + $uniq{$option}++; + if($arg{$option}) { + $ar = " ".randarg(); + + if($useropt{$option}) { + # append password to avoid prompting + $ar .= ":".randarg(); + } + } + $a .= sprintf(" %s%s", $option, $ar); + } + if(getnum(100) < 15) { + # add a fake arg + $a .= " ".addarg(); + } + + my $cmd="$curl$a $url"; + + my $rc = system("$cmd >curl-output 2>&1 > 8; + #my $rc = system("valgrind -q $cmd >/dev/null 2>&1 > 8; + + $allrc{$rc}++; + + #print "CMD: $cmd\n"; + if(!$commonrc{$rc}) { + print "CMD: $cmd\n"; + print "RC: $rc\n"; + print "== curl-output == \n"; + open(D, "; + print @out; + close(D); + exit; + } +} + +sub runconfig { + my $a; + my $nargs = getnum(80) + 1; + + open(C, ">config"); + + $totalargs += $nargs; + $totalcmds++; + for (1 .. $nargs) { + my $o = getnum($nopts); + my $option = $opt[$o]; + my $ar = ""; + $uniq{$option} = 0 if(!exists $uniq{$option}); + $uniq{$option}++; + if($arg{$option}) { + $ar = " ".randarg(); + + if($useropt{$option}) { + # append password + $ar .= ":".randarg(); + } + } + $a .= sprintf("\n%s%s", $option, $ar); + } + if(getnum(100) < 15) { + # add a fake arg + $a .= "\n".addarg(); + } + + print C "$a\n"; + close(C); + + my $cmd="$curl -K config $url"; + + my $rc = system("$cmd >curl-output 2>&1 > 8; + + $allrc{$rc}++; + + if(!$commonrc{$rc}) { + print "CMD: $cmd\n"; + print "RC: $rc\n"; + print "== config == \n"; + open(D, "; + print @all; + close(D); + print "\n== curl-output == \n"; + open(D, "; + print @out; + close(D); + exit 2; + } +} + +# run curl command lines using -K +my $end = time() + $seconds/2; +my $c = 0; +print "Running command lines\n"; +do { + runconfig(); + $c++; +} while(time() <= $end); +print "$c command lines\n"; + +# run curl command lines +$end = time() + $seconds/2; +$c = 0; +print "Running config lines\n"; +do { + runone(); + $c++; +} while(time() <= $end); + +print "$c config line uses\n"; + +print "Recorded exit codes:\n"; +for my $rc (keys %allrc) { + printf " %2d: %d times\n", $rc, $allrc{$rc}; +} +printf "Number or command lines tested:\n". + " $totalcmds (%.1f/second)\n", $totalcmds/$seconds; +printf "Number or command line options tested:\n". + " $totalargs (average %.1f per command line)\n", + $totalargs/$totalcmds; +printf "Number or different options tested:\n". + " %u out of %u\n", scalar(keys %uniq), $nopts; diff --git a/.github/scripts/requirements-docs.txt b/.github/scripts/requirements-docs.txt new file mode 100644 index 000000000000..6850461de7bc --- /dev/null +++ b/.github/scripts/requirements-docs.txt @@ -0,0 +1,5 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +pyspelling==2.12.1 diff --git a/.github/scripts/requirements-proselint.txt b/.github/scripts/requirements-proselint.txt new file mode 100644 index 000000000000..189610944297 --- /dev/null +++ b/.github/scripts/requirements-proselint.txt @@ -0,0 +1,5 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +proselint==0.16.0 diff --git a/.github/scripts/requirements.txt b/.github/scripts/requirements.txt new file mode 100644 index 000000000000..540cbe7c0935 --- /dev/null +++ b/.github/scripts/requirements.txt @@ -0,0 +1,9 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +cmakelang==0.6.13 +codespell==2.4.2 +pytype==2024.10.11 +reuse==6.2.0 +ruff==0.15.2 diff --git a/.github/scripts/shellcheck-ci.sh b/.github/scripts/shellcheck-ci.sh new file mode 100755 index 000000000000..87e03b9d12b8 --- /dev/null +++ b/.github/scripts/shellcheck-ci.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +# Required: yq + +set -eu + +export SHELLCHECK_OPTS='--exclude=1090,1091,2086,2153 --enable=avoid-nullary-conditions,deprecate-which' + +# GHA +git ls-files '.github/workflows/*.yml' | while read -r f; do + echo "Verifying ${f}..." + { + echo '#!/usr/bin/env bash' + echo 'set -eu' + yq eval '.. | select(has("run") and (.run | type == "!!str")) | .run + "\ntrue\n"' "${f}" + } | sed -E 's|\$\{\{ .+ \}\}|GHA_EXPRESSION|g' | shellcheck - +done + +# Circle CI +git ls-files '.circleci/*.yml' | while read -r f; do + echo "Verifying ${f}..." + { + echo '#!/usr/bin/env bash' + echo 'set -eu' + yq eval '.. | select(has("command") and (.command | type == "!!str")) | .command + "\ntrue\n"' "${f}" + } | shellcheck - +done diff --git a/.github/scripts/shellcheck.sh b/.github/scripts/shellcheck.sh new file mode 100755 index 000000000000..59b49131ac4b --- /dev/null +++ b/.github/scripts/shellcheck.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +set -eu + +cd "$(dirname "${0}")"/../.. + +git grep -z -l -E '^#!(/usr/bin/env bash|/bin/sh|/bin/bash)' | xargs -0 -r \ +shellcheck --exclude=1091,2248 \ + --enable=avoid-nullary-conditions,deprecate-which \ + -- diff --git a/.github/scripts/spellcheck.curl b/.github/scripts/spellcheck.curl new file mode 100644 index 000000000000..1d8be5ed3eee --- /dev/null +++ b/.github/scripts/spellcheck.curl @@ -0,0 +1,153 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# common variable types + structs +# callback typedefs +# public functions names +# some man page names +curl_fileinfo +curl_forms +curl_hstsentry +curl_httppost +curl_index +curl_khkey +curl_pushheaders +curl_waitfd +CURLcode +CURLformoption +CURLHcode +CURLMcode +CURLMsg +CURLSHcode +CURLUcode +curl_calloc_callback +curl_chunk_bgn_callback +curl_chunk_end_callback +curl_conv_callback +curl_debug_callback +curl_fnmatch_callback +curl_formget_callback +curl_free_callback +curl_hstsread_callback +curl_hstswrite_callback +curl_ioctl_callback +curl_malloc_callback +curl_multi_timer_callback +curl_opensocket_callback +curl_prereq_callback +curl_progress_callback +curl_push_callback +curl_read_callback +curl_realloc_callback +curl_resolver_start_callback +curl_seek_callback +curl_socket_callback +curl_sockopt_callback +curl_ssl_ctx_callback +curl_strdup_callback +curl_trailer_callback +curl_write_callback +curl_xferinfo_callback +curl_strequal +curl_strnequal +curl_mime_init +curl_mime_free +curl_mime_addpart +curl_mime_name +curl_mime_filename +curl_mime_type +curl_mime_encoder +curl_mime_data +curl_mime_filedata +curl_mime_data_cb +curl_mime_subparts +curl_mime_headers +curl_formadd +curl_formget +curl_formfree +curl_getdate +curl_getenv +curl_version +curl_easy_escape +curl_escape +curl_easy_unescape +curl_unescape +curl_free +curl_global_init +curl_global_init_mem +curl_global_cleanup +curl_global_trace +curl_global_sslset +curl_slist_append +curl_slist_free_all +curl_getdate +curl_share_init +curl_share_setopt +curl_share_cleanup +curl_version_info +curl_easy_strerror +curl_share_strerror +curl_easy_pause +curl_easy_ssls_import +curl_easy_ssls_export +curl_easy_init +curl_easy_setopt +curl_easy_perform +curl_easy_cleanup +curl_easy_getinfo +curl_easy_duphandle +curl_easy_reset +curl_easy_recv +curl_easy_send +curl_easy_upkeep +curl_easy_header +curl_easy_nextheader +curl_mprintf +curl_mfprintf +curl_msprintf +curl_msnprintf +curl_mvprintf +curl_mvfprintf +curl_mvsprintf +curl_mvsnprintf +curl_maprintf +curl_mvaprintf +curl_multi_init +curl_multi_add_handle +curl_multi_remove_handle +curl_multi_fdset +curl_multi_waitfds +curl_multi_wait +curl_multi_poll +curl_multi_wakeup +curl_multi_perform +curl_multi_cleanup +curl_multi_info_read +curl_multi_strerror +curl_multi_socket +curl_multi_socket_action +curl_multi_socket_all +curl_multi_timeout +curl_multi_setopt +curl_multi_assign +curl_multi_get_handles +curl_multi_get_offt +curl_multi_notify_disable +curl_multi_notify_enable +curl_pushheader_bynum +curl_pushheader_byname +curl_easy_option_by_name +curl_easy_option_by_id +curl_easy_option_next +curl_url +curl_url_cleanup +curl_url_dup +curl_url_get +curl_url_set +curl_url_strerror +curl_ws_recv +curl_ws_send +curl_ws_meta +libcurl-env +libcurl-ws diff --git a/.github/scripts/trimmarkdownheader.pl b/.github/scripts/trimmarkdownheader.pl new file mode 100755 index 000000000000..89b2e7d9fd05 --- /dev/null +++ b/.github/scripts/trimmarkdownheader.pl @@ -0,0 +1,44 @@ +#!/usr/bin/env perl +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# Given: a libcurl curldown man page +# Outputs: the same file, minus the header +# + +use strict; +use warnings; + +my $f = $ARGV[0] || ''; + +open(F, "<$f") or die; + +my @out; +my $line = 0; +my $hideheader = 0; + +while() { + if($hideheader) { + if(/^---/) { + # end if hiding + $hideheader = 0; + } + push @out, "\n"; # replace with blank + next; + } + elsif(!$line++ && /^---/) { + # starts with a header, strip off the header + $hideheader = 1; + push @out, "\n"; # replace with blank + next; + } + push @out, $_; +} +close(F); + +open(O, ">$f") or die; +for my $l (@out) { + print O $l; +} +close(O); diff --git a/.github/scripts/typos.sh b/.github/scripts/typos.sh new file mode 100755 index 000000000000..76735c1d9fc8 --- /dev/null +++ b/.github/scripts/typos.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +set -eu + +cd "$(dirname "${0}")"/../.. + +git ls-files | typos \ + --isolated \ + --force-exclude \ + --config '.github/scripts/typos.toml' \ + --file-list - diff --git a/.github/scripts/typos.toml b/.github/scripts/typos.toml new file mode 100644 index 000000000000..1a3a80dec336 --- /dev/null +++ b/.github/scripts/typos.toml @@ -0,0 +1,35 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +[default] +extend-ignore-identifiers-re = [ + "^(ba|fo|pn|PN|UE)$", + "^(CNA|cpy|ser)$", + "^(ECT0|ECT1|HELO|htpts|PASE)$", + "^[A-Za-z0-9_-]*(EDE|GOST)[A-Z0-9_-]*$", # ciphers + "^0x[0-9a-fA-F]+FUL$", # unsigned long hex literals ending with 'F' + "^(eyeballers|HELO_smtp|Januar|optin|passin|perfec|SMTP_HELO)$", + "^(clen|req_clen|smtp_perform_helo|smtp_state_helo_resp|Tru64|_stati64)$", + "(_ccontains|_controllen|O_WRONLY|secur32)", + "proxys", # this should be limited to tests/http/*. Short for secure proxy. +] + +extend-ignore-re = [ + ".*spellchecker:disable-line", +] + +[files] +extend-exclude = [ + ".github/scripts/codespell-ignore.words", + ".github/scripts/pyspelling.words", + "docs/THANKS", + "projects/OS400/*", + "projects/vms/*", + "projects/Windows/tmpl/curl.vcxproj", + "projects/Windows/tmpl/libcurl.vcxproj", + "RELEASE-NOTES", + "scripts/wcurl", + "tests/data/test*", + "tests/unit/unit1625.c", +] diff --git a/.github/scripts/verify-examples.pl b/.github/scripts/verify-examples.pl new file mode 100755 index 000000000000..dd6ff8d9743b --- /dev/null +++ b/.github/scripts/verify-examples.pl @@ -0,0 +1,104 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +use strict; +use warnings; + +my @files = @ARGV; +my $cfile = "test.c"; +my $check = "./scripts/checksrc.pl"; +my $error = 0; + +if(!@files || $files[0] eq "-h") { + print "Usage: verify-examples [markdown pages]\n"; + exit; +} + +sub testcompile { + my $rc = system('gcc -c test.c -I include -W -Wall -pedantic -Werror -Wno-unused-parameter -Wno-unused-but-set-variable -DCURL_ALLOW_OLD_MULTI_SOCKET -DCURL_DISABLE_DEPRECATION') >> 8; + return $rc; +} + +sub checksrc { + my $rc = system($check, ('test.c')) >> 8; + return $rc; +} + +sub extract { + my($f) = @_; + my $syn = 0; + my $l = 0; + my $iline = 0; + my $fail = 0; + open(F, "<$f") or die "failed opening input file $f : $!"; + open(O, ">$cfile") or die "failed opening output file $cfile : $!"; + print O "#include \n"; + while() { + $iline++; + if(/^# EXAMPLE/) { + $syn = 1 + } + elsif($syn == 1) { + if(/^~~~/) { + $syn++; + print O "/* !checksrc! disable BANNEDFUNC all */\n"; # for fopen() + print O "/* !checksrc! disable COPYRIGHT all */\n"; + print O "/* !checksrc! disable UNUSEDIGNORE all */\n"; + printf O "#line %d \"$f\"\n", $iline+1; + } + } + elsif($syn == 2) { + if(/^~~~/) { + last; + } + # two backslashes become one + $_ =~ s/\\\\/\\/g; + print O $_; + $l++; + } + } + close(F); + close(O); + + return ($fail ? 0 : $l); +} + +my $count = 0; +for my $m (@files) { + #print "Verify $m\n"; + my $out = extract($m); + if($out) { + $error |= testcompile($m); + $error |= checksrc($m); + } + $count++; +} +if(!$error) { + print "Verified $count man pages ok\n"; +} +else { + print "Detected problems\n"; +} +exit $error; diff --git a/.github/scripts/verify-synopsis.pl b/.github/scripts/verify-synopsis.pl new file mode 100755 index 000000000000..00070f318ebf --- /dev/null +++ b/.github/scripts/verify-synopsis.pl @@ -0,0 +1,86 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +use strict; +use warnings; + +my @files = @ARGV; +my $cfile = "test.c"; + +if(!@files || $files[0] eq "-h") { + print "Usage: verify-synopsis [man pages]\n"; + exit; +} + +sub testcompile { + my $rc = system('gcc -c test.c -I include -W -Wall -pedantic -Werror -DCURL_ALLOW_OLD_MULTI_SOCKET -DCURL_DISABLE_TYPECHECK') >> 8; + return $rc; +} + +sub extract { + my($f) = @_; + my $syn = 0; + my $l = 0; + my $iline = 0; + open(F, "<$f"); + open(O, ">$cfile"); + while() { + $iline++; + if(/^# SYNOPSIS/) { + $syn = 1 + } + elsif($syn == 1) { + if(/^\~\~\~/) { + $syn++; + print O "#line $iline \"$f\"\n"; + } + } + elsif($syn == 2) { + if(/^\~\~\~/) { + last; + } + # turn the vararg argument into vararg + $_ =~ s/, parameter\)\;/, ...);/; + print O $_; + $l++; + } + } + close(F); + close(O); + + if($syn < 2) { + print STDERR "Found no synopsis in $f\n"; + return 1; + } + + return 0; +} + +my $error; +for my $m (@files) { + $error |= extract($m); + $error |= testcompile($m); +} +exit $error; diff --git a/.github/scripts/yamlcheck.sh b/.github/scripts/yamlcheck.sh new file mode 100755 index 000000000000..4bdeff45cb96 --- /dev/null +++ b/.github/scripts/yamlcheck.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +set -eu + +cd "$(dirname "${0}")"/../.. + +git ls-files '*.yaml' '*.yml' -z | xargs -0 -r \ +yamllint \ + --format standard \ + --strict \ + --config-data .github/scripts/yamlcheck.yaml \ + -- diff --git a/.github/scripts/yamlcheck.yaml b/.github/scripts/yamlcheck.yaml new file mode 100644 index 000000000000..a6e16410c1e3 --- /dev/null +++ b/.github/scripts/yamlcheck.yaml @@ -0,0 +1,17 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl +# +# Docs: https://yamllint.readthedocs.io/en/stable/configuration.html + +extends: default + +rules: + line-length: + max: 500 + level: warning + + braces: disable + commas: disable + comments: disable + document-start: disable diff --git a/.github/stale.yml b/.github/stale.yml index 9bcd4eb1d597..69a822e78be8 100644 --- a/.github/stale.yml +++ b/.github/stale.yml @@ -1,8 +1,12 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + # Number of days of inactivity before an issue becomes stale daysUntilStale: 180 # Number of days of inactivity before a stale issue is closed daysUntilClose: 14 -# Issues with these labels will never be considered stale +# Issues with these labels are never considered stale exemptLabels: - pinned - security diff --git a/.github/workflows/appveyor-status.yml b/.github/workflows/appveyor-status.yml new file mode 100644 index 000000000000..197c5f26e55a --- /dev/null +++ b/.github/workflows/appveyor-status.yml @@ -0,0 +1,42 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: 'AppVeyor Status Report' + +'on': + status + +concurrency: + group: ${{ github.workflow }}-${{ github.event.sha }}-${{ github.event.target_url }} + cancel-in-progress: true + +permissions: {} + +jobs: + split: + name: 'split' + runs-on: ubuntu-24.04-arm + if: ${{ github.event.sender.login == 'appveyor[bot]' }} + permissions: + statuses: write # To update build statuses + steps: + - name: 'Create individual AppVeyor build statuses' + if: ${{ github.event.sha && github.event.target_url }} + env: + APPVEYOR_COMMIT_SHA: ${{ github.event.sha }} + APPVEYOR_TARGET_URL: ${{ github.event.target_url }} + APPVEYOR_REPOSITORY: ${{ github.event.repository.full_name }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "${APPVEYOR_TARGET_URL}" | sed 's/\/project\//\/api\/projects\//' | xargs -t -n1 curl -s -- | \ + jq -c '.build.jobs[] | {target_url: ($target_url + "/job/" + .jobId), + context: (.name | sub("^(Environment: )?"; "AppVeyor / ")), + state: (.status | sub("queued"; "pending") + | sub("starting"; "pending") + | sub("running"; "pending") + | sub("failed"; "failure") + | sub("cancelled"; "error")), + description: .status}' \ + --arg target_url "${APPVEYOR_TARGET_URL}" | tee /dev/stderr | parallel --pipe -j 1 -N 1 \ + gh api --silent --input - "repos/${APPVEYOR_REPOSITORY}/statuses/${APPVEYOR_COMMIT_SHA}" diff --git a/.github/workflows/checkdocs.yml b/.github/workflows/checkdocs.yml new file mode 100644 index 000000000000..0c2ecf3676f5 --- /dev/null +++ b/.github/workflows/checkdocs.yml @@ -0,0 +1,130 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +# This workflow contains tests that operate on documentation files only. Some +# checks modify the source so they cannot be combined into a single job. + +name: 'Docs' + +'on': + push: + branches: + - master + - '*/ci' + paths: + - '.github/workflows/checkdocs.yml' + - '.github/scripts/**' + - 'scripts/**' + - '**.md' + - 'docs/*' + pull_request: + branches: + - master + paths: + - '.github/workflows/checkdocs.yml' + - '.github/scripts/**' + - 'scripts/**' + - '**.md' + - 'docs/*' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + # config file help: https://github.com/amperser/proselint/ + proselint: + name: 'proselint' + runs-on: ubuntu-24.04-arm + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'install prereqs' + run: | + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r .github/scripts/requirements-proselint.txt + + - name: 'trim headers off all *.md files' + run: git ls-files '*.md' -z | xargs -0 -n1 .github/scripts/trimmarkdownheader.pl + + - name: 'check prose' + run: | + cat < ~/.proselintrc.json + { + "checks": { + "annotations.misc": false, + "lexical_illusions": false, + "misc.annotations": false, + "redundancy.misc.garner": false, + "security.password": false, + "spelling.ve_of": false, + "typography.diacritical_marks": false, + "typography.symbols": false + } + } + JSON + source ~/venv/bin/activate + git ls-files README '*.md' -z | grep -Evz '(CHECKSRC|DISTROS|CURLOPT_INTERFACE|interface)\.md' | xargs -0 proselint check -- + + - name: 'check special prose' # For CHECKSRC and files with aggressive exclamation mark needs + run: | + cat < ~/.proselintrc.json + { + "checks": { + "annotations.misc": false, + "lexical_illusions": false, + "typography.diacritical_marks": false, + "typography.punctuation.exclamation": false, + "typography.symbols": false + } + } + JSON + source ~/venv/bin/activate + proselint check docs/internals/CHECKSRC.md docs/libcurl/opts/CURLOPT_INTERFACE.md docs/cmdline-opts/interface.md + + pyspelling: + name: 'pyspelling' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'trim all *.md files in docs/' + run: .github/scripts/cleancmd.pl 'docs/*.md' + + - name: 'install' + run: | + sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo apt-get -o Dpkg::Use-Pty=0 install aspell aspell-en + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r .github/scripts/requirements-docs.txt + + - name: 'check spelling' + run: | + source ~/venv/bin/activate + # setup the custom wordlist + grep -v '^#' .github/scripts/pyspelling.words > wordlist.txt + aspell --version + pyspelling --version + pyspelling --verbose --jobs 5 --config .github/scripts/pyspelling.yaml + + synopsis-man-examples: + name: 'synopsis, man-examples' + runs-on: ubuntu-24.04-arm + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'verify synopsis' + run: .github/scripts/verify-synopsis.pl docs/libcurl/curl*.md + + - name: 'verify examples' + run: .github/scripts/verify-examples.pl docs/libcurl/curl*.md docs/libcurl/opts/*.md diff --git a/.github/workflows/checksrc.yml b/.github/workflows/checksrc.yml new file mode 100644 index 000000000000..5e3e87ca59eb --- /dev/null +++ b/.github/workflows/checksrc.yml @@ -0,0 +1,182 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +# This workflow contains checks at the source code level only. + +name: 'Source' + +'on': + push: + branches: + - master + - '*/ci' + paths-ignore: + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + pull_request: + branches: + - master + paths-ignore: + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + checksrc: + name: 'checksrc' + runs-on: ubuntu-slim + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'check' + run: scripts/checksrc-all.pl + + linters: + name: 'spellcheck, linters, REUSE' + runs-on: ubuntu-24.04-arm + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'install prereqs' + run: | + python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary \ + -r .github/scripts/requirements.txt \ + -r tests/http/requirements.txt \ + -r tests/requirements.txt + + - name: 'REUSE check' + run: | + source ~/venv/bin/activate + reuse lint + + - name: 'codespell' + run: | + source ~/venv/bin/activate + codespell --version + .github/scripts/codespell.sh + + - name: 'typos' + timeout-minutes: 2 + run: | + HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install typos-cli + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + typos --version + .github/scripts/typos.sh + + - name: 'cmakelint' + run: | + source ~/venv/bin/activate + scripts/cmakelint.sh + + - name: 'perlcheck' + run: | + scripts/perlcheck.sh + + - name: 'pytype' + run: | + source ~/venv/bin/activate + find . -name '*.py' -exec pytype -j auto -k -- {} + + + - name: 'ruff' + run: | + source ~/venv/bin/activate + scripts/pythonlint.sh + + complexity: + name: 'complexity' + runs-on: ubuntu-slim + timeout-minutes: 3 + steps: + - name: 'install pmccabe' + run: | + sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo apt-get -o Dpkg::Use-Pty=0 install \ + pmccabe + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'check scores' + run: ./scripts/top-complexity + + xmllint: + name: 'xmllint' + runs-on: ubuntu-slim + timeout-minutes: 3 + steps: + - name: 'install prereqs' + run: | + sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo apt-get -o Dpkg::Use-Pty=0 install \ + libxml2-utils + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'check' + run: git grep -z -i -l -E '^<\?xml' | xargs -0 -r xmllint --output /dev/null + + miscchecks: + name: 'misc checks' + runs-on: ubuntu-24.04-arm + timeout-minutes: 5 + steps: + - name: 'install prereqs' + timeout-minutes: 2 + run: HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install actionlint shellcheck zizmor + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'zizmor GHA' + env: + GH_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + zizmor --pedantic .github/workflows/*.yml .github/dependabot.yml + + - name: 'actionlint' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + export SHELLCHECK_OPTS='--exclude=1090,1091,2086,2153 --enable=avoid-nullary-conditions,deprecate-which' + actionlint --version + actionlint --ignore matrix .github/workflows/*.yml + + - name: 'shellcheck CI' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + shellcheck --version + .github/scripts/shellcheck-ci.sh + + - name: 'shellcheck' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + shellcheck --version + .github/scripts/shellcheck.sh + + - name: 'spacecheck' + run: scripts/spacecheck.pl + + - name: 'yamlcheck' + run: .github/scripts/yamlcheck.sh + + - name: 'badwords' + run: scripts/badwords-all diff --git a/.github/workflows/checkurls.yml b/.github/workflows/checkurls.yml new file mode 100644 index 000000000000..ec9b51120528 --- /dev/null +++ b/.github/workflows/checkurls.yml @@ -0,0 +1,40 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: 'URLs' + +'on': + push: + branches: + - master + - '*/ci' + pull_request: + branches: + - master + schedule: + - cron: '10 5 * * *' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + linkcheck: + if: ${{ github.repository_owner == 'curl' || github.event_name != 'schedule' }} + name: 'linkcheck' + runs-on: ubuntu-slim + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'mdlinkcheck (dry run)' + if: ${{ github.event_name != 'schedule' }} + run: ./scripts/mdlinkcheck --dry-run + + - name: 'mdlinkcheck' + if: ${{ github.event_name == 'schedule' }} + run: ./scripts/mdlinkcheck diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 36d44b6785d0..000000000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: codeql - -on: - # Trigger the workflow on push or pull requests, but only for the - # master branch - push: - branches: - - master - - '*/ci' - pull_request: - branches: - - master - schedule: - - cron: '0 0 * * 4' - -jobs: - codeql: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: cpp - queries: security-extended - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # ℹ️ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000000..17fffca85711 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,135 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: 'CodeQL' + +'on': + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'projects/**' + - 'tests/data/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'projects/**' + - 'tests/data/**' + schedule: + - cron: '0 0 * * 4' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + gha_python: + if: ${{ github.repository_owner == 'curl' || github.event_name != 'schedule' }} + name: 'GHA and Python' + runs-on: ubuntu-latest + permissions: + security-events: write # To create/update security events + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'initialize' + uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 + with: + languages: actions, python + queries: security-extended + + - name: 'perform analysis' + uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 + + c: + if: ${{ github.repository_owner == 'curl' || github.event_name != 'schedule' }} + name: 'C' + runs-on: ${{ matrix.platform == 'Linux' && 'ubuntu-latest' || 'windows-2022' }} + permissions: + security-events: write # To create/update security events + strategy: + fail-fast: false + matrix: + platform: [Linux, Windows] + env: + MATRIX_PLATFORM: '${{ matrix.platform }}' + steps: + - name: 'install prereqs' + if: ${{ matrix.platform == 'Linux' }} + timeout-minutes: 5 + run: | + sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo apt-get -o Dpkg::Use-Pty=0 install libpsl-dev libbrotli-dev libidn2-dev libssh2-1-dev libssh-dev \ + libnghttp2-dev libldap-dev libkrb5-dev libgnutls28-dev libwolfssl-dev + HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install c-ares gsasl libnghttp3 libngtcp2 mbedtls rustls-ffi + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'delete test input C files' + shell: bash + run: find tests/data -name '*.c' -delete + + - name: 'initialize' + # https://github.com/github/codeql-action/blob/main/init/action.yml + uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 + with: + languages: cpp + build-mode: manual + trap-caching: false + + - name: 'build' + timeout-minutes: 10 + shell: bash + run: | + if [ "${MATRIX_PLATFORM}" = 'Windows' ]; then + cmake -B . -DBUILD_SHARED_LIBS=OFF -DCURL_DROP_UNUSED=ON -DCURL_WERROR=ON \ + -DCMAKE_VS_GLOBALS=TrackFileAccess=false \ + -DCURL_USE_SCHANNEL=ON -DCURL_USE_LIBPSL=OFF -DUSE_WIN32_IDN=ON + cmake --build . --verbose + src/Debug/curl.exe --disable --version + else + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + + # MultiSSL + export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix c-ares)/lib/pkgconfig:$(brew --prefix mbedtls)/lib/pkgconfig:$(brew --prefix rustls-ffi)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig" + cmake -B _bld1 -G Ninja -DCURL_DISABLE_TYPECHECK=ON -DCURL_WERROR=ON -DENABLE_DEBUG=ON \ + -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DCURL_USE_WOLFSSL=ON \ + -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON -DUSE_ECH=ON -DENABLE_ARES=ON \ + -DCURL_DISABLE_VERBOSE_STRINGS=ON + cmake --build _bld1 + cmake --build _bld1 --target testdeps + cmake --build _bld1 --target curl-examples-build + + # HTTP/3 + export PKG_CONFIG_PATH; PKG_CONFIG_PATH="$(brew --prefix libnghttp3)/lib/pkgconfig:$(brew --prefix libngtcp2)/lib/pkgconfig:$(brew --prefix gsasl)/lib/pkgconfig" + cmake -B _bld2 -G Ninja -DCURL_DISABLE_TYPECHECK=ON -DCURL_WERROR=ON \ + -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR="$(brew --prefix openssl)" -DUSE_NGTCP2=ON \ + -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON \ + -DCURL_USE_GSASL=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON + cmake --build _bld2 + cmake --build _bld2 --target testdeps + cmake --build _bld2 --target curl-examples-build + + _bld1/src/curl --disable --version + _bld2/src/curl --disable --version + fi + + - name: 'perform analysis' + # https://github.com/github/codeql-action/blob/main/analyze/action.yml + uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4 diff --git a/.github/workflows/configure-vs-cmake.yml b/.github/workflows/configure-vs-cmake.yml new file mode 100644 index 000000000000..5f7ce337465a --- /dev/null +++ b/.github/workflows/configure-vs-cmake.yml @@ -0,0 +1,176 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: 'configure-vs-cmake' +'on': + push: + branches: + - master + paths: + - '*.ac' + - '**/*.m4' + - '**/CMakeLists.txt' + - 'CMake/**' + - 'lib/curl_config-cmake.h.in' + - 'tests/cmake/**' + - '.github/scripts/cmp-config.pl' + - '.github/workflows/configure-vs-cmake.yml' + + pull_request: + branches: + - master + paths: + - '*.ac' + - '**/*.m4' + - '**/CMakeLists.txt' + - 'CMake/**' + - 'lib/curl_config-cmake.h.in' + - 'tests/cmake/**' + - '.github/scripts/cmp-config.pl' + - '.github/workflows/configure-vs-cmake.yml' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + check-linux: + name: 'Linux' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'run configure --with-openssl' + run: | + autoreconf -fi + export PKG_CONFIG_DEBUG_SPEW=1 + mkdir bld-am && cd bld-am && ../configure --enable-static=no --with-openssl --without-libpsl + + - name: 'run cmake' + run: cmake -B bld-cm -DCURL_WERROR=ON -DCURL_USE_CMAKECONFIG=OFF -DCURL_USE_LIBPSL=OFF + + - name: 'configure log' + run: cat bld-am/config.log 2>/dev/null || true + + - name: 'cmake log' + run: cat bld-cm/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true + + - name: 'dump generated files' + run: | + for f in libcurl.pc curl-config; do + echo "::group::AM ${f}"; grep -v '^#' bld-am/"${f}" || true; echo '::endgroup::' + echo "::group::CM ${f}"; grep -v '^#' bld-cm/"${f}" || true; echo '::endgroup::' + done + + - name: 'compare generated curl_config.h files' + run: ./.github/scripts/cmp-config.pl bld-am/lib/curl_config.h bld-cm/lib/curl_config.h + + - name: 'compare generated libcurl.pc files' + run: ./.github/scripts/cmp-pkg-config.sh bld-am/libcurl.pc bld-cm/libcurl.pc + + - name: 'compare generated curl-config files' + run: ./.github/scripts/cmp-pkg-config.sh bld-am/curl-config bld-cm/curl-config + + check-macos: + name: 'macOS' + runs-on: macos-latest + steps: + - name: 'install packages' + timeout-minutes: 2 + run: | + # shellcheck disable=SC2181,SC2034 + while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done + + - name: 'toolchain versions' + run: echo '::group::brew packages installed'; ls -l /opt/homebrew/opt; echo '::endgroup::' + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'run configure --with-openssl' + run: | + autoreconf -fi + export PKG_CONFIG_DEBUG_SPEW=1 + mkdir bld-am && cd bld-am && ../configure --enable-static=no --with-openssl --without-libpsl --disable-ldap --with-brotli --with-zstd --with-apple-sectrust + + - name: 'run cmake' + run: | + cmake -B bld-cm -DCURL_WERROR=ON -DCURL_USE_CMAKECONFIG=OFF -DCURL_USE_LIBPSL=OFF -DCURL_DISABLE_LDAP=ON \ + -DCMAKE_C_COMPILER_TARGET="$(uname -m | sed 's/arm64/aarch64/')-apple-darwin$(uname -r)" \ + -DCURL_USE_LIBSSH2=OFF -DUSE_APPLE_SECTRUST=ON + + - name: 'configure log' + run: cat bld-am/config.log 2>/dev/null || true + + - name: 'cmake log' + run: cat bld-cm/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true + + - name: 'dump generated files' + run: | + for f in libcurl.pc curl-config; do + echo "::group::AM ${f}"; grep -v '^#' bld-am/"${f}" || true; echo '::endgroup::' + echo "::group::CM ${f}"; grep -v '^#' bld-cm/"${f}" || true; echo '::endgroup::' + done + + - name: 'compare generated curl_config.h files' + run: ./.github/scripts/cmp-config.pl bld-am/lib/curl_config.h bld-cm/lib/curl_config.h + + - name: 'compare generated libcurl.pc files' + run: ./.github/scripts/cmp-pkg-config.sh bld-am/libcurl.pc bld-cm/libcurl.pc + + - name: 'compare generated curl-config files' + run: ./.github/scripts/cmp-pkg-config.sh bld-am/curl-config bld-cm/curl-config + + check-windows: + name: 'Windows' + runs-on: ubuntu-latest + env: + TRIPLET: 'x86_64-w64-mingw32' + steps: + - name: 'install packages' + run: sudo apt-get -o Dpkg::Use-Pty=0 install gcc-mingw-w64-x86-64-win32 + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'run configure --with-schannel' + run: | + autoreconf -fi + export PKG_CONFIG_DEBUG_SPEW=1 + mkdir bld-am && cd bld-am && ../configure --enable-static=no --with-schannel --without-libpsl --host="${TRIPLET}" + + - name: 'run cmake' + run: | + cmake -B bld-cm -DCURL_WERROR=ON -DCURL_USE_CMAKECONFIG=OFF -DCURL_USE_SCHANNEL=ON -DCURL_USE_LIBPSL=OFF \ + -DCMAKE_SYSTEM_NAME=Windows \ + -DCMAKE_C_COMPILER_TARGET="${TRIPLET}" \ + -DCMAKE_C_COMPILER="${TRIPLET}-gcc" + + - name: 'configure log' + run: cat bld-am/config.log 2>/dev/null || true + + - name: 'cmake log' + run: cat bld-cm/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true + + - name: 'dump generated files' + run: | + for f in libcurl.pc curl-config; do + echo "::group::AM ${f}"; grep -v '^#' bld-am/"${f}" || true; echo '::endgroup::' + echo "::group::CM ${f}"; grep -v '^#' bld-cm/"${f}" || true; echo '::endgroup::' + done + + - name: 'compare generated curl_config.h files' + run: ./.github/scripts/cmp-config.pl bld-am/lib/curl_config.h bld-cm/lib/curl_config.h + + - name: 'compare generated libcurl.pc files' + run: ./.github/scripts/cmp-pkg-config.sh bld-am/libcurl.pc bld-cm/libcurl.pc + + - name: 'compare generated curl-config files' + run: ./.github/scripts/cmp-pkg-config.sh bld-am/curl-config bld-cm/curl-config diff --git a/.github/workflows/curl-for-win.yml b/.github/workflows/curl-for-win.yml new file mode 100644 index 000000000000..c37f1d2ffb52 --- /dev/null +++ b/.github/workflows/curl-for-win.yml @@ -0,0 +1,196 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl +--- +name: 'curl-for-win' + +'on': + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + CW_NOGET: 'curl trurl' + CW_MAP: '0' + CW_JOBS: '5' + CW_NOPKG: '1' + +jobs: + linux-glibc-gcc: + name: 'Linux gcc glibc (amd64, arm64)' + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + path: 'curl' + fetch-depth: 8 + - name: 'build' + run: | + git clone --depth 1 https://github.com/curl/curl-for-win + mv curl-for-win/* . + export CW_CONFIG='-main-werror-unitybatch-linux-a64-x64-gcc' + export CW_REVISION="${GITHUB_SHA}" + . ./_versions.sh + export CW_CCSUFFIX='-15' + export CW_GCCSUFFIX='-12' + sudo podman image trust set --type reject default + sudo podman image trust set --type accept docker.io/library + time podman pull "${OCI_IMAGE_DEBIAN_STABLE}" + podman images --digests + time podman run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \ + --env-file <(env | grep -a -E \ + '^(CW_|GITHUB_)') \ + "${OCI_IMAGE_DEBIAN_STABLE}" \ + sh -c ./_ci-linux-debian.sh + + linux-glibc-gcc-minimal: # use gcc to minimize installed packages + name: 'Linux gcc glibc minimal (amd64)' + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + path: 'curl' + fetch-depth: 8 + - name: 'build' + run: | + git clone --depth 1 https://github.com/curl/curl-for-win + mv curl-for-win/* . + export CW_CONFIG='-main-werror-unitybatch-prefill-zero-osnotls-osnoidn-nohttp-nocurltool-linux-x64-gcc' + export CW_REVISION="${GITHUB_SHA}" + . ./_versions.sh + sudo podman image trust set --type reject default + sudo podman image trust set --type accept docker.io/library + time podman pull "${OCI_IMAGE_DEBIAN}" + podman images --digests + time podman run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \ + --env-file <(env | grep -a -E \ + '^(CW_|GITHUB_)') \ + "${OCI_IMAGE_DEBIAN}" \ + sh -c ./_ci-linux-debian.sh + + linux-musl-llvm: + name: 'Linux llvm MUSL (amd64, riscv64)' + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + path: 'curl' + fetch-depth: 8 + - name: 'build' + run: | + git clone --depth 1 https://github.com/curl/curl-for-win + mv curl-for-win/* . + export CW_CONFIG='-main-werror-unitybatch-linux-musl-r64-x64' + export CW_REVISION="${GITHUB_SHA}" + . ./_versions.sh + sudo podman image trust set --type reject default + sudo podman image trust set --type accept docker.io/library + time podman pull "${OCI_IMAGE_DEBIAN}" + podman images --digests + time podman run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \ + --env-file <(env | grep -a -E \ + '^(CW_|GITHUB_)') \ + "${OCI_IMAGE_DEBIAN}" \ + sh -c ./_ci-linux-debian.sh + + mac-clang: + name: 'macOS clang (x86_64)' + runs-on: macos-latest + timeout-minutes: 10 + env: + CW_JOBS: '4' + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + path: 'curl' + fetch-depth: 8 + - name: 'build' + run: | + git clone --depth 1 https://github.com/curl/curl-for-win + mv curl-for-win/* . + export CW_CONFIG='-main-werror-unitybatch-mac-x64' + export CW_REVISION="${GITHUB_SHA}" + sh -c ./_ci-mac-homebrew.sh + + win-llvm: + name: 'Windows llvm (x64)' + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + path: 'curl' + fetch-depth: 8 + - name: 'build' + run: | + git clone --depth 1 https://github.com/curl/curl-for-win + mv curl-for-win/* . + export CW_CONFIG='-main-werror-unitybatch-win-x64-noWINE' + export CW_REVISION="${GITHUB_SHA}" + . ./_versions.sh + sudo podman image trust set --type reject default + sudo podman image trust set --type accept docker.io/library + time podman pull "${OCI_IMAGE_DEBIAN}" + podman images --digests + time podman run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \ + --env-file <(env | grep -a -E \ + '^(CW_|GITHUB_)') \ + "${OCI_IMAGE_DEBIAN}" \ + sh -c ./_ci-linux-debian.sh + + win-gcc-zlibold-x64: + name: 'Windows gcc zlib-classic (x64)' + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + path: 'curl' + fetch-depth: 8 + - name: 'build' + run: | + git clone --depth 1 https://github.com/curl/curl-for-win + mv curl-for-win/* . + export CW_CONFIG='-main-werror-unitybatch-win-x64-gcc-zlibold-noWINE' + export CW_REVISION="${GITHUB_SHA}" + . ./_versions.sh + sudo podman image trust set --type reject default + sudo podman image trust set --type accept docker.io/library + time podman pull "${OCI_IMAGE_DEBIAN}" + podman images --digests + time podman run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \ + --env-file <(env | grep -a -E \ + '^(CW_|GITHUB_)') \ + "${OCI_IMAGE_DEBIAN}" \ + sh -c ./_ci-linux-debian.sh diff --git a/.github/workflows/distcheck.yml b/.github/workflows/distcheck.yml new file mode 100644 index 000000000000..d5272b67c5ff --- /dev/null +++ b/.github/workflows/distcheck.yml @@ -0,0 +1,366 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: 'dist' + +'on': + push: + branches: + - master + - '*/ci' + pull_request: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + CURL_TEST_MIN: 1450 + MAKEFLAGS: -j 5 + +jobs: + maketgz-and-verify-in-tree: + name: 'AM in-tree & maketgz' + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'remove preinstalled curl libcurl4{-doc}' + run: sudo apt-get -o Dpkg::Use-Pty=0 purge curl libcurl4 libcurl4-doc + + - name: 'autoreconf' + run: autoreconf -fi + + - name: 'configure' + run: ./configure --without-ssl --without-libpsl + + - name: 'make' + run: make V=1 + + - name: 'maketgz' + run: SOURCE_DATE_EPOCH=1711526400 ./scripts/maketgz 99.98.97 + + - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 + with: + name: 'release-tgz' + path: 'curl-99.98.97.tar.gz' + retention-days: 1 + + - name: 'configure build & install' + run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + pushd curl-99.98.97 + ./configure --prefix="$HOME"/temp --enable-option-checking=fatal --enable-werror --without-ssl --without-libpsl + make + make test-ci + make install + popd + # basic check of the installed files + bash scripts/installcheck.sh "$HOME"/temp + rm -rf curl-99.98.97 + + verify-out-of-tree-docs: + name: 'AM out-of-tree docs' + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: 'release-tgz' + + - name: 'configure build & docs' + run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + touch curl-99.98.97/docs/{cmdline-opts,libcurl}/Makefile.inc + mkdir build + pushd build + ../curl-99.98.97/configure --enable-option-checking=fatal --enable-werror --without-ssl --without-libpsl + make + make test-ci + popd + rm -rf build + rm -rf curl-99.98.97 + + verify-out-of-tree-autotools-debug: + name: 'AM out-of-tree (debug)' + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: 'release-tgz' + + - name: 'build & install' + run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + pushd curl-99.98.97 + mkdir build + pushd build + ../configure --prefix="$PWD"/curl-install --enable-option-checking=fatal --enable-werror --without-ssl --enable-debug --without-libpsl + make + make test-ci + make install + curl-install/bin/curl --disable --version + curl-install/bin/curl --manual | wc -l | grep -v '^ *0$' + popd + scripts/checksrc-all.pl + + verify-out-of-tree-autotools: + name: 'AM out-of-tree !perl' + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: 'release-tgz' + + - name: 'build & install' + run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + pushd curl-99.98.97 + mkdir build + pushd build + ../configure --prefix="$PWD"/curl-install --enable-option-checking=fatal --enable-werror --without-ssl --without-libpsl ac_cv_path_PERL= + make + make install + curl-install/bin/curl --disable --version + curl-install/bin/curl --manual | wc -l | grep -v '^ *0$' + popd + + verify-in-tree-autotools: + name: 'AM in-tree !perl' + runs-on: ubuntu-latest + timeout-minutes: 10 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: 'release-tgz' + + - name: 'build & install' + run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + pushd curl-99.98.97 + ./configure --prefix="$PWD"/curl-install --enable-option-checking=fatal --enable-werror --without-ssl --without-libpsl ac_cv_path_PERL= + make + make install + curl-install/bin/curl --disable --version + curl-install/bin/curl --manual | wc -l | grep -v '^ *0$' + + verify-out-of-tree-cmake: + name: 'CM out-of-tree !perl' + runs-on: ubuntu-latest + timeout-minutes: 5 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: 'release-tgz' + + - name: 'build & install' + run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + pushd curl-99.98.97 + cmake -B build -DCMAKE_INSTALL_PREFIX="$PWD"/curl-install -DCURL_WERROR=ON -DCURL_USE_LIBPSL=OFF -DPERL_EXECUTABLE= + cmake --build build + cmake --install build + export LD_LIBRARY_PATH="$PWD/curl-install/lib:$LD_LIBRARY_PATH" + curl-install/bin/curl --disable --version + curl-install/bin/curl --manual | wc -l | grep -v '^ *0$' + + verify-in-tree-cmake: + name: 'CM in-tree !perl' + runs-on: ubuntu-latest + timeout-minutes: 5 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: 'release-tgz' + + - name: 'build & install' + run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + pushd curl-99.98.97 + cmake . -G Ninja -DCMAKE_INSTALL_PREFIX="$PWD"/curl-install -DCURL_WERROR=ON -DCURL_USE_LIBPSL=OFF -DPERL_EXECUTABLE= + cmake --build . + cmake --install . + export LD_LIBRARY_PATH="$PWD/curl-install/lib:$LD_LIBRARY_PATH" + curl-install/bin/curl --disable --version + curl-install/bin/curl --manual | wc -l | grep -v '^ *0$' + + missing-files: + name: 'missing files' + runs-on: ubuntu-slim + timeout-minutes: 5 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 + with: + name: 'release-tgz' + + - name: 'detect files missing from release tarball' + run: .github/scripts/distfiles.sh curl-99.98.97.tar.gz + + reproducible-releases: + name: 'reproducible releases' + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'remove preinstalled curl libcurl4{-doc}' + run: sudo apt-get -o Dpkg::Use-Pty=0 purge curl libcurl4 libcurl4-doc + + - name: 'generate release tarballs' + run: ./scripts/dmaketgz 9.10.11 + + - name: 'verify release tarballs' + run: | + mkdir _verify + mv curl-9.10.11.tar.gz _verify + cd _verify + ../scripts/verify-release curl-9.10.11.tar.gz + + cmake-integration: + name: 'CM integration ${{ matrix.image }}' + runs-on: ${{ matrix.image }} + timeout-minutes: 15 + defaults: + run: + shell: ${{ contains(matrix.image, 'windows') && 'msys2 {0}' || 'bash' }} + env: + CC: ${{ !contains(matrix.image, 'windows') && 'clang' || '' }} + MAKEFLAGS: ${{ contains(matrix.image, 'macos') && '-j 4' || '-j 5' }} + MATRIX_IMAGE: '${{ matrix.image }}' + TESTOPTS: ${{ contains(matrix.image, 'macos') && '-D_CURL_PREFILL=ON' || '' }} ${{ contains(matrix.image, 'windows') && '-DCMAKE_UNITY_BUILD_BATCH_SIZE=30' || '' }} + OLD_CMAKE_VERSION: 3.19.8 + OLD_CMAKE_SHA256_LINUX_ARM: 807f5afb2a560e00af9640e496d5673afefc2888bf0ed076412884a5ebb547a1 + OLD_CMAKE_SHA256_MACOS_UNI: 0976d23d982af05dcbfb3aa34fcb62ead43bea27f0e3bb95222f2a78161423f2 + OLD_CMAKE_SHA256_WIN_INTEL: 2a30877a3d6b50da305b289f4d1c03befdfaeb2edba02a563c681e883d810380 + strategy: + fail-fast: false + matrix: + image: [ubuntu-24.04-arm, macos-latest, windows-2022] + steps: + - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0 + if: ${{ contains(matrix.image, 'windows') }} + with: + msystem: mingw64 + release: false + update: false + cache: false + path-type: inherit + install: >- + mingw-w64-x86_64-zlib mingw-w64-x86_64-zstd mingw-w64-x86_64-libpsl mingw-w64-x86_64-libssh2 mingw-w64-x86_64-nghttp2 mingw-w64-x86_64-openssl + + - name: 'install prereqs' + timeout-minutes: 3 + run: | + if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ + --location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-win64-x64.zip" --output pkg.bin + sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${OLD_CMAKE_SHA256_WIN_INTEL}" && unzip -q pkg.bin && rm -f pkg.bin + printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-win64-x64/bin/cmake.exe > ~/old-cmake-path.txt + elif [[ "${MATRIX_IMAGE}" = *'ubuntu'* ]]; then + sudo apt-get -o Dpkg::Use-Pty=0 install libpsl-dev libssl-dev + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ + --location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-Linux-aarch64.tar.gz" --output pkg.bin + sha256sum pkg.bin | tee /dev/stderr | grep -qwF -- "${OLD_CMAKE_SHA256_LINUX_ARM}" && tar -xzf pkg.bin && rm -f pkg.bin + printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-Linux-aarch64/bin/cmake > ~/old-cmake-path.txt + else + brew install libpsl openssl + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ + --location "https://github.com/Kitware/CMake/releases/download/v${OLD_CMAKE_VERSION}/cmake-${OLD_CMAKE_VERSION}-macos-universal.tar.gz" --output pkg.bin + sha256sum pkg.bin | tee /dev/stderr | grep -qwF -- "${OLD_CMAKE_SHA256_MACOS_UNI}" && tar -xzf pkg.bin && rm -f pkg.bin + printf '%s' ~/cmake-"${OLD_CMAKE_VERSION}"-macos-universal/CMake.app/Contents/bin/cmake > ~/old-cmake-path.txt + fi + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'via ExternalProject' + if: ${{ !contains(matrix.image, 'ubuntu') }} + run: ./tests/cmake/test.sh ExternalProject ${TESTOPTS} + - name: 'via FetchContent' + run: ./tests/cmake/test.sh FetchContent ${TESTOPTS} -DCURL_USE_OPENSSL=ON + - name: 'via add_subdirectory' + run: ./tests/cmake/test.sh add_subdirectory ${TESTOPTS} -DCURL_USE_OPENSSL=ON + - name: 'via find_package' + run: ./tests/cmake/test.sh find_package ${TESTOPTS} -DCURL_USE_OPENSSL=ON + - name: 'via find_package (C++)' + if: ${{ contains(matrix.image, 'ubuntu') }} + run: TEST_CMAKE_FLAGS=-DTEST_CPP=ON ./tests/cmake/test.sh find_package ${TESTOPTS} -DCURL_USE_OPENSSL=ON + - name: 'via find_package (PREFER_CONFIG=ON)' + if: ${{ contains(matrix.image, 'windows') }} + run: | + export TEST_CMAKE_FLAGS_PROVIDER='-DCMAKE_FIND_PACKAGE_PREFER_CONFIG=ON -DCURL_ZSTD=OFF -DNGHTTP2_INCLUDE_DIR=C:/msys64/mingw64/include -DNGHTTP2_LIBRARY=C:/msys64/mingw64/lib/libnghttp2.dll.a' + export TEST_CMAKE_FLAGS_CONSUMER="${TEST_CMAKE_FLAGS_PROVIDER}" + ./tests/cmake/test.sh find_package ${TESTOPTS} -DCURL_USE_OPENSSL=ON + + - name: 'via ExternalProject (old cmake)' + if: ${{ contains(matrix.image, 'ubuntu') }} + run: | + export TEST_CMAKE_CONSUMER; TEST_CMAKE_CONSUMER="$(cat ~/old-cmake-path.txt)" + if [[ "${MATRIX_IMAGE}" = *'macos'* ]]; then + export CFLAGS='-arch arm64' + fi + if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then + export TEST_CMAKE_GENERATOR='MSYS Makefiles' + export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc' + fi + ./tests/cmake/test.sh ExternalProject ${TESTOPTS} + + - name: 'via add_subdirectory OpenSSL (old cmake)' + run: | + export TEST_CMAKE_CONSUMER; TEST_CMAKE_CONSUMER="$(cat ~/old-cmake-path.txt)" + if [[ "${MATRIX_IMAGE}" = *'macos'* ]]; then + export CFLAGS='-arch arm64' + export TEST_CMAKE_FLAGS='-DCURL_USE_LIBPSL=OFF' # auto-detection does not work with old-cmake + fi + if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then + export TEST_CMAKE_GENERATOR='MSYS Makefiles' + export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64' + fi + ./tests/cmake/test.sh add_subdirectory ${TESTOPTS} -DCURL_USE_OPENSSL=ON + + - name: 'via find_package OpenSSL (old cmake)' + run: | + export TEST_CMAKE_CONSUMER; TEST_CMAKE_CONSUMER="$(cat ~/old-cmake-path.txt)" + if [[ "${MATRIX_IMAGE}" = *'macos'* ]]; then + export CFLAGS='-arch arm64' + export TEST_CMAKE_FLAGS='-DCURL_USE_LIBPSL=OFF' # auto-detection does not work with old-cmake + fi + if [[ "${MATRIX_IMAGE}" = *'windows'* ]]; then + export TEST_CMAKE_GENERATOR='MSYS Makefiles' + export TEST_CMAKE_FLAGS='-DCMAKE_C_COMPILER=x86_64-w64-mingw32-gcc -DOPENSSL_ROOT_DIR=C:/msys64/mingw64' + fi + ./tests/cmake/test.sh find_package ${TESTOPTS} -DCURL_USE_OPENSSL=ON diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index fe5dd075d626..45884515e884 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -1,36 +1,43 @@ -name: Fuzzer +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl -on: - # Trigger the workflow on push or pull requests, but only for the - # master branch +name: 'Fuzzer' + +'on': push: branches: - master - '*/ci' + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'Dockerfile' + - 'projects/**' + - 'tests/data/**' pull_request: branches: - master + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'Dockerfile' + - 'projects/**' + - 'tests/data/**' -jobs: - fuzzing: - runs-on: ubuntu-latest - steps: - - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - with: - oss-fuzz-project-name: 'curl' - dry-run: false +concurrency: + # Hard-coded workflow name to avoid colliding with curl-fuzzer's group + group: curl-fuzz-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true - - name: Run Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'curl' - fuzz-seconds: 2400 - dry-run: false +permissions: {} - - name: Upload Crash - uses: actions/upload-artifact@v1 - if: failure() - with: - name: artifacts - path: ./out/artifacts +jobs: + Fuzzing: + uses: curl/curl-fuzzer/.github/workflows/ci.yml@master # zizmor: ignore[unpinned-uses] diff --git a/.github/workflows/http3-linux.yml b/.github/workflows/http3-linux.yml new file mode 100644 index 000000000000..7da5ff5c7d7a --- /dev/null +++ b/.github/workflows/http3-linux.yml @@ -0,0 +1,747 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: 'Linux HTTP/3' + +'on': + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 5 + CURL_CI: github + CURL_TEST_MIN: 1600 + # handled in renovate.json + OPENSSL_VERSION: 3.6.1 + # renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com + LIBRESSL_VERSION: 4.2.1 + # renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com + AWSLC_VERSION: 1.69.0 + # renovate: datasource=github-tags depName=google/boringssl versioning=semver registryUrl=https://github.com + BORINGSSL_VERSION: 0.20260211.0 + # renovate: datasource=github-tags depName=gnutls/nettle versioning=semver registryUrl=https://github.com + NETTLE_VERSION: 3.10.2 + # renovate: datasource=github-tags depName=gnutls/gnutls versioning=semver extractVersion=^nettle_?(?.+)_release_.+$ registryUrl=https://github.com + GNUTLS_VERSION: 3.8.11 + # renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com + WOLFSSL_VERSION: 5.9.0 + # renovate: datasource=github-tags depName=ngtcp2/nghttp3 versioning=semver registryUrl=https://github.com + NGHTTP3_VERSION: 1.15.0 + # renovate: datasource=github-tags depName=ngtcp2/ngtcp2 versioning=semver registryUrl=https://github.com + NGTCP2_VERSION: 1.21.0 + # renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com + NGHTTP2_VERSION: 1.68.1 + # renovate: datasource=github-tags depName=cloudflare/quiche versioning=semver registryUrl=https://github.com + QUICHE_VERSION: 0.24.7 + +jobs: + build-cache: + name: 'Build caches' + runs-on: ubuntu-latest + + steps: + - name: 'cache openssl' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-openssl-http3-no-deprecated + env: + cache-name: cache-openssl-http3-no-deprecated + with: + path: ~/openssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} + + - name: 'cache libressl' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-libressl + env: + cache-name: cache-libressl + with: + path: ~/libressl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }} + + - name: 'cache awslc' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-awslc + env: + cache-name: cache-awslc + with: + path: ~/awslc/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }} + + - name: 'cache boringssl' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-boringssl + env: + cache-name: cache-boringssl + with: + path: ~/boringssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }} + + - name: 'cache nettle' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-nettle + env: + cache-name: cache-nettle + with: + path: ~/nettle/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NETTLE_VERSION }} + + - name: 'cache gnutls' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-gnutls + env: + cache-name: cache-gnutls + with: + path: ~/gnutls/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.GNUTLS_VERSION }}-${{ env.NETTLE_VERSION }} + + - name: 'cache wolfssl' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-wolfssl + env: + cache-name: cache-wolfssl + with: + path: ~/wolfssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }} + + - name: 'cache nghttp3' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-nghttp3 + env: + cache-name: cache-nghttp3 + with: + path: ~/nghttp3/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP3_VERSION }} + + - name: 'cache ngtcp2' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-ngtcp2 + env: + cache-name: cache-ngtcp2 + with: + path: ~/ngtcp2/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} + + - name: 'cache ngtcp2 boringssl' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-ngtcp2-boringssl + env: + cache-name: cache-ngtcp2-boringssl + with: + path: ~/ngtcp2-boringssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }} + + - name: 'cache nghttp2' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-nghttp2 + env: + cache-name: cache-nghttp2 + with: + path: ~/nghttp2/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }} + + - id: settings + if: >- + ${{ steps.cache-openssl-http3-no-deprecated.outputs.cache-hit != 'true' || + steps.cache-libressl.outputs.cache-hit != 'true' || + steps.cache-awslc.outputs.cache-hit != 'true' || + steps.cache-boringssl.outputs.cache-hit != 'true' || + steps.cache-nettle.outputs.cache-hit != 'true' || + steps.cache-gnutls.outputs.cache-hit != 'true' || + steps.cache-wolfssl.outputs.cache-hit != 'true' || + steps.cache-nghttp3.outputs.cache-hit != 'true' || + steps.cache-ngtcp2.outputs.cache-hit != 'true' || + steps.cache-ngtcp2-boringssl.outputs.cache-hit != 'true' || + steps.cache-nghttp2.outputs.cache-hit != 'true' }} + + run: echo 'needs-build=true' >> "$GITHUB_OUTPUT" + + - name: 'install build prereqs' + if: ${{ steps.settings.outputs.needs-build == 'true' }} + run: | + sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo apt-get -o Dpkg::Use-Pty=0 install \ + libtool autoconf automake pkgconf \ + libbrotli-dev libzstd-dev zlib1g-dev \ + libev-dev \ + libc-ares-dev \ + libp11-kit-dev autopoint bison gperf gtk-doc-tools libtasn1-bin # for GnuTLS + echo 'CC=gcc-12' >> "$GITHUB_ENV" + echo 'CXX=g++-12' >> "$GITHUB_ENV" + + - name: 'build openssl' + if: ${{ steps.cache-openssl-http3-no-deprecated.outputs.cache-hit != 'true' }} + run: | + cd ~ + git clone --quiet --depth 1 -b "openssl-${OPENSSL_VERSION}" https://github.com/openssl/openssl + cd openssl + ./config --prefix="$PWD"/build --libdir=lib no-makedepend no-apps no-docs no-tests no-deprecated + make + make -j1 install_sw + + - name: 'build libressl' + if: ${{ steps.cache-libressl.outputs.cache-hit != 'true' }} + run: | + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "libressl-${LIBRESSL_VERSION}" + cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl/build + cmake --build . + cmake --install . + + - name: 'build awslc' + if: ${{ steps.cache-awslc.outputs.cache-hit != 'true' }} + run: | + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "aws-lc-${AWSLC_VERSION}" + cmake -B . -G Ninja -DBUILD_SHARED_LIBS=ON -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/awslc/build + cmake --build . + cmake --install . + + - name: 'build boringssl' + if: ${{ steps.cache-boringssl.outputs.cache-hit != 'true' }} + run: | + mkdir boringssl-src + cd boringssl-src + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + "https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cmake -B . -G Ninja -DBUILD_SHARED_LIBS=ON -DBUILD_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/boringssl/build + cmake --build . + cmake --install . + + - name: 'build nettle' + if: ${{ steps.cache-nettle.outputs.cache-hit != 'true' }} + run: | + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://ftpmirror.gnu.org/nettle/nettle-${NETTLE_VERSION}.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "nettle-${NETTLE_VERSION}" + ./configure --disable-dependency-tracking --prefix=/home/runner/nettle/build \ + --disable-silent-rules --disable-static --disable-openssl --disable-documentation + make install + + - name: 'build gnutls' + if: ${{ steps.cache-gnutls.outputs.cache-hit != 'true' }} + run: | + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + "https://www.gnupg.org/ftp/gcrypt/gnutls/v${GNUTLS_VERSION%.*}/gnutls-${GNUTLS_VERSION}.tar.xz" --output pkg.bin + sha256sum pkg.bin && tar -xJf pkg.bin && rm -f pkg.bin + cd "gnutls-${GNUTLS_VERSION}" + # required: libp11-kit-dev libev-dev autopoint bison gperf gtk-doc-tools libtasn1-bin + ./configure --disable-dependency-tracking --prefix=/home/runner/gnutls/build \ + PKG_CONFIG_PATH=/home/runner/nettle/build/lib64/pkgconfig \ + LDFLAGS=-Wl,-rpath,/home/runner/nettle/build/lib64 \ + --with-included-libtasn1 --with-included-unistring \ + --disable-guile --disable-doc --disable-tests --disable-tools + make install + + - name: 'build wolfssl' + if: ${{ steps.cache-wolfssl.outputs.cache-hit != 'true' }} + run: | + cd ~ + git clone --quiet --depth 1 -b "v${WOLFSSL_VERSION}-stable" https://github.com/wolfSSL/wolfssl + cd wolfssl + ./autogen.sh + ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-all --enable-quic \ + --disable-benchmark --disable-crypttests --disable-examples + make + make install + + - name: 'build nghttp3' + if: ${{ steps.cache-nghttp3.outputs.cache-hit != 'true' }} + run: | + cd ~ + git clone --quiet --depth 1 -b "v${NGHTTP3_VERSION}" https://github.com/ngtcp2/nghttp3 + cd nghttp3 + git submodule update --init --depth 1 + autoreconf -fi + ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-lib-only + make + make install + + - name: 'build ngtcp2' + if: ${{ steps.cache-ngtcp2.outputs.cache-hit != 'true' }} + # building twice to get crypto libs for ossl, libressl and awslc installed + run: | + cd ~ + git clone --quiet --depth 1 -b "v${NGTCP2_VERSION}" https://github.com/ngtcp2/ngtcp2 + cd ngtcp2 + autoreconf -fi + ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-lib-only \ + PKG_CONFIG_PATH=/home/runner/libressl/build/lib/pkgconfig \ + --with-openssl + make install + make clean + ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-lib-only \ + PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig:/home/runner/nettle/build/lib64/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/wolfssl/build/lib/pkgconfig \ + --with-openssl --with-gnutls --with-wolfssl --with-boringssl \ + BORINGSSL_LIBS='-L/home/runner/awslc/build/lib -lssl -lcrypto' \ + BORINGSSL_CFLAGS='-I/home/runner/awslc/build/include' + make install + + - name: 'build ngtcp2 boringssl' + if: ${{ steps.cache-ngtcp2-boringssl.outputs.cache-hit != 'true' }} + run: | + cd ~ + git clone --quiet --depth 1 -b "v${NGTCP2_VERSION}" https://github.com/ngtcp2/ngtcp2 ngtcp2-boringssl + cd ngtcp2-boringssl + autoreconf -fi + ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-lib-only \ + --with-openssl=no --with-boringssl \ + BORINGSSL_LIBS='-L/home/runner/boringssl/build/lib -lssl -lcrypto' \ + BORINGSSL_CFLAGS='-I/home/runner/boringssl/build/include' + make install + + - name: 'build nghttp2' + if: ${{ steps.cache-nghttp2.outputs.cache-hit != 'true' }} + run: | + cd ~ + git clone --quiet --depth 1 -b "v${NGHTTP2_VERSION}" https://github.com/nghttp2/nghttp2 + cd nghttp2 + git submodule update --init --depth 1 + autoreconf -fi + # required (for nghttpx application): libc-ares-dev libev-dev zlib1g-dev + # optional (for nghttpx application): libbrotli-dev + ./configure --disable-dependency-tracking --prefix="$PWD"/build --enable-app --enable-http3 \ + PKG_CONFIG_PATH=/home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig \ + LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib \ + --with-libbrotlienc --with-libbrotlidec + make install + + linux: + name: ${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.name }} + needs: build-cache + runs-on: ubuntu-latest + timeout-minutes: 10 + env: + CURL_TRACE_PKG_CONFIG: '1' + MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }} + MATRIX_INSTALL_PACKAGES: '${{ matrix.build.install_packages }}' + strategy: + fail-fast: false + matrix: + build: + - name: 'openssl' + PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + tflags: '--min=1640' + configure: >- + LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib + --with-openssl=/home/runner/openssl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ssls-export + + - name: 'openssl' + install_steps: skipall + PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + generate: >- + -DOPENSSL_ROOT_DIR=/home/runner/openssl/build -DUSE_NGTCP2=ON + -DCURL_DISABLE_LDAP=ON + -DCMAKE_UNITY_BUILD=ON + + - name: 'libressl' + install_steps: skipall + # Intentionally using '--with-ngtcp2=' to test this way of configuration, in addition to bare '--with-ngtcp2' + 'PKG_CONFIG_PATH' in other jobs. + PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + configure: >- + LDFLAGS=-Wl,-rpath,/home/runner/libressl/build/lib + --with-openssl=/home/runner/libressl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ssls-export + --enable-unity + + - name: 'libressl' + PKG_CONFIG_PATH: /home/runner/libressl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + tflags: '--min=1790' + generate: >- + -DOPENSSL_ROOT_DIR=/home/runner/libressl/build -DUSE_NGTCP2=ON + + - name: 'awslc' + install_steps: skipall + # Intentionally using bare '--with-ngtcp2' + 'PKG_CONFIG_PATH' to test this way of configuration, in addition to '--with-ngtcp2=' in other jobs. + PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + configure: >- + LDFLAGS=-Wl,-rpath,/home/runner/awslc/build/lib + --with-openssl=/home/runner/awslc/build --with-ngtcp2 --enable-ssls-export + + - name: 'awslc' + PKG_CONFIG_PATH: /home/runner/awslc/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + tflags: '--min=1790' + generate: >- + -DOPENSSL_ROOT_DIR=/home/runner/awslc/build -DUSE_NGTCP2=ON -DBUILD_SHARED_LIBS=OFF + -DCMAKE_UNITY_BUILD=ON -DCURL_DROP_UNUSED=ON + + - name: 'boringssl' + install_steps: skipall + PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + configure: >- + LDFLAGS=-Wl,-rpath,/home/runner/boringssl/build/lib + --with-openssl=/home/runner/boringssl/build --with-ngtcp2=/home/runner/ngtcp2-boringssl/build --enable-ssls-export + + - name: 'boringssl' + PKG_CONFIG_PATH: /home/runner/boringssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2-boringssl/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + tflags: '--min=1790' + generate: >- + -DOPENSSL_ROOT_DIR=/home/runner/boringssl/build -DUSE_NGTCP2=ON -DBUILD_SHARED_LIBS=OFF + -DCMAKE_UNITY_BUILD=ON + + - name: 'gnutls' + install_packages: libp11-kit-dev libssh-dev + install_steps: skipall + PKG_CONFIG_PATH: /home/runner/nettle/build/lib64/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + LDFLAGS: -Wl,-rpath,/home/runner/gnutls/build/lib -Wl,-rpath,/home/runner/nettle/build/lib64 -Wl,-rpath,/home/runner/ngtcp2/build/lib + configure: >- + --with-gnutls=/home/runner/gnutls/build --with-ngtcp2=/home/runner/ngtcp2/build --with-libssh --enable-ssls-export + + - name: 'gnutls' + install_packages: libp11-kit-dev libssh-dev + PKG_CONFIG_PATH: /home/runner/nettle/build/lib64/pkgconfig:/home/runner/gnutls/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + LDFLAGS: -Wl,-rpath,/home/runner/gnutls/build/lib + tflags: '--min=1840' + generate: >- + -DCURL_USE_GNUTLS=ON -DUSE_NGTCP2=ON -DCURL_USE_LIBSSH=ON + -DCMAKE_UNITY_BUILD=ON + + - name: 'wolfssl' + install_packages: libssh2-1-dev + install_steps: skipall + PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + configure: >- + LDFLAGS=-Wl,-rpath,/home/runner/wolfssl/build/lib + --with-wolfssl=/home/runner/wolfssl/build --with-ngtcp2=/home/runner/ngtcp2/build --enable-ech --with-libssh2 --enable-ssls-export + --enable-unity + + - name: 'wolfssl' + install_packages: libssh2-1-dev + PKG_CONFIG_PATH: /home/runner/wolfssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/ngtcp2/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig + tflags: '--min=1840' + generate: >- + -DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON + -DUSE_ECH=ON + + - name: 'quiche' + install_steps: skipall + PKG_CONFIG_PATH: /home/runner/nghttp2/build/lib/pkgconfig + configure: >- + LDFLAGS=-Wl,-rpath,/home/runner/quiche/target/release + --with-openssl=/home/runner/quiche/quiche/deps/boringssl/src + --with-quiche=/home/runner/quiche/target/release + --with-ca-fallback + --enable-unity + + - name: 'quiche' + PKG_CONFIG_PATH: /home/runner/nghttp2/build/lib/pkgconfig:/home/runner/quiche/target/release + tflags: '--min=1790' + generate: >- + -DOPENSSL_ROOT_DIR=/home/runner/quiche/quiche/deps/boringssl/src + -DUSE_QUICHE=ON + -DCURL_CA_FALLBACK=ON + + steps: + - name: 'install prereqs' + env: + INSTALL_PACKAGES: >- + ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'stunnel4 ' || '' }} + ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'apache2 apache2-dev libnghttp2-dev vsftpd dante-server libev-dev' || '' }} + + run: | + sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo apt-get -o Dpkg::Use-Pty=0 install \ + libtool autoconf automake pkgconf \ + libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libidn2-0-dev libldap-dev libuv1-dev valgrind \ + ${INSTALL_PACKAGES} \ + ${MATRIX_INSTALL_PACKAGES} + echo 'CC=gcc-12' >> "$GITHUB_ENV" + echo 'CXX=g++-12' >> "$GITHUB_ENV" + + - name: 'cache openssl' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-openssl-http3-no-deprecated + env: + cache-name: cache-openssl-http3-no-deprecated + with: + path: ~/openssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} + fail-on-cache-miss: true + + - name: 'cache libressl' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-libressl + env: + cache-name: cache-libressl + with: + path: ~/libressl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }} + fail-on-cache-miss: true + + - name: 'cache awslc' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-awslc + env: + cache-name: cache-awslc + with: + path: ~/awslc/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }} + fail-on-cache-miss: true + + - name: 'cache boringssl' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-boringssl + env: + cache-name: cache-boringssl + with: + path: ~/boringssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }} + fail-on-cache-miss: true + + - name: 'cache nettle' + if: ${{ contains(matrix.build.name, 'gnutls') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-nettle + env: + cache-name: cache-nettle + with: + path: ~/nettle/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NETTLE_VERSION }} + fail-on-cache-miss: true + + - name: 'cache gnutls' + if: ${{ contains(matrix.build.name, 'gnutls') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-gnutls + env: + cache-name: cache-gnutls + with: + path: ~/gnutls/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.GNUTLS_VERSION }}-${{ env.NETTLE_VERSION }} + fail-on-cache-miss: true + + - name: 'cache wolfssl' + if: ${{ contains(matrix.build.name, 'wolfssl') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-wolfssl + env: + cache-name: cache-wolfssl + with: + path: ~/wolfssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }} + fail-on-cache-miss: true + + - name: 'cache nghttp3' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-nghttp3 + env: + cache-name: cache-nghttp3 + with: + path: ~/nghttp3/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP3_VERSION }} + fail-on-cache-miss: true + + - name: 'cache ngtcp2' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-ngtcp2 + env: + cache-name: cache-ngtcp2 + with: + path: ~/ngtcp2/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.LIBRESSL_VERSION }}-${{ env.AWSLC_VERSION }}-${{ env.NETTLE_VERSION }}-${{ env.GNUTLS_VERSION }}-${{ env.WOLFSSL_VERSION }} + fail-on-cache-miss: true + + - name: 'cache ngtcp2 boringssl' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-ngtcp2-boringssl + env: + cache-name: cache-ngtcp2-boringssl + with: + path: ~/ngtcp2-boringssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGTCP2_VERSION }}-${{ env.BORINGSSL_VERSION }} + fail-on-cache-miss: true + + - name: 'cache nghttp2' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-nghttp2 + env: + cache-name: cache-nghttp2 + with: + path: ~/nghttp2/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.OPENSSL_VERSION }}-${{ env.NGTCP2_VERSION }}-${{ env.NGHTTP3_VERSION }} + fail-on-cache-miss: true + + - name: 'cache quiche' + if: ${{ contains(matrix.build.name, 'quiche') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-quiche + env: + cache-name: cache-quiche + with: + path: ~/quiche + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.QUICHE_VERSION }} + + - name: 'build quiche and boringssl' + if: ${{ contains(matrix.build.name, 'quiche') && steps.cache-quiche.outputs.cache-hit != 'true' }} + run: | + cd ~ + git clone --quiet --depth 1 -b "${QUICHE_VERSION}" --recursive https://github.com/cloudflare/quiche + cd quiche + #### Work-around https://github.com/curl/curl/issues/7927 ####### + #### See https://github.com/alexcrichton/cmake-rs/issues/131 #### + sed -i -e 's/cmake = "0.1"/cmake = "=0.1.45"/' quiche/Cargo.toml + + cargo build -v --package quiche --release --features ffi,pkg-config-meta,qlog --verbose + ln -s libquiche.so target/release/libquiche.so.0 + mkdir -v quiche/deps/boringssl/src/lib + find target/release \( -name libcrypto.a -o -name libssl.a \) -exec ln -vnf -- '{}' quiche/deps/boringssl/src/lib \; + + # include dir + # /home/runner/quiche/quiche/deps/boringssl/src/include + # lib dir + # /home/runner/quiche/quiche/deps/boringssl/src/lib + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'autoreconf' + if: ${{ matrix.build.configure }} + run: autoreconf -fi + + - name: 'configure' + env: + LDFLAGS: '${{ matrix.build.LDFLAGS }}' + MATRIX_CONFIGURE: '${{ matrix.build.configure }}' + MATRIX_GENERATE: '${{ matrix.build.generate }}' + MATRIX_PKG_CONFIG_PATH: '${{ matrix.build.PKG_CONFIG_PATH }}' + run: | + [ -n "${MATRIX_PKG_CONFIG_PATH}" ] && export PKG_CONFIG_PATH="${MATRIX_PKG_CONFIG_PATH}" + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + [[ "${MATRIX_GENERATE}" = *'boringssl'* ]] && options=" -DBORINGSSL_VERSION=${BORINGSSL_VERSION}" + cmake -B bld -G Ninja \ + -DCMAKE_C_COMPILER_TARGET="$(uname -m)-pc-linux-gnu" -DBUILD_STATIC_LIBS=ON \ + -DCURL_WERROR=ON -DENABLE_DEBUG=ON \ + -DCURL_USE_LIBUV=ON -DCURL_ENABLE_NTLM=ON \ + -DTEST_NGHTTPX=/home/runner/nghttp2/build/bin/nghttpx \ + -DHTTPD_NGHTTPX=/home/runner/nghttp2/build/bin/nghttpx \ + ${MATRIX_GENERATE} ${options} + else + [[ "${MATRIX_CONFIGURE}" = *'boringssl'* ]] && export CPPFLAGS="-DCURL_BORINGSSL_VERSION=\\\"${BORINGSSL_VERSION}\\\"" + mkdir bld && cd bld && ../configure --enable-warnings --enable-werror --enable-debug --disable-static \ + --disable-dependency-tracking --enable-option-checking=fatal \ + --with-libuv --enable-ntlm \ + --with-test-nghttpx=/home/runner/nghttp2/build/bin/nghttpx \ + ${MATRIX_CONFIGURE} + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + + - name: 'test configs' + run: grep -H -v '^#' bld/tests/config bld/tests/http/config.ini || true + + - name: 'build' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose + else + make -C bld V=1 + fi + + - name: 'curl -V' + run: | + find . -type f \( -name curl -o -name '*.so.*' -o -name '*.a' \) -print0 | xargs -0 file -- + find . -type f \( -name curl -o -name '*.so.*' -o -name '*.a' \) -print0 | xargs -0 stat -c '%10s bytes: %n' -- + bld/src/curl --disable -V + + - name: 'build tests' + if: ${{ !contains(matrix.build.install_steps, 'skipall') }} + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target testdeps + else + make -C bld V=1 -C tests + fi + + - name: 'install test prereqs' + if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }} + run: | + python3 -m venv ~/venv + if bld/src/curl --disable -V 2>/dev/null | grep smb; then + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/requirements.txt + fi + + - name: 'run tests' + if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }} + env: + TFLAGS: '${{ matrix.build.tflags }}' + run: | + TFLAGS+=' -n' + source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target test-ci + else + make -C bld V=1 test-ci + fi + + - name: 'run tests (valgrind)' + if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }} + run: | + export TFLAGS='-j6 --min=4 HTTP/3' + source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target test-ci + else + make -C bld V=1 test-ci + fi + + - name: 'install pytest prereqs' + if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }} + run: | + [ -d ~/venv ] || python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/http/requirements.txt + + - name: 'run pytest (event based)' + if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }} + env: + CURL_TEST_EVENT: 1 + PYTEST_ADDOPTS: '--color=yes' + PYTEST_XDIST_AUTO_NUM_WORKERS: 4 + run: | + source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target curl-pytest-ci + else + make -C bld V=1 pytest-ci + fi diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml new file mode 100644 index 000000000000..7e0ae094ee8f --- /dev/null +++ b/.github/workflows/label.yml @@ -0,0 +1,33 @@ +# Copyright (C) Daniel Fandrich, , et al. +# +# SPDX-License-Identifier: curl + +# This workflow will triage pull requests and apply a label based on the +# paths that are modified in the pull request. +# +# To use this workflow, you will need to set up a .github/labeler.yml +# file with configuration. For more information, see: +# https://github.com/actions/labeler + +name: 'Labeler' + +'on': [pull_request_target] # zizmor: ignore[dangerous-triggers] + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + label: + name: 'Labeler' + runs-on: ubuntu-slim + permissions: + contents: read # To comply with https://github.com/actions/labeler documentation + pull-requests: write # To edit labels on PRs + + steps: + - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 + with: + repo-token: '${{ secrets.GITHUB_TOKEN }}' diff --git a/.github/workflows/linux-hyper.yml b/.github/workflows/linux-hyper.yml deleted file mode 100644 index cfff476e9ae9..000000000000 --- a/.github/workflows/linux-hyper.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Linux - -on: - # Trigger the workflow on push or pull requests, but only for the - # master branch - push: - branches: - - master - - '*/ci' - pull_request: - branches: - - master - -jobs: - autotools: - name: ${{ matrix.build.name }} - runs-on: 'ubuntu-latest' - timeout-minutes: 90 - strategy: - fail-fast: false - matrix: - build: - - name: hyper - install: - configure: --with-openssl --with-hyper=$HOME/hyper - - steps: - - run: sudo apt-get install libtool autoconf automake pkg-config - name: install prereqs - - - run: (cd $HOME; - git clone --depth=1 https://github.com/hyperium/hyper.git; - curl https://sh.rustup.rs -sSf | sh -s -- -y; - source $HOME/.cargo/env; - cd $HOME/hyper; - RUSTFLAGS="--cfg hyper_unstable_ffi" cargo build --features client,http1,http2,ffi) - name: 'install hyper' - - - uses: actions/checkout@v2 - - - run: ./buildconf && LDFLAGS="-Wl,-rpath,$HOME/hyper/target/debug" ./configure --enable-warnings --enable-werror ${{ matrix.build.configure }} && make - name: 'configure and build' - - - run: make test-nonflaky - name: 'test' - env: - LD_LIBRARY_PATH: $HOME/hyper/target/debug:/usr/local/lib - TFLAGS: "${{ matrix.build.tflags }}" diff --git a/.github/workflows/linux-old.yml b/.github/workflows/linux-old.yml new file mode 100644 index 000000000000..394b10ae2488 --- /dev/null +++ b/.github/workflows/linux-old.yml @@ -0,0 +1,182 @@ +# Copyright (C) Daniel Fandrich, , et al. +# +# SPDX-License-Identifier: curl +# +# Compile on an old version of Linux that has barely the minimal build +# requirements for CMake. This tests that curl is still usable on really +# outdated systems. +# +# Debian stretch is chosen as it closely matches some of the oldest major +# versions we support (especially cmake); see docs/INTERNALS.md and it +# is still supported (as of this writing). +# stretch has ELTS support from Freexian until 2027-06-30 +# For ELTS info see https://www.freexian.com/lts/extended/docs/how-to-use-extended-lts/ +# The Debian key expires 2025-05-20, after which package signature +# verification may need to be disabled. +# httrack is one of the smallest downloaders, needed to bootstrap ELTS, +# and doesn not conflict with the curl we are building. + +name: 'Linux Old' + +'on': + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 5 + CURL_CI: github + CURL_TEST_MIN: 1500 + DEBIAN_FRONTEND: noninteractive + +jobs: + cmake-autotools: + name: 'autotools & cmake' + runs-on: ubuntu-latest + container: 'debian:stretch' + + steps: + - name: 'install prereqs' + # Remember, this shell is dash, not bash + run: | + sed -E -i -e s@[a-z]+\.debian\.org/@archive.debian.org/debian-archive/@ -e '/ stretch-updates /d' /etc/apt/sources.list + apt-get -o Dpkg::Use-Pty=0 update + # See comment above if this fails after 2025-05-20 + apt-get -o Dpkg::Use-Pty=0 install -y --no-install-suggests --no-install-recommends httrack + httrack --get https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb + sha256sum freexian-archive-keyring_2022.06.08_all.deb && dpkg -i freexian-archive-keyring_2022.06.08_all.deb + echo 'deb http://deb.freexian.com/extended-lts stretch-lts main contrib non-free' | tee /etc/apt/sources.list.d/extended-lts.list + apt-get -o Dpkg::Use-Pty=0 update + apt-get -o Dpkg::Use-Pty=0 install -y --no-install-suggests --no-install-recommends make automake autoconf libtool ninja-build gcc pkg-config libpsl-dev libzstd-dev zlib1g-dev libc-ares-dev libkrb5-dev libldap2-dev stunnel4 + # GitHub's actions/checkout needs newer glibc and libstdc++. The latter also depends on + # gcc-8-base, but it does not actually seem used in our situation and is not available in + # the main repo, so force the install. + httrack --get https://deb.freexian.com/extended-lts/pool/main/g/glibc/libc6_2.28-10+deb10u5_amd64.deb + httrack --get https://deb.freexian.com/extended-lts/pool/main/g/gcc-8/libstdc++6_8.3.0-6_amd64.deb + sha256sum libc6_*_amd64.deb libstdc++6_*_amd64.deb && dpkg -i --force-depends libc6_*_amd64.deb libstdc++6_*_amd64.deb + + - name: 'install prereqs (cmake)' + env: + CMAKE_VERSION: 3.18.0 # Earliest version supported by curl + CMAKE_SHA256: 4d9a9d3351161073a67e49366d701b6fa4b0343781982dc5eef08a02a750d403 + run: | + cd ~ + fn="cmake-${CMAKE_VERSION}-linux-x86_64" + httrack --get "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${fn}.tar.gz" + sha256sum "${fn}".tar*.gz | tee /dev/stderr | grep -qwF -- "${CMAKE_SHA256}" && tar -xf "${fn}".tar*.gz && rm -f "${fn}".tar*.gz + mv "cmake-${CMAKE_VERSION}-Linux-x86_64" cmake + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'CM build-only configure (out-of-tree)' + run: | + ~/cmake/bin/cmake -B bld-1 -G Ninja -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON -DBUILD_SHARED_LIBS=ON \ + -DCURL_ENABLE_SSL=OFF -DENABLE_ARES=OFF -DCURL_ZSTD=OFF -DCURL_USE_GSSAPI=OFF -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=OFF + + - name: 'CM build-only build' + run: | + ~/cmake/bin/cmake --build bld-1 --verbose + ~/cmake/bin/cmake --install bld-1 --verbose + + - name: 'CM build-only curl -V' + run: bld-1/src/curl --disable --version + + - name: 'CM build-only configure log' + if: ${{ !cancelled() }} + run: cat bld-1/CMakeFiles/CMake*.log 2>/dev/null || true + + - name: 'CM build-only curl_config.h' + run: | + echo '::group::raw'; cat bld-1/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld-1/lib/curl_config.h | sort || true + + # when this job can get a libssh version 0.9.0 or later, this should get + # that enabled again + - name: 'CM configure (out-of-tree, c-ares, zstd, gssapi)' + run: | + ~/cmake/bin/cmake -B bld-cares -G Ninja -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON -DBUILD_SHARED_LIBS=ON \ + -DCURL_ENABLE_SSL=OFF -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=OFF \ + -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON + + - name: 'CM configure log' + if: ${{ !cancelled() }} + run: cat bld-cares/CMakeFiles/CMake*.log 2>/dev/null || true + + - name: 'CM curl_config.h' + run: | + echo '::group::raw'; cat bld-cares/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld-cares/lib/curl_config.h | sort || true + + - name: 'CM build' + run: ~/cmake/bin/cmake --build bld-cares + + - name: 'CM curl -V' + run: bld-cares/src/curl --disable --version + + - name: 'CM install' + run: ~/cmake/bin/cmake --install bld-cares + + - name: 'CM build tests' + run: ~/cmake/bin/cmake --build bld-cares --target testdeps + + - name: 'CM run tests' + run: ~/cmake/bin/cmake --build bld-cares --target test-ci + + - name: 'CM build examples' + run: ~/cmake/bin/cmake --build bld-cares --target curl-examples-build + + - name: 'AM autoreconf' + run: autoreconf -fi + + - name: 'AM configure (out-of-tree, c-ares, zstd, gssapi)' + run: | + mkdir bld-am + cd bld-am + ../configure --prefix="$PWD"/../curl-install-am --enable-unity --enable-warnings --enable-werror --disable-shared \ + --disable-dependency-tracking --enable-option-checking=fatal \ + --without-ssl --enable-ares --without-libssh2 --with-zstd --with-gssapi + + - name: 'AM configure log' + if: ${{ !cancelled() }} + run: cat bld-am/config.log 2>/dev/null || true + + - name: 'AM curl_config.h' + run: | + echo '::group::raw'; cat bld-am/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld-am/lib/curl_config.h | sort || true + + - name: 'AM build' + run: make -C bld-am + + - name: 'AM curl -V' + run: bld-am/src/curl --disable --version + + - name: 'AM install' + run: make -C bld-am install + + - name: 'AM build tests' + run: make -C bld-am/tests all diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml new file mode 100644 index 000000000000..491d8bdd126a --- /dev/null +++ b/.github/workflows/linux.yml @@ -0,0 +1,922 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: 'Linux' + +'on': + push: + branches: + - master + - '*/ci' + paths-ignore: + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + pull_request: + branches: + - master + paths-ignore: + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 5 + CURL_CI: github + CURL_TEST_MIN: 1600 + # renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com + LIBRESSL_VERSION: 4.2.1 + # renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com + WOLFSSL_VERSION: 5.9.0 + # renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver registryUrl=https://github.com + MBEDTLS_VERSION: 4.0.0 + # renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver:^3.0.0 registryUrl=https://github.com + MBEDTLS_VERSION_PREV: 3.6.4 + # renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com + AWSLC_VERSION: 1.69.0 + # renovate: datasource=github-tags depName=google/boringssl versioning=semver registryUrl=https://github.com + BORINGSSL_VERSION: 0.20260211.0 + # handled in renovate.json + OPENSSL_VERSION: 3.6.1 + # renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com + RUSTLS_VERSION: 0.15.1 + # handled in renovate.json + OPENLDAP_VERSION: 2.6.10 + # renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com + NGHTTP2_VERSION: 1.68.1 + # renovate: datasource=github-releases depName=pizlonator/fil-c versioning=semver-coerced registryUrl=https://github.com + FIL_C_VERSION: 0.678 + +jobs: + linux: + name: ${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.name }} + runs-on: ${{ matrix.build.image || 'ubuntu-latest' }} + container: ${{ matrix.build.container }} + timeout-minutes: 15 + env: + MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }} + MATRIX_INSTALL_PACKAGES: '${{ matrix.build.install_packages }}' + MATRIX_INSTALL_STEPS: '${{ matrix.build.install_steps }}' + strategy: + fail-fast: false + matrix: + build: + - name: 'libressl krb5' + image: ubuntu-24.04-arm + install_packages: libidn2-dev libnghttp2-dev libldap-dev libkrb5-dev + install_steps: libressl-c-arm pytest codeset-test + configure: LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --with-gssapi --enable-debug + + - name: 'libressl krb5 valgrind 1' + image: ubuntu-24.04-arm + install_packages: libnghttp2-dev libldap-dev libkrb5-dev valgrind + install_steps: libressl-c-arm + tflags: '--min=870 1 to 950' + generate: -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON -DCURL_ENABLE_NTLM=ON + + - name: 'libressl krb5 valgrind 2' + image: ubuntu-24.04-arm + install_packages: libnghttp2-dev libldap-dev libkrb5-dev valgrind + install_steps: libressl-c-arm + tflags: '--min=900 951 to 9999' + generate: -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LIBCURL_VERSIONED_SYMBOLS=ON -DCURL_ENABLE_NTLM=ON + + - name: 'libressl clang' + image: ubuntu-24.04-arm + install_packages: clang + install_steps: libressl-c-arm + configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/libressl/lib --with-openssl=/home/runner/libressl --enable-debug + + - name: 'wolfssl-all' + image: ubuntu-24.04-arm + install_steps: wolfssl-all-arm + configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-all/lib --with-wolfssl=/home/runner/wolfssl-all --enable-ech --enable-debug + + - name: 'wolfssl-opensslextra valgrind 1' + image: ubuntu-24.04-arm + install_packages: valgrind + install_steps: wolfssl-opensslextra-arm + tflags: '--min=780 1 to 950' + configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug + + - name: 'wolfssl-opensslextra valgrind 2' + image: ubuntu-24.04-arm + install_packages: valgrind + install_steps: wolfssl-opensslextra-arm + tflags: '--min=800 951 to 9999' + configure: LDFLAGS=-Wl,-rpath,/home/runner/wolfssl-opensslextra/lib --with-wolfssl=/home/runner/wolfssl-opensslextra --enable-ech --enable-debug + + - name: 'mbedtls gss valgrind 1' + image: ubuntu-24.04-arm + install_packages: libnghttp2-dev libidn2-dev libldap-dev libgss-dev valgrind + install_steps: mbedtls-latest-arm + tflags: '--min=830 1 to 950' + LDFLAGS: -Wl,-rpath,/home/runner/mbedtls/lib + PKG_CONFIG_PATH: /home/runner/mbedtls/lib/pkgconfig + generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_USE_GSSAPI=ON -DCURL_DROP_UNUSED=ON + + - name: 'mbedtls gss valgrind 2' + image: ubuntu-24.04-arm + install_packages: libnghttp2-dev libidn2-dev libldap-dev libgss-dev valgrind + install_steps: mbedtls-latest-arm + tflags: '--min=800 951 to 9999' + LDFLAGS: -Wl,-rpath,/home/runner/mbedtls/lib + PKG_CONFIG_PATH: /home/runner/mbedtls/lib/pkgconfig + generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_USE_GSSAPI=ON + + - name: 'mbedtls clang' + install_packages: libssh-dev libnghttp2-dev libldap-dev clang + install_steps: mbedtls-latest-intel pytest + configure: CC=clang LDFLAGS=-Wl,-rpath,/home/runner/mbedtls/lib --with-mbedtls=/home/runner/mbedtls --with-libssh --enable-debug --with-fish-functions-dir --with-zsh-functions-dir + + - name: 'mbedtls-prev' + install_packages: libssh2-1-dev libnghttp2-dev libuv1-dev + install_steps: mbedtls-prev pytest + PKG_CONFIG_PATH: /home/runner/mbedtls-prev/lib/pkgconfig # Requires v3.6.0 + generate: -DCURL_USE_MBEDTLS=ON -DCURL_USE_LIBUV=ON -DENABLE_DEBUG=ON + + - name: 'mbedtls-pkg MultiSSL !pc' + install_packages: libnghttp2-dev libmbedtls-dev + install_steps: mbedtls-latest-intel skipall + generate: >- + -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_DEFAULT_SSL_BACKEND=mbedtls + -DMBEDTLS_INCLUDE_DIR=/home/runner/mbedtls/include + -DMBEDTLS_LIBRARY=/home/runner/mbedtls/lib/libmbedtls.a + -DMBEDX509_LIBRARY=/home/runner/mbedtls/lib/libmbedx509.a + -DMBEDCRYPTO_LIBRARY=/home/runner/mbedtls/lib/libmbedcrypto.a + -DCURL_USE_PKGCONFIG=OFF -DCURL_USE_OPENSSL=ON + -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF + -DCURL_COMPLETION_FISH=ON -DCURL_COMPLETION_ZSH=ON + + - name: 'awslc' + install_steps: awslc pytest + configure: LDFLAGS=-Wl,-rpath,/home/runner/awslc/lib --with-openssl=/home/runner/awslc --enable-ech --enable-ntlm + + - name: 'awslc' + install_packages: libidn2-dev + install_steps: awslc + generate: -DOPENSSL_ROOT_DIR=/home/runner/awslc -DUSE_ECH=ON -DCMAKE_UNITY_BUILD=OFF -DCURL_DROP_UNUSED=ON -DCURL_PATCHSTAMP=test-patch -DCURL_ENABLE_NTLM=ON + + - name: 'boringssl' + install_steps: boringssl pytest + generate: -DOPENSSL_ROOT_DIR=/home/runner/boringssl -DUSE_ECH=ON -DCURL_ENABLE_NTLM=ON + + - name: 'openssl default' + install_steps: pytest + configure: --with-openssl --enable-debug --disable-unity + + - name: 'openssl libssh2 sync-resolver valgrind 1 +analyzer' + image: ubuntu-24.04-arm + install_packages: libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev valgrind + tflags: '--min=920 1 to 950' + generate: -DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF -DCURL_GCC_ANALYZER=ON -DCURL_ENABLE_NTLM=ON + + - name: 'openssl libssh2 sync-resolver valgrind 2' + image: ubuntu-24.04-arm + install_packages: libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev valgrind + tflags: '--min=910 951 to 9999' + generate: -DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF -DCURL_ENABLE_NTLM=ON + + - name: 'openssl intel C89' + install_packages: libssh-dev + install_steps: pytest + configure: CFLAGS=-std=gnu89 --with-openssl --with-libssh --enable-debug + + - name: 'openssl arm C89' + image: ubuntu-24.04-arm + install_packages: libssh2-1-dev + install_steps: pytest + configure: CFLAGS=-std=gnu89 --with-openssl --with-libssh2 --enable-debug --disable-verbose + + - name: 'openssl -O3 libssh valgrind 1' + install_packages: libssh-dev valgrind + CFLAGS: -O3 + tflags: '--min=920 1 to 950' + generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=50 -DCURL_ENABLE_NTLM=ON + + - name: 'openssl -O3 libssh valgrind 2' + install_packages: libssh-dev valgrind + CFLAGS: -O3 + tflags: '--min=890 951 to 9999' + generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=50 -DCURL_ENABLE_NTLM=ON + + - name: 'openssl clang krb5 openldap static' + install_steps: openldap-static + install_packages: libidn2-dev libkrb5-dev clang libssl-dev + configure: CC=clang --enable-static --disable-shared --with-openssl --with-gssapi --enable-debug --disable-docs --disable-manual --with-ldap=/home/runner/openldap-static --with-ldap-lib=ldap --with-lber-lib=lber + + - name: 'openssl clang krb5 LTO' + image: ubuntu-24.04-arm + install_packages: libssh2-1-dev libkrb5-dev clang + install_steps: skiprun pytest + CC: clang + generate: -DCURL_USE_OPENSSL=ON -DCURL_USE_GSSAPI=ON -DENABLE_DEBUG=ON -DCURL_LTO=ON + + - name: 'openssl !ipv6 !--libcurl !--digest-auth' + image: ubuntu-24.04-arm + configure: --with-openssl --disable-ipv6 --enable-debug --disable-unity --disable-libcurl-option --disable-digest-auth --enable-ntlm + + - name: 'openssl https-only' + image: ubuntu-24.04-arm + tflags: '--min=1150' + configure: >- + --with-openssl --enable-debug --disable-unity + --disable-dict --disable-gopher --disable-ldap --disable-telnet + --disable-imap --disable-pop3 --disable-smtp + --disable-rtsp + --without-libssh2 --without-libssh + --disable-tftp --disable-ftp --disable-file --disable-smb + --enable-ntlm + + - name: 'openssl torture 1' + install_packages: libnghttp2-dev libssh2-1-dev libc-ares-dev + tflags: '-t --shallow=25 --min=920 1 to 950' + torture: true + generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON -DCURL_ENABLE_NTLM=ON + + - name: 'openssl torture 2' + install_packages: libnghttp2-dev libssh2-1-dev libc-ares-dev + tflags: '-t --shallow=25 --min=900 951 to 9999' + torture: true + generate: -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON -DCURL_ENABLE_NTLM=ON + + - name: 'openssl i686' + install_packages: gcc-14-i686-linux-gnu libssl-dev:i386 libssh2-1-dev:i386 libidn2-dev:i386 libc-ares-dev:i386 zlib1g-dev:i386 + configure: >- + PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig + CC=i686-linux-gnu-gcc-14 + CPPFLAGS=-I/usr/include/i386-linux-gnu + LDFLAGS=-L/usr/lib/i386-linux-gnu + --host=i686-linux-gnu + --with-openssl --with-libssh2 --with-libidn2 --enable-ares --enable-debug + + - name: '!ssl !http !smtp !imap' + image: ubuntu-24.04-arm + tflags: '--min=475' + configure: --without-ssl --enable-debug --disable-http --disable-smtp --disable-imap --disable-unity + + - name: 'libressl Fil-C' + install_steps: filc libressl-filc nghttp2-filc pytest + tflags: '!776' # adds 1-9 minutes to the test run step, and fails consistently + CC: /home/runner/filc/build/bin/filcc + PKG_CONFIG_PATH: /home/runner/nghttp2/lib/pkgconfig + generate: >- + -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_UNITY_BUILD=OFF -DCURL_DISABLE_TYPECHECK=ON + -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_LIBPSL=OFF + -DCURL_ZLIB=OFF -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF + -DCURL_DISABLE_LDAP=ON -DUSE_LIBIDN2=OFF -DCURL_USE_LIBSSH2=OFF + -DCURL_ENABLE_NTLM=ON + + - name: 'clang-tidy' + install_packages: clang-20 clang-tidy-20 libssl-dev libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev libkrb5-dev libgnutls28-dev + install_steps: skiprun mbedtls-latest-intel rustls wolfssl-opensslextra-intel + install_steps_brew: gsasl + CC: clang-20 + LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib -Wl,-rpath,/home/runner/mbedtls/lib -Wl,-rpath,/home/runner/rustls/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/gsasl/lib + PKG_CONFIG_PATH: /home/runner/wolfssl-opensslextra/lib/pkgconfig:/home/runner/mbedtls/lib/pkgconfig:/home/runner/rustls/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/gsasl/lib/pkgconfig + generate: >- + -DCURL_USE_OPENSSL=ON -DCURL_USE_WOLFSSL=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON + -DCURL_USE_GSASL=ON + -DUSE_ECH=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON + -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/usr/bin/clang-tidy-20 + + - name: 'clang-tidy H3 c-ares !examples' + install_packages: clang-20 clang-tidy-20 libidn2-dev libssh-dev libnghttp2-dev + install_steps: skiprun + install_steps_brew: openssl libngtcp2 libnghttp3 c-ares + CC: clang-20 + LDFLAGS: -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/openssl/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libngtcp2/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/c-ares/lib + PKG_CONFIG_PATH: /home/linuxbrew/.linuxbrew/opt/libngtcp2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/c-ares/lib/pkgconfig + generate: >- + -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/home/linuxbrew/.linuxbrew/opt/openssl -DUSE_NGTCP2=ON + -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DUSE_HTTPSRR=ON -DENABLE_ARES=ON + -DCURL_DISABLE_VERBOSE_STRINGS=ON + -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/usr/bin/clang-tidy-20 + + - name: 'address-sanitizer' + install_packages: clang-20 libssl-dev libssh-dev libidn2-dev libnghttp2-dev libubsan1 libasan8 libtsan2 + install_steps: pytest randcurl + CFLAGS: -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g + LDFLAGS: -fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -ldl -lubsan + CC: clang-20 + generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH=ON + + - name: 'address-sanitizer H3 c-ares' + install_packages: clang-20 libubsan1 libasan8 libtsan2 + install_steps: pytest + install_steps_brew: openssl libssh2 libngtcp2 libnghttp3 c-ares + CFLAGS: -fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g + LDFLAGS: -fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -ldl -lubsan -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/c-ares/lib + PKG_CONFIG_PATH: /home/linuxbrew/.linuxbrew/opt/libssh2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libngtcp2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/c-ares/lib/pkgconfig + CC: clang-20 + generate: -DENABLE_DEBUG=ON -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/home/linuxbrew/.linuxbrew/opt/openssl -DUSE_NGTCP2=ON -DUSE_SSLS_EXPORT=ON -DENABLE_ARES=ON + + - name: 'thread-sanitizer' + install_packages: clang-20 libtsan2 + install_steps: pytest openssl-tsan + CFLAGS: -fsanitize=thread -g + LDFLAGS: -fsanitize=thread + CC: clang-20 + generate: -DOPENSSL_ROOT_DIR=/home/runner/openssl -DENABLE_DEBUG=ON + + - name: 'memory-sanitizer' + install_packages: clang-20 + install_steps: randcurl + CFLAGS: -fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g + LDFLAGS: -fsanitize=memory + LIBS: -ldl + configure: CC=clang-20 --without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug + tflags: '--min=1480' + + - name: 'event-based' + install_packages: libssh-dev + configure: --enable-debug --enable-static --disable-shared --disable-threaded-resolver --with-libssh --with-openssl --enable-ntlm + tflags: '-n --test-event --min=1350' + + - name: 'duphandle' + image: ubuntu-24.04-arm + install_packages: libssh-dev + configure: --enable-debug --enable-static --disable-shared --disable-threaded-resolver --with-libssh --with-openssl + tflags: '-n --test-duphandle' + + - name: 'rustls valgrind 1' + install_packages: libnghttp2-dev libldap-dev valgrind + install_steps: rust rustls + tflags: '--min=780 1 to 950' + generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON + + - name: 'rustls valgrind 2' + install_packages: libnghttp2-dev libldap-dev valgrind + install_steps: rust rustls + tflags: '--min=820 951 to 9999' + generate: -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DENABLE_DEBUG=ON + + - name: 'rustls' + install_packages: libnghttp2-dev libldap-dev + install_steps: rust rustls skiprun pytest + configure: --with-rustls --enable-ech --enable-debug + + - name: 'IntelC openssl' + install_packages: libssl-dev + install_steps: intelc + configure: CC=icc --enable-debug --with-openssl + + - name: 'Slackware !ssl gssapi gcc' + # Flags used to build the curl Slackware package, except OpenSSL 1.1.0: + # https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild + configure: --enable-debug --without-ssl --with-libssh2 --with-gssapi --enable-ares --without-ca-bundle --with-ca-path=/etc/ssl/certs + # Docker Hub image that `container-job` executes in + container: 'andy5995/slackware-build-essential:15.0' + + - name: 'Alpine MUSL https-rr' + configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --enable-httpsrr --enable-ares --enable-threaded-resolver + container: 'alpine:3.20' + + - name: 'Alpine MUSL https-rr c-ares' + configure: --enable-debug --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl --enable-httpsrr --enable-ares --disable-threaded-resolver + container: 'alpine:3.20' + + steps: + - name: 'install prereqs' + if: ${{ matrix.build.container == null && !contains(matrix.build.name, 'i686') }} + env: + INSTALL_PACKAGES_BREW: '${{ matrix.build.install_steps_brew }}' + INSTALL_PACKAGES: >- + ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'stunnel4' || '' }} + ${{ contains(matrix.build.install_steps, 'pytest') && 'apache2 apache2-dev libnghttp2-dev vsftpd dante-server' || '' }} + + run: | + sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo apt-get -o Dpkg::Use-Pty=0 install \ + libtool autoconf automake pkgconf \ + libpsl-dev zlib1g-dev libbrotli-dev libzstd-dev \ + ${INSTALL_PACKAGES} \ + ${MATRIX_INSTALL_PACKAGES} + if [ -n "${INSTALL_PACKAGES_BREW}" ]; then + HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install ${INSTALL_PACKAGES_BREW} + fi + # Workaround for ubuntu-24.04-arm images having 0777 for /home/runner, + # which breaks the test sshd server used in pytest. + if [[ "$(uname -m)" = *'aarch64'* ]]; then + ls -l /home + chmod 0755 /home/runner + fi + + - name: 'install prereqs (i686)' + if: ${{ contains(matrix.build.name, 'i686') }} + run: | + sudo rm -f /etc/apt/sources.list.d/{azure-cli.sources,microsoft-prod.list,ondrej-ubuntu-php-noble.sources} + sudo dpkg --add-architecture i386 + sudo apt-get -o Dpkg::Use-Pty=0 update + sudo apt-get -o Dpkg::Use-Pty=0 install \ + libtool autoconf automake pkgconf stunnel4 \ + libpsl-dev:i386 libbrotli-dev:i386 libzstd-dev:i386 \ + ${MATRIX_INSTALL_PACKAGES} + + - name: 'install prereqs (alpine)' + if: ${{ startsWith(matrix.build.container, 'alpine') }} + run: | + apk add --no-cache build-base autoconf automake libtool perl openssl-dev \ + libssh2-dev zlib-dev brotli-dev zstd-dev libidn2-dev openldap-dev \ + krb5-dev libpsl-dev c-ares-dev \ + py3-impacket py3-asn1 py3-six py3-pycryptodomex \ + perl-time-hires openssh stunnel sudo git openssl + + - name: 'install Fil-C' + if: ${{ contains(matrix.build.install_steps, 'filc') }} + run: | + cd /home/runner + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/pizlonator/fil-c/releases/download/v${FIL_C_VERSION}/filc-${FIL_C_VERSION}-linux-x86_64.tar.xz" --output pkg.bin + sha256sum pkg.bin && tar -xJf pkg.bin && rm -f pkg.bin && mv "filc-${FIL_C_VERSION}-linux-x86_64" filc + cd filc + ./setup.sh + + - name: 'cache libressl (c-arm)' + if: ${{ contains(matrix.build.install_steps, 'libressl-c-arm') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-libressl-c-arm + env: + cache-name: cache-libressl-c-arm + with: + path: ~/libressl + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }} + + - name: 'build libressl (c-arm)' + if: ${{ contains(matrix.build.install_steps, 'libressl-c-arm') && steps.cache-libressl-c-arm.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "libressl-${LIBRESSL_VERSION}" + cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl -DCURL_ENABLE_NTLM=ON + cmake --build . + cmake --install . + + - name: 'cache libressl (filc)' + if: ${{ contains(matrix.build.install_steps, 'libressl-filc') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-libressl-filc + env: + cache-name: cache-libressl-filc + with: + path: ~/libressl + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}-${{ env.FIL_C_VERSION }} + + - name: 'build libressl (filc)' + if: ${{ contains(matrix.build.install_steps, 'libressl-filc') && steps.cache-libressl-filc.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "libressl-${LIBRESSL_VERSION}" + cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl \ + -DCMAKE_C_COMPILER=/home/runner/filc/build/bin/filcc -DENABLE_ASM=OFF + cmake --build . + cmake --install . + + - name: 'cache nghttp2 (filc)' + if: ${{ contains(matrix.build.install_steps, 'nghttp2-filc') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-nghttp2-filc + env: + cache-name: cache-nghttp2-filc + with: + path: ~/nghttp2 + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.FIL_C_VERSION }} + + - name: 'build nghttp2 (filc)' + if: ${{ contains(matrix.build.install_steps, 'nghttp2-filc') && steps.cache-nghttp2-filc.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_VERSION}/nghttp2-${NGHTTP2_VERSION}.tar.xz" --output pkg.bin + sha256sum pkg.bin && tar -xJf pkg.bin && rm -f pkg.bin + cd "nghttp2-${NGHTTP2_VERSION}" + cmake -B . -G Ninja -DENABLE_LIB_ONLY=ON -DBUILD_TESTING=OFF -DENABLE_DOC=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/nghttp2 \ + -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF \ + -DCMAKE_C_COMPILER=/home/runner/filc/build/bin/filcc + cmake --build . + cmake --install . + + - name: 'cache wolfssl (all-arm)' + if: ${{ contains(matrix.build.install_steps, 'wolfssl-all-arm') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-wolfssl-all-arm + env: + cache-name: cache-wolfssl-all-arm + with: + path: ~/wolfssl-all + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }} + + - name: 'build wolfssl (all-arm)' # does not support `OPENSSL_COEXIST` + if: ${{ contains(matrix.build.install_steps, 'wolfssl-all-arm') && steps.cache-wolfssl-all-arm.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "wolfssl-${WOLFSSL_VERSION}-stable" + ./autogen.sh + ./configure --disable-dependency-tracking --prefix=/home/runner/wolfssl-all --enable-tls13 --enable-harden --enable-all \ + --disable-benchmark --disable-crypttests --disable-examples + make install + + - name: 'cache wolfssl (opensslextra-intel)' # does support `OPENSSL_COEXIST` + if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-intel') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-wolfssl-opensslextra-intel + env: + cache-name: cache-wolfssl-opensslextra-intel + with: + path: ~/wolfssl-opensslextra + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }} + + - name: 'build wolfssl (opensslextra-intel)' + if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-intel') && steps.cache-wolfssl-opensslextra-intel.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "wolfssl-${WOLFSSL_VERSION}-stable" + ./autogen.sh + ./configure --disable-dependency-tracking --prefix=/home/runner/wolfssl-opensslextra --enable-tls13 --enable-harden --enable-ech --enable-opensslextra \ + --disable-benchmark --disable-crypttests --disable-examples + make install + + - name: 'cache wolfssl (opensslextra-arm)' # does support `OPENSSL_COEXIST` + if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-arm') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-wolfssl-opensslextra-arm + env: + cache-name: cache-wolfssl-opensslextra-arm + with: + path: ~/wolfssl-opensslextra + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.WOLFSSL_VERSION }} + + - name: 'build wolfssl (opensslextra-arm)' + if: ${{ contains(matrix.build.install_steps, 'wolfssl-opensslextra-arm') && steps.cache-wolfssl-opensslextra-arm.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/wolfSSL/wolfssl/archive/v${WOLFSSL_VERSION}-stable.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "wolfssl-${WOLFSSL_VERSION}-stable" + ./autogen.sh + ./configure --disable-dependency-tracking --prefix=/home/runner/wolfssl-opensslextra --enable-tls13 --enable-harden --enable-ech --enable-opensslextra \ + --disable-benchmark --disable-crypttests --disable-examples + make install + + - name: 'cache mbedtls (latest-intel)' + if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-intel') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-mbedtls-latest-intel + env: + cache-name: cache-mbedtls-latest-intel + with: + path: ~/mbedtls + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.MBEDTLS_VERSION }} + + - name: 'build mbedtls (latest-intel)' + if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-intel') && steps.cache-mbedtls-latest-intel.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" --output pkg.bin + sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin + cd "mbedtls-${MBEDTLS_VERSION}" + ./scripts/config.py set MBEDTLS_THREADING_C + ./scripts/config.py set MBEDTLS_THREADING_PTHREAD + cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=/home/runner/mbedtls \ + -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF + cmake --build . + cmake --install . + + - name: 'cache mbedtls (latest-arm)' + if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-arm') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-mbedtls-latest-arm + env: + cache-name: cache-mbedtls-latest-arm + with: + path: ~/mbedtls + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.MBEDTLS_VERSION }} + + - name: 'build mbedtls (latest-arm)' + if: ${{ contains(matrix.build.install_steps, 'mbedtls-latest-arm') && steps.cache-mbedtls-latest-arm.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION}/mbedtls-${MBEDTLS_VERSION}.tar.bz2" --output pkg.bin + sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin + cd "mbedtls-${MBEDTLS_VERSION}" + ./scripts/config.py set MBEDTLS_THREADING_C + ./scripts/config.py set MBEDTLS_THREADING_PTHREAD + cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=/home/runner/mbedtls \ + -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF + cmake --build . + cmake --install . + + - name: 'cache mbedtls (prev)' + if: ${{ contains(matrix.build.install_steps, 'mbedtls-prev') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-mbedtls-prev + env: + cache-name: cache-mbedtls-prev + with: + path: ~/mbedtls-prev + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.MBEDTLS_VERSION }} + + - name: 'build mbedtls (prev)' + if: ${{ contains(matrix.build.install_steps, 'mbedtls-prev') && steps.cache-mbedtls-prev.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/Mbed-TLS/mbedtls/releases/download/mbedtls-${MBEDTLS_VERSION_PREV}/mbedtls-${MBEDTLS_VERSION_PREV}.tar.bz2" --output pkg.bin + sha256sum pkg.bin && tar -xjf pkg.bin && rm -f pkg.bin + cd "mbedtls-${MBEDTLS_VERSION_PREV}" + ./scripts/config.py set MBEDTLS_THREADING_C + ./scripts/config.py set MBEDTLS_THREADING_PTHREAD + cmake -B . -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCMAKE_INSTALL_PREFIX=/home/runner/mbedtls-prev \ + -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF + cmake --build . + cmake --install . + + - name: 'cache openldap (static)' + if: ${{ contains(matrix.build.install_steps, 'openldap-static') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-openldap-static + env: + cache-name: cache-openldap-static + with: + path: ~/openldap-static + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.OPENLDAP_VERSION }} + + - name: 'build openldap (static)' + if: ${{ contains(matrix.build.install_steps, 'openldap-static') && steps.cache-openldap-static.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-${OPENLDAP_VERSION}.tgz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "openldap-${OPENLDAP_VERSION}" + ./configure --prefix=/home/runner/openldap-static --enable-static --disable-shared --disable-slapd + make install + + - name: 'cache openssl (thread sanitizer)' + if: ${{ contains(matrix.build.install_steps, 'openssl-tsan') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-openssl-tsan + env: + cache-name: cache-openssl-tsan + with: + path: ~/openssl + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.OPENSSL_VERSION }} + + - name: 'build openssl (thread sanitizer)' + if: ${{ contains(matrix.build.install_steps, 'openssl-tsan') && steps.cache-openssl-tsan.outputs.cache-hit != 'true' }} + run: | + git clone --quiet --depth 1 -b "openssl-${OPENSSL_VERSION}" https://github.com/openssl/openssl + cd openssl + CC=clang CFLAGS='-fsanitize=thread' LDFLAGS='-fsanitize=thread' ./config --prefix=/home/runner/openssl --libdir=lib no-makedepend no-apps no-docs no-tests + make + make -j1 install_sw + + - name: 'cache awslc' + if: ${{ contains(matrix.build.install_steps, 'awslc') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-awslc + env: + cache-name: cache-awslc + with: + path: ~/awslc + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.AWSLC_VERSION }} + + - name: 'build awslc' + if: ${{ contains(matrix.build.install_steps, 'awslc') && steps.cache-awslc.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/awslabs/aws-lc/archive/refs/tags/v${AWSLC_VERSION}.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "aws-lc-${AWSLC_VERSION}" + cmake -B . -G Ninja -DCMAKE_INSTALL_PREFIX=/home/runner/awslc -DBUILD_TOOL=OFF -DBUILD_TESTING=OFF + cmake --build . + cmake --install . + + - name: 'cache boringssl' + if: ${{ contains(matrix.build.install_steps, 'boringssl') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-boringssl + env: + cache-name: cache-boringssl + with: + path: ~/boringssl + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.BORINGSSL_VERSION }} + + - name: 'build boringssl' + if: ${{ contains(matrix.build.install_steps, 'boringssl') && steps.cache-boringssl.outputs.cache-hit != 'true' }} + run: | + mkdir boringssl-src + cd boringssl-src + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + "https://boringssl.googlesource.com/boringssl/+archive/${BORINGSSL_VERSION}.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cmake -B . -G Ninja -DCMAKE_INSTALL_PREFIX=/home/runner/boringssl -DBUILD_TESTING=OFF -DBUILD_SHARED_LIBS=ON + cmake --build . + cmake --install . + + - name: 'cache rustls' + if: ${{ contains(matrix.build.install_steps, 'rustls') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-rustls + env: + cache-name: cache-rustls + with: + path: ~/rustls + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.RUSTLS_VERSION }} + + - name: 'fetch rustls deb' + if: ${{ contains(matrix.build.install_steps, 'rustls') && steps.cache-rustls.outputs.cache-hit != 'true' }} + run: | + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --location "https://github.com/rustls/rustls-ffi/releases/download/v${RUSTLS_VERSION}/librustls_${RUSTLS_VERSION}_amd64.deb.zip" --output pkg.bin + sha256sum pkg.bin && unzip pkg.bin -d rustls && rm -f pkg.bin + + - name: 'build rustls' + # Note: we do not check cache-hit here. If the cache is hit, we need to dpkg install the deb. + if: ${{ contains(matrix.build.install_steps, 'rustls') }} + run: sudo dpkg -i ~/rustls/"librustls_${RUSTLS_VERSION}_amd64.deb" + + - name: 'install Intel compilers' + if: ${{ contains(matrix.build.install_steps, 'intelc') }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \ + --compressed https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | \ + sudo tee /etc/apt/trusted.gpg.d/intel-sw.asc >/dev/null + sudo add-apt-repository 'deb https://apt.repos.intel.com/oneapi all main' + sudo apt-get -o Dpkg::Use-Pty=0 install intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic + source /opt/intel/oneapi/setvars.sh + printenv >> "$GITHUB_ENV" + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'autoreconf' + if: ${{ matrix.build.configure }} + run: autoreconf -fi + + - name: 'configure' + env: + CC: '${{ matrix.build.CC }}' + CFLAGS: '${{ matrix.build.CFLAGS }}' + LDFLAGS: '${{ matrix.build.LDFLAGS }}' + LIBS: '${{ matrix.build.LIBS }}' + MATRIX_CONFIGURE: '${{ matrix.build.configure }}' + MATRIX_GENERATE: '${{ matrix.build.generate }}' + MATRIX_PKG_CONFIG_PATH: '${{ matrix.build.PKG_CONFIG_PATH }}' + run: | + [[ "${MATRIX_INSTALL_STEPS}" = *'awslc'* ]] && sudo apt-get -o Dpkg::Use-Pty=0 purge libssl-dev + [ -n "${MATRIX_PKG_CONFIG_PATH}" ] && export PKG_CONFIG_PATH="${MATRIX_PKG_CONFIG_PATH}" + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake -B bld -G Ninja \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ + -DCMAKE_C_COMPILER_TARGET="$(uname -m)-pc-linux-gnu" -DBUILD_STATIC_LIBS=ON \ + -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON \ + ${MATRIX_GENERATE} + else + mkdir bld && cd bld && \ + ../configure --prefix="$HOME"/curl-install --enable-unity --enable-warnings --enable-werror --disable-static \ + --disable-dependency-tracking --enable-option-checking=fatal \ + ${MATRIX_CONFIGURE} + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + + - name: 'test configs' + run: grep -H -v '^#' bld/tests/config bld/tests/http/config.ini || true + + - name: 'build' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose + else + make -C bld V=1 + fi + + - name: 'single-use function check' + if: ${{ (contains(matrix.build.configure, '--disable-unity') || contains(matrix.build.generate, '-DCMAKE_UNITY_BUILD=OFF')) && !contains(matrix.build.install_steps, 'filc') }} + run: | + git config --global --add safe.directory "*" + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + libcurla=bld/lib/libcurl.a + else + libcurla=bld/lib/.libs/libcurl.a + fi + ./scripts/singleuse.pl --unit "${libcurla}" + + - name: 'curl -V' + run: | + find . -type f \( -name curl -o -name '*.so.*' -o -name '*.a' \) -print0 | xargs -0 file -- + find . -type f \( -name curl -o -name '*.so.*' -o -name '*.a' \) -print0 | xargs -0 stat -c '%10s bytes: %n' -- + bld/src/curl --disable -V + + - name: 'curl install' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --install bld --strip + else + make -C bld V=1 install + fi + + - name: 'build tests' + if: ${{ !contains(matrix.build.install_steps, 'skipall') }} + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target testdeps + else + make -C bld V=1 -C tests + fi + + - name: 'install test prereqs' + if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && matrix.build.container == null }} + run: | + python3 -m venv ~/venv + if bld/src/curl --disable -V 2>/dev/null | grep smb; then + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/requirements.txt + fi + + - name: 'run tests' + if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }} + timeout-minutes: ${{ contains(matrix.build.install_packages, 'valgrind') && 20 || 10 }} + env: + TEST_TARGET: ${{ matrix.build.torture && 'test-torture' || 'test-ci' }} + TFLAGS: '${{ matrix.build.tflags }}' + run: | + if [ "${TEST_TARGET}" = 'test-ci' ] && [[ "${MATRIX_INSTALL_PACKAGES}" = *'valgrind'* ]]; then + TFLAGS+=' -j6' + TFLAGS+=' !776' # skip long-running flaky test + if [[ "${MATRIX_INSTALL_PACKAGES}" = *'libgss-dev'* ]]; then + TFLAGS+=' ~2077 ~2078' # memory leaks from Curl_auth_decode_spnego_message() -> gss_init_sec_context() + fi + elif [ "${TEST_TARGET}" != 'test-ci' ]; then + TFLAGS+=' --buildinfo' # only test-ci sets this by default, set it manually for test-torture + fi + [ -f ~/venv/bin/activate ] && source ~/venv/bin/activate + if [[ "${MATRIX_INSTALL_STEPS}" = *'codeset-test'* ]]; then + locale || true + export LC_ALL=C + export LC_CTYPE=C + export LC_NUMERIC=fr_FR.UTF-8 + fi + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target "${TEST_TARGET}" + else + make -C bld V=1 "${TEST_TARGET}" + fi + + - name: 'install pytest prereqs' + if: ${{ contains(matrix.build.install_steps, 'pytest') }} + run: | + [ -d ~/venv ] || python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/http/requirements.txt + + - name: 'run pytest' + if: ${{ contains(matrix.build.install_steps, 'pytest') }} + env: + PYTEST_ADDOPTS: '--color=yes' + PYTEST_XDIST_AUTO_NUM_WORKERS: 4 + run: | + [ -f ~/venv/bin/activate ] && source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target curl-pytest-ci + else + make -C bld V=1 pytest-ci + fi + + - name: 'randcurl' + if: ${{ contains(matrix.build.install_steps, 'randcurl') }} + run: | + mkdir run + cd run + ../.github/scripts/randcurl.pl 60 ../bld/src/curl + + - name: 'build examples' + if: ${{ !contains(matrix.build.install_packages, 'valgrind') && !contains(matrix.build.name, '!examples') }} + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target curl-examples-build + else + make -C bld V=1 examples + fi diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index af80da6249b6..fca6719b0f36 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -1,129 +1,706 @@ -name: macOS +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl -on: - # Trigger the workflow on push or pull requests, but only for the - # master branch +name: 'macOS' + +'on': push: branches: - - master - - '*/ci' + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' pull_request: branches: - - master + - master + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +# Apple APIs and the macos-version-min value required to avoid deprecation +# warnings with llvm/clang, and/or the feature getting enabled at build-time +# or runtime: +# +# - 10.7 Lion (2011) - GSS (build-time, deprecated MIT Kerberos shim) +# - 10.9 Mavericks (2013) - LDAP (build-time, deprecated), OCSP (runtime) +# - 10.11 El Capitan (2015) - connectx() (runtime) +# - 10.12 Sierra (2016) - clock_gettime() (build-time, runtime) +# - 10.14 Mojave (2018) - SecTrustEvaluateWithError() (runtime) + +env: + CURL_CI: github + CURL_TEST_MIN: 1700 + MAKEFLAGS: -j 4 + LDFLAGS: -w # suppress 'object file was built for newer macOS version than being linked' warnings jobs: - autotools: - name: ${{ matrix.build.name }} - runs-on: 'macos-latest' - timeout-minutes: 90 + ios: + name: "iOS, ${{ (matrix.build.generator && format('CM-{0}', matrix.build.generator)) || (matrix.build.generate && 'CM' || 'AM' )}} ${{ matrix.build.name }} arm64" + runs-on: macos-latest + timeout-minutes: 10 + env: + DEVELOPER_DIR: "/Applications/Xcode${{ matrix.build.xcode && format('_{0}', matrix.build.xcode) || '' }}.app/Contents/Developer" + CC: 'clang' + LDFLAGS: '' + MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }} + MATRIX_OPTIONS: ${{ matrix.build.options }} + # renovate: datasource=github-tags depName=libressl/portable versioning=semver registryUrl=https://github.com + LIBRESSL_VERSION: 4.2.1 strategy: fail-fast: false matrix: build: - - name: normal - install: nghttp2 - configure: --without-ssl - macosx-version-min: 10.9 - - name: debug - install: nghttp2 - configure: --enable-debug --without-ssl - macosx-version-min: 10.9 - - name: libssh2 - install: nghttp2 libssh2 - configure: --enable-debug --with-libssh2 --without-ssl - macosx-version-min: 10.9 - - name: c-ares - install: nghttp2 - configure: --enable-debug --enable-ares --without-ssl - macosx-version-min: 10.9 - - name: HTTP only - install: nghttp2 - configure: --enable-debug --enable-maintainer-mode --disable-dict --disable-file --disable-ftp --disable-gopher --disable-imap --disable-ldap --disable-pop3 --disable-rtmp --disable-rtsp --disable-scp --disable-sftp --disable-smb --disable-smtp --disable-telnet --disable-tftp --disable-unix-sockets --disable-shared --without-brotli --without-gssapi --without-libidn2 --without-libpsl --without-librtmp --without-libssh2 --without-nghttp2 --without-ntlm-auth --without-ssl --without-zlib - macosx-version-min: 10.15 - - name: SecureTransport http2 - install: nghttp2 - configure: --enable-debug --with-secure-transport - macosx-version-min: 10.8 - - name: OpenSSL http2 - install: nghttp2 openssl - configure: --enable-debug --with-openssl=/usr/local/opt/openssl - macosx-version-min: 10.9 - - name: LibreSSL http2 - install: nghttp2 libressl - configure: --enable-debug --with-openssl=/usr/local/opt/libressl - macosx-version-min: 10.9 - - name: torture - install: nghttp2 openssl - configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=/usr/local/opt/openssl - tflags: -n -t --shallow=25 !FTP - macosx-version-min: 10.9 - - name: torture-ftp - install: nghttp2 openssl - configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=/usr/local/opt/openssl - tflags: -n -t --shallow=20 FTP - macosx-version-min: 10.9 - - name: macOS 10.15 - install: nghttp2 libssh2 openssl - configure: --enable-debug --disable-ldap --with-openssl=/usr/local/opt/openssl - macosx-version-min: 10.15 + - name: 'libressl' + install_steps: libressl + configure: --with-openssl=/Users/runner/libressl --without-libpsl + + - name: 'libressl' + install_steps: libressl + # FIXME: Could not make OPENSSL_ROOT_DIR work. CMake seems to prepend sysroot to it. + generator: Xcode + xcode: '' # default Xcode. Set it once to silence actionlint. + options: --config Debug + generate: >- + -DCMAKE_XCODE_ATTRIBUTE_CODE_SIGNING_ALLOWED=OFF + -DMACOSX_BUNDLE_GUI_IDENTIFIER=se.curl + -DOPENSSL_INCLUDE_DIR=/Users/runner/libressl/include + -DOPENSSL_SSL_LIBRARY=/Users/runner/libressl/lib/libssl.a + -DOPENSSL_CRYPTO_LIBRARY=/Users/runner/libressl/lib/libcrypto.a + -DCURL_USE_LIBPSL=OFF -DCURL_ENABLE_NTLM=ON + steps: - - run: echo libtool autoconf automake pkg-config ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile - name: 'brew bundle' + - name: 'brew install' + if: ${{ matrix.build.configure }} + timeout-minutes: 5 + run: | + # shellcheck disable=SC2181,SC2034 + while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done + + - name: 'toolchain versions' + run: | + command -v "${CC}"; "${CC}" --version || true + xcodebuild -version || true + xcodebuild -sdk -version | grep '^Path:' || true + xcrun --sdk iphoneos --show-sdk-path 2>/dev/null || true + xcrun --sdk iphoneos --show-sdk-version || true + echo '::group::compiler defaults'; echo 'int main(void) {}' | "${CC}" -v -x c -; echo '::endgroup::' + echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::' + echo '::group::brew packages installed'; ls -l "$(brew --prefix)"/opt; echo '::endgroup::' + + - name: 'cache libressl' + if: ${{ contains(matrix.build.install_steps, 'libressl') }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-libressl + env: + cache-name: cache-libressl + with: + path: ~/libressl + key: iOS-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }} + + - name: 'build libressl' + if: ${{ contains(matrix.build.install_steps, 'libressl') && steps.cache-libressl.outputs.cache-hit != 'true' }} + run: | + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ + --location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" --output pkg.bin + sha256sum pkg.bin && tar -xzf pkg.bin && rm -f pkg.bin + cd "libressl-${LIBRESSL_VERSION}" + cmake -B . -G Ninja \ + -DCMAKE_INSTALL_PREFIX=/Users/runner/libressl \ + -DCMAKE_SYSTEM_NAME=iOS \ + -DCMAKE_SYSTEM_PROCESSOR=aarch64 \ + -DBUILD_SHARED_LIBS=OFF \ + -DLIBRESSL_APPS=OFF \ + -DLIBRESSL_TESTS=OFF + cmake --build . + cmake --install . --verbose + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'autoreconf' + if: ${{ matrix.build.configure }} + run: autoreconf -fi + + - name: 'configure' + env: + MATRIX_CONFIGURE: '${{ matrix.build.configure }}' + MATRIX_GENERATE: '${{ matrix.build.generate }}' + MATRIX_GENERATOR: '${{ matrix.build.generator }}' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + # https://cmake.org/cmake/help/latest/manual/cmake-toolchains.7.html#cross-compiling-for-ios-tvos-visionos-or-watchos + [ -n "${MATRIX_GENERATOR}" ] && options="-G ${MATRIX_GENERATOR}" + cmake -B bld -G Ninja -D_CURL_PREFILL=ON \ + -DCMAKE_UNITY_BUILD=ON -DCURL_DROP_UNUSED=ON -DCURL_WERROR=ON \ + -DCMAKE_SYSTEM_NAME=iOS \ + -DUSE_APPLE_IDN=ON \ + ${MATRIX_GENERATE} ${options} + else + mkdir bld && cd bld && ../configure --enable-unity --enable-warnings --enable-werror \ + --disable-dependency-tracking --enable-option-checking=fatal \ + CFLAGS="-isysroot $(xcrun --sdk iphoneos --show-sdk-path 2>/dev/null)" \ + --host=aarch64-apple-darwin \ + --with-apple-idn \ + ${MATRIX_CONFIGURE} + fi - - run: brew update && brew bundle install --no-lock --file /tmp/Brewfile - name: 'brew install' + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true - - uses: actions/checkout@v2 + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true - - run: ./buildconf && ./configure --enable-warnings --enable-werror ${{ matrix.build.configure }} - name: 'configure' - env: - # -Wvla is caused by brotli - CFLAGS: "-Wno-vla -mmacosx-version-min=${{ matrix.build.macosx-version-min }}" + - name: 'build' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld ${MATRIX_OPTIONS} --parallel 4 --verbose + else + make -C bld V=1 + fi - - run: make - name: 'make' + - name: 'curl info' + run: | + find . -type f \( -name curl -o -name '*.dylib' -o -name '*.a' \) -print0 | xargs -0 file -- + find . -type f \( -name curl -o -name '*.dylib' -o -name '*.a' \) -print0 | xargs -0 stat -f '%10z bytes: %N' -- - - run: make test-nonflaky - name: 'test' - env: - TFLAGS: "${{ matrix.build.tflags }} ~1452" + - name: 'build tests' + if: ${{ matrix.build.generate }} # skip for autotools to save time + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld ${MATRIX_OPTIONS} --parallel 4 --target testdeps --verbose + else + make -C bld V=1 -C tests + fi - cmake: - name: cmake ${{ matrix.compiler.CC }} ${{ matrix.build.name }} - runs-on: 'macos-latest' - env: ${{ matrix.compiler }} + - name: 'build examples' + if: ${{ matrix.build.generate }} # skip for autotools to save time + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld ${MATRIX_OPTIONS} --parallel 4 --target curl-examples-build --verbose + else + make -C bld examples V=1 + fi + + macos: + name: "${{ matrix.build.generate && 'CM' || 'AM' }} ${{ matrix.build.compiler }} ${{ matrix.build.name }}" + runs-on: ${{ matrix.build.image || 'macos-15' }} + timeout-minutes: 15 + env: + DEVELOPER_DIR: "/Applications/Xcode${{ matrix.build.xcode && format('_{0}', matrix.build.xcode) || '' }}.app/Contents/Developer" + CC: '${{ matrix.build.compiler }}' + MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }} + MATRIX_COMPILER: '${{ matrix.build.compiler }}' + MATRIX_INSTALL: '${{ matrix.build.install }}' + MATRIX_INSTALL_STEPS: '${{ matrix.build.install_steps }}' + MATRIX_MACOS_VERSION_MIN: '${{ matrix.build.macos-version-min }}' strategy: fail-fast: false matrix: - compiler: - - CC: clang - CXX: clang++ - CFLAGS: "-mmacosx-version-min=10.15 -Wno-deprecated-declarations" - - CC: gcc-9 - CXX: g++-9 - CFLAGS: "-mmacosx-version-min=10.15 -Wno-error=undef -Wno-error=conversion" build: - - name: OpenSSL - install: nghttp2 openssl - generate: -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON - - name: LibreSSL - install: nghttp2 libressl - generate: -DOPENSSL_ROOT_DIR=/usr/local/opt/libressl -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON - - name: libssh2 - install: nghttp2 openssl libssh2 - generate: -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DCMAKE_USE_LIBSSH2=ON + - name: '!ssl !debug brotli zstd' + compiler: gcc-13 + configure: --without-ssl --with-brotli --with-zstd --with-apple-idn + tflags: '--min=1450' + xcode: '' # default Xcode. Set it once to silence actionlint. + - name: '!ssl libssh2 AppleIDN' + compiler: clang + generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH2=ON -DUSE_APPLE_IDN=ON -DCURL_ENABLE_SSL=OFF -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF + tflags: '--min=1550' + - name: 'OpenSSL libssh c-ares' + compiler: clang + install: libssh + configure: --enable-debug --with-libssh --with-openssl=/opt/homebrew/opt/openssl --enable-ares --with-fish-functions-dir --with-zsh-functions-dir + - name: 'OpenSSL libssh' + compiler: llvm@18 + install: libssh libnghttp3 + generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF + - name: '!ssl HTTP-only c-ares' + compiler: clang + tflags: '--min=930' + generate: >- + -DENABLE_DEBUG=ON -DENABLE_ARES=ON + -DCURL_ENABLE_SSL=OFF -DHTTP_ONLY=ON + -DCURL_DISABLE_ALTSVC=ON -DENABLE_UNIX_SOCKETS=OFF + -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=OFF -DUSE_NGHTTP2=OFF + -DCURL_USE_GSSAPI=OFF -DUSE_LIBIDN2=OFF -DCURL_USE_LIBPSL=OFF + -DCURL_BROTLI=OFF -DCURL_ZLIB=OFF -DCURL_ZSTD=OFF + -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF + + macos-version-min: '10.15' # Catalina (2019) + - name: 'LibreSSL !ldap +examples' + compiler: clang + install: libressl + install_steps: pytest + generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DCURL_DISABLE_LDAP=ON -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF -DCURL_USE_LIBSSH2=OFF -DCURL_ENABLE_NTLM=ON + - name: 'OpenSSL 10.15 C89' + compiler: clang + install: libnghttp3 libngtcp2 + install_steps: pytest + generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_NGTCP2=ON -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF -DCURL_USE_LIBSSH2=OFF -DCMAKE_C_STANDARD=90 -DCURL_ENABLE_NTLM=ON + macos-version-min: '10.15' + - name: 'OpenSSL SecTrust' + compiler: clang + install: libnghttp3 libngtcp2 + install_steps: pytest + configure: --enable-debug --with-openssl=/opt/homebrew/opt/openssl --with-ngtcp2 --with-apple-sectrust --enable-ntlm + - name: 'OpenSSL event-based' + compiler: clang + generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF -DCURL_USE_LIBSSH2=OFF -DCURL_ENABLE_NTLM=ON + tflags: '--test-event --min=1300' + - name: 'OpenSSL gsasl AppleIDN SecTrust +examples' + compiler: clang + install: libnghttp3 libngtcp2 gsasl + generate: -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_USE_GSASL=ON -DUSE_APPLE_IDN=ON -DUSE_NGTCP2=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON -DUSE_APPLE_SECTRUST=ON -DCURL_ENABLE_NTLM=ON + - name: 'MultiSSL AppleIDN clang-tidy +examples' + image: macos-26 + compiler: clang + install: llvm gnutls nettle libressl krb5 mbedtls gsasl rustls-ffi libssh fish + install_steps: skiprun + chkprefill: _chkprefill + generate: >- + -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DCURL_DEFAULT_SSL_BACKEND=openssl + -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON -DENABLE_ARES=ON -DCURL_USE_GSASL=ON + -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DUSE_APPLE_IDN=ON -DUSE_SSLS_EXPORT=ON + -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 + -DCURL_BROTLI=ON -DCURL_ZSTD=ON + -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/opt/homebrew/opt/llvm/bin/clang-tidy + -DCURL_COMPLETION_FISH=ON -DCURL_COMPLETION_ZSH=ON + -DCURL_ENABLE_NTLM=ON + + - name: 'HTTP/3 clang-tidy' + image: macos-26 + compiler: clang + install: llvm libnghttp3 libngtcp2 openldap krb5 + install_steps: skipall + generate: >- + -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_NGTCP2=ON + -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib + -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 + -DCURL_BROTLI=ON -DCURL_ZSTD=ON + -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/opt/homebrew/opt/llvm/bin/clang-tidy + -DCURL_ENABLE_NTLM=ON + + - name: 'LibreSSL openldap krb5 c-ares +examples' + compiler: clang + install: libressl krb5 openldap + generate: -DENABLE_DEBUG=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/libressl -DENABLE_ARES=ON -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 -DLDAP_INCLUDE_DIR=/opt/homebrew/opt/openldap/include -DLDAP_LIBRARY=/opt/homebrew/opt/openldap/lib/libldap.dylib -DLDAP_LBER_LIBRARY=/opt/homebrew/opt/openldap/lib/liblber.dylib + - name: 'wolfSSL !ldap brotli zstd' + compiler: clang + install: brotli wolfssl zstd + install_steps: pytest + generate: -DCURL_USE_WOLFSSL=ON -DCURL_DISABLE_LDAP=ON -DUSE_ECH=ON -DCURL_ENABLE_NTLM=ON + - name: 'mbedTLS !ldap brotli zstd MultiSSL AppleIDN' + compiler: llvm@18 + install: brotli mbedtls zstd + install_steps: codeset-test + generate: -DCURL_USE_MBEDTLS=ON -DCURL_DISABLE_LDAP=ON -DCURL_DEFAULT_SSL_BACKEND=mbedtls -DCURL_USE_OPENSSL=ON -DUSE_APPLE_IDN=ON -DCURL_ENABLE_NTLM=ON + - name: 'GnuTLS !ldap krb5 +examples' + compiler: clang + install: gnutls nettle krb5 + generate: -DENABLE_DEBUG=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF -DCURL_USE_GSSAPI=ON -DGSS_ROOT_DIR=/opt/homebrew/opt/krb5 -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON -DCURL_ENABLE_NTLM=ON + - name: 'aws-lc +analyzer' + compiler: gcc-15 + install: aws-lc + generate: -DENABLE_DEBUG=ON -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/aws-lc -DUSE_ECH=ON -DCURL_DISABLE_LDAP=ON -DUSE_SSLS_EXPORT=ON -DCURL_GCC_ANALYZER=ON + - name: 'Rustls' + compiler: clang + install: rustls-ffi + generate: -DENABLE_DEBUG=ON -DCURL_USE_RUSTLS=ON -DUSE_ECH=ON -DCURL_DISABLE_LDAP=ON -DCURL_ENABLE_NTLM=ON + tflags: '--min=1650' + - name: 'OpenSSL torture 1' + compiler: clang + install: libnghttp3 + install_steps: torture + generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_ENABLE_NTLM=ON + tflags: '-t --shallow=25 --min=480 1 to 500' + - name: 'OpenSSL torture 2' + compiler: clang + install: libnghttp3 + install_steps: torture + generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_ENABLE_NTLM=ON + tflags: '-t --shallow=25 --min=730 501 to 1250' + - name: 'OpenSSL torture 3' + compiler: clang + install: libnghttp3 + install_steps: torture + generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_ENABLE_NTLM=ON + tflags: '-t --shallow=25 --min=628 1251 to 9999' + + steps: + - name: 'brew install' + timeout-minutes: 5 + # Run this command with retries because of spurious failures seen + # while running the tests, for example + # https://github.com/curl/curl/runs/4095721123?check_suite_focus=true + env: + INSTALL_PACKAGES: >- + ${{ matrix.build.generate && 'ninja' || 'automake libtool' }} + ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') && 'nghttp2 stunnel' || '' }} + ${{ contains(matrix.build.install_steps, 'pytest') && 'caddy httpd vsftpd' || '' }} + + run: | + echo pkgconf libpsl libssh2 ${INSTALL_PACKAGES} ${MATRIX_INSTALL} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile + # shellcheck disable=SC2181,SC2034 + while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew bundle install --file /tmp/Brewfile; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done + + - name: 'brew unlink openssl' + if: ${{ contains(matrix.build.install, 'aws-lc') || contains(matrix.build.install, 'libressl') }} + run: | + if [ -d "$(brew --prefix)"/include/openssl ]; then + brew unlink openssl + fi + + - name: 'toolchain versions' + run: | + [[ "${MATRIX_COMPILER}" = 'llvm'* ]] && CC="$(brew --prefix "${MATRIX_COMPILER}")/bin/clang" + [[ "${MATRIX_COMPILER}" = 'gcc'* ]] && "${CC}" --print-sysroot + command -v "${CC}"; "${CC}" --version || true + xcodebuild -version || true + xcrun --sdk macosx --show-sdk-path 2>/dev/null || true + xcrun --sdk macosx --show-sdk-version || true + ls -l /Library/Developer/CommandLineTools/SDKs || true + echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::' + echo '::group::brew packages installed'; ls -l "$(brew --prefix)"/opt; echo '::endgroup::' + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'autoreconf' + if: ${{ matrix.build.configure }} + run: autoreconf -fi + + - name: 'configure' + env: + MATRIX_CHKPREFILL: '${{ matrix.build.chkprefill }}' + MATRIX_CONFIGURE: '${{ matrix.build.configure }}' + MATRIX_GENERATE: '${{ matrix.build.generate }}' + run: | + if [[ "${MATRIX_COMPILER}" = 'gcc'* ]]; then + sysroot="$("${CC}" --print-sysroot)" # Must match the SDK gcc was built for + else + sysroot="$(xcrun --sdk macosx --show-sdk-path 2>/dev/null)" + fi + + if [[ "${MATRIX_COMPILER}" = 'llvm'* ]]; then + CC="$(brew --prefix "${MATRIX_COMPILER}")/bin/clang" + CC+=" --sysroot=${sysroot}" + CC+=" --target=$(uname -m)-apple-darwin" + fi + + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + for _chkprefill in '' ${MATRIX_CHKPREFILL}; do + options='' + [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && options+=" -DCMAKE_OSX_DEPLOYMENT_TARGET=${MATRIX_MACOS_VERSION_MIN}" + [[ "${MATRIX_INSTALL_STEPS}" = *'pytest'* ]] && options+=' -DVSFTPD=NO' # Skip ~20 tests that stretch run time by 7x on macOS + [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' + cmake -B "bld${_chkprefill}" -G Ninja -D_CURL_PREFILL=ON \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ + -DCMAKE_UNITY_BUILD=ON -DCURL_DROP_UNUSED=ON -DCURL_WERROR=ON \ + -DCMAKE_OSX_SYSROOT="${sysroot}" \ + -DCMAKE_C_COMPILER_TARGET="$(uname -m | sed 's/arm64/aarch64e/')-apple-darwin$(uname -r)" \ + ${MATRIX_GENERATE} ${options} + done + if [ -d bld_chkprefill ] && ! diff -u bld/lib/curl_config.h bld_chkprefill/lib/curl_config.h; then + echo '::group::reference configure log'; cat bld_chkprefill/CMakeFiles/CMake*.yaml 2>/dev/null || true; echo '::endgroup::' + false + fi + else + export CFLAGS + if [[ "${MATRIX_COMPILER}" = 'llvm'* ]]; then + options+=" --target=$(uname -m)-apple-darwin" + fi + if [ "${MATRIX_COMPILER}" != 'clang' ]; then + options+=" --with-sysroot=${sysroot}" + CFLAGS+=" --sysroot=${sysroot}" + fi + [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && CFLAGS+=" -mmacosx-version-min=${MATRIX_MACOS_VERSION_MIN}" + [[ "${MATRIX_INSTALL_STEPS}" = *'pytest'* ]] && options+=' --with-test-vsftpd=no' # Skip ~20 tests that stretch run time by 7x on macOS + mkdir bld && cd bld && ../configure --prefix="$PWD"/curl-install --enable-unity --enable-warnings --enable-werror --disable-static \ + --disable-dependency-tracking --enable-option-checking=fatal \ + --with-libpsl="$(brew --prefix libpsl)" \ + ${MATRIX_CONFIGURE} ${options} + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + + - name: 'test configs' + run: grep -H -v '^#' bld/tests/config bld/tests/http/config.ini || true + + - name: 'build' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose + else + make -C bld V=1 + fi + + - name: 'curl -V' + run: | + find . -type f \( -name curl -o -name '*.dylib' -o -name '*.a' \) -print0 | xargs -0 file -- + find . -type f \( -name curl -o -name '*.dylib' -o -name '*.a' \) -print0 | xargs -0 stat -f '%10z bytes: %N' -- + bld/src/curl --disable --version + + - name: 'curl install' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --install bld --strip + else + make -C bld V=1 install + fi + + - name: 'build tests' + if: ${{ !contains(matrix.build.install_steps, 'skipall') }} + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target testdeps + else + make -C bld V=1 -C tests + fi + + - name: 'install test prereqs' + if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }} + run: | + python3 -m venv ~/venv + if bld/src/curl --disable -V 2>/dev/null | grep smb; then + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/requirements.txt + fi + + - name: 'run tests' + if: ${{ !contains(matrix.build.install_steps, 'skipall') && !contains(matrix.build.install_steps, 'skiprun') }} + timeout-minutes: ${{ contains(matrix.build.install_steps, 'torture') && 20 || 10 }} + env: + TEST_TARGET: ${{ contains(matrix.build.install_steps, 'torture') && 'test-torture' || 'test-ci' }} + TFLAGS: '${{ matrix.build.tflags }}' + run: | + TFLAGS="-j20 ${TFLAGS}" + if [ "${TEST_TARGET}" != 'test-ci' ]; then + TFLAGS+=' --buildinfo' # only test-ci sets this by default, set it manually for test-torture + fi + source ~/venv/bin/activate + if [[ "${MATRIX_INSTALL_STEPS}" = *'codeset-test'* ]]; then + locale || true + export LC_ALL=C + export LC_CTYPE=C + export LC_NUMERIC=fr_FR.UTF-8 + fi + rm -f ~/.curlrc + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target "${TEST_TARGET}" + else + make -C bld V=1 "${TEST_TARGET}" + fi + + - name: 'install pytest prereqs' + if: ${{ contains(matrix.build.install_steps, 'pytest') }} + run: | + [ -d ~/venv ] || python3 -m venv ~/venv + ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/http/requirements.txt + + - name: 'run pytest' + if: ${{ contains(matrix.build.install_steps, 'pytest') }} + env: + PYTEST_ADDOPTS: '--color=yes' + PYTEST_XDIST_AUTO_NUM_WORKERS: 4 + run: | + source ~/venv/bin/activate + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target curl-pytest-ci + else + make -C bld V=1 pytest-ci + fi + + - name: 'build examples' + if: ${{ contains(matrix.build.name, '+examples') }} + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target curl-examples-build + else + make -C bld examples V=1 + fi + + combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, built tool, combinations + name: "${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }} ${{ matrix.image }} ${{ matrix.xcode }}" + runs-on: ${{ matrix.image }} + timeout-minutes: 10 + env: + DEVELOPER_DIR: "/Applications/Xcode${{ matrix.xcode && format('_{0}', matrix.xcode) || '' }}.app/Contents/Developer" + CC: '${{ matrix.compiler }}' + MATRIX_BUILD: '${{ matrix.build }}' + MATRIX_COMPILER: '${{ matrix.compiler }}' + MATRIX_IMAGE: '${{ matrix.image }}' + MATRIX_MACOS_VERSION_MIN: '${{ matrix.macos-version-min }}' + strategy: + fail-fast: false + matrix: + # Sources: + # https://github.com/actions/runner-images/blob/main/images/macos/macos-14-arm64-Readme.md + # https://github.com/actions/runner-images/blob/main/images/macos/macos-15-arm64-Readme.md + # https://github.com/actions/runner-images/blob/main/images/macos/macos-26-arm64-Readme.md + compiler: [gcc-13, gcc-14, gcc-15, llvm@15, llvm@18, llvm@20, clang] + # Xcode support matrix as of 2025-10, with default macOS SDK versions and OS names, years: + # * = default Xcode on the runner. + # macos-14: 15.0.1, 15.1, 15.2, 15.3,*15.4 + # macos-15: 16.0, 16.1, 16.2, 16.3,*16.4, 26.0 + # macos-26: 16.4 *26.0 + # macOSSDK: 14.0, 14.2, 14.2, 14.4, 14.5, 15.0, 15.1, 15.2, 15.4, 15.5, 26.0 + # Sonoma (2023) Sequoia (2024) Tahoe (2025) + # https://github.com/actions/runner-images/tree/main/images/macos + # https://en.wikipedia.org/wiki/MacOS_version_history + image: [macos-14, macos-15, macos-26] + xcode: [''] # default Xcodes + macos-version-min: [''] + build: [autotools, cmake] + exclude: + # Combinations not covered by runner images: + - { image: macos-14, compiler: 'llvm@18' } + - { image: macos-14, compiler: 'llvm@20' } + - { image: macos-15, compiler: 'llvm@15' } + - { image: macos-15, compiler: 'llvm@20' } + - { image: macos-26, compiler: 'llvm@15' } + - { image: macos-26, compiler: 'llvm@18' } + # Covered by the main workflow + - { image: macos-15, compiler: 'gcc-13' } + - { image: macos-15, compiler: 'llvm@18' } + - { image: macos-15, compiler: 'clang' } + # Reduce build combinations, by dropping less interesting ones + - { image: macos-26, compiler: 'gcc-13' } + - { compiler: 'gcc-14' , build: cmake } + # Reduce autotools to just one job that is also build with cmake + - { compiler: 'gcc-13' , build: autotools } + - { compiler: 'gcc-14' , build: autotools } + - { compiler: 'gcc-15' , build: autotools } + - { compiler: 'llvm@15', build: autotools } + - { compiler: 'llvm@18', build: autotools } + - { compiler: 'llvm@20', build: autotools } + - { image: macos-14, build: autotools } + - { image: macos-15, build: autotools } steps: - - run: echo libtool autoconf automake pkg-config ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile - name: 'brew bundle' + - name: 'install autotools' + if: ${{ matrix.build == 'autotools' }} + run: | + # shellcheck disable=SC2181,SC2034 + while [[ $? == 0 ]]; do for i in 1 2 3; do if brew update && brew install automake libtool; then break 2; else echo Error: wait to try again; sleep 10; fi; done; false Too many retries; done + + - name: 'toolchain versions' + run: | + [[ "${MATRIX_COMPILER}" = 'llvm'* ]] && CC="$(brew --prefix "${MATRIX_COMPILER}")/bin/clang" + [[ "${MATRIX_COMPILER}" = 'gcc'* ]] && "${CC}" --print-sysroot + command -v "${CC}"; "${CC}" --version || true + xcodebuild -version || true + xcrun --sdk macosx --show-sdk-path 2>/dev/null || true + xcrun --sdk macosx --show-sdk-version || true + ls -l /Library/Developer/CommandLineTools/SDKs || true + echo '::group::compiler defaults'; echo 'int main(void) {}' | "${CC}" -v -x c -; echo '::endgroup::' + echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::' + echo '::group::brew packages preinstalled'; ls -l "$(brew --prefix)"/opt; echo '::endgroup::' + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'autoreconf' + if: ${{ matrix.build == 'autotools' }} + run: autoreconf -fi + + - name: 'configure / ${{ matrix.build }}' + run: | + if [ "${MATRIX_COMPILER}" = 'gcc-13' ] && [ "${MATRIX_IMAGE}" = 'macos-15' ]; then + # Ref: https://github.com/Homebrew/homebrew-core/issues/194778#issuecomment-2793243409 + "$(brew --prefix gcc@13)"/libexec/gcc/aarch64-apple-darwin24/13/install-tools/mkheaders + fi + + if [[ "${MATRIX_COMPILER}" = 'gcc'* ]]; then + sysroot="$("${CC}" --print-sysroot)" # Must match the SDK gcc was built for + else + sysroot="$(xcrun --sdk macosx --show-sdk-path 2>/dev/null)" + fi + + if [[ "${MATRIX_COMPILER}" = 'llvm'* ]]; then + CC="$(brew --prefix "${MATRIX_COMPILER}")/bin/clang" + CC+=" --sysroot=${sysroot}" + CC+=" --target=$(uname -m)-apple-darwin" + fi + + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && options+=" -DCMAKE_OSX_DEPLOYMENT_TARGET=${MATRIX_MACOS_VERSION_MIN}" + # would pick up nghttp2, libidn2, and libssh2 + cmake -B bld -G Ninja -D_CURL_PREFILL=ON \ + -DCMAKE_UNITY_BUILD=ON -DCURL_DROP_UNUSED=ON -DCURL_WERROR=ON \ + -DCMAKE_OSX_SYSROOT="${sysroot}" \ + -DCMAKE_C_COMPILER_TARGET="$(uname -m | sed 's/arm64/aarch64e/')-apple-darwin$(uname -r)" \ + -DCMAKE_IGNORE_PREFIX_PATH="$(brew --prefix)" \ + -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF \ + -DCURL_USE_OPENSSL=ON \ + -DUSE_NGHTTP2=OFF -DUSE_LIBIDN2=OFF \ + -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF \ + -DUSE_APPLE_IDN=ON -DUSE_APPLE_SECTRUST=ON \ + ${options} + else + export CFLAGS + if [[ "${MATRIX_COMPILER}" = 'llvm'* ]]; then + options+=" --target=$(uname -m)-apple-darwin" + fi + if [ "${MATRIX_COMPILER}" != 'clang' ]; then + options+=" --with-sysroot=${sysroot}" + CFLAGS+=" --sysroot=${sysroot}" + fi + [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && CFLAGS+=" -mmacosx-version-min=${MATRIX_MACOS_VERSION_MIN}" + # would pick up nghttp2, libidn2, but libssh2 is disabled by default + mkdir bld && cd bld && ../configure --enable-unity --enable-warnings --enable-werror --disable-static \ + --disable-dependency-tracking --enable-option-checking=fatal \ + --disable-docs --disable-manual \ + --with-openssl="$(brew --prefix openssl)" \ + --without-nghttp2 --without-libidn2 \ + --without-libpsl \ + --with-apple-idn --with-apple-sectrust \ + ${options} + fi - - run: brew update && brew bundle install --no-lock --file /tmp/Brewfile - name: 'brew install' + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true - - uses: actions/checkout@v2 + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true - - run: cmake -H. -Bbuild -DCURL_WERROR=ON -DPICKY_COMPILER=ON ${{ matrix.build.generate }} - name: 'cmake generate' + - name: 'build / ${{ matrix.build }}' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose + else + make -C bld V=1 + fi - - run: cmake --build build - name: 'cmake build' + - name: 'curl -V' + run: | + find . -type f \( -name curl -o -name '*.dylib' -o -name '*.a' \) -print0 | xargs -0 file -- + find . -type f \( -name curl -o -name '*.dylib' -o -name '*.a' \) -print0 | xargs -0 stat -f '%10z bytes: %N' -- + bld/src/curl --disable --version diff --git a/.github/workflows/non-native.yml b/.github/workflows/non-native.yml new file mode 100644 index 000000000000..cb12569b3b03 --- /dev/null +++ b/.github/workflows/non-native.yml @@ -0,0 +1,444 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +name: 'non-native' + +'on': + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + CURL_CI: github + CURL_TEST_MIN: 1750 + +jobs: + netbsd: + name: 'NetBSD, CM clang openssl ${{ matrix.arch }}' + runs-on: ubuntu-latest + timeout-minutes: 10 + strategy: + matrix: + arch: ['x86_64'] + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - name: 'cmake' + uses: cross-platform-actions/action@492b0c80085400348c599edace11141a4ee73524 # v0.32.0 + env: + MATRIX_ARCH: '${{ matrix.arch }}' + with: + environment_variables: CURL_CI CURL_TEST_MIN MATRIX_ARCH + operating_system: 'netbsd' + version: '10.1' + architecture: ${{ matrix.arch }} + run: | + # https://pkgsrc.se/ + time sudo pkgin -y install cmake ninja-build pkg-config perl brotli mit-krb5 openldap-client libssh2 libidn2 libpsl nghttp2 py311-impacket + time cmake -B bld -G Ninja \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug \ + -DCURL_USE_OPENSSL=ON \ + -DCURL_USE_GSSAPI=ON \ + -DCURL_ENABLE_NTLM=ON \ + || { cat bld/CMakeFiles/CMake*.yaml; false; } + echo '::group::curl_config.h (raw)'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + echo '::group::curl_config.h'; grep -F '#define' bld/lib/curl_config.h | sort || true; echo '::endgroup::' + time cmake --build bld + time cmake --install bld + bld/src/curl --disable --version + if [ "${MATRIX_ARCH}" = 'x86_64' ]; then # Slow on emulated CPU + time cmake --build bld --target testdeps + export TFLAGS='-j8' + time cmake --build bld --target test-ci + fi + echo '::group::build examples' + time cmake --build bld --target curl-examples-build + echo '::endgroup::' + + openbsd: + name: 'OpenBSD, CM clang libressl ${{ matrix.arch }}' + runs-on: ubuntu-latest + timeout-minutes: 10 + strategy: + matrix: + arch: ['x86_64'] + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - name: 'cmake' + uses: cross-platform-actions/action@492b0c80085400348c599edace11141a4ee73524 # v0.32.0 + env: + MATRIX_ARCH: '${{ matrix.arch }}' + with: + environment_variables: CURL_CI CURL_TEST_MIN MATRIX_ARCH + operating_system: 'openbsd' + version: '7.7' + architecture: ${{ matrix.arch }} + run: | + # https://openbsd.app/ + # https://www.openbsd.org/faq/faq15.html + time sudo pkg_add cmake ninja brotli openldap-client-- libssh2 libidn2 libpsl nghttp2 py3-six py3-impacket + time cmake -B bld -G Ninja \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug \ + -DCURL_USE_OPENSSL=ON \ + -DCURL_ENABLE_NTLM=ON \ + || { cat bld/CMakeFiles/CMake*.yaml; false; } + echo '::group::curl_config.h (raw)'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + echo '::group::curl_config.h'; grep -F '#define' bld/lib/curl_config.h | sort || true; echo '::endgroup::' + time cmake --build bld + time cmake --install bld + bld/src/curl --disable --version + if [ "${MATRIX_ARCH}" = 'x86_64' ]; then # Slow on emulated CPU + time cmake --build bld --target testdeps + export TFLAGS='-j8 !2707' # Skip 2707 'ws: Peculiar frame sizes' on suspicion of hangs + time cmake --build bld --target test-ci + fi + echo '::group::build examples' + time cmake --build bld --target curl-examples-build + echo '::endgroup::' + + freebsd: + name: "FreeBSD, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }} openssl${{ matrix.desc }} ${{ matrix.arch }}" + runs-on: ubuntu-latest + timeout-minutes: 15 + strategy: + matrix: + include: + - { build: 'autotools', arch: 'x86_64', compiler: 'clang' } + - { build: 'cmake' , arch: 'x86_64', compiler: 'clang', options: '-DCMAKE_UNITY_BUILD=OFF', desc: ' !unity !runtests !examples' } + - { build: 'autotools', arch: 'arm64' , compiler: 'clang', desc: ' !examples' } + - { build: 'cmake' , arch: 'arm64' , compiler: 'clang' } + fail-fast: false + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - name: '${{ matrix.build }}' + uses: cross-platform-actions/action@492b0c80085400348c599edace11141a4ee73524 # v0.32.0 + env: + CC: '${{ matrix.compiler }}' + CURL_TEST_MIN: 1800 + MATRIX_ARCH: '${{ matrix.arch }}' + MATRIX_BUILD: '${{ matrix.build }}' + MATRIX_DESC: '${{ matrix.desc }}' + MATRIX_OPTIONS: '${{ matrix.options }}' + with: + environment_variables: CC CURL_CI CURL_TEST_MIN MATRIX_ARCH MATRIX_BUILD MATRIX_DESC MATRIX_OPTIONS + operating_system: 'freebsd' + version: '14.3' + architecture: ${{ matrix.arch }} + run: | + export CURL_CI=github + + # https://ports.freebsd.org/ + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time sudo pkg install -y cmake-core ninja perl5 \ + pkgconf brotli krb5-devel openldap26-client libidn2 libnghttp2 stunnel py311-impacket + else + time sudo pkg install -y autoconf automake libtool \ + pkgconf brotli krb5-devel openldap26-client libidn2 libnghttp2 stunnel py311-impacket + export MAKEFLAGS=-j3 + fi + + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake -B bld -G Ninja \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ + -DCMAKE_C_COMPILER="${CC}" \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug \ + -DCURL_USE_OPENSSL=ON \ + -DCURL_USE_GSSAPI=ON \ + ${MATRIX_OPTIONS} \ + || { cat bld/CMakeFiles/CMake*.yaml; false; } + else + time autoreconf -fi + if [ "${MATRIX_ARCH}" != 'x86_64' ]; then + options='--disable-manual --disable-docs' # Slow with autotools, skip on emulated CPU + fi + mkdir bld && cd bld + time ../configure --prefix="$HOME"/curl-install --enable-unity --enable-debug --enable-warnings --enable-werror --disable-static \ + --disable-dependency-tracking --enable-option-checking=fatal \ + --with-openssl \ + --with-brotli --enable-ldap --enable-ldaps --with-libidn2 --with-libssh2 --with-nghttp2 --with-gssapi \ + ${options} \ + ${MATRIX_OPTIONS} \ + || { tail -n 1000 config.log; false; } + cd .. + fi + + echo '::group::curl_config.h (raw)'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + echo '::group::curl_config.h'; grep -F '#define' bld/lib/curl_config.h | sort || true; echo '::endgroup::' + + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake --build bld + time cmake --install bld + else + time make -C bld install + fi + + bld/src/curl --disable --version + + if [ "${MATRIX_ARCH}" = 'x86_64' ]; then # Slow on emulated CPU + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake --build bld --target testdeps + else + time make -C bld -C tests + fi + if [ "${MATRIX_DESC#*!runtests*}" = "${MATRIX_DESC}" ]; then + export TFLAGS='-j8' + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake --build bld --verbose --target test-ci + else + time make -C bld V=1 test-ci + fi + fi + fi + + if [ "${MATRIX_DESC#*!examples*}" = "${MATRIX_DESC}" ]; then + echo '::group::build examples' + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + time cmake --build bld --target curl-examples-build + else + time make -C bld examples + fi + echo '::endgroup::' + fi + + android: + name: "Android ${{ matrix.platform }}, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.name }} arm64" + runs-on: ubuntu-latest + timeout-minutes: 5 + env: + LDFLAGS: -s + MAKEFLAGS: -j 5 + MATRIX_BUILD: '${{ matrix.build }}' + strategy: + matrix: + include: + - { build: 'autotools', platform: '21', name: "!ssl !zstd", + options: '--without-ssl --without-libpsl --without-zstd' } + + - { build: 'cmake' , platform: '21', name: "!ssl !zstd", + options: '-DCURL_ENABLE_SSL=OFF -DCURL_USE_LIBPSL=OFF -DCURL_ZSTD=OFF' } + + - { build: 'autotools', platform: '35', name: "!ssl !zstd", + options: '--without-ssl --without-libpsl --without-zstd' } + + - { build: 'cmake' , platform: '35', name: "!ssl !zstd", + options: '-DCURL_ENABLE_SSL=OFF -DCURL_USE_LIBPSL=OFF -DCURL_ZSTD=OFF' } + + fail-fast: false + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'autoreconf' + if: ${{ matrix.build == 'autotools' }} + run: autoreconf -fi + + - name: 'configure' + env: + MATRIX_OPTIONS: '${{ matrix.options }}' + MATRIX_PLATFORM: '${{ matrix.platform }}' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then # https://developer.android.com/ndk/guides/cmake + cmake -B bld -G Ninja \ + -DANDROID_ABI=arm64-v8a \ + -DANDROID_PLATFORM="android-${MATRIX_PLATFORM}" \ + -DCMAKE_TOOLCHAIN_FILE="${ANDROID_NDK_HOME}/build/cmake/android.toolchain.cmake" -DCMAKE_WARN_DEPRECATED=OFF \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + ${MATRIX_OPTIONS} + else + TOOLCHAIN="${ANDROID_NDK_HOME}/toolchains/llvm/prebuilt/linux-x86_64" + mkdir bld && cd bld && ../configure --enable-unity --enable-warnings --enable-werror --disable-shared \ + --disable-dependency-tracking --enable-option-checking=fatal \ + CC="$TOOLCHAIN/bin/aarch64-linux-android${MATRIX_PLATFORM}-clang" \ + AR="$TOOLCHAIN/bin/llvm-ar" \ + RANLIB="$TOOLCHAIN/bin/llvm-ranlib" \ + --host="aarch64-linux-android${MATRIX_PLATFORM}" \ + ${MATRIX_OPTIONS} + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + + - name: 'build' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose + else + make -C bld V=1 + fi + + - name: 'curl info' + run: | + find . -type f \( -name curl -o -name '*.so' -o -name '*.a' \) -print0 | xargs -0 file -- + find . -type f \( -name curl -o -name '*.so' -o -name '*.a' \) -print0 | xargs -0 stat -c '%10s bytes: %n' -- + + - name: 'build tests' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --target testdeps + else + make -C bld -C tests + fi + + - name: 'build examples' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --target curl-examples-build + else + make -C bld examples + fi + + msdos: + name: "MS-DOS, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} djgpp !ssl i586" + runs-on: ubuntu-latest + timeout-minutes: 5 + env: + LDFLAGS: -s + MAKEFLAGS: -j 5 + MATRIX_BUILD: '${{ matrix.build }}' + # renovate: datasource=github-releases depName=andrewwutw/build-djgpp versioning=semver-coerced registryUrl=https://github.com + TOOLCHAIN_VERSION: 3.4 + TOOLCHAIN_SHA256: 8464f17017d6ab1b2bb2df4ed82357b5bf692e6e2b7fee37e315638f3d505f00 + strategy: + matrix: + build: [autotools, cmake] + fail-fast: false + steps: + - name: 'install packages' + run: sudo apt-get -o Dpkg::Use-Pty=0 install libfl2 + + - name: 'cache compiler (djgpp)' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-compiler + with: + path: ~/djgpp + key: ${{ runner.os }}-djgpp-${{ env.TOOLCHAIN_VERSION }}-amd64 + + - name: 'install compiler (djgpp)' + if: ${{ steps.cache-compiler.outputs.cache-hit != 'true' }} + run: | + cd ~ + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 3 --retry-connrefused \ + --location "https://github.com/andrewwutw/build-djgpp/releases/download/v${TOOLCHAIN_VERSION}/djgpp-linux64-gcc1220.tar.bz2" --output pkg.bin + sha256sum pkg.bin | tee /dev/stderr | grep -qwF -- "${TOOLCHAIN_SHA256}" && tar -xjf pkg.bin && rm -f pkg.bin + cd djgpp + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ + https://www.delorie.com/pub/djgpp/current/v2tk/wat3211b.zip --output pkg.bin + sha256sum pkg.bin | tee /dev/stderr | grep -qwF faa2222ab5deb2c2aac229c760bf4d45aca5379f5af97865c308a0467046b67a && unzip -q pkg.bin && rm -f pkg.bin + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ + https://www.delorie.com/pub/djgpp/current/v2tk/zlb13b.zip --output pkg.bin + sha256sum pkg.bin | tee /dev/stderr | grep -qwF f3d2fa8129e7591c7e79074306d8ab91a70ec172cc01baedeae74992285dd3a3 && unzip -q pkg.bin && rm -f pkg.bin + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'configure' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake -B bld -G Ninja \ + -DCMAKE_SYSTEM_NAME=DOS \ + -DCMAKE_SYSTEM_PROCESSOR=x86 \ + -DCMAKE_C_COMPILER_TARGET=i586-pc-msdosdjgpp \ + -DCMAKE_C_COMPILER="$HOME"/djgpp/bin/i586-pc-msdosdjgpp-gcc \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DCURL_ENABLE_SSL=OFF -DCURL_USE_LIBPSL=OFF \ + -DZLIB_INCLUDE_DIR="$HOME"/djgpp/include \ + -DZLIB_LIBRARY="$HOME"/djgpp/lib/libz.a \ + -DWATT_ROOT="$HOME"/djgpp/net/watt + else + autoreconf -fi + mkdir bld && cd bld && ../configure --enable-unity --enable-warnings --enable-werror --disable-shared \ + --disable-dependency-tracking --enable-option-checking=fatal \ + CC="$HOME"/djgpp/bin/i586-pc-msdosdjgpp-gcc \ + AR="$HOME"/djgpp/bin/i586-pc-msdosdjgpp-ar \ + RANLIB="$HOME"/djgpp/bin/i586-pc-msdosdjgpp-ranlib \ + WATT_ROOT="$HOME"/djgpp/net/watt \ + --host=i586-pc-msdosdjgpp \ + --without-ssl --without-libpsl \ + --with-zlib="$HOME"/djgpp + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + + - name: 'build' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld + else + make -C bld + fi + + - name: 'curl info' + run: | + find . \( -name '*.exe' -o -name '*.a' \) -print0 | xargs -0 file -- + find . \( -name '*.exe' -o -name '*.a' \) -print0 | xargs -0 stat -c '%10s bytes: %n' -- + + - name: 'build tests' + if: ${{ matrix.build == 'cmake' }} # skip for autotools to save time + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --target testdeps + else + make -C bld -C tests + fi + + - name: 'build examples' + if: ${{ matrix.build == 'cmake' }} # skip for autotools to save time + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --target curl-examples-build + else + make -C bld examples + fi diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml new file mode 100644 index 000000000000..5657038cae71 --- /dev/null +++ b/.github/workflows/windows.yml @@ -0,0 +1,1076 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +name: 'Windows' + +'on': + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.circleci/**' + - 'appveyor.*' + - 'Dockerfile' + - 'projects/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + CURL_CI: github + CURL_TEST_MIN: 1700 + STUNNEL_VERSION: 5.76 + STUNNEL_SHA256: d93c7c01366d38ebd27689d606e45197ba8e2e2a32d1a186a81d2b01186bfb56 + +jobs: + build-cache: + name: 'Build caches' + runs-on: ${{ matrix.image }} + strategy: + matrix: + image: [windows-11-arm, windows-2022] # Cannot share cache between arm and intel: https://github.com/actions/cache/issues/1622 + steps: + - name: 'cache test prereqs (stunnel)' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-stunnel + with: + path: C:\my-stunnel + key: ${{ runner.os }}-stunnel-${{ env.STUNNEL_VERSION }}-amd64 + lookup-only: true + + - name: 'install test prereqs (stunnel)' + if: ${{ steps.cache-stunnel.outputs.cache-hit != 'true' }} + timeout-minutes: 2 + shell: bash + run: | + cd /c && mkdir my-stunnel && cd my-stunnel + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 240 --retry 3 --retry-connrefused \ + "https://www.stunnel.org/archive/5.x/stunnel-${STUNNEL_VERSION}-win64-installer.exe" --output pkg.bin + sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${STUNNEL_SHA256}" && 7z x -y pkg.bin >/dev/null && rm -f pkg.bin && ls -l && bin/tstunnel -version + + cygwin: + name: "cygwin, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.platform }} ${{ matrix.name }}" + needs: build-cache + runs-on: windows-2022 + timeout-minutes: 10 + defaults: + run: + shell: D:\cygwin\bin\bash.exe '{0}' # zizmor: ignore[misfeature] + env: + CURL_TEST_MIN: 1800 + LDFLAGS: -s + MAKEFLAGS: -j 5 + SHELLOPTS: 'igncr' + MATRIX_BUILD: '${{ matrix.build }}' + strategy: + matrix: + include: + - { build: 'autotools', platform: 'x86_64', tflags: 'skiprun', config: '--with-openssl', install: 'libssl-devel libssh2-devel', name: 'openssl R' } + - { build: 'cmake' , platform: 'x86_64', tflags: '' , config: '-DENABLE_DEBUG=ON -DCURL_USE_OPENSSL=ON -DENABLE_THREADED_RESOLVER=OFF -DCURL_ENABLE_NTLM=ON', install: 'libssl-devel libssh2-devel', name: 'openssl' } + fail-fast: false + steps: + - uses: cygwin/cygwin-install-action@711d29f3da23c9f4a1798e369a6f01198c13b11a # v6.1 + with: + platform: ${{ matrix.platform }} + work-vol: 'D:' + # https://cygwin.com/mirrors.html + # Main mirror status: https://archlinux.org/mirrors/kernel.org/ + # site: https://mirrors.kernel.org/sourceware/cygwin/ + site: https://cygwin.mirror.gtcomm.net/ + # https://cygwin.com/cgi-bin2/package-grep.cgi + packages: >- + ${{ matrix.build == 'autotools' && 'autoconf automake libtool make' || 'cmake ninja' }} + gcc-core binutils perl + openssh + libpsl-devel + zlib-devel + libbrotli-devel + libzstd-devel + libnghttp2-devel + ${{ matrix.install }} + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'autoreconf' + if: ${{ matrix.build == 'autotools' }} + timeout-minutes: 2 + run: | + PATH=/usr/bin + autoreconf -fi + + - name: 'configure' + timeout-minutes: 5 + env: + MATRIX_CONFIG: '${{ matrix.config }}' + run: | + PATH=/usr/bin + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake -B bld -G Ninja -D_CURL_PREFILL=ON ${options} \ + -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \ + -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=30 \ + -DCURL_WERROR=ON \ + ${MATRIX_CONFIG} + else + mkdir bld && cd bld && ../configure --prefix="$HOME"/curl-install --enable-unity --enable-warnings --enable-werror --disable-static \ + --disable-dependency-tracking --enable-option-checking=fatal \ + --with-libssh2 \ + ${MATRIX_CONFIG} + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: | + PATH=/usr/bin + cat bld/config.log bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + PATH=/usr/bin + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + + - name: 'build' + timeout-minutes: 10 + run: | + PATH=/usr/bin + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose + cmake --install bld --verbose + else + make -C bld V=1 install + fi + + - name: 'curl -V' + timeout-minutes: 1 + run: | + PATH=/usr/bin + find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -print0 | grep -z curl | xargs -0 file -- + find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -print0 | grep -z curl | xargs -0 stat -c '%10s bytes: %n' -- + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + PATH="$PWD/bld/lib:$PATH" + fi + bld/src/curl.exe --disable --version + + - name: 'build tests' + if: ${{ matrix.tflags != 'skipall' }} + timeout-minutes: 15 + run: | + PATH=/usr/bin + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target testdeps + else + make -C bld V=1 -C tests + fi + + - name: 'cache test prereqs (stunnel)' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-stunnel + with: + path: C:\my-stunnel + key: ${{ runner.os }}-stunnel-${{ env.STUNNEL_VERSION }}-amd64 + fail-on-cache-miss: true + + - name: 'run tests' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 15 + env: + TFLAGS: '${{ matrix.tflags }}' + run: | + PATH=/usr/bin:/cygdrive/c/my-stunnel/bin + TFLAGS="-j8 ${TFLAGS}" + if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" + fi + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + PATH="$PWD/bld/lib:$PATH" + cmake --build bld --verbose --target test-ci + else + make -C bld V=1 test-ci + fi + + - name: 'build examples' + if: ${{ matrix.build == 'cmake' }} + timeout-minutes: 5 + run: | + PATH=/usr/bin + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target curl-examples-build + else + make -C bld V=1 examples + fi + + - name: 'disk space used' + run: du -sh .; echo; du -sh -t 250KB ./*; echo; du -h -t 250KB bld + + msys2: # both msys and mingw-w64 + name: "${{ matrix.sys == 'msys' && 'msys2' || 'mingw' }}, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.env }} ${{ matrix.name }} ${{ matrix.test }}" + needs: build-cache + runs-on: ${{ matrix.image || 'windows-2022' }} + timeout-minutes: ${{ contains(matrix.tflags, '-t') && 14 || 10 }} + defaults: + run: + shell: msys2 {0} # zizmor: ignore[misfeature] + env: + LDFLAGS: -s + MAKEFLAGS: -j 5 + MATRIX_BUILD: '${{ matrix.build }}' + MATRIX_SYS: '${{ matrix.sys }}' + MATRIX_TEST: '${{ matrix.test }}' + strategy: + matrix: + include: + # MSYS + - { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '--min=1550', config: '--enable-debug --with-openssl --disable-threaded-resolver --disable-proxy --enable-ntlm', install: 'openssl-devel libssh2-devel', name: '!proxy' } + - { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: 'skiprun' , config: '--enable-debug --with-openssl --disable-threaded-resolver --enable-ntlm', install: 'openssl-devel libssh2-devel', name: 'default' } + - { build: 'cmake' , sys: 'msys' , env: 'x86_64' , tflags: '' , config: '-DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF -DCURL_ENABLE_NTLM=ON', install: 'openssl-devel libssh2-devel', name: 'default' } + - { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '' , config: '--with-openssl --enable-ntlm', install: 'openssl-devel libssh2-devel', name: 'default R' } + # MinGW + - { build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: 'skiprun' , config: '--enable-debug --with-openssl --disable-threaded-resolver --enable-static --without-zlib', install: 'mingw-w64-x86_64-openssl mingw-w64-x86_64-libssh2', name: 'default' } + - { build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: '' , config: '--enable-debug --with-openssl --enable-windows-unicode --enable-ares --enable-static --disable-shared --enable-ca-native --enable-ntlm', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-openssl mingw-w64-x86_64-nghttp3 mingw-w64-x86_64-libssh2', name: 'c-ares U' } + - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '--min=1650', config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON -DCURL_DROP_UNUSED=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel c-ares U' } + # MinGW torture + - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 --min=700 1 to 950' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel U torture 1' } + - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 --min=700 951 to 9999', config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel U torture 2' } + # WARNING: libssh uses hard-coded world-writable paths (/etc/..., ~/.ssh/) to + # read its configuration from, making it vulnerable to attacks on + # Windows. Do not use this component till there is a fix for these. + # https://github.com/curl/curl-for-win/blob/3951808deb04df9489ee17430f236ed54436f81a/libssh.sh#L6-L8 + - { build: 'cmake' , sys: 'clang64' , env: 'clang-x86_64' , tflags: '' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_GNUTLS=ON -DENABLE_UNICODE=OFF -DUSE_NGTCP2=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DCURL_ENABLE_NTLM=ON', install: 'mingw-w64-clang-x86_64-gnutls mingw-w64-clang-x86_64-nghttp3 mingw-w64-clang-x86_64-ngtcp2 mingw-w64-clang-x86_64-libssh', type: 'Debug', name: 'gnutls libssh' } + - { build: 'cmake' , sys: 'clangarm64', env: 'clang-aarch64', tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DCURL_DROP_UNUSED=ON', install: 'mingw-w64-clang-aarch64-libssh2', type: 'Release', name: 'schannel R', image: 'windows-11-arm' } + - { build: 'cmake' , sys: 'clang64' , env: 'clang-x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_OPENSSL=ON -DENABLE_UNICODE=OFF -DUSE_NGTCP2=ON', install: 'mingw-w64-clang-x86_64-openssl mingw-w64-clang-x86_64-nghttp3 mingw-w64-clang-x86_64-ngtcp2 mingw-w64-clang-x86_64-libssh2', type: 'Release', name: 'openssl', chkprefill: '_chkprefill' } + - { build: 'cmake' , sys: 'ucrt64' , env: 'ucrt-x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_OPENSSL=ON', install: 'mingw-w64-ucrt-x86_64-openssl mingw-w64-ucrt-x86_64-libssh2', type: 'Release', test: 'uwp', name: 'schannel' } + # { build: 'autotools', sys: 'ucrt64' , env: 'ucrt-x86_64' , tflags: 'skiprun' , config: '--without-debug --with-schannel --disable-static', install: 'mingw-w64-ucrt-x86_64-libssh2', type: 'Release', test: 'uwp', name: 'schannel' } + - { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DCMAKE_VERBOSE_MAKEFILE=ON', install: 'mingw-w64-x86_64-libssh2', type: 'Debug', cppflags: '-DCURL_SCHANNEL_DEV_DEBUG', name: 'schannel dev debug', image: 'windows-2025' } + - { build: 'cmake' , sys: 'mingw32' , env: 'i686' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON', install: 'mingw-w64-i686-libssh2', type: 'Release', name: 'schannel R' } + fail-fast: false + steps: + - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0 + if: ${{ matrix.sys == 'msys' }} + with: + msystem: ${{ matrix.sys }} + # https://packages.msys2.org/search + install: >- + gcc + ${{ matrix.build }} ${{ matrix.build == 'autotools' && 'make' || 'ninja' }} + diffutils + zlib-devel + brotli-devel + libzstd-devel + libnghttp2-devel + libpsl-devel + ${{ matrix.install }} + + - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0 + if: ${{ matrix.sys != 'msys' }} + with: + msystem: ${{ matrix.sys }} + install: >- + mingw-w64-${{ matrix.env }}-cc + mingw-w64-${{ matrix.env }}-${{ matrix.build }} ${{ matrix.build == 'autotools' && 'make' || '' }} + mingw-w64-${{ matrix.env }}-diffutils + mingw-w64-${{ matrix.env }}-libpsl + ${{ matrix.install }} + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'autoreconf' + if: ${{ matrix.build == 'autotools' }} + timeout-minutes: 2 + run: autoreconf -fi + + - name: 'configure' + timeout-minutes: 5 + env: + CPPFLAGS: '${{ matrix.cppflags }}' + MATRIX_CHKPREFILL: '${{ matrix.chkprefill }}' + MATRIX_CONFIG: '${{ matrix.config }}' + MATRIX_ENV: '${{ matrix.env }}' + MATRIX_TYPE: '${{ matrix.type }}' + TFLAGS: '${{ matrix.tflags }}' + run: | + if [ "${MATRIX_TEST}" = 'uwp' ]; then + CPPFLAGS+=' -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP -D_WIN32_WINNT=0x0a00' + if [[ "${MATRIX_ENV}" != 'clang'* ]]; then + specs="$(realpath gcc-specs-uwp)" + gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp/' -e 's/-lmsvcrt/-lucrtapp/' > "${specs}" + CFLAGS="-specs=${specs}" + CFLAGS_CMAKE="-specs=$(cygpath -w "${specs}")" + fi + fi + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + for _chkprefill in '' ${MATRIX_CHKPREFILL}; do + if [[ "${MATRIX_ENV}" = 'clang'* ]]; then + options='-DCMAKE_C_COMPILER=clang' + else + options='-DCMAKE_C_COMPILER=gcc' + fi + [ "${MATRIX_SYS}" = 'msys' ] && options+=' -D_CURL_PREFILL=ON' + [ "${MATRIX_TEST}" = 'uwp' ] && options+=' -DCMAKE_SYSTEM_NAME=WindowsStore' + [ "${TFLAGS}" = 'skiprun' ] && options+=' -D_CURL_SKIP_BUILD_CERTS=ON' + [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' + cmake -B "bld${_chkprefill}" -G Ninja ${options} \ + -DCMAKE_INSTALL_PREFIX="${HOME}"/curl-install \ + -DCMAKE_C_FLAGS="${CFLAGS_CMAKE} ${CPPFLAGS}" \ + -DCMAKE_BUILD_TYPE="${MATRIX_TYPE}" \ + -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=30 \ + -DCURL_WERROR=ON \ + ${MATRIX_CONFIG} + done + if [ -d bld_chkprefill ] && ! diff -u bld/lib/curl_config.h bld_chkprefill/lib/curl_config.h; then + echo '::group::reference configure log'; cat bld_chkprefill/CMakeFiles/CMake*.yaml 2>/dev/null || true; echo '::endgroup::' + false + fi + else + export CFLAGS + mkdir bld && cd bld && ../configure --prefix="$HOME"/curl-install --enable-unity --enable-warnings --enable-werror --disable-static \ + --disable-dependency-tracking --enable-option-checking=fatal \ + --with-libssh2 \ + ${MATRIX_CONFIG} + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + cat bld/cmake_install.cmake || true + + - name: 'build' + timeout-minutes: 10 + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose + cmake --install bld --verbose + else + make -C bld V=1 install + fi + + - name: 'curl -V' + timeout-minutes: 1 + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + PATH="$PWD/bld/lib:$PATH" + else + PATH="$PWD/bld/lib/.libs:$PATH" + # avoid libtool's curl.exe wrapper for shared builds + mv bld/src/.libs/curl.exe bld/src/curl.exe || true + fi + find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -print0 | grep -z curl | xargs -0 file -- + find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -print0 | grep -z curl | xargs -0 stat -c '%10s bytes: %n' -- + if [ "${MATRIX_TEST}" != 'uwp' ]; then # curl: error initializing curl library + bld/src/curl.exe --disable --version + fi + + - name: 'build tests' + if: ${{ matrix.tflags != 'skipall' }} # Save time by skipping this for autotools + timeout-minutes: 10 + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target testdeps + else + make -C bld V=1 -C tests + fi + if [ "${MATRIX_BUILD}" != 'cmake' ]; then + # avoid libtool's .exe wrappers for shared builds + mv bld/tests/libtest/.libs/*.exe bld/tests/libtest || true + mv bld/tests/server/.libs/*.exe bld/tests/server || true + mv bld/tests/tunit/.libs/*.exe bld/tests/tunit || true + mv bld/tests/unit/.libs/*.exe bld/tests/unit || true + fi + + - name: 'cache test prereqs (stunnel)' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-stunnel + with: + path: C:\my-stunnel + key: ${{ runner.os }}-stunnel-${{ env.STUNNEL_VERSION }}-amd64 + fail-on-cache-miss: true + + - name: 'install test prereqs' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 2 + run: /usr/bin/pacman --noconfirm --noprogressbar --sync --needed openssh + + - name: 'run tests' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: ${{ contains(matrix.tflags, '-t') && 15 || 10 }} + env: + MATRIX_INSTALL: '${{ matrix.install }}' + TFLAGS: '${{ matrix.tflags }}' + run: | + TFLAGS="-j8 ${TFLAGS}" + if [ "${MATRIX_SYS}" != 'msys' ]; then + TFLAGS+=' !498' # 'Reject too large HTTP response headers on endless redirects' HTTP, HTTP GET (runtests detecting result code 2009 instead of 56 returned by curl) + TFLAGS+=' ~3000 ~3001 ~3023 ~3024' # 'HTTPS localhost, first/last subject alt name matches, CN does not match' HTTPS, HTTP GET, PEM certificate (returning 56) + if [[ "${MATRIX_INSTALL}" = *'libssh2-wincng'* ]]; then + TFLAGS+=' ~SCP ~SFTP' # Flaky: `-8, Unable to exchange encryption keys`. https://github.com/libssh2/libssh2/issues/804 + fi + if [[ "${TFLAGS}" = *'-t'* ]]; then + TFLAGS+=' !2300' # Leaks memory and file handle via tool_doswin.c / win32_stdin_read_thread() + export CURL_TEST_NO_TASKKILL=1 # experiment to see if it reduces flaky failures + fi + fi + if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" + fi + PATH="$PATH:/c/my-stunnel/bin" + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + PATH="$PWD/bld/lib:$PATH" + cmake --build bld --verbose --target test-ci + else + PATH="$PWD/bld/lib/.libs:$PATH" + make -C bld V=1 test-ci + fi + + - name: 'build examples' + if: ${{ matrix.build == 'cmake' || (matrix.tflags == 'skipall' || matrix.tflags == 'skiprun') }} # Save time by skipping this for autotools running tests + timeout-minutes: 5 + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --verbose --target curl-examples-build + else + make -C bld V=1 examples + fi + + - name: 'disk space used' + run: du -sh .; echo; du -sh -t 250KB ./*; echo; du -h -t 250KB bld + + mingw-w64-standalone-downloads: + name: 'dl-mingw, CM ${{ matrix.ver }}-${{ matrix.env }} ${{ matrix.name }}' + needs: build-cache + runs-on: windows-2022 + timeout-minutes: 10 + defaults: + run: + shell: msys2 {0} # zizmor: ignore[misfeature] + env: + CURL_TEST_MIN: 1550 + LDFLAGS: -s + MAKEFLAGS: -j 5 + MATRIX_DIR: '${{ matrix.dir }}' + strategy: + matrix: + include: + - name: 'schannel +analyzer' # mingw-w64 12.0 + sys: 'mingw64' + dir: 'w64devkit' + env: 'x86_64' + ver: '15.1.0' + url: 'https://github.com/skeeto/w64devkit/releases/download/v2.2.0/w64devkit-x64-2.2.0.7z.exe' + SHA256: e02de30b97196329662007d64bc4509fbd7f5e14339d344075c7f1223dead4a2 + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF -DENABLE_UNIX_SOCKETS=OFF -DCURL_GCC_ANALYZER=ON' + type: 'Release' + - name: 'schannel' # mingw-w64 10.0 + sys: 'mingw64' + dir: 'mingw64' + env: 'x86_64' + ver: '9.5.0' + url: 'https://github.com/brechtsanders/winlibs_mingw/releases/download/9.5.0-10.0.0-msvcrt-r1/winlibs-x86_64-posix-seh-gcc-9.5.0-mingw-w64msvcrt-10.0.0-r1.7z' + SHA256: 41637132ea7dc36a7f86a1961eaa334c380b5a3423d36aecb481cabcd006e3fe + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF -DCURL_DISABLE_VERBOSE_STRINGS=ON' + type: 'Release' + tflags: 'skiprun' + - name: 'schannel mbedtls U' # mingw-w64 6.0 + sys: 'mingw64' + dir: 'mingw64' + env: 'x86_64' + ver: '7.3.0' + url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win64/Personal%20Builds/mingw-builds/7.3.0/threads-win32/seh/x86_64-7.3.0-release-win32-seh-rt_v5-rev0.7z' + SHA256: 9dc08c9c2bdd5d8173f87791bed644f6e290624f739de474f117b590dfd8a721 + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DCURL_USE_MBEDTLS=ON -DCURL_TARGET_WINDOWS_VERSION=0x0600' + install: mingw-w64-x86_64-mbedtls + type: 'Release' + tflags: 'skiprun' + - name: 'schannel !unity' # mingw-w64 5.0 + sys: 'mingw32' + dir: 'mingw32' + env: 'i686' + ver: '6.4.0' + url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/6.4.0/threads-win32/dwarf/i686-6.4.0-release-win32-dwarf-rt_v5-rev0.7z' + SHA256: 12d2c62ad4527ec8a52275ea8485678dcbe20bec4716a3c7ba274f225d696085 + config: '-DENABLE_DEBUG=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF -DCMAKE_UNITY_BUILD=OFF -DCURL_TARGET_WINDOWS_VERSION=0x0600' + type: 'Debug' + tflags: 'skiprun' + - name: 'schannel !examples' # mingw-w64 3.0 + sys: 'mingw64' + dir: 'mingw64' + env: 'x86_64' + ver: '4.8.1' + url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win64/Personal%20Builds/mingw-builds/4.8.1/threads-win32/seh/x86_64-4.8.1-release-win32-seh-rt_v3-rev2.7z' + SHA256: 1353d997e85bb4494ebbebb432d824848d66b32c6045900da9a38a767b3c4ab4 + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DCURL_TARGET_WINDOWS_VERSION=0x0600' + type: 'Debug' + tflags: 'skipall' + chkprefill: '' # Set it once to silence actionlint + fail-fast: false + steps: + - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0 + with: + msystem: ${{ matrix.sys }} + release: false + update: false + cache: false + path-type: inherit + install: >- + mingw-w64-${{ matrix.env }}-libpsl + ${{ matrix.install }} + + - name: 'cache compiler (gcc ${{ matrix.ver }}-${{ matrix.env }})' + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-compiler + with: + path: D:\my-cache + key: ${{ runner.os }}-mingw-w64-${{ matrix.ver }}-${{ matrix.env }} + + - name: 'install compiler (gcc ${{ matrix.ver }}-${{ matrix.env }})' + if: ${{ steps.cache-compiler.outputs.cache-hit != 'true' }} + timeout-minutes: 5 + env: + MATRIX_URL: '${{ matrix.url }}' + MATRIX_SHA256: '${{ matrix.SHA256 }}' + run: | + cd /d + mkdir my-cache + cd my-cache + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 240 --retry 3 --retry-connrefused \ + --location --proto-redir =https "${MATRIX_URL}" --output pkg.bin + pwd + sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${MATRIX_SHA256}" && 7z x -y pkg.bin >/dev/null && rm -f pkg.bin && ls -l + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'configure' + timeout-minutes: 5 + env: + MATRIX_CHKPREFILL: '${{ matrix.chkprefill }}' + MATRIX_CONFIG: '${{ matrix.config }}' + MATRIX_TYPE: '${{ matrix.type }}' + TFLAGS: '${{ matrix.tflags }}' + run: | + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" + for _chkprefill in '' ${MATRIX_CHKPREFILL}; do + options='' + [ "${TFLAGS}" = 'skiprun' ] && options+=' -D_CURL_SKIP_BUILD_CERTS=ON' + [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' + cmake -B "bld${_chkprefill}" -G Ninja ${options} \ + -DCMAKE_C_COMPILER=gcc \ + -DCMAKE_BUILD_TYPE="${MATRIX_TYPE}" \ + -DCMAKE_UNITY_BUILD=ON -DCMAKE_UNITY_BUILD_BATCH_SIZE=30 \ + -DCURL_DROP_UNUSED=ON \ + -DCURL_WERROR=ON \ + -DUSE_LIBIDN2=OFF \ + ${MATRIX_CONFIG} + done + if [ -d bld_chkprefill ] && ! diff -u bld/lib/curl_config.h bld_chkprefill/lib/curl_config.h; then + echo '::group::reference configure log'; cat bld_chkprefill/CMakeFiles/CMake*.yaml 2>/dev/null || true; echo '::endgroup::' + false + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + + - name: 'build' + timeout-minutes: 5 + run: | + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" + cmake --build bld + + - name: 'curl -V' + timeout-minutes: 1 + run: | + /usr/bin/find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -print0 | grep -z curl | xargs -0 file -- + /usr/bin/find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -print0 | grep -z curl | xargs -0 stat -c '%10s bytes: %n' -- + PATH="$PWD/bld/lib:$PATH" + bld/src/curl.exe --disable --version + + - name: 'build tests' + if: ${{ matrix.tflags != 'skipall' }} + timeout-minutes: 10 + run: | + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" + cmake --build bld --target testdeps + + - name: 'cache test prereqs (stunnel)' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-stunnel + with: + path: C:\my-stunnel + key: ${{ runner.os }}-stunnel-${{ env.STUNNEL_VERSION }}-amd64 + fail-on-cache-miss: true + + - name: 'install test prereqs' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 2 + run: | + if "bld/src/curl.exe" --disable -V 2>/dev/null | grep smb; then + python3 -m pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/requirements.txt + fi + + - name: 'run tests' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 10 + env: + TFLAGS: '${{ matrix.tflags }}' + run: | + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" + TFLAGS="-j8 ${TFLAGS}" + TFLAGS+=' !498' # 'Reject too large HTTP response headers on endless redirects' HTTP, HTTP GET (runtests detecting result code 2009 instead of 56 returned by curl) + TFLAGS+=' ~3000 ~3001 ~3023 ~3024' # 'HTTPS localhost, last subject alt name matches, CN does not match' HTTPS, HTTP GET, PEM certificate (returning 56) + if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" + fi + PATH="$PWD/bld/lib:$PATH:/c/my-stunnel/bin" + cmake --build bld --target test-ci + + - name: 'build examples' + if: ${{ !contains(matrix.name, '!examples') }} + timeout-minutes: 5 + run: | + PATH="/d/my-cache/${MATRIX_DIR}/bin:$PATH" + cmake --build bld --target curl-examples-build + + - name: 'disk space used' + run: du -sh .; echo; du -sh -t 250KB ./*; echo; du -h -t 250KB bld + + linux-cross-mingw-w64: + name: "linux-mingw, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }}" + runs-on: ubuntu-latest + timeout-minutes: 10 + env: + LDFLAGS: -s + MAKEFLAGS: -j 5 + TRIPLET: 'x86_64-w64-mingw32' + MATRIX_BUILD: '${{ matrix.build }}' + MATRIX_COMPILER: '${{ matrix.compiler }}' + strategy: + fail-fast: false + matrix: + include: + - { build: 'autotools', compiler: 'gcc' } + - { build: 'cmake' , compiler: 'gcc' } + - { build: 'cmake' , compiler: 'clang-tidy', install_packages: 'clang-20 clang-tidy-20' } + steps: + - name: 'install packages' + env: + MATRIX_INSTALL_PACKAGES: '${{ matrix.install_packages }}' + run: sudo apt-get -o Dpkg::Use-Pty=0 install gcc-mingw-w64-x86-64-win32 ${MATRIX_INSTALL_PACKAGES} + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'autoreconf' + if: ${{ matrix.build == 'autotools' }} + run: autoreconf -fi + + - name: 'configure' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + if [ "${MATRIX_COMPILER}" = 'clang-tidy' ]; then + options+=' -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/usr/bin/clang-tidy-20' + options+=' -DENABLE_UNICODE=ON -DUSE_SSLS_EXPORT=ON' + options+=' -DCMAKE_C_COMPILER=clang-20' + options+=" -DCMAKE_RC_COMPILER=llvm-windres-$(clang-20 -dumpversion | cut -d '.' -f 1)" + else + options+=" -DCMAKE_C_COMPILER=${TRIPLET}-gcc" + fi + cmake -B bld -G Ninja \ + -DCMAKE_SYSTEM_NAME=Windows \ + -DCMAKE_C_COMPILER_TARGET="${TRIPLET}" \ + -DCMAKE_UNITY_BUILD=ON -D_CURL_TESTS_CONCAT=ON \ + -DCURL_WERROR=ON \ + -DCURL_USE_SCHANNEL=ON -DUSE_WIN32_IDN=ON \ + -DCURL_USE_LIBPSL=OFF \ + -DCURL_ENABLE_NTLM=ON \ + -D_CURL_SKIP_BUILD_CERTS=ON \ + ${options} + else + mkdir bld && cd bld && ../configure --enable-unity --enable-warnings --enable-werror --disable-static \ + --disable-dependency-tracking --enable-option-checking=fatal \ + --host="${TRIPLET}" \ + --with-schannel --with-winidn \ + --without-libpsl + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + + - name: 'build' + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld + else + make -C bld + fi + + - name: 'curl info' + run: | + find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -print0 | grep -z curl | xargs -0 file -- + find . \( -name '*.exe' -o -name '*.dll' -o -name '*.a' \) -print0 | grep -z curl | xargs -0 stat -c '%10s bytes: %n' -- + + - name: 'build tests' + if: ${{ matrix.build == 'cmake' }} # Save time by skipping this for autotools and clang-tidy + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --target testdeps + else + make -C bld -C tests + fi + + - name: 'build examples' + if: ${{ matrix.compiler != 'clang-tidy' }} # Save time by skipping this for clang-tidy + run: | + if [ "${MATRIX_BUILD}" = 'cmake' ]; then + cmake --build bld --target curl-examples-build + else + make -C bld examples + fi + + - name: 'disk space used' + run: du -sh .; echo; du -sh -t 250KB ./*; echo; du -h -t 250KB bld + + msvc: + name: 'msvc, CM ${{ matrix.arch }}-${{ matrix.plat }} ${{ matrix.name }}' + needs: build-cache + runs-on: ${{ matrix.image || 'windows-2022' }} + timeout-minutes: ${{ matrix.arch == 'arm64' && 12 || 10 }} + defaults: + run: + shell: msys2 {0} # zizmor: ignore[misfeature] + env: + MATRIX_ARCH: '${{ matrix.arch }}' + MATRIX_IMAGE: '${{ matrix.image }}' + MATRIX_INSTALL_MSYS2: '${{ matrix.install-msys2 }}' + MATRIX_INSTALL_VCPKG: '${{ matrix.install-vcpkg }}' + MATRIX_OPENSSH: '${{ matrix.openssh }}' + MATRIX_PLAT: '${{ matrix.plat }}' + MATRIX_TYPE: '${{ matrix.type }}' + OPENSSH_WINDOWS_VERSION: v9.8.1.0p1-Preview + OPENSSH_WINDOWS_SHA256: c7a1369cd73c8165be00c66e90291c4dd67784de7c3aa3af18c68ebedffa6ea9 + VCPKG_DISABLE_METRICS: '1' + strategy: + matrix: + include: + - name: '!ssl +examples' + install-vcpkg: 'zlib libssh2[core,zlib]' + arch: 'x64' + env: 'ucrt-x86_64' + plat: 'uwp' + type: 'Debug' + image: 'windows-2025' + tflags: 'skiprun' + config: >- + -DENABLE_DEBUG=ON + -DCURL_ENABLE_SSL=OFF + -DUSE_WIN32_IDN=ON + + - name: 'openssl +examples' + install-msys2: >- + mingw-w64-ucrt-x86_64-brotli + mingw-w64-ucrt-x86_64-zlib + mingw-w64-ucrt-x86_64-zstd + mingw-w64-ucrt-x86_64-openssl + mingw-w64-ucrt-x86_64-libssh2 + mingw-w64-ucrt-x86_64-nghttp2 + mingw-w64-ucrt-x86_64-nghttp3 + mingw-w64-ucrt-x86_64-ngtcp2 + + arch: 'x64' + env: 'ucrt-x86_64' + plat: 'windows' + type: 'Debug' + image: 'windows-2025-vs2026' + chkprefill: '_chkprefill' + config: >- + -DENABLE_DEBUG=ON + -DCURL_USE_OPENSSL=ON -DUSE_NGTCP2=ON + -DOPENSSL_INCLUDE_DIR=/ucrt64/include + -DSSL_EAY_DEBUG=/ucrt64/lib/libssl.dll.a + -DSSL_EAY_RELEASE=/ucrt64/lib/libssl.dll.a + -DLIB_EAY_DEBUG=/ucrt64/lib/libcrypto.dll.a + -DLIB_EAY_RELEASE=/ucrt64/lib/libcrypto.dll.a + -DUSE_WIN32_IDN=ON -DUSE_SSLS_EXPORT=ON + -DBROTLI_INCLUDE_DIR=/ucrt64/include + -DBROTLICOMMON_LIBRARY=/ucrt64/lib/libbrotlicommon.dll.a + -DBROTLIDEC_LIBRARY=/ucrt64/lib/libbrotlidec.dll.a + -DZSTD_INCLUDE_DIR=/ucrt64/include + -DZSTD_LIBRARY=/ucrt64/lib/libzstd.dll.a + -DZLIB_INCLUDE_DIR=/ucrt64/include + -DZLIB_LIBRARY=/ucrt64/lib/libz.dll.a + -DLIBSSH2_INCLUDE_DIR=/ucrt64/include + -DLIBSSH2_LIBRARY=/ucrt64/lib/libssh2.dll.a + -DNGHTTP2_INCLUDE_DIR=/ucrt64/include + -DNGHTTP2_LIBRARY=/ucrt64/lib/libnghttp2.dll.a + -DNGHTTP3_INCLUDE_DIR=/ucrt64/include + -DNGHTTP3_LIBRARY=/ucrt64/lib/libnghttp3.dll.a + -DNGTCP2_INCLUDE_DIR=/ucrt64/include + -DNGTCP2_LIBRARY=/ucrt64/lib/libngtcp2.dll.a + -DNGTCP2_CRYPTO_OSSL_LIBRARY=/ucrt64/lib/libngtcp2_crypto_ossl.dll.a + -DCURL_CA_NATIVE=ON + -DCURL_ENABLE_NTLM=ON + + - name: 'schannel U' + install-vcpkg: 'zlib libssh2[core,zlib]' + arch: 'arm64' + env: 'clang-aarch64' + plat: 'windows' + type: 'Debug' + image: 'windows-11-arm' + openssh: 'OpenSSH-Windows' + tflags: '--min=1650' + # disable SMB to save 30-60 seconds by omitting prereqs, to counteract the slower test run step + config: >- + -DENABLE_DEBUG=ON + -DCURL_USE_SCHANNEL=ON + -DCURL_DISABLE_SMB=ON + -DUSE_WIN32_IDN=ON -DENABLE_UNICODE=ON -DUSE_SSLS_EXPORT=ON + + fail-fast: false + steps: + - uses: msys2/setup-msys2@4f806de0a5a7294ffabaff804b38a9b435a73bda # v2.30.0 + with: + msystem: ${{ matrix.arch == 'arm64' && 'clangarm64' || 'ucrt64' }} + release: ${{ contains(matrix.image, 'arm') }} + cache: ${{ contains(matrix.image, 'arm') }} + path-type: inherit + install: >- + mingw-w64-${{ matrix.env }}-libpsl + ${{ matrix.install-msys2 }} + + - name: 'vcpkg versions' + if: ${{ matrix.install-vcpkg }} + timeout-minutes: 1 + run: | + git -C "$VCPKG_INSTALLATION_ROOT" show --no-patch --format='%H %ai' + vcpkg version + + - name: 'vcpkg build' + if: ${{ matrix.install-vcpkg }} + timeout-minutes: 45 + run: vcpkg x-set-installed ${MATRIX_INSTALL_VCPKG} --triplet="${MATRIX_ARCH}-${MATRIX_PLAT}" + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: 'configure' + timeout-minutes: 5 + env: + MATRIX_CHKPREFILL: '${{ matrix.chkprefill }}' + MATRIX_CONFIG: '${{ matrix.config }}' + TFLAGS: '${{ matrix.tflags }}' + run: | + [ -f "${MINGW_PREFIX}/include/zconf.h" ] && sed -i -E 's|(# +define +Z_HAVE_UNISTD_H)|/*\1*/|g' "${MINGW_PREFIX}/include/zconf.h" # Patch MSYS2 zconf.h for MSVC + for _chkprefill in '' ${MATRIX_CHKPREFILL}; do + options='' + cflags='' + rcflags='' + ldflags='' + if [ "${MATRIX_PLAT}" = 'uwp' ]; then + options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0' + cflags+=' -DWINAPI_FAMILY=WINAPI_FAMILY_PC_APP' + ldflags+=' -OPT:NOREF -OPT:NOICF -APPCONTAINER:NO' + vsglobals=';AppxPackage=false;WindowsAppContainer=false' + fi + if [ "${TFLAGS}" = 'skiprun' ]; then + [ "${MATRIX_ARCH}" = 'arm64' ] && options+=' -A ARM64' + [ "${MATRIX_ARCH}" = 'x64' ] && options+=' -A x64' + [ "${MATRIX_ARCH}" = 'x86' ] && options+=' -A Win32' + options+=" -DCMAKE_VS_GLOBALS=TrackFileAccess=false${vsglobals}" + options+=' -D_CURL_SKIP_BUILD_CERTS=ON' + unset CMAKE_GENERATOR + else + # Use Ninja when running tests to avoid MSBuild heuristics picking + # up "error messages" in the test log output and making the job fail. + # Officially this requires the vcvarsall.bat MS-DOS batch file (as of + # VS2022). Since it integrates badly with CI steps and shell scripts, + # reproduce the necessary build configuration manually, without envs. + MSVC_EDITION='2022/Enterprise/vc/tools/msvc' + [[ "${MATRIX_IMAGE}" = *'vs2026'* ]] && MSVC_EDITION='18/Enterprise/vc/tools/msvc' + [[ "$(uname -s)" = *'ARM64'* ]] && MSVC_HOST='arm64' || MSVC_HOST='x64' # x86 + MSVC_ROOTD="$(cygpath --mixed --short-name "$PROGRAMFILES/Microsoft Visual Studio")" # to avoid spaces in directory names + MSVC_ROOTU="$(/usr/bin/find "$(cygpath --unix "$MSVC_ROOTD/$MSVC_EDITION")" -mindepth 1 -maxdepth 1 -type d -name '*.*' | sort | tail -n 1)" + MSVC_ROOTW="$(cygpath --mixed "$MSVC_ROOTU")" + MSVC_ROOTU="$(cygpath --unix "$MSVC_ROOTW")" + MSVC_BINU="$MSVC_ROOTU/bin/Host$MSVC_HOST/$MATRIX_ARCH" + MSDK_ROOTW="$(cygpath --mixed --short-name "$(printenv 'ProgramFiles(x86)')/Windows Kits")/10" + MSDK_ROOTU="$(cygpath --unix "$MSDK_ROOTW")" + MSDK_VER="$(basename "$(/usr/bin/find "$MSDK_ROOTU/lib" -mindepth 1 -maxdepth 1 -type d -name '*.*' | sort | tail -n 1)")" + MSDK_LIBW="$MSDK_ROOTW/lib/$MSDK_VER" + MSDK_INCW="$MSDK_ROOTW/include/$MSDK_VER" + MSDK_BINU="$MSDK_ROOTU/bin/$MSDK_VER/$MSVC_HOST" + cflags+=" -external:W0" + cflags+=" -external:I$MSVC_ROOTW/include" + cflags+=" -external:I$MSDK_INCW/shared" + cflags+=" -external:I$MSDK_INCW/ucrt" + cflags+=" -external:I$MSDK_INCW/um" + cflags+=" -external:I$MSDK_INCW/km" + rcflags+=" -I$MSDK_INCW/shared" + rcflags+=" -I$MSDK_INCW/um" + ldflags+=" -libpath:$MSVC_ROOTW/lib/$MATRIX_ARCH" + ldflags+=" -libpath:$MSDK_LIBW/ucrt/$MATRIX_ARCH" + ldflags+=" -libpath:$MSDK_LIBW/um/$MATRIX_ARCH" + ldflags+=" -libpath:$MSDK_LIBW/km/$MATRIX_ARCH" + options+=" -DCMAKE_RC_COMPILER=$MSDK_BINU/rc.exe" + options+=" -DCMAKE_MT=$MSDK_BINU/mt.exe" + options+=" -DCMAKE_C_COMPILER=$MSVC_BINU/cl.exe" + export CMAKE_GENERATOR='Ninja Multi-Config' # pass it via env to avoid space issues + echo "Using MSVC: ${MSVC_ROOTW}" + echo "Using Windows SDK: ${MSDK_VER}" + fi + [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' + if [ -n "${MATRIX_INSTALL_VCPKG}" ]; then + options+=" -DCMAKE_TOOLCHAIN_FILE=$VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake" + options+=" -DVCPKG_INSTALLED_DIR=$VCPKG_INSTALLATION_ROOT/installed" + options+=" -DVCPKG_TARGET_TRIPLET=${MATRIX_ARCH}-${MATRIX_PLAT}" + options+=" -DCMAKE_C_COMPILER_TARGET=${MATRIX_ARCH}-${MATRIX_PLAT}" + fi + cmake -B "bld${_chkprefill}" ${options} \ + -DCMAKE_C_FLAGS="${cflags}" \ + -DCMAKE_RC_FLAGS="${rcflags}" \ + -DCMAKE_EXE_LINKER_FLAGS="-INCREMENTAL:NO ${ldflags}" \ + -DCMAKE_SHARED_LINKER_FLAGS="-INCREMENTAL:NO ${ldflags}" \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_DROP_UNUSED=ON \ + -DCURL_WERROR=ON \ + -DLIBPSL_INCLUDE_DIR="${MINGW_PREFIX}/include" \ + -DLIBPSL_LIBRARY="${MINGW_PREFIX}/lib/libpsl.dll.a" \ + -DBUILD_SHARED_LIBS=OFF \ + ${MATRIX_CONFIG} + done + if [ -d bld_chkprefill ] && ! diff -u bld/lib/curl_config.h bld_chkprefill/lib/curl_config.h; then + echo '::group::reference configure log'; cat bld_chkprefill/CMakeFiles/CMake*.yaml 2>/dev/null || true; echo '::endgroup::' + false + fi + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + grep -F '#define' bld/lib/curl_config.h | sort || true + + - name: 'build' + timeout-minutes: 5 + run: cmake --build bld --config "${MATRIX_TYPE}" --parallel 5 + + - name: 'curl -V' + timeout-minutes: 1 + run: | + /usr/bin/find . \( -name '*.exe' -o -name '*.dll' -o -name '*.lib' -o -name '*.pdb' \) -print0 | grep -z curl | xargs -0 file -- + /usr/bin/find . \( -name '*.exe' -o -name '*.dll' -o -name '*.lib' -o -name '*.pdb' \) -print0 | grep -z curl | xargs -0 stat -c '%10s bytes: %n' -- + if [ "${MATRIX_PLAT}" != 'uwp' ]; then # Missing: ucrtbased.dll, VCRUNTIME140D.dll, VCRUNTIME140D_APP.dll + PATH="$PWD/bld/lib/${MATRIX_TYPE}:$PATH" + "bld/src/${MATRIX_TYPE}/curl.exe" --disable --version + fi + + - name: 'build tests' + if: ${{ matrix.tflags != 'skipall' }} + timeout-minutes: 10 + run: cmake --build bld --config "${MATRIX_TYPE}" --parallel 5 --target testdeps + + - name: 'cache test prereqs (stunnel)' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 + id: cache-stunnel + with: + path: C:\my-stunnel + key: ${{ runner.os }}-stunnel-${{ env.STUNNEL_VERSION }}-amd64 + fail-on-cache-miss: true + + - name: 'install test prereqs' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 5 + run: | + if [ -z "${MATRIX_OPENSSH}" ]; then # MSYS2 openssh + /usr/bin/pacman --noconfirm --noprogressbar --sync --needed openssh + elif [ "${MATRIX_OPENSSH}" = 'OpenSSH-Windows-builtin' ]; then + # https://learn.microsoft.com/windows-server/administration/openssh/openssh_install_firstuse + if [[ "${MATRIX_IMAGE}" = *'windows-2025'* ]]; then + pwsh -Command 'Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0' + pwsh -Command 'Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0' + fi + else # OpenSSH-Windows + cd /c # no D: drive on windows-11-arm runners + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ + --location "https://github.com/PowerShell/Win32-OpenSSH/releases/download/${OPENSSH_WINDOWS_VERSION}/OpenSSH-Win64.zip" --output pkg.bin + sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${OPENSSH_WINDOWS_SHA256}" && unzip pkg.bin && rm -f pkg.bin + fi + if "bld/src/${MATRIX_TYPE}/curl.exe" --disable -V 2>/dev/null | grep smb; then + python3 -m pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r tests/requirements.txt + fi + + - name: 'run tests' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 10 + env: + TFLAGS: '${{ matrix.tflags }}' + run: | + TFLAGS="-j8 ${TFLAGS}" + TFLAGS+=' !498' # 'Reject too large HTTP response headers on endless redirects' HTTP, HTTP GET (runtests detecting result code 2009 instead of 56 returned by curl) + TFLAGS+=' ~3000 ~3001 ~3023 ~3024' # 'HTTPS localhost, last subject alt name matches, CN does not match' HTTPS, HTTP GET, PEM certificate (returning 56) + if [[ "${MATRIX_INSTALL_MSYS2}" = *'libssh2-wincng'* || \ + "${MATRIX_INSTALL_VCPKG}" = *'libssh2[core,zlib]'* ]]; then + TFLAGS+=' ~SCP ~SFTP' # Flaky: `-8, Unable to exchange encryption keys`. https://github.com/libssh2/libssh2/issues/804 + fi + if [ -n "${MATRIX_OPENSSH}" ]; then # OpenSSH-Windows + TFLAGS+=' ~601 ~603 ~617 ~619 ~621 ~641 ~665 ~2004' # SCP + if [[ "${MATRIX_INSTALL_MSYS2} " = *'libssh '* || \ + "${MATRIX_INSTALL_VCPKG} " = *'libssh '* ]]; then + TFLAGS+=' ~614' # 'SFTP pre-quote chmod' SFTP, pre-quote, directory + else + TFLAGS+=' ~3022' # 'SCP correct sha256 host key' SCP, server sha256 key check + fi + PATH="/c/OpenSSH-Win64:$PATH" + fi + PATH="$PWD/bld/lib/${MATRIX_TYPE}:$PATH:/c/my-stunnel/bin" + cmake --build bld --config "${MATRIX_TYPE}" --target test-ci + + - name: 'build examples' + timeout-minutes: 5 + if: ${{ contains(matrix.name, '+examples') }} + run: cmake --build bld --config "${MATRIX_TYPE}" --parallel 5 --target curl-examples-build + + - name: 'disk space used' + run: du -sh .; echo; du -sh -t 250KB ./*; echo; du -h -t 250KB bld diff --git a/.gitignore b/.gitignore index e35747146de0..0ac100295697 100644 --- a/.gitignore +++ b/.gitignore @@ -1,14 +1,22 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + *.asc *.dll *.exe *.exp *.la *.lib +*.a +*.res *.lo *.o *.obj *.pdb *.pyc +*.orig +*.rej *~ .*.sw? .cproject @@ -18,11 +26,10 @@ .project .settings /.vs +/bld/ /build/ -/builds/ /stats/ __pycache__ -CHANGES.dist Debug INSTALL Makefile @@ -32,6 +39,9 @@ TAGS aclocal.m4 aclocal.m4.bak autom4te.cache +buildinfo.txt +ca-bundle.crt +certdata.txt compile config.cache config.guess @@ -53,8 +63,12 @@ missing mkinstalldirs tags test-driver +stamp-h* scripts/_curl scripts/curl.fish curl_fuzzer curl_fuzzer_seed_corpus.zip libstandaloneengine.a +tests/string +tests/config +tests/ech-log/ diff --git a/.lgtm.yml b/.lgtm.yml deleted file mode 100644 index 932e9c0b5233..000000000000 --- a/.lgtm.yml +++ /dev/null @@ -1,31 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -extraction: - cpp: - prepare: - packages: # to avoid confusion with libopenafs-dev which also provides a des.h - - libssl-dev - after_prepare: # make sure lgtm.com doesn't use CMake (which generates and runs tests) - - rm -f CMakeLists.txt - - ./buildconf - configure: # enable as many optional features as possible - command: ./configure --enable-ares --with-libssh2 --with-gssapi --with-librtmp --with-openssl diff --git a/.mailmap b/.mailmap index 2e0dcf2e785e..d4e547b9ed03 100644 --- a/.mailmap +++ b/.mailmap @@ -1,6 +1,10 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + Guenter Knauf -Gisle Vanem -Gisle Vanem +Gisle Vanem +Gisle Vanem Alessandro Ghedini Alessandro Ghedini Björn Stenberg @@ -48,7 +52,8 @@ Max Savenkov Daniel Jelinski <30433125+djelinski@users.noreply.github.com> Amit Katyal Giorgos Oikonomou -Evgeny Grin +Evgeny Grin (Karlson2k) +Evgeny Grin (Karlson2k) Peter Pih Anton Malov Marquis de Muesli @@ -64,7 +69,8 @@ Jessa Chandler Gökhan Şengün Svyatoslav Mishyn Douglas Steinwand -James Fuller +James Fuller +James Fuller Jim Fuller Don J Olmstead Nicolas Sterchele Sergey Raevskiy @@ -74,3 +80,44 @@ Pavel Novikov apique13 on github Daniel Hwang Jon Rumsey +Tobias Nyholm +Timur Artikov +Michał Antoniak <47522782+MAntoniak@users.noreply.github.com> +Gleb Ivanovsky +Max Dymond +Max Dymond +Abhinav Singh +Malik Idrees Hasan Khan <77000356+MalikIdreesHasanKhan@users.noreply.github.com> +Yongkang Huang +Xiaoke Wang +Philip H <47042125+pheiduck@users.noreply.github.com> +neutric on github <5984479+neutric@users.noreply.github.com> +Jan-Piet Mens +Henrik Holst +Christian Schmitz +Max Mehl +rzrymiak on github <106121613+rzrymiak@users.noreply.github.com> +Oliver Roberts +opensignature on github +Cering on github +a1346054 on github <36859588+a1346054@users.noreply.github.com> +zhanghu on xiaomi +Philip Heiduck <47042125+pheiduck@users.noreply.github.com> +bsergean on github +Stefan Eissing +Michael Musset +Andy Alt +Thomas1664 on github <46387399+Thomas1664@users.noreply.github.com> +dengjfzh on github +Brad Harder +Derzsi Dániel +Michael Osipov <1983-01-06@gmx.net> +Michael Osipov +Christian Weisgerber +Moritz Buhl +Aki Sakurai <75532970+AkiSakurai@users.noreply.github.com> +Sinkevich Artem +Andrew Kirillov +Stephen Farrell +Calvin Ruocco +Hamza Bensliman diff --git a/.muse/config.toml b/.muse/config.toml deleted file mode 100644 index 4e5b5cc63bde..000000000000 --- a/.muse/config.toml +++ /dev/null @@ -1,3 +0,0 @@ -ignore = [ "DEAD_STORE" ] -build = "make" -setup = ".muse/setup.sh" diff --git a/.muse/setup.sh b/.muse/setup.sh deleted file mode 100755 index 55872d594b99..000000000000 --- a/.muse/setup.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash -./buildconf -./configure -echo "Ran the setup script for muse including autoconf and executing ./configure" diff --git a/CHANGES b/CHANGES deleted file mode 100644 index 3e2cd9947dc9..000000000000 --- a/CHANGES +++ /dev/null @@ -1,7 +0,0 @@ -See https://curl.se/changes.html for the edited and human readable online -version of what has changed over the years in different curl releases. - -Generate a CHANGES file like the one present in every release like this: - -$ git log --pretty=fuller --no-color --date=short --decorate=full | \ - ./scripts/log2changes.pl diff --git a/CHANGES.md b/CHANGES.md new file mode 100644 index 000000000000..3eabec9cb8d8 --- /dev/null +++ b/CHANGES.md @@ -0,0 +1,12 @@ + + +In a release tarball, check the RELEASE-NOTES file for what was done in the +most recent release. In a git check-out, that file mentions changes that have +been done since the previous release. + +See the online [changelog](https://curl.se/changes.html) for the edited and +human readable version of what has changed in different curl releases. diff --git a/CMake/CMakeConfigurableFile.in b/CMake/CMakeConfigurableFile.in deleted file mode 100644 index 8ccd016a674d..000000000000 --- a/CMake/CMakeConfigurableFile.in +++ /dev/null @@ -1,22 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -@CMAKE_CONFIGURABLE_FILE_CONTENT@ diff --git a/CMake/CurlSymbolHiding.cmake b/CMake/CurlSymbolHiding.cmake index e99ea6f64888..51a2d94de13a 100644 --- a/CMake/CurlSymbolHiding.cmake +++ b/CMake/CurlSymbolHiding.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,59 +18,51 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -include(CheckCSourceCompiles) - -option(CURL_HIDDEN_SYMBOLS "Set to ON to hide libcurl internal symbols (=hide all symbols that aren't officially external)." ON) +option(CURL_HIDDEN_SYMBOLS "Hide libcurl internal symbols (=hide all symbols that are not officially external)" ON) mark_as_advanced(CURL_HIDDEN_SYMBOLS) -if(CURL_HIDDEN_SYMBOLS) - set(SUPPORTS_SYMBOL_HIDING FALSE) +if(WIN32 AND ENABLE_DEBUG) + # We need to export internal debug functions, + # e.g. curl_easy_perform_ev() or curl_dbg_*(), + # so disable symbol hiding for debug builds and for memory tracking. + set(CURL_HIDDEN_SYMBOLS OFF) +elseif(DOS OR AMIGA) + set(CURL_HIDDEN_SYMBOLS OFF) +endif() + +set(CURL_HIDES_PRIVATE_SYMBOLS FALSE) +set(CURL_EXTERN_SYMBOL "") +set(CURL_CFLAG_SYMBOLS_HIDE "") +if(CURL_HIDDEN_SYMBOLS) if(CMAKE_C_COMPILER_ID MATCHES "Clang" AND NOT MSVC) - set(SUPPORTS_SYMBOL_HIDING TRUE) - set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))") - set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") - elseif(CMAKE_COMPILER_IS_GNUCC) - if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.4) - # note: this is considered buggy prior to 4.0 but the autotools don't care, so let's ignore that fact - set(SUPPORTS_SYMBOL_HIDING TRUE) - set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))") - set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") - endif() - elseif(CMAKE_C_COMPILER_ID MATCHES "SunPro" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 8.0) - set(SUPPORTS_SYMBOL_HIDING TRUE) - set(_SYMBOL_EXTERN "__global") - set(_CFLAG_SYMBOLS_HIDE "-xldscope=hidden") - elseif(CMAKE_C_COMPILER_ID MATCHES "Intel" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.0) - # note: this should probably just check for version 9.1.045 but I'm not 100% sure - # so let's do it the same way autotools do. - set(SUPPORTS_SYMBOL_HIDING TRUE) - set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))") - set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") - check_c_source_compiles("#include - int main (void) { printf(\"icc fvisibility bug test\"); return 0; }" _no_bug) - if(NOT _no_bug) - set(SUPPORTS_SYMBOL_HIDING FALSE) - set(_SYMBOL_EXTERN "") - set(_CFLAG_SYMBOLS_HIDE "") + set(CURL_HIDES_PRIVATE_SYMBOLS TRUE) + set(CURL_EXTERN_SYMBOL "__attribute__((__visibility__(\"default\")))") + set(CURL_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") + elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU") + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.4) + # Note: This is considered buggy prior to 4.0 but the autotools do not care, so let us ignore that fact + set(CURL_HIDES_PRIVATE_SYMBOLS TRUE) + set(CURL_EXTERN_SYMBOL "__attribute__((__visibility__(\"default\")))") + set(CURL_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") endif() + elseif(CMAKE_C_COMPILER_ID MATCHES "SunPro" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 8.0) + set(CURL_HIDES_PRIVATE_SYMBOLS TRUE) + set(CURL_EXTERN_SYMBOL "__global") + set(CURL_CFLAG_SYMBOLS_HIDE "-xldscope=hidden") + elseif(CMAKE_C_COMPILER_ID MATCHES "Intel" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 9.0) # Requires 9.1.045 + set(CURL_HIDES_PRIVATE_SYMBOLS TRUE) + set(CURL_EXTERN_SYMBOL "__attribute__((__visibility__(\"default\")))") + set(CURL_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") elseif(MSVC) - set(SUPPORTS_SYMBOL_HIDING TRUE) - endif() - - set(HIDES_CURL_PRIVATE_SYMBOLS ${SUPPORTS_SYMBOL_HIDING}) -elseif(MSVC) - if(NOT CMAKE_VERSION VERSION_LESS 3.7) - set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE) #present since 3.4.3 but broken - set(HIDES_CURL_PRIVATE_SYMBOLS FALSE) - else() - message(WARNING "Hiding private symbols regardless CURL_HIDDEN_SYMBOLS being disabled.") - set(HIDES_CURL_PRIVATE_SYMBOLS TRUE) + set(CURL_HIDES_PRIVATE_SYMBOLS TRUE) endif() else() - set(HIDES_CURL_PRIVATE_SYMBOLS FALSE) + if(MSVC) + # Note: This option is prone to export non-curl extra symbols. + set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE) + endif() endif() - -set(CURL_CFLAG_SYMBOLS_HIDE ${_CFLAG_SYMBOLS_HIDE}) -set(CURL_EXTERN_SYMBOL ${_SYMBOL_EXTERN}) diff --git a/CMake/CurlTests.c b/CMake/CurlTests.c index 07dca5ec104c..2cf306b58853 100644 --- a/CMake/CurlTests.c +++ b/CMake/CurlTests.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. + * Copyright (C) Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -18,146 +18,89 @@ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * + * SPDX-License-Identifier: curl + * ***************************************************************************/ -#ifdef TIME_WITH_SYS_TIME -/* Time with sys/time test */ - -#include -#include -#include - -int -main () -{ -if ((struct tm *) 0) -return 0; - ; - return 0; -} - -#endif #ifdef HAVE_FCNTL_O_NONBLOCK - /* headers for FCNTL_O_NONBLOCK test */ #include #include #include -/* */ + #if defined(sun) || defined(__sun__) || \ - defined(__SUNPRO_C) || defined(__SUNPRO_CC) -# if defined(__SVR4) || defined(__srv4__) -# define PLATFORM_SOLARIS -# else -# define PLATFORM_SUNOS4 -# endif + defined(__SUNPRO_C) || defined(__SUNPRO_CC) +# if defined(__SVR4) || defined(__srv4__) +# define PLATFORM_SOLARIS +# else +# define PLATFORM_SUNOS4 +# endif #endif #if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41) -# define PLATFORM_AIX_V3 +# define PLATFORM_AIX_V3 #endif -/* */ -#if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) || defined(__BEOS__) + +#if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) #error "O_NONBLOCK does not work on this platform" #endif -int -main () +int main(void) { - /* O_NONBLOCK source test */ - int flags = 0; - if(0 != fcntl(0, F_SETFL, flags | O_NONBLOCK)) - return 1; - return 0; + /* O_NONBLOCK source test */ + int flags = 0; + if(0 != fcntl(0, F_SETFL, flags | O_NONBLOCK)) + return 1; + return 0; } #endif /* tests for gethostbyname_r */ -#if defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) || \ - defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) || \ - defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) -# define _REENTRANT - /* no idea whether _REENTRANT is always set, just invent a new flag */ -# define TEST_GETHOSTBYFOO_REENTRANT -#endif #if defined(HAVE_GETHOSTBYNAME_R_3) || \ + defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) || \ defined(HAVE_GETHOSTBYNAME_R_5) || \ + defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) || \ defined(HAVE_GETHOSTBYNAME_R_6) || \ - defined(TEST_GETHOSTBYFOO_REENTRANT) + defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) #include #include int main(void) { - char *address = "example.com"; - int length = 0; - int type = 0; + const char *address = "example.com"; struct hostent h; int rc = 0; -#if defined(HAVE_GETHOSTBYNAME_R_3) || \ - defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) +#if defined(HAVE_GETHOSTBYNAME_R_3) || \ + defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) struct hostent_data hdata; #elif defined(HAVE_GETHOSTBYNAME_R_5) || \ defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) || \ defined(HAVE_GETHOSTBYNAME_R_6) || \ defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) char buffer[8192]; - int h_errnop; struct hostent *hp; + int h_errnop; #endif #if defined(HAVE_GETHOSTBYNAME_R_3) || \ defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) rc = gethostbyname_r(address, &h, &hdata); + (void)hdata; #elif defined(HAVE_GETHOSTBYNAME_R_5) || \ defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) rc = gethostbyname_r(address, &h, buffer, 8192, &h_errnop); - (void)hp; /* not used for test */ + (void)hp; + (void)h_errnop; #elif defined(HAVE_GETHOSTBYNAME_R_6) || \ defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) rc = gethostbyname_r(address, &h, buffer, 8192, &hp, &h_errnop); + (void)hp; + (void)h_errnop; #endif - - (void)length; - (void)type; + (void)h; (void)rc; return 0; } #endif -#ifdef HAVE_SOCKLEN_T -#ifdef _WIN32 -#include -#else -#include -#include -#endif -int -main () -{ -if ((socklen_t *) 0) - return 0; -if (sizeof (socklen_t)) - return 0; - ; - return 0; -} -#endif -#ifdef HAVE_IN_ADDR_T -#include -#include -#include - -int -main () -{ -if ((in_addr_t *) 0) - return 0; -if (sizeof (in_addr_t)) - return 0; - ; - return 0; -} -#endif - #ifdef HAVE_BOOL_T #ifdef HAVE_SYS_TYPES_H #include @@ -165,13 +108,9 @@ if (sizeof (in_addr_t)) #ifdef HAVE_STDBOOL_H #include #endif -int -main () +int main(void) { -if (sizeof (bool *) ) - return 0; - ; - return 0; + return (int)sizeof(bool *); } #endif @@ -180,168 +119,94 @@ if (sizeof (bool *) ) #include #include #include -int main() { return 0; } -#endif -#ifdef HAVE_GETADDRINFO -#include -#include -#include - -int main(void) { - struct addrinfo hints, *ai; - int error; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; -#ifndef getaddrinfo - (void)getaddrinfo; -#endif - error = getaddrinfo("127.0.0.1", "8080", &hints, &ai); - if (error) { - return 1; - } - return 0; +int main(void) +{ + return 0; } #endif + #ifdef HAVE_FILE_OFFSET_BITS -#ifdef _FILE_OFFSET_BITS -#undef _FILE_OFFSET_BITS -#endif -#define _FILE_OFFSET_BITS 64 #include - /* Check that off_t can represent 2**63 - 1 correctly. - We can't simply define LARGE_OFF_T to be 9223372036854775807, - since some C++ compilers masquerading as C compilers - incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) - int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 - && LARGE_OFF_T % 2147483647 == 1) - ? 1 : -1]; -int main () { ; return 0; } +/* Check that off_t can represent 2**63 - 1 correctly. + We cannot define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t)1 << 62) - 1 + ((off_t)1 << 62)) +static int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && + LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int main(void) +{ + (void)off_t_is_large; + return 0; +} #endif + #ifdef HAVE_IOCTLSOCKET -/* includes start */ -#ifdef HAVE_WINDOWS_H -# ifndef WIN32_LEAN_AND_MEAN -# define WIN32_LEAN_AND_MEAN -# endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# else -# ifdef HAVE_WINSOCK_H -# include -# endif -# endif +#ifdef _WIN32 +# include #endif - -int -main () +int main(void) { - -/* ioctlsocket source code */ - int socket; - unsigned long flags = ioctlsocket(socket, FIONBIO, &flags); - - ; + /* ioctlsocket source code */ + int socket = -1; + unsigned long flags = ioctlsocket(socket, FIONBIO, &flags); + (void)flags; return 0; } -#endif -#ifdef HAVE_IOCTLSOCKET_CAMEL -/* includes start */ -#ifdef HAVE_WINDOWS_H -# ifndef WIN32_LEAN_AND_MEAN -# define WIN32_LEAN_AND_MEAN -# endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# else -# ifdef HAVE_WINSOCK_H -# include -# endif -# endif #endif -int -main () +#ifdef HAVE_IOCTLSOCKET_CAMEL +#include +int main(void) { - -/* IoctlSocket source code */ - if(0 != IoctlSocket(0, 0, 0)) - return 1; - ; + /* IoctlSocket source code */ + if(0 != IoctlSocket(0, 0, 0)) + return 1; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET_CAMEL_FIONBIO -/* includes start */ -#ifdef HAVE_WINDOWS_H -# ifndef WIN32_LEAN_AND_MEAN -# define WIN32_LEAN_AND_MEAN -# endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# else -# ifdef HAVE_WINSOCK_H -# include -# endif -# endif +#include +#ifdef HAVE_SYS_IOCTL_H +# include #endif - -int -main () +int main(void) { - -/* IoctlSocket source code */ - long flags = 0; - if(0 != ioctlsocket(0, FIONBIO, &flags)) - return 1; - ; + /* IoctlSocket source code */ + long flags = 0; + if(0 != IoctlSocket(0, FIONBIO, &flags)) + return 1; + (void)flags; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET_FIONBIO -/* includes start */ -#ifdef HAVE_WINDOWS_H -# ifndef WIN32_LEAN_AND_MEAN -# define WIN32_LEAN_AND_MEAN -# endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# else -# ifdef HAVE_WINSOCK_H -# include -# endif -# endif +#ifdef _WIN32 +# include #endif - -int -main () +int main(void) { - - int flags = 0; - if(0 != ioctlsocket(0, FIONBIO, &flags)) - return 1; - - ; + unsigned long flags = 0; + if(0 != ioctlsocket(0, FIONBIO, &flags)) + return 1; + (void)flags; return 0; } #endif + #ifdef HAVE_IOCTL_FIONBIO /* headers for FIONBIO test */ -/* includes start */ #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_UNISTD_H # include #endif -#ifdef HAVE_SYS_SOCKET_H +#ifndef _WIN32 # include #endif #ifdef HAVE_SYS_IOCTL_H @@ -350,29 +215,25 @@ main () #ifdef HAVE_STROPTS_H # include #endif - -int -main () +int main(void) { - - int flags = 0; - if(0 != ioctl(0, FIONBIO, &flags)) - return 1; - - ; + int flags = 0; + if(0 != ioctl(0, FIONBIO, &flags)) + return 1; + (void)flags; return 0; } #endif + #ifdef HAVE_IOCTL_SIOCGIFADDR /* headers for FIONBIO test */ -/* includes start */ #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_UNISTD_H # include #endif -#ifdef HAVE_SYS_SOCKET_H +#ifndef _WIN32 # include #endif #ifdef HAVE_SYS_IOCTL_H @@ -382,155 +243,159 @@ main () # include #endif #include - -int -main () +int main(void) { - struct ifreq ifr; - if(0 != ioctl(0, SIOCGIFADDR, &ifr)) - return 1; - - ; + struct ifreq ifr; + if(0 != ioctl(0, SIOCGIFADDR, &ifr)) + return 1; + (void)ifr; return 0; } #endif + #ifdef HAVE_SETSOCKOPT_SO_NONBLOCK -/* includes start */ -#ifdef HAVE_WINDOWS_H -# ifndef WIN32_LEAN_AND_MEAN -# define WIN32_LEAN_AND_MEAN -# endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# else -# ifdef HAVE_WINSOCK_H -# include -# endif -# endif +#ifdef _WIN32 +# include #endif -/* includes start */ #ifdef HAVE_SYS_TYPES_H # include #endif -#ifdef HAVE_SYS_SOCKET_H +#ifndef _WIN32 # include #endif -/* includes end */ - -int -main () +int main(void) { - if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0)) - return 1; - ; + if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0)) + return 1; return 0; } #endif + #ifdef HAVE_GLIBC_STRERROR_R #include #include -void check(char c) {} +static void check(char c) +{ + (void)c; +} -int -main () { +int main(void) +{ char buffer[1024]; /* This will not compile if strerror_r does not return a char* */ + /* !checksrc! disable ERRNOVAR 1 */ check(strerror_r(EACCES, buffer, sizeof(buffer))[0]); return 0; } #endif + #ifdef HAVE_POSIX_STRERROR_R #include #include -/* float, because a pointer can't be implicitly cast to float */ -void check(float f) {} +/* Float, because a pointer cannot be implicitly cast to float */ +static void check(float f) +{ + (void)f; +} -int -main () { +int main(void) +{ char buffer[1024]; /* This will not compile if strerror_r does not return an int */ + /* !checksrc! disable ERRNOVAR 1 */ check(strerror_r(EACCES, buffer, sizeof(buffer))); return 0; } #endif + #ifdef HAVE_FSETXATTR_6 #include /* header from libc, not from libattr */ -int -main() { +int main(void) +{ fsetxattr(0, 0, 0, 0, 0, 0); return 0; } #endif + #ifdef HAVE_FSETXATTR_5 #include /* header from libc, not from libattr */ -int -main() { - fsetxattr(0, 0, 0, 0, 0); +int main(void) +{ + fsetxattr(0, "", 0, 0, 0); return 0; } #endif + #ifdef HAVE_CLOCK_GETTIME_MONOTONIC #include -int -main() { - struct timespec ts = {0, 0}; - clock_gettime(CLOCK_MONOTONIC, &ts); +int main(void) +{ + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); + (void)ts; return 0; } #endif + #ifdef HAVE_BUILTIN_AVAILABLE -int -main() { - if(__builtin_available(macOS 10.12, *)) {} +int main(void) +{ + if(__builtin_available(macOS 10.12, iOS 5.0, *)) {} return 0; } #endif -#ifdef HAVE_VARIADIC_MACROS_C99 -#define c99_vmacro3(first, ...) fun3(first, __VA_ARGS__) -#define c99_vmacro2(first, ...) fun2(first, __VA_ARGS__) -int fun3(int arg1, int arg2, int arg3); -int fun2(int arg1, int arg2); - -int fun3(int arg1, int arg2, int arg3) { - return arg1 + arg2 + arg3; -} -int fun2(int arg1, int arg2) { - return arg1 + arg2; +#ifdef HAVE_ATOMIC +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif +#ifdef HAVE_STDATOMIC_H +# include +#endif +int main(void) +{ + _Atomic int i = 1; + i = 0; /* Force an atomic-write operation. */ + return i; } +#endif + +#ifdef HAVE_WIN32_WINNT +#ifdef _WIN32 +# ifndef NOGDI +# define NOGDI +# endif +# include +#endif + +#define enquote(x) #x +#define expand(x) enquote(x) +#pragma message("_WIN32_WINNT=" expand(_WIN32_WINNT)) -int -main() { - int res3 = c99_vmacro3(1, 2, 3); - int res2 = c99_vmacro2(1, 2); - (void)res3; - (void)res2; +int main(void) +{ return 0; } #endif -#ifdef HAVE_VARIADIC_MACROS_GCC -#define gcc_vmacro3(first, args...) fun3(first, args) -#define gcc_vmacro2(first, args...) fun2(first, args) -int fun3(int arg1, int arg2, int arg3); -int fun2(int arg1, int arg2); +#ifdef MINGW64_VERSION +#ifdef __MINGW32__ +# include <_mingw.h> +#endif -int fun3(int arg1, int arg2, int arg3) { - return arg1 + arg2 + arg3; -} -int fun2(int arg1, int arg2) { - return arg1 + arg2; -} +#define enquote(x) #x +#define expand(x) enquote(x) +#pragma message("MINGW64_VERSION=" \ + expand(__MINGW64_VERSION_MAJOR) "." \ + expand(__MINGW64_VERSION_MINOR)) -int -main() { - int res3 = gcc_vmacro3(1, 2, 3); - int res2 = gcc_vmacro2(1, 2); - (void)res3; - (void)res2; +int main(void) +{ return 0; } #endif diff --git a/CMake/FindBearSSL.cmake b/CMake/FindBearSSL.cmake deleted file mode 100644 index 9455f4ba30ca..000000000000 --- a/CMake/FindBearSSL.cmake +++ /dev/null @@ -1,30 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -find_path(BEARSSL_INCLUDE_DIRS bearssl.h) - -find_library(BEARSSL_LIBRARY bearssl) - -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(BEARSSL DEFAULT_MSG - BEARSSL_INCLUDE_DIRS BEARSSL_LIBRARY) - -mark_as_advanced(BEARSSL_INCLUDE_DIRS BEARSSL_LIBRARY) diff --git a/CMake/FindBrotli.cmake b/CMake/FindBrotli.cmake index 0ed08550d2c4..bd3363cce0ab 100644 --- a/CMake/FindBrotli.cmake +++ b/CMake/FindBrotli.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,24 +18,79 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -include(FindPackageHandleStandardArgs) +# Find the brotli library +# +# Input variables: +# +# - `BROTLI_INCLUDE_DIR`: Absolute path to brotli include directory. +# - `BROTLICOMMON_LIBRARY`: Absolute path to `brotlicommon` library. +# - `BROTLIDEC_LIBRARY`: Absolute path to `brotlidec` library. +# - `BROTLI_USE_STATIC_LIBS`: Configure for static brotli libraries. +# +# Defines: +# +# - `BROTLI_FOUND`: System has brotli. +# - `BROTLI_VERSION`: Version of brotli. +# - `CURL::brotli`: brotli library target. -find_path(BROTLI_INCLUDE_DIR "brotli/decode.h") +set(_brotli_pc_requires "libbrotlidec" "libbrotlicommon") # order is significant: brotlidec then brotlicommon -find_library(BROTLICOMMON_LIBRARY NAMES brotlicommon) -find_library(BROTLIDEC_LIBRARY NAMES brotlidec) +if(CURL_USE_PKGCONFIG AND + NOT DEFINED BROTLI_INCLUDE_DIR AND + NOT DEFINED BROTLICOMMON_LIBRARY AND + NOT DEFINED BROTLIDEC_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_brotli ${_brotli_pc_requires}) +endif() -find_package_handle_standard_args(BROTLI - FOUND_VAR - BROTLI_FOUND +if(_brotli_FOUND) + set(Brotli_FOUND TRUE) + set(BROTLI_FOUND TRUE) + set(BROTLI_VERSION ${_brotli_libbrotlicommon_VERSION}) + if(BROTLI_USE_STATIC_LIBS) + set(_brotli_CFLAGS "${_brotli_STATIC_CFLAGS}") + set(_brotli_INCLUDE_DIRS "${_brotli_STATIC_INCLUDE_DIRS}") + set(_brotli_LIBRARY_DIRS "${_brotli_STATIC_LIBRARY_DIRS}") + set(_brotli_LIBRARIES "${_brotli_STATIC_LIBRARIES}") + endif() + message(STATUS "Found Brotli (via pkg-config): ${_brotli_INCLUDE_DIRS} (found version \"${BROTLI_VERSION}\")") +else() + find_path(BROTLI_INCLUDE_DIR "brotli/decode.h") + if(BROTLI_USE_STATIC_LIBS) + find_library(BROTLICOMMON_LIBRARY NAMES "brotlicommon-static" "brotlicommon") + find_library(BROTLIDEC_LIBRARY NAMES "brotlidec-static" "brotlidec") + else() + find_library(BROTLICOMMON_LIBRARY NAMES "brotlicommon") + find_library(BROTLIDEC_LIBRARY NAMES "brotlidec") + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Brotli REQUIRED_VARS + BROTLI_INCLUDE_DIR BROTLIDEC_LIBRARY BROTLICOMMON_LIBRARY - BROTLI_INCLUDE_DIR - FAIL_MESSAGE - "Could NOT find BROTLI" -) + ) + + if(BROTLI_FOUND) + set(_brotli_INCLUDE_DIRS ${BROTLI_INCLUDE_DIR}) + set(_brotli_LIBRARIES ${BROTLIDEC_LIBRARY} ${BROTLICOMMON_LIBRARY}) + endif() + + mark_as_advanced(BROTLI_INCLUDE_DIR BROTLIDEC_LIBRARY BROTLICOMMON_LIBRARY) +endif() -set(BROTLI_INCLUDE_DIRS ${BROTLI_INCLUDE_DIR}) -set(BROTLI_LIBRARIES ${BROTLICOMMON_LIBRARY} ${BROTLIDEC_LIBRARY}) +if(BROTLI_FOUND) + if(NOT TARGET CURL::brotli) + add_library(CURL::brotli INTERFACE IMPORTED) + set_target_properties(CURL::brotli PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_brotli_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_brotli_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_brotli_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_brotli_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_brotli_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindCARES.cmake b/CMake/FindCARES.cmake deleted file mode 100644 index 71806823d280..000000000000 --- a/CMake/FindCARES.cmake +++ /dev/null @@ -1,45 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -# - Find c-ares -# Find the c-ares includes and library -# This module defines -# CARES_INCLUDE_DIR, where to find ares.h, etc. -# CARES_LIBRARIES, the libraries needed to use c-ares. -# CARES_FOUND, If false, do not try to use c-ares. -# also defined, but not for general use are -# CARES_LIBRARY, where to find the c-ares library. - -find_path(CARES_INCLUDE_DIR ares.h) - -set(CARES_NAMES ${CARES_NAMES} cares) -find_library(CARES_LIBRARY - NAMES ${CARES_NAMES} - ) - -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(CARES - REQUIRED_VARS CARES_LIBRARY CARES_INCLUDE_DIR) - -mark_as_advanced( - CARES_LIBRARY - CARES_INCLUDE_DIR - ) diff --git a/CMake/FindCares.cmake b/CMake/FindCares.cmake new file mode 100644 index 000000000000..19b6a03103df --- /dev/null +++ b/CMake/FindCares.cmake @@ -0,0 +1,118 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the c-ares library +# +# Input variables: +# +# - `CARES_INCLUDE_DIR`: Absolute path to c-ares include directory. +# - `CARES_LIBRARY`: Absolute path to `cares` library. +# - `CARES_USE_STATIC_LIBS`: Configure for static c-ares libraries. +# +# Defines: +# +# - `CARES_FOUND`: System has c-ares. +# - `CARES_VERSION`: Version of c-ares. +# - `CURL::cares`: c-ares library target. + +set(_cares_pc_requires "libcares") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED CARES_INCLUDE_DIR AND + NOT DEFINED CARES_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_cares ${_cares_pc_requires}) +endif() + +if(_cares_FOUND) + set(Cares_FOUND TRUE) + set(CARES_FOUND TRUE) + set(CARES_VERSION ${_cares_VERSION}) + if(CARES_USE_STATIC_LIBS) + set(_cares_CFLAGS "${_cares_STATIC_CFLAGS}") + set(_cares_INCLUDE_DIRS "${_cares_STATIC_INCLUDE_DIRS}") + set(_cares_LIBRARY_DIRS "${_cares_STATIC_LIBRARY_DIRS}") + set(_cares_LIBRARIES "${_cares_STATIC_LIBRARIES}") + endif() + message(STATUS "Found Cares (via pkg-config): ${_cares_INCLUDE_DIRS} (found version \"${CARES_VERSION}\")") +else() + find_path(CARES_INCLUDE_DIR NAMES "ares.h") + if(CARES_USE_STATIC_LIBS) + set(_cares_CFLAGS "-DCARES_STATICLIB") + find_library(CARES_LIBRARY NAMES ${CARES_NAMES} "cares_static" "cares") + else() + find_library(CARES_LIBRARY NAMES ${CARES_NAMES} "cares") + endif() + + unset(CARES_VERSION CACHE) + if(CARES_INCLUDE_DIR AND EXISTS "${CARES_INCLUDE_DIR}/ares_version.h") + set(_version_regex1 "#[\t ]*define[\t ]+ARES_VERSION_MAJOR[\t ]+([0-9]+).*") + set(_version_regex2 "#[\t ]*define[\t ]+ARES_VERSION_MINOR[\t ]+([0-9]+).*") + set(_version_regex3 "#[\t ]*define[\t ]+ARES_VERSION_PATCH[\t ]+([0-9]+).*") + file(STRINGS "${CARES_INCLUDE_DIR}/ares_version.h" _version_str1 REGEX "${_version_regex1}") + file(STRINGS "${CARES_INCLUDE_DIR}/ares_version.h" _version_str2 REGEX "${_version_regex2}") + file(STRINGS "${CARES_INCLUDE_DIR}/ares_version.h" _version_str3 REGEX "${_version_regex3}") + string(REGEX REPLACE "${_version_regex1}" "\\1" _version_str1 "${_version_str1}") + string(REGEX REPLACE "${_version_regex2}" "\\1" _version_str2 "${_version_str2}") + string(REGEX REPLACE "${_version_regex3}" "\\1" _version_str3 "${_version_str3}") + set(CARES_VERSION "${_version_str1}.${_version_str2}.${_version_str3}") + unset(_version_regex1) + unset(_version_regex2) + unset(_version_regex3) + unset(_version_str1) + unset(_version_str2) + unset(_version_str3) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Cares + REQUIRED_VARS + CARES_INCLUDE_DIR + CARES_LIBRARY + VERSION_VAR + CARES_VERSION + ) + + if(CARES_FOUND) + set(_cares_INCLUDE_DIRS ${CARES_INCLUDE_DIR}) + set(_cares_LIBRARIES ${CARES_LIBRARY}) + endif() + + mark_as_advanced(CARES_INCLUDE_DIR CARES_LIBRARY) +endif() + +if(CARES_FOUND) + if(WIN32) + list(APPEND _cares_LIBRARIES "iphlpapi") # for if_indextoname and others + endif() + + if(NOT TARGET CURL::cares) + add_library(CURL::cares INTERFACE IMPORTED) + set_target_properties(CURL::cares PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_cares_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_cares_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_cares_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_cares_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_cares_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindGSS.cmake b/CMake/FindGSS.cmake index 4e4747d6cc21..9237fb30b192 100644 --- a/CMake/FindGSS.cmake +++ b/CMake/FindGSS.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,293 +18,254 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -# - Try to find the GSS Kerberos library -# Once done this will define +# Find the GSS Kerberos library +# +# Input variables: +# +# - `GSS_ROOT_DIR`: Absolute path to the root installation of GSS. (also supported as environment) # -# GSS_ROOT_DIR - Set this variable to the root installation of GSS +# Defines: # -# Read-Only variables: -# GSS_FOUND - system has the Heimdal library -# GSS_FLAVOUR - "MIT" or "Heimdal" if anything found. -# GSS_INCLUDE_DIR - the Heimdal include directory -# GSS_LIBRARIES - The libraries needed to use GSS -# GSS_LINK_DIRECTORIES - Directories to add to linker search path -# GSS_LINKER_FLAGS - Additional linker flags -# GSS_COMPILER_FLAGS - Additional compiler flags -# GSS_VERSION - This is set to version advertised by pkg-config or read from manifest. -# In case the library is found but no version info available it'll be set to "unknown" +# - `GSS_FOUND`: System has a GSS library. +# - `GSS_VERSION`: This is set to version advertised by pkg-config or read from manifest. +# In case the library is found but no version info available it is set to "unknown" +# - `CURL::gss`: GSS library target. +# - `CURL_GSS_FLAVOUR`: Custom property. "GNU" or "MIT" if detected. -set(_MIT_MODNAME mit-krb5-gssapi) -set(_HEIMDAL_MODNAME heimdal-gssapi) +set(_gnu_modname "gss") +set(_mit_modname "mit-krb5-gssapi") include(CheckIncludeFile) include(CheckIncludeFiles) include(CheckTypeSize) -set(_GSS_ROOT_HINTS - "${GSS_ROOT_DIR}" - "$ENV{GSS_ROOT_DIR}" -) +set(_gss_root_hints "${GSS_ROOT_DIR}" "$ENV{GSS_ROOT_DIR}") + +set(_gss_CFLAGS "") +set(_gss_LIBRARY_DIRS "") -# try to find library using system pkg-config if user didn't specify root dir +# Try to find library using system pkg-config if user did not specify root dir if(NOT GSS_ROOT_DIR AND NOT "$ENV{GSS_ROOT_DIR}") - if(UNIX) + if(CURL_USE_PKGCONFIG) find_package(PkgConfig QUIET) - pkg_search_module(_GSS_PKG ${_MIT_MODNAME} ${_HEIMDAL_MODNAME}) - list(APPEND _GSS_ROOT_HINTS "${_GSS_PKG_PREFIX}") - elseif(WIN32) - list(APPEND _GSS_ROOT_HINTS "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos;InstallDir]") + pkg_search_module(_gss ${_gnu_modname} ${_mit_modname}) + list(APPEND _gss_root_hints "${_gss_PREFIX}") + set(_gss_version "${_gss_VERSION}") + endif() + if(WIN32) + list(APPEND _gss_root_hints "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos;InstallDir]") endif() endif() -if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approach. - find_file(_GSS_CONFIGURE_SCRIPT - NAMES - "krb5-config" - HINTS - ${_GSS_ROOT_HINTS} - PATH_SUFFIXES - bin - NO_CMAKE_PATH - NO_CMAKE_ENVIRONMENT_PATH - ) - - # if not found in user-supplied directories, maybe system knows better - find_file(_GSS_CONFIGURE_SCRIPT - NAMES - "krb5-config" - PATH_SUFFIXES - bin - ) - - if(_GSS_CONFIGURE_SCRIPT) - execute_process( - COMMAND ${_GSS_CONFIGURE_SCRIPT} "--cflags" "gssapi" - OUTPUT_VARIABLE _GSS_CFLAGS - RESULT_VARIABLE _GSS_CONFIGURE_FAILED - OUTPUT_STRIP_TRAILING_WHITESPACE - ) - message(STATUS "CFLAGS: ${_GSS_CFLAGS}") - if(NOT _GSS_CONFIGURE_FAILED) # 0 means success - # should also work in an odd case when multiple directories are given - string(STRIP "${_GSS_CFLAGS}" _GSS_CFLAGS) - string(REGEX REPLACE " +-I" ";" _GSS_CFLAGS "${_GSS_CFLAGS}") - string(REGEX REPLACE " +-([^I][^ \\t;]*)" ";-\\1" _GSS_CFLAGS "${_GSS_CFLAGS}") - - foreach(_flag ${_GSS_CFLAGS}) - if(_flag MATCHES "^-I.*") - string(REGEX REPLACE "^-I" "" _val "${_flag}") - list(APPEND _GSS_INCLUDE_DIR "${_val}") +if(NOT _gss_FOUND) # Not found by pkg-config. Let us take more traditional approach. + find_file(_gss_configure_script NAMES "krb5-config" PATH_SUFFIXES "bin" HINTS ${_gss_root_hints} + NO_CMAKE_PATH NO_CMAKE_ENVIRONMENT_PATH) + # If not found in user-supplied directories, maybe system knows better + find_file(_gss_configure_script NAMES "krb5-config" PATH_SUFFIXES "bin") + + if(_gss_configure_script) + + set(_gss_INCLUDE_DIRS "") + set(_gss_LIBRARIES "") + + execute_process(COMMAND ${_gss_configure_script} "--cflags" "gssapi" + OUTPUT_VARIABLE _gss_cflags_raw + RESULT_VARIABLE _gss_configure_failed + OUTPUT_STRIP_TRAILING_WHITESPACE) + message(STATUS "FindGSS krb5-config --cflags: ${_gss_cflags_raw}") + + if(NOT _gss_configure_failed) # 0 means success + # Should also work in an odd case when multiple directories are given. + string(STRIP "${_gss_cflags_raw}" _gss_cflags_raw) + string(REGEX REPLACE " +-(I)" ";-\\1" _gss_cflags_raw "${_gss_cflags_raw}") + string(REGEX REPLACE " +-([^I][^ \\t;]*)" ";-\\1" _gss_cflags_raw "${_gss_cflags_raw}") + + foreach(_flag IN LISTS _gss_cflags_raw) + if(_flag MATCHES "^-I") + string(REGEX REPLACE "^-I" "" _flag "${_flag}") + list(APPEND _gss_INCLUDE_DIRS "${_flag}") else() - list(APPEND _GSS_COMPILER_FLAGS "${_flag}") + list(APPEND _gss_CFLAGS "${_flag}") endif() endforeach() endif() - execute_process( - COMMAND ${_GSS_CONFIGURE_SCRIPT} "--libs" "gssapi" - OUTPUT_VARIABLE _GSS_LIB_FLAGS - RESULT_VARIABLE _GSS_CONFIGURE_FAILED - OUTPUT_STRIP_TRAILING_WHITESPACE - ) - message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}") - - if(NOT _GSS_CONFIGURE_FAILED) # 0 means success - # this script gives us libraries and link directories. Blah. We have to deal with it. - string(STRIP "${_GSS_LIB_FLAGS}" _GSS_LIB_FLAGS) - string(REGEX REPLACE " +-(L|l)" ";-\\1" _GSS_LIB_FLAGS "${_GSS_LIB_FLAGS}") - string(REGEX REPLACE " +-([^Ll][^ \\t;]*)" ";-\\1" _GSS_LIB_FLAGS "${_GSS_LIB_FLAGS}") - - foreach(_flag ${_GSS_LIB_FLAGS}) - if(_flag MATCHES "^-l.*") - string(REGEX REPLACE "^-l" "" _val "${_flag}") - list(APPEND _GSS_LIBRARIES "${_val}") - elseif(_flag MATCHES "^-L.*") - string(REGEX REPLACE "^-L" "" _val "${_flag}") - list(APPEND _GSS_LINK_DIRECTORIES "${_val}") - else() - list(APPEND _GSS_LINKER_FLAGS "${_flag}") + execute_process(COMMAND ${_gss_configure_script} "--libs" "gssapi" + OUTPUT_VARIABLE _gss_lib_flags + RESULT_VARIABLE _gss_configure_failed + OUTPUT_STRIP_TRAILING_WHITESPACE) + message(STATUS "FindGSS krb5-config --libs: ${_gss_lib_flags}") + + if(NOT _gss_configure_failed) # 0 means success + # This script gives us libraries and link directories. + string(STRIP "${_gss_lib_flags}" _gss_lib_flags) + string(REGEX REPLACE " +-(L|l)" ";-\\1" _gss_lib_flags "${_gss_lib_flags}") + string(REGEX REPLACE " +-([^Ll][^ \\t;]*)" ";-\\1" _gss_lib_flags "${_gss_lib_flags}") + + foreach(_flag IN LISTS _gss_lib_flags) + if(_flag MATCHES "^-l") + string(REGEX REPLACE "^-l" "" _flag "${_flag}") + list(APPEND _gss_LIBRARIES "${_flag}") + elseif(_flag MATCHES "^-L") + string(REGEX REPLACE "^-L" "" _flag "${_flag}") + list(APPEND _gss_LIBRARY_DIRS "${_flag}") endif() endforeach() endif() - execute_process( - COMMAND ${_GSS_CONFIGURE_SCRIPT} "--version" - OUTPUT_VARIABLE _GSS_VERSION - RESULT_VARIABLE _GSS_CONFIGURE_FAILED - OUTPUT_STRIP_TRAILING_WHITESPACE - ) + execute_process(COMMAND ${_gss_configure_script} "--version" + OUTPUT_VARIABLE _gss_version + RESULT_VARIABLE _gss_configure_failed + OUTPUT_STRIP_TRAILING_WHITESPACE) - # older versions may not have the "--version" parameter. In this case we just don't care. - if(_GSS_CONFIGURE_FAILED) - set(_GSS_VERSION 0) + # Older versions may not have the "--version" parameter. In this case we just do not care. + if(_gss_configure_failed) + set(_gss_version 0) + else() + # Strip prefix string to leave the version number only + string(REPLACE "Kerberos 5 release " "" _gss_version "${_gss_version}") endif() - execute_process( - COMMAND ${_GSS_CONFIGURE_SCRIPT} "--vendor" - OUTPUT_VARIABLE _GSS_VENDOR - RESULT_VARIABLE _GSS_CONFIGURE_FAILED - OUTPUT_STRIP_TRAILING_WHITESPACE - ) + execute_process(COMMAND ${_gss_configure_script} "--vendor" + OUTPUT_VARIABLE _gss_vendor + RESULT_VARIABLE _gss_configure_failed + OUTPUT_STRIP_TRAILING_WHITESPACE) - # older versions may not have the "--vendor" parameter. In this case we just don't care. - if(_GSS_CONFIGURE_FAILED) - set(GSS_FLAVOUR "Heimdal") # most probably, shouldn't really matter - else() - if(_GSS_VENDOR MATCHES ".*H|heimdal.*") - set(GSS_FLAVOUR "Heimdal") - else() - set(GSS_FLAVOUR "MIT") - endif() + # Older versions may not have the "--vendor" parameter. In this case we just do not care. + if(NOT _gss_configure_failed AND NOT _gss_vendor MATCHES "Heimdal|heimdal") + set(_gss_flavour "MIT") # assume a default, should not really matter endif() - else() # either there is no config script or we are on a platform that doesn't provide one (Windows?) + else() # Either there is no config script or we are on a platform that does not provide one (Windows?) - find_path(_GSS_INCLUDE_DIR - NAMES - "gssapi/gssapi.h" - HINTS - ${_GSS_ROOT_HINTS} - PATH_SUFFIXES - include - inc - ) + find_path(_gss_INCLUDE_DIRS NAMES "gssapi/gssapi.h" HINTS ${_gss_root_hints} PATH_SUFFIXES "include" "inc") - if(_GSS_INCLUDE_DIR) #jay, we've found something - set(CMAKE_REQUIRED_INCLUDES "${_GSS_INCLUDE_DIR}") - check_include_files( "gssapi/gssapi_generic.h;gssapi/gssapi_krb5.h" _GSS_HAVE_MIT_HEADERS) + if(_gss_INCLUDE_DIRS) # We have found something + set(_gss_libdir_suffixes "") - if(_GSS_HAVE_MIT_HEADERS) - set(GSS_FLAVOUR "MIT") - else() - # prevent compiling the header - just check if we can include it - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D__ROKEN_H__") - check_include_file( "roken.h" _GSS_HAVE_ROKEN_H) + cmake_push_check_state() + list(APPEND CMAKE_REQUIRED_INCLUDES "${_gss_INCLUDE_DIRS}") + check_include_files("gssapi/gssapi_generic.h;gssapi/gssapi_krb5.h" _gss_have_mit_headers) + cmake_pop_check_state() - check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H) - if(_GSS_HAVE_ROKEN_H OR _GSS_HAVE_HEIMDAL_ROKEN_H) - set(GSS_FLAVOUR "Heimdal") + if(_gss_have_mit_headers) + set(_gss_flavour "MIT") + if(WIN32) + if(CMAKE_SIZEOF_VOID_P EQUAL 8) + list(APPEND _gss_libdir_suffixes "lib/AMD64") + set(_gss_libname "gssapi64") + else() + list(APPEND _gss_libdir_suffixes "lib/i386") + set(_gss_libname "gssapi32") + endif() + else() + list(APPEND _gss_libdir_suffixes "lib" "lib64") # those suffixes are not checked for HINTS + set(_gss_libname "gssapi_krb5") endif() - set(CMAKE_REQUIRED_DEFINITIONS "") endif() else() - # I'm not convinced if this is the right way but this is what autotools do at the moment - find_path(_GSS_INCLUDE_DIR - NAMES - "gssapi.h" - HINTS - ${_GSS_ROOT_HINTS} - PATH_SUFFIXES - include - inc - ) + find_path(_gss_INCLUDE_DIRS NAMES "gss.h" HINTS ${_gss_root_hints} PATH_SUFFIXES "include") - if(_GSS_INCLUDE_DIR) - set(GSS_FLAVOUR "Heimdal") + if(_gss_INCLUDE_DIRS) + set(_gss_flavour "GNU") + set(_gss_pc_requires ${_gnu_modname}) + set(_gss_libname "gss") endif() endif() - # if we have headers, check if we can link libraries - if(GSS_FLAVOUR) - set(_GSS_LIBDIR_SUFFIXES "") - set(_GSS_LIBDIR_HINTS ${_GSS_ROOT_HINTS}) - get_filename_component(_GSS_CALCULATED_POTENTIAL_ROOT "${_GSS_INCLUDE_DIR}" PATH) - list(APPEND _GSS_LIBDIR_HINTS ${_GSS_CALCULATED_POTENTIAL_ROOT}) - - if(WIN32) - if(CMAKE_SIZEOF_VOID_P EQUAL 8) - list(APPEND _GSS_LIBDIR_SUFFIXES "lib/AMD64") - if(GSS_FLAVOUR STREQUAL "MIT") - set(_GSS_LIBNAME "gssapi64") - else() - set(_GSS_LIBNAME "libgssapi") - endif() - else() - list(APPEND _GSS_LIBDIR_SUFFIXES "lib/i386") - if(GSS_FLAVOUR STREQUAL "MIT") - set(_GSS_LIBNAME "gssapi32") - else() - set(_GSS_LIBNAME "libgssapi") - endif() - endif() + # If we have headers, look up libraries + if(_gss_flavour) + set(_gss_libdir_hints ${_gss_root_hints}) + if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.20) + cmake_path(GET _gss_INCLUDE_DIRS PARENT_PATH _gss_calculated_potential_root) else() - list(APPEND _GSS_LIBDIR_SUFFIXES "lib;lib64") # those suffixes are not checked for HINTS - if(GSS_FLAVOUR STREQUAL "MIT") - set(_GSS_LIBNAME "gssapi_krb5") - else() - set(_GSS_LIBNAME "gssapi") - endif() + get_filename_component(_gss_calculated_potential_root "${_gss_INCLUDE_DIRS}" DIRECTORY) endif() + list(APPEND _gss_libdir_hints ${_gss_calculated_potential_root}) - find_library(_GSS_LIBRARIES - NAMES - ${_GSS_LIBNAME} - HINTS - ${_GSS_LIBDIR_HINTS} - PATH_SUFFIXES - ${_GSS_LIBDIR_SUFFIXES} - ) - + find_library(_gss_LIBRARIES NAMES ${_gss_libname} HINTS ${_gss_libdir_hints} PATH_SUFFIXES ${_gss_libdir_suffixes}) endif() endif() + if(NOT _gss_flavour) + message(FATAL_ERROR "GNU or MIT GSS is required") + endif() else() - if(_GSS_PKG_${_MIT_MODNAME}_VERSION) - set(GSS_FLAVOUR "MIT") - set(_GSS_VERSION _GSS_PKG_${_MIT_MODNAME}_VERSION) + # _gss_MODULE_NAME set since CMake 3.16. + # _pkg_check_modules_pkg_name is undocumented and used as a fallback for CMake <3.16 versions. + if(_gss_MODULE_NAME STREQUAL _gnu_modname OR _pkg_check_modules_pkg_name STREQUAL _gnu_modname) + set(_gss_flavour "GNU") + set(_gss_pc_requires ${_gnu_modname}) + elseif(_gss_MODULE_NAME STREQUAL _mit_modname OR _pkg_check_modules_pkg_name STREQUAL _mit_modname) + set(_gss_flavour "MIT") + set(_gss_pc_requires ${_mit_modname}) else() - set(GSS_FLAVOUR "Heimdal") - set(_GSS_VERSION _GSS_PKG_${_MIT_HEIMDAL}_VERSION) + message(FATAL_ERROR "GNU or MIT GSS is required") endif() + message(STATUS "Found GSS/${_gss_flavour} (via pkg-config): ${_gss_INCLUDE_DIRS} (found version \"${_gss_version}\")") endif() -set(GSS_INCLUDE_DIR ${_GSS_INCLUDE_DIR}) -set(GSS_LIBRARIES ${_GSS_LIBRARIES}) -set(GSS_LINK_DIRECTORIES ${_GSS_LINK_DIRECTORIES}) -set(GSS_LINKER_FLAGS ${_GSS_LINKER_FLAGS}) -set(GSS_COMPILER_FLAGS ${_GSS_COMPILER_FLAGS}) -set(GSS_VERSION ${_GSS_VERSION}) +set(GSS_VERSION ${_gss_version}) -if(GSS_FLAVOUR) - if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "Heimdal") - if(CMAKE_SIZEOF_VOID_P EQUAL 8) - set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.amd64.manifest") +if(NOT GSS_VERSION) + if(_gss_flavour STREQUAL "MIT") + if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.24) + cmake_host_system_information(RESULT _mit_version QUERY WINDOWS_REGISTRY + "HKLM/SOFTWARE/MIT/Kerberos/SDK/CurrentVersion" VALUE "VersionString") else() - set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.x86.manifest") + get_filename_component(_mit_version + "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos\\SDK\\CurrentVersion;VersionString]" NAME CACHE) endif() - - if(EXISTS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}") - file(STRINGS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}" heimdal_version_str - REGEX "^.*version=\"[0-9]\\.[^\"]+\".*$") - - string(REGEX MATCH "[0-9]\\.[^\"]+" - GSS_VERSION "${heimdal_version_str}") - endif() - - if(NOT GSS_VERSION) - set(GSS_VERSION "Heimdal Unknown") - endif() - elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT") - get_filename_component(_MIT_VERSION "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos\\SDK\\CurrentVersion;VersionString]" NAME CACHE) - if(WIN32 AND _MIT_VERSION) - set(GSS_VERSION "${_MIT_VERSION}") + if(WIN32 AND _mit_version) + set(GSS_VERSION "${_mit_version}") else() set(GSS_VERSION "MIT Unknown") endif() + else() # GNU + if(_gss_INCLUDE_DIRS AND EXISTS "${_gss_INCLUDE_DIRS}/gss.h") + set(_version_regex "#[\t ]*define[\t ]+GSS_VERSION[\t ]+\"([^\"]*)\"") + file(STRINGS "${_gss_INCLUDE_DIRS}/gss.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(GSS_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() endif() endif() include(FindPackageHandleStandardArgs) - -set(_GSS_REQUIRED_VARS GSS_LIBRARIES GSS_FLAVOUR) - find_package_handle_standard_args(GSS - REQUIRED_VARS - ${_GSS_REQUIRED_VARS} - VERSION_VAR - GSS_VERSION - FAIL_MESSAGE - "Could NOT find GSS, try to set the path to GSS root folder in the system variable GSS_ROOT_DIR" + REQUIRED_VARS + _gss_flavour + _gss_LIBRARIES + VERSION_VAR + GSS_VERSION + FAIL_MESSAGE + "Could NOT find GSS, try to set the absolute path to GSS installation root directory in the environment variable GSS_ROOT_DIR" +) + +mark_as_advanced( + _gss_CFLAGS + _gss_FOUND + _gss_INCLUDE_DIRS + _gss_LIBRARIES + _gss_LIBRARY_DIRS + _gss_MODULE_NAME + _gss_PREFIX + _gss_version ) -mark_as_advanced(GSS_INCLUDE_DIR GSS_LIBRARIES) +if(GSS_FOUND) + if(NOT TARGET CURL::gss) + add_library(CURL::gss INTERFACE IMPORTED) + set_target_properties(CURL::gss PROPERTIES + INTERFACE_CURL_GSS_FLAVOUR "${_gss_flavour}" + INTERFACE_LIBCURL_PC_MODULES "${_gss_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_gss_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_gss_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_gss_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_gss_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindGnuTLS.cmake b/CMake/FindGnuTLS.cmake new file mode 100644 index 000000000000..7f5b227dc2e6 --- /dev/null +++ b/CMake/FindGnuTLS.cmake @@ -0,0 +1,92 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the GnuTLS library +# +# Input variables: +# +# - `GNUTLS_INCLUDE_DIR`: Absolute path to GnuTLS include directory. +# - `GNUTLS_LIBRARY`: Absolute path to `gnutls` library. +# +# Defines: +# +# - `GNUTLS_FOUND`: System has GnuTLS. +# - `GNUTLS_VERSION`: Version of GnuTLS. +# - `CURL::gnutls`: GnuTLS library target. + +set(_gnutls_pc_requires "gnutls") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED GNUTLS_INCLUDE_DIR AND + NOT DEFINED GNUTLS_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_gnutls ${_gnutls_pc_requires}) +endif() + +if(_gnutls_FOUND) + set(GnuTLS_FOUND TRUE) + set(GNUTLS_FOUND TRUE) + set(GNUTLS_VERSION ${_gnutls_VERSION}) + message(STATUS "Found GnuTLS (via pkg-config): ${_gnutls_INCLUDE_DIRS} (found version \"${GNUTLS_VERSION}\")") +else() + find_path(GNUTLS_INCLUDE_DIR NAMES "gnutls/gnutls.h") + find_library(GNUTLS_LIBRARY NAMES "gnutls" "libgnutls") + + unset(GNUTLS_VERSION CACHE) + if(GNUTLS_INCLUDE_DIR AND EXISTS "${GNUTLS_INCLUDE_DIR}/gnutls/gnutls.h") + set(_version_regex "#[\t ]*define[\t ]+GNUTLS_VERSION[\t ]+\"([^\"]*)\"") + file(STRINGS "${GNUTLS_INCLUDE_DIR}/gnutls/gnutls.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(GNUTLS_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(GnuTLS + REQUIRED_VARS + GNUTLS_INCLUDE_DIR + GNUTLS_LIBRARY + VERSION_VAR + GNUTLS_VERSION + ) + + if(GNUTLS_FOUND) + set(_gnutls_INCLUDE_DIRS ${GNUTLS_INCLUDE_DIR}) + set(_gnutls_LIBRARIES ${GNUTLS_LIBRARY}) + endif() + + mark_as_advanced(GNUTLS_INCLUDE_DIR GNUTLS_LIBRARY) +endif() + +if(GNUTLS_FOUND) + if(NOT TARGET CURL::gnutls) + add_library(CURL::gnutls INTERFACE IMPORTED) + set_target_properties(CURL::gnutls PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_gnutls_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_gnutls_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_gnutls_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_gnutls_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_gnutls_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindLDAP.cmake b/CMake/FindLDAP.cmake new file mode 100644 index 000000000000..8902b23f8dd4 --- /dev/null +++ b/CMake/FindLDAP.cmake @@ -0,0 +1,115 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the ldap library +# +# Input variables: +# +# - `LDAP_INCLUDE_DIR`: Absolute path to ldap include directory. +# - `LDAP_LIBRARY`: Absolute path to `ldap` library. +# - `LDAP_LBER_LIBRARY`: Absolute path to `lber` library. +# +# Defines: +# +# - `LDAP_FOUND`: System has ldap. +# - `LDAP_VERSION`: Version of ldap. +# - `CURL::ldap`: ldap library target. + +set(_ldap_pc_requires "ldap" "lber") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED LDAP_INCLUDE_DIR AND + NOT DEFINED LDAP_LIBRARY AND + NOT DEFINED LDAP_LBER_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_ldap ${_ldap_pc_requires}) +endif() + +if(_ldap_FOUND) + set(LDAP_FOUND TRUE) + set(LDAP_VERSION ${_ldap_ldap_VERSION}) + message(STATUS "Found LDAP (via pkg-config): ${_ldap_INCLUDE_DIRS} (found version \"${LDAP_VERSION}\")") +else() + set(_ldap_pc_requires "") # Depend on pkg-config only when found via pkg-config + + # On Apple the SDK LDAP gets picked up from + # 'MacOSX.sdk/System/Library/Frameworks/LDAP.framework/Headers', which contains + # ldap.h and lber.h both being stubs to include and . + # This causes an infinite inclusion loop in compile. Also do this for libraries + # to avoid picking up the 'ldap.framework' with a full path. + set(_save_cmake_system_framework_path ${CMAKE_SYSTEM_FRAMEWORK_PATH}) + set(CMAKE_SYSTEM_FRAMEWORK_PATH "") + find_path(LDAP_INCLUDE_DIR NAMES "ldap.h") + find_library(LDAP_LIBRARY NAMES "ldap") + find_library(LDAP_LBER_LIBRARY NAMES "lber") + set(CMAKE_SYSTEM_FRAMEWORK_PATH ${_save_cmake_system_framework_path}) + + unset(LDAP_VERSION CACHE) + if(LDAP_INCLUDE_DIR AND EXISTS "${LDAP_INCLUDE_DIR}/ldap_features.h") + set(_version_regex1 "#[\t ]*define[\t ]+LDAP_VENDOR_VERSION_MAJOR[\t ]+([0-9]+).*") + set(_version_regex2 "#[\t ]*define[\t ]+LDAP_VENDOR_VERSION_MINOR[\t ]+([0-9]+).*") + set(_version_regex3 "#[\t ]*define[\t ]+LDAP_VENDOR_VERSION_PATCH[\t ]+([0-9]+).*") + file(STRINGS "${LDAP_INCLUDE_DIR}/ldap_features.h" _version_str1 REGEX "${_version_regex1}") + file(STRINGS "${LDAP_INCLUDE_DIR}/ldap_features.h" _version_str2 REGEX "${_version_regex2}") + file(STRINGS "${LDAP_INCLUDE_DIR}/ldap_features.h" _version_str3 REGEX "${_version_regex3}") + string(REGEX REPLACE "${_version_regex1}" "\\1" _version_str1 "${_version_str1}") + string(REGEX REPLACE "${_version_regex2}" "\\1" _version_str2 "${_version_str2}") + string(REGEX REPLACE "${_version_regex3}" "\\1" _version_str3 "${_version_str3}") + set(LDAP_VERSION "${_version_str1}.${_version_str2}.${_version_str3}") + unset(_version_regex1) + unset(_version_regex2) + unset(_version_regex3) + unset(_version_str1) + unset(_version_str2) + unset(_version_str3) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(LDAP + REQUIRED_VARS + LDAP_INCLUDE_DIR + LDAP_LIBRARY + LDAP_LBER_LIBRARY + VERSION_VAR + LDAP_VERSION + ) + + if(LDAP_FOUND) + set(_ldap_INCLUDE_DIRS ${LDAP_INCLUDE_DIR}) + set(_ldap_LIBRARIES ${LDAP_LIBRARY} ${LDAP_LBER_LIBRARY}) + endif() + + mark_as_advanced(LDAP_INCLUDE_DIR LDAP_LIBRARY LDAP_LBER_LIBRARY) +endif() + +if(LDAP_FOUND) + if(NOT TARGET CURL::ldap) + add_library(CURL::ldap INTERFACE IMPORTED) + set_target_properties(CURL::ldap PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_ldap_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_ldap_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_ldap_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_ldap_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_ldap_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindLibSSH2.cmake b/CMake/FindLibSSH2.cmake deleted file mode 100644 index ce46a408bf57..000000000000 --- a/CMake/FindLibSSH2.cmake +++ /dev/null @@ -1,43 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -# - Try to find the libssh2 library -# Once done this will define -# -# LIBSSH2_FOUND - system has the libssh2 library -# LIBSSH2_INCLUDE_DIR - the libssh2 include directory -# LIBSSH2_LIBRARY - the libssh2 library name - -find_path(LIBSSH2_INCLUDE_DIR libssh2.h) - -find_library(LIBSSH2_LIBRARY NAMES ssh2 libssh2) - -if(LIBSSH2_INCLUDE_DIR) - file(STRINGS "${LIBSSH2_INCLUDE_DIR}/libssh2.h" libssh2_version_str REGEX "^#define[\t ]+LIBSSH2_VERSION[\t ]+\"(.*)\"") - string(REGEX REPLACE "^.*\"([^\"]+)\"" "\\1" LIBSSH2_VERSION "${libssh2_version_str}") -endif() - -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(LibSSH2 - REQUIRED_VARS LIBSSH2_LIBRARY LIBSSH2_INCLUDE_DIR - VERSION_VAR LIBSSH2_VERSION) - -mark_as_advanced(LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY) diff --git a/CMake/FindLibbacktrace.cmake b/CMake/FindLibbacktrace.cmake new file mode 100644 index 000000000000..59da7fdf19b7 --- /dev/null +++ b/CMake/FindLibbacktrace.cmake @@ -0,0 +1,61 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the libbacktrace library +# +# Input variables: +# +# - `LIBBACKTRACE_INCLUDE_DIR`: Absolute path to libbacktrace include directory. +# - `LIBBACKTRACE_LIBRARY`: Absolute path to `libbacktrace` library. +# +# Defines: +# +# - `LIBBACKTRACE_FOUND`: System has libbacktrace. +# - `CURL::libbacktrace`: libbacktrace library target. + +find_path(LIBBACKTRACE_INCLUDE_DIR NAMES "backtrace.h") +find_library(LIBBACKTRACE_LIBRARY NAMES "backtrace" "libbacktrace") + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(Libbacktrace + REQUIRED_VARS + LIBBACKTRACE_INCLUDE_DIR + LIBBACKTRACE_LIBRARY +) + +if(LIBBACKTRACE_FOUND) + set(_libbacktrace_INCLUDE_DIRS ${LIBBACKTRACE_INCLUDE_DIR}) + set(_libbacktrace_LIBRARIES ${LIBBACKTRACE_LIBRARY}) + + if(NOT TARGET CURL::libbacktrace) + add_library(CURL::libbacktrace INTERFACE IMPORTED) + set_target_properties(CURL::libbacktrace PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_libbacktrace_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_libbacktrace_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_libbacktrace_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_libbacktrace_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_libbacktrace_LIBRARIES}") + endif() +endif() + +mark_as_advanced(LIBBACKTRACE_INCLUDE_DIR LIBBACKTRACE_LIBRARY) diff --git a/CMake/FindLibgsasl.cmake b/CMake/FindLibgsasl.cmake new file mode 100644 index 000000000000..7fbaa7128f9f --- /dev/null +++ b/CMake/FindLibgsasl.cmake @@ -0,0 +1,91 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the libgsasl library +# +# Input variables: +# +# - `LIBGSASL_INCLUDE_DIR`: Absolute path to libgsasl include directory. +# - `LIBGSASL_LIBRARY`: Absolute path to `libgsasl` library. +# +# Defines: +# +# - `LIBGSASL_FOUND`: System has libgsasl. +# - `LIBGSASL_VERSION`: Version of libgsasl. +# - `CURL::libgsasl`: libgsasl library target. + +set(_libgsasl_pc_requires "libgsasl") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED LIBGSASL_INCLUDE_DIR AND + NOT DEFINED LIBGSASL_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_libgsasl ${_libgsasl_pc_requires}) +endif() + +if(_libgsasl_FOUND) + set(Libgsasl_FOUND TRUE) + set(LIBGSASL_FOUND TRUE) + message(STATUS "Found Libgsasl (via pkg-config): ${_libgsasl_INCLUDE_DIRS} (found version \"${LIBGSASL_VERSION}\")") +else() + find_path(LIBGSASL_INCLUDE_DIR NAMES "gsasl.h") + find_library(LIBGSASL_LIBRARY NAMES "gsasl" "libgsasl") + + unset(LIBGSASL_VERSION CACHE) + if(LIBGSASL_INCLUDE_DIR AND EXISTS "${LIBGSASL_INCLUDE_DIR}/gsasl-version.h") + set(_version_regex "#[\t ]*define[\t ]+GSASL_VERSION[\t ]+\"([^\"]*)\"") + file(STRINGS "${LIBGSASL_INCLUDE_DIR}/gsasl-version.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(LIBGSASL_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Libgsasl + REQUIRED_VARS + LIBGSASL_INCLUDE_DIR + LIBGSASL_LIBRARY + VERSION_VAR + LIBGSASL_VERSION + ) + + if(LIBGSASL_FOUND) + set(_libgsasl_INCLUDE_DIRS ${LIBGSASL_INCLUDE_DIR}) + set(_libgsasl_LIBRARIES ${LIBGSASL_LIBRARY}) + endif() + + mark_as_advanced(LIBGSASL_INCLUDE_DIR LIBGSASL_LIBRARY) +endif() + +if(LIBGSASL_FOUND) + if(NOT TARGET CURL::libgsasl) + add_library(CURL::libgsasl INTERFACE IMPORTED) + set_target_properties(CURL::libgsasl PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_libgsasl_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_libgsasl_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_libgsasl_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_libgsasl_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_libgsasl_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindLibidn2.cmake b/CMake/FindLibidn2.cmake new file mode 100644 index 000000000000..dc7873489a8f --- /dev/null +++ b/CMake/FindLibidn2.cmake @@ -0,0 +1,92 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the libidn2 library +# +# Input variables: +# +# - `LIBIDN2_INCLUDE_DIR`: Absolute path to libidn2 include directory. +# - `LIBIDN2_LIBRARY`: Absolute path to `libidn2` library. +# +# Defines: +# +# - `LIBIDN2_FOUND`: System has libidn2. +# - `LIBIDN2_VERSION`: Version of libidn2. +# - `CURL::libidn2`: libidn2 library target. + +set(_libidn2_pc_requires "libidn2") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED LIBIDN2_INCLUDE_DIR AND + NOT DEFINED LIBIDN2_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_libidn2 ${_libidn2_pc_requires}) +endif() + +if(_libidn2_FOUND) + set(Libidn2_FOUND TRUE) + set(LIBIDN2_FOUND TRUE) + set(LIBIDN2_VERSION ${_libidn2_VERSION}) + message(STATUS "Found Libidn2 (via pkg-config): ${_libidn2_INCLUDE_DIRS} (found version \"${LIBIDN2_VERSION}\")") +else() + find_path(LIBIDN2_INCLUDE_DIR NAMES "idn2.h") + find_library(LIBIDN2_LIBRARY NAMES "idn2" "libidn2") + + unset(LIBIDN2_VERSION CACHE) + if(LIBIDN2_INCLUDE_DIR AND EXISTS "${LIBIDN2_INCLUDE_DIR}/idn2.h") + set(_version_regex "#[\t ]*define[\t ]+IDN2_VERSION[\t ]+\"([^\"]*)\"") + file(STRINGS "${LIBIDN2_INCLUDE_DIR}/idn2.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(LIBIDN2_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Libidn2 + REQUIRED_VARS + LIBIDN2_INCLUDE_DIR + LIBIDN2_LIBRARY + VERSION_VAR + LIBIDN2_VERSION + ) + + if(LIBIDN2_FOUND) + set(_libidn2_INCLUDE_DIRS ${LIBIDN2_INCLUDE_DIR}) + set(_libidn2_LIBRARIES ${LIBIDN2_LIBRARY}) + endif() + + mark_as_advanced(LIBIDN2_INCLUDE_DIR LIBIDN2_LIBRARY) +endif() + +if(LIBIDN2_FOUND) + if(NOT TARGET CURL::libidn2) + add_library(CURL::libidn2 INTERFACE IMPORTED) + set_target_properties(CURL::libidn2 PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_libidn2_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_libidn2_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_libidn2_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_libidn2_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_libidn2_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindLibpsl.cmake b/CMake/FindLibpsl.cmake new file mode 100644 index 000000000000..2287e676d3d7 --- /dev/null +++ b/CMake/FindLibpsl.cmake @@ -0,0 +1,92 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the libpsl library +# +# Input variables: +# +# - `LIBPSL_INCLUDE_DIR`: Absolute path to libpsl include directory. +# - `LIBPSL_LIBRARY`: Absolute path to `libpsl` library. +# +# Defines: +# +# - `LIBPSL_FOUND`: System has libpsl. +# - `LIBPSL_VERSION`: Version of libpsl. +# - `CURL::libpsl`: libpsl library target. + +set(_libpsl_pc_requires "libpsl") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED LIBPSL_INCLUDE_DIR AND + NOT DEFINED LIBPSL_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_libpsl ${_libpsl_pc_requires}) +endif() + +if(_libpsl_FOUND AND _libpsl_INCLUDE_DIRS) + set(Libpsl_FOUND TRUE) + set(LIBPSL_FOUND TRUE) + set(LIBPSL_VERSION ${_libpsl_VERSION}) + message(STATUS "Found Libpsl (via pkg-config): ${_libpsl_INCLUDE_DIRS} (found version \"${LIBPSL_VERSION}\")") +else() + find_path(LIBPSL_INCLUDE_DIR NAMES "libpsl.h") + find_library(LIBPSL_LIBRARY NAMES "psl" "libpsl") + + unset(LIBPSL_VERSION CACHE) + if(LIBPSL_INCLUDE_DIR AND EXISTS "${LIBPSL_INCLUDE_DIR}/libpsl.h") + set(_version_regex "#[\t ]*define[\t ]+PSL_VERSION[\t ]+\"([^\"]*)\"") + file(STRINGS "${LIBPSL_INCLUDE_DIR}/libpsl.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(LIBPSL_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Libpsl + REQUIRED_VARS + LIBPSL_INCLUDE_DIR + LIBPSL_LIBRARY + VERSION_VAR + LIBPSL_VERSION + ) + + if(LIBPSL_FOUND) + set(_libpsl_INCLUDE_DIRS ${LIBPSL_INCLUDE_DIR}) + set(_libpsl_LIBRARIES ${LIBPSL_LIBRARY}) + endif() + + mark_as_advanced(LIBPSL_INCLUDE_DIR LIBPSL_LIBRARY) +endif() + +if(LIBPSL_FOUND) + if(NOT TARGET CURL::libpsl) + add_library(CURL::libpsl INTERFACE IMPORTED) + set_target_properties(CURL::libpsl PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_libpsl_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_libpsl_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_libpsl_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_libpsl_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_libpsl_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindLibssh.cmake b/CMake/FindLibssh.cmake new file mode 100644 index 000000000000..3837d4de624f --- /dev/null +++ b/CMake/FindLibssh.cmake @@ -0,0 +1,118 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the libssh library +# +# Input variables: +# +# - `LIBSSH_INCLUDE_DIR`: Absolute path to libssh include directory. +# - `LIBSSH_LIBRARY`: Absolute path to `libssh` library. +# - `LIBSSH_USE_STATIC_LIBS`: Configure for static libssh libraries. +# +# Defines: +# +# - `LIBSSH_FOUND`: System has libssh. +# - `LIBSSH_VERSION`: Version of libssh. +# - `CURL::libssh`: libssh library target. + +set(_libssh_pc_requires "libssh") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED LIBSSH_INCLUDE_DIR AND + NOT DEFINED LIBSSH_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_libssh ${_libssh_pc_requires}) +endif() + +if(_libssh_FOUND) + set(Libssh_FOUND TRUE) + set(LIBSSH_FOUND TRUE) + set(LIBSSH_VERSION ${_libssh_VERSION}) + if(LIBSSH_USE_STATIC_LIBS) + set(_libssh_CFLAGS "${_libssh_STATIC_CFLAGS}") + set(_libssh_INCLUDE_DIRS "${_libssh_STATIC_INCLUDE_DIRS}") + set(_libssh_LIBRARY_DIRS "${_libssh_STATIC_LIBRARY_DIRS}") + set(_libssh_LIBRARIES "${_libssh_STATIC_LIBRARIES}") + endif() + message(STATUS "Found Libssh (via pkg-config): ${_libssh_INCLUDE_DIRS} (found version \"${LIBSSH_VERSION}\")") +else() + find_path(LIBSSH_INCLUDE_DIR NAMES "libssh/libssh.h") + if(LIBSSH_USE_STATIC_LIBS) + set(_libssh_CFLAGS "-DLIBSSH_STATIC") + find_library(LIBSSH_LIBRARY NAMES "ssh_static" "libssh_static" "ssh" "libssh") + else() + find_library(LIBSSH_LIBRARY NAMES "ssh" "libssh") + endif() + + unset(LIBSSH_VERSION CACHE) + if(LIBSSH_INCLUDE_DIR AND EXISTS "${LIBSSH_INCLUDE_DIR}/libssh/libssh_version.h") + set(_version_regex1 "#[\t ]*define[\t ]+LIBSSH_VERSION_MAJOR[\t ]+([0-9]+).*") + set(_version_regex2 "#[\t ]*define[\t ]+LIBSSH_VERSION_MINOR[\t ]+([0-9]+).*") + set(_version_regex3 "#[\t ]*define[\t ]+LIBSSH_VERSION_MICRO[\t ]+([0-9]+).*") + file(STRINGS "${LIBSSH_INCLUDE_DIR}/libssh/libssh_version.h" _version_str1 REGEX "${_version_regex1}") + file(STRINGS "${LIBSSH_INCLUDE_DIR}/libssh/libssh_version.h" _version_str2 REGEX "${_version_regex2}") + file(STRINGS "${LIBSSH_INCLUDE_DIR}/libssh/libssh_version.h" _version_str3 REGEX "${_version_regex3}") + string(REGEX REPLACE "${_version_regex1}" "\\1" _version_str1 "${_version_str1}") + string(REGEX REPLACE "${_version_regex2}" "\\1" _version_str2 "${_version_str2}") + string(REGEX REPLACE "${_version_regex3}" "\\1" _version_str3 "${_version_str3}") + set(LIBSSH_VERSION "${_version_str1}.${_version_str2}.${_version_str3}") + unset(_version_regex1) + unset(_version_regex2) + unset(_version_regex3) + unset(_version_str1) + unset(_version_str2) + unset(_version_str3) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Libssh + REQUIRED_VARS + LIBSSH_INCLUDE_DIR + LIBSSH_LIBRARY + VERSION_VAR + LIBSSH_VERSION + ) + + if(LIBSSH_FOUND) + set(_libssh_INCLUDE_DIRS ${LIBSSH_INCLUDE_DIR}) + set(_libssh_LIBRARIES ${LIBSSH_LIBRARY}) + endif() + + mark_as_advanced(LIBSSH_INCLUDE_DIR LIBSSH_LIBRARY) +endif() + +if(LIBSSH_FOUND) + if(WIN32) + list(APPEND _libssh_LIBRARIES "iphlpapi") # for if_nametoindex + endif() + + if(NOT TARGET CURL::libssh) + add_library(CURL::libssh INTERFACE IMPORTED) + set_target_properties(CURL::libssh PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_libssh_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_libssh_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_libssh_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_libssh_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_libssh_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindLibssh2.cmake b/CMake/FindLibssh2.cmake new file mode 100644 index 000000000000..22481d67ae8e --- /dev/null +++ b/CMake/FindLibssh2.cmake @@ -0,0 +1,117 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the libssh2 library +# +# Input variables: +# +# - `LIBSSH2_INCLUDE_DIR`: Absolute path to libssh2 include directory. +# - `LIBSSH2_LIBRARY`: Absolute path to `libssh2` library. +# - `LIBSSH2_USE_STATIC_LIBS`: Configure for static libssh2 libraries. +# +# Defines: +# +# - `LIBSSH2_FOUND`: System has libssh2. +# - `LIBSSH2_VERSION`: Version of libssh2. +# - `CURL::libssh2`: libssh2 library target. + +set(_libssh2_pc_requires "libssh2") + +if(NOT DEFINED LIBSSH2_INCLUDE_DIR AND + NOT DEFINED LIBSSH2_LIBRARY) + if(CURL_USE_PKGCONFIG) + find_package(PkgConfig QUIET) + pkg_check_modules(_libssh2 ${_libssh2_pc_requires}) + endif() + if(NOT _libssh2_FOUND AND CURL_USE_CMAKECONFIG) + find_package(libssh2 CONFIG QUIET) + endif() +endif() + +if(_libssh2_FOUND AND _libssh2_INCLUDE_DIRS) + set(Libssh2_FOUND TRUE) + set(LIBSSH2_FOUND TRUE) + set(LIBSSH2_VERSION ${_libssh2_VERSION}) + if(LIBSSH2_USE_STATIC_LIBS) + set(_libssh2_CFLAGS "${_libssh2_STATIC_CFLAGS}") + set(_libssh2_INCLUDE_DIRS "${_libssh2_STATIC_INCLUDE_DIRS}") + set(_libssh2_LIBRARY_DIRS "${_libssh2_STATIC_LIBRARY_DIRS}") + set(_libssh2_LIBRARIES "${_libssh2_STATIC_LIBRARIES}") + endif() + message(STATUS "Found Libssh2 (via pkg-config): ${_libssh2_INCLUDE_DIRS} (found version \"${LIBSSH2_VERSION}\")") +elseif(libssh2_CONFIG) + set(Libssh2_FOUND TRUE) + set(LIBSSH2_FOUND TRUE) + set(LIBSSH2_VERSION ${libssh2_VERSION}) + if(LIBSSH2_USE_STATIC_LIBS) + set(_libssh2_LIBRARIES libssh2::libssh2_static) + else() + set(_libssh2_LIBRARIES libssh2::libssh2) + endif() + message(STATUS "Found Libssh2 (via CMake Config): ${libssh2_CONFIG} (found version \"${LIBSSH2_VERSION}\")") +else() + find_path(LIBSSH2_INCLUDE_DIR NAMES "libssh2.h") + if(LIBSSH2_USE_STATIC_LIBS) + find_library(LIBSSH2_LIBRARY NAMES "ssh2_static" "libssh2_static" "ssh2" "libssh2") + else() + find_library(LIBSSH2_LIBRARY NAMES "ssh2" "libssh2") + endif() + + unset(LIBSSH2_VERSION CACHE) + if(LIBSSH2_INCLUDE_DIR AND EXISTS "${LIBSSH2_INCLUDE_DIR}/libssh2.h") + set(_version_regex "#[\t ]*define[\t ]+LIBSSH2_VERSION[\t ]+\"([^\"]*)\"") + file(STRINGS "${LIBSSH2_INCLUDE_DIR}/libssh2.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(LIBSSH2_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Libssh2 + REQUIRED_VARS + LIBSSH2_INCLUDE_DIR + LIBSSH2_LIBRARY + VERSION_VAR + LIBSSH2_VERSION + ) + + if(LIBSSH2_FOUND) + set(_libssh2_INCLUDE_DIRS ${LIBSSH2_INCLUDE_DIR}) + set(_libssh2_LIBRARIES ${LIBSSH2_LIBRARY}) + endif() + + mark_as_advanced(LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY) +endif() + +if(LIBSSH2_FOUND) + if(NOT TARGET CURL::libssh2) + add_library(CURL::libssh2 INTERFACE IMPORTED) + set_target_properties(CURL::libssh2 PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_libssh2_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_libssh2_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_libssh2_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_libssh2_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_libssh2_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindLibuv.cmake b/CMake/FindLibuv.cmake new file mode 100644 index 000000000000..47d043cff646 --- /dev/null +++ b/CMake/FindLibuv.cmake @@ -0,0 +1,102 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the libuv library +# +# Input variables: +# +# - `LIBUV_INCLUDE_DIR`: Absolute path to libuv include directory. +# - `LIBUV_LIBRARY`: Absolute path to `libuv` library. +# +# Defines: +# +# - `LIBUV_FOUND`: System has libuv. +# - `LIBUV_VERSION`: Version of libuv. +# - `CURL::libuv`: libuv library target. + +set(_libuv_pc_requires "libuv") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED LIBUV_INCLUDE_DIR AND + NOT DEFINED LIBUV_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_libuv ${_libuv_pc_requires}) +endif() + +if(_libuv_FOUND) + set(Libuv_FOUND TRUE) + set(LIBUV_FOUND TRUE) + set(LIBUV_VERSION ${_libuv_VERSION}) + message(STATUS "Found Libuv (via pkg-config): ${_libuv_INCLUDE_DIRS} (found version \"${LIBUV_VERSION}\")") +else() + find_path(LIBUV_INCLUDE_DIR NAMES "uv.h") + find_library(LIBUV_LIBRARY NAMES "uv" "libuv") + + unset(LIBUV_VERSION CACHE) + if(LIBUV_INCLUDE_DIR AND EXISTS "${LIBUV_INCLUDE_DIR}/uv/version.h") + set(_version_regex1 "#[\t ]*define[\t ]+UV_VERSION_MAJOR[\t ]+([0-9]+).*") + set(_version_regex2 "#[\t ]*define[\t ]+UV_VERSION_MINOR[\t ]+([0-9]+).*") + set(_version_regex3 "#[\t ]*define[\t ]+UV_VERSION_PATCH[\t ]+([0-9]+).*") + file(STRINGS "${LIBUV_INCLUDE_DIR}/uv/version.h" _version_str1 REGEX "${_version_regex1}") + file(STRINGS "${LIBUV_INCLUDE_DIR}/uv/version.h" _version_str2 REGEX "${_version_regex2}") + file(STRINGS "${LIBUV_INCLUDE_DIR}/uv/version.h" _version_str3 REGEX "${_version_regex3}") + string(REGEX REPLACE "${_version_regex1}" "\\1" _version_str1 "${_version_str1}") + string(REGEX REPLACE "${_version_regex2}" "\\1" _version_str2 "${_version_str2}") + string(REGEX REPLACE "${_version_regex3}" "\\1" _version_str3 "${_version_str3}") + set(LIBUV_VERSION "${_version_str1}.${_version_str2}.${_version_str3}") + unset(_version_regex1) + unset(_version_regex2) + unset(_version_regex3) + unset(_version_str1) + unset(_version_str2) + unset(_version_str3) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Libuv + REQUIRED_VARS + LIBUV_INCLUDE_DIR + LIBUV_LIBRARY + VERSION_VAR + LIBUV_VERSION + ) + + if(LIBUV_FOUND) + set(_libuv_INCLUDE_DIRS ${LIBUV_INCLUDE_DIR}) + set(_libuv_LIBRARIES ${LIBUV_LIBRARY}) + endif() + + mark_as_advanced(LIBUV_INCLUDE_DIR LIBUV_LIBRARY) +endif() + +if(LIBUV_FOUND) + if(NOT TARGET CURL::libuv) + add_library(CURL::libuv INTERFACE IMPORTED) + set_target_properties(CURL::libuv PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_libuv_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_libuv_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_libuv_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_libuv_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_libuv_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindMbedTLS.cmake b/CMake/FindMbedTLS.cmake index 1746093dfaf0..21a5f4aec734 100644 --- a/CMake/FindMbedTLS.cmake +++ b/CMake/FindMbedTLS.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,17 +18,120 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -find_path(MBEDTLS_INCLUDE_DIRS mbedtls/ssl.h) +# Find the mbedTLS library +# +# Input variables: +# +# - `MBEDTLS_INCLUDE_DIR`: Absolute path to mbedTLS include directory. +# - `MBEDTLS_LIBRARY`: Absolute path to `mbedtls` library. +# - `MBEDX509_LIBRARY`: Absolute path to `mbedx509` library. +# - `MBEDCRYPTO_LIBRARY`: Absolute path to `mbedcrypto` library. +# - `MBEDTLS_USE_STATIC_LIBS`: Configure for static mbedTLS libraries. +# +# Defines: +# +# - `MBEDTLS_FOUND`: System has mbedTLS. +# - `MBEDTLS_VERSION`: Version of mbedTLS. +# - `CURL::mbedtls`: mbedTLS library target. + +if(DEFINED MBEDTLS_INCLUDE_DIRS AND NOT DEFINED MBEDTLS_INCLUDE_DIR) + message(WARNING "MBEDTLS_INCLUDE_DIRS is deprecated, use MBEDTLS_INCLUDE_DIR instead.") + set(MBEDTLS_INCLUDE_DIR "${MBEDTLS_INCLUDE_DIRS}") + unset(MBEDTLS_INCLUDE_DIRS) +endif() + +set(_mbedtls_pc_requires "mbedtls" "mbedx509" "mbedcrypto") + +if(NOT DEFINED MBEDTLS_INCLUDE_DIR AND + NOT DEFINED MBEDTLS_LIBRARY AND + NOT DEFINED MBEDX509_LIBRARY AND + NOT DEFINED MBEDCRYPTO_LIBRARY) + if(CURL_USE_PKGCONFIG) + find_package(PkgConfig QUIET) + pkg_check_modules(_mbedtls ${_mbedtls_pc_requires}) + endif() + if(NOT _mbedtls_FOUND AND CURL_USE_CMAKECONFIG) + find_package(MbedTLS CONFIG QUIET) + endif() +endif() + +if(_mbedtls_FOUND) + set(MbedTLS_FOUND TRUE) + set(MBEDTLS_FOUND TRUE) + set(MBEDTLS_VERSION ${_mbedtls_mbedtls_VERSION}) + if(MBEDTLS_USE_STATIC_LIBS) + set(_mbedtls_CFLAGS "${_mbedtls_STATIC_CFLAGS}") + set(_mbedtls_INCLUDE_DIRS "${_mbedtls_STATIC_INCLUDE_DIRS}") + set(_mbedtls_LIBRARY_DIRS "${_mbedtls_STATIC_LIBRARY_DIRS}") + set(_mbedtls_LIBRARIES "${_mbedtls_STATIC_LIBRARIES}") + endif() + message(STATUS "Found MbedTLS (via pkg-config): ${_mbedtls_INCLUDE_DIRS} (found version \"${MBEDTLS_VERSION}\")") +elseif(MbedTLS_CONFIG) + set(MbedTLS_FOUND TRUE) + set(MBEDTLS_FOUND TRUE) + set(MBEDTLS_VERSION ${MbedTLS_VERSION}) + if(MBEDTLS_VERSION GREATER_EQUAL 4.0.0) + set(_mbedtls_LIBRARIES MbedTLS::tfpsacrypto) + else() + set(_mbedtls_LIBRARIES MbedTLS::mbedcrypto) + endif() + list(APPEND _mbedtls_LIBRARIES MbedTLS::mbedx509 MbedTLS::mbedtls) + message(STATUS "Found MbedTLS (via CMake Config): ${MbedTLS_CONFIG} (found version \"${MBEDTLS_VERSION}\")") +else() + set(_mbedtls_pc_requires "") # Depend on pkg-config only when found via pkg-config + + find_path(MBEDTLS_INCLUDE_DIR NAMES "mbedtls/ssl.h") + if(MBEDTLS_USE_STATIC_LIBS) + find_library(MBEDTLS_LIBRARY NAMES "mbedtls_static" "libmbedtls_static" "mbedtls" "libmbedtls") + find_library(MBEDX509_LIBRARY NAMES "mbedx509_static" "libmbedx509_static" "mbedx509" "libmbedx509") + find_library(MBEDCRYPTO_LIBRARY NAMES "mbedcrypto_static" "libmbedcrypto_static" "mbedcrypto" "libmbedcrypto" + "tfpsacrypto_static" "libtfpsacrypto_static" "tfpsacrypto" "libtfpsacrypto") + else() + find_library(MBEDTLS_LIBRARY NAMES "mbedtls" "libmbedtls") + find_library(MBEDX509_LIBRARY NAMES "mbedx509" "libmbedx509") + find_library(MBEDCRYPTO_LIBRARY NAMES "mbedcrypto" "libmbedcrypto" "tfpsacrypto" "libtfpsacrypto") + endif() + + unset(MBEDTLS_VERSION CACHE) + if(MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h") + set(_version_regex "#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"([0-9.]+)\"") + file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(MBEDTLS_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() -find_library(MBEDTLS_LIBRARY mbedtls) -find_library(MBEDX509_LIBRARY mbedx509) -find_library(MBEDCRYPTO_LIBRARY mbedcrypto) + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(MbedTLS + REQUIRED_VARS + MBEDTLS_INCLUDE_DIR + MBEDTLS_LIBRARY + MBEDX509_LIBRARY + MBEDCRYPTO_LIBRARY + VERSION_VAR + MBEDTLS_VERSION + ) -set(MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARY}" "${MBEDX509_LIBRARY}" "${MBEDCRYPTO_LIBRARY}") + if(MBEDTLS_FOUND) + set(_mbedtls_INCLUDE_DIRS ${MBEDTLS_INCLUDE_DIR}) + set(_mbedtls_LIBRARIES ${MBEDTLS_LIBRARY} ${MBEDX509_LIBRARY} ${MBEDCRYPTO_LIBRARY}) + endif() -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(MBEDTLS DEFAULT_MSG - MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) + mark_as_advanced(MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) +endif() -mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) +if(MBEDTLS_FOUND) + if(NOT TARGET CURL::mbedtls) + add_library(CURL::mbedtls INTERFACE IMPORTED) + set_target_properties(CURL::mbedtls PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_mbedtls_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_mbedtls_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_mbedtls_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_mbedtls_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_mbedtls_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindNGHTTP2.cmake b/CMake/FindNGHTTP2.cmake index 8614492b1081..f93113f404e1 100644 --- a/CMake/FindNGHTTP2.cmake +++ b/CMake/FindNGHTTP2.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,22 +18,99 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -include(FindPackageHandleStandardArgs) +# Find the nghttp2 library +# +# Input variables: +# +# - `NGHTTP2_INCLUDE_DIR`: Absolute path to nghttp2 include directory. +# - `NGHTTP2_LIBRARY`: Absolute path to `nghttp2` library. +# - `NGHTTP2_USE_STATIC_LIBS`: Configure for static nghttp2 libraries. +# +# Defines: +# +# - `NGHTTP2_FOUND`: System has nghttp2. +# - `NGHTTP2_VERSION`: Version of nghttp2. +# - `CURL::nghttp2`: nghttp2 library target. -find_path(NGHTTP2_INCLUDE_DIR "nghttp2/nghttp2.h") +set(_nghttp2_pc_requires "libnghttp2") -find_library(NGHTTP2_LIBRARY NAMES nghttp2) +if(NOT DEFINED NGHTTP2_INCLUDE_DIR AND + NOT DEFINED NGHTTP2_LIBRARY) + if(CURL_USE_PKGCONFIG) + find_package(PkgConfig QUIET) + pkg_check_modules(_nghttp2 ${_nghttp2_pc_requires}) + endif() + if(NOT _nghttp2_FOUND AND CURL_USE_CMAKECONFIG) + find_package(nghttp2 CONFIG QUIET) + endif() +endif() -find_package_handle_standard_args(NGHTTP2 - FOUND_VAR - NGHTTP2_FOUND +if(_nghttp2_FOUND) + set(NGHTTP2_FOUND TRUE) + set(NGHTTP2_VERSION ${_nghttp2_VERSION}) + if(NGHTTP2_USE_STATIC_LIBS) + set(_nghttp2_CFLAGS "${_nghttp2_STATIC_CFLAGS}") + set(_nghttp2_INCLUDE_DIRS "${_nghttp2_STATIC_INCLUDE_DIRS}") + set(_nghttp2_LIBRARY_DIRS "${_nghttp2_STATIC_LIBRARY_DIRS}") + set(_nghttp2_LIBRARIES "${_nghttp2_STATIC_LIBRARIES}") + endif() + message(STATUS "Found NGHTTP2 (via pkg-config): ${_nghttp2_INCLUDE_DIRS} (found version \"${NGHTTP2_VERSION}\")") +elseif(nghttp2_CONFIG) + set(NGHTTP2_FOUND TRUE) + set(NGHTTP2_VERSION ${nghttp2_VERSION}) + if(NGHTTP2_USE_STATIC_LIBS) + set(_nghttp2_LIBRARIES nghttp2::nghttp2_static) + else() + set(_nghttp2_LIBRARIES nghttp2::nghttp2) + endif() + message(STATUS "Found NGHTTP2 (via CMake Config): ${nghttp2_CONFIG} (found version \"${NGHTTP2_VERSION}\")") +else() + find_path(NGHTTP2_INCLUDE_DIR NAMES "nghttp2/nghttp2.h") + if(NGHTTP2_USE_STATIC_LIBS) + set(_nghttp2_CFLAGS "-DNGHTTP2_STATICLIB") + find_library(NGHTTP2_LIBRARY NAMES "nghttp2_static" "nghttp2") + else() + find_library(NGHTTP2_LIBRARY NAMES "nghttp2" "nghttp2_static") + endif() + + unset(NGHTTP2_VERSION CACHE) + if(NGHTTP2_INCLUDE_DIR AND EXISTS "${NGHTTP2_INCLUDE_DIR}/nghttp2/nghttp2ver.h") + set(_version_regex "#[\t ]*define[\t ]+NGHTTP2_VERSION[\t ]+\"([^\"]*)\"") + file(STRINGS "${NGHTTP2_INCLUDE_DIR}/nghttp2/nghttp2ver.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(NGHTTP2_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(NGHTTP2 REQUIRED_VARS - NGHTTP2_LIBRARY NGHTTP2_INCLUDE_DIR -) + NGHTTP2_LIBRARY + VERSION_VAR + NGHTTP2_VERSION + ) + + if(NGHTTP2_FOUND) + set(_nghttp2_INCLUDE_DIRS ${NGHTTP2_INCLUDE_DIR}) + set(_nghttp2_LIBRARIES ${NGHTTP2_LIBRARY}) + endif() -set(NGHTTP2_INCLUDE_DIRS ${NGHTTP2_INCLUDE_DIR}) -set(NGHTTP2_LIBRARIES ${NGHTTP2_LIBRARY}) + mark_as_advanced(NGHTTP2_INCLUDE_DIR NGHTTP2_LIBRARY) +endif() -mark_as_advanced(NGHTTP2_INCLUDE_DIRS NGHTTP2_LIBRARIES) +if(NGHTTP2_FOUND) + if(NOT TARGET CURL::nghttp2) + add_library(CURL::nghttp2 INTERFACE IMPORTED) + set_target_properties(CURL::nghttp2 PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_nghttp2_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_nghttp2_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_nghttp2_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_nghttp2_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_nghttp2_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindNGHTTP3.cmake b/CMake/FindNGHTTP3.cmake index 643b600972b0..427c139f21c4 100644 --- a/CMake/FindNGHTTP3.cmake +++ b/CMake/FindNGHTTP3.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,59 +18,99 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### +# Find the nghttp3 library +# +# Input variables: +# +# - `NGHTTP3_INCLUDE_DIR`: Absolute path to nghttp3 include directory. +# - `NGHTTP3_LIBRARY`: Absolute path to `nghttp3` library. +# - `NGHTTP3_USE_STATIC_LIBS`: Configure for static nghttp3 libraries. +# +# Defines: +# +# - `NGHTTP3_FOUND`: System has nghttp3. +# - `NGHTTP3_VERSION`: Version of nghttp3. +# - `CURL::nghttp3`: nghttp3 library target. -#[=======================================================================[.rst: -FindNGHTTP3 ----------- - -Find the nghttp3 library +set(_nghttp3_pc_requires "libnghttp3") -Result Variables -^^^^^^^^^^^^^^^^ +if(NOT DEFINED NGHTTP3_INCLUDE_DIR AND + NOT DEFINED NGHTTP3_LIBRARY) + if(CURL_USE_PKGCONFIG) + find_package(PkgConfig QUIET) + pkg_check_modules(_nghttp3 ${_nghttp3_pc_requires}) + endif() + if(NOT _nghttp3_FOUND AND CURL_USE_CMAKECONFIG) + find_package(nghttp3 CONFIG QUIET) + endif() +endif() -``NGHTTP3_FOUND`` - System has nghttp3 -``NGHTTP3_INCLUDE_DIRS`` - The nghttp3 include directories. -``NGHTTP3_LIBRARIES`` - The libraries needed to use nghttp3 -``NGHTTP3_VERSION`` - version of nghttp3. -#]=======================================================================] +if(_nghttp3_FOUND) + set(NGHTTP3_FOUND TRUE) + set(NGHTTP3_VERSION ${_nghttp3_VERSION}) + if(NGHTTP3_USE_STATIC_LIBS) + set(_nghttp3_CFLAGS "${_nghttp3_STATIC_CFLAGS}") + set(_nghttp3_INCLUDE_DIRS "${_nghttp3_STATIC_INCLUDE_DIRS}") + set(_nghttp3_LIBRARY_DIRS "${_nghttp3_STATIC_LIBRARY_DIRS}") + set(_nghttp3_LIBRARIES "${_nghttp3_STATIC_LIBRARIES}") + endif() + message(STATUS "Found NGHTTP3 (via pkg-config): ${_nghttp3_INCLUDE_DIRS} (found version \"${NGHTTP3_VERSION}\")") +elseif(nghttp3_CONFIG) + set(NGHTTP3_FOUND TRUE) + set(NGHTTP3_VERSION ${nghttp3_VERSION}) + if(NGHTTP3_USE_STATIC_LIBS) + set(_nghttp3_LIBRARIES nghttp3::nghttp3_static) + else() + set(_nghttp3_LIBRARIES nghttp3::nghttp3) + endif() + message(STATUS "Found NGHTTP3 (via CMake Config): ${nghttp3_CONFIG} (found version \"${NGHTTP3_VERSION}\")") +else() + find_path(NGHTTP3_INCLUDE_DIR NAMES "nghttp3/nghttp3.h") + if(NGHTTP3_USE_STATIC_LIBS) + set(_nghttp3_CFLAGS "-DNGHTTP3_STATICLIB") + find_library(NGHTTP3_LIBRARY NAMES "nghttp3_static" "nghttp3") + else() + find_library(NGHTTP3_LIBRARY NAMES "nghttp3") + endif() -if(UNIX) - find_package(PkgConfig QUIET) - pkg_search_module(PC_NGHTTP3 libnghttp3) -endif() + unset(NGHTTP3_VERSION CACHE) + if(NGHTTP3_INCLUDE_DIR AND EXISTS "${NGHTTP3_INCLUDE_DIR}/nghttp3/version.h") + set(_version_regex "#[\t ]*define[\t ]+NGHTTP3_VERSION[\t ]+\"([^\"]*)\"") + file(STRINGS "${NGHTTP3_INCLUDE_DIR}/nghttp3/version.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(NGHTTP3_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() -find_path(NGHTTP3_INCLUDE_DIR nghttp3/nghttp3.h - HINTS - ${PC_NGHTTP3_INCLUDEDIR} - ${PC_NGHTTP3_INCLUDE_DIRS} -) + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(NGHTTP3 + REQUIRED_VARS + NGHTTP3_INCLUDE_DIR + NGHTTP3_LIBRARY + VERSION_VAR + NGHTTP3_VERSION + ) -find_library(NGHTTP3_LIBRARY NAMES nghttp3 - HINTS - ${PC_NGHTTP3_LIBDIR} - ${PC_NGHTTP3_LIBRARY_DIRS} -) + if(NGHTTP3_FOUND) + set(_nghttp3_INCLUDE_DIRS ${NGHTTP3_INCLUDE_DIR}) + set(_nghttp3_LIBRARIES ${NGHTTP3_LIBRARY}) + endif() -if(PC_NGHTTP3_VERSION) - set(NGHTTP3_VERSION ${PC_NGHTTP3_VERSION}) + mark_as_advanced(NGHTTP3_INCLUDE_DIR NGHTTP3_LIBRARY) endif() -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(NGHTTP3 - REQUIRED_VARS - NGHTTP3_LIBRARY - NGHTTP3_INCLUDE_DIR - VERSION_VAR NGHTTP3_VERSION -) - if(NGHTTP3_FOUND) - set(NGHTTP3_LIBRARIES ${NGHTTP3_LIBRARY}) - set(NGHTTP3_INCLUDE_DIRS ${NGHTTP3_INCLUDE_DIR}) + if(NOT TARGET CURL::nghttp3) + add_library(CURL::nghttp3 INTERFACE IMPORTED) + set_target_properties(CURL::nghttp3 PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_nghttp3_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_nghttp3_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_nghttp3_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_nghttp3_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_nghttp3_LIBRARIES}") + endif() endif() - -mark_as_advanced(NGHTTP3_INCLUDE_DIRS NGHTTP3_LIBRARIES) diff --git a/CMake/FindNGTCP2.cmake b/CMake/FindNGTCP2.cmake index 5757009a5675..e4929163777c 100644 --- a/CMake/FindNGTCP2.cmake +++ b/CMake/FindNGTCP2.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,96 +18,169 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### +# Find the ngtcp2 library +# +# This module accepts optional COMPONENTS to control the crypto library (these are +# mutually exclusive): +# +# - BoringSSL: Use `libngtcp2_crypto_boringssl`. (also for AWS-LC) +# - GnuTLS: Use `libngtcp2_crypto_gnutls`. +# - LibreSSL: Use `libngtcp2_crypto_libressl`. (requires ngtcp2 1.15.0+) +# - ossl: Use `libngtcp2_crypto_ossl`. +# - quictls: Use `libngtcp2_crypto_quictls`. (also for LibreSSL with ngtcp2 <1.15.0) +# - wolfSSL: Use `libngtcp2_crypto_wolfssl`. +# +# Input variables: +# +# - `NGTCP2_INCLUDE_DIR`: Absolute path to ngtcp2 include directory. +# - `NGTCP2_LIBRARY`: Absolute path to `ngtcp2` library. +# - `NGTCP2_CRYPTO_BORINGSSL_LIBRARY`: Absolute path to `ngtcp2_crypto_boringssl` library. +# - `NGTCP2_CRYPTO_GNUTLS_LIBRARY`: Absolute path to `ngtcp2_crypto_gnutls` library. +# - `NGTCP2_CRYPTO_LIBRESSL_LIBRARY`: Absolute path to `ngtcp2_crypto_libressl` library. +# - `NGTCP2_CRYPTO_OSSL_LIBRARY`: Absolute path to `ngtcp2_crypto_ossl` library. +# - `NGTCP2_CRYPTO_QUICTLS_LIBRARY`: Absolute path to `ngtcp2_crypto_quictls` library. +# - `NGTCP2_CRYPTO_WOLFSSL_LIBRARY`: Absolute path to `ngtcp2_crypto_wolfssl` library. +# - `NGTCP2_USE_STATIC_LIBS`: Configure for static ngtcp2 libraries. +# +# Defines: +# +# - `NGTCP2_FOUND`: System has ngtcp2. +# - `NGTCP2_VERSION`: Version of ngtcp2. +# - `CURL::ngtcp2`: ngtcp2 library target. -#[=======================================================================[.rst: -FindNGTCP2 ----------- +if(NGTCP2_FIND_COMPONENTS) + set(_ngtcp2_crypto_backend "") + foreach(_component IN LISTS NGTCP2_FIND_COMPONENTS) + if(_component MATCHES "^(BoringSSL|GnuTLS|LibreSSL|ossl|quictls|wolfSSL)") + if(_ngtcp2_crypto_backend) + message(FATAL_ERROR "NGTCP2: Only one crypto library can be selected") + endif() + set(_ngtcp2_crypto_backend ${_component}) + endif() + endforeach() -Find the ngtcp2 library + if(_ngtcp2_crypto_backend) + string(TOLOWER "ngtcp2_crypto_${_ngtcp2_crypto_backend}" _crypto_library_lower) + string(TOUPPER "ngtcp2_crypto_${_ngtcp2_crypto_backend}" _crypto_library_upper) + endif() +endif() -This module accepts optional COMPONENTS to control the crypto library (these are -mutually exclusive):: +set(_ngtcp2_pc_requires "libngtcp2") +if(_ngtcp2_crypto_backend) + list(APPEND _ngtcp2_pc_requires "lib${_crypto_library_lower}") +endif() - OpenSSL: Use libngtcp2_crypto_openssl - GnuTLS: Use libngtcp2_crypto_gnutls +set(_tried_pkgconfig FALSE) +if(NOT DEFINED NGTCP2_INCLUDE_DIR AND + NOT DEFINED NGTCP2_LIBRARY) + if(CURL_USE_PKGCONFIG) + find_package(PkgConfig QUIET) + pkg_check_modules(_ngtcp2 ${_ngtcp2_pc_requires}) + set(_tried_pkgconfig TRUE) + endif() + if(NOT _ngtcp2_FOUND AND CURL_USE_CMAKECONFIG) + find_package(ngtcp2 CONFIG QUIET) + # Skip using it if the crypto library target is not available + if(ngtcp2_CONFIG AND + NOT TARGET ngtcp2::${_crypto_library_lower}_static AND + NOT TARGET ngtcp2::${_crypto_library_lower}) + unset(ngtcp2_CONFIG) + endif() + endif() +endif() -Result Variables -^^^^^^^^^^^^^^^^ +if(_ngtcp2_FOUND) + set(NGTCP2_FOUND TRUE) + set(NGTCP2_VERSION ${_ngtcp2_libngtcp2_VERSION}) + if(NGTCP2_USE_STATIC_LIBS) + set(_ngtcp2_CFLAGS "${_ngtcp2_STATIC_CFLAGS}") + set(_ngtcp2_INCLUDE_DIRS "${_ngtcp2_STATIC_INCLUDE_DIRS}") + set(_ngtcp2_LIBRARY_DIRS "${_ngtcp2_STATIC_LIBRARY_DIRS}") + set(_ngtcp2_LIBRARIES "${_ngtcp2_STATIC_LIBRARIES}") + endif() + message(STATUS "Found NGTCP2 (via pkg-config): ${_ngtcp2_INCLUDE_DIRS} (found version \"${NGTCP2_VERSION}\")") +elseif(ngtcp2_CONFIG) + set(NGTCP2_FOUND TRUE) + set(NGTCP2_VERSION ${ngtcp2_VERSION}) + if(NGTCP2_USE_STATIC_LIBS) + set(_ngtcp2_LIBRARIES ngtcp2::ngtcp2_static ngtcp2::${_crypto_library_lower}_static) + else() + set(_ngtcp2_LIBRARIES ngtcp2::ngtcp2 ngtcp2::${_crypto_library_lower}) + endif() + message(STATUS "Found NGTCP2 (via CMake Config): ${ngtcp2_CONFIG} (found version \"${NGTCP2_VERSION}\")") +else() + find_path(NGTCP2_INCLUDE_DIR NAMES "ngtcp2/ngtcp2.h") + if(NGTCP2_USE_STATIC_LIBS) + set(_ngtcp2_CFLAGS "-DNGTCP2_STATICLIB") + find_library(NGTCP2_LIBRARY NAMES "ngtcp2_static" "ngtcp2") + else() + find_library(NGTCP2_LIBRARY NAMES "ngtcp2") + endif() -``NGTCP2_FOUND`` - System has ngtcp2 -``NGTCP2_INCLUDE_DIRS`` - The ngtcp2 include directories. -``NGTCP2_LIBRARIES`` - The libraries needed to use ngtcp2 -``NGTCP2_VERSION`` - version of ngtcp2. -#]=======================================================================] + unset(NGTCP2_VERSION CACHE) + if(NGTCP2_INCLUDE_DIR AND EXISTS "${NGTCP2_INCLUDE_DIR}/ngtcp2/version.h") + set(_version_regex "#[\t ]*define[\t ]+NGTCP2_VERSION[\t ]+\"([^\"]*)\"") + file(STRINGS "${NGTCP2_INCLUDE_DIR}/ngtcp2/version.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(NGTCP2_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() -if(UNIX) - find_package(PkgConfig QUIET) - pkg_search_module(PC_NGTCP2 libngtcp2) -endif() + if(_ngtcp2_crypto_backend) + if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.20) + cmake_path(GET NGTCP2_LIBRARY PARENT_PATH _ngtcp2_library_dir) + else() + get_filename_component(_ngtcp2_library_dir "${NGTCP2_LIBRARY}" DIRECTORY) + endif() + if(NGTCP2_USE_STATIC_LIBS) + find_library(${_crypto_library_upper}_LIBRARY NAMES ${_crypto_library_lower}_static ${_crypto_library_lower} + HINTS ${_ngtcp2_library_dir}) + else() + find_library(${_crypto_library_upper}_LIBRARY NAMES ${_crypto_library_lower} + HINTS ${_ngtcp2_library_dir}) + endif() -find_path(NGTCP2_INCLUDE_DIR ngtcp2/ngtcp2.h - HINTS - ${PC_NGTCP2_INCLUDEDIR} - ${PC_NGTCP2_INCLUDE_DIRS} -) + if(${_crypto_library_upper}_LIBRARY) + set(NGTCP2_${_ngtcp2_crypto_backend}_FOUND TRUE) + set(NGTCP2_CRYPTO_LIBRARY ${${_crypto_library_upper}_LIBRARY}) + endif() + endif() -find_library(NGTCP2_LIBRARY NAMES ngtcp2 - HINTS - ${PC_NGTCP2_LIBDIR} - ${PC_NGTCP2_LIBRARY_DIRS} -) + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(NGTCP2 + REQUIRED_VARS + NGTCP2_INCLUDE_DIR + NGTCP2_LIBRARY + VERSION_VAR + NGTCP2_VERSION + HANDLE_COMPONENTS + ) -if(PC_NGTCP2_VERSION) - set(NGTCP2_VERSION ${PC_NGTCP2_VERSION}) -endif() + if(NGTCP2_FOUND) + set(_ngtcp2_INCLUDE_DIRS ${NGTCP2_INCLUDE_DIR}) + set(_ngtcp2_LIBRARIES ${NGTCP2_LIBRARY} ${NGTCP2_CRYPTO_LIBRARY}) + endif() -if(NGTCP2_FIND_COMPONENTS) - set(NGTCP2_CRYPTO_BACKEND "") - foreach(component IN LISTS NGTCP2_FIND_COMPONENTS) - if(component MATCHES "^(OpenSSL|GnuTLS)") - if(NGTCP2_CRYPTO_BACKEND) - message(FATAL_ERROR "NGTCP2: Only one crypto library can be selected") - endif() - set(NGTCP2_CRYPTO_BACKEND ${component}) - endif() - endforeach() + mark_as_advanced(NGTCP2_INCLUDE_DIR NGTCP2_LIBRARY NGTCP2_CRYPTO_LIBRARY) - if(NGTCP2_CRYPTO_BACKEND) - string(TOLOWER "ngtcp2_crypto_${NGTCP2_CRYPTO_BACKEND}" _crypto_library) - if(UNIX) - pkg_search_module(PC_${_crypto_library} lib${_crypto_library}) - endif() - find_library(${_crypto_library}_LIBRARY - NAMES - ${_crypto_library} - HINTS - ${PC_${_crypto_library}_LIBDIR} - ${PC_${_crypto_library}_LIBRARY_DIRS} - ) - if(${_crypto_library}_LIBRARY) - set(NGTCP2_${NGTCP2_CRYPTO_BACKEND}_FOUND TRUE) - set(NGTCP2_CRYPTO_LIBRARY ${${_crypto_library}_LIBRARY}) - endif() + if(NOT NGTCP2_FOUND AND _tried_pkgconfig) # reset variables to allow another round of detection + unset(NGTCP2_INCLUDE_DIR CACHE) + unset(NGTCP2_LIBRARY CACHE) endif() endif() -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(NGTCP2 - REQUIRED_VARS - NGTCP2_LIBRARY - NGTCP2_INCLUDE_DIR - VERSION_VAR NGTCP2_VERSION - HANDLE_COMPONENTS -) - if(NGTCP2_FOUND) - set(NGTCP2_LIBRARIES ${NGTCP2_LIBRARY} ${NGTCP2_CRYPTO_LIBRARY}) - set(NGTCP2_INCLUDE_DIRS ${NGTCP2_INCLUDE_DIR}) + if(NOT TARGET CURL::ngtcp2) + add_library(CURL::ngtcp2 INTERFACE IMPORTED) + set_target_properties(CURL::ngtcp2 PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_ngtcp2_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_ngtcp2_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_ngtcp2_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_ngtcp2_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_ngtcp2_LIBRARIES}") + endif() endif() - -mark_as_advanced(NGTCP2_INCLUDE_DIRS NGTCP2_LIBRARIES) diff --git a/CMake/FindNSS.cmake b/CMake/FindNSS.cmake deleted file mode 100644 index 899c6b07562e..000000000000 --- a/CMake/FindNSS.cmake +++ /dev/null @@ -1,38 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -if(UNIX) - find_package(PkgConfig QUIET) - pkg_search_module(PC_NSS nss) -endif() -if(NOT PC_NSS_FOUND) - return() -endif() - -set(NSS_LIBRARIES ${PC_NSS_LINK_LIBRARIES}) -set(NSS_INCLUDE_DIRS ${PC_NSS_INCLUDE_DIRS}) - -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(NSS - REQUIRED_VARS NSS_LIBRARIES NSS_INCLUDE_DIRS - VERSION_VAR PC_NSS_VERSION) - -mark_as_advanced(NSS_INCLUDE_DIRS NSS_LIBRARIES) diff --git a/CMake/FindNettle.cmake b/CMake/FindNettle.cmake new file mode 100644 index 000000000000..c963180cba0e --- /dev/null +++ b/CMake/FindNettle.cmake @@ -0,0 +1,97 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the nettle library +# +# Input variables: +# +# - `NETTLE_INCLUDE_DIR`: Absolute path to nettle include directory. +# - `NETTLE_LIBRARY`: Absolute path to `nettle` library. +# +# Defines: +# +# - `NETTLE_FOUND`: System has nettle. +# - `NETTLE_VERSION`: Version of nettle. +# - `CURL::nettle`: nettle library target. + +set(_nettle_pc_requires "nettle") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED NETTLE_INCLUDE_DIR AND + NOT DEFINED NETTLE_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_nettle ${_nettle_pc_requires}) +endif() + +if(_nettle_FOUND) + set(Nettle_FOUND TRUE) + set(NETTLE_FOUND TRUE) + set(NETTLE_VERSION ${_nettle_VERSION}) + message(STATUS "Found Nettle (via pkg-config): ${_nettle_INCLUDE_DIRS} (found version \"${NETTLE_VERSION}\")") +else() + find_path(NETTLE_INCLUDE_DIR NAMES "nettle/sha2.h") + find_library(NETTLE_LIBRARY NAMES "nettle") + + unset(NETTLE_VERSION CACHE) + if(NETTLE_INCLUDE_DIR AND EXISTS "${NETTLE_INCLUDE_DIR}/nettle/version.h") + set(_version_regex1 "#[\t ]*define[ \t]+NETTLE_VERSION_MAJOR[ \t]+([0-9]+).*") + set(_version_regex2 "#[\t ]*define[ \t]+NETTLE_VERSION_MINOR[ \t]+([0-9]+).*") + file(STRINGS "${NETTLE_INCLUDE_DIR}/nettle/version.h" _version_str1 REGEX "${_version_regex1}") + file(STRINGS "${NETTLE_INCLUDE_DIR}/nettle/version.h" _version_str2 REGEX "${_version_regex2}") + string(REGEX REPLACE "${_version_regex1}" "\\1" _version_str1 "${_version_str1}") + string(REGEX REPLACE "${_version_regex2}" "\\1" _version_str2 "${_version_str2}") + set(NETTLE_VERSION "${_version_str1}.${_version_str2}") + unset(_version_regex1) + unset(_version_regex2) + unset(_version_str1) + unset(_version_str2) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Nettle + REQUIRED_VARS + NETTLE_INCLUDE_DIR + NETTLE_LIBRARY + VERSION_VAR + NETTLE_VERSION + ) + + if(NETTLE_FOUND) + set(_nettle_INCLUDE_DIRS ${NETTLE_INCLUDE_DIR}) + set(_nettle_LIBRARIES ${NETTLE_LIBRARY}) + endif() + + mark_as_advanced(NETTLE_INCLUDE_DIR NETTLE_LIBRARY) +endif() + +if(NETTLE_FOUND) + if(NOT TARGET CURL::nettle) + add_library(CURL::nettle INTERFACE IMPORTED) + set_target_properties(CURL::nettle PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_nettle_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_nettle_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_nettle_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_nettle_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_nettle_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindQUICHE.cmake b/CMake/FindQUICHE.cmake deleted file mode 100644 index 0247364d41b5..000000000000 --- a/CMake/FindQUICHE.cmake +++ /dev/null @@ -1,68 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### - -#[=======================================================================[.rst: -FindQUICHE ----------- - -Find the quiche library - -Result Variables -^^^^^^^^^^^^^^^^ - -``QUICHE_FOUND`` - System has quiche -``QUICHE_INCLUDE_DIRS`` - The quiche include directories. -``QUICHE_LIBRARIES`` - The libraries needed to use quiche -#]=======================================================================] -if(UNIX) - find_package(PkgConfig QUIET) - pkg_search_module(PC_QUICHE quiche) -endif() - -find_path(QUICHE_INCLUDE_DIR quiche.h - HINTS - ${PC_QUICHE_INCLUDEDIR} - ${PC_QUICHE_INCLUDE_DIRS} -) - -find_library(QUICHE_LIBRARY NAMES quiche - HINTS - ${PC_QUICHE_LIBDIR} - ${PC_QUICHE_LIBRARY_DIRS} -) - -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(QUICHE - REQUIRED_VARS - QUICHE_LIBRARY - QUICHE_INCLUDE_DIR -) - -if(QUICHE_FOUND) - set(QUICHE_LIBRARIES ${QUICHE_LIBRARY}) - set(QUICHE_INCLUDE_DIRS ${QUICHE_INCLUDE_DIR}) -endif() - -mark_as_advanced(QUICHE_INCLUDE_DIRS QUICHE_LIBRARIES) diff --git a/CMake/FindQuiche.cmake b/CMake/FindQuiche.cmake new file mode 100644 index 000000000000..137679b5b358 --- /dev/null +++ b/CMake/FindQuiche.cmake @@ -0,0 +1,80 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the quiche library +# +# Input variables: +# +# - `QUICHE_INCLUDE_DIR`: Absolute path to quiche include directory. +# - `QUICHE_LIBRARY`: Absolute path to `quiche` library. +# +# Defines: +# +# - `QUICHE_FOUND`: System has quiche. +# - `QUICHE_VERSION`: Version of quiche. +# - `CURL::quiche`: quiche library target. + +set(_quiche_pc_requires "quiche") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED QUICHE_INCLUDE_DIR AND + NOT DEFINED QUICHE_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_quiche ${_quiche_pc_requires}) +endif() + +if(_quiche_FOUND) + set(Quiche_FOUND TRUE) + set(QUICHE_FOUND TRUE) + set(QUICHE_VERSION ${_quiche_VERSION}) + message(STATUS "Found Quiche (via pkg-config): ${_quiche_INCLUDE_DIRS} (found version \"${QUICHE_VERSION}\")") +else() + find_path(QUICHE_INCLUDE_DIR NAMES "quiche.h") + find_library(QUICHE_LIBRARY NAMES "quiche") + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Quiche + REQUIRED_VARS + QUICHE_INCLUDE_DIR + QUICHE_LIBRARY + ) + + if(QUICHE_FOUND) + set(_quiche_INCLUDE_DIRS ${QUICHE_INCLUDE_DIR}) + set(_quiche_LIBRARIES ${QUICHE_LIBRARY}) + endif() + + mark_as_advanced(QUICHE_INCLUDE_DIR QUICHE_LIBRARY) +endif() + +if(QUICHE_FOUND) + if(NOT TARGET CURL::quiche) + add_library(CURL::quiche INTERFACE IMPORTED) + set_target_properties(CURL::quiche PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_quiche_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_quiche_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_quiche_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_quiche_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_quiche_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindRustls.cmake b/CMake/FindRustls.cmake new file mode 100644 index 000000000000..1e07565189f7 --- /dev/null +++ b/CMake/FindRustls.cmake @@ -0,0 +1,116 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Find the Rustls library +# +# Input variables: +# +# - `RUSTLS_INCLUDE_DIR`: Absolute path to Rustls include directory. +# - `RUSTLS_LIBRARY`: Absolute path to `rustls` library. +# +# Defines: +# +# - `RUSTLS_FOUND`: System has Rustls. +# - `RUSTLS_VERSION`: Version of Rustls. +# - `CURL::rustls`: Rustls library target. + +set(_rustls_pc_requires "rustls") + +if(CURL_USE_PKGCONFIG AND + NOT DEFINED RUSTLS_INCLUDE_DIR AND + NOT DEFINED RUSTLS_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_rustls ${_rustls_pc_requires}) +endif() + +if(_rustls_FOUND) + set(Rustls_FOUND TRUE) + set(RUSTLS_FOUND TRUE) + set(RUSTLS_VERSION ${_rustls_VERSION}) + message(STATUS "Found Rustls (via pkg-config): ${_rustls_INCLUDE_DIRS} (found version \"${RUSTLS_VERSION}\")") +else() + set(_rustls_pc_requires "") # Depend on pkg-config only when found via pkg-config + + find_path(RUSTLS_INCLUDE_DIR NAMES "rustls.h") + find_library(RUSTLS_LIBRARY NAMES "rustls") + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Rustls + REQUIRED_VARS + RUSTLS_INCLUDE_DIR + RUSTLS_LIBRARY + ) + + if(RUSTLS_FOUND) + set(_rustls_INCLUDE_DIRS ${RUSTLS_INCLUDE_DIR}) + set(_rustls_LIBRARIES ${RUSTLS_LIBRARY}) + endif() + + mark_as_advanced(RUSTLS_INCLUDE_DIR RUSTLS_LIBRARY) +endif() + +if(RUSTLS_FOUND) + if(APPLE) + find_library(SECURITY_FRAMEWORK NAMES "Security") + mark_as_advanced(SECURITY_FRAMEWORK) + if(NOT SECURITY_FRAMEWORK) + message(FATAL_ERROR "Security framework not found") + endif() + list(APPEND _rustls_LIBRARIES "-framework Security") + + find_library(FOUNDATION_FRAMEWORK NAMES "Foundation") + mark_as_advanced(FOUNDATION_FRAMEWORK) + if(NOT FOUNDATION_FRAMEWORK) + message(FATAL_ERROR "Foundation framework not found") + endif() + list(APPEND _rustls_LIBRARIES "-framework Foundation") + elseif(NOT WIN32) + find_library(PTHREAD_LIBRARY NAMES "pthread") + if(PTHREAD_LIBRARY) + list(APPEND _rustls_LIBRARIES ${PTHREAD_LIBRARY}) + endif() + mark_as_advanced(PTHREAD_LIBRARY) + + find_library(DL_LIBRARY NAMES "dl") + if(DL_LIBRARY) + list(APPEND _rustls_LIBRARIES ${DL_LIBRARY}) + endif() + mark_as_advanced(DL_LIBRARY) + + find_library(MATH_LIBRARY NAMES "m") + if(MATH_LIBRARY) + list(APPEND _rustls_LIBRARIES ${MATH_LIBRARY}) + endif() + mark_as_advanced(MATH_LIBRARY) + endif() + + if(NOT TARGET CURL::rustls) + add_library(CURL::rustls INTERFACE IMPORTED) + set_target_properties(CURL::rustls PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_rustls_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_rustls_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_rustls_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_rustls_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_rustls_LIBRARIES}") + endif() +endif() diff --git a/CMake/FindWolfSSL.cmake b/CMake/FindWolfSSL.cmake index 42256b3cd17f..606a67b8becd 100644 --- a/CMake/FindWolfSSL.cmake +++ b/CMake/FindWolfSSL.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,17 +18,108 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -find_path(WolfSSL_INCLUDE_DIR NAMES wolfssl/ssl.h) -find_library(WolfSSL_LIBRARY NAMES wolfssl) -mark_as_advanced(WolfSSL_INCLUDE_DIR WolfSSL_LIBRARY) +# Find the wolfSSL library +# +# Input variables: +# +# - `WOLFSSL_INCLUDE_DIR`: Absolute path to wolfSSL include directory. +# - `WOLFSSL_LIBRARY`: Absolute path to `wolfssl` library. +# +# Defines: +# +# - `WOLFSSL_FOUND`: System has wolfSSL. +# - `WOLFSSL_VERSION`: Version of wolfSSL. +# - `CURL::wolfssl`: wolfSSL library target. + +if(DEFINED WolfSSL_INCLUDE_DIR AND NOT DEFINED WOLFSSL_INCLUDE_DIR) + message(WARNING "WolfSSL_INCLUDE_DIR is deprecated, use WOLFSSL_INCLUDE_DIR instead.") + set(WOLFSSL_INCLUDE_DIR "${WolfSSL_INCLUDE_DIR}") +endif() +if(DEFINED WolfSSL_LIBRARY AND NOT DEFINED WOLFSSL_LIBRARY) + message(WARNING "WolfSSL_LIBRARY is deprecated, use WOLFSSL_LIBRARY instead.") + set(WOLFSSL_LIBRARY "${WolfSSL_LIBRARY}") +endif() + +set(_wolfssl_pc_requires "wolfssl") -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(WolfSSL - REQUIRED_VARS WolfSSL_INCLUDE_DIR WolfSSL_LIBRARY +if(CURL_USE_PKGCONFIG AND + NOT DEFINED WOLFSSL_INCLUDE_DIR AND + NOT DEFINED WOLFSSL_LIBRARY) + find_package(PkgConfig QUIET) + pkg_check_modules(_wolfssl ${_wolfssl_pc_requires}) +endif() + +if(_wolfssl_FOUND) + set(WolfSSL_FOUND TRUE) + set(WOLFSSL_FOUND TRUE) + set(WOLFSSL_VERSION ${_wolfssl_VERSION}) + message(STATUS "Found WolfSSL (via pkg-config): ${_wolfssl_INCLUDE_DIRS} (found version \"${WOLFSSL_VERSION}\")") +else() + find_path(WOLFSSL_INCLUDE_DIR NAMES "wolfssl/ssl.h") + find_library(WOLFSSL_LIBRARY NAMES "wolfssl") + + unset(WOLFSSL_VERSION CACHE) + if(WOLFSSL_INCLUDE_DIR AND EXISTS "${WOLFSSL_INCLUDE_DIR}/wolfssl/version.h") + set(_version_regex "#[\t ]*define[\t ]+LIBWOLFSSL_VERSION_STRING[\t ]+\"([^\"]*)\"") + file(STRINGS "${WOLFSSL_INCLUDE_DIR}/wolfssl/version.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(WOLFSSL_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(WolfSSL + REQUIRED_VARS + WOLFSSL_INCLUDE_DIR + WOLFSSL_LIBRARY + VERSION_VAR + WOLFSSL_VERSION ) -if(WolfSSL_FOUND) - set(WolfSSL_INCLUDE_DIRS ${WolfSSL_INCLUDE_DIR}) - set(WolfSSL_LIBRARIES ${WolfSSL_LIBRARY}) + if(WOLFSSL_FOUND) + set(_wolfssl_INCLUDE_DIRS ${WOLFSSL_INCLUDE_DIR}) + set(_wolfssl_LIBRARIES ${WOLFSSL_LIBRARY}) + endif() + + mark_as_advanced(WOLFSSL_INCLUDE_DIR WOLFSSL_LIBRARY) +endif() + +if(WOLFSSL_FOUND) + if(APPLE) + find_library(SECURITY_FRAMEWORK NAMES "Security") + mark_as_advanced(SECURITY_FRAMEWORK) + if(NOT SECURITY_FRAMEWORK) + message(FATAL_ERROR "Security framework not found") + endif() + list(APPEND _wolfssl_LIBRARIES "-framework Security") + + find_library(COREFOUNDATION_FRAMEWORK NAMES "CoreFoundation") + mark_as_advanced(COREFOUNDATION_FRAMEWORK) + if(NOT COREFOUNDATION_FRAMEWORK) + message(FATAL_ERROR "CoreFoundation framework not found") + endif() + list(APPEND _wolfssl_LIBRARIES "-framework CoreFoundation") + elseif(WIN32) + list(APPEND _wolfssl_LIBRARIES "crypt32") + else() + find_library(MATH_LIBRARY NAMES "m") + if(MATH_LIBRARY) + list(APPEND _wolfssl_LIBRARIES ${MATH_LIBRARY}) # for log and pow + endif() + mark_as_advanced(MATH_LIBRARY) + endif() + + if(NOT TARGET CURL::wolfssl) + add_library(CURL::wolfssl INTERFACE IMPORTED) + set_target_properties(CURL::wolfssl PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_wolfssl_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_wolfssl_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_wolfssl_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_wolfssl_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_wolfssl_LIBRARIES}") + endif() endif() diff --git a/CMake/FindZstd.cmake b/CMake/FindZstd.cmake index eaba39746fb8..8dc620a1009f 100644 --- a/CMake/FindZstd.cmake +++ b/CMake/FindZstd.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,52 +18,126 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### +# Find the zstd library +# +# Input variables: +# +# - `ZSTD_INCLUDE_DIR`: Absolute path to zstd include directory. +# - `ZSTD_LIBRARY`: Absolute path to `zstd` library. +# - `ZSTD_USE_STATIC_LIBS`: Configure for static zstd libraries. +# +# Defines: +# +# - `ZSTD_FOUND`: System has zstd. +# - `ZSTD_VERSION`: Version of zstd. +# - `CURL::zstd`: zstd library target. -#[=======================================================================[.rst: -FindZstd ----------- - -Find the zstd library - -Result Variables -^^^^^^^^^^^^^^^^ +if(DEFINED Zstd_INCLUDE_DIR AND NOT DEFINED ZSTD_INCLUDE_DIR) + message(WARNING "Zstd_INCLUDE_DIR is deprecated, use ZSTD_INCLUDE_DIR instead.") + set(ZSTD_INCLUDE_DIR "${Zstd_INCLUDE_DIR}") +endif() +if(DEFINED Zstd_LIBRARY AND NOT DEFINED ZSTD_LIBRARY) + message(WARNING "Zstd_LIBRARY is deprecated, use ZSTD_LIBRARY instead.") + set(ZSTD_LIBRARY "${Zstd_LIBRARY}") +endif() -``Zstd_FOUND`` - System has zstd -``Zstd_INCLUDE_DIRS`` - The zstd include directories. -``Zstd_LIBRARIES`` - The libraries needed to use zstd -#]=======================================================================] +set(_zstd_pc_requires "libzstd") -if(UNIX) - find_package(PkgConfig QUIET) - pkg_search_module(PC_Zstd libzstd) +if(NOT DEFINED ZSTD_INCLUDE_DIR AND + NOT DEFINED ZSTD_LIBRARY) + if(CURL_USE_PKGCONFIG) + find_package(PkgConfig QUIET) + pkg_check_modules(_zstd ${_zstd_pc_requires}) + endif() + if(NOT _zstd_FOUND AND CURL_USE_CMAKECONFIG) + find_package(Zstd CONFIG QUIET) + # Skip using if older than v1.4.5 + if(Zstd_CONFIG AND + NOT TARGET zstd::libzstd_static AND + NOT TARGET zstd::libzstd_shared) + unset(Zstd_CONFIG) + endif() + endif() endif() -find_path(Zstd_INCLUDE_DIR zstd.h - HINTS - ${PC_Zstd_INCLUDEDIR} - ${PC_Zstd_INCLUDE_DIRS} -) +if(_zstd_FOUND) + set(Zstd_FOUND TRUE) + set(ZSTD_FOUND TRUE) + set(ZSTD_VERSION ${_zstd_VERSION}) + if(ZSTD_USE_STATIC_LIBS) + set(_zstd_CFLAGS "${_zstd_STATIC_CFLAGS}") + set(_zstd_INCLUDE_DIRS "${_zstd_STATIC_INCLUDE_DIRS}") + set(_zstd_LIBRARY_DIRS "${_zstd_STATIC_LIBRARY_DIRS}") + set(_zstd_LIBRARIES "${_zstd_STATIC_LIBRARIES}") + endif() + message(STATUS "Found Zstd (via pkg-config): ${_zstd_INCLUDE_DIRS} (found version \"${ZSTD_VERSION}\")") +elseif(Zstd_CONFIG) + set(ZSTD_FOUND TRUE) + set(ZSTD_VERSION ${Zstd_VERSION}) + if(ZSTD_USE_STATIC_LIBS) + set(_zstd_LIBRARIES zstd::libzstd_static) + elseif(TARGET zstd::libzstd) + set(_zstd_LIBRARIES zstd::libzstd) # v1.5.6+ + else() + set(_zstd_LIBRARIES zstd::libzstd_shared) + endif() + message(STATUS "Found Zstd (via CMake Config): ${Zstd_CONFIG} (found version \"${ZSTD_VERSION}\")") +else() + find_path(ZSTD_INCLUDE_DIR NAMES "zstd.h") + if(ZSTD_USE_STATIC_LIBS) + find_library(ZSTD_LIBRARY NAMES "zstd_static" "zstd") + else() + find_library(ZSTD_LIBRARY NAMES "zstd") + endif() -find_library(Zstd_LIBRARY NAMES zstd - HINTS - ${PC_Zstd_LIBDIR} - ${PC_Zstd_LIBRARY_DIRS} -) + unset(ZSTD_VERSION CACHE) + if(ZSTD_INCLUDE_DIR AND EXISTS "${ZSTD_INCLUDE_DIR}/zstd.h") + set(_version_regex1 "#[\t ]*define[ \t]+ZSTD_VERSION_MAJOR[ \t]+([0-9]+).*") + set(_version_regex2 "#[\t ]*define[ \t]+ZSTD_VERSION_MINOR[ \t]+([0-9]+).*") + set(_version_regex3 "#[\t ]*define[ \t]+ZSTD_VERSION_RELEASE[ \t]+([0-9]+).*") + file(STRINGS "${ZSTD_INCLUDE_DIR}/zstd.h" _version_str1 REGEX "${_version_regex1}") + file(STRINGS "${ZSTD_INCLUDE_DIR}/zstd.h" _version_str2 REGEX "${_version_regex2}") + file(STRINGS "${ZSTD_INCLUDE_DIR}/zstd.h" _version_str3 REGEX "${_version_regex3}") + string(REGEX REPLACE "${_version_regex1}" "\\1" _version_str1 "${_version_str1}") + string(REGEX REPLACE "${_version_regex2}" "\\1" _version_str2 "${_version_str2}") + string(REGEX REPLACE "${_version_regex3}" "\\1" _version_str3 "${_version_str3}") + set(ZSTD_VERSION "${_version_str1}.${_version_str2}.${_version_str3}") + unset(_version_regex1) + unset(_version_regex2) + unset(_version_regex3) + unset(_version_str1) + unset(_version_str2) + unset(_version_str3) + endif() -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(Zstd - REQUIRED_VARS - Zstd_LIBRARY - Zstd_INCLUDE_DIR -) + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args(Zstd + REQUIRED_VARS + ZSTD_INCLUDE_DIR + ZSTD_LIBRARY + VERSION_VAR + ZSTD_VERSION + ) -if(Zstd_FOUND) - set(Zstd_LIBRARIES ${Zstd_LIBRARY}) - set(Zstd_INCLUDE_DIRS ${Zstd_INCLUDE_DIR}) + if(ZSTD_FOUND) + set(_zstd_INCLUDE_DIRS ${ZSTD_INCLUDE_DIR}) + set(_zstd_LIBRARIES ${ZSTD_LIBRARY}) + endif() + + mark_as_advanced(ZSTD_INCLUDE_DIR ZSTD_LIBRARY) endif() -mark_as_advanced(Zstd_INCLUDE_DIRS Zstd_LIBRARIES) +if(ZSTD_FOUND) + if(NOT TARGET CURL::zstd) + add_library(CURL::zstd INTERFACE IMPORTED) + set_target_properties(CURL::zstd PROPERTIES + INTERFACE_LIBCURL_PC_MODULES "${_zstd_pc_requires}" + INTERFACE_COMPILE_OPTIONS "${_zstd_CFLAGS}" + INTERFACE_INCLUDE_DIRECTORIES "${_zstd_INCLUDE_DIRS}" + INTERFACE_LINK_DIRECTORIES "${_zstd_LIBRARY_DIRS}" + INTERFACE_LINK_LIBRARIES "${_zstd_LIBRARIES}") + endif() +endif() diff --git a/CMake/Macros.cmake b/CMake/Macros.cmake index d57dd6ad57a6..a0c26d483bd4 100644 --- a/CMake/Macros.cmake +++ b/CMake/Macros.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,103 +18,269 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -#File defines convenience macros for available feature testing - -# This macro checks if the symbol exists in the library and if it -# does, it prepends library to the list. It is intended to be called -# multiple times with a sequence of possibly dependent libraries in -# order of least-to-most-dependent. Some libraries depend on others -# to link correctly. -macro(check_library_exists_concat LIBRARY SYMBOL VARIABLE) - check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}" - ${VARIABLE}) - if(${VARIABLE}) - set(CURL_LIBS ${LIBRARY} ${CURL_LIBS}) - endif() -endmacro() +# File defines convenience macros for available feature testing # Check if header file exists and add it to the list. # This macro is intended to be called multiple times with a sequence of # possibly dependent header files. Some headers depend on others to be # compiled correctly. -macro(check_include_file_concat FILE VARIABLE) - check_include_files("${CURL_INCLUDES};${FILE}" ${VARIABLE}) - if(${VARIABLE}) - set(CURL_INCLUDES ${CURL_INCLUDES} ${FILE}) - set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -D${VARIABLE}") +macro(check_include_file_concat_curl _file _variable) + check_include_files("${CURL_INCLUDES};${_file}" ${_variable}) + if(${_variable}) + list(APPEND CURL_INCLUDES ${_file}) endif() endmacro() +set(CURL_TEST_DEFINES "") # Initialize global variable + # For other curl specific tests, use this macro. -macro(curl_internal_test CURL_TEST) - if(NOT DEFINED "${CURL_TEST}") - set(MACRO_CHECK_FUNCTION_DEFINITIONS - "-D${CURL_TEST} ${CURL_TEST_DEFINES} ${CMAKE_REQUIRED_FLAGS}") +# Return result in variable: CURL_TEST_OUTPUT +macro(curl_internal_test _curl_test) + if(NOT DEFINED "${_curl_test}") + string(REPLACE ";" " " _cmake_required_definitions "${CMAKE_REQUIRED_DEFINITIONS}") + set(_curl_test_add_libraries "") if(CMAKE_REQUIRED_LIBRARIES) - set(CURL_TEST_ADD_LIBRARIES + set(_curl_test_add_libraries "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}") endif() - message(STATUS "Performing Curl Test ${CURL_TEST}") - try_compile(${CURL_TEST} - ${CMAKE_BINARY_DIR} - ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c - CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS} - "${CURL_TEST_ADD_LIBRARIES}" - OUTPUT_VARIABLE OUTPUT) - if(${CURL_TEST}) - set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}") - message(STATUS "Performing Curl Test ${CURL_TEST} - Success") - file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log - "Performing Curl Test ${CURL_TEST} passed with the following output:\n" - "${OUTPUT}\n") + message(STATUS "Performing Test ${_curl_test}") + try_compile(${_curl_test} + ${PROJECT_BINARY_DIR} + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c" + CMAKE_FLAGS + "-DCOMPILE_DEFINITIONS:STRING=-D${_curl_test} ${CURL_TEST_DEFINES} ${CMAKE_REQUIRED_FLAGS} ${_cmake_required_definitions}" + "${_curl_test_add_libraries}" + OUTPUT_VARIABLE CURL_TEST_OUTPUT) + if(${_curl_test}) + set(${_curl_test} 1 CACHE INTERNAL "curl test") + message(STATUS "Performing Test ${_curl_test} - Success") else() - message(STATUS "Performing Curl Test ${CURL_TEST} - Failed") - set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}") - file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log - "Performing Curl Test ${CURL_TEST} failed with the following output:\n" - "${OUTPUT}\n") + set(${_curl_test} "" CACHE INTERNAL "curl test") + message(STATUS "Performing Test ${_curl_test} - Failed") endif() endif() endmacro() -macro(curl_nroff_check) - find_program(NROFF NAMES gnroff nroff) - if(NROFF) - # Need a way to write to stdin, this will do - file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" "test") - # Tests for a valid nroff option to generate a manpage - foreach(_MANOPT "-man" "-mandoc") - execute_process(COMMAND "${NROFF}" ${_MANOPT} - OUTPUT_VARIABLE NROFF_MANOPT_OUTPUT - INPUT_FILE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" - ERROR_QUIET) - # Save the option if it was valid - if(NROFF_MANOPT_OUTPUT) - message("Found *nroff option: -- ${_MANOPT}") - set(NROFF_MANOPT ${_MANOPT}) - set(NROFF_USEFUL ON) - break() - endif() - endforeach() - # No need for the temporary file - file(REMOVE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt") - if(NOT NROFF_USEFUL) - message(WARNING "Found no *nroff option to get plaintext from man pages") +# Option for dependencies that accepts an 'AUTO' value, which enables the dependency if detected. +macro(curl_dependency_option _option_name _find_name _desc_name) + set(${_option_name} "AUTO" CACHE STRING "Build curl with ${_desc_name} support (AUTO, ON or OFF)") + set_property(CACHE ${_option_name} PROPERTY STRINGS "AUTO" "ON" "OFF") + + if(${_option_name} STREQUAL "AUTO") + if(_find_name STREQUAL "ZLIB") + find_package(${_find_name}) + else() + find_package(${_find_name} MODULE) endif() + elseif(${_option_name}) + if(_find_name STREQUAL "ZLIB") + find_package(${_find_name} REQUIRED) + else() + find_package(${_find_name} MODULE REQUIRED) + endif() + else() + string(TOUPPER "${_find_name}" _find_name_upper) + set(${_find_name}_FOUND OFF) # cmake-lint: disable=C0103 + set(${_find_name_upper}_FOUND OFF) # cmake-lint: disable=C0103 + endif() +endmacro() + +# Convert the passed paths to libpath linker options and add them to CMAKE_REQUIRED_*. +macro(curl_required_libpaths _libpaths_arg) + if(CMAKE_VERSION VERSION_LESS 3.31) + set(_libpaths "${_libpaths_arg}") + foreach(_libpath IN LISTS _libpaths) + list(APPEND CMAKE_REQUIRED_LINK_OPTIONS "${CMAKE_LIBRARY_PATH_FLAG}${_libpath}") + endforeach() else() - message(WARNING "Found no *nroff program") + list(APPEND CMAKE_REQUIRED_LINK_DIRECTORIES "${_libpaths_arg}") + endif() +endmacro() + +# Pre-fill variables set by a check_type_size() call. +macro(curl_prefill_type_size _type _size) + set(HAVE_SIZEOF_${_type} TRUE) + set(SIZEOF_${_type} ${_size}) + set(SIZEOF_${_type}_CODE "#define SIZEOF_${_type} ${_size}") +endmacro() + +# Internal: Recurse into target libraries and collect their include directories +# and macro definitions. +macro(curl_collect_target_compile_options _target) + get_target_property(_val ${_target} INTERFACE_COMPILE_DEFINITIONS) + if(_val) + list(APPEND _definitions ${_val}) + endif() + get_target_property(_val ${_target} INTERFACE_INCLUDE_DIRECTORIES) + if(_val) + list(APPEND _incsys ${_val}) + endif() + get_target_property(_val ${_target} INTERFACE_COMPILE_OPTIONS) + if(_val) + list(APPEND _options ${_val}) + endif() + get_target_property(_val ${_target} LINK_LIBRARIES) + if(_val) + foreach(_lib IN LISTS _val) + if(TARGET "${_lib}") + curl_collect_target_compile_options(${_lib}) + endif() + endforeach() endif() + unset(_val) endmacro() -macro(optional_dependency DEPENDENCY) - set(CURL_${DEPENDENCY} AUTO CACHE STRING "Build curl with ${DEPENDENCY} support (AUTO, ON or OFF)") - set_property(CACHE CURL_${DEPENDENCY} PROPERTY STRINGS AUTO ON OFF) +# Create a clang-tidy target for test targets +function(curl_add_clang_tidy_test_target _target_clang_tidy _target) + if(CURL_CLANG_TIDY) + + set(_definitions "") + set(_includes "") + set(_incsys "") + set(_options "") + + # Make a list of known system include directories + set(_sys_incdirs "${CMAKE_C_IMPLICIT_INCLUDE_DIRECTORIES}") + foreach(_inc IN LISTS CMAKE_SYSTEM_PREFIX_PATH) + if(NOT _inc MATCHES "/$") + string(APPEND _inc "/") + endif() + string(APPEND _inc "include") + if(NOT _inc IN_LIST _sys_incdirs AND IS_DIRECTORY "${_inc}") + list(APPEND _sys_incdirs "${_inc}") + endif() + endforeach() - if(CURL_${DEPENDENCY} STREQUAL AUTO) - find_package(${DEPENDENCY}) - elseif(CURL_${DEPENDENCY}) - find_package(${DEPENDENCY} REQUIRED) + # Collect options applying to the directory + get_directory_property(_val COMPILE_DEFINITIONS) + if(_val) + list(APPEND _definitions ${_val}) + endif() + get_directory_property(_val INCLUDE_DIRECTORIES) + if(_val) + list(APPEND _includes ${_val}) + endif() + get_directory_property(_val COMPILE_OPTIONS) + if(_val) + list(APPEND _options ${_val}) + endif() + + # Collect options applying to the target + get_target_property(_val ${_target} COMPILE_DEFINITIONS) + if(_val) + list(APPEND _definitions ${_val}) + endif() + get_target_property(_val ${_target} INCLUDE_DIRECTORIES) + if(_val) + list(APPEND _includes ${_val}) + endif() + get_target_property(_val ${_target} COMPILE_OPTIONS) + if(_val) + list(APPEND _options ${_val}) + endif() + + # Collect header directories and macro definitions from lib dependencies + curl_collect_target_compile_options(${_target}) + + list(REMOVE_ITEM _definitions "") + string(REPLACE ";" ";-D" _definitions ";${_definitions}") + list(REMOVE_DUPLICATES _definitions) + list(SORT _definitions) # Sort like CMake does + + list(REMOVE_ITEM _includes "") + string(REPLACE ";" ";-I" _includes ";${_includes}") + list(REMOVE_DUPLICATES _includes) + + set(_incsys_tmp ${_incsys}) + list(REMOVE_DUPLICATES _incsys_tmp) + set(_incsys "") + set(_incsystop "") + foreach(_inc IN LISTS _incsys_tmp) + if(_inc IN_LIST _sys_incdirs) + list(APPEND _incsystop "${_inc}") # Save system prefixes to re-add them later to the end of list + continue() + endif() + # Avoid empty and '$' items. The latter + # evaluates to an empty path in this context. Also skip + # '$', as already present in '_includes'. + if(_inc AND + NOT _inc MATCHES "INSTALL_INTERFACE:" AND + NOT _inc MATCHES "BUILD_INTERFACE:") + list(APPEND _incsys "-isystem" "${_inc}") + endif() + endforeach() + foreach(_inc IN LISTS _incsystop) + list(APPEND _incsys "-isystem" "${_inc}") + endforeach() + + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + list(REMOVE_DUPLICATES _options) # Keep the first of duplicates to imitate CMake + else() + set(_options) + endif() + + # Assemble source list + set(_sources "") + foreach(_source IN ITEMS ${ARGN}) + if(NOT EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/${_source}") # if not in source tree + set(_source "${CMAKE_CURRENT_BINARY_DIR}/${_source}") # look in the build tree, for generated files, e.g. lib1521.c + endif() + list(APPEND _sources "${_source}") + endforeach() + + set(_cc "${CMAKE_C_COMPILER}") + if(CMAKE_C_COMPILER_TARGET AND CMAKE_C_COMPILE_OPTIONS_TARGET) + list(APPEND _cc "${CMAKE_C_COMPILE_OPTIONS_TARGET}${CMAKE_C_COMPILER_TARGET}") + endif() + if(APPLE AND CMAKE_OSX_SYSROOT) + list(APPEND _cc "-isysroot" "${CMAKE_OSX_SYSROOT}") + elseif(CMAKE_SYSROOT AND CMAKE_C_COMPILE_OPTIONS_SYSROOT) + list(APPEND _cc "${CMAKE_C_COMPILE_OPTIONS_SYSROOT}${CMAKE_SYSROOT}") + endif() + + # Pass -clang-diagnostic-unused-function to disable -Wunused-function implied by -Wunused + add_custom_target(${_target_clang_tidy} USES_TERMINAL + WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" + COMMAND ${CMAKE_C_CLANG_TIDY} + "--checks=-clang-diagnostic-unused-function" + ${_sources} -- ${_cc} ${_definitions} ${_includes} ${_incsys} ${_options} + DEPENDS ${_sources}) + add_dependencies(tests-clang-tidy ${_target_clang_tidy}) + endif() +endfunction() + +# Internal: Recurse into interface targets and collect their libraries +# and library paths. +macro(curl_collect_target_link_options _target) + get_target_property(_val ${_target} INTERFACE_LINK_DIRECTORIES) + if(_val) + list(APPEND _libdirs ${_val}) + endif() + get_target_property(_val ${_target} IMPORTED) + if(_val) + # LOCATION is empty for interface library targets and safe to ignore. + # Explicitly skip this query to avoid CMake v3.18 and older erroring out. + get_target_property(_val ${_target} TYPE) + if(NOT "${_val}" STREQUAL "INTERFACE_LIBRARY") + get_target_property(_val ${_target} LOCATION) + if(_val) + list(APPEND _libs ${_val}) + endif() + endif() + endif() + get_target_property(_val ${_target} INTERFACE_LINK_LIBRARIES) + if(_val) + foreach(_lib IN LISTS _val) + if(TARGET "${_lib}") + curl_collect_target_link_options(${_lib}) + else() + list(APPEND _libs ${_lib}) + endif() + endforeach() endif() + unset(_val) endmacro() diff --git a/CMake/OtherTests.cmake b/CMake/OtherTests.cmake index fed86d8ca4cf..650a42d8bd22 100644 --- a/CMake/OtherTests.cmake +++ b/CMake/OtherTests.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,288 +18,132 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### include(CheckCSourceCompiles) -# The begin of the sources (macros and includes) -set(_source_epilogue "#undef inline") - -macro(add_header_include check header) - if(${check}) - set(_source_epilogue "${_source_epilogue}\n#include <${header}>") +include(CheckCSourceRuns) +include(CheckTypeSize) + +# #include header if condition is true +macro(curl_add_header_include _check _header) + if(${_check}) + set(_source_epilogue "${_source_epilogue} + #include <${_header}>") endif() endmacro() -set(signature_call_conv) -if(HAVE_WINDOWS_H) - add_header_include(HAVE_WINSOCK2_H "winsock2.h") - add_header_include(HAVE_WINDOWS_H "windows.h") - add_header_include(HAVE_WINSOCK_H "winsock.h") - set(_source_epilogue - "${_source_epilogue}\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif") - set(signature_call_conv "PASCAL") - if(HAVE_LIBWS2_32) - set(CMAKE_REQUIRED_LIBRARIES ws2_32) - endif() -else() - add_header_include(HAVE_SYS_TYPES_H "sys/types.h") - add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h") -endif() - -set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) - -function(curl_cv_func_recv_run_test recv_retv recv_arg1 recv_arg2 recv_arg3 recv_arg4) - unset(curl_cv_func_recv_test CACHE) - check_c_source_compiles(" - ${_source_epilogue} - #ifdef WINSOCK_API_LINKAGE - WINSOCK_API_LINKAGE - #endif - extern ${recv_retv} ${signature_call_conv} - recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4}); - int main(void) { - ${recv_arg1} s=0; - ${recv_arg2} buf=0; - ${recv_arg3} len=0; - ${recv_arg4} flags=0; - ${recv_retv} res = recv(s, buf, len, flags); - (void) res; - return 0; - }" - curl_cv_func_recv_test) - message(STATUS - "Tested: ${recv_retv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})") - if(curl_cv_func_recv_test) - set(curl_cv_func_recv_args - "${recv_arg1},${recv_arg2},${recv_arg3},${recv_arg4},${recv_retv}" PARENT_SCOPE) - set(RECV_TYPE_ARG1 "${recv_arg1}" PARENT_SCOPE) - set(RECV_TYPE_ARG2 "${recv_arg2}" PARENT_SCOPE) - set(RECV_TYPE_ARG3 "${recv_arg3}" PARENT_SCOPE) - set(RECV_TYPE_ARG4 "${recv_arg4}" PARENT_SCOPE) - set(RECV_TYPE_RETV "${recv_retv}" PARENT_SCOPE) - set(HAVE_RECV 1 PARENT_SCOPE) - set(curl_cv_func_recv_done 1 PARENT_SCOPE) - endif() -endfunction() - -check_c_source_compiles("${_source_epilogue} -int main(void) { - recv(0, 0, 0, 0); - return 0; -}" curl_cv_recv) -if(curl_cv_recv) - if(NOT DEFINED curl_cv_func_recv_args OR curl_cv_func_recv_args STREQUAL "unknown") - if(APPLE) - curl_cv_func_recv_run_test("ssize_t" "int" "void *" "size_t" "int") - endif() - foreach(recv_retv "int" "ssize_t" ) - foreach(recv_arg1 "SOCKET" "int" ) - foreach(recv_arg2 "char *" "void *" ) - foreach(recv_arg3 "int" "size_t" "socklen_t" "unsigned int") - foreach(recv_arg4 "int" "unsigned int") - if(NOT curl_cv_func_recv_done) - curl_cv_func_recv_run_test(${recv_retv} ${recv_arg1} ${recv_arg2} ${recv_arg3} ${recv_arg4}) - endif() - endforeach() - endforeach() - endforeach() - endforeach() - endforeach() - else() - string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG1 "${curl_cv_func_recv_args}") - string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG2 "${curl_cv_func_recv_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG3 "${curl_cv_func_recv_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" RECV_TYPE_ARG4 "${curl_cv_func_recv_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" RECV_TYPE_RETV "${curl_cv_func_recv_args}") - endif() - - if(curl_cv_func_recv_args STREQUAL "unknown") - message(FATAL_ERROR "Cannot find proper types to use for recv args") - endif() -else() - message(FATAL_ERROR "Unable to link function recv") -endif() -set(curl_cv_func_recv_args "${curl_cv_func_recv_args}" CACHE INTERNAL "Arguments for recv") -set(HAVE_RECV 1) - -function(curl_cv_func_send_run_test send_retv send_arg1 send_arg2 send_arg3 send_arg4) - unset(curl_cv_func_send_test CACHE) - check_c_source_compiles(" - ${_source_epilogue} - #ifdef WINSOCK_API_LINKAGE - WINSOCK_API_LINKAGE - #endif - extern ${send_retv} ${signature_call_conv} - send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4}); - int main(void) { - ${send_arg1} s=0; - ${send_arg2} buf=0; - ${send_arg3} len=0; - ${send_arg4} flags=0; - ${send_retv} res = send(s, buf, len, flags); - (void) res; - return 0; - }" - curl_cv_func_send_test) - message(STATUS - "Tested: ${send_retv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})") - if(curl_cv_func_send_test) - string(REGEX REPLACE "(const) .*" "\\1" send_qual_arg2 "${send_arg2}") - string(REGEX REPLACE "const (.*)" "\\1" send_arg2 "${send_arg2}") - set(curl_cv_func_send_args - "${send_arg1},${send_arg2},${send_arg3},${send_arg4},${send_retv},${send_qual_arg2}" PARENT_SCOPE) - set(SEND_TYPE_ARG1 "${send_arg1}" PARENT_SCOPE) - set(SEND_TYPE_ARG2 "${send_arg2}" PARENT_SCOPE) - set(SEND_TYPE_ARG3 "${send_arg3}" PARENT_SCOPE) - set(SEND_TYPE_ARG4 "${send_arg4}" PARENT_SCOPE) - set(SEND_TYPE_RETV "${send_retv}" PARENT_SCOPE) - set(HAVE_SEND 1 PARENT_SCOPE) - set(curl_cv_func_send_done 1 PARENT_SCOPE) - endif() -endfunction() +set(_cmake_try_compile_target_type_save ${CMAKE_TRY_COMPILE_TARGET_TYPE}) +set(CMAKE_TRY_COMPILE_TARGET_TYPE "STATIC_LIBRARY") -check_c_source_compiles("${_source_epilogue} -int main(void) { - send(0, 0, 0, 0); - return 0; -}" curl_cv_send) -if(curl_cv_send) - if(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown") - if(APPLE) - curl_cv_func_send_run_test("ssize_t" "int" "const void *" "size_t" "int") - endif() - foreach(send_retv "int" "ssize_t" ) - foreach(send_arg1 "SOCKET" "int" "ssize_t" ) - foreach(send_arg2 "const char *" "const void *" "void *" "char *") - foreach(send_arg3 "int" "size_t" "socklen_t" "unsigned int") - foreach(send_arg4 "int" "unsigned int") - if(NOT curl_cv_func_send_done) - curl_cv_func_send_run_test("${send_retv}" "${send_arg1}" "${send_arg2}" "${send_arg3}" "${send_arg4}") - endif() - endforeach() - endforeach() - endforeach() - endforeach() - endforeach() +if(NOT DEFINED HAVE_STRUCT_SOCKADDR_STORAGE) + cmake_push_check_state() + set(CMAKE_EXTRA_INCLUDE_FILES "") + if(WIN32) + set(CMAKE_EXTRA_INCLUDE_FILES "winsock2.h") + list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32") else() - string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG1 "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG2 "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG3 "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG4 "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" SEND_TYPE_RETV "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" SEND_QUAL_ARG2 "${curl_cv_func_send_args}") - endif() - - if("${curl_cv_func_send_args}" STREQUAL "unknown") - message(FATAL_ERROR "Cannot find proper types to use for send args") + set(CMAKE_EXTRA_INCLUDE_FILES "sys/socket.h") endif() - set(SEND_QUAL_ARG2 "const") -else() - message(FATAL_ERROR "Unable to link function send") + check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE) + set(HAVE_STRUCT_SOCKADDR_STORAGE ${HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE}) + cmake_pop_check_state() endif() -set(curl_cv_func_send_args "${curl_cv_func_send_args}" CACHE INTERNAL "Arguments for send") -set(HAVE_SEND 1) +set(_source_epilogue "#undef inline") check_c_source_compiles("${_source_epilogue} - int main(void) { - int flag = MSG_NOSIGNAL; - (void)flag; + #ifdef _MSC_VER + #include + #endif + #ifndef _WIN32 + #include + #endif + #include + int main(void) + { + struct timeval ts; + ts.tv_sec = 0; + ts.tv_usec = 0; + (void)ts; return 0; - }" HAVE_MSG_NOSIGNAL) - -if(NOT HAVE_WINDOWS_H) - add_header_include(HAVE_SYS_TIME_H "sys/time.h") - add_header_include(TIME_WITH_SYS_TIME "time.h") - add_header_include(HAVE_TIME_H "time.h") + }" HAVE_STRUCT_TIMEVAL) + +set(CMAKE_TRY_COMPILE_TARGET_TYPE ${_cmake_try_compile_target_type_save}) +unset(_cmake_try_compile_target_type_save) + +# Detect HAVE_GETADDRINFO_THREADSAFE + +if(WIN32) + set(HAVE_GETADDRINFO_THREADSAFE ${HAVE_GETADDRINFO}) +elseif(NOT HAVE_GETADDRINFO) + set(HAVE_GETADDRINFO_THREADSAFE FALSE) +elseif(APPLE OR + CMAKE_SYSTEM_NAME STREQUAL "AIX" OR + CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "HP-UX" OR + CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "NetBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "SunOS") + set(HAVE_GETADDRINFO_THREADSAFE TRUE) +elseif(BSD OR CMAKE_SYSTEM_NAME MATCHES "BSD") + set(HAVE_GETADDRINFO_THREADSAFE FALSE) endif() -check_c_source_compiles("${_source_epilogue} -int main(void) { - struct timeval ts; - ts.tv_sec = 0; - ts.tv_usec = 0; - (void)ts; - return 0; -}" HAVE_STRUCT_TIMEVAL) -set(HAVE_SIG_ATOMIC_T 1) -set(CMAKE_REQUIRED_FLAGS) -if(HAVE_SIGNAL_H) - set(CMAKE_REQUIRED_FLAGS "-DHAVE_SIGNAL_H") - set(CMAKE_EXTRA_INCLUDE_FILES "signal.h") -endif() -check_type_size("sig_atomic_t" SIZEOF_SIG_ATOMIC_T) -if(HAVE_SIZEOF_SIG_ATOMIC_T) - check_c_source_compiles(" - #ifdef HAVE_SIGNAL_H - # include +if(NOT DEFINED HAVE_GETADDRINFO_THREADSAFE) + set(_source_epilogue "#undef inline + #ifndef _WIN32 + #include + #include + #endif") + curl_add_header_include(HAVE_NETDB_H "netdb.h") + check_c_source_compiles("${_source_epilogue} + int main(void) + { + #ifndef h_errno + #error force compilation error #endif - int main(void) { - static volatile sig_atomic_t dummy = 0; - (void)dummy; return 0; - }" HAVE_SIG_ATOMIC_T_NOT_VOLATILE) - if(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE) - set(HAVE_SIG_ATOMIC_T_VOLATILE 1) + }" HAVE_H_ERRNO) + + if(NOT HAVE_H_ERRNO) + check_c_source_compiles("${_source_epilogue} + int main(void) + { + h_errno = 2; + return h_errno != 0 ? 1 : 0; + }" HAVE_H_ERRNO_ASSIGNABLE) + + if(NOT HAVE_H_ERRNO_ASSIGNABLE) + check_c_source_compiles("${_source_epilogue} + int main(void) + { + #if defined(_POSIX_C_SOURCE) && (_POSIX_C_SOURCE >= 200809L) + #elif defined(_XOPEN_SOURCE) && (_XOPEN_SOURCE >= 700) + #else + #error force compilation error + #endif + return 0; + }" HAVE_H_ERRNO_SBS_ISSUE_7) + endif() endif() -endif() -if(HAVE_WINDOWS_H) - set(CMAKE_EXTRA_INCLUDE_FILES winsock2.h) -else() - set(CMAKE_EXTRA_INCLUDE_FILES) - if(HAVE_SYS_SOCKET_H) - set(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h) + if(HAVE_H_ERRNO OR HAVE_H_ERRNO_ASSIGNABLE OR HAVE_H_ERRNO_SBS_ISSUE_7) + set(HAVE_GETADDRINFO_THREADSAFE TRUE) endif() endif() -check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE) -if(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE) - set(HAVE_STRUCT_SOCKADDR_STORAGE 1) -endif() - -unset(CMAKE_TRY_COMPILE_TARGET_TYPE) - -if(NOT DEFINED CMAKE_TOOLCHAIN_FILE) - # if not cross-compilation... - include(CheckCSourceRuns) - set(CMAKE_REQUIRED_FLAGS "") - if(HAVE_SYS_POLL_H) - set(CMAKE_REQUIRED_FLAGS "-DHAVE_SYS_POLL_H") - elseif(HAVE_POLL_H) - set(CMAKE_REQUIRED_FLAGS "-DHAVE_POLL_H") - endif() - check_c_source_runs(" - #include +if(NOT WIN32 AND NOT DEFINED HAVE_CLOCK_GETTIME_MONOTONIC_RAW) + set(_source_epilogue "#undef inline") + curl_add_header_include(HAVE_SYS_TYPES_H "sys/types.h") + check_c_source_compiles("${_source_epilogue} #include - - #ifdef HAVE_SYS_POLL_H - # include - #elif HAVE_POLL_H - # include - #endif - + #include int main(void) { - if(0 != poll(0, 0, 10)) { - return 1; /* fail */ - } - else { - /* detect the 10.12 poll() breakage */ - struct timeval before, after; - int rc; - size_t us; - - gettimeofday(&before, NULL); - rc = poll(NULL, 0, 500); - gettimeofday(&after, NULL); - - us = (after.tv_sec - before.tv_sec) * 1000000 + - (after.tv_usec - before.tv_usec); - - if(us < 400000) { - return 1; - } - } - return 0; - }" HAVE_POLL_FINE) + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC_RAW, &ts); + return 0; + }" HAVE_CLOCK_GETTIME_MONOTONIC_RAW) endif() +unset(_source_epilogue) diff --git a/CMake/PickyWarnings.cmake b/CMake/PickyWarnings.cmake new file mode 100644 index 000000000000..d53556d0c4c2 --- /dev/null +++ b/CMake/PickyWarnings.cmake @@ -0,0 +1,462 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +include(CheckCCompilerFlag) + +set(_picky "") +set(_picky_nocheck "") # not to pass to feature checks + +if(CURL_WERROR) + if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.24) + set(CMAKE_COMPILE_WARNING_AS_ERROR ON) + elseif(MSVC) + list(APPEND _picky_nocheck "-WX") + else() # llvm/clang and gcc-style options + list(APPEND _picky_nocheck "-Werror") + endif() + + if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND + NOT DOS AND # Watt-32 headers use the '#include_next' GCC extension + CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 5.0) OR + CMAKE_C_COMPILER_ID MATCHES "Clang") + list(APPEND _picky_nocheck "-pedantic-errors") + endif() +endif() + +if(APPLE AND + (CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.6) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 6.1)) + list(APPEND _picky "-Werror=partial-availability") # clang 3.6 appleclang 6.1 +endif() + +if(CMAKE_C_COMPILER_ID STREQUAL "GNU" OR CMAKE_C_COMPILER_ID MATCHES "Clang") + list(APPEND _picky "-Werror-implicit-function-declaration") # clang 1.0 gcc 2.95 +endif() + +if(MSVC) + list(APPEND _picky "-W4") # Use the highest warning level for Visual Studio. +elseif(BORLAND) + list(APPEND _picky "-w-") # Disable warnings on Borland to avoid changing 3rd party code. +endif() + +if(PICKY_COMPILER) + # Leave disabled for GCC <4.6, because they lack #pragma features to silence locally. + if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.6) OR + CMAKE_C_COMPILER_ID MATCHES "Clang") + + # https://clang.llvm.org/docs/DiagnosticsReference.html + # https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html + + # _picky_enable = Options we want to enable as-is. + # _picky_detect = Options we want to test first and enable if available. + + # Prefer the -Wextra alias with clang. + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + set(_picky_enable "-Wextra") + else() + set(_picky_enable "-W") + endif() + + list(APPEND _picky_enable "-Wall") + + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.2) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.2) OR + CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.8) + list(APPEND _picky_enable "-Wpedantic") # clang 3.2 gcc 4.8 appleclang 4.2 + else() + list(APPEND _picky_enable "-pedantic") + endif() + + # ---------------------------------- + # Add new options here, if in doubt: + # ---------------------------------- + set(_picky_detect + ) + + # Notes: -Wno-* options should ideally be disabled at their precise cutoff versions, + # to suppress undesired warnings in case -Weverything is passed as a custom option. + + # Assume these options always exist with both clang and gcc. + # Require clang 3.0 / gcc 2.95 or later. + list(APPEND _picky_enable + -Wbad-function-cast # clang 2.7 gcc 2.95 + -Wconversion # clang 2.7 gcc 2.95 + -Wmissing-declarations # clang 1.0 gcc 2.7 + -Wmissing-prototypes # clang 1.0 gcc 1.0 + -Wnested-externs # clang 1.0 gcc 2.7 + -Wno-long-long # clang 1.0 gcc 2.95 + -Wno-multichar # clang 1.0 gcc 2.95 + -Wpointer-arith # clang 1.0 gcc 1.4 + -Wshadow # clang 1.0 gcc 2.95 + -Wsign-compare # clang 1.0 gcc 2.95 + -Wundef # clang 1.0 gcc 2.95 + -Wunused # clang 1.1 gcc 2.95 + -Wwrite-strings # clang 1.0 gcc 1.4 + ) + + # Always enable with clang, version dependent with gcc + set(_picky_common_old + -Waddress # clang 2.7 gcc 4.3 + -Wattributes # clang 2.7 gcc 4.1 + -Wcast-align # clang 1.0 gcc 4.2 + -Wcast-qual # clang 2.7 gcc 3.4.6 + -Wdeclaration-after-statement # clang 1.0 gcc 3.4 + -Wdiv-by-zero # clang 2.7 gcc 4.1 + -Wempty-body # clang 2.7 gcc 4.3 + -Wendif-labels # clang 1.0 gcc 3.3 + -Wfloat-equal # clang 1.0 gcc 2.96 (3.0) + -Wformat-security # clang 2.7 gcc 4.1 + -Wignored-qualifiers # clang 2.8 gcc 4.3 + -Wmissing-field-initializers # clang 2.7 gcc 4.1 + -Wmissing-noreturn # clang 2.7 gcc 4.1 + -Wno-padded # clang 2.9 gcc 4.1 # Not used: We cannot change public structs + -Wno-sign-conversion # clang 2.9 gcc 4.3 + -Wno-switch-default # clang 2.7 gcc 4.1 # Not used: Annoying to fix or silence + -Wno-switch-enum # clang 2.7 gcc 4.1 # Not used: It basically disallows default case + -Wno-system-headers # clang 1.0 gcc 3.0 + -Wold-style-definition # clang 2.7 gcc 3.4 + -Wredundant-decls # clang 2.7 gcc 4.1 + -Wstrict-prototypes # clang 1.0 gcc 3.3 + -Wtype-limits # clang 2.7 gcc 4.3 + -Wunreachable-code # clang 2.7 gcc 4.1 + # -Wunused-macros # clang 2.7 gcc 4.1 # Not practical + # -Wno-error=unused-macros # clang 2.7 gcc 4.1 + -Wunused-parameter # clang 2.7 gcc 4.1 + -Wvla # clang 2.8 gcc 4.3 + ) + + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + list(APPEND _picky_enable + ${_picky_common_old} + -Wconditional-uninitialized # clang 3.0 + -Wno-used-but-marked-unused # clang 2.9 # Triggered by typecheck-gcc.h with clang 14+, dependency headers + -Wshift-sign-overflow # clang 2.9 + -Wshorten-64-to-32 # clang 1.0 + -Wformat=2 # clang 2.7 gcc 4.8 + ) + if(NOT MSVC) + list(APPEND _picky_enable + -Wlanguage-extension-token # clang 3.0 + ) + endif() + # Enable based on compiler version + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.1) + list(APPEND _picky_enable + -Wno-covered-switch-default # clang 3.1 appleclang 3.1 # Annoying to fix or silence + -Wno-disabled-macro-expansion # clang 3.1 appleclang 3.1 # Triggered by standard headers, + # and curl/curl.h (in rare combinations) + ) + if(MSVC) + list(APPEND _picky_enable + -Wno-format-non-iso # clang 3.1 appleclang 3.1 # 'q' length modifier is not supported by ISO C + ) + else() + list(APPEND _picky_enable + -Wformat-non-iso # clang 3.1 appleclang 3.1 + ) + endif() + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.3) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 5.0)) + list(APPEND _picky_enable + -Wenum-conversion # clang 3.2 gcc 10.0 appleclang 4.2 g++ 11.0 + -Wmissing-variable-declarations # clang 3.2 appleclang 4.2 + -Wno-documentation-unknown-command # clang 3.3 appleclang 5.0 + -Wsometimes-uninitialized # clang 3.2 appleclang 4.2 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.6) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 6.1)) + list(APPEND _picky_enable + -Wdouble-promotion # clang 3.6 gcc 4.6 appleclang 6.1 + -Wheader-guard # clang 3.4 appleclang 5.1 + -Wpragmas # clang 3.5 gcc 4.1 appleclang 6.0 + # -Wunreachable-code-break # clang 3.5 appleclang 6.0 # Not used: Silent in "unity" builds + -Wunused-const-variable # clang 3.4 gcc 6.0 appleclang 5.1 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.9) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 8.1)) + list(APPEND _picky_enable + -Wcomma # clang 3.9 appleclang 8.1 + ) + if(MSVC) + list(APPEND _picky_enable + -Wno-nonportable-system-include-path # clang 3.9 appleclang 8.1 # No truly portable solution to this + ) + endif() + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 7.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 11)) + list(APPEND _picky_enable + -Wassign-enum # clang 7.0 appleclang 11.0 + -Wextra-semi-stmt # clang 7.0 appleclang 11.0 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 10.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 12)) + list(APPEND _picky_enable + -Wimplicit-fallthrough # clang 4.0 gcc 7.0 appleclang 9.0 # We do silencing for clang 10.0 and above only + -Wxor-used-as-pow # clang 10.0 gcc 13.0 appleclang 12.0 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 13.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 13.1)) + list(APPEND _picky_enable + -Wcast-function-type # clang 13.0 appleclang 13.1 + -Wreserved-identifier # clang 13.0 appleclang 13.1 # Keep it before -Wno-reserved-macro-identifier + -Wno-reserved-macro-identifier # clang 13.0 appleclang 13.1 # External macros have to be set sometimes + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 15.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 14.0.3)) + if(CMAKE_GENERATOR STREQUAL "FASTBuild") + list(APPEND _picky_enable + -Wno-gnu-line-marker # clang 15.0 appleclang 14.0.3 + ) + endif() + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 16.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 15.0)) + list(APPEND _picky_enable + -Wno-unsafe-buffer-usage # clang 16.0 appleclang 15.0 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 16.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 16.0)) + list(APPEND _picky_enable + -Wcast-function-type-strict # clang 16.0 appleclang 16.0 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 19.1) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 17.0)) + list(APPEND _picky_enable + -Wno-format-signedness # clang 19.1 gcc 5.1 appleclang 17.0 # In clang-cl enums are signed ints by default + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 21.1) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 26.4)) + list(APPEND _picky_enable + -Warray-compare # clang 20.1 gcc 12.0 appleclang 26.4 + -Wc++-hidden-decl # clang 21.1 appleclang 26.4 + -Wimplicit-int-enum-cast # clang 21.1 + -Wjump-misses-init # clang 21.1 gcc 4.5 appleclang 26.4 + -Wno-implicit-void-ptr-cast # clang 21.1 appleclang 26.4 + -Wtentative-definition-compat # clang 21.1 appleclang 26.4 + ) + if(WIN32) + list(APPEND _picky_enable + -Wno-c++-keyword # clang 21.1 appleclang 26.4 # `wchar_t` triggers it on Windows + ) + else() + list(APPEND _picky_enable + -Wc++-keyword # clang 21.1 appleclang 26.4 + ) + endif() + endif() + else() # gcc + # Enable based on compiler version + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.3) + list(APPEND _picky_enable + ${_picky_common_old} + -Wclobbered # gcc 4.3 + -Wmissing-parameter-type # gcc 4.3 + -Wold-style-declaration # gcc 4.3 + -Wpragmas # clang 3.5 gcc 4.1 appleclang 6.0 + -Wstrict-aliasing=3 # gcc 4.0 + -ftree-vrp # gcc 4.3 (required for -Warray-bounds, included in -Wall) + ) + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.5) + list(APPEND _picky_enable + -Wjump-misses-init # clang 21.1 gcc 4.5 appleclang 26.4 + ) + if(MINGW) + list(APPEND _picky_enable + -Wno-pedantic-ms-format # gcc 4.5 (MinGW-only) + ) + endif() + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.8) + list(APPEND _picky_enable + -Wdouble-promotion # clang 3.6 gcc 4.6 appleclang 6.1 + -Wformat=2 # clang 2.7 gcc 4.8 + -Wtrampolines # gcc 4.6 + ) + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 5.0) + list(APPEND _picky_enable + -Warray-bounds=2 # clang 2.9 gcc 5.0 (clang default: -Warray-bounds) + -Wno-format-signedness # clang 19.1 gcc 5.1 appleclang 17.0 + ) + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 6.0) + list(APPEND _picky_enable + -Wduplicated-cond # gcc 6.0 + -Wnull-dereference # clang 2.9 gcc 6.0 (clang default) + -fdelete-null-pointer-checks + -Wshift-negative-value # clang 3.7 gcc 6.0 (clang default) + -Wshift-overflow=2 # clang 2.9 gcc 6.0 (clang default: -Wshift-overflow) + -Wunused-const-variable # clang 3.4 gcc 6.0 appleclang 5.1 + ) + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 7.0) + list(APPEND _picky_enable + -Walloc-zero # gcc 7.0 + -Wduplicated-branches # gcc 7.0 + -Wformat-truncation=2 # gcc 7.0 + -Wimplicit-fallthrough # clang 4.0 gcc 7.0 appleclang 9.0 + -Wrestrict # gcc 7.0 + ) + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 10.0) + list(APPEND _picky_enable + -Warith-conversion # gcc 10.0 + -Wenum-conversion # clang 3.2 gcc 10.0 appleclang 4.2 g++ 11.0 + ) + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 13.0) + list(APPEND _picky_enable + -Warray-compare # clang 20.1 gcc 12.0 appleclang 26.4 + -Wenum-int-mismatch # gcc 13.0 + -Wxor-used-as-pow # clang 10.0 gcc 13.0 appleclang 12.0 + ) + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 15.0) + list(APPEND _picky_enable + -Wleading-whitespace=spaces # gcc 15.0 + -Wtrailing-whitespace=any # gcc 15.0 + -Wunterminated-string-initialization # gcc 15.0 + ) + endif() + endif() + + # + + set(_picky_skipped "") + foreach(_ccopt IN LISTS _picky_enable) + string(REGEX MATCH "-W([a-z0-9+-]+)" _ccmatch "${_ccopt}") + string(REPLACE "+" "\\+" _cmake_match_1 "${CMAKE_MATCH_1}") # escape '+' to make it a valid regex + if(_ccmatch AND "${CMAKE_C_FLAGS} " MATCHES "-Wno-${_cmake_match_1} " AND + NOT _ccopt STREQUAL "-Wall" AND + NOT _ccopt MATCHES "^-Wno-") + string(APPEND _picky_skipped " ${_ccopt}") + else() + list(APPEND _picky "${_ccopt}") + endif() + endforeach() + if(_picky_skipped) + message(STATUS "Picky compiler options skipped due to CMAKE_C_FLAGS override:${_picky_skipped}") + endif() + + foreach(_ccopt IN LISTS _picky_detect) + # Use a unique variable name 1. for meaningful log output 2. to have a fresh, undefined variable for each detection + string(MAKE_C_IDENTIFIER "OPT${_ccopt}" _optvarname) + # GCC only warns about unknown -Wno- options if there are also other diagnostic messages, + # so test for the positive form instead + string(REPLACE "-Wno-" "-W" _ccopt_on "${_ccopt}") + check_c_compiler_flag(${_ccopt_on} ${_optvarname}) + if(${_optvarname}) + list(APPEND _picky "${_ccopt}") + endif() + endforeach() + + if(CMAKE_C_COMPILER_ID STREQUAL "GNU") + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.0 AND CMAKE_C_COMPILER_VERSION VERSION_LESS 4.7) + list(APPEND _picky "-Wno-missing-field-initializers") # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=36750 + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.3 AND CMAKE_C_COMPILER_VERSION VERSION_LESS 4.8) + list(APPEND _picky "-Wno-type-limits") # Avoid false positives + endif() + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 5.1 AND CMAKE_C_COMPILER_VERSION VERSION_LESS 5.5) + list(APPEND _picky "-Wno-conversion") # Avoid false positives + endif() + endif() + elseif(MSVC AND MSVC_VERSION LESS_EQUAL 1950) # Skip for untested/unreleased newer versions + list(APPEND _picky "-Wall") + list(APPEND _picky "-wd4061") # enumerator 'A' in switch of enum 'B' is not explicitly handled by a case label + list(APPEND _picky "-wd4191") # 'type cast': unsafe conversion from 'FARPROC' to 'void (__cdecl *)(void)' + list(APPEND _picky "-wd4255") # no function prototype given: converting '()' to '(void)' (in winuser.h) + list(APPEND _picky "-wd4464") # relative include path contains '..' + list(APPEND _picky "-wd4548") # expression before comma has no effect; expected expression with side-effect (in FD_SET()) + list(APPEND _picky "-wd4574") # 'M' is defined to be '0': did you mean to use '#if M'? (in ws2tcpip.h) + list(APPEND _picky "-wd4668") # 'M' is not defined as a preprocessor macro, replacing with '0' for '#if/#elif' (in winbase.h) + list(APPEND _picky "-wd4710") # 'fprintf'/'printf'/'sscanf': function not inlined (in tests, with VS2022+ Release) + list(APPEND _picky "-wd4711") # function 'A' selected for automatic inline expansion + # volatile access of '' is subject to /volatile: setting; + # consider using __iso_volatile_load/store intrinsic functions (ARM64) + list(APPEND _picky "-wd4746") + list(APPEND _picky "-wd4820") # 'A': 'N' bytes padding added after data member 'B' + if(MSVC_VERSION GREATER_EQUAL 1900) + list(APPEND _picky "-wd5045") # Compiler will insert Spectre mitigation for memory load if /Qspectre switch specified + endif() + endif() +endif() + +# clang-cl +if(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND MSVC) + list(APPEND _picky "-Wno-language-extension-token") # Allow __int64 + + foreach(_wlist IN ITEMS _picky_nocheck _picky) + set(_picky_tmp "") + foreach(_ccopt IN LISTS "${_wlist}") + # Prefix -Wall, otherwise clang-cl interprets it as an MSVC option and translates it to -Weverything + if(_ccopt MATCHES "^-W" AND NOT _ccopt STREQUAL "-Wall") + list(APPEND _picky_tmp ${_ccopt}) + else() + list(APPEND _picky_tmp "-clang:${_ccopt}") + endif() + endforeach() + set("${_wlist}" ${_picky_tmp}) # cmake-lint: disable=C0103 + endforeach() +endif() + +if(CMAKE_C_STANDARD STREQUAL 90 AND CMAKE_C_COMPILER_ID MATCHES "Clang") + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.2)) + list(APPEND _picky "-Wno-c99-extensions") # Avoid: warning: '_Bool' is a C99 extension + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.9) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 8.1)) + list(APPEND _picky "-Wno-comma") # Just silly + endif() +endif() + +if(DOS AND CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 10.0) + list(APPEND _picky "-Wno-arith-conversion") # Avoid warnings in DJGPP's built-in FD_SET() macro +endif() + +if(_picky_nocheck OR _picky) + set(_picky_tmp "${_picky_nocheck}" "${_picky}") + string(REPLACE ";" " " _picky_tmp "${_picky_tmp}") + string(STRIP "${_picky_tmp}" _picky_tmp) + message(STATUS "Picky compiler options: ${_picky_tmp}") + set_property(DIRECTORY APPEND PROPERTY COMPILE_OPTIONS "${_picky_nocheck}" "${_picky}") + + # Apply to all feature checks + string(REPLACE ";" " " _picky_tmp "${_picky}") + string(APPEND CMAKE_REQUIRED_FLAGS " ${_picky_tmp}") + + unset(_picky) + unset(_picky_tmp) +endif() diff --git a/CMake/Platforms/WindowsCache.cmake b/CMake/Platforms/WindowsCache.cmake deleted file mode 100644 index fb803f8a6a00..000000000000 --- a/CMake/Platforms/WindowsCache.cmake +++ /dev/null @@ -1,127 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -if(NOT UNIX) - if(WIN32) - set(HAVE_LIBDL 0) - set(HAVE_LIBUCB 0) - set(HAVE_LIBSOCKET 0) - set(NOT_NEED_LIBNSL 0) - set(HAVE_LIBNSL 0) - set(HAVE_GETHOSTNAME 1) - set(HAVE_LIBZ 0) - - set(HAVE_DLOPEN 0) - - set(HAVE_ALLOCA_H 0) - set(HAVE_ARPA_INET_H 0) - set(HAVE_DLFCN_H 0) - set(HAVE_FCNTL_H 1) - set(HAVE_INTTYPES_H 0) - set(HAVE_IO_H 1) - set(HAVE_MALLOC_H 1) - set(HAVE_MEMORY_H 1) - set(HAVE_NETDB_H 0) - set(HAVE_NETINET_IF_ETHER_H 0) - set(HAVE_NETINET_IN_H 0) - set(HAVE_NET_IF_H 0) - set(HAVE_PROCESS_H 1) - set(HAVE_PWD_H 0) - set(HAVE_SETJMP_H 1) - set(HAVE_SIGNAL_H 1) - set(HAVE_SOCKIO_H 0) - set(HAVE_STDINT_H 0) - set(HAVE_STDLIB_H 1) - set(HAVE_STRINGS_H 0) - set(HAVE_STRING_H 1) - set(HAVE_SYS_PARAM_H 0) - set(HAVE_SYS_POLL_H 0) - set(HAVE_SYS_SELECT_H 0) - set(HAVE_SYS_SOCKET_H 0) - set(HAVE_SYS_SOCKIO_H 0) - set(HAVE_SYS_STAT_H 1) - set(HAVE_SYS_TIME_H 0) - set(HAVE_SYS_TYPES_H 1) - set(HAVE_SYS_UTIME_H 1) - set(HAVE_TERMIOS_H 0) - set(HAVE_TERMIO_H 0) - set(HAVE_TIME_H 1) - set(HAVE_UNISTD_H 0) - set(HAVE_UTIME_H 0) - set(HAVE_X509_H 0) - set(HAVE_ZLIB_H 0) - - set(HAVE_SIZEOF_LONG_DOUBLE 1) - set(SIZEOF_LONG_DOUBLE 8) - - set(HAVE_SOCKET 1) - set(HAVE_POLL 0) - set(HAVE_SELECT 1) - set(HAVE_STRDUP 1) - set(HAVE_STRSTR 1) - set(HAVE_STRTOK_R 0) - set(HAVE_STRFTIME 1) - set(HAVE_UNAME 0) - set(HAVE_STRCASECMP 0) - set(HAVE_STRICMP 1) - set(HAVE_STRCMPI 1) - set(HAVE_GETTIMEOFDAY 0) - set(HAVE_INET_ADDR 1) - set(HAVE_CLOSESOCKET 1) - set(HAVE_SETVBUF 0) - set(HAVE_SIGSETJMP 0) - set(HAVE_GETPASS_R 0) - set(HAVE_STRLCAT 0) - set(HAVE_GETPWUID 0) - set(HAVE_GETEUID 0) - set(HAVE_UTIME 1) - set(HAVE_RAND_EGD 0) - set(HAVE_RAND_SCREEN 0) - set(HAVE_RAND_STATUS 0) - set(HAVE_GMTIME_R 0) - set(HAVE_LOCALTIME_R 0) - set(HAVE_GETHOSTBYNAME_R 0) - set(HAVE_SIGNAL_FUNC 1) - set(HAVE_SIGNAL_MACRO 0) - - set(HAVE_GETHOSTBYNAME_R_3 0) - set(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0) - set(HAVE_GETHOSTBYNAME_R_5 0) - set(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0) - set(HAVE_GETHOSTBYNAME_R_6 0) - set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0) - - set(TIME_WITH_SYS_TIME 0) - set(HAVE_O_NONBLOCK 0) - set(HAVE_IN_ADDR_T 0) - if(ENABLE_IPV6) - set(HAVE_GETADDRINFO 1) - else() - set(HAVE_GETADDRINFO 0) - endif() - set(STDC_HEADERS 1) - - set(HAVE_SIGACTION 0) - set(HAVE_MACRO_SIGSETJMP 0) - else() - message("This file should be included on Windows platform only") - endif() -endif() diff --git a/CMake/Utilities.cmake b/CMake/Utilities.cmake index 8f9b861bae04..f86a6aa1e832 100644 --- a/CMake/Utilities.cmake +++ b/CMake/Utilities.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,16 +18,69 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### # File containing various utilities -# Returns a list of arguments that evaluate to true -function(count_true output_count_var) - set(lst_len 0) - foreach(option_var IN LISTS ARGN) - if(${option_var}) - math(EXPR lst_len "${lst_len} + 1") +# Return number of arguments that evaluate to true +function(curl_count_true _output_count_var) + set(_list_len 0) + foreach(_option_var IN LISTS ARGN) + if(${_option_var}) + math(EXPR _list_len "${_list_len} + 1") endif() endforeach() - set(${output_count_var} ${lst_len} PARENT_SCOPE) + set(${_output_count_var} ${_list_len} PARENT_SCOPE) +endfunction() + +# Dump all defined variables with their values +function(curl_dumpvars) + message("::group::CMake Variable Dump") + get_cmake_property(_vars VARIABLES) + foreach(_var IN ITEMS ${_vars}) + get_property(_var_type CACHE ${_var} PROPERTY TYPE) + get_property(_var_advanced CACHE ${_var} PROPERTY ADVANCED) + if(_var_type) + set(_var_type ":${_var_type}") + endif() + if(_var_advanced) + set(_var_advanced " [adv]") + endif() + message("${_var}${_var_type}${_var_advanced} = '${${_var}}'") + endforeach() + message("::endgroup::") +endfunction() + +# Dump all target properties +function(curl_dumptargetprops _target) + if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.19 AND TARGET "${_target}") + execute_process(COMMAND "${CMAKE_COMMAND}" "--help-property-list" OUTPUT_VARIABLE _cmake_property_list) + string(REPLACE "\n" ";" _cmake_property_list "${_cmake_property_list}") + list(REMOVE_DUPLICATES _cmake_property_list) + list(REMOVE_ITEM _cmake_property_list "") + list(APPEND _cmake_property_list "INTERFACE_LIBCURL_PC_MODULES") + get_target_property(_target_imported ${_target} IMPORTED) + if(NOT _target_imported) + list(REMOVE_ITEM _cmake_property_list "LOCATION" "LOCATION_" "MACOSX_PACKAGE_LOCATION" "VS_DEPLOYMENT_LOCATION") + endif() + foreach(_prop IN LISTS _cmake_property_list) + if(_prop MATCHES "") + foreach(_config IN ITEMS "DEBUG" "RELEASE" "MINSIZEREL" "RELWITHDEBINFO") + string(REPLACE "" "${_config}" _propconfig "${_prop}") + get_property(_is_set TARGET "${_target}" PROPERTY "${_propconfig}" SET) + if(_is_set) + get_target_property(_val "${_target}" "${_propconfig}") + message("${_target}.${_propconfig} = '${_val}'") + endif() + endforeach() + else() + get_property(_is_set TARGET "${_target}" PROPERTY "${_prop}" SET) + if(_is_set) + get_target_property(_val "${_target}" "${_prop}") + message("${_target}.${_prop} = '${_val}'") + endif() + endif() + endforeach() + endif() endfunction() diff --git a/CMake/cmake_uninstall.cmake.in b/CMake/cmake_uninstall.cmake.in deleted file mode 100644 index e96c1432a3a3..000000000000 --- a/CMake/cmake_uninstall.cmake.in +++ /dev/null @@ -1,47 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") - message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") -endif() - -if(NOT DEFINED CMAKE_INSTALL_PREFIX) - set(CMAKE_INSTALL_PREFIX "@CMAKE_INSTALL_PREFIX@") -endif() -message(${CMAKE_INSTALL_PREFIX}) - -file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files) -string(REGEX REPLACE "\n" ";" files "${files}") -foreach(file ${files}) - message(STATUS "Uninstalling $ENV{DESTDIR}${file}") - if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") - exec_program( - "@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\"" - OUTPUT_VARIABLE rm_out - RETURN_VALUE rm_retval - ) - if(NOT "${rm_retval}" STREQUAL 0) - message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}") - endif() - else() - message(STATUS "File $ENV{DESTDIR}${file} does not exist.") - endif() -endforeach() diff --git a/CMake/cmake_uninstall.in.cmake b/CMake/cmake_uninstall.in.cmake new file mode 100644 index 000000000000..bb95d85a0a72 --- /dev/null +++ b/CMake/cmake_uninstall.in.cmake @@ -0,0 +1,50 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") + message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") +endif() + +if(NOT DEFINED CMAKE_INSTALL_PREFIX) + set(CMAKE_INSTALL_PREFIX "@CMAKE_INSTALL_PREFIX@") +endif() +message(${CMAKE_INSTALL_PREFIX}) + +file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" _files) +string(REGEX REPLACE "\n" ";" _files "${_files}") +foreach(_file ${_files}) + message(STATUS "Uninstalling $ENV{DESTDIR}${_file}") + if(IS_SYMLINK "$ENV{DESTDIR}${_file}" OR EXISTS "$ENV{DESTDIR}${_file}") + execute_process( + COMMAND "@CMAKE_COMMAND@" -E remove "$ENV{DESTDIR}${_file}" + RESULT_VARIABLE rm_retval + OUTPUT_QUIET + ERROR_QUIET + ) + if(NOT "${rm_retval}" STREQUAL 0) + message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${_file}") + endif() + else() + message(STATUS "File $ENV{DESTDIR}${_file} does not exist.") + endif() +endforeach() diff --git a/CMake/curl-config.cmake.in b/CMake/curl-config.cmake.in deleted file mode 100644 index 957148ecc651..000000000000 --- a/CMake/curl-config.cmake.in +++ /dev/null @@ -1,33 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -@PACKAGE_INIT@ - -include(CMakeFindDependencyMacro) -if(@USE_OPENSSL@) - find_dependency(OpenSSL @OPENSSL_VERSION_MAJOR@) -endif() -if(@USE_ZLIB@) - find_dependency(ZLIB @ZLIB_VERSION_MAJOR@) -endif() - -include("${CMAKE_CURRENT_LIST_DIR}/@TARGETS_EXPORT_NAME@.cmake") -check_required_components("@PROJECT_NAME@") diff --git a/CMake/curl-config.in.cmake b/CMake/curl-config.in.cmake new file mode 100644 index 000000000000..29c77c497606 --- /dev/null +++ b/CMake/curl-config.in.cmake @@ -0,0 +1,192 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +@PACKAGE_INIT@ + +option(CURL_USE_CMAKECONFIG "Enable detecting @PROJECT_NAME@ dependencies via CMake Config. Default: @CURL_USE_CMAKECONFIG@" + "@CURL_USE_CMAKECONFIG@") +option(CURL_USE_PKGCONFIG "Enable pkg-config to detect @PROJECT_NAME@ dependencies. Default: @CURL_USE_PKGCONFIG@" + "@CURL_USE_PKGCONFIG@") + +if(CMAKE_VERSION VERSION_LESS @CMAKE_MINIMUM_REQUIRED_VERSION@) + message(STATUS "@PROJECT_NAME@: @PROJECT_NAME@-specific Find modules require " + "CMake @CMAKE_MINIMUM_REQUIRED_VERSION@ or upper, found: ${CMAKE_VERSION}.") +endif() + +include(CMakeFindDependencyMacro) + +if("@USE_OPENSSL@") + if("@OPENSSL_VERSION_MAJOR@") + find_dependency(OpenSSL "@OPENSSL_VERSION_MAJOR@") + else() + find_dependency(OpenSSL) + endif() + # Define lib duplicate to fixup lib order for GCC binutils ld in static builds + if(TARGET OpenSSL::Crypto AND NOT TARGET CURL::OpenSSL_Crypto) + add_library(CURL::OpenSSL_Crypto INTERFACE IMPORTED) + set_target_properties(CURL::OpenSSL_Crypto PROPERTIES INTERFACE_LINK_LIBRARIES OpenSSL::Crypto) + endif() +endif() +if("@HAVE_LIBZ@") + find_dependency(ZLIB "@ZLIB_VERSION_MAJOR@") + # Define lib duplicate to fixup lib order for GCC binutils ld in static builds + if(TARGET ZLIB::ZLIB AND NOT TARGET CURL::ZLIB) + add_library(CURL::ZLIB INTERFACE IMPORTED) + set_target_properties(CURL::ZLIB PROPERTIES INTERFACE_LINK_LIBRARIES ZLIB::ZLIB) + endif() +endif() + +set(_curl_cmake_module_path_save ${CMAKE_MODULE_PATH}) +list(PREPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}) + +set(_curl_libs "") + +if("@HAVE_BROTLI@") + find_dependency(Brotli MODULE) + list(APPEND _curl_libs CURL::brotli) +endif() +if("@USE_ARES@") + find_dependency(Cares MODULE) + list(APPEND _curl_libs CURL::cares) +endif() +if("@HAVE_GSSAPI@") + find_dependency(GSS MODULE) + list(APPEND _curl_libs CURL::gss) +endif() +if("@USE_BACKTRACE@") + find_dependency(Libbacktrace MODULE) + list(APPEND _curl_libs CURL::libbacktrace) +endif() +if("@USE_GSASL@") + find_dependency(Libgsasl MODULE) + list(APPEND _curl_libs CURL::libgsasl) +endif() +if(NOT "@USE_WIN32_LDAP@" AND NOT "@CURL_DISABLE_LDAP@") + find_dependency(LDAP MODULE) + list(APPEND _curl_libs CURL::ldap) +endif() +if("@HAVE_LIBIDN2@") + find_dependency(Libidn2 MODULE) + list(APPEND _curl_libs CURL::libidn2) +endif() +if("@USE_LIBPSL@") + find_dependency(Libpsl MODULE) + list(APPEND _curl_libs CURL::libpsl) +endif() +if("@USE_LIBSSH@") + find_dependency(Libssh MODULE) + list(APPEND _curl_libs CURL::libssh) +endif() +if("@USE_LIBSSH2@") + find_dependency(Libssh2 MODULE) + list(APPEND _curl_libs CURL::libssh2) +endif() +if("@USE_LIBUV@") + find_dependency(Libuv MODULE) + list(APPEND _curl_libs CURL::libuv) +endif() +if("@USE_MBEDTLS@") + find_dependency(MbedTLS MODULE) + list(APPEND _curl_libs CURL::mbedtls) +endif() +if("@USE_NGHTTP2@") + find_dependency(NGHTTP2 MODULE) + list(APPEND _curl_libs CURL::nghttp2) +endif() +if("@USE_NGHTTP3@") + find_dependency(NGHTTP3 MODULE) + list(APPEND _curl_libs CURL::nghttp3) +endif() +if("@USE_NGTCP2@") + find_dependency(NGTCP2 MODULE) + list(APPEND _curl_libs CURL::ngtcp2) +endif() +if("@USE_GNUTLS@") + find_dependency(GnuTLS MODULE) + list(APPEND _curl_libs CURL::gnutls) + find_dependency(Nettle MODULE) + list(APPEND _curl_libs CURL::nettle) +endif() +if("@USE_QUICHE@") + find_dependency(Quiche MODULE) + list(APPEND _curl_libs CURL::quiche) +endif() +if("@USE_RUSTLS@") + find_dependency(Rustls MODULE) + list(APPEND _curl_libs CURL::rustls) +endif() +if("@USE_WOLFSSL@") + find_dependency(WolfSSL MODULE) + list(APPEND _curl_libs CURL::wolfssl) +endif() +if("@HAVE_ZSTD@") + find_dependency(Zstd MODULE) + list(APPEND _curl_libs CURL::zstd) +endif() + +set(CMAKE_MODULE_PATH ${_curl_cmake_module_path_save}) + +# Define lib duplicate to fixup lib order for GCC binutils ld in static builds +if(WIN32 AND NOT TARGET CURL::win32_winsock) + add_library(CURL::win32_winsock INTERFACE IMPORTED) + set_target_properties(CURL::win32_winsock PROPERTIES INTERFACE_LINK_LIBRARIES "ws2_32") +endif() + +include("${CMAKE_CURRENT_LIST_DIR}/@TARGETS_EXPORT_NAME@.cmake") + +# Alias for either shared or static library +if(NOT TARGET @PROJECT_NAME@::@LIB_NAME@) + add_library(@PROJECT_NAME@::@LIB_NAME@ ALIAS @PROJECT_NAME@::@LIB_SELECTED@) +endif() + +# For compatibility with CMake's FindCURL.cmake +set(CURL_VERSION_STRING "@CURLVERSION@") +set(CURL_LIBRARIES @PROJECT_NAME@::@LIB_NAME@) +set(CURL_LIBRARIES_PRIVATE "@LIBCURL_PC_LIBS_PRIVATE_LIST@") +set_and_check(CURL_INCLUDE_DIRS "@PACKAGE_CMAKE_INSTALL_INCLUDEDIR@") + +set(CURL_SUPPORTED_PROTOCOLS "@CURL_SUPPORTED_PROTOCOLS_LIST@") +set(CURL_SUPPORTED_FEATURES "@CURL_SUPPORTED_FEATURES_LIST@") + +foreach(_curl_item IN LISTS CURL_SUPPORTED_PROTOCOLS CURL_SUPPORTED_FEATURES) + set(CURL_SUPPORTS_${_curl_item} TRUE) +endforeach() + +set(_curl_missing_req "") +foreach(_curl_item IN LISTS CURL_FIND_COMPONENTS) + if(CURL_SUPPORTS_${_curl_item}) + set(CURL_${_curl_item}_FOUND TRUE) + elseif(CURL_FIND_REQUIRED_${_curl_item}) + list(APPEND _curl_missing_req ${_curl_item}) + endif() +endforeach() + +if(_curl_missing_req) + string(REPLACE ";" " " _curl_missing_req "${_curl_missing_req}") + if(CURL_FIND_REQUIRED) + message(FATAL_ERROR "@PROJECT_NAME@: missing required components: ${_curl_missing_req}") + endif() + unset(_curl_missing_req) +endif() + +check_required_components("@PROJECT_NAME@") diff --git a/CMake/unix-cache.cmake b/CMake/unix-cache.cmake new file mode 100644 index 000000000000..51bfa17d2918 --- /dev/null +++ b/CMake/unix-cache.cmake @@ -0,0 +1,301 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# Based on CI runs for Cygwin/MSYS2, Linux, macOS, FreeBSD, NetBSD, OpenBSD +if(NOT UNIX) + message(FATAL_ERROR "This file should be included on Unix platforms only") +endif() + +if(APPLE OR + CYGWIN) + set(HAVE_ACCEPT4 0) +elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux" OR + CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "NetBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(HAVE_ACCEPT4 1) +endif() +set(HAVE_ALARM 1) +if(ANDROID) + set(HAVE_ARC4RANDOM 1) +else() + set(HAVE_ARC4RANDOM 0) +endif() +set(HAVE_ARPA_INET_H 1) +set(HAVE_ATOMIC 1) +set(HAVE_BASENAME 1) +set(HAVE_BOOL_T 1) +if(NOT APPLE) + set(HAVE_CLOCK_GETTIME_MONOTONIC 1) + if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + set(HAVE_CLOCK_GETTIME_MONOTONIC_RAW 1) + else() + set(HAVE_CLOCK_GETTIME_MONOTONIC_RAW 0) + endif() +endif() +set(HAVE_CLOSESOCKET 0) +set(HAVE_DECL_FSEEKO 1) +set(HAVE_DIRENT_H 1) +if(APPLE OR + CYGWIN OR + CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(HAVE_EVENTFD 0) +elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux" OR + CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "NetBSD") + set(HAVE_EVENTFD 1) +endif() +set(HAVE_FCNTL 1) +set(HAVE_FCNTL_H 1) +set(HAVE_FCNTL_O_NONBLOCK 1) +set(HAVE_FILE_OFFSET_BITS 1) +set(HAVE_FNMATCH 1) +set(HAVE_FREEADDRINFO 1) +set(HAVE_FSEEKO 1) +if(APPLE) + set(HAVE_FSETXATTR 1) + set(HAVE_FSETXATTR_5 0) + set(HAVE_FSETXATTR_6 1) +elseif(CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(HAVE_FSETXATTR 0) + set(HAVE_FSETXATTR_5 0) + set(HAVE_FSETXATTR_6 0) +elseif(CYGWIN OR + CMAKE_SYSTEM_NAME STREQUAL "Linux" OR + CMAKE_SYSTEM_NAME STREQUAL "NetBSD") + set(HAVE_FSETXATTR 1) + set(HAVE_FSETXATTR_5 1) + set(HAVE_FSETXATTR_6 0) +endif() +set(HAVE_FTRUNCATE 1) +set(HAVE_GETADDRINFO 1) +if(CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(HAVE_GETADDRINFO_THREADSAFE 0) +elseif(CYGWIN OR + CMAKE_SYSTEM_NAME STREQUAL "Linux" OR + CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "NetBSD") + set(HAVE_GETADDRINFO_THREADSAFE 1) +endif() +set(HAVE_GETEUID 1) +if(APPLE OR + CYGWIN OR + CMAKE_SYSTEM_NAME STREQUAL "NetBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(HAVE_GETHOSTBYNAME_R 0) +elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux" OR + CMAKE_SYSTEM_NAME STREQUAL "FreeBSD") + set(HAVE_GETHOSTBYNAME_R 1) +endif() +set(HAVE_GETHOSTBYNAME_R_3 0) +set(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0) +set(HAVE_GETHOSTBYNAME_R_5 0) +set(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0) +if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + set(HAVE_GETHOSTBYNAME_R_6 1) + set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 1) +else() + set(HAVE_GETHOSTBYNAME_R_6 0) + set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0) +endif() +set(HAVE_GETHOSTNAME 1) +if(NOT ANDROID OR ANDROID_PLATFORM_LEVEL GREATER_EQUAL 24) + set(HAVE_GETIFADDRS 1) +else() + set(HAVE_GETIFADDRS 0) +endif() +if(APPLE OR + CYGWIN OR + CMAKE_SYSTEM_NAME STREQUAL "Linux" OR + CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(HAVE_GETPASS_R 0) +elseif(CMAKE_SYSTEM_NAME STREQUAL "NetBSD") + set(HAVE_GETPASS_R 1) +endif() +set(HAVE_GETPEERNAME 1) +set(HAVE_GETPPID 1) +set(HAVE_GETPWUID 1) +set(HAVE_GETPWUID_R 1) +set(HAVE_GETRLIMIT 1) +set(HAVE_GETSOCKNAME 1) +set(HAVE_GETTIMEOFDAY 1) +if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + # Depends on C library. +else() + set(HAVE_GLIBC_STRERROR_R 0) +endif() +set(HAVE_GMTIME_R 1) +set(HAVE_IFADDRS_H 1) +set(HAVE_IF_NAMETOINDEX 1) +set(HAVE_INET_NTOP 1) +set(HAVE_INET_PTON 1) +set(HAVE_IOCTLSOCKET 0) +set(HAVE_IOCTLSOCKET_CAMEL 0) +set(HAVE_IOCTLSOCKET_CAMEL_FIONBIO 0) +set(HAVE_IOCTLSOCKET_FIONBIO 0) +set(HAVE_IOCTL_FIONBIO 1) +set(HAVE_IOCTL_SIOCGIFADDR 1) +if(CYGWIN) + set(HAVE_IO_H 1) +else() + set(HAVE_IO_H 0) +endif() +set(HAVE_LIBGEN_H 1) +if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + # Requires Linux kernel userspace headers. Expected with glibc. May be missing by default with MUSL. +else() + set(HAVE_LINUX_TCP_H 0) +endif() +set(HAVE_LOCALE_H 1) +set(HAVE_LOCALTIME_R 1) +if(APPLE) + set(HAVE_MACH_ABSOLUTE_TIME 1) +endif() +if(APPLE OR + CYGWIN) + set(HAVE_MEMRCHR 0) +else() + set(HAVE_MEMRCHR 1) +endif() +set(HAVE_NETDB_H 1) +if(ANDROID) + set(HAVE_NETINET_IN6_H 1) +else() + set(HAVE_NETINET_IN6_H 0) +endif() +set(HAVE_NETINET_IN_H 1) +set(HAVE_NETINET_TCP_H 1) +set(HAVE_NETINET_UDP_H 1) +set(HAVE_NET_IF_H 1) +set(HAVE_OPENDIR 1) +set(HAVE_PIPE 1) +if(APPLE OR + CYGWIN) + set(HAVE_PIPE2 0) +elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux" OR + CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "NetBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(HAVE_PIPE2 1) +endif() +set(HAVE_POLL 1) +set(HAVE_POLL_H 1) +if(CMAKE_SYSTEM_NAME STREQUAL "Linux") + # Depends on C library. +else() + set(HAVE_POSIX_STRERROR_R 1) +endif() +set(HAVE_PWD_H 1) +set(HAVE_REALPATH 1) +set(HAVE_RECV 1) +set(HAVE_SA_FAMILY_T 1) +set(HAVE_SCHED_YIELD 1) +set(HAVE_SELECT 1) +set(HAVE_SEND 1) +if(APPLE OR + CYGWIN) + set(HAVE_SENDMMSG 0) +else() + set(HAVE_SENDMMSG 1) +endif() +set(HAVE_SENDMSG 1) +set(HAVE_SETLOCALE 1) +set(HAVE_SETRLIMIT 1) +set(HAVE_SETSOCKOPT_SO_NONBLOCK 0) +set(HAVE_SIGACTION 1) +set(HAVE_SIGINTERRUPT 1) +set(HAVE_SIGNAL 1) +set(HAVE_SIGSETJMP 1) +set(HAVE_SOCKADDR_IN6_SIN6_ADDR 1) +set(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1) +set(HAVE_SOCKET 1) +set(HAVE_SOCKETPAIR 1) +set(HAVE_STDATOMIC_H 1) +set(HAVE_STDBOOL_H 1) +set(HAVE_STDDEF_H 1) # detected by CMake internally in check_type_size() +set(HAVE_STDINT_H 1) # detected by CMake internally in check_type_size() +set(HAVE_STRCASECMP 1) +set(HAVE_STRCMPI 0) +set(HAVE_STRERROR_R 1) +set(HAVE_STRICMP 0) +set(HAVE_STRINGS_H 1) +if(_CURL_OLD_LINUX) + set(HAVE_STROPTS_H 1) +else() + set(HAVE_STROPTS_H 0) # glibc 2.30 or newer. https://sourceware.org/legacy-ml/libc-alpha/2019-08/msg00029.html +endif() +set(HAVE_STRUCT_SOCKADDR_STORAGE 1) +set(HAVE_STRUCT_TIMEVAL 1) +if(ANDROID OR CMAKE_SYSTEM_NAME STREQUAL "iOS") + set(HAVE_SUSECONDS_T 1) +endif() +if(APPLE OR + CYGWIN OR + CMAKE_SYSTEM_NAME STREQUAL "OpenBSD") + set(HAVE_SYS_EVENTFD_H 0) +elseif(CMAKE_SYSTEM_NAME STREQUAL "Linux" OR + CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "NetBSD") + set(HAVE_SYS_EVENTFD_H 1) +endif() +if(CYGWIN OR + CMAKE_SYSTEM_NAME STREQUAL "Linux") + set(HAVE_SYS_FILIO_H 0) +else() + set(HAVE_SYS_FILIO_H 1) +endif() +set(HAVE_SYS_IOCTL_H 1) +set(HAVE_SYS_PARAM_H 1) +set(HAVE_SYS_POLL_H 1) +set(HAVE_SYS_RESOURCE_H 1) +set(HAVE_SYS_SELECT_H 1) +if(CYGWIN OR + CMAKE_SYSTEM_NAME STREQUAL "Linux") + set(HAVE_SYS_SOCKIO_H 0) +else() + set(HAVE_SYS_SOCKIO_H 1) +endif() +set(HAVE_SYS_TYPES_H 1) +set(HAVE_SYS_UN_H 1) +if(CYGWIN) + set(HAVE_SYS_UTIME_H 1) +else() + set(HAVE_SYS_UTIME_H 0) +endif() +set(HAVE_TERMIOS_H 1) +if(CYGWIN OR + CMAKE_SYSTEM_NAME STREQUAL "Linux") + set(HAVE_TERMIO_H 1) +else() + set(HAVE_TERMIO_H 0) +endif() +set(HAVE_TIME_T_UNSIGNED 0) +set(HAVE_UNISTD_H 1) +set(HAVE_UTIME 1) +set(HAVE_UTIMES 1) +set(HAVE_UTIME_H 1) +set(HAVE_WRITABLE_ARGV 1) +set(STDC_HEADERS 1) +set(USE_UNIX_SOCKETS 1) diff --git a/CMake/win32-cache.cmake b/CMake/win32-cache.cmake new file mode 100644 index 000000000000..77535a636795 --- /dev/null +++ b/CMake/win32-cache.cmake @@ -0,0 +1,194 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +if(NOT WIN32) + message(FATAL_ERROR "This file should be included on Windows platform only") +endif() + +if(MINGW) + set(HAVE_BASENAME 1) + set(HAVE_BOOL_T 1) # = HAVE_STDBOOL_H + set(HAVE_DIRENT_H 1) + set(HAVE_FTRUNCATE 1) + set(HAVE_GETTIMEOFDAY 1) + set(HAVE_LIBGEN_H 1) + set(HAVE_OPENDIR 1) + set(HAVE_STDBOOL_H 1) + set(HAVE_STDDEF_H 1) # detected by CMake internally in check_type_size() + set(HAVE_STDINT_H 1) # detected by CMake internally in check_type_size() + set(HAVE_STRINGS_H 1) # wrapper to string.h + set(HAVE_SYS_PARAM_H 1) + set(HAVE_UNISTD_H 1) + set(HAVE_UTIME_H 1) # wrapper to sys/utime.h +else() + set(HAVE_DIRENT_H 0) + set(HAVE_FTRUNCATE 0) + set(HAVE_GETTIMEOFDAY 0) + set(HAVE_LIBGEN_H 0) + set(HAVE_OPENDIR 0) + set(HAVE_STRINGS_H 0) + set(HAVE_SYS_PARAM_H 0) + set(HAVE_UTIME_H 0) + if(MSVC) + set(HAVE_UNISTD_H 0) + set(HAVE_STDDEF_H 1) # detected by CMake internally in check_type_size() + set(HAVE_STDINT_H 1) # detected by CMake internally in check_type_size() + if(MSVC_VERSION GREATER_EQUAL 1800) + set(HAVE_STDBOOL_H 1) + else() + set(HAVE_STDBOOL_H 0) + endif() + set(HAVE_BOOL_T "${HAVE_STDBOOL_H}") + set(HAVE_BASENAME 0) + endif() +endif() + +if((CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.9) OR + (CMAKE_C_COMPILER_ID STREQUAL "Clang" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 3.6)) + # MinGW or clang-cl + set(HAVE_STDATOMIC_H 1) + set(HAVE_ATOMIC 1) +else() + set(HAVE_STDATOMIC_H 0) + set(HAVE_ATOMIC 0) +endif() + +set(HAVE_ACCEPT4 0) +set(HAVE_ALARM 0) +set(HAVE_ARC4RANDOM 0) +set(HAVE_ARPA_INET_H 0) +set(HAVE_CLOSESOCKET 1) +set(HAVE_EVENTFD 0) +set(HAVE_FCNTL 0) +set(HAVE_FCNTL_H 1) +set(HAVE_FCNTL_O_NONBLOCK 0) +set(HAVE_FNMATCH 0) +set(HAVE_FREEADDRINFO 1) # Available in Windows XP and newer +set(HAVE_FSETXATTR 0) +set(HAVE_GETADDRINFO 1) # Available in Windows XP and newer +set(HAVE_GETEUID 0) +set(HAVE_GETHOSTBYNAME_R 0) +set(HAVE_GETHOSTBYNAME_R_3 0) +set(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0) +set(HAVE_GETHOSTBYNAME_R_5 0) +set(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0) +set(HAVE_GETHOSTBYNAME_R_6 0) +set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0) +set(HAVE_GETHOSTNAME 1) +set(HAVE_GETIFADDRS 0) +set(HAVE_GETPASS_R 0) +set(HAVE_GETPEERNAME 1) +set(HAVE_GETPPID 0) +set(HAVE_GETPWUID 0) +set(HAVE_GETPWUID_R 0) +set(HAVE_GETRLIMIT 0) +set(HAVE_GETSOCKNAME 1) +set(HAVE_GLIBC_STRERROR_R 0) +set(HAVE_GMTIME_R 0) +set(HAVE_IFADDRS_H 0) +set(HAVE_INET_NTOP 0) +set(HAVE_INET_PTON 0) +set(HAVE_IOCTLSOCKET 1) +set(HAVE_IOCTLSOCKET_CAMEL 0) +set(HAVE_IOCTLSOCKET_CAMEL_FIONBIO 0) +set(HAVE_IOCTLSOCKET_FIONBIO 1) +set(HAVE_IOCTL_FIONBIO 0) +set(HAVE_IOCTL_SIOCGIFADDR 0) +set(HAVE_IO_H 1) +set(HAVE_LINUX_TCP_H 0) +set(HAVE_LOCALE_H 1) +set(HAVE_LOCALTIME_R 0) +set(HAVE_MEMRCHR 0) +set(HAVE_NETDB_H 0) +set(HAVE_NETINET_IN6_H 0) +set(HAVE_NETINET_IN_H 0) +set(HAVE_NETINET_TCP_H 0) +set(HAVE_NETINET_UDP_H 0) +set(HAVE_NET_IF_H 0) +set(HAVE_PIPE 0) +set(HAVE_PIPE2 0) +set(HAVE_POLL 0) +set(HAVE_POLL_H 0) +set(HAVE_POSIX_STRERROR_R 0) +set(HAVE_PWD_H 0) +set(HAVE_RECV 1) +set(HAVE_SELECT 1) +set(HAVE_SEND 1) +set(HAVE_SENDMMSG 0) +set(HAVE_SENDMSG 0) +set(HAVE_SETLOCALE 1) +set(HAVE_SETRLIMIT 0) +set(HAVE_SETSOCKOPT_SO_NONBLOCK 0) +set(HAVE_SIGACTION 0) +set(HAVE_SIGINTERRUPT 0) +set(HAVE_SIGNAL 1) +set(HAVE_SIGSETJMP 0) +set(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1) +set(HAVE_SOCKET 1) +set(HAVE_SOCKETPAIR 0) +set(HAVE_STRERROR_R 0) +set(HAVE_STROPTS_H 0) +set(HAVE_STRUCT_SOCKADDR_STORAGE 1) +set(HAVE_STRUCT_TIMEVAL 1) +set(HAVE_SYS_EVENTFD_H 0) +set(HAVE_SYS_FILIO_H 0) +set(HAVE_SYS_IOCTL_H 0) +set(HAVE_SYS_POLL_H 0) +set(HAVE_SYS_RESOURCE_H 0) +set(HAVE_SYS_SELECT_H 0) +set(HAVE_SYS_SOCKIO_H 0) +set(HAVE_SYS_TYPES_H 1) +set(HAVE_SYS_UN_H 0) +set(HAVE_SYS_UTIME_H 1) +set(HAVE_TERMIOS_H 0) +set(HAVE_TERMIO_H 0) +set(HAVE_TIME_T_UNSIGNED 0) +set(HAVE_UTIME 1) +set(HAVE_UTIMES 0) +set(STDC_HEADERS 1) + +# Types and sizes + +set(HAVE_SIZEOF_SA_FAMILY_T 0) +set(HAVE_SIZEOF_SUSECONDS_T 0) + +if(MINGW OR MSVC) + curl_prefill_type_size("INT" 4) + curl_prefill_type_size("LONG" 4) + curl_prefill_type_size("__INT64" 8) + curl_prefill_type_size("CURL_OFF_T" 8) + curl_prefill_type_size("CURL_SOCKET_T" ${CMAKE_SIZEOF_VOID_P}) + curl_prefill_type_size("SIZE_T" ${CMAKE_SIZEOF_VOID_P}) + # TIME_T: 8 for _WIN64 or UCRT or MSVC, 4 otherwise + # Also 4 for non-UCRT 32-bit when _USE_32BIT_TIME_T is set. + # mingw-w64 sets _USE_32BIT_TIME_T unless __MINGW_USE_VC2005_COMPAT is explicit defined. + if(MSVC) + set(HAVE_SIZEOF_SSIZE_T 0) + set(HAVE_FILE_OFFSET_BITS 0) + curl_prefill_type_size("OFF_T" 4) + else() + curl_prefill_type_size("SSIZE_T" ${CMAKE_SIZEOF_VOID_P}) + set(HAVE_FILE_OFFSET_BITS 1) # mingw-w64 v3+ + curl_prefill_type_size("OFF_T" 8) # mingw-w64 v3+ + endif() +endif() diff --git a/CMakeLists.txt b/CMakeLists.txt index c85295e1154b..7ca38977801b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,126 +18,327 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # -########################################################################### -# curl/libcurl CMake script -# by Tetetest and Sukender (Benoit Neil) - -# TODO: -# The output .so file lacks the soname number which we currently have within the lib/Makefile.am file -# Add full (4 or 5 libs) SSL support -# Add INSTALL target (EXTRA_DIST variables in Makefile.am may be moved to Makefile.inc so that CMake/CPack is aware of what's to include). -# Check on all possible platforms -# Test with as many configurations possible (With or without any option) -# Create scripts that help keeping the CMake build system up to date (to reduce maintenance). According to Tetetest: -# - lists of headers that 'configure' checks for; -# - curl-specific tests (the ones that are in m4/curl-*.m4 files); -# - (most obvious thing:) curl version numbers. -# Add documentation subproject +# SPDX-License-Identifier: curl # -# To check: -# (From Daniel Stenberg) The cmake build selected to run gcc with -fPIC on my box while the plain configure script did not. -# (From Daniel Stenberg) The gcc command line use neither -g nor any -O options. As a developer, I also treasure our configure scripts's --enable-debug option that sets a long range of "picky" compiler options. -cmake_minimum_required(VERSION 3.2...3.16 FATAL_ERROR) +########################################################################### + +cmake_minimum_required(VERSION 3.18 FATAL_ERROR) +message(STATUS "Using CMake version ${CMAKE_VERSION}") + +# Collect command-line arguments for buildinfo.txt. +# Must reside at the top of the script to work as expected. +set(_cmake_args "") +if(NOT "$ENV{CURL_BUILDINFO}$ENV{CURL_CI}$ENV{CI}" STREQUAL "") + get_cmake_property(_cache_vars CACHE_VARIABLES) + foreach(_cache_var IN ITEMS ${_cache_vars}) + get_property(_cache_var_helpstring CACHE ${_cache_var} PROPERTY HELPSTRING) + if(_cache_var_helpstring STREQUAL "No help, variable specified on the command line.") + get_property(_cache_var_type CACHE ${_cache_var} PROPERTY TYPE) + get_property(_cache_var_value CACHE ${_cache_var} PROPERTY VALUE) + if(_cache_var_type STREQUAL "UNINITIALIZED") + set(_cache_var_type "") + else() + set(_cache_var_type ":${_cache_var_type}") + endif() + string(APPEND _cmake_args " -D${_cache_var}${_cache_var_type}=\"${_cache_var_value}\"") + endif() + endforeach() +endif() -set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}") +list(PREPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake") include(Utilities) include(Macros) include(CMakeDependentOption) include(CheckCCompilerFlag) -project(CURL C) +file(STRINGS "${CMAKE_CURRENT_SOURCE_DIR}/include/curl/curlver.h" _curl_version_h_contents REGEX "#define LIBCURL_VERSION( |_NUM )") +string(REGEX MATCH "#define LIBCURL_VERSION \"[^\"]*" _curl_version ${_curl_version_h_contents}) +string(REGEX REPLACE "[^\"]+\"" "" _curl_version ${_curl_version}) +string(REGEX MATCH "#define LIBCURL_VERSION_NUM 0x[0-9a-fA-F]+" _curl_version_num ${_curl_version_h_contents}) +string(REGEX REPLACE "[^0]+0x" "" _curl_version_num ${_curl_version_num}) +unset(_curl_version_h_contents) -file(STRINGS ${CURL_SOURCE_DIR}/include/curl/curlver.h CURL_VERSION_H_CONTENTS REGEX "#define LIBCURL_VERSION( |_NUM )") -string(REGEX MATCH "#define LIBCURL_VERSION \"[^\"]*" - CURL_VERSION ${CURL_VERSION_H_CONTENTS}) -string(REGEX REPLACE "[^\"]+\"" "" CURL_VERSION ${CURL_VERSION}) -string(REGEX MATCH "#define LIBCURL_VERSION_NUM 0x[0-9a-fA-F]+" - CURL_VERSION_NUM ${CURL_VERSION_H_CONTENTS}) -string(REGEX REPLACE "[^0]+0x" "" CURL_VERSION_NUM ${CURL_VERSION_NUM}) +message(STATUS "curl version=[${_curl_version}]") +string(REGEX REPLACE "([0-9]+\.[0-9]+\.[0-9]+).+" "\\1" _curl_version_sem "${_curl_version}") +project(CURL + VERSION "${_curl_version_sem}" + LANGUAGES C) -# Setup package meta-data -# SET(PACKAGE "curl") -message(STATUS "curl version=[${CURL_VERSION}]") -# SET(PACKAGE_TARNAME "curl") -# SET(PACKAGE_NAME "curl") -# SET(PACKAGE_VERSION "-") -# SET(PACKAGE_STRING "curl-") -# SET(PACKAGE_BUGREPORT "a suitable curl mailing list => https://curl.se/mail/") -set(OPERATING_SYSTEM "${CMAKE_SYSTEM_NAME}") -set(OS "\"${CMAKE_SYSTEM_NAME}\"") +# CMake does not recognize some targets accurately. Touch up configuration manually as a workaround. +if(WINDOWS_STORE AND MINGW) # MinGW UWP build + # CMake (as of v3.31.2) gets confused and applies the MSVC rc.exe command-line + # template to windres. Reset it to the windres template as in 'Modules/Platform/Windows-windres.cmake': + set(CMAKE_RC_COMPILE_OBJECT " -O coff ") +elseif(DOS AND CMAKE_C_COMPILER_ID STREQUAL "GNU") # DJGPP + set(CMAKE_STATIC_LIBRARY_PREFIX "lib") + set(CMAKE_STATIC_LIBRARY_SUFFIX ".a") + set(CMAKE_FIND_LIBRARY_PREFIXES "lib") + set(CMAKE_FIND_LIBRARY_SUFFIXES ".a") +endif() -include_directories(${CURL_SOURCE_DIR}/include) +# Fill platform level variable when using CMake's built-in Android configuration +if(ANDROID AND NOT DEFINED ANDROID_PLATFORM_LEVEL AND NOT CMAKE_SYSTEM_VERSION EQUAL 1) + set(ANDROID_PLATFORM_LEVEL "${CMAKE_SYSTEM_VERSION}") +endif() + +set(_target_flags "") +if(APPLE) + string(APPEND _target_flags " APPLE") +endif() +if(UNIX) + string(APPEND _target_flags " UNIX") +endif() +if(BSD) + string(APPEND _target_flags " BSD") +endif() +if(ANDROID) + string(APPEND _target_flags " ANDROID-${ANDROID_PLATFORM_LEVEL}") +endif() +if(WIN32) + string(APPEND _target_flags " WIN32") +endif() +if(WINDOWS_STORE) + string(APPEND _target_flags " UWP") +endif() +if(CYGWIN) + string(APPEND _target_flags " CYGWIN") +endif() +if(DOS) + string(APPEND _target_flags " DOS") +endif() +if(AMIGA) + string(APPEND _target_flags " AMIGA") +endif() +if(CMAKE_C_COMPILER_ID STREQUAL "GNU") + string(APPEND _target_flags " GCC") +endif() +if(CMAKE_C_COMPILER_ID STREQUAL "AppleClang") + string(APPEND _target_flags " APPLE-CLANG") +elseif(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND MSVC) + string(APPEND _target_flags " CLANG-CL") +elseif(CMAKE_C_COMPILER_ID MATCHES "Clang") + string(APPEND _target_flags " LLVM-CLANG") +endif() +if(MINGW) + string(APPEND _target_flags " MINGW") +endif() +if(MSVC) + string(APPEND _target_flags " MSVC-${MSVC_VERSION}") +endif() +if(VCPKG_TOOLCHAIN) + string(APPEND _target_flags " VCPKG") +endif() +if(CMAKE_CROSSCOMPILING) + string(APPEND _target_flags " CROSS") +endif() +if(CMAKE_C_STANDARD) + string(APPEND _target_flags " C${CMAKE_C_STANDARD}") +endif() +message(STATUS "CMake platform flags:${_target_flags}") + +if(CMAKE_CROSSCOMPILING) + message(STATUS "Cross-compiling: " + "${CMAKE_HOST_SYSTEM_NAME}/${CMAKE_HOST_SYSTEM_PROCESSOR} -> " + "${CMAKE_SYSTEM_NAME}/${CMAKE_SYSTEM_PROCESSOR}") +endif() + +if(CMAKE_C_COMPILER_TARGET) + set(CURL_OS "\"${CMAKE_C_COMPILER_TARGET}\"") +else() + set(CURL_OS "\"${CMAKE_SYSTEM_NAME}\"") +endif() + +if(CURL_PATCHSTAMP) + set(CURL_PATCHSTAMP "\"${CURL_PATCHSTAMP}\"") +endif() + +set(LIB_NAME "libcurl") +set(EXE_NAME "curl") + +set_property(DIRECTORY APPEND PROPERTY INCLUDE_DIRECTORIES "${PROJECT_SOURCE_DIR}/include") + +if(NOT DEFINED CMAKE_UNITY_BUILD_BATCH_SIZE) + set(CMAKE_UNITY_BUILD_BATCH_SIZE 0) +endif() + +# Having CMAKE_TRY_COMPILE_TARGET_TYPE set to STATIC_LIBRARY breaks certain +# 'check_function_exists()' detections (possibly more), by detecting +# non-existing features. This happens by default when using 'ios.toolchain.cmake'. +# Work it around by setting this value to `EXECUTABLE`. +if(CMAKE_TRY_COMPILE_TARGET_TYPE STREQUAL "STATIC_LIBRARY") + message(STATUS "CMAKE_TRY_COMPILE_TARGET_TYPE was found set to STATIC_LIBRARY. " + "Overriding with EXECUTABLE for feature detections to work.") + set(_cmake_try_compile_target_type_save ${CMAKE_TRY_COMPILE_TARGET_TYPE}) + set(CMAKE_TRY_COMPILE_TARGET_TYPE "EXECUTABLE") +endif() option(CURL_WERROR "Turn compiler warnings into errors" OFF) option(PICKY_COMPILER "Enable picky compiler options" ON) -option(BUILD_CURL_EXE "Set to ON to build curl executable." ON) -option(BUILD_SHARED_LIBS "Build shared libraries" ON) -option(ENABLE_ARES "Set to ON to enable c-ares support" OFF) +option(BUILD_CURL_EXE "Build curl executable" ON) +get_property(_has_shared GLOBAL PROPERTY TARGET_SUPPORTS_SHARED_LIBS) +option(BUILD_SHARED_LIBS "Build shared libraries" ${_has_shared}) +option(BUILD_STATIC_LIBS "Build static libraries" OFF) +option(BUILD_STATIC_CURL "Build curl executable with static libcurl" OFF) +option(ENABLE_ARES "Enable c-ares support" OFF) +option(CURL_DISABLE_INSTALL "Disable installation targets" OFF) +option(CURL_BUILD_EVERYTHING "Build optional build targets (examples, tests) by default" OFF) + if(WIN32) - option(CURL_STATIC_CRT "Set to ON to build libcurl with static CRT on Windows (/MT)." OFF) - option(ENABLE_INET_PTON "Set to OFF to prevent usage of inet_pton when building against modern SDKs while still requiring compatibility with older Windows versions, such as Windows XP, Windows Server 2003 etc." ON) - option(ENABLE_UNICODE "Set to ON to use the Unicode version of the Windows API functions" OFF) - set(CURL_TARGET_WINDOWS_VERSION "" CACHE STRING "Minimum target Windows version as hex string") - if(CURL_TARGET_WINDOWS_VERSION) - add_definitions(-D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}") - elseif(ENABLE_INET_PTON) - # _WIN32_WINNT_VISTA (0x0600) - add_definitions(-D_WIN32_WINNT=0x0600) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WIN32_WINNT=0x0600") - else() - # _WIN32_WINNT_WINXP (0x0501) - add_definitions(-D_WIN32_WINNT=0x0501) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WIN32_WINNT=0x0501") + option(ENABLE_UNICODE "Use the Unicode version of the Windows API functions" OFF) + if(WINDOWS_STORE) + set(ENABLE_UNICODE ON) endif() if(ENABLE_UNICODE) - add_definitions(-DUNICODE -D_UNICODE) + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS "UNICODE" "_UNICODE") if(MINGW) - add_compile_options(-municode) + set_property(DIRECTORY APPEND PROPERTY COMPILE_OPTIONS "-municode") endif() endif() -endif() -option(CURL_LTO "Turn on compiler Link Time Optimizations" OFF) -cmake_dependent_option(ENABLE_THREADED_RESOLVER "Set to ON to enable threaded DNS lookup" - ON "NOT ENABLE_ARES" - OFF) + # Apply to all feature checks + list(APPEND CMAKE_REQUIRED_DEFINITIONS "-DWIN32_LEAN_AND_MEAN") -option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF) -option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF) + set(CURL_TARGET_WINDOWS_VERSION "" CACHE STRING "Minimum target Windows version as hex string") + if(CURL_TARGET_WINDOWS_VERSION) + if(CURL_TARGET_WINDOWS_VERSION MATCHES "^0x[0-9a-fA-F]+$") + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS "_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}") + list(APPEND CMAKE_REQUIRED_DEFINITIONS "-D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}") # Apply to all feature checks + else() + message(WARNING "CURL_TARGET_WINDOWS_VERSION value '${CURL_TARGET_WINDOWS_VERSION}' is not a valid hex string.") + endif() + endif() -if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) - if(PICKY_COMPILER) - foreach(_CCOPT -pedantic -Wall -W -Wpointer-arith -Wwrite-strings -Wunused -Wshadow -Winline -Wnested-externs -Wmissing-declarations -Wmissing-prototypes -Wfloat-equal -Wsign-compare -Wundef -Wendif-labels -Wstrict-prototypes -Wdeclaration-after-statement -Wstrict-aliasing=3 -Wcast-align -Wtype-limits -Wold-style-declaration -Wmissing-parameter-type -Wempty-body -Wclobbered -Wignored-qualifiers -Wconversion -Wvla -Wdouble-promotion) - # surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each new - # test result in. - string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) - check_c_compiler_flag(${_CCOPT} ${_optvarname}) - if(${_optvarname}) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_CCOPT}") - endif() - endforeach() - foreach(_CCOPT long-long multichar format-nonliteral sign-conversion system-headers pedantic-ms-format) - # GCC only warns about unknown -Wno- options if there are also other diagnostic messages, - # so test for the positive form instead - string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) - check_c_compiler_flag("-W${_CCOPT}" ${_optvarname}) - if(${_optvarname}) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-${_CCOPT}") + # Detect actual value of _WIN32_WINNT and store as HAVE_WIN32_WINNT + curl_internal_test(HAVE_WIN32_WINNT) + if(HAVE_WIN32_WINNT) + string(REGEX MATCH "_WIN32_WINNT=0x[0-9a-fA-F]+" CURL_TEST_OUTPUT "${CURL_TEST_OUTPUT}") + string(REGEX REPLACE "_WIN32_WINNT=" "" CURL_TEST_OUTPUT "${CURL_TEST_OUTPUT}") + string(REGEX REPLACE "0x([0-9a-fA-F][0-9a-fA-F][0-9a-fA-F])$" "0x0\\1" CURL_TEST_OUTPUT "${CURL_TEST_OUTPUT}") # pad to 4 digits + string(TOLOWER "${CURL_TEST_OUTPUT}" HAVE_WIN32_WINNT) + message(STATUS "Found _WIN32_WINNT=${HAVE_WIN32_WINNT}") + endif() + unset(HAVE_WIN32_WINNT CACHE) # Avoid storing in CMake cache + + if(MINGW) + # Detect __MINGW64_VERSION_MAJOR, __MINGW64_VERSION_MINOR and store as MINGW64_VERSION + curl_internal_test(MINGW64_VERSION) + if(MINGW64_VERSION) + string(REGEX MATCH "MINGW64_VERSION=[0-9]+\.[0-9]+" CURL_TEST_OUTPUT "${CURL_TEST_OUTPUT}") + string(REGEX REPLACE "MINGW64_VERSION=" "" MINGW64_VERSION "${CURL_TEST_OUTPUT}") + if(MINGW64_VERSION) + message(STATUS "Found MINGW64_VERSION=${MINGW64_VERSION}") + if(MINGW64_VERSION VERSION_LESS 3.0) + message(FATAL_ERROR "mingw-w64 3.0 or upper is required") + endif() endif() - endforeach() + endif() + unset(MINGW64_VERSION CACHE) # Avoid storing in CMake cache + endif() +elseif(DOS) + set(BUILD_SHARED_LIBS OFF) + set(BUILD_STATIC_LIBS ON) +endif() +option(CURL_LTO "Enable compiler Link Time Optimizations" OFF) + +if(NOT DOS AND NOT AMIGA) + # if c-ares is used, default the threaded resolver to OFF + if(ENABLE_ARES) + set(_enable_threaded_resolver_default OFF) + else() + set(_enable_threaded_resolver_default ON) endif() + option(ENABLE_THREADED_RESOLVER "Enable threaded DNS lookup" ${_enable_threaded_resolver_default}) +endif() + +if(CYGWIN OR CMAKE_SYSTEM_NAME STREQUAL "Linux" OR CMAKE_SYSTEM_NAME STREQUAL "GNU") + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS "_GNU_SOURCE") # Required for accept4(), pipe2(), sendmmsg() + list(APPEND CMAKE_REQUIRED_DEFINITIONS "-D_GNU_SOURCE") # Apply to all feature checks +endif() + +option(ENABLE_DEBUG "Enable curl debug features (for developing curl itself)" OFF) +if(ENABLE_DEBUG) + message(WARNING "This curl build is Debug-enabled and insecure, do not use in production.") endif() +set(CURL_DEBUG_MACROS "") if(ENABLE_DEBUG) - # DEBUGBUILD will be defined only for Debug builds - set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$:DEBUGBUILD>) - set(ENABLE_CURLDEBUG ON) + list(APPEND CURL_DEBUG_MACROS "DEBUGBUILD") endif() -if(ENABLE_CURLDEBUG) - set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG) +option(CURL_CLANG_TIDY "Run the build through clang-tidy" OFF) +if(CURL_CLANG_TIDY) + find_program(CLANG_TIDY NAMES "clang-tidy" REQUIRED) + if(NOT CMAKE_C_COMPILER_ID MATCHES "Clang") + set(PICKY_COMPILER OFF) # Do a best effort and skip passing non-clang warning options to clang-tidy. + # This lets through warning options enabled via CURL_WERROR=ON, affecting lib and src. + endif() + set(CURL_DISABLE_TYPECHECK ON) # to improve performance (1.4x), avoid potential interference and bugprone-macro-parentheses. + set(CMAKE_C_CLANG_TIDY "${CLANG_TIDY}") + list(APPEND CMAKE_C_CLANG_TIDY "--config-file=${PROJECT_SOURCE_DIR}/.clang-tidy.yml") + if(CURL_WERROR) + list(APPEND CMAKE_C_CLANG_TIDY "--warnings-as-errors=*") + endif() + if(CURL_CLANG_TIDYFLAGS) + string(REPLACE " " ";" _tidy_flags_list "${CURL_CLANG_TIDYFLAGS}") + list(APPEND CMAKE_C_CLANG_TIDY ${_tidy_flags_list}) + endif() +endif() + +option(CURL_GCC_ANALYZER "Enable GCC --analyzer option" OFF) +if(CURL_GCC_ANALYZER AND CMAKE_C_COMPILER_ID STREQUAL "GNU" AND CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 11.0) + set(CURL_DISABLE_TYPECHECK ON) # to improve performance (1.1x). + # https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html + set(CURL_ANALYZER_CFLAGS "-fanalyzer") + # disable checks causing false positives only + list(APPEND CURL_ANALYZER_CFLAGS "-Wno-analyzer-fd-leak" "-Wno-analyzer-fd-use-without-check" "-Wno-analyzer-file-leak") + list(APPEND CURL_ANALYZER_CFLAGS "-Wno-analyzer-infinite-loop") + list(APPEND CURL_ANALYZER_CFLAGS "-Wno-analyzer-malloc-leak") + list(APPEND CURL_ANALYZER_CFLAGS "-Wno-analyzer-out-of-bounds") +endif() + +option(CURL_CODE_COVERAGE "Enable code coverage build options" OFF) +if(CURL_CODE_COVERAGE) + if(CMAKE_C_COMPILER_ID STREQUAL "GNU") + set(CURL_COVERAGE_MACROS "NDEBUG") + set(CURL_COVERAGE_CFLAGS "-O0" "-g" "-fprofile-arcs") + if(CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL 4.1) + list(APPEND CURL_COVERAGE_CFLAGS "--coverage") + else() + list(APPEND CURL_COVERAGE_CFLAGS "-ftest-coverage") + endif() + set(CURL_COVERAGE_LIBS "gcov") + elseif(CMAKE_C_COMPILER_ID MATCHES "Clang") + set(CURL_COVERAGE_MACROS "NDEBUG") + set(CURL_COVERAGE_CFLAGS "-O0" "-g" "-fprofile-instr-generate" "-fcoverage-mapping") + set(CURL_COVERAGE_LDFLAGS "-fprofile-instr-generate" "-fcoverage-mapping") + else() + set(CURL_CODE_COVERAGE OFF) + endif() +endif() + +include(PickyWarnings) + +set(CURL_CFLAGS "") # C flags set for libcurl and curl tool (aka public binaries) only + +option(CURL_DROP_UNUSED "Drop unused code and data from built binaries" OFF) +if(CURL_DROP_UNUSED) + if(APPLE) + set_property(DIRECTORY APPEND PROPERTY LINK_OPTIONS "-Wl,-dead_strip") + elseif(MSVC) # Options below are toolchain defaults in Release configurations. + # This option does not seem to have an effect with VS2010: + set_property(DIRECTORY APPEND PROPERTY LINK_OPTIONS "-OPT:REF") + # Optional, but reduces binary size further, with the cost of larger objects/static libraries: + list(APPEND CURL_CFLAGS "-Gy") + elseif(CMAKE_C_COMPILER_ID STREQUAL "GNU" OR CMAKE_C_COMPILER_ID MATCHES "Clang") + if(WIN32) + # To make -Wl,--gc-sections work on Windows: https://sourceware.org/bugzilla/show_bug.cgi?id=11539 + set_property(DIRECTORY APPEND PROPERTY COMPILE_OPTIONS "-fno-asynchronous-unwind-tables") + endif() + set_property(DIRECTORY APPEND PROPERTY LINK_OPTIONS "-Wl,--gc-sections") + # Optional, but reduces binary size further, with the cost of larger objects/static libraries: + list(APPEND CURL_CFLAGS "-ffunction-sections" "-fdata-sections") + endif() endif() # For debug libs and exes, add "-d" postfix @@ -145,54 +346,187 @@ if(NOT DEFINED CMAKE_DEBUG_POSTFIX) set(CMAKE_DEBUG_POSTFIX "-d") endif() -# initialize CURL_LIBS +set(LIB_STATIC "libcurl_static") +set(LIB_SHARED "libcurl_shared") + +if(NOT BUILD_SHARED_LIBS AND NOT BUILD_STATIC_LIBS) + set(BUILD_STATIC_LIBS ON) +endif() +if(NOT BUILD_STATIC_CURL AND NOT BUILD_SHARED_LIBS) + set(BUILD_STATIC_CURL ON) +elseif(BUILD_STATIC_CURL AND NOT BUILD_STATIC_LIBS) + set(BUILD_STATIC_CURL OFF) +endif() + +# Lib flavour selected for curl tool +if(BUILD_STATIC_CURL) + set(LIB_SELECTED_FOR_EXE ${LIB_STATIC}) +else() + set(LIB_SELECTED_FOR_EXE ${LIB_SHARED}) +endif() + +# Lib flavour selected for example and test programs. +if(BUILD_SHARED_LIBS) + set(LIB_SELECTED ${LIB_SHARED}) +else() + set(LIB_SELECTED ${LIB_STATIC}) +endif() + +if(WIN32) + option(CURL_STATIC_CRT "Build libcurl with static CRT with MSVC (/MT)" OFF) + if(CURL_STATIC_CRT AND MSVC) + if(MSVC_VERSION GREATER_EQUAL 1900 OR BUILD_STATIC_CURL OR NOT BUILD_CURL_EXE) + set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$:Debug>") + set_property(DIRECTORY APPEND PROPERTY COMPILE_OPTIONS "$<$:-MT>") + set_property(DIRECTORY APPEND PROPERTY COMPILE_OPTIONS "$<$:-MTd>") + else() + message(WARNING "Static CRT requires UCRT, static libcurl or no curl executable.") + endif() + endif() +endif() + +# Override to force-disable or force-enable the use of CMake Configs. +if(MSVC AND NOT VCPKG_TOOLCHAIN AND NOT CMAKE_CROSSCOMPILING) + set(_curl_use_cmakeconfig_default ON) +else() + set(_curl_use_cmakeconfig_default OFF) +endif() +option(CURL_USE_CMAKECONFIG "Enable detecting dependencies via CMake Config" ${_curl_use_cmakeconfig_default}) + +# Override to force-disable or force-enable the use of pkg-config. +if((UNIX AND NOT ANDROID AND (NOT APPLE OR CMAKE_SYSTEM_NAME STREQUAL "Darwin")) OR + VCPKG_TOOLCHAIN OR + (MINGW AND NOT CMAKE_CROSSCOMPILING)) + set(_curl_use_pkgconfig_default ON) +else() + set(_curl_use_pkgconfig_default OFF) +endif() +option(CURL_USE_PKGCONFIG "Enable pkg-config to detect dependencies" ${_curl_use_pkgconfig_default}) + +# Initialize variables collecting system and dependency libs. +set(CURL_NETWORK_AND_TIME_LIBS "") set(CURL_LIBS "") if(ENABLE_ARES) set(USE_ARES 1) - find_package(CARES REQUIRED) - list(APPEND CURL_LIBS ${CARES_LIBRARY}) + find_package(Cares MODULE REQUIRED) + list(APPEND CURL_LIBS CURL::cares) endif() include(CurlSymbolHiding) -option(HTTP_ONLY "disables all protocols except HTTP (This overrides all CURL_DISABLE_* options)" OFF) -mark_as_advanced(HTTP_ONLY) -option(CURL_DISABLE_FTP "disables FTP" OFF) -mark_as_advanced(CURL_DISABLE_FTP) -option(CURL_DISABLE_LDAP "disables LDAP" OFF) -mark_as_advanced(CURL_DISABLE_LDAP) -option(CURL_DISABLE_TELNET "disables Telnet" OFF) -mark_as_advanced(CURL_DISABLE_TELNET) -option(CURL_DISABLE_DICT "disables DICT" OFF) +option(CURL_ENABLE_EXPORT_TARGET "Enable CMake export target" ON) +mark_as_advanced(CURL_ENABLE_EXPORT_TARGET) + +option(CURL_DISABLE_ALTSVC "Disable alt-svc support" OFF) +mark_as_advanced(CURL_DISABLE_ALTSVC) +option(CURL_DISABLE_SRP "Disable TLS-SRP support" OFF) +mark_as_advanced(CURL_DISABLE_SRP) +option(CURL_DISABLE_COOKIES "Disable cookies support" OFF) +mark_as_advanced(CURL_DISABLE_COOKIES) +option(CURL_DISABLE_BASIC_AUTH "Disable Basic authentication" OFF) +mark_as_advanced(CURL_DISABLE_BASIC_AUTH) +option(CURL_DISABLE_BEARER_AUTH "Disable Bearer authentication" OFF) +mark_as_advanced(CURL_DISABLE_BEARER_AUTH) +option(CURL_DISABLE_DIGEST_AUTH "Disable Digest authentication" OFF) +mark_as_advanced(CURL_DISABLE_DIGEST_AUTH) +option(CURL_DISABLE_KERBEROS_AUTH "Disable Kerberos authentication" OFF) +mark_as_advanced(CURL_DISABLE_KERBEROS_AUTH) +option(CURL_DISABLE_NEGOTIATE_AUTH "Disable negotiate authentication" OFF) +mark_as_advanced(CURL_DISABLE_NEGOTIATE_AUTH) +option(CURL_DISABLE_AWS "Disable aws-sigv4" OFF) +mark_as_advanced(CURL_DISABLE_AWS) +option(CURL_DISABLE_DICT "Disable DICT" OFF) mark_as_advanced(CURL_DISABLE_DICT) -option(CURL_DISABLE_FILE "disables FILE" OFF) +option(CURL_DISABLE_DOH "Disable DNS-over-HTTPS" OFF) +mark_as_advanced(CURL_DISABLE_DOH) +option(CURL_DISABLE_FILE "Disable FILE" OFF) mark_as_advanced(CURL_DISABLE_FILE) -option(CURL_DISABLE_TFTP "disables TFTP" OFF) -mark_as_advanced(CURL_DISABLE_TFTP) -option(CURL_DISABLE_HTTP "disables HTTP" OFF) +option(CURL_DISABLE_FTP "Disable FTP" OFF) +mark_as_advanced(CURL_DISABLE_FTP) +option(CURL_DISABLE_GETOPTIONS "Disable curl_easy_options API for existing options to curl_easy_setopt" OFF) +mark_as_advanced(CURL_DISABLE_GETOPTIONS) +option(CURL_DISABLE_GOPHER "Disable Gopher" OFF) +mark_as_advanced(CURL_DISABLE_GOPHER) +option(CURL_DISABLE_HEADERS_API "Disable headers-api support" OFF) +mark_as_advanced(CURL_DISABLE_HEADERS_API) +option(CURL_DISABLE_HSTS "Disable HSTS support" OFF) +mark_as_advanced(CURL_DISABLE_HSTS) +option(CURL_DISABLE_HTTP "Disable HTTP" OFF) mark_as_advanced(CURL_DISABLE_HTTP) - -option(CURL_DISABLE_LDAPS "to disable LDAPS" OFF) +option(CURL_DISABLE_HTTP_AUTH "Disable all HTTP authentication methods" OFF) +mark_as_advanced(CURL_DISABLE_HTTP_AUTH) +option(CURL_DISABLE_IMAP "Disable IMAP" OFF) +mark_as_advanced(CURL_DISABLE_IMAP) +option(CURL_DISABLE_LDAP "Disable LDAP" OFF) +mark_as_advanced(CURL_DISABLE_LDAP) +option(CURL_DISABLE_LDAPS "Disable LDAPS" ${CURL_DISABLE_LDAP}) mark_as_advanced(CURL_DISABLE_LDAPS) - -option(CURL_DISABLE_RTSP "to disable RTSP" OFF) -mark_as_advanced(CURL_DISABLE_RTSP) -option(CURL_DISABLE_PROXY "to disable proxy" OFF) -mark_as_advanced(CURL_DISABLE_PROXY) -option(CURL_DISABLE_POP3 "to disable POP3" OFF) +option(CURL_DISABLE_LIBCURL_OPTION "Disable --libcurl option from the curl tool" OFF) +mark_as_advanced(CURL_DISABLE_LIBCURL_OPTION) +option(CURL_DISABLE_MIME "Disable MIME support" OFF) +mark_as_advanced(CURL_DISABLE_MIME) +cmake_dependent_option(CURL_DISABLE_FORM_API "Disable form-api" + OFF "NOT CURL_DISABLE_MIME" + ON) +mark_as_advanced(CURL_DISABLE_FORM_API) +option(CURL_DISABLE_MQTT "Disable MQTT" OFF) +mark_as_advanced(CURL_DISABLE_MQTT) +option(CURL_DISABLE_BINDLOCAL "Disable local binding support" OFF) +mark_as_advanced(CURL_DISABLE_BINDLOCAL) +option(CURL_DISABLE_NETRC "Disable netrc parser" OFF) +mark_as_advanced(CURL_DISABLE_NETRC) +option(CURL_ENABLE_NTLM "Enable NTLM support" OFF) +mark_as_advanced(CURL_ENABLE_NTLM) +option(CURL_DISABLE_PARSEDATE "Disable date parsing" OFF) +mark_as_advanced(CURL_DISABLE_PARSEDATE) +option(CURL_DISABLE_POP3 "Disable POP3" OFF) mark_as_advanced(CURL_DISABLE_POP3) -option(CURL_DISABLE_IMAP "to disable IMAP" OFF) -mark_as_advanced(CURL_DISABLE_IMAP) -option(CURL_DISABLE_SMTP "to disable SMTP" OFF) +option(CURL_DISABLE_PROGRESS_METER "Disable built-in progress meter" OFF) +mark_as_advanced(CURL_DISABLE_PROGRESS_METER) +option(CURL_DISABLE_PROXY "Disable proxy support" OFF) +mark_as_advanced(CURL_DISABLE_PROXY) +option(CURL_DISABLE_IPFS "Disable IPFS" OFF) +mark_as_advanced(CURL_DISABLE_IPFS) +option(CURL_DISABLE_RTSP "Disable RTSP" OFF) +mark_as_advanced(CURL_DISABLE_RTSP) +option(CURL_DISABLE_SHA512_256 "Disable SHA-512/256 hash algorithm" OFF) +mark_as_advanced(CURL_DISABLE_SHA512_256) +option(CURL_DISABLE_SHUFFLE_DNS "Disable shuffle DNS feature" OFF) +mark_as_advanced(CURL_DISABLE_SHUFFLE_DNS) +option(CURL_DISABLE_SMB "Disable SMB" OFF) +mark_as_advanced(CURL_DISABLE_SMB) +option(CURL_DISABLE_SMTP "Disable SMTP" OFF) mark_as_advanced(CURL_DISABLE_SMTP) -option(CURL_DISABLE_GOPHER "to disable Gopher" OFF) -mark_as_advanced(CURL_DISABLE_GOPHER) -option(CURL_DISABLE_MQTT "to disable MQTT" OFF) -mark_as_advanced(CURL_DISABLE_MQTT) +option(CURL_DISABLE_SOCKETPAIR "Disable use of socketpair for curl_multi_poll()" OFF) +mark_as_advanced(CURL_DISABLE_SOCKETPAIR) +option(CURL_DISABLE_WEBSOCKETS "Disable WebSocket" OFF) +mark_as_advanced(CURL_DISABLE_WEBSOCKETS) +option(CURL_DISABLE_TELNET "Disable Telnet" OFF) +mark_as_advanced(CURL_DISABLE_TELNET) +option(CURL_DISABLE_TFTP "Disable TFTP" OFF) +mark_as_advanced(CURL_DISABLE_TFTP) +option(CURL_DISABLE_TYPECHECK "Disable curl_easy_setopt()/curl_easy_getinfo() type checking" OFF) +mark_as_advanced(CURL_DISABLE_TYPECHECK) +option(CURL_DISABLE_VERBOSE_STRINGS "Disable verbose strings" OFF) +mark_as_advanced(CURL_DISABLE_VERBOSE_STRINGS) -option(CURL_ENABLE_EXPORT_TARGET "to enable cmake export target" ON) -mark_as_advanced(CURL_ENABLE_EXPORT_TARGET) +if(CURL_DISABLE_TYPECHECK) + # Set it via the command-line to make it apply to examples also. + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS "CURL_DISABLE_TYPECHECK") +endif() + +if(CURL_DISABLE_HTTP) + set(CURL_DISABLE_ALTSVC ON) + set(CURL_DISABLE_HSTS ON) + set(CURL_DISABLE_IPFS ON) + set(CURL_DISABLE_RTSP ON) + set(CURL_DISABLE_WEBSOCKETS ON) +endif() + +# Corresponds to HTTP_ONLY in lib/curl_setup.h +option(HTTP_ONLY "Disable all protocols except HTTP (This overrides all CURL_DISABLE_* options)" OFF) +mark_as_advanced(HTTP_ONLY) if(HTTP_ONLY) set(CURL_DISABLE_DICT ON) @@ -200,6 +534,7 @@ if(HTTP_ONLY) set(CURL_DISABLE_FTP ON) set(CURL_DISABLE_GOPHER ON) set(CURL_DISABLE_IMAP ON) + set(CURL_DISABLE_IPFS ON) set(CURL_DISABLE_LDAP ON) set(CURL_DISABLE_LDAPS ON) set(CURL_DISABLE_MQTT ON) @@ -209,64 +544,63 @@ if(HTTP_ONLY) set(CURL_DISABLE_SMTP ON) set(CURL_DISABLE_TELNET ON) set(CURL_DISABLE_TFTP ON) + set(CURL_DISABLE_WEBSOCKETS ON) endif() -option(CURL_DISABLE_ALTSVC "to disable alt-svc support" OFF) -mark_as_advanced(CURL_DISABLE_ALTSVC) -option(CURL_DISABLE_HSTS "to disable HSTS support" OFF) -mark_as_advanced(CURL_DISABLE_HSTS) -option(CURL_DISABLE_COOKIES "to disable cookies support" OFF) -mark_as_advanced(CURL_DISABLE_COOKIES) -option(CURL_DISABLE_CRYPTO_AUTH "to disable cryptographic authentication" OFF) -mark_as_advanced(CURL_DISABLE_CRYPTO_AUTH) -option(CURL_DISABLE_NTLM "to disable NTLM support" OFF) -mark_as_advanced(CURL_DISABLE_NTLM) -option(CURL_DISABLE_VERBOSE_STRINGS "to disable verbose strings" OFF) -mark_as_advanced(CURL_DISABLE_VERBOSE_STRINGS) -option(ENABLE_IPV6 "Define if you want to enable IPv6 support" ON) -mark_as_advanced(ENABLE_IPV6) -if(ENABLE_IPV6 AND NOT WIN32) - include(CheckStructHasMember) - check_struct_has_member("struct sockaddr_in6" sin6_addr "netinet/in.h" - HAVE_SOCKADDR_IN6_SIN6_ADDR) - check_struct_has_member("struct sockaddr_in6" sin6_scope_id "netinet/in.h" - HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) - if(NOT HAVE_SOCKADDR_IN6_SIN6_ADDR) - message(WARNING "struct sockaddr_in6 not available, disabling IPv6 support") - # Force the feature off as this name is used as guard macro... - set(ENABLE_IPV6 OFF - CACHE BOOL "Define if you want to enable IPv6 support" FORCE) - endif() +if(WINDOWS_STORE) + set(CURL_DISABLE_TELNET ON) # telnet code needs fixing to compile for UWP. endif() -if(USE_MANUAL) - #nroff is currently only used when USE_MANUAL is set, so we can prevent the warning of no *NROFF if USE_MANUAL is OFF (or not defined), by not even looking for NROFF.. - curl_nroff_check() -endif() -find_package(Perl) +option(CURL_LINT "Run lint checks while building" OFF) -cmake_dependent_option(ENABLE_MANUAL "to provide the built-in manual" - ON "NROFF_USEFUL;PERL_FOUND" - OFF) +find_package(Perl) -if(ENABLE_MANUAL) - set(USE_MANUAL ON) +if(PERL_EXECUTABLE) + add_custom_target(curl-ca-bundle + COMMENT "Generating a fresh ca-bundle.crt" VERBATIM USES_TERMINAL + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/mk-ca-bundle.pl" -b -l -u "lib/ca-bundle.crt" + DEPENDS "${PROJECT_SOURCE_DIR}/scripts/mk-ca-bundle.pl" + ) + add_custom_target(curl-ca-firefox + COMMENT "Generating a fresh ca-bundle.crt" VERBATIM USES_TERMINAL + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/firefox-db2pem.sh" "lib/ca-bundle.crt" + DEPENDS "${PROJECT_SOURCE_DIR}/scripts/firefox-db2pem.sh" + ) + add_custom_target(curl-lint + COMMENT "Running lint checks" VERBATIM USES_TERMINAL + WORKING_DIRECTORY ${PROJECT_SOURCE_DIR} + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/badwords-all" + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/checksrc-all.pl" + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/spacecheck.pl" + DEPENDS + "${PROJECT_SOURCE_DIR}/scripts/badwords-all" "${PROJECT_SOURCE_DIR}/scripts/badwords" + "${PROJECT_SOURCE_DIR}/scripts/checksrc-all.pl" "${PROJECT_SOURCE_DIR}/scripts/checksrc.pl" + "${PROJECT_SOURCE_DIR}/scripts/spacecheck.pl" + ) + if(CURL_LINT) + set_target_properties(curl-lint PROPERTIES EXCLUDE_FROM_ALL FALSE) + endif() endif() -if(CURL_STATIC_CRT) - set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$:Debug>") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /MT") - set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /MTd") -endif() +option(BUILD_LIBCURL_DOCS "Build libcurl man pages" ON) +option(BUILD_MISC_DOCS "Build misc man pages (e.g. curl-config and mk-ca-bundle)" ON) +option(ENABLE_CURL_MANUAL "Build the man page for curl and enable its -M/--manual option" ON) -# Disable warnings on Borland to avoid changing 3rd party code. -if(BORLAND) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w-") +if((ENABLE_CURL_MANUAL OR BUILD_LIBCURL_DOCS) AND NOT Perl_FOUND) + message(WARNING "Perl not found. Will not build manuals.") endif() # If we are on AIX, do the _ALL_SOURCE magic -if(${CMAKE_SYSTEM_NAME} MATCHES AIX) - set(_ALL_SOURCE 1) +if(CMAKE_SYSTEM_NAME STREQUAL "AIX") + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS "_ALL_SOURCE") +endif() + +# If we are on Haiku, make sure that the network library is brought in. +if(CMAKE_SYSTEM_NAME STREQUAL "Haiku") + list(APPEND CURL_NETWORK_AND_TIME_LIBS "network") +elseif(AMIGA) + list(APPEND CURL_NETWORK_AND_TIME_LIBS "net" "m" "atomic") + list(APPEND CMAKE_REQUIRED_LIBRARIES "net" "m" "atomic") endif() # Include all the necessary files for macros @@ -279,339 +613,611 @@ include(CheckSymbolExists) include(CheckTypeSize) include(CheckCSourceCompiles) -# On windows preload settings -if(WIN32) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_=") - include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake) +option(_CURL_PREFILL "Fast-track known feature detection results (Windows, some Apple)" "${WIN32}") +mark_as_advanced(_CURL_PREFILL) +if(_CURL_PREFILL) + if(WIN32) + include("${CMAKE_CURRENT_SOURCE_DIR}/CMake/win32-cache.cmake") + elseif(UNIX) + include("${CMAKE_CURRENT_SOURCE_DIR}/CMake/unix-cache.cmake") + message(STATUS "Pre-filling feature detection results for UNIX") + endif() +elseif(WIN32) + message(STATUS "Pre-filling feature detection results disabled.") +elseif(APPLE) + set(HAVE_EVENTFD 0) + set(HAVE_GETPASS_R 0) + set(HAVE_WRITABLE_ARGV 1) + set(HAVE_SENDMMSG 0) +endif() + +if(AMIGA) + set(HAVE_GETADDRINFO 0) # Breaks the build when detected and used. +endif() +if(DOS OR AMIGA) + set(HAVE_TIME_T_UNSIGNED 1) +endif() + +if(NOT WIN32) + find_package(Threads) + set(HAVE_THREADS_POSIX ${CMAKE_USE_PTHREADS_INIT}) + set(HAVE_PTHREAD_H ${CMAKE_USE_PTHREADS_INIT}) + list(APPEND CURL_NETWORK_AND_TIME_LIBS ${CMAKE_THREAD_LIBS_INIT}) endif() if(ENABLE_THREADED_RESOLVER) - find_package(Threads REQUIRED) - if(WIN32) - set(USE_THREADS_WIN32 ON) - else() - set(USE_THREADS_POSIX ${CMAKE_USE_PTHREADS_INIT}) - set(HAVE_PTHREAD_H ${CMAKE_USE_PTHREADS_INIT}) + if(NOT WIN32 AND NOT HAVE_THREADS_POSIX) + message(FATAL_ERROR "Threaded resolver requires POSIX Threads.") endif() - set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT}) + set(USE_RESOLV_THREADED ON) +elseif(USE_ARES) + set(USE_RESOLV_ARES ON) endif() # Check for all needed libraries -check_library_exists_concat("${CMAKE_DL_LIBS}" dlopen HAVE_LIBDL) -check_library_exists_concat("socket" connect HAVE_LIBSOCKET) -check_library_exists("c" gethostbyname "" NOT_NEED_LIBNSL) - -# Yellowtab Zeta needs different libraries than BeOS 5. -if(BEOS) - set(NOT_NEED_LIBNSL 1) - check_library_exists_concat("bind" gethostbyname HAVE_LIBBIND) - check_library_exists_concat("bnetapi" closesocket HAVE_LIBBNETAPI) +if(DOS) + if(WATT_ROOT) + set(USE_WATT32 ON) + # FIXME upstream: must specify the full path to avoid CMake converting "watt" to "watt.lib" + list(APPEND CURL_NETWORK_AND_TIME_LIBS "${WATT_ROOT}/lib/libwatt.a") + include_directories(SYSTEM "${WATT_ROOT}/inc") + list(APPEND CMAKE_REQUIRED_INCLUDES "${WATT_ROOT}/inc") + else() + message(FATAL_ERROR "Set WATT_ROOT variable to the absolute path to the root installation of Watt-32.") + endif() +elseif(AMIGA) + if(AMISSL_INCLUDE_DIR AND AMISSL_STUBS_LIBRARY AND AMISSL_AUTO_LIBRARY) + set(USE_AMISSL ON) + list(APPEND CMAKE_REQUIRED_INCLUDES "${AMISSL_INCLUDE_DIR}") + list(APPEND CMAKE_REQUIRED_LIBRARIES "${AMISSL_STUBS_LIBRARY}" "${AMISSL_AUTO_LIBRARY}") + set(OPENSSL_INCLUDE_DIR "${AMISSL_INCLUDE_DIR}") + set(OPENSSL_SSL_LIBRARY "${AMISSL_STUBS_LIBRARY}") + set(OPENSSL_CRYPTO_LIBRARY "${AMISSL_AUTO_LIBRARY}") + set(CURL_USE_OPENSSL ON) + set(CURL_CA_FALLBACK ON CACHE BOOL "") + endif() +elseif(NOT WIN32 AND NOT APPLE) + check_library_exists("socket" "connect" "" HAVE_LIBSOCKET) + if(HAVE_LIBSOCKET) + list(PREPEND CURL_NETWORK_AND_TIME_LIBS "socket") + endif() endif() -if(NOT NOT_NEED_LIBNSL) - check_library_exists_concat("nsl" gethostbyname HAVE_LIBNSL) -endif() +option(ENABLE_IPV6 "Enable IPv6 support" ON) +mark_as_advanced(ENABLE_IPV6) +if(ENABLE_IPV6) + include(CheckStructHasMember) + if(WIN32) + check_struct_has_member("struct sockaddr_in6" "sin6_scope_id" "winsock2.h;ws2tcpip.h" HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) + else() + check_struct_has_member("struct sockaddr_in6" "sin6_scope_id" "netinet/in.h" HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) + check_struct_has_member("struct sockaddr_in6" "sin6_addr" "netinet/in.h" HAVE_SOCKADDR_IN6_SIN6_ADDR) + if(NOT HAVE_SOCKADDR_IN6_SIN6_ADDR) + if(NOT DOS AND NOT AMIGA) + message(WARNING "struct sockaddr_in6 not available, disabling IPv6 support") + endif() + set(ENABLE_IPV6 OFF CACHE BOOL "Enable IPv6 support" FORCE) # Force the feature off as we use this name as guard macro + endif() -check_function_exists(gethostname HAVE_GETHOSTNAME) + if(CMAKE_SYSTEM_NAME STREQUAL "Darwin" AND NOT ENABLE_ARES) + set(_use_core_foundation_and_core_services ON) -if(WIN32) - check_library_exists_concat("ws2_32" getch HAVE_LIBWS2_32) - check_library_exists_concat("winmm" getch HAVE_LIBWINMM) + find_library(SYSTEMCONFIGURATION_FRAMEWORK NAMES "SystemConfiguration") + mark_as_advanced(SYSTEMCONFIGURATION_FRAMEWORK) + if(NOT SYSTEMCONFIGURATION_FRAMEWORK) + message(FATAL_ERROR "SystemConfiguration framework not found") + endif() + list(APPEND CURL_LIBS "-framework SystemConfiguration") + endif() + endif() endif() - -# check SSL libraries -# TODO support GnuTLS -if(CMAKE_USE_WINSSL) - message(FATAL_ERROR "The cmake option CMAKE_USE_WINSSL was renamed to CMAKE_USE_SCHANNEL.") +if(ENABLE_IPV6) + set(USE_IPV6 ON) endif() -if(APPLE) - option(CMAKE_USE_SECTRANSP "enable Apple OS native SSL/TLS" OFF) -endif() -if(WIN32) - option(CMAKE_USE_SCHANNEL "enable Windows native SSL/TLS" OFF) - cmake_dependent_option(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON - CMAKE_USE_SCHANNEL OFF) +# Check SSL libraries +option(CURL_ENABLE_SSL "Enable SSL support" ON) + +if(CURL_DEFAULT_SSL_BACKEND) + set(_valid_default_ssl_backend FALSE) endif() -option(CMAKE_USE_MBEDTLS "Enable mbedTLS for SSL/TLS" OFF) -option(CMAKE_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF) -option(CMAKE_USE_NSS "Enable NSS for SSL/TLS" OFF) -option(CMAKE_USE_WOLFSSL "enable wolfSSL for SSL/TLS" OFF) -set(openssl_default ON) -if(WIN32 OR CMAKE_USE_SECTRANSP OR CMAKE_USE_SCHANNEL OR CMAKE_USE_MBEDTLS OR CMAKE_USE_NSS OR CMAKE_USE_WOLFSSL) - set(openssl_default OFF) +if(WIN32) + cmake_dependent_option(CURL_USE_SCHANNEL "Enable Windows native SSL/TLS (Schannel)" OFF CURL_ENABLE_SSL OFF) + option(CURL_WINDOWS_SSPI "Enable SSPI on Windows" ${CURL_USE_SCHANNEL}) +else() + set(CURL_USE_SCHANNEL OFF) + set(CURL_WINDOWS_SSPI OFF) +endif() +cmake_dependent_option(CURL_USE_MBEDTLS "Enable mbedTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF) +cmake_dependent_option(CURL_USE_WOLFSSL "Enable wolfSSL for SSL/TLS" OFF CURL_ENABLE_SSL OFF) +cmake_dependent_option(CURL_USE_GNUTLS "Enable GnuTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF) +cmake_dependent_option(CURL_USE_RUSTLS "Enable Rustls for SSL/TLS" OFF CURL_ENABLE_SSL OFF) + +if(WIN32 OR + CURL_USE_SCHANNEL OR + CURL_USE_MBEDTLS OR + CURL_USE_WOLFSSL OR + CURL_USE_GNUTLS OR + CURL_USE_RUSTLS) + set(_openssl_default OFF) +else() + set(_openssl_default ON) endif() -option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ${openssl_default}) +cmake_dependent_option(CURL_USE_OPENSSL "Enable OpenSSL for SSL/TLS" ${_openssl_default} CURL_ENABLE_SSL OFF) option(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG "Disable automatic loading of OpenSSL configuration" OFF) -count_true(enabled_ssl_options_count - CMAKE_USE_SCHANNEL - CMAKE_USE_SECTRANSP - CMAKE_USE_OPENSSL - CMAKE_USE_MBEDTLS - CMAKE_USE_BEARSSL - CMAKE_USE_NSS - CMAKE_USE_WOLFSSL +curl_count_true(_enabled_ssl_options_count + CURL_USE_SCHANNEL + CURL_USE_OPENSSL + CURL_USE_MBEDTLS + CURL_USE_WOLFSSL + CURL_USE_GNUTLS + CURL_USE_RUSTLS ) -if(enabled_ssl_options_count GREATER "1") +if(_enabled_ssl_options_count GREATER 1) set(CURL_WITH_MULTI_SSL ON) +elseif(_enabled_ssl_options_count EQUAL 0) + set(CURL_DISABLE_HSTS ON) endif() -if(CMAKE_USE_SCHANNEL) - set(SSL_ENABLED ON) - set(USE_SCHANNEL ON) # Windows native SSL/TLS support - set(USE_WINDOWS_SSPI ON) # CMAKE_USE_SCHANNEL implies CURL_WINDOWS_SSPI +if(CURL_USE_SCHANNEL) + if(WINDOWS_STORE) + message(FATAL_ERROR "UWP does not support Schannel.") + endif() + set(_ssl_enabled ON) + set(USE_SCHANNEL ON) # Windows native SSL/TLS support + set(USE_WINDOWS_SSPI ON) # CURL_USE_SCHANNEL requires CURL_WINDOWS_SSPI + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "schannel") + set(_valid_default_ssl_backend TRUE) + endif() endif() -if(CURL_WINDOWS_SSPI) +if(CURL_WINDOWS_SSPI AND NOT WINDOWS_STORE) set(USE_WINDOWS_SSPI ON) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DSECURITY_WIN32") endif() -if(CMAKE_USE_DARWINSSL) - message(FATAL_ERROR "The cmake option CMAKE_USE_DARWINSSL was renamed to CMAKE_USE_SECTRANSP.") +if(APPLE) + option(USE_APPLE_SECTRUST "Use Apple OS-native certificate verification" OFF) + if(USE_APPLE_SECTRUST) + if(NOT CURL_USE_OPENSSL AND NOT CURL_USE_GNUTLS) + message(FATAL_ERROR "Apple SecTrust is only supported with Openssl/GnuTLS") + endif() + find_library(SECURITY_FRAMEWORK NAMES "Security") + mark_as_advanced(SECURITY_FRAMEWORK) + if(NOT SECURITY_FRAMEWORK) + message(FATAL_ERROR "Security framework not found") + endif() + list(APPEND CURL_LIBS "-framework Security") + + set(_use_core_foundation_and_core_services ON) + message(STATUS "Apple OS-native certificate verification enabled") + endif() +else() + set(USE_APPLE_SECTRUST OFF) endif() -if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") - find_library(COREFOUNDATION_FRAMEWORK "CoreFoundation") +if(_use_core_foundation_and_core_services) + find_library(COREFOUNDATION_FRAMEWORK NAMES "CoreFoundation") + mark_as_advanced(COREFOUNDATION_FRAMEWORK) if(NOT COREFOUNDATION_FRAMEWORK) - message(FATAL_ERROR "CoreFoundation framework not found") + message(FATAL_ERROR "CoreFoundation framework not found") endif() + list(APPEND CURL_LIBS "-framework CoreFoundation") - find_library(SYSTEMCONFIGURATION_FRAMEWORK "SystemConfiguration") - if(NOT SYSTEMCONFIGURATION_FRAMEWORK) - message(FATAL_ERROR "SystemConfiguration framework not found") + find_library(CORESERVICES_FRAMEWORK NAMES "CoreServices") + mark_as_advanced(CORESERVICES_FRAMEWORK) + if(NOT CORESERVICES_FRAMEWORK) + message(FATAL_ERROR "CoreServices framework not found") endif() + list(APPEND CURL_LIBS "-framework CoreServices") +endif() - list(APPEND CURL_LIBS "-framework CoreFoundation" "-framework SystemConfiguration") +if(CURL_USE_OPENSSL) + find_package(OpenSSL REQUIRED) + set(_ssl_enabled ON) + set(USE_OPENSSL ON) - if(CMAKE_USE_SECTRANSP) - find_library(SECURITY_FRAMEWORK "Security") - if(NOT SECURITY_FRAMEWORK) - message(FATAL_ERROR "Security framework not found") + # Depend on OpenSSL via imported targets. This allows our dependents to + # get our dependencies transitively. + list(APPEND CURL_LIBS OpenSSL::SSL OpenSSL::Crypto) + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "openssl") + set(_valid_default_ssl_backend TRUE) + endif() + set(_curl_ca_bundle_supported TRUE) + + cmake_push_check_state() + list(APPEND CMAKE_REQUIRED_LIBRARIES OpenSSL::SSL OpenSSL::Crypto) + if(NOT DEFINED HAVE_BORINGSSL) + check_symbol_exists("OPENSSL_IS_BORINGSSL" "openssl/base.h" HAVE_BORINGSSL) + endif() + if(NOT DEFINED HAVE_AWSLC) + check_symbol_exists("OPENSSL_IS_AWSLC" "openssl/base.h" HAVE_AWSLC) + endif() + if(NOT DEFINED HAVE_LIBRESSL) + check_symbol_exists("LIBRESSL_VERSION_NUMBER" "openssl/opensslv.h" HAVE_LIBRESSL) + endif() + cmake_pop_check_state() + + if(HAVE_BORINGSSL OR HAVE_AWSLC) + if(OPENSSL_USE_STATIC_LIBS AND CMAKE_C_COMPILER_ID MATCHES "Clang") + list(APPEND CURL_LIBS "stdc++") + list(APPEND CMAKE_REQUIRED_LIBRARIES "stdc++") endif() + endif() - set(SSL_ENABLED ON) - set(USE_SECTRANSP ON) - list(APPEND CURL_LIBS "-framework Security") + if(HAVE_BORINGSSL) + if(BORINGSSL_VERSION) + set(CURL_BORINGSSL_VERSION "\"${BORINGSSL_VERSION}\"") + endif() + set(_openssl "BoringSSL") + elseif(HAVE_AWSLC) + set(_openssl "AWS-LC") + elseif(HAVE_LIBRESSL) + set(_openssl "LibreSSL") + elseif(USE_AMISSL) + set(_openssl "AmiSSL") + else() + set(_openssl "OpenSSL") endif() endif() -if(CMAKE_USE_OPENSSL) - find_package(OpenSSL REQUIRED) - set(SSL_ENABLED ON) - set(USE_OPENSSL ON) +if(CURL_USE_MBEDTLS) + find_package(MbedTLS MODULE REQUIRED) + if(MBEDTLS_VERSION VERSION_LESS 3.2.0) + message(FATAL_ERROR "mbedTLS v3.2.0 or newer is required.") + endif() + set(_ssl_enabled ON) + set(USE_MBEDTLS ON) + list(APPEND CURL_LIBS CURL::mbedtls) + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "mbedtls") + set(_valid_default_ssl_backend TRUE) + endif() + set(_curl_ca_bundle_supported TRUE) + + if(MBEDTLS_VERSION VERSION_GREATER_EQUAL 4.0.0) + set(HAVE_MBEDTLS_DES_CRYPT_ECB 0) # pre-fill detection result + endif() + if(NOT DEFINED HAVE_MBEDTLS_DES_CRYPT_ECB) + cmake_push_check_state() + list(APPEND CMAKE_REQUIRED_LIBRARIES CURL::mbedtls) + check_function_exists("mbedtls_des_crypt_ecb" HAVE_MBEDTLS_DES_CRYPT_ECB) # in mbedTLS <4 + cmake_pop_check_state() + endif() +endif() + +if(CURL_USE_WOLFSSL) + find_package(WolfSSL MODULE REQUIRED) + set(_ssl_enabled ON) + set(USE_WOLFSSL ON) + list(APPEND CURL_LIBS CURL::wolfssl) + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "wolfssl") + set(_valid_default_ssl_backend TRUE) + endif() + set(_curl_ca_bundle_supported TRUE) + + if(USE_OPENSSL AND WOLFSSL_VERSION VERSION_LESS 5.7.6) + message(FATAL_ERROR "wolfSSL 5.7.6 or newer is required to coexist with OpenSSL.") + endif() + + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS "WOLFSSL_OPTIONS_IGNORE_SYS") +endif() + +if(CURL_USE_GNUTLS) + find_package(GnuTLS MODULE REQUIRED) + list(APPEND CURL_LIBS CURL::gnutls) + find_package(Nettle MODULE REQUIRED) + list(APPEND CURL_LIBS CURL::nettle) + set(_ssl_enabled ON) + set(USE_GNUTLS ON) + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "gnutls") + set(_valid_default_ssl_backend TRUE) + endif() + set(_curl_ca_bundle_supported TRUE) + + if(NOT DEFINED HAVE_GNUTLS_SRP AND NOT CURL_DISABLE_SRP) + cmake_push_check_state() + list(APPEND CMAKE_REQUIRED_LIBRARIES CURL::gnutls) + # In GnuTLS 3.8.0 (2023-02-10) and upper, this check always succeeds. + # Detecting actual TLS-SRP support needs poking the API at runtime. + check_symbol_exists("gnutls_srp_verifier" "gnutls/gnutls.h" HAVE_GNUTLS_SRP) + cmake_pop_check_state() + endif() +endif() + +if(CURL_USE_RUSTLS) + find_package(Rustls MODULE REQUIRED) + set(_ssl_enabled ON) + set(USE_RUSTLS ON) + list(APPEND CURL_LIBS CURL::rustls) + + if(NOT DEFINED HAVE_RUSTLS_SUPPORTED_HPKE) + if(RUSTLS_VERSION AND RUSTLS_VERSION VERSION_GREATER_EQUAL 0.15) + set(HAVE_RUSTLS_SUPPORTED_HPKE TRUE) + elseif(NOT RUSTLS_VERSION) + cmake_push_check_state() + list(APPEND CMAKE_REQUIRED_LIBRARIES CURL::rustls) + check_symbol_exists("rustls_supported_hpke" "rustls.h" HAVE_RUSTLS_SUPPORTED_HPKE) + cmake_pop_check_state() + endif() + endif() + if(NOT HAVE_RUSTLS_SUPPORTED_HPKE) + message(FATAL_ERROR "rustls-ffi library does not provide rustls_supported_hpke function. Required version is 0.15 or newer.") + endif() + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "rustls") + set(_valid_default_ssl_backend TRUE) + endif() + set(_curl_ca_bundle_supported TRUE) +endif() + +if(CURL_DEFAULT_SSL_BACKEND AND NOT _valid_default_ssl_backend) + message(FATAL_ERROR "CURL_DEFAULT_SSL_BACKEND '${CURL_DEFAULT_SSL_BACKEND}' not enabled.") +endif() + +# Keep ZLIB detection after TLS detection, +# and before calling curl_openssl_check_exists(). + +set(HAVE_LIBZ OFF) +curl_dependency_option(CURL_ZLIB ZLIB "ZLIB") +if(ZLIB_FOUND) + set(HAVE_LIBZ ON) + # Depend on ZLIB via imported targets. This allows our dependents to + # get our dependencies transitively. + list(APPEND CURL_LIBS ZLIB::ZLIB) +endif() - # Depend on OpenSSL via imported targets if supported by the running - # version of CMake. This allows our dependents to get our dependencies - # transitively. - if(NOT CMAKE_VERSION VERSION_LESS 3.4) - list(APPEND CURL_LIBS OpenSSL::SSL OpenSSL::Crypto) +set(HAVE_BROTLI OFF) +curl_dependency_option(CURL_BROTLI Brotli "brotli") +if(BROTLI_FOUND) + set(HAVE_BROTLI ON) + list(APPEND CURL_LIBS CURL::brotli) +endif() + +set(HAVE_ZSTD OFF) +curl_dependency_option(CURL_ZSTD Zstd "zstd") +if(ZSTD_FOUND) + if(ZSTD_VERSION VERSION_GREATER_EQUAL 1.0.0) + set(HAVE_ZSTD ON) + list(APPEND CURL_LIBS CURL::zstd) else() - list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES}) - include_directories(${OPENSSL_INCLUDE_DIR}) - endif() - - set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) - check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H) - check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H) - check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H) - check_include_file("openssl/ssl.h" HAVE_OPENSSL_SSL_H) - check_include_file("openssl/x509.h" HAVE_OPENSSL_X509_H) - check_include_file("openssl/rand.h" HAVE_OPENSSL_RAND_H) - check_symbol_exists(RAND_status "${CURL_INCLUDES}" HAVE_RAND_STATUS) - check_symbol_exists(RAND_screen "${CURL_INCLUDES}" HAVE_RAND_SCREEN) - check_symbol_exists(RAND_egd "${CURL_INCLUDES}" HAVE_RAND_EGD) -endif() - -if(CMAKE_USE_MBEDTLS) - find_package(MbedTLS REQUIRED) - set(SSL_ENABLED ON) - set(USE_MBEDTLS ON) - list(APPEND CURL_LIBS ${MBEDTLS_LIBRARIES}) - include_directories(${MBEDTLS_INCLUDE_DIRS}) + message(WARNING "zstd v1.0.0 or newer is required, disabling zstd support.") + endif() +endif() + +# Check function in an OpenSSL-like TLS backend. +macro(curl_openssl_check_exists) + cmake_push_check_state() + if(USE_OPENSSL) + list(APPEND CMAKE_REQUIRED_LIBRARIES OpenSSL::SSL OpenSSL::Crypto) + list(APPEND CMAKE_REQUIRED_DEFINITIONS "-DOPENSSL_SUPPRESS_DEPRECATED") # for SSL_CTX_set_srp_username deprecated since 3.0.0 + if(HAVE_LIBZ) + list(APPEND CMAKE_REQUIRED_LIBRARIES ZLIB::ZLIB) + endif() + if(WIN32) + list(APPEND CMAKE_REQUIRED_LIBRARIES "bcrypt") # for OpenSSL/LibreSSL BCryptGenRandom() + endif() + endif() + if(USE_WOLFSSL) + list(APPEND CMAKE_REQUIRED_LIBRARIES CURL::wolfssl) + list(APPEND CMAKE_REQUIRED_DEFINITIONS "-DWOLFSSL_OPTIONS_IGNORE_SYS") + if(HAVE_LIBZ) + list(APPEND CMAKE_REQUIRED_LIBRARIES ZLIB::ZLIB) # Public wolfSSL headers also require zlib headers + endif() + list(APPEND CMAKE_REQUIRED_DEFINITIONS "-DHAVE_UINTPTR_T") # to pull in stdint.h (as of wolfSSL v5.5.4) + endif() + if(WIN32) + list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32" "crypt32") # for OpenSSL/wolfSSL + endif() + if(${ARGC} EQUAL 2) + check_function_exists(${ARGN}) + else() + check_symbol_exists(${ARGN}) # Uses CMAKE_REQUIRED_INCLUDES and CMAKE_REQUIRED_DEFINITIONS + endif() + cmake_pop_check_state() +endmacro() + +# Ensure that OpenSSL (or fork) or wolfSSL actually supports QUICTLS API. +macro(curl_openssl_check_quic) + if(USE_OPENSSL) + if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0) + if(NOT DEFINED HAVE_SSL_SET_QUIC_TLS_CBS) + curl_openssl_check_exists("SSL_set_quic_tls_cbs" HAVE_SSL_SET_QUIC_TLS_CBS) + endif() + else() + if(NOT DEFINED HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT) + curl_openssl_check_exists("SSL_set_quic_use_legacy_codepoint" HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT) + endif() + endif() + endif() + if(USE_WOLFSSL AND NOT DEFINED HAVE_WOLFSSL_SET_QUIC_USE_LEGACY_CODEPOINT) + curl_openssl_check_exists("wolfSSL_set_quic_use_legacy_codepoint" HAVE_WOLFSSL_SET_QUIC_USE_LEGACY_CODEPOINT) + endif() + if(NOT HAVE_SSL_SET_QUIC_TLS_CBS AND + NOT HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT AND + NOT HAVE_WOLFSSL_SET_QUIC_USE_LEGACY_CODEPOINT) + message(FATAL_ERROR "QUICTLS API support is missing from OpenSSL/fork/wolfSSL. Try setting -DOPENSSL_ROOT_DIR") + endif() +endmacro() + +if(USE_WOLFSSL) + curl_openssl_check_exists("wolfSSL_get_peer_certificate" HAVE_WOLFSSL_GET_PEER_CERTIFICATE) + curl_openssl_check_exists("wolfSSL_UseALPN" HAVE_WOLFSSL_USEALPN) + curl_openssl_check_exists("wolfSSL_DES_ecb_encrypt" HAVE_WOLFSSL_DES_ECB_ENCRYPT) + curl_openssl_check_exists("wolfSSL_BIO_new" HAVE_WOLFSSL_BIO_NEW) + curl_openssl_check_exists("wolfSSL_BIO_set_shutdown" HAVE_WOLFSSL_BIO_SET_SHUTDOWN) endif() -if(CMAKE_USE_BEARSSL) - find_package(BearSSL REQUIRED) - set(SSL_ENABLED ON) - set(USE_BEARSSL ON) - list(APPEND CURL_LIBS ${BEARSSL_LIBRARY}) - include_directories(${BEARSSL_INCLUDE_DIRS}) +if(USE_OPENSSL) + if(NOT DEFINED HAVE_DES_ECB_ENCRYPT) + curl_openssl_check_exists("DES_ecb_encrypt" "openssl/des.h" HAVE_DES_ECB_ENCRYPT) + endif() + if(NOT DEFINED HAVE_SSL_SET0_WBIO) + curl_openssl_check_exists("SSL_set0_wbio" HAVE_SSL_SET0_WBIO) + endif() + if(NOT DEFINED HAVE_OPENSSL_SRP AND NOT CURL_DISABLE_SRP) + curl_openssl_check_exists("SSL_CTX_set_srp_username" "openssl/ssl.h" HAVE_OPENSSL_SRP) + endif() endif() -if(CMAKE_USE_WOLFSSL) - find_package(WolfSSL REQUIRED) - set(SSL_ENABLED ON) - set(USE_WOLFSSL ON) - list(APPEND CURL_LIBS ${WolfSSL_LIBRARIES}) - include_directories(${WolfSSL_INCLUDE_DIRS}) +option(USE_HTTPSRR "Enable HTTPS RR support" OFF) +option(USE_ECH "Enable ECH support" OFF) +if(USE_ECH) + if(USE_OPENSSL OR USE_WOLFSSL OR USE_RUSTLS) + # Be sure that the TLS library actually supports ECH. + if(USE_WOLFSSL) + curl_openssl_check_exists("wolfSSL_CTX_GenerateEchConfig" HAVE_WOLFSSL_CTX_GENERATEECHCONFIG) + endif() + if(USE_OPENSSL) + curl_openssl_check_exists("SSL_set1_ech_config_list" HAVE_SSL_SET1_ECH_CONFIG_LIST) + endif() + if(HAVE_WOLFSSL_CTX_GENERATEECHCONFIG OR + HAVE_SSL_SET1_ECH_CONFIG_LIST OR + USE_RUSTLS) + set(HAVE_ECH 1) + endif() + if(NOT HAVE_ECH) + message(FATAL_ERROR "ECH support missing in OpenSSL/BoringSSL/AWS-LC/wolfSSL/rustls-ffi") + else() + message(STATUS "ECH enabled") + # ECH wants HTTPSRR + set(USE_HTTPSRR ON) + message(STATUS "HTTPSRR enabled") + endif() + else() + message(FATAL_ERROR "ECH requires ECH-enabled OpenSSL, BoringSSL, AWS-LC, wolfSSL or rustls-ffi") + endif() endif() -if(CMAKE_USE_NSS) - find_package(NSS REQUIRED) - include_directories(${NSS_INCLUDE_DIRS}) - list(APPEND CURL_LIBS ${NSS_LIBRARIES}) - set(SSL_ENABLED ON) - set(USE_NSS ON) - cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES ${NSS_INCLUDE_DIRS}) - set(CMAKE_REQUIRED_LIBRARIES ${NSS_LIBRARIES}) - check_symbol_exists(PK11_CreateManagedGenericObject "pk11pub.h" HAVE_PK11_CREATEMANAGEDGENERICOBJECT) - cmake_pop_check_state() +option(USE_SSLS_EXPORT "Enable SSL session export support" OFF) +if(USE_SSLS_EXPORT) + if(_ssl_enabled) + message(STATUS "SSL export enabled.") + else() + message(WARNING "SSL session export requires SSL enabled") + endif() endif() -option(USE_NGHTTP2 "Use Nghttp2 library" OFF) +option(USE_NGHTTP2 "Use nghttp2 library" ON) if(USE_NGHTTP2) - find_package(NGHTTP2 REQUIRED) - include_directories(${NGHTTP2_INCLUDE_DIRS}) - list(APPEND CURL_LIBS ${NGHTTP2_LIBRARIES}) -endif() - -function(CheckQuicSupportInOpenSSL) - # Be sure that the OpenSSL library actually supports QUIC. - cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES "${OPENSSL_INCLUDE_DIR}") - set(CMAKE_REQUIRED_LIBRARIES "${OPENSSL_LIBRARIES}") - check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) - if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD) - message(FATAL_ERROR "QUIC support is missing in OpenSSL/boringssl. Try setting -DOPENSSL_ROOT_DIR") + find_package(NGHTTP2 MODULE) + if(NGHTTP2_FOUND) + list(APPEND CURL_LIBS CURL::nghttp2) + else() + set(USE_NGHTTP2 OFF) endif() - cmake_pop_check_state() -endfunction() +endif() option(USE_NGTCP2 "Use ngtcp2 and nghttp3 libraries for HTTP/3 support" OFF) if(USE_NGTCP2) - if(USE_OPENSSL) - find_package(NGTCP2 REQUIRED OpenSSL) - CheckQuicSupportInOpenSSL() + if(CURL_WITH_MULTI_SSL) + message(FATAL_ERROR "MultiSSL cannot be enabled with HTTP/3 and vice versa.") + elseif(USE_OPENSSL OR USE_WOLFSSL) + if(USE_WOLFSSL) + find_package(NGTCP2 MODULE REQUIRED COMPONENTS "wolfSSL") + elseif(HAVE_BORINGSSL OR HAVE_AWSLC) + find_package(NGTCP2 MODULE REQUIRED COMPONENTS "BoringSSL") + elseif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0) + find_package(NGTCP2 MODULE REQUIRED COMPONENTS "ossl") + if(NGTCP2_VERSION VERSION_LESS 1.12.0) + message(FATAL_ERROR "ngtcp2 1.12.0 or upper required for OpenSSL") + endif() + set(OPENSSL_QUIC_API2 1) + elseif(HAVE_LIBRESSL) + find_package(NGTCP2 MODULE COMPONENTS "LibreSSL") + if(NOT NGTCP2_FOUND) + find_package(NGTCP2 MODULE REQUIRED COMPONENTS "quictls") # for ngtcp2 <1.15.0 + endif() + else() + find_package(NGTCP2 MODULE REQUIRED COMPONENTS "quictls") + set(_openssl "quictls") + endif() + curl_openssl_check_quic() elseif(USE_GNUTLS) - # TODO add GnuTLS support as vtls library. - find_package(NGTCP2 REQUIRED GnuTLS) + find_package(NGTCP2 MODULE REQUIRED "GnuTLS") else() - message(FATAL_ERROR "ngtcp2 requires OpenSSL or GnuTLS") + message(FATAL_ERROR "ngtcp2 requires a supported TLS-backend") endif() - set(USE_NGTCP2 ON) - include_directories(${NGTCP2_INCLUDE_DIRS}) - list(APPEND CURL_LIBS ${NGTCP2_LIBRARIES}) + list(APPEND CURL_LIBS CURL::ngtcp2) - find_package(NGHTTP3 REQUIRED) + find_package(NGHTTP3 MODULE REQUIRED) set(USE_NGHTTP3 ON) - include_directories(${NGHTTP3_INCLUDE_DIRS}) - list(APPEND CURL_LIBS ${NGHTTP3_LIBRARIES}) + list(APPEND CURL_LIBS CURL::nghttp3) endif() option(USE_QUICHE "Use quiche library for HTTP/3 support" OFF) if(USE_QUICHE) if(USE_NGTCP2) - message(FATAL_ERROR "Only one HTTP/3 backend can be selected!") + message(FATAL_ERROR "Only one HTTP/3 backend can be selected") + elseif(CURL_WITH_MULTI_SSL) + message(FATAL_ERROR "MultiSSL cannot be enabled with HTTP/3 and vice versa.") endif() - find_package(QUICHE REQUIRED) - CheckQuicSupportInOpenSSL() - set(USE_QUICHE ON) - include_directories(${QUICHE_INCLUDE_DIRS}) - list(APPEND CURL_LIBS ${QUICHE_LIBRARIES}) - cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES "${QUICHE_INCLUDE_DIRS}") - set(CMAKE_REQUIRED_LIBRARIES "${QUICHE_LIBRARIES}") - check_symbol_exists(quiche_conn_set_qlog_fd "quiche.h" HAVE_QUICHE_CONN_SET_QLOG_FD) - cmake_pop_check_state() + find_package(Quiche MODULE REQUIRED) + if(NOT HAVE_BORINGSSL) + message(FATAL_ERROR "quiche requires BoringSSL") + endif() + curl_openssl_check_quic() + list(APPEND CURL_LIBS CURL::quiche) + if(NOT DEFINED HAVE_QUICHE_CONN_SET_QLOG_FD) + cmake_push_check_state() + list(APPEND CMAKE_REQUIRED_LIBRARIES CURL::quiche) + check_symbol_exists("quiche_conn_set_qlog_fd" "quiche.h" HAVE_QUICHE_CONN_SET_QLOG_FD) + cmake_pop_check_state() + endif() +endif() + +if(NOT CURL_DISABLE_SRP AND (HAVE_GNUTLS_SRP OR HAVE_OPENSSL_SRP)) + set(USE_TLS_SRP 1) endif() if(NOT CURL_DISABLE_LDAP) - if(WIN32) + if(WIN32 AND NOT WINDOWS_STORE) option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON) if(USE_WIN32_LDAP) - check_library_exists_concat("wldap32" cldap_open HAVE_WLDAP32) - if(NOT HAVE_WLDAP32) - set(USE_WIN32_LDAP OFF) + list(APPEND CURL_LIBS "wldap32") + if(NOT CURL_DISABLE_LDAPS) + set(HAVE_LDAP_SSL ON) endif() endif() endif() - option(CMAKE_USE_OPENLDAP "Use OpenLDAP code." OFF) - mark_as_advanced(CMAKE_USE_OPENLDAP) - set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library") - set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library") - - if(CMAKE_USE_OPENLDAP AND USE_WIN32_LDAP) - message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CMAKE_USE_OPENLDAP at the same time") - endif() - - # Now that we know, we're not using windows LDAP... - if(USE_WIN32_LDAP) - check_include_file_concat("winldap.h" HAVE_WINLDAP_H) - check_include_file_concat("winber.h" HAVE_WINBER_H) - else() + # Now that we know, we are not using Windows LDAP... + if(NOT USE_WIN32_LDAP) # Check for LDAP - set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) - check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP) - check_library_exists_concat(${CMAKE_LBER_LIB} ber_init HAVE_LIBLBER) - - set(CMAKE_REQUIRED_INCLUDES_BAK ${CMAKE_REQUIRED_INCLUDES}) - set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory") - if(CMAKE_LDAP_INCLUDE_DIR) - list(APPEND CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR}) + cmake_push_check_state() + if(USE_OPENSSL) + list(APPEND CMAKE_REQUIRED_LIBRARIES OpenSSL::SSL OpenSSL::Crypto) endif() - check_include_file_concat("ldap.h" HAVE_LDAP_H) - check_include_file_concat("lber.h" HAVE_LBER_H) + find_package(LDAP MODULE) + if(LDAP_FOUND) + set(HAVE_LBER_H 1) + list(PREPEND CURL_LIBS CURL::ldap) - if(NOT HAVE_LDAP_H) - message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON") - set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used - elseif(NOT HAVE_LIBLDAP) - message(STATUS "LDAP library '${CMAKE_LDAP_LIB}' not found CURL_DISABLE_LDAP set ON") - set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used - else() - if(CMAKE_USE_OPENLDAP) - set(USE_OPENLDAP ON) - endif() - if(CMAKE_LDAP_INCLUDE_DIR) - include_directories(${CMAKE_LDAP_INCLUDE_DIR}) - endif() - set(NEED_LBER_H ON) - set(_HEADER_LIST) - if(HAVE_WINDOWS_H) - list(APPEND _HEADER_LIST "windows.h") - endif() - if(HAVE_SYS_TYPES_H) - list(APPEND _HEADER_LIST "sys/types.h") - endif() - list(APPEND _HEADER_LIST "ldap.h") + # LDAP feature checks - set(_SRC_STRING "") - foreach(_HEADER ${_HEADER_LIST}) - set(_INCLUDE_STRING "${_INCLUDE_STRING}#include <${_HEADER}>\n") - endforeach() + list(APPEND CMAKE_REQUIRED_DEFINITIONS "-DLDAP_DEPRECATED=1") + list(APPEND CMAKE_REQUIRED_LIBRARIES CURL::ldap) - set(_SRC_STRING - " - ${_INCLUDE_STRING} - int main(int argc, char ** argv) - { - BerValue *bvp = NULL; - BerElement *bep = ber_init(bvp); - ber_free(bep, 1); - return 0; - }" - ) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1") - list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) - if(HAVE_LIBLBER) - list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) - endif() - check_c_source_compiles("${_SRC_STRING}" NOT_NEED_LBER_H) - unset(CMAKE_REQUIRED_LIBRARIES) + check_function_exists("ldap_url_parse" HAVE_LDAP_URL_PARSE) + check_function_exists("ldap_init_fd" HAVE_LDAP_INIT_FD) - if(NOT_NEED_LBER_H) - set(NEED_LBER_H OFF) - else() - set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DNEED_LBER_H") + check_include_file("ldap_ssl.h" HAVE_LDAP_SSL_H) + + if(HAVE_LDAP_INIT_FD) + set(USE_OPENLDAP ON) + endif() + if(NOT CURL_DISABLE_LDAPS) + set(HAVE_LDAP_SSL ON) endif() + else() + message(STATUS "LDAP not found. CURL_DISABLE_LDAP set ON") + set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) endif() + cmake_pop_check_state() endif() endif() @@ -623,477 +1229,457 @@ if(CURL_DISABLE_LDAP) endif() endif() -if(NOT CURL_DISABLE_LDAPS) - check_include_file_concat("ldap_ssl.h" HAVE_LDAP_SSL_H) - check_include_file_concat("ldapssl.h" HAVE_LDAPSSL_H) -endif() - -# Check for idn -option(USE_LIBIDN2 "Use libidn2 for IDN support" ON) -set(HAVE_LIBIDN2 OFF) -if(USE_LIBIDN2) - check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2) -endif() - if(WIN32) option(USE_WIN32_IDN "Use WinIDN for IDN support" OFF) if(USE_WIN32_IDN) - list(APPEND CURL_LIBS "Normaliz") - set(WANT_IDN_PROTOTYPES ON) + list(APPEND CURL_LIBS "normaliz") # for IdnToAscii(), IdnToUnicode() endif() +else() + set(USE_WIN32_IDN OFF) endif() -# Check for symbol dlopen (same as HAVE_LIBDL) -check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN) - -set(HAVE_LIBZ OFF) -set(HAVE_ZLIB_H OFF) -set(USE_ZLIB OFF) -optional_dependency(ZLIB) -if(ZLIB_FOUND) - set(HAVE_ZLIB_H ON) - set(HAVE_LIBZ ON) - set(USE_ZLIB ON) - - # Depend on ZLIB via imported targets if supported by the running - # version of CMake. This allows our dependents to get our dependencies - # transitively. - if(NOT CMAKE_VERSION VERSION_LESS 3.4) - list(APPEND CURL_LIBS ZLIB::ZLIB) - else() - list(APPEND CURL_LIBS ${ZLIB_LIBRARIES}) - include_directories(${ZLIB_INCLUDE_DIRS}) +if(APPLE) + option(USE_APPLE_IDN "Use Apple built-in IDN support" OFF) + if(USE_APPLE_IDN) + cmake_push_check_state() + list(APPEND CMAKE_REQUIRED_LIBRARIES "icucore") + check_symbol_exists("uidna_openUTS46" "unicode/uidna.h" HAVE_APPLE_IDN) + cmake_pop_check_state() + if(HAVE_APPLE_IDN) + list(APPEND CURL_LIBS "icucore" "iconv") + else() + set(USE_APPLE_IDN OFF) + endif() endif() - list(APPEND CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIRS}) +else() + set(USE_APPLE_IDN OFF) endif() -option(CURL_BROTLI "Set to ON to enable building curl with brotli support." OFF) -set(HAVE_BROTLI OFF) -if(CURL_BROTLI) - find_package(Brotli QUIET) - if(BROTLI_FOUND) - set(HAVE_BROTLI ON) - list(APPEND CURL_LIBS ${BROTLI_LIBRARIES}) - include_directories(${BROTLI_INCLUDE_DIRS}) - list(APPEND CMAKE_REQUIRED_INCLUDES ${BROTLI_INCLUDE_DIRS}) +# Check for libidn2 +option(USE_LIBIDN2 "Use libidn2 for IDN support" ON) +set(HAVE_IDN2_H OFF) +set(HAVE_LIBIDN2 OFF) +if(USE_LIBIDN2 AND NOT USE_APPLE_IDN AND NOT USE_WIN32_IDN) + find_package(Libidn2 MODULE) + if(LIBIDN2_FOUND) + list(PREPEND CURL_LIBS CURL::libidn2) + set(HAVE_IDN2_H 1) + set(HAVE_LIBIDN2 1) endif() endif() -option(CURL_ZSTD "Set to ON to enable building curl with zstd support." OFF) -set(HAVE_ZSTD OFF) -if(CURL_ZSTD) - find_package(Zstd REQUIRED) - cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES ${Zstd_INCLUDE_DIRS}) - set(CMAKE_REQUIRED_LIBRARIES ${Zstd_LIBRARIES}) - check_symbol_exists(ZSTD_createDStream "zstd.h" HAVE_ZSTD_CREATEDSTREAM) - cmake_pop_check_state() - if(Zstd_FOUND AND HAVE_ZSTD_CREATEDSTREAM) - set(HAVE_ZSTD ON) - list(APPEND CURL_LIBS ${Zstd_LIBRARIES}) - include_directories(${Zstd_INCLUDE_DIRS}) - endif() +# libpsl +option(CURL_USE_LIBPSL "Use libpsl" ON) +mark_as_advanced(CURL_USE_LIBPSL) +set(USE_LIBPSL OFF) +if(CURL_USE_LIBPSL) + find_package(Libpsl MODULE REQUIRED) + list(APPEND CURL_LIBS CURL::libpsl) + set(USE_LIBPSL ON) endif() -#libSSH2 -option(CMAKE_USE_LIBSSH2 "Use libSSH2" ON) -mark_as_advanced(CMAKE_USE_LIBSSH2) +# libssh2 +option(CURL_USE_LIBSSH2 "Use libssh2" ON) +mark_as_advanced(CURL_USE_LIBSSH2) set(USE_LIBSSH2 OFF) -set(HAVE_LIBSSH2 OFF) -set(HAVE_LIBSSH2_H OFF) - -if(CMAKE_USE_LIBSSH2) - find_package(LibSSH2) +if(CURL_USE_LIBSSH2) + find_package(Libssh2 MODULE) if(LIBSSH2_FOUND) - list(APPEND CURL_LIBS ${LIBSSH2_LIBRARY}) - set(CMAKE_REQUIRED_LIBRARIES ${LIBSSH2_LIBRARY}) - list(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}") - include_directories("${LIBSSH2_INCLUDE_DIR}") - set(HAVE_LIBSSH2 ON) + list(PREPEND CURL_LIBS CURL::libssh2) # keep it before TLS-crypto, compression set(USE_LIBSSH2 ON) - - # find_package has already found the headers - set(HAVE_LIBSSH2_H ON) - set(CURL_INCLUDES ${CURL_INCLUDES} "${LIBSSH2_INCLUDE_DIR}/libssh2.h") - set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DHAVE_LIBSSH2_H") - unset(CMAKE_REQUIRED_LIBRARIES) endif() endif() # libssh -option(CMAKE_USE_LIBSSH "Use libSSH" OFF) -mark_as_advanced(CMAKE_USE_LIBSSH) -if(NOT HAVE_LIBSSH2 AND CMAKE_USE_LIBSSH) - find_package(libssh CONFIG) - if(libssh_FOUND) - message(STATUS "Found libssh ${libssh_VERSION}") - # Use imported target for include and library paths. - list(APPEND CURL_LIBS ssh) - set(USE_LIBSSH ON) - set(HAVE_LIBSSH_LIBSSH_H 1) - endif() +option(CURL_USE_LIBSSH "Use libssh" OFF) +mark_as_advanced(CURL_USE_LIBSSH) +if(NOT USE_LIBSSH2 AND CURL_USE_LIBSSH) + find_package(Libssh MODULE REQUIRED) + list(PREPEND CURL_LIBS CURL::libssh) # keep it before TLS-crypto, compression + set(USE_LIBSSH ON) endif() -option(CMAKE_USE_GSSAPI "Use GSSAPI implementation (right now only Heimdal is supported with CMake build)" OFF) -mark_as_advanced(CMAKE_USE_GSSAPI) +option(CURL_USE_GSASL "Use libgsasl" OFF) +mark_as_advanced(CURL_USE_GSASL) +if(CURL_USE_GSASL) + find_package(Libgsasl MODULE REQUIRED) + list(APPEND CURL_LIBS CURL::libgsasl) + set(USE_GSASL ON) +endif() + +option(CURL_USE_GSSAPI "Use GSSAPI implementation" OFF) +mark_as_advanced(CURL_USE_GSSAPI) -if(CMAKE_USE_GSSAPI) - find_package(GSS) +if(CURL_USE_GSSAPI) + find_package(GSS MODULE) set(HAVE_GSSAPI ${GSS_FOUND}) if(GSS_FOUND) + list(APPEND CURL_LIBS CURL::gss) - message(STATUS "Found ${GSS_FLAVOUR} GSSAPI version: \"${GSS_VERSION}\"") - - list(APPEND CMAKE_REQUIRED_INCLUDES ${GSS_INCLUDE_DIR}) - check_include_file_concat("gssapi/gssapi.h" HAVE_GSSAPI_GSSAPI_H) - check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H) - check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H) - - if(GSS_FLAVOUR STREQUAL "Heimdal") - set(HAVE_GSSHEIMDAL ON) - else() # MIT - set(HAVE_GSSMIT ON) - set(_INCLUDE_LIST "") - if(HAVE_GSSAPI_GSSAPI_H) - list(APPEND _INCLUDE_LIST "gssapi/gssapi.h") - endif() - if(HAVE_GSSAPI_GSSAPI_GENERIC_H) - list(APPEND _INCLUDE_LIST "gssapi/gssapi_generic.h") - endif() - if(HAVE_GSSAPI_GSSAPI_KRB5_H) - list(APPEND _INCLUDE_LIST "gssapi/gssapi_krb5.h") - endif() - - string(REPLACE ";" " " _COMPILER_FLAGS_STR "${GSS_COMPILER_FLAGS}") - string(REPLACE ";" " " _LINKER_FLAGS_STR "${GSS_LINKER_FLAGS}") - - foreach(_dir ${GSS_LINK_DIRECTORIES}) - set(_LINKER_FLAGS_STR "${_LINKER_FLAGS_STR} -L\"${_dir}\"") - endforeach() - - set(CMAKE_REQUIRED_FLAGS "${_COMPILER_FLAGS_STR} ${_LINKER_FLAGS_STR}") - set(CMAKE_REQUIRED_LIBRARIES ${GSS_LIBRARIES}) - check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" ${_INCLUDE_LIST} HAVE_GSS_C_NT_HOSTBASED_SERVICE) - if(NOT HAVE_GSS_C_NT_HOSTBASED_SERVICE) - set(HAVE_OLD_GSSMIT ON) - endif() - unset(CMAKE_REQUIRED_LIBRARIES) - + get_target_property(_gss_flavour CURL::gss INTERFACE_CURL_GSS_FLAVOUR) + if(_gss_flavour STREQUAL "GNU") + set(HAVE_GSSGNU 1) + elseif(GSS_VERSION) # MIT + set(CURL_KRB5_VERSION "\"${GSS_VERSION}\"") endif() + else() + message(WARNING "GSSAPI has been requested, but no supporting libraries found. Skipping.") + endif() +endif() - include_directories(${GSS_INCLUDE_DIR}) - link_directories(${GSS_LINK_DIRECTORIES}) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GSS_COMPILER_FLAGS}") - set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") - set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") - set(CMAKE_STATIC_LINKER_FLAGS "${CMAKE_STATIC_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") - list(APPEND CURL_LIBS ${GSS_LIBRARIES}) +# libbacktrace +option(CURL_USE_LIBBACKTRACE "Use libbacktrace. Requires debug-enabled build and DWARF debug information." OFF) +if(CURL_USE_LIBBACKTRACE) + if(NOT ENABLE_DEBUG) + message(FATAL_ERROR "libbacktrace requires debug-enabled build for TrackMemory") + endif() + if(NOT CMAKE_BUILD_TYPE MATCHES "(Debug|RelWithDebInfo)") + message(FATAL_ERROR "libbacktrace requires debug information") + endif() + find_package(Libbacktrace MODULE REQUIRED) + list(APPEND CURL_LIBS CURL::libbacktrace) + set(USE_BACKTRACE ON) +endif() - else() - message(WARNING "GSSAPI support has been requested but no supporting libraries found. Skipping.") +# libuv +option(CURL_USE_LIBUV "Use libuv for event-based tests" OFF) +if(CURL_USE_LIBUV) + if(NOT ENABLE_DEBUG) + message(FATAL_ERROR "Using libuv without debug support enabled is useless") endif() + find_package(Libuv MODULE REQUIRED) + list(APPEND CURL_LIBS CURL::libuv) + set(USE_LIBUV ON) + set(HAVE_UV_H ON) endif() -option(ENABLE_UNIX_SOCKETS "Define if you want Unix domain sockets support" ON) +option(ENABLE_UNIX_SOCKETS "Enable Unix domain sockets support" ON) if(ENABLE_UNIX_SOCKETS) - include(CheckStructHasMember) - if(WIN32) - set(USE_UNIX_SOCKETS ON) + if(WIN32 OR DOS) + set(USE_UNIX_SOCKETS 1) else() - check_struct_has_member("struct sockaddr_un" sun_path "sys/un.h" USE_UNIX_SOCKETS) + include(CheckStructHasMember) + check_struct_has_member("struct sockaddr_un" "sun_path" "sys/un.h" USE_UNIX_SOCKETS) endif() else() + set(USE_UNIX_SOCKETS 0) unset(USE_UNIX_SOCKETS CACHE) endif() - # # CA handling # -set(CURL_CA_BUNDLE "auto" CACHE STRING - "Path to the CA bundle. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") -set(CURL_CA_FALLBACK OFF CACHE BOOL - "Set ON to use built-in CA store of TLS backend. Defaults to OFF") -set(CURL_CA_PATH "auto" CACHE STRING - "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") - -if("${CURL_CA_BUNDLE}" STREQUAL "") - message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or file path.") -elseif("${CURL_CA_BUNDLE}" STREQUAL "none") - unset(CURL_CA_BUNDLE CACHE) -elseif("${CURL_CA_BUNDLE}" STREQUAL "auto") - unset(CURL_CA_BUNDLE CACHE) - set(CURL_CA_BUNDLE_AUTODETECT TRUE) +option(CURL_CA_NATIVE "Use native CA store" OFF) +if(CURL_CA_NATIVE) + set(_curl_disable_ca_search_default ON) else() - set(CURL_CA_BUNDLE_SET TRUE) + set(_curl_disable_ca_search_default OFF) endif() -if("${CURL_CA_PATH}" STREQUAL "") - message(FATAL_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or directory path.") -elseif("${CURL_CA_PATH}" STREQUAL "none") - unset(CURL_CA_PATH CACHE) -elseif("${CURL_CA_PATH}" STREQUAL "auto") - unset(CURL_CA_PATH CACHE) - if(NOT USE_NSS) - set(CURL_CA_PATH_AUTODETECT TRUE) +if(_curl_ca_bundle_supported) + set(_ca_opt_desc "Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") + + set(CURL_CA_BUNDLE "auto" CACHE + STRING "Absolute path to the CA bundle. ${_ca_opt_desc}") + set(CURL_CA_FALLBACK OFF CACHE + BOOL "Use built-in CA store of OpenSSL. Defaults to OFF") + set(CURL_CA_PATH "auto" CACHE + STRING "Absolute path to a directory containing CA certificates stored individually. ${_ca_opt_desc}") + set(CURL_CA_EMBED "" CACHE + STRING "Absolute path to the CA bundle to embed in the curl tool.") + + if(CURL_CA_FALLBACK AND NOT CURL_USE_OPENSSL) + message(FATAL_ERROR "CURL_CA_FALLBACK only works with OpenSSL.") endif() -else() - set(CURL_CA_PATH_SET TRUE) -endif() - -if(CURL_CA_BUNDLE_SET AND CURL_CA_PATH_AUTODETECT) - # Skip autodetection of unset CA path because CA bundle is set explicitly -elseif(CURL_CA_PATH_SET AND CURL_CA_BUNDLE_AUTODETECT) - # Skip autodetection of unset CA bundle because CA path is set explicitly -elseif(CURL_CA_PATH_AUTODETECT OR CURL_CA_BUNDLE_AUTODETECT) - # first try autodetecting a CA bundle, then a CA path - - if(CURL_CA_BUNDLE_AUTODETECT) - set(SEARCH_CA_BUNDLE_PATHS - /etc/ssl/certs/ca-certificates.crt - /etc/pki/tls/certs/ca-bundle.crt - /usr/share/ssl/certs/ca-bundle.crt - /usr/local/share/certs/ca-root-nss.crt - /etc/ssl/cert.pem) - - foreach(SEARCH_CA_BUNDLE_PATH ${SEARCH_CA_BUNDLE_PATHS}) - if(EXISTS "${SEARCH_CA_BUNDLE_PATH}") - message(STATUS "Found CA bundle: ${SEARCH_CA_BUNDLE_PATH}") - set(CURL_CA_BUNDLE "${SEARCH_CA_BUNDLE_PATH}" CACHE STRING - "Path to the CA bundle. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") - set(CURL_CA_BUNDLE_SET TRUE CACHE BOOL "Path to the CA bundle has been set") - break() + + if(CURL_CA_BUNDLE STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or file path.") + elseif(CURL_CA_BUNDLE STREQUAL "none") + unset(CURL_CA_BUNDLE CACHE) + elseif(CURL_CA_BUNDLE STREQUAL "auto") + unset(CURL_CA_BUNDLE CACHE) + if(NOT CMAKE_CROSSCOMPILING AND NOT WIN32 AND NOT USE_APPLE_SECTRUST AND NOT CURL_CA_NATIVE) + set(_curl_ca_bundle_autodetect TRUE) + endif() + else() + set(CURL_CA_BUNDLE_SET TRUE) + endif() + mark_as_advanced(CURL_CA_BUNDLE_SET) + + if(CURL_CA_PATH STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or directory path.") + elseif(CURL_CA_PATH STREQUAL "none") + unset(CURL_CA_PATH CACHE) + elseif(CURL_CA_PATH STREQUAL "auto") + unset(CURL_CA_PATH CACHE) + if(NOT CMAKE_CROSSCOMPILING AND NOT WIN32 AND NOT USE_APPLE_SECTRUST AND NOT CURL_CA_NATIVE) + set(_curl_ca_path_autodetect TRUE) + endif() + else() + set(CURL_CA_PATH_SET TRUE) + endif() + mark_as_advanced(CURL_CA_PATH_SET) + + if(CURL_CA_BUNDLE_SET AND _curl_ca_path_autodetect) + # Skip auto-detection of unset CA path because CA bundle is set explicitly + elseif(CURL_CA_PATH_SET AND _curl_ca_bundle_autodetect) + # Skip auto-detection of unset CA bundle because CA path is set explicitly + elseif(_curl_ca_bundle_autodetect OR _curl_ca_path_autodetect) + # First try auto-detecting a CA bundle, then a CA path + + if(_curl_ca_bundle_autodetect) + foreach(_search_ca_bundle_path IN ITEMS + "/etc/ssl/certs/ca-certificates.crt" + "/etc/pki/tls/certs/ca-bundle.crt" + "/usr/share/ssl/certs/ca-bundle.crt" + "/usr/local/share/certs/ca-root-nss.crt" + "/etc/ssl/cert.pem") + if(EXISTS "${_search_ca_bundle_path}") + message(STATUS "Found CA bundle: ${_search_ca_bundle_path}") + set(CURL_CA_BUNDLE "${_search_ca_bundle_path}" CACHE + STRING "Absolute path to the CA bundle. ${_ca_opt_desc}") + set(CURL_CA_BUNDLE_SET TRUE CACHE BOOL "Absolute path to the CA bundle has been set") + break() + endif() + endforeach() + endif() + + if(_curl_ca_path_autodetect AND NOT CURL_CA_PATH_SET) + set(_search_ca_path "/etc/ssl/certs") + file(GLOB _curl_ca_files_found "${_search_ca_path}/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].0") + if(_curl_ca_files_found) + unset(_curl_ca_files_found) + message(STATUS "Found CA path: ${_search_ca_path}") + set(CURL_CA_PATH "${_search_ca_path}" CACHE + STRING "Absolute path to a directory containing CA certificates stored individually. ${_ca_opt_desc}") + set(CURL_CA_PATH_SET TRUE CACHE BOOL "Absolute path to the CA bundle has been set") endif() - endforeach() + endif() endif() - if(CURL_CA_PATH_AUTODETECT AND (NOT CURL_CA_PATH_SET)) - if(EXISTS "/etc/ssl/certs") - set(CURL_CA_PATH "/etc/ssl/certs" CACHE STRING - "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") - set(CURL_CA_PATH_SET TRUE CACHE BOOL "Path to the CA bundle has been set") + set(CURL_CA_EMBED_SET FALSE) + if(BUILD_CURL_EXE AND NOT CURL_CA_EMBED STREQUAL "") + if(EXISTS "${CURL_CA_EMBED}") + set(CURL_CA_EMBED_SET TRUE) + message(STATUS "Found CA bundle to embed: ${CURL_CA_EMBED}") + else() + message(FATAL_ERROR "CA bundle to embed is missing: '${CURL_CA_EMBED}'") endif() endif() endif() -if(CURL_CA_PATH_SET AND NOT USE_OPENSSL AND NOT USE_MBEDTLS) - message(STATUS - "CA path only supported by OpenSSL, GnuTLS or mbed TLS. " - "Set CURL_CA_PATH=none or enable one of those TLS backends.") +if(WIN32) + option(CURL_DISABLE_CA_SEARCH "Disable unsafe CA bundle search in PATH on Windows" ${_curl_disable_ca_search_default}) + option(CURL_CA_SEARCH_SAFE "Enable safe CA bundle search (within the curl tool directory) on Windows" OFF) endif() +set(CURL_INCLUDES "") + # Check for header files -if(NOT UNIX) - check_include_file_concat("windows.h" HAVE_WINDOWS_H) - check_include_file_concat("winsock.h" HAVE_WINSOCK_H) - check_include_file_concat("ws2tcpip.h" HAVE_WS2TCPIP_H) - check_include_file_concat("winsock2.h" HAVE_WINSOCK2_H) - check_include_file_concat("wincrypt.h" HAVE_WINCRYPT_H) -endif() - -check_include_file_concat("stdio.h" HAVE_STDIO_H) -check_include_file_concat("inttypes.h" HAVE_INTTYPES_H) -check_include_file_concat("sys/filio.h" HAVE_SYS_FILIO_H) -check_include_file_concat("sys/ioctl.h" HAVE_SYS_IOCTL_H) -check_include_file_concat("sys/param.h" HAVE_SYS_PARAM_H) -check_include_file_concat("sys/poll.h" HAVE_SYS_POLL_H) -check_include_file_concat("sys/resource.h" HAVE_SYS_RESOURCE_H) -check_include_file_concat("sys/select.h" HAVE_SYS_SELECT_H) -check_include_file_concat("sys/socket.h" HAVE_SYS_SOCKET_H) -check_include_file_concat("sys/sockio.h" HAVE_SYS_SOCKIO_H) -check_include_file_concat("sys/stat.h" HAVE_SYS_STAT_H) -check_include_file_concat("sys/time.h" HAVE_SYS_TIME_H) -check_include_file_concat("sys/types.h" HAVE_SYS_TYPES_H) -check_include_file_concat("sys/uio.h" HAVE_SYS_UIO_H) -check_include_file_concat("sys/un.h" HAVE_SYS_UN_H) -check_include_file_concat("sys/utime.h" HAVE_SYS_UTIME_H) -check_include_file_concat("sys/xattr.h" HAVE_SYS_XATTR_H) -check_include_file_concat("alloca.h" HAVE_ALLOCA_H) -check_include_file_concat("arpa/inet.h" HAVE_ARPA_INET_H) -check_include_file_concat("arpa/tftp.h" HAVE_ARPA_TFTP_H) -check_include_file_concat("assert.h" HAVE_ASSERT_H) -check_include_file_concat("errno.h" HAVE_ERRNO_H) -check_include_file_concat("fcntl.h" HAVE_FCNTL_H) -check_include_file_concat("idn2.h" HAVE_IDN2_H) -check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H) -check_include_file_concat("io.h" HAVE_IO_H) -check_include_file_concat("krb.h" HAVE_KRB_H) -check_include_file_concat("libgen.h" HAVE_LIBGEN_H) -check_include_file_concat("locale.h" HAVE_LOCALE_H) -check_include_file_concat("net/if.h" HAVE_NET_IF_H) -check_include_file_concat("netdb.h" HAVE_NETDB_H) -check_include_file_concat("netinet/in.h" HAVE_NETINET_IN_H) -check_include_file_concat("netinet/tcp.h" HAVE_NETINET_TCP_H) +if(WIN32) + list(APPEND CURL_INCLUDES "winsock2.h") + list(APPEND CURL_INCLUDES "ws2tcpip.h") + + if(HAVE_WIN32_WINNT AND HAVE_WIN32_WINNT LESS 0x0600) + # Windows Vista is required for freeaddrinfo, getaddrinfo, if_nametoindex + message(FATAL_ERROR "Building for Windows Vista or newer is required.") + endif() +endif() + +if(NOT WIN32) + list(APPEND CURL_INCLUDES "sys/socket.h") +endif() +if(NOT WIN32 OR MINGW) + list(APPEND CURL_INCLUDES "sys/time.h") +endif() + +# Detect headers + +# Use check_include_file_concat_curl() for headers required by subsequent +# check_include_file_concat_curl() or check_symbol_exists() detections. +# Order for these is significant. +check_include_file("sys/eventfd.h" HAVE_SYS_EVENTFD_H) +check_include_file("sys/filio.h" HAVE_SYS_FILIO_H) +check_include_file("sys/ioctl.h" HAVE_SYS_IOCTL_H) +check_include_file("sys/param.h" HAVE_SYS_PARAM_H) +check_include_file("sys/poll.h" HAVE_SYS_POLL_H) +check_include_file("sys/resource.h" HAVE_SYS_RESOURCE_H) +check_include_file_concat_curl("sys/select.h" HAVE_SYS_SELECT_H) +check_include_file("sys/sockio.h" HAVE_SYS_SOCKIO_H) +check_include_file_concat_curl("sys/types.h" HAVE_SYS_TYPES_H) +check_include_file("sys/un.h" HAVE_SYS_UN_H) +check_include_file_concat_curl("sys/utime.h" HAVE_SYS_UTIME_H) # sys/types.h (AmigaOS) + +check_include_file_concat_curl("arpa/inet.h" HAVE_ARPA_INET_H) +check_include_file("dirent.h" HAVE_DIRENT_H) +check_include_file("fcntl.h" HAVE_FCNTL_H) +check_include_file_concat_curl("ifaddrs.h" HAVE_IFADDRS_H) +check_include_file("io.h" HAVE_IO_H) +check_include_file_concat_curl("libgen.h" HAVE_LIBGEN_H) check_include_file("linux/tcp.h" HAVE_LINUX_TCP_H) +check_include_file("locale.h" HAVE_LOCALE_H) +check_include_file_concat_curl("net/if.h" HAVE_NET_IF_H) # sys/select.h (e.g. MS-DOS/Watt-32) +check_include_file_concat_curl("netdb.h" HAVE_NETDB_H) +check_include_file_concat_curl("netinet/in.h" HAVE_NETINET_IN_H) +check_include_file("netinet/in6.h" HAVE_NETINET_IN6_H) +check_include_file_concat_curl("netinet/tcp.h" HAVE_NETINET_TCP_H) # sys/types.h (e.g. Cygwin) netinet/in.h +check_include_file_concat_curl("netinet/udp.h" HAVE_NETINET_UDP_H) # sys/types.h (e.g. Cygwin) +check_include_file("poll.h" HAVE_POLL_H) +check_include_file("pwd.h" HAVE_PWD_H) +check_include_file("stdatomic.h" HAVE_STDATOMIC_H) +check_include_file("stdbool.h" HAVE_STDBOOL_H) +check_include_file("strings.h" HAVE_STRINGS_H) +check_include_file("stropts.h" HAVE_STROPTS_H) +check_include_file("termio.h" HAVE_TERMIO_H) +check_include_file("termios.h" HAVE_TERMIOS_H) +check_include_file_concat_curl("unistd.h" HAVE_UNISTD_H) +check_include_file("utime.h" HAVE_UTIME_H) + +if(AMIGA) + check_include_file_concat_curl("proto/bsdsocket.h" HAVE_PROTO_BSDSOCKET_H) +endif() + +# Pass these detection results to curl_internal_test() for use in CurlTests.c +# Add here all feature flags referenced from CurlTests.c +foreach(_variable IN ITEMS + HAVE_STDATOMIC_H + HAVE_STDBOOL_H + HAVE_STROPTS_H + HAVE_SYS_IOCTL_H + HAVE_SYS_TYPES_H + HAVE_UNISTD_H +) + if(${_variable}) + string(APPEND CURL_TEST_DEFINES " -D${_variable}") + endif() +endforeach() -check_include_file_concat("pem.h" HAVE_PEM_H) -check_include_file_concat("poll.h" HAVE_POLL_H) -check_include_file_concat("pwd.h" HAVE_PWD_H) -check_include_file_concat("setjmp.h" HAVE_SETJMP_H) -check_include_file_concat("signal.h" HAVE_SIGNAL_H) -check_include_file_concat("ssl.h" HAVE_SSL_H) -check_include_file_concat("stdbool.h" HAVE_STDBOOL_H) -check_include_file_concat("stdint.h" HAVE_STDINT_H) -check_include_file_concat("stdio.h" HAVE_STDIO_H) -check_include_file_concat("stdlib.h" HAVE_STDLIB_H) -check_include_file_concat("string.h" HAVE_STRING_H) -check_include_file_concat("strings.h" HAVE_STRINGS_H) -check_include_file_concat("stropts.h" HAVE_STROPTS_H) -check_include_file_concat("termio.h" HAVE_TERMIO_H) -check_include_file_concat("termios.h" HAVE_TERMIOS_H) -check_include_file_concat("time.h" HAVE_TIME_H) -check_include_file_concat("unistd.h" HAVE_UNISTD_H) -check_include_file_concat("utime.h" HAVE_UTIME_H) -check_include_file_concat("x509.h" HAVE_X509_H) - -check_include_file_concat("process.h" HAVE_PROCESS_H) -check_include_file_concat("stddef.h" HAVE_STDDEF_H) -check_include_file_concat("dlfcn.h" HAVE_DLFCN_H) -check_include_file_concat("malloc.h" HAVE_MALLOC_H) -check_include_file_concat("memory.h" HAVE_MEMORY_H) -check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H) -check_include_file_concat("stdint.h" HAVE_STDINT_H) -check_include_file_concat("sockio.h" HAVE_SOCKIO_H) -check_include_file_concat("sys/utsname.h" HAVE_SYS_UTSNAME_H) - -check_type_size(size_t SIZEOF_SIZE_T) -check_type_size(ssize_t SIZEOF_SSIZE_T) -check_type_size("long long" SIZEOF_LONG_LONG) -check_type_size("long" SIZEOF_LONG) -check_type_size("short" SIZEOF_SHORT) -check_type_size("int" SIZEOF_INT) -check_type_size("__int64" SIZEOF___INT64) -check_type_size("long double" SIZEOF_LONG_DOUBLE) -check_type_size("time_t" SIZEOF_TIME_T) +check_type_size("size_t" SIZEOF_SIZE_T) +check_type_size("ssize_t" SIZEOF_SSIZE_T) +check_type_size("long" SIZEOF_LONG) +check_type_size("int" SIZEOF_INT) +check_type_size("__int64" SIZEOF___INT64) +check_type_size("time_t" SIZEOF_TIME_T) +check_type_size("suseconds_t" SIZEOF_SUSECONDS_T) if(NOT HAVE_SIZEOF_SSIZE_T) if(SIZEOF_LONG EQUAL SIZEOF_SIZE_T) - set(ssize_t long) + set(ssize_t "long") endif() if(NOT ssize_t AND SIZEOF___INT64 EQUAL SIZEOF_SIZE_T) - set(ssize_t __int64) + set(ssize_t "__int64") endif() endif() # off_t is sized later, after the HAVE_FILE_OFFSET_BITS test -if(HAVE_SIZEOF_LONG_LONG) - set(HAVE_LONGLONG 1) - set(HAVE_LL 1) +if(SIZEOF_SUSECONDS_T) + set(HAVE_SUSECONDS_T 1) endif() -find_file(RANDOM_FILE urandom /dev) -mark_as_advanced(RANDOM_FILE) - # Check for some functions that are used -if(HAVE_LIBWS2_32) - set(CMAKE_REQUIRED_LIBRARIES ws2_32) + +# Apply to all feature checks +if(WIN32) + list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32") + if(NOT WINDOWS_STORE) + list(APPEND CMAKE_REQUIRED_LIBRARIES "iphlpapi") + endif() elseif(HAVE_LIBSOCKET) - set(CMAKE_REQUIRED_LIBRARIES socket) -endif() - -check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) -check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) -check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT) -check_symbol_exists(poll "${CURL_INCLUDES}" HAVE_POLL) -check_symbol_exists(strdup "${CURL_INCLUDES}" HAVE_STRDUP) -check_symbol_exists(strstr "${CURL_INCLUDES}" HAVE_STRSTR) -check_symbol_exists(strtok_r "${CURL_INCLUDES}" HAVE_STRTOK_R) -check_symbol_exists(strftime "${CURL_INCLUDES}" HAVE_STRFTIME) -check_symbol_exists(uname "${CURL_INCLUDES}" HAVE_UNAME) -check_symbol_exists(strcasecmp "${CURL_INCLUDES}" HAVE_STRCASECMP) -check_symbol_exists(stricmp "${CURL_INCLUDES}" HAVE_STRICMP) -check_symbol_exists(strcmpi "${CURL_INCLUDES}" HAVE_STRCMPI) -check_symbol_exists(strncmpi "${CURL_INCLUDES}" HAVE_STRNCMPI) -check_symbol_exists(alarm "${CURL_INCLUDES}" HAVE_ALARM) -if(NOT HAVE_STRNCMPI) - set(HAVE_STRCMPI) -endif() -check_symbol_exists(getppid "${CURL_INCLUDES}" HAVE_GETPPID) -check_symbol_exists(utimes "${CURL_INCLUDES}" HAVE_UTIMES) - -check_symbol_exists(gettimeofday "${CURL_INCLUDES}" HAVE_GETTIMEOFDAY) -check_symbol_exists(inet_addr "${CURL_INCLUDES}" HAVE_INET_ADDR) -check_symbol_exists(closesocket "${CURL_INCLUDES}" HAVE_CLOSESOCKET) -check_symbol_exists(sigsetjmp "${CURL_INCLUDES}" HAVE_SIGSETJMP) -check_symbol_exists(getpass_r "${CURL_INCLUDES}" HAVE_GETPASS_R) -check_symbol_exists(getpwuid "${CURL_INCLUDES}" HAVE_GETPWUID) -check_symbol_exists(getpwuid_r "${CURL_INCLUDES}" HAVE_GETPWUID_R) -check_symbol_exists(geteuid "${CURL_INCLUDES}" HAVE_GETEUID) -check_symbol_exists(usleep "${CURL_INCLUDES}" HAVE_USLEEP) -check_symbol_exists(utime "${CURL_INCLUDES}" HAVE_UTIME) -check_symbol_exists(gmtime_r "${CURL_INCLUDES}" HAVE_GMTIME_R) -check_symbol_exists(localtime_r "${CURL_INCLUDES}" HAVE_LOCALTIME_R) - -check_symbol_exists(gethostbyname "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME) -check_symbol_exists(gethostbyname_r "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME_R) - -check_symbol_exists(signal "${CURL_INCLUDES}" HAVE_SIGNAL_FUNC) -check_symbol_exists(SIGALRM "${CURL_INCLUDES}" HAVE_SIGNAL_MACRO) -if(HAVE_SIGNAL_FUNC AND HAVE_SIGNAL_MACRO) - set(HAVE_SIGNAL 1) -endif() -check_symbol_exists(uname "${CURL_INCLUDES}" HAVE_UNAME) -check_symbol_exists(strtoll "${CURL_INCLUDES}" HAVE_STRTOLL) -check_symbol_exists(_strtoi64 "${CURL_INCLUDES}" HAVE__STRTOI64) -check_symbol_exists(strerror_r "${CURL_INCLUDES}" HAVE_STRERROR_R) -check_symbol_exists(siginterrupt "${CURL_INCLUDES}" HAVE_SIGINTERRUPT) -check_symbol_exists(getaddrinfo "${CURL_INCLUDES}" HAVE_GETADDRINFO) -check_symbol_exists(freeaddrinfo "${CURL_INCLUDES}" HAVE_FREEADDRINFO) -check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE) -check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE) -check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME) -check_symbol_exists(getpeername "${CURL_INCLUDES}" HAVE_GETPEERNAME) -check_symbol_exists(getsockname "${CURL_INCLUDES}" HAVE_GETSOCKNAME) -check_symbol_exists(if_nametoindex "${CURL_INCLUDES}" HAVE_IF_NAMETOINDEX) -check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT) -check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE) -check_symbol_exists(setmode "${CURL_INCLUDES}" HAVE_SETMODE) -check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT) -check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL) -check_symbol_exists(ioctl "${CURL_INCLUDES}" HAVE_IOCTL) -check_symbol_exists(setsockopt "${CURL_INCLUDES}" HAVE_SETSOCKOPT) -check_function_exists(mach_absolute_time HAVE_MACH_ABSOLUTE_TIME) -check_symbol_exists(inet_pton "${CURL_INCLUDES}" HAVE_INET_PTON) - -check_symbol_exists(fsetxattr "${CURL_INCLUDES}" HAVE_FSETXATTR) -if(HAVE_FSETXATTR) - foreach(CURL_TEST HAVE_FSETXATTR_5 HAVE_FSETXATTR_6) - curl_internal_test(${CURL_TEST}) - endforeach() + list(APPEND CMAKE_REQUIRED_LIBRARIES "socket") +elseif(DOS) + list(APPEND CMAKE_REQUIRED_LIBRARIES "${WATT_ROOT}/lib/libwatt.a") +endif() + +check_function_exists("accept4" HAVE_ACCEPT4) +check_function_exists("fnmatch" HAVE_FNMATCH) +check_symbol_exists("basename" "${CURL_INCLUDES};string.h" HAVE_BASENAME) # libgen.h unistd.h +check_symbol_exists("opendir" "dirent.h" HAVE_OPENDIR) +check_function_exists("poll" HAVE_POLL) # poll.h +check_symbol_exists("socket" "${CURL_INCLUDES}" HAVE_SOCKET) # winsock2.h sys/socket.h +check_symbol_exists("socketpair" "${CURL_INCLUDES}" HAVE_SOCKETPAIR) # sys/socket.h +check_symbol_exists("recv" "${CURL_INCLUDES}" HAVE_RECV) # proto/bsdsocket.h sys/types.h sys/socket.h +check_symbol_exists("send" "${CURL_INCLUDES}" HAVE_SEND) # proto/bsdsocket.h sys/types.h sys/socket.h +check_function_exists("sendmsg" HAVE_SENDMSG) +check_function_exists("sendmmsg" HAVE_SENDMMSG) +check_symbol_exists("select" "${CURL_INCLUDES}" HAVE_SELECT) # proto/bsdsocket.h sys/select.h sys/socket.h +check_symbol_exists("memrchr" "string.h" HAVE_MEMRCHR) +check_symbol_exists("alarm" "unistd.h" HAVE_ALARM) +check_symbol_exists("fcntl" "fcntl.h" HAVE_FCNTL) +check_function_exists("getppid" HAVE_GETPPID) +check_function_exists("utimes" HAVE_UTIMES) + +check_function_exists("gettimeofday" HAVE_GETTIMEOFDAY) # sys/time.h +check_symbol_exists("closesocket" "${CURL_INCLUDES}" HAVE_CLOSESOCKET) # winsock2.h +check_symbol_exists("sigsetjmp" "setjmp.h" HAVE_SIGSETJMP) +check_function_exists("getpass_r" HAVE_GETPASS_R) +check_function_exists("getpwuid" HAVE_GETPWUID) +check_function_exists("getpwuid_r" HAVE_GETPWUID_R) +check_function_exists("geteuid" HAVE_GETEUID) +check_function_exists("utime" HAVE_UTIME) +check_symbol_exists("gmtime_r" "stdlib.h;time.h" HAVE_GMTIME_R) +check_symbol_exists("localtime_r" "stdlib.h;time.h" HAVE_LOCALTIME_R) + +check_symbol_exists("gethostbyname_r" "netdb.h" HAVE_GETHOSTBYNAME_R) +check_symbol_exists("gethostname" "${CURL_INCLUDES}" HAVE_GETHOSTNAME) # winsock2.h unistd.h proto/bsdsocket.h + +check_symbol_exists("signal" "signal.h" HAVE_SIGNAL) +check_symbol_exists("strerror_r" "stdlib.h;string.h" HAVE_STRERROR_R) +check_symbol_exists("sigaction" "signal.h" HAVE_SIGACTION) +check_symbol_exists("siginterrupt" "signal.h" HAVE_SIGINTERRUPT) +check_symbol_exists("getaddrinfo" "${CURL_INCLUDES};stdlib.h;string.h" HAVE_GETADDRINFO) # ws2tcpip.h sys/socket.h netdb.h +check_symbol_exists("getifaddrs" "${CURL_INCLUDES};stdlib.h" HAVE_GETIFADDRS) # ifaddrs.h +check_symbol_exists("freeaddrinfo" "${CURL_INCLUDES}" HAVE_FREEADDRINFO) # ws2tcpip.h sys/socket.h netdb.h +check_function_exists("pipe" HAVE_PIPE) +check_function_exists("pipe2" HAVE_PIPE2) +check_function_exists("eventfd" HAVE_EVENTFD) +check_symbol_exists("ftruncate" "unistd.h" HAVE_FTRUNCATE) +check_symbol_exists("getpeername" "${CURL_INCLUDES}" HAVE_GETPEERNAME) # winsock2.h unistd.h proto/bsdsocket.h +check_symbol_exists("getsockname" "${CURL_INCLUDES}" HAVE_GETSOCKNAME) # winsock2.h unistd.h proto/bsdsocket.h +check_function_exists("getrlimit" HAVE_GETRLIMIT) +check_function_exists("setlocale" HAVE_SETLOCALE) +check_function_exists("setrlimit" HAVE_SETRLIMIT) + +if(NOT WIN32) + check_function_exists("if_nametoindex" HAVE_IF_NAMETOINDEX) # net/if.h + check_function_exists("realpath" HAVE_REALPATH) + check_function_exists("sched_yield" HAVE_SCHED_YIELD) + check_symbol_exists("strcasecmp" "string.h" HAVE_STRCASECMP) + check_symbol_exists("stricmp" "string.h" HAVE_STRICMP) + check_symbol_exists("strcmpi" "string.h" HAVE_STRCMPI) +endif() + +if(AMIGA) + check_symbol_exists("CloseSocket" "${CURL_INCLUDES}" HAVE_CLOSESOCKET_CAMEL) # sys/socket.h proto/bsdsocket.h +endif() + +if(NOT _ssl_enabled) + check_symbol_exists("arc4random" "${CURL_INCLUDES};stdlib.h" HAVE_ARC4RANDOM) endif() -set(CMAKE_EXTRA_INCLUDE_FILES "sys/socket.h") -check_type_size("sa_family_t" SIZEOF_SA_FAMILY_T) -set(HAVE_SA_FAMILY_T ${HAVE_SIZEOF_SA_FAMILY_T}) -set(CMAKE_EXTRA_INCLUDE_FILES "") - -set(CMAKE_EXTRA_INCLUDE_FILES "ws2def.h") -check_type_size("ADDRESS_FAMILY" SIZEOF_ADDRESS_FAMILY) -set(HAVE_ADDRESS_FAMILY ${HAVE_SIZEOF_ADDRESS_FAMILY}) -set(CMAKE_EXTRA_INCLUDE_FILES "") - -# sigaction and sigsetjmp are special. Use special mechanism for -# detecting those, but only if previous attempt failed. -if(HAVE_SIGNAL_H) - check_symbol_exists(sigaction "signal.h" HAVE_SIGACTION) +if(APPLE) + check_function_exists("mach_absolute_time" HAVE_MACH_ABSOLUTE_TIME) +endif() +if(NOT WIN32) + check_symbol_exists("inet_ntop" "${CURL_INCLUDES};stdlib.h;string.h" HAVE_INET_NTOP) # arpa/inet.h netinet/in.h sys/socket.h + check_symbol_exists("inet_pton" "${CURL_INCLUDES};stdlib.h;string.h" HAVE_INET_PTON) # arpa/inet.h netinet/in.h sys/socket.h endif() -if(NOT HAVE_SIGSETJMP) - if(HAVE_SETJMP_H) - check_symbol_exists(sigsetjmp "setjmp.h" HAVE_MACRO_SIGSETJMP) - if(HAVE_MACRO_SIGSETJMP) - set(HAVE_SIGSETJMP 1) - endif() - endif() +check_symbol_exists("fsetxattr" "sys/xattr.h" HAVE_FSETXATTR) +if(HAVE_FSETXATTR) + curl_internal_test(HAVE_FSETXATTR_5) + curl_internal_test(HAVE_FSETXATTR_6) endif() -# If there is no stricmp(), do not allow LDAP to parse URLs -if(NOT HAVE_STRICMP) - set(HAVE_LDAP_URL_PARSE 1) +cmake_push_check_state() +if(NOT WIN32) + list(APPEND CMAKE_EXTRA_INCLUDE_FILES "sys/socket.h") + check_type_size("sa_family_t" SIZEOF_SA_FAMILY_T) + set(HAVE_SA_FAMILY_T ${HAVE_SIZEOF_SA_FAMILY_T}) endif() +cmake_pop_check_state() # Do curl specific tests -foreach(CURL_TEST +foreach(_curl_test IN ITEMS HAVE_FCNTL_O_NONBLOCK HAVE_IOCTLSOCKET HAVE_IOCTLSOCKET_CAMEL @@ -1102,472 +1688,760 @@ foreach(CURL_TEST HAVE_IOCTL_FIONBIO HAVE_IOCTL_SIOCGIFADDR HAVE_SETSOCKOPT_SO_NONBLOCK - HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID - TIME_WITH_SYS_TIME - HAVE_O_NONBLOCK HAVE_GETHOSTBYNAME_R_3 HAVE_GETHOSTBYNAME_R_5 HAVE_GETHOSTBYNAME_R_6 - HAVE_GETHOSTBYNAME_R_3_REENTRANT - HAVE_GETHOSTBYNAME_R_5_REENTRANT - HAVE_GETHOSTBYNAME_R_6_REENTRANT - HAVE_IN_ADDR_T HAVE_BOOL_T STDC_HEADERS - HAVE_GETADDRINFO - HAVE_FILE_OFFSET_BITS - HAVE_VARIADIC_MACROS_C99 - HAVE_VARIADIC_MACROS_GCC - ) - curl_internal_test(${CURL_TEST}) -endforeach() - -if(HAVE_FILE_OFFSET_BITS) - set(_FILE_OFFSET_BITS 64) - set(CMAKE_REQUIRED_FLAGS "-D_FILE_OFFSET_BITS=64") -endif() -check_type_size("off_t" SIZEOF_OFF_T) - -# include this header to get the type -set(CMAKE_REQUIRED_INCLUDES "${CURL_SOURCE_DIR}/include") -set(CMAKE_EXTRA_INCLUDE_FILES "curl/system.h") -check_type_size("curl_off_t" SIZEOF_CURL_OFF_T) -set(CMAKE_EXTRA_INCLUDE_FILES "") - -set(CMAKE_REQUIRED_FLAGS) - -foreach(CURL_TEST - HAVE_GLIBC_STRERROR_R - HAVE_POSIX_STRERROR_R - ) - curl_internal_test(${CURL_TEST}) + HAVE_ATOMIC +) + curl_internal_test(${_curl_test}) endforeach() # Check for reentrant -foreach(CURL_TEST +cmake_push_check_state() +list(APPEND CMAKE_REQUIRED_DEFINITIONS "-D_REENTRANT") +foreach(_curl_test IN ITEMS HAVE_GETHOSTBYNAME_R_3 HAVE_GETHOSTBYNAME_R_5 HAVE_GETHOSTBYNAME_R_6) - if(NOT ${CURL_TEST}) - if(${CURL_TEST}_REENTRANT) - set(NEED_REENTRANT 1) - endif() + curl_internal_test(${_curl_test}_REENTRANT) + if(NOT ${_curl_test} AND ${_curl_test}_REENTRANT) + set(NEED_REENTRANT 1) endif() endforeach() +cmake_pop_check_state() if(NEED_REENTRANT) - foreach(CURL_TEST + foreach(_curl_test IN ITEMS HAVE_GETHOSTBYNAME_R_3 HAVE_GETHOSTBYNAME_R_5 HAVE_GETHOSTBYNAME_R_6) - set(${CURL_TEST} 0) - if(${CURL_TEST}_REENTRANT) - set(${CURL_TEST} 1) + set(${_curl_test} 0) + if(${_curl_test}_REENTRANT) + set(${_curl_test} 1) endif() endforeach() endif() -# Check clock_gettime(CLOCK_MONOTONIC, x) support -curl_internal_test(HAVE_CLOCK_GETTIME_MONOTONIC) +cmake_push_check_state() +list(APPEND CMAKE_REQUIRED_DEFINITIONS "-D_FILE_OFFSET_BITS=64") +curl_internal_test(HAVE_FILE_OFFSET_BITS) +cmake_pop_check_state() -# Check compiler support of __builtin_available() -curl_internal_test(HAVE_BUILTIN_AVAILABLE) +cmake_push_check_state() +if(HAVE_FILE_OFFSET_BITS) + set(_FILE_OFFSET_BITS 64) + list(APPEND CMAKE_REQUIRED_DEFINITIONS "-D_FILE_OFFSET_BITS=64") +endif() +check_type_size("off_t" SIZEOF_OFF_T) -# Some other minor tests +if(NOT WIN32) + # fseeko may not exist with _FILE_OFFSET_BITS=64 but can exist with + # _FILE_OFFSET_BITS unset or 32 (as in Android ARMv7 with NDK 26b and API level < 24) + # so we need to test fseeko after testing for _FILE_OFFSET_BITS + check_symbol_exists("fseeko" "${CURL_INCLUDES};stdio.h" HAVE_FSEEKO) -if(NOT HAVE_IN_ADDR_T) - set(in_addr_t "unsigned long") + if(HAVE_FSEEKO) + set(HAVE_DECL_FSEEKO 1) + endif() endif() -# Fix libz / zlib.h +# Include this header to get the type +cmake_push_check_state() +list(APPEND CMAKE_REQUIRED_INCLUDES "${PROJECT_SOURCE_DIR}/include") +list(APPEND CMAKE_EXTRA_INCLUDE_FILES "curl/system.h") +check_type_size("curl_off_t" SIZEOF_CURL_OFF_T) +list(APPEND CMAKE_EXTRA_INCLUDE_FILES "curl/curl.h") +check_type_size("curl_socket_t" SIZEOF_CURL_SOCKET_T) +cmake_pop_check_state() # pop curl system headers +cmake_pop_check_state() # pop -D_FILE_OFFSET_BITS=64 -if(NOT CURL_SPECIAL_LIBZ) - if(NOT HAVE_LIBZ) - set(HAVE_ZLIB_H 0) - endif() +if(NOT WIN32 AND NOT CMAKE_CROSSCOMPILING) + # On non-Windows and not cross-compiling, check for writable argv[] + include(CheckCSourceRuns) + check_c_source_runs(" + int main(int argc, char **argv) + { + (void)argc; + argv[0][0] = ' '; + return (argv[0][0] == ' ') ? 0 : 1; + }" HAVE_WRITABLE_ARGV) +endif() - if(NOT HAVE_ZLIB_H) - set(HAVE_LIBZ 0) - endif() +if(NOT CMAKE_CROSSCOMPILING) + include(CheckCSourceRuns) + check_c_source_runs(" + #include + int main(void) { + time_t t = -1; + return t < 0; + }" HAVE_TIME_T_UNSIGNED) endif() -# Check for nonblocking -set(HAVE_DISABLED_NONBLOCKING 1) -if(HAVE_FIONBIO OR - HAVE_IOCTLSOCKET OR - HAVE_IOCTLSOCKET_CASE OR - HAVE_O_NONBLOCK) - set(HAVE_DISABLED_NONBLOCKING) +curl_internal_test(HAVE_GLIBC_STRERROR_R) +curl_internal_test(HAVE_POSIX_STRERROR_R) + +if(NOT WIN32) + curl_internal_test(HAVE_CLOCK_GETTIME_MONOTONIC) # Check clock_gettime(CLOCK_MONOTONIC, x) support endif() -if(CMAKE_COMPILER_IS_GNUCC AND APPLE) - include(CheckCCompilerFlag) - check_c_compiler_flag(-Wno-long-double HAVE_C_FLAG_Wno_long_double) - if(HAVE_C_FLAG_Wno_long_double) - # The Mac version of GCC warns about use of long double. Disable it. - get_source_file_property(MPRINTF_COMPILE_FLAGS mprintf.c COMPILE_FLAGS) - if(MPRINTF_COMPILE_FLAGS) - set(MPRINTF_COMPILE_FLAGS "${MPRINTF_COMPILE_FLAGS} -Wno-long-double") - else() - set(MPRINTF_COMPILE_FLAGS "-Wno-long-double") - endif() - set_source_files_properties(mprintf.c PROPERTIES - COMPILE_FLAGS ${MPRINTF_COMPILE_FLAGS}) - endif() +if(APPLE) + curl_internal_test(HAVE_BUILTIN_AVAILABLE) # Check compiler support of __builtin_available() endif() -# TODO test which of these headers are required -if(WIN32) - set(CURL_PULL_WS2TCPIP_H ${HAVE_WS2TCPIP_H}) -else() - set(CURL_PULL_SYS_TYPES_H ${HAVE_SYS_TYPES_H}) - set(CURL_PULL_SYS_SOCKET_H ${HAVE_SYS_SOCKET_H}) - set(CURL_PULL_SYS_POLL_H ${HAVE_SYS_POLL_H}) +# Some other minor tests + +if(_cmake_try_compile_target_type_save) + set(CMAKE_TRY_COMPILE_TARGET_TYPE ${_cmake_try_compile_target_type_save}) + unset(_cmake_try_compile_target_type_save) endif() -set(CURL_PULL_STDINT_H ${HAVE_STDINT_H}) -set(CURL_PULL_INTTYPES_H ${HAVE_INTTYPES_H}) include(CMake/OtherTests.cmake) -add_definitions(-DHAVE_CONFIG_H) +set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS "HAVE_CONFIG_H") -# For Windows, all compilers used by CMake should support large files if(WIN32) - set(USE_WIN32_LARGE_FILES ON) - - # Use the manifest embedded in the Windows Resource - set(CMAKE_RC_FLAGS "${CMAKE_RC_FLAGS} -DCURL_EMBED_MANIFEST") - - # Check if crypto functions in wincrypt.h are actually available - if(HAVE_WINCRYPT_H) - check_symbol_exists(CryptAcquireContext "${CURL_INCLUDES}" USE_WINCRYPT) + list(APPEND CURL_NETWORK_AND_TIME_LIBS "ws2_32") + if(NOT WINDOWS_STORE) + list(APPEND CURL_NETWORK_AND_TIME_LIBS "iphlpapi") # for if_nametoindex() endif() - if(USE_WINCRYPT) + list(APPEND CURL_LIBS "bcrypt") # for BCryptGenRandom() + + # We use crypto functions that are not available for UWP apps + if(NOT WINDOWS_STORE) set(USE_WIN32_CRYPTO ON) endif() # Link required libraries for USE_WIN32_CRYPTO or USE_SCHANNEL if(USE_WIN32_CRYPTO OR USE_SCHANNEL) - list(APPEND CURL_LIBS "advapi32" "crypt32") + # for CryptAcquireContext(), CryptCreateHash(), CryptDestroyHash(), CryptGetHashParam(), CryptHashData(), + # CryptReleaseContext() in NTLM, md4, md5, sha256, Schannel + # for CryptDestroyKey(), CryptEncrypt(), CryptImportKey() in NTLM + list(APPEND CURL_LIBS "advapi32") + # for Cert*() in openssl.c Native CA, Schannel + # for CryptDecodeObjectEx(), CryptQueryObject(), CryptStringToBinary(), PFXImportCertStore() in Schannel + list(APPEND CURL_LIBS "crypt32") + endif() + if(USE_WINDOWS_SSPI) + list(APPEND CURL_LIBS "secur32") # for InitSecurityInterface() endif() endif() -if(MSVC) - # Disable default manifest added by CMake - set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /MANIFEST:NO") - - add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE) - if(CMAKE_C_FLAGS MATCHES "/W[0-4]") - string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") - else() - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W4") +list(APPEND CURL_LIBS ${CURL_NETWORK_AND_TIME_LIBS}) +if(CURL_CODE_COVERAGE) + list(APPEND CURL_LIBS ${CURL_COVERAGE_LIBS}) +endif() + +# Hack to add some libraries to the end of the library list to make binutils ld +# for GCC find symbols when linking statically. Necessary for libs detected via +# CMake's built-in find modules, which CMake adds to the beginning of the lib +# list on the linker command-line for some reason. This makes them appear +# before dependencies detected via curl's custom Find modules, and breaks +# linkers sensitive to lib order. There must be a better solution to this. +# Enable the workaround for all compilers, to make it available when using GCC +# to consume libcurl, regardless of the compiler used to build libcurl itself. +if(CMAKE_C_COMPILER_ID STREQUAL "GNU") + if(USE_OPENSSL AND TARGET OpenSSL::Crypto) + add_library(CURL::OpenSSL_Crypto INTERFACE IMPORTED) + set_target_properties(CURL::OpenSSL_Crypto PROPERTIES INTERFACE_LINK_LIBRARIES OpenSSL::Crypto) + list(APPEND CURL_LIBS CURL::OpenSSL_Crypto) endif() - - # Use multithreaded compilation on VS 2008+ - if(MSVC_VERSION GREATER_EQUAL 1500) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /MP") + if(HAVE_LIBZ AND TARGET ZLIB::ZLIB) + add_library(CURL::ZLIB INTERFACE IMPORTED) + set_target_properties(CURL::ZLIB PROPERTIES INTERFACE_LINK_LIBRARIES ZLIB::ZLIB) + list(APPEND CURL_LIBS CURL::ZLIB) + endif() + if(WIN32) + add_library(CURL::win32_winsock INTERFACE IMPORTED) + set_target_properties(CURL::win32_winsock PROPERTIES INTERFACE_LINK_LIBRARIES "ws2_32") + list(APPEND CURL_LIBS CURL::win32_winsock) endif() endif() -if(CURL_WERROR) - if(MSVC_VERSION) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") - else() - # this assumes clang or gcc style options - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") - endif() +if(CMAKE_C_COMPILER_ID STREQUAL "MSVC") # MSVC but exclude clang-cl + set_property(DIRECTORY APPEND PROPERTY COMPILE_OPTIONS "-MP") # Parallel compilation endif() if(CURL_LTO) - if(CMAKE_VERSION VERSION_LESS 3.9) - message(FATAL_ERROR "Requested LTO but your cmake version ${CMAKE_VERSION} is to old. You need at least 3.9") - endif() - - cmake_policy(SET CMP0069 NEW) - include(CheckIPOSupported) - check_ipo_supported(RESULT CURL_HAS_LTO OUTPUT CURL_LTO_ERROR LANGUAGES C) + check_ipo_supported(RESULT CURL_HAS_LTO OUTPUT _lto_error LANGUAGES C) if(CURL_HAS_LTO) message(STATUS "LTO supported and enabled") else() - message(FATAL_ERROR "LTO was requested - but compiler doesn't support it\n${CURL_LTO_ERROR}") + message(FATAL_ERROR "LTO has been requested, but the compiler does not support it\n${_lto_error}") endif() endif() +# Ugly (but functional) way to include "Makefile.inc" by transforming it +# (= regenerate it). +function(curl_transform_makefile_inc _input_file _output_file) + file(READ ${_input_file} _makefile_inc_text) + string(REPLACE "$(top_srcdir)" "\${PROJECT_SOURCE_DIR}" _makefile_inc_text ${_makefile_inc_text}) # cmake-lint: disable=W0106 + string(REPLACE "$(top_builddir)" "\${PROJECT_BINARY_DIR}" _makefile_inc_text ${_makefile_inc_text}) # cmake-lint: disable=W0106 -# Ugly (but functional) way to include "Makefile.inc" by transforming it (= regenerate it). -function(transform_makefile_inc INPUT_FILE OUTPUT_FILE) - file(READ ${INPUT_FILE} MAKEFILE_INC_TEXT) - string(REPLACE "$(top_srcdir)" "\${CURL_SOURCE_DIR}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) - string(REPLACE "$(top_builddir)" "\${CURL_BINARY_DIR}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) + string(REGEX REPLACE "\\\\\n" "!^!^!" _makefile_inc_text ${_makefile_inc_text}) + string(REGEX REPLACE "([a-zA-Z_][a-zA-Z0-9_]*)[\t ]*=[\t ]*([^\n]*)" "set(\\1 \\2)" _makefile_inc_text ${_makefile_inc_text}) + string(REPLACE "!^!^!" "\n" _makefile_inc_text ${_makefile_inc_text}) - string(REGEX REPLACE "\\\\\n" "!π!α!" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) - string(REGEX REPLACE "([a-zA-Z_][a-zA-Z0-9_]*)[\t ]*=[\t ]*([^\n]*)" "SET(\\1 \\2)" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) - string(REPLACE "!π!α!" "\n" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) + # Replace $() with ${} + string(REGEX REPLACE "\\$\\(([a-zA-Z_][a-zA-Z0-9_]*)\\)" "\${\\1}" _makefile_inc_text ${_makefile_inc_text}) + # Replace @@ with ${}, even if that may not be read by CMake scripts. + string(REGEX REPLACE "@([a-zA-Z_][a-zA-Z0-9_]*)@" "\${\\1}" _makefile_inc_text ${_makefile_inc_text}) - string(REGEX REPLACE "\\$\\(([a-zA-Z_][a-zA-Z0-9_]*)\\)" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) # Replace $() with ${} - string(REGEX REPLACE "@([a-zA-Z_][a-zA-Z0-9_]*)@" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) # Replace @@ with ${}, even if that may not be read by CMake scripts. - file(WRITE ${OUTPUT_FILE} ${MAKEFILE_INC_TEXT}) - set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS "${INPUT_FILE}") + file(WRITE ${_output_file} ${_makefile_inc_text}) + set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS "${_input_file}") endfunction() include(GNUInstallDirs) -set(CURL_INSTALL_CMAKE_DIR ${CMAKE_INSTALL_LIBDIR}/cmake/${PROJECT_NAME}) +set(_install_cmake_dir "${CMAKE_INSTALL_LIBDIR}/cmake/${PROJECT_NAME}") set(TARGETS_EXPORT_NAME "${PROJECT_NAME}Targets") -set(generated_dir "${CMAKE_CURRENT_BINARY_DIR}/generated") -set(project_config "${generated_dir}/${PROJECT_NAME}Config.cmake") -set(version_config "${generated_dir}/${PROJECT_NAME}ConfigVersion.cmake") +set(_generated_dir "${CMAKE_CURRENT_BINARY_DIR}/generated") +set(_project_config "${_generated_dir}/${PROJECT_NAME}Config.cmake") +set(_version_config "${_generated_dir}/${PROJECT_NAME}ConfigVersion.cmake") + +option(BUILD_TESTING "Build tests" ON) +if(BUILD_TESTING AND Perl_FOUND) + set(CURL_BUILD_TESTING ON) +else() + set(CURL_BUILD_TESTING OFF) +endif() -if(USE_MANUAL) +if(Perl_FOUND) + set(CURL_MANPAGE "${PROJECT_BINARY_DIR}/docs/cmdline-opts/curl.1") + set(CURL_ASCIIPAGE "${PROJECT_BINARY_DIR}/docs/cmdline-opts/curl.txt") add_subdirectory(docs) endif() +add_subdirectory(scripts) # for shell completions + add_subdirectory(lib) if(BUILD_CURL_EXE) add_subdirectory(src) endif() -cmake_dependent_option(BUILD_TESTING "Build tests" - ON "PERL_FOUND;NOT CURL_DISABLE_TESTS" - OFF) -if(BUILD_TESTING) +option(BUILD_EXAMPLES "Build libcurl examples" ON) +if(BUILD_EXAMPLES) + add_subdirectory(docs/examples) +endif() + +if(CURL_BUILD_TESTING) add_subdirectory(tests) endif() -# Helper to populate a list (_items) with a label when conditions (the remaining -# args) are satisfied -macro(_add_if label) - # needs to be a macro to allow this indirection +# Helper to populate a list (_items) with a label when conditions +# (the remaining args) are satisfied +macro(curl_add_if _label) + # Needs to be a macro to allow this indirection if(${ARGN}) - set(_items ${_items} "${label}") + list(APPEND _items "${_label}") endif() endmacro() -# NTLM support requires crypto function adaptions from various SSL libs -# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS -if(NOT (CURL_DISABLE_CRYPTO_AUTH OR CURL_DISABLE_NTLM) AND - (USE_OPENSSL OR USE_MBEDTLS OR USE_DARWINSSL OR USE_WIN32_CRYPTO)) - set(use_curl_ntlm_core ON) +# NTLM support requires crypto functions from various SSL libs. +# These conditions must match those in lib/curl_setup.h. +if(CURL_ENABLE_NTLM AND + ((USE_OPENSSL AND HAVE_DES_ECB_ENCRYPT) OR + (USE_MBEDTLS AND HAVE_MBEDTLS_DES_CRYPT_ECB) OR + USE_GNUTLS OR + USE_WIN32_CRYPTO OR + (USE_WOLFSSL AND HAVE_WOLFSSL_DES_ECB_ENCRYPT))) + set(_use_curl_ntlm_core ON) endif() -# Clear list and try to detect available features -set(_items) -_add_if("SSL" SSL_ENABLED) -_add_if("IPv6" ENABLE_IPV6) -_add_if("unixsockets" USE_UNIX_SOCKETS) -_add_if("libz" HAVE_LIBZ) -_add_if("brotli" HAVE_BROTLI) -_add_if("zstd" HAVE_ZSTD) -_add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32) -_add_if("IDN" HAVE_LIBIDN2 OR USE_WIN32_IDN) -_add_if("Largefile" (SIZEOF_CURL_OFF_T GREATER 4) AND - ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES)) -# TODO SSP1 (Schannel) check is missing -_add_if("SSPI" USE_WINDOWS_SSPI) -_add_if("GSS-API" HAVE_GSSAPI) -_add_if("alt-svc" NOT CURL_DISABLE_ALTSVC) -_add_if("HSTS" NOT CURL_DISABLE_HSTS) -# TODO SSP1 missing for SPNEGO -_add_if("SPNEGO" NOT CURL_DISABLE_CRYPTO_AUTH AND - (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) -_add_if("Kerberos" NOT CURL_DISABLE_CRYPTO_AUTH AND - (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) -# NTLM support requires crypto function adaptions from various SSL libs -# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS -_add_if("NTLM" NOT (CURL_DISABLE_CRYPTO_AUTH OR CURL_DISABLE_NTLM) AND - (use_curl_ntlm_core OR USE_WINDOWS_SSPI)) -# TODO missing option (autoconf: --enable-ntlm-wb) -_add_if("NTLM_WB" NOT (CURL_DISABLE_CRYPTO_AUTH OR CURL_DISABLE_NTLM) AND - (use_curl_ntlm_core OR USE_WINDOWS_SSPI) AND - NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED) -# TODO missing option (--enable-tls-srp), depends on GNUTLS_SRP/OPENSSL_SRP -_add_if("TLS-SRP" USE_TLS_SRP) -# TODO option --with-nghttp2 tests for nghttp2 lib and nghttp2/nghttp2.h header -_add_if("HTTP2" USE_NGHTTP2) -_add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE) -_add_if("MultiSSL" CURL_WITH_MULTI_SSL) -_add_if("HTTPS-proxy" SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS OR USE_NSS)) -_add_if("unicode" ENABLE_UNICODE) -string(REPLACE ";" " " SUPPORT_FEATURES "${_items}") -message(STATUS "Enabled features: ${SUPPORT_FEATURES}") - # Clear list and try to detect available protocols -set(_items) -_add_if("HTTP" NOT CURL_DISABLE_HTTP) -_add_if("HTTPS" NOT CURL_DISABLE_HTTP AND SSL_ENABLED) -_add_if("FTP" NOT CURL_DISABLE_FTP) -_add_if("FTPS" NOT CURL_DISABLE_FTP AND SSL_ENABLED) -_add_if("FILE" NOT CURL_DISABLE_FILE) -_add_if("TELNET" NOT CURL_DISABLE_TELNET) -_add_if("LDAP" NOT CURL_DISABLE_LDAP) +set(_items "") +curl_add_if("HTTP" NOT CURL_DISABLE_HTTP) +curl_add_if("HTTPS" NOT CURL_DISABLE_HTTP AND _ssl_enabled) +curl_add_if("FTP" NOT CURL_DISABLE_FTP) +curl_add_if("FTPS" NOT CURL_DISABLE_FTP AND _ssl_enabled) +curl_add_if("FILE" NOT CURL_DISABLE_FILE) +curl_add_if("TELNET" NOT CURL_DISABLE_TELNET) +curl_add_if("LDAP" NOT CURL_DISABLE_LDAP) # CURL_DISABLE_LDAP implies CURL_DISABLE_LDAPS -# TODO check HAVE_LDAP_SSL (in autoconf this is enabled with --enable-ldaps) -_add_if("LDAPS" NOT CURL_DISABLE_LDAPS AND - ((USE_OPENLDAP AND SSL_ENABLED) OR - (NOT USE_OPENLDAP AND HAVE_LDAP_SSL))) -_add_if("DICT" NOT CURL_DISABLE_DICT) -_add_if("TFTP" NOT CURL_DISABLE_TFTP) -_add_if("GOPHER" NOT CURL_DISABLE_GOPHER) -_add_if("GOPHERS" NOT CURL_DISABLE_GOPHER AND SSL_ENABLED) -_add_if("POP3" NOT CURL_DISABLE_POP3) -_add_if("POP3S" NOT CURL_DISABLE_POP3 AND SSL_ENABLED) -_add_if("IMAP" NOT CURL_DISABLE_IMAP) -_add_if("IMAPS" NOT CURL_DISABLE_IMAP AND SSL_ENABLED) -_add_if("SMB" NOT CURL_DISABLE_SMB AND - use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) -_add_if("SMBS" NOT CURL_DISABLE_SMB AND SSL_ENABLED AND - use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) -_add_if("SMTP" NOT CURL_DISABLE_SMTP) -_add_if("SMTPS" NOT CURL_DISABLE_SMTP AND SSL_ENABLED) -_add_if("SCP" USE_LIBSSH2 OR USE_LIBSSH) -_add_if("SFTP" USE_LIBSSH2 OR USE_LIBSSH) -_add_if("RTSP" NOT CURL_DISABLE_RTSP) -_add_if("RTMP" USE_LIBRTMP) -_add_if("MQTT" NOT CURL_DISABLE_MQTT) +curl_add_if("LDAPS" NOT CURL_DISABLE_LDAPS AND + ((USE_OPENLDAP AND _ssl_enabled) OR + (NOT USE_OPENLDAP AND HAVE_LDAP_SSL))) +curl_add_if("DICT" NOT CURL_DISABLE_DICT) +curl_add_if("TFTP" NOT CURL_DISABLE_TFTP) +curl_add_if("GOPHER" NOT CURL_DISABLE_GOPHER) +curl_add_if("GOPHERS" NOT CURL_DISABLE_GOPHER AND _ssl_enabled) +curl_add_if("POP3" NOT CURL_DISABLE_POP3) +curl_add_if("POP3S" NOT CURL_DISABLE_POP3 AND _ssl_enabled) +curl_add_if("IMAP" NOT CURL_DISABLE_IMAP) +curl_add_if("IMAPS" NOT CURL_DISABLE_IMAP AND _ssl_enabled) +curl_add_if("SMB" NOT CURL_DISABLE_SMB AND + _use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) +curl_add_if("SMBS" NOT CURL_DISABLE_SMB AND _ssl_enabled AND + _use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) +curl_add_if("SMTP" NOT CURL_DISABLE_SMTP) +curl_add_if("SMTPS" NOT CURL_DISABLE_SMTP AND _ssl_enabled) +curl_add_if("SCP" USE_LIBSSH2 OR USE_LIBSSH) +curl_add_if("SFTP" USE_LIBSSH2 OR USE_LIBSSH) +curl_add_if("IPFS" NOT CURL_DISABLE_IPFS) +curl_add_if("IPNS" NOT CURL_DISABLE_IPFS) +curl_add_if("RTSP" NOT CURL_DISABLE_RTSP) +curl_add_if("MQTT" NOT CURL_DISABLE_MQTT) +curl_add_if("MQTTS" NOT CURL_DISABLE_MQTT AND _ssl_enabled) +curl_add_if("WS" NOT CURL_DISABLE_WEBSOCKETS) +curl_add_if("WSS" NOT CURL_DISABLE_WEBSOCKETS AND _ssl_enabled) if(_items) list(SORT _items) endif() +set(CURL_SUPPORTED_PROTOCOLS_LIST "${_items}") string(REPLACE ";" " " SUPPORT_PROTOCOLS "${_items}") -message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}") +string(TOLOWER "${SUPPORT_PROTOCOLS}" _support_protocols_lower) +message(STATUS "Protocols: ${_support_protocols_lower}") + +# Clear list and try to detect available features +set(_items "") +curl_add_if("SSL" _ssl_enabled) +curl_add_if("IPv6" USE_IPV6) +curl_add_if("UnixSockets" USE_UNIX_SOCKETS) +curl_add_if("libz" HAVE_LIBZ) +curl_add_if("brotli" HAVE_BROTLI) +curl_add_if("gsasl" USE_GSASL) +curl_add_if("zstd" HAVE_ZSTD) +curl_add_if("AsynchDNS" USE_RESOLV_ARES OR USE_RESOLV_THREADED) +curl_add_if("asyn-rr" USE_ARES AND USE_RESOLV_THREADED AND USE_HTTPSRR) +curl_add_if("IDN" (HAVE_LIBIDN2 AND HAVE_IDN2_H) OR + USE_WIN32_IDN OR + USE_APPLE_IDN) +curl_add_if("Largefile" (SIZEOF_CURL_OFF_T GREATER 4) AND ((SIZEOF_OFF_T GREATER 4) OR WIN32)) +curl_add_if("SSPI" USE_WINDOWS_SSPI) +curl_add_if("GSS-API" HAVE_GSSAPI) +curl_add_if("alt-svc" NOT CURL_DISABLE_ALTSVC) +curl_add_if("HSTS" NOT CURL_DISABLE_HSTS) +curl_add_if("SPNEGO" NOT CURL_DISABLE_NEGOTIATE_AUTH AND + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) +curl_add_if("Kerberos" NOT CURL_DISABLE_KERBEROS_AUTH AND + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) +curl_add_if("NTLM" CURL_ENABLE_NTLM AND + (_use_curl_ntlm_core OR USE_WINDOWS_SSPI)) +curl_add_if("TLS-SRP" USE_TLS_SRP) +curl_add_if("HTTP2" USE_NGHTTP2) +curl_add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE) +curl_add_if("MultiSSL" CURL_WITH_MULTI_SSL) +curl_add_if("HTTPS-proxy" NOT CURL_DISABLE_PROXY AND _ssl_enabled AND (USE_OPENSSL OR USE_GNUTLS + OR USE_SCHANNEL OR USE_RUSTLS OR USE_MBEDTLS OR + (USE_WOLFSSL AND HAVE_WOLFSSL_BIO_NEW))) +curl_add_if("Unicode" ENABLE_UNICODE) +curl_add_if("threadsafe" HAVE_ATOMIC OR (HAVE_THREADS_POSIX AND HAVE_PTHREAD_H) OR WIN32) +curl_add_if("Debug" ENABLE_DEBUG) +curl_add_if("ECH" _ssl_enabled AND HAVE_ECH) +curl_add_if("HTTPSRR" _ssl_enabled AND USE_HTTPSRR) +curl_add_if("PSL" USE_LIBPSL) +curl_add_if("CAcert" CURL_CA_EMBED_SET) +curl_add_if("SSLS-EXPORT" _ssl_enabled AND USE_SSLS_EXPORT) +curl_add_if("AppleSecTrust" USE_APPLE_SECTRUST AND _ssl_enabled AND (USE_OPENSSL OR USE_GNUTLS)) +curl_add_if("NativeCA" NOT USE_APPLE_SECTRUST AND _ssl_enabled AND CURL_CA_NATIVE) +if(_items) + list(SORT _items CASE INSENSITIVE) +endif() +set(CURL_SUPPORTED_FEATURES_LIST "${_items}") +string(REPLACE ";" " " SUPPORT_FEATURES "${_items}") +message(STATUS "Features: ${SUPPORT_FEATURES}") # Clear list and collect SSL backends -set(_items) -_add_if("Schannel" SSL_ENABLED AND USE_SCHANNEL) -_add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL) -_add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP) -_add_if("mbedTLS" SSL_ENABLED AND USE_MBEDTLS) -_add_if("BearSSL" SSL_ENABLED AND USE_BEARSSL) -_add_if("NSS" SSL_ENABLED AND USE_NSS) -_add_if("wolfSSL" SSL_ENABLED AND USE_WOLFSSL) +set(_items "") +curl_add_if("Schannel" _ssl_enabled AND USE_SCHANNEL) +curl_add_if("${_openssl}" _ssl_enabled AND USE_OPENSSL) +curl_add_if("mbedTLS" _ssl_enabled AND USE_MBEDTLS) +curl_add_if("wolfSSL" _ssl_enabled AND USE_WOLFSSL) +curl_add_if("GnuTLS" _ssl_enabled AND USE_GNUTLS) +curl_add_if("Rustls" _ssl_enabled AND USE_RUSTLS) + if(_items) - list(SORT _items) + list(SORT _items CASE INSENSITIVE) endif() string(REPLACE ";" " " SSL_BACKENDS "${_items}") message(STATUS "Enabled SSL backends: ${SSL_BACKENDS}") +if(CURL_DEFAULT_SSL_BACKEND) + message(STATUS "Default SSL backend: ${CURL_DEFAULT_SSL_BACKEND}") +endif() -# curl-config needs the following options to be set. -set(CC "${CMAKE_C_COMPILER}") -# TODO probably put a -D... options here? -set(CONFIGURE_OPTIONS "") -# TODO when to set "-DCURL_STATICLIB" for CPPFLAG_CURL_STATICLIB? -set(CPPFLAG_CURL_STATICLIB "") -set(CURLVERSION "${CURL_VERSION}") -set(exec_prefix "\${prefix}") -set(includedir "\${prefix}/include") -set(LDFLAGS "${CMAKE_SHARED_LINKER_FLAGS}") -set(LIBCURL_LIBS "") -set(libdir "${CMAKE_INSTALL_PREFIX}/lib") -foreach(_lib ${CMAKE_C_IMPLICIT_LINK_LIBRARIES} ${CURL_LIBS}) - if(TARGET "${_lib}") - set(_libname "${_lib}") - get_target_property(_libtype "${_libname}" TYPE) - if(_libtype STREQUAL INTERFACE_LIBRARY) - # Interface libraries can occur when an external project embeds curl and - # defined targets such as ZLIB::ZLIB by themselves. Ignore these as - # reading the LOCATION property will error out. Assume the user won't need - # this information in the .pc file. - continue() - endif() - get_target_property(_lib "${_libname}" LOCATION) - if(NOT _lib) - message(WARNING "Bad lib in library list: ${_libname}") - continue() - endif() +if(NOT CURL_DISABLE_INSTALL) + + # curl-config needs the following options to be set. + set(CC "${CMAKE_C_COMPILER}") + set(CONFIGURE_OPTIONS "") + set(CURLVERSION "${_curl_version}") + set(VERSIONNUM "${_curl_version_num}") + set(prefix "${CMAKE_INSTALL_PREFIX}") + set(exec_prefix "\${prefix}") + if(IS_ABSOLUTE ${CMAKE_INSTALL_INCLUDEDIR}) + set(includedir "${CMAKE_INSTALL_INCLUDEDIR}") + else() + set(includedir "\${prefix}/${CMAKE_INSTALL_INCLUDEDIR}") endif() - if(_lib MATCHES ".*/.*" OR _lib MATCHES "^-") - set(LIBCURL_LIBS "${LIBCURL_LIBS} ${_lib}") + if(IS_ABSOLUTE ${CMAKE_INSTALL_LIBDIR}) + set(libdir "${CMAKE_INSTALL_LIBDIR}") else() - set(LIBCURL_LIBS "${LIBCURL_LIBS} -l${_lib}") + set(libdir "\${exec_prefix}/${CMAKE_INSTALL_LIBDIR}") endif() -endforeach() -if(BUILD_SHARED_LIBS) - set(ENABLE_SHARED "yes") - set(ENABLE_STATIC "no") - set(LIBCURL_NO_SHARED "") -else() - set(ENABLE_SHARED "no") - set(ENABLE_STATIC "yes") - set(LIBCURL_NO_SHARED "${LIBCURL_LIBS}") -endif() -# "a" (Linux) or "lib" (Windows) -string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}") -set(prefix "${CMAKE_INSTALL_PREFIX}") -# Set this to "yes" to append all libraries on which -lcurl is dependent -set(REQUIRE_LIB_DEPS "no") -# SUPPORT_FEATURES -# SUPPORT_PROTOCOLS -set(VERSIONNUM "${CURL_VERSION_NUM}") - -# Finally generate a "curl-config" matching this config -# Use: -# * ENABLE_SHARED -# * ENABLE_STATIC -configure_file("${CURL_SOURCE_DIR}/curl-config.in" - "${CURL_BINARY_DIR}/curl-config" @ONLY) -install(FILES "${CURL_BINARY_DIR}/curl-config" - DESTINATION ${CMAKE_INSTALL_BINDIR} - PERMISSIONS - OWNER_READ OWNER_WRITE OWNER_EXECUTE - GROUP_READ GROUP_EXECUTE - WORLD_READ WORLD_EXECUTE) - -# Finally generate a pkg-config file matching this config -configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in" - "${CURL_BINARY_DIR}/libcurl.pc" @ONLY) -install(FILES "${CURL_BINARY_DIR}/libcurl.pc" - DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) - -# install headers -install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl" - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} - FILES_MATCHING PATTERN "*.h") + # "a" (Linux) or "lib" (Windows) + string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}") + + set(_ldflags "") + set(LIBCURL_PC_LIBS_PRIVATE "") + + # Filter CMAKE_SHARED_LINKER_FLAGS for libs and libpaths + string(STRIP "${CMAKE_SHARED_LINKER_FLAGS}" _custom_ldflags) + string(REGEX REPLACE " +-([^ \\t;]*)" ";-\\1" _custom_ldflags "${_custom_ldflags}") + + set(_custom_libs "") + set(_custom_libdirs "") + foreach(_flag IN LISTS _custom_ldflags) + if(_flag MATCHES "^-l") + string(REGEX REPLACE "^-l" "" _flag "${_flag}") + list(APPEND _custom_libs "${_flag}") + elseif(_flag MATCHES "^-framework|^-F") + list(APPEND _custom_libs "${_flag}") + elseif(_flag MATCHES "^-L") + string(REGEX REPLACE "^-L" "" _flag "${_flag}") + list(APPEND _custom_libdirs "${_flag}") + elseif(_flag MATCHES "^--library-path=") + string(REGEX REPLACE "^--library-path=" "" _flag "${_flag}") + list(APPEND _custom_libdirs "${_flag}") + endif() + endforeach() -include(CMakePackageConfigHelpers) -write_basic_package_version_file( - "${version_config}" - VERSION ${CURL_VERSION} - COMPATIBILITY SameMajorVersion -) + # Avoid getting unnecessary -L options for known system directories. + set(_sys_libdirs "${CMAKE_C_IMPLICIT_LINK_DIRECTORIES}") + foreach(_libdir IN LISTS CMAKE_SYSTEM_PREFIX_PATH) + if(_libdir MATCHES "/$") + string(APPEND _libdir "lib") + else() + string(APPEND _libdir "/lib") + endif() + if(IS_DIRECTORY "${_libdir}") + list(APPEND _sys_libdirs "${_libdir}") + endif() + if(DEFINED CMAKE_LIBRARY_ARCHITECTURE) + string(APPEND _libdir "/${CMAKE_LIBRARY_ARCHITECTURE}") + if(IS_DIRECTORY "${_libdir}") + list(APPEND _sys_libdirs "${_libdir}") + endif() + endif() + endforeach() -# Use: -# * TARGETS_EXPORT_NAME -# * PROJECT_NAME -configure_package_config_file(CMake/curl-config.cmake.in - "${project_config}" - INSTALL_DESTINATION ${CURL_INSTALL_CMAKE_DIR} -) + set(_implicit_libs "") + if(NOT MINGW AND NOT UNIX) + set(_implicit_libs "${CMAKE_C_IMPLICIT_LINK_LIBRARIES}") + endif() -if(CURL_ENABLE_EXPORT_TARGET) - install( - EXPORT "${TARGETS_EXPORT_NAME}" - NAMESPACE "${PROJECT_NAME}::" - DESTINATION ${CURL_INSTALL_CMAKE_DIR} - ) -endif() + set(_explicit_libdirs "") + set(LIBCURL_PC_REQUIRES_PRIVATE "") + set(LIBCURL_PC_LIBS_PRIVATE_LIST "") + foreach(_lib IN LISTS CURL_LIBS _custom_libs _implicit_libs) + if(TARGET "${_lib}") + set(_explicit_libs "") + get_target_property(_imported "${_lib}" IMPORTED) + if(NOT _imported) + # Reading the LOCATION property on non-imported target will error out. + # Assume the user will not need this information in the .pc file. + continue() + endif() + set(_libdirs "") + set(_libs "") + curl_collect_target_link_options("${_lib}") # look into the target recursively + list(APPEND _explicit_libdirs ${_libdirs}) + list(APPEND _explicit_libs ${_libs}) + if(NOT _libs AND NOT _libdirs) + message(WARNING "Bad lib in library list: ${_lib}") + endif() + if(_lib STREQUAL OpenSSL::SSL AND NOT HAVE_BORINGSSL) # BoringSSL does not provide openssl.pc + set(_modules "openssl") + elseif(_lib STREQUAL ZLIB::ZLIB) + set(_modules "zlib") + else() + get_target_property(_modules "${_lib}" INTERFACE_LIBCURL_PC_MODULES) + endif() + if(_modules) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "${_modules}") + endif() -install( - FILES ${version_config} ${project_config} - DESTINATION ${CURL_INSTALL_CMAKE_DIR} -) + foreach(_lib IN LISTS _explicit_libs) + if(_lib MATCHES "/") + # This gets a bit more complex, because we want to specify the + # directory separately, and only once per directory + if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.20) + cmake_path(GET _lib PARENT_PATH _libdir) + cmake_path(GET _lib STEM _libname) + else() + get_filename_component(_libdir "${_lib}" DIRECTORY) + get_filename_component(_libname "${_lib}" NAME_WE) + endif() + if(_libname MATCHES "^lib") + if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.20) + cmake_path(SET _libdir NORMALIZE "${_libdir}") + endif() + if(NOT _libdir IN_LIST _sys_libdirs) + list(APPEND _ldflags "-L${_libdir}") + endif() + string(REGEX REPLACE "^lib" "" _libname "${_libname}") + list(APPEND LIBCURL_PC_LIBS_PRIVATE "-l${_libname}") + list(APPEND LIBCURL_PC_LIBS_PRIVATE_LIST "${_lib}") + else() + list(APPEND LIBCURL_PC_LIBS_PRIVATE "${_lib}") + list(APPEND LIBCURL_PC_LIBS_PRIVATE_LIST "${_lib}") + endif() + else() + list(APPEND LIBCURL_PC_LIBS_PRIVATE "-l${_lib}") + list(APPEND LIBCURL_PC_LIBS_PRIVATE_LIST "${_lib}") + endif() + endforeach() + elseif(_lib MATCHES "^-") # '-framework ' + list(APPEND _ldflags "${_lib}") + list(APPEND LIBCURL_PC_LIBS_PRIVATE_LIST "${_lib}") + else() + list(APPEND LIBCURL_PC_LIBS_PRIVATE "-l${_lib}") + list(APPEND LIBCURL_PC_LIBS_PRIVATE_LIST "${_lib}") + endif() + endforeach() + + foreach(_libdir IN LISTS _custom_libdirs _explicit_libdirs) + if(CMAKE_VERSION VERSION_GREATER_EQUAL 3.20) + cmake_path(SET _libdir NORMALIZE "${_libdir}") + endif() + if(NOT _libdir IN_LIST _sys_libdirs) + list(APPEND _ldflags "-L${_libdir}") + endif() + endforeach() + + list(REMOVE_DUPLICATES _ldflags) -# Workaround for MSVS10 to avoid the Dialog Hell -# FIXME: This could be removed with future version of CMake. -if(MSVC_VERSION EQUAL 1600) - set(CURL_SLN_FILENAME "${CMAKE_CURRENT_BINARY_DIR}/CURL.sln") - if(EXISTS "${CURL_SLN_FILENAME}") - file(APPEND "${CURL_SLN_FILENAME}" "\n# This should be regenerated!\n") + if(LIBCURL_PC_REQUIRES_PRIVATE) + list(REMOVE_DUPLICATES LIBCURL_PC_REQUIRES_PRIVATE) + string(REPLACE ";" "," LIBCURL_PC_REQUIRES_PRIVATE "${LIBCURL_PC_REQUIRES_PRIVATE}") + endif() + if(LIBCURL_PC_LIBS_PRIVATE) + string(REPLACE ";" " " LIBCURL_PC_LIBS_PRIVATE "${LIBCURL_PC_LIBS_PRIVATE}") + endif() + if(_ldflags) + list(REMOVE_DUPLICATES _ldflags) + string(REPLACE ";" " " _ldflags "${_ldflags}") + set(LIBCURL_PC_LDFLAGS_PRIVATE "${_ldflags}") + string(STRIP "${LIBCURL_PC_LDFLAGS_PRIVATE}" LIBCURL_PC_LDFLAGS_PRIVATE) + else() + set(LIBCURL_PC_LDFLAGS_PRIVATE "") + endif() + set(LIBCURL_PC_CFLAGS_PRIVATE "-DCURL_STATICLIB") + + # Merge pkg-config private fields into public ones when static-only + if(BUILD_SHARED_LIBS) + set(ENABLE_SHARED "yes") + set(LIBCURL_PC_REQUIRES "") + set(LIBCURL_PC_LIBS "") + set(LIBCURL_PC_CFLAGS "") + else() + set(ENABLE_SHARED "no") + set(LIBCURL_PC_REQUIRES "${LIBCURL_PC_REQUIRES_PRIVATE}") + set(LIBCURL_PC_LIBS "${LIBCURL_PC_LIBS_PRIVATE}") + set(LIBCURL_PC_CFLAGS "${LIBCURL_PC_CFLAGS_PRIVATE}") + endif() + if(BUILD_STATIC_LIBS) + set(ENABLE_STATIC "yes") + else() + set(ENABLE_STATIC "no") endif() -endif() -if(NOT TARGET uninstall) + # Generate a "curl-config" matching this config. + # Consumed variables: + # CC + # CONFIGURE_OPTIONS + # CURLVERSION + # CURL_CA_BUNDLE + # ENABLE_SHARED + # ENABLE_STATIC + # exec_prefix + # includedir + # LIBCURL_PC_CFLAGS + # LIBCURL_PC_LDFLAGS_PRIVATE + # LIBCURL_PC_LIBS_PRIVATE + # libdir + # libext + # prefix + # SSL_BACKENDS + # SUPPORT_FEATURES + # SUPPORT_PROTOCOLS + # VERSIONNUM configure_file( - ${CMAKE_CURRENT_SOURCE_DIR}/CMake/cmake_uninstall.cmake.in - ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake - IMMEDIATE @ONLY) + "${PROJECT_SOURCE_DIR}/curl-config.in" + "${PROJECT_BINARY_DIR}/curl-config" @ONLY) + install(FILES "${PROJECT_BINARY_DIR}/curl-config" + DESTINATION ${CMAKE_INSTALL_BINDIR} + PERMISSIONS + OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE + WORLD_READ WORLD_EXECUTE) + + # Generate a pkg-config file matching this config. + # Consumed variables: + # CURLVERSION + # exec_prefix + # includedir + # LIBCURL_PC_CFLAGS + # LIBCURL_PC_CFLAGS_PRIVATE + # LIBCURL_PC_LDFLAGS_PRIVATE + # LIBCURL_PC_LIBS + # LIBCURL_PC_LIBS_PRIVATE + # LIBCURL_PC_REQUIRES + # LIBCURL_PC_REQUIRES_PRIVATE + # libdir + # prefix + # SUPPORT_FEATURES + # SUPPORT_PROTOCOLS + # Documentation: + # https://people.freedesktop.org/~dbn/pkg-config-guide.html + # https://manpages.debian.org/unstable/pkgconf/pkg-config.1.en.html + # https://manpages.debian.org/unstable/pkg-config/pkg-config.1.en.html + # https://www.msys2.org/docs/pkgconfig/ + configure_file( + "${PROJECT_SOURCE_DIR}/libcurl.pc.in" + "${PROJECT_BINARY_DIR}/libcurl.pc" @ONLY) + install(FILES "${PROJECT_BINARY_DIR}/libcurl.pc" + DESTINATION "${CMAKE_INSTALL_LIBDIR}/pkgconfig") + + # Install headers + install(DIRECTORY "${PROJECT_SOURCE_DIR}/include/curl" + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} + FILES_MATCHING PATTERN "*.h") + + include(CMakePackageConfigHelpers) + write_basic_package_version_file("${_version_config}" + VERSION ${_curl_version} + COMPATIBILITY SameMajorVersion) + file(READ "${_version_config}" _generated_version_config) + file(WRITE "${_version_config}" " + if(NOT PACKAGE_FIND_VERSION_RANGE AND PACKAGE_FIND_VERSION_MAJOR STREQUAL \"7\") + # Version 8 satisfies version 7... requirements + set(PACKAGE_FIND_VERSION_MAJOR 8) + set(PACKAGE_FIND_VERSION_COUNT 1) + endif() + ${_generated_version_config}") + + # Consumed custom variables: + # CMAKE_MINIMUM_REQUIRED_VERSION + # CURLVERSION + # LIBCURL_PC_LIBS_PRIVATE_LIST + # LIB_NAME + # LIB_SELECTED + # LIB_STATIC + # TARGETS_EXPORT_NAME + # CURL_SUPPORTED_FEATURES_LIST + # CURL_SUPPORTED_PROTOCOLS_LIST + # CURL_USE_CMAKECONFIG + # CURL_USE_PKGCONFIG + # HAVE_BROTLI + # HAVE_GSSAPI + # HAVE_LIBIDN2 + # HAVE_LIBZ ZLIB_VERSION_MAJOR + # HAVE_ZSTD + # USE_ARES + # USE_BACKTRACE + # USE_GNUTLS + # USE_GSASL + # USE_LIBPSL + # USE_LIBSSH + # USE_LIBSSH2 + # USE_LIBUV + # USE_MBEDTLS + # USE_NGHTTP2 + # USE_NGHTTP3 + # USE_NGTCP2 + # USE_OPENSSL OPENSSL_VERSION_MAJOR + # USE_QUICHE + # USE_RUSTLS + # USE_WIN32_LDAP CURL_DISABLE_LDAP + # USE_WOLFSSL + configure_package_config_file("CMake/curl-config.in.cmake" + "${_project_config}" + INSTALL_DESTINATION ${_install_cmake_dir} + PATH_VARS CMAKE_INSTALL_INCLUDEDIR) + + if(CURL_ENABLE_EXPORT_TARGET) + install(EXPORT "${TARGETS_EXPORT_NAME}" + NAMESPACE "${PROJECT_NAME}::" + DESTINATION ${_install_cmake_dir}) + endif() + + install( + FILES + ${_version_config} + ${_project_config} + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindBrotli.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindCares.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindGSS.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindGnuTLS.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindLDAP.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindLibbacktrace.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindLibgsasl.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindLibidn2.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindLibpsl.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindLibssh.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindLibssh2.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindLibuv.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindMbedTLS.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindNGHTTP2.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindNGHTTP3.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindNGTCP2.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindNettle.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindQuiche.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindRustls.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindWolfSSL.cmake" + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/FindZstd.cmake" + DESTINATION ${_install_cmake_dir}) + + if(NOT TARGET curl_uninstall) + configure_file( + "${CMAKE_CURRENT_SOURCE_DIR}/CMake/cmake_uninstall.in.cmake" + "${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake" + @ONLY) + + add_custom_target(curl_uninstall + COMMAND ${CMAKE_COMMAND} -P "${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake") + endif() - add_custom_target(uninstall - COMMAND ${CMAKE_COMMAND} -P - ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake) + install(FILES "${PROJECT_SOURCE_DIR}/scripts/wcurl" + DESTINATION ${CMAKE_INSTALL_BINDIR} + PERMISSIONS + OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE + WORLD_READ WORLD_EXECUTE) + + # The `-DEV` part is important + string(REGEX REPLACE "([0-9]+\.[0-9]+)\.([0-9]+.*)" "\\2" CPACK_PACKAGE_VERSION_PATCH "${_curl_version}") + set(CPACK_GENERATOR "TGZ") + include(CPack) +endif() + +# Save build info for test runner to pick up and log +set(_cmake_sysroot "") +if(CMAKE_OSX_SYSROOT) + set(_cmake_sysroot ${CMAKE_OSX_SYSROOT}) +elseif(CMAKE_SYSROOT) + set(_cmake_sysroot ${CMAKE_SYSROOT}) +endif() +set(_buildinfo "\ +buildinfo.configure.tool: cmake +buildinfo.configure.command: ${CMAKE_COMMAND} +buildinfo.configure.version: ${CMAKE_VERSION} +buildinfo.configure.args:${_cmake_args} +buildinfo.configure.generator: ${CMAKE_GENERATOR} +buildinfo.configure.make: ${CMAKE_MAKE_PROGRAM} +buildinfo.host.cpu: ${CMAKE_HOST_SYSTEM_PROCESSOR} +buildinfo.host.os: ${CMAKE_HOST_SYSTEM_NAME} +buildinfo.target.cpu: ${CMAKE_SYSTEM_PROCESSOR} +buildinfo.target.os: ${CMAKE_SYSTEM_NAME} +buildinfo.target.flags:${_target_flags} +buildinfo.compiler: ${CMAKE_C_COMPILER_ID} +buildinfo.compiler.version: ${CMAKE_C_COMPILER_VERSION} +buildinfo.sysroot: ${_cmake_sysroot} +") +file(WRITE "${PROJECT_BINARY_DIR}/buildinfo.txt" "# This is a generated file. Do not edit.\n${_buildinfo}") +if(NOT "$ENV{CURL_BUILDINFO}$ENV{CURL_CI}$ENV{CI}" STREQUAL "") + message(STATUS "\n${_buildinfo}") endif() diff --git a/COPYING b/COPYING index 48f144758ee9..2f71d999a9c8 100644 --- a/COPYING +++ b/COPYING @@ -1,6 +1,6 @@ COPYRIGHT AND PERMISSION NOTICE -Copyright (c) 1996 - 2021, Daniel Stenberg, , and many +Copyright (c) 1996 - 2026, Daniel Stenberg, , and many contributors, see the THANKS file. All rights reserved. diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000000..61b19e616b89 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,41 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +# Self-contained build environment to match the release environment. +# +# Build and set the timestamp for the date corresponding to the release +# +# docker build --build-arg SOURCE_DATE_EPOCH=1711526400 --build-arg UID=$(id -u) --build-arg GID=$(id -g) -t curl/curl . +# +# Then run commands from within the build environment, for example +# +# docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/usr/src -w /usr/src curl/curl autoreconf -fi +# docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/usr/src -w /usr/src curl/curl ./configure --without-ssl --without-libpsl +# docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/usr/src -w /usr/src curl/curl make +# docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/usr/src -w /usr/src curl/curl ./scripts/maketgz 8.7.1 +# +# or get into a shell in the build environment, for example +# +# docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/usr/src -w /usr/src curl/curl bash +# $ autoreconf -fi +# $ ./configure --without-ssl --without-libpsl +# $ make +# $ ./scripts/maketgz 8.7.1 + +# To update, get the latest digest e.g. from https://hub.docker.com/_/debian/tags +FROM debian:bookworm-slim@sha256:f06537653ac770703bc45b4b113475bd402f451e85223f0f2837acbf89ab020a + +RUN apt-get update -qq && apt-get install -qq -y --no-install-recommends \ + build-essential make autoconf automake libtool git perl zip zlib1g-dev gawk && \ + rm -rf /var/lib/apt/lists/* + +ARG UID=1000 GID=1000 + +RUN groupadd --gid $UID dev && \ + useradd --uid $UID --gid dev --shell /bin/bash --create-home dev + +USER dev:dev + +ARG SOURCE_DATE_EPOCH +ENV SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-1} diff --git a/GIT-INFO b/GIT-INFO deleted file mode 100644 index 1d08d74e8337..000000000000 --- a/GIT-INFO +++ /dev/null @@ -1,44 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -GIT-INFO - -This file is only present in git - never in release archives. It contains -information about other files and things that the git repository keeps in its -inner sanctum. - -To build in environments that support configure, after having extracted -everything from git, do this: - -autoreconf -fi -./configure -make - - Daniel uses a ./configure line similar to this for easier development: - - ./configure --disable-shared --enable-debug --enable-maintainer-mode - -In environments that don't support configure (i.e. Microsoft), do this: - -buildconf.bat - - -REQUIREMENTS - - For buildconf (not buildconf.bat) to work, you need the following software -installed: - - o autoconf 2.57 (or later) - o automake 1.7 (or later) - o libtool 1.4.2 (or later) - o GNU m4 (required by autoconf) - - o nroff + perl - - If you don't have nroff and perl and you for some reason don't want to - install them, you can rename the source file src/tool_hugehelp.c.cvs to - src/tool_hugehelp.c and avoid having to generate this file. This will - give you a stubbed version of the file that doesn't contain actual content. diff --git a/GIT-INFO.md b/GIT-INFO.md new file mode 100644 index 000000000000..ee912560fd5a --- /dev/null +++ b/GIT-INFO.md @@ -0,0 +1,33 @@ + + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +# GIT-INFO + +This file is only present in git - never in release archives. It contains +information about other files and things that the git repository keeps in its +inner sanctum. + +To build in environments that support configure, after having extracted +everything from git, do this: + + autoreconf -fi + ./configure --with-openssl + make + +Daniel uses a configure line similar to this for easier development: + + ./configure --disable-shared --enable-debug --enable-maintainer-mode + +## REQUIREMENTS + +See [docs/INTERNALS.md][0] for requirement details. + +[0]: docs/INTERNALS.md diff --git a/LICENSES/BSD-4-Clause-UC.txt b/LICENSES/BSD-4-Clause-UC.txt new file mode 100644 index 000000000000..69edbe3242cc --- /dev/null +++ b/LICENSES/BSD-4-Clause-UC.txt @@ -0,0 +1,15 @@ +BSD-4-Clause (University of California-Specific) + +Copyright [various years] The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. + +4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/LICENSES/ISC.txt b/LICENSES/ISC.txt new file mode 100644 index 000000000000..60f60bfb742d --- /dev/null +++ b/LICENSES/ISC.txt @@ -0,0 +1,12 @@ +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM +DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL +INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING +FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, +NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION +WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/LICENSES/curl.txt b/LICENSES/curl.txt new file mode 100644 index 000000000000..3c1c197423df --- /dev/null +++ b/LICENSES/curl.txt @@ -0,0 +1,22 @@ +COPYRIGHT AND PERMISSION NOTICE + +Copyright (C) Daniel Stenberg, , and many +contributors, see the THANKS file. + +All rights reserved. + +Permission to use, copy, modify, and distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright +notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN +NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE +OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of a copyright holder shall not +be used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization of the copyright holder. diff --git a/MacOSX-Framework b/MacOSX-Framework deleted file mode 100755 index fdf51d6a9334..000000000000 --- a/MacOSX-Framework +++ /dev/null @@ -1,158 +0,0 @@ -#!/bin/bash -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -# This script performs all of the steps needed to build a -# universal binary libcurl.framework for Mac OS X 10.4 or greater. -# -# Hendrik Visage: -# Generalizations added since Snowleopard (10.6) do not include -# the 10.4u SDK. -# -# Also note: -# 10.5 is the *ONLY* SDK that support PPC64 :( -- 10.6 do not have ppc64 support -#If you need to have PPC64 support then change below to 1 -PPC64_NEEDED=0 -# Apple does not support building for PPC anymore in Xcode 4 and later. -# If you're using Xcode 3 or earlier and need PPC support, then change -# the setting below to 1 -PPC_NEEDED=0 - -# For me the default is to develop for the platform I am on, and if you -#desire compatibility with older versions then change USE_OLD to 1 :) -USE_OLD=0 - -VERSION=`/usr/bin/sed -ne 's/^#define LIBCURL_VERSION "\(.*\)"/\1/p' include/curl/curlver.h` -FRAMEWORK_VERSION=Versions/Release-$VERSION - -#I also wanted to "copy over" the system, and thus the reason I added the -# version to Versions/Release-7.20.1 etc. -# now a simple rsync -vaP libcurl.framework /Library/Frameworks will install it -# and setup the right paths to this version, leaving the system version -# "intact", so you can "fix" it later with the links to Versions/A/... - -DEVELOPER_PATH=`xcode-select --print-path` -# Around Xcode 4.3, SDKs were moved from the Developer folder into the -# MacOSX.platform folder -if test -d "$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs"; then - SDK_PATH="$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs" -else - SDK_PATH="$DEVELOPER_PATH/SDKs"; -fi -OLD_SDK=`ls $SDK_PATH|head -1` -NEW_SDK=`ls -r $SDK_PATH|head -1` - -if test "0"$USE_OLD -gt 0 -then - SDK32=$OLD_SDK -else - SDK32=$NEW_SDK -fi - -MACVER=`echo $SDK32|sed -e s/[a-zA-Z]//g -e s/.\$//` - -SDK32_DIR=$SDK_PATH/$SDK32 -MINVER32='-mmacosx-version-min='$MACVER -if test $PPC_NEEDED -gt 0; then - ARCHES32='-arch i386 -arch ppc' -else - ARCHES32='-arch i386' -fi - -if test $PPC64_NEEDED -gt 0 -then - SDK64=10.5 - ARCHES64='-arch x86_64 -arch ppc64' - SDK64=`ls $SDK_PATH|grep 10.5|head -1` -else - ARCHES64='-arch x86_64' - #We "know" that 10.4 and earlier do not support 64bit - OLD_SDK64=`ls $SDK_PATH|egrep -v "10.[0-4]"|head -1` - NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4][^0-9]" | head -1` - if test $USE_OLD -gt 0 - then - SDK64=$OLD_SDK64 - else - SDK64=$NEW_SDK64 - fi -fi - -SDK64_DIR=$SDK_PATH/$SDK64 -MACVER64=`echo $SDK64|sed -e s/[a-zA-Z]//g -e s/.\$//` - -MINVER64='-mmacosx-version-min='$MACVER64 - -if test ! -z $SDK32; then - echo "----Configuring libcurl for 32 bit universal framework..." - make clean - ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \ - CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32" \ - LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 -Wl,-headerpad_max_install_names" \ - CC=$CC - - echo "----Building 32 bit libcurl..." - make -j `sysctl -n hw.logicalcpu_max` - - echo "----Creating 32 bit framework..." - rm -r libcurl.framework - mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources - cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl - install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl - /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist - mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl - cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl - pushd libcurl.framework - ln -fs ${FRAMEWORK_VERSION}/libcurl libcurl - ln -fs ${FRAMEWORK_VERSION}/Resources Resources - ln -fs ${FRAMEWORK_VERSION}/Headers Headers - cd Versions - ln -fs $(basename "${FRAMEWORK_VERSION}") Current - - echo Testing for SDK64 - if test -d $SDK64_DIR; then - echo entering... - popd - make clean - echo "----Configuring libcurl for 64 bit universal framework..." - ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \ - CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64" \ - LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 -Wl,-headerpad_max_install_names" \ - CC=$CC - - echo "----Building 64 bit libcurl..." - make -j `sysctl -n hw.logicalcpu_max` - - echo "----Appending 64 bit framework to 32 bit framework..." - cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 - pwd - lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl - rm libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - fi - - pwd - lipo -info libcurl.framework/${FRAMEWORK_VERSION}/libcurl - echo "libcurl.framework is built and can now be included in other projects." - echo "Copy libcurl.framework to your bundle's Contents/Frameworks folder, ~/Library/Frameworks or /Library/Frameworks." -else - echo "Building libcurl.framework requires Mac OS X 10.4 or later with the MacOSX10.4/5/6 SDK installed." -fi diff --git a/Makefile.am b/Makefile.am index 16adc983391c..83fdadf035fe 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,215 +18,87 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### AUTOMAKE_OPTIONS = foreign ACLOCAL_AMFLAGS = -I m4 -CMAKE_DIST = \ - CMake/cmake_uninstall.cmake.in \ - CMake/CMakeConfigurableFile.in \ - CMake/curl-config.cmake.in \ - CMake/CurlSymbolHiding.cmake \ - CMake/CurlTests.c \ - CMake/FindBearSSL.cmake \ - CMake/FindBrotli.cmake \ - CMake/FindCARES.cmake \ - CMake/FindGSS.cmake \ - CMake/FindLibSSH2.cmake \ - CMake/FindMbedTLS.cmake \ - CMake/FindNGHTTP2.cmake \ - CMake/FindNGHTTP3.cmake \ - CMake/FindNGTCP2.cmake \ - CMake/FindNSS.cmake \ - CMake/FindQUICHE.cmake \ - CMake/FindWolfSSL.cmake \ - CMake/FindZstd.cmake \ - CMake/Macros.cmake \ - CMake/OtherTests.cmake \ - CMake/Platforms/WindowsCache.cmake \ - CMake/Utilities.cmake \ - CMakeLists.txt - -VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl -VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist -VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc -VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl -VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist -VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc - -VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl -VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist -VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc -VC7_SRCTMPL = projects/Windows/VC7/src/curl.tmpl -VC7_SRCVCPROJ = projects/Windows/VC7/src/curl.vcproj.dist -VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc - -VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl -VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist -VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc -VC71_SRCTMPL = projects/Windows/VC7.1/src/curl.tmpl -VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curl.vcproj.dist -VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc - -VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl -VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist -VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc -VC8_SRCTMPL = projects/Windows/VC8/src/curl.tmpl -VC8_SRCVCPROJ = projects/Windows/VC8/src/curl.vcproj.dist -VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc - -VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl -VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist -VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc -VC9_SRCTMPL = projects/Windows/VC9/src/curl.tmpl -VC9_SRCVCPROJ = projects/Windows/VC9/src/curl.vcproj.dist -VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc - -VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl -VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist -VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc -VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl -VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist -VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc - -VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl -VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist -VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc -VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl -VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist -VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc - -VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl -VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist -VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc -VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl -VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist -VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc - -VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl -VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist -VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc -VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl -VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist -VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc - -VC15_LIBTMPL = projects/Windows/VC15/lib/libcurl.tmpl -VC15_LIBVCXPROJ = projects/Windows/VC15/lib/libcurl.vcxproj.dist -VC15_LIBVCXPROJ_DEPS = $(VC15_LIBTMPL) Makefile.am lib/Makefile.inc -VC15_SRCTMPL = projects/Windows/VC15/src/curl.tmpl -VC15_SRCVCXPROJ = projects/Windows/VC15/src/curl.vcxproj.dist -VC15_SRCVCXPROJ_DEPS = $(VC15_SRCTMPL) Makefile.am src/Makefile.inc - -VC_DIST = projects/README \ - projects/build-openssl.bat \ - projects/build-wolfssl.bat \ - projects/checksrc.bat \ - projects/Windows/VC6/curl-all.dsw \ - projects/Windows/VC6/lib/libcurl.dsw \ - projects/Windows/VC6/src/curl.dsw \ - projects/Windows/VC7/curl-all.sln \ - projects/Windows/VC7/lib/libcurl.sln \ - projects/Windows/VC7/src/curl.sln \ - projects/Windows/VC7.1/curl-all.sln \ - projects/Windows/VC7.1/lib/libcurl.sln \ - projects/Windows/VC7.1/src/curl.sln \ - projects/Windows/VC8/curl-all.sln \ - projects/Windows/VC8/lib/libcurl.sln \ - projects/Windows/VC8/src/curl.sln \ - projects/Windows/VC9/curl-all.sln \ - projects/Windows/VC9/lib/libcurl.sln \ - projects/Windows/VC9/src/curl.sln \ - projects/Windows/VC10/curl-all.sln \ - projects/Windows/VC10/lib/libcurl.sln \ - projects/Windows/VC10/lib/libcurl.vcxproj.filters \ - projects/Windows/VC10/src/curl.sln \ - projects/Windows/VC10/src/curl.vcxproj.filters \ - projects/Windows/VC11/curl-all.sln \ - projects/Windows/VC11/lib/libcurl.sln \ - projects/Windows/VC11/lib/libcurl.vcxproj.filters \ - projects/Windows/VC11/src/curl.sln \ - projects/Windows/VC11/src/curl.vcxproj.filters \ - projects/Windows/VC12/curl-all.sln \ - projects/Windows/VC12/lib/libcurl.sln \ - projects/Windows/VC12/lib/libcurl.vcxproj.filters \ - projects/Windows/VC12/src/curl.sln \ - projects/Windows/VC12/src/curl.vcxproj.filters \ - projects/Windows/VC14/curl-all.sln \ - projects/Windows/VC14/lib/libcurl.sln \ - projects/Windows/VC14/lib/libcurl.vcxproj.filters \ - projects/Windows/VC14/src/curl.sln \ - projects/Windows/VC14/src/curl.vcxproj.filters \ - projects/Windows/VC15/curl-all.sln \ - projects/Windows/VC15/lib/libcurl.sln \ - projects/Windows/VC15/lib/libcurl.vcxproj.filters \ - projects/Windows/VC15/src/curl.sln \ - projects/Windows/VC15/src/curl.vcxproj.filters \ - projects/generate.bat \ - projects/wolfssl_options.h \ - projects/wolfssl_override.props - -WINBUILD_DIST = winbuild/README.md winbuild/gen_resp_file.bat \ - winbuild/MakefileBuild.vc winbuild/Makefile.vc - -PLAN9_DIST = plan9/include/mkfile \ - plan9/include/mkfile \ - plan9/mkfile.proto \ - plan9/mkfile \ - plan9/README \ - plan9/lib/mkfile.inc \ - plan9/lib/mkfile \ - plan9/src/mkfile.inc \ - plan9/src/mkfile - -EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ - RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework \ - scripts/updatemanpages.pl $(CMAKE_DIST) \ - $(VC_DIST) $(WINBUILD_DIST) $(PLAN9_DIST) \ - lib/libcurl.vers.in buildconf.bat scripts/coverage.sh scripts/completion.pl - -CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ - $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ) \ - $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) \ - $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) \ - $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) $(VC15_LIBVCXPROJ) $(VC15_SRCVCXPROJ) +CMAKE_DIST = \ + CMake/cmake_uninstall.in.cmake \ + CMake/curl-config.in.cmake \ + CMake/CurlSymbolHiding.cmake \ + CMake/CurlTests.c \ + CMake/FindBrotli.cmake \ + CMake/FindCares.cmake \ + CMake/FindGnuTLS.cmake \ + CMake/FindGSS.cmake \ + CMake/FindLDAP.cmake \ + CMake/FindLibbacktrace.cmake \ + CMake/FindLibgsasl.cmake \ + CMake/FindLibidn2.cmake \ + CMake/FindLibpsl.cmake \ + CMake/FindLibssh.cmake \ + CMake/FindLibssh2.cmake \ + CMake/FindLibuv.cmake \ + CMake/FindMbedTLS.cmake \ + CMake/FindNGHTTP2.cmake \ + CMake/FindNGHTTP3.cmake \ + CMake/FindNGTCP2.cmake \ + CMake/FindNettle.cmake \ + CMake/FindQuiche.cmake \ + CMake/FindRustls.cmake \ + CMake/FindWolfSSL.cmake \ + CMake/FindZstd.cmake \ + CMake/Macros.cmake \ + CMake/OtherTests.cmake \ + CMake/PickyWarnings.cmake \ + CMake/Utilities.cmake \ + CMake/unix-cache.cmake \ + CMake/win32-cache.cmake \ + CMakeLists.txt \ + tests/cmake/CMakeLists.txt \ + tests/cmake/test.c \ + tests/cmake/test.cpp \ + tests/cmake/test.sh + +EXTRA_DIST = CHANGES.md COPYING RELEASE-NOTES Dockerfile .clang-tidy.yml .editorconfig $(CMAKE_DIST) + +DISTCLEANFILES = buildinfo.txt bin_SCRIPTS = curl-config -SUBDIRS = lib src -DIST_SUBDIRS = $(SUBDIRS) tests packages scripts include docs +SUBDIRS = lib docs src scripts +DIST_SUBDIRS = $(SUBDIRS) tests projects include docs pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libcurl.pc -# List of files required to generate VC IDE .dsp, .vcproj and .vcxproj files -include lib/Makefile.inc -include src/Makefile.inc - dist-hook: rm -rf $(top_builddir)/tests/log - find $(distdir) -name "*.dist" -exec rm {} \; - (distit=`find $(srcdir) -name "*.dist" | grep -v ./ares/`; \ + find $(distdir) -name "*.dist" -exec rm -- {} \; + (distit=`find $(srcdir) -name "*.dist" | grep -v Makefile`; \ for file in $$distit; do \ strip=`echo $$file | sed -e s/^$(srcdir)// -e s/\.dist//`; \ cp -p $$file $(distdir)$$strip; \ done) -html: - cd docs && $(MAKE) html - -pdf: - cd docs && $(MAKE) pdf - check: test examples check-docs if CROSSCOMPILING test-full: test +test-nonflaky: test test-torture: test +test-event: test +test-am: test +test-ci: test +pytest: test +pytest-ci: test test: - @echo "NOTICE: we can't run the tests when cross-compiling!" + @echo "NOTICE: we cannot run the tests when cross-compiling!" else @@ -248,6 +120,15 @@ test-event: test-am: @(cd tests; $(MAKE) all am-test) +test-ci: + @(cd tests; $(MAKE) all ci-test) + +pytest: + @(cd tests; $(MAKE) all default-pytest) + +pytest-ci: + @(cd tests; $(MAKE) all ci-pytest) + endif examples: @@ -256,58 +137,17 @@ examples: check-docs: @(cd docs/libcurl; $(MAKE) check) -# Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros -# must contain the following line: -# %_topdir /home/loic/local/rpm -# and that /home/loic/local/rpm contains the directory SOURCES, BUILD etc. -# -# cd /home/loic/local/rpm ; mkdir -p SOURCES BUILD RPMS/i386 SPECS SRPMS -# -# If additional configure flags are needed to build the package, add the -# following in ~/.rpmmacros -# %configure CFLAGS="%{optflags}" ./configure %{_target_platform} --prefix=%{_prefix} ${AM_CONFIGFLAGS} -# and run make rpm in the following way: -# AM_CONFIGFLAGS='--with-uri=/home/users/loic/local/RedHat-6.2' make rpm -# - -rpms: - $(MAKE) RPMDIST=curl rpm - $(MAKE) RPMDIST=curl-ssl rpm - -rpm: - RPM_TOPDIR=`rpm --showrc | $(PERL) -n -e 'print if(s/.*_topdir\s+(.*)/$$1/)'` ; \ - cp $(srcdir)/packages/Linux/RPM/$(RPMDIST).spec $$RPM_TOPDIR/SPECS ; \ - cp $(PACKAGE)-$(VERSION).tar.gz $$RPM_TOPDIR/SOURCES ; \ - rpm -ba --clean --rmsource $$RPM_TOPDIR/SPECS/$(RPMDIST).spec ; \ - mv $$RPM_TOPDIR/RPMS/i386/$(RPMDIST)-*.rpm . ; \ - mv $$RPM_TOPDIR/SRPMS/$(RPMDIST)-*.src.rpm . - -# -# Build a Solaris pkgadd format file -# run 'make pkgadd' once you've done './configure' and 'make' to make a Solaris pkgadd format -# file (which ends up back in this directory). -# The pkgadd file is in 'pkgtrans' format, so to install on Solaris, do -# pkgadd -d ./HAXXcurl-* -# - -# gak - libtool requires an absolute directory, hence the pwd below... -pkgadd: - umask 022 ; \ - $(MAKE) install DESTDIR=`/bin/pwd`/packages/Solaris/root ; \ - cat COPYING > $(srcdir)/packages/Solaris/copyright ; \ - cd $(srcdir)/packages/Solaris && $(MAKE) package - -# -# Build a cygwin binary tarball installation file -# resulting .tar.bz2 file will end up at packages/Win32/cygwin -cygwinbin: - $(MAKE) -C packages/Win32/cygwin cygwinbin - # We extend the standard install with a custom hook: +if BUILD_DOCS install-data-hook: (cd include && $(MAKE) install) (cd docs && $(MAKE) install) (cd docs/libcurl && $(MAKE) install) +else +install-data-hook: + (cd include && $(MAKE) install) + (cd docs && $(MAKE) install) +endif # We extend the standard uninstall with a custom hook: uninstall-hook: @@ -315,13 +155,13 @@ uninstall-hook: (cd docs && $(MAKE) uninstall) (cd docs/libcurl && $(MAKE) uninstall) -ca-bundle: lib/mk-ca-bundle.pl +ca-bundle: $(srcdir)/scripts/mk-ca-bundle.pl @echo "generating a fresh ca-bundle.crt" - @perl $< -b -l -u lib/ca-bundle.crt + @perl $(srcdir)/scripts/mk-ca-bundle.pl -b -l -u lib/ca-bundle.crt -ca-firefox: lib/firefox-db2pem.sh +ca-firefox: $(srcdir)/scripts/firefox-db2pem.sh @echo "generating a fresh ca-bundle.crt" - ./lib/firefox-db2pem.sh lib/ca-bundle.crt + $(srcdir)/scripts/firefox-db2pem.sh lib/ca-bundle.crt checksrc: (cd lib && $(MAKE) checksrc) @@ -329,417 +169,17 @@ checksrc: (cd tests && $(MAKE) checksrc) (cd include/curl && $(MAKE) checksrc) (cd docs/examples && $(MAKE) checksrc) - (cd packages && $(MAKE) checksrc) - -.PHONY: vc-ide - -vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ - $(VC7_SRCVCPROJ_DEPS) $(VC71_LIBVCPROJ_DEPS) $(VC71_SRCVCPROJ_DEPS) \ - $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS) \ - $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS) \ - $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS) \ - $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) \ - $(VC15_LIBVCXPROJ_DEPS) $(VC15_SRCVCXPROJ_DEPS) - @(win32_lib_srcs='$(LIB_CFILES)'; \ - win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ - win32_lib_rc='$(LIB_RCFILES)'; \ - win32_lib_vauth_srcs='$(LIB_VAUTH_CFILES)'; \ - win32_lib_vauth_hdrs='$(LIB_VAUTH_HFILES)'; \ - win32_lib_vquic_srcs='$(LIB_VQUIC_CFILES)'; \ - win32_lib_vquic_hdrs='$(LIB_VQUIC_HFILES)'; \ - win32_lib_vssh_srcs='$(LIB_VSSH_CFILES)'; \ - win32_lib_vssh_hdrs='$(LIB_VSSH_HFILES)'; \ - win32_lib_vtls_srcs='$(LIB_VTLS_CFILES)'; \ - win32_lib_vtls_hdrs='$(LIB_VTLS_HFILES)'; \ - win32_src_srcs='$(CURL_CFILES)'; \ - win32_src_hdrs='$(CURL_HFILES)'; \ - win32_src_rc='$(CURL_RCFILES)'; \ - win32_src_x_srcs='$(CURLX_CFILES)'; \ - win32_src_x_hdrs='$(CURLX_HFILES) ../lib/config-win32.h'; \ - \ - sorted_lib_srcs=`for file in $$win32_lib_srcs; do echo $$file; done | sort`; \ - sorted_lib_hdrs=`for file in $$win32_lib_hdrs; do echo $$file; done | sort`; \ - sorted_lib_vauth_srcs=`for file in $$win32_lib_vauth_srcs; do echo $$file; done | sort`; \ - sorted_lib_vauth_hdrs=`for file in $$win32_lib_vauth_hdrs; do echo $$file; done | sort`; \ - sorted_lib_vquic_srcs=`for file in $$win32_lib_vquic_srcs; do echo $$file; done | sort`; \ - sorted_lib_vquic_hdrs=`for file in $$win32_lib_vquic_hdrs; do echo $$file; done | sort`; \ - sorted_lib_vssh_srcs=`for file in $$win32_lib_vssh_srcs; do echo $$file; done | sort`; \ - sorted_lib_vssh_hdrs=`for file in $$win32_lib_vssh_hdrs; do echo $$file; done | sort`; \ - sorted_lib_vtls_srcs=`for file in $$win32_lib_vtls_srcs; do echo $$file; done | sort`; \ - sorted_lib_vtls_hdrs=`for file in $$win32_lib_vtls_hdrs; do echo $$file; done | sort`; \ - sorted_src_srcs=`for file in $$win32_src_srcs; do echo $$file; done | sort`; \ - sorted_src_hdrs=`for file in $$win32_src_hdrs; do echo $$file; done | sort`; \ - sorted_src_x_srcs=`for file in $$win32_src_x_srcs; do echo $$file; done | sort`; \ - sorted_src_x_hdrs=`for file in $$win32_src_x_hdrs; do echo $$file; done | sort`; \ - \ - awk_code='\ -function gen_element(type, dir, file)\ -{\ - sub(/vauth\//, "", file);\ - sub(/vquic\//, "", file);\ - sub(/vssh\//, "", file);\ - sub(/vtls\//, "", file);\ -\ - spaces=" ";\ - if(dir == "lib\\vauth" ||\ - dir == "lib\\vquic" ||\ - dir == "lib\\vssh" ||\ - dir == "lib\\vtls")\ - tabs=" ";\ - else\ - tabs=" ";\ -\ - if(type == "dsp") {\ - printf("# Begin Source File\r\n");\ - printf("\r\n");\ - printf("SOURCE=..\\..\\..\\..\\%s\\%s\r\n", dir, file);\ - printf("# End Source File\r\n");\ - }\ - else if(type == "vcproj1") {\ - printf("%s\r\n",\ - tabs, dir, file);\ - printf("%s\r\n", tabs);\ - }\ - else if(type == "vcproj2") {\ - printf("%s\r\n", tabs);\ - printf("%s\r\n", tabs);\ - }\ - else if(type == "vcxproj") {\ - i = index(file, ".");\ - ext = substr(file, i == 0 ? 0 : i + 1);\ -\ - if(ext == "c")\ - printf("%s\r\n",\ - spaces, dir, file);\ - else if(ext == "h")\ - printf("%s\r\n",\ - spaces, dir, file);\ - else if(ext == "rc")\ - printf("%s\r\n",\ - spaces, dir, file);\ - }\ -}\ -\ -{\ -\ - if($$0 == "CURL_LIB_C_FILES") {\ - split(lib_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_H_FILES") {\ - split(lib_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_RC_FILES") {\ - split(lib_rc, arr);\ - for(val in arr) gen_element(proj_type, "lib", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VAUTH_C_FILES") {\ - split(lib_vauth_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VAUTH_H_FILES") {\ - split(lib_vauth_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VQUIC_C_FILES") {\ - split(lib_vquic_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vquic", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VQUIC_H_FILES") {\ - split(lib_vquic_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vquic", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VSSH_C_FILES") {\ - split(lib_vssh_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vssh", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VSSH_H_FILES") {\ - split(lib_vssh_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vssh", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VTLS_C_FILES") {\ - split(lib_vtls_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VTLS_H_FILES") {\ - split(lib_vtls_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\ - }\ - else if($$0 == "CURL_SRC_C_FILES") {\ - split(src_srcs, arr);\ - for(val in arr) gen_element(proj_type, "src", arr[val]);\ - }\ - else if($$0 == "CURL_SRC_H_FILES") {\ - split(src_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "src", arr[val]);\ - }\ - else if($$0 == "CURL_SRC_RC_FILES") {\ - split(src_rc, arr);\ - for(val in arr) gen_element(proj_type, "src", arr[val]);\ - }\ - else if($$0 == "CURL_SRC_X_C_FILES") {\ - split(src_x_srcs, arr);\ - for(val in arr) {\ - sub(/..\/lib\//, "", arr[val]);\ - gen_element(proj_type, "lib", arr[val]);\ - }\ - }\ - else if($$0 == "CURL_SRC_X_H_FILES") {\ - split(src_x_hdrs, arr);\ - for(val in arr) {\ - sub(/..\/lib\//, "", arr[val]);\ - gen_element(proj_type, "lib", arr[val]);\ - }\ - }\ - else\ - printf("%s\r\n", $$0);\ -}';\ - \ - echo "generating '$(VC6_LIBDSP)'"; \ - awk -v proj_type=dsp \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC6_LIBTMPL) > $(VC6_LIBDSP) || { exit 1; }; \ - \ - echo "generating '$(VC6_SRCDSP)'"; \ - awk -v proj_type=dsp \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC6_SRCTMPL) > $(VC6_SRCDSP) || { exit 1; }; \ - \ - echo "generating '$(VC7_LIBVCPROJ)'"; \ - awk -v proj_type=vcproj1 \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC7_LIBTMPL) > $(VC7_LIBVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC7_SRCVCPROJ)'"; \ - awk -v proj_type=vcproj1 \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC7_SRCTMPL) > $(VC7_SRCVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC71_LIBVCPROJ)'"; \ - awk -v proj_type=vcproj1 \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC71_LIBTMPL) > $(VC71_LIBVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC71_SRCVCPROJ)'"; \ - awk -v proj_type=vcproj1 \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC71_SRCTMPL) > $(VC71_SRCVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC8_LIBVCPROJ)'"; \ - awk -v proj_type=vcproj2 \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC8_LIBTMPL) > $(VC8_LIBVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC8_SRCVCPROJ)'"; \ - awk -v proj_type=vcproj2 \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC8_SRCTMPL) > $(VC8_SRCVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC9_LIBVCPROJ)'"; \ - awk -v proj_type=vcproj2 \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC9_LIBTMPL) > $(VC9_LIBVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC9_SRCVCPROJ)'"; \ - awk -v proj_type=vcproj2 \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC9_SRCTMPL) > $(VC9_SRCVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC10_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC10_LIBTMPL) > $(VC10_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC10_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC10_SRCTMPL) > $(VC10_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC11_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC11_LIBTMPL) > $(VC11_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC11_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC11_SRCTMPL) > $(VC11_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC12_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_LIBTMPL) > $(VC12_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC12_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC14_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC14_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC15_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC15_LIBTMPL) > $(VC15_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC15_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC15_SRCTMPL) > $(VC15_SRCVCXPROJ) || { exit 1; };) + (cd projects && $(MAKE) checksrc) + +badwords: + @PERL@ $(top_srcdir)/scripts/badwords-all + +lint: badwords checksrc + @PERL@ $(top_srcdir)/scripts/spacecheck.pl tidy: (cd src && $(MAKE) tidy) (cd lib && $(MAKE) tidy) + +clean-local: + (cd tests && $(MAKE) clean) diff --git a/Makefile.dist b/Makefile.dist deleted file mode 100644 index 1a531c1539e8..000000000000 --- a/Makefile.dist +++ /dev/null @@ -1,115 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### - -all: - ./configure - make - -ssl: - ./configure --with-openssl - make - -mingw32: - $(MAKE) -C lib -f Makefile.m32 - $(MAKE) -C src -f Makefile.m32 - -mingw32-clean: - $(MAKE) -C lib -f Makefile.m32 clean - $(MAKE) -C src -f Makefile.m32 clean - $(MAKE) -C docs/examples -f Makefile.m32 clean - -mingw32-vclean mingw32-distclean: - $(MAKE) -C lib -f Makefile.m32 vclean - $(MAKE) -C src -f Makefile.m32 vclean - $(MAKE) -C docs/examples -f Makefile.m32 vclean - -mingw32-examples%: - $(MAKE) -C docs/examples -f Makefile.m32 CFG=$@ - -mingw32%: - $(MAKE) -C lib -f Makefile.m32 CFG=$@ - $(MAKE) -C src -f Makefile.m32 CFG=$@ - -vc: - cd winbuild - nmake /f Makefile.vc MACHINE=x86 - -vc-x64: - cd winbuild - nmake /f Makefile.vc MACHINE=x64 - -djgpp: - $(MAKE) -C lib -f Makefile.dj - $(MAKE) -C src -f Makefile.dj - -cygwin: - ./configure - make - -cygwin-ssl: - ./configure --with-openssl - make - -amiga: - cd ./lib && make -f makefile.amiga - cd ./src && make -f makefile.amiga - -netware: - $(MAKE) -C lib -f Makefile.netware - $(MAKE) -C src -f Makefile.netware - -netware-clean: - $(MAKE) -C lib -f Makefile.netware clean - $(MAKE) -C src -f Makefile.netware clean - $(MAKE) -C docs/examples -f Makefile.netware clean - -netware-vclean netware-distclean: - $(MAKE) -C lib -f Makefile.netware vclean - $(MAKE) -C src -f Makefile.netware vclean - $(MAKE) -C docs/examples -f Makefile.netware vclean - -netware-install: - $(MAKE) -C lib -f Makefile.netware install - $(MAKE) -C src -f Makefile.netware install - -netware-examples-%: - $(MAKE) -C docs/examples -f Makefile.netware CFG=$@ - -netware-%: - $(MAKE) -C lib -f Makefile.netware CFG=$@ - $(MAKE) -C src -f Makefile.netware CFG=$@ - -unix: all - -unix-ssl: ssl - -linux: all - -linux-ssl: ssl - -ca-bundle: lib/mk-ca-bundle.pl - @echo "generate a fresh ca-bundle.crt" - @perl $< -b -l -u lib/ca-bundle.crt - -ca-firefox: lib/firefox-db2pem.sh - @echo "generate a fresh ca-bundle.crt" - ./lib/firefox-db2pem.sh lib/ca-bundle.crt diff --git a/README b/README index b690816e1fc4..4ee7e43a2c84 100644 --- a/README +++ b/README @@ -13,9 +13,10 @@ README libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl.3 man page to - learn how! + learn how. - You find answers to the most frequent questions we get in the FAQ document. + You find answers to the most frequent questions we get in the FAQ.md + document. Study the COPYING file for distribution terms. @@ -32,24 +33,18 @@ WEBSITE Visit the curl website for the latest news and downloads: - https://curl.se/ + https://curl.se/ GIT - To download the very latest source off the GIT server do this: + To download the latest source code off the GIT server, do this: - git clone https://github.com/curl/curl.git + git clone https://github.com/curl/curl - (you'll get a directory named curl created, filled with the source code) + (you will get a directory named curl created, filled with the source code) SECURITY PROBLEMS - Report suspected security problems via our HackerOne page and not in public! - - https://hackerone.com/curl - -NOTICE + Report suspected security problems privately and not in public. - Curl contains pieces of source code that is Copyright (c) 1998, 1999 - Kungliga Tekniska Högskolan. This notice is included here to comply with the - distribution terms. + https://curl.se/dev/vuln-disclosure.html diff --git a/README.md b/README.md index 0ba5b781eb3e..9f77de607be2 100644 --- a/README.md +++ b/README.md @@ -1,36 +1,38 @@ -![curl logo](https://curl.se/logo/curl-logo.svg) - -[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/63/badge)](https://bestpractices.coreinfrastructure.org/projects/63) -[![Coverity passed](https://scan.coverity.com/projects/curl/badge.svg)](https://scan.coverity.com/projects/curl) -[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/l1vv31029huhf4g4?svg=true)](https://ci.appveyor.com/project/curlorg/curl) -[![Azure DevOps Build Status](https://dev.azure.com/daniel0244/curl/_apis/build/status/curl.curl?branchName=master)](https://dev.azure.com/daniel0244/curl/_build/latest?definitionId=1&branchName=master) -[![Cirrus Build Status](https://api.cirrus-ci.com/github/curl/curl.svg?branch=master)](https://cirrus-ci.com/github/curl/curl) -[![Backers on Open Collective](https://opencollective.com/curl/backers/badge.svg)](#backers) -[![Sponsors on Open Collective](https://opencollective.com/curl/sponsors/badge.svg)](#sponsors) -[![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/curl/curl.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/curl/curl/context:cpp) -[![Codacy Badge](https://api.codacy.com/project/badge/Grade/d11483a0cc5c4ebd9da4ff9f7cd56690)](https://app.codacy.com/app/curl/curl) -[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/curl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:curl) - -Curl is a command-line tool for transferring data specified with URL -syntax. Find out how to use curl by reading [the curl.1 man -page](https://curl.se/docs/manpage.html) or [the MANUAL -document](https://curl.se/docs/manual.html). Find out how to install Curl -by reading [the INSTALL document](https://curl.se/docs/install.html). + + +# [![curl logo](https://curl.se/logo/curl-logo.svg)](https://curl.se/) + +curl is a command-line tool for transferring data from or to a server using +URLs. It supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, +HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, RTSP, SCP, +SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. + +Learn how to use curl by reading [the +man page](https://curl.se/docs/manpage.html) or [everything +curl](https://everything.curl.dev/). + +Find out how to install curl by reading [the INSTALL +document](https://curl.se/docs/install.html). libcurl is the library curl is using to do its job. It is readily available to -be used by your software. Read [the libcurl.3 man -page](https://curl.se/libcurl/c/libcurl.html) to learn how! +be used by your software. Read [the libcurl +man page](https://curl.se/libcurl/c/libcurl.html) to learn how. -You can find answers to the most frequent questions we get in [the FAQ -document](https://curl.se/docs/faq.html). +## Open Source -Study [the COPYING file](https://curl.se/docs/copyright.html) for -distribution terms. +curl is Open Source and is distributed under an MIT-like +[license](https://curl.se/docs/copyright.html). ## Contact -If you have problems, questions, ideas or suggestions, please contact us by -posting to a suitable [mailing list](https://curl.se/mail/). +Contact us on a suitable [mailing list](https://curl.se/mail/) or +use GitHub [issues](https://github.com/curl/curl/issues)/ +[pull requests](https://github.com/curl/curl/pulls)/ +[discussions](https://github.com/curl/curl/discussions). All contributors to the project are listed in [the THANKS document](https://curl.se/docs/thanks.html). @@ -38,51 +40,27 @@ document](https://curl.se/docs/thanks.html). ## Commercial support For commercial support, maybe private and dedicated help with your problems or -applications using (lib)curl: https://curl.se/support.html +applications using (lib)curl visit [the support page](https://curl.se/support.html). ## Website -Visit the [curl website](https://curl.se/) for the latest news and -downloads. +Visit the [curl website](https://curl.se/) for the latest news and downloads. -## Git +## Source code -To download the very latest source from the Git server do this: +Download the latest source from the Git server: - git clone https://github.com/curl/curl.git - -(you'll get a directory named curl created, filled with the source code) + git clone https://github.com/curl/curl ## Security problems -Report suspected security problems via [our HackerOne -page](https://hackerone.com/curl) and not in public! - -## Notice - -Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga -Tekniska Högskolan. This notice is included here to comply with the -distribution terms. +Report suspected security problems +[privately](https://curl.se/dev/vuln-disclosure.html) and not in public. ## Backers -Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/curl#backer)] - - +Thank you to all our backers :pray: [Become a backer](https://opencollective.com/curl#section-contribute). ## Sponsors -Support this project by becoming a sponsor. Your logo will show up here with a -link to your website. [[Become a -sponsor](https://opencollective.com/curl#sponsor)] - - - - - - - - - - - +Support this project by becoming a [sponsor](https://curl.se/sponsors.html). diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 459707f0c45c..e6b6a6bed254 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,337 +1,223 @@ -curl and libcurl 7.78.0 +curl and libcurl 8.20.0 - Public curl releases: 201 - Command line options: 242 - curl_easy_setopt() options: 290 - Public functions in libcurl: 85 - Contributors: 2446 + Public curl releases: 274 + Command line options: 273 + curl_easy_setopt() options: 308 + Public functions in libcurl: 100 + Authors: 1457 + Contributors: 3634 This release includes the following changes: - o curl_url_set: reject spaces in URLs w/o CURLU_ALLOW_SPACE [118] - o CURLE_SETOPT_OPTION_SYNTAX: new error name for wrong setopt syntax [40] - o hostip: make 'localhost' return fixed values [16] - o mbedtls: add support for cert and key blob options [11] - o metalink: remove [54] - o mqtt: add support for username and password [91] This release includes the following bugfixes: - o --socks4[a]: clarify where the host name is resolved [107] - o ares: always store IPv6 addresses first [20] - o asyn-ares: remove check for 'data' in Curl_resolver_cancel [89] - o bearssl: explicitly initialize all fields of Curl_ssl [1] - o bearssl: remove incorrect const on variable that is modified [1] - o c-hyper: abort CONNECT response reading early on non 2xx responses [75] - o c-hyper: add support for transfer-encoding in the request [121] - o c-hyper: bail on too long response headers [115] - o c-hyper: clear NTLM auth buffer when request is issued [23] - o c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL [21] - o c-hyper: fix NTLM on closed connection tested with test159 [4] - o c-hyper: fix the uploaded field in progress callbacks [78] - o c-hyper: handle NULL from hyper_buf_copy() [19] - o c-hyper: support CURLINFO_STARTTRANSFER_TIME [29] - o c-hyper: support CURLOPT_HEADER [32] - o ccsidcurl: fix the compile errors [27] - o CI: add bearssl build [1] - o CI: add Circle CI [92] - o CI: add jobs using Zuul [86] - o CI: delete --enable-hsts option (it is the default now) [2] - o CI: remove travis details [144] - o cmake: add CURL_DISABLE_NTLM option [44] - o cmake: avoid leaking absolute paths into exported config [3] - o cmake: fix support for UnixSockets feature on Win32 [104] - o cmake: remove libssh2 feature checks [122] - o cmake: try well-known send/recv signature for Apple [12] - o configure.ac: make non-executable [109] - o configure/cmake: remove checks for many unused functions [95] - o configure: add --disable-ntlm option [45] - o configure: disable RTSP when hyper is selected [68] - o configure: do not strip out debug flags [110] - o configure: inhibit the implicit-fallthrough warning on gcc-12 [106] - o configure: rename get-easy-option configure option to get-easy-options [81] - o conn_shutdown: if closed during CONNECT cleanup properly [59] - o conncache: lowercase the hash key for better match [5] - o cookies: track expiration in jar to optimize removals [25] - o copyright: add boiler-plate headers to CI config files [143] - o crustls: bump crustls version and use new URL [119] - o curl.h: is supported by VxWorks7 [102] - o curl.h: include sys/select.h for NuttX RTOS [100] - o curl: ignore blank --output-dir [57] - o curl_endian: remove the unused Curl_write64_le function [85] - o curl_multibyte: Remove local encoding fallbacks [58] - o Curl_ntlm_core_mk_nt_hash: fix OOM in error path [8] - o Curl_ssl_getsessionid: fail if no session cache exists [14] - o CURLOPT_WRITEFUNCTION.3: minor update of the example [80] - o docs/BINDINGS: fix outdated links [116] - o docs/INSTALL: remove mentions of configure --with-darwin-ssl [55] - o docs: use --max-redirs instead of --max-redir [28] - o doh: (void)-prefix call to curl_easy_setopt - o doh: fix wrong DEBUGASSERT for doh private_data [62] - o examples: length-limit two sscanf() uses of %s [96] - o examples: safer and more proper read callback logic [127] - o filecheck: quietly remove test-place/*~ [39] - o formdata: avoid "Argument cannot be negative" warning [131] - o formdata: correct typecast in curl_mime_data call [137] - o GHA: add a linux-hyper job [52] - o GHA: add several libcurl tests to the hyper job - o GHA: run the newly fixed tests with hyper [36] - o github: timeout jobs on macOS after 90 minutes [42] - o glob: pass an 'int' as len when using printf's %*s [139] - o gnutls: set the preferred TLS versions in correct order [94] - o GOVERNANCE: add 'user', 'committer' and 'contributor' [15] - o hostip: (macOS) free returned memory of SCDynamicStoreCopyProxies [105] - o hostip: bad CURLOPT_RESOLVE syntax now returns error [35] - o hsts: ignore numberical IP address hosts [17] - o HSTS: not experimental anymore - o http2: clarify 'Using HTTP2' verbose message [63] - o http2: init recvbuf struct for pushed streams [13] - o http2_connisdead: handle trailing GOAWAY better [18] - o http: fix crash in rate-limited upload [142] - o http: make the haproxy support work with unix domain sockets [99] - o http_proxy: deal with non-200 CONNECT response with Hyper [22] - o hyper: propagate errors back up from read callbacks [113] - o HYPER: remove mentions of deprecated development branch - o idn: fix libidn2 with windows unicode builds [117] - o lib: don't compare fd to FD_SETSIZE when using poll [61] - o lib: fix type of len passed to *printf's %*s [133] - o lib: more %u for port and int for %*s fixes [132] - o lib: use %u instead of %ld for port number printf [134] - o libcurl-security.3: mention file descriptors and forks [108] - o libssh2: limit time a disconnect can take to 1 second [111] - o mbedtls: make mbedtls_strerror always work [6] - o mqtt: detect illegal and too large file size [43] - o mqtt: extend the error message for no topic [136] - o multi: add scan-build-6 work-around in curl_multi_fdset [88] - o multi: alter transfer timeout ordering [97] - o multi: do not switch off connect_only flag when closing [98] - o netrc: skip 'macdef' definitions [87] - o ngtcp2: disable TLSv1.3 compatible mode when using GnuTLS [83] - o openssl: avoid static variable for seed flag [101] - o openssl: don't remove session id entry in disassociate [56] - o pinnedpubkey.d: fix formatting for version support lists [126] - o proto.d: fix formatting for paragraphs after margin changes [125] - o quiche: use send() instead of sendto() to avoid macOS issue [103] - o Revert "c-hyper: handle body on HYPER_TASK_EMPTY" [26] - o runtests: also find the last test in Makefile.inc [66] - o runtests: enable 'hyper mode' only for HTTP tests [34] - o runtests: init $VERSION to avoid warnings when using -l - o runtests: parse data/Makefile.inc instead of using make [38] - o runtests: skip disabled tests unless -f is used [82] - o rustls: remove native_roots fallback [65] - o schannel: set ALPN length correctly for HTTP/2 [24] - o setopt: fix incorrect comments [10] - o socketpair: fix potential hangs [37] - o socks4: scan for the IPv4 address in resolve results [124] - o ssl: read pending close notify alert before closing the connection [9] - o sws: malloc request struct instead of using stack [60] - o test1116: hyper doesn't pass through "surprise-trailers" [123] - o test1147: hyper doesn't allow "crazy" request headers like built-in [114] - o test1151: added missing CRLF to work with hyper [120] - o test1216: adjusted for hyper mode [73] - o test1218: adjusted for hyper mode [72] - o test1230: adjust to work in hyper mode [74] - o test1340/1341: adjusted for hyper mode [71] - o test1438/1457: add HTTP keyword to make hyper mode work [70] - o test1514: add a CRLF to the response to make it correct [130] - o test1518: adjusted to work with hyper [129] - o test1519: adjusted to work with hyper [128] - o test1594/1595/1596: fix to work in hyper mode [69] - o test269: disable for hyper [33] - o test3010: work with hyper mode [67] - o test328: avoid a header-looking body to make hyper mode work [53] - o test339: CRLFify better to work in hyper mode [51] - o test347: CRLFify to work in hyper mode [50] - o test393: make Content-Length fit within 64 bit for hyper [49] - o test394: hyper returns a different error [48] - o test395: hyper cannot work around > 64 bit content-lengths like built-in [47] - o test433: adjust for hyper mode [46] - o test434: add HTTP keyword [76] - o test500: adjust to work with hyper mode - o test566: adjust to work with hyper mode [79] - o test599: adjusted to work in hyper mode [77] - o test644: remove as duplicate of test 587 [84] - o tests: fix Accept-Encoding strips to work with Hyper builds [41] - o TLS: prevent shutdown loops to get stuck [112] - o url.c: remove two variable assigns that are never read [90] - o url: (void)-prefix a curl_url_get() call [138] - o url: bad CURLOPT_CONNECT_TO syntax now returns error [31] - o version: turn version number functions into returning void [135] - o vtls: exit addsessionid if no cache is inited [7] - o vtls: only store TIMER_APPCONNECT for non-proxy connect [93] - o vtls: use free() not curl_free() [140] - o warnless: simplify type size handling [30] - o Win32: fix build with Watt-32 - o winbuild/README: VC should be set to 6 'or larger' [64] - o zuul: use the new rustls directory name [141] + o asyn-ares: drop orphaned variable references [86] + o asyn-ares: fix HTTPS-lookup when not on port 443 [100] + o autotools: limit checksrc target to ignore non-repo test sources [12] + o badwords-all: exit with correct code on errors [50] + o badwords: combine the whitelisting into a single regex [1] + o badwords: detect the the and with with [51] + o badwords: only check comments and strings in source code [61] + o badwords: rework exceptions, fix many of them [15] + o build: compiler warning silencing tidy-ups [4] + o build: drop `openssl` module dependency for BoringSSL from `libcurl.pc` [33] + o build: enable `-Wimplicit-int-enum-cast` compiler warning, fix issues [84] + o cmake: document functions used from Windows system DLLs [103] + o cmake: resolve imported targets recursively when generating `libcurl.pc` [45] + o cmake: rework binutils ld hack to not read `LOCATION` property [41] + o configure: fix `--with-ngtcp2=` option for crypto libs [26] + o configure: fix LibreSSL ngtcp2 1.15.0+ crypto lib selection logic [3] + o configure: prefer dependency-specific variables over `$withval` [35] + o curl-wolfssl.m4: fix to use the correct value for pkg-config directory [36] + o curl_ctype.h: fix spelling in a couple of locally used macros [28] + o curl_get_line: error out on read errors [9] + o curl_get_line: fix potential infinite loop when filename is a directory [46] + o digest: pass in the user name quoted (as well) [34] + o docs/lib: fix typos [53] + o docs: enable more compiler warnings for C snippets, fix 3 finds [71] + o docs: minor wording tweaks + o doh: fix memory-leak when doing a second DoH resolve [55] + o examples/websocket: fix to sleep more on Windows [92] + o examples: drop warning silencers no longer hit [14] + o examples: fix typo in comment [75] + o file: init fd to -1 to prevent close fd 0 on early failure [40] + o ftp: do not strdup DATA hostname [29] + o ftp: reject PWD responses containing control characters [95] + o gcc: guard `#pragma diagnostic` in core code for <4.6 [94] + o generate.bat: remove extra % from VC11 and VC12 runs + o getinfo: initialize `PureInfo` field `used_proxy` [43] + o hostip: clear the sockaddr_in6 structure before use [20] + o http2: clear the h2 session at delete [99] + o HTTP3.md: drop outdated mentions of OpenSSL-QUIC [2] + o http: fix Curl_compareheader for multi value headers [11] + o http: make Curl_compareheader handle multiple commas in header + o imap: reset the UIDVALIDITY state between transfers [7] + o include: drop 'will' from public headers [73] + o ldap: drop duplicate `ldap_set_option()` on Windows [42] + o ldap: fix to initialize cleartext connection on Windows [49] + o lib: always use Curl_1st_fatal instead of Curl_1st_err [89] + o libssh2: fix error handling on quote errors [21] + o mk-ca-bundle.pl: make generated timestamps deterministic [44] + o netrc: find login-less password when user is given in URL [6] + o openssl: drop obsolete SSLv2 logic [27] + o openssl: fix memory leaks in ECH code (OpenSSL 3) [78] + o openssl: trace count of found / imported Windows native CA roots [8] + o os400sys: fix typo in comment (symetry -> symmetry) [58] + o protocol.h: fix the CURLPROTO_MASK [31] + o protocol: use scheme names lowercase [38] + o pytest: add additional quiche check for flaky test_05_01 [22] + o rand: use `BCryptGenRandom()` in UWP builds [88] + o scripts: harden / tidy up more Perl `system()` calls [70] + o sshserver.pl: harden more `system()` calls [81] + o sshserver.pl: pass command-line to `system()` safely [82] + o strerr: correct the strerror_s() return code condition [25] + o sws: fix potential OOB write [80] + o synctime: fix off-by-one read and write to a read-only buffer (Windows) [85] + o test459: switch to mode="warn" for stderr check [5] + o tests/unit/README: describe how to unit test static functions [60] + o tool_cb_wrt: fix no-clobber error handling [39] + o tool_cfgable: free the SSL signature algorithms [62] + o tool_formparse: propagate my_get_line errors when reading headers [102] + o tool_ipfs: accept IPFS gateway URL without set port number [13] + o tool_msgs: avoid null pointer deref for early errors [98] + o tool_operate: drop the scheme-guessing in the -G handling [54] + o tool_operate: fix condition for loading `curl-ca-bundle.crt` (Windows) [79] + o tool_operate: fix minor memory-leak on early error [23] + o tool_operhlp: fix `add_file_name_to_url()` result on OOM [32] + o tool_urlglob: fix memory-leak on glob range overflow [19] + o top-complexity: prevent filename-based shell injection risk [101] + o transfer: enable custom methods again on next transfer [30] + o transfer: enhance secure check [10] + o url: use the socks type for socks proxy [47] + o url: use URL for url even in comments [52] + o urlapi: make dedotdotify handle leading dots correctly [97] + o urlapi: verify the last letter of a scheme when set explicitly [16] + o urldata: connection bit ipv6_ip is wrong [59] + o urldata: import port types and conn destination format [57] + o urldata: make speeder_c uint32 [37] + o urldata: remove trailers_state [17] + o wolfssl: fix handling of abrupt connection close [24] + o x509asn1: fix to return error in an error case from `encodeOID()` [83] + o x509asn1: fixed and adapted for ASN1tostr unit testing [48] + o x509asn1: improve encodeOID [72] This release includes the following known bugs: - o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) + See https://curl.se/docs/knownbugs.html + +For all changes ever done in curl: + + See https://curl.se/changes.html + +Planned upcoming removals include: + + o NTLM support becomes opt-in + o RTMP support + o SMB support becomes opt-in + o Support for c-ares versions before 1.16.0 + o Support for CMake 3.17 and earlier + o TLS-SRP support + + See https://curl.se/dev/deprecate.html This release would not have looked like this without help, code, reports and advice from friends like these: - Albin Vass, Aleksander Mazur, Alexis Vachette, Alex Xu, Andrea Pappacoda, - Andrei Rybak, Bachue Zhou, Bastian Krause, Bin Lan, Bin Meng, - Christian Weisgerber, Christoph M. Becker, civodul on github, Dan Fandrich, - Daniel Gustafsson, Daniel Stenberg, David Hu, dEajL3kA on github, - Dmitry Karpov, Dmitry Kostjuchenko, Douglas R. Reno, Ebe Janchivdorj, - Fawad Mirza, Gabriel Simmer, Gealber Morales, Gergely Nagy, Gerrit Renker, - Gisle Vanem, Gregor Jasny, Gregory Muchka, Harry Sintonen, Hugh Macdonald, - Jacob Hoffman-Andrews, Jishan Shaikh, Joel Depooter, Jon Rumsey, Jun-ya Kato, - Kevin Burke, Laurent Dufresne, Li Xinwei, Marcel Raad, Marc Hörsken, - Mark Swaanenburg, Martin Howarth, Michael Forney, Michael Kaufmann, - Mohammed Naser, nian6324 on github, Nikos Mavrogiannopoulos, Paul Groke, - Peter Körner, Phil E. Taylor, Ray Satiro, Red Hat Product Security, - Richard Marion, Richard Whitehouse, Shikha Sharma, shithappens2016 on github, - Tommy Chiang, Vadim Grinshpun, Valentín Gutiérrez, Viktor Szakats, - Xiang Xiao, Yongkang Huang, Younes El-karama, Zhang Xiuhua, - (66 contributors) + am-perip on hackerone, Carlos Henrique Lima Melara, crawfordxx, + Daniel Stenberg, Ercan Ermis, fds242 on github, Flavio Amieiro, + Henrique Pereira, James Fuller, Jason Stangroome, + lg_oled77c5pua on hackerone, m777m0 on hackerone, Martin Dürrmeier, + Michael Hendricks, Michael Kaufmann, Orgad Shaneh, Otis Cui Lei, Ray Satiro, + renovate[bot], Richard Tollerton, Sergey Fedorov, Stefan Eissing, + Viktor Szakats, Vladimír Marek, Yoshiro Yoneya + (25 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/bug/?i=7133 - [2] = https://curl.se/bug/?i=7167 - [3] = https://curl.se/bug/?i=7152 - [4] = https://curl.se/bug/?i=7154 - [5] = https://curl.se/bug/?i=7159 - [6] = https://curl.se/bug/?i=7162 - [7] = https://curl.se/bug/?i=7165 - [8] = https://curl.se/bug/?i=7164 - [9] = https://curl.se/bug/?i=7095 - [10] = https://curl.se/bug/?i=7157 - [11] = https://curl.se/bug/?i=7157 - [12] = https://curl.se/bug/?i=7158 - [13] = https://curl.se/bug/?i=7153 - [14] = https://curl.se/bug/?i=7148 - [15] = https://curl.se/bug/?i=7151 - [16] = https://curl.se/bug/?i=7039 - [17] = https://curl.se/bug/?i=7146 - [18] = https://curl.se/mail/lib-2021-06/0001.html - [19] = https://curl.se/bug/?i=7143 - [20] = https://curl.se/mail/lib-2021-06/0003.html - [21] = https://curl.se/bug/?i=7141 - [22] = https://curl.se/bug/?i=7141 - [23] = https://curl.se/bug/?i=7139 - [24] = https://curl.se/bug/?i=7138 - [25] = https://curl.se/bug/?i=7172 - [26] = https://curl.se/bug/?i=7122 - [27] = https://curl.se/bug/?i=7134 - [28] = https://curl.se/bug/?i=7130 - [29] = https://curl.se/bug/?i=7204 - [30] = https://curl.se/bug/?i=7181 - [31] = https://curl.se/bug/?i=7183 - [32] = https://curl.se/bug/?i=7204 - [33] = https://curl.se/bug/?i=7184 - [34] = https://curl.se/bug/?i=7185 - [35] = https://curl.se/bug/?i=7170 - [36] = https://curl.se/bug/?i=7205 - [37] = https://curl.se/bug/?i=7144 - [38] = https://curl.se/bug/?i=7177 - [39] = https://curl.se/bug/?i=7179 - [40] = https://curl.se/bug/?i=7175 - [41] = https://curl.se/bug/?i=7169 - [42] = https://curl.se/bug/?i=7173 - [43] = https://curl.se/bug/?i=7166 - [44] = https://curl.se/bug/?i=7028 - [45] = https://curl.se/bug/?i=7028 - [46] = https://curl.se/bug/?i=7205 - [47] = https://curl.se/bug/?i=7205 - [48] = https://curl.se/bug/?i=7205 - [49] = https://curl.se/bug/?i=7205 - [50] = https://curl.se/bug/?i=7205 - [51] = https://curl.se/bug/?i=7205 - [52] = https://curl.se/bug/?i=7206 - [53] = https://curl.se/bug/?i=7203 - [54] = https://curl.se/bug/?i=7176 - [55] = https://curl.se/mail/lib-2021-06/0008.html - [56] = https://curl.se/bug/?i=7222 - [57] = https://curl.se/bug/?i=7218 - [58] = https://curl.se/bug/?i=7257 - [59] = https://curl.se/bug/?i=7236 - [60] = https://curl.se/mail/lib-2021-06/0018.html - [61] = https://curl.se/bug/?i=7240 - [62] = https://curl.se/bug/?i=7227 - [63] = https://github.com/curl/curl/discussions/7255 - [64] = https://curl.se/bug/?i=7253 - [65] = https://curl.se/bug/?i=7250 - [66] = https://curl.se/bug/?i=7209 - [67] = https://curl.se/bug/?i=7209 - [68] = https://curl.se/bug/?i=7209 - [69] = https://curl.se/bug/?i=7209 - [70] = https://curl.se/bug/?i=7209 - [71] = https://curl.se/bug/?i=7209 - [72] = https://curl.se/bug/?i=7209 - [73] = https://curl.se/bug/?i=7209 - [74] = https://curl.se/bug/?i=7209 - [75] = https://curl.se/bug/?i=493 - [76] = https://curl.se/bug/?i=7209 - [77] = https://curl.se/bug/?i=7209 - [78] = https://curl.se/bug/?i=7209 - [79] = https://curl.se/bug/?i=7209 - [80] = https://curl.se/bug/?i=7219 - [81] = https://curl.se/bug/?i=7211 - [82] = https://curl.se/bug/?i=7212 - [83] = https://curl.se/bug/?i=6896 - [84] = https://curl.se/bug/?i=7208 - [85] = https://curl.se/bug/?i=7280 - [86] = https://curl.se/bug/?i=7245 - [87] = https://curl.se/bug/?i=7238 - [88] = https://curl.se/bug/?i=7248 - [89] = https://curl.se/bug/?i=7248 - [90] = https://curl.se/bug/?i=7248 - [91] = https://curl.se/bug/?i=7243 - [92] = https://curl.se/bug/?i=7239 - [93] = https://curl.se/bug/?i=7274 - [94] = https://curl.se/bug/?i=7277 - [95] = https://curl.se/bug/?i=7276 - [96] = https://curl.se/bug/?i=7293 - [97] = https://curl.se/bug/?i=7178 - [98] = https://curl.se/mail/lib-2021-06/0024.html - [99] = https://curl.se/bug/?i=7290 - [100] = https://curl.se/bug/?i=7287 - [101] = https://curl.se/bug/?i=7296 - [102] = https://curl.se/bug/?i=7285 - [103] = https://curl.se/bug/?i=7260 - [104] = https://curl.se/bug/?i=7034 - [105] = https://curl.se/bug/?i=7265 - [106] = https://curl.se/bug/?i=7295 - [107] = https://curl.se/bug/?i=7273 - [108] = https://curl.se/bug/?i=7270 - [109] = https://curl.se/bug/?i=7272 - [110] = https://curl.se/bug/?i=7216 - [111] = https://curl.se/bug/?i=7271 - [112] = https://curl.se/bug/?i=7271 - [113] = https://curl.se/bug/?i=7266 - [114] = https://curl.se/bug/?i=7349 - [115] = https://curl.se/bug/?i=7350 - [116] = https://curl.se/bug/?i=7301 - [117] = https://curl.se/bug/?i=7228 - [118] = https://curl.se/bug/?i=7073 - [119] = https://curl.se/bug/?i=7297 - [120] = https://curl.se/bug/?i=7350 - [121] = https://curl.se/bug/?i=7348 - [122] = https://curl.se/bug/?i=7343 - [123] = https://curl.se/bug/?i=7344 - [124] = https://curl.se/bug/?i=7345 - [125] = https://curl.se/bug/?i=7341 - [126] = https://curl.se/bug/?i=7340 - [127] = https://curl.se/bug/?i=7330 - [128] = https://curl.se/bug/?i=7333 - [129] = https://curl.se/bug/?i=7333 - [130] = https://curl.se/bug/?i=7334 - [131] = https://curl.se/bug/?i=7328 - [132] = https://curl.se/bug/?i=7329 - [133] = https://curl.se/bug/?i=7326 - [134] = https://curl.se/bug/?i=7325 - [135] = https://curl.se/bug/?i=7319 - [136] = https://curl.se/bug/?i=7316 - [137] = https://curl.se/bug/?i=7327 - [138] = https://curl.se/bug/?i=7320 - [139] = https://curl.se/bug/?i=7324 - [140] = https://curl.se/bug/?i=7318 - [141] = https://curl.se/bug/?i=7311 - [142] = https://curl.se/bug/?i=7308 - [143] = https://curl.se/bug/?i=7314 - [144] = https://curl.se/bug/?i=7313 + [1] = https://curl.se/bug/?i=20880 + [2] = https://curl.se/bug/?i=20914 + [3] = https://curl.se/bug/?i=20889 + [4] = https://curl.se/bug/?i=20908 + [5] = https://curl.se/bug/?i=20910 + [6] = https://curl.se/bug/?i=20950 + [7] = https://curl.se/bug/?i=20962 + [8] = https://curl.se/bug/?i=20899 + [9] = https://curl.se/bug/?i=20958 + [10] = https://curl.se/bug/?i=20951 + [11] = https://curl.se/bug/?i=20894 + [12] = https://curl.se/bug/?i=20898 + [13] = https://curl.se/bug/?i=20957 + [14] = https://curl.se/bug/?i=20896 + [15] = https://curl.se/bug/?i=20886 + [16] = https://curl.se/bug/?i=20893 + [17] = https://curl.se/bug/?i=20960 + [19] = https://curl.se/bug/?i=20956 + [20] = https://curl.se/bug/?i=20885 + [21] = https://curl.se/bug/?i=20883 + [22] = https://curl.se/bug/?i=20952 + [23] = https://curl.se/bug/?i=20954 + [24] = https://curl.se/bug/?i=21002 + [25] = https://curl.se/bug/?i=20955 + [26] = https://curl.se/bug/?i=18022 + [27] = https://curl.se/bug/?i=20945 + [28] = https://curl.se/bug/?i=20810 + [29] = https://curl.se/bug/?i=20953 + [30] = https://curl.se/bug/?i=21037 + [31] = https://curl.se/bug/?i=21031 + [32] = https://curl.se/bug/?i=21011 + [33] = https://curl.se/bug/?i=20926 + [34] = https://curl.se/bug/?i=20940 + [35] = https://curl.se/bug/?i=20944 + [36] = https://curl.se/bug/?i=20943 + [37] = https://curl.se/bug/?i=21036 + [38] = https://curl.se/bug/?i=21033 + [39] = https://curl.se/bug/?i=20939 + [40] = https://curl.se/bug/?i=21029 + [41] = https://curl.se/bug/?i=20839 + [42] = https://curl.se/bug/?i=20930 + [43] = https://curl.se/bug/?i=21020 + [44] = https://curl.se/bug/?i=20528 + [45] = https://curl.se/bug/?i=20840 + [46] = https://curl.se/bug/?i=20823 + [47] = https://curl.se/bug/?i=21025 + [48] = https://curl.se/bug/?i=21013 + [49] = https://curl.se/bug/?i=20927 + [50] = https://curl.se/bug/?i=20934 + [51] = https://curl.se/bug/?i=20934 + [52] = https://curl.se/bug/?i=20935 + [53] = https://curl.se/bug/?i=20933 + [54] = https://curl.se/bug/?i=20992 + [55] = https://curl.se/bug/?i=20929 + [57] = https://curl.se/bug/?i=20918 + [58] = https://curl.se/bug/?i=20923 + [59] = https://curl.se/bug/?i=20919 + [60] = https://curl.se/bug/?i=21018 + [61] = https://curl.se/bug/?i=20909 + [62] = https://curl.se/bug/?i=20915 + [70] = https://curl.se/bug/?i=21007 + [71] = https://curl.se/bug/?i=21006 + [72] = https://curl.se/bug/?i=21003 + [73] = https://curl.se/bug/?i=21005 + [75] = https://curl.se/bug/?i=21001 + [78] = https://curl.se/bug/?i=20993 + [79] = https://curl.se/bug/?i=20989 + [80] = https://curl.se/bug/?i=20988 + [81] = https://curl.se/bug/?i=20997 + [82] = https://curl.se/bug/?i=20996 + [83] = https://curl.se/bug/?i=20991 + [84] = https://curl.se/bug/?i=20990 + [85] = https://curl.se/bug/?i=20987 + [86] = https://curl.se/bug/?i=20999 + [88] = https://curl.se/bug/?i=20983 + [89] = https://curl.se/bug/?i=20980 + [92] = https://curl.se/bug/?i=20978 + [94] = https://curl.se/bug/?i=20892 + [95] = https://curl.se/bug/?i=20949 + [97] = https://curl.se/bug/?i=20974 + [98] = https://curl.se/bug/?i=20967 + [99] = https://curl.se/bug/?i=20975 + [100] = https://curl.se/bug/?i=20966 + [101] = https://curl.se/bug/?i=20969 + [102] = https://curl.se/bug/?i=20963 + [103] = https://curl.se/bug/?i=20965 diff --git a/REUSE.toml b/REUSE.toml new file mode 100644 index 000000000000..c2e8b7928889 --- /dev/null +++ b/REUSE.toml @@ -0,0 +1,40 @@ +# SPDX-License-Identifier: curl +# SPDX-FileCopyrightText: Daniel Stenberg, , et al. + +# This file describes the licensing and copyright situation for files that +# cannot be annotated directly, for example because of being +# uncommentable. Unless this is the case, a file should be annotated directly. +# +# This follows the REUSE specification: https://reuse.software/spec-3.2/#reusetoml + +version = 1 +SPDX-PackageName = "curl" +SPDX-PackageDownloadLocation = "https://curl.se/" + +[[annotations]] +path = [ + "docs/INSTALL", + "docs/libcurl/symbols-in-versions", + "docs/options-in-versions", + "docs/THANKS", + "lib/libcurl.vers.in", + "lib/libcurl.def", + "projects/OS400/README.OS400", + "projects/vms/build_vms.com", + "projects/vms/curl_release_note_start.txt", + "projects/vms/curlmsg.sdl", + "projects/vms/macro32_exactcase.patch", + "projects/vms/readme", + "projects/Windows/**", + "README", + "RELEASE-NOTES", + "renovate.json", + "tests/certs/**", + "tests/data/data**", + "tests/data/test**", + "tests/valgrind.supp", +] +SPDX-FileCopyrightText = "Daniel Stenberg, , et al." +SPDX-License-Identifier = "curl" +# If there is licensing/copyright information in or next to these files, prefer that +precedence = "closest" diff --git a/SECURITY.md b/SECURITY.md index 4e84fbefc25d..e579ebb6e63b 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,10 +1,30 @@ + + # Security Policy -See [docs/SECURITY-PROCESS.md](docs/SECURITY-PROCESS.md) for full details. +Read our [Vulnerability Disclosure Policy](docs/VULN-DISCLOSURE-POLICY.md). ## Reporting a Vulnerability -If you have found or just suspect a security problem somewhere in curl or libcurl, -report it on [https://hackerone.com/curl](https://hackerone.com/curl). +If you have found or suspect a security problem somewhere in curl or libcurl, +[report it](https://curl.se/dev/vuln-disclosure.html)! + +We treat security issues with confidentiality until controlled and disclosed +responsibly. + +## OpenSSF Best Practices -We treat security issues with confidentiality until controlled and disclosed responsibly. +curl has achieved Gold status on the Open Source Security Foundation (OpenSSF) +[Best Practices](https://bestpractices.dev/) (formerly Core Infrastructure +Initiative Best Practices), reflecting its adherence to rigorous security and +best practice standards. This achievement highlights curl's comprehensive +documentation, secure development processes, effective change control +mechanisms, and strong maintenance routines. Meeting these criteria +demonstrates curl's commitment to security and reliability, ensuring the +project's sustainability and trustworthiness. This underscores curl's role as +a leader in open-source software practices. More information can be found on +[curl's OpenSSF Best Practices project page](https://www.bestpractices.dev/projects/63). diff --git a/acinclude.m4 b/acinclude.m4 index 23c06d678af2..73dc05211830 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# #*************************************************************************** dnl CURL_CHECK_DEF (SYMBOL, [INCLUDES], [SILENT]) @@ -46,10 +48,10 @@ AC_DEFUN([CURL_CHECK_DEF], [ tmp_exp="" AC_PREPROC_IFELSE([ AC_LANG_SOURCE( -ifelse($2,,,[$2])[[ -#ifdef $1 -CURL_DEF_TOKEN $1 -#endif + ifelse($2,,,[$2])[[ + #ifdef $1 + CURL_DEF_TOKEN $1 + #endif ]]) ],[ tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \ @@ -86,15 +88,14 @@ AC_DEFUN([CURL_CHECK_DEF_CC], [ ifelse($3,,[AC_MSG_CHECKING([for compiler definition of $1])]) AC_COMPILE_IFELSE([ AC_LANG_SOURCE( -ifelse($2,,,[$2])[[ -int main (void) -{ -#ifdef $1 - return 0; -#else - force compilation error -#endif -} + ifelse($2,,,[$2])[[ + int main(void) + { + #ifndef $1 + #error force compilation error + #endif + return 0; + } ]]) ],[ tst_symbol_defined="yes" @@ -121,16 +122,15 @@ AC_DEFUN([CURL_CHECK_LIB_XNET], [ tst_lib_xnet_required="no" AC_COMPILE_IFELSE([ AC_LANG_SOURCE([[ -int main (void) -{ -#if defined(__hpux) && defined(_XOPEN_SOURCE) && (_XOPEN_SOURCE >= 600) - return 0; -#elif defined(__hpux) && defined(_XOPEN_SOURCE_EXTENDED) - return 0; -#else - force compilation error -#endif -} + int main(void) + { + #if defined(__hpux) && defined(_XOPEN_SOURCE) && (_XOPEN_SOURCE >= 600) + #elif defined(__hpux) && defined(_XOPEN_SOURCE_EXTENDED) + #else + #error force compilation error + #endif + return 0; + } ]]) ],[ tst_lib_xnet_required="yes" @@ -154,7 +154,6 @@ AC_DEFUN([CURL_CHECK_AIX_ALL_SOURCE], [ #endif]) AC_BEFORE([$0], [AC_SYS_LARGEFILE])dnl AC_BEFORE([$0], [CURL_CONFIGURE_REENTRANT])dnl - AC_BEFORE([$0], [CURL_CONFIGURE_PULL_SYS_POLL])dnl AC_MSG_CHECKING([if OS is AIX (to define _ALL_SOURCE)]) AC_EGREP_CPP([yes_this_is_aix],[ #ifdef _AIX @@ -169,296 +168,29 @@ AC_DEFUN([CURL_CHECK_AIX_ALL_SOURCE], [ ]) -dnl CURL_CHECK_HEADER_WINDOWS -dnl ------------------------------------------------- -dnl Check for compilable and valid windows.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINDOWS], [ - AC_CACHE_CHECK([for windows.h], [curl_cv_header_windows_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINDOWS_H shall not be defined. -#else - int dummy=2*WINVER; -#endif - ]]) - ],[ - curl_cv_header_windows_h="yes" - ],[ - curl_cv_header_windows_h="no" - ]) - ]) - case "$curl_cv_header_windows_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINDOWS_H, 1, - [Define to 1 if you have the windows.h header file.]) - ;; - esac -]) - - dnl CURL_CHECK_NATIVE_WINDOWS dnl ------------------------------------------------- dnl Check if building a native Windows target AC_DEFUN([CURL_CHECK_NATIVE_WINDOWS], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl AC_CACHE_CHECK([whether build target is a native Windows one], [curl_cv_native_windows], [ - if test "$curl_cv_header_windows_h" = "no"; then - curl_cv_native_windows="no" - else - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - ]],[[ -#if defined(__MINGW32__) || defined(__MINGW32CE__) || \ - (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64))) - int dummy=1; -#else - Not a native Windows build target. -#endif - ]]) - ],[ - curl_cv_native_windows="yes" - ],[ - curl_cv_native_windows="no" - ]) - fi - ]) - AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$curl_cv_native_windows" = xyes) -]) - - -dnl CURL_CHECK_HEADER_WINSOCK -dnl ------------------------------------------------- -dnl Check for compilable and valid winsock.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINSOCK], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for winsock.h], [curl_cv_header_winsock_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINSOCK_H shall not be defined. -#else - int dummy=WSACleanup(); -#endif + #ifdef _WIN32 + int dummy = 1; + (void)dummy; + #else + #error Not a native Windows build target. + #endif ]]) ],[ - curl_cv_header_winsock_h="yes" + curl_cv_native_windows="yes" ],[ - curl_cv_header_winsock_h="no" - ]) - ]) - case "$curl_cv_header_winsock_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINSOCK_H, 1, - [Define to 1 if you have the winsock.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WINSOCK2 -dnl ------------------------------------------------- -dnl Check for compilable and valid winsock2.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINSOCK2], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for winsock2.h], [curl_cv_header_winsock2_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WINSOCK2_H shall not be defined. -#else - int dummy=2*IPPROTO_ESP; -#endif - ]]) - ],[ - curl_cv_header_winsock2_h="yes" - ],[ - curl_cv_header_winsock2_h="no" - ]) - ]) - case "$curl_cv_header_winsock2_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINSOCK2_H, 1, - [Define to 1 if you have the winsock2.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WS2TCPIP -dnl ------------------------------------------------- -dnl Check for compilable and valid ws2tcpip.h header - -AC_DEFUN([CURL_CHECK_HEADER_WS2TCPIP], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl - AC_CACHE_CHECK([for ws2tcpip.h], [curl_cv_header_ws2tcpip_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WS2TCPIP_H shall not be defined. -#else - int dummy=2*IP_PKTINFO; -#endif - ]]) - ],[ - curl_cv_header_ws2tcpip_h="yes" - ],[ - curl_cv_header_ws2tcpip_h="no" - ]) - ]) - case "$curl_cv_header_ws2tcpip_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WS2TCPIP_H, 1, - [Define to 1 if you have the ws2tcpip.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WINCRYPT -dnl ------------------------------------------------- -dnl Check for compilable and valid wincrypt.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINCRYPT], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for wincrypt.h], [curl_cv_header_wincrypt_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include - ]],[[ - int dummy=2*PROV_RSA_FULL; - ]]) - ],[ - curl_cv_header_wincrypt_h="yes" - ],[ - curl_cv_header_wincrypt_h="no" - ]) - ]) - case "$curl_cv_header_wincrypt_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINCRYPT_H, 1, - [Define to 1 if you have the wincrypt.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WINLDAP -dnl ------------------------------------------------- -dnl Check for compilable and valid winldap.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINLDAP], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for winldap.h], [curl_cv_header_winldap_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#endif -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINLDAP_H shall not be defined. -#else - LDAP *ldp = ldap_init("dummy", LDAP_PORT); - ULONG res = ldap_unbind(ldp); -#endif - ]]) - ],[ - curl_cv_header_winldap_h="yes" - ],[ - curl_cv_header_winldap_h="no" + curl_cv_native_windows="no" ]) ]) - case "$curl_cv_header_winldap_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINLDAP_H, 1, - [Define to 1 if you have the winldap.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WINBER -dnl ------------------------------------------------- -dnl Check for compilable and valid winber.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINBER], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINLDAP])dnl - AC_CACHE_CHECK([for winber.h], [curl_cv_header_winber_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#endif -#include -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINBER_H shall not be defined. -#else - BERVAL *bvp = NULL; - BerElement *bep = ber_init(bvp); - ber_free(bep, 1); -#endif - ]]) - ],[ - curl_cv_header_winber_h="yes" - ],[ - curl_cv_header_winber_h="no" - ]) - ]) - case "$curl_cv_header_winber_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINBER_H, 1, - [Define to 1 if you have the winber.h header file.]) - ;; - esac + AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "$curl_cv_native_windows" = "yes") ]) @@ -468,25 +200,25 @@ dnl Check for compilable and valid lber.h header, dnl and check if it is needed even with ldap.h AC_DEFUN([CURL_CHECK_HEADER_LBER], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_CACHE_CHECK([for lber.h], [curl_cv_header_lber_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#endif -#ifndef NULL -#define NULL (void *)0 -#endif -#include + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #endif + #ifndef NULL + #define NULL (void *)0 + #endif + #include ]],[[ BerValue *bvp = NULL; BerElement *bep = ber_init(bvp); @@ -504,24 +236,24 @@ AC_DEFUN([CURL_CHECK_HEADER_LBER], [ # AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#endif -#ifndef NULL -#define NULL (void *)0 -#endif -#ifndef LDAP_DEPRECATED -#define LDAP_DEPRECATED 1 -#endif -#include + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #endif + #ifndef NULL + #define NULL (void *)0 + #endif + #ifndef LDAP_DEPRECATED + #define LDAP_DEPRECATED 1 + #endif + #include ]],[[ BerValue *bvp = NULL; BerElement *bep = ber_init(bvp); @@ -552,27 +284,28 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP], [ AC_CACHE_CHECK([for ldap.h], [curl_cv_header_ldap_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#endif -#ifndef LDAP_DEPRECATED -#define LDAP_DEPRECATED 1 -#endif -#ifdef NEED_LBER_H -#include -#endif -#include + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #endif + #ifndef LDAP_DEPRECATED + #define LDAP_DEPRECATED 1 + #endif + #ifdef NEED_LBER_H + #include + #endif + #include ]],[[ - LDAP *ldp = ldap_init("dummy", LDAP_PORT); + LDAP *ldp = ldap_init("0.0.0.0", LDAP_PORT); int res = ldap_unbind(ldp); + (void)res; ]]) ],[ curl_cv_header_ldap_h="yes" @@ -598,29 +331,30 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [ AC_CACHE_CHECK([for ldap_ssl.h], [curl_cv_header_ldap_ssl_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#endif -#ifndef LDAP_DEPRECATED -#define LDAP_DEPRECATED 1 -#endif -#ifdef NEED_LBER_H -#include -#endif -#ifdef HAVE_LDAP_H -#include -#endif -#include + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #endif + #ifndef LDAP_DEPRECATED + #define LDAP_DEPRECATED 1 + #endif + #ifdef NEED_LBER_H + #include + #endif + #ifdef HAVE_LDAP_H + #include + #endif + #include ]],[[ - LDAP *ldp = ldapssl_init("dummy", LDAPS_PORT, 1); + LDAP *ldp = ldapssl_init("0.0.0.0", LDAPS_PORT, 1); + (void)ldp; ]]) ],[ curl_cv_header_ldap_ssl_h="yes" @@ -637,58 +371,6 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [ ]) -dnl CURL_CHECK_HEADER_LDAPSSL -dnl ------------------------------------------------- -dnl Check for compilable and valid ldapssl.h header - -AC_DEFUN([CURL_CHECK_HEADER_LDAPSSL], [ - AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl - AC_CACHE_CHECK([for ldapssl.h], [curl_cv_header_ldapssl_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#endif -#ifndef NULL -#define NULL (void *)0 -#endif -#ifndef LDAP_DEPRECATED -#define LDAP_DEPRECATED 1 -#endif -#ifdef NEED_LBER_H -#include -#endif -#ifdef HAVE_LDAP_H -#include -#endif -#include - ]],[[ - char *cert_label = NULL; - LDAP *ldp = ldap_ssl_init("dummy", LDAPS_PORT, cert_label); - ]]) - ],[ - curl_cv_header_ldapssl_h="yes" - ],[ - curl_cv_header_ldapssl_h="no" - ]) - ]) - case "$curl_cv_header_ldapssl_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_LDAPSSL_H, 1, - [Define to 1 if you have the ldapssl.h header file.]) - ;; - esac -]) - - dnl CURL_CHECK_LIBS_WINLDAP dnl ------------------------------------------------- dnl Check for libraries needed for WINLDAP support, @@ -735,25 +417,24 @@ AC_DEFUN([CURL_CHECK_LIBS_WINLDAP], [ fi AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINLDAP_H -#include -#endif -#ifdef HAVE_WINBER_H -#include -#endif -#endif + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #include + #ifdef HAVE_WINBER_H + #include + #endif + #endif ]],[[ BERVAL *bvp = NULL; BerElement *bep = ber_init(bvp); - LDAP *ldp = ldap_init("dummy", LDAP_PORT); + LDAP *ldp = ldap_init("0.0.0.0", LDAP_PORT); ULONG res = ldap_unbind(ldp); ber_free(bep, 1); + (void)res; ]]) ],[ curl_cv_ldap_LIBS="$x_nlibs" @@ -825,7 +506,7 @@ AC_DEFUN([CURL_CHECK_LIBS_LDAP], [ '-llber -lldap' \ '-lldapssl -lldapx -lldapsdk' \ '-lldapsdk -lldapx -lldapssl' \ - '-lldap -llber -lssl -lcrypto' ; do + '-lldap -llber -lssl -lcrypto'; do if test "$curl_cv_ldap_LIBS" = "unknown"; then if test -z "$x_nlibs"; then @@ -835,35 +516,36 @@ AC_DEFUN([CURL_CHECK_LIBS_LDAP], [ fi AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#endif -#ifndef NULL -#define NULL (void *)0 -#endif -#ifndef LDAP_DEPRECATED -#define LDAP_DEPRECATED 1 -#endif -#ifdef NEED_LBER_H -#include -#endif -#ifdef HAVE_LDAP_H -#include -#endif + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #endif + #ifndef NULL + #define NULL (void *)0 + #endif + #ifndef LDAP_DEPRECATED + #define LDAP_DEPRECATED 1 + #endif + #ifdef NEED_LBER_H + #include + #endif + #ifdef HAVE_LDAP_H + #include + #endif ]],[[ BerValue *bvp = NULL; BerElement *bep = ber_init(bvp); - LDAP *ldp = ldap_init("dummy", LDAP_PORT); + LDAP *ldp = ldap_init("0.0.0.0", LDAP_PORT); int res = ldap_unbind(ldp); ber_free(bep, 1); + (void)res; ]]) ],[ curl_cv_ldap_LIBS="$x_nlibs" @@ -886,6 +568,10 @@ AC_DEFUN([CURL_CHECK_LIBS_LDAP], [ else LIBS="$curl_cv_ldap_LIBS $curl_cv_save_LIBS" fi + # FIXME: Enable when ldap was detected via pkg-config + if false; then + LIBCURL_PC_REQUIRES_PRIVATE="ldap $LIBCURL_PC_REQUIRES_PRIVATE" + fi AC_MSG_RESULT([$curl_cv_ldap_LIBS]) ;; esac @@ -893,108 +579,6 @@ AC_DEFUN([CURL_CHECK_LIBS_LDAP], [ ]) -dnl CURL_CHECK_HEADER_MALLOC -dnl ------------------------------------------------- -dnl Check for compilable and valid malloc.h header, -dnl and check if it is needed even with stdlib.h - -AC_DEFUN([CURL_CHECK_HEADER_MALLOC], [ - AC_CACHE_CHECK([for malloc.h], [curl_cv_header_malloc_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include - ]],[[ - void *p = malloc(10); - void *q = calloc(10,10); - free(p); - free(q); - ]]) - ],[ - curl_cv_header_malloc_h="yes" - ],[ - curl_cv_header_malloc_h="no" - ]) - ]) - if test "$curl_cv_header_malloc_h" = "yes"; then - AC_DEFINE_UNQUOTED(HAVE_MALLOC_H, 1, - [Define to 1 if you have the malloc.h header file.]) - # - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include - ]],[[ - void *p = malloc(10); - void *q = calloc(10,10); - free(p); - free(q); - ]]) - ],[ - curl_cv_need_header_malloc_h="no" - ],[ - curl_cv_need_header_malloc_h="yes" - ]) - # - case "$curl_cv_need_header_malloc_h" in - yes) - AC_DEFINE_UNQUOTED(NEED_MALLOC_H, 1, - [Define to 1 if you need the malloc.h header file even with stdlib.h]) - ;; - esac - fi -]) - - -dnl CURL_CHECK_HEADER_MEMORY -dnl ------------------------------------------------- -dnl Check for compilable and valid memory.h header, -dnl and check if it is needed even with stdlib.h for -dnl memory related functions. - -AC_DEFUN([CURL_CHECK_HEADER_MEMORY], [ - AC_CACHE_CHECK([for memory.h], [curl_cv_header_memory_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include - ]],[[ - void *p = malloc(10); - void *q = calloc(10,10); - free(p); - free(q); - ]]) - ],[ - curl_cv_header_memory_h="yes" - ],[ - curl_cv_header_memory_h="no" - ]) - ]) - if test "$curl_cv_header_memory_h" = "yes"; then - AC_DEFINE_UNQUOTED(HAVE_MEMORY_H, 1, - [Define to 1 if you have the memory.h header file.]) - # - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include - ]],[[ - void *p = malloc(10); - void *q = calloc(10,10); - free(p); - free(q); - ]]) - ],[ - curl_cv_need_header_memory_h="no" - ],[ - curl_cv_need_header_memory_h="yes" - ]) - # - case "$curl_cv_need_header_memory_h" in - yes) - AC_DEFINE_UNQUOTED(NEED_MEMORY_H, 1, - [Define to 1 if you need the memory.h header file even with stdlib.h]) - ;; - esac - fi -]) - dnl TYPE_SOCKADDR_STORAGE dnl ------------------------------------------------- dnl Check for struct sockaddr_storage. Most IPv6-enabled @@ -1003,78 +587,55 @@ dnl hosts have it, but AIX 4.3 is one known exception. AC_DEFUN([TYPE_SOCKADDR_STORAGE], [ AC_CHECK_TYPE([struct sockaddr_storage], - AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, - [if struct sockaddr_storage is defined]), , + AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, + [if struct sockaddr_storage is defined]), , [ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#endif -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#endif + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #include + #ifdef HAVE_NETINET_IN_H + #include + #endif + #ifdef HAVE_ARPA_INET_H + #include + #endif + #endif ]) ]) dnl CURL_CHECK_FUNC_RECV dnl ------------------------------------------------- dnl Test if the socket recv() function is available, -dnl and check its return type and the types of its -dnl arguments. If the function succeeds HAVE_RECV -dnl will be defined, defining the types of the arguments -dnl in RECV_TYPE_ARG1, RECV_TYPE_ARG2, RECV_TYPE_ARG3 -dnl and RECV_TYPE_ARG4, defining the type of the function -dnl return value in RECV_TYPE_RETV. AC_DEFUN([CURL_CHECK_FUNC_RECV], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl - AC_CHECK_HEADERS(sys/types.h sys/socket.h) + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl + AC_REQUIRE([CURL_INCLUDES_BSDSOCKET])dnl + AC_CHECK_HEADERS(sys/types.h) # AC_MSG_CHECKING([for recv]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#endif + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + $curl_includes_bsdsocket + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #include + #endif ]],[[ recv(0, 0, 0, 0); ]]) @@ -1087,88 +648,9 @@ struct Library *SocketBase = NULL; ]) # if test "$curl_cv_recv" = "yes"; then - AC_CACHE_CHECK([types of args and return type for recv], - [curl_cv_func_recv_args], [ - curl_cv_func_recv_args="unknown" - for recv_retv in 'int' 'ssize_t'; do - for recv_arg1 in 'int' 'ssize_t' 'SOCKET'; do - for recv_arg2 in 'char *' 'void *'; do - for recv_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do - for recv_arg4 in 'int' 'unsigned int'; do - if test "$curl_cv_func_recv_args" = "unknown"; then - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#define RECVCALLCONV PASCAL -#else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#define RECVCALLCONV -#endif -#ifndef HAVE_PROTO_BSDSOCKET_H - extern $recv_retv RECVCALLCONV - recv($recv_arg1, $recv_arg2, $recv_arg3, $recv_arg4); -#endif - ]],[[ - $recv_arg1 s=0; - $recv_arg2 buf=0; - $recv_arg3 len=0; - $recv_arg4 flags=0; - $recv_retv res = recv(s, buf, len, flags); - ]]) - ],[ - curl_cv_func_recv_args="$recv_arg1,$recv_arg2,$recv_arg3,$recv_arg4,$recv_retv" - ]) - fi - done - done - done - done - done - ]) # AC-CACHE-CHECK - if test "$curl_cv_func_recv_args" = "unknown"; then - AC_MSG_ERROR([Cannot find proper types to use for recv args]) - else - recv_prev_IFS=$IFS; IFS=',' - set dummy `echo "$curl_cv_func_recv_args" | sed 's/\*/\*/g'` - IFS=$recv_prev_IFS - shift - # - AC_DEFINE_UNQUOTED(RECV_TYPE_ARG1, $[1], - [Define to the type of arg 1 for recv.]) - AC_DEFINE_UNQUOTED(RECV_TYPE_ARG2, $[2], - [Define to the type of arg 2 for recv.]) - AC_DEFINE_UNQUOTED(RECV_TYPE_ARG3, $[3], - [Define to the type of arg 3 for recv.]) - AC_DEFINE_UNQUOTED(RECV_TYPE_ARG4, $[4], - [Define to the type of arg 4 for recv.]) - AC_DEFINE_UNQUOTED(RECV_TYPE_RETV, $[5], - [Define to the function return type for recv.]) - # - AC_DEFINE_UNQUOTED(HAVE_RECV, 1, - [Define to 1 if you have the recv function.]) - curl_cv_func_recv="yes" - fi + AC_DEFINE_UNQUOTED(HAVE_RECV, 1, + [Define to 1 if you have the recv function.]) + curl_cv_func_recv="yes" else AC_MSG_ERROR([Unable to link function recv]) fi @@ -1178,454 +660,159 @@ struct Library *SocketBase = NULL; dnl CURL_CHECK_FUNC_SEND dnl ------------------------------------------------- dnl Test if the socket send() function is available, -dnl and check its return type and the types of its -dnl arguments. If the function succeeds HAVE_SEND -dnl will be defined, defining the types of the arguments -dnl in SEND_TYPE_ARG1, SEND_TYPE_ARG2, SEND_TYPE_ARG3 -dnl and SEND_TYPE_ARG4, defining the type of the function -dnl return value in SEND_TYPE_RETV, and also defining the -dnl type qualifier of second argument in SEND_QUAL_ARG2. AC_DEFUN([CURL_CHECK_FUNC_SEND], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl - AC_CHECK_HEADERS(sys/types.h sys/socket.h) + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl + AC_REQUIRE([CURL_INCLUDES_BSDSOCKET])dnl + AC_CHECK_HEADERS(sys/types.h) # AC_MSG_CHECKING([for send]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#endif + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + $curl_includes_bsdsocket + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #include + #endif ]],[[ - send(0, 0, 0, 0); + char s[] = ""; + send(0, (void *)s, 0, 0); ]]) - ],[ - AC_MSG_RESULT([yes]) - curl_cv_send="yes" - ],[ - AC_MSG_RESULT([no]) - curl_cv_send="no" - ]) - # - if test "$curl_cv_send" = "yes"; then - AC_CACHE_CHECK([types of args and return type for send], - [curl_cv_func_send_args], [ - curl_cv_func_send_args="unknown" - for send_retv in 'int' 'ssize_t'; do - for send_arg1 in 'int' 'ssize_t' 'SOCKET'; do - for send_arg2 in 'char *' 'void *' 'const char *' 'const void *'; do - for send_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do - for send_arg4 in 'int' 'unsigned int'; do - if test "$curl_cv_func_send_args" = "unknown"; then - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#define SENDCALLCONV PASCAL -#else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#define SENDCALLCONV -#endif -#ifndef HAVE_PROTO_BSDSOCKET_H - extern $send_retv SENDCALLCONV - send($send_arg1, $send_arg2, $send_arg3, $send_arg4); -#endif - ]],[[ - $send_arg1 s=0; - $send_arg3 len=0; - $send_arg4 flags=0; - $send_retv res = send(s, 0, len, flags); - ]]) - ],[ - curl_cv_func_send_args="$send_arg1,$send_arg2,$send_arg3,$send_arg4,$send_retv" - ]) - fi - done - done - done - done - done - ]) # AC-CACHE-CHECK - if test "$curl_cv_func_send_args" = "unknown"; then - AC_MSG_ERROR([Cannot find proper types to use for send args]) - else - send_prev_IFS=$IFS; IFS=',' - set dummy `echo "$curl_cv_func_send_args" | sed 's/\*/\*/g'` - IFS=$send_prev_IFS - shift - # - send_qual_type_arg2=$[2] - # - AC_DEFINE_UNQUOTED(SEND_TYPE_ARG1, $[1], - [Define to the type of arg 1 for send.]) - AC_DEFINE_UNQUOTED(SEND_TYPE_ARG3, $[3], - [Define to the type of arg 3 for send.]) - AC_DEFINE_UNQUOTED(SEND_TYPE_ARG4, $[4], - [Define to the type of arg 4 for send.]) - AC_DEFINE_UNQUOTED(SEND_TYPE_RETV, $[5], - [Define to the function return type for send.]) - # - prev_sh_opts=$- - # - case $prev_sh_opts in - *f*) - ;; - *) - set -f - ;; - esac - # - case "$send_qual_type_arg2" in - const*) - send_qual_arg2=const - send_type_arg2=`echo $send_qual_type_arg2 | sed 's/^const //'` - ;; - *) - send_qual_arg2= - send_type_arg2=$send_qual_type_arg2 - ;; - esac - # - AC_DEFINE_UNQUOTED(SEND_QUAL_ARG2, $send_qual_arg2, - [Define to the type qualifier of arg 2 for send.]) - AC_DEFINE_UNQUOTED(SEND_TYPE_ARG2, $send_type_arg2, - [Define to the type of arg 2 for send.]) - # - case $prev_sh_opts in - *f*) - ;; - *) - set +f - ;; - esac - # - AC_DEFINE_UNQUOTED(HAVE_SEND, 1, - [Define to 1 if you have the send function.]) - curl_cv_func_send="yes" - fi - else - AC_MSG_ERROR([Unable to link function send]) - fi -]) - -dnl CURL_CHECK_MSG_NOSIGNAL -dnl ------------------------------------------------- -dnl Check for MSG_NOSIGNAL - -AC_DEFUN([CURL_CHECK_MSG_NOSIGNAL], [ - AC_CHECK_HEADERS(sys/types.h sys/socket.h) - AC_CACHE_CHECK([for MSG_NOSIGNAL], [curl_cv_msg_nosignal], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#endif - ]],[[ - int flag=MSG_NOSIGNAL; - ]]) - ],[ - curl_cv_msg_nosignal="yes" - ],[ - curl_cv_msg_nosignal="no" - ]) - ]) - case "$curl_cv_msg_nosignal" in - yes) - AC_DEFINE_UNQUOTED(HAVE_MSG_NOSIGNAL, 1, - [Define to 1 if you have the MSG_NOSIGNAL flag.]) - ;; - esac -]) - - -dnl CURL_CHECK_STRUCT_TIMEVAL -dnl ------------------------------------------------- -dnl Check for timeval struct - -AC_DEFUN([CURL_CHECK_STRUCT_TIMEVAL], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl - AC_CHECK_HEADERS(sys/types.h sys/time.h sys/socket.h) - AC_CACHE_CHECK([for struct timeval], [curl_cv_struct_timeval], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#include -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - ]],[[ - struct timeval ts; - ts.tv_sec = 0; - ts.tv_usec = 0; - ]]) - ],[ - curl_cv_struct_timeval="yes" - ],[ - curl_cv_struct_timeval="no" - ]) - ]) - case "$curl_cv_struct_timeval" in - yes) - AC_DEFINE_UNQUOTED(HAVE_STRUCT_TIMEVAL, 1, - [Define to 1 if you have the timeval struct.]) - ;; - esac -]) - - -dnl TYPE_SIG_ATOMIC_T -dnl ------------------------------------------------- -dnl Check if the sig_atomic_t type is available, and -dnl verify if it is already defined as volatile. - -AC_DEFUN([TYPE_SIG_ATOMIC_T], [ - AC_CHECK_HEADERS(signal.h) - AC_CHECK_TYPE([sig_atomic_t],[ - AC_DEFINE(HAVE_SIG_ATOMIC_T, 1, - [Define to 1 if sig_atomic_t is an available typedef.]) - ], ,[ -#ifdef HAVE_SIGNAL_H -#include -#endif - ]) - case "$ac_cv_type_sig_atomic_t" in - yes) - # - AC_MSG_CHECKING([if sig_atomic_t is already defined as volatile]) - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ -#ifdef HAVE_SIGNAL_H -#include -#endif - ]],[[ - static volatile sig_atomic_t dummy = 0; - ]]) - ],[ - AC_MSG_RESULT([no]) - curl_cv_sig_atomic_t_volatile="no" - ],[ - AC_MSG_RESULT([yes]) - curl_cv_sig_atomic_t_volatile="yes" - ]) - # - if test "$curl_cv_sig_atomic_t_volatile" = "yes"; then - AC_DEFINE(HAVE_SIG_ATOMIC_T_VOLATILE, 1, - [Define to 1 if sig_atomic_t is already defined as volatile.]) - fi - ;; - esac -]) - - -dnl TYPE_IN_ADDR_T -dnl ------------------------------------------------- -dnl Check for in_addr_t: it is used to receive the return code of inet_addr() -dnl and a few other things. - -AC_DEFUN([TYPE_IN_ADDR_T], [ - AC_CHECK_TYPE([in_addr_t], ,[ - dnl in_addr_t not available - AC_CACHE_CHECK([for in_addr_t equivalent], - [curl_cv_in_addr_t_equiv], [ - curl_cv_in_addr_t_equiv="unknown" - for t in "unsigned long" int size_t unsigned long; do - if test "$curl_cv_in_addr_t_equiv" = "unknown"; then - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#endif - ]],[[ - $t data = inet_addr ("1.2.3.4"); - ]]) - ],[ - curl_cv_in_addr_t_equiv="$t" - ]) - fi - done - ]) - case "$curl_cv_in_addr_t_equiv" in - unknown) - AC_MSG_ERROR([Cannot find a type to use in place of in_addr_t]) - ;; - *) - AC_DEFINE_UNQUOTED(in_addr_t, $curl_cv_in_addr_t_equiv, - [Type to use in place of in_addr_t when system does not provide it.]) - ;; - esac - ],[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#endif + ],[ + AC_MSG_RESULT([yes]) + curl_cv_send="yes" + ],[ + AC_MSG_RESULT([no]) + curl_cv_send="no" ]) + # + if test "$curl_cv_send" = "yes"; then + AC_DEFINE_UNQUOTED(HAVE_SEND, 1, + [Define to 1 if you have the send function.]) + curl_cv_func_send="yes" + else + AC_MSG_ERROR([Unable to link function send]) + fi ]) -dnl CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC +dnl CURL_CHECK_STRUCT_TIMEVAL dnl ------------------------------------------------- -dnl Check if monotonic clock_gettime is available. +dnl Check for timeval struct -AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [ - AC_CHECK_HEADERS(sys/types.h sys/time.h) - AC_MSG_CHECKING([for monotonic clock_gettime]) - # - if test "x$dontwant_rt" = "xno" ; then +AC_DEFUN([CURL_CHECK_STRUCT_TIMEVAL], [ + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl + AC_CHECK_HEADERS(sys/types.h) + AC_CACHE_CHECK([for struct timeval], [curl_cv_struct_timeval], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#include + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + #include + #include + #endif + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #include ]],[[ - struct timespec ts; - (void)clock_gettime(CLOCK_MONOTONIC, &ts); + struct timeval ts; + ts.tv_sec = 0; + ts.tv_usec = 0; + (void)ts; ]]) ],[ - AC_MSG_RESULT([yes]) - curl_func_clock_gettime="yes" + curl_cv_struct_timeval="yes" ],[ - AC_MSG_RESULT([no]) - curl_func_clock_gettime="no" + curl_cv_struct_timeval="no" ]) - fi + ]) + case "$curl_cv_struct_timeval" in + yes) + AC_DEFINE_UNQUOTED(HAVE_STRUCT_TIMEVAL, 1, + [Define to 1 if you have the timeval struct.]) + ;; + esac +]) + + +dnl CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC +dnl ------------------------------------------------- +dnl Check if monotonic clock_gettime is available. + +AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [ + AC_CHECK_HEADERS(sys/types.h) + AC_MSG_CHECKING([for monotonic clock_gettime]) + # + + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifndef _WIN32 + #include + #endif + #include + ]],[[ + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); + (void)ts; + ]]) + ],[ + AC_MSG_RESULT([yes]) + curl_func_clock_gettime="yes" + ],[ + AC_MSG_RESULT([no]) + curl_func_clock_gettime="no" + ]) + dnl Definition of HAVE_CLOCK_GETTIME_MONOTONIC is intentionally postponed - dnl until library linking and run-time checks for clock_gettime succeed. + dnl until library linking and runtime checks for clock_gettime succeed. +]) + +dnl CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC_RAW +dnl ------------------------------------------------- +dnl Check if monotonic clock_gettime is available. + +AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC_RAW], [ + AC_CHECK_HEADERS(sys/types.h) + AC_MSG_CHECKING([for raw monotonic clock_gettime]) + # + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifndef _WIN32 + #include + #endif + #include + ]],[[ + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC_RAW, &ts); + (void)ts; + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_CLOCK_GETTIME_MONOTONIC_RAW, 1, + [Define to 1 if you have the clock_gettime function and raw monotonic timer.]) + ],[ + AC_MSG_RESULT([no]) + ]) ]) @@ -1653,16 +840,17 @@ AC_DEFUN([CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC], [ fi AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#include + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifndef _WIN32 + #include + #endif + #include ]],[[ struct timespec ts; (void)clock_gettime(CLOCK_MONOTONIC, &ts); + (void)ts; ]]) ],[ curl_cv_gclk_LIBS="$x_xlibs" @@ -1683,38 +871,41 @@ AC_DEFUN([CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC], [ curl_func_clock_gettime="yes" ;; *) - if test -z "$curl_cv_save_LIBS"; then - LIBS="$curl_cv_gclk_LIBS" + if test "$dontwant_rt" = "yes"; then + AC_MSG_WARN([needs -lrt but asked not to use it, HAVE_CLOCK_GETTIME_MONOTONIC will not be defined]) + curl_func_clock_gettime="no" else - LIBS="$curl_cv_gclk_LIBS $curl_cv_save_LIBS" + if test -z "$curl_cv_save_LIBS"; then + LIBS="$curl_cv_gclk_LIBS" + else + LIBS="$curl_cv_gclk_LIBS $curl_cv_save_LIBS" + fi + AC_MSG_RESULT([$curl_cv_gclk_LIBS]) + curl_func_clock_gettime="yes" fi - AC_MSG_RESULT([$curl_cv_gclk_LIBS]) - curl_func_clock_gettime="yes" ;; esac # dnl only do runtime verification when not cross-compiling - if test "x$cross_compiling" != "xyes" && + if test "$cross_compiling" != "yes" && test "$curl_func_clock_gettime" = "yes"; then AC_MSG_CHECKING([if monotonic clock_gettime works]) CURL_RUN_IFELSE([ AC_LANG_PROGRAM([[ -#ifdef HAVE_STDLIB_H -#include -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#include + #include + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #ifndef _WIN32 + #include + #endif + #include ]],[[ struct timespec ts; - if (0 == clock_gettime(CLOCK_MONOTONIC, &ts)) - exit(0); - else - exit(1); + if(0 == clock_gettime(CLOCK_MONOTONIC, &ts)) + return 0; + (void)ts; + return 1; ]]) ],[ AC_MSG_RESULT([yes]) @@ -1756,7 +947,7 @@ AC_DEFUN([CURL_CHECK_LIBS_CONNECT], [ AC_LANG_PROGRAM([[ $curl_includes_winsock2 $curl_includes_bsdsocket - #if !defined(HAVE_WINDOWS_H) && !defined(HAVE_PROTO_BSDSOCKET_H) + #if !defined(_WIN32) && !defined(HAVE_PROTO_BSDSOCKET_H) int connect(int, void*, int); #endif ]],[[ @@ -1786,115 +977,40 @@ AC_DEFUN([CURL_CHECK_LIBS_CONNECT], [ ]) -dnl CURL_DEFINE_UNQUOTED (VARIABLE, [VALUE]) -dnl ------------------------------------------------- -dnl Like AC_DEFINE_UNQUOTED this macro will define a C preprocessor -dnl symbol that can be further used in custom template configuration -dnl files. This macro, unlike AC_DEFINE_UNQUOTED, does not use a third -dnl argument for the description. Symbol definitions done with this -dnl macro are intended to be exclusively used in handcrafted *.h.in -dnl template files. Contrary to what AC_DEFINE_UNQUOTED does, this one -dnl prevents autoheader generation and insertion of symbol template -dnl stub and definition into the first configuration header file. Do -dnl not use this macro as a replacement for AC_DEFINE_UNQUOTED, each -dnl one serves different functional needs. - -AC_DEFUN([CURL_DEFINE_UNQUOTED], [ -cat >>confdefs.h <<_EOF -[@%:@define] $1 ifelse($#, 2, [$2], 1) -_EOF -]) - -dnl CURL_CONFIGURE_PULL_SYS_POLL -dnl ------------------------------------------------- -dnl The need for the sys/poll.h inclusion arises mainly to properly -dnl interface AIX systems which define macros 'events' and 'revents'. - -AC_DEFUN([CURL_CONFIGURE_PULL_SYS_POLL], [ - AC_REQUIRE([CURL_INCLUDES_POLL])dnl - # - tst_poll_events_macro_defined="unknown" - # - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - $curl_includes_poll - ]],[[ -#if defined(events) || defined(revents) - return 0; -#else - force compilation error -#endif - ]]) - ],[ - tst_poll_events_macro_defined="yes" - ],[ - tst_poll_events_macro_defined="no" - ]) - # - if test "$tst_poll_events_macro_defined" = "yes"; then - if test "x$ac_cv_header_sys_poll_h" = "xyes"; then - CURL_DEFINE_UNQUOTED([CURL_PULL_SYS_POLL_H]) - fi - fi - # -]) - - dnl CURL_CHECK_FUNC_SELECT dnl ------------------------------------------------- -dnl Test if the socket select() function is available, -dnl and check its return type and the types of its -dnl arguments. If the function succeeds HAVE_SELECT -dnl will be defined, defining the types of the -dnl arguments in SELECT_TYPE_ARG1, SELECT_TYPE_ARG234 -dnl and SELECT_TYPE_ARG5, defining the type of the -dnl function return value in SELECT_TYPE_RETV, and -dnl also defining the type qualifier of fifth argument -dnl in SELECT_QUAL_ARG5. +dnl Test if the socket select() function is available. AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ AC_REQUIRE([CURL_CHECK_STRUCT_TIMEVAL])dnl - AC_CHECK_HEADERS(sys/select.h sys/socket.h) + AC_REQUIRE([CURL_INCLUDES_BSDSOCKET])dnl + AC_CHECK_HEADERS(sys/select.h) # AC_MSG_CHECKING([for select]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#include -#ifndef HAVE_WINDOWS_H -#ifdef HAVE_SYS_SELECT_H -#include -#elif defined(HAVE_UNISTD_H) -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0) -#endif -#endif + #undef inline + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #else + #include + #include + #endif + #ifdef HAVE_SYS_TYPES_H + #include + #endif + #include + #ifndef _WIN32 + #ifdef HAVE_SYS_SELECT_H + #include + #elif defined(HAVE_UNISTD_H) + #include + #endif + $curl_includes_bsdsocket + #endif ]],[[ select(0, 0, 0, 0, 0); ]]) @@ -1907,140 +1023,9 @@ struct Library *SocketBase = NULL; ]) # if test "$curl_cv_select" = "yes"; then - AC_CACHE_CHECK([types of args and return type for select], - [curl_cv_func_select_args], [ - curl_cv_func_select_args="unknown" - for sel_retv in 'int' 'ssize_t'; do - for sel_arg1 in 'int' 'ssize_t' 'size_t' 'unsigned long int' 'unsigned int'; do - for sel_arg234 in 'fd_set *' 'int *' 'void *'; do - for sel_arg5 in 'struct timeval *' 'const struct timeval *'; do - if test "$curl_cv_func_select_args" = "unknown"; then - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#define SELECTCALLCONV PASCAL -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#include -#ifndef HAVE_WINDOWS_H -#ifdef HAVE_SYS_SELECT_H -#include -#elif defined(HAVE_UNISTD_H) -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0) -#endif -#define SELECTCALLCONV -#endif -#ifndef HAVE_STRUCT_TIMEVAL - struct timeval { - long tv_sec; - long tv_usec; - }; -#endif -#ifndef HAVE_PROTO_BSDSOCKET_H - extern $sel_retv SELECTCALLCONV - select($sel_arg1, - $sel_arg234, - $sel_arg234, - $sel_arg234, - $sel_arg5); -#endif - ]],[[ - $sel_arg1 nfds=0; - $sel_arg234 rfds=0; - $sel_arg234 wfds=0; - $sel_arg234 efds=0; - $sel_retv res = select(nfds, rfds, wfds, efds, 0); - ]]) - ],[ - curl_cv_func_select_args="$sel_arg1,$sel_arg234,$sel_arg5,$sel_retv" - ]) - fi - done - done - done - done - ]) # AC-CACHE-CHECK - if test "$curl_cv_func_select_args" = "unknown"; then - AC_MSG_WARN([Cannot find proper types to use for select args]) - AC_MSG_WARN([HAVE_SELECT will not be defined]) - else - select_prev_IFS=$IFS; IFS=',' - set dummy `echo "$curl_cv_func_select_args" | sed 's/\*/\*/g'` - IFS=$select_prev_IFS - shift - # - sel_qual_type_arg5=$[3] - # - AC_DEFINE_UNQUOTED(SELECT_TYPE_ARG1, $[1], - [Define to the type of arg 1 for select.]) - AC_DEFINE_UNQUOTED(SELECT_TYPE_ARG234, $[2], - [Define to the type of args 2, 3 and 4 for select.]) - AC_DEFINE_UNQUOTED(SELECT_TYPE_RETV, $[4], - [Define to the function return type for select.]) - # - prev_sh_opts=$- - # - case $prev_sh_opts in - *f*) - ;; - *) - set -f - ;; - esac - # - case "$sel_qual_type_arg5" in - const*) - sel_qual_arg5=const - sel_type_arg5=`echo $sel_qual_type_arg5 | sed 's/^const //'` - ;; - *) - sel_qual_arg5= - sel_type_arg5=$sel_qual_type_arg5 - ;; - esac - # - AC_DEFINE_UNQUOTED(SELECT_QUAL_ARG5, $sel_qual_arg5, - [Define to the type qualifier of arg 5 for select.]) - AC_DEFINE_UNQUOTED(SELECT_TYPE_ARG5, $sel_type_arg5, - [Define to the type of arg 5 for select.]) - # - case $prev_sh_opts in - *f*) - ;; - *) - set +f - ;; - esac - # - AC_DEFINE_UNQUOTED(HAVE_SELECT, 1, - [Define to 1 if you have the select function.]) - curl_cv_func_select="yes" - fi + AC_DEFINE_UNQUOTED(HAVE_SELECT, 1, + [Define to 1 if you have the select function.]) + curl_cv_func_select="yes" fi ]) @@ -2058,20 +1043,20 @@ dnl macro. It must also run AFTER all lib-checking macros are complete. AC_DEFUN([CURL_VERIFY_RUNTIMELIBS], [ dnl this test is of course not sensible if we are cross-compiling! - if test "x$cross_compiling" != xyes; then + if test "$cross_compiling" != "yes"; then dnl just run a program to verify that the libs checked for previous to this - dnl point also is available run-time! - AC_MSG_CHECKING([run-time libs availability]) + dnl point also is available runtime! + AC_MSG_CHECKING([runtime libs availability]) CURL_RUN_IFELSE([ -int main() -{ - return 0; -} -], + int main(void) + { + return 0; + } + ], AC_MSG_RESULT([fine]), AC_MSG_RESULT([failed]) - AC_MSG_ERROR([one or more libs available at link-time are not available run-time. Libs used at link-time: $LIBS]) + AC_MSG_ERROR([one or more libs available at link-time are not available runtime. Libs used at link-time: $LIBS]) ) dnl if this test fails, configure has already stopped @@ -2079,70 +1064,6 @@ int main() ]) -dnl CURL_CHECK_VARIADIC_MACROS -dnl ------------------------------------------------- -dnl Check compiler support of variadic macros - -AC_DEFUN([CURL_CHECK_VARIADIC_MACROS], [ - AC_CACHE_CHECK([for compiler support of C99 variadic macro style], - [curl_cv_variadic_macros_c99], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#define c99_vmacro3(first, ...) fun3(first, __VA_ARGS__) -#define c99_vmacro2(first, ...) fun2(first, __VA_ARGS__) - int fun3(int arg1, int arg2, int arg3); - int fun2(int arg1, int arg2); - int fun3(int arg1, int arg2, int arg3) - { return arg1 + arg2 + arg3; } - int fun2(int arg1, int arg2) - { return arg1 + arg2; } - ]],[[ - int res3 = c99_vmacro3(1, 2, 3); - int res2 = c99_vmacro2(1, 2); - ]]) - ],[ - curl_cv_variadic_macros_c99="yes" - ],[ - curl_cv_variadic_macros_c99="no" - ]) - ]) - case "$curl_cv_variadic_macros_c99" in - yes) - AC_DEFINE_UNQUOTED(HAVE_VARIADIC_MACROS_C99, 1, - [Define to 1 if compiler supports C99 variadic macro style.]) - ;; - esac - AC_CACHE_CHECK([for compiler support of old gcc variadic macro style], - [curl_cv_variadic_macros_gcc], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#define gcc_vmacro3(first, args...) fun3(first, args) -#define gcc_vmacro2(first, args...) fun2(first, args) - int fun3(int arg1, int arg2, int arg3); - int fun2(int arg1, int arg2); - int fun3(int arg1, int arg2, int arg3) - { return arg1 + arg2 + arg3; } - int fun2(int arg1, int arg2) - { return arg1 + arg2; } - ]],[[ - int res3 = gcc_vmacro3(1, 2, 3); - int res2 = gcc_vmacro2(1, 2); - ]]) - ],[ - curl_cv_variadic_macros_gcc="yes" - ],[ - curl_cv_variadic_macros_gcc="no" - ]) - ]) - case "$curl_cv_variadic_macros_gcc" in - yes) - AC_DEFINE_UNQUOTED(HAVE_VARIADIC_MACROS_GCC, 1, - [Define to 1 if compiler supports old gcc variadic macro style.]) - ;; - esac -]) - - dnl CURL_CHECK_CA_BUNDLE dnl ------------------------------------------------- dnl Check if a default ca-bundle should be used @@ -2151,9 +1072,9 @@ dnl regarding the paths this will scan: dnl /etc/ssl/certs/ca-certificates.crt Debian systems dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat -dnl /usr/local/share/certs/ca-root-nss.crt FreeBSD -dnl /etc/ssl/cert.pem OpenBSD, FreeBSD (symlink) -dnl /etc/ssl/certs/ (ca path) SUSE +dnl /usr/local/share/certs/ca-root-nss.crt MidnightBSD +dnl /etc/ssl/cert.pem OpenBSD, MidnightBSD (symlink) +dnl /etc/ssl/certs (CA path) SUSE, FreeBSD AC_DEFUN([CURL_CHECK_CA_BUNDLE], [ @@ -2161,8 +1082,8 @@ AC_DEFUN([CURL_CHECK_CA_BUNDLE], [ AC_ARG_WITH(ca-bundle, AS_HELP_STRING([--with-ca-bundle=FILE], -[Path to a file containing CA certificates (example: /etc/ca-bundle.crt)]) -AS_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]), + [Absolute path to a file containing CA certificates (example: /etc/ca-bundle.crt)]) +AS_HELP_STRING([--without-ca-bundle], [Do not use a default CA bundle]), [ want_ca="$withval" if test "x$want_ca" = "xyes"; then @@ -2172,11 +1093,11 @@ AS_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]), [ want_ca="unset" ]) AC_ARG_WITH(ca-path, AS_HELP_STRING([--with-ca-path=DIRECTORY], -[Path to a directory containing CA certificates stored individually, with \ + [Absolute path to a directory containing CA certificates stored individually, with \ their filenames in a hash format. This option can be used with the OpenSSL, \ -GnuTLS and mbedTLS backends. Refer to OpenSSL c_rehash for details. \ +GnuTLS, mbedTLS and wolfSSL backends. Refer to OpenSSL c_rehash for details. \ (example: /etc/certificates)]) -AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), +AS_HELP_STRING([--without-ca-path], [Do not use a default CA path]), [ want_capath="$withval" if test "x$want_capath" = "xyes"; then @@ -2189,35 +1110,45 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), capath_warning=" (warning: certs not found)" check_capath="" - if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \ - "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then + if test "$APPLE_SECTRUST_ENABLED" = "1"; then + ca_native="Apple SecTrust" + elif test "$ca_native_opt" = "1"; then + ca_native="yes" + else + ca_native="no" + fi + + if test "x$want_ca" != "xno" && test "x$want_ca" != "xunset" && + test "x$want_capath" != "xno" && test "x$want_capath" != "xunset"; then dnl both given ca="$want_ca" capath="$want_capath" - elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then + elif test "x$want_ca" != "xno" && test "x$want_ca" != "xunset"; then dnl --with-ca-bundle given ca="$want_ca" capath="no" - elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then + elif test "x$want_capath" != "xno" && test "x$want_capath" != "xunset"; then dnl --with-ca-path given - if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$MBEDTLS_ENABLED" != "x1"; then - AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or mbedTLS]) - fi capath="$want_capath" ca="no" + elif test "$ca_native" != "no"; then + # native ca configured, do not look further + ca="no" + capath="no" else - dnl first try autodetecting a CA bundle , then a CA path - dnl both autodetections can be skipped by --without-ca-* + dnl First try auto-detecting a CA bundle, then a CA path. + dnl Both auto-detections can be skipped by --without-ca-* ca="no" capath="no" - if test "x$cross_compiling" != "xyes"; then + if test "$cross_compiling" != "yes" && + test "$curl_cv_native_windows" != "yes"; then dnl NOT cross-compiling and... dnl neither of the --with-ca-* options are provided if test "x$want_ca" = "xunset"; then - dnl the path we previously would have installed the curl ca bundle + dnl the path we previously would have installed the curl CA bundle dnl to, and thus we now check for an already existing cert in that dnl place in case we find no other - if test "x$prefix" != xNONE; then + if test "x$prefix" != "xNONE"; then cac="${prefix}/share/curl/curl-ca-bundle.crt" else cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt" @@ -2235,9 +1166,9 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), fi done fi - if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \ - "x$OPENSSL_ENABLED" = "x1"; then - check_capath="/etc/ssl/certs/" + AC_MSG_NOTICE([want $want_capath ca $ca]) + if test "x$want_capath" = "xunset"; then + check_capath="/etc/ssl/certs" fi else dnl no option given and cross-compiling @@ -2253,7 +1184,7 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), check_capath="$capath" fi - if test ! -z "$check_capath"; then + if test -n "$check_capath"; then for a in "$check_capath"; do if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then if test "x$capath" = "xno"; then @@ -2270,7 +1201,7 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), fi if test "x$ca" != "xno"; then - CURL_CA_BUNDLE='"'$ca'"' + CURL_CA_BUNDLE="$ca" AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle]) AC_SUBST(CURL_CA_BUNDLE) AC_MSG_RESULT([$ca]) @@ -2284,101 +1215,78 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), AC_MSG_RESULT([no]) fi - AC_MSG_CHECKING([whether to use builtin CA store of SSL library]) + AC_MSG_CHECKING([whether to use OpenSSL's built-in CA store]) AC_ARG_WITH(ca-fallback, -AS_HELP_STRING([--with-ca-fallback], [Use the built in CA store of the SSL library]) -AS_HELP_STRING([--without-ca-fallback], [Don't use the built in CA store of the SSL library]), +AS_HELP_STRING([--with-ca-fallback], [Use OpenSSL's built-in CA store]) +AS_HELP_STRING([--without-ca-fallback], [Do not use OpenSSL's built-in CA store]), [ - if test "x$with_ca_fallback" != "xyes" -a "x$with_ca_fallback" != "xno"; then + if test "x$with_ca_fallback" != "xyes" && test "x$with_ca_fallback" != "xno"; then AC_MSG_ERROR([--with-ca-fallback only allows yes or no as parameter]) fi ], [ with_ca_fallback="no"]) AC_MSG_RESULT([$with_ca_fallback]) if test "x$with_ca_fallback" = "xyes"; then - if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1"; then - AC_MSG_ERROR([--with-ca-fallback only works with OpenSSL or GnuTLS]) + if test "$OPENSSL_ENABLED" != "1"; then + AC_MSG_ERROR([--with-ca-fallback only works with OpenSSL]) fi - AC_DEFINE_UNQUOTED(CURL_CA_FALLBACK, 1, [define "1" to use built in CA store of SSL library ]) + AC_DEFINE_UNQUOTED(CURL_CA_FALLBACK, 1, [define "1" to use OpenSSL's built-in CA store]) fi ]) -dnl CURL_CHECK_WIN32_LARGEFILE + +dnl CURL_CHECK_CA_EMBED dnl ------------------------------------------------- -dnl Check if curl's WIN32 large file will be used - -AC_DEFUN([CURL_CHECK_WIN32_LARGEFILE], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_MSG_CHECKING([whether build target supports WIN32 file API]) - curl_win32_file_api="no" - if test "$curl_cv_header_windows_h" = "yes"; then - if test x"$enable_largefile" != "xno"; then - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - ]],[[ -#if !defined(_WIN32_WCE) && \ - (defined(__MINGW32__) || \ - (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64)))) - int dummy=1; -#else - WIN32 large file API not supported. -#endif - ]]) - ],[ - curl_win32_file_api="win32_large_files" - ]) +dnl Check if a ca-bundle should be embedded + +AC_DEFUN([CURL_CHECK_CA_EMBED], [ + + AC_MSG_CHECKING([CA cert bundle path to embed in the curl tool]) + + AC_ARG_WITH(ca-embed, +AS_HELP_STRING([--with-ca-embed=FILE], + [Absolute path to a file containing CA certificates to embed in the curl tool (example: /etc/ca-bundle.crt)]) +AS_HELP_STRING([--without-ca-embed], [Do not embed a default CA bundle in the curl tool]), + [ + want_ca_embed="$withval" + if test "x$want_ca_embed" = "xyes"; then + AC_MSG_ERROR([--with-ca-embed=FILE requires a path to the CA bundle]) fi - if test "$curl_win32_file_api" = "no"; then - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - ]],[[ -#if defined(_WIN32_WCE) || defined(__MINGW32__) || defined(_MSC_VER) - int dummy=1; -#else - WIN32 small file API not supported. -#endif - ]]) - ],[ - curl_win32_file_api="win32_small_files" - ]) + ], + [ want_ca_embed="unset" ]) + + CURL_CA_EMBED='' + if test "x$want_ca_embed" != "xno" && test "x$want_ca_embed" != "xunset" && test -f "$want_ca_embed"; then + if test -n "$PERL"; then + CURL_CA_EMBED="$want_ca_embed" + AC_SUBST(CURL_CA_EMBED) + AC_MSG_RESULT([$want_ca_embed]) + else + AC_MSG_RESULT([no]) + AC_MSG_WARN([perl was not found. Will not do CA embed.]) fi + else + AC_MSG_RESULT([no]) fi - case "$curl_win32_file_api" in - win32_large_files) - AC_MSG_RESULT([yes (large file enabled)]) - AC_DEFINE_UNQUOTED(USE_WIN32_LARGE_FILES, 1, - [Define to 1 if you are building a Windows target with large file support.]) - AC_SUBST(USE_WIN32_LARGE_FILES, [1]) - ;; - win32_small_files) - AC_MSG_RESULT([yes (large file disabled)]) - AC_DEFINE_UNQUOTED(USE_WIN32_SMALL_FILES, 1, - [Define to 1 if you are building a Windows target without large file support.]) - AC_SUBST(USE_WIN32_SMALL_FILES, [1]) - ;; - *) - AC_MSG_RESULT([no]) - ;; - esac ]) dnl CURL_CHECK_WIN32_CRYPTO dnl ------------------------------------------------- -dnl Check if curl's WIN32 crypto lib can be used +dnl Check if curl's Win32 crypto lib can be used AC_DEFUN([CURL_CHECK_WIN32_CRYPTO], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINCRYPT])dnl - AC_MSG_CHECKING([whether build target supports WIN32 crypto API]) + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl + AC_MSG_CHECKING([whether build target supports Win32 crypto API]) curl_win32_crypto_api="no" - if test "$curl_cv_header_wincrypt_h" = "yes"; then + if test "$curl_cv_native_windows" = "yes" && test "$curl_cv_winuwp" != "yes"; then AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include + #undef inline + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #include ]],[[ HCRYPTPROV hCryptProv; if(CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, @@ -2395,7 +1303,7 @@ AC_DEFUN([CURL_CHECK_WIN32_CRYPTO], [ AC_MSG_RESULT([yes]) AC_DEFINE_UNQUOTED(USE_WIN32_CRYPTO, 1, [Define to 1 if you are building a Windows target with crypto API support.]) - AC_SUBST(USE_WIN32_CRYPTO, [1]) + USE_WIN32_CRYPTO=1 ;; *) AC_MSG_RESULT([no]) @@ -2403,22 +1311,62 @@ AC_DEFUN([CURL_CHECK_WIN32_CRYPTO], [ esac ]) -dnl CURL_EXPORT_PCDIR ($pcdir) +dnl CURL_EXPORT_PCDIR ($pcdir, [$additive]) dnl ------------------------ -dnl if $pcdir is not empty, set PKG_CONFIG_LIBDIR to $pcdir and export +dnl if $pcdir is not empty, set PKG_CONFIG_LIBDIR to $pcdir and export. +dnl if $additive is set, extend PKG_CONFIG_PATH instead, by prepending $pcdir +dnl to it, to ensure that system locations are still checked. This is +dnl necessary for modules that depend on modules residing there +dnl (e.g. gnutls.pc). dnl -dnl we need this macro since pkg-config distinguishes among empty and unset -dnl variable while checking PKG_CONFIG_LIBDIR +dnl we need this macro to limit/expand search locations to/with a custom +dnl configured one. dnl AC_DEFUN([CURL_EXPORT_PCDIR], [ - if test -n "$1"; then + if test -n "$1"; then + if test -n "$2"; then + dnl honor system locations + PKG_CONFIG_PATH="$1${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}" + export PKG_CONFIG_PATH + else + dnl ignore and override system locations PKG_CONFIG_LIBDIR="$1" export PKG_CONFIG_LIBDIR fi + fi +]) + +dnl CURL_TRACE_PCDIR ($module, [$pcdir], [$additive]) +dnl ------------------------ +dnl show pkg-config module lookup details, along with a detailed errors +dnl message in case of failure. Supports both pkg-config and pkgconf. +dnl + +AC_DEFUN([CURL_TRACE_PCDIR], [ + dnl Example pkgconf line: + dnl libpkgconf/pkg.c:746 [pkgconf_pkg_t *pkgconf_pkg_try_specific_path(pkgconf_client_t *, [...]*)]: trying path: /usr/local/lib/pkgconfig for libngtcp2_crypto_gnutls + dnl Rest of strings are for catching classic pkg-config lines. + trc=`CURL_EXPORT_PCDIR([$2], [$3]) + if test -n "$PKG_CONFIG_LIBDIR"; then + echo "PKG_CONFIG_LIBDIR: '$PKG_CONFIG_LIBDIR'" + fi + if test -n "$PKG_CONFIG_PATH"; then + echo "PKG_CONFIG_PATH: '$PKG_CONFIG_PATH'" + fi + $PKGCONFIG --exists --debug $1 2>&1 | $EGREP '(trying path:|Adding directory|Looking for|Scanning directory|Cannot open directory)' | $SED 's/^.*trying path:/trying path:/'` + msg=`CURL_EXPORT_PCDIR([$2], [$3]) + $PKGCONFIG --exists --print-errors $1 2>&1` + if test -n "$msg"; then + trc=`echo "$trc"; echo '==== error:'; echo "$msg"` + fi + AC_MSG_NOTICE([pkg-config --exists $1 trace: +---- begin +${trc} +---- end]) ]) -dnl CURL_CHECK_PKGCONFIG ($module, [$pcdir]) +dnl CURL_CHECK_PKGCONFIG ($module, [$pcdir], [$additive]) dnl ------------------------ dnl search for the pkg-config tool. Set the PKGCONFIG variable to hold the dnl path to it, or 'no' if not found/present. @@ -2430,71 +1378,124 @@ dnl Optionally PKG_CONFIG_LIBDIR may be given as $pcdir. dnl AC_DEFUN([CURL_CHECK_PKGCONFIG], [ - if test -n "$PKG_CONFIG"; then - PKGCONFIG="$PKG_CONFIG" - else - AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no], - [$PATH:/usr/bin:/usr/local/bin]) - fi + if test -n "$PKG_CONFIG"; then + PKGCONFIG="$PKG_CONFIG" + else + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no], + [$PATH:/usr/bin:/usr/local/bin]) + fi - if test "x$PKGCONFIG" != "xno"; then - AC_MSG_CHECKING([for $1 options with pkg-config]) - dnl ask pkg-config about $1 - itexists=`CURL_EXPORT_PCDIR([$2]) dnl - $PKGCONFIG --exists $1 >/dev/null 2>&1 && echo 1` + if test "$PKGCONFIG" != "no"; then + AC_MSG_CHECKING([for $1 options with pkg-config]) + dnl ask pkg-config about $1 + itexists=`CURL_EXPORT_PCDIR([$2], [$3]) dnl + $PKGCONFIG --exists $1 >/dev/null 2>&1 && echo 1` - if test -z "$itexists"; then - dnl pkg-config does not have info about the given module! set the - dnl variable to 'no' - PKGCONFIG="no" - AC_MSG_RESULT([no]) - else - AC_MSG_RESULT([found]) + if test -z "$itexists"; then + dnl pkg-config does not have info about the given module! set the + dnl variable to 'no' + AC_MSG_RESULT([no]) + if test -n "$CURL_TRACE_PKG_CONFIG$CURL_CI"; then + CURL_TRACE_PCDIR([$1], [$2], [$3]) + fi + PKGCONFIG="no" + else + AC_MSG_RESULT([found]) + if test -n "$CURL_TRACE_PKG_CONFIG"; then + CURL_TRACE_PCDIR([$1], [$2], [$3]) fi fi + fi ]) -dnl CURL_GENERATE_CONFIGUREHELP_PM +dnl CURL_PREPARE_CONFIGUREHELP_PM dnl ------------------------------------------------- -dnl Generate test harness configurehelp.pm module, defining and +dnl Prepare test harness configurehelp.pm module, defining and dnl initializing some perl variables with values which are known dnl when the configure script runs. For portability reasons, test dnl harness needs information on how to run the C preprocessor. -AC_DEFUN([CURL_GENERATE_CONFIGUREHELP_PM], [ +AC_DEFUN([CURL_PREPARE_CONFIGUREHELP_PM], [ AC_REQUIRE([AC_PROG_CPP])dnl tmp_cpp=`eval echo "$ac_cpp" 2>/dev/null` if test -z "$tmp_cpp"; then tmp_cpp='cpp' fi - cat >./tests/configurehelp.pm <<_EOF -[@%:@] This is a generated file. Do not edit. - -package configurehelp; - -use strict; -use warnings; -use Exporter; - -use vars qw( - @ISA - @EXPORT_OK - \$Cpreprocessor - ); - -@ISA = qw(Exporter); + AC_SUBST(CURL_CPP, $tmp_cpp) +]) -@EXPORT_OK = qw( - \$Cpreprocessor - ); -\$Cpreprocessor = '$tmp_cpp'; +dnl CURL_PREPARE_BUILDINFO +dnl ------------------------------------------------- +dnl Save build info for test runner to pick up and log -1; -_EOF +AC_DEFUN([CURL_PREPARE_BUILDINFO], [ + curl_pflags="" + if test "$curl_cv_apple" = "yes"; then + curl_pflags="${curl_pflags} APPLE" + fi + case $host in + *-*-*bsd*|*-*-aix*|*-*-hpux*|*-*-interix*|*-*-irix*|*-*-linux*|*-*-solaris*|*-*-sunos*|*-apple-*|*-*-cygwin*|*-*-msys*) + curl_pflags="${curl_pflags} UNIX";; + esac + case $host in + *-*-*bsd*) + curl_pflags="${curl_pflags} BSD";; + esac + case $host in + *-*-android*) + curl_pflags="${curl_pflags} ANDROID" + ANDROID_PLATFORM_LEVEL=`echo "$host_os" | $SED -ne 's/.*android\(@<:@0-9@:>@*\).*/\1/p'` + if test -n "${ANDROID_PLATFORM_LEVEL}"; then + curl_pflags="${curl_pflags}-${ANDROID_PLATFORM_LEVEL}" + fi + ;; + esac + if test "$curl_cv_native_windows" = "yes"; then + curl_pflags="${curl_pflags} WIN32" + fi + if test "$curl_cv_winuwp" = "yes"; then + curl_pflags="${curl_pflags} UWP" + fi + case $host_os in + cygwin*|msys*) curl_pflags="${curl_pflags} CYGWIN";; + esac + case $host_os in + msdos*) curl_pflags="${curl_pflags} DOS";; + amiga*) curl_pflags="${curl_pflags} AMIGA";; + esac + if test "$compiler_id" = "GNU_C"; then + curl_pflags="${curl_pflags} GCC" + fi + if test "$compiler_id" = "APPLECLANG"; then + curl_pflags="${curl_pflags} APPLE-CLANG" + elif test "$compiler_id" = "CLANG"; then + curl_pflags="${curl_pflags} LLVM-CLANG" + fi + case $host_os in + mingw*) curl_pflags="${curl_pflags} MINGW";; + esac + if test "$cross_compiling" = "yes"; then + curl_pflags="${curl_pflags} CROSS" + fi + squeeze curl_pflags + curl_buildinfo=" +buildinfo.configure.tool: configure +buildinfo.configure.args: $ac_configure_args +buildinfo.host: $build +buildinfo.host.cpu: $build_cpu +buildinfo.host.os: $build_os +buildinfo.target: $host +buildinfo.target.cpu: $host_cpu +buildinfo.target.os: $host_os +buildinfo.target.flags: $curl_pflags +buildinfo.compiler: $compiler_id +buildinfo.compiler.version: $compiler_ver +buildinfo.sysroot: $lt_sysroot" ]) + dnl CURL_CPP_P dnl dnl Check if $cpp -P should be used for extract define values due to gcc 5 @@ -2517,7 +1518,7 @@ TEST EINVAL TEST AC_MSG_RESULT([$cpp]) dnl we need cpp -P so check if it works then - if test "x$cpp" = "xyes"; then + if test "$cpp" = "yes"; then AC_MSG_CHECKING([if cpp -P works]) OLDCPPFLAGS=$CPPFLAGS CPPFLAGS="$CPPFLAGS -P" @@ -2527,7 +1528,7 @@ TEST EINVAL TEST ], [cpp_p=yes], [cpp_p=no]) AC_MSG_RESULT([$cpp_p]) - if test "x$cpp_p" = "xno"; then + if test "$cpp_p" = "no"; then AC_MSG_WARN([failed to figure out cpp -P alternative]) # without -P CPPPFLAG="" @@ -2547,38 +1548,24 @@ TEST EINVAL TEST dnl CURL_DARWIN_CFLAGS dnl dnl Set -Werror=partial-availability to detect possible breaking code -dnl with very low deployment targets. +dnl with low deployment targets. dnl AC_DEFUN([CURL_DARWIN_CFLAGS], [ - - tst_cflags="no" - case $host_os in - darwin*) - tst_cflags="yes" - ;; - esac - - AC_MSG_CHECKING([for good-to-use Darwin CFLAGS]) - AC_MSG_RESULT([$tst_cflags]); - - if test "$tst_cflags" = "yes"; then - old_CFLAGS=$CFLAGS - CFLAGS="$CFLAGS -Werror=partial-availability" - AC_MSG_CHECKING([whether $CC accepts -Werror=partial-availability]) - AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], - [AC_MSG_RESULT([yes])], - [AC_MSG_RESULT([no]) - CFLAGS=$old_CFLAGS]) - fi - + old_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -Werror=partial-availability" + AC_MSG_CHECKING([whether $CC accepts -Werror=partial-availability]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + CFLAGS=$old_CFLAGS]) ]) dnl CURL_SUPPORTS_BUILTIN_AVAILABLE dnl dnl Check to see if the compiler supports __builtin_available. This built-in -dnl compiler function first appeared in Apple LLVM 9.0.0. It's so new that, at +dnl compiler function first appeared in Apple LLVM 9.0.0. It is so new that, at dnl the time this macro was written, the function was not yet documented. Its dnl purpose is to return true if the code is running under a certain OS version dnl or later. @@ -2587,14 +1574,13 @@ AC_DEFUN([CURL_SUPPORTS_BUILTIN_AVAILABLE], [ AC_MSG_CHECKING([to see if the compiler supports __builtin_available()]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#include ]],[[ - if (__builtin_available(macOS 10.8, iOS 5.0, *)) {} + if(__builtin_available(macOS 10.12, iOS 5.0, *)) {} ]]) ],[ AC_MSG_RESULT([yes]) AC_DEFINE_UNQUOTED(HAVE_BUILTIN_AVAILABLE, 1, - [Define to 1 if you have the __builtin_available function.]) + [Define to 1 if you have the __builtin_available function.]) ],[ AC_MSG_RESULT([no]) ]) diff --git a/appveyor.sh b/appveyor.sh new file mode 100644 index 000000000000..a69fae7742fd --- /dev/null +++ b/appveyor.sh @@ -0,0 +1,131 @@ +#!/usr/bin/env bash +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +# shellcheck disable=SC3040,SC2039 +set -eux; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o pipefail + +# build + +if [ -n "${CMAKE_GENERATOR:-}" ]; then + + PRJ_CFG='Debug' + [[ "${APPVEYOR_JOB_NAME}" = *'Release'* ]] && PRJ_CFG='Release' + + # Configure OpenSSL + case "${CMAKE_GENERATE:-}" in + *Win32*) openssl_suffix='-Win32';; + *) openssl_suffix='-Win64';; + esac + + if [ "${APPVEYOR_BUILD_WORKER_IMAGE}" = 'Visual Studio 2022' ]; then + openssl_root_win="C:/OpenSSL-v35${openssl_suffix}" + openssl_root="$(cygpath "${openssl_root_win}")" + elif [ "${APPVEYOR_BUILD_WORKER_IMAGE}" = 'Visual Studio 2019' ]; then + openssl_root_win="C:/OpenSSL-v30${openssl_suffix}" + openssl_root="$(cygpath "${openssl_root_win}")" + fi + + # Install custom cmake version + if [ -n "${CMAKE_VERSION:-}" ]; then + cmake_ver="$(printf '%02d%02d' \ + "$(echo "${CMAKE_VERSION}" | cut -f1 -d.)" \ + "$(echo "${CMAKE_VERSION}" | cut -f2 -d.)")" + if [ "${cmake_ver}" -ge '0320' ]; then + fn="cmake-${CMAKE_VERSION}-windows-x86_64" + else + fn="cmake-${CMAKE_VERSION}-win64-x64" + fi + curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 60 --retry 3 --retry-connrefused \ + --location "https://github.com/Kitware/CMake/releases/download/v${CMAKE_VERSION}/${fn}.zip" --output pkg.bin + sha256sum pkg.bin && sha256sum pkg.bin | grep -qwF -- "${CMAKE_SHA256}" && 7z x -y pkg.bin >/dev/null && rm -f pkg.bin + PATH="$PWD/${fn}/bin:$PATH" + fi + + # Set env CHKPREFILL to the value '_chkprefill' to compare feature detection + # results with and without the pre-fill feature. They have to match. + for _chkprefill in '' ${CHKPREFILL:-}; do + options='' + [ "${_chkprefill}" = '_chkprefill' ] && options+=' -D_CURL_PREFILL=OFF' + [[ "${CMAKE_GENERATE:-}" = *'-A ARM64'* ]] && SKIP_RUN='ARM64 architecture' + [[ "${CMAKE_GENERATE:-}" = *'-DCURL_USE_OPENSSL=ON'* ]] && options+=" -DOPENSSL_ROOT_DIR=${openssl_root_win}" + # shellcheck disable=SC2086 + time cmake -B "_bld${_chkprefill}" \ + -DENABLE_DEBUG=ON \ + -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON \ + -DCMAKE_VS_GLOBALS=TrackFileAccess=false \ + -DCURL_STATIC_CRT=ON \ + -DCURL_DROP_UNUSED=ON \ + -DCURL_USE_SCHANNEL=ON -DCURL_USE_LIBPSL=OFF \ + ${CMAKE_GENERATE:-} \ + ${options} \ + || { cat _bld/CMakeFiles/CMake* 2>/dev/null; false; } + done + if [ -d _bld_chkprefill ] && ! diff -u _bld/lib/curl_config.h _bld_chkprefill/lib/curl_config.h; then + cat _bld_chkprefill/CMakeFiles/CMake* 2>/dev/null || true + false + fi + echo 'curl_config.h'; grep -F '#define' _bld/lib/curl_config.h | sort || true + time cmake --build _bld --config "${PRJ_CFG}" --parallel 2 + [[ "${CMAKE_GENERATE:-}" != *'-DBUILD_SHARED_LIBS=OFF'* ]] && PATH="$PWD/_bld/lib/${PRJ_CFG}:$PATH" + [[ "${CMAKE_GENERATE:-}" = *'-DCURL_USE_OPENSSL=ON'* ]] && { PATH="${openssl_root}:$PATH"; cp "${openssl_root}"/*.dll "_bld/src/${PRJ_CFG}"; } + curl="_bld/src/${PRJ_CFG}/curl.exe" +else + ( + cd projects/Windows + ./generate.bat "${VC_VERSION}" + msbuild.exe -maxcpucount "-property:Configuration=${PRJ_CFG}" "-property:Platform=${PLAT}" "${VC_VERSION}/curl-all.sln" + ) + [ "${PLAT}" = 'x64' ] && platdir='Win64' || platdir='Win32' + [[ "${PRJ_CFG}" = *'Debug'* ]] && binsuffix='d' || binsuffix='' + curl="build/${platdir}/${VC_VERSION}/${PRJ_CFG}/curl${binsuffix}.exe" +fi + +find . \( -name '*.exe' -o -name '*.dll' -o -name '*.lib' -o -name '*.pdb' \) -print0 | grep -z curl | xargs -0 file -- +find . \( -name '*.exe' -o -name '*.dll' -o -name '*.lib' -o -name '*.pdb' \) -print0 | grep -z curl | xargs -0 stat -c '%10s bytes: %n' -- + +if [ -z "${SKIP_RUN:-}" ]; then + "${curl}" --disable --version +else + echo "Skip running curl.exe. Reason: ${SKIP_RUN}" +fi + +# build tests + +if [ -n "${CMAKE_GENERATOR:-}" ] && [[ "${APPVEYOR_JOB_NAME}" = *'Build-tests'* ]]; then + time cmake --build _bld --config "${PRJ_CFG}" --parallel 2 --target testdeps +fi + +# build examples + +if [ -n "${CMAKE_GENERATOR:-}" ] && [[ "${APPVEYOR_JOB_NAME}" = *'examples'* ]]; then + time cmake --build _bld --config "${PRJ_CFG}" --parallel 2 --target curl-examples-build +fi + +# disk space used + +du -sh .; echo; du -sh -t 250KB ./* +if [ -n "${CMAKE_GENERATOR:-}" ]; then + echo; du -h -t 250KB _bld +fi diff --git a/appveyor.yml b/appveyor.yml index 6cbd5f844a31..c33717c4e975 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,301 +18,133 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### +# https://ci.appveyor.com/project/curlorg/curl/history +# AppVeyor configuration: +# https://www.appveyor.com/docs/appveyor-yml/ +# AppVeyor worker images: +# https://www.appveyor.com/docs/windows-images-software/ + version: 7.50.0.{build} environment: - matrix: - # generated CMake-based Visual Studio Release builds - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 9 2008" - PRJ_CFG: Release - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: OFF - SHARED: ON - DISABLED_TESTS: "" - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A x64" - PRJ_CFG: Release - OPENSSL: ON - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: OFF - SHARED: ON - DISABLED_TESTS: "" - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A ARM64" - PRJ_CFG: Release - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: OFF - SHARED: OFF - DISABLED_TESTS: "" - COMPILER_PATH: "" - # generated CMake-based Visual Studio Debug builds - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 10 2010 Win64" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A x64" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: ON - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "~571 !1139 !1501 " - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A x64" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "~571 !1139 !1501" - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A x64" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: ON - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "" - # generated CMake-based MSYS Makefiles builds (mingw cross-compiling) - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "MSYS Makefiles" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: ON - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "C:\\mingw-w64\\x86_64-8.1.0-posix-seh-rt_v6-rev0\\mingw64\\bin" - MSYS2_ARG_CONV_EXCL: "/*" - BUILD_OPT: -k - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: CMake - PRJ_GEN: "MSYS Makefiles" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: ON - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "C:\\mingw-w64\\x86_64-7.2.0-posix-seh-rt_v5-rev1\\mingw64\\bin" - MSYS2_ARG_CONV_EXCL: "/*" - BUILD_OPT: -k - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "MSYS Makefiles" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "C:\\mingw-w64\\i686-6.3.0-posix-dwarf-rt_v5-rev1\\mingw32\\bin" - MSYS2_ARG_CONV_EXCL: "/*" - BUILD_OPT: -k - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "MSYS Makefiles" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "C:\\MinGW\\bin" - MSYS2_ARG_CONV_EXCL: "/*" - BUILD_OPT: -k - # winbuild-based builds - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: winbuild_vs2015 - DEBUG: yes - PATHPART: debug - TESTING: OFF - ENABLE_UNICODE: no - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: winbuild_vs2015 - DEBUG: no - PATHPART: release - TESTING: OFF - ENABLE_UNICODE: no - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: winbuild_vs2017 - DEBUG: yes - PATHPART: debug - TESTING: OFF - ENABLE_UNICODE: no - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: winbuild_vs2017 - DEBUG: no - PATHPART: release - TESTING: OFF - ENABLE_UNICODE: no - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: winbuild_vs2015 - DEBUG: yes - PATHPART: debug - TESTING: OFF - ENABLE_UNICODE: yes - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: winbuild_vs2015 - DEBUG: no - PATHPART: release - TESTING: OFF - ENABLE_UNICODE: yes - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: winbuild_vs2017 - DEBUG: yes - PATHPART: debug - TESTING: OFF - ENABLE_UNICODE: yes - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: winbuild_vs2017 - DEBUG: no - PATHPART: release - TESTING: OFF - ENABLE_UNICODE: yes - # generated VisualStudioSolution-based builds - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: VisualStudioSolution - PRJ_CFG: "DLL Debug - DLL Windows SSPI - DLL WinIDN" - TESTING: OFF - VC_VERSION: VC15 - # autotools-based builds (NOT mingw cross-compiling, but msys2 native) - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: autotools - TESTING: ON - DISABLED_TESTS: "!19 ~1056 !1233" - CONFIG_ARGS: "--enable-debug --enable-werror --disable-threaded-resolver --disable-proxy --with-schannel" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: autotools - TESTING: ON - DISABLED_TESTS: "!19 !504 !704 !705 ~1056 !1233" - CONFIG_ARGS: "--enable-debug --enable-werror --disable-threaded-resolver --with-schannel" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: autotools - TESTING: ON - DISABLED_TESTS: "!19 !504 !704 !705 ~1056 !1233" - CONFIG_ARGS: "--enable-warnings --enable-werror --with-schannel" + matrix: + # CMake Visual Studio builds + + - job_name: 'CM VS2022, Release, x64, OpenSSL 3.5, Shared, Build-tests' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + CMAKE_GENERATOR: 'Visual Studio 17 2022' + CMAKE_GENERATE: '-A x64 -DCURL_USE_SCHANNEL=OFF -DCURL_USE_OPENSSL=ON' + + - job_name: 'CM VS2022, Release, arm64, Schannel, Static, !DEBUGBUILD, Build-tests' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + CMAKE_GENERATOR: 'Visual Studio 17 2022' + CMAKE_GENERATE: '-A ARM64 -DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=OFF' + + - job_name: 'CM VS2010, Debug, x64, Schannel, Shared, Build-tests & examples' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + CMAKE_VERSION: 3.18.4 + CMAKE_SHA256: a932bc0c8ee79f1003204466c525b38a840424d4ae29f9e5fb88959116f2407d + CMAKE_GENERATOR: 'Visual Studio 10 2010' + CMAKE_GENERATE: '-A x64' + + - job_name: 'CM VS2012, Release, x86, Schannel, Shared, Build-tests' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + CMAKE_VERSION: 3.21.7 + CMAKE_SHA256: 4c4840e2dc2bf82e8a16081ff506bba54f3a228b91ce36317129fed4035ef2e3 + CMAKE_GENERATOR: 'Visual Studio 11 2012' + CMAKE_GENERATE: '-A Win32' + + - job_name: 'CM VS2013, Debug, x64, Schannel, Shared' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + CMAKE_VERSION: 3.18.4 + CMAKE_SHA256: a932bc0c8ee79f1003204466c525b38a840424d4ae29f9e5fb88959116f2407d + CMAKE_GENERATOR: 'Visual Studio 12 2013' + CMAKE_GENERATE: '-A x64' + + - job_name: 'CM VS2015, Debug, x64, Schannel, Static' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + CMAKE_VERSION: 3.19.8 + CMAKE_SHA256: 2a30877a3d6b50da305b289f4d1c03befdfaeb2edba02a563c681e883d810380 + CMAKE_GENERATOR: 'Visual Studio 14 2015' + CMAKE_GENERATE: '-A x64 -DBUILD_SHARED_LIBS=OFF' + + - job_name: 'CM VS2017, Debug, x64, Schannel, Shared' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2017' + CMAKE_VERSION: 3.20.6 + CMAKE_SHA256: f240a38c964712aac474644b3ba21bdc2b4e8d5e31179f67bd2e6f45fa349419 + CMAKE_GENERATOR: 'Visual Studio 15 2017' + CMAKE_GENERATE: '-A x64' + + - job_name: 'CM VS2019, Debug, x64, OpenSSL 3.0 + Schannel, Shared, !verbose, Build-tests' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2019' + CMAKE_GENERATOR: 'Visual Studio 16 2019' + CMAKE_GENERATE: '-A x64 -DCURL_USE_OPENSSL=ON -DCURL_DISABLE_VERBOSE_STRINGS=ON' + + - job_name: 'CM VS2022, Debug, x64, OpenSSL 3.5 + Schannel, Static, Unicode, Build-tests & examples, clang-cl' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + CMAKE_GENERATOR: 'Visual Studio 17 2022' + CMAKE_GENERATE: '-A x64 -T ClangCl -DBUILD_SHARED_LIBS=OFF -DCURL_USE_OPENSSL=ON -DENABLE_UNICODE=ON' + + - job_name: 'CM VS2022, Release, x64, Schannel, Shared, Unicode, !DEBUGBUILD, Build-tests' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + CMAKE_GENERATOR: 'Visual Studio 17 2022' + ENABLE_UNICODE: 'ON' + CMAKE_GENERATE: '-A x64 -DENABLE_UNICODE=ON -DENABLE_DEBUG=OFF' + + - job_name: 'CM VS2022, Debug, x64, !ssl, Static, Build-tests' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + CMAKE_GENERATOR: 'Visual Studio 17 2022' + CMAKE_GENERATE: '-A x64 -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=OFF' + + - job_name: 'CM VS2022, Debug, x64, !ssl, Static, HTTP-only, Build-tests' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + CMAKE_GENERATOR: 'Visual Studio 17 2022' + CMAKE_GENERATE: '-A x64 -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=OFF -DHTTP_ONLY=ON' + + # VisualStudioSolution builds + + - job_name: 'VisualStudioSolution VS2010, Release, x86, Schannel' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2013' + PRJ_CFG: 'DLL Release - DLL Windows SSPI - DLL WinIDN' + PLAT: 'Win32' + VC_VERSION: VC10 + + - job_name: 'VisualStudioSolution VS2013, Debug, x64, Schannel' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + PRJ_CFG: 'DLL Debug - DLL Windows SSPI - DLL WinIDN' + PLAT: 'x64' + VC_VERSION: VC12 install: - - set "PATH=C:\msys64\usr\bin;%PATH%" - - if not "%COMPILER_PATH%"=="" ( - set "PATH=%COMPILER_PATH%;%PATH%" ) + - ps: $env:PATH = "C:/msys64/usr/bin;$env:PATH" build_script: - - if %BUILD_SYSTEM%==CMake ( - cmake . - -G"%PRJ_GEN%" - %TARGET% - -DCMAKE_USE_OPENSSL=%OPENSSL% - -DCMAKE_USE_SCHANNEL=%SCHANNEL% - -DHTTP_ONLY=%HTTP_ONLY% - -DBUILD_SHARED_LIBS=%SHARED% - -DBUILD_TESTING=%TESTING% - -DCURL_WERROR=ON - -DENABLE_DEBUG=ON - -DENABLE_UNICODE=%ENABLE_UNICODE% - -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE="" - -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG="" - -DCMAKE_INSTALL_PREFIX="C:/CURL" - -DCMAKE_BUILD_TYPE=%PRJ_CFG% && - cmake --build . --config %PRJ_CFG% --parallel 2 --clean-first -- %BUILD_OPT% - ) else ( - if %BUILD_SYSTEM%==VisualStudioSolution ( - cd projects && - .\\generate.bat %VC_VERSION% && - msbuild.exe /p:Configuration="%PRJ_CFG%" "Windows\\%VC_VERSION%\\curl-all.sln" - ) else ( - if %BUILD_SYSTEM%==winbuild_vs2015 ( - call buildconf.bat && - cd winbuild && - call "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd" /x64 && - call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86_amd64 && - nmake /f Makefile.vc mode=dll VC=14 "SSL_PATH=C:\OpenSSL-v111-Win64" WITH_SSL=dll MACHINE=x64 DEBUG=%DEBUG% ENABLE_UNICODE=%ENABLE_UNICODE% && - ..\builds\libcurl-vc14-x64-%PATHPART%-dll-ssl-dll-ipv6-sspi\bin\curl.exe -V - ) else ( - if %BUILD_SYSTEM%==winbuild_vs2017 ( - call buildconf.bat && - cd winbuild && - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat" && - nmake /f Makefile.vc mode=dll VC=15 "SSL_PATH=C:\OpenSSL-v111-Win64" WITH_SSL=dll MACHINE=x64 DEBUG=%DEBUG% ENABLE_UNICODE=%ENABLE_UNICODE% && - ..\builds\libcurl-vc15-x64-%PATHPART%-dll-ssl-dll-ipv6-sspi\bin\curl.exe -V - ) else ( - if %BUILD_SYSTEM%==autotools ( - bash.exe -e -l -c "cd /c/projects/curl && ./buildconf && ./configure %CONFIG_ARGS% && make && make examples && cd tests && make" - ))))) - - if %TESTING%==ON ( - if %BUILD_SYSTEM%==CMake ( - cmake --build . --config %PRJ_CFG% --parallel 2 --target testdeps - )) + - cmd: sh -c ./appveyor.sh -test_script: - - if %TESTING%==ON ( - if %BUILD_SYSTEM%==CMake ( - set TFLAGS=%DISABLED_TESTS% && - cmake --build . --config %PRJ_CFG% --target test-nonflaky - ) else ( - echo APPVEYOR_API_URL=%APPVEYOR_API_URL% && - bash.exe -e -l -c "cd /c/projects/curl/tests && ./runtests.pl -a -p !flaky %DISABLED_TESTS%" )) +clone_depth: 10 # select branches to avoid testing feature branches twice (as branch and as pull request) branches: - only: - - master - - /\/ci$/ + only: + - master + - /\/ci$/ + +skip_commits: + files: + - '.circleci/*' + - '.github/**/*' + - 'Dockerfile' + - 'projects/OS400/*' + - 'projects/vms/*' -artifacts: - - path: '**/curl.exe' - name: curl - - path: '**/*curl*.dll' - name: libcurl +#artifacts: +# - path: '**/curl.exe' +# name: curl +# - path: '**/*.dll' +# name: libcurl dll +# - path: '**/*.lib' +# name: libcurl lib diff --git a/buildconf b/buildconf index 4e4c17e99919..ee6a2800beaf 100755 --- a/buildconf +++ b/buildconf @@ -1,4 +1,8 @@ #!/bin/sh +# +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl echo "*** Do not use buildconf. Instead, just use: autoreconf -fi" >&2 exec ${AUTORECONF:-autoreconf} -fi "${@}" diff --git a/buildconf.bat b/buildconf.bat deleted file mode 100644 index 13ae07e1a6d1..000000000000 --- a/buildconf.bat +++ /dev/null @@ -1,317 +0,0 @@ -@echo off -rem *************************************************************************** -rem * _ _ ____ _ -rem * Project ___| | | | _ \| | -rem * / __| | | | |_) | | -rem * | (__| |_| | _ <| |___ -rem * \___|\___/|_| \_\_____| -rem * -rem * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. -rem * -rem * This software is licensed as described in the file COPYING, which -rem * you should have received as part of this distribution. The terms -rem * are also available at https://curl.se/docs/copyright.html. -rem * -rem * You may opt to use, copy, modify, merge, publish, distribute and/or sell -rem * copies of the Software, and permit persons to whom the Software is -rem * furnished to do so, under the terms of the COPYING file. -rem * -rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -rem * KIND, either express or implied. -rem * -rem *************************************************************************** - -rem NOTES -rem -rem This batch file must be used to set up a git tree to build on systems where -rem there is no autotools support (i.e. DOS and Windows). -rem - -:begin - rem Set our variables - if "%OS%" == "Windows_NT" setlocal - set MODE=GENERATE - - rem Switch to this batch file's directory - cd /d "%~0\.." 1>NUL 2>&1 - - rem Check we are running from a curl git repository - if not exist GIT-INFO goto norepo - - rem Detect programs. HAVE_ - rem When not found the variable is set undefined. The undefined pattern - rem allows for statements like "if not defined HAVE_PERL (command)" - groff --version NUL 2>&1 - if errorlevel 1 (set HAVE_GROFF=) else (set HAVE_GROFF=Y) - nroff --version NUL 2>&1 - if errorlevel 1 (set HAVE_NROFF=) else (set HAVE_NROFF=Y) - perl --version NUL 2>&1 - if errorlevel 1 (set HAVE_PERL=) else (set HAVE_PERL=Y) - gzip --version NUL 2>&1 - if errorlevel 1 (set HAVE_GZIP=) else (set HAVE_GZIP=Y) - -:parseArgs - if "%~1" == "" goto start - - if /i "%~1" == "-clean" ( - set MODE=CLEAN - ) else if /i "%~1" == "-?" ( - goto syntax - ) else if /i "%~1" == "-h" ( - goto syntax - ) else if /i "%~1" == "-help" ( - goto syntax - ) else ( - goto unknown - ) - - shift & goto parseArgs - -:start - if "%MODE%" == "GENERATE" ( - echo. - echo Generating prerequisite files - - call :generate - if errorlevel 3 goto nogenhugehelp - if errorlevel 2 goto nogenmakefile - if errorlevel 1 goto warning - - ) else ( - echo. - echo Removing prerequisite files - - call :clean - if errorlevel 2 goto nocleanhugehelp - if errorlevel 1 goto nocleanmakefile - ) - - goto success - -rem Main generate function. -rem -rem Returns: -rem -rem 0 - success -rem 1 - success with simplified tool_hugehelp.c -rem 2 - failed to generate Makefile -rem 3 - failed to generate tool_hugehelp.c -rem -:generate - if "%OS%" == "Windows_NT" setlocal - set BASIC_HUGEHELP=0 - - rem Create Makefile - echo * %CD%\Makefile - if exist Makefile.dist ( - copy /Y Makefile.dist Makefile 1>NUL 2>&1 - if errorlevel 1 ( - if "%OS%" == "Windows_NT" endlocal - exit /B 2 - ) - ) - - rem Create tool_hugehelp.c - echo * %CD%\src\tool_hugehelp.c - call :genHugeHelp - if errorlevel 2 ( - if "%OS%" == "Windows_NT" endlocal - exit /B 3 - ) - if errorlevel 1 ( - set BASIC_HUGEHELP=1 - ) - cmd /c exit 0 - - rem Setup c-ares git tree - if exist ares\buildconf.bat ( - echo. - echo Configuring c-ares build environment - cd ares - call buildconf.bat - cd .. - ) - - if "%BASIC_HUGEHELP%" == "1" ( - if "%OS%" == "Windows_NT" endlocal - exit /B 1 - ) - - if "%OS%" == "Windows_NT" endlocal - exit /B 0 - -rem Main clean function. -rem -rem Returns: -rem -rem 0 - success -rem 1 - failed to clean Makefile -rem 2 - failed to clean tool_hugehelp.c -rem -:clean - rem Remove Makefile - echo * %CD%\Makefile - if exist Makefile ( - del Makefile 2>NUL - if exist Makefile ( - exit /B 1 - ) - ) - - rem Remove tool_hugehelp.c - echo * %CD%\src\tool_hugehelp.c - if exist src\tool_hugehelp.c ( - del src\tool_hugehelp.c 2>NUL - if exist src\tool_hugehelp.c ( - exit /B 2 - ) - ) - - exit /B - -rem Function to generate src\tool_hugehelp.c -rem -rem Returns: -rem -rem 0 - full tool_hugehelp.c generated -rem 1 - simplified tool_hugehelp.c -rem 2 - failure -rem -:genHugeHelp - if "%OS%" == "Windows_NT" setlocal - set LC_ALL=C - set ROFFCMD= - set BASIC=1 - - if defined HAVE_PERL ( - if defined HAVE_GROFF ( - set ROFFCMD=groff -mtty-char -Tascii -P-c -man - ) else if defined HAVE_NROFF ( - set ROFFCMD=nroff -c -Tascii -man - ) - ) - - if defined ROFFCMD ( - echo #include "tool_setup.h"> src\tool_hugehelp.c - echo #include "tool_hugehelp.h">> src\tool_hugehelp.c - - if defined HAVE_GZIP ( - echo #ifndef HAVE_LIBZ>> src\tool_hugehelp.c - ) - - %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl docs\MANUAL >> src\tool_hugehelp.c - if defined HAVE_GZIP ( - echo #else>> src\tool_hugehelp.c - %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl -c docs\MANUAL >> src\tool_hugehelp.c - echo #endif /^* HAVE_LIBZ ^*/>> src\tool_hugehelp.c - ) - - set BASIC=0 - ) else ( - if exist src\tool_hugehelp.c.cvs ( - copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c 1>NUL 2>&1 - ) else ( - echo #include "tool_setup.h"> src\tool_hugehelp.c - echo #include "tool_hugehelp.h">> src\tool_hugehelp.c - echo.>> src\tool_hugehelp.c - echo void hugehelp(void^)>> src\tool_hugehelp.c - echo {>> src\tool_hugehelp.c - echo #ifdef USE_MANUAL>> src\tool_hugehelp.c - echo fputs("Built-in manual not included\n", stdout^);>> src\tool_hugehelp.c - echo #endif>> src\tool_hugehelp.c - echo }>> src\tool_hugehelp.c - ) - ) - - findstr "/C:void hugehelp(void)" src\tool_hugehelp.c 1>NUL 2>&1 - if errorlevel 1 ( - if "%OS%" == "Windows_NT" endlocal - exit /B 2 - ) - - if "%BASIC%" == "1" ( - if "%OS%" == "Windows_NT" endlocal - exit /B 1 - ) - - if "%OS%" == "Windows_NT" endlocal - exit /B 0 - -rem Function to clean-up local variables under DOS, Windows 3.x and -rem Windows 9x as setlocal isn't available until Windows NT -rem -:dosCleanup - set MODE= - set HAVE_GROFF= - set HAVE_NROFF= - set HAVE_PERL= - set HAVE_GZIP= - set BASIC_HUGEHELP= - set LC_ALL - set ROFFCMD= - set BASIC= - - exit /B - -:syntax - rem Display the help - echo. - echo Usage: buildconf [-clean] - echo. - echo -clean - Removes the files - goto error - -:unknown - echo. - echo Error: Unknown argument '%1' - goto error - -:norepo - echo. - echo Error: This batch file should only be used with a curl git repository - goto error - -:nogenmakefile - echo. - echo Error: Unable to generate Makefile - goto error - -:nogenhugehelp - echo. - echo Error: Unable to generate src\tool_hugehelp.c - goto error - -:nocleanmakefile - echo. - echo Error: Unable to clean Makefile - goto error - -:nocleanhugehelp - echo. - echo Error: Unable to clean src\tool_hugehelp.c - goto error - -:warning - echo. - echo Warning: The curl manual could not be integrated in the source. This means when - echo you build curl the manual will not be available (curl --man^). Integration of - echo the manual is not required and a summary of the options will still be available - echo (curl --help^). To integrate the manual your PATH is required to have - echo groff/nroff, perl and optionally gzip for compression. - goto success - -:error - if "%OS%" == "Windows_NT" ( - endlocal - ) else ( - call :dosCleanup - ) - exit /B 1 - -:success - if "%OS%" == "Windows_NT" ( - endlocal - ) else ( - call :dosCleanup - ) - exit /B 0 diff --git a/configure.ac b/configure.ac index 9dffa6b2f2dd..23e4b07cfdf5 100644 --- a/configure.ac +++ b/configure.ac @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,38 +18,42 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# #*************************************************************************** dnl Process this file with autoconf to produce a configure script. AC_PREREQ(2.59) -dnl We don't know the version number "statically" so we use a dash here +dnl We do not know the version number "statically" so we use a dash here AC_INIT([curl], [-], [a suitable curl mailing list: https://curl.se/mail/]) XC_OVR_ZZ50 -XC_OVR_ZZ60 CURL_OVERRIDE_AUTOCONF dnl configure script copyright -AC_COPYRIGHT([Copyright (c) 1998 - 2021 Daniel Stenberg, +AC_COPYRIGHT([Copyright (C) Daniel Stenberg, This configure script may be copied, distributed and modified under the terms of the curl license; see COPYING for more details]) AC_CONFIG_SRCDIR([lib/urldata.h]) AC_CONFIG_HEADERS(lib/curl_config.h) +AH_TOP([/* !checksrc! disable COPYRIGHT all */]) AC_CONFIG_MACRO_DIR([m4]) AM_MAINTAINER_MODE m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) CURL_CHECK_OPTION_DEBUG +AM_CONDITIONAL(DEBUGBUILD, test "$want_debug" = "yes") CURL_CHECK_OPTION_OPTIMIZE CURL_CHECK_OPTION_WARNINGS CURL_CHECK_OPTION_WERROR -CURL_CHECK_OPTION_CURLDEBUG CURL_CHECK_OPTION_SYMBOL_HIDING CURL_CHECK_OPTION_ARES CURL_CHECK_OPTION_RT +CURL_CHECK_OPTION_HTTPSRR CURL_CHECK_OPTION_ECH +CURL_CHECK_OPTION_SSLS_EXPORT XC_CHECK_PATH_SEPARATOR @@ -83,21 +87,22 @@ if test -z "$GREP"; then fi AC_SUBST([GREP]) -dnl EGREP is mandatory for configure process and libtool. +dnl 'grep -E' is mandatory for configure process and libtool. dnl Set it now, allowing it to be changed later. if test -z "$EGREP"; then dnl allow it to be overridden + AC_MSG_CHECKING([that grep -E works]) if echo a | ($GREP -E '(a|b)') >/dev/null 2>&1; then - AC_MSG_CHECKING([for egrep]) EGREP="$GREP -E" - AC_MSG_RESULT([$EGREP]) + AC_MSG_RESULT([yes]) else + AC_MSG_RESULT([no]) AC_PATH_PROG([EGREP], [egrep], [not_found], [$PATH:/usr/bin:/usr/local/bin]) fi fi if test -z "$EGREP" || test "$EGREP" = "not_found"; then - AC_MSG_ERROR([egrep not found in PATH. Cannot continue without egrep.]) + AC_MSG_ERROR([grep -E is not working and egrep is not found in PATH. Cannot continue.]) fi AC_SUBST([EGREP]) @@ -115,12 +120,15 @@ AC_SUBST([AR]) AC_SUBST(libext) +if test -z "$CLANG_TIDY"; then + CLANG_TIDY=clang-tidy +fi +AC_SUBST(CLANG_TIDY) + dnl figure out the libcurl version CURLVERSION=`$SED -ne 's/^#define LIBCURL_VERSION "\(.*\)".*/\1/p' ${srcdir}/include/curl/curlver.h` XC_CHECK_PROG_CC - -dnl for --enable-code-coverage -CURL_COVERAGE +CURL_ATOMIC XC_AUTOMAKE AC_MSG_CHECKING([curl version]) @@ -133,46 +141,41 @@ dnl we extract the numerical version for curl-config only VERSIONNUM=`$SED -ne 's/^#define LIBCURL_VERSION_NUM 0x\([0-9A-Fa-f]*\).*/\1/p' ${srcdir}/include/curl/curlver.h` AC_SUBST(VERSIONNUM) -dnl Solaris pkgadd support definitions -PKGADD_PKG="HAXXcurl" -PKGADD_NAME="curl - a client that groks URLs" -PKGADD_VENDOR="curl.se" -AC_SUBST(PKGADD_PKG) -AC_SUBST(PKGADD_NAME) -AC_SUBST(PKGADD_VENDOR) - dnl dnl initialize all the info variables - curl_ssl_msg="no (--with-{openssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl,bearssl,rustls} )" - curl_ssh_msg="no (--with-{libssh,libssh2})" - curl_zlib_msg="no (--with-zlib)" - curl_brotli_msg="no (--with-brotli)" - curl_zstd_msg="no (--with-zstd)" - curl_gss_msg="no (--with-gssapi)" - curl_gsasl_msg="no (--with-gsasl)" -curl_tls_srp_msg="no (--enable-tls-srp)" - curl_res_msg="default (--enable-ares / --enable-threaded-resolver)" - curl_ipv6_msg="no (--enable-ipv6)" -curl_unix_sockets_msg="no (--enable-unix-sockets)" - curl_idn_msg="no (--with-{libidn2,winidn})" - curl_manual_msg="no (--enable-manual)" -curl_libcurl_msg="enabled (--disable-libcurl-option)" -curl_verbose_msg="enabled (--disable-verbose)" - curl_sspi_msg="no (--enable-sspi)" - curl_ldap_msg="no (--enable-ldap / --with-ldap-lib / --with-lber-lib)" - curl_ldaps_msg="no (--enable-ldaps)" - curl_rtsp_msg="no (--enable-rtsp)" - curl_rtmp_msg="no (--with-librtmp)" - curl_psl_msg="no (--with-libpsl)" - curl_altsvc_msg="enabled (--disable-alt-svc)" - curl_hsts_msg="enabled (--disable-hsts)" - ssl_backends= - curl_h1_msg="enabled (internal)" - curl_h2_msg="no (--with-nghttp2, --with-hyper)" - curl_h3_msg="no (--with-ngtcp2, --with-quiche)" + curl_ssl_msg="no (--with-{openssl,gnutls,mbedtls,wolfssl,schannel,amissl,rustls} )" + curl_ssh_msg="no (--with-{libssh,libssh2})" + curl_zlib_msg="no (--with-zlib)" + curl_brotli_msg="no (--with-brotli)" + curl_zstd_msg="no (--with-zstd)" + curl_gss_msg="no (--with-gssapi)" + curl_gsasl_msg="no (--with-gsasl)" + curl_tls_srp_msg="no (--enable-tls-srp)" + curl_res_msg="blocking (--enable-ares / --enable-threaded-resolver)" + curl_ipv6_msg="no (--enable-ipv6)" +curl_unix_sockets_msg="no (--enable-unix-sockets)" + curl_idn_msg="no (--with-{libidn2,winidn})" + curl_docs_msg="enabled (--disable-docs)" + curl_manual_msg="no (--enable-manual)" + curl_libcurl_msg="enabled (--disable-libcurl-option)" + curl_typecheck_msg="enabled (--disable-typecheck)" + curl_verbose_msg="enabled (--disable-verbose)" + curl_sspi_msg="no (--enable-sspi)" + curl_ldap_msg="no (--enable-ldap / --with-ldap-lib / --with-lber-lib)" + curl_ldaps_msg="no (--enable-ldaps)" + curl_ipfs_msg="no (--enable-ipfs)" + curl_rtsp_msg="no (--enable-rtsp)" + curl_psl_msg="no (--with-libpsl)" + curl_altsvc_msg="enabled (--disable-alt-svc)" + curl_headers_msg="enabled (--disable-headers-api)" + curl_hsts_msg="enabled (--disable-hsts)" + ssl_backends= + curl_h1_msg="enabled (internal)" + curl_h2_msg="no (--with-nghttp2)" + curl_h3_msg="no (--with-ngtcp2 --with-nghttp3, --with-quiche)" enable_altsvc="yes" -enable_hsts="yes" +hsts="yes" dnl dnl Save some initial values the user might have provided @@ -180,6 +183,25 @@ dnl INITIAL_LDFLAGS=$LDFLAGS INITIAL_LIBS=$LIBS +dnl +dnl Generates a shell script to run the compiler with LD_LIBRARY_PATH set to +dnl the value used right now. This lets CURL_RUN_IFELSE set LD_LIBRARY_PATH to +dnl something different but only have that affect the execution of the results +dnl of the compile, not change the libraries for the compiler itself. +dnl +compilersh="run-compiler" +CURL_SAVED_CC="$CC" +export CURL_SAVED_CC +CURL_SAVED_LD_LIBRARY_PATH="$LD_LIBRARY_PATH" +export CURL_SAVED_LD_LIBRARY_PATH +cat <<\EOF > "$compilersh" +CC="$CURL_SAVED_CC" +export CC +LD_LIBRARY_PATH="$CURL_SAVED_LD_LIBRARY_PATH" +export LD_LIBRARY_PATH +exec $CC "$@" +EOF + dnl ********************************************************************** dnl See which TLS backend(s) that are requested. Just do all the dnl TLS AC_ARG_WITH() invokes here and do the checks later @@ -188,77 +210,268 @@ OPT_SCHANNEL=no AC_ARG_WITH(schannel,dnl AS_HELP_STRING([--with-schannel],[enable Windows native SSL/TLS]), OPT_SCHANNEL=$withval - TLSCHOICE="schannel") - -OPT_SECURETRANSPORT=no -AC_ARG_WITH(secure-transport,dnl -AS_HELP_STRING([--with-secure-transport],[enable Apple OS native SSL/TLS]), - OPT_SECURETRANSPORT=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }Secure-Transport" -) + TLSCHOICE="Schannel") OPT_AMISSL=no AC_ARG_WITH(amissl,dnl -AS_HELP_STRING([--with-amissl],[enable Amiga native SSL/TLS (AmiSSL)]), +AS_HELP_STRING([--with-amissl],[enable Amiga native SSL/TLS (AmiSSL)]),[ OPT_AMISSL=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }AmiSSL") + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }AmiSSL" +]) OPT_OPENSSL=no dnl Default to no CA bundle ca="no" AC_ARG_WITH(ssl,dnl AS_HELP_STRING([--with-ssl=PATH],[old version of --with-openssl]) -AS_HELP_STRING([--without-ssl], [build without any TLS library]), +AS_HELP_STRING([--without-ssl], [build without any TLS library]),[ OPT_SSL=$withval OPT_OPENSSL=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL") + if test "x$withval" != "xno"; then + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL" + else + SSL_DISABLED="D" + fi +]) AC_ARG_WITH(openssl,dnl -AS_HELP_STRING([--with-openssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]), +AS_HELP_STRING([--with-openssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]),[ OPT_OPENSSL=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL") + if test "x$withval" != "xno"; then + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL" + fi +]) OPT_GNUTLS=no AC_ARG_WITH(gnutls,dnl -AS_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to the installation root]), +AS_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to the installation root]),[ OPT_GNUTLS=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }GnuTLS") + if test "x$withval" != "xno"; then + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }GnuTLS" + fi +]) OPT_MBEDTLS=no AC_ARG_WITH(mbedtls,dnl -AS_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root]), +AS_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root]),[ OPT_MBEDTLS=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }mbedTLS") + if test "x$withval" != "xno"; then + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }mbedTLS" + fi +]) OPT_WOLFSSL=no AC_ARG_WITH(wolfssl,dnl -AS_HELP_STRING([--with-wolfssl=PATH],[where to look for WolfSSL, PATH points to the installation root (default: system lib default)]), +AS_HELP_STRING([--with-wolfssl=PATH],[where to look for wolfSSL, PATH points to the installation root (default: system lib default)]),[ OPT_WOLFSSL=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }wolfSSL") - -OPT_MESALINK=no -AC_ARG_WITH(mesalink,dnl -AS_HELP_STRING([--with-mesalink=PATH],[where to look for MesaLink, PATH points to the installation root]), - OPT_MESALINK=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }MesaLink") - -OPT_BEARSSL=no -AC_ARG_WITH(bearssl,dnl -AS_HELP_STRING([--with-bearssl=PATH],[where to look for BearSSL, PATH points to the installation root]), - OPT_BEARSSL=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }BearSSL") + if test "x$withval" != "xno"; then + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }wolfSSL" + fi +]) OPT_RUSTLS=no AC_ARG_WITH(rustls,dnl -AS_HELP_STRING([--with-rustls=PATH],[where to look for rustls, PATH points to the installation root]), +AS_HELP_STRING([--with-rustls=PATH],[where to look for Rustls, PATH points to the installation root]),[ OPT_RUSTLS=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }rustls") + if test "x$withval" != "xno"; then + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }Rustls" + experimental="$experimental Rustls" + fi +]) + +OPT_APPLE_SECTRUST=$curl_cv_apple +AC_ARG_WITH(apple-sectrust,dnl +AS_HELP_STRING([--with-apple-sectrust],[enable Apple OS native certificate verification]),[ + OPT_APPLE_SECTRUST=$withval +]) + +AC_PATH_PROG(PERL, perl,, $PATH:/usr/local/bin/perl:/usr/bin/:/usr/local/bin) +AC_SUBST(PERL) +AM_CONDITIONAL(PERL, test -n "$PERL") + +TEST_NGHTTPX=nghttpx +AC_ARG_WITH(test-nghttpx,dnl +AS_HELP_STRING([--with-test-nghttpx=PATH],[where to find nghttpx for testing]), + TEST_NGHTTPX=$withval + if test "x$TEST_NGHTTPX" = "xno"; then + TEST_NGHTTPX="" + fi +) +AC_SUBST(TEST_NGHTTPX) + +if test -x /usr/bin/caddy; then + CADDY=/usr/bin/caddy +elif test -x /usr/local/bin/caddy; then + CADDY=/usr/local/bin/caddy +elif test -x "`brew --prefix 2>/dev/null`/bin/caddy"; then + CADDY=`brew --prefix`/bin/caddy +fi +AC_ARG_WITH(test-caddy,dnl +AS_HELP_STRING([--with-test-caddy=PATH],[where to find caddy for testing]), + CADDY=$withval + if test "x$CADDY" = "xno"; then + CADDY="" + fi +) +AC_SUBST(CADDY) + +if test -x /usr/sbin/vsftpd; then + VSFTPD=/usr/sbin/vsftpd +elif test -x /usr/local/sbin/vsftpd; then + VSFTPD=/usr/local/sbin/vsftpd +elif test -x "`brew --prefix 2>/dev/null`/sbin/vsftpd"; then + VSFTPD=`brew --prefix`/sbin/vsftpd +fi +AC_ARG_WITH(test-vsftpd,dnl +AS_HELP_STRING([--with-test-vsftpd=PATH],[where to find vsftpd for testing]), + VSFTPD=$withval + if test "x$VSFTPD" = "xno"; then + VSFTPD="" + fi +) +AC_SUBST(VSFTPD) + +dnl we would like an httpd as test server +dnl +HTTPD_ENABLED="maybe" +AC_ARG_WITH(test-httpd, [AS_HELP_STRING([--with-test-httpd=PATH], + [where to find httpd/apache2 for testing])], + [request_httpd=$withval], [request_httpd=check]) +if test "x$request_httpd" = "xcheck" || test "x$request_httpd" = "xyes"; then + if test -x "/usr/sbin/apache2"; then + # common location on distros (debian/ubuntu) + HTTPD="/usr/sbin/apache2" + AC_PATH_PROG([APXS], [apxs]) + if test -z "$APXS"; then + AC_MSG_NOTICE([apache2-dev not installed, httpd tests disabled]) + HTTPD_ENABLED="no" + fi + else + AC_PATH_PROG([HTTPD], [httpd]) + if test -z "$HTTPD"; then + AC_PATH_PROG([HTTPD], [apache2]) + fi + AC_PATH_PROG([APXS], [apxs]) + if test -z "$HTTPD"; then + AC_MSG_NOTICE([httpd/apache2 not in PATH, http tests disabled]) + HTTPD_ENABLED="no" + fi + if test -z "$APXS"; then + AC_MSG_NOTICE([apxs not in PATH, http tests disabled]) + HTTPD_ENABLED="no" + fi + fi +elif test "x$request_httpd" != "xno"; then + HTTPD="${request_httpd}/bin/httpd" + APXS="${request_httpd}/bin/apxs" + if test ! -x "${HTTPD}"; then + AC_MSG_NOTICE([httpd not found as ${HTTPD}, http tests disabled]) + HTTPD_ENABLED="no" + elif test ! -x "${APXS}"; then + AC_MSG_NOTICE([apxs not found as ${APXS}, http tests disabled]) + HTTPD_ENABLED="no" + else + AC_MSG_NOTICE([using HTTPD=$HTTPD for tests]) + fi +fi +if test "$HTTPD_ENABLED" = "no"; then + HTTPD="" + APXS="" +fi +AC_SUBST(HTTPD) +AC_SUBST(APXS) + +dnl we would like a dante as test socks server +dnl +DANTED_ENABLED="maybe" +AC_ARG_WITH(test-danted, [AS_HELP_STRING([--with-test-danted=PATH], + [where to find danted socks daemon for testing])], + [request_danted=$withval], [request_danted=check]) +if test "x$request_danted" = "xcheck" || test "x$request_danted" = "xyes"; then + if test -x "/usr/sbin/danted"; then + # common location on distros (debian/ubuntu) + DANTED="/usr/sbin/danted" + else + AC_PATH_PROG([DANTED], [danted]) + if test -z "$DANTED"; then + AC_PATH_PROG([DANTED], [danted]) + fi + fi +elif test "x$request_danted" != "xno"; then + DANTED="${request_danted}" + if test ! -x "${DANTED}"; then + AC_MSG_NOTICE([danted not found as ${DANTED}, danted tests disabled]) + DANTED_ENABLED="no" + else + AC_MSG_NOTICE([using DANTED=$DANTED for tests]) + fi +fi +if test "$DANTED_ENABLED" = "no"; then + DANTED="" +fi +AC_SUBST(DANTED) + +dnl we would like a sshd as test server +dnl +SSHD_ENABLED="maybe" +AC_ARG_WITH(test-sshd, [AS_HELP_STRING([--with-test-sshd=PATH], + [where to find sshd for testing])], + [request_sshd=$withval], [request_sshd=check]) +if test "x$request_sshd" = "xcheck" || test "x$request_sshd" = "xyes"; then + if test -x "/usr/sbin/sshd"; then + # common location on distros (debian/ubuntu) + SSHD="/usr/sbin/sshd" + else + AC_PATH_PROG([SSHD], [sshd]) + if test -z "$SSHD"; then + AC_PATH_PROG([SSHD], [sshd]) + fi + fi +elif test "x$request_sshd" != "xno"; then + SSHD="${request_sshd}" + if test ! -x "${SSHD}"; then + AC_MSG_NOTICE([sshd not found as ${SSHD}, sshd tests disabled]) + SSHD_ENABLED="no" + else + AC_MSG_NOTICE([using SSHD=$SSHD for tests]) + fi +fi +if test "$SSHD_ENABLED" = "no"; then + SSHD="" + SFTPD="" +else + if test -x "/usr/libexec/sftp-server"; then + # common location on macOS) + SFTPD="/usr/libexec/sftp-server" + elif test -x "/usr/lib/openssh/sftp-server"; then + # common location on debian + SFTPD="/usr/lib/openssh/sftp-server" + else + AC_PATH_PROG([SFTPD], [sftp-server]) + if test -z "$SFTPD"; then + AC_PATH_PROG([SFTPD], [sftp-server]) + fi + fi +fi +AC_SUBST(SSHD) +AC_SUBST(SFTPD) + +dnl the nghttpx we might use in httpd testing +if test -n "$TEST_NGHTTPX" && test "x$TEST_NGHTTPX" != "xnghttpx"; then + HTTPD_NGHTTPX="$TEST_NGHTTPX" +else + AC_PATH_PROG([HTTPD_NGHTTPX], [nghttpx], [], + [$PATH:/usr/bin:/usr/local/bin]) +fi +AC_SUBST(HTTPD_NGHTTPX) -OPT_NSS=no -AC_ARG_WITH(nss,dnl -AS_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the installation root]), - OPT_NSS=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }NSS") +dnl the Caddy server we might use in testing +if test -n "$TEST_CADDY"; then + CADDY="$TEST_CADDY" +else + AC_PATH_PROG([CADDY], [caddy]) +fi +AC_SUBST(CADDY) dnl If no TLS choice has been made, check if it was explicitly disabled or dnl error out to force the user to decide. @@ -269,22 +482,18 @@ if test -z "$TLSCHOICE"; then Select from these: --with-amissl - --with-bearssl --with-gnutls --with-mbedtls - --with-mesalink - --with-nss - --with-openssl (also works for BoringSSL and libressl) + --with-openssl (also works for AWS-LC, BoringSSL and LibreSSL) --with-rustls --with-schannel - --with-secure-transport --with-wolfssl ]) fi fi AC_ARG_WITH(darwinssl,, - AC_MSG_ERROR([--with-darwin-ssl no longer works!])) + AC_MSG_ERROR([--with-darwin-ssl and --without-darwin-ssl no longer work!])) dnl dnl Detect the canonical host and target build environment @@ -292,7 +501,7 @@ dnl AC_CANONICAL_HOST dnl Get system canonical name -AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS]) +AC_DEFINE_UNQUOTED(CURL_OS, "${host}", [cpu-machine-OS]) # Silence warning: ar: 'u' modifier ignored since 'D' is the default AC_SUBST(AR_FLAGS, [cr]) @@ -309,16 +518,20 @@ AC_SYS_LARGEFILE XC_LIBTOOL +LT_LANG([Windows Resource]) + +AM_CONDITIONAL(NOT_CURL_CI, test -z "$CURL_CI") + # # Automake conditionals based on libtool related checks # AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSION_INFO], - [test "x$xc_lt_shlib_use_version_info" = 'xyes']) + [test "$xc_lt_shlib_use_version_info" = "yes"]) AM_CONDITIONAL([CURL_LT_SHLIB_USE_NO_UNDEFINED], - [test "x$xc_lt_shlib_use_no_undefined" = 'xyes']) + [test "$xc_lt_shlib_use_no_undefined" = "yes"]) AM_CONDITIONAL([CURL_LT_SHLIB_USE_MIMPURE_TEXT], - [test "x$xc_lt_shlib_use_mimpure_text" = 'xyes']) + [test "$xc_lt_shlib_use_mimpure_text" = "yes"]) # # Due to libtool and automake machinery limitations of not allowing @@ -337,7 +550,7 @@ AM_CONDITIONAL([CURL_LT_SHLIB_USE_MIMPURE_TEXT], # AM_CONDITIONAL([USE_CPPFLAG_CURL_STATICLIB], - [test "x$xc_lt_build_static_only" = 'xyes']) + [test "$xc_lt_build_static_only" = "yes"]) # # Make staticlib CPPFLAG variable and its definition visible in output @@ -345,31 +558,47 @@ AM_CONDITIONAL([USE_CPPFLAG_CURL_STATICLIB], # targeting a static library and not building its shared counterpart. # -CPPFLAG_CURL_STATICLIB= -if test "x$xc_lt_build_static_only" = 'xyes'; then - CPPFLAG_CURL_STATICLIB='-DCURL_STATICLIB' -fi -AC_SUBST([CPPFLAG_CURL_STATICLIB]) - +LIBCURL_PC_CFLAGS_PRIVATE='-DCURL_STATICLIB' +AC_SUBST(LIBCURL_PC_CFLAGS_PRIVATE) -# Determine whether all dependent libraries must be specified when linking -if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno" -then - REQUIRE_LIB_DEPS=no -else - REQUIRE_LIB_DEPS=yes +LIBCURL_PC_CFLAGS= +if test "$xc_lt_build_static_only" = "yes"; then + LIBCURL_PC_CFLAGS="${LIBCURL_PC_CFLAGS_PRIVATE}" fi -AC_SUBST(REQUIRE_LIB_DEPS) -AM_CONDITIONAL(USE_EXPLICIT_LIB_DEPS, test x$REQUIRE_LIB_DEPS = xyes) - -dnl check if there's a way to force code inline -AC_C_INLINE +AC_SUBST([LIBCURL_PC_CFLAGS]) dnl ********************************************************************** dnl platform/compiler/architecture specific checks/flags dnl ********************************************************************** CURL_CHECK_COMPILER +dnl for --enable-code-coverage +CURL_COVERAGE +CURL_CHECK_NATIVE_WINDOWS + +curl_cv_winuwp='no' +if test "$curl_cv_native_windows" = "yes"; then + case "$CPPFLAGS" in + *-DWINSTORECOMPAT*) curl_cv_winuwp='yes';; + esac + + AC_MSG_CHECKING([if building for Windows Vista or newer]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + #include + ]],[[ + #if (_WIN32_WINNT < 0x600) + #error + #endif + ]]) + ],[ + AC_MSG_RESULT([yes]) + ],[ + AC_MSG_RESULT([no]) + AC_MSG_ERROR([Building for Windows Vista or newer is required.]) + ]) +fi + CURL_SET_COMPILER_BASIC_OPTS CURL_SET_COMPILER_DEBUG_OPTS CURL_SET_COMPILER_OPTIMIZE_OPTS @@ -387,8 +616,17 @@ if test "$compiler_id" = "INTEL_UNIX_C"; then # fi +case $host in + *msdosdjgpp) + if test "$compiler_num" -ge "1000"; then + dnl Avoid warnings in DJGPP's built-in FD_SET() macro + CFLAGS="$CFLAGS -Wno-arith-conversion" + fi + ;; +esac + CURL_CFLAG_EXTRAS="" -if test X"$want_werror" = Xyes; then +if test "$want_werror" = "yes"; then CURL_CFLAG_EXTRAS="-Werror" if test "$compiler_id" = "GNU_C"; then dnl enable -pedantic-errors for GCC 5 and later, @@ -396,24 +634,24 @@ if test X"$want_werror" = Xyes; then if test "$compiler_num" -ge "500"; then CURL_CFLAG_EXTRAS="$CURL_CFLAG_EXTRAS -pedantic-errors" fi + elif test "$compiler_id" = "CLANG" || test "$compiler_id" = "APPLECLANG"; then + CURL_CFLAG_EXTRAS="$CURL_CFLAG_EXTRAS -pedantic-errors" fi fi AC_SUBST(CURL_CFLAG_EXTRAS) +AM_CONDITIONAL(CURL_WERROR, test "$want_werror" = "yes") CURL_CHECK_COMPILER_HALT_ON_ERROR CURL_CHECK_COMPILER_ARRAY_SIZE_NEGATIVE CURL_CHECK_COMPILER_PROTOTYPE_MISMATCH CURL_CHECK_COMPILER_SYMBOL_HIDING -CURL_CHECK_CURLDEBUG -AM_CONDITIONAL(CURLDEBUG, test x$want_curldebug = xyes) - supports_unittests=yes # cross-compilation of unit tests static library/programs fails when # libcurl shared library is built. This might be due to a libtool or # automake issue. In this case we disable unit tests. -if test "x$cross_compiling" != "xno" && - test "x$enable_shared" != "xno"; then +if test "$cross_compiling" != "no" && + test "$enable_shared" != "no"; then supports_unittests=no fi @@ -437,53 +675,67 @@ case $host_os in ;; esac -dnl Build unit tests when option --enable-debug is given. -if test "x$want_debug" = "xyes" && - test "x$supports_unittests" = "xyes"; then - want_unittests=yes -else - want_unittests=no -fi -AM_CONDITIONAL(BUILD_UNITTESTS, test x$want_unittests = xyes) +AM_CONDITIONAL(BUILD_UNITTESTS, test "$supports_unittests" = "yes") + +# In order to detect support of sendmmsg() and accept4(), we need to escape the POSIX +# jail by defining _GNU_SOURCE or will not expose it. +case $host_os in + *linux*|cygwin*|msys*|gnu*) + CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE" + ;; +esac + +AM_CONDITIONAL(CLANG, test "$compiler_id" = "APPLECLANG" || test "$compiler_id" = "CLANG") dnl ********************************************************************** dnl Compilation based checks should not be done before this point. dnl ********************************************************************** -dnl ********************************************************************** -dnl Make sure that our checks for headers windows.h winsock.h winsock2.h -dnl and ws2tcpip.h take precedence over any other further checks which -dnl could be done later using AC_CHECK_HEADER or AC_CHECK_HEADERS for -dnl this specific header files. And do them before its results are used. -dnl ********************************************************************** +CURL_CHECK_WIN32_CRYPTO -CURL_CHECK_HEADER_WINDOWS -CURL_CHECK_NATIVE_WINDOWS -case X-"$curl_cv_native_windows" in - X-yes) - CURL_CHECK_HEADER_WINSOCK - CURL_CHECK_HEADER_WINSOCK2 - CURL_CHECK_HEADER_WS2TCPIP - CURL_CHECK_HEADER_WINCRYPT - CURL_CHECK_HEADER_WINLDAP - CURL_CHECK_HEADER_WINBER - ;; - *) - curl_cv_header_winsock_h="no" - curl_cv_header_winsock2_h="no" - curl_cv_header_ws2tcpip_h="no" - curl_cv_header_wincrypt_h="no" - curl_cv_header_winldap_h="no" - curl_cv_header_winber_h="no" - ;; +curl_cv_apple='no' +case $host in + *-apple-*) curl_cv_apple='yes';; esac -CURL_CHECK_WIN32_LARGEFILE -CURL_CHECK_WIN32_CRYPTO -CURL_DARWIN_CFLAGS -CURL_DARWIN_SYSTEMCONFIGURATION -CURL_SUPPORTS_BUILTIN_AVAILABLE +if test "$curl_cv_apple" = "yes"; then + CURL_DARWIN_CFLAGS + CURL_SUPPORTS_BUILTIN_AVAILABLE +fi + +AM_CONDITIONAL([HAVE_WINDRES], + [test "$curl_cv_native_windows" = "yes" && test -n "${RC}"]) + +if test "$curl_cv_native_windows" = "yes"; then + AM_COND_IF([HAVE_WINDRES],, + [AC_MSG_ERROR([windres not found in PATH. Windows builds require windres. Cannot continue.])]) +fi + +dnl ---------------------------------------- +dnl whether use "unity" mode for lib and src +dnl ---------------------------------------- +want_unity='no' +AC_MSG_CHECKING([whether to build libcurl and curl in "unity" mode]) +AC_ARG_ENABLE(unity, +AS_HELP_STRING([--enable-unity],[Enable unity mode]) +AS_HELP_STRING([--disable-unity],[Disable unity (default)]), +[ case "$enableval" in + yes) + want_unity='yes' + AC_MSG_RESULT([yes]) + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac ], + AC_MSG_RESULT([no]) +) +if test -z "$PERL" && test "$want_unity" = "yes"; then + AC_MSG_WARN([perl was not found. Will not enable unity.]) + want_unity='no' +fi +AM_CONDITIONAL([USE_UNITY], [test "$want_unity" = "yes"]) dnl ************************************************************ dnl switch off particular protocols @@ -494,26 +746,29 @@ AS_HELP_STRING([--enable-http],[Enable HTTP support]) AS_HELP_STRING([--disable-http],[Disable HTTP support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_HTTP, 1, [to disable HTTP]) - disable_http="yes" - AC_MSG_WARN([disable HTTP disables FTP over proxy and RTSP]) - AC_SUBST(CURL_DISABLE_HTTP, [1]) - AC_DEFINE(CURL_DISABLE_RTSP, 1, [to disable RTSP]) - AC_SUBST(CURL_DISABLE_RTSP, [1]) - dnl toggle off alt-svc too when HTTP is disabled - AC_DEFINE(CURL_DISABLE_ALTSVC, 1, [disable alt-svc]) - AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable HSTS]) - curl_h1_msg="no (--enable-http, --with-hyper)" - curl_altsvc_msg="no"; - curl_hsts_msg="no (--enable-hsts)"; - enable_altsvc="no" - enable_hsts="no" - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_HTTP, 1, [to disable HTTP]) + disable_http="yes" + AC_MSG_WARN([disable HTTP disables FTP over proxy, IPFS and RTSP]) + CURL_DISABLE_HTTP=1 + AC_DEFINE(CURL_DISABLE_IPFS, 1, [to disable IPFS]) + CURL_DISABLE_IPFS=1 + AC_DEFINE(CURL_DISABLE_RTSP, 1, [to disable RTSP]) + CURL_DISABLE_RTSP=1 + dnl toggle off alt-svc too when HTTP is disabled + AC_DEFINE(CURL_DISABLE_ALTSVC, 1, [disable alt-svc]) + AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable HSTS]) + curl_h1_msg="no (--enable-http)" + curl_altsvc_msg="no"; + curl_hsts_msg="no (--enable-hsts)"; + enable_altsvc="no" + hsts="no" + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) AC_MSG_CHECKING([whether to support ftp]) AC_ARG_ENABLE(ftp, @@ -521,14 +776,15 @@ AS_HELP_STRING([--enable-ftp],[Enable FTP support]) AS_HELP_STRING([--disable-ftp],[Disable FTP support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_FTP, 1, [to disable FTP]) - AC_SUBST(CURL_DISABLE_FTP, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_FTP, 1, [to disable FTP]) + CURL_DISABLE_FTP=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) AC_MSG_CHECKING([whether to support file]) AC_ARG_ENABLE(file, @@ -536,14 +792,41 @@ AS_HELP_STRING([--enable-file],[Enable FILE support]) AS_HELP_STRING([--disable-file],[Disable FILE support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_FILE, 1, [to disable FILE]) - AC_SUBST(CURL_DISABLE_FILE, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_FILE, 1, [to disable FILE]) + CURL_DISABLE_FILE=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) +AC_MSG_CHECKING([whether to support IPFS]) +AC_ARG_ENABLE(ipfs, +AS_HELP_STRING([--enable-ipfs],[Enable IPFS support]) +AS_HELP_STRING([--disable-ipfs],[Disable IPFS support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_IPFS, 1, [to disable IPFS]) + CURL_DISABLE_IPFS=1 + ;; + *) + if test "$CURL_DISABLE_HTTP" = "1"; then + AC_MSG_ERROR(HTTP support needs to be enabled in order to enable IPFS support!) + else + AC_MSG_RESULT(yes) + curl_ipfs_msg="enabled" + fi + ;; esac ], - AC_MSG_RESULT(yes) + if test "$CURL_DISABLE_HTTP" != "1"; then + AC_MSG_RESULT(yes) + curl_ipfs_msg="enabled" + else + AC_MSG_RESULT(no) + fi ) AC_MSG_CHECKING([whether to support ldap]) AC_ARG_ENABLE(ldap, @@ -551,19 +834,19 @@ AS_HELP_STRING([--enable-ldap],[Enable LDAP support]) AS_HELP_STRING([--disable-ldap],[Disable LDAP support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) - AC_SUBST(CURL_DISABLE_LDAP, [1]) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) + CURL_DISABLE_LDAP=1 + ;; yes) - ldap_askedfor="yes" - AC_MSG_RESULT(yes) - ;; + ldap_askedfor="yes" + AC_MSG_RESULT(yes) + ;; *) - AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(yes) + ;; esac ],[ - AC_MSG_RESULT(yes) ] + AC_MSG_RESULT(yes) ] ) AC_MSG_CHECKING([whether to support ldaps]) AC_ARG_ENABLE(ldaps, @@ -571,153 +854,59 @@ AS_HELP_STRING([--enable-ldaps],[Enable LDAPS support]) AS_HELP_STRING([--disable-ldaps],[Disable LDAPS support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) - AC_SUBST(CURL_DISABLE_LDAPS, [1]) - ;; - *) if test "x$CURL_DISABLE_LDAP" = "x1" ; then - AC_MSG_RESULT(LDAP needs to be enabled to support LDAPS) - AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) - AC_SUBST(CURL_DISABLE_LDAPS, [1]) - else - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation]) - AC_SUBST(HAVE_LDAP_SSL, [1]) - fi - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + CURL_DISABLE_LDAPS=1 + ;; + *) + if test "$CURL_DISABLE_LDAP" = "1"; then + AC_MSG_RESULT(LDAP needs to be enabled to support LDAPS) + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + CURL_DISABLE_LDAPS=1 + else + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation]) + HAVE_LDAP_SSL=1 + fi + ;; esac ],[ - if test "x$CURL_DISABLE_LDAP" = "x1" ; then - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) - AC_SUBST(CURL_DISABLE_LDAPS, [1]) - else - AC_MSG_RESULT(yes) - AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation]) - AC_SUBST(HAVE_LDAP_SSL, [1]) - fi ] + if test "$CURL_DISABLE_LDAP" = "1"; then + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + CURL_DISABLE_LDAPS=1 + else + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation]) + HAVE_LDAP_SSL=1 + fi ] ) -dnl ********************************************************************** -dnl Check for Hyper -dnl ********************************************************************** - -OPT_HYPER="no" - -AC_ARG_WITH(hyper, -AS_HELP_STRING([--with-hyper=PATH],[Enable hyper usage]) -AS_HELP_STRING([--without-hyper],[Disable hyper usage]), - [OPT_HYPER=$withval]) -case "$OPT_HYPER" in - no) - dnl --without-hyper option used - want_hyper="no" - ;; - yes) - dnl --with-hyper option used without path - want_hyper="default" - want_hyper_path="" +AC_MSG_CHECKING([whether to support rtsp]) +AC_ARG_ENABLE(rtsp, +AS_HELP_STRING([--enable-rtsp],[Enable RTSP support]) +AS_HELP_STRING([--disable-rtsp],[Disable RTSP support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_RTSP, 1, [to disable RTSP]) + CURL_DISABLE_RTSP=1 ;; *) - dnl --with-hyper option used with path - want_hyper="yes" - want_hyper_path="$withval" - ;; -esac - -if test X"$want_hyper" != Xno; then - if test "x$disable_http" = "xyes"; then - AC_MSG_ERROR([--with-hyper is not compatible with --disable-http]) - fi - - dnl backup the pre-hyper variables - CLEANLDFLAGS="$LDFLAGS" - CLEANCPPFLAGS="$CPPFLAGS" - CLEANLIBS="$LIBS" - - CURL_CHECK_PKGCONFIG(hyper, $want_hyper_path) - - if test "$PKGCONFIG" != "no" ; then - LIB_HYPER=`CURL_EXPORT_PCDIR([$want_hyper_path]) - $PKGCONFIG --libs-only-l hyper` - CPP_HYPER=`CURL_EXPORT_PCDIR([$want_hyper_path]) dnl - $PKGCONFIG --cflags-only-I hyper` - LD_HYPER=`CURL_EXPORT_PCDIR([$want_hyper_path]) - $PKGCONFIG --libs-only-L hyper` - else - dnl no hyper pkg-config found - LIB_HYPER="-lhyper -ldl -lpthread -lm" - if test X"$want_hyper" != Xdefault; then - CPP_HYPER=-I"$want_hyper_path/capi/include" - LD_HYPER="-L$want_hyper_path/target/debug" + if test "$CURL_DISABLE_HTTP" = "1"; then + AC_MSG_ERROR(HTTP support needs to be enabled in order to enable RTSP support!) + else + AC_MSG_RESULT(yes) + curl_rtsp_msg="enabled" fi - fi - if test -n "$LIB_HYPER"; then - AC_MSG_NOTICE([-l is $LIB_HYPER]) - AC_MSG_NOTICE([-I is $CPP_HYPER]) - AC_MSG_NOTICE([-L is $LD_HYPER]) - - LDFLAGS="$LDFLAGS $LD_HYPER" - CPPFLAGS="$CPPFLAGS $CPP_HYPER" - LIBS="$LIB_HYPER $LIBS" - - if test "x$cross_compiling" != "xyes"; then - DIR_HYPER=`echo $LD_HYPER | $SED -e 's/^-L//'` + ;; + esac ], + if test "$CURL_DISABLE_HTTP" != "1"; then + AC_MSG_RESULT(yes) + curl_rtsp_msg="enabled" + else + AC_MSG_RESULT(no) fi - - AC_CHECK_LIB(hyper, hyper_io_new, - [ - AC_CHECK_HEADERS(hyper.h, - experimental="$experimental Hyper" - AC_MSG_NOTICE([Hyper support is experimental]) - curl_h1_msg="enabled (Hyper)" - curl_h2_msg=$curl_h1_msg - HYPER_ENABLED=1 - AC_DEFINE(USE_HYPER, 1, [if hyper is in use]) - AC_SUBST(USE_HYPER, [1]) - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_HYPER" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_HYPER to CURL_LIBRARY_PATH]), - ) - ], - AC_MSG_ERROR([--with-hyper but hyper was not found. See docs/HYPER.md.]) - ) - fi -fi - -if test X"$want_hyper" != Xno; then - AC_MSG_NOTICE([Disable RTSP support with hyper]) - AC_DEFINE(CURL_DISABLE_RTSP, 1, [to disable RTSP]) - AC_SUBST(CURL_DISABLE_RTSP, [1]) - -else - - AC_MSG_CHECKING([whether to support rtsp]) - AC_ARG_ENABLE(rtsp, - AS_HELP_STRING([--enable-rtsp],[Enable RTSP support]) - AS_HELP_STRING([--disable-rtsp],[Disable RTSP support]), - [ case "$enableval" in - no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_RTSP, 1, [to disable RTSP]) - AC_SUBST(CURL_DISABLE_RTSP, [1]) - ;; - *) - if test x$CURL_DISABLE_HTTP = x1 ; then - AC_MSG_ERROR(HTTP support needs to be enabled in order to enable RTSP support!) - else - AC_MSG_RESULT(yes) - curl_rtsp_msg="enabled" - fi - ;; - esac ], - if test "x$CURL_DISABLE_HTTP" != "x1"; then - AC_MSG_RESULT(yes) - curl_rtsp_msg="enabled" - else - AC_MSG_RESULT(no) - fi - ) -fi +) AC_MSG_CHECKING([whether to support proxies]) AC_ARG_ENABLE(proxy, @@ -725,15 +914,16 @@ AS_HELP_STRING([--enable-proxy],[Enable proxy support]) AS_HELP_STRING([--disable-proxy],[Disable proxy support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_PROXY, 1, [to disable proxies]) - AC_SUBST(CURL_DISABLE_PROXY, [1]) - https_proxy="no" - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_PROXY, 1, [to disable proxies]) + CURL_DISABLE_PROXY=1 + https_proxy="no" + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) AC_MSG_CHECKING([whether to support dict]) @@ -742,44 +932,54 @@ AS_HELP_STRING([--enable-dict],[Enable DICT support]) AS_HELP_STRING([--disable-dict],[Disable DICT support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_DICT, 1, [to disable DICT]) - AC_SUBST(CURL_DISABLE_DICT, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_DICT, 1, [to disable DICT]) + CURL_DISABLE_DICT=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) + AC_MSG_CHECKING([whether to support telnet]) AC_ARG_ENABLE(telnet, AS_HELP_STRING([--enable-telnet],[Enable TELNET support]) AS_HELP_STRING([--disable-telnet],[Disable TELNET support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_TELNET, 1, [to disable TELNET]) - AC_SUBST(CURL_DISABLE_TELNET, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_TELNET, 1, [to disable TELNET]) + CURL_DISABLE_TELNET=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) + +if test "$curl_cv_winuwp" = "yes"; then + AC_DEFINE(CURL_DISABLE_TELNET, 1, [to disable TELNET]) + CURL_DISABLE_TELNET=1 +fi + AC_MSG_CHECKING([whether to support tftp]) AC_ARG_ENABLE(tftp, AS_HELP_STRING([--enable-tftp],[Enable TFTP support]) AS_HELP_STRING([--disable-tftp],[Disable TFTP support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_TFTP, 1, [to disable TFTP]) - AC_SUBST(CURL_DISABLE_TFTP, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_TFTP, 1, [to disable TFTP]) + CURL_DISABLE_TFTP=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) AC_MSG_CHECKING([whether to support pop3]) @@ -788,48 +988,49 @@ AS_HELP_STRING([--enable-pop3],[Enable POP3 support]) AS_HELP_STRING([--disable-pop3],[Disable POP3 support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_POP3, 1, [to disable POP3]) - AC_SUBST(CURL_DISABLE_POP3, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_POP3, 1, [to disable POP3]) + CURL_DISABLE_POP3=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) - AC_MSG_CHECKING([whether to support imap]) AC_ARG_ENABLE(imap, AS_HELP_STRING([--enable-imap],[Enable IMAP support]) AS_HELP_STRING([--disable-imap],[Disable IMAP support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_IMAP, 1, [to disable IMAP]) - AC_SUBST(CURL_DISABLE_IMAP, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_IMAP, 1, [to disable IMAP]) + CURL_DISABLE_IMAP=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) - AC_MSG_CHECKING([whether to support smb]) AC_ARG_ENABLE(smb, AS_HELP_STRING([--enable-smb],[Enable SMB/CIFS support]) AS_HELP_STRING([--disable-smb],[Disable SMB/CIFS support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_SMB, 1, [to disable SMB/CIFS]) - AC_SUBST(CURL_DISABLE_SMB, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SMB, 1, [to disable SMB/CIFS]) + CURL_DISABLE_SMB=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) AC_MSG_CHECKING([whether to support smtp]) @@ -838,14 +1039,15 @@ AS_HELP_STRING([--enable-smtp],[Enable SMTP support]) AS_HELP_STRING([--disable-smtp],[Disable SMTP support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_SMTP, 1, [to disable SMTP]) - AC_SUBST(CURL_DISABLE_SMTP, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SMTP, 1, [to disable SMTP]) + CURL_DISABLE_SMTP=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) AC_MSG_CHECKING([whether to support gopher]) @@ -854,14 +1056,15 @@ AS_HELP_STRING([--enable-gopher],[Enable Gopher support]) AS_HELP_STRING([--disable-gopher],[Disable Gopher support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_GOPHER, 1, [to disable Gopher]) - AC_SUBST(CURL_DISABLE_GOPHER, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_GOPHER, 1, [to disable Gopher]) + CURL_DISABLE_GOPHER=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) AC_MSG_CHECKING([whether to support mqtt]) @@ -870,15 +1073,16 @@ AS_HELP_STRING([--enable-mqtt],[Enable MQTT support]) AS_HELP_STRING([--disable-mqtt],[Disable MQTT support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_MQTT, 1, [to disable MQTT]) - AC_SUBST(CURL_DISABLE_MQTT, [1]) - ;; - *) AC_MSG_RESULT(yes) - ;; - esac ], - AC_MSG_RESULT(no) -) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_MQTT, 1, [to disable MQTT]) + CURL_DISABLE_MQTT=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(no) +) dnl ********************************************************************** dnl Check for built-in manual @@ -890,18 +1094,48 @@ AS_HELP_STRING([--enable-manual],[Enable built-in manual]) AS_HELP_STRING([--disable-manual],[Disable built-in manual]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - ;; - *) AC_MSG_RESULT(yes) - USE_MANUAL="1" - ;; + AC_MSG_RESULT(no) + ;; + *) + AC_MSG_RESULT(yes) + USE_MANUAL="1" + ;; esac ], - AC_MSG_RESULT(yes) - USE_MANUAL="1" + AC_MSG_RESULT(yes) + USE_MANUAL="1" ) dnl The actual use of the USE_MANUAL variable is done much later in this dnl script to allow other actions to disable it as well. +dnl ********************************************************************** +dnl Check whether to build documentation +dnl ********************************************************************** + +AC_MSG_CHECKING([whether to build documentation]) +AC_ARG_ENABLE(docs, +AS_HELP_STRING([--enable-docs],[Enable documentation]) +AS_HELP_STRING([--disable-docs],[Disable documentation]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + BUILD_DOCS=0 + dnl disable manual too because it needs built documentation + USE_MANUAL=0 + curl_docs_msg="no" + ;; + *) + AC_MSG_RESULT(yes) + BUILD_DOCS=1 + ;; + esac ], + AC_MSG_RESULT(yes) + BUILD_DOCS=1 +) +if test -z "$PERL" && test "$BUILD_DOCS" != "0"; then + AC_MSG_WARN([perl was not found. Will not build documentation.]) + BUILD_DOCS=0 +fi + dnl ************************************************************ dnl disable C code generation support dnl @@ -911,14 +1145,15 @@ AS_HELP_STRING([--enable-libcurl-option],[Enable --libcurl C code generation sup AS_HELP_STRING([--disable-libcurl-option],[Disable --libcurl C code generation support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_LIBCURL_OPTION, 1, [to disable --libcurl C code generation option]) - curl_libcurl_msg="no" - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_LIBCURL_OPTION, 1, [to disable --libcurl C code generation option]) + curl_libcurl_msg="no" + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ********************************************************************** @@ -930,51 +1165,81 @@ AC_ARG_ENABLE(libgcc, AS_HELP_STRING([--enable-libgcc],[use libgcc when linking]), [ case "$enableval" in yes) - LIBS="-lgcc $LIBS" - AC_MSG_RESULT(yes) - ;; - *) AC_MSG_RESULT(no) - ;; + LIBS="-lgcc $LIBS" + AC_MSG_RESULT(yes) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +AC_MSG_CHECKING([whether to use libbacktrace]) +AC_ARG_WITH(backtrace, +AS_HELP_STRING([--enable-backtrace],[use libbacktrace when linking]), +[ case "$enableval" in + yes) + LIBS="-lbacktrace $LIBS" + AC_DEFINE(USE_BACKTRACE, 1, [if libbacktrace is in use]) + AC_MSG_RESULT(yes) + ;; + *) + AC_MSG_RESULT(no) + ;; esac ], - AC_MSG_RESULT(no) + AC_MSG_RESULT(no) ) CURL_CHECK_LIB_XNET dnl gethostbyname without lib or in the nsl lib? AC_CHECK_FUNC(gethostbyname, - [HAVE_GETHOSTBYNAME="1" - ], - [ AC_CHECK_LIB(nsl, gethostbyname, - [HAVE_GETHOSTBYNAME="1" - LIBS="-lnsl $LIBS" - ]) - ]) - -if test "$HAVE_GETHOSTBYNAME" != "1" -then + [ + HAVE_GETHOSTBYNAME="1" + ], + [ + AC_CHECK_LIB(nsl, gethostbyname, + [ + HAVE_GETHOSTBYNAME="1" + LIBS="-lnsl $LIBS" + ] + ) + ] +) + +if test "$HAVE_GETHOSTBYNAME" != "1"; then dnl gethostbyname in the socket lib? AC_CHECK_LIB(socket, gethostbyname, - [HAVE_GETHOSTBYNAME="1" - LIBS="-lsocket $LIBS" - ]) + [ + HAVE_GETHOSTBYNAME="1" + LIBS="-lsocket $LIBS" + ] + ) fi -if test "$HAVE_GETHOSTBYNAME" != "1" -then +if test "$HAVE_GETHOSTBYNAME" != "1"; then dnl gethostbyname in the watt lib? + clean_CPPFLAGS=$CPPFLAGS + clean_LDFLAGS=$LDFLAGS + CPPFLAGS="-I${WATT_ROOT}/inc" + LDFLAGS="-L${WATT_ROOT}/lib" AC_CHECK_LIB(watt, gethostbyname, - [HAVE_GETHOSTBYNAME="1" - CPPFLAGS="-I/dev/env/WATT_ROOT/inc" - LDFLAGS="-L/dev/env/WATT_ROOT/lib" - LIBS="-lwatt $LIBS" - ]) + [ + HAVE_GETHOSTBYNAME="1" + LIBS="-lwatt $LIBS" + AC_DEFINE(USE_WATT32, 1, [if Watt-32 is in use]) + ], + [ + CPPFLAGS=$clean_CPPFLAGS + LDFLAGS=$clean_LDFLAGS + ] + ) fi dnl At least one system has been identified to require BOTH nsl and socket dnl libs at the same time to link properly. -if test "$HAVE_GETHOSTBYNAME" != "1" -then +if test "$HAVE_GETHOSTBYNAME" != "1"; then AC_MSG_CHECKING([for gethostbyname with both nsl and socket libs]) my_ac_save_LIBS=$LIBS LIBS="-lnsl -lsocket $LIBS" @@ -992,67 +1257,49 @@ then ]) fi -if test "$HAVE_GETHOSTBYNAME" != "1" -then - dnl This is for winsock systems - if test "$curl_cv_header_windows_h" = "yes"; then - if test "$curl_cv_header_winsock_h" = "yes"; then - case $host in - *-*-mingw32ce*) - winsock_LIB="-lwinsock" - ;; - *) - winsock_LIB="-lwsock32" - ;; - esac - fi - if test "$curl_cv_header_winsock2_h" = "yes"; then - winsock_LIB="-lws2_32" - fi - if test ! -z "$winsock_LIB"; then - my_ac_save_LIBS=$LIBS - LIBS="$winsock_LIB $LIBS" - AC_MSG_CHECKING([for gethostbyname in $winsock_LIB]) - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#else -#ifdef HAVE_WINSOCK_H -#include -#endif -#endif -#endif - ]],[[ - gethostbyname("www.dummysite.com"); - ]]) - ],[ - AC_MSG_RESULT([yes]) - HAVE_GETHOSTBYNAME="1" - ],[ - AC_MSG_RESULT([no]) - winsock_LIB="" - LIBS=$my_ac_save_LIBS - ]) +# In UWP mode gethostbyname gets detected via the core libs, but some +# code (in6addr_any) still need ws2_32, so let us detect and add it. +if test "$HAVE_GETHOSTBYNAME" != "1" || test "$curl_cv_winuwp" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then + dnl This is for Winsock systems + winsock_LIB="-lws2_32" + if test "$curl_cv_winuwp" != "yes"; then + winsock_LIB="$winsock_LIB -liphlpapi" fi + my_ac_save_LIBS=$LIBS + LIBS="$winsock_LIB $LIBS" + AC_MSG_CHECKING([for gethostbyname in $winsock_LIB]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ + #ifdef _WIN32 + #ifndef WIN32_LEAN_AND_MEAN + #define WIN32_LEAN_AND_MEAN + #endif + #include + #endif + ]],[[ + gethostbyname("localhost"); + ]]) + ],[ + AC_MSG_RESULT([yes]) + HAVE_GETHOSTBYNAME="1" + ],[ + AC_MSG_RESULT([no]) + winsock_LIB="" + LIBS=$my_ac_save_LIBS + ]) fi fi -if test "$HAVE_GETHOSTBYNAME" != "1" -then +if test "$HAVE_GETHOSTBYNAME" != "1"; then dnl This is for Minix 3.1 AC_MSG_CHECKING([for gethostbyname for Minix 3]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -/* Older Minix versions may need here instead */ -#include + /* Older Minix versions may need here instead */ + #include ]],[[ - gethostbyname("www.dummysite.com"); + gethostbyname("localhost"); ]]) ],[ AC_MSG_RESULT([yes]) @@ -1062,16 +1309,15 @@ then ]) fi -if test "$HAVE_GETHOSTBYNAME" != "1" -then +if test "$HAVE_GETHOSTBYNAME" != "1"; then dnl This is for eCos with a stubbed DNS implementation AC_MSG_CHECKING([for gethostbyname for eCos]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -#include -#include + #include + #include ]],[[ - gethostbyname("www.dummysite.com"); + gethostbyname("localhost"); ]]) ],[ AC_MSG_RESULT([yes]) @@ -1081,61 +1327,53 @@ then ]) fi -if test "$HAVE_GETHOSTBYNAME" != "1" -o "${with_amissl+set}" = set -then +if test "$HAVE_GETHOSTBYNAME" != "1" || test "${with_amissl+set}" = "set"; then dnl This is for AmigaOS with bsdsocket.library - needs testing before -lnet AC_MSG_CHECKING([for gethostbyname for AmigaOS bsdsocket.library]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ - #include - struct Library *SocketBase = NULL; + #define __USE_INLINE__ + #include + #ifdef __amigaos4__ + struct SocketIFace *ISocket = NULL; + #else + struct Library *SocketBase = NULL; + #endif ]],[[ - gethostbyname("www.dummysite.com"); + unsigned char host[] = "localhost"; + gethostbyname(host); ]]) ],[ AC_MSG_RESULT([yes]) HAVE_GETHOSTBYNAME="1" HAVE_PROTO_BSDSOCKET_H="1" AC_DEFINE(HAVE_PROTO_BSDSOCKET_H, 1, [if Amiga bsdsocket.library is in use]) - AC_SUBST(HAVE_PROTO_BSDSOCKET_H, [1]) ],[ AC_MSG_RESULT([no]) ]) fi -if test "$HAVE_GETHOSTBYNAME" != "1" -then +if test "$HAVE_GETHOSTBYNAME" != "1"; then dnl gethostbyname in the network lib - for Haiku OS AC_CHECK_LIB(network, gethostbyname, - [HAVE_GETHOSTBYNAME="1" - LIBS="-lnetwork $LIBS" - ]) -fi - -if test "$HAVE_GETHOSTBYNAME" != "1" -then - dnl gethostbyname in the net lib - for BeOS - AC_CHECK_LIB(net, gethostbyname, - [HAVE_GETHOSTBYNAME="1" - LIBS="-lnet $LIBS" - ]) -fi - - -if test "$HAVE_GETHOSTBYNAME" != "1"; then - AC_MSG_ERROR([couldn't find libraries for gethostbyname()]) + [ + HAVE_GETHOSTBYNAME="1" + LIBS="-lnetwork $LIBS" + ] + ) fi CURL_CHECK_LIBS_CONNECT -CURL_NETWORK_LIBS=$LIBS - dnl ********************************************************************** dnl In case that function clock_gettime with monotonic timer is available, dnl check for additional required libraries. dnl ********************************************************************** CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC +dnl Check for even better option +CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC_RAW + dnl ********************************************************************** dnl The preceding library checks are all potentially useful for test dnl servers and libtest cases which require networking and clock_gettime @@ -1157,22 +1395,27 @@ ZLIB_LIBS="" AC_ARG_WITH(zlib, AS_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH]) AS_HELP_STRING([--without-zlib],[disable use of zlib]), - [OPT_ZLIB="$withval"]) + [OPT_ZLIB="$withval"]) -if test "$OPT_ZLIB" = "no" ; then - AC_MSG_WARN([zlib disabled]) +if test "x$OPT_ZLIB" = "xno"; then + AC_MSG_WARN([zlib disabled]) else - if test "$OPT_ZLIB" = "yes" ; then + if test "x$OPT_ZLIB" = "xyes"; then OPT_ZLIB="" fi - if test -z "$OPT_ZLIB" ; then + if test -z "$OPT_ZLIB"; then CURL_CHECK_PKGCONFIG(zlib) - if test "$PKGCONFIG" != "no" ; then - LIBS="`$PKGCONFIG --libs-only-l zlib` $LIBS" - LDFLAGS="$LDFLAGS `$PKGCONFIG --libs-only-L zlib`" - CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags-only-I zlib`" + if test "$PKGCONFIG" != "no"; then + ZLIB_LIBS="`$PKGCONFIG --libs-only-l zlib`" + if test -n "$ZLIB_LIBS"; then + LDFLAGS="$LDFLAGS `$PKGCONFIG --libs-only-L zlib`" + else + ZLIB_LIBS="`$PKGCONFIG --libs zlib`" + fi + LIBS="$ZLIB_LIBS $LIBS" + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags zlib`" OPT_ZLIB="" HAVE_LIBZ="1" fi @@ -1183,35 +1426,45 @@ else dnl people have it in the default path AC_CHECK_LIB(z, inflateEnd, - dnl libz found, set the variable - [HAVE_LIBZ="1" - LIBS="-lz $LIBS"], - dnl if no lib found, try /usr/local - [OPT_ZLIB="/usr/local"]) + dnl libz found, set the variable + [ + HAVE_LIBZ="1" + ZLIB_LIBS="-lz" + LIBS="$ZLIB_LIBS $LIBS" + ], + dnl if no lib found, try /usr/local + [ + OPT_ZLIB="/usr/local" + ] + ) fi fi dnl Add a nonempty path to the compiler flags if test -n "$OPT_ZLIB"; then - CPPFLAGS="$CPPFLAGS -I$OPT_ZLIB/include" - LDFLAGS="$LDFLAGS -L$OPT_ZLIB/lib$libsuff" + CPPFLAGS="$CPPFLAGS -I$OPT_ZLIB/include" + LDFLAGS="$LDFLAGS -L$OPT_ZLIB/lib$libsuff" fi AC_CHECK_HEADER(zlib.h, [ - dnl zlib.h was found - HAVE_ZLIB_H="1" - dnl if the lib wasn't found already, try again with the new paths - if test "$HAVE_LIBZ" != "1"; then - AC_CHECK_LIB(z, gzread, - [ - dnl the lib was found! - HAVE_LIBZ="1" - LIBS="-lz $LIBS" - ], - [ CPPFLAGS=$clean_CPPFLAGS - LDFLAGS=$clean_LDFLAGS]) - fi + dnl zlib.h was found + HAVE_ZLIB_H="1" + dnl if the lib was not found already, try again with the new paths + if test "$HAVE_LIBZ" != "1"; then + AC_CHECK_LIB(z, gzread, + [ + dnl the lib was found! + HAVE_LIBZ="1" + ZLIB_LIBS="-lz" + LIBS="$ZLIB_LIBS $LIBS" + ], + [ + CPPFLAGS=$clean_CPPFLAGS + LDFLAGS=$clean_LDFLAGS + ] + ) + fi ], [ dnl zlib.h was not found, restore the flags @@ -1219,38 +1472,35 @@ else LDFLAGS=$clean_LDFLAGS] ) - if test "$HAVE_LIBZ" = "1" && test "$HAVE_ZLIB_H" != "1" - then + if test "$HAVE_LIBZ" = "1" && test "$HAVE_ZLIB_H" != "1"; then AC_MSG_WARN([configure found only the libz lib, not the header file!]) HAVE_LIBZ="" CPPFLAGS=$clean_CPPFLAGS LDFLAGS=$clean_LDFLAGS LIBS=$clean_LIBS - elif test "$HAVE_LIBZ" != "1" && test "$HAVE_ZLIB_H" = "1" - then + ZLIB_LIBS="" + elif test "$HAVE_LIBZ" != "1" && test "$HAVE_ZLIB_H" = "1"; then AC_MSG_WARN([configure found only the libz header file, not the lib!]) CPPFLAGS=$clean_CPPFLAGS LDFLAGS=$clean_LDFLAGS LIBS=$clean_LIBS - elif test "$HAVE_LIBZ" = "1" && test "$HAVE_ZLIB_H" = "1" - then + ZLIB_LIBS="" + elif test "$HAVE_LIBZ" = "1" && test "$HAVE_ZLIB_H" = "1"; then dnl both header and lib were found! AC_SUBST(HAVE_LIBZ) - AC_DEFINE(HAVE_ZLIB_H, 1, [if you have the zlib.h header file]) AC_DEFINE(HAVE_LIBZ, 1, [if zlib is available]) - - ZLIB_LIBS="-lz" - LIBS="-lz $clean_LIBS" + LIBS="$ZLIB_LIBS $clean_LIBS" dnl replace 'HAVE_LIBZ' in the automake makefile.ams AMFIXLIB="1" AC_MSG_NOTICE([found both libz and libz.h header]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE zlib" curl_zlib_msg="enabled" fi fi dnl set variable for use in automakefile(s) -AM_CONDITIONAL(HAVE_LIBZ, test x"$AMFIXLIB" = x1) +AM_CONDITIONAL(HAVE_LIBZ, test "$AMFIXLIB" = "1") AC_SUBST(ZLIB_LIBS) dnl ********************************************************************** @@ -1266,44 +1516,54 @@ AS_HELP_STRING([--with-brotli=PATH],[Where to look for brotli, PATH points to th AS_HELP_STRING([--without-brotli], [disable BROTLI]), OPT_BROTLI=$withval) -if test X"$OPT_BROTLI" != Xno; then +if test "x$OPT_BROTLI" != "xno"; then dnl backup the pre-brotli variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" case "$OPT_BROTLI" in - yes) - dnl --with-brotli (without path) used - CURL_CHECK_PKGCONFIG(libbrotlidec) - - if test "$PKGCONFIG" != "no" ; then - LIB_BROTLI=`$PKGCONFIG --libs-only-l libbrotlidec` - LD_BROTLI=`$PKGCONFIG --libs-only-L libbrotlidec` - CPP_BROTLI=`$PKGCONFIG --cflags-only-I libbrotlidec` - version=`$PKGCONFIG --modversion libbrotlidec` - DIR_BROTLI=`echo $LD_BROTLI | $SED -e 's/^-L//'` - fi + yes) + dnl --with-brotli (without path) used + CURL_CHECK_PKGCONFIG(libbrotlidec) + + if test "$PKGCONFIG" != "no"; then + LIB_BROTLI=`$PKGCONFIG --libs-only-l libbrotlidec` + LD_BROTLI=`$PKGCONFIG --libs-only-L libbrotlidec` + CPP_BROTLI=`$PKGCONFIG --cflags-only-I libbrotlidec` + version=`$PKGCONFIG --modversion libbrotlidec` + fi - ;; - off) - dnl no --with-brotli option given, just check default places - ;; - *) - dnl use the given --with-brotli spot - PREFIX_BROTLI=$OPT_BROTLI - ;; + CURL_CHECK_PKGCONFIG(libbrotlicommon) + + if test "$PKGCONFIG" != "no"; then + LIB_BROTLI="$LIB_BROTLI `$PKGCONFIG --libs-only-l libbrotlicommon`" + LD_BROTLI="$LD_BROTLI `$PKGCONFIG --libs-only-L libbrotlicommon`" + CPP_BROTLI="$CPP_BROTLI `$PKGCONFIG --cflags-only-I libbrotlicommon`" + fi + + DIR_BROTLI=`echo $LD_BROTLI | $SED -e 's/^-L//'` + ;; + off) + dnl no --with-brotli option given, just check default places + ;; + *) + dnl use the given --with-brotli spot + PREFIX_BROTLI=$OPT_BROTLI + ;; esac dnl if given with a prefix, we set -L and -I based on that if test -n "$PREFIX_BROTLI"; then - LIB_BROTLI="-lbrotlidec" + LIB_BROTLI="-lbrotlidec -lbrotlicommon" LD_BROTLI=-L${PREFIX_BROTLI}/lib$libsuff CPP_BROTLI=-I${PREFIX_BROTLI}/include DIR_BROTLI=${PREFIX_BROTLI}/lib$libsuff fi LDFLAGS="$LDFLAGS $LD_BROTLI" + LDFLAGSPC="$LDFLAGSPC $LD_BROTLI" CPPFLAGS="$CPPFLAGS $CPP_BROTLI" LIBS="$LIB_BROTLI $LIBS" @@ -1313,29 +1573,30 @@ if test X"$OPT_BROTLI" != Xno; then curl_brotli_msg="enabled (libbrotlidec)" HAVE_BROTLI=1 AC_DEFINE(HAVE_BROTLI, 1, [if BROTLI is in use]) - AC_SUBST(HAVE_BROTLI, [1]) ) - if test X"$OPT_BROTLI" != Xoff && + if test "x$OPT_BROTLI" != "xoff" && test "$HAVE_BROTLI" != "1"; then AC_MSG_ERROR([BROTLI libs and/or directories were not found where specified!]) fi if test "$HAVE_BROTLI" = "1"; then if test -n "$DIR_BROTLI"; then - dnl when the brotli shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH - dnl to prevent further configure tests to fail due to this - - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_BROTLI" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_BROTLI to CURL_LIBRARY_PATH]) - fi + dnl when the brotli shared libs were found in a path that the runtime + dnl linker does not search through, we need to add it to CURL_LIBRARY_PATH + dnl to prevent further configure tests to fail due to this + + if test "$cross_compiling" != "yes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_BROTLI" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_BROTLI to CURL_LIBRARY_PATH]) + fi fi + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libbrotlidec libbrotlicommon" else dnl no brotli, revert back to clean variables LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC CPPFLAGS=$CLEANCPPFLAGS LIBS=$CLEANLIBS fi @@ -1352,33 +1613,34 @@ AS_HELP_STRING([--with-zstd=PATH],[Where to look for libzstd, PATH points to the AS_HELP_STRING([--without-zstd], [disable libzstd]), OPT_ZSTD=$withval) -if test X"$OPT_ZSTD" != Xno; then +if test "x$OPT_ZSTD" != "xno"; then dnl backup the pre-zstd variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" case "$OPT_ZSTD" in - yes) - dnl --with-zstd (without path) used - CURL_CHECK_PKGCONFIG(libzstd) - - if test "$PKGCONFIG" != "no" ; then - LIB_ZSTD=`$PKGCONFIG --libs-only-l libzstd` - LD_ZSTD=`$PKGCONFIG --libs-only-L libzstd` - CPP_ZSTD=`$PKGCONFIG --cflags-only-I libzstd` - version=`$PKGCONFIG --modversion libzstd` - DIR_ZSTD=`echo $LD_ZSTD | $SED -e 's/-L//'` - fi + yes) + dnl --with-zstd (without path) used + CURL_CHECK_PKGCONFIG(libzstd) + + if test "$PKGCONFIG" != "no"; then + LIB_ZSTD=`$PKGCONFIG --libs-only-l libzstd` + LD_ZSTD=`$PKGCONFIG --libs-only-L libzstd` + CPP_ZSTD=`$PKGCONFIG --cflags-only-I libzstd` + version=`$PKGCONFIG --modversion libzstd` + DIR_ZSTD=`echo $LD_ZSTD | $SED -e 's/-L//'` + fi - ;; - off) - dnl no --with-zstd option given, just check default places - ;; - *) - dnl use the given --with-zstd spot - PREFIX_ZSTD=$OPT_ZSTD - ;; + ;; + off) + dnl no --with-zstd option given, just check default places + ;; + *) + dnl use the given --with-zstd spot + PREFIX_ZSTD=$OPT_ZSTD + ;; esac dnl if given with a prefix, we set -L and -I based on that @@ -1390,6 +1652,7 @@ if test X"$OPT_ZSTD" != Xno; then fi LDFLAGS="$LDFLAGS $LD_ZSTD" + LDFLAGSPC="$LDFLAGSPC $LD_ZSTD" CPPFLAGS="$CPPFLAGS $CPP_ZSTD" LIBS="$LIB_ZSTD $LIBS" @@ -1399,127 +1662,36 @@ if test X"$OPT_ZSTD" != Xno; then curl_zstd_msg="enabled (libzstd)" HAVE_ZSTD=1 AC_DEFINE(HAVE_ZSTD, 1, [if libzstd is in use]) - AC_SUBST(HAVE_ZSTD, [1]) ) - if test X"$OPT_ZSTD" != Xoff && + if test "x$OPT_ZSTD" != "xoff" && test "$HAVE_ZSTD" != "1"; then AC_MSG_ERROR([libzstd was not found where specified!]) fi if test "$HAVE_ZSTD" = "1"; then if test -n "$DIR_ZSTD"; then - dnl when the zstd shared lib were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl CURL_LIBRARY_PATH to prevent further configure tests to fail due to - dnl this - - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_ZSTD" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_ZSTD to CURL_LIBRARY_PATH]) - fi + dnl when the zstd shared lib were found in a path that the runtime + dnl linker does not search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail due to + dnl this + + if test "$cross_compiling" != "yes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_ZSTD" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_ZSTD to CURL_LIBRARY_PATH]) + fi fi + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libzstd" else dnl no zstd, revert back to clean variables LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC CPPFLAGS=$CLEANCPPFLAGS LIBS=$CLEANLIBS fi fi -dnl ********************************************************************** -dnl Check for LDAP -dnl ********************************************************************** - -LDAPLIBNAME="" -AC_ARG_WITH(ldap-lib, -AS_HELP_STRING([--with-ldap-lib=libname],[Specify name of ldap lib file]), - [LDAPLIBNAME="$withval"]) - -LBERLIBNAME="" -AC_ARG_WITH(lber-lib, -AS_HELP_STRING([--with-lber-lib=libname],[Specify name of lber lib file]), - [LBERLIBNAME="$withval"]) - -if test x$CURL_DISABLE_LDAP != x1 ; then - - CURL_CHECK_HEADER_LBER - CURL_CHECK_HEADER_LDAP - CURL_CHECK_HEADER_LDAPSSL - CURL_CHECK_HEADER_LDAP_SSL - - if test -z "$LDAPLIBNAME" ; then - if test "$curl_cv_native_windows" = "yes"; then - dnl Windows uses a single and unique LDAP library name - LDAPLIBNAME="wldap32" - LBERLIBNAME="no" - fi - fi - - if test "$LDAPLIBNAME" ; then - AC_CHECK_LIB("$LDAPLIBNAME", ldap_init,, [ - if test -n "$ldap_askedfor"; then - AC_MSG_ERROR([couldn't detect the LDAP libraries]) - fi - AC_MSG_WARN(["$LDAPLIBNAME" is not an LDAP library: LDAP disabled]) - AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) - AC_SUBST(CURL_DISABLE_LDAP, [1]) - AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) - AC_SUBST(CURL_DISABLE_LDAPS, [1])]) - else - dnl Try to find the right ldap libraries for this system - CURL_CHECK_LIBS_LDAP - case X-"$curl_cv_ldap_LIBS" in - X-unknown) - if test -n "$ldap_askedfor"; then - AC_MSG_ERROR([couldn't detect the LDAP libraries]) - fi - AC_MSG_WARN([Cannot find libraries for LDAP support: LDAP disabled]) - AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) - AC_SUBST(CURL_DISABLE_LDAP, [1]) - AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) - AC_SUBST(CURL_DISABLE_LDAPS, [1]) - ;; - esac - fi -fi - -if test x$CURL_DISABLE_LDAP != x1 ; then - - if test "$LBERLIBNAME" ; then - dnl If name is "no" then don't define this library at all - dnl (it's only needed if libldap.so's dependencies are broken). - if test "$LBERLIBNAME" != "no" ; then - AC_CHECK_LIB("$LBERLIBNAME", ber_free,, [ - AC_MSG_WARN(["$LBERLIBNAME" is not an LBER library: LDAP disabled]) - AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) - AC_SUBST(CURL_DISABLE_LDAP, [1]) - AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) - AC_SUBST(CURL_DISABLE_LDAPS, [1])]) - fi - fi -fi - -if test x$CURL_DISABLE_LDAP != x1 ; then - AC_CHECK_FUNCS([ldap_url_parse ldap_init_fd]) - - if test "$LDAPLIBNAME" = "wldap32"; then - curl_ldap_msg="enabled (winldap)" - AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation]) - else - curl_ldap_msg="enabled (OpenLDAP)" - if test "x$ac_cv_func_ldap_init_fd" = "xyes"; then - AC_DEFINE(USE_OPENLDAP, 1, [Use OpenLDAP-specific code]) - AC_SUBST(USE_OPENLDAP, [1]) - fi - fi -fi - -if test x$CURL_DISABLE_LDAPS != x1 ; then - curl_ldaps_msg="enabled" -fi - dnl ********************************************************************** dnl Checks for IPv6 dnl ********************************************************************** @@ -1530,74 +1702,73 @@ AS_HELP_STRING([--enable-ipv6],[Enable IPv6 (with IPv4) support]) AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - ipv6=no - ;; - *) AC_MSG_RESULT(yes) - ipv6=yes - ;; + AC_MSG_RESULT(no) + ipv6=no + ;; + *) + AC_MSG_RESULT(yes) + ipv6=yes + ;; esac ], - AC_RUN_IFELSE([AC_LANG_SOURCE([[ -/* are AF_INET6 and sockaddr_in6 available? */ -#include -#ifdef HAVE_WINSOCK2_H -#include -#include -#else -#include -#include -#if defined (__TANDEM) -# include -#endif -#endif -#include /* for exit() */ -main() -{ - struct sockaddr_in6 s; - (void)s; - if (socket(AF_INET6, SOCK_STREAM, 0) < 0) - exit(1); - else - exit(0); -} -]]) -], - AC_MSG_RESULT(yes) - ipv6=yes, - AC_MSG_RESULT(no) - ipv6=no, - AC_MSG_RESULT(yes) - ipv6=yes -)) + AC_COMPILE_IFELSE([ + AC_LANG_SOURCE([[ + /* are AF_INET6 and sockaddr_in6 available? */ + #include + #ifdef _WIN32 + #include + #include + #else + #include + #include + #ifdef __TANDEM + #include + #endif + #endif + int main(void) + { + int s = (int)sizeof(struct sockaddr_in6); + (void)s; + return socket(AF_INET6, SOCK_STREAM, 0) > 0; + } + ]]) + ], + AC_MSG_RESULT(yes) + ipv6=yes, + AC_MSG_RESULT(no) + ipv6=no + ) +) -if test "$ipv6" = yes; then +if test "$ipv6" = "yes"; then curl_ipv6_msg="enabled" - AC_DEFINE(ENABLE_IPV6, 1, [Define if you want to enable IPv6 support]) + AC_DEFINE(USE_IPV6, 1, [Define if you want to enable IPv6 support]) IPV6_ENABLED=1 - AC_SUBST(IPV6_ENABLED) AC_MSG_CHECKING([if struct sockaddr_in6 has sin6_scope_id member]) - AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#include -#ifdef HAVE_WINSOCK2_H -#include -#include -#else -#include -#if defined (__TANDEM) -# include -#endif -#endif -]], [[ - struct sockaddr_in6 s; - s.sin6_scope_id = 0; -]])], [ - AC_MSG_RESULT([yes]) - AC_DEFINE(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID, 1, [Define to 1 if struct sockaddr_in6 has the sin6_scope_id member]) - ], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + #include + #ifdef _WIN32 + #include + #include + #else + #include + #ifdef __TANDEM + #include + #endif + #endif + ]], [[ + struct sockaddr_in6 s; + s.sin6_scope_id = 0; + (void)s; + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID, 1, [Define to 1 if struct sockaddr_in6 has the sin6_scope_id member]) + ],[ AC_MSG_RESULT([no]) - ]) + ]) fi dnl ********************************************************************** @@ -1608,9 +1779,17 @@ AC_MSG_CHECKING([if argv can be written to]) CURL_RUN_IFELSE([[ int main(int argc, char **argv) { +#ifdef _WIN32 + /* on Windows, writing to the argv does not hide the argument in + process lists so it can just be skipped */ + (void)argc; + (void)argv; + return 1; +#else (void)argc; argv[0][0] = ' '; - return (argv[0][0] == ' ')?0:1; + return (argv[0][0] == ' ') ? 0 : 1; +#endif } ]],[ curl_cv_writable_argv=yes @@ -1619,18 +1798,21 @@ int main(int argc, char **argv) ],[ curl_cv_writable_argv=cross ]) +if test "$curl_cv_writable_argv" = "cross" && test "$curl_cv_apple" = "yes"; then + curl_cv_writable_argv=yes +fi case $curl_cv_writable_argv in -yes) - AC_DEFINE(HAVE_WRITABLE_ARGV, 1, [Define this symbol if your OS supports changing the contents of argv]) - AC_MSG_RESULT(yes) - ;; -no) - AC_MSG_RESULT(no) - ;; -*) - AC_MSG_RESULT(no) - AC_MSG_WARN([the previous check could not be made default was used]) - ;; + yes) + AC_DEFINE(HAVE_WRITABLE_ARGV, 1, [Define this symbol if your OS supports changing the contents of argv]) + AC_MSG_RESULT(yes) + ;; + no) + AC_MSG_RESULT(no) + ;; + *) + AC_MSG_RESULT(no) + AC_MSG_WARN([the previous check could not be made default was used]) + ;; esac dnl ********************************************************************** @@ -1641,47 +1823,54 @@ dnl check for GSS-API stuff in the /usr as default GSSAPI_ROOT="/usr" AC_ARG_WITH(gssapi-includes, - AS_HELP_STRING([--with-gssapi-includes=DIR], - [Specify location of GSS-API headers]), - [ GSSAPI_INCS="-I$withval" - want_gss="yes" ] + AS_HELP_STRING([--with-gssapi-includes=DIR], [Specify location of GSS-API headers]), [ + GSSAPI_INCS="-I$withval" + want_gss="yes" + ] ) AC_ARG_WITH(gssapi-libs, - AS_HELP_STRING([--with-gssapi-libs=DIR], - [Specify location of GSS-API libs]), - [ GSSAPI_LIB_DIR="-L$withval" - want_gss="yes" ] + AS_HELP_STRING([--with-gssapi-libs=DIR], [Specify location of GSS-API libs]), [ + GSSAPI_LIB_DIR="-L$withval" + want_gss="yes" + ] ) AC_ARG_WITH(gssapi, - AS_HELP_STRING([--with-gssapi=DIR], - [Where to look for GSS-API]), [ - GSSAPI_ROOT="$withval" - if test x"$GSSAPI_ROOT" != xno; then - want_gss="yes" - if test x"$GSSAPI_ROOT" = xyes; then - dnl if yes, then use default root - GSSAPI_ROOT="/usr" + AS_HELP_STRING([--with-gssapi=DIR], [Where to look for GSS-API]), [ + GSSAPI_ROOT="$withval" + if test "$GSSAPI_ROOT" != "no"; then + want_gss="yes" + if test "$GSSAPI_ROOT" = "yes"; then + dnl if yes, then use default root + GSSAPI_ROOT="/usr" + fi fi - fi -]) + ] +) : ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} save_CPPFLAGS="$CPPFLAGS" AC_MSG_CHECKING([if GSS-API support is requested]) -if test x"$want_gss" = xyes; then +if test "$want_gss" = "yes"; then AC_MSG_RESULT(yes) + if test "$GSSAPI_ROOT" != "/usr"; then + CURL_CHECK_PKGCONFIG(mit-krb5-gssapi, $GSSAPI_ROOT/lib/pkgconfig) + else + CURL_CHECK_PKGCONFIG(mit-krb5-gssapi) + fi if test -z "$GSSAPI_INCS"; then - if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$KRB5CONFIG"; then - GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` - elif test "$GSSAPI_ROOT" != "yes"; then - GSSAPI_INCS="-I$GSSAPI_ROOT/include" - fi + if test -n "$host_alias" && test -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then + GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` + elif test "$PKGCONFIG" != "no"; then + GSSAPI_INCS=`$PKGCONFIG --cflags mit-krb5-gssapi` + elif test -f "$KRB5CONFIG"; then + GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` + elif test "$GSSAPI_ROOT" != "yes"; then + GSSAPI_INCS="-I$GSSAPI_ROOT/include" + fi fi CPPFLAGS="$CPPFLAGS $GSSAPI_INCS" @@ -1693,126 +1882,128 @@ if test x"$want_gss" = xyes; then gnu_gss=yes ], [ - dnl not found, check Heimdal or MIT - AC_CHECK_HEADERS([gssapi/gssapi.h], [], [not_mit=1]) + dnl not found, check for MIT AC_CHECK_HEADERS( - [gssapi/gssapi_generic.h gssapi/gssapi_krb5.h], + [gssapi/gssapi.h gssapi/gssapi_generic.h gssapi/gssapi_krb5.h], [], - [not_mit=1], - [ -AC_INCLUDES_DEFAULT -#ifdef HAVE_GSSAPI_GSSAPI_H -#include -#endif - ]) - if test "x$not_mit" = "x1"; then - dnl MIT not found, check for Heimdal - AC_CHECK_HEADER(gssapi.h, - [ - dnl found - AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have Heimdal]) - ], - [ - dnl no header found, disabling GSS - want_gss=no - AC_MSG_WARN(disabling GSS-API support since no header files were found) - ] - ) - else - dnl MIT found - AC_DEFINE(HAVE_GSSMIT, 1, [if you have MIT Kerberos]) - dnl check if we have a really old MIT Kerberos version (<= 1.2) - AC_MSG_CHECKING([if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE]) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include -#include -#include - ]],[[ - gss_import_name( - (OM_uint32 *)0, - (gss_buffer_t)0, - GSS_C_NT_HOSTBASED_SERVICE, - (gss_name_t *)0); - ]]) - ],[ - AC_MSG_RESULT([yes]) - ],[ - AC_MSG_RESULT([no]) - AC_DEFINE(HAVE_OLD_GSSMIT, 1, - [if you have an old MIT Kerberos version, lacking GSS_C_NT_HOSTBASED_SERVICE]) - ]) + [not_mit=1]) + if test "$not_mit" = "1"; then + dnl MIT not found + AC_MSG_ERROR([MIT or GNU GSS library required, but not found]) fi ] ) else AC_MSG_RESULT(no) fi -if test x"$want_gss" = xyes; then +if test "$want_gss" = "yes"; then AC_DEFINE(HAVE_GSSAPI, 1, [if you have GSS-API libraries]) HAVE_GSSAPI=1 - curl_gss_msg="enabled (MIT Kerberos/Heimdal)" + curl_gss_msg="enabled (MIT Kerberos)" + link_pkgconfig='' if test -n "$gnu_gss"; then curl_gss_msg="enabled (GNU GSS)" LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR" + LDFLAGSPC="$LDFLAGSPC $GSSAPI_LIB_DIR" LIBS="-lgss $LIBS" + link_pkgconfig=1 elif test -z "$GSSAPI_LIB_DIR"; then - case $host in - *-*-darwin*) - LIBS="-lgssapi_krb5 -lresolv $LIBS" - ;; - *) - if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then - dnl krb5-config doesn't have --libs-only-L or similar, put everything - dnl into LIBS - gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi` - LIBS="$gss_libs $LIBS" - elif test -f "$KRB5CONFIG"; then - dnl krb5-config doesn't have --libs-only-L or similar, put everything - dnl into LIBS - gss_libs=`$KRB5CONFIG --libs gssapi` - LIBS="$gss_libs $LIBS" + if test "$curl_cv_apple" = "yes"; then + LIBS="-lgssapi_krb5 -lresolv $LIBS" + else + if test "$GSSAPI_ROOT" != "/usr"; then + CURL_CHECK_PKGCONFIG(mit-krb5-gssapi, $GSSAPI_ROOT/lib/pkgconfig) + else + CURL_CHECK_PKGCONFIG(mit-krb5-gssapi) + fi + if test -n "$host_alias" && test -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then + dnl krb5-config does not have --libs-only-L or similar, put everything + dnl into LIBS + gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi` + LIBS="$gss_libs $LIBS" + elif test "$PKGCONFIG" != "no"; then + gss_libs=`$PKGCONFIG --libs mit-krb5-gssapi` + LIBS="$gss_libs $LIBS" + link_pkgconfig=1 + elif test -f "$KRB5CONFIG"; then + dnl krb5-config does not have --libs-only-L or similar, put everything + dnl into LIBS + gss_libs=`$KRB5CONFIG --libs gssapi` + LIBS="$gss_libs $LIBS" + link_pkgconfig=1 + else + case $host in + *-hp-hpux*) + gss_libname="gss" + ;; + *) + gss_libname="gssapi" + ;; + esac + + if test "$GSSAPI_ROOT" != "yes"; then + LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff" + LDFLAGSPC="$LDFLAGSPC -L$GSSAPI_ROOT/lib$libsuff" + LIBS="-l$gss_libname $LIBS" else - case $host in - *-hp-hpux*) - gss_libname="gss" - ;; - *) - gss_libname="gssapi" - ;; - esac - - if test "$GSSAPI_ROOT" != "yes"; then - LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff" - LIBS="-l$gss_libname $LIBS" - else - LIBS="-l$gss_libname $LIBS" - fi + LIBS="-l$gss_libname $LIBS" fi - ;; - esac + fi + fi + gss_version="" + if test -n "$host_alias" && test -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then + gss_version=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --version | $SED 's/Kerberos 5 release //'` + elif test "$PKGCONFIG" != "no"; then + gss_version=`$PKGCONFIG --modversion mit-krb5-gssapi` + elif test -f "$KRB5CONFIG"; then + gss_version=`$KRB5CONFIG --version | $SED 's/Kerberos 5 release //'` + fi + if test -n "$gss_version"; then + AC_MSG_NOTICE([GSS-API MIT Kerberos version detected: $gss_version]) + AC_DEFINE_UNQUOTED([CURL_KRB5_VERSION], ["$gss_version"], [MIT Kerberos version]) + fi else - LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR" - case $host in - *-hp-hpux*) + LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR" + LDFLAGSPC="$LDFLAGSPC $GSSAPI_LIB_DIR" + case $host in + *-hp-hpux*) LIBS="-lgss $LIBS" ;; - *) + *) LIBS="-lgssapi $LIBS" ;; - esac + esac + fi + if test -n "$link_pkgconfig"; then + if test -n "$gnu_gss"; then + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE gss" + else + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE mit-krb5-gssapi" + fi fi else CPPFLAGS="$save_CPPFLAGS" fi +if test "$want_gss" = "yes"; then + AC_MSG_CHECKING([if we can link against GSS-API library]) + AC_LINK_IFELSE([ + AC_LANG_FUNC_LINK_TRY([gss_init_sec_context]) + ],[ + AC_MSG_RESULT([yes]) + ],[ + AC_MSG_RESULT([no]) + AC_MSG_ERROR([--with-gssapi was specified, but a GSS-API library was not found.]) + ]) +fi + build_libstubgss=no -if test x"$want_gss" = "xyes"; then +if test "$want_gss" = "yes"; then build_libstubgss=yes fi -AM_CONDITIONAL(BUILD_STUB_GSS, test "x$build_libstubgss" = "xyes") +AM_CONDITIONAL(BUILD_STUB_GSS, test "$build_libstubgss" = "yes") dnl ------------------------------------------------------------- dnl parse --with-default-ssl-backend so it can be validated below @@ -1834,174 +2025,355 @@ case "$DEFAULT_SSL_BACKEND" in ;; *) dnl --with-default-ssl-backend option used with name - AC_SUBST(DEFAULT_SSL_BACKEND) dnl needs to be validated below VALID_DEFAULT_SSL_BACKEND=no ;; esac CURL_WITH_SCHANNEL -CURL_WITH_SECURETRANSPORT CURL_WITH_AMISSL CURL_WITH_OPENSSL CURL_WITH_GNUTLS CURL_WITH_MBEDTLS CURL_WITH_WOLFSSL -CURL_WITH_MESALINK -CURL_WITH_BEARSSL CURL_WITH_RUSTLS -CURL_WITH_NSS +CURL_WITH_APPLE_SECTRUST -dnl link required libraries for USE_WIN32_CRYPTO or USE_SCHANNEL -if test "x$USE_WIN32_CRYPTO" = "x1" -o "x$USE_SCHANNEL" = "x1"; then +dnl link required libraries for USE_WIN32_CRYPTO or SCHANNEL_ENABLED +if test "$USE_WIN32_CRYPTO" = "1" || test "$SCHANNEL_ENABLED" = "1"; then LIBS="-ladvapi32 -lcrypt32 $LIBS" fi -case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED$RUSTLS_ENABLED" -in -x) - AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) - AC_MSG_WARN([Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl, --with-bearssl or --with-rustls to address this.]) - ;; -x1) - # one SSL backend is enabled - AC_SUBST(SSL_ENABLED) - SSL_ENABLED="1" - AC_MSG_NOTICE([built with one SSL backend]) - ;; -*) - # more than one SSL backend is enabled - AC_SUBST(SSL_ENABLED) - SSL_ENABLED="1" - AC_SUBST(CURL_WITH_MULTI_SSL) - CURL_WITH_MULTI_SSL="1" - AC_DEFINE(CURL_WITH_MULTI_SSL, 1, [built with multiple SSL backends]) - AC_MSG_NOTICE([built with multiple SSL backends]) - ;; +if test "$curl_cv_native_windows" = "yes"; then + dnl for BCryptGenRandom() + LIBS="-lbcrypt $LIBS" +fi + +case "x$SSL_DISABLED$OPENSSL_ENABLED$GNUTLS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$RUSTLS_ENABLED" in + x) + AC_MSG_ERROR([TLS not detected, you will not be able to use HTTPS, FTPS, NTLM and more. +Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-schannel, --with-amissl or --with-rustls to address this.]) + ;; + x1) + # one SSL backend is enabled + SSL_ENABLED="1" + AC_MSG_NOTICE([built with one SSL backend]) + ;; + xD) + # explicitly built without TLS + ;; + xD*) + AC_MSG_ERROR([--without-ssl has been set together with an explicit option to use an ssl library +(e.g. --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-schannel, --with-amissl, --with-rustls). +Since these are conflicting parameters, verify which is the desired one and drop the other.]) + ;; + *) + # more than one SSL backend is enabled + SSL_ENABLED="1" + CURL_WITH_MULTI_SSL="1" + AC_DEFINE(CURL_WITH_MULTI_SSL, 1, [built with multiple SSL backends]) + AC_MSG_NOTICE([built with multiple SSL backends]) + ;; esac if test -n "$ssl_backends"; then curl_ssl_msg="enabled ($ssl_backends)" fi -if test no = "$VALID_DEFAULT_SSL_BACKEND" -then - if test -n "$SSL_ENABLED" - then +if test "$VALID_DEFAULT_SSL_BACKEND" = "no"; then + if test -n "$SSL_ENABLED"; then AC_MSG_ERROR([Default SSL backend $DEFAULT_SSL_BACKEND not enabled!]) else AC_MSG_ERROR([Default SSL backend requires SSL!]) fi -elif test yes = "$VALID_DEFAULT_SSL_BACKEND" -then +elif test "$VALID_DEFAULT_SSL_BACKEND" = "yes"; then AC_DEFINE_UNQUOTED([CURL_DEFAULT_SSL_BACKEND], ["$DEFAULT_SSL_BACKEND"], [Default SSL backend]) fi +dnl --------------------- +dnl check native CA store +dnl --------------------- + +ca_native_opt=0 +AC_MSG_CHECKING([whether to use native CA store]) +AC_ARG_ENABLE(ca-native, +AS_HELP_STRING([--enable-ca-native],[Enable native CA store]) +AS_HELP_STRING([--disable-ca-native],[Disable native CA store (default)]), +[ case "$enableval" in + yes) + AC_MSG_RESULT([yes]) + AC_DEFINE(CURL_CA_NATIVE, 1, [If native CA store is enabled]) + ca_native_opt=1 + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac ], + AC_MSG_RESULT([no]) +) + dnl ********************************************************************** dnl Check for the CA bundle dnl ********************************************************************** if test -n "$check_for_ca_bundle"; then CURL_CHECK_CA_BUNDLE + CURL_CHECK_CA_EMBED +fi + +AM_CONDITIONAL(CURL_CA_EMBED_SET, test -n "$CURL_CA_EMBED") + +dnl ---------------------- +dnl check unsafe CA search +dnl ---------------------- + +if test "$curl_cv_native_windows" = "yes"; then + ca_search=1 + AC_MSG_CHECKING([whether to enable unsafe CA bundle search in PATH on Windows]) + AC_ARG_ENABLE(ca-search, +AS_HELP_STRING([--enable-ca-search],[Enable unsafe CA bundle search in PATH on Windows]) +AS_HELP_STRING([--disable-ca-search],[Disable unsafe CA bundle search in PATH on Windows]), + [ case "$enableval" in + no) + AC_MSG_RESULT([no]) + ca_search=0 + ;; + yes) + AC_MSG_RESULT([yes]) + ;; + *) + if test "$ca_native_opt" = "1"; then + AC_MSG_RESULT([no]) + ca_search=0 + else + AC_MSG_RESULT([yes]) + fi + ;; + esac ], + if test "$ca_native_opt" = "1"; then + AC_MSG_RESULT([no]) + ca_search=0 + else + AC_MSG_RESULT([yes]) + fi + ) + if test "$ca_search" = "0"; then + AC_DEFINE(CURL_DISABLE_CA_SEARCH, 1, [If unsafe CA bundle search in PATH on Windows is disabled]) + fi +fi + +dnl -------------------- +dnl check safe CA search +dnl -------------------- + +if test "$curl_cv_native_windows" = "yes"; then + AC_MSG_CHECKING([whether to enable safe CA bundle search (within the curl tool directory) on Windows]) + AC_ARG_ENABLE(ca-search-safe, +AS_HELP_STRING([--enable-ca-search-safe],[Enable safe CA bundle search]) +AS_HELP_STRING([--disable-ca-search-safe],[Disable safe CA bundle search (default)]), + [ case "$enableval" in + yes) + AC_MSG_RESULT([yes]) + AC_DEFINE(CURL_CA_SEARCH_SAFE, 1, [If safe CA bundle search is enabled]) + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac ], + AC_MSG_RESULT([no]) + ) fi dnl ********************************************************************** dnl Check for libpsl dnl ********************************************************************** -AC_ARG_WITH(libpsl, - AS_HELP_STRING([--without-libpsl], - [disable support for libpsl cookie checking]), - with_libpsl=$withval, - with_libpsl=yes) -if test $with_libpsl != "no"; then - AC_SEARCH_LIBS(psl_builtin, psl, - [curl_psl_msg="enabled"; - AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled]) - ], - [curl_psl_msg="no (libpsl not found)"; - AC_MSG_WARN([libpsl was not found]) - ] +dnl Default to compiler & linker defaults for LIBPSL files & libraries. +OPT_LIBPSL=off +AC_ARG_WITH(libpsl,dnl +AS_HELP_STRING([--with-libpsl=PATH],[Where to look for libpsl, PATH points to the LIBPSL installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--without-libpsl], [disable LIBPSL]), + OPT_LIBPSL=$withval) + +if test "x$OPT_LIBPSL" != "xno"; then + dnl backup the pre-libpsl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_LIBPSL" in + yes|off) + dnl --with-libpsl (without path) used + CURL_CHECK_PKGCONFIG(libpsl) + + if test "$PKGCONFIG" != "no"; then + LIB_PSL=`$PKGCONFIG --libs-only-l libpsl` + LD_PSL=`$PKGCONFIG --libs-only-L libpsl` + CPP_PSL=`$PKGCONFIG --cflags-only-I libpsl` + else + dnl no libpsl pkg-config found + LIB_PSL="-lpsl" + fi + + ;; + *) + dnl use the given --with-libpsl spot + LIB_PSL="-lpsl" + PREFIX_PSL=$OPT_LIBPSL + ;; + esac + + dnl if given with a prefix, we set -L and -I based on that + if test -n "$PREFIX_PSL"; then + LD_PSL=-L${PREFIX_PSL}/lib$libsuff + CPP_PSL=-I${PREFIX_PSL}/include + fi + + LDFLAGS="$LDFLAGS $LD_PSL" + LDFLAGSPC="$LDFLAGSPC $LD_PSL" + CPPFLAGS="$CPPFLAGS $CPP_PSL" + LIBS="$LIB_PSL $LIBS" + + AC_CHECK_LIB(psl, psl_builtin, + [ + AC_CHECK_HEADERS(libpsl.h, + curl_psl_msg="enabled" + AC_DEFINE(USE_LIBPSL, 1, [if libpsl is in use]) + USE_LIBPSL=1 + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libpsl" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS ) + + if test "$USE_LIBPSL" != "1"; then + AC_MSG_ERROR([libpsl libs and/or directories were not found where specified!]) + fi fi AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "enabled"]) - dnl ********************************************************************** dnl Check for libgsasl dnl ********************************************************************** -AC_ARG_WITH(libgsasl, - AS_HELP_STRING([--without-libgsasl], - [disable libgsasl support for SCRAM]), - with_libgsasl=$withval, - with_libgsasl=yes) -if test $with_libgsasl != "no"; then - AC_SEARCH_LIBS(gsasl_init, gsasl, - [curl_gsasl_msg="enabled"; - AC_DEFINE([USE_GSASL], [1], [GSASL support enabled]) - ], - [curl_gsasl_msg="no (libgsasl not found)"; - AC_MSG_WARN([libgsasl was not found]) - ] +OPT_LIBGSASL=no +AC_ARG_WITH(libgsasl,dnl +AS_HELP_STRING([--with-libgsasl=PATH],[Where to look for libgsasl, PATH points to the libgsasl installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--without-libgsasl], [disable libgsasl support for SCRAM]), + OPT_LIBGSASL=$withval) + +if test "x$OPT_LIBGSASL" != "xno"; then + dnl backup the pre-libgsasl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_LIBGSASL" in + yes) + dnl --with-libgsasl (without path) used + CURL_CHECK_PKGCONFIG(libgsasl) + + if test "$PKGCONFIG" != "no"; then + LIB_GSASL=`$PKGCONFIG --libs-only-l libgsasl` + LD_GSASL=`$PKGCONFIG --libs-only-L libgsasl` + CPP_GSASL=`$PKGCONFIG --cflags-only-I libgsasl` + else + dnl no libgsasl pkg-config found + LIB_GSASL="-lgsasl" + fi + ;; + *) + dnl use the given --with-libgsasl spot + PREFIX_GSASL=$OPT_LIBGSASL + ;; + esac + + dnl if given with a prefix, we set -L and -I based on that + if test -n "$PREFIX_GSASL"; then + LIB_GSASL="-lgsasl" + LD_GSASL=-L${PREFIX_GSASL}/lib$libsuff + CPP_GSASL=-I${PREFIX_GSASL}/include + fi + + LDFLAGS="$LDFLAGS $LD_GSASL" + LDFLAGSPC="$LDFLAGSPC $LD_GSASL" + CPPFLAGS="$CPPFLAGS $CPP_GSASL" + LIBS="$LIB_GSASL $LIBS" + + AC_CHECK_LIB(gsasl, gsasl_init, + [ + AC_CHECK_HEADERS(gsasl.h, + curl_gsasl_msg="enabled" + AC_DEFINE(USE_GSASL, 1, [GSASL support enabled]) + USE_LIBGSASL=1 + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libgsasl" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + curl_gsasl_msg="no (libgsasl not found)" + AC_MSG_WARN([libgsasl was not found]) ) fi AM_CONDITIONAL([USE_GSASL], [test "$curl_gsasl_msg" = "enabled"]) AC_ARG_WITH(libmetalink,, - AC_MSG_ERROR([--with-libmetalink no longer works!])) + AC_MSG_ERROR([--with-libmetalink and --without-libmetalink no longer work!])) dnl ********************************************************************** -dnl Check for the presence of LIBSSH2 libraries and headers +dnl Check for the presence of libssh2 libraries and headers dnl ********************************************************************** -dnl Default to compiler & linker defaults for LIBSSH2 files & libraries. +dnl Default to compiler & linker defaults for libssh2 files & libraries. OPT_LIBSSH2=off AC_ARG_WITH(libssh2,dnl AS_HELP_STRING([--with-libssh2=PATH],[Where to look for libssh2, PATH points to the libssh2 installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) AS_HELP_STRING([--with-libssh2], [enable libssh2]), OPT_LIBSSH2=$withval, OPT_LIBSSH2=no) - OPT_LIBSSH=off AC_ARG_WITH(libssh,dnl AS_HELP_STRING([--with-libssh=PATH],[Where to look for libssh, PATH points to the libssh installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) AS_HELP_STRING([--with-libssh], [enable libssh]), OPT_LIBSSH=$withval, OPT_LIBSSH=no) -OPT_WOLFSSH=off -AC_ARG_WITH(wolfssh,dnl -AS_HELP_STRING([--with-wolfssh=PATH],[Where to look for wolfssh, PATH points to the wolfSSH installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) -AS_HELP_STRING([--with-wolfssh], [enable wolfssh]), - OPT_WOLFSSH=$withval, OPT_WOLFSSH=no) - -if test X"$OPT_LIBSSH2" != Xno; then +if test "x$OPT_LIBSSH2" != "xno"; then dnl backup the pre-libssh2 variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" case "$OPT_LIBSSH2" in - yes) - dnl --with-libssh2 (without path) used - CURL_CHECK_PKGCONFIG(libssh2) - - if test "$PKGCONFIG" != "no" ; then - LIB_SSH2=`$PKGCONFIG --libs libssh2` - LD_SSH2=`$PKGCONFIG --libs-only-L libssh2` - CPP_SSH2=`$PKGCONFIG --cflags-only-I libssh2` - version=`$PKGCONFIG --modversion libssh2` - DIR_SSH2=`echo $LD_SSH2 | $SED -e 's/^-L//'` - fi + yes) + dnl --with-libssh2 (without path) used + CURL_CHECK_PKGCONFIG(libssh2) + + if test "$PKGCONFIG" != "no"; then + LIB_SSH2=`$PKGCONFIG --libs-only-l libssh2` + LD_SSH2=`$PKGCONFIG --libs-only-L libssh2` + CPP_SSH2=`$PKGCONFIG --cflags-only-I libssh2` + version=`$PKGCONFIG --modversion libssh2` + DIR_SSH2=`echo $LD_SSH2 | $SED -e 's/^-L//'` + fi - ;; - off) - dnl no --with-libssh2 option given, just check default places - ;; - *) - dnl use the given --with-libssh2 spot - PREFIX_SSH2=$OPT_LIBSSH2 - ;; + ;; + off) + dnl no --with-libssh2 option given, just check default places + ;; + *) + dnl use the given --with-libssh2 spot + PREFIX_SSH2=$OPT_LIBSSH2 + ;; esac dnl if given with a prefix, we set -L and -I based on that @@ -2013,69 +2385,72 @@ if test X"$OPT_LIBSSH2" != Xno; then fi LDFLAGS="$LDFLAGS $LD_SSH2" + LDFLAGSPC="$LDFLAGSPC $LD_SSH2" CPPFLAGS="$CPPFLAGS $CPP_SSH2" LIBS="$LIB_SSH2 $LIBS" - dnl check for function added in libssh2 version 1.0 - AC_CHECK_LIB(ssh2, libssh2_session_block_directions) + dnl check for function added in libssh2 version 1.9.0 + AC_CHECK_LIB(ssh2, libssh2_agent_get_identity_path) - AC_CHECK_HEADERS(libssh2.h, - curl_ssh_msg="enabled (libSSH2)" - LIBSSH2_ENABLED=1 - AC_DEFINE(USE_LIBSSH2, 1, [if libSSH2 is in use]) - AC_SUBST(USE_LIBSSH2, [1]) + AC_CHECK_HEADER(libssh2.h, + curl_ssh_msg="enabled (libssh2)" + AC_DEFINE(USE_LIBSSH2, 1, [if libssh2 is in use]) + USE_LIBSSH2=1 ) - if test X"$OPT_LIBSSH2" != Xoff && - test "$LIBSSH2_ENABLED" != "1"; then - AC_MSG_ERROR([libSSH2 libs and/or directories were not found where specified!]) + if test "x$OPT_LIBSSH2" != "xoff" && + test "$USE_LIBSSH2" != "1"; then + AC_MSG_ERROR([libssh2 libs and/or directories were not found where specified!]) fi - if test "$LIBSSH2_ENABLED" = "1"; then + if test "$USE_LIBSSH2" = "1"; then if test -n "$DIR_SSH2"; then - dnl when the libssh2 shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH - dnl to prevent further configure tests to fail due to this - - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_SSH2" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_SSH2 to CURL_LIBRARY_PATH]) - fi + dnl when the libssh2 shared libs were found in a path that the runtime + dnl linker does not search through, we need to add it to CURL_LIBRARY_PATH + dnl to prevent further configure tests to fail due to this + + if test "$cross_compiling" != "yes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_SSH2" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_SSH2 to CURL_LIBRARY_PATH]) + fi fi + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libssh2" else dnl no libssh2, revert back to clean variables LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC CPPFLAGS=$CLEANCPPFLAGS LIBS=$CLEANLIBS fi -elif test X"$OPT_LIBSSH" != Xno; then +elif test "x$OPT_LIBSSH" != "xno"; then dnl backup the pre-libssh variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" case "$OPT_LIBSSH" in - yes) - dnl --with-libssh (without path) used - CURL_CHECK_PKGCONFIG(libssh) - - if test "$PKGCONFIG" != "no" ; then - LIB_SSH=`$PKGCONFIG --libs-only-l libssh` - LD_SSH=`$PKGCONFIG --libs-only-L libssh` - CPP_SSH=`$PKGCONFIG --cflags-only-I libssh` - version=`$PKGCONFIG --modversion libssh` - DIR_SSH=`echo $LD_SSH | $SED -e 's/^-L//'` - fi + yes) + dnl --with-libssh (without path) used + CURL_CHECK_PKGCONFIG(libssh) + + if test "$PKGCONFIG" != "no"; then + LIB_SSH=`$PKGCONFIG --libs-only-l libssh` + LD_SSH=`$PKGCONFIG --libs-only-L libssh` + CPP_SSH=`$PKGCONFIG --cflags-only-I libssh` + version=`$PKGCONFIG --modversion libssh` + DIR_SSH=`echo $LD_SSH | $SED -e 's/^-L//'` + fi - ;; - off) - dnl no --with-libssh option given, just check default places - ;; - *) - dnl use the given --with-libssh spot - PREFIX_SSH=$OPT_LIBSSH - ;; + ;; + off) + dnl no --with-libssh option given, just check default places + ;; + *) + dnl use the given --with-libssh spot + PREFIX_SSH=$OPT_LIBSSH + ;; esac dnl if given with a prefix, we set -L and -I based on that @@ -2087,142 +2462,230 @@ elif test X"$OPT_LIBSSH" != Xno; then fi LDFLAGS="$LDFLAGS $LD_SSH" + LDFLAGSPC="$LDFLAGSPC $LD_SSH" CPPFLAGS="$CPPFLAGS $CPP_SSH" LIBS="$LIB_SSH $LIBS" AC_CHECK_LIB(ssh, ssh_new) - AC_CHECK_HEADERS(libssh/libssh.h, - curl_ssh_msg="enabled (libSSH)" - LIBSSH_ENABLED=1 - AC_DEFINE(USE_LIBSSH, 1, [if libSSH is in use]) - AC_SUBST(USE_LIBSSH, [1]) + AC_CHECK_HEADER(libssh/libssh.h, + curl_ssh_msg="enabled (libssh)" + AC_DEFINE(USE_LIBSSH, 1, [if libssh is in use]) + USE_LIBSSH=1 ) - if test X"$OPT_LIBSSH" != Xoff && - test "$LIBSSH_ENABLED" != "1"; then - AC_MSG_ERROR([libSSH libs and/or directories were not found where specified!]) + if test "x$OPT_LIBSSH" != "xoff" && + test "$USE_LIBSSH" != "1"; then + AC_MSG_ERROR([libssh libs and/or directories were not found where specified!]) fi - if test "$LIBSSH_ENABLED" = "1"; then + if test "$USE_LIBSSH" = "1"; then + if test "$curl_cv_native_windows" = "yes"; then + dnl for if_nametoindex + LIBS="-liphlpapi $LIBS" + fi if test -n "$DIR_SSH"; then - dnl when the libssh shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH - dnl to prevent further configure tests to fail due to this - - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_SSH" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_SSH to CURL_LIBRARY_PATH]) - fi + dnl when the libssh shared libs were found in a path that the runtime + dnl linker does not search through, we need to add it to CURL_LIBRARY_PATH + dnl to prevent further configure tests to fail due to this + + if test "$cross_compiling" != "yes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_SSH" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_SSH to CURL_LIBRARY_PATH]) + fi fi + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libssh" else dnl no libssh, revert back to clean variables LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC CPPFLAGS=$CLEANCPPFLAGS LIBS=$CLEANLIBS fi -elif test X"$OPT_WOLFSSH" != Xno; then - dnl backup the pre-wolfssh variables - CLEANLDFLAGS="$LDFLAGS" - CLEANCPPFLAGS="$CPPFLAGS" - CLEANLIBS="$LIBS" - - - if test "$OPT_WOLFSSH" != yes; then - WOLFCONFIG="$OPT_WOLFSSH/bin/wolfssh-config" - LDFLAGS="$LDFLAGS `$WOLFCONFIG --libs`" - CPPFLAGS="$CPPFLAGS `$WOLFCONFIG --cflags`" - fi - - AC_CHECK_LIB(wolfssh, wolfSSH_Init) - - AC_CHECK_HEADERS(wolfssh/ssh.h, - curl_ssh_msg="enabled (wolfSSH)" - WOLFSSH_ENABLED=1 - AC_DEFINE(USE_WOLFSSH, 1, [if wolfSSH is in use]) - AC_SUBST(USE_WOLFSSH, [1]) - ) - fi dnl ********************************************************************** -dnl Check for the presence of LIBRTMP libraries and headers +dnl Check for LDAP (after the SSL libraries) dnl ********************************************************************** -dnl Default to compiler & linker defaults for LIBRTMP files & libraries. -OPT_LIBRTMP=off -AC_ARG_WITH(librtmp,dnl -AS_HELP_STRING([--with-librtmp=PATH],[Where to look for librtmp, PATH points to the LIBRTMP installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) -AS_HELP_STRING([--without-librtmp], [disable LIBRTMP]), - OPT_LIBRTMP=$withval) - -if test X"$OPT_LIBRTMP" != Xno; then - dnl backup the pre-librtmp variables - CLEANLDFLAGS="$LDFLAGS" - CLEANCPPFLAGS="$CPPFLAGS" - CLEANLIBS="$LIBS" +LDAPLIBNAME="" +AC_ARG_WITH(ldap-lib, +AS_HELP_STRING([--with-ldap-lib=libname],[Specify name of ldap lib file]), + [LDAPLIBNAME="$withval"]) - case "$OPT_LIBRTMP" in +LBERLIBNAME="" +AC_ARG_WITH(lber-lib, +AS_HELP_STRING([--with-lber-lib=libname],[Specify name of lber lib file]), + [LBERLIBNAME="$withval"]) + +dnl Handle argument to --with-ldap. +clean_LDAP_CPPFLAGS=$CPPFLAGS +clean_LDAP_LDFLAGS=$LDFLAGS +clean_LDAP_LIBS=$LIBS +OPT_LDAP=off +AC_ARG_WITH(ldap, +AS_HELP_STRING([--with-ldap=PATH],[Where to look for LDAP, PATH points to the LDAP installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--without-ldap], [disable LDAP]), + OPT_LDAP=$withval) + +case "$OPT_LDAP" in + no) + dnl --without-ldap option used + want_ldap="no" + ;; yes) - dnl --with-librtmp (without path) used - CURL_CHECK_PKGCONFIG(librtmp) - - if test "$PKGCONFIG" != "no" ; then - LIB_RTMP=`$PKGCONFIG --libs-only-l librtmp` - LD_RTMP=`$PKGCONFIG --libs-only-L librtmp` - CPP_RTMP=`$PKGCONFIG --cflags-only-I librtmp` - version=`$PKGCONFIG --modversion librtmp` - DIR_RTMP=`echo $LD_RTMP | $SED -e 's/^-L//'` - else - dnl To avoid link errors, we do not allow --librtmp without - dnl a pkgconfig file - AC_MSG_ERROR([--librtmp was specified but could not find librtmp pkgconfig file.]) - fi - + dnl --with-ldap option used without path + want_ldap="yes" ;; off) - dnl no --with-librtmp option given, just check default places - LIB_RTMP="-lrtmp" + dnl no --with-ldap option given, do not change anything + want_ldap="default" ;; *) - dnl use the given --with-librtmp spot - LIB_RTMP="-lrtmp" - PREFIX_RTMP=$OPT_LIBRTMP + dnl --with-ldap option used with path + want_ldap="yes" + if test -d "$OPT_LDAP/lib$libsuff"; then + LDFLAGS="$LDFLAGS -L$OPT_LDAP/lib$libsuff" + DIR_LDAP="$OPT_LDAP/lib$libsuff" + elif test -d "$OPT_LDAP/lib"; then + LDFLAGS="$LDFLAGS -L$OPT_LDAP/lib" + DIR_LDAP="$OPT_LDAP/lib" + fi + if test -d "$OPT_LDAP/include"; then + CPPFLAGS="$CPPFLAGS -I$OPT_LDAP/include" + fi + ldap_askedfor="yes" ;; - esac +esac - dnl if given with a prefix, we set -L and -I based on that - if test -n "$PREFIX_RTMP"; then - LD_RTMP=-L${PREFIX_RTMP}/lib$libsuff - CPP_RTMP=-I${PREFIX_RTMP}/include - DIR_RTMP=${PREFIX_RTMP}/lib$libsuff +if test "$CURL_DISABLE_LDAP" != "1" && test "$want_ldap" != "no"; then + + CURL_CHECK_HEADER_LBER + CURL_CHECK_HEADER_LDAP + CURL_CHECK_HEADER_LDAP_SSL + + if test -z "$LDAPLIBNAME"; then + if test "$curl_cv_native_windows" = "yes" && test "$curl_cv_winuwp" != "yes"; then + dnl Windows uses a single and unique LDAP library name + LDAPLIBNAME="wldap32" + LBERLIBNAME="no" + fi fi - LDFLAGS="$LDFLAGS $LD_RTMP" - CPPFLAGS="$CPPFLAGS $CPP_RTMP" - LIBS="$LIB_RTMP $LIBS" + if test "$LDAPLIBNAME"; then + dnl If we have both LDAP and LBER library names, check if we need both + if test "$LBERLIBNAME" && test "$LBERLIBNAME" != "no"; then + dnl Try LDAP first, then with LBER if needed + AC_CHECK_LIB("$LDAPLIBNAME", ldap_init, [ldap_lib_ok=yes], [ldap_lib_ok=no]) + if test "$ldap_lib_ok" = "no"; then + dnl LDAP alone failed, try with LBER using a different function + AC_CHECK_LIB("$LDAPLIBNAME", ldap_unbind, [ldap_lib_ok=yes], [ldap_lib_ok=no], [-l$LBERLIBNAME]) + if test "$ldap_lib_ok" = "yes"; then + dnl We need both libraries + LIBS="-l$LDAPLIBNAME -l$LBERLIBNAME $LIBS" + fi + else + dnl LDAP alone is sufficient + LIBS="-l$LDAPLIBNAME $LIBS" + fi + else + dnl Only check LDAP library + AC_CHECK_LIB("$LDAPLIBNAME", ldap_init, [ldap_lib_ok=yes; LIBS="-l$LDAPLIBNAME $LIBS"], [ldap_lib_ok=no]) + fi - AC_CHECK_LIB(rtmp, RTMP_Init, - [ - AC_CHECK_HEADERS(librtmp/rtmp.h, - curl_rtmp_msg="enabled (librtmp)" - LIBRTMP_ENABLED=1 - AC_DEFINE(USE_LIBRTMP, 1, [if librtmp is in use]) - AC_SUBST(USE_LIBRTMP, [1]) - ) - ], - dnl not found, revert back to clean variables - LDFLAGS=$CLEANLDFLAGS - CPPFLAGS=$CLEANCPPFLAGS - LIBS=$CLEANLIBS - ) + if test "$ldap_lib_ok" = "no"; then + if test -n "$ldap_askedfor"; then + AC_MSG_ERROR([could not detect the LDAP libraries]) + fi + AC_MSG_WARN(["$LDAPLIBNAME" is not an LDAP library: LDAP disabled]) + AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) + CURL_DISABLE_LDAP=1 + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + CURL_DISABLE_LDAPS=1 + dnl restore original flags + CPPFLAGS=$clean_LDAP_CPPFLAGS + LDFLAGS=$clean_LDAP_LDFLAGS + LIBS=$clean_LDAP_LIBS + fi + else + dnl Try to find the right ldap libraries for this system + CURL_CHECK_LIBS_LDAP + case X-"$curl_cv_ldap_LIBS" in + X-unknown) + if test -n "$ldap_askedfor"; then + AC_MSG_ERROR([could not detect the LDAP libraries]) + fi + AC_MSG_WARN([Cannot find libraries for LDAP support: LDAP disabled]) + AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) + CURL_DISABLE_LDAP=1 + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + CURL_DISABLE_LDAPS=1 + dnl restore original flags + CPPFLAGS=$clean_LDAP_CPPFLAGS + LDFLAGS=$clean_LDAP_LDFLAGS + LIBS=$clean_LDAP_LIBS + ;; + esac + fi +fi - if test X"$OPT_LIBRTMP" != Xoff && - test "$LIBRTMP_ENABLED" != "1"; then - AC_MSG_ERROR([librtmp libs and/or directories were not found where specified!]) +if test "$CURL_DISABLE_LDAP" != "1"; then + dnl Add to library path if needed + if test -n "$DIR_LDAP"; then + dnl when the ldap shared lib were found in a path that the runtime + dnl linker does not search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail due to + dnl this + + if test "$cross_compiling" != "yes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_LDAP" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_LDAP to CURL_LIBRARY_PATH]) + fi fi + if test "$LBERLIBNAME"; then + dnl If name is "no" then do not define this library at all + dnl (it is only needed if libldap.so's dependencies are broken). + dnl Skip this check if we already determined we need both libraries above + if test "$LBERLIBNAME" != "no" && test "$ldap_lib_ok" != "yes"; then + AC_CHECK_LIB("$LBERLIBNAME", ber_free,, [ + AC_MSG_WARN(["$LBERLIBNAME" is not an LBER library: LDAP disabled]) + AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) + CURL_DISABLE_LDAP=1 + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + CURL_DISABLE_LDAPS=1 + dnl restore original flags + CPPFLAGS=$clean_LDAP_CPPFLAGS + LDFLAGS=$clean_LDAP_LDFLAGS + LIBS=$clean_LDAP_LIBS + ] + ) + fi + fi +fi + +if test "$CURL_DISABLE_LDAP" != "1"; then + AC_CHECK_FUNCS([ldap_url_parse \ + ldap_init_fd]) + + if test "$LDAPLIBNAME" = "wldap32"; then + curl_ldap_msg="enabled (winldap)" + AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation]) + else + if test "$ac_cv_func_ldap_init_fd" = "yes"; then + curl_ldap_msg="enabled (OpenLDAP)" + AC_DEFINE(USE_OPENLDAP, 1, [Use OpenLDAP-specific code]) + USE_OPENLDAP=1 + else + curl_ldap_msg="enabled (ancient OpenLDAP)" + fi + fi +fi + +if test "$CURL_DISABLE_LDAPS" != "1"; then + curl_ldaps_msg="enabled" fi dnl ********************************************************************** @@ -2235,128 +2698,152 @@ AC_ARG_ENABLE(versioned-symbols, AS_HELP_STRING([--enable-versioned-symbols], [Enable versioned symbols in shared library]) AS_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shared library]), [ case "$enableval" in - yes) AC_MSG_RESULT(yes) + no) + AC_MSG_RESULT(no) + ;; + *) + AC_MSG_RESULT(yes) AC_MSG_CHECKING([if libraries can be versioned]) GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script` if test -z "$GLD"; then - AC_MSG_RESULT(no) - AC_MSG_WARN([You need an ld version supporting the --version-script option]) + AC_MSG_RESULT(no) + AC_MSG_WARN([You need an ld version supporting the --version-script option]) else - AC_MSG_RESULT(yes) - if test "x$CURL_WITH_MULTI_SSL" = "x1"; then - versioned_symbols_flavour="MULTISSL_" - elif test "x$OPENSSL_ENABLED" = "x1"; then - versioned_symbols_flavour="OPENSSL_" - elif test "x$GNUTLS_ENABLED" = "x1"; then - versioned_symbols_flavour="GNUTLS_" - elif test "x$NSS_ENABLED" = "x1"; then - versioned_symbols_flavour="NSS_" - elif test "x$WOLFSSL_ENABLED" = "x1"; then - versioned_symbols_flavour="WOLFSSL_" - elif test "x$SCHANNEL_ENABLED" = "x1"; then - versioned_symbols_flavour="SCHANNEL_" - elif test "x$SECURETRANSPORT_ENABLED" = "x1"; then - versioned_symbols_flavour="SECURE_TRANSPORT_" - else - versioned_symbols_flavour="" - fi - versioned_symbols="yes" + AC_MSG_RESULT(yes) + if test "x$enableval" != "xyes"; then + versioned_symbols_flavour="$enableval" + elif test "$CURL_WITH_MULTI_SSL" = "1"; then + versioned_symbols_flavour="MULTISSL_" + elif test "$OPENSSL_ENABLED" = "1"; then + versioned_symbols_flavour="OPENSSL_" + elif test "$MBEDTLS_ENABLED" = "1"; then + versioned_symbols_flavour="MBEDTLS_" + elif test "$WOLFSSL_ENABLED" = "1"; then + versioned_symbols_flavour="WOLFSSL_" + elif test "$GNUTLS_ENABLED" = "1"; then + versioned_symbols_flavour="GNUTLS_" + elif test "$RUSTLS_ENABLED" = "1"; then + versioned_symbols_flavour="RUSTLS_" + else + versioned_symbols_flavour="" + fi + versioned_symbols="yes" fi ;; - *) AC_MSG_RESULT(no) - ;; esac ], [ -AC_MSG_RESULT(no) + AC_MSG_RESULT(no) ] ) -AC_SUBST([CURL_LT_SHLIB_VERSIONED_FLAVOUR], - ["$versioned_symbols_flavour"]) +AC_SUBST([CURL_LIBCURL_VERSIONED_SYMBOLS_PREFIX], ["$versioned_symbols_flavour"]) +AC_SUBST([CURL_LIBCURL_VERSIONED_SYMBOLS_SONAME], ["4"]) dnl Keep in sync with VERSIONCHANGE - VERSIONDEL in lib/Makefile.soname AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS], - [test "x$versioned_symbols" = 'xyes']) + [test "$versioned_symbols" = "yes"]) + +dnl ---------------------------- +dnl check Windows Unicode option +dnl ---------------------------- + +want_winuni="no" +if test "$curl_cv_native_windows" = "yes"; then + if test "$curl_cv_winuwp" = "yes"; then + want_winuni="yes" + else + AC_MSG_CHECKING([whether to enable Windows Unicode (Windows native builds only)]) + AC_ARG_ENABLE(windows-unicode, +AS_HELP_STRING([--enable-windows-unicode],[Enable Windows Unicode]) +AS_HELP_STRING([--disable-windows-unicode],[Disable Windows Unicode (default)]), + [ case "$enableval" in + yes) + want_winuni="yes" + AC_MSG_RESULT([yes]) + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac ], + AC_MSG_RESULT([no]) + ) + fi + + if test "$want_winuni" = "yes"; then + CPPFLAGS="${CPPFLAGS} -DUNICODE -D_UNICODE" + fi +fi + +AM_CONDITIONAL([USE_UNICODE], [test "$want_winuni" = "yes"]) dnl ------------------------------------------------- -dnl check winidn option before other IDN libraries +dnl check WinIDN option before other IDN libraries dnl ------------------------------------------------- -AC_MSG_CHECKING([whether to enable Windows native IDN (Windows native builds only)]) -OPT_WINIDN="default" -AC_ARG_WITH(winidn, -AS_HELP_STRING([--with-winidn=PATH],[enable Windows native IDN]) +tst_links_winidn='no' +if test "$curl_cv_native_windows" = "yes"; then + AC_MSG_CHECKING([whether to enable Windows native IDN (Windows native builds only)]) + OPT_WINIDN="default" + AC_ARG_WITH(winidn, +AS_HELP_STRING([--with-winidn],[enable Windows native IDN]) AS_HELP_STRING([--without-winidn], [disable Windows native IDN]), - OPT_WINIDN=$withval) -case "$OPT_WINIDN" in - no|default) - dnl --without-winidn option used or configure option not specified - want_winidn="no" - AC_MSG_RESULT([no]) - ;; - yes) - dnl --with-winidn option used without path - want_winidn="yes" - want_winidn_path="default" - AC_MSG_RESULT([yes]) - ;; - *) - dnl --with-winidn option used with path - want_winidn="yes" - want_winidn_path="$withval" - AC_MSG_RESULT([yes ($withval)]) - ;; -esac + OPT_WINIDN=$withval) + case "$OPT_WINIDN" in + no|default) + dnl --without-winidn option used or configure option not specified + want_winidn="no" + AC_MSG_RESULT([no]) + ;; + *) + dnl --with-winidn option + want_winidn="yes" + AC_MSG_RESULT([yes]) + ;; + esac -if test "$want_winidn" = "yes"; then - dnl winidn library support has been requested - clean_CPPFLAGS="$CPPFLAGS" - clean_LDFLAGS="$LDFLAGS" - clean_LIBS="$LIBS" - WINIDN_LIBS="-lnormaliz" - WINIDN_CPPFLAGS="-DWINVER=0x0600" - # - if test "$want_winidn_path" != "default"; then - dnl path has been specified - dnl pkg-config not available or provides no info - WINIDN_LDFLAGS="-L$want_winidn_path/lib$libsuff" - WINIDN_CPPFLAGS="-I$want_winidn_path/include" - WINIDN_DIR="$want_winidn_path/lib$libsuff" - fi - # - CPPFLAGS="$CPPFLAGS $WINIDN_CPPFLAGS" - LDFLAGS="$LDFLAGS $WINIDN_LDFLAGS" - LIBS="$WINIDN_LIBS $LIBS" - # - AC_MSG_CHECKING([if IdnToUnicode can be linked]) - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ - #include - ]],[[ - IdnToUnicode(0, NULL, 0, NULL, 0); - ]]) - ],[ - AC_MSG_RESULT([yes]) - tst_links_winidn="yes" - ],[ - AC_MSG_RESULT([no]) - tst_links_winidn="no" - ]) - # - if test "$tst_links_winidn" = "yes"; then + if test "$want_winidn" = "yes"; then + LIBS="-lnormaliz $LIBS" AC_DEFINE(USE_WIN32_IDN, 1, [Define to 1 if you have the `normaliz' (WinIDN) library (-lnormaliz).]) - AC_DEFINE(WANT_IDN_PROTOTYPES, 1, [Define to 1 to provide own prototypes.]) - AC_SUBST([IDN_ENABLED], [1]) + IDN_ENABLED=1 curl_idn_msg="enabled (Windows-native)" - else - AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled]) - CPPFLAGS="$clean_CPPFLAGS" - LDFLAGS="$clean_LDFLAGS" - LIBS="$clean_LIBS" fi fi dnl ********************************************************************** -dnl Check for the presence of IDN libraries and headers +dnl Check for the presence of AppleIDN +dnl ********************************************************************** + +tst_links_appleidn='no' +if test "$curl_cv_apple" = "yes"; then + AC_MSG_CHECKING([whether to build with Apple IDN]) + OPT_IDN="default" + AC_ARG_WITH(apple-idn, +AS_HELP_STRING([--with-apple-idn],[Enable AppleIDN]) +AS_HELP_STRING([--without-apple-idn],[Disable AppleIDN]), + [OPT_IDN=$withval]) + case "$OPT_IDN" in + yes) + dnl --with-apple-idn option used + AC_MSG_RESULT([yes, check]) + AC_CHECK_LIB(icucore, uidna_openUTS46, + [ + AC_CHECK_HEADERS(unicode/uidna.h, + curl_idn_msg="enabled (AppleIDN)" + AC_DEFINE(USE_APPLE_IDN, 1, [if AppleIDN]) + USE_APPLE_IDN=1 + IDN_ENABLED=1 + LIBS="-licucore -liconv $LIBS" + tst_links_appleidn='yes' + ) + ]) + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac +fi + +dnl ********************************************************************** +dnl Check for the presence of libidn2 dnl ********************************************************************** AC_MSG_CHECKING([whether to build with libidn2]) @@ -2365,36 +2852,45 @@ AC_ARG_WITH(libidn2, AS_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage]) AS_HELP_STRING([--without-libidn2],[Disable libidn2 usage]), [OPT_IDN=$withval]) -case "$OPT_IDN" in - no) - dnl --without-libidn2 option used - want_idn="no" - AC_MSG_RESULT([no]) - ;; - default) - dnl configure option not specified - want_idn="yes" - want_idn_path="default" - AC_MSG_RESULT([(assumed) yes]) - ;; - yes) - dnl --with-libidn2 option used without path - want_idn="yes" - want_idn_path="default" - AC_MSG_RESULT([yes]) - ;; - *) - dnl --with-libidn2 option used with path - want_idn="yes" - want_idn_path="$withval" - AC_MSG_RESULT([yes ($withval)]) - ;; -esac +if test "$tst_links_winidn" = "yes"; then + want_idn="no" + AC_MSG_RESULT([no (using WinIDN instead)]) +elif test "$tst_links_appleidn" = "yes"; then + want_idn="no" + AC_MSG_RESULT([no (using AppleIDN instead)]) +else + case "$OPT_IDN" in + no) + dnl --without-libidn2 option used + want_idn="no" + AC_MSG_RESULT([no]) + ;; + default) + dnl configure option not specified + want_idn="yes" + want_idn_path="default" + AC_MSG_RESULT([(assumed) yes]) + ;; + yes) + dnl --with-libidn2 option used without path + want_idn="yes" + want_idn_path="default" + AC_MSG_RESULT([yes]) + ;; + *) + dnl --with-libidn2 option used with path + want_idn="yes" + want_idn_path="$withval" + AC_MSG_RESULT([yes ($withval)]) + ;; + esac +fi if test "$want_idn" = "yes"; then dnl idn library support has been requested clean_CPPFLAGS="$CPPFLAGS" clean_LDFLAGS="$LDFLAGS" + clean_LDFLAGSPC="$LDFLAGSPC" clean_LIBS="$LIBS" PKGCONFIG="no" # @@ -2445,6 +2941,7 @@ if test "$want_idn" = "yes"; then # CPPFLAGS="$CPPFLAGS $IDN_CPPFLAGS" LDFLAGS="$LDFLAGS $IDN_LDFLAGS" + LDFLAGSPC="$LDFLAGSPC $IDN_LDFLAGS" LIBS="$IDN_LIBS $LIBS" # AC_MSG_CHECKING([if idn2_lookup_ul can be linked]) @@ -2458,41 +2955,38 @@ if test "$want_idn" = "yes"; then tst_links_libidn="no" ]) # - AC_CHECK_HEADERS( idn2.h ) + AC_CHECK_HEADERS(idn2.h) if test "$tst_links_libidn" = "yes"; then AC_DEFINE(HAVE_LIBIDN2, 1, [Define to 1 if you have the `idn2' library (-lidn2).]) dnl different versions of libidn have different setups of these: - AC_SUBST([IDN_ENABLED], [1]) + IDN_ENABLED=1 curl_idn_msg="enabled (libidn2)" - if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then + if test -n "$IDN_DIR" && test "$cross_compiling" != "yes"; then CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$IDN_DIR" export CURL_LIBRARY_PATH AC_MSG_NOTICE([Added $IDN_DIR to CURL_LIBRARY_PATH]) fi + LIBCURL_PC_REQUIRES_PRIVATE="libidn2 $LIBCURL_PC_REQUIRES_PRIVATE" else - AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled]) + AC_MSG_WARN([Cannot find libidn2]) CPPFLAGS="$clean_CPPFLAGS" LDFLAGS="$clean_LDFLAGS" + LDFLAGSPC="$clean_LDFLAGSPC" LIBS="$clean_LIBS" + want_idn="no" fi fi - -dnl Let's hope this split URL remains working: -dnl https://www15.software.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/ \ -dnl genprogc/thread_quick_ref.htm - - dnl ********************************************************************** dnl Check for nghttp2 dnl ********************************************************************** OPT_H2="yes" -if test "x$disable_http" = "xyes"; then - # without HTTP, nghttp2 is no use +if test "$disable_http" = "yes"; then + # without HTTP nghttp2 is no use OPT_H2="no" fi @@ -2503,80 +2997,93 @@ AS_HELP_STRING([--without-nghttp2],[Disable nghttp2 usage]), case "$OPT_H2" in no) dnl --without-nghttp2 option used - want_h2="no" + want_nghttp2="no" ;; yes) dnl --with-nghttp2 option used without path - want_h2="default" - want_h2_path="" + want_nghttp2="default" + want_nghttp2_path="" + want_nghttp2_pkg_config_path="" ;; *) dnl --with-nghttp2 option used with path - want_h2="yes" - want_h2_path="$withval/lib/pkgconfig" + want_nghttp2="yes" + want_nghttp2_path="$withval" + want_nghttp2_pkg_config_path="$OPT_H2/lib/pkgconfig" ;; esac -if test X"$want_h2" != Xno; then +if test "$want_nghttp2" != "no"; then dnl backup the pre-nghttp2 variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" - CURL_CHECK_PKGCONFIG(libnghttp2, $want_h2_path) + CURL_CHECK_PKGCONFIG(libnghttp2, $want_nghttp2_pkg_config_path) - if test "$PKGCONFIG" != "no" ; then - LIB_H2=`CURL_EXPORT_PCDIR([$want_h2_path]) + if test "$PKGCONFIG" != "no"; then + LIB_H2=`CURL_EXPORT_PCDIR([$want_nghttp2_pkg_config_path]) $PKGCONFIG --libs-only-l libnghttp2` AC_MSG_NOTICE([-l is $LIB_H2]) - CPP_H2=`CURL_EXPORT_PCDIR([$want_h2_path]) dnl + CPP_H2=`CURL_EXPORT_PCDIR([$want_nghttp2_pkg_config_path]) dnl $PKGCONFIG --cflags-only-I libnghttp2` AC_MSG_NOTICE([-I is $CPP_H2]) - LD_H2=`CURL_EXPORT_PCDIR([$want_h2_path]) + LD_H2=`CURL_EXPORT_PCDIR([$want_nghttp2_pkg_config_path]) $PKGCONFIG --libs-only-L libnghttp2` AC_MSG_NOTICE([-L is $LD_H2]) - LDFLAGS="$LDFLAGS $LD_H2" - CPPFLAGS="$CPPFLAGS $CPP_H2" - LIBS="$LIB_H2 $LIBS" - - # use nghttp2_session_set_local_window_size to require nghttp2 - # >= 1.12.0 - AC_CHECK_LIB(nghttp2, nghttp2_session_set_local_window_size, - [ - AC_CHECK_HEADERS(nghttp2/nghttp2.h, - curl_h2_msg="enabled (nghttp2)" - NGHTTP2_ENABLED=1 - AC_DEFINE(USE_NGHTTP2, 1, [if nghttp2 is in use]) - AC_SUBST(USE_NGHTTP2, [1]) - ) - ], - dnl not found, revert back to clean variables - LDFLAGS=$CLEANLDFLAGS - CPPFLAGS=$CLEANCPPFLAGS - LIBS=$CLEANLIBS - ) - + DIR_H2=`echo $LD_H2 | $SED -e 's/^-L//'` + elif test -n "$want_nghttp2_path"; then + LIB_H2="-lnghttp2" + LD_H2=-L${want_nghttp2_path}/lib$libsuff + CPP_H2=-I${want_nghttp2_path}/include + DIR_H2=${want_nghttp2_path}/lib$libsuff + elif test "$want_nghttp2" != "default"; then + dnl no nghttp2 pkg-config found and no custom directory specified, + dnl deal with it + AC_MSG_ERROR([--with-nghttp2 was specified but could not find libnghttp2 pkg-config file.]) else - dnl no nghttp2 pkg-config found, deal with it - if test X"$want_h2" != Xdefault; then - dnl To avoid link errors, we do not allow --with-nghttp2 without - dnl a pkgconfig file - AC_MSG_ERROR([--with-nghttp2 was specified but could not find libnghttp2 pkg-config file.]) - fi + LIB_H2="-lnghttp2" fi + LDFLAGS="$LDFLAGS $LD_H2" + LDFLAGSPC="$LDFLAGSPC $LD_H2" + CPPFLAGS="$CPPFLAGS $CPP_H2" + LIBS="$LIB_H2 $LIBS" + + # use nghttp2_session_get_stream_local_window_size to require nghttp2 + # >= 1.15.0 + AC_CHECK_LIB(nghttp2, nghttp2_session_get_stream_local_window_size, + [ + AC_CHECK_HEADERS(nghttp2/nghttp2.h, + curl_h2_msg="enabled (nghttp2)" + AC_DEFINE(USE_NGHTTP2, 1, [if nghttp2 is in use]) + USE_NGHTTP2=1 + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libnghttp2" + ) + + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_H2" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_H2 to CURL_LIBRARY_PATH]) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) fi dnl ********************************************************************** dnl Check for ngtcp2 (QUIC) dnl ********************************************************************** -OPT_TCP2="yes" +OPT_TCP2="no" -if test "x$disable_http" = "xyes"; then +if test "$disable_http" = "yes"; then # without HTTP, ngtcp2 is no use OPT_TCP2="no" fi @@ -2598,20 +3105,26 @@ case "$OPT_TCP2" in *) dnl --with-ngtcp2 option used with path want_tcp2="yes" - want_tcp2_path="$withval/lib/pkgconfig" + want_tcp2_path="$OPT_TCP2/lib/pkgconfig" ;; esac curl_tcp2_msg="no (--with-ngtcp2)" -if test X"$want_tcp2" != Xno; then +if test "$want_tcp2" != "no"; then + + if test "$QUIC_ENABLED" != "yes"; then + AC_MSG_ERROR([the detected TLS library does not support QUIC, making --with-ngtcp2 a no-no]) + fi + dnl backup the pre-ngtcp2 variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" CURL_CHECK_PKGCONFIG(libngtcp2, $want_tcp2_path) - if test "$PKGCONFIG" != "no" ; then + if test "$PKGCONFIG" != "no"; then LIB_TCP2=`CURL_EXPORT_PCDIR([$want_tcp2_path]) $PKGCONFIG --libs-only-l libngtcp2` AC_MSG_NOTICE([-l is $LIB_TCP2]) @@ -2620,148 +3133,334 @@ if test X"$want_tcp2" != Xno; then $PKGCONFIG --cflags-only-I libngtcp2` AC_MSG_NOTICE([-I is $CPP_TCP2]) - LD_TCP2=`CURL_EXPORT_PCDIR([$want_tcp2_path]) - $PKGCONFIG --libs-only-L libngtcp2` - AC_MSG_NOTICE([-L is $LD_TCP2]) + LD_TCP2=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-L libngtcp2` + AC_MSG_NOTICE([-L is $LD_TCP2]) + + LDFLAGS="$LDFLAGS $LD_TCP2" + LDFLAGSPC="$LDFLAGSPC $LD_TCP2" + CPPFLAGS="$CPPFLAGS $CPP_TCP2" + LIBS="$LIB_TCP2 $LIBS" + + if test "$cross_compiling" != "yes"; then + DIR_TCP2=`echo $LD_TCP2 | $SED -e 's/^-L//'` + fi + AC_CHECK_LIB(ngtcp2, ngtcp2_conn_client_new_versioned, + [ + AC_CHECK_HEADERS(ngtcp2/ngtcp2.h, + AC_DEFINE(USE_NGTCP2, 1, [if ngtcp2 is in use]) + USE_NGTCP2=1 + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_TCP2" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_TCP2 to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no ngtcp2 pkg-config found, deal with it + if test "$want_tcp2" != "default"; then + dnl To avoid link errors, we do not allow --with-ngtcp2 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2 pkg-config file.]) + fi + fi +fi + +if test "$USE_NGTCP2" = "1" && test "$OPENSSL_ENABLED" = "1" && test "$HAVE_LIBRESSL" = "1"; then + + dnl backup the pre-ngtcp2_crypto_libressl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_libressl, $want_tcp2_path, 1) + + if test "$PKGCONFIG" != "no"; then + LIB_NGTCP2_CRYPTO_LIBRESSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-l libngtcp2_crypto_libressl` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_LIBRESSL]) + + CPP_NGTCP2_CRYPTO_LIBRESSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_libressl` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_LIBRESSL]) + + LD_NGTCP2_CRYPTO_LIBRESSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-L libngtcp2_crypto_libressl` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_LIBRESSL]) + + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_LIBRESSL" + LDFLAGSPC="$LDFLAGSPC $LD_NGTCP2_CRYPTO_LIBRESSL" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_LIBRESSL" + LIBS="$LIB_NGTCP2_CRYPTO_LIBRESSL $LIBS" + + if test "$cross_compiling" != "yes"; then + DIR_NGTCP2_CRYPTO_LIBRESSL=`echo $LD_NGTCP2_CRYPTO_LIBRESSL | $SED -e 's/^-L//'` + fi + AC_CHECK_LIB(ngtcp2_crypto_libressl, ngtcp2_crypto_recv_client_initial_cb, + [ + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + USE_NGTCP2=1 + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_LIBRESSL" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_LIBRESSL to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_libressl" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no ngtcp2_crypto_libressl pkg-config found, deal with it + if test "$want_tcp2" != "default"; then + dnl To avoid link errors, we do not allow --with-ngtcp2 without + dnl a pkgconfig file + AC_MSG_WARN([--with-ngtcp2 was specified but could not find ngtcp2_crypto_libressl pkg-config file.]) + dnl Pretend to be quictls to fall back to using ngtcp2_crypto_quictls + fi + HAVE_LIBRESSL=0 + fi +fi + +if test "$USE_NGTCP2" = "1" && test "$OPENSSL_ENABLED" = "1" && test "$HAVE_LIBRESSL" != "1" && + test "$OPENSSL_IS_AWSLC" != "1" && test "$OPENSSL_IS_BORINGSSL" != "1" && test "$OPENSSL_QUIC_API2" != "1"; then + + dnl backup the pre-ngtcp2_crypto_quictls variables + CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_quictls, $want_tcp2_path, 1) + + if test "$PKGCONFIG" != "no"; then + LIB_NGTCP2_CRYPTO_QUICTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-l libngtcp2_crypto_quictls` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_QUICTLS]) + + CPP_NGTCP2_CRYPTO_QUICTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_quictls` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_QUICTLS]) + + LD_NGTCP2_CRYPTO_QUICTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-L libngtcp2_crypto_quictls` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_QUICTLS]) + + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_QUICTLS" + LDFLAGSPC="$LDFLAGSPC $LD_NGTCP2_CRYPTO_QUICTLS" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_QUICTLS" + LIBS="$LIB_NGTCP2_CRYPTO_QUICTLS $LIBS" + + if test "$cross_compiling" != "yes"; then + DIR_NGTCP2_CRYPTO_QUICTLS=`echo $LD_NGTCP2_CRYPTO_QUICTLS | $SED -e 's/^-L//'` + fi + AC_CHECK_LIB(ngtcp2_crypto_quictls, ngtcp2_crypto_recv_client_initial_cb, + [ + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + USE_NGTCP2=1 + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_QUICTLS" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_QUICTLS to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_quictls" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no ngtcp2_crypto_quictls pkg-config found, deal with it + if test "$want_tcp2" != "default"; then + dnl To avoid link errors, we do not allow --with-ngtcp2 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_quictls pkg-config file.]) + fi + fi +fi + +if test "$USE_NGTCP2" = "1" && test "$OPENSSL_ENABLED" = "1" && + test "$OPENSSL_IS_AWSLC" != "1" && test "$OPENSSL_IS_BORINGSSL" != "1" && test "$OPENSSL_QUIC_API2" = "1"; then + + dnl backup the pre-ngtcp2_crypto_ossl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_ossl, $want_tcp2_path, 1) + + if test "$PKGCONFIG" != "no"; then + LIB_NGTCP2_CRYPTO_OSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-l libngtcp2_crypto_ossl` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_OSSL]) + + CPP_NGTCP2_CRYPTO_OSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_ossl` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_OSSL]) - LDFLAGS="$LDFLAGS $LD_TCP2" - CPPFLAGS="$CPPFLAGS $CPP_TCP2" - LIBS="$LIB_TCP2 $LIBS" + LD_NGTCP2_CRYPTO_OSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-L libngtcp2_crypto_ossl` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_OSSL]) - if test "x$cross_compiling" != "xyes"; then - DIR_TCP2=`echo $LD_TCP2 | $SED -e 's/^-L//'` + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_OSSL" + LDFLAGSPC="$LDFLAGSPC $LD_NGTCP2_CRYPTO_OSSL" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_OSSL" + LIBS="$LIB_NGTCP2_CRYPTO_OSSL $LIBS" + + if test "$cross_compiling" != "yes"; then + DIR_NGTCP2_CRYPTO_OSSL=`echo $LD_NGTCP2_CRYPTO_OSSL | $SED -e 's/^-L//'` fi - AC_CHECK_LIB(ngtcp2, ngtcp2_conn_client_new, + AC_CHECK_LIB(ngtcp2_crypto_ossl, ngtcp2_crypto_recv_client_initial_cb, [ - AC_CHECK_HEADERS(ngtcp2/ngtcp2.h, - NGTCP2_ENABLED=1 - AC_DEFINE(USE_NGTCP2, 1, [if ngtcp2 is in use]) - AC_SUBST(USE_NGTCP2, [1]) - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_TCP2" + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + USE_NGTCP2=1 + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_OSSL" export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_TCP2 to CURL_LIBRARY_PATH]) - ) + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_OSSL to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_ossl" + AC_DEFINE(OPENSSL_QUIC_API2, 1, [openssl with new QUIC API]) + ) ], dnl not found, revert back to clean variables LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC CPPFLAGS=$CLEANCPPFLAGS LIBS=$CLEANLIBS ) else - dnl no ngtcp2 pkg-config found, deal with it - if test X"$want_tcp2" != Xdefault; then + dnl no ngtcp2_crypto_ossl pkg-config found, deal with it + if test "$want_tcp2" != "default"; then dnl To avoid link errors, we do not allow --with-ngtcp2 without dnl a pkgconfig file - AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2 pkg-config file.]) + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_ossl pkg-config file.]) fi fi - fi -if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1"; then - dnl backup the pre-ngtcp2_crypto_openssl variables +if test "$USE_NGTCP2" = "1" && test "$OPENSSL_ENABLED" = "1" && + (test "$OPENSSL_IS_AWSLC" = "1" || test "$OPENSSL_IS_BORINGSSL" = "1"); then + + dnl backup the pre-ngtcp2_crypto_boringssl variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" - CURL_CHECK_PKGCONFIG(libngtcp2_crypto_openssl, $want_tcp2_path) + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_boringssl, $want_tcp2_path, 1) - if test "$PKGCONFIG" != "no" ; then - LIB_NGTCP2_CRYPTO_OPENSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) - $PKGCONFIG --libs-only-l libngtcp2_crypto_openssl` - AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_OPENSSL]) + if test "$PKGCONFIG" != "no"; then + LIB_NGTCP2_CRYPTO_BORINGSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-l libngtcp2_crypto_boringssl` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_BORINGSSL]) - CPP_NGTCP2_CRYPTO_OPENSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl - $PKGCONFIG --cflags-only-I libngtcp2_crypto_openssl` - AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_OPENSSL]) + CPP_NGTCP2_CRYPTO_BORINGSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_boringssl` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_BORINGSSL]) - LD_NGTCP2_CRYPTO_OPENSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) - $PKGCONFIG --libs-only-L libngtcp2_crypto_openssl` - AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_OPENSSL]) + LD_NGTCP2_CRYPTO_BORINGSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-L libngtcp2_crypto_boringssl` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_BORINGSSL]) - LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_OPENSSL" - CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_OPENSSL" - LIBS="$LIB_NGTCP2_CRYPTO_OPENSSL $LIBS" + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_BORINGSSL" + LDFLAGSPC="$LDFLAGSPC $LD_NGTCP2_CRYPTO_BORINGSSL" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_BORINGSSL" + LIBS="$LIB_NGTCP2_CRYPTO_BORINGSSL $LIBS" - if test "x$cross_compiling" != "xyes"; then - DIR_NGTCP2_CRYPTO_OPENSSL=`echo $LD_NGTCP2_CRYPTO_OPENSSL | $SED -e 's/^-L//'` + if test "$cross_compiling" != "yes"; then + DIR_NGTCP2_CRYPTO_BORINGSSL=`echo $LD_NGTCP2_CRYPTO_BORINGSSL | $SED -e 's/^-L//'` fi - AC_CHECK_LIB(ngtcp2_crypto_openssl, ngtcp2_crypto_ctx_initial, + AC_CHECK_LIB(ngtcp2_crypto_boringssl, ngtcp2_crypto_recv_client_initial_cb, [ - AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, - NGTCP2_ENABLED=1 - AC_DEFINE(USE_NGTCP2_CRYPTO_OPENSSL, 1, [if ngtcp2_crypto_openssl is in use]) - AC_SUBST(USE_NGTCP2_CRYPTO_OPENSSL, [1]) - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_OPENSSL" + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + USE_NGTCP2=1 + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_BORINGSSL" export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_OPENSSL to CURL_LIBRARY_PATH]) - ) + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_BORINGSSL to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_boringssl" + ) ], dnl not found, revert back to clean variables LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC CPPFLAGS=$CLEANCPPFLAGS LIBS=$CLEANLIBS ) else - dnl no ngtcp2_crypto_openssl pkg-config found, deal with it - if test X"$want_tcp2" != Xdefault; then + dnl no ngtcp2_crypto_boringssl pkg-config found, deal with it + if test "$want_tcp2" != "default"; then dnl To avoid link errors, we do not allow --with-ngtcp2 without dnl a pkgconfig file - AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_openssl pkg-config file.]) + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_boringssl pkg-config file.]) fi fi fi -if test "x$NGTCP2_ENABLED" = "x1" -a "x$GNUTLS_ENABLED" = "x1"; then +if test "$USE_NGTCP2" = "1" && test "$GNUTLS_ENABLED" = "1"; then dnl backup the pre-ngtcp2_crypto_gnutls variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" - CURL_CHECK_PKGCONFIG(libngtcp2_crypto_gnutls, $want_tcp2_path) + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_gnutls, $want_tcp2_path, 1) - if test "$PKGCONFIG" != "no" ; then - LIB_NGTCP2_CRYPTO_GNUTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + if test "$PKGCONFIG" != "no"; then + LIB_NGTCP2_CRYPTO_GNUTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) $PKGCONFIG --libs-only-l libngtcp2_crypto_gnutls` AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_GNUTLS]) - CPP_NGTCP2_CRYPTO_GNUTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl + CPP_NGTCP2_CRYPTO_GNUTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) dnl $PKGCONFIG --cflags-only-I libngtcp2_crypto_gnutls` AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_GNUTLS]) - LD_NGTCP2_CRYPTO_GNUTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + LD_NGTCP2_CRYPTO_GNUTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) $PKGCONFIG --libs-only-L libngtcp2_crypto_gnutls` AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_GNUTLS]) LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_GNUTLS" + LDFLAGSPC="$LDFLAGSPC $LD_NGTCP2_CRYPTO_GNUTLS" CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_GNUTLS" LIBS="$LIB_NGTCP2_CRYPTO_GNUTLS $LIBS" - if test "x$cross_compiling" != "xyes"; then + if test "$cross_compiling" != "yes"; then DIR_NGTCP2_CRYPTO_GNUTLS=`echo $LD_NGTCP2_CRYPTO_GNUTLS | $SED -e 's/^-L//'` fi - AC_CHECK_LIB(ngtcp2_crypto_gnutls, ngtcp2_crypto_ctx_initial, + AC_CHECK_LIB(ngtcp2_crypto_gnutls, ngtcp2_crypto_recv_client_initial_cb, [ - AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, - NGTCP2_ENABLED=1 - AC_DEFINE(USE_NGTCP2_CRYPTO_GNUTLS, 1, [if ngtcp2_crypto_gnutls is in use]) - AC_SUBST(USE_NGTCP2_CRYPTO_GNUTLS, [1]) + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + USE_NGTCP2=1 CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_GNUTLS" export CURL_LIBRARY_PATH AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_GNUTLS to CURL_LIBRARY_PATH]) - ) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_gnutls" + ) ], dnl not found, revert back to clean variables LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC CPPFLAGS=$CLEANCPPFLAGS LIBS=$CLEANLIBS ) else dnl no ngtcp2_crypto_gnutls pkg-config found, deal with it - if test X"$want_tcp2" != Xdefault; then + if test "$want_tcp2" != "default"; then dnl To avoid link errors, we do not allow --with-ngtcp2 without dnl a pkgconfig file AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_gnutls pkg-config file.]) @@ -2769,15 +3468,73 @@ if test "x$NGTCP2_ENABLED" = "x1" -a "x$GNUTLS_ENABLED" = "x1"; then fi fi +if test "$USE_NGTCP2" = "1" && test "$WOLFSSL_ENABLED" = "1"; then + dnl backup the pre-ngtcp2_crypto_wolfssl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_wolfssl, $want_tcp2_path, 1) + + if test "$PKGCONFIG" != "no"; then + LIB_NGTCP2_CRYPTO_WOLFSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-l libngtcp2_crypto_wolfssl` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_WOLFSSL]) + + CPP_NGTCP2_CRYPTO_WOLFSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_wolfssl` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_WOLFSSL]) + + LD_NGTCP2_CRYPTO_WOLFSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path], 1) + $PKGCONFIG --libs-only-L libngtcp2_crypto_wolfssl` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_WOLFSSL]) + + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_WOLFSSL" + LDFLAGSPC="$LDFLAGSPC $LD_NGTCP2_CRYPTO_WOLFSSL" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_WOLFSSL" + LIBS="$LIB_NGTCP2_CRYPTO_WOLFSSL $LIBS" + + if test "$cross_compiling" != "yes"; then + DIR_NGTCP2_CRYPTO_WOLFSSL=`echo $LD_NGTCP2_CRYPTO_WOLFSSL | $SED -e 's/^-L//'` + fi + AC_CHECK_LIB(ngtcp2_crypto_wolfssl, ngtcp2_crypto_recv_client_initial_cb, + [ + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + USE_NGTCP2=1 + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_WOLFSSL" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_WOLFSSL to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_wolfssl" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no ngtcp2_crypto_wolfssl pkg-config found, deal with it + if test "$want_tcp2" != "default"; then + dnl To avoid link errors, we do not allow --with-ngtcp2 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_wolfssl pkg-config file.]) + fi + fi +fi + dnl ********************************************************************** dnl Check for nghttp3 (HTTP/3 with ngtcp2) dnl ********************************************************************** OPT_NGHTTP3="yes" -if test "x$NGTCP2_ENABLED" = "x"; then +if test "$USE_NGTCP2" != "1"; then # without ngtcp2, nghttp3 is of no use for us OPT_NGHTTP3="no" + want_nghttp3="no" fi AC_ARG_WITH(nghttp3, @@ -2797,20 +3554,27 @@ case "$OPT_NGHTTP3" in *) dnl --with-nghttp3 option used with path want_nghttp3="yes" - want_nghttp3_path="$withval/lib/pkgconfig" + want_nghttp3_path="$OPT_NGHTTP3/lib/pkgconfig" ;; esac curl_http3_msg="no (--with-nghttp3)" -if test X"$want_nghttp3" != Xno; then +if test "$want_nghttp3" != "no"; then + + if test "x$USE_NGTCP2" != "x1"; then + # without ngtcp2, nghttp3 is of no use for us + AC_MSG_ERROR([nghttp3 enabled without a QUIC library; enable ngtcp2]) + fi + dnl backup the pre-nghttp3 variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" CURL_CHECK_PKGCONFIG(libnghttp3, $want_nghttp3_path) - if test "$PKGCONFIG" != "no" ; then + if test "$PKGCONFIG" != "no"; then LIB_NGHTTP3=`CURL_EXPORT_PCDIR([$want_nghttp3_path]) $PKGCONFIG --libs-only-l libnghttp3` AC_MSG_NOTICE([-l is $LIB_NGHTTP3]) @@ -2824,40 +3588,48 @@ if test X"$want_nghttp3" != Xno; then AC_MSG_NOTICE([-L is $LD_NGHTTP3]) LDFLAGS="$LDFLAGS $LD_NGHTTP3" + LDFLAGSPC="$LDFLAGSPC $LD_NGHTTP3" CPPFLAGS="$CPPFLAGS $CPP_NGHTTP3" LIBS="$LIB_NGHTTP3 $LIBS" - if test "x$cross_compiling" != "xyes"; then + if test "$cross_compiling" != "yes"; then DIR_NGHTTP3=`echo $LD_NGHTTP3 | $SED -e 's/^-L//'` fi - AC_CHECK_LIB(nghttp3, nghttp3_conn_client_new, + AC_CHECK_LIB(nghttp3, nghttp3_conn_client_new_versioned, [ - AC_CHECK_HEADERS(nghttp3/nghttp3.h, - curl_h3_msg="enabled (ngtcp2 + nghttp3)" - NGHTTP3_ENABLED=1 + AC_CHECK_HEADERS(nghttp3/nghttp3.h, AC_DEFINE(USE_NGHTTP3, 1, [if nghttp3 is in use]) - AC_SUBST(USE_NGHTTP3, [1]) + USE_NGHTTP3=1 CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGHTTP3" export CURL_LIBRARY_PATH AC_MSG_NOTICE([Added $DIR_NGHTTP3 to CURL_LIBRARY_PATH]) - experimental="$experimental HTTP3" - ) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libnghttp3" + ) ], dnl not found, revert back to clean variables LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC CPPFLAGS=$CLEANCPPFLAGS LIBS=$CLEANLIBS ) - else dnl no nghttp3 pkg-config found, deal with it - if test X"$want_nghttp3" != Xdefault; then + if test "$want_nghttp3" != "default"; then dnl To avoid link errors, we do not allow --with-nghttp3 without dnl a pkgconfig file AC_MSG_ERROR([--with-nghttp3 was specified but could not find nghttp3 pkg-config file.]) fi fi +fi +dnl ********************************************************************** +dnl Check for ngtcp2 and nghttp3 (HTTP/3 with ngtcp2 + nghttp3) +dnl ********************************************************************** + +if test "$USE_NGTCP2" = "1" && test "$USE_NGHTTP3" = "1"; then + USE_NGTCP2_H3=1 + AC_MSG_NOTICE([HTTP3 support is experimental]) + curl_h3_msg="enabled (ngtcp2 + nghttp3)" fi dnl ********************************************************************** @@ -2866,7 +3638,7 @@ dnl ********************************************************************** OPT_QUICHE="no" -if test "x$disable_http" = "xyes" -o "x$USE_NGTCP" = "x1"; then +if test "$disable_http" = "yes" || test "$USE_NGTCP" = "1"; then # without HTTP or with ngtcp2, quiche is no use OPT_QUICHE="no" fi @@ -2892,15 +3664,25 @@ case "$OPT_QUICHE" in ;; esac -if test X"$want_quiche" != Xno; then +if test "$want_quiche" != "no"; then + + if test "$QUIC_ENABLED" != "yes"; then + AC_MSG_ERROR([the detected TLS library does not support QUIC, making --with-quiche a no-no]) + fi + + if test "$NGHTTP3_ENABLED" = "1"; then + AC_MSG_ERROR([--with-quiche and --with-ngtcp2 are mutually exclusive]) + fi + dnl backup the pre-quiche variables CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" CURL_CHECK_PKGCONFIG(quiche, $want_quiche_path) - if test "$PKGCONFIG" != "no" ; then + if test "$PKGCONFIG" != "no"; then LIB_QUICHE=`CURL_EXPORT_PCDIR([$want_quiche_path]) $PKGCONFIG --libs-only-l quiche` AC_MSG_NOTICE([-l is $LIB_QUICHE]) @@ -2914,38 +3696,39 @@ if test X"$want_quiche" != Xno; then AC_MSG_NOTICE([-L is $LD_QUICHE]) LDFLAGS="$LDFLAGS $LD_QUICHE" + LDFLAGSPC="$LDFLAGSPC $LD_QUICHE" CPPFLAGS="$CPPFLAGS $CPP_QUICHE" LIBS="$LIB_QUICHE $LIBS" - if test "x$cross_compiling" != "xyes"; then + if test "$cross_compiling" != "yes"; then DIR_QUICHE=`echo $LD_QUICHE | $SED -e 's/^-L//'` fi - AC_CHECK_LIB(quiche, quiche_connect, + AC_CHECK_LIB(quiche, quiche_conn_send_ack_eliciting, [ - AC_CHECK_HEADERS(quiche.h, + AC_CHECK_HEADERS(quiche.h, experimental="$experimental HTTP3" AC_MSG_NOTICE([HTTP3 support is experimental]) curl_h3_msg="enabled (quiche)" - QUICHE_ENABLED=1 AC_DEFINE(USE_QUICHE, 1, [if quiche is in use]) - AC_SUBST(USE_QUICHE, [1]) + USE_QUICHE=1 AC_CHECK_FUNCS([quiche_conn_set_qlog_fd]) CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_QUICHE" export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_QUICHE to CURL_LIBRARY_PATH]), + AC_MSG_NOTICE([Added $DIR_QUICHE to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE quiche", [], [ -AC_INCLUDES_DEFAULT -#include + AC_INCLUDES_DEFAULT + #include ] - ) + ) ], dnl not found, revert back to clean variables - AC_MSG_ERROR([couldn't use quiche]) + AC_MSG_ERROR([could not use quiche]) ) else dnl no quiche pkg-config found, deal with it - if test X"$want_quiche" != Xdefault; then + if test "$want_quiche" != "default"; then dnl To avoid link errors, we do not allow --with-quiche without dnl a pkgconfig file AC_MSG_ERROR([--with-quiche was specified but could not find quiche pkg-config file.]) @@ -2953,6 +3736,94 @@ AC_INCLUDES_DEFAULT fi fi +dnl ********************************************************************** +dnl libuv is only ever used for debug purposes +dnl ********************************************************************** + +OPT_LIBUV=no +AC_ARG_WITH(libuv, +AS_HELP_STRING([--with-libuv=PATH],[Enable libuv]) +AS_HELP_STRING([--without-libuv],[Disable libuv]), + [OPT_LIBUV=$withval]) +case "$OPT_LIBUV" in + no) + dnl --without-libuv option used + want_libuv="no" + ;; + yes) + dnl --with-libuv option used without path + want_libuv="default" + want_libuv_path="" + ;; + *) + dnl --with-libuv option used with path + want_libuv="yes" + want_libuv_path="$withval" + ;; +esac + +if test "$want_libuv" != "no"; then + if test "$want_debug" != "yes"; then + AC_MSG_ERROR([Using libuv without debug support enabled is useless]) + fi + + dnl backup the pre-libuv variables + CLEANLDFLAGS="$LDFLAGS" + CLEANLDFLAGSPC="$LDFLAGSPC" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libuv, $want_libuv_path) + + if test "$PKGCONFIG" != "no"; then + LIB_LIBUV=`CURL_EXPORT_PCDIR([$want_libuv_path]) + $PKGCONFIG --libs-only-l libuv` + AC_MSG_NOTICE([-l is $LIB_LIBUV]) + + CPP_LIBUV=`CURL_EXPORT_PCDIR([$want_libuv_path]) dnl + $PKGCONFIG --cflags-only-I libuv` + AC_MSG_NOTICE([-I is $CPP_LIBUV]) + + LD_LIBUV=`CURL_EXPORT_PCDIR([$want_libuv_path]) + $PKGCONFIG --libs-only-L libuv` + AC_MSG_NOTICE([-L is $LD_LIBUV]) + + LDFLAGS="$LDFLAGS $LD_LIBUV" + LDFLAGSPC="$LDFLAGSPC $LD_LIBUV" + CPPFLAGS="$CPPFLAGS $CPP_LIBUV" + LIBS="$LIB_LIBUV $LIBS" + + if test "$cross_compiling" != "yes"; then + DIR_LIBUV=`echo $LD_LIBUV | $SED -e 's/^-L//'` + fi + AC_CHECK_LIB(uv, uv_default_loop, + [ + AC_CHECK_HEADERS(uv.h, + AC_DEFINE(USE_LIBUV, 1, [if libuv is in use]) + USE_LIBUV=1 + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_LIBUV" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_LIBUV to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libuv" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + LDFLAGSPC=$CLEANLDFLAGSPC + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + else + dnl no libuv pkg-config found, deal with it + if test "$want_libuv" != "default"; then + dnl To avoid link errors, we do not allow --with-libuv without + dnl a pkgconfig file + AC_MSG_ERROR([--with-libuv was specified but could not find libuv pkg-config file.]) + fi + fi + +fi + dnl ********************************************************************** dnl Check for zsh completion path dnl ********************************************************************** @@ -2963,10 +3834,10 @@ AS_HELP_STRING([--with-zsh-functions-dir=PATH],[Install zsh completions to PATH] AS_HELP_STRING([--without-zsh-functions-dir],[Do not install zsh completions]), [OPT_ZSH_FPATH=$withval]) case "$OPT_ZSH_FPATH" in - no) + default|no) dnl --without-zsh-functions-dir option used ;; - default|yes) + yes) dnl --with-zsh-functions-dir option used without path ZSH_FUNCTIONS_DIR="$datarootdir/zsh/site-functions" AC_SUBST(ZSH_FUNCTIONS_DIR) @@ -2977,6 +3848,11 @@ case "$OPT_ZSH_FPATH" in AC_SUBST(ZSH_FUNCTIONS_DIR) ;; esac +if test -z "$PERL" && test -n "$ZSH_FUNCTIONS_DIR"; then + AC_MSG_WARN([perl was not found. Will not install zsh completions.]) + ZSH_FUNCTIONS_DIR='' +fi +AM_CONDITIONAL(USE_ZSH_COMPLETION, test -n "$ZSH_FUNCTIONS_DIR") dnl ********************************************************************** dnl Check for fish completion path @@ -2988,14 +3864,14 @@ AS_HELP_STRING([--with-fish-functions-dir=PATH],[Install fish completions to PAT AS_HELP_STRING([--without-fish-functions-dir],[Do not install fish completions]), [OPT_FISH_FPATH=$withval]) case "$OPT_FISH_FPATH" in - no) + default|no) dnl --without-fish-functions-dir option used ;; - default|yes) + yes) dnl --with-fish-functions-dir option used without path CURL_CHECK_PKGCONFIG(fish) - if test "$PKGCONFIG" != "no" ; then - FISH_FUNCTIONS_DIR="$($PKGCONFIG --variable completionsdir fish)" + if test "$PKGCONFIG" != "no"; then + FISH_FUNCTIONS_DIR=`$PKGCONFIG --variable completionsdir fish` else FISH_FUNCTIONS_DIR="$datarootdir/fish/vendor_completions.d" fi @@ -3007,63 +3883,56 @@ case "$OPT_FISH_FPATH" in AC_SUBST(FISH_FUNCTIONS_DIR) ;; esac +if test -z "$PERL" && test -n "$FISH_FUNCTIONS_DIR"; then + AC_MSG_WARN([perl was not found. Will not install fish completions.]) + FISH_FUNCTIONS_DIR='' +fi +AM_CONDITIONAL(USE_FISH_COMPLETION, test -n "$FISH_FUNCTIONS_DIR") -CURL_CHECK_HEADER_MALLOC -CURL_CHECK_HEADER_MEMORY - -dnl Now check for the very most basic headers. Then we can use these +dnl Now check for the most basic headers. Then we can use these dnl ones as default-headers when checking for the rest! AC_CHECK_HEADERS( - sys/types.h \ - sys/time.h \ - sys/select.h \ - sys/socket.h \ - sys/ioctl.h \ - sys/uio.h \ - assert.h \ - unistd.h \ - stdlib.h \ - arpa/inet.h \ - net/if.h \ - netinet/in.h \ - netinet/in6.h \ - sys/un.h \ - linux/tcp.h \ - netinet/tcp.h \ - netdb.h \ - sys/sockio.h \ - sys/stat.h \ - sys/param.h \ - termios.h \ - termio.h \ - fcntl.h \ - alloca.h \ - io.h \ - pwd.h \ - utime.h \ - sys/utime.h \ - sys/poll.h \ - poll.h \ - socket.h \ - sys/resource.h \ - libgen.h \ - locale.h \ - errno.h \ - stdbool.h \ - arpa/tftp.h \ - sys/filio.h \ - sys/wait.h \ - setjmp.h, + sys/types.h \ + sys/select.h \ + sys/ioctl.h \ + unistd.h \ + arpa/inet.h \ + net/if.h \ + netinet/in.h \ + netinet/in6.h \ + sys/un.h \ + linux/tcp.h \ + netinet/tcp.h \ + netinet/udp.h \ + netdb.h \ + sys/sockio.h \ + sys/param.h \ + termios.h \ + termio.h \ + fcntl.h \ + io.h \ + pwd.h \ + utime.h \ + sys/utime.h \ + sys/poll.h \ + poll.h \ + sys/resource.h \ + libgen.h \ + locale.h \ + stdbool.h \ + sys/filio.h \ + sys/eventfd.h, dnl to do if not found [], dnl to do if found [], dnl default includes [ +#include #ifdef HAVE_SYS_TYPES_H #include #endif -#ifdef HAVE_SYS_TIME_H +#if !defined(_WIN32) || defined(__MINGW32__) #include #endif #ifdef HAVE_SYS_SELECT_H @@ -3071,69 +3940,51 @@ dnl default includes #elif defined(HAVE_UNISTD_H) #include #endif -#ifdef HAVE_SYS_SOCKET_H +#ifndef _WIN32 #include #endif #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_NETINET_IN6_H -#include +#include /* is this really required to detect other headers? */ #endif #ifdef HAVE_SYS_UN_H -#include +#include /* is this really required to detect other headers? */ #endif ] ) - dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST -CURL_CHECK_VARIADIC_MACROS AC_TYPE_SIZE_T CURL_CHECK_STRUCT_TIMEVAL CURL_VERIFY_RUNTIMELIBS -AX_COMPILE_CHECK_SIZEOF(size_t) -AX_COMPILE_CHECK_SIZEOF(long) -AX_COMPILE_CHECK_SIZEOF(int) -AX_COMPILE_CHECK_SIZEOF(short) -AX_COMPILE_CHECK_SIZEOF(time_t) -AX_COMPILE_CHECK_SIZEOF(off_t) +CURL_SIZEOF(size_t) +CURL_SIZEOF(long) +CURL_SIZEOF(int) +CURL_SIZEOF(time_t) +CURL_SIZEOF(off_t) o=$CPPFLAGS CPPFLAGS="-I$srcdir/include $CPPFLAGS" -AX_COMPILE_CHECK_SIZEOF(curl_off_t, [ +CURL_SIZEOF(curl_off_t, [ #include ]) +CURL_SIZEOF(curl_socket_t, [ +#include +]) CPPFLAGS=$o -AC_CHECK_TYPE(long long, - [AC_DEFINE(HAVE_LONGLONG, 1, - [Define to 1 if the compiler supports the 'long long' data type.])] - longlong="yes" -) - -if test "xyes" = "x$longlong"; then - AC_MSG_CHECKING([if numberLL works]) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - ]],[[ - long long val = 1000LL; - ]]) - ],[ - AC_MSG_RESULT([yes]) - AC_DEFINE(HAVE_LL, 1, [if your compiler supports LL]) - ],[ - AC_MSG_RESULT([no]) - ]) +if test "$ac_cv_sizeof_curl_off_t" -lt 8; then + AC_MSG_ERROR([64-bit curl_off_t is required]) fi - # check for ssize_t AC_CHECK_TYPE(ssize_t, , - AC_DEFINE(ssize_t, int, [the signed version of size_t])) + AC_DEFINE(ssize_t, int, [the signed version of size_t])) # check for bool type AC_CHECK_TYPE([bool],[ @@ -3148,25 +3999,14 @@ AC_CHECK_TYPE([bool],[ #endif ]) -# check for sa_family_t -AC_CHECK_TYPE(sa_family_t, - AC_DEFINE(CURL_SA_FAMILY_T, sa_family_t, [IP address type in sockaddr]), - [ - # The windows name? - AC_CHECK_TYPE(ADDRESS_FAMILY, - AC_DEFINE(CURL_SA_FAMILY_T, ADDRESS_FAMILY, [IP address type in sockaddr]), - AC_DEFINE(CURL_SA_FAMILY_T, unsigned short, [IP address type in sockaddr]), - [ -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - ]) - ], -[ -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -]) +if test "$curl_cv_native_windows" != "yes"; then + # check for sa_family_t + AC_CHECK_TYPE(sa_family_t, + AC_DEFINE(HAVE_SA_FAMILY_T, 1, [Define to 1 if symbol `sa_family_t' exists]),, + [ + #include + ]) +fi # check for suseconds_t AC_CHECK_TYPE([suseconds_t],[ @@ -3176,101 +4016,83 @@ AC_CHECK_TYPE([suseconds_t],[ #ifdef HAVE_SYS_TYPES_H #include #endif -#ifdef HAVE_SYS_TIME_H +#ifndef _WIN32 #include #endif ]) -AC_MSG_CHECKING([if time_t is unsigned]) -CURL_RUN_IFELSE( - [ - #include - #include - time_t t = -1; - return (t > 0); - ],[ - AC_MSG_RESULT([yes]) - AC_DEFINE(HAVE_TIME_T_UNSIGNED, 1, [Define this if time_t is unsigned]) -],[ - AC_MSG_RESULT([no]) -],[ - dnl cross-compiling, most systems are unsigned - AC_MSG_RESULT([no]) -]) - -CURL_CONFIGURE_PULL_SYS_POLL - -TYPE_IN_ADDR_T +case $host_os in + amigaos*|msdos*) + AC_DEFINE(HAVE_TIME_T_UNSIGNED, 1, [Define this if time_t is unsigned]) + ;; + *) + AC_MSG_CHECKING([if time_t is unsigned]) + CURL_RUN_IFELSE( + [ + #include + int main(void) { + time_t t = -1; + return t < 0; + } + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_TIME_T_UNSIGNED, 1, [Define this if time_t is unsigned]) + ],[ + AC_MSG_RESULT([no]) + ],[ + dnl cross-compiling, most systems are signed + AC_MSG_RESULT([no]) + ]) + ;; +esac TYPE_SOCKADDR_STORAGE -TYPE_SIG_ATOMIC_T - CURL_CHECK_FUNC_SELECT CURL_CHECK_FUNC_RECV CURL_CHECK_FUNC_SEND -CURL_CHECK_MSG_NOSIGNAL CURL_CHECK_FUNC_ALARM CURL_CHECK_FUNC_BASENAME CURL_CHECK_FUNC_CLOSESOCKET CURL_CHECK_FUNC_CLOSESOCKET_CAMEL -CURL_CHECK_FUNC_CONNECT CURL_CHECK_FUNC_FCNTL CURL_CHECK_FUNC_FREEADDRINFO CURL_CHECK_FUNC_FSETXATTR CURL_CHECK_FUNC_FTRUNCATE CURL_CHECK_FUNC_GETADDRINFO -CURL_CHECK_FUNC_GETHOSTBYNAME CURL_CHECK_FUNC_GETHOSTBYNAME_R CURL_CHECK_FUNC_GETHOSTNAME +CURL_CHECK_FUNC_GETIFADDRS CURL_CHECK_FUNC_GETPEERNAME CURL_CHECK_FUNC_GETSOCKNAME -CURL_CHECK_FUNC_IF_NAMETOINDEX -CURL_CHECK_FUNC_GETIFADDRS CURL_CHECK_FUNC_GMTIME_R -CURL_CHECK_FUNC_INET_NTOP -CURL_CHECK_FUNC_INET_PTON CURL_CHECK_FUNC_IOCTL CURL_CHECK_FUNC_IOCTLSOCKET CURL_CHECK_FUNC_IOCTLSOCKET_CAMEL CURL_CHECK_FUNC_LOCALTIME_R CURL_CHECK_FUNC_MEMRCHR -CURL_CHECK_FUNC_POLL -CURL_CHECK_FUNC_SETSOCKOPT CURL_CHECK_FUNC_SIGACTION CURL_CHECK_FUNC_SIGINTERRUPT CURL_CHECK_FUNC_SIGNAL CURL_CHECK_FUNC_SIGSETJMP CURL_CHECK_FUNC_SOCKET CURL_CHECK_FUNC_SOCKETPAIR -CURL_CHECK_FUNC_STRCASECMP -CURL_CHECK_FUNC_STRCMPI -CURL_CHECK_FUNC_STRDUP CURL_CHECK_FUNC_STRERROR_R -CURL_CHECK_FUNC_STRICMP -CURL_CHECK_FUNC_STRNCMPI -CURL_CHECK_FUNC_STRNICMP -CURL_CHECK_FUNC_STRSTR -CURL_CHECK_FUNC_STRTOK_R -CURL_CHECK_FUNC_STRTOLL -CURL_CHECK_FUNC_WRITEV case $host in *msdosdjgpp) - ac_cv_func_pipe=no - skipcheck_pipe=yes - AC_MSG_NOTICE([skip check for pipe on msdosdjgpp]) + ac_cv_func_pipe=no + skipcheck_pipe=yes + AC_MSG_NOTICE([skip check for pipe on msdosdjgpp]) ;; esac -AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Set if getpwuid_r() declaration is missing")], - [[#include - #include ]]) - - -AC_CHECK_FUNCS([fnmatch \ +AC_CHECK_FUNCS([\ + accept4 \ + eventfd \ + fnmatch \ geteuid \ getpass_r \ getppid \ @@ -3278,154 +4100,77 @@ AC_CHECK_FUNCS([fnmatch \ getpwuid_r \ getrlimit \ gettimeofday \ - if_nametoindex \ mach_absolute_time \ pipe \ + pipe2 \ + poll \ + sendmmsg \ + sendmsg \ setlocale \ - setmode \ setrlimit \ - usleep \ utime \ - utimes -],[ -],[ - func="$ac_func" - eval skipcheck=\$skipcheck_$func - if test "x$skipcheck" != "xyes"; then - AC_MSG_CHECKING([deeper for $func]) - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ - ]],[[ - $func (); - ]]) - ],[ - AC_MSG_RESULT([yes]) - eval "ac_cv_func_$func=yes" - AC_DEFINE_UNQUOTED(XC_SH_TR_CPP([HAVE_$func]), [1], - [Define to 1 if you have the $func function.]) - ],[ - AC_MSG_RESULT([but still no]) - ]) - fi + utimes \ ]) -CURL_CHECK_NONBLOCKING_SOCKET - -dnl ************************************************************ -dnl nroff tool stuff -dnl - -AC_PATH_PROG( PERL, perl, , - $PATH:/usr/local/bin/perl:/usr/bin/:/usr/local/bin ) -AC_SUBST(PERL) +if test "$curl_cv_native_windows" != "yes"; then + AC_CHECK_FUNCS([\ + if_nametoindex \ + realpath \ + sched_yield \ + ]) + CURL_CHECK_FUNC_INET_NTOP + CURL_CHECK_FUNC_INET_PTON + CURL_CHECK_FUNC_STRCASECMP + CURL_CHECK_FUNC_STRCMPI + CURL_CHECK_FUNC_STRICMP +fi -AC_PATH_PROGS( NROFF, gnroff nroff, , - $PATH:/usr/bin/:/usr/local/bin ) -AC_SUBST(NROFF) - -if test -n "$NROFF"; then - dnl only check for nroff options if an nroff command was found - - AC_MSG_CHECKING([how to use *nroff to get plain text from man pages]) - MANOPT="-man" - mancheck=`echo foo | $NROFF $MANOPT 2>/dev/null` - if test -z "$mancheck"; then - MANOPT="-mandoc" - mancheck=`echo foo | $NROFF $MANOPT 2>/dev/null` - if test -z "$mancheck"; then - MANOPT="" - AC_MSG_RESULT([failed]) - AC_MSG_WARN([found no *nroff option to get plaintext from man pages]) - else - AC_MSG_RESULT([$MANOPT]) - fi - else - AC_MSG_RESULT([$MANOPT]) - fi - AC_SUBST(MANOPT) +if test -z "$ssl_backends"; then + AC_CHECK_FUNCS([arc4random]) fi -if test -z "$MANOPT" -then - dnl if no nroff tool was found, or no option that could convert man pages - dnl was found, then disable the built-in manual stuff - AC_MSG_WARN([disabling built-in manual]) - USE_MANUAL="no"; +if test "$curl_cv_native_windows" != "yes"; then + AC_CHECK_FUNCS([fseeko]) + + dnl On Android, the only way to know if fseeko can be used is to see if it is + dnl declared or not (for this API level), as the symbol always exists in the + dnl lib. + AC_CHECK_DECL([fseeko], + [AC_DEFINE([HAVE_DECL_FSEEKO], [1], + [Define to 1 if you have the fseeko declaration])], + [], + [[#include ]]) fi +CURL_CHECK_NONBLOCKING_SOCKET + +dnl set variable for use in automakefile(s) +AM_CONDITIONAL(BUILD_DOCS, test "$BUILD_DOCS" = "1") + dnl ************************************************************************* dnl If the manual variable still is set, then we go with providing a built-in dnl manual if test "$USE_MANUAL" = "1"; then - AC_DEFINE(USE_MANUAL, 1, [If you want to build curl with the built-in manual]) curl_manual_msg="enabled" fi dnl set variable for use in automakefile(s) -AM_CONDITIONAL(USE_MANUAL, test x"$USE_MANUAL" = x1) +AM_CONDITIONAL(USE_MANUAL, test "$USE_MANUAL" = "1") CURL_CHECK_LIB_ARES -AM_CONDITIONAL(USE_EMBEDDED_ARES, test x$embedded_ares = xyes) - -if test "x$curl_cv_native_windows" != "xyes" && - test "x$enable_shared" = "xyes"; then - build_libhostname=yes -else - build_libhostname=no -fi -AM_CONDITIONAL(BUILD_LIBHOSTNAME, test x$build_libhostname = xyes) +CURL_CHECK_OPTION_THREADED_RESOLVER -if test "x$want_ares" != xyes; then - CURL_CHECK_OPTION_THREADED_RESOLVER -fi - -dnl ************************************************************ -dnl disable POSIX threads -dnl -AC_MSG_CHECKING([whether to use POSIX threads for threaded resolver]) -AC_ARG_ENABLE(pthreads, -AS_HELP_STRING([--enable-pthreads], - [Enable POSIX threads (default for threaded resolver)]) -AS_HELP_STRING([--disable-pthreads],[Disable POSIX threads]), -[ case "$enableval" in - no) AC_MSG_RESULT(no) - want_pthreads=no - ;; - *) AC_MSG_RESULT(yes) - want_pthreads=yes - ;; - esac ], [ - AC_MSG_RESULT(auto) - want_pthreads=auto - ] -) - -dnl turn off pthreads if rt is disabled -if test "$want_pthreads" != "no"; then - if test "$want_pthreads" = "yes" && test "$dontwant_rt" = "yes"; then - AC_MSG_ERROR([options --enable-pthreads and --disable-rt are mutually exclusive]) - fi - if test "$dontwant_rt" != "no"; then - dnl if --enable-pthreads was explicit then warn it's being ignored - if test "$want_pthreads" = "yes"; then - AC_MSG_WARN([--enable-pthreads Ignored since librt is disabled.]) - fi - want_pthreads=no - fi -fi - -dnl turn off pthreads if no threaded resolver -if test "$want_pthreads" != "no" && test "$want_thres" != "yes"; then - want_pthreads=no +if test "$ipv6" = "yes" && test "$curl_cv_apple" = "yes"; then + CURL_DARWIN_SYSTEMCONFIGURATION fi dnl detect pthreads -if test "$want_pthreads" != "no"; then +if test "$curl_cv_native_windows" != "yes"; then AC_CHECK_HEADER(pthread.h, [ AC_DEFINE(HAVE_PTHREAD_H, 1, [if you have ]) save_CFLAGS="$CFLAGS" - dnl When statically linking against boringssl, -lpthread is added to LIBS. + dnl When statically linking against BoringSSL, -lpthread is added to LIBS. dnl Make sure to that this does not pass the check below, we really want dnl -pthread in CFLAGS as recommended for GCC. This also ensures that dnl lib1541 and lib1565 tests are built with these options. Otherwise @@ -3434,127 +4179,274 @@ if test "$want_pthreads" != "no"; then LIBS= dnl Check for libc variants without a separate pthread lib like bionic - AC_CHECK_FUNC(pthread_create, [USE_THREADS_POSIX=1] ) + AC_CHECK_FUNC(pthread_create, [HAVE_THREADS_POSIX=1] ) LIBS="$save_LIBS" - dnl on HPUX, life is more complicated... case $host in - *-hp-hpux*) - dnl it doesn't actually work without -lpthread - USE_THREADS_POSIX="" - ;; - *) - ;; + *-hp-hpux*) + CFLAGS="$CFLAGS -mt" + ;; + *) + ;; esac - dnl if it wasn't found without lib, search for it in pthread lib - if test "$USE_THREADS_POSIX" != "1" - then - CFLAGS="$CFLAGS -pthread" - # assign PTHREAD for pkg-config use - PTHREAD=" -pthread" - AC_CHECK_LIB(pthread, pthread_create, - [USE_THREADS_POSIX=1], - [ CFLAGS="$save_CFLAGS"]) + dnl if it was not found without lib, search for it in pthread lib + if test "$HAVE_THREADS_POSIX" != "1"; then + # assign PTHREAD for pkg-config use + PTHREAD=" -pthread" + + case $host in + *-ibm-aix*) + dnl Check if compiler is xlC + COMPILER_VERSION=`"$CC" -qversion 2>/dev/null` + if test -z "$COMPILER_VERSION"; then + CFLAGS="$CFLAGS -pthread" + else + CFLAGS="$CFLAGS -qthreaded" + fi + ;; + powerpc-*amigaos*) + dnl No -pthread option, but link with -lpthread + PTHREAD=" -lpthread" + ;; + *) + CFLAGS="$CFLAGS -pthread" + ;; + esac + AC_CHECK_LIB(pthread, pthread_create, + [HAVE_THREADS_POSIX=1], + [ CFLAGS="$save_CFLAGS"]) + fi + ]) + if test "$HAVE_THREADS_POSIX" = "1"; then + AC_DEFINE(HAVE_THREADS_POSIX, 1, [if POSIX pthreads are supported]) + fi +fi + +dnl threaded resolver check +if test "$want_threaded_resolver" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then + USE_RESOLV_THREADED=1 + AC_DEFINE(USE_RESOLV_THREADED, 1, [if you want threaded DNS lookup]) + curl_res_msg="Win32 threaded" + elif test "$HAVE_THREADS_POSIX" = "1"; then + USE_RESOLV_THREADED=1 + AC_DEFINE(USE_RESOLV_THREADED, 1, [if you want threaded DNS lookup]) + curl_res_msg="POSIX threaded" + else + AC_MSG_ERROR([Threaded resolver enabled but no thread library found]) + fi +elif test "$USE_ARES" = "1"; then + USE_RESOLV_ARES=1 + AC_DEFINE(USE_RESOLV_ARES, 1, [if you want c-ares for DNS lookup]) + curl_res_msg="c-ares" +fi + +AC_CHECK_HEADER(dirent.h, + [ AC_DEFINE(HAVE_DIRENT_H, 1, [if you have ]) + AC_CHECK_FUNC(opendir, AC_DEFINE(HAVE_OPENDIR, 1, [if you have opendir]) ) + ] +) + +CURL_CONVERT_INCLUDE_TO_ISYSTEM + +dnl ************************************************************ +dnl disable curl_easy_setopt()/curl_easy_getinfo() type checking +dnl +AC_MSG_CHECKING([whether to enable curl_easy_setopt()/curl_easy_getinfo() type checking]) +AC_ARG_ENABLE(typecheck, +AS_HELP_STRING([--enable-typecheck],[Enable type checking (default)]) +AS_HELP_STRING([--disable-typecheck],[Disable type checking]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + dnl Set it via the command-line to make it apply to examples also. + CPPFLAGS="$CPPFLAGS -DCURL_DISABLE_TYPECHECK" + curl_typecheck_msg="no" + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable verbose text strings +dnl +AC_MSG_CHECKING([whether to enable verbose strings]) +AC_ARG_ENABLE(verbose, +AS_HELP_STRING([--enable-verbose],[Enable verbose strings]) +AS_HELP_STRING([--disable-verbose],[Disable verbose strings]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_VERBOSE_STRINGS, 1, [to disable verbose strings]) + curl_verbose_msg="no" + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +if test "$curl_cv_winuwp" != "yes"; then + dnl ************************************************************ + dnl enable SSPI support + dnl + AC_MSG_CHECKING([whether to enable SSPI support (Windows native builds only)]) + AC_ARG_ENABLE(sspi, + AS_HELP_STRING([--enable-sspi],[Enable SSPI]) +AS_HELP_STRING([--disable-sspi],[Disable SSPI]), + [ case "$enableval" in + yes) + if test "$curl_cv_native_windows" = "yes"; then + AC_MSG_RESULT(yes) + AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) + USE_WINDOWS_SSPI=1 + curl_sspi_msg="enabled" + else + AC_MSG_RESULT(no) + AC_MSG_WARN([--enable-sspi Ignored. Only supported on native Windows builds.]) fi - - if test "x$USE_THREADS_POSIX" = "x1" - then - AC_DEFINE(USE_THREADS_POSIX, 1, [if you want POSIX threaded DNS lookup]) - curl_res_msg="POSIX threaded" + ;; + *) + if test "$SCHANNEL_ENABLED" = "1"; then + # --with-schannel implies --enable-sspi + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) fi - ]) -fi + ;; + esac ], + if test "$SCHANNEL_ENABLED" = "1"; then + # --with-schannel implies --enable-sspi + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + fi + ) -dnl threaded resolver check -if test "$want_thres" = "yes" && test "x$USE_THREADS_POSIX" != "x1"; then - if test "$want_pthreads" = "yes"; then - AC_MSG_ERROR([--enable-pthreads but pthreads was not found]) - fi - dnl If native Windows fallback on Win32 threads since no POSIX threads - if test "$curl_cv_native_windows" = "yes"; then - USE_THREADS_WIN32=1 - AC_DEFINE(USE_THREADS_WIN32, 1, [if you want Win32 threaded DNS lookup]) - curl_res_msg="Win32 threaded" - else - AC_MSG_ERROR([Threaded resolver enabled but no thread library found]) + if test "$USE_WINDOWS_SSPI" = "1"; then + LIBS="-lsecur32 $LIBS" fi fi -CURL_CONVERT_INCLUDE_TO_ISYSTEM +dnl ************************************************************ +dnl disable basic authentication +dnl +AC_MSG_CHECKING([whether to enable basic authentication method]) +AC_ARG_ENABLE(basic-auth, +AS_HELP_STRING([--enable-basic-auth],[Enable basic authentication (default)]) +AS_HELP_STRING([--disable-basic-auth],[Disable basic authentication]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_BASIC_AUTH, 1, [to disable basic authentication]) + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) dnl ************************************************************ -dnl disable verbose text strings +dnl disable bearer authentication dnl -AC_MSG_CHECKING([whether to enable verbose strings]) -AC_ARG_ENABLE(verbose, -AS_HELP_STRING([--enable-verbose],[Enable verbose strings]) -AS_HELP_STRING([--disable-verbose],[Disable verbose strings]), +AC_MSG_CHECKING([whether to enable bearer authentication method]) +AC_ARG_ENABLE(bearer-auth, +AS_HELP_STRING([--enable-bearer-auth],[Enable bearer authentication (default)]) +AS_HELP_STRING([--disable-bearer-auth],[Disable bearer authentication]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_BEARER_AUTH, 1, [to disable bearer authentication]) + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable digest authentication +dnl +AC_MSG_CHECKING([whether to enable digest authentication method]) +AC_ARG_ENABLE(digest-auth, +AS_HELP_STRING([--enable-digest-auth],[Enable digest authentication (default)]) +AS_HELP_STRING([--disable-digest-auth],[Disable digest authentication]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_VERBOSE_STRINGS, 1, [to disable verbose strings]) - curl_verbose_msg="no" - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_DIGEST_AUTH, 1, [to disable digest authentication]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ -dnl enable SSPI support +dnl disable kerberos authentication dnl -AC_MSG_CHECKING([whether to enable SSPI support (Windows native builds only)]) -AC_ARG_ENABLE(sspi, -AS_HELP_STRING([--enable-sspi],[Enable SSPI]) -AS_HELP_STRING([--disable-sspi],[Disable SSPI]), +AC_MSG_CHECKING([whether to enable kerberos authentication method]) +AC_ARG_ENABLE(kerberos-auth, +AS_HELP_STRING([--enable-kerberos-auth],[Enable kerberos authentication (default)]) +AS_HELP_STRING([--disable-kerberos-auth],[Disable kerberos authentication]), [ case "$enableval" in - yes) - if test "$curl_cv_native_windows" = "yes"; then - AC_MSG_RESULT(yes) - AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) - AC_SUBST(USE_WINDOWS_SSPI, [1]) - curl_sspi_msg="enabled" - else - AC_MSG_RESULT(no) - AC_MSG_WARN([--enable-sspi Ignored. Only supported on native Windows builds.]) - fi - ;; + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_KERBEROS_AUTH, 1, [to disable kerberos authentication]) + CURL_DISABLE_KERBEROS_AUTH=1 + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable negotiate authentication +dnl +AC_MSG_CHECKING([whether to enable negotiate authentication method]) +AC_ARG_ENABLE(negotiate-auth, +AS_HELP_STRING([--enable-negotiate-auth],[Enable negotiate authentication (default)]) +AS_HELP_STRING([--disable-negotiate-auth],[Disable negotiate authentication]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_NEGOTIATE_AUTH, 1, [to disable negotiate authentication]) + CURL_DISABLE_NEGOTIATE_AUTH=1 + ;; *) - if test "x$SCHANNEL_ENABLED" = "x1"; then - # --with-schannel implies --enable-sspi - AC_MSG_RESULT(yes) - else - AC_MSG_RESULT(no) - fi - ;; + AC_MSG_RESULT(yes) + ;; esac ], - if test "x$SCHANNEL_ENABLED" = "x1"; then - # --with-schannel implies --enable-sspi - AC_MSG_RESULT(yes) - else - AC_MSG_RESULT(no) - fi + AC_MSG_RESULT(yes) ) dnl ************************************************************ -dnl disable cryptographic authentication +dnl disable aws dnl -AC_MSG_CHECKING([whether to enable cryptographic authentication methods]) -AC_ARG_ENABLE(crypto-auth, -AS_HELP_STRING([--enable-crypto-auth],[Enable cryptographic authentication]) -AS_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]), +AC_MSG_CHECKING([whether to enable aws sig methods]) +AC_ARG_ENABLE(aws, +AS_HELP_STRING([--enable-aws],[Enable AWS sig support (default)]) +AS_HELP_STRING([--disable-aws],[Disable AWS sig support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_CRYPTO_AUTH, 1, [to disable cryptographic authentication]) - CURL_DISABLE_CRYPTO_AUTH=1 - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_AWS, 1, [to disable AWS sig support]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3565,21 +4457,18 @@ AC_ARG_ENABLE(ntlm, AS_HELP_STRING([--enable-ntlm],[Enable NTLM support]) AS_HELP_STRING([--disable-ntlm],[Disable NTLM support]), [ case "$enableval" in - no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_NTLM, 1, [to disable NTLM support]) - CURL_DISABLE_NTLM=1 - ;; - *) AC_MSG_RESULT(yes) - ;; + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(CURL_ENABLE_NTLM, 1, [enable NTLM support]) + CURL_ENABLE_NTLM=1 + ;; + *) + AC_MSG_RESULT(no) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(no) ) -CURL_CHECK_OPTION_NTLM_WB - -CURL_CHECK_NTLM_WB - dnl ************************************************************ dnl disable TLS-SRP authentication dnl @@ -3589,21 +4478,22 @@ AS_HELP_STRING([--enable-tls-srp],[Enable TLS-SRP authentication]) AS_HELP_STRING([--disable-tls-srp],[Disable TLS-SRP authentication]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - want_tls_srp=no - ;; - *) AC_MSG_RESULT(yes) - want_tls_srp=yes - ;; + AC_MSG_RESULT(no) + want_tls_srp=no + ;; + *) + AC_MSG_RESULT(yes) + want_tls_srp=yes + ;; esac ], - AC_MSG_RESULT(yes) - want_tls_srp=yes + AC_MSG_RESULT(yes) + want_tls_srp=yes ) -if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then - AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication]) - USE_TLS_SRP=1 - curl_tls_srp_msg="enabled" +if test "$want_tls_srp" = "yes" && (test "$HAVE_GNUTLS_SRP" = "1" || test "$HAVE_OPENSSL_SRP" = "1"); then + AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication]) + USE_TLS_SRP=1 + curl_tls_srp_msg="enabled" fi dnl ************************************************************ @@ -3614,29 +4504,37 @@ AC_ARG_ENABLE(unix-sockets, AS_HELP_STRING([--enable-unix-sockets],[Enable Unix domain sockets]) AS_HELP_STRING([--disable-unix-sockets],[Disable Unix domain sockets]), [ case "$enableval" in - no) AC_MSG_RESULT(no) - want_unix_sockets=no - ;; - *) AC_MSG_RESULT(yes) - want_unix_sockets=yes - ;; + no) + AC_MSG_RESULT(no) + want_unix_sockets=no + ;; + *) + AC_MSG_RESULT(yes) + want_unix_sockets=yes + ;; esac ], [ - AC_MSG_RESULT(auto) - want_unix_sockets=auto - ] + AC_MSG_RESULT(auto) + want_unix_sockets=auto + ] ) -if test "x$want_unix_sockets" != "xno"; then - AC_CHECK_MEMBER([struct sockaddr_un.sun_path], [ +if test "$want_unix_sockets" != "no"; then + if test "$curl_cv_native_windows" = "yes"; then + USE_UNIX_SOCKETS=1 AC_DEFINE(USE_UNIX_SOCKETS, 1, [Use Unix domain sockets]) - AC_SUBST(USE_UNIX_SOCKETS, [1]) curl_unix_sockets_msg="enabled" - ], [ - if test "x$want_unix_sockets" = "xyes"; then - AC_MSG_ERROR([--enable-unix-sockets is not available on this platform!]) - fi - ], [ - #include - ]) + else + AC_CHECK_MEMBER([struct sockaddr_un.sun_path], [ + AC_DEFINE(USE_UNIX_SOCKETS, 1, [Use Unix domain sockets]) + USE_UNIX_SOCKETS=1 + curl_unix_sockets_msg="enabled" + ], [ + if test "$want_unix_sockets" = "yes"; then + AC_MSG_ERROR([--enable-unix-sockets is not available on this platform!]) + fi + ], [ + #include + ]) + fi fi dnl ************************************************************ @@ -3648,13 +4546,14 @@ AS_HELP_STRING([--enable-cookies],[Enable cookies support]) AS_HELP_STRING([--disable-cookies],[Disable cookies support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_COOKIES, 1, [to disable cookies support]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_COOKIES, 1, [to disable cookies support]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3666,13 +4565,14 @@ AS_HELP_STRING([--enable-socketpair],[Enable socketpair support]) AS_HELP_STRING([--disable-socketpair],[Disable socketpair support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_SOCKETPAIR, 1, [to disable socketpair support]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SOCKETPAIR, 1, [to disable socketpair support]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3684,13 +4584,14 @@ AS_HELP_STRING([--enable-http-auth],[Enable HTTP authentication support]) AS_HELP_STRING([--disable-http-auth],[Disable HTTP authentication support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_HTTP_AUTH, 1, [disable HTTP authentication]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_HTTP_AUTH, 1, [disable HTTP authentication]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3702,13 +4603,14 @@ AS_HELP_STRING([--enable-doh],[Enable DoH support]) AS_HELP_STRING([--disable-doh],[Disable DoH support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_DOH, 1, [disable DoH]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_DOH, 1, [disable DoH]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3720,13 +4622,61 @@ AS_HELP_STRING([--enable-mime],[Enable mime API support]) AS_HELP_STRING([--disable-mime],[Disable mime API support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_MIME, 1, [disable mime API]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_MIME, 1, [disable mime API]) + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable bindlocal +dnl +AC_MSG_CHECKING([whether to support binding connections locally]) +AC_ARG_ENABLE(bindlocal, +AS_HELP_STRING([--enable-bindlocal],[Enable local binding support]) +AS_HELP_STRING([--disable-bindlocal],[Disable local binding support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_BINDLOCAL, 1, [disable local binding support]) + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable form API support +dnl +AC_MSG_CHECKING([whether to support the form API]) +AC_ARG_ENABLE(form-api, +AS_HELP_STRING([--enable-form-api],[Enable form API support]) +AS_HELP_STRING([--disable-form-api],[Disable form API support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_FORM_API, 1, [disable form API]) + ;; + *) + AC_MSG_RESULT(yes) + test "x$enable_mime" = "xno" && + AC_MSG_ERROR(MIME support needs to be enabled in order to enable form API support) + ;; esac ], - AC_MSG_RESULT(yes) +[ + if test "x$enable_mime" = "xno"; then + enable_form_api=no + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_FORM_API, 1, [disable form API]) + else + AC_MSG_RESULT(yes) + fi ] ) dnl ************************************************************ @@ -3738,13 +4688,14 @@ AS_HELP_STRING([--enable-dateparse],[Enable date parsing]) AS_HELP_STRING([--disable-dateparse],[Disable date parsing]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_PARSEDATE, 1, [disable date parsing]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_PARSEDATE, 1, [disable date parsing]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3756,13 +4707,14 @@ AS_HELP_STRING([--enable-netrc],[Enable netrc parsing]) AS_HELP_STRING([--disable-netrc],[Disable netrc parsing]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_NETRC, 1, [disable netrc parsing]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_NETRC, 1, [disable netrc parsing]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3774,13 +4726,33 @@ AS_HELP_STRING([--enable-progress-meter],[Enable progress-meter]) AS_HELP_STRING([--disable-progress-meter],[Disable progress-meter]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_PROGRESS_METER, 1, [disable progress-meter]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_PROGRESS_METER, 1, [disable progress-meter]) + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable SHA-512/256 hash algorithm +dnl +AC_MSG_CHECKING([whether to support the SHA-512/256 hash algorithm]) +AC_ARG_ENABLE(sha512-256, +AS_HELP_STRING([--enable-sha512-256],[Enable SHA-512/256 hash algorithm (default)]) +AS_HELP_STRING([--disable-sha512-256],[Disable SHA-512/256 hash algorithm]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SHA512_256, 1, [disable SHA-512/256 hash algorithm]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3792,13 +4764,14 @@ AS_HELP_STRING([--enable-dnsshuffle],[Enable DNS shuffling]) AS_HELP_STRING([--disable-dnsshuffle],[Disable DNS shuffling]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_SHUFFLE_DNS, 1, [disable DNS shuffling]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SHUFFLE_DNS, 1, [disable DNS shuffling]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3810,13 +4783,14 @@ AS_HELP_STRING([--enable-get-easy-options],[Enable curl_easy_options]) AS_HELP_STRING([--disable-get-easy-options],[Disable curl_easy_options]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_GETOPTIONS, 1, [to disable curl_easy_options]) - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_GETOPTIONS, 1, [to disable curl_easy_options]) + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(yes) + AC_MSG_RESULT(yes) ) dnl ************************************************************ @@ -3828,43 +4802,64 @@ AS_HELP_STRING([--enable-alt-svc],[Enable alt-svc support]) AS_HELP_STRING([--disable-alt-svc],[Disable alt-svc support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_ALTSVC, 1, [disable alt-svc]) - curl_altsvc_msg="no"; - enable_altsvc="no" - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_ALTSVC, 1, [disable alt-svc]) + curl_altsvc_msg="no"; + enable_altsvc="no" + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(no) + AC_MSG_RESULT(yes) ) -dnl only check for HSTS if there's SSL present -if test -n "$SSL_ENABLED"; then +dnl ************************************************************ +dnl switch on/off headers-api +dnl +AC_MSG_CHECKING([whether to support headers-api]) +AC_ARG_ENABLE(headers-api, +AS_HELP_STRING([--enable-headers-api],[Enable headers-api support]) +AS_HELP_STRING([--disable-headers-api],[Disable headers-api support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + curl_headers_msg="no (--enable-headers-api)" + AC_DEFINE(CURL_DISABLE_HEADERS_API, 1, [disable headers-api]) + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) +dnl only check for HSTS if there is SSL present +if test -n "$SSL_ENABLED"; then dnl ************************************************************ dnl switch on/off hsts dnl AC_MSG_CHECKING([whether to support HSTS]) AC_ARG_ENABLE(hsts, - AS_HELP_STRING([--enable-hsts],[Enable HSTS support]) - AS_HELP_STRING([--disable-hsts],[Disable HSTS support]), +AS_HELP_STRING([--enable-hsts],[Enable HSTS support]) +AS_HELP_STRING([--disable-hsts],[Disable HSTS support]), [ case "$enableval" in no) - AC_MSG_RESULT(no) - enable_hsts="no" - ;; - *) AC_MSG_RESULT(yes) - ;; + AC_MSG_RESULT(no) + hsts="no" + ;; + *) + AC_MSG_RESULT(yes) + ;; esac ], - AC_MSG_RESULT(no) + AC_MSG_RESULT($hsts) ) else AC_MSG_NOTICE([disables HSTS due to lack of SSL]) - enable_hsts="no" + hsts="no" fi -if test "x$enable_hsts" != "xyes"; then +if test "$hsts" != "yes"; then curl_hsts_msg="no (--enable-hsts)"; AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable alt-svc]) fi @@ -3872,33 +4867,128 @@ fi dnl ************************************************************* dnl check whether ECH support, if desired, is actually available dnl -if test "x$want_ech" != "xno"; then +if test "$want_ech" != "no"; then AC_MSG_CHECKING([whether ECH support is available]) dnl assume NOT and look for sufficient condition ECH_ENABLED=0 + ECH_ENABLED_OPENSSL=0 + ECH_ENABLED_WOLFSSL=0 + ECH_ENABLED_RUSTLS=0 ECH_SUPPORT='' - dnl OpenSSL with a chosen ECH function should be enough - dnl so more exhaustive checking seems unnecessary for now - if test "x$OPENSSL_ENABLED" = "x1"; then - AC_CHECK_FUNCS(SSL_get_ech_status, - ECH_SUPPORT="ECH support available (OpenSSL with SSL_get_ech_status)" - ECH_ENABLED=1) - - dnl add 'elif' chain here for additional implementations + dnl check for OpenSSL equivalent + if test "$OPENSSL_ENABLED" = "1"; then + AC_CHECK_FUNCS(SSL_set1_ech_config_list, + ECH_SUPPORT="$ECH_SUPPORT OpenSSL" + ECH_ENABLED_OPENSSL=1) + fi + if test "$WOLFSSL_ENABLED" = "1"; then + AC_CHECK_FUNCS(wolfSSL_CTX_GenerateEchConfig, + ECH_SUPPORT="$ECH_SUPPORT wolfSSL" + ECH_ENABLED_WOLFSSL=1) + fi + if test "$RUSTLS_ENABLED" = "1"; then + ECH_SUPPORT="$ECH_SUPPORT rustls-ffi" + ECH_ENABLED_RUSTLS=1 fi dnl now deal with whatever we found - if test "x$ECH_ENABLED" = "x1"; then + if test "$ECH_ENABLED_OPENSSL" = "1" || + test "$ECH_ENABLED_WOLFSSL" = "1" || + test "$ECH_ENABLED_RUSTLS" = "1"; then AC_DEFINE(USE_ECH, 1, [if ECH support is available]) - AC_MSG_RESULT($ECH_SUPPORT) + AC_MSG_RESULT(ECH support available via:$ECH_SUPPORT) experimental="$experimental ECH" + ECH_ENABLED=1 + dnl ECH wants HTTPSRR + want_httpsrr="yes" else AC_MSG_ERROR([--enable-ech ignored: No ECH support found]) fi fi +AC_MSG_CHECKING([whether to enable HTTPS-RR support]) +dnl ************************************************************* +dnl check whether HTTPSRR support if desired +dnl +if test "$want_httpsrr" != "no"; then + AC_MSG_RESULT([yes]) + AC_DEFINE(USE_HTTPSRR, 1, [enable HTTPS RR support]) + experimental="$experimental HTTPSRR" + curl_httpsrr_msg="enabled (--disable-httpsrr)" +else + AC_MSG_RESULT([no]) + # no HTTPSRR wanted + if test "$want_threaded_resolver" = "yes"; then + # and using the threaded resolver + if test "$USE_ARES" = "1"; then + AC_MSG_ERROR([without HTTPS-RR support, asking for both threaded resolver and c-ares support is ambivalent. Please drop one of them.]) + fi + fi +fi + +dnl ************************************************************* +dnl check whether OpenSSL (lookalikes) have SSL_set0_wbio +dnl +if test "$OPENSSL_ENABLED" = "1"; then + AC_CHECK_FUNCS([SSL_set0_wbio]) +fi + +if test "$CURL_DISABLE_HTTP" != "1"; then + dnl ************************************************************* + dnl WebSockets + dnl + AC_MSG_CHECKING([whether to support WebSockets]) + AC_ARG_ENABLE(websockets, + AS_HELP_STRING([--enable-websockets],[Enable WebSockets support]) +AS_HELP_STRING([--disable-websockets],[Disable WebSockets support]), + [ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_WEBSOCKETS, [1], [disable WebSockets]) + CURL_DISABLE_WEBSOCKETS=1 + ;; + *) + if test "$ac_cv_sizeof_curl_off_t" -gt 4; then + AC_MSG_RESULT(yes) + else + dnl WebSockets requires >32-bit curl_off_t + AC_MSG_RESULT(no) + AC_MSG_WARN([WebSockets disabled due to lack of >32-bit curl_off_t]) + AC_DEFINE(CURL_DISABLE_WEBSOCKETS, [1], [disable WebSockets]) + CURL_DISABLE_WEBSOCKETS=1 + fi + ;; + esac ], + AC_MSG_RESULT(yes) + ) +else + AC_MSG_WARN([WebSockets disabled because HTTP is disabled]) + AC_DEFINE(CURL_DISABLE_WEBSOCKETS, [1], [disable WebSockets]) + CURL_DISABLE_WEBSOCKETS=1 +fi + +dnl ************************************************************* +dnl check whether experimental SSL Session Im-/Export is enabled +dnl +if test "$want_ssls_export" != "no"; then + AC_MSG_CHECKING([whether SSL session export support is available]) + + dnl assume NOT and look for sufficient condition + SSLS_EXPORT_ENABLED=0 + SSLS_EXPORT_SUPPORT='' + + if test "$SSL_ENABLED" != "1"; then + AC_MSG_WARN([--enable-ssls-export ignored: No SSL support]) + else + SSLS_EXPORT_ENABLED=1 + AC_DEFINE(USE_SSLS_EXPORT, 1, [if SSL session export support is available]) + AC_MSG_RESULT("SSL session im-/export enabled") + experimental="$experimental SSLS-EXPORT" + fi +fi + dnl ************************************************************ dnl hiding of library internal symbols dnl @@ -3907,10 +4997,28 @@ CURL_CONFIGURE_SYMBOL_HIDING dnl dnl All the library dependencies put into $LIB apply to libcurl only. dnl -LIBCURL_LIBS="$LIBS$PTHREAD" +LIBCURL_PC_LDFLAGS_PRIVATE='' +dnl Do not quote $INITIAL_LDFLAGS +set -- $INITIAL_LDFLAGS +while test -n "$1"; do + case "$1" in + -L* | --library-path=* | -F*) + LIBCURL_PC_LDFLAGS_PRIVATE="$LIBCURL_PC_LDFLAGS_PRIVATE $1" + ;; + -framework) + if test -n "$2"; then + LIBCURL_PC_LDFLAGS_PRIVATE="$LIBCURL_PC_LDFLAGS_PRIVATE $1 $2" + shift + fi + ;; + esac + shift +done +LIBCURL_PC_LDFLAGS_PRIVATE="$LIBCURL_PC_LDFLAGS_PRIVATE $LDFLAGSPC" +LIBCURL_PC_LIBS_PRIVATE="$LIBS$PTHREAD" -AC_SUBST(LIBCURL_LIBS) -AC_SUBST(CURL_NETWORK_LIBS) +AC_SUBST(LIBCURL_PC_LDFLAGS_PRIVATE) +AC_SUBST(LIBCURL_PC_LIBS_PRIVATE) AC_SUBST(CURL_NETWORK_AND_TIME_LIBS) dnl BLANK_AT_MAKETIME may be used in our Makefile.am files to blank @@ -3920,7 +5028,7 @@ dnl all link targets in given makefile. BLANK_AT_MAKETIME= AC_SUBST(BLANK_AT_MAKETIME) -AM_CONDITIONAL(CROSSCOMPILING, test x$cross_compiling = xyes) +AM_CONDITIONAL(CROSSCOMPILING, test "$cross_compiling" = "yes") dnl yes or no ENABLE_SHARED="$enable_shared" @@ -3930,227 +5038,301 @@ dnl to let curl-config output the static libraries correctly ENABLE_STATIC="$enable_static" AC_SUBST(ENABLE_STATIC) -dnl merge the pkg-config Libs.private field into Libs when static-only -if test "x$enable_shared" = "xno"; then - LIBCURL_NO_SHARED=$LIBCURL_LIBS +squeeze LIBCURL_PC_REQUIRES_PRIVATE +LIBCURL_PC_REQUIRES_PRIVATE=`echo $LIBCURL_PC_REQUIRES_PRIVATE | tr ' ' ','` + +AC_SUBST(LIBCURL_PC_REQUIRES_PRIVATE) + +dnl Merge pkg-config private fields into public ones when static-only +if test "$enable_shared" = "no"; then + LIBCURL_PC_REQUIRES=$LIBCURL_PC_REQUIRES_PRIVATE + LIBCURL_PC_LIBS=$LIBCURL_PC_LIBS_PRIVATE else - LIBCURL_NO_SHARED= + LIBCURL_PC_REQUIRES= + LIBCURL_PC_LIBS= fi -AC_SUBST(LIBCURL_NO_SHARED) +AC_SUBST(LIBCURL_PC_REQUIRES) +AC_SUBST(LIBCURL_PC_LIBS) + +rm $compilersh dnl dnl For keeping supported features and protocols also in pkg-config file dnl since it is more cross-compile friendly than curl-config dnl -if test "x$OPENSSL_ENABLED" = "x1"; then +if test "$OPENSSL_ENABLED" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" elif test -n "$SSL_ENABLED"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" fi -if test "x$IPV6_ENABLED" = "x1"; then +if test "$IPV6_ENABLED" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES IPv6" fi -if test "x$USE_UNIX_SOCKETS" = "x1"; then +if test "$USE_UNIX_SOCKETS" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES UnixSockets" fi -if test "x$HAVE_LIBZ" = "x1"; then +if test "$HAVE_LIBZ" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES libz" fi -if test "x$HAVE_BROTLI" = "x1"; then +if test "$HAVE_BROTLI" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES brotli" fi -if test "x$HAVE_ZSTD" = "x1"; then +if test "$HAVE_ZSTD" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES zstd" fi -if test "x$USE_ARES" = "x1" -o "x$USE_THREADS_POSIX" = "x1" \ - -o "x$USE_THREADS_WIN32" = "x1"; then +if test "$USE_RESOLV_ARES" = "1" || test "$USE_RESOLV_THREADED" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES AsynchDNS" fi -if test "x$IDN_ENABLED" = "x1"; then +if test "$USE_ARES" = "1" && test "$want_threaded_resolver" = "yes" && test "$want_httpsrr" != "no"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES asyn-rr" +fi +if test "$IDN_ENABLED" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES IDN" fi -if test "x$USE_WINDOWS_SSPI" = "x1"; then +if test "$USE_WINDOWS_SSPI" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSPI" fi -if test "x$HAVE_GSSAPI" = "x1"; then +if test "$HAVE_GSSAPI" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API" fi -if test "x$curl_psl_msg" = "xenabled"; then +if test "$curl_psl_msg" = "enabled"; then SUPPORT_FEATURES="$SUPPORT_FEATURES PSL" fi -if test "x$curl_gsasl_msg" = "xenabled"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES GSASL" +if test "$curl_gsasl_msg" = "enabled"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES gsasl" fi -if test "x$enable_altsvc" = "xyes"; then +if test "$enable_altsvc" = "yes"; then SUPPORT_FEATURES="$SUPPORT_FEATURES alt-svc" fi -if test "x$enable_hsts" = "xyes"; then +if test "$hsts" = "yes"; then SUPPORT_FEATURES="$SUPPORT_FEATURES HSTS" fi -if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ - \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then +if test "$CURL_DISABLE_NEGOTIATE_AUTH" != "1" && (test "$HAVE_GSSAPI" = "1" || test "$USE_WINDOWS_SSPI" = "1"); then SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO" fi -if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ - \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then +if test "$CURL_DISABLE_KERBEROS_AUTH" != "1" && (test "$HAVE_GSSAPI" = "1" || test "$USE_WINDOWS_SSPI" = "1"); then SUPPORT_FEATURES="$SUPPORT_FEATURES Kerberos" fi use_curl_ntlm_core=no -if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ - "x$CURL_DISABLE_NTLM" != "x1"; then - if test "x$OPENSSL_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ - -o "x$SECURETRANSPORT_ENABLED" = "x1" \ - -o "x$USE_WIN32_CRYPTO" = "x1" \ - -o "x$WOLFSSL_NTLM" = "x1"; then +if test "$CURL_ENABLE_NTLM" = "1"; then + if test "$HAVE_DES_ECB_ENCRYPT" = "1" || + test "$GNUTLS_ENABLED" = "1" || + test "$USE_WIN32_CRYPTO" = "1" || + test "$HAVE_WOLFSSL_DES_ECB_ENCRYPT" = "1" || + test "$HAVE_MBEDTLS_DES_CRYPT_ECB" = "1"; then use_curl_ntlm_core=yes fi - if test "x$use_curl_ntlm_core" = "xyes" \ - -o "x$USE_WINDOWS_SSPI" = "x1"; then + if test "$use_curl_ntlm_core" = "yes" || + test "$USE_WINDOWS_SSPI" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" - - if test "x$CURL_DISABLE_HTTP" != "x1" -a \ - "x$NTLM_WB_ENABLED" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB" - fi fi fi -if test "x$USE_TLS_SRP" = "x1"; then +if test "$USE_TLS_SRP" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES TLS-SRP" fi -if test "x$USE_NGHTTP2" = "x1" -o "x$USE_HYPER" = "x1"; then +if test "$USE_NGHTTP2" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2" fi -if test "x$USE_NGTCP2" = "x1" -o "x$USE_QUICHE" = "x1"; then +if test "$USE_NGTCP2_H3" = "1" || + test "$USE_QUICHE" = "1" || + test "$USE_OPENSSL_H3" = "1"; then + if test "$CURL_WITH_MULTI_SSL" = "1"; then + AC_MSG_ERROR([MultiSSL cannot be enabled with HTTP/3 and vice versa]) + fi SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP3" fi -if test "x$CURL_WITH_MULTI_SSL" = "x1"; then +if test "$CURL_WITH_MULTI_SSL" = "1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES MultiSSL" fi -dnl if not explictily turned off, HTTPS-proxy comes with some TLS backends -if test "x$https_proxy" != "xno"; then - if test "x$OPENSSL_ENABLED" = "x1" -o "x$GNUTLS_ENABLED" = "x1" \ - -o "x$NSS_ENABLED" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" +AC_MSG_CHECKING([if this build supports HTTPS-proxy]) +dnl if not explicitly turned off, HTTPS-proxy comes with some TLS backends +if test "$CURL_DISABLE_HTTP" != "1"; then + if test "$https_proxy" != "no"; then + if test "$OPENSSL_ENABLED" = "1" || + test "$GNUTLS_ENABLED" = "1" || + test "$RUSTLS_ENABLED" = "1" || + test "$SCHANNEL_ENABLED" = "1" || + test "$GNUTLS_ENABLED" = "1" || + test "$MBEDTLS_ENABLED" = "1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" + AC_MSG_RESULT([yes]) + elif test "$WOLFSSL_ENABLED" = "1" && test "$HAVE_WOLFSSL_BIO_NEW" = "1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + else + AC_MSG_RESULT([no]) + fi +else + AC_MSG_RESULT([no]) +fi + +if test "$OPENSSL_ENABLED" = "1" || test -n "$SSL_ENABLED"; then + if test "$ECH_ENABLED" = "1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES ECH" + fi +fi + +if test -n "$SSL_ENABLED"; then + if test "$APPLE_SECTRUST_ENABLED" = "1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES AppleSecTrust" + elif test "$ca_native_opt" = "1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES NativeCA" fi fi -if test "x$ECH_ENABLED" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES ECH" +if test "$want_httpsrr" != "no"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPSRR" +fi + +if test "$SSLS_EXPORT_ENABLED" = "1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES SSLS-EXPORT" fi -if test ${ac_cv_sizeof_curl_off_t} -gt 4; then - if test ${ac_cv_sizeof_off_t} -gt 4 -o \ - "$curl_win32_file_api" = "win32_large_files"; then +if test "$ac_cv_sizeof_curl_off_t" -gt 4; then + if test "$ac_cv_sizeof_off_t" -gt 4 || + test "$curl_cv_native_windows" = "yes"; then SUPPORT_FEATURES="$SUPPORT_FEATURES Largefile" fi fi +if test "$tst_atomic" = "yes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" +elif test "$HAVE_THREADS_POSIX" = "1" && test "$ac_cv_header_pthread_h" = "yes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" +elif test "$curl_cv_native_windows" = "yes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" +fi + +if test "$want_winuni" = "yes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES Unicode" +fi +if test "$want_debug" = "yes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES Debug" +fi +if test -n "$CURL_CA_EMBED"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES CAcert" + CURL_CA_EMBED_msg="$CURL_CA_EMBED" +else + CURL_CA_EMBED_msg='no' +fi + dnl replace spaces with newlines dnl sort the lines dnl replace the newlines back to spaces -SUPPORT_FEATURES=`echo $SUPPORT_FEATURES | tr ' ' '\012' | sort | tr '\012' ' '` +if sort -f /dev/null 2>&1; then + SUPPORT_FEATURES=`echo $SUPPORT_FEATURES | tr ' ' '\012' | sort -f | tr '\012' ' '` +else + SUPPORT_FEATURES=`echo $SUPPORT_FEATURES | tr ' ' '\012' | sort | tr '\012' ' '` +fi AC_SUBST(SUPPORT_FEATURES) dnl For supported protocols in pkg-config file -if test "x$CURL_DISABLE_HTTP" != "x1"; then +if test "$CURL_DISABLE_HTTP" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTP" - if test "x$SSL_ENABLED" = "x1"; then + if test "$SSL_ENABLED" = "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTPS" fi fi -if test "x$CURL_DISABLE_FTP" != "x1"; then +if test "$CURL_DISABLE_FTP" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS FTP" - if test "x$SSL_ENABLED" = "x1"; then + if test "$SSL_ENABLED" = "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS FTPS" fi fi -if test "x$CURL_DISABLE_FILE" != "x1"; then +if test "$CURL_DISABLE_FILE" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS FILE" fi -if test "x$CURL_DISABLE_TELNET" != "x1"; then +if test "$CURL_DISABLE_TELNET" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS TELNET" fi -if test "x$CURL_DISABLE_LDAP" != "x1"; then +if test "$CURL_DISABLE_LDAP" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS LDAP" - if test "x$CURL_DISABLE_LDAPS" != "x1"; then - if (test "x$USE_OPENLDAP" = "x1" && test "x$SSL_ENABLED" = "x1") || - (test "x$USE_OPENLDAP" != "x1" && test "x$HAVE_LDAP_SSL" = "x1"); then + if test "$CURL_DISABLE_LDAPS" != "1"; then + if (test "$USE_OPENLDAP" = "1" && test "$SSL_ENABLED" = "1") || + (test "$USE_OPENLDAP" != "1" && test "$HAVE_LDAP_SSL" = "1"); then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS LDAPS" fi fi fi -if test "x$CURL_DISABLE_DICT" != "x1"; then +if test "$CURL_DISABLE_DICT" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS DICT" fi -if test "x$CURL_DISABLE_TFTP" != "x1"; then +if test "$CURL_DISABLE_TFTP" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS TFTP" fi -if test "x$CURL_DISABLE_GOPHER" != "x1"; then +if test "$CURL_DISABLE_GOPHER" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS GOPHER" - if test "x$SSL_ENABLED" = "x1"; then + if test "$SSL_ENABLED" = "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS GOPHERS" fi fi -if test "x$CURL_DISABLE_MQTT" != "x1"; then +if test "$CURL_DISABLE_MQTT" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS MQTT" + if test "$SSL_ENABLED" = "1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS MQTTS" + fi fi -if test "x$CURL_DISABLE_POP3" != "x1"; then +if test "$CURL_DISABLE_POP3" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS POP3" - if test "x$SSL_ENABLED" = "x1"; then + if test "$SSL_ENABLED" = "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS POP3S" fi fi -if test "x$CURL_DISABLE_IMAP" != "x1"; then +if test "$CURL_DISABLE_IMAP" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAP" - if test "x$SSL_ENABLED" = "x1"; then + if test "$SSL_ENABLED" = "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS" fi fi -if test "x$CURL_DISABLE_SMB" != "x1" \ - -a "x$use_curl_ntlm_core" = "xyes"; then +if test "$CURL_DISABLE_SMB" != "1" && test "$use_curl_ntlm_core" = "yes"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" - if test "x$SSL_ENABLED" = "x1"; then + if test "$SSL_ENABLED" = "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" fi fi -if test "x$CURL_DISABLE_SMTP" != "x1"; then +if test "$CURL_DISABLE_SMTP" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTP" - if test "x$SSL_ENABLED" = "x1"; then + if test "$SSL_ENABLED" = "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTPS" fi fi -if test "x$USE_LIBSSH2" = "x1"; then +if test "$USE_LIBSSH2" = "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SCP" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SFTP" fi -if test "x$USE_LIBSSH" = "x1"; then +if test "$USE_LIBSSH" = "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SCP" SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SFTP" fi -if test "x$USE_WOLFSSH" = "x1"; then - SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SFTP" +if test "$CURL_DISABLE_IPFS" != "1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IPFS IPNS" fi -if test "x$CURL_DISABLE_RTSP" != "x1"; then +if test "$CURL_DISABLE_RTSP" != "1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS RTSP" fi -if test "x$USE_LIBRTMP" = "x1"; then - SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS RTMP" +if test "$CURL_DISABLE_WEBSOCKETS" != "1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS WS" + if test "$SSL_ENABLED" = "1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS WSS" + fi fi dnl replace spaces with newlines @@ -4168,8 +5350,8 @@ squeeze DEFS squeeze LDFLAGS squeeze LIBS -squeeze LIBCURL_LIBS -squeeze CURL_NETWORK_LIBS +squeeze LIBCURL_PC_LDFLAGS_PRIVATE +squeeze LIBCURL_PC_LIBS_PRIVATE squeeze CURL_NETWORK_AND_TIME_LIBS squeeze SUPPORT_FEATURES @@ -4180,40 +5362,40 @@ XC_CHECK_BUILD_FLAGS SSL_BACKENDS=${ssl_backends} AC_SUBST(SSL_BACKENDS) -if test "x$want_curldebug_assumed" = "xyes" && - test "x$want_curldebug" = "xyes" && test "x$USE_ARES" = "x1"; then - ac_configure_args="$ac_configure_args --enable-curldebug" -fi - -AC_CONFIG_FILES([Makefile \ - docs/Makefile \ - docs/examples/Makefile \ - docs/libcurl/Makefile \ - docs/libcurl/opts/Makefile \ - docs/cmdline-opts/Makefile \ - include/Makefile \ - include/curl/Makefile \ - src/Makefile \ - lib/Makefile \ - scripts/Makefile \ - lib/libcurl.vers \ - tests/Makefile \ - tests/certs/Makefile \ - tests/certs/scripts/Makefile \ - tests/data/Makefile \ - tests/server/Makefile \ - tests/libtest/Makefile \ - tests/unit/Makefile \ - packages/Makefile \ - packages/vms/Makefile \ - curl-config \ - libcurl.pc +CURL_PREPARE_CONFIGUREHELP_PM + +AC_CONFIG_FILES([\ + Makefile \ + docs/Makefile \ + docs/examples/Makefile \ + docs/libcurl/Makefile \ + docs/libcurl/opts/Makefile \ + docs/cmdline-opts/Makefile \ + include/Makefile \ + include/curl/Makefile \ + src/Makefile \ + lib/Makefile \ + scripts/Makefile \ + lib/libcurl.vers \ + tests/Makefile \ + tests/config \ + tests/configurehelp.pm \ + tests/certs/Makefile \ + tests/data/Makefile \ + tests/server/Makefile \ + tests/libtest/Makefile \ + tests/unit/Makefile \ + tests/tunit/Makefile \ + tests/http/config.ini \ + tests/http/Makefile \ + projects/Makefile \ + projects/vms/Makefile \ + libcurl.pc ]) +AC_CONFIG_FILES([curl-config], [chmod +x curl-config]) AC_OUTPUT -CURL_GENERATE_CONFIGUREHELP_PM - -XC_AMEND_DISTCLEAN([lib src tests/unit tests/server tests/libtest docs/examples]) +SUPPORT_PROTOCOLS_LOWER=`echo "$SUPPORT_PROTOCOLS" | tr A-Z a-z` AC_MSG_NOTICE([Configured to build curl/libcurl: @@ -4221,8 +5403,10 @@ AC_MSG_NOTICE([Configured to build curl/libcurl: Install prefix: ${prefix} Compiler: ${CC} CFLAGS: ${CFLAGS} + CFLAGS extras: ${CURL_CFLAG_EXTRAS} CPPFLAGS: ${CPPFLAGS} LDFLAGS: ${LDFLAGS} + curl-config: ${LIBCURL_PC_LDFLAGS_PRIVATE} LIBS: ${LIBS} curl version: ${CURLVERSION} @@ -4238,31 +5422,45 @@ AC_MSG_NOTICE([Configured to build curl/libcurl: IPv6: ${curl_ipv6_msg} Unix sockets: ${curl_unix_sockets_msg} IDN: ${curl_idn_msg} + Build docs: ${curl_docs_msg} Build libcurl: Shared=${enable_shared}, Static=${enable_static} Built-in manual: ${curl_manual_msg} --libcurl option: ${curl_libcurl_msg} + Type checking: ${curl_typecheck_msg} Verbose errors: ${curl_verbose_msg} Code coverage: ${curl_coverage_msg} SSPI: ${curl_sspi_msg} + ca native: ${ca_native} ca cert bundle: ${ca}${ca_warning} ca cert path: ${capath}${capath_warning} + ca cert embed: ${CURL_CA_EMBED_msg} ca fallback: ${with_ca_fallback} LDAP: ${curl_ldap_msg} LDAPS: ${curl_ldaps_msg} + IPFS/IPNS: ${curl_ipfs_msg} RTSP: ${curl_rtsp_msg} - RTMP: ${curl_rtmp_msg} PSL: ${curl_psl_msg} Alt-svc: ${curl_altsvc_msg} + Headers API: ${curl_headers_msg} HSTS: ${curl_hsts_msg} HTTP1: ${curl_h1_msg} HTTP2: ${curl_h2_msg} HTTP3: ${curl_h3_msg} ECH: ${curl_ech_msg} - Protocols: ${SUPPORT_PROTOCOLS} + HTTPS RR: ${curl_httpsrr_msg} + SSLS-EXPORT: ${curl_ssls_export_msg} + Protocols: ${SUPPORT_PROTOCOLS_LOWER} Features: ${SUPPORT_FEATURES} ]) + if test -n "$experimental"; then - cat >&2 << _EOF - WARNING: $experimental enabled but marked EXPERIMENTAL. Use with caution! -_EOF + for a in $experimental; do + AC_MSG_WARN([$a is enabled but marked EXPERIMENTAL. Use with caution!]) + done +fi + +CURL_PREPARE_BUILDINFO +echo "[@%:@] This is a generated file. Do not edit.${curl_buildinfo}" > ./buildinfo.txt +if test -n "$CURL_BUILDINFO$CURL_CI$CI"; then + AC_MSG_NOTICE([${curl_buildinfo}]) fi diff --git a/curl-config.in b/curl-config.in index 8b4a29a9a395..a1c81858753f 100644 --- a/curl-config.in +++ b/curl-config.in @@ -1,4 +1,4 @@ -#! /bin/sh +#!/bin/sh #*************************************************************************** # _ _ ____ _ # Project ___| | | | _ \| | @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 2001 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -19,176 +19,171 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -prefix=@prefix@ -exec_prefix=@exec_prefix@ -includedir=@includedir@ -cppflag_curl_staticlib=@CPPFLAG_CURL_STATICLIB@ +# shellcheck disable=SC2006 + +prefix='@prefix@' +# Used in 'libdir' +# shellcheck disable=SC2034 +exec_prefix="@exec_prefix@" +# shellcheck disable=SC2034 +includedir="@includedir@" usage() { - cat <&2 - exit 1 - fi - ;; - - --configure) - echo @CONFIGURE_OPTIONS@ - ;; - - *) - echo "unknown option: $1" - usage 1 - ;; - esac - shift + fi + fi + + echo "requested version $checkfor is newer than existing @CURLVERSION@" + exit 1 + ;; + + --vernum) + echo '@VERSIONNUM@' + exit 0 + ;; + + --help) + usage 0 + ;; + + --cflags) + if test "@includedir@" = '/usr/include'; then + echo '@LIBCURL_PC_CFLAGS@' + else + echo "@LIBCURL_PC_CFLAGS@ -I@includedir@" + fi + ;; + + --libs) + if test "@libdir@" != '/usr/lib' && test "@libdir@" != '/usr/lib64'; then + curllibdir="-L@libdir@ " + else + curllibdir='' + fi + if test '@ENABLE_SHARED@' = 'no'; then + echo "${curllibdir}-lcurl @LIBCURL_PC_LIBS_PRIVATE@" + else + echo "${curllibdir}-lcurl" + fi + ;; + + --ssl-backends) + echo '@SSL_BACKENDS@' + ;; + + --static-libs) + if test '@ENABLE_STATIC@' != 'no'; then + echo "@libdir@/libcurl.@libext@ @LIBCURL_PC_LDFLAGS_PRIVATE@ @LIBCURL_PC_LIBS_PRIVATE@" + else + echo 'curl was built with static libraries disabled' >&2 + exit 1 + fi + ;; + + --configure) + echo @CONFIGURE_OPTIONS@ + ;; + + *) + echo "unknown option: $1" + usage 1 + ;; + esac + shift done exit 0 diff --git a/docs/.gitignore b/docs/.gitignore index 60f329382c8f..31ca7656e95e 100644 --- a/docs/.gitignore +++ b/docs/.gitignore @@ -1,4 +1,7 @@ -*.html -*.pdf -curl.1 -*.1.dist +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +*.1 +*.3 +RELEASE-TOOLS.md.dist diff --git a/docs/ALTSVC.md b/docs/ALTSVC.md index 25437d6f9aa0..24b961a3fb4a 100644 --- a/docs/ALTSVC.md +++ b/docs/ALTSVC.md @@ -1,3 +1,9 @@ + + # Alt-Svc curl features support for the Alt-Svc: HTTP header. @@ -10,11 +16,11 @@ curl features support for the Alt-Svc: HTTP header. ## Standard -[RFC 7838](https://tools.ietf.org/html/rfc7838) +[RFC 7838](https://datatracker.ietf.org/doc/html/rfc7838) # Alt-Svc cache file format -This a text based file with one line per entry and each line consists of nine +This is a text based file with one line per entry and each line consists of nine space separated fields. ## Example @@ -24,18 +30,15 @@ space separated fields. ## Fields 1. The ALPN id for the source origin -2. The host name for the source origin +2. The hostname for the source origin 3. The port number for the source origin 4. The ALPN id for the destination host -5. The host name for the destination host -6. The host number for the destination host -7. The expiration date and time of this entry within double quotes. The date format is "YYYYMMDD HH:MM:SS" and the time zone is GMT. +5. The hostname for the destination host +6. The port number for the destination host +7. The expiration date and time of this entry within double quotes. + The date format is "YYYYMMDD HH:MM:SS" and the time zone is GMT. 8. Boolean (1 or 0) if "persist" was set for this entry 9. Integer priority value (not currently used) -# TODO - -- handle multiple response headers, when one of them says `clear` (should - override them all) -- using `Age:` value for caching age as per spec -- `CURLALTSVC_IMMEDIATELY` support +If the hostname is an IPv6 numerical address, it is stored with brackets such +as `[::1]`. diff --git a/docs/BINDINGS.md b/docs/BINDINGS.md index 919e2d2c2d32..9a53f81f29f8 100644 --- a/docs/BINDINGS.md +++ b/docs/BINDINGS.md @@ -1,26 +1,34 @@ + + libcurl bindings ================ - Creative people have written bindings or interfaces for various environments - and programming languages. Using one of these allows you to take advantage of - curl powers from within your favourite language or system. +Creative people have written bindings or interfaces for various environments +and programming languages. Using one of these allows you to take advantage of +curl powers from within your favorite language or system. + +This is a list of all known interfaces as of this writing. - This is a list of all known interfaces as of this writing. +The bindings listed below are not part of the curl/libcurl distribution +archives, but must be downloaded and installed separately. - The bindings listed below are not part of the curl/libcurl distribution - archives, but must be downloaded and installed separately. + [Ada95](https://web.archive.org/web/20070403105909/www.almroth.com/adacurl/index.html) Written by Andreas Almroth -[Basic](http://scriptbasic.com/) ScriptBasic bindings written by Peter Verhas +[Basic](https://scriptbasic.com/) ScriptBasic bindings written by Peter Verhas -C++: [curlpp](http://curlpp.org/) Written by Jean-Philippe Barrette-LaPierre, -[curlcpp](https://github.com/JosephP91/curlcpp) by Giuseppe Persico and [C++ -Requests](https://github.com/whoshuu/cpr) by Huu Nguyen +C++: [curlpp](https://github.com/jpbarrette/curlpp) Written by Jean-Philippe Barrette-LaPierre, +[curlcpp](https://github.com/JosephP91/curlcpp) by Giuseppe Persico and +[C++ Requests](https://github.com/libcpr/cpr) by Huu Nguyen -[Ch](https://chcurl.sourceforge.io/) Written by Stephen Nestinger and Jonathan Rogado +[Ch](https://chcurl.sourceforge.net/) Written by Stephen Nestinger and Jonathan Rogado -Cocoa: [BBHTTP](https://github.com/brunodecarvalho/BBHTTP) written by Bruno de Carvalho +Cocoa: [BBHTTP](https://github.com/biasedbit/BBHTTP) written by Bruno de Carvalho [curlhandle](https://github.com/karelia/curlhandle) Written by Dan Wood Clojure: [clj-curl](https://github.com/lsevero/clj-curl) by Lucas Severo @@ -29,39 +37,45 @@ Clojure: [clj-curl](https://github.com/lsevero/clj-curl) by Lucas Severo [Delphi](https://github.com/Mercury13/curl4delphi) Written by Mikhail Merkuryev -[Dylan](https://dylanlibs.sourceforge.io/) Written by Chris Double +[Dylan](https://dylanlibs.sourceforge.net/) Written by Chris Double -[Eiffel](https://room.eiffel.com/library/curl) Written by Eiffel Software +[Eiffel](https://iron.eiffel.com/repository/20.11/package/ABEF6975-37AC-45FD-9C67-52D10BA0669B) Written by Eiffel Software [Euphoria](https://web.archive.org/web/20050204080544/rays-web.com/eulibcurl.htm) Written by Ray Smith -[Falcon](http://www.falconpl.org/index.ftd?page_id=prjs&prj_id=curl) +[Falcon](https://web.archive.org/web/20240130001835/www.falconpl.org/project_docs/curl/) [Ferite](https://web.archive.org/web/20150102192018/ferite.org/) Written by Paul Querna -[Gambas](https://gambas.sourceforge.io/) +[Fortran](https://github.com/interkosmos/fortran-curl) Written by Philipp Engel + +[Gambas](https://gambaswiki.org/website/en/main.html) [glib/GTK+](https://web.archive.org/web/20100526203452/atterer.net/glibcurl) Written by Richard Atterer Go: [go-curl](https://github.com/andelf/go-curl) by ShuYu Wang -[Guile](http://www.lonelycactus.com/guile-curl.html) Written by Michael L. Gran +[Guile](https://github.com/spk121/guile-curl) Written by Michael L. Gran + +[Harbour](https://github.com/vszakats/hb/tree/main/contrib/hbcurl) Written by Viktor Szakats -[Harbour](https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl) Written by Viktor Szakáts +[Haskell](https://hackage.haskell.org/package/curl) Written by Galois, Inc -[Haskell](https://hackage.haskell.org/cgi-bin/hackage-scripts/package/curl) Written by Galois, Inc +[Hollywood](https://web.archive.org/web/20250116185836/www.hollywood-mal.com/download.html) hURL by Andreas Falkenhahn -[Java](https://github.com/pjlegato/curl-java) +[Java](https://github.com/covers1624/curl4j) -[Julia](https://github.com/forio/Curl.jl) Written by Paul Howe +[Julia](https://github.com/JuliaWeb/LibCURL.jl) Written by Amit Murthy [Kapito](https://github.com/puzza007/katipo) is an Erlang HTTP library around libcurl. [Lisp](https://common-lisp.net/project/cl-curl/) Written by Liam Healy -Lua: [luacurl](https://web.archive.org/web/20201205052437/http://luacurl.luaforge.net/) by Alexander Marinov, [Lua-cURL](https://github.com/Lua-cURL) by Jürgen Hötzel +[LibQurl](https://github.com/Qriist/LibQurl) a feature rich AutoHotKey v2 (AHKv2) wrapper around libcurl. + +Lua: [luacurl](https://web.archive.org/web/20201205052437/luacurl.luaforge.net/) by Alexander Marinov, [Lua-curl](https://github.com/Lua-cURL) by Jürgen Hötzel -[Mono](https://forge.novell.com/modules/xfmod/project/?libcurl-mono) Written by Jeffrey Phillips +[Mono](https://web.archive.org/web/20070606064500/forge.novell.com/modules/xfmod/project/?libcurl-mono) Written by Jeffrey Phillips [.NET](https://sourceforge.net/projects/libcurl-net/) libcurl-net by Jeffrey Phillips @@ -84,44 +98,53 @@ Bailiff and Bálint Szilakszi, [PostgreSQL](https://github.com/pramsey/pgsql-http) - HTTP client for PostgreSQL -[PureBasic](https://www.purebasic.com/documentation/http/index.html) uses libcurl in its "native" HTTP subsystem +[PostgreSQL](https://github.com/RekGRpth/pg_curl) - curl client for PostgreSQL -[Python](http://pycurl.io/) PycURL by Kjetil Jacobsen +[PureBasic](https://web.archive.org/web/20250325015028/www.purebasic.com/documentation/http/index.html) uses libcurl in its "native" HTTP subsystem + +[Python](https://github.com/pycurl/pycurl) PycURL by Kjetil Jacobsen + +[Python](https://pypi.org/project/pymcurl/) mcurl by Ganesh Viswanathan + +[Q](https://q-lang.sourceforge.net/) The libcurl module is part of the default install [R](https://cran.r-project.org/package=curl) -[Rexx](https://rexxcurl.sourceforge.io/) Written Mark Hessling +[Rexx](https://rexxcurl.sourceforge.net/) Written Mark Hessling -[Ring](https://ring-lang.sourceforge.io/doc1.3/libcurl.html) RingLibCurl by Mahmoud Fayed +[Ring](https://ring-lang.github.io/doc1.24/libcurl.html) RingLibCurl by Mahmoud Fayed RPG, support for ILE/RPG on OS/400 is included in source distribution -Ruby: [curb](https://github.com/taf2/curb) written by Ross Bamford +Ruby: [curb](https://github.com/taf2/curb) written by Ross Bamford, +[ruby-curl-multi](https://github.com/kball/curl_multi.rb) by Kristjan Petursson and Keith Rarick -[Rust](https://github.com/carllerche/curl-rust) curl-rust - by Carl Lerche +[Rust](https://github.com/alexcrichton/curl-rust) curl-rust - by Carl Lerche -[Scheme](http://www.metapaper.net/lisovsky/web/curl/) Bigloo binding by Kirill Lisovsky +[Scheme](https://metapaper.net/lisovsky/web/curl/) Bigloo binding by Kirill Lisovsky [Scilab](https://help.scilab.org/docs/current/fr_FR/getURL.html) binding by Sylvestre Ledru [S-Lang](https://www.jedsoft.org/slang/modules/curl.html) by John E Davis -[Smalltalk](http://www.squeaksource.com/CurlPlugin/) Written by Danil Osipchuk +[Smalltalk](https://www.squeaksource.com/CurlPlugin/) Written by Danil Osipchuk [SP-Forth](https://sourceforge.net/p/spf/spf/ci/master/tree/devel/~ac/lib/lin/curl/) Written by Andrey Cherezov -[SPL](http://www.clifford.at/spl/) Written by Clifford Wolf +[SPL](https://web.archive.org/web/20210203022158/www.clifford.at/spl/spldoc/curl.html) Written by Clifford Wolf [Tcl](https://web.archive.org/web/20160826011806/mirror.yellow5.com/tclcurl/) Tclcurl by Andrés García +[Vibe](https://github.com/ttytm/vibe) HTTP requests through libcurl in V + [Visual Basic](https://sourceforge.net/projects/libcurl-vb/) libcurl-vb by Jeffrey Phillips [Visual Foxpro](https://web.archive.org/web/20130730181523/www.ctl32.com.ar/libcurl.asp) by Carlos Alloatti -[Q](https://q-lang.sourceforge.io/) The libcurl module is part of the default install - -[wxWidgets](https://wxcode.sourceforge.io/components/wxcurl/) Written by Casey O'Donnell +[wxWidgets](https://wxcode.sourceforge.net/components/wxcurl/) Written by Casey O'Donnell [XBLite](https://web.archive.org/web/20060426150418/perso.wanadoo.fr/xblite/libraries.html) Written by David Szafranski [Xojo](https://github.com/charonn0/RB-libcURL) Written by Andrew Lambert + +[Zig](https://github.com/jiacai2050/zig-curl) Written by Jiacai Liu, both easy and multi API are supported. diff --git a/docs/BUFREF.md b/docs/BUFREF.md deleted file mode 100644 index 2231e4e7a635..000000000000 --- a/docs/BUFREF.md +++ /dev/null @@ -1,81 +0,0 @@ -# bufref - -This is an internal module for handling buffer references. A referenced -buffer is associated with its destructor function that is implicitly called -when the reference is invalidated. Once referenced, a buffer cannot be -reallocated. - -A data length is stored within the reference for binary data handling -purpose; it is not used by the bufref API. - -The `struct bufref` is used to hold data referencing a buffer. The members of -that structure **MUST NOT** be accessed or modified without using the dedicated -bufref API. - -## init - -```c -void Curl_bufref_init(struct bufref *br); -``` - -Initialises a `bufref` structure. This function **MUST** be called before any -other operation is performed on the structure. - -Upon completion, the referenced buffer is `NULL` and length is zero. - -This function may also be called to bypass referenced buffer destruction while -invalidating the current reference. - -## free - -```c -void Curl_bufref_free(struct bufref *br); -``` - -Destroys the previously referenced buffer using its destructor and -reinitialises the structure for a possible subsequent reuse. - -## set - -```c -void Curl_bufref_set(struct bufref *br, const void *buffer, size_t length, - void (*destructor)(void *)); -``` - -Releases the previously referenced buffer, then assigns the new `buffer` to -the structure, associated with its `destructor` function. The later can be -specified as `NULL`: this will be the case when the referenced buffer is -static. - -if `buffer` is NULL, `length`must be zero. - -## memdup - -```c -CURLcode Curl_bufref_memdup(struct bufref *br, const void *data, size_t length); -``` - -Releases the previously referenced buffer, then duplicates the `length`-byte -`data` into a buffer allocated via `malloc()` and references the later -associated with destructor `curl_free()`. - -An additional trailing byte is allocated and set to zero as a possible -string zero-terminator; it is not counted in the stored length. - -Returns `CURLE_OK` if successful, else `CURLE_OUT_OF_MEMORY`. - -## ptr - -```c -const unsigned char *Curl_bufref_ptr(const struct bufref *br); -``` - -Returns a `const unsigned char *` to the referenced buffer. - -## len - -```c -size_t Curl_bufref_len(const struct bufref *br); -``` - -Returns the stored length of the referenced buffer. diff --git a/docs/BUG-BOUNTY.md b/docs/BUG-BOUNTY.md index 5cbb343b063e..765cf493e679 100644 --- a/docs/BUG-BOUNTY.md +++ b/docs/BUG-BOUNTY.md @@ -1,83 +1,16 @@ -# The curl bug bounty + -# How does it work? +# No curl bug bounty -Start out by posting your suspected security vulnerability directly to [curl's -HackerOne program](https://hackerone.com/curl). +The curl project does not offer any rewards for reported bugs or +vulnerabilities. We do not aid security researchers to get such rewards for +curl problems from other sources. -After you have reported a security issue, it has been deemed credible, and a -patch and advisory has been made public, you may be eligible for a bounty from -this program. +A bug bounty gives people too strong incentives to find and make up "problems" +in bad faith that cause overload and abuse. -See all details at [https://hackerone.com/curl](https://hackerone.com/curl) - -This bounty is relying on funds from sponsors. If you use curl professionally, -consider help funding this! See -[https://opencollective.com/curl](https://opencollective.com/curl) for -details. - -# What are the reward amounts? - -The curl project offers monetary compensation for reported and published -security vulnerabilities. The amount of money that is rewarded depends on how -serious the flaw is determined to be. - -We offer reward money *up to* a certain amount per severity. The curl security -team determines the severity of each reported flaw on a case by case basis and -the exact amount rewarded to the reporter is then decided. - -Check out the current award amounts at [https://hackerone.com/curl](https://hackerone.com/curl) - -# Who is eligible for a reward? - -Everyone and anyone who reports a security problem in a released curl version -that hasn't already been reported can ask for a bounty. - -Vulnerabilities in features that are off by default and documented as -experimental are not eligible for a reward. - -The vulnerability has to be fixed and publicly announced (by the curl project) -before a bug bounty will be considered. - -Bounties need to be requested within twelve months from the publication of the -vulnerability. - -# Product vulnerabilities only - -This bug bounty only concerns the curl and libcurl products and thus their -respective source codes - when running on existing hardware. It does not -include documentation, websites, or other infrastructure. - -The curl security team is the sole arbiter if a reported flaw is subject to a -bounty or not. - -# How are vulnerabilities graded? - -The grading of each reported vulnerability that makes a reward claim will be -performed by the curl security team. The grading will be based on the CVSS -(Common Vulnerability Scoring System) 3.0. - -# How are reward amounts determined? - -The curl security team first gives the vulnerability a score, as mentioned -above, and based on that level we set an amount depending on the specifics of -the individual case. Other sponsors of the program might also get involved and -can raise the amounts depending on the particular issue. - -# What happens if the bounty fund is drained? - -The bounty fund depends on sponsors. If we pay out more bounties than we add, -the fund will eventually drain. If that end up happening, we will simply not -be able to pay out as high bounties as we would like and hope that we can -convince new sponsors to help us top up the fund again. - -# Regarding taxes, etc. on the bounties - -In the event that the individual receiving a curl bug bounty needs to pay -taxes on the reward money, the responsibility lies with the receiver. The -curl project or its security team never actually receive any of this money, -hold the money, or pay out the money. +We still appreciate and value valid vulnerability reports. diff --git a/docs/BUGS.md b/docs/BUGS.md index e37875f80318..5f3704771ba9 100644 --- a/docs/BUGS.md +++ b/docs/BUGS.md @@ -1,266 +1,267 @@ + + # BUGS ## There are still bugs - Curl and libcurl keep being developed. Adding features and changing code - means that bugs will sneak in, no matter how hard we try not to. +curl and libcurl keep being developed. Adding features and changing code +means that bugs sneak in, no matter how hard we try to keep them out. - Of course there are lots of bugs left. And lots of misfeatures. +Of course there are lots of bugs left. Not to mention misfeatures. - To help us make curl the stable and solid product we want it to be, we need - bug reports and bug fixes. +To help us make curl the stable and solid product we want it to be, we need +bug reports and bug fixes. ## Where to report - If you can't fix a bug yourself and submit a fix for it, try to report an as - detailed report as possible to a curl mailing list to allow one of us to have - a go at a solution. You can optionally also submit your problem in [curl's - bug tracking system](https://github.com/curl/curl/issues). +If you cannot fix a bug yourself and submit a fix for it, try to report an as +detailed report as possible to a curl mailing list to allow one of us to have +a go at a solution. You can optionally also submit your problem in +[curl's bug tracking system](https://github.com/curl/curl/issues). - Please read the rest of this document below first before doing that! +Please read the rest of this document below first before doing that. - If you feel you need to ask around first, find a suitable [mailing list]( - https://curl.se/mail/) and post your questions there. +If you feel you need to ask around first, find a suitable +[mailing list](https://curl.se/mail/) and post your questions there. ## Security bugs - If you find a bug or problem in curl or libcurl that you think has a security - impact, for example a bug that can put users in danger or make them - vulnerable if the bug becomes public knowledge, then please report that bug - using our security development process. +If you find a bug or problem in curl or libcurl that you think has a security +impact, for example a bug that can put users in danger or make them +vulnerable if the bug becomes public knowledge, then please report that bug +using our security development process. - Security related bugs or bugs that are suspected to have a security impact, - should be reported on the [curl security tracker at - HackerOne](https://hackerone.com/curl). +Security related bugs or bugs that are suspected to have a security impact, +should be reported [privately](https://curl.se/dev/vuln-disclosure.html). - This ensures that the report reaches the curl security team so that they - first can be deal with the report away from the public to minimize the harm - and impact it will have on existing users out there who might be using the - vulnerable versions. +This ensures that the report reaches the curl security team so that they first +can deal with the report away from the public to minimize the harm and impact +it has on existing users out there who might be using the vulnerable versions. - The curl project's process for handling security related issues is - [documented separately](https://curl.se/dev/secprocess.html). +The curl project's process for handling security related issues is +[documented separately](https://curl.se/dev/secprocess.html). ## What to report - When reporting a bug, you should include all information that will help us - understand what's wrong, what you expected to happen and how to repeat the - bad behavior. You therefore need to tell us: +When reporting a bug, you should include all information to help us +understand what is wrong, what you expected to happen and how to repeat the +bad behavior. You therefore need to tell us: - - your operating system's name and version number +- your operating system's name and version number - - what version of curl you're using (`curl -V` is fine) +- what version of curl you are using (`curl -V` is fine) - - versions of the used libraries that libcurl is built to use +- versions of the used libraries that libcurl is built to use - - what URL you were working with (if possible), at least which protocol +- what URL you were working with (if possible), at least which protocol - and anything and everything else you think matters. Tell us what you expected - to happen, tell use what did happen, tell us how you could make it work - another way. Dig around, try out, test. Then include all the tiny bits and - pieces in your report. You will benefit from this yourself, as it will enable - us to help you quicker and more accurately. +and anything and everything else you think matters. Tell us what you expected +to happen, tell us what did happen, tell us how you could make it work +another way. Dig around, try out, test. Then include all the tiny bits and +pieces in your report. You benefit from this yourself, as it enables us to +help you quicker and more accurately. - Since curl deals with networks, it often helps us if you include a protocol - debug dump with your bug report. The output you get by using the `-v` or - `--trace` options. +Since curl deals with networks, it often helps us if you include a protocol +debug dump with your bug report. The output you get by using the `-v` or +`--trace` options. - If curl crashed, causing a core dump (in unix), there is hardly any use to - send that huge file to anyone of us. Unless we have an exact same system - setup as you, we can't do much with it. Instead we ask you to get a stack - trace and send that (much smaller) output to us instead! +If curl crashed, causing a core dump (in Unix), there is hardly any use to +send that huge file to anyone of us. Unless we have the same system setup as +you, we cannot do much with it. Instead, we ask you to get a stack trace and +send that (much smaller) output to us instead. - The address and how to subscribe to the mailing lists are detailed in the - `MANUAL.md` file. +The address and how to subscribe to the mailing lists are detailed in the +`MANUAL.md` file. ## libcurl problems - When you've written your own application with libcurl to perform transfers, - it is even more important to be specific and detailed when reporting bugs. +When you have written your own application with libcurl to perform transfers, +it is even more important to be specific and detailed when reporting bugs. - Tell us the libcurl version and your operating system. Tell us the name and - version of all relevant sub-components like for example the SSL library - you're using and what name resolving your libcurl uses. If you use SFTP or - SCP, the libssh2 version is relevant etc. +Tell us the libcurl version and your operating system. Tell us the name and +version of all relevant sub-components like for example the SSL library +you are using and what name resolving your libcurl uses. If you use SFTP or +SCP, the libssh2 version is relevant etc. - Showing us a real source code example repeating your problem is the best way - to get our attention and it will greatly increase our chances to understand - your problem and to work on a fix (if we agree it truly is a problem). +Showing us a real source code example repeating your problem is the best way +to get our attention and it greatly increases our chances to understand your +problem and to work on a fix (if we agree it truly is a problem). - Lots of problems that appear to be libcurl problems are actually just abuses - of the libcurl API or other malfunctions in your applications. It is advised - that you run your problematic program using a memory debug tool like valgrind - or similar before you post memory-related or "crashing" problems to us. +Lots of problems that appear to be libcurl problems are instead abuses of the +libcurl API or other malfunctions in your applications. It is advised that you +run your problematic program using a memory debug tool like valgrind or +similar before you post memory-related or "crashing" problems to us. -## Who will fix the problems +## Who fixes the problems - If the problems or bugs you describe are considered to be bugs, we want to - have the problems fixed. +If the problems or bugs you describe are considered to be bugs, we want to +have the problems fixed. - There are no developers in the curl project that are paid to work on bugs. - All developers that take on reported bugs do this on a voluntary basis. We do - it out of an ambition to keep curl and libcurl excellent products and out of - pride. +There are no developers in the curl project that are paid to work on bugs. +All developers that take on reported bugs do this on a voluntary basis. We do +it out of an ambition to keep curl and libcurl excellent products and out of +pride. - But please do not assume that you can just lump over something to us and it - will then magically be fixed after some given time. Most often we need - feedback and help to understand what you've experienced and how to repeat a - problem. Then we may only be able to assist YOU to debug the problem and to - track down the proper fix. +Please do not assume that you can lump over something to us and it then +automatically gets fixed after some given time. Most often we need feedback +and help to understand what you have experienced and how to repeat a problem. +Then we may only be able to assist YOU to debug the problem and to track down +the proper fix. - We get reports from many people every month and each report can take a - considerable amount of time to really go to the bottom with. +We get reports from many people every month and each report can take a +considerable amount of time to really go to the bottom with. ## How to get a stack trace - First, you must make sure that you compile all sources with `-g` and that you - don't 'strip' the final executable. Try to avoid optimizing the code as well, - remove `-O`, `-O2` etc from the compiler options. +First, you must make sure that you compile all sources with `-g` and that you +do not 'strip' the final executable. Try to avoid optimizing the code as well, +remove `-O`, `-O2` etc from the compiler options. - Run the program until it cores. +Run the program until it cores. - Run your debugger on the core file, like ` curl - core`. `` should be replaced with the name of your debugger, in - most cases that will be `gdb`, but `dbx` and others also occur. +Run your debugger on the core file, like ` curl core`. `` +should be replaced with the name of your debugger, in most cases that is +`gdb`, but `dbx` and others also occur. - When the debugger has finished loading the core file and presents you a - prompt, enter `where` (without quotes) and press return. +When the debugger has finished loading the core file and presents you a +prompt, enter `where` (without quotes) and press return. - The list that is presented is the stack trace. If everything worked, it is - supposed to contain the chain of functions that were called when curl - crashed. Include the stack trace with your detailed bug report. It'll help a - lot. +The list that is presented is the stack trace. If everything worked, it is +supposed to contain the chain of functions that were called when curl +crashed. Include the stack trace with your detailed bug report, it helps a +lot. ## Bugs in libcurl bindings - There will of course pop up bugs in libcurl bindings. You should then - primarily approach the team that works on that particular binding and see - what you can do to help them fix the problem. +There are of course bugs in libcurl bindings. You should then primarily +approach the team that works on that particular binding and see what you can +do to help them fix the problem. - If you suspect that the problem exists in the underlying libcurl, then please - convert your program over to plain C and follow the steps outlined above. +If you suspect that the problem exists in the underlying libcurl, then please +convert your program over to plain C and follow the steps outlined above. ## Bugs in old versions - The curl project typically releases new versions every other month, and we - fix several hundred bugs per year. For a huge table of releases, number of - bug fixes and more, see: https://curl.se/docs/releases.html +The curl project typically releases new versions every other month, and we +fix several hundred bugs per year. For a huge table of releases, number of +bug fixes and more, see: https://curl.se/docs/releases.html - The developers in the curl project do not have bandwidth or energy enough to - maintain several branches or to spend much time on hunting down problems in - old versions when chances are we already fixed them or at least that they've - changed nature and appearance in later versions. +The developers in the curl project do not have bandwidth or energy enough to +maintain several branches or to spend much time on hunting down problems in +old versions when chances are we already fixed them or at least that they have +changed nature and appearance in later versions. - When you experience a problem and want to report it, you really SHOULD - include the version number of the curl you're using when you experience the - issue. If that version number shows us that you're using an out-of-date curl, - you should also try out a modern curl version to see if the problem persists - or how/if it has changed in appearance. +When you experience a problem and want to report it, you really SHOULD +include the version number of the curl you are using when you experience the +issue. If that version number shows us that you are using an out-of-date curl, +you should also try out a modern curl version to see if the problem persists +or how/if it has changed in appearance. - Even if you cannot immediately upgrade your application/system to run the - latest curl version, you can most often at least run a test version or - experimental build or similar, to get this confirmed or not. +Even if you cannot immediately upgrade your application/system to run the +latest curl version, you can most often at least run a test version or +experimental build or similar, to get this confirmed or not. - At times people insist that they cannot upgrade to a modern curl version, but - instead they "just want the bug fixed". That's fine, just don't count on us - spending many cycles on trying to identify which single commit, if that's - even possible, that at some point in the past fixed the problem you're now - experiencing. +At times people insist that they cannot upgrade to a modern curl version, they +only "want the bug fixed". That is fine, but do not count on us spending many +cycles on trying to identify which single commit, if that is even possible, +that at some point in the past fixed the problem you are now experiencing. - Security wise, it is almost always a bad idea to lag behind the current curl - versions by a lot. We keeping discovering and reporting security problems - over time see you can see in [this - table](https://curl.se/docs/vulnerabilities.html) +Security wise, it is almost always a bad idea to lag behind the current curl +versions by a lot. We keep discovering and reporting security problems +over time see you can see in +[this table](https://curl.se/docs/vulnerabilities.html) # Bug fixing procedure ## What happens on first filing - When a new issue is posted in the issue tracker or on the mailing list, the - team of developers first need to see the report. Maybe they took the day off, - maybe they're off in the woods hunting. Have patience. Allow at least a few - days before expecting someone to have responded. +When a new issue is posted in the issue tracker or on the mailing list, the +team of developers first needs to see the report. Maybe they took the day off, +maybe they are off in the woods hunting. Have patience. Allow at least a few +days before expecting someone to have responded. - In the issue tracker you can expect that some labels will be set on the issue - to help categorize it. +In the issue tracker, you can expect that some labels are set on the issue to +help categorize it. ## First response - If your issue/bug report wasn't perfect at once (and few are), chances are - that someone will ask follow-up questions. Which version did you use? Which - options did you use? How often does the problem occur? How can we reproduce - this problem? Which protocols does it involve? Or perhaps much more specific - and deep diving questions. It all depends on your specific issue. +If your issue/bug report was not perfect at once (and few are), chances are +that someone asks follow-up questions. Which version did you use? Which +options did you use? How often does the problem occur? How can we reproduce +this problem? Which protocols does it involve? Or perhaps much more specific +and deep diving questions. It all depends on your specific issue. - You should then respond to these follow-up questions and provide more info - about the problem, so that we can help you figure it out. Or maybe you can - help us figure it out. An active back-and-forth communication is important - and the key for finding a cure and landing a fix. +You should then respond to these follow-up questions and provide more info +about the problem, so that we can help you figure it out. Or maybe you can +help us figure it out. An active back-and-forth communication is important +and the key for finding a cure and landing a fix. ## Not reproducible - For problems that we can't reproduce and can't understand even after having - gotten all the info we need and having studied the source code over again, - are really hard to solve so then we may require further work from you who - actually see or experience the problem. +We may require further work from you who actually see or experience the +problem if we cannot reproduce it and cannot understand it even after having +gotten all the info we need and having studied the source code over again. ## Unresponsive - If the problem haven't been understood or reproduced, and there's nobody - responding to follow-up questions or questions asking for clarifications or - for discussing possible ways to move forward with the task, we take that as a - strong suggestion that the bug is not important. +If the problem have not been understood or reproduced, and there is nobody +responding to follow-up questions or questions asking for clarifications or +for discussing possible ways to move forward with the task, we take that as a +strong suggestion that the bug is unimportant. - Unimportant issues will be closed as inactive sooner or later as they can't - be fixed. The inactivity period (waiting for responses) should not be shorter - than two weeks but may extend months. +Unimportant issues are closed as inactive sooner or later as they cannot be +fixed. The inactivity period (waiting for responses) should not be shorter +than two weeks but may extend months. ## Lack of time/interest - Bugs that are filed and are understood can unfortunately end up in the - "nobody cares enough about it to work on it" category. Such bugs are - perfectly valid problems that *should* get fixed but apparently aren't. We - try to mark such bugs as `KNOWN_BUGS material` after a time of inactivity and - if no activity is noticed after yet some time those bugs are added to the - `KNOWN_BUGS` document and are closed in the issue tracker. +Bugs that are filed and are understood can unfortunately end up in the +"nobody cares enough about it to work on it" category. Such bugs are +perfectly valid problems that *should* get fixed but apparently are not. We +try to mark such bugs as `KNOWN_BUGS material` after a time of inactivity and +if no activity is noticed after yet some time those bugs are added to the +`KNOWN_BUGS` document and are closed in the issue tracker. ## `KNOWN_BUGS` - This is a list of known bugs. Bugs we know exist and that have been pointed - out but that haven't yet been fixed. The reasons for why they haven't been - fixed can involve anything really, but the primary reason is that nobody has - considered these problems to be important enough to spend the necessary time - and effort to have them fixed. +This is a list of known bugs. Bugs we know exist and that have been pointed +out but that have not yet been fixed. The reasons for why they have not been +fixed can involve anything really, but the primary reason is that nobody has +considered these problems to be important enough to spend the necessary time +and effort to have them fixed. - The `KNOWN_BUGS` items are always up for grabs and we love the ones who bring - one of them back to life and offer solutions to them. +The `KNOWN_BUGS` items are always up for grabs and we love the ones who bring +one of them back to life and offer solutions to them. - The `KNOWN_BUGS` document has a sibling document known as `TODO`. +The `KNOWN_BUGS` document has a sibling document known as `TODO`. ## `TODO` - Issues that are filed or reported that aren't really bugs but more missing - features or ideas for future improvements and so on are marked as - 'enhancement' or 'feature-request' and will be added to the `TODO` document - and the issues are closed. We don't keep TODO items open in the issue - tracker. +Issues that are filed or reported that are not really bugs but more missing +features or ideas for future improvements and so on are marked as +*enhancement* or *feature-request* and get added to the `TODO` document and +the issues are closed. We do not keep TODO items open in the issue tracker. - The `TODO` document is full of ideas and suggestions of what we can add or - fix one day. You're always encouraged and free to grab one of those items and - take up a discussion with the curl development team on how that could be - implemented or provided in the project so that you can work on ticking it odd - that document. +The `TODO` document is full of ideas and suggestions of what we can add or +fix one day. You are always encouraged and free to grab one of those items and +take up a discussion with the curl development team on how that could be +implemented or provided in the project so that you can work on ticking it odd +that document. - If an issue is rather a bug and not a missing feature or functionality, it is - listed in `KNOWN_BUGS` instead. +If an issue is rather a bug and not a missing feature or functionality, it is +listed in `KNOWN_BUGS` instead. ## Closing off stalled bugs - The [issue and pull request trackers](https://github.com/curl/curl) only - holds "active" entries open (using a non-precise definition of what active - actually is, but they're at least not completely dead). Those that are - abandoned or in other ways dormant will be closed and sometimes added to - `TODO` and `KNOWN_BUGS` instead. +The [issue and pull request trackers](https://github.com/curl/curl) only hold +"active" entries open (using a non-precise definition of what active actually +is, but they are at least not completely dead). Those that are abandoned or +in other ways dormant are closed and sometimes added to `TODO` and +`KNOWN_BUGS` instead. - This way, we only have "active" issues open on GitHub. Irrelevant issues and - pull requests will not distract developers or casual visitors. +This way, we only have "active" issues open on GitHub. Irrelevant issues and +pull requests do not distract developers or casual visitors. diff --git a/docs/CHECKSRC.md b/docs/CHECKSRC.md deleted file mode 100644 index 2f634c49e0ca..000000000000 --- a/docs/CHECKSRC.md +++ /dev/null @@ -1,181 +0,0 @@ -# checksrc - -This is the tool we use within the curl project to scan C source code and -check that it adheres to our [Source Code Style guide](CODE_STYLE.md). - -## Usage - - checksrc.pl [options] [file1] [file2] ... - -## Command line options - -`-W[file]` skip that file and excludes it from being checked. Helpful -when, for example, one of the files is generated. - -`-D[dir]` directory name to prepend to file names when accessing them. - -`-h` shows the help output, that also lists all recognized warnings - -## What does checksrc warn for? - -checksrc does not check and verify the code against the entire style guide, -but the script is instead an effort to detect the most common mistakes and -syntax mistakes that contributors make before they get accustomed to our code -style. Heck, many of us regulars do the mistakes too and this script helps us -keep the code in shape. - - checksrc.pl -h - -Lists how to use the script and it lists all existing warnings it has and -problems it detects. At the time of this writing, the existing checksrc -warnings are: - -- `ASSIGNWITHINCONDITION`: Assignment within a conditional expression. The - code style mandates the assignment to be done outside of it. - -- `ASTERISKNOSPACE`: A pointer was declared like `char* name` instead of the - more appropriate `char *name` style. The asterisk should sit next to the - name. - -- `ASTERISKSPACE`: A pointer was declared like `char * name` instead of the - more appropriate `char *name` style. The asterisk should sit right next to - the name without a space in between. - -- `BADCOMMAND`: There's a bad !checksrc! instruction in the code. See the - **Ignore certain warnings** section below for details. - -- `BANNEDFUNC`: A banned function was used. The functions sprintf, vsprintf, - strcat, strncat, gets are **never** allowed in curl source code. - -- `BRACEELSE`: '} else' on the same line. The else is supposed to be on the - following line. - -- `BRACEPOS`: wrong position for an open brace (`{`). - -- `BRACEWHILE`: more than once space between end brace and while keyword - -- `COMMANOSPACE`: a comma without following space - -- `COPYRIGHT`: the file is missing a copyright statement! - -- `CPPCOMMENTS`: `//` comment detected, that's not C89 compliant - -- `DOBRACE`: only use one space after do before open brace - -- `EMPTYLINEBRACE`: found empty line before open brace - -- `EQUALSNOSPACE`: no space after `=` sign - -- `EQUALSNULL`: comparison with `== NULL` used in if/while. We use `!var`. - -- `EXCLAMATIONSPACE`: space found after exclamations mark - -- `FOPENMODE`: `fopen()` needs a macro for the mode string, use it - -- `INDENTATION`: detected a wrong start column for code. Note that this - warning only checks some specific places and will certainly miss many bad - indentations. - -- `LONGLINE`: A line is longer than 79 columns. - -- `MULTISPACE`: Multiple spaces were found where only one should be used. - -- `NOSPACEEQUALS`: An equals sign was found without preceding space. We prefer - `a = 2` and *not* `a=2`. - -- `NOTEQUALSZERO`: check found using `!= 0`. We use plain `if(var)`. - -- `ONELINECONDITION`: do not put the conditional block on the same line as `if()` - -- `OPENCOMMENT`: File ended with a comment (`/*`) still "open". - -- `PARENBRACE`: `){` was used without sufficient space in between. - -- `RETURNNOSPACE`: `return` was used without space between the keyword and the - following value. - -- `SEMINOSPACE`: There was no space (or newline) following a semicolon. - -- `SIZEOFNOPAREN`: Found use of sizeof without parentheses. We prefer - `sizeof(int)` style. - -- `SNPRINTF` - Found use of `snprintf()`. Since we use an internal replacement - with a different return code etc, we prefer `msnprintf()`. - -- `SPACEAFTERPAREN`: there was a space after open parenthesis, `( text`. - -- `SPACEBEFORECLOSE`: there was a space before a close parenthesis, `text )`. - -- `SPACEBEFORECOMMA`: there was a space before a comma, `one , two`. - -- `SPACEBEFOREPAREN`: there was a space before an open parenthesis, `if (`, - where one was not expected - -- `SPACESEMICOLON`: there was a space before semicolon, ` ;`. - -- `TABS`: TAB characters are not allowed! - -- `TRAILINGSPACE`: Trailing whitespace on the line - -- `TYPEDEFSTRUCT`: we frown upon (most) typedefed structs - -- `UNUSEDIGNORE`: a checksrc inlined warning ignore was asked for but not used, - that's an ignore that should be removed or changed to get used. - -### Extended warnings - -Some warnings are quite computationally expensive to perform, so they are -turned off by default. To enable these warnings, place a `.checksrc` file in -the directory where they should be activated with commands to enable the -warnings you are interested in. The format of the file is to enable one -warning per line like so: `enable ` - -Currently there is one extended warning which can be enabled: - -- `COPYRIGHTYEAR`: the current changeset hasn't updated the copyright year in - the source file - -## Ignore certain warnings - -Due to the nature of the source code and the flaws of the checksrc tool, there -is sometimes a need to ignore specific warnings. checksrc allows a few -different ways to do this. - -### Inline ignore - -You can control what to ignore within a specific source file by providing -instructions to checksrc in the source code itself. You need a magic marker -that is `!checksrc!` followed by the instruction. The instruction can ask to -ignore a specific warning N number of times or you ignore all of them until -you mark the end of the ignored section. - -Inline ignores are only done for that single specific source code file. - -Example - - /* !checksrc! disable LONGLINE all */ - -This will ignore the warning for overly long lines until it is re-enabled with: - - /* !checksrc! enable LONGLINE */ - -If the enabling isn't performed before the end of the file, it will be enabled -automatically for the next file. - -You can also opt to ignore just N violations so that if you have a single long -line you just can't shorten and is agreed to be fine anyway: - - /* !checksrc! disable LONGLINE 1 */ - -... and the warning for long lines will be enabled again automatically after -it has ignored that single warning. The number `1` can of course be changed to -any other integer number. It can be used to make sure only the exact intended -instances are ignored and nothing extra. - -### Directory wide ignore patterns - -This is a method we've transitioned away from. Use inline ignores as far as -possible. - -Make a `checksrc.skip` file in the directory of the source code with the -false positive, and include the full offending line into this file. diff --git a/docs/CIPHERS-TLS12.md b/docs/CIPHERS-TLS12.md new file mode 100644 index 000000000000..d67c62ba7ef9 --- /dev/null +++ b/docs/CIPHERS-TLS12.md @@ -0,0 +1,336 @@ + + +# TLS 1.2 cipher suites + +| Id | IANA name | OpenSSL name | RFC | +|--------|-----------------------------------------------|------------------------------------|--------------------| +| 0x0001 | TLS_RSA_WITH_NULL_MD5 | NULL-MD5 | [RFC5246] | +| 0x0002 | TLS_RSA_WITH_NULL_SHA | NULL-SHA | [RFC5246] | +| 0x0003 | TLS_RSA_EXPORT_WITH_RC4_40_MD5 | EXP-RC4-MD5 | [RFC4346][RFC6347] | +| 0x0004 | TLS_RSA_WITH_RC4_128_MD5 | RC4-MD5 | [RFC5246][RFC6347] | +| 0x0005 | TLS_RSA_WITH_RC4_128_SHA | RC4-SHA | [RFC5246][RFC6347] | +| 0x0006 | TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 | EXP-RC2-CBC-MD5 | [RFC4346] | +| 0x0007 | TLS_RSA_WITH_IDEA_CBC_SHA | IDEA-CBC-SHA | [RFC8996] | +| 0x0008 | TLS_RSA_EXPORT_WITH_DES40_CBC_SHA | EXP-DES-CBC-SHA | [RFC4346] | +| 0x0009 | TLS_RSA_WITH_DES_CBC_SHA | DES-CBC-SHA | [RFC8996] | +| 0x000A | TLS_RSA_WITH_3DES_EDE_CBC_SHA | DES-CBC3-SHA | [RFC5246] | +| 0x000B | TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA | EXP-DH-DSS-DES-CBC-SHA | [RFC4346] | +| 0x000C | TLS_DH_DSS_WITH_DES_CBC_SHA | DH-DSS-DES-CBC-SHA | [RFC8996] | +| 0x000D | TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA | DH-DSS-DES-CBC3-SHA | [RFC5246] | +| 0x000E | TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA | EXP-DH-RSA-DES-CBC-SHA | [RFC4346] | +| 0x000F | TLS_DH_RSA_WITH_DES_CBC_SHA | DH-RSA-DES-CBC-SHA | [RFC8996] | +| 0x0010 | TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA | DH-RSA-DES-CBC3-SHA | [RFC5246] | +| 0x0011 | TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA | EXP-DHE-DSS-DES-CBC-SHA | [RFC4346] | +| 0x0012 | TLS_DHE_DSS_WITH_DES_CBC_SHA | DHE-DSS-DES-CBC-SHA | [RFC8996] | +| 0x0013 | TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA | DHE-DSS-DES-CBC3-SHA | [RFC5246] | +| 0x0014 | TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | EXP-DHE-RSA-DES-CBC-SHA | [RFC4346] | +| 0x0015 | TLS_DHE_RSA_WITH_DES_CBC_SHA | DHE-RSA-DES-CBC-SHA | [RFC8996] | +| 0x0016 | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | DHE-RSA-DES-CBC3-SHA | [RFC5246] | +| 0x0017 | TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 | EXP-ADH-RC4-MD5 | [RFC4346][RFC6347] | +| 0x0018 | TLS_DH_anon_WITH_RC4_128_MD5 | ADH-RC4-MD5 | [RFC5246][RFC6347] | +| 0x0019 | TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA | EXP-ADH-DES-CBC-SHA | [RFC4346] | +| 0x001A | TLS_DH_anon_WITH_DES_CBC_SHA | ADH-DES-CBC-SHA | [RFC8996] | +| 0x001B | TLS_DH_anon_WITH_3DES_EDE_CBC_SHA | ADH-DES-CBC3-SHA | [RFC5246] | +| 0x001C | | FZA-NULL-SHA | | +| 0x001D | | FZA-FZA-CBC-SHA | | +| 0x001E | TLS_KRB5_WITH_DES_CBC_SHA | KRB5-DES-CBC-SHA | [RFC2712] | +| 0x001F | TLS_KRB5_WITH_3DES_EDE_CBC_SHA | KRB5-DES-CBC3-SHA | [RFC2712] | +| 0x0020 | TLS_KRB5_WITH_RC4_128_SHA | KRB5-RC4-SHA | [RFC2712][RFC6347] | +| 0x0021 | TLS_KRB5_WITH_IDEA_CBC_SHA | KRB5-IDEA-CBC-SHA | [RFC2712] | +| 0x0022 | TLS_KRB5_WITH_DES_CBC_MD5 | KRB5-DES-CBC-MD5 | [RFC2712] | +| 0x0023 | TLS_KRB5_WITH_3DES_EDE_CBC_MD5 | KRB5-DES-CBC3-MD5 | [RFC2712] | +| 0x0024 | TLS_KRB5_WITH_RC4_128_MD5 | KRB5-RC4-MD5 | [RFC2712][RFC6347] | +| 0x0025 | TLS_KRB5_WITH_IDEA_CBC_MD5 | KRB5-IDEA-CBC-MD5 | [RFC2712] | +| 0x0026 | TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA | EXP-KRB5-DES-CBC-SHA | [RFC2712] | +| 0x0027 | TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA | EXP-KRB5-RC2-CBC-SHA | [RFC2712] | +| 0x0028 | TLS_KRB5_EXPORT_WITH_RC4_40_SHA | EXP-KRB5-RC4-SHA | [RFC2712][RFC6347] | +| 0x0029 | TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 | EXP-KRB5-DES-CBC-MD5 | [RFC2712] | +| 0x002A | TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5 | EXP-KRB5-RC2-CBC-MD5 | [RFC2712] | +| 0x002B | TLS_KRB5_EXPORT_WITH_RC4_40_MD5 | EXP-KRB5-RC4-MD5 | [RFC2712][RFC6347] | +| 0x002C | TLS_PSK_WITH_NULL_SHA | PSK-NULL-SHA | [RFC4785] | +| 0x002D | TLS_DHE_PSK_WITH_NULL_SHA | DHE-PSK-NULL-SHA | [RFC4785] | +| 0x002E | TLS_RSA_PSK_WITH_NULL_SHA | RSA-PSK-NULL-SHA | [RFC4785] | +| 0x002F | TLS_RSA_WITH_AES_128_CBC_SHA | AES128-SHA | [RFC5246] | +| 0x0030 | TLS_DH_DSS_WITH_AES_128_CBC_SHA | DH-DSS-AES128-SHA | [RFC5246] | +| 0x0031 | TLS_DH_RSA_WITH_AES_128_CBC_SHA | DH-RSA-AES128-SHA | [RFC5246] | +| 0x0032 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA | DHE-DSS-AES128-SHA | [RFC5246] | +| 0x0033 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA | DHE-RSA-AES128-SHA | [RFC5246] | +| 0x0034 | TLS_DH_anon_WITH_AES_128_CBC_SHA | ADH-AES128-SHA | [RFC5246] | +| 0x0035 | TLS_RSA_WITH_AES_256_CBC_SHA | AES256-SHA | [RFC5246] | +| 0x0036 | TLS_DH_DSS_WITH_AES_256_CBC_SHA | DH-DSS-AES256-SHA | [RFC5246] | +| 0x0037 | TLS_DH_RSA_WITH_AES_256_CBC_SHA | DH-RSA-AES256-SHA | [RFC5246] | +| 0x0038 | TLS_DHE_DSS_WITH_AES_256_CBC_SHA | DHE-DSS-AES256-SHA | [RFC5246] | +| 0x0039 | TLS_DHE_RSA_WITH_AES_256_CBC_SHA | DHE-RSA-AES256-SHA | [RFC5246] | +| 0x003A | TLS_DH_anon_WITH_AES_256_CBC_SHA | ADH-AES256-SHA | [RFC5246] | +| 0x003B | TLS_RSA_WITH_NULL_SHA256 | NULL-SHA256 | [RFC5246] | +| 0x003C | TLS_RSA_WITH_AES_128_CBC_SHA256 | AES128-SHA256 | [RFC5246] | +| 0x003D | TLS_RSA_WITH_AES_256_CBC_SHA256 | AES256-SHA256 | [RFC5246] | +| 0x003E | TLS_DH_DSS_WITH_AES_128_CBC_SHA256 | DH-DSS-AES128-SHA256 | [RFC5246] | +| 0x003F | TLS_DH_RSA_WITH_AES_128_CBC_SHA256 | DH-RSA-AES128-SHA256 | [RFC5246] | +| 0x0040 | TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 | DHE-DSS-AES128-SHA256 | [RFC5246] | +| 0x0041 | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | CAMELLIA128-SHA | [RFC5932] | +| 0x0042 | TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA | DH-DSS-CAMELLIA128-SHA | [RFC5932] | +| 0x0043 | TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA | DH-RSA-CAMELLIA128-SHA | [RFC5932] | +| 0x0044 | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA | DHE-DSS-CAMELLIA128-SHA | [RFC5932] | +| 0x0045 | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | DHE-RSA-CAMELLIA128-SHA | [RFC5932] | +| 0x0046 | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA | ADH-CAMELLIA128-SHA | [RFC5932] | +| 0x0060 | | EXP1024-RC4-MD5 | | +| 0x0061 | | EXP1024-RC2-CBC-MD5 | | +| 0x0062 | | EXP1024-DES-CBC-SHA | | +| 0x0063 | | EXP1024-DHE-DSS-DES-CBC-SHA | | +| 0x0064 | | EXP1024-RC4-SHA | | +| 0x0065 | | EXP1024-DHE-DSS-RC4-SHA | | +| 0x0066 | | DHE-DSS-RC4-SHA | | +| 0x0067 | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | DHE-RSA-AES128-SHA256 | [RFC5246] | +| 0x0068 | TLS_DH_DSS_WITH_AES_256_CBC_SHA256 | DH-DSS-AES256-SHA256 | [RFC5246] | +| 0x0069 | TLS_DH_RSA_WITH_AES_256_CBC_SHA256 | DH-RSA-AES256-SHA256 | [RFC5246] | +| 0x006A | TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 | DHE-DSS-AES256-SHA256 | [RFC5246] | +| 0x006B | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | DHE-RSA-AES256-SHA256 | [RFC5246] | +| 0x006C | TLS_DH_anon_WITH_AES_128_CBC_SHA256 | ADH-AES128-SHA256 | [RFC5246] | +| 0x006D | TLS_DH_anon_WITH_AES_256_CBC_SHA256 | ADH-AES256-SHA256 | [RFC5246] | +| 0x0080 | | GOST94-GOST89-GOST89 | | +| 0x0081 | | GOST2001-GOST89-GOST89 | | +| 0x0082 | | GOST94-NULL-GOST94 | | +| 0x0083 | | GOST2001-NULL-GOST94 | | +| 0x0084 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | CAMELLIA256-SHA | [RFC5932] | +| 0x0085 | TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA | DH-DSS-CAMELLIA256-SHA | [RFC5932] | +| 0x0086 | TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA | DH-RSA-CAMELLIA256-SHA | [RFC5932] | +| 0x0087 | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA | DHE-DSS-CAMELLIA256-SHA | [RFC5932] | +| 0x0088 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | DHE-RSA-CAMELLIA256-SHA | [RFC5932] | +| 0x0089 | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA | ADH-CAMELLIA256-SHA | [RFC5932] | +| 0x008A | TLS_PSK_WITH_RC4_128_SHA | PSK-RC4-SHA | [RFC4279][RFC6347] | +| 0x008B | TLS_PSK_WITH_3DES_EDE_CBC_SHA | PSK-3DES-EDE-CBC-SHA | [RFC4279] | +| 0x008C | TLS_PSK_WITH_AES_128_CBC_SHA | PSK-AES128-CBC-SHA | [RFC4279] | +| 0x008D | TLS_PSK_WITH_AES_256_CBC_SHA | PSK-AES256-CBC-SHA | [RFC4279] | +| 0x008E | TLS_DHE_PSK_WITH_RC4_128_SHA | DHE-PSK-RC4-SHA | [RFC4279][RFC6347] | +| 0x008F | TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA | DHE-PSK-3DES-EDE-CBC-SHA | [RFC4279] | +| 0x0090 | TLS_DHE_PSK_WITH_AES_128_CBC_SHA | DHE-PSK-AES128-CBC-SHA | [RFC4279] | +| 0x0091 | TLS_DHE_PSK_WITH_AES_256_CBC_SHA | DHE-PSK-AES256-CBC-SHA | [RFC4279] | +| 0x0092 | TLS_RSA_PSK_WITH_RC4_128_SHA | RSA-PSK-RC4-SHA | [RFC4279][RFC6347] | +| 0x0093 | TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA | RSA-PSK-3DES-EDE-CBC-SHA | [RFC4279] | +| 0x0094 | TLS_RSA_PSK_WITH_AES_128_CBC_SHA | RSA-PSK-AES128-CBC-SHA | [RFC4279] | +| 0x0095 | TLS_RSA_PSK_WITH_AES_256_CBC_SHA | RSA-PSK-AES256-CBC-SHA | [RFC4279] | +| 0x0096 | TLS_RSA_WITH_SEED_CBC_SHA | SEED-SHA | [RFC4162] | +| 0x0097 | TLS_DH_DSS_WITH_SEED_CBC_SHA | DH-DSS-SEED-SHA | [RFC4162] | +| 0x0098 | TLS_DH_RSA_WITH_SEED_CBC_SHA | DH-RSA-SEED-SHA | [RFC4162] | +| 0x0099 | TLS_DHE_DSS_WITH_SEED_CBC_SHA | DHE-DSS-SEED-SHA | [RFC4162] | +| 0x009A | TLS_DHE_RSA_WITH_SEED_CBC_SHA | DHE-RSA-SEED-SHA | [RFC4162] | +| 0x009B | TLS_DH_anon_WITH_SEED_CBC_SHA | ADH-SEED-SHA | [RFC4162] | +| 0x009C | TLS_RSA_WITH_AES_128_GCM_SHA256 | AES128-GCM-SHA256 | [RFC5288] | +| 0x009D | TLS_RSA_WITH_AES_256_GCM_SHA384 | AES256-GCM-SHA384 | [RFC5288] | +| 0x009E | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | DHE-RSA-AES128-GCM-SHA256 | [RFC5288] | +| 0x009F | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | DHE-RSA-AES256-GCM-SHA384 | [RFC5288] | +| 0x00A0 | TLS_DH_RSA_WITH_AES_128_GCM_SHA256 | DH-RSA-AES128-GCM-SHA256 | [RFC5288] | +| 0x00A1 | TLS_DH_RSA_WITH_AES_256_GCM_SHA384 | DH-RSA-AES256-GCM-SHA384 | [RFC5288] | +| 0x00A2 | TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 | DHE-DSS-AES128-GCM-SHA256 | [RFC5288] | +| 0x00A3 | TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 | DHE-DSS-AES256-GCM-SHA384 | [RFC5288] | +| 0x00A4 | TLS_DH_DSS_WITH_AES_128_GCM_SHA256 | DH-DSS-AES128-GCM-SHA256 | [RFC5288] | +| 0x00A5 | TLS_DH_DSS_WITH_AES_256_GCM_SHA384 | DH-DSS-AES256-GCM-SHA384 | [RFC5288] | +| 0x00A6 | TLS_DH_anon_WITH_AES_128_GCM_SHA256 | ADH-AES128-GCM-SHA256 | [RFC5288] | +| 0x00A7 | TLS_DH_anon_WITH_AES_256_GCM_SHA384 | ADH-AES256-GCM-SHA384 | [RFC5288] | +| 0x00A8 | TLS_PSK_WITH_AES_128_GCM_SHA256 | PSK-AES128-GCM-SHA256 | [RFC5487] | +| 0x00A9 | TLS_PSK_WITH_AES_256_GCM_SHA384 | PSK-AES256-GCM-SHA384 | [RFC5487] | +| 0x00AA | TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 | DHE-PSK-AES128-GCM-SHA256 | [RFC5487] | +| 0x00AB | TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 | DHE-PSK-AES256-GCM-SHA384 | [RFC5487] | +| 0x00AC | TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 | RSA-PSK-AES128-GCM-SHA256 | [RFC5487] | +| 0x00AD | TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 | RSA-PSK-AES256-GCM-SHA384 | [RFC5487] | +| 0x00AE | TLS_PSK_WITH_AES_128_CBC_SHA256 | PSK-AES128-CBC-SHA256 | [RFC5487] | +| 0x00AF | TLS_PSK_WITH_AES_256_CBC_SHA384 | PSK-AES256-CBC-SHA384 | [RFC5487] | +| 0x00B0 | TLS_PSK_WITH_NULL_SHA256 | PSK-NULL-SHA256 | [RFC5487] | +| 0x00B1 | TLS_PSK_WITH_NULL_SHA384 | PSK-NULL-SHA384 | [RFC5487] | +| 0x00B2 | TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 | DHE-PSK-AES128-CBC-SHA256 | [RFC5487] | +| 0x00B3 | TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 | DHE-PSK-AES256-CBC-SHA384 | [RFC5487] | +| 0x00B4 | TLS_DHE_PSK_WITH_NULL_SHA256 | DHE-PSK-NULL-SHA256 | [RFC5487] | +| 0x00B5 | TLS_DHE_PSK_WITH_NULL_SHA384 | DHE-PSK-NULL-SHA384 | [RFC5487] | +| 0x00B6 | TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 | RSA-PSK-AES128-CBC-SHA256 | [RFC5487] | +| 0x00B7 | TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 | RSA-PSK-AES256-CBC-SHA384 | [RFC5487] | +| 0x00B8 | TLS_RSA_PSK_WITH_NULL_SHA256 | RSA-PSK-NULL-SHA256 | [RFC5487] | +| 0x00B9 | TLS_RSA_PSK_WITH_NULL_SHA384 | RSA-PSK-NULL-SHA384 | [RFC5487] | +| 0x00BA | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 | CAMELLIA128-SHA256 | [RFC5932] | +| 0x00BD | TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256 | DHE-DSS-CAMELLIA128-SHA256 | [RFC5932] | +| 0x00BE | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 | DHE-RSA-CAMELLIA128-SHA256 | [RFC5932] | +| 0x00BF | TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256 | ADH-CAMELLIA128-SHA256 | [RFC5932] | +| 0x00C0 | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 | CAMELLIA256-SHA256 | [RFC5932] | +| 0x00C3 | TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256 | DHE-DSS-CAMELLIA256-SHA256 | [RFC5932] | +| 0x00C4 | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 | DHE-RSA-CAMELLIA256-SHA256 | [RFC5932] | +| 0x00C5 | TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256 | ADH-CAMELLIA256-SHA256 | [RFC5932] | +| 0x00FF | TLS_EMPTY_RENEGOTIATION_INFO_SCSV | | [RFC5746] | +| 0x5600 | TLS_FALLBACK_SCSV | | [RFC7507] | +| 0xC001 | TLS_ECDH_ECDSA_WITH_NULL_SHA | ECDH-ECDSA-NULL-SHA | [RFC8422] | +| 0xC002 | TLS_ECDH_ECDSA_WITH_RC4_128_SHA | ECDH-ECDSA-RC4-SHA | [RFC8422][RFC6347] | +| 0xC003 | TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA | ECDH-ECDSA-DES-CBC3-SHA | [RFC8422] | +| 0xC004 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA | ECDH-ECDSA-AES128-SHA | [RFC8422] | +| 0xC005 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA | ECDH-ECDSA-AES256-SHA | [RFC8422] | +| 0xC006 | TLS_ECDHE_ECDSA_WITH_NULL_SHA | ECDHE-ECDSA-NULL-SHA | [RFC8422] | +| 0xC007 | TLS_ECDHE_ECDSA_WITH_RC4_128_SHA | ECDHE-ECDSA-RC4-SHA | [RFC8422][RFC6347] | +| 0xC008 | TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA | ECDHE-ECDSA-DES-CBC3-SHA | [RFC8422] | +| 0xC009 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA | ECDHE-ECDSA-AES128-SHA | [RFC8422] | +| 0xC00A | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA | ECDHE-ECDSA-AES256-SHA | [RFC8422] | +| 0xC00B | TLS_ECDH_RSA_WITH_NULL_SHA | ECDH-RSA-NULL-SHA | [RFC8422] | +| 0xC00C | TLS_ECDH_RSA_WITH_RC4_128_SHA | ECDH-RSA-RC4-SHA | [RFC8422][RFC6347] | +| 0xC00D | TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA | ECDH-RSA-DES-CBC3-SHA | [RFC8422] | +| 0xC00E | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA | ECDH-RSA-AES128-SHA | [RFC8422] | +| 0xC00F | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA | ECDH-RSA-AES256-SHA | [RFC8422] | +| 0xC010 | TLS_ECDHE_RSA_WITH_NULL_SHA | ECDHE-RSA-NULL-SHA | [RFC8422] | +| 0xC011 | TLS_ECDHE_RSA_WITH_RC4_128_SHA | ECDHE-RSA-RC4-SHA | [RFC8422][RFC6347] | +| 0xC012 | TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA | ECDHE-RSA-DES-CBC3-SHA | [RFC8422] | +| 0xC013 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | ECDHE-RSA-AES128-SHA | [RFC8422] | +| 0xC014 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ECDHE-RSA-AES256-SHA | [RFC8422] | +| 0xC015 | TLS_ECDH_anon_WITH_NULL_SHA | AECDH-NULL-SHA | [RFC8422] | +| 0xC016 | TLS_ECDH_anon_WITH_RC4_128_SHA | AECDH-RC4-SHA | [RFC8422][RFC6347] | +| 0xC017 | TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA | AECDH-DES-CBC3-SHA | [RFC8422] | +| 0xC018 | TLS_ECDH_anon_WITH_AES_128_CBC_SHA | AECDH-AES128-SHA | [RFC8422] | +| 0xC019 | TLS_ECDH_anon_WITH_AES_256_CBC_SHA | AECDH-AES256-SHA | [RFC8422] | +| 0xC01A | TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA | SRP-3DES-EDE-CBC-SHA | [RFC5054] | +| 0xC01B | TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA | SRP-RSA-3DES-EDE-CBC-SHA | [RFC5054] | +| 0xC01C | TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA | SRP-DSS-3DES-EDE-CBC-SHA | [RFC5054] | +| 0xC01D | TLS_SRP_SHA_WITH_AES_128_CBC_SHA | SRP-AES-128-CBC-SHA | [RFC5054] | +| 0xC01E | TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA | SRP-RSA-AES-128-CBC-SHA | [RFC5054] | +| 0xC01F | TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA | SRP-DSS-AES-128-CBC-SHA | [RFC5054] | +| 0xC020 | TLS_SRP_SHA_WITH_AES_256_CBC_SHA | SRP-AES-256-CBC-SHA | [RFC5054] | +| 0xC021 | TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA | SRP-RSA-AES-256-CBC-SHA | [RFC5054] | +| 0xC022 | TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA | SRP-DSS-AES-256-CBC-SHA | [RFC5054] | +| 0xC023 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | ECDHE-ECDSA-AES128-SHA256 | [RFC5289] | +| 0xC024 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | ECDHE-ECDSA-AES256-SHA384 | [RFC5289] | +| 0xC025 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | ECDH-ECDSA-AES128-SHA256 | [RFC5289] | +| 0xC026 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | ECDH-ECDSA-AES256-SHA384 | [RFC5289] | +| 0xC027 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | ECDHE-RSA-AES128-SHA256 | [RFC5289] | +| 0xC028 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | ECDHE-RSA-AES256-SHA384 | [RFC5289] | +| 0xC029 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | ECDH-RSA-AES128-SHA256 | [RFC5289] | +| 0xC02A | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | ECDH-RSA-AES256-SHA384 | [RFC5289] | +| 0xC02B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | ECDHE-ECDSA-AES128-GCM-SHA256 | [RFC5289] | +| 0xC02C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | ECDHE-ECDSA-AES256-GCM-SHA384 | [RFC5289] | +| 0xC02D | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | ECDH-ECDSA-AES128-GCM-SHA256 | [RFC5289] | +| 0xC02E | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | ECDH-ECDSA-AES256-GCM-SHA384 | [RFC5289] | +| 0xC02F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | ECDHE-RSA-AES128-GCM-SHA256 | [RFC5289] | +| 0xC030 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | ECDHE-RSA-AES256-GCM-SHA384 | [RFC5289] | +| 0xC031 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | ECDH-RSA-AES128-GCM-SHA256 | [RFC5289] | +| 0xC032 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | ECDH-RSA-AES256-GCM-SHA384 | [RFC5289] | +| 0xC033 | TLS_ECDHE_PSK_WITH_RC4_128_SHA | ECDHE-PSK-RC4-SHA | [RFC5489][RFC6347] | +| 0xC034 | TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA | ECDHE-PSK-3DES-EDE-CBC-SHA | [RFC5489] | +| 0xC035 | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA | ECDHE-PSK-AES128-CBC-SHA | [RFC5489] | +| 0xC036 | TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA | ECDHE-PSK-AES256-CBC-SHA | [RFC5489] | +| 0xC037 | TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 | ECDHE-PSK-AES128-CBC-SHA256 | [RFC5489] | +| 0xC038 | TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 | ECDHE-PSK-AES256-CBC-SHA384 | [RFC5489] | +| 0xC039 | TLS_ECDHE_PSK_WITH_NULL_SHA | ECDHE-PSK-NULL-SHA | [RFC5489] | +| 0xC03A | TLS_ECDHE_PSK_WITH_NULL_SHA256 | ECDHE-PSK-NULL-SHA256 | [RFC5489] | +| 0xC03B | TLS_ECDHE_PSK_WITH_NULL_SHA384 | ECDHE-PSK-NULL-SHA384 | [RFC5489] | +| 0xC03C | TLS_RSA_WITH_ARIA_128_CBC_SHA256 | ARIA128-SHA256 | [RFC6209] | +| 0xC03D | TLS_RSA_WITH_ARIA_256_CBC_SHA384 | ARIA256-SHA384 | [RFC6209] | +| 0xC044 | TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 | DHE-RSA-ARIA128-SHA256 | [RFC6209] | +| 0xC045 | TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 | DHE-RSA-ARIA256-SHA384 | [RFC6209] | +| 0xC048 | TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 | ECDHE-ECDSA-ARIA128-SHA256 | [RFC6209] | +| 0xC049 | TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 | ECDHE-ECDSA-ARIA256-SHA384 | [RFC6209] | +| 0xC04A | TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 | ECDH-ECDSA-ARIA128-SHA256 | [RFC6209] | +| 0xC04B | TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 | ECDH-ECDSA-ARIA256-SHA384 | [RFC6209] | +| 0xC04C | TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 | ECDHE-ARIA128-SHA256 | [RFC6209] | +| 0xC04D | TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 | ECDHE-ARIA256-SHA384 | [RFC6209] | +| 0xC04E | TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 | ECDH-ARIA128-SHA256 | [RFC6209] | +| 0xC04F | TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 | ECDH-ARIA256-SHA384 | [RFC6209] | +| 0xC050 | TLS_RSA_WITH_ARIA_128_GCM_SHA256 | ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC051 | TLS_RSA_WITH_ARIA_256_GCM_SHA384 | ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC052 | TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 | DHE-RSA-ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC053 | TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 | DHE-RSA-ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC056 | TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 | DHE-DSS-ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC057 | TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 | DHE-DSS-ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC05C | TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 | ECDHE-ECDSA-ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC05D | TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 | ECDHE-ECDSA-ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC05E | TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 | ECDH-ECDSA-ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC05F | TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 | ECDH-ECDSA-ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC060 | TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 | ECDHE-ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC061 | TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 | ECDHE-ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC062 | TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 | ECDH-ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC063 | TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 | ECDH-ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC064 | TLS_PSK_WITH_ARIA_128_CBC_SHA256 | PSK-ARIA128-SHA256 | [RFC6209] | +| 0xC065 | TLS_PSK_WITH_ARIA_256_CBC_SHA384 | PSK-ARIA256-SHA384 | [RFC6209] | +| 0xC066 | TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 | DHE-PSK-ARIA128-SHA256 | [RFC6209] | +| 0xC067 | TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 | DHE-PSK-ARIA256-SHA384 | [RFC6209] | +| 0xC068 | TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 | RSA-PSK-ARIA128-SHA256 | [RFC6209] | +| 0xC069 | TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 | RSA-PSK-ARIA256-SHA384 | [RFC6209] | +| 0xC06A | TLS_PSK_WITH_ARIA_128_GCM_SHA256 | PSK-ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC06B | TLS_PSK_WITH_ARIA_256_GCM_SHA384 | PSK-ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC06C | TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 | DHE-PSK-ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC06D | TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 | DHE-PSK-ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC06E | TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 | RSA-PSK-ARIA128-GCM-SHA256 | [RFC6209] | +| 0xC06F | TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 | RSA-PSK-ARIA256-GCM-SHA384 | [RFC6209] | +| 0xC070 | TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 | ECDHE-PSK-ARIA128-SHA256 | [RFC6209] | +| 0xC071 | TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 | ECDHE-PSK-ARIA256-SHA384 | [RFC6209] | +| 0xC072 | TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 | ECDHE-ECDSA-CAMELLIA128-SHA256 | [RFC6367] | +| 0xC073 | TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 | ECDHE-ECDSA-CAMELLIA256-SHA384 | [RFC6367] | +| 0xC074 | TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 | ECDH-ECDSA-CAMELLIA128-SHA256 | [RFC6367] | +| 0xC075 | TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 | ECDH-ECDSA-CAMELLIA256-SHA384 | [RFC6367] | +| 0xC076 | TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 | ECDHE-RSA-CAMELLIA128-SHA256 | [RFC6367] | +| 0xC077 | TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 | ECDHE-RSA-CAMELLIA256-SHA384 | [RFC6367] | +| 0xC078 | TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 | ECDH-CAMELLIA128-SHA256 | [RFC6367] | +| 0xC079 | TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 | ECDH-CAMELLIA256-SHA384 | [RFC6367] | +| 0xC07A | TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 | CAMELLIA128-GCM-SHA256 | [RFC6367] | +| 0xC07B | TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 | CAMELLIA256-GCM-SHA384 | [RFC6367] | +| 0xC07C | TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 | DHE-RSA-CAMELLIA128-GCM-SHA256 | [RFC6367] | +| 0xC07D | TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 | DHE-RSA-CAMELLIA256-GCM-SHA384 | [RFC6367] | +| 0xC086 | TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 | ECDHE-ECDSA-CAMELLIA128-GCM-SHA256 | [RFC6367] | +| 0xC087 | TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 | ECDHE-ECDSA-CAMELLIA256-GCM-SHA384 | [RFC6367] | +| 0xC088 | TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 | ECDH-ECDSA-CAMELLIA128-GCM-SHA256 | [RFC6367] | +| 0xC089 | TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 | ECDH-ECDSA-CAMELLIA256-GCM-SHA384 | [RFC6367] | +| 0xC08A | TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 | ECDHE-CAMELLIA128-GCM-SHA256 | [RFC6367] | +| 0xC08B | TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 | ECDHE-CAMELLIA256-GCM-SHA384 | [RFC6367] | +| 0xC08C | TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 | ECDH-CAMELLIA128-GCM-SHA256 | [RFC6367] | +| 0xC08D | TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 | ECDH-CAMELLIA256-GCM-SHA384 | [RFC6367] | +| 0xC08E | TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 | PSK-CAMELLIA128-GCM-SHA256 | [RFC6367] | +| 0xC08F | TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 | PSK-CAMELLIA256-GCM-SHA384 | [RFC6367] | +| 0xC090 | TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 | DHE-PSK-CAMELLIA128-GCM-SHA256 | [RFC6367] | +| 0xC091 | TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 | DHE-PSK-CAMELLIA256-GCM-SHA384 | [RFC6367] | +| 0xC092 | TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 | RSA-PSK-CAMELLIA128-GCM-SHA256 | [RFC6367] | +| 0xC093 | TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 | RSA-PSK-CAMELLIA256-GCM-SHA384 | [RFC6367] | +| 0xC094 | TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 | PSK-CAMELLIA128-SHA256 | [RFC6367] | +| 0xC095 | TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 | PSK-CAMELLIA256-SHA384 | [RFC6367] | +| 0xC096 | TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 | DHE-PSK-CAMELLIA128-SHA256 | [RFC6367] | +| 0xC097 | TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 | DHE-PSK-CAMELLIA256-SHA384 | [RFC6367] | +| 0xC098 | TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 | RSA-PSK-CAMELLIA128-SHA256 | [RFC6367] | +| 0xC099 | TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 | RSA-PSK-CAMELLIA256-SHA384 | [RFC6367] | +| 0xC09A | TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 | ECDHE-PSK-CAMELLIA128-SHA256 | [RFC6367] | +| 0xC09B | TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 | ECDHE-PSK-CAMELLIA256-SHA384 | [RFC6367] | +| 0xC09C | TLS_RSA_WITH_AES_128_CCM | AES128-CCM | [RFC6655] | +| 0xC09D | TLS_RSA_WITH_AES_256_CCM | AES256-CCM | [RFC6655] | +| 0xC09E | TLS_DHE_RSA_WITH_AES_128_CCM | DHE-RSA-AES128-CCM | [RFC6655] | +| 0xC09F | TLS_DHE_RSA_WITH_AES_256_CCM | DHE-RSA-AES256-CCM | [RFC6655] | +| 0xC0A0 | TLS_RSA_WITH_AES_128_CCM_8 | AES128-CCM8 | [RFC6655] | +| 0xC0A1 | TLS_RSA_WITH_AES_256_CCM_8 | AES256-CCM8 | [RFC6655] | +| 0xC0A2 | TLS_DHE_RSA_WITH_AES_128_CCM_8 | DHE-RSA-AES128-CCM8 | [RFC6655] | +| 0xC0A3 | TLS_DHE_RSA_WITH_AES_256_CCM_8 | DHE-RSA-AES256-CCM8 | [RFC6655] | +| 0xC0A4 | TLS_PSK_WITH_AES_128_CCM | PSK-AES128-CCM | [RFC6655] | +| 0xC0A5 | TLS_PSK_WITH_AES_256_CCM | PSK-AES256-CCM | [RFC6655] | +| 0xC0A6 | TLS_DHE_PSK_WITH_AES_128_CCM | DHE-PSK-AES128-CCM | [RFC6655] | +| 0xC0A7 | TLS_DHE_PSK_WITH_AES_256_CCM | DHE-PSK-AES256-CCM | [RFC6655] | +| 0xC0A8 | TLS_PSK_WITH_AES_128_CCM_8 | PSK-AES128-CCM8 | [RFC6655] | +| 0xC0A9 | TLS_PSK_WITH_AES_256_CCM_8 | PSK-AES256-CCM8 | [RFC6655] | +| 0xC0AA | TLS_PSK_DHE_WITH_AES_128_CCM_8 | DHE-PSK-AES128-CCM8 | [RFC6655] | +| 0xC0AB | TLS_PSK_DHE_WITH_AES_256_CCM_8 | DHE-PSK-AES256-CCM8 | [RFC6655] | +| 0xC0AC | TLS_ECDHE_ECDSA_WITH_AES_128_CCM | ECDHE-ECDSA-AES128-CCM | [RFC7251] | +| 0xC0AD | TLS_ECDHE_ECDSA_WITH_AES_256_CCM | ECDHE-ECDSA-AES256-CCM | [RFC7251] | +| 0xC0AE | TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 | ECDHE-ECDSA-AES128-CCM8 | [RFC7251] | +| 0xC0AF | TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 | ECDHE-ECDSA-AES256-CCM8 | [RFC7251] | +| 0xC100 | TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC | GOST2012-KUZNYECHIK-KUZNYECHIKOMAC | [RFC9189] | +| 0xC101 | TLS_GOSTR341112_256_WITH_MAGMA_CTR_OMAC | GOST2012-MAGMA-MAGMAOMAC | [RFC9189] | +| 0xC102 | TLS_GOSTR341112_256_WITH_28147_CNT_IMIT | IANA-GOST2012-GOST8912-GOST8912 | [RFC9189] | +| 0xCC13 | | ECDHE-RSA-CHACHA20-POLY1305-OLD | | +| 0xCC14 | | ECDHE-ECDSA-CHACHA20-POLY1305-OLD | | +| 0xCC15 | | DHE-RSA-CHACHA20-POLY1305-OLD | | +| 0xCCA8 | TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | ECDHE-RSA-CHACHA20-POLY1305 | [RFC7905] | +| 0xCCA9 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | ECDHE-ECDSA-CHACHA20-POLY1305 | [RFC7905] | +| 0xCCAA | TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | DHE-RSA-CHACHA20-POLY1305 | [RFC7905] | +| 0xCCAB | TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 | PSK-CHACHA20-POLY1305 | [RFC7905] | +| 0xCCAC | TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | ECDHE-PSK-CHACHA20-POLY1305 | [RFC7905] | +| 0xCCAD | TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 | DHE-PSK-CHACHA20-POLY1305 | [RFC7905] | +| 0xCCAE | TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 | RSA-PSK-CHACHA20-POLY1305 | [RFC7905] | +| 0xD001 | TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 | ECDHE-PSK-AES128-GCM-SHA256 | [RFC8442] | +| 0xE011 | | ECDHE-ECDSA-SM4-CBC-SM3 | | +| 0xE051 | | ECDHE-ECDSA-SM4-GCM-SM3 | | +| 0xE052 | | ECDHE-ECDSA-SM4-CCM-SM3 | | +| 0xFF00 | | GOST-MD5 | | +| 0xFF01 | | GOST-GOST94 | | +| 0xFF02 | | GOST-GOST89MAC | | +| 0xFF03 | | GOST-GOST89STREAM | | diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md index af8f2f4c40b2..060d3da94983 100644 --- a/docs/CIPHERS.md +++ b/docs/CIPHERS.md @@ -1,522 +1,278 @@ -# Ciphers + -TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+ with options -[`CURLOPT_TLS13_CIPHERS`](https://curl.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html) -and -[`--tls13-ciphers`](https://curl.se/docs/manpage.html#--tls13-ciphers) -. If you are using a different SSL backend you can try setting TLS 1.3 cipher -suites by using the respective regular cipher option. - -The names of the known ciphers differ depending on which TLS backend that -libcurl was built to use. This is an attempt to list known cipher names. - -## OpenSSL - -(based on [OpenSSL docs](https://www.openssl.org/docs/man1.1.0/apps/ciphers.html)) - -When specifying multiple cipher names, separate them with colon (`:`). - -### SSL3 cipher suites - -`NULL-MD5` -`NULL-SHA` -`RC4-MD5` -`RC4-SHA` -`IDEA-CBC-SHA` -`DES-CBC3-SHA` -`DH-DSS-DES-CBC3-SHA` -`DH-RSA-DES-CBC3-SHA` -`DHE-DSS-DES-CBC3-SHA` -`DHE-RSA-DES-CBC3-SHA` -`ADH-RC4-MD5` -`ADH-DES-CBC3-SHA` - -### TLS v1.0 cipher suites - -`NULL-MD5` -`NULL-SHA` -`RC4-MD5` -`RC4-SHA` -`IDEA-CBC-SHA` -`DES-CBC3-SHA` -`DHE-DSS-DES-CBC3-SHA` -`DHE-RSA-DES-CBC3-SHA` -`ADH-RC4-MD5` -`ADH-DES-CBC3-SHA` - -### AES ciphersuites from RFC3268, extending TLS v1.0 - -`AES128-SHA` -`AES256-SHA` -`DH-DSS-AES128-SHA` -`DH-DSS-AES256-SHA` -`DH-RSA-AES128-SHA` -`DH-RSA-AES256-SHA` -`DHE-DSS-AES128-SHA` -`DHE-DSS-AES256-SHA` -`DHE-RSA-AES128-SHA` -`DHE-RSA-AES256-SHA` -`ADH-AES128-SHA` -`ADH-AES256-SHA` - -### SEED ciphersuites from RFC4162, extending TLS v1.0 - -`SEED-SHA` -`DH-DSS-SEED-SHA` -`DH-RSA-SEED-SHA` -`DHE-DSS-SEED-SHA` -`DHE-RSA-SEED-SHA` -`ADH-SEED-SHA` - -### GOST ciphersuites, extending TLS v1.0 - -`GOST94-GOST89-GOST89` -`GOST2001-GOST89-GOST89` -`GOST94-NULL-GOST94` -`GOST2001-NULL-GOST94` - -### Elliptic curve cipher suites - -`ECDHE-RSA-NULL-SHA` -`ECDHE-RSA-RC4-SHA` -`ECDHE-RSA-DES-CBC3-SHA` -`ECDHE-RSA-AES128-SHA` -`ECDHE-RSA-AES256-SHA` -`ECDHE-ECDSA-NULL-SHA` -`ECDHE-ECDSA-RC4-SHA` -`ECDHE-ECDSA-DES-CBC3-SHA` -`ECDHE-ECDSA-AES128-SHA` -`ECDHE-ECDSA-AES256-SHA` -`AECDH-NULL-SHA` -`AECDH-RC4-SHA` -`AECDH-DES-CBC3-SHA` -`AECDH-AES128-SHA` -`AECDH-AES256-SHA` - -### TLS v1.2 cipher suites - -`NULL-SHA256` -`AES128-SHA256` -`AES256-SHA256` -`AES128-GCM-SHA256` -`AES256-GCM-SHA384` -`DH-RSA-AES128-SHA256` -`DH-RSA-AES256-SHA256` -`DH-RSA-AES128-GCM-SHA256` -`DH-RSA-AES256-GCM-SHA384` -`DH-DSS-AES128-SHA256` -`DH-DSS-AES256-SHA256` -`DH-DSS-AES128-GCM-SHA256` -`DH-DSS-AES256-GCM-SHA384` -`DHE-RSA-AES128-SHA256` -`DHE-RSA-AES256-SHA256` -`DHE-RSA-AES128-GCM-SHA256` -`DHE-RSA-AES256-GCM-SHA384` -`DHE-DSS-AES128-SHA256` -`DHE-DSS-AES256-SHA256` -`DHE-DSS-AES128-GCM-SHA256` -`DHE-DSS-AES256-GCM-SHA384` -`ECDHE-RSA-AES128-SHA256` -`ECDHE-RSA-AES256-SHA384` -`ECDHE-RSA-AES128-GCM-SHA256` -`ECDHE-RSA-AES256-GCM-SHA384` -`ECDHE-ECDSA-AES128-SHA256` -`ECDHE-ECDSA-AES256-SHA384` -`ECDHE-ECDSA-AES128-GCM-SHA256` -`ECDHE-ECDSA-AES256-GCM-SHA384` -`ADH-AES128-SHA256` -`ADH-AES256-SHA256` -`ADH-AES128-GCM-SHA256` -`ADH-AES256-GCM-SHA384` -`AES128-CCM` -`AES256-CCM` -`DHE-RSA-AES128-CCM` -`DHE-RSA-AES256-CCM` -`AES128-CCM8` -`AES256-CCM8` -`DHE-RSA-AES128-CCM8` -`DHE-RSA-AES256-CCM8` -`ECDHE-ECDSA-AES128-CCM` -`ECDHE-ECDSA-AES256-CCM` -`ECDHE-ECDSA-AES128-CCM8` -`ECDHE-ECDSA-AES256-CCM8` - -### Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2 - -`ECDHE-ECDSA-CAMELLIA128-SHA256` -`ECDHE-ECDSA-CAMELLIA256-SHA384` -`ECDHE-RSA-CAMELLIA128-SHA256` -`ECDHE-RSA-CAMELLIA256-SHA384` +## curl cipher options -### TLS 1.3 cipher suites +A TLS handshake involves many parameters which take part in the negotiation +between client and server in order to agree on the TLS version and set of +algorithms to use for a connection. + +What has become known as a "cipher" or better "cipher suite" in TLS +are names for specific combinations of +[key exchange](https://en.wikipedia.org/wiki/Key_exchange), +[bulk encryption](https://en.wikipedia.org/wiki/Link_encryption), +[message authentication code](https://en.wikipedia.org/wiki/Message_authentication_code) +and with TLSv1.3 the +[authenticated encryption](https://en.wikipedia.org/wiki/Authenticated_encryption). +In addition, there are other parameters that influence the TLS handshake, like +[DHE](https://en.wikipedia.org/wiki/Diffie%e2%80%93Hellman_key_exchange) "groups" +and [ECDHE](https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%e2%80%93Hellman) +with its "curves". + +### History + +curl's way of letting users configure these settings closely followed OpenSSL +in its API. TLS learned new parameters, OpenSSL added new API functions and +curl added command line options. + +Several other TLS backends followed the OpenSSL approach, more or less closely, +and curl maps the command line options to these TLS backends. Some TLS +backends do not support all of it and command line options are either +ignored or lead to an error. + +Many examples below show the OpenSSL-like use of these options. GnuTLS +however chose a different approach. These are described in a separate +section further below. -(Note these ciphers are set with `CURLOPT_TLS13_CIPHERS` and `--tls13-ciphers`) - -`TLS_AES_256_GCM_SHA384` -`TLS_CHACHA20_POLY1305_SHA256` -`TLS_AES_128_GCM_SHA256` -`TLS_AES_128_CCM_8_SHA256` -`TLS_AES_128_CCM_SHA256` - -## NSS - -### Totally insecure - -`rc4` -`rc4-md5` -`rc4export` -`rc2` -`rc2export` -`des` -`desede3` - -### SSL3/TLS cipher suites - -`rsa_rc4_128_md5` -`rsa_rc4_128_sha` -`rsa_3des_sha` -`rsa_des_sha` -`rsa_rc4_40_md5` -`rsa_rc2_40_md5` -`rsa_null_md5` -`rsa_null_sha` -`fips_3des_sha` -`fips_des_sha` -`fortezza` -`fortezza_rc4_128_sha` -`fortezza_null` - -### TLS 1.0 Exportable 56-bit Cipher Suites - -`rsa_des_56_sha` -`rsa_rc4_56_sha` - -### AES ciphers - -`dhe_dss_aes_128_cbc_sha` -`dhe_dss_aes_256_cbc_sha` -`dhe_rsa_aes_128_cbc_sha` -`dhe_rsa_aes_256_cbc_sha` -`rsa_aes_128_sha` -`rsa_aes_256_sha` - -### ECC ciphers - -`ecdh_ecdsa_null_sha` -`ecdh_ecdsa_rc4_128_sha` -`ecdh_ecdsa_3des_sha` -`ecdh_ecdsa_aes_128_sha` -`ecdh_ecdsa_aes_256_sha` -`ecdhe_ecdsa_null_sha` -`ecdhe_ecdsa_rc4_128_sha` -`ecdhe_ecdsa_3des_sha` -`ecdhe_ecdsa_aes_128_sha` -`ecdhe_ecdsa_aes_256_sha` -`ecdh_rsa_null_sha` -`ecdh_rsa_128_sha` -`ecdh_rsa_3des_sha` -`ecdh_rsa_aes_128_sha` -`ecdh_rsa_aes_256_sha` -`ecdhe_rsa_null` -`ecdhe_rsa_rc4_128_sha` -`ecdhe_rsa_3des_sha` -`ecdhe_rsa_aes_128_sha` -`ecdhe_rsa_aes_256_sha` -`ecdh_anon_null_sha` -`ecdh_anon_rc4_128sha` -`ecdh_anon_3des_sha` -`ecdh_anon_aes_128_sha` -`ecdh_anon_aes_256_sha` - -### HMAC-SHA256 cipher suites - -`rsa_null_sha_256` -`rsa_aes_128_cbc_sha_256` -`rsa_aes_256_cbc_sha_256` -`dhe_rsa_aes_128_cbc_sha_256` -`dhe_rsa_aes_256_cbc_sha_256` -`ecdhe_ecdsa_aes_128_cbc_sha_256` -`ecdhe_rsa_aes_128_cbc_sha_256` - -### AES GCM cipher suites in RFC 5288 and RFC 5289 - -`rsa_aes_128_gcm_sha_256` -`dhe_rsa_aes_128_gcm_sha_256` -`dhe_dss_aes_128_gcm_sha_256` -`ecdhe_ecdsa_aes_128_gcm_sha_256` -`ecdh_ecdsa_aes_128_gcm_sha_256` -`ecdhe_rsa_aes_128_gcm_sha_256` -`ecdh_rsa_aes_128_gcm_sha_256` - -### cipher suites using SHA384 - -`rsa_aes_256_gcm_sha_384` -`dhe_rsa_aes_256_gcm_sha_384` -`dhe_dss_aes_256_gcm_sha_384` -`ecdhe_ecdsa_aes_256_sha_384` -`ecdhe_rsa_aes_256_sha_384` -`ecdhe_ecdsa_aes_256_gcm_sha_384` -`ecdhe_rsa_aes_256_gcm_sha_384` - -### chacha20-poly1305 cipher suites - -`ecdhe_rsa_chacha20_poly1305_sha_256` -`ecdhe_ecdsa_chacha20_poly1305_sha_256` -`dhe_rsa_chacha20_poly1305_sha_256` +## ciphers, the OpenSSL way + +With curl's option +[`--tls13-ciphers`](https://curl.se/docs/manpage.html#--tls13-ciphers) +or +[`CURLOPT_TLS13_CIPHERS`](https://curl.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html) +users can control which cipher suites to consider when negotiating TLS 1.3 +connections. With option +[`--ciphers`](https://curl.se/docs/manpage.html#--ciphers) +or +[`CURLOPT_SSL_CIPHER_LIST`](https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html) +users can control which cipher suites to consider when negotiating +TLS 1.2 (1.1, 1.0) connections. + +By default, curl may negotiate TLS 1.3 and TLS 1.2 connections, so the cipher +suites considered when negotiating a TLS connection are a union of the TLS 1.3 +and TLS 1.2 cipher suites. If you want curl to consider only TLS 1.3 cipher +suites for the connection, you have to set the minimum TLS version to 1.3 by +using [`--tlsv1.3`](https://curl.se/docs/manpage.html#--tlsv13) +or [`CURLOPT_SSLVERSION`](https://curl.se/libcurl/c/CURLOPT_SSLVERSION.html) +with `CURL_SSLVERSION_TLSv1_3`. + +Both the TLS 1.3 and TLS 1.2 cipher options expect a list of cipher suites +separated by colons (`:`). This list is parsed opportunistically, cipher suites +that are not recognized or implemented are ignored. As long as there is at +least one recognized cipher suite in the list, the list is considered valid. + +For both the TLS 1.3 and TLS 1.2 cipher options, the order in which the +cipher suites are specified determine the preference of them. When negotiating +a TLS connection the server picks a cipher suite from the intersection of the +cipher suites supported by the server and the cipher suites sent by curl. If +the server is configured to honor the client's cipher preference, the first +common cipher suite in the list sent by curl is chosen. ### TLS 1.3 cipher suites -`aes_128_gcm_sha_256` -`aes_256_gcm_sha_384` -`chacha20_poly1305_sha_256` - -## GSKit - -Ciphers are internally defined as -[numeric codes](https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/apis/gsk_attribute_set_buffer.htm), -but libcurl maps them to the following case-insensitive names. - -### SSL2 cipher suites (insecure: disabled by default) - -`rc2-md5` -`rc4-md5` -`exp-rc2-md5` -`exp-rc4-md5` -`des-cbc-md5` -`des-cbc3-md5` - -### SSL3 cipher suites - -`null-md5` -`null-sha` -`rc4-md5` -`rc4-sha` -`exp-rc2-cbc-md5` -`exp-rc4-md5` -`exp-des-cbc-sha` -`des-cbc3-sha` - -### TLS v1.0 cipher suites - -`null-md5` -`null-sha` -`rc4-md5` -`rc4-sha` -`exp-rc2-cbc-md5` -`exp-rc4-md5` -`exp-des-cbc-sha` -`des-cbc3-sha` -`aes128-sha` -`aes256-sha` - -### TLS v1.1 cipher suites - -`null-md5` -`null-sha` -`rc4-md5` -`rc4-sha` -`exp-des-cbc-sha` -`des-cbc3-sha` -`aes128-sha` -`aes256-sha` - -### TLS v1.2 cipher suites - -`null-md5` -`null-sha` -`null-sha256` -`rc4-md5` -`rc4-sha` -`des-cbc3-sha` -`aes128-sha` -`aes256-sha` -`aes128-sha256` -`aes256-sha256` -`aes128-gcm-sha256` -`aes256-gcm-sha384` - -## WolfSSL - -`RC4-SHA`, -`RC4-MD5`, -`DES-CBC3-SHA`, -`AES128-SHA`, -`AES256-SHA`, -`NULL-SHA`, -`NULL-SHA256`, -`DHE-RSA-AES128-SHA`, -`DHE-RSA-AES256-SHA`, -`DHE-PSK-AES256-GCM-SHA384`, -`DHE-PSK-AES128-GCM-SHA256`, -`PSK-AES256-GCM-SHA384`, -`PSK-AES128-GCM-SHA256`, -`DHE-PSK-AES256-CBC-SHA384`, -`DHE-PSK-AES128-CBC-SHA256`, -`PSK-AES256-CBC-SHA384`, -`PSK-AES128-CBC-SHA256`, -`PSK-AES128-CBC-SHA`, -`PSK-AES256-CBC-SHA`, -`DHE-PSK-AES128-CCM`, -`DHE-PSK-AES256-CCM`, -`PSK-AES128-CCM`, -`PSK-AES256-CCM`, -`PSK-AES128-CCM-8`, -`PSK-AES256-CCM-8`, -`DHE-PSK-NULL-SHA384`, -`DHE-PSK-NULL-SHA256`, -`PSK-NULL-SHA384`, -`PSK-NULL-SHA256`, -`PSK-NULL-SHA`, -`HC128-MD5`, -`HC128-SHA`, -`HC128-B2B256`, -`AES128-B2B256`, -`AES256-B2B256`, -`RABBIT-SHA`, -`NTRU-RC4-SHA`, -`NTRU-DES-CBC3-SHA`, -`NTRU-AES128-SHA`, -`NTRU-AES256-SHA`, -`AES128-CCM-8`, -`AES256-CCM-8`, -`ECDHE-ECDSA-AES128-CCM`, -`ECDHE-ECDSA-AES128-CCM-8`, -`ECDHE-ECDSA-AES256-CCM-8`, -`ECDHE-RSA-AES128-SHA`, -`ECDHE-RSA-AES256-SHA`, -`ECDHE-ECDSA-AES128-SHA`, -`ECDHE-ECDSA-AES256-SHA`, -`ECDHE-RSA-RC4-SHA`, -`ECDHE-RSA-DES-CBC3-SHA`, -`ECDHE-ECDSA-RC4-SHA`, -`ECDHE-ECDSA-DES-CBC3-SHA`, -`AES128-SHA256`, -`AES256-SHA256`, -`DHE-RSA-AES128-SHA256`, -`DHE-RSA-AES256-SHA256`, -`ECDH-RSA-AES128-SHA`, -`ECDH-RSA-AES256-SHA`, -`ECDH-ECDSA-AES128-SHA`, -`ECDH-ECDSA-AES256-SHA`, -`ECDH-RSA-RC4-SHA`, -`ECDH-RSA-DES-CBC3-SHA`, -`ECDH-ECDSA-RC4-SHA`, -`ECDH-ECDSA-DES-CBC3-SHA`, -`AES128-GCM-SHA256`, -`AES256-GCM-SHA384`, -`DHE-RSA-AES128-GCM-SHA256`, -`DHE-RSA-AES256-GCM-SHA384`, -`ECDHE-RSA-AES128-GCM-SHA256`, -`ECDHE-RSA-AES256-GCM-SHA384`, -`ECDHE-ECDSA-AES128-GCM-SHA256`, -`ECDHE-ECDSA-AES256-GCM-SHA384`, -`ECDH-RSA-AES128-GCM-SHA256`, -`ECDH-RSA-AES256-GCM-SHA384`, -`ECDH-ECDSA-AES128-GCM-SHA256`, -`ECDH-ECDSA-AES256-GCM-SHA384`, -`CAMELLIA128-SHA`, -`DHE-RSA-CAMELLIA128-SHA`, -`CAMELLIA256-SHA`, -`DHE-RSA-CAMELLIA256-SHA`, -`CAMELLIA128-SHA256`, -`DHE-RSA-CAMELLIA128-SHA256`, -`CAMELLIA256-SHA256`, -`DHE-RSA-CAMELLIA256-SHA256`, -`ECDHE-RSA-AES128-SHA256`, -`ECDHE-ECDSA-AES128-SHA256`, -`ECDH-RSA-AES128-SHA256`, -`ECDH-ECDSA-AES128-SHA256`, -`ECDHE-RSA-AES256-SHA384`, -`ECDHE-ECDSA-AES256-SHA384`, -`ECDH-RSA-AES256-SHA384`, -`ECDH-ECDSA-AES256-SHA384`, -`ECDHE-RSA-CHACHA20-POLY1305`, -`ECDHE-ECDSA-CHACHA20-POLY1305`, -`DHE-RSA-CHACHA20-POLY1305`, -`ECDHE-RSA-CHACHA20-POLY1305-OLD`, -`ECDHE-ECDSA-CHACHA20-POLY1305-OLD`, -`DHE-RSA-CHACHA20-POLY1305-OLD`, -`ADH-AES128-SHA`, -`QSH`, -`RENEGOTIATION-INFO`, -`IDEA-CBC-SHA`, -`ECDHE-ECDSA-NULL-SHA`, -`ECDHE-PSK-NULL-SHA256`, -`ECDHE-PSK-AES128-CBC-SHA256`, -`PSK-CHACHA20-POLY1305`, -`ECDHE-PSK-CHACHA20-POLY1305`, -`DHE-PSK-CHACHA20-POLY1305`, -`EDH-RSA-DES-CBC3-SHA`, - -## Schannel - -Schannel allows the enabling and disabling of encryption algorithms, but not -specific ciphersuites. They are -[defined](https://docs.microsoft.com/windows/desktop/SecCrypto/alg-id) by -Microsoft. - -There is also the case that the selected algorithm is not supported by the -protocol or does not match the ciphers offered by the server during the SSL -negotiation. In this case curl will return error -`CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH` -and the request will fail. - -`CALG_MD2`, -`CALG_MD4`, -`CALG_MD5`, -`CALG_SHA`, -`CALG_SHA1`, -`CALG_MAC`, -`CALG_RSA_SIGN`, -`CALG_DSS_SIGN`, -`CALG_NO_SIGN`, -`CALG_RSA_KEYX`, -`CALG_DES`, -`CALG_3DES_112`, -`CALG_3DES`, -`CALG_DESX`, -`CALG_RC2`, -`CALG_RC4`, -`CALG_SEAL`, -`CALG_DH_SF`, -`CALG_DH_EPHEM`, -`CALG_AGREEDKEY_ANY`, -`CALG_HUGHES_MD5`, -`CALG_SKIPJACK`, -`CALG_TEK`, -`CALG_CYLINK_MEK`, -`CALG_SSL3_SHAMD5`, -`CALG_SSL3_MASTER`, -`CALG_SCHANNEL_MASTER_HASH`, -`CALG_SCHANNEL_MAC_KEY`, -`CALG_SCHANNEL_ENC_KEY`, -`CALG_PCT1_MASTER`, -`CALG_SSL2_MASTER`, -`CALG_TLS1_MASTER`, -`CALG_RC5`, -`CALG_HMAC`, -`CALG_TLS1PRF`, -`CALG_HASH_REPLACE_OWF`, -`CALG_AES_128`, -`CALG_AES_192`, -`CALG_AES_256`, -`CALG_AES`, -`CALG_SHA_256`, -`CALG_SHA_384`, -`CALG_SHA_512`, -`CALG_ECDH`, -`CALG_ECMQV`, -`CALG_ECDSA`, -`CALG_ECDH_EPHEM`, - -As of curl 7.77.0, you can also pass `SCH_USE_STRONG_CRYPTO` as a cipher name -to [constrain the set of available ciphers as specified in the schannel -documentation](https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022). -Note that the supported ciphers in this case follows the OS version, so if you -are running an outdated OS you might still be supporting weak ciphers. +Setting TLS 1.3 cipher suites is supported by curl with +OpenSSL (1.1.1+, curl 7.61.0+), LibreSSL (3.4.1+, curl 8.3.0+), +wolfSSL (curl 8.10.0+) and mbedTLS (3.6.0+, curl 8.10.0+). + +The list of cipher suites that can be used for the `--tls13-ciphers` option: + +``` +TLS_AES_128_GCM_SHA256 +TLS_AES_256_GCM_SHA384 +TLS_CHACHA20_POLY1305_SHA256 +TLS_AES_128_CCM_SHA256 +TLS_AES_128_CCM_8_SHA256 +``` + +#### wolfSSL notes + +In addition to above list the following cipher suites can be used: +`TLS_SM4_GCM_SM3` `TLS_SM4_CCM_SM3` `TLS_SHA256_SHA256` `TLS_SHA384_SHA384`. +Usage of these cipher suites is not recommended. (The last two cipher suites +are NULL ciphers, offering no encryption whatsoever.) + +### TLS 1.2 (1.1, 1.0) cipher suites + +Setting TLS 1.2 cipher suites is supported by curl with OpenSSL, LibreSSL, +BoringSSL, mbedTLS (curl 8.8.0+), wolfSSL (curl 7.53.0+). Schannel does not +support setting cipher suites directly, but does support setting algorithms +(curl 7.61.0+), see Schannel notes below. + +For TLS 1.2 cipher suites there are multiple naming schemes, the two most used +are with OpenSSL names (e.g. `ECDHE-RSA-AES128-GCM-SHA256`) and IANA names +(e.g. `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`). IANA names of TLS 1.2 cipher +suites look similar to TLS 1.3 cipher suite names, to distinguish them note +that TLS 1.2 names contain `_WITH_`, while TLS 1.3 names do not. When setting +TLS 1.2 cipher suites with curl it is recommended that you use OpenSSL names +as these are most widely recognized by the supported SSL backends. + +The complete list of cipher suites that may be considered for the `--ciphers` +option is extensive, it consists of more than 300 ciphers suites. Nowadays, +most of them are discouraged, and support for a lot of them has been removed +from the various SSL backends, if ever implemented at all. + +A shortened list (based on [recommendations by +Mozilla](https://wiki.mozilla.org/Security/Server_Side_TLS)) of cipher suites, +which are (mostly) supported by all SSL backends, that can be used for the +`--ciphers` option: + +``` +ECDHE-ECDSA-AES128-GCM-SHA256 +ECDHE-RSA-AES128-GCM-SHA256 +ECDHE-ECDSA-AES256-GCM-SHA384 +ECDHE-RSA-AES256-GCM-SHA384 +ECDHE-ECDSA-CHACHA20-POLY1305 +ECDHE-RSA-CHACHA20-POLY1305 +DHE-RSA-AES128-GCM-SHA256 +DHE-RSA-AES256-GCM-SHA384 +DHE-RSA-CHACHA20-POLY1305 +ECDHE-ECDSA-AES128-SHA256 +ECDHE-RSA-AES128-SHA256 +ECDHE-ECDSA-AES128-SHA +ECDHE-RSA-AES128-SHA +ECDHE-ECDSA-AES256-SHA384 +ECDHE-RSA-AES256-SHA384 +ECDHE-ECDSA-AES256-SHA +ECDHE-RSA-AES256-SHA +DHE-RSA-AES128-SHA256 +DHE-RSA-AES256-SHA256 +AES128-GCM-SHA256 +AES256-GCM-SHA384 +AES128-SHA256 +AES256-SHA256 +AES128-SHA +AES256-SHA +DES-CBC3-SHA +``` + +See this [list](https://github.com/curl/curl/blob/master/docs/CIPHERS-TLS12.md) +for a complete list of TLS 1.2 cipher suites. + +#### OpenSSL notes + +In addition to specifying a list of cipher suites, OpenSSL also accepts a +format with specific cipher strings (like `TLSv1.2`, `AESGCM`, `CHACHA20`) and +`!`, `-` and `+` operators. Refer to the +[OpenSSL cipher documentation](https://docs.openssl.org/master/man1/openssl-ciphers/#cipher-list-format) +for further information on that format. + +#### Schannel notes + +Schannel does not support setting individual TLS 1.2 cipher suites directly. +It only allows the enabling and disabling of encryption algorithms. These are +in the form of `CALG_xxx`, see the [Schannel `ALG_ID` +documentation](https://learn.microsoft.com/windows/win32/seccrypto/alg-id) +for a list of these algorithms. Also, (since curl 7.77.0) +`SCH_USE_STRONG_CRYPTO` can be given to pass that flag to Schannel, lookup the +[documentation for the Windows version in +use](https://learn.microsoft.com/windows/win32/secauthn/cipher-suites-in-schannel) +to see how that affects the cipher suite selection. When not specifying the +`--ciphers` and `--tls13-ciphers` options curl passes this flag by default. + +### Examples + +```sh +curl \ + --tls13-ciphers TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 \ + --ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\ +ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 \ + https://example.com/ +``` + +Restrict ciphers to `aes128-gcm` and `chacha20`. Works with OpenSSL, LibreSSL, +mbedTLS and wolfSSL. + +```sh +curl \ + --tlsv1.3 \ + --tls13-ciphers TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 \ + https://example.com/ +``` + +Restrict to only TLS 1.3 with `aes128-gcm` and `chacha20` ciphers. Works with +OpenSSL, LibreSSL, mbedTLS, wolfSSL and Schannel. + +```sh +curl \ + --ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:\ +ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 \ + https://example.com/ +``` + +Restrict TLS 1.2 ciphers to `aes128-gcm` and `chacha20`, use default TLS 1.3 +ciphers (if TLS 1.3 is available). Works with OpenSSL, LibreSSL, BoringSSL, +mbedTLS and wolfSSL. + +## ciphers, the GnuTLS way + +With GnuTLS, curl allows configuration of all TLS parameters via option +[`--ciphers`](https://curl.se/docs/manpage.html#--ciphers) +or +[`CURLOPT_SSL_CIPHER_LIST`](https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html) +only. The option +[`--tls13-ciphers`](https://curl.se/docs/manpage.html#--tls13-ciphers) +or +[`CURLOPT_TLS13_CIPHERS`](https://curl.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html) +is being ignored. + +`--ciphers` is used to set the GnuTLS **priority string** in +the following way: + +* When the set string starts with '+', '-' or '!' it is *appended* to the + priority string libcurl itself generates (separated by ':'). This initial + priority depends other settings such as CURLOPT_SSLVERSION(3), + CURLOPT_TLSAUTH_USERNAME(3) (for SRP) or if HTTP/3 (QUIC) + is being negotiated. +* Otherwise, the set string fully *replaces* the libcurl generated one. While + giving full control to the application, the set priority needs to + provide for everything the transfer may need to negotiate. Example: if + the set priority only allows TLSv1.2, all HTTP/3 attempts fail. + +Users may specify via `--ciphers` anything that GnuTLS supports: ciphers, +key exchange, MAC, compression, TLS versions, signature algorithms, groups, +elliptic curves, certificate types. In addition, GnuTLS has a variety of +other keywords that tweak its operations. Applications or a system +may define new alias names for priority strings that can then be used here. + +Since the order of items in priority strings is significant, it makes no +sense for curl to puzzle other ssl options somehow together. `--ciphers` +is the single way to change priority. + +### Examples + +```sh +curl \ + --ciphers '-CIPHER_ALL:+AES-128-GCM:+CHACHA20-POLY1305' \ + https://example.com/ +``` + +Restrict ciphers to `aes128-gcm` and `chacha20` in GnuTLS. + +```sh +curl \ + --ciphers 'NORMAL:-VERS-ALL:+TLS1.3:-AES-256-GCM' \ + https://example.com/ +``` + +Restrict to only TLS 1.3 without the `aes256-gcm` cipher. + +```sh +curl \ + --ciphers 'NORMAL:-VERS-ALL:+TLS1.2:-CIPHER_ALL:+CAMELLIA-128-GCM' \ + https://example.com/ +``` + +Restrict to only TLS 1.2 with the `CAMELLIA-128-GCM` cipher. + +## Further reading + +- [OpenSSL cipher suite names documentation](https://docs.openssl.org/master/man1/openssl-ciphers/#cipher-suite-names) +- [wolfSSL cipher support documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/chapter04.html#cipher-support) +- [mbedTLS cipher suites reference](https://mbed-tls.readthedocs.io/projects/api/en/development/api/file/ssl__ciphersuites_8h/) +- [Schannel cipher suites documentation](https://learn.microsoft.com/windows/win32/secauthn/cipher-suites-in-schannel) +- [IANA cipher suites list](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4) +- [Wikipedia cipher suite article](https://en.wikipedia.org/wiki/Cipher_suite) +- [GnuTLS Priority Strings](https://gnutls.org/manual/html_node/Priority-Strings.html) diff --git a/docs/CMakeLists.txt b/docs/CMakeLists.txt index b3230ec52aa7..5f342954cc25 100644 --- a/docs/CMakeLists.txt +++ b/docs/CMakeLists.txt @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,7 +18,29 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -#add_subdirectory(examples) -add_subdirectory(libcurl) -add_subdirectory(cmdline-opts) + +if(BUILD_LIBCURL_DOCS) + add_subdirectory(libcurl) +endif() +if(ENABLE_CURL_MANUAL AND BUILD_CURL_EXE) + add_subdirectory(cmdline-opts) +endif() + +if(BUILD_MISC_DOCS) + foreach(_man_misc IN ITEMS "curl-config" "mk-ca-bundle" "wcurl" "runtests" "testcurl") + set(_man_target "${CMAKE_CURRENT_BINARY_DIR}/${_man_misc}.1") + add_custom_command(OUTPUT "${_man_target}" + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/cd2nroff" "${_man_misc}.md" > "${_man_target}" + DEPENDS "${PROJECT_SOURCE_DIR}/scripts/cd2nroff" "${_man_misc}.md" + VERBATIM + ) + add_custom_target("curl-generate-${_man_misc}.1" ALL DEPENDS "${_man_target}") + if(NOT CURL_DISABLE_INSTALL AND NOT _man_misc STREQUAL "mk-ca-bundle") + install(FILES "${_man_target}" DESTINATION "${CMAKE_INSTALL_MANDIR}/man1") + endif() + endforeach() +endif() diff --git a/docs/CODE_OF_CONDUCT.md b/docs/CODE_OF_CONDUCT.md index 1f71c387bdb1..f42fd493d059 100644 --- a/docs/CODE_OF_CONDUCT.md +++ b/docs/CODE_OF_CONDUCT.md @@ -1,5 +1,10 @@ -Contributor Code of Conduct -=========================== + + +# Contributor Code of Conduct As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, @@ -27,6 +32,7 @@ Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers. -This Code of Conduct is adapted from the [Contributor -Covenant](https://contributor-covenant.org/), version 1.1.0, available at +This Code of Conduct is adapted from the +[Contributor Covenant](https://contributor-covenant.org/), version 1.1.0, +available at [https://contributor-covenant.org/version/1/1/0/](https://contributor-covenant.org/version/1/1/0/) diff --git a/docs/CODE_REVIEW.md b/docs/CODE_REVIEW.md index 3030b9b0d9dd..da7bb2c9d78b 100644 --- a/docs/CODE_REVIEW.md +++ b/docs/CODE_REVIEW.md @@ -1,3 +1,9 @@ + + # How to do code reviews for curl Anyone and everyone is encouraged and welcome to review code submissions in @@ -19,7 +25,7 @@ alerts. ## How to provide feedback to author Be nice. Ask questions. Provide examples or suggestions of improvements. -Assume best intentions. Remember language barriers. +Assume the best intentions. Remember language barriers. All first-time contributors can become regulars. Let's help them go there. @@ -36,17 +42,17 @@ Changing the API and the ABI may be fine in a change but it needs to be done deliberately and carefully. If not, a reviewer must help the author to realize the mistake. -curl and libcurl are similarly very strict on not modifying existing -behavior. API and ABI stability is not enough, the behavior should also remain -intact as far as possible. +curl and libcurl are similarly strict on not modifying existing behavior. API +and ABI stability is not enough, the behavior should also remain intact as far +as possible. ## Code style Most code style nits are detected by checksrc but not all. Only leave remarks -on style deviation once checksrc doesn't find any more. +on style deviation once checksrc does not find anymore. Minor nits from fresh submitters can also be handled by the maintainer when -merging, in case it seems like the submitter isn't clear on what to do. We +merging, in case it seems like the submitter is not clear on what to do. We want to make the process fun and exciting for new contributors. ## Encourage consistency @@ -70,7 +76,7 @@ on final or release builds. Can the mallocs be avoided? Do not introduce mallocs in any hot paths. If there are (new) mallocs, can they be combined into fewer calls? -Are all allocations handled in errorpaths to avoid leaks and crashes? +Are all allocations handled in error paths to avoid leaks and crashes? ## Thread-safety @@ -100,20 +106,20 @@ test individual functions. ## Documentation -New features or changes to existing functionality **must** be accompanied with +New features or changes to existing functionality **must** be accompanied by updated documentation. Submitting that in a separate follow-up pull request is not OK. A code review must also verify that the submitted documentation update matches the code submission. -English isn't everyone's first language, be mindful of this and help the +English is not everyone's first language, be mindful of this and help the submitter improve the text if it needs a rewrite to read better. -## Code shouldn't be hard to understand +## Code should not be hard to understand Source code should be written to maximize readability and be easy to understand. -## Functions shouldn't be large +## Functions should not be large A single function should never be large as that makes it hard to follow and understand all the exit points and state changes. Some existing functions in @@ -135,13 +141,13 @@ data. Where it comes from and where it goes. `size_t` is not a fixed size. `time_t` can be signed or unsigned and have different sizes. Relying on variable sizes is a red flag. -Also remember that endianness and >= 32 bit accesses to unaligned addresses +Also remember that endianness and >= 32-bit accesses to unaligned addresses are problematic areas. ## Integer overflows -Be careful about integer overflows. Some variable types can be either 32 bit -or 64 bit. Integer overflows must be detected and acted on *before* they +Be careful about integer overflows. Some variable types can be either 32-bit +or 64-bit. Integer overflows must be detected and acted on *before* they happen. ## Dangerous use of functions @@ -151,12 +157,12 @@ Maybe use of `realloc()` should rather use the dynbuf functions? Do not allow new code that grows buffers without using dynbuf. Use of C functions that rely on a terminating zero must only be used on data -that really do have a zero terminating zero. +that really do have a null-terminating zero. ## Dangerous "data styles" Make extra precautions and verify that memory buffers that need a terminating -zero always have exactly that. Buffers *without* a zero terminator must not be +zero always have exactly that. Buffers *without* a null-terminator must not be used as input to string functions. # Commit messages @@ -164,5 +170,6 @@ used as input to string functions. Tightly coupled with a code review is making sure that the commit message is good. It is the responsibility of the person who merges the code to make sure that the commit message follows our standard (detailed in the -[CONTRIBUTE.md](CONTRIBUTE.md) document). This includes making sure the PR -identifies related issues and giving credit to reporters and helpers. +[CONTRIBUTE](https://curl.se/dev/contribute.html) document). This includes +making sure the PR identifies related issues and giving credit to reporters +and helpers. diff --git a/docs/CODE_STYLE.md b/docs/CODE_STYLE.md deleted file mode 100644 index e27778e32e71..000000000000 --- a/docs/CODE_STYLE.md +++ /dev/null @@ -1,309 +0,0 @@ -# curl C code style - -Source code that has a common style is easier to read than code that uses -different styles in different places. It helps making the code feel like one -single code base. Easy-to-read is a very important property of code and helps -making it easier to review when new things are added and it helps debugging -code when developers are trying to figure out why things go wrong. A unified -style is more important than individual contributors having their own personal -tastes satisfied. - -Our C code has a few style rules. Most of them are verified and upheld by the -`lib/checksrc.pl` script. Invoked with `make checksrc` or even by default by -the build system when built after `./configure --enable-debug` has been used. - -It is normally not a problem for anyone to follow the guidelines, as you just -need to copy the style already used in the source code and there are no -particularly unusual rules in our set of rules. - -We also work hard on writing code that are warning-free on all the major -platforms and in general on as many platforms as possible. Code that obviously -will cause warnings will not be accepted as-is. - -## Naming - -Try using a non-confusing naming scheme for your new functions and variable -names. It doesn't necessarily have to mean that you should use the same as in -other places of the code, just that the names should be logical, -understandable and be named according to what they're used for. File-local -functions should be made static. We like lower case names. - -See the [INTERNALS](https://curl.se/dev/internals.html#symbols) document on -how we name non-exported library-global symbols. - -## Indenting - -We use only spaces for indentation, never TABs. We use two spaces for each new -open brace. - -```c -if(something_is_true) { - while(second_statement == fine) { - moo(); - } -} -``` - -## Comments - -Since we write C89 code, **//** comments are not allowed. They weren't -introduced in the C standard until C99. We use only **/* comments */**. - -```c -/* this is a comment */ -``` - -## Long lines - -Source code in curl may never be wider than 79 columns and there are two -reasons for maintaining this even in the modern era of very large and high -resolution screens: - -1. Narrower columns are easier to read than very wide ones. There's a reason - newspapers have used columns for decades or centuries. - -2. Narrower columns allow developers to easier show multiple pieces of code - next to each other in different windows. I often have two or three source - code windows next to each other on the same screen - as well as multiple - terminal and debugging windows. - -## Braces - -In if/while/do/for expressions, we write the open brace on the same line as -the keyword and we then set the closing brace on the same indentation level as -the initial keyword. Like this: - -```c -if(age < 40) { - /* clearly a youngster */ -} -``` - -You may omit the braces if they would contain only a one-line statement: - -```c -if(!x) - continue; -``` - -For functions the opening brace should be on a separate line: - -```c -int main(int argc, char **argv) -{ - return 1; -} -``` - -## 'else' on the following line - -When adding an **else** clause to a conditional expression using braces, we -add it on a new line after the closing brace. Like this: - -```c -if(age < 40) { - /* clearly a youngster */ -} -else { - /* probably grumpy */ -} -``` - -## No space before parentheses - -When writing expressions using if/while/do/for, there shall be no space -between the keyword and the open parenthesis. Like this: - -```c -while(1) { - /* loop forever */ -} -``` - -## Use boolean conditions - -Rather than test a conditional value such as a bool against TRUE or FALSE, a -pointer against NULL or != NULL and an int against zero or not zero in -if/while conditions we prefer: - -```c -result = do_something(); -if(!result) { - /* something went wrong */ - return result; -} -``` - -## No assignments in conditions - -To increase readability and reduce complexity of conditionals, we avoid -assigning variables within if/while conditions. We frown upon this style: - -```c -if((ptr = malloc(100)) == NULL) - return NULL; -``` - -and instead we encourage the above version to be spelled out more clearly: - -```c -ptr = malloc(100); -if(!ptr) - return NULL; -``` - -## New block on a new line - -We never write multiple statements on the same source line, even for very -short if() conditions. - -```c -if(a) - return TRUE; -else if(b) - return FALSE; -``` - -and NEVER: - -```c -if(a) return TRUE; -else if(b) return FALSE; -``` - -## Space around operators - -Please use spaces on both sides of operators in C expressions. Postfix **(), -[], ->, ., ++, --** and Unary **+, - !, ~, &** operators excluded they should -have no space. - -Examples: - -```c -bla = func(); -who = name[0]; -age += 1; -true = !false; -size += -2 + 3 * (a + b); -ptr->member = a++; -struct.field = b--; -ptr = &address; -contents = *pointer; -complement = ~bits; -empty = (!*string) ? TRUE : FALSE; -``` - -## No parentheses for return values - -We use the 'return' statement without extra parentheses around the value: - -```c -int works(void) -{ - return TRUE; -} -``` - -## Parentheses for sizeof arguments - -When using the sizeof operator in code, we prefer it to be written with -parentheses around its argument: - -```c -int size = sizeof(int); -``` - -## Column alignment - -Some statements cannot be completed on a single line because the line would be -too long, the statement too hard to read, or due to other style guidelines -above. In such a case the statement will span multiple lines. - -If a continuation line is part of an expression or sub-expression then you -should align on the appropriate column so that it's easy to tell what part of -the statement it is. Operators should not start continuation lines. In other -cases follow the 2-space indent guideline. Here are some examples from -libcurl: - -```c -if(Curl_pipeline_wanted(handle->multi, CURLPIPE_HTTP1) && - (handle->set.httpversion != CURL_HTTP_VERSION_1_0) && - (handle->set.httpreq == HTTPREQ_GET || - handle->set.httpreq == HTTPREQ_HEAD)) - /* didn't ask for HTTP/1.0 and a GET or HEAD */ - return TRUE; -``` - -If no parenthesis, use the default indent: - -```c -data->set.http_disable_hostname_check_before_authentication = - (0 != va_arg(param, long)) ? TRUE : FALSE; -``` - -Function invoke with an open parenthesis: - -```c -if(option) { - result = parse_login_details(option, strlen(option), - (userp ? &user : NULL), - (passwdp ? &passwd : NULL), - NULL); -} -``` - -Align with the "current open" parenthesis: - -```c -DEBUGF(infof(data, "Curl_pp_readresp_ %d bytes of trailing " - "server response left\n", - (int)clipamount)); -``` - -## Platform dependent code - -Use **#ifdef HAVE_FEATURE** to do conditional code. We avoid checking for -particular operating systems or hardware in the #ifdef lines. The HAVE_FEATURE -shall be generated by the configure script for unix-like systems and they are -hard-coded in the `config-[system].h` files for the others. - -We also encourage use of macros/functions that possibly are empty or defined -to constants when libcurl is built without that feature, to make the code -seamless. Like this example where the **magic()** function works differently -depending on a build-time conditional: - -```c -#ifdef HAVE_MAGIC -void magic(int a) -{ - return a + 2; -} -#else -#define magic(x) 1 -#endif - -int content = magic(3); -``` - -## No typedefed structs - -Use structs by all means, but do not typedef them. Use the `struct name` way -of identifying them: - -```c -struct something { - void *valid; - size_t way_to_write; -}; -struct something instance; -``` - -**Not okay**: - -```c -typedef struct { - void *wrong; - size_t way_to_write; -} something; -something instance; -``` diff --git a/docs/CONTRIBUTE.md b/docs/CONTRIBUTE.md index 3571b7aeaa20..316809193059 100644 --- a/docs/CONTRIBUTE.md +++ b/docs/CONTRIBUTE.md @@ -1,16 +1,20 @@ + + # Contributing to the curl project This document is intended to offer guidelines on how to best contribute to the curl project. This concerns new features as well as corrections to existing flaws or bugs. -## Learning curl - -### Join the Community +## Join the Community Skip over to [https://curl.se/mail/](https://curl.se/mail/) and join -the appropriate mailing list(s). Read up on details before you post -questions. Read this file before you start sending patches! We prefer +the appropriate mailing list(s). Read up on details before you post +questions. Read this file before you start sending patches. We prefer questions sent to and discussions being held on the mailing list(s), not sent to individuals. @@ -19,43 +23,43 @@ Before posting to one of the curl mailing lists, please read up on the We also hang out on IRC in #curl on libera.chat -If you're at all interested in the code side of things, consider clicking -'watch' on the [curl repo on GitHub](https://github.com/curl/curl) to be +If you are at all interested in the code side of things, consider clicking +'watch' on the [curl repository on GitHub](https://github.com/curl/curl) to be notified of pull requests and new issues posted there. -### License and copyright +## License and copyright When contributing with code, you agree to put your changes and new code under the same license curl and libcurl is already using unless stated and agreed otherwise. If you add a larger piece of code, you can opt to make that file or set of -files to use a different license as long as they don't enforce any changes to +files to use a different license as long as they do not enforce any changes to the rest of the package and they make sense. Such "separate parts" can not be -GPL licensed (as we don't want copyleft to affect users of libcurl) but they +GPL licensed (as we do not want copyleft to affect users of libcurl) but they must use "GPL compatible" licenses (as we want to allow users to use libcurl properly in GPL licensed environments). When changing existing source code, you do not alter the copyright of the -original file(s). The copyright will still be owned by the original creator(s) -or those who have been assigned copyright by the original author(s). +original file(s). The copyright is still owned by the original creator(s) or +those who have been assigned copyright by the original author(s). By submitting a patch to the curl project, you are assumed to have the right to the code and to be allowed by your employer or whatever to hand over that -patch/code to us. We will credit you for your changes as far as possible, to -give credit but also to keep a trace back to who made what changes. Please -always provide us with your full real name when contributing! +patch/code to us. We credit you for your changes as far as possible, to give +credit but also to keep a trace back to who made what changes. Please always +provide us with your full real name when contributing. -### What To Read +## What To Read Source code, the man pages, the [INTERNALS document](https://curl.se/dev/internals.html), [TODO](https://curl.se/docs/todo.html), [KNOWN_BUGS](https://curl.se/docs/knownbugs.html) and the [most recent -changes](https://curl.se/dev/sourceactivity.html) in git. Just lurking on -the [curl-library mailing -list](https://curl.se/mail/list.cgi?list=curl-library) will give you a -lot of insights on what's going on right now. Asking there is a good idea too. +changes](https://curl.se/dev/sourceactivity.html) in git. Lurking on the +[curl-library mailing list](https://curl.se/mail/list.cgi?list=curl-library) +gives you a lot of insights on what's going on right now. Asking there is a +good idea too. ## Write a good patch @@ -65,12 +69,12 @@ When writing C code, follow the [CODE_STYLE](https://curl.se/dev/code-style.html) already established in the project. Consistent style makes code easier to read and mistakes less likely to happen. Run `make checksrc` before you submit anything, to make sure -you follow the basic style. That script doesn't verify everything, but if it +you follow the basic style. That script does not verify everything, but if it complains you know you have work to do. ### Non-clobbering All Over -When you write new functionality or fix bugs, it is important that you don't +When you write new functionality or fix bugs, it is important that you do not fiddle all over the source files and functions. Remember that it is likely that other people have done changes in the same source files as you have and possibly even in the same functions. If you bring completely new @@ -79,11 +83,11 @@ fix one bug at a time and send them as separate patches. ### Write Separate Changes -It is annoying when you get a huge patch from someone that is said to fix 511 -odd problems, but discussions and opinions don't agree with 510 of them - or -509 of them were already fixed in a different way. Then the person merging -this change needs to extract the single interesting patch from somewhere -within the huge pile of source, and that creates a lot of extra work. +It is annoying when you get a huge patch from someone that is said to fix 11 +odd problems, but discussions and opinions do not agree with 10 of them - or 9 +of them were already fixed in a different way. Then the person merging this +change needs to extract the single interesting patch from somewhere within the +huge pile of source, and that creates a lot of extra work. Preferably, each fix that corrects a problem should be in its own patch/commit with its own description/commit message stating exactly what they correct so @@ -96,103 +100,77 @@ and regression in the future. ### Patch Against Recent Sources Please try to get the latest available sources to make your patches against. -It makes the lives of the developers so much easier. The very best is if you -get the most up-to-date sources from the git repository, but the latest -release archive is quite OK as well! +It makes the lives of the developers so much easier. The best is if you get +the most up-to-date sources from the git repository, but the latest release +archive is OK as well. ### Documentation Writing docs is dead boring and one of the big problems with many open source -projects. But someone's gotta do it! It makes things a lot easier if you -submit a small description of your fix or your new features with every -contribution so that it can be swiftly added to the package documentation. +projects but someone's gotta do it. It makes things a lot easier if you submit +a small description of your fix or your new features with every contribution +so that it can be swiftly added to the package documentation. -The documentation is always made in man pages (nroff formatted) or plain -ASCII files. All HTML files on the website and in the release archives are -generated from the nroff/ASCII versions. +Documentation is mostly provided as man pages or plain ASCII files. The +man pages are rendered from their source files that are usually written using +markdown. Most HTML files on the website and in the release archives are +generated from corresponding markdown and ASCII files. ### Test Cases Since the introduction of the test suite, we can quickly verify that the main -features are working as they're supposed to. To maintain this situation and -improve it, all new features and functions that are added need to be tested -in the test suite. Every feature that is added should get at least one valid -test case that verifies that it works as documented. If every submitter also -posts a few test cases, it won't end up as a heavy burden on a single person! - -If you don't have test cases or perhaps you have done something that is very -hard to write tests for, do explain exactly how you have otherwise tested and +features are working as they are supposed to. To maintain this situation and +improve it, all new features and functions that are added need to be tested in +the test suite. Every feature that is added should get at least one valid test +case that verifies that it works as documented. If every submitter also posts +a few test cases, it does not end up a heavy burden on a single person. + +If you do not have test cases or perhaps you have done something that is hard +to write tests for, do explain exactly how you have otherwise tested and verified your changes. -## Sharing Your Changes +# Submit Your Changes -### How to get your changes into the main sources +## Get your changes merged Ideally you file a [pull request on GitHub](https://github.com/curl/curl/pulls), but you can also send your plain patch to [the curl-library mailing list](https://curl.se/mail/list.cgi?list=curl-library). -Either way, your change will be reviewed and discussed there and you will be -expected to correct flaws pointed out and update accordingly, or the change -risks stalling and eventually just getting deleted without action. As a -submitter of a change, you are the owner of that change until it has been merged. +If you opt to post a patch on the mailing list, chances are someone converts +it into a pull request for you, to have the CI jobs verify it proper before it +can be merged. Be prepared that some feedback on the proposed change might +then come on GitHub. -Respond on the list or on github about the change and answer questions and/or -fix nits/flaws. This is very important. We will take lack of replies as a -sign that you're not very anxious to get your patch accepted and we tend to -simply drop such changes. +Your changes be reviewed and discussed and you are expected to correct flaws +pointed out and update accordingly, or the change risks stalling and +eventually getting deleted without action. As a submitter of a change, you are +the owner of that change until it has been merged. -### About pull requests +Respond on the list or on GitHub about the change and answer questions and/or +fix nits/flaws. This is important. We take lack of replies as a sign that you +are not anxious to get your patch accepted and we tend to drop such +changes. -With github it is easy to send a [pull +## About pull requests + +With GitHub it is easy to send a [pull request](https://github.com/curl/curl/pulls) to the curl project to have changes merged. We strongly prefer pull requests to mailed patches, as it makes it a proper git commit that is easy to merge and they are easy to track and not that easy -to loose in the flood of many emails, like they sometimes do on the mailing +to lose in the flood of many emails, like they sometimes do on the mailing lists. -Every pull request submitted will automatically be tested in several different -ways. Every pull request is verified for each of the following: - - - ... it still builds, warning-free, on Linux and macOS, with both - clang and gcc - - ... it still builds fine on Windows with several MSVC versions - - ... it still builds with cmake on Linux, with gcc and clang - - ... it follows rudimentary code style rules - - ... the test suite still runs 100% fine - - ... the release tarball (the "dist") still works - - ... it builds fine in-tree as well as out-of-tree - - ... code coverage doesn't shrink drastically - -If the pull-request fails one of these tests, it will show up as a red X and -you are expected to fix the problem. If you don't understand when the issue is -or have other problems to fix the complaint, just ask and other project -members will likely be able to help out. - -Consider the following table while looking at pull request failures: - - | CI platform as shown in PR | State | What to look at next | - | ----------------------------------- | ------ | -------------------------- | - | CI / codeql | stable | quality check results | - | CI / fuzzing | stable | fuzzing results | - | CI / macos ... | stable | all errors and failures | - | Code scanning results / CodeQL | stable | quality check results | - | FreeBSD FreeBSD: ... | stable | all errors and failures | - | LGTM analysis: Python | stable | new findings | - | LGTM analysis: C/C++ | stable | new findings | - | buildbot/curl_winssl_ ... | stable | all errors and failures | - | continuous-integration/appveyor/pr | stable | all errors and failures | - | curl.curl (linux ...) | stable | all errors and failures | - | curl.curl (windows ...) | flaky | repetitive errors/failures | - | deepcode-ci-bot | stable | new findings | - | musedev | stable | new findings | +Every pull request submitted is automatically tested in several different +ways. [See the CI document for more +information](https://github.com/curl/curl/blob/master/docs/tests/CI.md). Sometimes the tests fail due to a dependency service temporarily being offline -or otherwise unavailable, eg. package downloads. In this case you can just -try to update your pull requests to rerun the tests later as described below. +or otherwise unavailable, e.g. package downloads. In this case you can try to +update your pull requests to rerun the tests later as described below. You can update your pull requests by pushing new commits or force-pushing changes to existing commits. Force-pushing an amended commit without any @@ -201,106 +179,191 @@ actual content changed also allows you to retrigger the tests for that commit. When you adjust your pull requests after review, consider squashing the commits so that we can review the full updated version more easily. -### Making quality patches +A pull request sent to the project might get labeled `needs-votes` by a +project maintainer. This label means that in addition to meeting all other +checks and qualifications this pull request must also receive more "votes" of +user support. More signs that people want this to happen. It could be in the +form of messages saying so, or thumbs-up reactions on GitHub. + +## When the pull request is approved + +If it does not seem to get approved when you think it is ready - feel free to +ask for approval. + +Once your pull request has been approved it can be merged by a maintainer. + +For new features, or changes, we require that the *feature window* is open for +the pull request to be merged. This is typically a three week period that +starts ten days after a previous release. New features submitted as pull +requests while the window is closed have to wait until it opens to get +merged. + +If time passes without your approved pull request gets merged: feel free to +ask what more you can do to make it happen. + +## Making quality changes Make the patch against as recent source versions as possible. -If you've followed the tips in this document and your patch still hasn't been -incorporated or responded to after some weeks, consider resubmitting it to the -list or better yet: change it to a pull request. +If you have followed the tips in this document and your patch still has not +been incorporated or responded to after some weeks, consider resubmitting it +to the list or better yet: change it to a pull request. -### Write good commit messages +## Commit messages -A short guide to how to write commit messages in the curl project. +How to write git commit messages in the curl project. ---- start ---- [area]: [short line describing the main effect] -- empty line -- - [full description, no wider than 72 columns that describe as much as + [full description, no wider than 72 columns that describes as much as possible as to why this change is made, and possibly what things - it fixes and everything else that is related] - -- empty line -- - [Closes/Fixes #1234 - if this closes or fixes a github issue] - [Bug: URL to source of the report or more related discussion] - [Reported-by: John Doe - credit the reporter] - [whatever-else-by: credit all helpers, finders, doers] - ---- stop ---- + it fixes and everything else that is related, + -- end -- -The first line is a succinct description of the change: +The first line is a succinct description of the change and should ideally work +as a single line in the RELEASE NOTES. - - use the imperative, present tense: "change" not "changed" nor "changes" - - don't capitalize first letter - - no dot (.) at the end +- use the imperative, present tense: **change** not "changed" nor "changes" +- do not capitalize the first letter +- no period (.) at the end The `[area]` in the first line can be `http2`, `cookies`, `openssl` or -similar. There's no fixed list to select from but using the same "area" as +similar. There is no fixed list to select from but using the same "area" as other related changes could make sense. -Don't forget to use commit --author="" if you commit someone else's work, and -make sure that you have your own user and email setup correctly in git before -you commit +## Commit message keywords + +Use the following ways to improve the message and provide pointers to related +work. + +- `Follow-up to {shorthash}` - if this fixes or continues a previous commit; + add a `Ref:` that commit's PR or issue if it is not a small, obvious fix; + followed by an empty line + +- `Bug: URL` to the source of the report or more related discussion; use + `Fixes` for GitHub issues instead when that is appropriate. + +- `Approved-by: John Doe` - credit someone who approved the PR. + +- `Authored-by: John Doe` - credit the original author of the code; only use + this if you cannot use `git commit --author=...`. + +- `Signed-off-by: John Doe` - we do not use this, but do not bother removing + it. + +- `whatever-else-by:` credit all helpers, finders, doers; try to use one of + the following keywords if at all possible, for consistency: `Acked-by:`, + `Assisted-by:`, `Co-authored-by:`, `Found-by:`, `Reported-by:`, + `Reviewed-by:`, `Suggested-by:`, `Tested-by:`. + +- `Ref: #1234` - if this is related to a GitHub issue or PR, possibly one that + has already been closed. + +- `Ref: URL` to more information about the commit; use `Bug:` instead for a + reference to a bug on another bug tracker] + +- `Fixes #1234` - if this fixes a GitHub issue; GitHub closes the issue once + this commit is merged. + +- `Closes #1234` - if this merges a GitHub PR; GitHub closes the PR once this + commit is merged. + +Do not forget to use commit with `--author` if you commit someone else's work, +and make sure that you have your own user and email setup correctly in git +before you commit. + +Add whichever header lines as appropriate, with one line per person if more +than one person was involved. There is no need to credit yourself unless you +are using `--author` which hides your identity. Do not include people's email +addresses in headers to avoid spam, unless they are already public from a +previous commit; saying `{userid} on github` is OK. -### Write Access to git Repository +## Push Access -If you are a very frequent contributor, you may be given push access to the -git repository and then you'll be able to push your changes straight into the -git repo instead of sending changes as pull requests or by mail as patches. +If you are a frequent contributor, you may be given push access to the git +repository and then you are able to push your changes straight into the git +repository instead of sending changes as pull requests or by mail as patches. -Just ask if this is what you'd want. You will be required to have posted -several high quality patches first, before you can be granted push access. +Feel free to ask for this, if this is what you want. You are required to have +posted several high quality patches first, before you can be granted push +access. -### How To Make a Patch with git +## Useful resources -You need to first checkout the repository: +- [Webinar on getting code into curl](https://youtu.be/QmZ3W1d6LQI) - git clone https://github.com/curl/curl.git +# Update copyright and license information -You then proceed and edit all the files you like and you commit them to your -local repository: +There is a CI job called **REUSE compliance / check** that runs on every pull +request and commit to verify that the *REUSE state* of all files are still +fine. - git commit [file] +This means that all files need to have their license and copyright information +clearly stated. Ideally by having the standard curl source code header, with +the `SPDX-License-Identifier` included. If the header does not work, you can +use a smaller header or add the information for a specific file to the +`REUSE.toml` file. -As usual, group your commits so that you commit all changes at once that -constitute a logical change. +You can manually verify the copyright and compliance status by running the +[REUSE helper tool](https://github.com/fsfe/reuse-tool): `reuse lint` -Once you have done all your commits and you're happy with what you see, you -can make patches out of your changes that are suitable for mailing: +# On AI use in curl - git format-patch remotes/origin/master +Guidelines for AI use when contributing to curl. -This creates files in your local directory named NNNN-[name].patch for each -commit. +## For security reports and other issues -Now send those patches off to the curl-library list. You can of course opt to -do that with the 'git send-email' command. +If you asked an AI tool to find problems in curl, you **must** make sure to +reveal this fact in your report. -### How To Make a Patch without git +You must also double-check the findings carefully before reporting them to us +to validate that the issues are indeed existing and working exactly as the AI +says. AI-based tools frequently generate inaccurate or fabricated results. -Keep a copy of the unmodified curl sources. Make your changes in a separate -source tree. When you think you have something that you want to offer the -curl community, use GNU diff to generate patches. +Further: it is *rarely* a good idea to copy and paste an AI generated report +to the project. Those generated reports typically are too wordy and rarely to +the point (in addition to the common fabricated details). If you actually find +a problem with an AI and you have verified it yourself to be true: write the +report yourself and explain the problem as you have learned it. This makes +sure the AI-generated inaccuracies and invented issues are filtered out early +before they waste more people's time. -If you have modified a single file, try something like: +As we take security reports seriously, we investigate each report with +priority. This work is both time and energy consuming and pulls us away from +doing other meaningful work. Fake and otherwise made up security problems +effectively prevent us from doing real project work and make us waste time and +resources. - diff -u unmodified-file.c my-changed-one.c > my-fixes.diff +We ban users immediately who submit made up fake reports to the project. -If you have modified several files, possibly in different directories, you -can use diff recursively: +## For pull requests - diff -ur curl-original-dir curl-modified-sources-dir > my-fixes.diff +When contributing content to the curl project, you give us permission to use +it as-is and you must make sure you are allowed to distribute it to us. By +submitting a change to us, you agree that the changes can and should be +adopted by curl and get redistributed under the curl license. Authors should +be explicitly aware that the burden is on them to ensure no unlicensed code is +submitted to the project. -The GNU diff and GNU patch tools exist for virtually all platforms, including -all kinds of Unixes and Windows: +This is independent if AI is used or not. -For unix-like operating systems: +When contributing a pull request you should of course always make sure that +the proposal is good quality and a best effort that follows our guidelines. A +basic rule of thumb is that if someone can spot that the contribution was made +with the help of AI, you have more work to do. - - [https://savannah.gnu.org/projects/patch/](https://savannah.gnu.org/projects/patch/) - - [https://www.gnu.org/software/diffutils/](https://www.gnu.org/software/diffutils/) +We can accept code written with the help of AI into the project, but the code +must still follow coding standards, be written clearly, be documented, feature +test cases and adhere to all the normal requirements we have. -For Windows: +## For translation - - [https://gnuwin32.sourceforge.io/packages/patch.htm](https://gnuwin32.sourceforge.io/packages/patch.htm) - - [https://gnuwin32.sourceforge.io/packages/diffutils.htm](https://gnuwin32.sourceforge.io/packages/diffutils.htm) +Translation services help users write reports, texts and documentation in +non-native languages and we encourage and welcome such contributors and +contributions. -### Useful resources - - [Webinar on getting code into cURL](https://www.youtube.com/watch?v=QmZ3W1d6LQI) +As AI-based translation tools sometimes have a way to make the output sound a +little robotic and add an "AI tone" to the text, you may want to consider +mentioning that you used such a tool. Failing to do so risks that maintainers +wrongly dismiss translated texts as AI slop. diff --git a/docs/CURL-DISABLE.md b/docs/CURL-DISABLE.md index 5967d7b79c34..9663ebe765cf 100644 --- a/docs/CURL-DISABLE.md +++ b/docs/CURL-DISABLE.md @@ -1,136 +1,193 @@ + + # Code defines to disable features and protocols -## CURL_DISABLE_ALTSVC +## `CURL_DISABLE_ALTSVC` Disable support for Alt-Svc: HTTP headers. -## CURL_DISABLE_COOKIES +## `CURL_DISABLE_BINDLOCAL` + +Disable support for binding the local end of connections. + +## `CURL_DISABLE_COOKIES` Disable support for HTTP cookies. -## CURL_DISABLE_CRYPTO_AUTH +## `CURL_DISABLE_BASIC_AUTH` + +Disable support for the Basic authentication methods. + +## `CURL_DISABLE_BEARER_AUTH` + +Disable support for the Bearer authentication methods. + +## `CURL_DISABLE_DIGEST_AUTH` + +Disable support for the Digest authentication methods. + +## `CURL_DISABLE_KERBEROS_AUTH` + +Disable support for the Kerberos authentication methods. + +## `CURL_DISABLE_NEGOTIATE_AUTH` + +Disable support for the negotiate authentication methods. + +## `CURL_DISABLE_AWS` -Disable support for authentication methods using crypto. +Disable **aws-sigv4** support. -## CURL_DISABLE_NTLM +## `CURL_DISABLE_CA_SEARCH` -Disable support for NTLM. +Disable unsafe CA bundle search in PATH on Windows. -## CURL_DISABLE_DICT +## `CURL_DISABLE_DICT` Disable the DICT protocol -## CURL_DISABLE_DOH +## `CURL_DISABLE_DOH` Disable DNS-over-HTTPS -## CURL_DISABLE_FILE +## `CURL_DISABLE_FILE` Disable the FILE protocol -## CURL_DISABLE_FTP +## `CURL_DISABLE_FORM_API` + +Disable the form API + +## `CURL_DISABLE_FTP` Disable the FTP (and FTPS) protocol -## CURL_DISABLE_GETOPTIONS +## `CURL_DISABLE_GETOPTIONS` -Disable the `curl_easy_options` API calls that lets users get information -about existing options to `curl_easy_setopt`. +Disable the `curl_easy_options()` API calls that lets users get information +about existing options to `curl_easy_setopt()`. -## CURL_DISABLE_GOPHER +## `CURL_DISABLE_GOPHER` Disable the GOPHER protocol. -## CURL_DISABLE_HSTS +## `CURL_DISABLE_HEADERS_API` + +Disable the HTTP header API. + +## `CURL_DISABLE_HSTS` Disable the HTTP Strict Transport Security support. -## CURL_DISABLE_HTTP +## `CURL_DISABLE_HTTP` Disable the HTTP(S) protocols. Note that this then also disable HTTP proxy support. -## CURL_DISABLE_HTTP_AUTH +## `CURL_DISABLE_HTTP_AUTH` Disable support for all HTTP authentication methods. -## CURL_DISABLE_IMAP +## `CURL_DISABLE_IMAP` Disable the IMAP(S) protocols. -## CURL_DISABLE_LDAP +## `CURL_DISABLE_LDAP` Disable the LDAP(S) protocols. -## CURL_DISABLE_LDAPS +## `CURL_DISABLE_LDAPS` Disable the LDAPS protocol. -## CURL_DISABLE_LIBCURL_OPTION +## `CURL_DISABLE_LIBCURL_OPTION` Disable the --libcurl option from the curl tool. -## CURL_DISABLE_MIME +## `CURL_DISABLE_MIME` Disable MIME support. -## CURL_DISABLE_MQTT +## `CURL_DISABLE_MQTT` Disable MQTT support. -## CURL_DISABLE_NETRC +## `CURL_DISABLE_NETRC` Disable the netrc parser. -## CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG +## `CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG` Disable the auto load config support in the OpenSSL backend. -## CURL_DISABLE_PARSEDATE +## `CURL_DISABLE_PARSEDATE` Disable date parsing -## CURL_DISABLE_POP +## `CURL_DISABLE_POP3` -Disable the POP(S) protocols +Disable the POP3 protocol -## CURL_DISABLE_PROGRESS_METER +## `CURL_DISABLE_PROGRESS_METER` Disable the built-in progress meter -## CURL_DISABLE_PROXY +## `CURL_DISABLE_PROXY` Disable support for proxies -## CURL_DISABLE_RTSP +## `CURL_DISABLE_IPFS` + +Disable the IPFS/IPNS protocols. This affects the curl tool only, where +IPFS/IPNS protocol support is implemented. + +## `CURL_DISABLE_RTSP` Disable the RTSP protocol. -## CURL_DISABLE_SHUFFLE_DNS +## `CURL_DISABLE_SHA512_256` + +Disable the SHA-512/256 hash algorithm. + +## `CURL_DISABLE_SHUFFLE_DNS` Disable the shuffle DNS feature -## CURL_DISABLE_SMB +## `CURL_DISABLE_SMB` Disable the SMB(S) protocols -## CURL_DISABLE_SMTP +## `CURL_DISABLE_SMTP` Disable the SMTP(S) protocols -## CURL_DISABLE_SOCKETPAIR +## `CURL_DISABLE_SOCKETPAIR` -Disable the use of socketpair internally to allow waking up and canceling -curl_multi_poll(). +Disable the use of `socketpair()` internally to allow waking up and canceling +`curl_multi_poll()`. -## CURL_DISABLE_TELNET +## `CURL_DISABLE_TELNET` Disable the TELNET protocol -## CURL_DISABLE_TFTP +## `CURL_DISABLE_TFTP` Disable the TFTP protocol -## CURL_DISABLE_VERBOSE_STRINGS +## `CURL_DISABLE_TYPECHECK` + +Disable `curl_easy_setopt()`/`curl_easy_getinfo()` type checking. + +Useful to improve build performance for the `tests/libtest` test tool. + +## `CURL_DISABLE_VERBOSE_STRINGS` Disable verbose strings and error messages. + +## `CURL_DISABLE_WEBSOCKETS` + +Disable the WebSocket protocols. diff --git a/docs/CURLDOWN.md b/docs/CURLDOWN.md new file mode 100644 index 000000000000..ce19b5f5d606 --- /dev/null +++ b/docs/CURLDOWN.md @@ -0,0 +1,165 @@ + + +# curldown + +A markdown-like syntax for libcurl man pages. + +## Purpose + +A text format for writing libcurl documentation in the shape of man pages. + +Make it easier for users to contribute and write documentation. A format that +is easier on the eye in its source format. + +Make it harder to do syntactical mistakes. + +Use a format that allows creating man pages that end up looking exactly like +the man pages did when we wrote them in nroff format. + +Take advantage of the fact that people these days are accustomed to markdown +by using a markdown-like syntax. + +This allows us to fix issues in the nroff format easier since now we generate +them. For example: escaping minus to prevent them from being turned into +Unicode by man. + +Generate nroff output that looks (next to) *identical* to the previous files, +so that the look, existing test cases, HTML conversions, existing +infrastructure etc remain mostly intact. + +Contains meta-data in a structured way to allow better output (for example the +see also information) and general awareness of what the file is about. + +## File extension + +Since curldown looks similar to markdown, we use `.md` extensions on the +files. + +## Conversion + +Convert **from curldown to nroff** with `cd2nroff`. Generates nroff man pages. + +Convert **from nroff to curldown** with `nroff2cd`. This is only meant to be +used for the initial conversion to curldown and should ideally never be needed +again. + +Convert, check or clean up an existing curldown to nicer, better, cleaner +curldown with **cd2cd**. + +Mass-convert all curldown files to nroff in specified directories with +`cdall`: + + cdall [dir1] [dir2] [dir3] .. + +## Known issues + +The `cd2nroff` tool does not yet handle *italics* or **bold** where the start +and the end markers are used on separate lines. + +The `nroff2cd` tool generates code style quotes for all `.fi` sections since +the nroff format does not carry a distinction. + +# Format + +Each curldown starts with a header with meta-data: + + --- + c: Copyright (C) Daniel Stenberg, , et al. + SPDX-License-Identifier: curl + Title: CURLOPT_AWS_SIGV4 + Section: 3 + Source: libcurl + Protocol: + - HTTP + See-also: + - CURLOPT_HEADEROPT (3) + - CURLOPT_HTTPAUTH (3) + TLS-backend: + - [name] + Added-in: [version or "n/a"] + --- + +All curldown files *must* have all the headers present and at least one +`See-also:` entry specified. + +If the man page is for section 3 (library related). The `Protocol` list must +contain at least one protocol, which can be `*` if the option is virtually for +everything. If `*` is used, it must be the only listed protocol. Recognized +protocols are either URL schemes (in uppercase), `TLS` or `TCP`. + +If the `Protocol` list contains `TLS`, then there must also be a `TLS-backend` +list, specifying `All` or a list of what TLS backends that work with this +option. The available TLS backends are: + +- `GnuTLS` +- `mbedTLS` +- `OpenSSL` (also covers BoringSSL, LibreSSL, quictls, AWS-LC and AmiSSL) +- `rustls` +- `Schannel` +- `wolfSSL` +- `All`: all TLS backends + +Following the header in the file, is the manual page using markdown-like +syntax: + +~~~ + # NAME + a page - this is a page describing something + + # SYNOPSIS + ~~~c + #include + + CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AWS_SIGV4, char *param); + ~~~ +~~~ + +Quoted source code should start with `~~~c` and end with `~~~` while regular +quotes can start with `~~~` or be indented with 4 spaces. + +Headers at top-level `#` get converted to `.SH`. + +`nroff2cd` supports the `##` next level header which gets converted to `.IP`. + +Write bold words or phrases within `**` like: + + This is a **bold** word. + +Write italics like: + + This is *italics*. + +Due to how man pages do not support backticks especially formatted, such +occurrences in the source are instead using italics in the generated output: + + This `word` appears in italics. + +When generating the nroff output, the tooling removes superfluous newlines, +meaning they can be used freely in the source file to make the text more +readable. + +To make sure curldown documents render correctly as markdown, all literal +occurrences of `<` or `>` need to be escaped by a leading backslash. + +## Generating contents + +`# %PROTOCOLS%` - inserts a **PROTOCOLS** section based on the metadata +provided in the header. + +`# %AVAILABILITY%` - inserts an **AVAILABILITY** section based on the metadata +provided in the header. + +## Symbols + +All mentioned curl symbols that have their own man pages, like +`curl_easy_perform(3)` are automatically rendered using italics in the output +without having to enclose it with asterisks. This helps ensuring that they get +converted to links properly later in the HTML version on the website, as +converted with `roffit`. This makes the curldown text easier to read even when +mentioning many curl symbols. + +This auto-linking works for patterns matching `(lib|)curl[^ ]*(3)`. diff --git a/docs/DEPRECATE.md b/docs/DEPRECATE.md index 26877c48aa71..6aaa9936c343 100644 --- a/docs/DEPRECATE.md +++ b/docs/DEPRECATE.md @@ -1,12 +1,64 @@ + + # Items to be removed from future curl releases If any of these deprecated features is a cause for concern for you, please -email the curl-library mailing list as soon as possible and explain to us why -this is a problem for you and how your use case can't be satisfied properly -using a work around. +email the +[curl-library mailing list](https://lists.haxx.se/listinfo/curl-library) +as soon as possible and explain to us why this is a problem for you and +how your use case cannot be satisfied properly using a workaround. + +## c-ares 1.16.0 + +In March 2026, we drop support for all c-ares versions before 1.16.0. + +## TLS-SRP Authentication + +Transport Layer Security Secure Remote Password is a TLS feature that does not +work with TLS 1.3 or QUIC and is virtually unused by curl users and in +general. + +TLS-SRP support gets removed in August 2026. + +## SMB goes opt-in + +The SMB protocol has weak security and is rarely used these days. After curl +8.19.0 SMB support becomes opt-in. + +## NTLM goes opt-in + +The NTLM authentication method has weak security and is rarely used these +days. It has been deprecated by Microsoft and does not work over HTTP/2 or +HTTP/3. + +After curl 8.19.0 NTLM support becomes opt-in. ## Past removals - - Pipelining - - axTLS - - PolarSSL +- axTLS (removed in 7.63.0) +- Pipelining (removed in 7.65.0) +- PolarSSL (removed in 7.69.0) +- NPN (removed in 7.86.0) +- Support for systems without 64-bit data types (removed in 8.0.0) +- NSS (removed in 8.3.0) +- gskit (removed in 8.3.0) +- MinGW v1 (removed in 8.4.0) +- NTLM_WB (removed in 8.8.0) +- space-separated `NOPROXY` patterns (removed in 8.9.0) +- hyper (removed in 8.12.0) +- Support for Visual Studio 2005 and older (removed in 8.13.0) +- Secure Transport (removed in 8.15.0) +- BearSSL (removed in 8.15.0) +- msh3 (removed in 8.16.0) +- winbuild build system (removed in 8.17.0) +- Windows CE (removed in 8.18.0) +- Support for Visual Studio 2008 (removed in 8.18.0) +- OpenSSL 1.1.1 and older (removed in 8.18.0) +- Support for Windows XP (removed in 8.19.0) +- OpenSSL-QUIC (removed in 8.19.0) +- CMake 3.17 and older (removed in 8.20.0) +- RTMP (removed in 8.20.0) diff --git a/docs/DISTROS.md b/docs/DISTROS.md new file mode 100644 index 000000000000..3a433445dae9 --- /dev/null +++ b/docs/DISTROS.md @@ -0,0 +1,304 @@ + + +# curl distros + + + +Lots of organizations distribute curl packages to end users. This is a +collection of pointers to where to learn more about curl on and with each +distro. Those marked *Rolling Release* typically run the latest version of curl +and are therefore less likely to have back-ported patches to older versions. + +We discuss curl distro issues, patches and collaboration on the [curl-distros +mailing list](https://lists.haxx.se/listinfo/curl-distros) ([list +archives](https://curl.se/mail/list.cgi?list=curl-distros)). + +## AlmaLinux + +- curl package source and patches: https://git.almalinux.org/rpms/curl/ +- curl issues: https://bugs.almalinux.org/view_all_bug_page.php click Category and choose curl +- curl security: https://errata.almalinux.org/ search for curl + +## Alpine Linux + +- curl: https://pkgs.alpinelinux.org/package/edge/main/x86_64/curl +- curl issues: https://gitlab.alpinelinux.org/alpine/aports/-/issues +- curl security: https://security.alpinelinux.org/srcpkg/curl +- curl package source and patches: https://gitlab.alpinelinux.org/alpine/aports/-/tree/master/main/curl + +## Alt Linux + +- curl: https://packages.altlinux.org/en/search/?q=curl +- curl issues: https://packages.altlinux.org/en/sisyphus/srpms/curl/issues/ +- curl patches: https://git.altlinux.org/gears/c/curl.git?p=curl.git;a=tree;f=.gear + +## Arch Linux + +*Rolling Release* + +- curl: https://archlinux.org/packages/core/x86_64/curl/ +- curl issues: https://gitlab.archlinux.org/archlinux/packaging/packages/curl/-/issues +- curl security: https://security.archlinux.org/package/curl +- curl wiki: https://wiki.archlinux.org/title/CURL + +## Buildroot + +*Rolling Release* + +- curl package source and patches: **missing URL** +- curl issues: **missing URL** + +## Chimera + +- curl package source and patches: https://github.com/chimera-linux/cports/tree/master/main/curl + +## Clear Linux + +*Rolling Release* + +- curl: https://github.com/clearlinux-pkgs/curl +- curl issues: https://github.com/clearlinux/distribution/issues + +## Conary + +- curl: https://github.com/conan-io/conan-center-index/tree/master/recipes/libcurl +- curl issues: https://github.com/conan-io/conan-center-index/issues +- curl patches: https://github.com/conan-io/conan-center-index/tree/master/recipes/libcurl (in `all/patches/*`, if any) + +## conda-forge + +- curl: https://github.com/conda-forge/curl-feedstock +- curl issues: https://github.com/conda-forge/curl-feedstock/issues + +## CRUX + +- curl: https://crux.nu/portdb/?a=search&q=curl +- curl issues: https://git.crux.nu/ports/core/issues/?type=all&state=open&q=curl + +## curl-for-win + +(this is the official curl binaries for Windows shipped by the curl project) + +*Rolling Release* + +- curl: https://curl.se/windows/ +- curl patches: https://github.com/curl/curl-for-win/blob/main/curl.patch (if any) +- build-specific issues: https://github.com/curl/curl-for-win/issues + +Issues and patches for this are managed in the main curl project. + +## Cygwin + +- curl: https://cygwin.com/cgit/cygwin-packages/curl/tree/curl.cygport +- curl patches: https://cygwin.com/cgit/cygwin-packages/curl/tree +- curl issues: https://inbox.sourceware.org/cygwin/?q=s%3Acurl + +## Cygwin (cross mingw64) + +- mingw64-x86_64-curl: https://cygwin.com/cgit/cygwin-packages/mingw64-x86_64-curl/tree/mingw64-x86_64-curl.cygport +- mingw64-x86_64-curl patches: https://cygwin.com/cgit/cygwin-packages/mingw64-x86_64-curl/tree +- mingw64-x86_64-curl issues: https://inbox.sourceware.org/cygwin/?q=s%3Amingw64-x86_64-curl + +## Debian + +- curl: https://tracker.debian.org/pkg/curl +- curl issues: https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=curl +- curl patches: https://udd.debian.org/patches.cgi?src=curl +- curl patches: https://salsa.debian.org/debian/curl (in debian/* branches, inside the folder debian/patches) + +## Fedora + +- curl: https://src.fedoraproject.org/rpms/curl +- curl issues: [bugzilla](https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&product=Fedora&product=Fedora%20EPEL&component=curl) +- curl patches: [list of patches in package git](https://src.fedoraproject.org/rpms/curl/tree/rawhide) + +## FreeBSD + +- curl: https://cgit.freebsd.org/ports/tree/ftp/curl +- curl patches: https://cgit.freebsd.org/ports/tree/ftp/curl +- curl issues: https://bugs.freebsd.org/bugzilla/buglist.cgi?bug_status=__open__&order=Importance&product=Ports%20%26%20Packages&query_format=advanced&short_desc=curl&short_desc_type=allwordssubstr + +## Gentoo Linux + +*Rolling Release* + +- curl: https://packages.gentoo.org/packages/net-misc/curl +- curl issues: https://bugs.gentoo.org/buglist.cgi?quicksearch=net-misc/curl +- curl package sources and patches: https://gitweb.gentoo.org/repo/gentoo.git/tree/net-misc/curl/ + +## GNU Guix + +*Rolling Release* + +- curl: https://git.savannah.gnu.org/gitweb/?p=guix.git;a=blob;f=gnu/packages/curl.scm;hb=HEAD +- curl issues: https://issues.guix.gnu.org/search?query=curl + +## Haiku + +- curl: https://github.com/haikuports/haikuports/tree/master/net-misc/curl +- curl issues: https://github.com/haikuports/haikuports/issues +- curl patches: https://github.com/haikuports/haikuports/tree/master/net-misc/curl/patches (if any) + +## Homebrew + +*Rolling Release* + +- curl: https://formulae.brew.sh/formula/curl + +Homebrew's policy is that all patches and issues should be submitted upstream +unless it is specific to Homebrew's way of packaging software. + +## LibreELEC + +- curl: https://github.com/LibreELEC/LibreELEC.tv/blob/master/packages/web/curl/ +- curl issues: https://github.com/LibreELEC/LibreELEC.tv/issues?q=is%3Aissue%20state%3Aopen%20curl +- curl patches: https://github.com/LibreELEC/LibreELEC.tv/blob/master/packages/web/curl/patches/ + +## MacPorts + +*Rolling Release* + +- curl: https://github.com/macports/macports-ports/tree/master/net/curl +- curl issues: https://trac.macports.org/query?0_port=curl&0_port_mode=%7E&0_status=%21closed +- curl patches: https://github.com/macports/macports-ports/tree/master/net/curl/files + +## Mageia + +- curl: https://svnweb.mageia.org/packages/cauldron/curl/current/SPECS/curl.spec?view=markup +- curl issues: https://bugs.mageia.org/buglist.cgi?bug_status=NEW&bug_status=UNCONFIRMED&bug_status=NEEDINFO&bug_status=UPSTREAM&bug_status=ASSIGNED&component=RPM%20Packages&f1=cf_rpmpkg&list_id=176576&o1=casesubstring&product=Mageia&query_format=advanced&v1=curl +- curl patches: https://svnweb.mageia.org/packages/cauldron/curl/current/SOURCES/ +- curl patches in stable distro releases: https://svnweb.mageia.org/packages/updates/9/curl/current/SOURCES/ +- curl security: https://advisories.mageia.org/src_curl.html + +## MSYS2 + +*Rolling Release* + +- curl: https://github.com/msys2/MSYS2-packages/tree/master/curl +- curl issues: https://github.com/msys2/MSYS2-packages/issues +- curl patches: https://github.com/msys2/MSYS2-packages/tree/master/curl (`*.patch`) + +## MSYS2 (mingw-w64) + +*Rolling Release* + +- curl: https://github.com/msys2/MINGW-packages/tree/master/mingw-w64-curl +- curl issues: https://github.com/msys2/MINGW-packages/issues +- curl patches: https://github.com/msys2/MINGW-packages/tree/master/mingw-w64-curl (`*.patch`) + +## Muldersoft + +*Rolling Release* + +- curl: https://github.com/lordmulder/curl-build-win32 +- curl issues: https://github.com/lordmulder/curl-build-win32/issues +- curl patches: https://github.com/lordmulder/curl-build-win32/tree/master/patch + +## NixOS + +- curl: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/by-name/cu/curlMinimal/package.nix +- curl issues: https://github.com/NixOS/nixpkgs + +nixpkgs is the package repository used by the NixOS Linux distribution, but +can also be used on other distributions + +## OmniOS + +- curl: https://github.com/omniosorg/omnios-build/tree/master/build/curl +- curl issues: https://github.com/omniosorg/omnios-build/issues +- curl patches: https://github.com/omniosorg/omnios-build/tree/master/build/curl/patches + +## OpenIndiana + +- curl: https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components/web/curl +- curl issues: https://www.illumos.org/projects/openindiana/issues +- curl patches: https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components/web/curl/patches + +## OpenSUSE + +- curl source and patches: https://build.opensuse.org/package/show/openSUSE%3AFactory/curl + +## Oracle Solaris + +- curl: https://github.com/oracle/solaris-userland/tree/master/components/curl +- curl issues: https://support.oracle.com/ (requires support contract) +- curl patches: https://github.com/oracle/solaris-userland/tree/master/components/curl/patches + +## OpenBSD + +- curl: https://github.com/openbsd/ports/tree/master/net/curl +- curl issues: https://www.openbsd.org/mail.html (ports mailing list) +- curl patches: https://github.com/openbsd/ports/tree/master/net/curl/patches + +## OpenEmbedded / Yocto Project + +*Rolling Release* + +- curl: https://layers.openembedded.org/layerindex/recipe/5765/ +- curl issues: https://bugzilla.yoctoproject.org/ +- curl patches: https://git.openembedded.org/openembedded-core/tree/meta/recipes-support/curl + +## PLD Linux + +- curl package source and patches: https://github.com/pld-linux/curl +- curl issues: https://bugs.launchpad.net/pld-linux?field.searchtext=curl&search=Search&field.status%3Alist=NEW&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.assignee=&field.bug_reporter=&field.omit_dupes=on&field.has_patch=&field.has_no_package= + +## pkgsrc + +- curl: https://github.com/NetBSD/pkgsrc/tree/trunk/www/curl +- curl issues: https://github.com/NetBSD/pkgsrc/issues +- curl patches: https://github.com/NetBSD/pkgsrc/tree/trunk/www/curl/patches + +## Red Hat Enterprise Linux / CentOS Stream + +- curl: https://kojihub.stream.centos.org/koji/packageinfo?packageID=217 +- curl issues: https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&issuetype=1&components=12377466&priority=10300 +- curl patches: https://gitlab.com/redhat/centos-stream/rpms/curl + +## Rocky Linux + +- curl: https://git.rockylinux.org/staging/rpms/curl/-/blob/r9/SPECS/curl.spec +- curl issues: https://bugs.rockylinux.org/ +- curl patches: https://git.rockylinux.org/staging/rpms/curl/-/tree/r9/SOURCES + +## SerenityOS + +- curl: https://github.com/SerenityOS/serenity/tree/master/Ports/curl +- curl issues: https://github.com/SerenityOS/serenity/issues?q=label%3Aports +- curl patches: https://github.com/SerenityOS/serenity/tree/master/Ports/curl/patches + +## SmartOS + +- curl: https://github.com/TritonDataCenter/illumos-extra/tree/master/curl +- curl issues: https://github.com/TritonDataCenter/illumos-extra/issues +- curl patches: https://github.com/TritonDataCenter/illumos-extra/tree/master/curl/Patches + +## SPACK + +- curl package source and patches: https://github.com/spack/spack/tree/develop/var/spack/repos/builtin/packages/curl + +## vcpkg + +*Rolling Release* + +- curl: https://github.com/microsoft/vcpkg/tree/master/ports/curl +- curl issues: https://github.com/microsoft/vcpkg/issues +- curl patches: https://github.com/microsoft/vcpkg/tree/master/ports/curl (`*.patch`) + +## Void Linux + +*Rolling Release* + +- curl: https://github.com/void-linux/void-packages/tree/master/srcpkgs/curl +- curl issues: https://github.com/void-linux/void-packages/issues +- curl patches: https://github.com/void-linux/void-packages/tree/master/srcpkgs/curl/patches + +## Wolfi + +*Rolling Release* + +- curl: https://github.com/wolfi-dev/os/blob/main/curl.yaml diff --git a/docs/DYNBUF.md b/docs/DYNBUF.md deleted file mode 100644 index a30a058b9908..000000000000 --- a/docs/DYNBUF.md +++ /dev/null @@ -1,108 +0,0 @@ -# dynbuf - -This is the internal module for creating and handling "dynamic buffers". This -means buffers that can be appended to, dynamically and grow in size to adapt. - -There will always be a terminating zero put at the end of the dynamic buffer. - -The `struct dynbuf` is used to hold data for each instance of a dynamic -buffer. The members of that struct **MUST NOT** be accessed or modified -without using the dedicated dynbuf API. - -## init - -```c -void Curl_dyn_init(struct dynbuf *s, size_t toobig); -``` - -This inits a struct to use for dynbuf and it can't fail. The `toobig` value -**must** be set to the maximum size we allow this buffer instance to grow to. -The functions below will return `CURLE_OUT_OF_MEMORY` when hitting this limit. - -## free - -```c -void Curl_dyn_free(struct dynbuf *s); -``` - -Free the associated memory and clean up. After a free, the `dynbuf` struct can -be re-used to start appending new data to. - -## addn - -```c -CURLcode Curl_dyn_addn(struct dynbuf *s, const void *mem, size_t len); -``` - -Append arbitrary data of a given length to the end of the buffer. - -## add - -```c -CURLcode Curl_dyn_add(struct dynbuf *s, const char *str); -``` - -Append a C string to the end of the buffer. - -## addf - -```c -CURLcode Curl_dyn_addf(struct dynbuf *s, const char *fmt, ...); -``` - -Append a `printf()`-style string to the end of the buffer. - -## vaddf - -```c -CURLcode Curl_dyn_vaddf(struct dynbuf *s, const char *fmt, va_list ap); -``` - -Append a `vprintf()`-style string to the end of the buffer. - -## reset - -```c -void Curl_dyn_reset(struct dynbuf *s); -``` - -Reset the buffer length, but leave the allocation. - -## tail - -```c -CURLcode Curl_dyn_tail(struct dynbuf *s, size_t length); -``` - -Keep `length` bytes of the buffer tail (the last `length` bytes of the -buffer). The rest of the buffer is dropped. The specified `length` must not be -larger than the buffer length. - -## ptr - -```c -char *Curl_dyn_ptr(const struct dynbuf *s); -``` - -Returns a `char *` to the buffer if it has a length, otherwise a NULL. Since -the buffer may be reallocated, this pointer should not be trusted or used -anymore after the next buffer manipulation call. - -## uptr - -```c -unsigned char *Curl_dyn_uptr(const struct dynbuf *s); -``` - -Returns an `unsigned char *` to the buffer if it has a length, otherwise a -NULL. Since the buffer may be reallocated, this pointer should not be trusted -or used anymore after the next buffer manipulation call. - -## len - -```c -size_t Curl_dyn_len(const struct dynbuf *s); -``` - -Returns the length of the buffer in bytes. Does not include the terminating -zero byte. diff --git a/docs/EARLY-RELEASE.md b/docs/EARLY-RELEASE.md new file mode 100644 index 000000000000..8ec74c3e20c7 --- /dev/null +++ b/docs/EARLY-RELEASE.md @@ -0,0 +1,73 @@ + + +# How to determine if an early patch release is warranted + +In the curl project we do releases every 8 weeks. Unless we break the cycle +and do an early patch release. + +We do frequent releases partly to always have the next release "not too far +away". + +## Bugfix + +During the release cycle, and especially in the beginning of a new cycle (the +so-called "cool down" period), there are times when a bug is reported and +after it has been subsequently fixed correctly, the question might be asked: +is this bug and associated fix important enough for an early patch release? + +The question can only be properly asked when a fix has been created and landed +in the git master branch. + +## Early release + +An early patch release means that we ship a new, complete and full release +called `major.minor.patch` where the `patch` part is increased by one since +the previous release. A curl release is a curl release. There is no small or +big and we never ship stand-alone separate patches. There is only "release". + +## Questions to ask + +- Is there a security advisory rated high or critical? +- Is there a data corruption bug? +- Did the bug cause an API/ABI breakage? +- Does the problem annoy a significant share of the user population? + +If the answer is yes to one or more of the above, an early release might be +warranted. + +More questions to ask ourselves when doing the assessment if the answers to +the three ones above are all 'no'. + +- Does the bug cause curl to prematurely terminate? +- How common is the affected buggy option/feature/protocol/platform to get + used? +- How large is the estimated impacted user base? +- Does the bug block something crucial for applications or other adoption of + curl "out there" ? +- Does the bug cause problems for curl developers or others on "the curl + team" ? +- Is the bug limited to the curl tool only? That might have a smaller impact + than a bug also present in libcurl. +- Is there a (decent) workaround? +- Is it a regression? Is the bug introduced in this release? +- Can the bug be fixed "easily" by applying a patch? +- Does the bug break the build? Most users do not build curl themselves. +- How long is it until the already scheduled next release? +- Can affected users safely rather revert to a former release until the next + scheduled release? +- Is it a performance regression with no functionality side-effects? If so it + has to be substantial. + +## If an early release is deemed necessary + +Unless done for security or similarly important reasons, an early release +should not be done within a week of the previous release. + +This, to enable us to collect and bundle more fixes into the same release to +make the release more worthwhile for everyone and to allow more time for fixes +to settle and things to get tested. Getting a release in shape and done in +style is work that should not be rushed. diff --git a/docs/ECH.md b/docs/ECH.md index ad64a6a604b4..127f0b208e17 100644 --- a/docs/ECH.md +++ b/docs/ECH.md @@ -1,135 +1,485 @@ -# TLS: ECH support in curl and libcurl - -## Summary - -**ECH** means **Encrypted Client Hello**, a TLS 1.3 extension which is -currently the subject of an [IETF Draft][tlsesni]. (ECH was formerly known as -ESNI). - -This file is intended to show the latest current state of ECH support -in **curl** and **libcurl**. - -At end of August 2019, an [experimental fork of curl][niallorcurl], built -using an [experimental fork of OpenSSL][sftcdopenssl], which in turn provided -an implementation of ECH, was demonstrated interoperating with a server -belonging to the [DEfO Project][defoproj]. - -Further sections here describe - -- resources needed for building and demonstrating **curl** support - for ECH, - -- progress to date, - -- TODO items, and - -- additional details of specific stages of the progress. - -## Resources needed - -To build and demonstrate ECH support in **curl** and/or **libcurl**, -you will need - -- a TLS library, supported by **libcurl**, which implements ECH; - -- an edition of **curl** and/or **libcurl** which supports the ECH - implementation of the chosen TLS library; - -- an environment for building and running **curl**, and at least - building **OpenSSL**; - -- a server, supporting ECH, against which to run a demonstration - and perhaps a specific target URL; - -- some instructions. - -The following set of resources is currently known to be available. - -| Set | Component | Location | Remarks | -|:-----|:-------------|:------------------------------|:-------------------------------------------| -| DEfO | TLS library | [sftcd/openssl][sftcdopenssl] | Tag *esni-2019-08-30* avoids bleeding edge | -| | curl fork | [niallor/curl][niallorcurl] | Tag *esni-2019-08-30* likewise | -| | instructions | [ESNI-README][niallorreadme] | | - -## Progress - -### PR 4011 (Jun 2019) expected in curl release 7.67.0 (Oct 2019) - -- Details [below](#pr4011); - -- New configuration option: `--enable-ech`; - -- Build-time check for availability of resources needed for ECH - support; - -- Pre-processor symbol `USE_ECH` for conditional compilation of - ECH support code, subject to configuration option and - availability of needed resources. - -## TODO - -- (next PR) Add libcurl options to set ECH parameters. - -- (next PR) Add curl tool command line options to set ECH parameters. - -- (WIP) Extend DoH functions so that published ECH parameters can be - retrieved from DNS instead of being required as options. - -- (WIP) Work with OpenSSL community to finalize ECH API. - -- Track OpenSSL ECH API in libcurl - -- Identify and implement any changes needed for CMake. - -- Optimize build-time checking of available resources. - -- Encourage ECH support work on other TLS/SSL backends. - -## Additional detail - -### PR 4011 - -**TLS: Provide ECH support framework for curl and libcurl** - -The proposed change provides a framework to facilitate work to implement ECH -support in curl and libcurl. It is not intended either to provide ECH -functionality or to favour any particular TLS-providing backend. Specifically, -the change reserves a feature bit for ECH support (symbol -`CURL_VERSION_ECH`), implements setting and reporting of this bit, includes -dummy book-keeping for the symbol, adds a build-time configuration option -(`--enable-ech`), provides an extensible check for resources available to -provide ECH support, and defines a compiler pre-processor symbol (`USE_ECH`) -accordingly. - -Proposed-by: @niallor (Niall O'Reilly)\ -Encouraged-by: @sftcd (Stephen Farrell)\ -See-also: [this message](https://curl.se/mail/lib-2019-05/0108.html) - -Limitations: -- Book-keeping (symbols-in-versions) needs real release number, not 'DUMMY'. - -- Framework is incomplete, as it covers autoconf, but not CMake. - -- Check for available resources, although extensible, refers only to - specific work in progress ([described - here](https://github.com/sftcd/openssl/tree/master/esnistuff)) to - implement ECH for OpenSSL, as this is the immediate motivation - for the proposed change. - -## References - -Cloudflare blog: [Encrypting SNI: Fixing One of the Core Internet Bugs][corebug] - -Cloudflare blog: [Encrypt it or lose it: how encrypted SNI works][esniworks] - -IETF Draft: [Encrypted Server Name Indication for TLS 1.3][tlsesni] - ---- - -[tlsesni]: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ -[esniworks]: https://blog.cloudflare.com/encrypted-sni/ -[corebug]: https://blog.cloudflare.com/esni/ -[defoproj]: https://defo.ie/ -[sftcdopenssl]: https://github.com/sftcd/openssl/ -[niallorcurl]: https://github.com/niallor/curl/ -[niallorreadme]: https://github.com/niallor/curl/blob/master/ESNI-README.md + + +# Building curl with HTTPS-RR and ECH support + +We have added support for ECH to curl. It can use HTTPS RRs published in the +DNS if curl uses DoH, or else can accept the relevant ECHConfigList values +from the command line. This works with OpenSSL, wolfSSL, BoringSSL, AWS-LC +or rustls-ffi as the TLS provider. + +This feature is EXPERIMENTAL. DO NOT USE IN PRODUCTION. + +This should however provide enough of a proof-of-concept to prompt an informed +discussion about a good path forward for ECH support in curl. + +## OpenSSL Build + +To build the OpenSSL project's ECH feature branch: + +```sh +cd $HOME/code +git clone https://github.com/openssl/openssl --branch feature/ech +cd openssl +./config --libdir=lib --prefix=$HOME/code/openssl-local-inst +...stuff... +make -j8 +...more stuff... +make install_sw +...a little bit of stuff... +``` + +To build curl ECH-enabled, making use of the above: + +```sh +cd $HOME/code +git clone https://github.com/curl/curl +cd curl +autoreconf -fi +LDFLAGS="-Wl,-rpath,$HOME/code/openssl-local-inst/lib/" ./configure --with-ssl=$HOME/code/openssl-local-inst --enable-ech +...lots of output... +WARNING: ECH HTTPSRR enabled but marked EXPERIMENTAL... +make +...lots more output... +``` + +If you do not get that WARNING at the end of the `configure` command, then +ECH is not enabled, so go back some steps and re-do whatever needs re-doing:-) +If you want to debug curl then you should add `--enable-debug` to the +`configure` command. + +In a recent (2024-05-20) build on one machine, configure failed to find the +ECH-enabled SSL library, apparently due to the existence of +`$HOME/code/openssl-local-inst/lib/pkgconfig` as a directory containing +various settings. Deleting that directory worked around the problem but may +not be the best solution. + +## Using ECH and DoH + +curl supports using DoH for A/AAAA lookups so it was relatively easy to add +retrieval of HTTPS RRs in that situation. To use ECH and DoH together: + +```sh +cd $HOME/code/curl +LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl --ech true --doh-url https://one.one.one.one/dns-query https://defo.ie/ech-check.php +... +SSL_ECH_STATUS: success good
+... +``` + +The output snippet above is within the HTML for the webpage, when things work. + +The above works for these test sites: + +```sh +https://defo.ie/ech-check.php +https://crypto.cloudflare.com/cdn-cgi/trace +https://tls-ech.dev/ +``` + +The list above has 4 different server technologies, implemented by 3 different +parties, and includes a case (the port 8414 server) where HelloRetryRequest +(HRR) is forced. + +We currently support the following new curl command line arguments/options: + +- `--ech ` - the `config` value can be one of: + - `false` says to not attempt ECH + - `true` says to attempt ECH, if possible + - `grease` if attempting ECH is not possible, then send a GREASE ECH extension + - `hard` hard-fail the connection if ECH cannot be attempted + - `ecl:` a base64 encoded ECHConfigList, rather than one accessed from the DNS + - `pn:` override the `public_name` from an ECHConfigList + +Note that in the above "attempt ECH" means the client emitting a TLS +ClientHello with a "real" ECH extension, but that does not mean that the +relevant server can succeed in decrypting, as things can fail for other +reasons. + +## Supplying an ECHConfigList on the command line + +To supply the ECHConfigList on the command line, you might need a bit of +cut-and-paste, e.g.: + +```sh +dig +short https defo.ie +1 . ipv4hint=213.108.108.101 ech=AED+DQA8PAAgACD8WhlS7VwEt5bf3lekhHvXrQBGDrZh03n/LsNtAodbUAAEAAEAAQANY292ZXIuZGVmby5pZQAA ipv6hint=2a00:c6c0:0:116:5::10 +``` + +Then paste the base64 encoded ECHConfigList onto the curl command line: + +```sh +LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl --ech ecl:AED+DQA8PAAgACD8WhlS7VwEt5bf3lekhHvXrQBGDrZh03n/LsNtAodbUAAEAAEAAQANY292ZXIuZGVmby5pZQAA https://defo.ie/ech-check.php +... +SSL_ECH_STATUS: success good
+... +``` + +The output snippet above is within the HTML for the webpage. + +If you paste in the wrong ECHConfigList (it changes hourly for `defo.ie`) you +should get an error like this: + +```sh +LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl -vvv --ech ecl:AED+DQA8yAAgACDRMQo+qYNsNRNj+vfuQfFIkrrUFmM4vogucxKj/4nzYgAEAAEAAQANY292ZXIuZGVmby5pZQAA https://defo.ie/ech-check.php +... +* OpenSSL/3.3.0: error:0A00054B:SSL routines::ech required +... +``` + +There is a reason to want this command line option - for use before publishing +an ECHConfigList in the DNS as per the Internet-draft [A well-known URI for +publishing ECHConfigList values](https://datatracker.ietf.org/doc/draft-ietf-tls-wkech/). + +If you do use a wrong ECHConfigList value, then the server might return a +good value, via the `retry_configs` mechanism. You can see that value in +the verbose output, e.g.: + +```sh +LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl -vvv --ech ecl:AED+DQA8yAAgACDRMQo+qYNsNRNj+vfuQfFIkrrUFmM4vogucxKj/4nzYgAEAAEAAQANY292ZXIuZGVmby5pZQAA https://defo.ie/ech-check.php +... +* ECH: retry_configs AQD+DQA8DAAgACBvYqJy+Hgk33wh/ZLBzKSPgwxeop7gvojQzfASq7zeZQAEAAEAAQANY292ZXIuZGVmby5pZQAA/g0APEMAIAAgXkT5r4cYs8z19q5rdittyIX8gfQ3ENW4wj1fVoiJZBoABAABAAEADWNvdmVyLmRlZm8uaWUAAP4NADw2ACAAINXSE9EdXzEQIJZA7vpwCIQsWqsFohZARXChgPsnfI1kAAQAAQABAA1jb3Zlci5kZWZvLmllAAD+DQA8cQAgACASeiD5F+UoSnVoHvA2l1EifUVMFtbVZ76xwDqmMPraHQAEAAEAAQANY292ZXIuZGVmby5pZQAA +* ECH: retry_configs for defo.ie from cover.defo.ie, 319 +... +``` + +At that point, you could copy the base64 encoded value above and try again. +For now, this only works for the OpenSSL and BoringSSL/AWS-LC builds. + +## Default settings + +curl has various ways to configure default settings, e.g. in `$HOME/.curlrc`, +so one can set the DoH URL and enable ECH that way: + +```sh +cat ~/.curlrc +doh-url=https://one.one.one.one/dns-query +silent +ech=true +``` + +Note that when you use the system's curl command (rather than our ECH-enabled +build), it is liable to warn that `ech` is an unknown option. If that is an +issue (e.g. if some script re-directs stdout and stderr somewhere) then adding +the `silent` line above seems to be a good enough fix. (Though of +course, yet another script could depend on non-silent behavior, so you may have +to figure out what you prefer yourself.) That seems to have changed with the +latest build, previously `silent=TRUE` was what I used in `~/.curlrc` but +now that seems to cause a problem, so that the following line(s) are ignored. + +If you want to always use our OpenSSL build you can set `LD_LIBRARY_PATH` +in the environment: + +```sh +export LD_LIBRARY_PATH=$HOME/code/openssl +``` + +When you do the above, there can be a mismatch between OpenSSL versions +for applications that check that. A `git push` for example fails so you +should unset `LD_LIBRARY_PATH` before doing that or use a different shell. + +```sh +git push +OpenSSL version mismatch. Built against 30000080, you have 30200000 +... +``` + +With all that setup as above the command line gets simpler: + +```sh +./src/curl https://defo.ie/ech-check.php +... +SSL_ECH_STATUS: success good
+... +``` + +The `--ech true` option is opportunistic, so tries to do ECH but does not fail if +the client for example cannot find any ECHConfig values. The `--ech hard` +option hard-fails if there is no ECHConfig found in DNS, so for now, that is not +a good option to set as a default. Once ECH has really been attempted by +the client, if decryption on the server side fails, then curl fails. + +## Code changes for ECH support when using DoH + +Code changes are `#ifdef` protected via `USE_ECH` or `USE_HTTPSRR`: + +- `USE_HTTPSRR` is used for HTTPS RR retrieval code that could be generically + used should non-ECH uses for HTTPS RRs be identified, e.g. use of ALPN values + or IP address hints. + +- `USE_ECH` protects ECH specific code. + +There are various obvious code blocks for handling the new command line +arguments which are not described here, but should be fairly clear. + +As shown in the `configure` usage above, there are `configure.ac` changes +that allow separately dis/enabling `USE_HTTPSRR` and `USE_ECH`. If `USE_ECH` +is enabled, then `USE_HTTPSRR` is forced. In both cases `CURL_DISABLE_DOH` +must not be enabled. (There may be some configuration conflicts available for the +determined :-) + +The main functional change, as you would expect, is in `lib/vtls/openssl.c` +where an ECHConfig, if available from command line or DNS cache, is fed into +the OpenSSL library via the new APIs implemented in our OpenSSL fork for that +purpose. This code also implements the opportunistic (`--ech true`) or hard-fail +(`--ech hard`) logic. + +Other than that, the main additions are in `lib/doh.c` +where we reuse `dohprobe()` to retrieve an HTTPS RR value for the target +domain. If such a value is found, that is stored using a new `doh_store_https()` +function in a new field in the `dohentry` structure. + +The qname for the DoH query is modified if the port number is not 443, as +defined in the SVCB specification. + +When the DoH process has worked, `Curl_doh_take_result()` now also returns +the relevant HTTPS RR value data in the `Curl_dns_entry` structure. +That is later accessed when the TLS session is being established, if ECH is +enabled (from `lib/vtls/openssl.c` as described above). + +## Limitations + +Things that need fixing, but that can probably be ignored for the +moment: + +- We could easily add code to make use of an `alpn=` value found in an HTTPS + RR, passing that on to OpenSSL for use as the "inner" ALPN value, but have + yet to do that. + +Current limitations (more interesting than the above): + +- Only the first HTTPS RR value retrieved is actually processed as described + above, that could be extended in future, though picking the "right" HTTPS RR + could be non-trivial if multiple RRs are published - matching IP address + hints versus A/AAAA values might be a good basis for that. Last I checked + though, browsers supporting ECH did not handle multiple HTTPS RRs well, though + that needs re-checking as it has been a while. + +- It is unclear how one should handle any IP address hints found in an HTTPS RR. + It may be that a bit of consideration of how "multi-CDN" deployments might + emerge would provide good answers there, but for now, it is not clear how best + curl might handle those values when present in the DNS. + +- The SVCB/HTTPS RR specification supports a new "CNAME at apex" indirection + ("aliasMode") - the current code takes no account of that at all. One could + envisage implementing the equivalent of following CNAMEs in such cases, but + it is not clear if that'd be a good plan. (As of now, chrome browsers do not + seem to have any support for that "aliasMode" and we have not checked Firefox + for that recently.) + +- We have not investigated what related changes or additions might be needed + for applications using libcurl, as opposed to use of curl as a command line + tool. + +- We have not yet implemented tests as part of the usual curl test harness as + doing so would seem to require re-implementing an ECH-enabled server as part + of the curl test harness. For now, we have a `./tests/ech_test.sh` script + that attempts ECH with various test servers and with many combinations of the + allowed command line options. While that is a useful test and has find + issues, it is not comprehensive and we are not (as yet) sure what would be + the right level of coverage. When running that script you should not have a + `$HOME/.curlrc` file that affects ECH or some of the negative tests could + produce spurious failures. + +## Building with cmake + +To build with cmake, assuming our ECH-enabled OpenSSL is as before: + +```sh +cd $HOME/code +git clone https://github.com/curl/curl +cd curl +mkdir build +cd build +cmake -DOPENSSL_ROOT_DIR=$HOME/code/openssl -DUSE_ECH=1 .. +... +make +... +[100%] Built target curl +``` + +The binary produced by the cmake build does not need any ECH-specific +`LD_LIBRARY_PATH` setting. + +## BoringSSL build + +BoringSSL is also supported by curl and also supports ECH, so to build +with that, instead of our ECH-enabled OpenSSL: + +```sh +cd $HOME/code +git clone https://boringssl.googlesource.com/boringssl +cd boringssl +cmake -DCMAKE_INSTALL_PREFIX:PATH=$HOME/code/boringssl/inst -DBUILD_SHARED_LIBS=1 +make +... +make install +``` + +Then: + +```sh +cd $HOME/code +git clone https://github.com/curl/curl +cd curl +autoreconf -fi +LDFLAGS="-Wl,-rpath,$HOME/code/boringssl/inst/lib" ./configure --with-ssl=$HOME/code/boringssl/inst --enable-ech +...lots of output... +WARNING: ECH HTTPSRR enabled but marked EXPERIMENTAL. Use with caution. +make +``` + +The BoringSSL/AWS-LC APIs are fairly similar to those in our ECH-enabled +OpenSSL fork, so code changes are also in `lib/vtls/openssl.c`, protected +via `#ifdef OPENSSL_IS_BORINGSSL` and are mostly obvious API variations. + +The BoringSSL/AWS-LC APIs however do not support the `--ech pn:` command +line variant as of now. + +## wolfSSL build + +wolfSSL also supports ECH and can be used by curl, so here's how: + +```sh +cd $HOME/code +git clone https://github.com/wolfSSL/wolfssl +cd wolfssl +./autogen.sh +./configure --prefix=$HOME/code/wolfssl/inst --enable-ech --enable-debug --enable-opensslextra +make +make install +``` + +The install prefix (`inst`) in the above causes wolfSSL to be installed there +and we seem to need that for the curl configure command to work out. The +`--enable-opensslextra` turns out (after much faffing about;-) to be +important or else we get build problems with curl below. + +```sh +cd $HOME/code +git clone https://github.com/curl/curl +cd curl +autoreconf -fi +./configure --with-wolfssl=$HOME/code/wolfssl/inst --enable-ech +make +``` + +There are some known issues with the ECH implementation in wolfSSL: + +- The main issue is that the client currently handles HelloRetryRequest + incorrectly. [HRR issue](https://github.com/wolfSSL/wolfssl/issues/6802).) + The HRR issue means that the client does not work for + [this ECH test web site](https://tls-ech.dev/) and any other similarly + configured sites. +- There is also an issue related to so-called middlebox compatibility mode. + [middlebox compatibility issue](https://github.com/wolfSSL/wolfssl/issues/6774) + +### Code changes to support wolfSSL + +There are what seem like oddball differences: + +- The DoH URL in`$HOME/.curlrc` can use `1.1.1.1` for OpenSSL but has to be + `one.one.one.one` for wolfSSL. The latter works for both, so OK, we us that. +- There seems to be some difference in CA databases too - the wolfSSL version + does not like `defo.ie`, whereas the system and OpenSSL ones do. We can + ignore that for our purposes via `--insecure`/`-k` but would need to fix + for a real setup. (Browsers do like those certificates though.) + +Then there are some functional code changes: + +- tweak to `configure.ac` to check if wolfSSL has ECH or not +- added code to `lib/vtls/wolfssl.c` mirroring what's done in the + OpenSSL equivalent above. +- wolfSSL does not support `--ech false` or the `--ech pn:` command line + argument. + +The lack of support for `--ech false` is because wolfSSL has decided to +always at least GREASE if built to support ECH. In other words, GREASE is +a compile time choice for wolfSSL, but a runtime choice for OpenSSL or +BoringSSL/AWS-LC. (Both are reasonable.) + +## Additional notes + +### Supporting ECH without DoH + +All of the above only applies if DoH is being used. There should be a use-case +for ECH when DoH is not used by curl - if a system stub resolver supports DoT +or DoH, then, considering only ECH and the network threat model, it would make +sense for curl to support ECH without curl itself using DoH. The author for +example uses a combination of stubby+unbound as the system resolver listening +on localhost:53, so would fit this use-case. That said, it is unclear if this +is a niche that is worth trying to address. (The author is happy to let curl +use DoH to talk to the same public recursive that stubby might use:-) + +Assuming for the moment this is a use-case we would like to support, then if +DoH is not being used by curl, it is not clear at this time how to provide +support for ECH. One option would seem to be to extend the `c-ares` library +to support HTTPS RRs, but in that case it is not now clear whether such +changes would be attractive to the `c-ares` maintainers, nor whether the +"tag=value" extensibility inherent in the HTTPS/SVCB specification is a good +match for the `c-ares` approach of defining structures specific to decoded +answers for each supported RRtype. We are also not sure how many downstream +curl deployments actually make use of the `c-ares` library, which would +affect the utility of such changes. Another option might be to consider using +some other generic DNS library that does support HTTPS RRs, but it is unclear +if such a library could or would be used by all or almost all curl builds and +downstream releases of curl. + +Our current conclusion is that doing the above is likely best left until we +have some experience with the "using DoH" approach, so we are going to punt on +this for now. + +### Localhost testing + +It can be useful to be able to run against a localhost OpenSSL `s_server` +for testing. We have published instructions for such +[localhost tests](https://github.com/defo-project/ech-dev-utils/blob/main/howtos/localhost-tests.md) +in another repository. Once you have that set up, you can start a server +and then run curl against that: + +```sh +cd $HOME/code/ech-dev-utils +./scripts/echsvr.sh -d +... +``` + +The `echsvr.sh` script supports many ECH-related options. Use `echsvr.sh -h` +for details. + +In another window: + +```sh +cd $HOME/code/curl/ +./src/curl -vvv --insecure --connect-to foo.example.com:8443:localhost:8443 --ech ecl:AD7+DQA6uwAgACBix2B78sX+EQhEbxMspDOc8Z3xVS5aQpYP0Cxpc2AWPAAEAAEAAQALZXhhbXBsZS5jb20AAA== +``` + +### Automated use of `retry_configs` not supported so far... + +As of now we have not added support for using `retry_config` handling in the +application - for a command line tool, one can use `dig` (or `kdig`) to +get the HTTPS RR and pass the ECHConfigList from that on the command line, if +needed, or one can access the value from command line output in verbose more +and then reuse that in another invocation. + +Both our OpenSSL fork and BoringSSL/AWS-LC have APIs for both controlling GREASE +and accessing and logging `retry_configs`, it seems wolfSSL has neither. + +### Testing ECH + +We have yet to add a robust test setup for ECH as that requires an ECH-enabled +test server. + +We have added two basic tests though, aiming to ensure that the client sends a +GREASE or real ECH extension when requested, and reacts correctly to the +failure of ECH in the latter case. (Given that `stunnel` has no ECH support.) + +As with other similar tests, those tests require the `stunnel` tool be +installed. On Ubuntu `sudo apt install stunnel4` achieves that. + +The test cases are: + +- data/test4000: GREASE ECH, expected result: connection succeeds +- data/test4001: real ECH, connection fails with error 101 (ECH required) diff --git a/docs/EXPERIMENTAL.md b/docs/EXPERIMENTAL.md index ce9a1b8e85e5..43fc0fdeed88 100644 --- a/docs/EXPERIMENTAL.md +++ b/docs/EXPERIMENTAL.md @@ -1,3 +1,9 @@ + + # Experimental Some features and functionality in curl and libcurl are considered @@ -8,16 +14,77 @@ Experimental support in curl means: 1. Experimental features are provided to allow users to try them out and provide feedback on functionality and API etc before they ship and get "carved in stone". -2. You must enable the feature when invoking configure as otherwise curl will - not be built with the feature present. -3. We strongly advice against using this feature in production. +2. You must enable the feature when invoking configure as otherwise curl is + not built with the feature present. +3. We strongly advise against using this feature in production. 4. **We reserve the right to change behavior** of the feature without sticking to our API/ABI rules as we do for regular features, as long as it is marked experimental. 5. Experimental features are clearly marked so in documentation. Beware. +## Graduation + +1. Each experimental feature should have a set of documented requirements of + what is needed for that feature to graduate. Graduation means being removed + from the list of experiments. +2. An experiment should NOT graduate if it needs test cases to be disabled, + unless they are for minor features that are clearly documented as not + provided by the experiment and then the disabling should be managed inside + each affected test case. + ## Experimental features right now - - The Hyper HTTP backend - - HTTP/3 support and options - - CURLSSLOPT_NATIVE_CA (No configure option, feature built in when supported) +### HTTP/3 support (non-ngtcp2 backends) + +Graduation requirements: + +- The used libraries should be considered out-of-beta with a reasonable + expectation of a stable API going forward. + +- Using HTTP/3 with the given build should perform without risking busy-loops + +### The Rustls backend + +Graduation requirements: + +- a reasonable expectation of a stable API going forward. + +## ECH + +Use of the HTTPS resource record and Encrypted Client Hello (ECH) when using +DoH + +Graduation requirements: + +- ECH support exists in at least one widely used TLS library apart from + BoringSSL and wolfSSL. + +- feedback from users saying that ECH works for their use cases + +- it has been given time to mature, so no earlier than April 2025 (twelve + months after being added here) + +## SSL session import/export + +Import/Export of SSL sessions tickets in libcurl and curl command line +option '--ssl-session ' for faster TLS handshakes and use +of TLSv1.3/QUIC Early Data (0-RTT). + +Graduation requirements: + +- the implementation is considered safe + +- feedback from users saying that session export works for their use cases + +## HTTPS RR + +HTTPS records support is a requirement for ECH but is provided as a +stand-alone feature that is itself considered EXPERIMENTAL. + +Graduation requirements: + +- HTTPS records work for DoH, c-ares and the threaded resolver + +- HTTPS records can control ALPN and port number, at least + +- There are options to control HTTPS use diff --git a/docs/FAQ b/docs/FAQ deleted file mode 100644 index d678e9e3a173..000000000000 --- a/docs/FAQ +++ /dev/null @@ -1,1496 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -FAQ - - 1. Philosophy - 1.1 What is cURL? - 1.2 What is libcurl? - 1.3 What is curl not? - 1.4 When will you make curl do XXXX ? - 1.5 Who makes curl? - 1.6 What do you get for making curl? - 1.7 What about CURL from curl.com? - 1.8 I have a problem who do I mail? - 1.9 Where do I buy commercial support for curl? - 1.10 How many are using curl? - 1.11 Why don't you update ca-bundle.crt - 1.12 I have a problem who can I chat with? - 1.13 curl's ECCN number? - 1.14 How do I submit my patch? - 1.15 How do I port libcurl to my OS? - - 2. Install Related Problems - 2.1 configure fails when using static libraries - 2.2 Does curl work/build with other SSL libraries? - 2.4 Does curl support SOCKS (RFC 1928) ? - - 3. Usage Problems - 3.1 curl: (1) SSL is disabled, https: not supported - 3.2 How do I tell curl to resume a transfer? - 3.3 Why doesn't my posting using -F work? - 3.4 How do I tell curl to run custom FTP commands? - 3.5 How can I disable the Accept: */* header? - 3.6 Does curl support ASP, XML, XHTML or HTML version Y? - 3.7 Can I use curl to delete/rename a file through FTP? - 3.8 How do I tell curl to follow HTTP redirects? - 3.9 How do I use curl in my favorite programming language? - 3.10 What about SOAP, WebDAV, XML-RPC or similar protocols over HTTP? - 3.11 How do I POST with a different Content-Type? - 3.12 Why do FTP-specific features over HTTP proxy fail? - 3.13 Why do my single/double quotes fail? - 3.14 Does curl support Javascript or PAC (automated proxy config)? - 3.15 Can I do recursive fetches with curl? - 3.16 What certificates do I need when I use SSL? - 3.17 How do I list the root dir of an FTP server? - 3.18 Can I use curl to send a POST/PUT and not wait for a response? - 3.19 How do I get HTTP from a host using a specific IP address? - 3.20 How to SFTP from my user's home directory? - 3.21 Protocol xxx not supported or disabled in libcurl - 3.22 curl -X gives me HTTP problems - - 4. Running Problems - 4.2 Why do I get problems when I use & or % in the URL? - 4.3 How can I use {, }, [ or ] to specify multiple URLs? - 4.4 Why do I get downloaded data even though the web page doesn't exist? - 4.5 Why do I get return code XXX from a HTTP server? - 4.5.1 "400 Bad Request" - 4.5.2 "401 Unauthorized" - 4.5.3 "403 Forbidden" - 4.5.4 "404 Not Found" - 4.5.5 "405 Method Not Allowed" - 4.5.6 "301 Moved Permanently" - 4.6 Can you tell me what error code 142 means? - 4.7 How do I keep user names and passwords secret in curl command lines? - 4.8 I found a bug! - 4.9 curl can't authenticate to the server that requires NTLM? - 4.10 My HTTP request using HEAD, PUT or DELETE doesn't work! - 4.11 Why do my HTTP range requests return the full document? - 4.12 Why do I get "certificate verify failed" ? - 4.13 Why is curl -R on Windows one hour off? - 4.14 Redirects work in browser but not with curl! - 4.15 FTPS doesn't work - 4.16 My HTTP POST or PUT requests are slow! - 4.17 Non-functional connect timeouts on Windows - 4.18 file:// URLs containing drive letters (Windows, NetWare) - 4.19 Why doesn't curl return an error when the network cable is unplugged? - 4.20 curl doesn't return error for HTTP non-200 responses! - - 5. libcurl Issues - 5.1 Is libcurl thread-safe? - 5.2 How can I receive all data into a large memory chunk? - 5.3 How do I fetch multiple files with libcurl? - 5.4 Does libcurl do Winsock initialization on win32 systems? - 5.5 Does CURLOPT_WRITEDATA and CURLOPT_READDATA work on win32 ? - 5.6 What about Keep-Alive or persistent connections? - 5.7 Link errors when building libcurl on Windows! - 5.8 libcurl.so.X: open failed: No such file or directory - 5.9 How does libcurl resolve host names? - 5.10 How do I prevent libcurl from writing the response to stdout? - 5.11 How do I make libcurl not receive the whole HTTP response? - 5.12 Can I make libcurl fake or hide my real IP address? - 5.13 How do I stop an ongoing transfer? - 5.14 Using C++ non-static functions for callbacks? - 5.15 How do I get an FTP directory listing? - 5.16 I want a different time-out! - 5.17 Can I write a server with libcurl? - 5.18 Does libcurl use threads? - - 6. License Issues - 6.1 I have a GPL program, can I use the libcurl library? - 6.2 I have a closed-source program, can I use the libcurl library? - 6.3 I have a BSD licensed program, can I use the libcurl library? - 6.4 I have a program that uses LGPL libraries, can I use libcurl? - 6.5 Can I modify curl/libcurl for my program and keep the changes secret? - 6.6 Can you please change the curl/libcurl license to XXXX? - 6.7 What are my obligations when using libcurl in my commercial apps? - - 7. PHP/CURL Issues - 7.1 What is PHP/CURL? - 7.2 Who wrote PHP/CURL? - 7.3 Can I perform multiple requests using the same handle? - 7.4 Does PHP/CURL have dependencies? - -============================================================================== - -1. Philosophy - - 1.1 What is cURL? - - cURL is the name of the project. The name is a play on 'Client for URLs', - originally with URL spelled in uppercase to make it obvious it deals with - URLs. The fact it can also be pronounced 'see URL' also helped, it works as - an abbreviation for "Client URL Request Library" or why not the recursive - version: "curl URL Request Library". - - The cURL project produces two products: - - libcurl - - A free and easy-to-use client-side URL transfer library, supporting DICT, - FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, - POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET - and TFTP. - - libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, - Kerberos, SPNEGO, HTTP form based upload, proxies, cookies, user+password - authentication, file transfer resume, http proxy tunneling and more! - - libcurl is highly portable, it builds and works identically on numerous - platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HP-UX, - IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac - OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF, - Android, Minix, IBM TPF and more... - - libcurl is free, thread-safe, IPv6 compatible, feature rich, well - supported and fast. - - curl - - A command line tool for getting or sending files using URL syntax. - - Since curl uses libcurl, curl supports the same wide range of common - Internet protocols that libcurl does. - - We pronounce curl with an initial k sound. It rhymes with words like girl - and earl. This is a short WAV file to help you: - - https://media.merriam-webster.com/soundc11/c/curl0001.wav - - There are numerous sub-projects and related projects that also use the word - curl in the project names in various combinations, but you should take - notice that this FAQ is directed at the command-line tool named curl (and - libcurl the library), and may therefore not be valid for other curl-related - projects. (There is however a small section for the PHP/CURL in this FAQ.) - - 1.2 What is libcurl? - - libcurl is a reliable and portable library which provides you with an easy - interface to a range of common Internet protocols. - - You can use libcurl for free in your application, be it open source, - commercial or closed-source. - - libcurl is most probably the most portable, most powerful and most often - used C-based multi-platform file transfer library on this planet - be it - open source or commercial. - - 1.3 What is curl not? - - curl is not a wget clone. That is a common misconception. Never, during - curl's development, have we intended curl to replace wget or compete on its - market. curl is targeted at single-shot file transfers. - - curl is not a website mirroring program. If you want to use curl to mirror - something: fine, go ahead and write a script that wraps around curl or use - libcurl to make it reality. - - curl is not an FTP site mirroring program. Sure, get and send FTP with curl - but if you want systematic and sequential behavior you should write a - script (or write a new program that interfaces libcurl) and do it. - - curl is not a PHP tool, even though it works perfectly well when used from - or with PHP (when using the PHP/CURL module). - - curl is not a program for a single operating system. curl exists, compiles, - builds and runs under a wide range of operating systems, including all - modern Unixes (and a bunch of older ones too), Windows, Amiga, BeOS, OS/2, - OS X, QNX etc. - - 1.4 When will you make curl do XXXX ? - - We love suggestions of what to change in order to make curl and libcurl - better. We do however believe in a few rules when it comes to the future of - curl: - - curl -- the command line tool -- is to remain a non-graphical command line - tool. If you want GUIs or fancy scripting capabilities, you should look for - another tool that uses libcurl. - - We do not add things to curl that other small and available tools already do - very well at the side. curl's output can be piped into another program or - redirected to another file for the next program to interpret. - - We focus on protocol related issues and improvements. If you want to do more - magic with the supported protocols than curl currently does, chances are good - we will agree. If you want to add more protocols, we may very well agree. - - If you want someone else to do all the work while you wait for us to - implement it for you, that is not a very friendly attitude. We spend a - considerable time already on maintaining and developing curl. In order to - get more out of us, you should consider trading in some of your time and - effort in return. Simply go to the GitHub repo which resides at - https://github.com/curl/curl, fork the project, and create pull requests - with your proposed changes. - - If you write the code, chances are better that it will get into curl faster. - - 1.5 Who makes curl? - - curl and libcurl are not made by any single individual. Daniel Stenberg is - project leader and main developer, but other persons' submissions are - important and crucial. Anyone can contribute and post their changes and - improvements and have them inserted in the main sources (of course on the - condition that developers agree that the fixes are good). - - The full list of all contributors is found in the docs/THANKS file. - - curl is developed by a community, with Daniel at the wheel. - - 1.6 What do you get for making curl? - - Project cURL is entirely free and open. We do this voluntarily, mostly in - our spare time. Companies may pay individual developers to work on curl, - but that's up to each company and developer. This is not controlled by nor - supervised in any way by the curl project. - - We get help from companies. Haxx provides website, bandwidth, mailing lists - etc, GitHub hosts the primary git repository and other services like the bug - tracker at https://github.com/curl/curl. Also again, some companies have - sponsored certain parts of the development in the past and I hope some will - continue to do so in the future. - - If you want to support our project, consider a donation or a banner-program - or even better: by helping us with coding, documenting or testing etc. - - See also: https://curl.se/sponsors.html - - 1.7 What about CURL from curl.com? - - During the summer of 2001, curl.com was busy advertising their client-side - programming language for the web, named CURL. - - We are in no way associated with curl.com or their CURL programming - language. - - Our project name curl has been in effective use since 1998. We were not the - first computer related project to use the name "curl" and do not claim any - rights to the name. - - We recognize that we will be living in parallel with curl.com and wish them - every success. - - 1.8 I have a problem whom do I mail? - - Please do not mail any single individual unless you really need to. Keep - curl-related questions on a suitable mailing list. All available mailing - lists are listed in the MANUAL document and online at - https://curl.se/mail/ - - Keeping curl-related questions and discussions on mailing lists allows - others to join in and help, to share their ideas, to contribute their - suggestions and to spread their wisdom. Keeping discussions on public mailing - lists also allows for others to learn from this (both current and future - users thanks to the web based archives of the mailing lists), thus saving us - from having to repeat ourselves even more. Thanks for respecting this. - - If you have found or simply suspect a security problem in curl or libcurl, - mail curl-security at haxx.se (closed list of receivers, mails are not - disclosed) and tell. Then we can produce a fix in a timely manner before the - flaw is announced to the world, thus lessen the impact the problem will have - on existing users. - - 1.9 Where do I buy commercial support for curl? - - curl is fully open source. It means you can hire any skilled engineer to fix - your curl-related problems. - - We list available alternatives on the curl website: - https://curl.se/support.html - - 1.10 How many are using curl? - - It is impossible to tell. - - We don't know how many users that knowingly have installed and use curl. - - We don't know how many users that use curl without knowing that they are in - fact using it. - - We don't know how many users that downloaded or installed curl and then - never use it. - - In 2020, we estimate that curl runs in roughly ten billion installations - world wide. - - 1.11 Why don't you update ca-bundle.crt - - In the cURL project we've decided not to attempt to keep this file updated - (or even present) since deciding what to add to a ca cert bundle is an - undertaking we've not been ready to accept, and the one we can get from - Mozilla is perfectly fine so there's no need to duplicate that work. - - Today, with many services performed over HTTPS, every operating system - should come with a default ca cert bundle that can be deemed somewhat - trustworthy and that collection (if reasonably updated) should be deemed to - be a lot better than a private curl version. - - If you want the most recent collection of ca certs that Mozilla Firefox - uses, we recommend that you extract the collection yourself from Mozilla - Firefox (by running 'make ca-bundle), or by using our online service setup - for this purpose: https://curl.se/docs/caextract.html - - 1.12 I have a problem who can I chat with? - - There's a bunch of friendly people hanging out in the #curl channel on the - IRC network libera.chat. If you're polite and nice, chances are good that - you can get -- or provide -- help instantly. - - 1.13 curl's ECCN number? - - The US government restricts exports of software that contains or uses - cryptography. When doing so, the Export Control Classification Number (ECCN) - is used to identify the level of export control etc. - - Apache Software Foundation gives a good explanation of ECCNs at - https://www.apache.org/dev/crypto.html - - We believe curl's number might be ECCN 5D002, another possibility is - 5D992. It seems necessary to write them (the authority that administers ECCN - numbers), asking to confirm. - - Comprehensible explanations of the meaning of such numbers and how to obtain - them (resp.) are here - - https://www.bis.doc.gov/licensing/exportingbasics.htm - https://www.bis.doc.gov/licensing/do_i_needaneccn.html - - An incomprehensible description of the two numbers above is here - https://www.bis.doc.gov/index.php/documents/new-encryption/1653-ccl5-pt2-3 - - 1.14 How do I submit my patch? - - We strongly encourage you to submit changes and improvements directly as - "pull requests" on github: https://github.com/curl/curl/pulls - - If you for any reason can't or won't deal with github, send your patch to - the curl-library mailing list. We're many subscribers there and there are - lots of people who can review patches, comment on them and "receive" them - properly. - - Lots of more details are found in the CONTRIBUTE.md and INTERNALS.md - documents. - - 1.15 How do I port libcurl to my OS? - - Here's a rough step-by-step: - - 1. copy a suitable lib/config-*.h file as a start to lib/config-[youros].h - - 2. edit lib/config-[youros].h to match your OS and setup - - 3. edit lib/curl_setup.h to include config-[youros].h when your OS is - detected by the preprocessor, in the style others already exist - - 4. compile lib/*.c and make them into a library - - -2. Install Related Problems - - 2.1 configure fails when using static libraries - - You may find that configure fails to properly detect the entire dependency - chain of libraries when you provide static versions of the libraries that - configure checks for. - - The reason why static libraries is much harder to deal with is that for them - we don't get any help but the script itself must know or check what more - libraries that are needed (with shared libraries, that dependency "chain" is - handled automatically). This is a very error-prone process and one that also - tends to vary over time depending on the release versions of the involved - components and may also differ between operating systems. - - For that reason, configure does very little attempts to actually figure this - out and you are instead encouraged to set LIBS and LDFLAGS accordingly when - you invoke configure, and point out the needed libraries and set the - necessary flags yourself. - - 2.2 Does curl work with other SSL libraries? - - curl has been written to use a generic SSL function layer internally, and - that SSL functionality can then be provided by one out of many different SSL - backends. - - curl can be built to use one of the following SSL alternatives: OpenSSL, - libressl, BoringSSL, GnuTLS, wolfSSL, NSS, mbedTLS, MesaLink, Secure - Transport (native iOS/OS X), Schannel (native Windows), GSKit (native IBM - i), BearSSL, or Rustls. They all have their pros and cons, and we try to - maintain a comparison of them here: https://curl.se/docs/ssl-compared.html - - 2.4 Does curl support SOCKS (RFC 1928) ? - - Yes, SOCKS 4 and 5 are supported. - -3. Usage problems - - 3.1 curl: (1) SSL is disabled, https: not supported - - If you get this output when trying to get anything from a https:// server, - it means that the instance of curl/libcurl that you're using was built - without support for this protocol. - - This could've happened if the configure script that was run at build time - couldn't find all libs and include files curl requires for SSL to work. If - the configure script fails to find them, curl is simply built without SSL - support. - - To get the https:// support into a curl that was previously built but that - reports that https:// is not supported, you should dig through the document - and logs and check out why the configure script doesn't find the SSL libs - and/or include files. - - Also, check out the other paragraph in this FAQ labeled "configure doesn't - find OpenSSL even when it is installed". - - 3.2 How do I tell curl to resume a transfer? - - curl supports resumed transfers both ways on both FTP and HTTP. - Try the -C option. - - 3.3 Why doesn't my posting using -F work? - - You can't arbitrarily use -F or -d, the choice between -F or -d depends on - the HTTP operation you need curl to do and what the web server that will - receive your post expects. - - If the form you're trying to submit uses the type 'multipart/form-data', - then and only then you must use the -F type. In all the most common cases, - you should use -d which then causes a posting with the type - 'application/x-www-form-urlencoded'. - - This is described in some detail in the MANUAL and TheArtOfHttpScripting - documents, and if you don't understand it the first time, read it again - before you post questions about this to the mailing list. Also, try reading - through the mailing list archives for old postings and questions regarding - this. - - 3.4 How do I tell curl to run custom FTP commands? - - You can tell curl to perform optional commands both before and/or after a - file transfer. Study the -Q/--quote option. - - Since curl is used for file transfers, you don't normally use curl to - perform FTP commands without transferring anything. Therefore you must - always specify a URL to transfer to/from even when doing custom FTP - commands, or use -I which implies the "no body" option sent to libcurl. - - 3.5 How can I disable the Accept: */* header? - - You can change all internally generated headers by adding a replacement with - the -H/--header option. By adding a header with empty contents you safely - disable that one. Use -H "Accept:" to disable that specific header. - - 3.6 Does curl support ASP, XML, XHTML or HTML version Y? - - To curl, all contents are alike. It doesn't matter how the page was - generated. It may be ASP, PHP, Perl, shell-script, SSI or plain HTML - files. There's no difference to curl and it doesn't even know what kind of - language that generated the page. - - See also item 3.14 regarding javascript. - - 3.7 Can I use curl to delete/rename a file through FTP? - - Yes. You specify custom FTP commands with -Q/--quote. - - One example would be to delete a file after you have downloaded it: - - curl -O ftp://download.com/coolfile -Q '-DELE coolfile' - - or rename a file after upload: - - curl -T infile ftp://upload.com/dir/ -Q "-RNFR infile" -Q "-RNTO newname" - - 3.8 How do I tell curl to follow HTTP redirects? - - curl does not follow so-called redirects by default. The Location: header - that informs the client about this is only interpreted if you're using the - -L/--location option. As in: - - curl -L http://redirector.com - - Not all redirects are HTTP ones, see 4.14 - - 3.9 How do I use curl in my favorite programming language? - - Many programming languages have interfaces/bindings that allow you to use - curl without having to use the command line tool. If you are fluent in such - a language, you may prefer to use one of these interfaces instead. - - Find out more about which languages that support curl directly, and how to - install and use them, in the libcurl section of the curl website: - https://curl.se/libcurl/ - - All the various bindings to libcurl are made by other projects and people, - outside of the cURL project. The cURL project itself only produces libcurl - with its plain C API. If you don't find anywhere else to ask you can ask - about bindings on the curl-library list too, but be prepared that people on - that list may not know anything about bindings. - - In February 2019, there were interfaces available for the following - languages: Ada95, Basic, C, C++, Ch, Cocoa, D, Delphi, Dylan, Eiffel, - Euphoria, Falcon, Ferite, Gambas, glib/GTK+, Go, Guile, Harbour, Haskell, - Java, Julia, Lisp, Lua, Mono, .NET, node.js, Object-Pascal, OCaml, Pascal, - Perl, PHP, PostgreSQL, Python, R, Rexx, Ring, RPG, Ruby, Rust, Scheme, - Scilab, S-Lang, Smalltalk, SP-Forth, SPL, Tcl, Visual Basic, Visual FoxPro, - Q, wxwidgets, XBLite and Xoho. By the time you read this, additional ones - may have appeared! - - 3.10 What about SOAP, WebDAV, XML-RPC or similar protocols over HTTP? - - curl adheres to the HTTP spec, which basically means you can play with *any* - protocol that is built on top of HTTP. Protocols such as SOAP, WEBDAV and - XML-RPC are all such ones. You can use -X to set custom requests and -H to - set custom headers (or replace internally generated ones). - - Using libcurl is of course just as good and you'd just use the proper - library options to do the same. - - 3.11 How do I POST with a different Content-Type? - - You can always replace the internally generated headers with -H/--header. - To make a simple HTTP POST with text/xml as content-type, do something like: - - curl -d "datatopost" -H "Content-Type: text/xml" [URL] - - 3.12 Why do FTP-specific features over HTTP proxy fail? - - Because when you use a HTTP proxy, the protocol spoken on the network will - be HTTP, even if you specify a FTP URL. This effectively means that you - normally can't use FTP-specific features such as FTP upload and FTP quote - etc. - - There is one exception to this rule, and that is if you can "tunnel through" - the given HTTP proxy. Proxy tunneling is enabled with a special option (-p) - and is generally not available as proxy admins usually disable tunneling to - ports other than 443 (which is used for HTTPS access through proxies). - - 3.13 Why do my single/double quotes fail? - - To specify a command line option that includes spaces, you might need to - put the entire option within quotes. Like in: - - curl -d " with spaces " url.com - - or perhaps - - curl -d ' with spaces ' url.com - - Exactly what kind of quotes and how to do this is entirely up to the shell - or command line interpreter that you are using. For most unix shells, you - can more or less pick either single (') or double (") quotes. For - Windows/DOS prompts I believe you're forced to use double (") quotes. - - Please study the documentation for your particular environment. Examples in - the curl docs will use a mix of both of these as shown above. You must - adjust them to work in your environment. - - Remember that curl works and runs on more operating systems than most single - individuals have ever tried. - - 3.14 Does curl support Javascript or PAC (automated proxy config)? - - Many web pages do magic stuff using embedded Javascript. curl and libcurl - have no built-in support for that, so it will be treated just like any other - contents. - - .pac files are a netscape invention and are sometimes used by organizations - to allow them to differentiate which proxies to use. The .pac contents is - just a Javascript program that gets invoked by the browser and that returns - the name of the proxy to connect to. Since curl doesn't support Javascript, - it can't support .pac proxy configuration either. - - Some workarounds usually suggested to overcome this Javascript dependency: - - Depending on the Javascript complexity, write up a script that translates it - to another language and execute that. - - Read the Javascript code and rewrite the same logic in another language. - - Implement a Javascript interpreter, people have successfully used the - Mozilla Javascript engine in the past. - - Ask your admins to stop this, for a static proxy setup or similar. - - 3.15 Can I do recursive fetches with curl? - - No. curl itself has no code that performs recursive operations, such as - those performed by wget and similar tools. - - There exists wrapper scripts with that functionality (for example the - curlmirror perl script), and you can write programs based on libcurl to do - it, but the command line tool curl itself cannot. - - 3.16 What certificates do I need when I use SSL? - - There are three different kinds of "certificates" to keep track of when we - talk about using SSL-based protocols (HTTPS or FTPS) using curl or libcurl. - - CLIENT CERTIFICATE - - The server you communicate with may require that you can provide this in - order to prove that you actually are who you claim to be. If the server - doesn't require this, you don't need a client certificate. - - A client certificate is always used together with a private key, and the - private key has a pass phrase that protects it. - - SERVER CERTIFICATE - - The server you communicate with has a server certificate. You can and should - verify this certificate to make sure that you are truly talking to the real - server and not a server impersonating it. - - CERTIFICATE AUTHORITY CERTIFICATE ("CA cert") - - You often have several CA certs in a CA cert bundle that can be used to - verify a server certificate that was signed by one of the authorities in the - bundle. curl does not come with a CA cert bundle but most curl installs - provide one. You can also override the default. - - The server certificate verification process is made by using a Certificate - Authority certificate ("CA cert") that was used to sign the server - certificate. Server certificate verification is enabled by default in curl - and libcurl and is often the reason for problems as explained in FAQ entry - 4.12 and the SSLCERTS document - (https://curl.se/docs/sslcerts.html). Server certificates that are - "self-signed" or otherwise signed by a CA that you do not have a CA cert - for, cannot be verified. If the verification during a connect fails, you are - refused access. You then need to explicitly disable the verification to - connect to the server. - - 3.17 How do I list the root dir of an FTP server? - - There are two ways. The way defined in the RFC is to use an encoded slash - in the first path part. List the "/tmp" dir like this: - - curl ftp://ftp.sunet.se/%2ftmp/ - - or the not-quite-kosher-but-more-readable way, by simply starting the path - section of the URL with a slash: - - curl ftp://ftp.sunet.se//tmp/ - - 3.18 Can I use curl to send a POST/PUT and not wait for a response? - - No. - - But you could easily write your own program using libcurl to do such stunts. - - 3.19 How do I get HTTP from a host using a specific IP address? - - For example, you may be trying out a website installation that isn't yet in - the DNS. Or you have a site using multiple IP addresses for a given host - name and you want to address a specific one out of the set. - - Set a custom Host: header that identifies the server name you want to reach - but use the target IP address in the URL: - - curl --header "Host: www.example.com" http://127.0.0.1/ - - You can also opt to add faked host name entries to curl with the --resolve - option. That has the added benefit that things like redirects will also work - properly. The above operation would instead be done as: - - curl --resolve www.example.com:80:127.0.0.1 http://www.example.com/ - - 3.20 How to SFTP from my user's home directory? - - Contrary to how FTP works, SFTP and SCP URLs specify the exact directory to - work with. It means that if you don't specify that you want the user's home - directory, you get the actual root directory. - - To specify a file in your user's home directory, you need to use the correct - URL syntax which for SFTP might look similar to: - - curl -O -u user:password sftp://example.com/~/file.txt - - and for SCP it is just a different protocol prefix: - - curl -O -u user:password scp://example.com/~/file.txt - - 3.21 Protocol xxx not supported or disabled in libcurl - - When passing on a URL to curl to use, it may respond that the particular - protocol is not supported or disabled. The particular way this error message - is phrased is because curl doesn't make a distinction internally of whether - a particular protocol is not supported (i.e. never got any code added that - knows how to speak that protocol) or if it was explicitly disabled. curl can - be built to only support a given set of protocols, and the rest would then - be disabled or not supported. - - Note that this error will also occur if you pass a wrongly spelled protocol - part as in "htpt://example.com" or as in the less evident case if you prefix - the protocol part with a space as in " http://example.com/". - - 3.22 curl -X gives me HTTP problems - - In normal circumstances, -X should hardly ever be used. - - By default you use curl without explicitly saying which request method to - use when the URL identifies a HTTP transfer. If you just pass in a URL like - "curl http://example.com" it will use GET. If you use -d or -F curl will use - POST, -I will cause a HEAD and -T will make it a PUT. - - If for whatever reason you're not happy with these default choices that curl - does for you, you can override those request methods by specifying -X - [WHATEVER]. This way you can for example send a DELETE by doing "curl -X - DELETE [URL]". - - It is thus pointless to do "curl -XGET [URL]" as GET would be used - anyway. In the same vein it is pointless to do "curl -X POST -d data - [URL]"... But you can make a fun and somewhat rare request that sends a - request-body in a GET request with something like "curl -X GET -d data - [URL]" - - Note that -X doesn't actually change curl's behavior as it only modifies the - actual string sent in the request, but that may of course trigger a - different set of events. - - Accordingly, by using -XPOST on a command line that for example would follow - a 303 redirect, you will effectively prevent curl from behaving - correctly. Be aware. - - -4. Running Problems - - 4.2 Why do I get problems when I use & or % in the URL? - - In general unix shells, the & symbol is treated specially and when used, it - runs the specified command in the background. To safely send the & as a part - of a URL, you should quote the entire URL by using single (') or double (") - quotes around it. Similar problems can also occur on some shells with other - characters, including ?*!$~(){}<>\|;`. When in doubt, quote the URL. - - An example that would invoke a remote CGI that uses &-symbols could be: - - curl 'http://www.altavista.com/cgi-bin/query?text=yes&q=curl' - - In Windows, the standard DOS shell treats the percent sign specially and you - need to use TWO percent signs for each single one you want to use in the - URL. - - If you want a literal percent sign to be part of the data you pass in a POST - using -d/--data you must encode it as '%25' (which then also needs the - percent sign doubled on Windows machines). - - 4.3 How can I use {, }, [ or ] to specify multiple URLs? - - Because those letters have a special meaning to the shell, to be used in - a URL specified to curl you must quote them. - - An example that downloads two URLs (sequentially) would be: - - curl '{curl,www}.haxx.se' - - To be able to use those characters as actual parts of the URL (without using - them for the curl URL "globbing" system), use the -g/--globoff option: - - curl -g 'www.site.com/weirdname[].html' - - 4.4 Why do I get downloaded data even though the web page doesn't exist? - - curl asks remote servers for the page you specify. If the page doesn't exist - at the server, the HTTP protocol defines how the server should respond and - that means that headers and a "page" will be returned. That's simply how - HTTP works. - - By using the --fail option you can tell curl explicitly to not get any data - if the HTTP return code doesn't say success. - - 4.5 Why do I get return code XXX from a HTTP server? - - RFC2616 clearly explains the return codes. This is a short transcript. Go - read the RFC for exact details: - - 4.5.1 "400 Bad Request" - - The request could not be understood by the server due to malformed - syntax. The client SHOULD NOT repeat the request without modifications. - - 4.5.2 "401 Unauthorized" - - The request requires user authentication. - - 4.5.3 "403 Forbidden" - - The server understood the request, but is refusing to fulfill it. - Authorization will not help and the request SHOULD NOT be repeated. - - 4.5.4 "404 Not Found" - - The server has not found anything matching the Request-URI. No indication - is given of whether the condition is temporary or permanent. - - 4.5.5 "405 Method Not Allowed" - - The method specified in the Request-Line is not allowed for the resource - identified by the Request-URI. The response MUST include an Allow header - containing a list of valid methods for the requested resource. - - 4.5.6 "301 Moved Permanently" - - If you get this return code and an HTML output similar to this: - -

Moved Permanently

The document has moved here. - - it might be because you requested a directory URL but without the trailing - slash. Try the same operation again _with_ the trailing URL, or use the - -L/--location option to follow the redirection. - - 4.6 Can you tell me what error code 142 means? - - All curl error codes are described at the end of the man page, in the - section called "EXIT CODES". - - Error codes that are larger than the highest documented error code means - that curl has exited due to a crash. This is a serious error, and we - appreciate a detailed bug report from you that describes how we could go - ahead and repeat this! - - 4.7 How do I keep user names and passwords secret in curl command lines? - - This problem has two sides: - - The first part is to avoid having clear-text passwords in the command line - so that they don't appear in 'ps' outputs and similar. That is easily - avoided by using the "-K" option to tell curl to read parameters from a file - or stdin to which you can pass the secret info. curl itself will also - attempt to "hide" the given password by blanking out the option - this - doesn't work on all platforms. - - To keep the passwords in your account secret from the rest of the world is - not a task that curl addresses. You could of course encrypt them somehow to - at least hide them from being read by human eyes, but that is not what - anyone would call security. - - Also note that regular HTTP (using Basic authentication) and FTP passwords - are sent as cleartext across the network. All it takes for anyone to fetch - them is to listen on the network. Eavesdropping is very easy. Use more secure - authentication methods (like Digest, Negotiate or even NTLM) or consider the - SSL-based alternatives HTTPS and FTPS. - - 4.8 I found a bug! - - It is not a bug if the behavior is documented. Read the docs first. - Especially check out the KNOWN_BUGS file, it may be a documented bug! - - If it is a problem with a binary you've downloaded or a package for your - particular platform, try contacting the person who built the package/archive - you have. - - If there is a bug, read the BUGS document first. Then report it as described - in there. - - 4.9 curl can't authenticate to the server that requires NTLM? - - NTLM support requires OpenSSL, GnuTLS, mbedTLS, NSS, Secure Transport, or - Microsoft Windows libraries at build-time to provide this functionality. - - NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You - should not use such ones. - - 4.10 My HTTP request using HEAD, PUT or DELETE doesn't work! - - Many web servers allow or demand that the administrator configures the - server properly for these requests to work on the web server. - - Some servers seem to support HEAD only on certain kinds of URLs. - - To fully grasp this, try the documentation for the particular server - software you're trying to interact with. This is not anything curl can do - anything about. - - 4.11 Why do my HTTP range requests return the full document? - - Because the range may not be supported by the server, or the server may - choose to ignore it and return the full document anyway. - - 4.12 Why do I get "certificate verify failed" ? - - When you invoke curl and get an error 60 error back it means that curl - couldn't verify that the server's certificate was good. curl verifies the - certificate using the CA cert bundle and verifying for which names the - certificate has been granted. - - To completely disable the certificate verification, use -k. This does - however enable man-in-the-middle attacks and makes the transfer INSECURE. - We strongly advice against doing this for more than experiments. - - If you get this failure with a CA cert bundle installed and used, the - server's certificate might not be signed by one of the CA's in yout CA - store. It might for example be self-signed. You then correct this problem by - obtaining a valid CA cert for the server. Or again, decrease the security by - disabling this check. - - At times, you find that the verification works in your favorite browser but - fails in curl. When this happens, the reason is usually that the server - sends an incomplete cert chain. The server is mandated to send all - "intermediate certificates" but doesn't. This typically works with browsers - anyway since they A) cache such certs and B) supports AIA which downloads - such missing certificates on demand. This is a server misconfiguration. A - good way to figure out if this is the case it to use the SSL Labs server - test and check the certificate chain: https://www.ssllabs.com/ssltest/ - - Details are also in the SSLCERTS.md document, found online here: - https://curl.se/docs/sslcerts.html - - 4.13 Why is curl -R on Windows one hour off? - - Since curl 7.53.0 this issue should be fixed as long as curl was built with - any modern compiler that allows for a 64-bit curl_off_t type. For older - compilers or prior curl versions it may set a time that appears one hour off. - This happens due to a flaw in how Windows stores and uses file modification - times and it is not easily worked around. For more details read this: - https://www.codeproject.com/Articles/1144/Beating-the-Daylight-Savings-Time-bug-and-getting - - 4.14 Redirects work in browser but not with curl! - - curl supports HTTP redirects well (see item 3.8). Browsers generally support - at least two other ways to perform redirects that curl does not: - - Meta tags. You can write a HTML tag that will cause the browser to redirect - to another given URL after a certain time. - - Javascript. You can write a Javascript program embedded in a HTML page that - redirects the browser to another given URL. - - There is no way to make curl follow these redirects. You must either - manually figure out what the page is set to do, or write a script that parses - the results and fetches the new URL. - - 4.15 FTPS doesn't work - - curl supports FTPS (sometimes known as FTP-SSL) both implicit and explicit - mode. - - When a URL is used that starts with FTPS://, curl assumes implicit SSL on - the control connection and will therefore immediately connect and try to - speak SSL. FTPS:// connections default to port 990. - - To use explicit FTPS, you use a FTP:// URL and the --ftp-ssl option (or one - of its related flavors). This is the most common method, and the one - mandated by RFC4217. This kind of connection will then of course use the - standard FTP port 21 by default. - - 4.16 My HTTP POST or PUT requests are slow! - - libcurl makes all POST and PUT requests (except for POST requests with a - very tiny request body) use the "Expect: 100-continue" header. This header - allows the server to deny the operation early so that libcurl can bail out - before having to send any data. This is useful in authentication - cases and others. - - However, many servers don't implement the Expect: stuff properly and if the - server doesn't respond (positively) within 1 second libcurl will continue - and send off the data anyway. - - You can disable libcurl's use of the Expect: header the same way you disable - any header, using -H / CURLOPT_HTTPHEADER, or by forcing it to use HTTP 1.0. - - 4.17 Non-functional connect timeouts - - In most Windows setups having a timeout longer than 21 seconds make no - difference, as it will only send 3 TCP SYN packets and no more. The second - packet sent three seconds after the first and the third six seconds after - the second. No more than three packets are sent, no matter how long the - timeout is set. - - See option TcpMaxConnectRetransmissions on this page: - https://support.microsoft.com/en-us/kb/175523/en-us - - Also, even on non-Windows systems there may run a firewall or anti-virus - software or similar that accepts the connection but does not actually do - anything else. This will make (lib)curl to consider the connection connected - and thus the connect timeout won't trigger. - - 4.18 file:// URLs containing drive letters (Windows, NetWare) - - When using curl to try to download a local file, one might use a URL - in this format: - - file://D:/blah.txt - - You'll find that even if D:\blah.txt does exist, curl returns a 'file - not found' error. - - According to RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt), - file:// URLs must contain a host component, but it is ignored by - most implementations. In the above example, 'D:' is treated as the - host component, and is taken away. Thus, curl tries to open '/blah.txt'. - If your system is installed to drive C:, that will resolve to 'C:\blah.txt', - and if that doesn't exist you will get the not found error. - - To fix this problem, use file:// URLs with *three* leading slashes: - - file:///D:/blah.txt - - Alternatively, if it makes more sense, specify 'localhost' as the host - component: - - file://localhost/D:/blah.txt - - In either case, curl should now be looking for the correct file. - - 4.19 Why doesn't curl return an error when the network cable is unplugged? - - Unplugging a cable is not an error situation. The TCP/IP protocol stack - was designed to be fault tolerant, so even though there may be a physical - break somewhere the connection shouldn't be affected, just possibly - delayed. Eventually, the physical break will be fixed or the data will be - re-routed around the physical problem through another path. - - In such cases, the TCP/IP stack is responsible for detecting when the - network connection is irrevocably lost. Since with some protocols it is - perfectly legal for the client to wait indefinitely for data, the stack may - never report a problem, and even when it does, it can take up to 20 minutes - for it to detect an issue. The curl option --keepalive-time enables - keep-alive support in the TCP/IP stack which makes it periodically probe the - connection to make sure it is still available to send data. That should - reliably detect any TCP/IP network failure. - - But even that won't detect the network going down before the TCP/IP - connection is established (e.g. during a DNS lookup) or using protocols that - don't use TCP. To handle those situations, curl offers a number of timeouts - on its own. --speed-limit/--speed-time will abort if the data transfer rate - falls too low, and --connect-timeout and --max-time can be used to put an - overall timeout on the connection phase or the entire transfer. - - A libcurl-using application running in a known physical environment (e.g. - an embedded device with only a single network connection) may want to act - immediately if its lone network connection goes down. That can be achieved - by having the application monitor the network connection on its own using an - OS-specific mechanism, then signaling libcurl to abort (see also item 5.13). - - 4.20 curl doesn't return error for HTTP non-200 responses! - - Correct. Unless you use -f (--fail). - - When doing HTTP transfers, curl will perform exactly what you're asking it - to do and if successful it will not return an error. You can use curl to - test your web server's "file not found" page (that gets 404 back), you can - use it to check your authentication protected web pages (that gets a 401 - back) and so on. - - The specific HTTP response code does not constitute a problem or error for - curl. It simply sends and delivers HTTP as you asked and if that worked, - everything is fine and dandy. The response code is generally providing more - higher level error information that curl doesn't care about. The error was - not in the HTTP transfer. - - If you want your command line to treat error codes in the 400 and up range - as errors and thus return a non-zero value and possibly show an error - message, curl has a dedicated option for that: -f (CURLOPT_FAILONERROR in - libcurl speak). - - You can also use the -w option and the variable %{response_code} to extract - the exact response code that was returned in the response. - -5. libcurl Issues - - 5.1 Is libcurl thread-safe? - - Yes. - - We have written the libcurl code specifically adjusted for multi-threaded - programs. libcurl will use thread-safe functions instead of non-safe ones if - your system has such. Note that you must never share the same handle in - multiple threads. - - There may be some exceptions to thread safety depending on how libcurl was - built. Please review the guidelines for thread safety to learn more: - https://curl.se/libcurl/c/threadsafe.html - - 5.2 How can I receive all data into a large memory chunk? - - [ See also the examples/getinmemory.c source ] - - You are in full control of the callback function that gets called every time - there is data received from the remote server. You can make that callback do - whatever you want. You do not have to write the received data to a file. - - One solution to this problem could be to have a pointer to a struct that you - pass to the callback function. You set the pointer using the - CURLOPT_WRITEDATA option. Then that pointer will be passed to the callback - instead of a FILE * to a file: - - /* imaginary struct */ - struct MemoryStruct { - char *memory; - size_t size; - }; - - /* imaginary callback function */ - size_t - WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data) - { - size_t realsize = size * nmemb; - struct MemoryStruct *mem = (struct MemoryStruct *)data; - - mem->memory = (char *)realloc(mem->memory, mem->size + realsize + 1); - if (mem->memory) { - memcpy(&(mem->memory[mem->size]), ptr, realsize); - mem->size += realsize; - mem->memory[mem->size] = 0; - } - return realsize; - } - - 5.3 How do I fetch multiple files with libcurl? - - libcurl has excellent support for transferring multiple files. You should - just repeatedly set new URLs with curl_easy_setopt() and then transfer it - with curl_easy_perform(). The handle you get from curl_easy_init() is not - only reusable, but you're even encouraged to reuse it if you can, as that - will enable libcurl to use persistent connections. - - 5.4 Does libcurl do Winsock initialization on win32 systems? - - Yes, if told to in the curl_global_init() call. - - 5.5 Does CURLOPT_WRITEDATA and CURLOPT_READDATA work on win32 ? - - Yes, but you cannot open a FILE * and pass the pointer to a DLL and have - that DLL use the FILE * (as the DLL and the client application cannot access - each others' variable memory areas). If you set CURLOPT_WRITEDATA you must - also use CURLOPT_WRITEFUNCTION as well to set a function that writes the - file, even if that simply writes the data to the specified FILE *. - Similarly, if you use CURLOPT_READDATA you must also specify - CURLOPT_READFUNCTION. - - 5.6 What about Keep-Alive or persistent connections? - - curl and libcurl have excellent support for persistent connections when - transferring several files from the same server. curl will attempt to reuse - connections for all URLs specified on the same command line/config file, and - libcurl will reuse connections for all transfers that are made using the - same libcurl handle. - - When you use the easy interface the connection cache is kept within the easy - handle. If you instead use the multi interface, the connection cache will be - kept within the multi handle and will be shared among all the easy handles - that are used within the same multi handle. - - 5.7 Link errors when building libcurl on Windows! - - You need to make sure that your project, and all the libraries (both static - and dynamic) that it links against, are compiled/linked against the same run - time library. - - This is determined by the /MD, /ML, /MT (and their corresponding /M?d) - options to the command line compiler. /MD (linking against MSVCRT dll) seems - to be the most commonly used option. - - When building an application that uses the static libcurl library, you must - add -DCURL_STATICLIB to your CFLAGS. Otherwise the linker will look for - dynamic import symbols. If you're using Visual Studio, you need to instead - add CURL_STATICLIB in the "Preprocessor Definitions" section. - - If you get linker error like "unknown symbol __imp__curl_easy_init ..." you - have linked against the wrong (static) library. If you want to use the - libcurl.dll and import lib, you don't need any extra CFLAGS, but use one of - the import libraries below. These are the libraries produced by the various - lib/Makefile.* files: - - Target: static lib. import lib for libcurl*.dll. - ----------------------------------------------------------- - MingW: libcurl.a libcurldll.a - MSVC (release): libcurl.lib libcurl_imp.lib - MSVC (debug): libcurld.lib libcurld_imp.lib - Borland: libcurl.lib libcurl_imp.lib - - 5.8 libcurl.so.X: open failed: No such file or directory - - This is an error message you might get when you try to run a program linked - with a shared version of libcurl and your run-time linker (ld.so) couldn't - find the shared library named libcurl.so.X. (Where X is the number of the - current libcurl ABI, typically 3 or 4). - - You need to make sure that ld.so finds libcurl.so.X. You can do that - multiple ways, and it differs somewhat between different operating systems, - but they are usually: - - * Add an option to the linker command line that specify the hard-coded path - the run-time linker should check for the lib (usually -R) - - * Set an environment variable (LD_LIBRARY_PATH for example) where ld.so - should check for libs - - * Adjust the system's config to check for libs in the directory where you've - put the dir (like Linux's /etc/ld.so.conf) - - 'man ld.so' and 'man ld' will tell you more details - - 5.9 How does libcurl resolve host names? - - libcurl supports a large a number of different name resolve functions. One - of them is picked at build-time and will be used unconditionally. Thus, if - you want to change name resolver function you must rebuild libcurl and tell - it to use a different function. - - - The non-IPv6 resolver that can use one of four different host name resolve - calls (depending on what your system supports): - - A - gethostbyname() - B - gethostbyname_r() with 3 arguments - C - gethostbyname_r() with 5 arguments - D - gethostbyname_r() with 6 arguments - - - The IPv6-resolver that uses getaddrinfo() - - - The c-ares based name resolver that uses the c-ares library for resolves. - Using this offers asynchronous name resolves. - - - The threaded resolver (default option on Windows). It uses: - - A - gethostbyname() on plain IPv4 hosts - B - getaddrinfo() on IPv6 enabled hosts - - Also note that libcurl never resolves or reverse-lookups addresses given as - pure numbers, such as 127.0.0.1 or ::1. - - 5.10 How do I prevent libcurl from writing the response to stdout? - - libcurl provides a default built-in write function that writes received data - to stdout. Set the CURLOPT_WRITEFUNCTION to receive the data, or possibly - set CURLOPT_WRITEDATA to a different FILE * handle. - - 5.11 How do I make libcurl not receive the whole HTTP response? - - You make the write callback (or progress callback) return an error and - libcurl will then abort the transfer. - - 5.12 Can I make libcurl fake or hide my real IP address? - - No. libcurl operates on a higher level. Besides, faking IP address would - imply sending IP packets with a made-up source address, and then you normally - get a problem with receiving the packet sent back as they would then not be - routed to you! - - If you use a proxy to access remote sites, the sites will not see your local - IP address but instead the address of the proxy. - - Also note that on many networks NATs or other IP-munging techniques are used - that makes you see and use a different IP address locally than what the - remote server will see you coming from. You may also consider using - https://www.torproject.org/ . - - 5.13 How do I stop an ongoing transfer? - - With the easy interface you make sure to return the correct error code from - one of the callbacks, but none of them are instant. There is no function you - can call from another thread or similar that will stop it immediately. - Instead, you need to make sure that one of the callbacks you use returns an - appropriate value that will stop the transfer. Suitable callbacks that you - can do this with include the progress callback, the read callback and the - write callback. - - If you're using the multi interface, you can also stop a transfer by - removing the particular easy handle from the multi stack at any moment you - think the transfer is done or when you wish to abort the transfer. - - 5.14 Using C++ non-static functions for callbacks? - - libcurl is a C library, it doesn't know anything about C++ member functions. - - You can overcome this "limitation" with relative ease using a static - member function that is passed a pointer to the class: - - // f is the pointer to your object. - static size_t YourClass::func(void *buffer, size_t sz, size_t n, void *f) - { - // Call non-static member function. - static_cast(f)->nonStaticFunction(); - } - - // This is how you pass pointer to the static function: - curl_easy_setopt(hcurl, CURLOPT_WRITEFUNCTION, YourClass::func); - curl_easy_setopt(hcurl, CURLOPT_WRITEDATA, this); - - 5.15 How do I get an FTP directory listing? - - If you end the FTP URL you request with a slash, libcurl will provide you - with a directory listing of that given directory. You can also set - CURLOPT_CUSTOMREQUEST to alter what exact listing command libcurl would use - to list the files. - - The follow-up question tends to be how is a program supposed to parse the - directory listing. How does it know what's a file and what's a dir and what's - a symlink etc. If the FTP server supports the MLSD command then it will - return data in a machine-readable format that can be parsed for type. The - types are specified by RFC3659 section 7.5.1. If MLSD is not supported then - you have to work with what you're given. The LIST output format is entirely - at the server's own liking and the NLST output doesn't reveal any types and - in many cases doesn't even include all the directory entries. Also, both LIST - and NLST tend to hide unix-style hidden files (those that start with a dot) - by default so you need to do "LIST -a" or similar to see them. - - Example - List only directories. - ftp.funet.fi supports MLSD and ftp.kernel.org does not: - - curl -s ftp.funet.fi/pub/ -X MLSD | \ - perl -lne 'print if s/(?:^|;)type=dir;[^ ]+ (.+)$/$1/' - - curl -s ftp.kernel.org/pub/linux/kernel/ | \ - perl -lne 'print if s/^d[-rwx]{9}(?: +[^ ]+){7} (.+)$/$1/' - - If you need to parse LIST output in libcurl one such existing - list parser is available at https://cr.yp.to/ftpparse.html Versions of - libcurl since 7.21.0 also provide the ability to specify a wildcard to - download multiple files from one FTP directory. - - 5.16 I want a different time-out! - - Time and time again users realize that CURLOPT_TIMEOUT and - CURLOPT_CONNECTIMEOUT are not sufficiently advanced or flexible to cover all - the various use cases and scenarios applications end up with. - - libcurl offers many more ways to time-out operations. A common alternative - is to use the CURLOPT_LOW_SPEED_LIMIT and CURLOPT_LOW_SPEED_TIME options to - specify the lowest possible speed to accept before to consider the transfer - timed out. - - The most flexible way is by writing your own time-out logic and using - CURLOPT_XFERINFOFUNCTION (perhaps in combination with other callbacks) and - use that to figure out exactly when the right condition is met when the - transfer should get stopped. - - 5.17 Can I write a server with libcurl? - - No. libcurl offers no functions or building blocks to build any kind of - internet protocol server. libcurl is only a client-side library. For server - libraries, you need to continue your search elsewhere but there exist many - good open source ones out there for most protocols you could possibly want a - server for. And there are really good stand-alone ones that have been tested - and proven for many years. There's no need for you to reinvent them! - - 5.18 Does libcurl use threads? - - Put simply: no, libcurl will execute in the same thread you call it in. All - callbacks will be called in the same thread as the one you call libcurl in. - - If you want to avoid your thread to be blocked by the libcurl call, you make - sure you use the non-blocking API which will do transfers asynchronously - - but still in the same single thread. - - libcurl will potentially internally use threads for name resolving, if it - was built to work like that, but in those cases it'll create the child - threads by itself and they will only be used and then killed internally by - libcurl and never exposed to the outside. - -6. License Issues - - curl and libcurl are released under a MIT/X derivative license. The license is - very liberal and should not impose a problem for your project. This section - is just a brief summary for the cases we get the most questions. (Parts of - this section was much enhanced by Bjorn Reese.) - - We are not lawyers and this is not legal advice. You should probably consult - one if you want true and accurate legal insights without our prejudice. Note - especially that this section concerns the libcurl license only; compiling in - features of libcurl that depend on other libraries (e.g. OpenSSL) may affect - the licensing obligations of your application. - - 6.1 I have a GPL program, can I use the libcurl library? - - Yes! - - Since libcurl may be distributed under the MIT/X derivative license, it can be - used together with GPL in any software. - - 6.2 I have a closed-source program, can I use the libcurl library? - - Yes! - - libcurl does not put any restrictions on the program that uses the library. - - 6.3 I have a BSD licensed program, can I use the libcurl library? - - Yes! - - libcurl does not put any restrictions on the program that uses the library. - - 6.4 I have a program that uses LGPL libraries, can I use libcurl? - - Yes! - - The LGPL license doesn't clash with other licenses. - - 6.5 Can I modify curl/libcurl for my program and keep the changes secret? - - Yes! - - The MIT/X derivative license practically allows you to do almost anything with - the sources, on the condition that the copyright texts in the sources are - left intact. - - 6.6 Can you please change the curl/libcurl license to XXXX? - - No. - - We have carefully picked this license after years of development and - discussions and a large amount of people have contributed with source code - knowing that this is the license we use. This license puts the restrictions - we want on curl/libcurl and it does not spread to other programs or - libraries that use it. It should be possible for everyone to use libcurl or - curl in their projects, no matter what license they already have in use. - - 6.7 What are my obligations when using libcurl in my commercial apps? - - Next to none. All you need to adhere to is the MIT-style license (stated in - the COPYING file) which basically says you have to include the copyright - notice in "all copies" and that you may not use the copyright holder's name - when promoting your software. - - You do not have to release any of your source code. - - You do not have to reveal or make public any changes to the libcurl source - code. - - You do not have to broadcast to the world that you are using libcurl within - your app. - - All we ask is that you disclose "the copyright notice and this permission - notice" somewhere. Most probably like in the documentation or in the section - where other third party dependencies already are mentioned and acknowledged. - - As can be seen here: https://curl.se/docs/companies.html and elsewhere, - more and more companies are discovering the power of libcurl and take - advantage of it even in commercial environments. - - -7. PHP/CURL Issues - - 7.1 What is PHP/CURL? - - The module for PHP that makes it possible for PHP programs to access curl- - functions from within PHP. - - In the cURL project we call this module PHP/CURL to differentiate it from - curl the command line tool and libcurl the library. The PHP team however - does not refer to it like this (for unknown reasons). They call it plain - CURL (often using all caps) or sometimes ext/curl, but both cause much - confusion to users which in turn gives us a higher question load. - - 7.2 Who wrote PHP/CURL? - - PHP/CURL was initially written by Sterling Hughes. - - 7.3 Can I perform multiple requests using the same handle? - - Yes - at least in PHP version 4.3.8 and later (this has been known to not - work in earlier versions, but the exact version when it started to work is - unknown to me). - - After a transfer, you just set new options in the handle and make another - transfer. This will make libcurl re-use the same connection if it can. - - 7.4 Does PHP/CURL have dependencies? - - PHP/CURL is a module that comes with the regular PHP package. It depends on - and uses libcurl, so you need to have libcurl installed properly before - PHP/CURL can be used. diff --git a/docs/FAQ.md b/docs/FAQ.md new file mode 100644 index 000000000000..f53ed2daf656 --- /dev/null +++ b/docs/FAQ.md @@ -0,0 +1,1428 @@ + + +# Frequently Asked Questions + +# Philosophy + +## What is curl? + +curl is the name of the project. The name is a play on *Client for URLs*, +originally with URL spelled in uppercase to make it obvious it deals with +URLs. The fact it can also be read as *see URL* also helped, it works as an +abbreviation for *Client URL Request Library* or why not the recursive +version: *curl URL Request Library*. + +The curl project produces two products: + +### libcurl + +A client-side URL transfer library, supporting DICT, FILE, FTP, FTPS, GOPHER, +GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, +RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. + +libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, +Kerberos, SPNEGO, HTTP form based upload, proxies, cookies, user+password +authentication, file transfer resume, http proxy tunneling and more. + +libcurl is highly portable, it builds and works identically on numerous +platforms. The [internals document](https://curl.se/docs/install.html#Ports) +lists more than 110 operating systems and 28 CPU architectures on which curl +has been reported to run. + +libcurl is free, thread-safe, IPv6 compatible, feature rich, well supported +and fast. + +### curl + +A command line tool for getting or sending data using URL syntax. + +Since curl uses libcurl, curl supports the same wide range of common Internet +protocols that libcurl does. + +We pronounce curl with an initial k sound. It rhymes with words like girl and +earl. [This is a short WAV +file](https://media.merriam-webster.com/soundc11/c/curl0001.wav) to help you. + +There are numerous sub-projects and related projects that also use the word +curl in the project names in various combinations, but you should take notice +that this FAQ is directed at the command-line tool named curl (and libcurl the +library), and may therefore not be valid for other curl-related projects. +(There is however a small section for the PHP/CURL in this FAQ.) + +## What is libcurl? + +libcurl is a reliable and portable library for doing Internet data transfers +using one or more of its supported Internet protocols. + +You can use libcurl freely in your application, be it open source, commercial +or closed-source. + +libcurl is most probably the most portable, most powerful and most often used +C-based multi-platform file transfer library on this planet - be it open +source or commercial. + +## What is curl not? + +curl is not a Wget clone. That is a common misconception. Never, during curl's +development, have we intended curl to replace Wget or compete on its market. +curl is targeted at single-shot file transfers. + +curl is not a website mirroring program. If you want to use curl to mirror +something: fine, go ahead and write a script that wraps around curl or use +libcurl to make it reality. + +curl is not an FTP site mirroring program. Sure, get and send FTP with curl +but if you want systematic and sequential behavior you should write a script +(or write a new program that interfaces libcurl) and do it. + +curl is not a PHP tool, even though it works perfectly well when used from or +with PHP (when using the PHP/CURL module). + +curl is not a program for a single operating system. curl exists, compiles, +builds and runs under a wide range of operating systems, including all modern +Unixes (and a bunch of older ones too), Windows, Amiga, OS/2, macOS, QNX etc. + +## When would you make curl do ... ? + +We love suggestions of what to change in order to make curl and libcurl +better. We do however believe in a few rules when it comes to the future of +curl: + +curl the command line tool is to remain a non-graphical command line tool. If +you want GUIs or fancy scripting capabilities, you should look for another +tool that uses libcurl. + +We do not add things to curl that other small and available tools already do +well at the side. curl's output can be piped into another program or +redirected to another file for the next program to interpret. + +We focus on protocol related issues and improvements. If you want to do more +with the supported protocols than curl currently does, chances are good we +would agree. If you want to add more protocols, we may agree. + +If you want someone else to do all the work while you wait for us to implement +it for you, that is not a friendly attitude. We spend a considerable time +already on maintaining and developing curl. In order to get more out of us, +you should consider trading in some of your time and effort in return. Go to +the [GitHub repository](https://github.com/curl/curl), fork the project, +and create pull requests with your proposed changes. + +If you write the code, chances are better that it gets into curl faster. + +## Who makes curl? + +curl and libcurl are not made by any single individual. Daniel Stenberg is +project leader and main developer, but other persons' submissions are +important and crucial. Anyone can contribute and post their changes and +improvements and have them inserted in the main sources (of course on the +condition that developers agree that the fixes are good). + +The full list of all contributors is found in the +[docs/THANKS](https://curl.se/docs/thanks.html) file. + +curl is developed by a community, with Daniel at the wheel. + +## What do you get for making curl? + +Project curl is entirely free and open. We do this voluntarily, mostly in our +spare time. Companies may pay individual developers to work on curl. This is +not controlled by nor supervised in any way by the curl project. + +We get help from companies. Haxx provides website, bandwidth, mailing lists +etc, GitHub hosts [the primary git repository](https://github.com/curl/curl) +and other services like the bug tracker. Also again, some companies have +sponsored certain parts of the development in the past and I hope some +continue to do so in the future. + +If you want to [support our project](https://curl.se/sponsors.html), consider +a donation or a banner-program or even better: by helping us with coding, +documenting or testing etc. + +## What about CURL from curl.com? + +During the summer of 2001, curl.com was busy advertising their client-side +programming language for the web, named CURL. + +We are in no way associated with curl.com or their CURL programming language. + +Our project name curl has been in effective use since 1998. We were not the +first computer related project to use the name *curl* and do not claim any +rights to the name. + +We recognize that we are living in parallel with curl.com and wish them +every success. + +## I have a problem, who do I mail? + +Please do not mail any single individual unless you really need to. Keep +curl-related questions on a suitable mailing list. All available mailing lists +are listed [online](https://curl.se/mail/). + +Keeping curl-related questions and discussions on mailing lists allows others +to join in and help, to share their ideas, to contribute their suggestions and +to spread their wisdom. Keeping discussions on public mailing lists also +allows for others to learn from this (both current and future users thanks to +the web based archives of the mailing lists), thus saving us from having to +repeat ourselves even more. Thanks for respecting this. + +If you have found or suspect a security problem in curl or libcurl, +[submit all the details to us](https://curl.se/dev/vuln-disclosure.html). We +keep the issue private while we investigate, confirm it, work and validate a +fix and agree on a time schedule for publication etc. That way we produce a +fix in a timely manner before the flaw is announced to the world, reducing the +impact the problem risks having on existing users. + +Security issues can also be taking to the curl security team by emailing +security at curl.se (closed list of receivers, mails are not disclosed). + +## Where do I buy commercial support for curl? + +curl is fully open source. It means you can hire any skilled engineer to fix +your curl-related problems. + +We list [available alternatives](https://curl.se/support.html). + +## How many are using curl? + +It is impossible to tell. + +We do not know how many users that knowingly have installed and use curl. + +We do not know how many users that use curl without knowing that they are in +fact using it. + +We do not know how many users that downloaded or installed curl and then never +use it. + +In 2025, we estimate that curl runs in roughly thirty billion installations +world wide. + +## Why do you not update ca-bundle.crt + +In the curl project we have decided not to attempt to keep this file updated +(or even present) since deciding what to add to a ca cert bundle is an +undertaking we have not been ready to accept, and the one we can get from +Mozilla is perfectly fine so there is no need to duplicate that work. + +Today, with many services performed over HTTPS, every operating system should +come with a default ca cert bundle that can be deemed somewhat trustworthy and +that collection (if reasonably updated) should be deemed to be a lot better +than a private curl version. + +If you want the most recent collection of ca certs that Mozilla Firefox uses, +we recommend that using our online [CA certificate +service](https://curl.se/docs/caextract.html) setup for this purpose. + +## I have a problem who, can I chat with? + +There is a bunch of friendly people hanging out in the #curl channel on the +IRC network libera.chat. If you are polite and nice, chances are good that you +can get -- or provide -- help instantly. + +## curl's ECCN number? + +The US government restricts exports of software that contains or uses +cryptography. When doing so, the Export Control Classification Number (ECCN) +is used to identify the level of export control etc. + +Apache Software Foundation has [a good explanation of +ECCN](https://www.apache.org/dev/crypto.html). + +We believe curl's number might be ECCN 5D002, another possibility is 5D992. It +seems necessary to write them (the authority that administers ECCN numbers), +asking to confirm. + +Comprehensible explanations of the meaning of such numbers and how to obtain +them (resp.) are [here](https://www.bis.gov/licensing/classify-your-item) +and [here](https://www.bis.gov/licensing/classify-your-item/publicly-available-classification-information). + +An incomprehensible description of the two numbers above is available on +[bis.doc.gov](https://www.bis.doc.gov/index.php/documents/new-encryption/1653-ccl5-pt2-3) + +## How do I submit my patch? + +We strongly encourage you to submit changes and improvements directly as [pull +requests on GitHub](https://github.com/curl/curl/pulls). + +If you cannot or choose not to engage with GitHub, send your patch +to the curl-library mailing list. We are many subscribers there and there are +lots of people who can review patches, comment on them and receive them +properly. + +Lots of more details are found in the +[contribute](https://curl.se/dev/contribute.html) and +[internals](https://curl.se/dev/internals.html) +documents. + +## How do I port libcurl to my OS? + +Here's a rough step-by-step: + +1. copy a suitable `lib/config-*.h` file as a start to `lib/config-[youros].h` +2. edit `lib/config-[youros].h` to match your OS and setup +3. edit `lib/curl_setup.h` to include `config-[youros].h` when your OS is + detected by the preprocessor, in the style others already exist +4. compile `lib/*.c` and make them into a library + +# Install + +## configure fails when using static libraries + +You may find that configure fails to properly detect the entire dependency +chain of libraries when you provide static versions of the libraries that +configure checks for. + +The reason why static libraries is much harder to deal with is that for them +we do not get any help but the script itself must know or check what more +libraries that are needed (with shared libraries, that dependency chain is +handled automatically). This is an error-prone process and one that also tends +to vary over time depending on the release versions of the involved components +and may also differ between operating systems. + +For that reason, configure does few attempts to actually figure this out and +you are instead encouraged to set `LIBS` and `LDFLAGS` accordingly when you invoke +configure, and point out the needed libraries and set the necessary flags +yourself. + +## Does curl work with other SSL libraries? + +curl has been written to use a generic SSL function layer internally, and +that SSL functionality can then be provided by one out of many different SSL +backends. + +curl can be built to use one of the following SSL alternatives: OpenSSL, +LibreSSL, BoringSSL, AWS-LC, GnuTLS, wolfSSL, mbedTLS, Schannel (native +Windows) or Rustls. They all have their pros and cons, and we maintain [a TLS +library comparison](https://curl.se/docs/ssl-compared.html). + +## How do I upgrade curl.exe in Windows? + +The curl tool that is shipped as an integrated component of Windows 10 and +Windows 11 is managed by Microsoft. If you were to delete the file or replace +it with a newer version downloaded from [the curl +website](https://curl.se/windows/), then Windows Update ceases to work on +your system. + +There is no way to independently force an upgrade of the curl.exe that is part +of Windows other than through the regular Windows update process. There is +also nothing the curl project itself can do about this, since this is managed +and controlled entirely by Microsoft as owners of the operating system. + +You can always download and install [the latest version of curl for +Windows](https://curl.se/windows/) into a separate location. + +## Does curl support SOCKS (RFC 1928) ? + +Yes, SOCKS 4 and 5 are supported. + +# Usage + +## curl: (1) SSL is disabled, https: not supported + +If you get this output when trying to get anything from an HTTPS server, it +means that the instance of curl/libcurl that you are using was built without +support for this protocol. + +This could have happened if the configure script that was run at build time +could not find all libs and include files curl requires for SSL to work. If +the configure script fails to find them, curl is built without SSL +support. + +To get HTTPS support into a curl that was previously built but that reports +that HTTPS is not supported, you should dig through the document and logs and +check out why the configure script does not find the SSL libs and/or include +files. + +## How do I tell curl to resume a transfer? + +curl supports resumed transfers both ways on both FTP and HTTP. Try the `-C` +option. + +## Why does my posting using -F not work? + +You cannot arbitrarily use `-F` or `-d`, the choice between `-F` or `-d` +depends on the HTTP operation you need curl to do and what the web server that +receives your post expects. + +If the form you are trying to submit uses the type 'multipart/form-data', +then and only then you must use the -F type. In all the most common cases, +you should use `-d` which then causes a posting with the type +`application/x-www-form-urlencoded`. + +This is described in some detail in the +[Manual](https://curl.se/docs/tutorial.html) and [The Art Of HTTP +Scripting](https://curl.se/docs/httpscripting.html) documents, and if you do +not understand it the first time, read it again before you post questions +about this to the mailing list. Also, try reading through the mailing list +archives for old postings and questions regarding this. + +## How do I tell curl to run custom FTP commands? + +You can tell curl to perform optional commands both before and/or after a file +transfer. Study the `-Q`/`--quote` option. + +Since curl is used for file transfers, you do not normally use curl to perform +FTP commands without transferring anything. Therefore you must always specify +a URL to transfer to/from even when doing custom FTP commands, or use `-I` +which implies the *no body*" option sent to libcurl. + +## How can I disable the Accept: header? + +You can change this and all internally generated headers by adding a +replacement with the `-H`/`--header` option. By adding a header with empty +contents you safely disable that one. Use `-H Accept:` to disable that +specific header. + +## Does curl support ASP, XML, XHTML or HTML version Y? + +To curl, all contents are alike. It does not matter how the page was +generated. It may be ASP, PHP, Perl, shell-script, SSI or plain HTML +files. There is no difference to curl and it does not even know what kind of +language that generated the page. + +See also the separate question about JavaScript. + +## Can I use curl to delete/rename a file through FTP? + +Yes. You specify custom FTP commands with `-Q`/`--quote`. + +One example would be to delete a file after you have downloaded it: + + curl -O ftp://example.com/coolfile -Q '-DELE coolfile' + +or rename a file after upload: + + curl -T infile ftp://example.com/dir/ -Q "-RNFR infile" -Q "-RNTO newname" + +## How do I tell curl to follow HTTP redirects? + +curl does not follow so-called redirects by default. The `Location:` header that +informs the client about this is only interpreted if you are using the +`-L`/`--location` option. As in: + + curl -L https://example.com + +Not all redirects are HTTP ones. See [Redirects work in browser but not with +curl](#redirects-work-in-browser-but-not-with-curl) + +## How do I use curl in my favorite programming language? + +Many programming languages have interfaces and bindings that allow you to use +curl without having to use the command line tool. If you are fluent in such a +language, you may prefer to use one of these interfaces instead. + +Find out more about which languages that support curl directly, and how to +install and use them, in the [libcurl section of the curl +website](https://curl.se/libcurl/). + +All the various bindings to libcurl are made by other projects and people, +outside of the curl project. The curl project itself only produces libcurl +with its plain C API. If you do not find anywhere else to ask you can ask +about bindings on the curl-library list too, but be prepared that people on +that list may not know anything about bindings. + +In December 2025 there were around **60** different [interfaces +available](https://curl.se/libcurl/bindings.html) for almost any language you +can imagine. + +## What about SOAP, WebDAV, XML-RPC or similar protocols over HTTP? + +curl adheres to the HTTP spec, which means you can play with *any* protocol +that is built on top of HTTP. Protocols such as SOAP, WebDAV and XML-RPC are +all such ones. You can use `-X` to set custom requests and -H to set custom +headers (or replace internally generated ones). + +Using libcurl of course also works and you would use the proper library +options to do the same. + +## How do I POST with a different Content-Type? + +You can always replace the internally generated headers with `-H`/`--header`. +To make a simple HTTP POST with `text/xml` as content-type, do something like: + + curl -d "datatopost" -H "Content-Type: text/xml" [URL] + +## Why do FTP-specific features over HTTP proxy fail? + +Because when you use an HTTP proxy, the protocol spoken on the network is +HTTP, even if you specify an FTP URL. This effectively means that you normally +cannot use FTP-specific features such as FTP upload and FTP quote etc. + +There is one exception to this rule, and that is if you can *tunnel through* +the given HTTP proxy. Proxy tunneling is enabled with a special option (`-p`) +and is generally not available as proxy admins usually disable tunneling to +ports other than 443 (which is used for HTTPS access through proxies). + +## Why do my single/double quotes fail? + +To specify a command line option that includes spaces, you might need to put +the entire option within quotes. Like in: + + curl -d " with spaces " example.com + +or perhaps + + curl -d ' with spaces ' example.com + +Exactly what kind of quotes and how to do this is entirely up to the shell or +command line interpreter that you are using. For most Unix shells, you can +more or less pick either single (`'`) or double (`"`) quotes. For Windows/DOS +command prompts you must use double (") quotes, and if the option string +contains inner double quotes you can escape them with a backslash. + +For Windows PowerShell the arguments are not always passed on as expected +because curl is not a PowerShell script. You may or may not be able to use +single quotes. To escape inner double quotes seems to require a +backslash-backtick escape sequence and the outer quotes as double quotes. + +Please study the documentation for your particular environment. Examples in +the curl docs use a mix of both of these as shown above. You must adjust them +to work in your environment. + +Remember that curl works and runs on more operating systems than most single +individuals have ever tried. + +## Does curl support JavaScript or PAC (automated proxy config)? + +Many webpages do stuff using embedded JavaScript. curl and libcurl have +no built-in support for that, so it is treated like any other contents. + +`.pac` files are a Netscape invention and are sometimes used by organizations +to allow them to differentiate which proxies to use. The `.pac` contents is a +JavaScript program that gets invoked by the browser and that returns the name +of the proxy to connect to. Since curl does not support JavaScript, it cannot +support .pac proxy configuration either. + +Some workarounds usually suggested to overcome this JavaScript dependency: + +Depending on the JavaScript complexity, write up a script that translates it +to another language and execute that. + +Read the JavaScript code and rewrite the same logic in another language. + +Implement a JavaScript interpreter, people have successfully used the +Mozilla JavaScript engine in the past. + +Ask your admins to stop this, for a static proxy setup or similar. + +## Can I do recursive fetches with curl? + +No. curl itself has no code that performs recursive operations, such as those +performed by Wget and similar tools. + +There exists curl using scripts with that functionality, and you can write +programs based on libcurl to do it, but the command line tool curl itself +cannot. + +## What certificates do I need when I use SSL? + +There are three different kinds of certificates to keep track of when we talk +about using SSL-based protocols (HTTPS or FTPS) using curl or libcurl. + +### Client certificate + +The server you communicate with may require that you can provide this in +order to prove that you actually are who you claim to be. If the server +does not require this, you do not need a client certificate. + +A client certificate is always used together with a private key, and the +private key has a passphrase that protects it. + +### Server certificate + +The server you communicate with has a server certificate. You can and should +verify this certificate to make sure that you are truly talking to the real +server and not a server impersonating it. + +Servers often also provide an intermediate certificate. It acts as a bridge +between a website's SSL certificate and a Certificate Authority's (CA) root +certificate, creating a "chain of trust". + +### Certificate Authority Certificate ("CA cert") + +You often have several CA certs in a CA cert bundle that can be used to verify +a server certificate that was signed by one of the authorities in the bundle. +curl does not come with a CA cert bundle but most curl installs provide one. +You can also override the default. + +Server certificate verification is enabled by default in curl and libcurl. +Server certificates that are *self-signed* or otherwise signed by a CA that +you do not have a CA cert for, cannot be verified. If the verification during +a connect fails, you are refused access. You then might have to explicitly +disable the verification to connect to the server. + +## How do I list the root directory of an FTP server? + +There are two ways. The way defined in the RFC is to use an encoded slash in +the first path part. List the `/tmp` directory like this: + + curl ftp://ftp.example.com/%2ftmp/ + +The second way is non-standard but more readable; start the path section of the +URL with a slash: + + curl ftp://ftp.example.com//tmp/ + +## Can I use curl to send a POST/PUT and not wait for a response? + +No. + +You can easily write your own program using libcurl to do such stunts. + +## How do I get HTTP from a host using a specific IP address? + +For example, you may be trying out a website installation that is not yet in +the DNS. Or you have a site using multiple IP addresses for a given host +name and you want to address a specific one out of the set. + +Set a custom `Host:` header that identifies the server name you want to reach +but use the target IP address in the URL: + + curl --header "Host: www.example.com" https://somewhere.example/ + +You can also opt to add faked hostname entries to curl with the --resolve +option. That has the added benefit to make things like redirects also work +properly. The above operation would instead be done as: + + curl --resolve www.example.com:80:127.0.0.1 https://www.example.com/ + +## How to SFTP from my user's home directory? + +Contrary to how FTP works, SFTP and SCP URLs specify the exact directory to +work with. It means that if you do not specify that you want the user's home +directory, you get the actual root directory. + +To specify a file in your user's home directory, you need to use the correct +URL syntax which for SFTP might look similar to: + + curl -O -u user:password sftp://example.com/~/file.txt + +and for SCP it is a different protocol prefix: + + curl -O -u user:password scp://example.com/~/file.txt + +## Protocol xxx not supported or disabled in libcurl + +When passing on a URL to curl to use, it may respond that the particular +protocol is not supported or disabled. The particular way this error message +is phrased is because curl does not make a distinction internally of whether a +particular protocol is not supported (i.e. never got any code added that knows +how to speak that protocol) or if it was explicitly disabled. curl can be +built to only support a given set of protocols, and the rest would then be +disabled or not supported. + +Note that this error also occurs if you pass a wrongly spelled protocol part +as in `htpts://example.com` or as in the less evident case if you prefix +the protocol part with a space as in `" https://example.com/"`. + +## curl `-X` gives me HTTP problems + +In normal circumstances, `-X` should hardly ever be used. + +By default you use curl without explicitly saying which request method to use +when the URL identifies an HTTP transfer. If you pass in a URL like `curl +https://example.com` it uses GET. If you use `-d` or `-F`, curl uses POST, +`-I` causes a HEAD and `-T` makes it a PUT. + +If for whatever reason you are not happy with these default choices that curl +does for you, you can override those request methods by specifying `-X +[WHATEVER]`. This way you can for example send a DELETE by doing +`curl -X DELETE [URL]`. + +It is thus pointless to do `curl -XGET [URL]` as GET would be used anyway. In +the same vein it is pointless to do `curl -X POST -d data [URL`. You can make +a fun and somewhat rare request that sends a request-body in a GET request +with something like `curl -X GET -d data [URL]`. + +Note that `-X` does not actually change curl's behavior as it only modifies +the actual string sent in the request, but that may of course trigger a +different set of events. + +Accordingly, by using `-XPOST` on a command line that for example would follow +a 303 redirect, you effectively prevent curl from behaving correctly. Be aware. + +# Running + +## Why do I get problems when I use & or % in the URL? + +In general Unix shells, the & symbol is treated specially and when used, it +runs the specified command in the background. To safely send the & as a part +of a URL, you should quote the entire URL by using single (`'`) or double +(`"`) quotes around it. Similar problems can also occur on some shells with +other characters, including ?*!$~(){}<>\|;`. When in doubt, quote the URL. + +An example that would invoke a remote CGI that uses &-symbols could be: + + curl 'https://www.example.com/cgi-bin/query?text=yes&q=curl' + +In Windows, the standard DOS shell treats the percent sign specially and you +need to use TWO percent signs for each single one you want to use in the URL. + +If you want a literal percent sign to be part of the data you pass in a POST +using `-d`/`--data` you must encode it as `%25` (which then also needs the +percent sign doubled on Windows machines). + +## How can I use {, }, [ or ] to specify multiple URLs? + +Because those letters have a special meaning to the shell, to be used in a URL +specified to curl you must quote them. + +An example that downloads two URLs (sequentially) would be: + + curl '{curl,www}.haxx.se' + +To be able to use those characters as actual parts of the URL (without using +them for the curl URL *globbing* system), use the `-g`/`--globoff` option: + + curl -g 'www.example.com/weirdname[].html' + +## Why do I get downloaded data even though the webpage does not exist? + +curl asks remote servers for the page you specify. If the page does not exist +at the server, the HTTP protocol defines how the server should respond and +that means that headers and a page get returned. That is how HTTP works. + +By using the `--fail` option you can tell curl explicitly to not get any data +if the HTTP return code does not say success. + +## Why do I get return code XXX from an HTTP server? + +RFC 2616 clearly explains the return codes. This is a short transcript. Go +read the RFC for exact details: + +### 400 Bad Request + +The request could not be understood by the server due to malformed +syntax. The client SHOULD NOT repeat the request without modifications. + +### 401 Unauthorized + +The request requires user authentication. + +### 403 Forbidden + +The server understood the request, but is refusing to fulfill it. +Authorization cannot help and the request SHOULD NOT be repeated. + +### 404 Not Found + +The server has not found anything matching the Request-URI. No indication is +given as to whether the condition is temporary or permanent. + +### 405 Method Not Allowed + +The method specified in the Request-Line is not allowed for the resource +identified by the Request-URI. The response MUST include an `Allow:` header +containing a list of valid methods for the requested resource. + +### 301 Moved Permanently + +If you get this return code and an HTML output similar to this: + +

Moved Permanently

The document has moved here. + +it might be because you requested a directory URL but without the trailing +slash. Try the same operation again _with_ the trailing URL, or use the +`-L`/`--location` option to follow the redirection. + +## Can you tell me what error code 142 means? + +All curl error codes are described at the end of the man page, in the section +called **EXIT CODES**. + +Error codes that are larger than the highest documented error code means that +curl has exited due to a crash. This is a serious error, and we appreciate a +detailed bug report from you that describes how we could go ahead and repeat +this. + +## How do I keep usernames and passwords secret in curl command lines? + +This problem has two sides: + +The first part is to avoid having clear-text passwords in the command line so +that they do not appear in *ps* outputs and similar. That is easily avoided by +using the `-K` option to tell curl to read parameters from a file or stdin to +which you can pass the secret info. curl itself also attempts to hide the given +password by blanking out the option - this does not work on all platforms. + +To keep the passwords in your account secret from the rest of the world is +not a task that curl addresses. You could of course encrypt them somehow to +at least hide them from being read by human eyes, but that is not what +anyone would call security. + +Also note that regular HTTP (using Basic authentication) and FTP passwords are +sent as cleartext across the network. All it takes for anyone to fetch them is +to listen on the network. Eavesdropping is easy. Use more secure +authentication methods (like Digest, Negotiate or even NTLM) or consider the +SSL-based alternatives HTTPS and FTPS. + +## I found a bug + +It is not a bug if the behavior is documented. Read the docs first. Especially +check out the KNOWN_BUGS file, it may be a documented bug. + +If it is a problem with a binary you have downloaded or a package for your +particular platform, try contacting the person who built the package/archive +you have. + +If there is a bug, read the BUGS document first. Then report it as described +in there. + +## curl cannot authenticate to a server that requires NTLM? + +NTLM support requires OpenSSL, GnuTLS, mbedTLS or Microsoft Windows libraries +at build-time to provide this functionality. + +## My HTTP request using HEAD, PUT or DELETE does not work + +Many web servers allow or demand that the administrator configures the server +properly for these requests to work on the web server. + +Some servers seem to support HEAD only on certain kinds of URLs. + +To fully grasp this, try the documentation for the particular server software +you are trying to interact with. This is not anything curl can do anything +about. + +## Why do my HTTP range requests return the full document? + +Because the range may not be supported by the server, or the server may choose +to ignore it and return the full document anyway. + +## Why do I get "certificate verify failed" ? + +When you invoke curl and get an error 60 error back it means that curl could +not verify that the server's certificate was good. curl verifies the +certificate using the CA cert bundle and verifying for which names the +certificate has been granted. + +To completely disable the certificate verification, use `-k`. This does +however enable man-in-the-middle attacks and makes the transfer **insecure**. +We strongly advise against doing this for more than experiments. + +If you get this failure with a CA cert bundle installed and used, the server's +certificate might not be signed by one of the certificate authorities in your +CA store. It might for example be self-signed. You then correct this problem +by obtaining a valid CA cert for the server. Or again, decrease the security +by disabling this check. + +At times, you find that the verification works in your favorite browser but +fails in curl. When this happens, the reason is usually that the server sends +an incomplete cert chain. The server is mandated to send all *intermediate +certificates* but does not. This typically works with browsers anyway since +they A) cache such certs and B) supports AIA which downloads such missing +certificates on demand. This is a bad server configuration. A good way to +figure out if this is the case it to use [the SSL Labs +server](https://www.ssllabs.com/ssltest/) test and check the certificate +chain. + +Details are also in [the SSL certificates +document](https://curl.se/docs/sslcerts.html). + +## Why is curl -R on Windows one hour off? + +Since curl 7.53.0 this issue should be fixed as long as curl was built with +any modern compiler that allows for a 64-bit curl_off_t type. For older +compilers or prior curl versions it may set a time that appears one hour off. +This happens due to a flaw in how Windows stores and uses file modification +times and it is not easily worked around. For more details [read +this](https://web.archive.org/web/20260105021457/www.codeproject.com/articles/Beating-the-Daylight-Savings-Time-Bug-and-Getting#comments-section). + +## Redirects work in browser but not with curl + +curl supports HTTP redirects well (see a previous question above). Browsers +generally support at least two other ways to perform redirects that curl does +not: + +Meta tags. You can write an HTML tag that causes the browser to redirect +to another given URL after a certain time. + +JavaScript. You can write a JavaScript program embedded in an HTML page that +redirects the browser to another given URL. + +There is no way to make curl follow these redirects. You must either manually +figure out what the page is set to do, or write a script that parses the +results and fetches the new URL. + +## FTPS does not work + +curl supports FTPS (sometimes known as FTP-SSL) both implicit and explicit +mode. + +When a URL is used that starts with `FTPS://`, curl assumes implicit SSL on +the control connection and therefore immediately connects and tries to speak +SSL. `FTPS://` connections default to port 990. + +To use explicit FTPS, you use an `FTP://` URL and the `--ssl-reqd` option (or +one of its related flavors). This is the most common method, and the one +mandated by RFC 4217. This kind of connection then of course uses the standard +FTP port 21 by default. + +## My HTTP POST or PUT requests are slow + +libcurl makes all POST and PUT requests (except for requests with a small +request body) use the `Expect: 100-continue` header. This header allows the +server to deny the operation early so that libcurl can bail out before having +to send any data. This is useful in authentication cases and others. + +Many servers do not implement the `Expect:` stuff properly and if the server +does not respond (positively) within 1 second libcurl continues and sends +off the data anyway. + +You can disable libcurl's use of the `Expect:` header the same way you disable +any header, using `-H` / `CURLOPT_HTTPHEADER`, or by forcing it to use HTTP +1.0. + +## Non-functional connect timeouts + +In most Windows setups having a timeout longer than 21 seconds makes no +difference, as it only sends 3 TCP SYN packets and no more. The second +packet sent three seconds after the first and the third six seconds after +the second. No more than three packets are sent, no matter how long the +timeout is set. + +See option `TcpMaxConnectRetransmissions` on [this +page](https://support.microsoft.com/topic/hotfix-enables-the-configuration-of-the-tcp-maximum-syn-retransmission-amount-in-windows-7-or-windows-server-2008-r2-1b6f8352-2c5f-58bb-ead7-2cf021407c8e). + +Also, even on non-Windows systems there may run a firewall or anti-virus +software or similar that accepts the connection but does not actually do +anything else. This makes (lib)curl to consider the connection connected +and thus the connect timeout does not trigger. + +## file:// URLs containing drive letters (Windows, NetWare) + +When using curl to try to download a local file, one might use a URL in this +format: + + file://D:/blah.txt + +you find that even if `D:\blah.txt` does exist, curl returns a 'file not +found' error. + +According to [RFC 1738](https://datatracker.ietf.org/doc/html/rfc1738), +`file://` URLs must contain a host component, but it is ignored by most +implementations. In the above example, `D:` is treated as the host component, +and is taken away. Thus, curl tries to open `/blah.txt`. If your system is +installed to drive C:, that resolves to `C:\blah.txt`, and if that does +not exist you get the not found error. + +To fix this problem, use `file://` URLs with *three* leading slashes: + + file:///D:/blah.txt + +Alternatively, if it makes more sense, specify `localhost` as the host +component: + + file://localhost/D:/blah.txt + +In either case, curl should now be looking for the correct file. + +## Why does not curl return an error when the network cable is unplugged? + +Unplugging a cable is not an error situation. The TCP/IP protocol stack was +designed to be fault tolerant, so even though there may be a physical break +somewhere the connection should not be affected, but possibly delayed. +Eventually, the physical break gets fixed or the data re-routed around +the physical problem through another path. + +In such cases, the TCP/IP stack is responsible for detecting when the network +connection is irrevocably lost. Since with some protocols it is perfectly +legal for the client to wait indefinitely for data, the stack may never report +a problem, and even when it does, it can take up to 20 minutes for it to +detect an issue. The curl option `--keepalive-time` enables keep-alive support +in the TCP/IP stack which makes it periodically probe the connection to make +sure it is still available to send data. That should reliably detect any +TCP/IP network failure. + +TCP keep alive does not detect the network going down before the TCP/IP +connection is established (e.g. during a DNS lookup) or using protocols that +do not use TCP. To handle those situations, curl offers a number of timeouts +on its own. `--speed-limit`/`--speed-time` aborts if the data transfer rate +falls too low, and `--connect-timeout` and `--max-time` can be used to put +an overall timeout on the connection phase or the entire transfer. + +A libcurl-using application running in a known physical environment (e.g. an +embedded device with only a single network connection) may want to act +immediately if its lone network connection goes down. That can be achieved by +having the application monitor the network connection on its own using an +OS-specific mechanism, then signaling libcurl to abort. + +## curl does not return error for HTTP non-200 responses + +Correct. Unless you use `-f` (`--fail`) or `--fail-with-body`. + +When doing HTTP transfers, curl performs exactly what you are asking it to +do and if successful it does not return an error. You can use curl to test +your web server's "file not found" page (that gets 404 back), you can use it +to check your authentication protected webpages (that gets a 401 back) and so +on. + +The specific HTTP response code does not constitute a problem or error for +curl. It sends and delivers HTTP as you asked and if that worked, +everything is fine and dandy. The response code is generally providing more +higher level error information that curl does not care about. The error was +not in the HTTP transfer. + +If you want your command line to treat error codes in the 400 and up range as +errors and thus return a non-zero value and possibly show an error message, +curl has a dedicated option for that: `-f` (`CURLOPT_FAILONERROR` in libcurl +speak). + +You can also use the `-w` option and the variable `%{response_code}` to +extract the exact response code that was returned in the response. + +# libcurl + +## Is libcurl thread-safe? + +Yes. + +We have written the libcurl code specifically adjusted for multi-threaded +programs. libcurl uses thread-safe functions instead of non-safe ones if your +system has such. Note that you must never share the same handle in multiple +threads. + +There may be some exceptions to thread safety depending on how libcurl was +built. Please review [the guidelines for thread +safety](https://curl.se/libcurl/c/threadsafe.html) to learn more. + +## How can I receive all data into a large memory chunk? + +(See the [get in memory](https://curl.se/libcurl/c/getinmemory.html) example.) + +You are in full control of the callback function that gets called every time +there is data received from the remote server. You can make that callback do +whatever you want. You do not have to write the received data to a file. + +One solution to this problem could be to have a pointer to a struct that you +pass to the callback function. You set the pointer using the CURLOPT_WRITEDATA +option. Then that pointer is passed to the callback instead of a FILE * +to a file: + +~~~c +/* store data this struct */ +struct MemoryStruct { + char *memory; + size_t size; +}; + +/* imaginary callback function */ +size_t +WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data) +{ + size_t realsize = size * nmemb; + struct MemoryStruct *mem = (struct MemoryStruct *)data; + + mem->memory = (char *)realloc(mem->memory, mem->size + realsize + 1); + if(mem->memory) { + memcpy(&(mem->memory[mem->size]), ptr, realsize); + mem->size += realsize; + mem->memory[mem->size] = 0; + } + return realsize; +} +~~~ + +## How do I fetch multiple files with libcurl? + +libcurl has excellent support for transferring multiple files. You should +repeatedly set new URLs with `curl_easy_setopt()` and then transfer it with +`curl_easy_perform()`. The handle you get from curl_easy_init() is not only +reusable, but you are even encouraged to reuse it if you can, as that +enables libcurl to use persistent connections. + +## Does libcurl do Winsock initialization on Win32 systems? + +Yes, if told to in the `curl_global_init()` call. + +## Does CURLOPT_WRITEDATA and CURLOPT_READDATA work on Win32 ? + +Yes, but you cannot open a FILE * and pass the pointer to a DLL and have that +DLL use the FILE * (as the DLL and the client application cannot access each +others' variable memory areas). If you set `CURLOPT_WRITEDATA` you must also use +`CURLOPT_WRITEFUNCTION` as well to set a function that writes the file, even if +all it does is write the data to the specified FILE *. Similarly, if you use +`CURLOPT_READDATA` you must also specify `CURLOPT_READFUNCTION`. + +## What about Keep-Alive or persistent connections? + +curl and libcurl have excellent support for persistent connections when +transferring several files from the same server. curl attempts to reuse +connections for all URLs specified on the same command line/config file, and +libcurl reuses connections for all transfers that are made using the same +libcurl handle. + +When you use the easy interface the connection cache is kept within the easy +handle. If you instead use the multi interface, the connection cache is kept +within the multi handle and shared among all the easy handles that are used +within the same multi handle. + +## Link errors when building libcurl on Windows + +You need to make sure that your project, and all the libraries (both static +and dynamic) that it links against, are compiled/linked against the same run +time library. + +This is determined by the `/MD`, `/ML`, `/MT` (and their corresponding `/M?d`) +options to the command line compiler. `/MD` (linking against `MSVCRT.dll`) +seems to be the most commonly used option. + +When building an application that uses the static libcurl library, you must +add `-DCURL_STATICLIB` to your `CFLAGS`. Otherwise the linker looks for +dynamic import symbols. If you are using Visual Studio, you need to instead +add `CURL_STATICLIB` in the "Preprocessor Definitions" section. + +If you get a linker error like `unknown symbol __imp__curl_easy_init ...` you +have linked against the wrong (static) library. If you want to use the +libcurl.dll and import lib, you do not need any extra `CFLAGS`, but use one of +the import libraries below. These are the libraries produced by the various +lib/Makefile.* files: + +| Target | static lib | import lib for DLL | +|----------------|----------------|--------------------| +| MinGW | `libcurl.a` | `libcurldll.a` | +| MSVC (release) | `libcurl.lib` | `libcurl_imp.lib` | +| MSVC (debug) | `libcurld.lib` | `libcurld_imp.lib` | + +## libcurl.so.X: open failed: No such file or directory + +This is an error message you might get when you try to run a program linked +with a shared version of libcurl and your runtime linker (`ld.so`) could not +find the shared library named `libcurl.so.X`. (Where X is the number of the +current libcurl ABI, typically 3 or 4). + +You need to make sure that `ld.so` finds `libcurl.so.X`. You can do that +multiple ways, and it differs somewhat between different operating systems. +They are usually: + +* Add an option to the linker command line that specify the hard-coded path + the runtime linker should check for the lib (usually `-R`) +* Set an environment variable (`LD_LIBRARY_PATH` for example) where `ld.so` + should check for libs +* Adjust the system's config to check for libs in the directory where you have + put the library (like Linux's `/etc/ld.so.conf`) + +`man ld.so` and `man ld` tells you more details + +## How does libcurl resolve hostnames? + +libcurl supports a large number of name resolve functions. One of them is +picked at build-time and used unconditionally. Thus, if you want to change +name resolver function you must rebuild libcurl and tell it to use +a different function. + +### The non-IPv6 resolver + +The non-IPv6 resolver that can use one of four different hostname resolve +calls depending on what your system supports: + +1. gethostbyname() +2. gethostbyname_r() with 3 arguments +3. gethostbyname_r() with 5 arguments +4. gethostbyname_r() with 6 arguments + +### The IPv6 resolver + +Uses getaddrinfo() + +### The cares resolver + +The c-ares based name resolver that uses the c-ares library for resolves. +Using this offers asynchronous name resolves. + +## The threaded resolver + +It uses the IPv6 or the non-IPv6 resolver solution in a temporary thread. + +## How do I prevent libcurl from writing the response to stdout? + +libcurl provides a default built-in write function that writes received data +to stdout. Set the `CURLOPT_WRITEFUNCTION` to receive the data, or possibly +set `CURLOPT_WRITEDATA` to a different FILE * handle. + +## How do I make libcurl not receive the whole HTTP response? + +You make the write callback (or progress callback) return an error and libcurl +then aborts the transfer. + +## Can I make libcurl fake or hide my real IP address? + +No. libcurl operates on a higher level. Besides, faking IP address would +imply sending IP packets with a made-up source address, and then you normally +get a problem with receiving the packet sent back as they would then not be +routed to you. + +If you use a proxy to access remote sites, the sites do not see your local +IP address but instead the address of the proxy. + +Also note that on many networks NATs or other IP-munging techniques are used +that makes you see and use a different IP address locally than what the remote +server is seeing you coming from. You may also consider using +[Tor](https://www.torproject.org/). + +## How do I stop an ongoing transfer? + +With the easy interface you make sure to return the correct error code from +one of the callbacks, but none of them are instant. There is no function you +can call from another thread or similar that stops it immediately. +Instead, you need to make sure that one of the callbacks you use returns an +appropriate value that stops the transfer. Suitable callbacks that you can +do this with include the progress callback, the read callback and the write +callback. + +If you are using the multi interface, you can also stop a transfer by removing +the particular easy handle from the multi stack at any moment you think the +transfer is done or when you wish to abort the transfer. + +## Using C++ non-static functions for callbacks? + +libcurl is a C library, it does not know anything about C++ member functions. + +You can overcome this limitation with relative ease using a static member +function that is passed a pointer to the class: + +~~~c++ +// f is the pointer to your object. +static size_t YourClass::func(void *buffer, size_t sz, size_t n, void *f) +{ + // Call non-static member function. + static_cast(f)->nonStaticFunction(); +} + +// This is how you pass pointer to the static function: +curl_easy_setopt(hcurl, CURLOPT_WRITEFUNCTION, YourClass::func); +curl_easy_setopt(hcurl, CURLOPT_WRITEDATA, this); +~~~ + +## How do I get an FTP directory listing? + +If you end the FTP URL you request with a slash, libcurl provides you with +a directory listing of that given directory. You can also set +`CURLOPT_CUSTOMREQUEST` to alter what exact listing command libcurl would use +to list the files. + +The follow-up question tends to be how is a program supposed to parse the +directory listing. How does it know what's a file and what's a directory and +what's a symlink etc. If the FTP server supports the `MLSD` command then it +returns data in a machine-readable format that can be parsed for type. The +types are specified by RFC 3659 section 7.5.1. If `MLSD` is not supported then +you have to work with what you are given. The `LIST` output format is entirely +at the server's own liking and the `NLST` output does not reveal any types and +in many cases does not even include all the directory entries. Also, both +`LIST` and `NLST` tend to hide Unix-style hidden files (those that start with +a dot) by default so you need to do `LIST -a` or similar to see them. + +Example - List only directories. `ftp.funet.fi` supports `MLSD` and +`ftp.kernel.org` does not: + + curl -s ftp.funet.fi/pub/ -X MLSD | \ + perl -lne 'print if s/(?:^|;)type=dir;[^ ]+ (.+)$/$1/' + + curl -s ftp.kernel.org/pub/linux/kernel/ | \ + perl -lne 'print if s/^d[-rwx]{9}(?: +[^ ]+){7} (.+)$/$1/' + +If you need to parse LIST output, libcurl provides the ability to specify a +wildcard to download multiple files from an FTP directory. + +## I want a different time-out + +Sometimes users realize that `CURLOPT_TIMEOUT` and `CURLOPT_CONNECTIMEOUT` are +not sufficiently advanced or flexible to cover all the various use cases and +scenarios applications end up with. + +libcurl offers many more ways to time-out operations. A common alternative is +to use the `CURLOPT_LOW_SPEED_LIMIT` and `CURLOPT_LOW_SPEED_TIME` options to +specify the lowest possible speed to accept before to consider the transfer +timed out. + +The most flexible way is by writing your own time-out logic and using +`CURLOPT_XFERINFOFUNCTION` (perhaps in combination with other callbacks) and +use that to figure out exactly when the right condition is met when the +transfer should get stopped. + +## Can I write a server with libcurl? + +No. libcurl offers no functions or building blocks to build any kind of +Internet protocol server. libcurl is only a client-side library. For server +libraries, you need to continue your search elsewhere but there exist many +good open source ones out there for most protocols you could want a server +for. There are also really good stand-alone servers that have been tested and +proven for many years. There is no need for you to reinvent them. + +## Does libcurl use threads? + +No, libcurl executes in the same thread you call it in. All callbacks are +called in the same thread as the one you call libcurl in. + +If you want to avoid your thread to be blocked by the libcurl call, you make +sure you use the non-blocking multi API which does transfers +asynchronously - still in the same single thread. + +libcurl does potentially internally use threads for name resolving, if it was +built to work like that, but in those cases it creates the child threads by +itself and they are only used and then killed internally by libcurl and never +exposed to the outside. + +# License + +curl and libcurl are released under an MIT/X derivative license. The license +is liberal and should not impose a problem for your project. This section is a +brief summary for the cases we get the most questions. + +We are not lawyers and this is not legal advice. You should probably consult +one if you want true and accurate legal insights without our prejudice. Note +especially that this section concerns the libcurl license only; compiling in +features of libcurl that depend on other libraries (e.g. OpenSSL) may affect +the licensing obligations of your application. + +## I have a GPL program, can I use the libcurl library? + +Yes + +Since libcurl may be distributed under the MIT/X derivative license, it can be +used together with GPL in any software. + +## I have a closed-source program, can I use the libcurl library? + +Yes + +libcurl does not put any restrictions on the program that uses the library. + +## I have a BSD licensed program, can I use the libcurl library? + +Yes + +libcurl does not put any restrictions on the program that uses the library. + +## I have a program that uses LGPL libraries, can I use libcurl? + +Yes + +The LGPL license does not clash with other licenses. + +## Can I modify curl/libcurl for my program and keep the changes secret? + +Yes + +The MIT/X derivative license practically allows you to do almost anything with +the sources, on the condition that the copyright texts in the sources are left +intact. + +## Can you please change the curl/libcurl license? + +No. + +We have carefully picked this license after years of development and +discussions and a large amount of people have contributed with source code +knowing that this is the license we use. This license puts the restrictions we +want on curl/libcurl and it does not spread to other programs or libraries +that use it. It should be possible for everyone to use libcurl or curl in +their projects, no matter what license they already have in use. + +## What are my obligations when using libcurl in my commercial apps? + +Next to none. All you need to adhere to is the MIT-style license (stated in +the COPYING file) which says you have to include the copyright notice in *all +copies* and that you may not use the copyright holder's name when promoting +your software. + +You do not have to release any of your source code. + +You do not have to reveal or make public any changes to the libcurl source +code. + +You do not have to broadcast to the world that you are using libcurl within +your app. + +All we ask is that you disclose *the copyright notice and this permission +notice* somewhere. Most probably like in the documentation or in the section +where other third party dependencies already are mentioned and acknowledged. + +As can be seen [here](https://curl.se/docs/companies.html) and elsewhere, more +and more companies are discovering the power of libcurl and take advantage of +it even in commercial environments. + +## What license does curl use exactly? + +curl is released under an [MIT derivative +license](https://curl.se/docs/copyright.html). It is similar but not identical +to the MIT license. + +The difference is considered big enough to make SPDX list it under its own +identifier: [curl](https://spdx.org/licenses/curl.html). + +The changes done to the license that make it uniquely curl were tiny and +well-intended, but the reasons for them have been forgotten and we strongly +discourage others from doing the same thing. + +# PHP/CURL + +## What is PHP/CURL? + +The module for PHP that makes it possible for PHP programs to access curl +functions from within PHP. + +In the curl project we call this module PHP/CURL to differentiate it from curl +the command line tool and libcurl the library. The PHP team however does not +refer to it like this (for unknown reasons). They call it plain CURL (often +using all caps) or sometimes ext/curl, but both cause much confusion to users +which in turn gives us a higher question load. + +## Who wrote PHP/CURL? + +PHP/CURL was initially written by Sterling Hughes. + +## Can I perform multiple requests using the same handle? + +Yes. + +After a transfer, you set new options in the handle and make another transfer. +This makes libcurl reuse the same connection if it can. + +## Does PHP/CURL have dependencies? + +PHP/CURL is a module that comes with the regular PHP package. It depends on +and uses libcurl, so you need to have libcurl installed properly before +PHP/CURL can be used. + +# Development + +## Why does curl use C89? + +As with everything in curl, there is a history and we keep using what we have +used before until someone brings up the subject and argues for and works on +changing it. + +We started out using C89 in the 1990s because that was the only way to write a +truly portable C program and have it run as widely as possible. C89 was for a +long time even necessary to make things work on otherwise considered modern +platforms such as Windows. Today, we do not really know how many users that +still require the use of a C89 compiler. + +We continue to use C89 for as long as nobody brings up a strong enough reason +for us to change our minds. The core developers of the project do not feel +restricted by this and we are not convinced that going C99 offers us enough +of a benefit to warrant the risk of cutting off a share of users. + +## Would curl be rewritten? + +In one go: no. Little by little over time? Sure. + +Over the years, new languages and clever operating environments come and go. +Every now and then the urge apparently arises to request that we rewrite curl +in another language. + +Some the most important properties in curl are maintaining the API and ABI for +libcurl and keeping the behavior for the command line tool. As long as we can +do that, everything else is up for discussion. To maintain the ABI, we +probably have to maintain a certain amount of code in C, and to remain rock +stable, we never risk anything by rewriting a lot of things in one go. +That said, we can certainly offer more and more optional backends written in +other languages, as long as those backends can be plugged in at build-time. +Backends can be written in any language, but should probably provide APIs +usable from C to ease integration and transition. diff --git a/docs/FEATURES.md b/docs/FEATURES.md index 38e2ac3ed320..a7f184505629 100644 --- a/docs/FEATURES.md +++ b/docs/FEATURES.md @@ -1,220 +1,249 @@ + + # Features -- what curl can do ## curl tool - - config file support - - multiple URLs in a single command line - - range "globbing" support: [0-13], {one,two,three} - - multiple file upload on a single command line - - custom maximum transfer rate - - redirectable stderr - - parallel transfers +- config file support +- multiple URLs in a single command line +- range "globbing" support: [0-13], {one,two,three} +- multiple file upload on a single command line +- redirect stderr +- parallel transfers ## libcurl - - full URL syntax with no length limit - - custom maximum download time - - custom least download speed acceptable - - custom output result after completion - - guesses protocol from host name unless specified - - uses .netrc - - progress bar with time statistics while downloading - - "standard" proxy environment variables support - - compiles on win32 (reported builds on 70+ operating systems) - - selectable network interface for outgoing traffic - - IPv6 support on unix and Windows - - happy eyeballs dual-stack connects - - persistent connections - - SOCKS 4 + 5 support, with or without local name resolving - - supports user name and password in proxy environment variables - - operations through HTTP proxy "tunnel" (using CONNECT) - - replaceable memory functions (malloc, free, realloc, etc) - - asynchronous name resolving (6) - - both a push and a pull style interface - - international domain names (11) +- URL RFC 3986 syntax +- custom maximum download time +- custom lowest download speed acceptable +- custom output result after completion +- guesses protocol from hostname unless specified +- supports .netrc +- progress bar with time statistics while downloading +- standard proxy environment variables support +- have run on 101 operating systems and 28 CPU architectures +- selectable network interface for outgoing traffic +- IPv6 support on Unix and Windows +- happy eyeballs dual-stack IPv4 + IPv6 connects +- persistent connections +- SOCKS 4 + 5 support, with or without local name resolving +- *pre-proxy* support, for *proxy chaining* +- supports username and password in proxy environment variables +- operations through HTTP proxy "tunnel" (using CONNECT) +- replaceable memory functions (malloc, free, realloc, etc) +- asynchronous name resolving +- both a push and a pull style interface +- international domain names (IDN) +- transfer rate limiting +- stable API and ABI +- TCP keep alive +- TCP Fast Open +- DNS cache (that can be shared between transfers) +- non-blocking single-threaded parallel transfers +- Unix domain sockets to server or proxy +- DNS-over-HTTPS +- uses non-blocking name resolves +- selectable name resolver backend + +## URL API + +- parses RFC 3986 URLs +- generates URLs from individual components +- manages "redirects" + +## Header API + +- easy access to HTTP response headers, from all contexts +- named headers +- iterate over headers + +## TLS + +- selectable TLS backend(s) +- TLS False Start +- TLS version control +- TLS session resumption +- key pinning +- mutual authentication +- Use dedicated CA cert bundle +- Use OS-provided CA store +- separate TLS options for HTTPS proxy ## HTTP - - HTTP/0.9 responses are optionally accepted - - HTTP/1.0 - - HTTP/1.1 - - HTTP/2, including multiplexing and server push (5) - - GET - - PUT - - HEAD - - POST - - multipart formpost (RFC1867-style) - - authentication: Basic, Digest, NTLM (9) and Negotiate (SPNEGO) (3) - to server and proxy - - resume (both GET and PUT) - - follow redirects - - maximum amount of redirects to follow - - custom HTTP request - - cookie get/send fully parsed - - reads/writes the netscape cookie file format - - custom headers (replace/remove internally generated headers) - - custom user-agent string - - custom referrer string - - range - - proxy authentication - - time conditions - - via HTTP proxy, HTTPS proxy or SOCKS proxy - - retrieve file modification date - - Content-Encoding support for deflate and gzip - - "Transfer-Encoding: chunked" support in uploads - - automatic data compression (12) - -## HTTPS (1) - - - (all the HTTP features) - - HTTP/3 experimental support - - using client certificates - - verify server certificate - - via HTTP proxy, HTTPS proxy or SOCKS proxy - - select desired encryption - - select usage of a specific SSL version +- HTTP/0.9 responses are optionally accepted +- HTTP/1.0 +- HTTP/1.1 +- HTTP/2, including multiplexing and server push +- GET +- PUT +- HEAD +- POST +- multipart formpost (RFC 1867-style) +- authentication: Basic, Digest, NTLM (9) and Negotiate (SPNEGO) + to server and proxy +- resume transfers +- follow redirects +- maximum amount of redirects to follow +- custom HTTP request +- cookie get/send fully parsed +- reads/writes the Netscape cookie file format +- custom headers (replace/remove internally generated headers) +- custom user-agent string +- custom referrer string +- range +- proxy authentication +- time conditions +- via HTTP proxy, HTTPS proxy or SOCKS proxy +- HTTP/2 or HTTP/1.1 to HTTPS proxy +- retrieve file modification date +- Content-Encoding support for deflate, gzip, brotli and zstd +- "Transfer-Encoding: chunked" support in uploads +- HSTS +- alt-svc +- ETags +- HTTP/1.1 trailers, both sending and getting + +## HTTPS + +- HTTP/3 +- using client certificates +- verify server certificate +- via HTTP proxy, HTTPS proxy or SOCKS proxy +- select desired encryption +- select usage of a specific TLS version +- ECH ## FTP - - download - - authentication - - Kerberos 5 (13) - - active/passive using PORT, EPRT, PASV or EPSV - - single file size information (compare to HTTP HEAD) - - 'type=' URL support - - dir listing - - dir listing names-only - - upload - - upload append - - upload via http-proxy as HTTP PUT - - download resume - - upload resume - - custom ftp commands (before and/or after the transfer) - - simple "range" support - - via HTTP proxy, HTTPS proxy or SOCKS proxy - - all operations can be tunneled through proxy - - customizable to retrieve file modification date - - no dir depth limit - -## FTPS (1) - - - implicit `ftps://` support that use SSL on both connections - - explicit "AUTH TLS" and "AUTH SSL" usage to "upgrade" plain `ftp://` - connection to use SSL for both or one of the connections - -## SCP (8) - - - both password and public key auth - -## SFTP (7) - - - both password and public key auth - - with custom commands sent before/after the transfer +- download +- authentication +- Kerberos 5 +- active/passive using PORT, EPRT, PASV or EPSV +- single file size information (compare to HTTP HEAD) +- 'type=' URL support +- directory listing +- directory listing names-only +- upload +- upload append +- upload via http-proxy as HTTP PUT +- download resume +- upload resume +- custom ftp commands (before and/or after the transfer) +- simple "range" support +- via HTTP proxy, HTTPS proxy or SOCKS proxy +- all operations can be tunneled through proxy +- customizable to retrieve file modification date +- no directory depth limit + +## FTPS + +- implicit `ftps://` support that use SSL on both connections +- explicit "AUTH TLS" and "AUTH SSL" usage to "upgrade" plain `ftp://` + connection to use SSL for both or one of the connections + +## SSH (both SCP and SFTP) + +- selectable SSH backend +- known hosts support +- public key fingerprinting +- both password and public key auth + +## SFTP + +- both password and public key auth +- with custom commands sent before/after the transfer +- directory listing ## TFTP - - download - - upload +- download +- upload ## TELNET - - connection negotiation - - custom telnet options - - stdin/stdout I/O +- connection negotiation +- custom telnet options +- stdin/stdout I/O -## LDAP (2) +## LDAP - - full LDAP URL support +- full LDAP URL support ## DICT - - extended DICT URL support +- extended DICT URL support ## FILE - - URL support - - upload - - resume +- URL support +- upload +- resume ## SMB - - SMBv1 over TCP and SSL - - download - - upload - - authentication with NTLMv1 +- SMBv1 over TCP and SSL +- download +- upload +- authentication with NTLMv1 ## SMTP - - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (9), Kerberos 5 - (4) and External. - - send e-mails - - mail from support - - mail size support - - mail auth support for trusted server-to-server relaying - - multiple recipients - - via http-proxy +- authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM, Kerberos 5 and + External +- send emails +- mail from support +- mail size support +- mail auth support for trusted server-to-server relaying +- multiple recipients +- via http-proxy -## SMTPS (1) +## SMTPS - - implicit `smtps://` support - - explicit "STARTTLS" usage to "upgrade" plain `smtp://` connections to use SSL - - via http-proxy +- implicit `smtps://` support +- explicit "STARTTLS" usage to "upgrade" plain `smtp://` connections to use SSL +- via http-proxy ## POP3 - - authentication: Clear Text, APOP and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (9), - Kerberos 5 (4) and External. - - list e-mails - - retrieve e-mails - - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via - custom requests - - via http-proxy +- authentication: Clear Text, APOP and SASL +- SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM, + Kerberos 5 and External +- list emails +- retrieve emails +- enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via + custom requests +- via http-proxy -## POP3S (1) +## POP3S - - implicit `pop3s://` support - - explicit "STLS" usage to "upgrade" plain `pop3://` connections to use SSL - - via http-proxy +- implicit `pop3s://` support +- explicit `STLS` usage to "upgrade" plain `pop3://` connections to use SSL +- via http-proxy ## IMAP - - authentication: Clear Text and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (9), - Kerberos 5 (4) and External. - - list the folders of a mailbox - - select a mailbox with support for verifying the UIDVALIDITY - - fetch e-mails with support for specifying the UID and SECTION - - upload e-mails via the append command - - enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS, - STORE, COPY and UID via custom requests - - via http-proxy +- authentication: Clear Text and SASL +- SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM, + Kerberos 5 and External +- list the folders of a mailbox +- select a mailbox with support for verifying the `UIDVALIDITY` +- fetch emails with support for specifying the UID and SECTION +- upload emails via the append command +- enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS, + STORE, COPY and UID via custom requests +- via http-proxy -## IMAPS (1) +## IMAPS - - implicit `imaps://` support - - explicit "STARTTLS" usage to "upgrade" plain `imap://` connections to use SSL - - via http-proxy +- implicit `imaps://` support +- explicit "STARTTLS" usage to "upgrade" plain `imap://` connections to use SSL +- via http-proxy ## MQTT - - Subscribe to and publish topics using url scheme `mqtt://broker/topic` - -## Footnotes - - 1. requires a TLS library - 2. requires OpenLDAP or WinLDAP - 3. requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or - SSPI (native Windows) - 4. requires a GSS-API implementation, however, only Windows SSPI is - currently supported - 5. requires nghttp2 - 6. requires c-ares - 7. requires libssh2, libssh or wolfSSH - 8. requires libssh2 or libssh - 9. requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI - (native Windows) - 10. - - 11. requires libidn2 or Windows - 12. requires libz, brotli and/or zstd - 13. requires a GSS-API implementation (such as Heimdal or MIT Kerberos) +- Subscribe to and publish topics using URL scheme `mqtt://broker/topic` diff --git a/docs/GOVERNANCE.md b/docs/GOVERNANCE.md index dfc2071d62f2..bae06009b9b3 100644 --- a/docs/GOVERNANCE.md +++ b/docs/GOVERNANCE.md @@ -1,3 +1,9 @@ + + # Decision making in the curl project A rough guide to how we make decisions and who does what. @@ -8,15 +14,14 @@ This project was started by and has to some extent been pushed forward over the years with Daniel Stenberg as the driving force. It matches a standard BDFL (Benevolent Dictator For Life) style project. -This setup has been used due to convenience and the fact that is has worked +This setup has been used due to convenience and the fact that it has worked fine this far. It is not because someone thinks of it as a superior project -leadership model. It will also only continue working as long as Daniel manages -to listen in to what the project and the general user population wants and -expects from us. +leadership model. It also only works as long as Daniel manages to listen in to +what the project and the general user population wants and expects from us. ## Legal entity -There is no legal entity. The curl project is just a bunch of people scattered +There is no legal entity. The curl project is a bunch of people scattered around the globe with the common goal to produce source code that creates great products. We are not part of any umbrella organization and we are not located in any specific country. We are totally independent. @@ -29,23 +34,22 @@ that wrote those parts of the code. The curl project is not a democracy, but everyone is entitled to state their opinion and may argue for their sake within the community. -All and any changes that have been done or will be done are eligible to bring -up for discussion, to object to or to praise. Ideally, we find consensus for -the appropriate way forward in any given situation or challenge. +All and any changes that have been done or are done are eligible to bring up +for discussion, to object to or to praise. Ideally, we find consensus for the +appropriate way forward in any given situation or challenge. If there is no obvious consensus, a maintainer who's knowledgeable in the -specific area will take an "executive" decision that they think is the right -for the project. +specific area takes an "executive" decision that they think is the right for +the project. ## Donations Donating plain money to curl is best done to curl's [Open Collective fund](https://opencollective.com/curl). Open Collective is a US based -non-profit organization that holds on to funds for us. This fund is then used -for paying the curl security bug bounties, to reimburse project related -expenses etc. +non-profit organization that holds on to funds for us. This fund is used to +reimburse and pay for project related expenses etc. -Donations to the project can also come in form of server hosting, providing +Donations to the project can also come in the form of server hosting, providing services and paying for people to work on curl related code etc. Usually, such donations are services paid for directly by the sponsors. @@ -57,7 +61,7 @@ they can be mentioned on the Sponsors page on the curl website. The curl project does not do or offer commercial support. It only hosts mailing lists, runs bug trackers etc to facilitate communication and work. -However, Daniel works for wolfSSL and we offer commercial curl support there. +Daniel works for wolfSSL, which offers commercial curl support. # Key roles @@ -81,32 +85,48 @@ curl source code repository. Committers are recorded as `Author` in git. A maintainer in the curl project is an individual who has been given permissions to push commits to one of the git repositories. -Maintainers are free to push commits to the repositories at their own will. +Maintainers are free to push commits to the repositories at they see fit. Maintainers are however expected to listen to feedback from users and any change that is non-trivial in size or nature *should* be brought to the project as a Pull-Request (PR) to allow others to comment/object before merge. ## Former maintainers -A maintainer who stops being active in the project will at some point get -their push permissions removed. We do this for security reasons but also to -make sure that we always have the list of maintainers as "the team that push -stuff to curl". +A maintainer who stops being active in the project gets their push permissions +removed at some point. We do this for security reasons but also to make sure +that we always have the list of maintainers as "the team that push stuff to +curl". Getting push permissions removed is not a punishment. Everyone who ever worked on maintaining curl is considered a hero, for all time hereafter. ## Security team members -We have a security team. That's the team of people who are subscribed to the +We have a security team. That is the team of people who are subscribed to the curl-security mailing list; the receivers of security reports from users and -developers. This list of people will vary over time but should be skilled +developers. This list of people varies over time but they are all skilled developers familiar with the curl project. The security team works best when it consists of a small set of active persons. We invite new members when the team seems to need it, and we also expect to retire security team members as they "drift off" from the project or -just find themselves unable to perform their duties there. +find themselves unable to perform their duties there. + +## Core team + +There is a curl core team. It currently has the same set of members as the +security team. It can also be reached on the security email address. + +The core team nominates and invites new members to the team when it sees fit. +There is no open member voting or formal ways to be a candidate. Active +participants in the curl project who want to join the core team can ask to +join. + +The core team is a board of advisors. It deals with project management +subjects that need confidentiality or for other reasons cannot be dealt with +and discussed in the open (for example reports of code of conduct violations). +Project matters should always as far as possible be discussed on open mailing +lists. ## Server admins @@ -116,14 +136,14 @@ admin of all things curl related server stuff, but Björn Stenberg and Linus Feltzing serve as backup admins for when Daniel is gone or unable. The primary server is paid for by Haxx. The machine is physically located in a -server bunker in Stockholm Sweden, operated by the company Portlane. +server bunker in Stockholm Sweden, operated by the company Glesys. The website contents are served to the web via Fastly and Daniel is the primary curl contact with Fastly. ## BDFL -That's Daniel. +That is Daniel. # Maintainers @@ -152,14 +172,14 @@ within the area of personal expertise and experience. ### Merge advice -When you're merging patches/PRs... +When you are merging patches/pull requests... - make sure the commit messages follow our template -- squash patch sets into a few logical commits even if the PR didn't, if +- squash patch sets into a few logical commits even if the PR did not, if necessary - avoid the "merge" button on GitHub, do it "manually" instead to get full - control and full audit trail (github leaves out you as "Committer:") -- remember to credit the reporter and the helpers! + control and full audit trail (GitHub leaves out you as "Committer:") +- remember to credit the reporter and the helpers. ## Who are maintainers? @@ -172,11 +192,25 @@ different individuals and over time. If you think you can help making the project better by shouldering some maintaining responsibilities, then please get in touch. -You will be expected to be familiar with the curl project and its ways of -working. You need to have gotten a few quality patches merged as a proof of -this. +You are expected to be familiar with the curl project and its ways of working. +You need to have gotten a few quality patches merged as a proof of this. ### Stop being a maintainer If you (appear to) not be active in the project anymore, you may be removed as -a maintainer. Thank you for your service! +a maintainer. Thank you for your service. + +# Post-Daniel BDFL + +At the point in a future when Daniel steps away from the project and stops +being the project lead, there is reason to reconsider how to keep driving the +project forward. Countries, companies and organizations have a single +president or CEO for a reason; having a single leader that responsibly can +take quick daily decisions is efficient. Without Daniel as BDFL, either +someone else needs to step up and become president, or the project needs to +adopt a council-driven process. Maybe both? Maybe vote a new project leader +for one year or a few years at a time? + +Deciding the replacement person and governance is a subject for the curl core +team to vote on. When that happens, this section of this document should also +get updated. diff --git a/docs/HELP-US.md b/docs/HELP-US.md index ce3d720bed95..e676dcf08f1b 100644 --- a/docs/HELP-US.md +++ b/docs/HELP-US.md @@ -1,12 +1,20 @@ + + # How to get started helping out in the curl project We are always in need of more help. If you are new to the project and are looking for ways to contribute and help out, this document aims to give a few good starting points. -A good idea is to start by subscribing to the [curl-library mailing -list](https://cool.haxx.se/mailman/listinfo/curl-library) to keep track of the -current discussion topics. +You may subscribe to the [curl-library mailing +list](https://lists.haxx.se/listinfo/curl-library) to keep track of the +current discussion topics; or if you are registered on GitHub, you can use the +[Discussions section](https://github.com/curl/curl/discussions) on the main +curl repository. ## Scratch your own itch @@ -18,32 +26,32 @@ down and report the bug. Or make your first pull request with a fix for that. ## Smaller tasks Some projects mark small issues as "beginner friendly", "bite-sized" or -similar. We don't do that in curl since such issues never linger around long -enough. Simple issues get handled very fast. +similar. We do not do that in curl since such issues never linger around long +enough. Simple issues get handled fast. -If you're looking for a smaller or simpler task in the project to help out +If you are looking for a smaller or simpler task in the project to help out with as an entry-point into the project, perhaps because you are a newcomer or even maybe not a terribly experienced developer, here's our advice: - - Read through this document to get a grasp on a general approach to use - - Consider adding a test case for something not currently tested (correctly) - - Consider updating or adding documentation - - One way to get your feet wet gently in the project, is to participate in an - existing issue/PR and help out by reproducing the issue, review the code in - the PR etc. +- Read through this document to get a grasp on a general approach to use +- Consider adding a test case for something not currently tested (correctly) +- Consider updating or adding documentation +- One way to get started gently in the project, is to participate in an + existing issue/PR and help out by reproducing the issue, review the code in + the PR etc. ## Help wanted In the issue tracker we occasionally mark bugs with [help wanted](https://github.com/curl/curl/labels/help%20wanted), as a sign that the -bug is acknowledged to exist and that there's nobody known to work on this +bug is acknowledged to exist and that there is nobody known to work on this issue for the moment. Those are bugs that are fine to "grab" and provide a -pull request for. The complexity level of these will of course vary, so pick -one that piques your interest. +pull request for. The complexity level of these of course varies, so pick one +that piques your interest. ## Work on known bugs -Some bugs are known and haven't yet received attention and work enough to get +Some bugs are known and have not yet received attention and work enough to get fixed. We collect such known existing flaws in the [KNOWN_BUGS](https://curl.se/docs/knownbugs.html) page. Many of them link to the original bug report with some additional details, but some may also @@ -56,7 +64,7 @@ On the [autobuilds page](https://curl.se/dev/builds.html) we show a collection of test results from the automatic curl build and tests that are performed by volunteers. Fixing compiler warnings and errors shown there is something we value greatly. Also, if you own or run systems or architectures -that aren't already tested in the autobuilds, we also appreciate more +that are not already tested in the autobuilds, we also appreciate more volunteers running builds automatically to help us keep curl portable. ## TODO items @@ -64,7 +72,7 @@ volunteers running builds automatically to help us keep curl portable. Ideas for features and functions that we have considered worthwhile to implement and provide are kept in the [TODO](https://curl.se/docs/todo.html) file. Some of the ideas are -rough. Some are well thought out. Some probably aren't really suitable +rough. Some are well thought out. Some probably are not really suitable anymore. Before you invest a lot of time on a TODO item, do bring it up for discussion @@ -75,13 +83,12 @@ brainstorming on specific ways to do the implementation etc. You can also come up with a completely new thing you think we should do. Or not do. Or fix. Or add to the project. You then either bring it to the mailing -list first to see if people will shoot down the idea at once, or you bring a -first draft of the idea as a pull request and take the discussion there around -the specific implementation. Either way is fine. +list first to see if people shoot down the idea at once, or you bring a first +draft of the idea as a pull request and take the discussion there around the +specific implementation. Either way is fine. ## CONTRIBUTE -We offer [guidelines](https://curl.se/dev/contribute.html) that are -suitable to be familiar with before you decide to contribute to curl. If -you're used to open source development, you'll probably not find many -surprises in there. +We offer [guidelines](https://curl.se/dev/contribute.html) that are suitable +to be familiar with before you decide to contribute to curl. If you are used +to open source development, you probably do not find many surprises there. diff --git a/docs/HISTORY.md b/docs/HISTORY.md index 373741c586a2..c376905ebbae 100644 --- a/docs/HISTORY.md +++ b/docs/HISTORY.md @@ -1,32 +1,35 @@ -How curl Became Like This -========================= + + +# How curl Became Like This Towards the end of 1996, Daniel Stenberg was spending time writing an IRC bot for an Amiga related channel on EFnet. He then came up with the idea to make -currency-exchange calculations available to Internet Relay Chat (IRC) -users. All the necessary data were published on the Web; he just needed to -automate their retrieval. +currency-exchange calculations available to Internet Relay Chat (IRC) users. +All the necessary data were published on the Web; he only needed to automate +their retrieval. -1996 ----- +## 1996 On November 11, 1996 the Brazilian developer Rafael Sagula wrote and released HttpGet version 0.1. Daniel extended this existing command-line open-source tool. After a few minor -adjustments, it did just what he needed. The first release with Daniel's -additions was 0.2, released on December 17, 1996. Daniel quickly became the -new maintainer of the project. +adjustments, it did what he needed. The first release with Daniel's additions +was 0.2, released on December 17, 1996. Daniel quickly became the new +maintainer of the project. -1997 ----- +## 1997 HttpGet 0.3 was released in January 1997 and now it accepted HTTP URLs on the command line. -HttpGet 1.0 was released on April 8th 1997 with brand new HTTP proxy support. +HttpGet 1.0 was released on April 8 1997 with brand new HTTP proxy support. -We soon found and fixed support for getting currencies over GOPHER. Once FTP +We soon found and fixed support for getting currencies over GOPHER. Once FTP download support was added, the name of the project was changed and urlget 2.0 was released in August 1997. The http-only days were already passed. @@ -37,8 +40,7 @@ November 24 1997: Version 3.1 added FTP upload support. Version 3.5 added support for HTTP POST. -1998 ----- +## 1998 February 4: urlget 3.10 @@ -60,19 +62,19 @@ SSL support was added, powered by the SSLeay library. August: first announcement of curl on freshmeat.net. October: with the curl 4.9 release and the introduction of cookie support, -curl was no longer released under the GPL license. Now we're at 4000 lines of +curl was no longer released under the GPL license. Now we are at 4000 lines of code, we switched over to the MPL license to restrict the effects of "copyleft". November: configure script and reported successful compiles on several -major operating systems. The never-quite-understood -F option was added and -curl could now simulate quite a lot of a browser. TELNET support was added. +major operating systems. The often-misunderstood -F option was added, and +curl could now simulate significant browser functionality. TELNET support was +added. -Curl 5 was released in December 1998 and introduced the first ever curl man +curl 5 was released in December 1998 and introduced the first ever curl man page. People started making Linux RPM packages out of it. -1999 ----- +## 1999 January: DICT support added. @@ -88,8 +90,7 @@ September: Released curl 6.0. 15000 lines of code. December 28: added the project on Sourceforge and started using its services for managing the project. -2000 ----- +## 2000 Spring: major internal overhaul to provide a suitable library interface. The first non-beta release was named 7.1 and arrived in August. This offered @@ -111,8 +112,7 @@ September: kerberos4 support was added. November: started the work on a test suite for curl. It was later re-written from scratch again. The libcurl major SONAME number was set to 1. -2001 ----- +## 2001 January: Daniel released curl 7.5.2 under a new license again: MIT (or MPL). The MIT license is extremely liberal and can be combined with GPL @@ -130,7 +130,7 @@ August: The curl website gets 8000 visits weekly. Curl Corporation contacted Daniel to discuss "the name issue". After Daniel's reply, they have never since got back in touch again. -September: libcurl 7.9 introduces cookie jar and curl_formadd(). During the +September: libcurl 7.9 introduces cookie jar and `curl_formadd()`. During the forthcoming 7.9.x releases, we introduced the multi interface slowly and without many whistles. @@ -138,14 +138,13 @@ September 25: curl (7.7.2) is bundled in Mac OS X (10.1) for the first time. It already becoming more and more of a standard utility of Linux distributions and a regular in the BSD ports collections. -2002 ----- +## 2002 June: the curl website gets 13000 visits weekly. curl and libcurl is 35000 lines of code. Reported successful compiles on more than 40 combinations of CPUs and operating systems. -To estimate number of users of the curl tool or libcurl library is next to +To estimate the number of users of the curl tool or libcurl library is next to impossible. Around 5000 downloaded packages each week from the main site gives a hint, but the packages are mirrored extensively, bundled with numerous OS distributions and otherwise retrieved as part of other software. @@ -155,13 +154,12 @@ only. Starting with 7.10, curl verifies SSL server certificates by default. -2003 ----- +## 2003 January: Started working on the distributed curl tests. The autobuilds. February: the curl site averages at 20000 visits weekly. At any given moment, -there's an average of 3 people browsing the website. +there is an average of 3 people browsing the website. Multiple new authentication schemes are supported: Digest (May), NTLM (June) and Negotiate (June). @@ -171,28 +169,26 @@ to the website. Five official web mirrors. December: full-fledged SSL for FTP is supported. -2004 ----- +## 2004 January: curl 7.11.0 introduced large file support. June: curl 7.12.0 introduced IDN support. 10 official web mirrors. This release bumped the major SONAME to 3 due to the removal of the -curl_formparse() function +`curl_formparse()` function -August: Curl and libcurl 7.12.1 +August: curl and libcurl 7.12.1 Public curl release number: 82 - Releases counted from the very beginning: 109 + Releases counted from the beginning: 109 Available command line options: 96 Available curl_easy_setopt() options: 120 Number of public functions in libcurl: 36 - Amount of public website mirrors: 12 + Amount of public website mirrors: 12 Number of known libcurl bindings: 26 -2005 ----- +## 2005 April: GnuTLS can now optionally be used for the secure layer when curl is built. @@ -205,8 +201,7 @@ More than 100,000 unique visitors of the curl website. 25 mirrors. December: security vulnerability: libcurl URL Buffer Overflow -2006 ----- +## 2006 January: We dropped support for Gopher. We found bugs in the implementation that turned out to have been introduced years ago, so with the conclusion that @@ -217,17 +212,18 @@ March: security vulnerability: libcurl TFTP Packet Buffer Overflow September: The major SONAME number for libcurl was bumped to 4 due to the removal of ftp third party transfer support. +October: we started to offer the Mozilla CA cert bundle as a PEM file on the +curl website. + November: Added SCP and SFTP support -2007 ----- +## 2007 February: Added support for the Mozilla NSS library to do the SSL/TLS stuff July: security vulnerability: libcurl GnuTLS insufficient cert verification -2008 ----- +## 2008 November: @@ -237,10 +233,9 @@ November: Known libcurl bindings: 37 Contributors: 683 - 145,000 unique visitors. >100 GB downloaded. +145,000 unique visitors. >100 GB downloaded. -2009 ----- +## 2009 March: security vulnerability: libcurl Arbitrary File Access @@ -250,8 +245,7 @@ August: security vulnerability: libcurl embedded zero in cert name December: Added support for IMAP, POP3 and SMTP -2010 ----- +## 2010 January: Added support for RTSP @@ -273,142 +267,233 @@ August: Known libcurl bindings: 39 Contributors: 808 - Gopher support added (re-added actually, see January 2006) +Gopher support added (re-added actually, see January 2006) -2011 ----- +## 2011 February: added support for the axTLS backend -April: added the cyassl backend (later renamed to WolfSSL) +April: added the cyassl backend (later renamed to wolfSSL) + +## 2012 + +July: Added support for Schannel (native Windows TLS backend) and Darwin SSL +(Native Mac OS X and iOS TLS backend). + +Supports Metalink + +October: SSH-agent support. + +## 2013 + +February: Cleaned up internals to always uses the "multi" non-blocking +approach internally and only expose the blocking API with a wrapper. + +September: First small steps on supporting HTTP/2 with nghttp2. + +October: Removed krb4 support. + +December: Happy eyeballs. + +## 2014 + +March: first real release supporting HTTP/2 + +September: Website had 245,000 unique visitors and served 236GB data + +SMB and SMBS support + +## 2015 + +June: support for multiplexing with HTTP/2 + +August: support for HTTP/2 server push + +September: started "everything curl". A separate stand-alone book documenting +curl and related info in perhaps a more tutorial style rather than a +reference, + +December: Public Suffix List + +## 2016 + +January: the curl tool defaults to HTTP/2 for HTTPS URLs -2012 ----- +June 26: Rafael Sagula, author of the original httpget tool in 1996 died. - July: Added support for Schannel (native Windows TLS backend) and Darwin SSL - (Native Mac OS X and iOS TLS backend). +December: curl 7.52.0 introduced support for HTTPS-proxy - Supports metalink +First TLS 1.3 support - October: SSH-agent support. +## 2017 -2013 ----- +May: Fastly starts hosting the curl website - February: Cleaned up internals to always uses the "multi" non-blocking - approach internally and only expose the blocking API with a wrapper. +July: OSS-Fuzz started fuzzing libcurl - September: First small steps on supporting HTTP/2 with nghttp2. +September: Added MultiSSL support - October: Removed krb4 support. +The website serves 3100 GB/month - December: Happy eyeballs. + Public curl releases: 169 + Command line options: 211 + curl_easy_setopt() options: 249 + Public functions in libcurl: 74 + Contributors: 1609 -2014 ----- +October: SSLKEYLOGFILE support, new MIME API - March: first real release supporting HTTP/2 +October: Daniel received the Polhem Prize for his work on curl - September: Website had 245,000 unique visitors and served 236GB data +November: brotli - SMB and SMBS support +## 2018 -2015 ----- +January: new SSH backend powered by libssh - June: support for multiplexing with HTTP/2 +March: starting with the 1803 release of Windows 10, curl is shipped bundled +with Microsoft's operating system. - August: support for HTTP/2 server push +July: curl shows headers using bold type face - December: Public Suffix List +October: added DNS-over-HTTPS (DoH) and the URL API -2016 ----- +MesaLink is a new supported TLS backend - January: the curl tool defaults to HTTP/2 for HTTPS URLs +libcurl now does HTTP/2 (and multiplexing) by default on HTTPS URLs - December: curl 7.52.0 introduced support for HTTPS-proxy! +curl and libcurl are installed in an estimated 5 *billion* instances +world-wide. - First TLS 1.3 support +October 31: curl and libcurl 7.62.0 -2017 ----- + Public curl releases: 177 + Command line options: 219 + curl_easy_setopt() options: 261 + Public functions in libcurl: 80 + Contributors: 1808 - July: OSS-Fuzz started fuzzing libcurl +December: removed axTLS support - September: Added Multi-SSL support +## 2019 - The website serves 3100 GB/month +January: Daniel started working full-time on curl, employed by wolfSSL - Public curl releases: 169 - Command line options: 211 - curl_easy_setopt() options: 249 - Public functions in libcurl: 74 - Contributors: 1609 +March: added experimental alt-svc support - October: SSLKEYLOGFILE support, new MIME API +August: the first HTTP/3 requests with curl. - October: Daniel received the Polhem Prize for his work on curl +September: 7.66.0 is released and the tool offers parallel downloads - November: brotli +## 2020 -2018 ----- +curl and libcurl are installed in an estimated 10 *billion* instances +world-wide. - January: new SSH backend powered by libssh +January: added BearSSL support - March: starting with the 1803 release of Windows 10, curl is shipped bundled - with Microsoft's operating system. +March: removed support for PolarSSL, added wolfSSH support. Created the first +dashboard on the website. - July: curl shows headers using bold type face +April: experimental MQTT support - October: added DNS-over-HTTPS (DoH) and the URL API +August: zstd support - MesaLink is a new supported TLS backend +November: the website moves to curl.se. The website serves 10TB data monthly. - libcurl now does HTTP/2 (and multiplexing) by default on HTTPS URLs +December: alt-svc support - curl and libcurl are installed in an estimated 5 *billion* instances - world-wide. +## 2021 - October 31: Curl and libcurl 7.62.0 +February 3: curl 7.75.0 ships with support for Hyper as an HTTP backend - Public curl releases: 177 - Command line options: 219 - curl_easy_setopt() options: 261 - Public functions in libcurl: 80 - Contributors: 1808 +March 31: curl 7.76.0 ships with support for Rustls - December: removed axTLS support +July: HSTS is supported -2019 ----- +## 2022 - March: added experimental alt-svc support +March: added --json, removed mesalink support - August: the first HTTP/3 requests with curl. + Public curl releases: 206 + Command line options: 245 + curl_easy_setopt() options: 295 + Public functions in libcurl: 86 + Contributors: 2601 - September: 7.66.0 is released and the tool offers parallel downloads +The curl.se website serves 16,500 GB/month over 462M requests, the +official docker image has been pulled 4,098,015,431 times. -2020 ----- +April: added support for msh3 as another HTTP/3 backend - curl and libcurl are installed in an estimated 10 *billion* instances - world-wide. +October: initial WebSocket support - January: added BearSSL support +## 2023 - March: removed support for PolarSSL, added wolfSSH support +March: remove support for curl_off_t < 8 bytes + +March 31: we started working on a new command line tool for URL parsing and +manipulations: trurl. + +May: added support for HTTP/2 over HTTPS proxy. Refuse to resolve .onion. The +curl GitHub repository reaches 30,000 stars. + +August: Dropped support for the NSS library + +September: added "variable" support in the command line tool. Dropped support +for the gskit TLS library. + +October: added support for IPFS via HTTP gateway + +December: HTTP/3 support with ngtcp2 is no longer experimental + +## 2024 + +January: switched to "curldown" for all documentation + +April 24: the curl container has been pulled more than six billion times + +May: experimental support for ECH, dropped NTLM_WB + +August 9: we adopted the wcurl tool into the curl organization + +September 11: --help [option] + +November 6: TLS 1.3 early data, WebSocket is official + +December 21: dropped hyper + +## 2025 + +February 5: first 0RTT for QUIC, ssl session import/export + +February: experimental HTTPS RR support + +February 22: The website served 62.95 TB/month; 12.43 billion requests. The +docker image has been pulled 6373501745 times. + +June: we removed support for BearSSL, Secure Transport and msh3 + +October: Daniel gets awarded a gold medal by the Swedish Royal Academy of +Engineering Sciences for his work on curl. + +We counted curl having been installed on 110 operating systems and 28 CPU +architectures. + +November: - April: experimental MQTT support + Public curl releases: 271 + Command line options: 273 + curl_easy_setopt() options: 308 + Public functions in libcurl: 100 + Contributors: 3534 - August: zstd support +We drop support for krb-ftp, Heimdal, wolfSSH and the winbuild build system. - November: the website moves to curl.se. The website serves 10TB data monthly. +Add support for Apple SecTrust, native CA certs on Apple systems. -2021 ----- +December 15: the website served 78 TB over the last month. - February 3: curl 7.75.0 ships with support for Hyper is a HTTP backend +## 2026 - March 31: curl 7.76.0 ships with support for rustls +April: removed support for RTMP diff --git a/docs/HSTS.md b/docs/HSTS.md index f63cfe323018..d7d37206881d 100644 --- a/docs/HSTS.md +++ b/docs/HSTS.md @@ -1,3 +1,9 @@ + + # HSTS support HTTP Strict-Transport-Security. Added as experimental in curl @@ -5,24 +11,24 @@ HTTP Strict-Transport-Security. Added as experimental in curl ## Standard -[HTTP Strict Transport Security](https://tools.ietf.org/html/rfc6797) +[HTTP Strict Transport Security](https://datatracker.ietf.org/doc/html/rfc6797) ## Behavior libcurl features an in-memory cache for HSTS hosts, so that subsequent -HTTP-only requests to a host name present in the cache will get internally +HTTP-only requests to a hostname present in the cache gets internally "redirected" to the HTTPS version. ## `curl_easy_setopt()` options: - - `CURLOPT_HSTS_CTRL` - enable HSTS for this easy handle - - `CURLOPT_HSTS` - specify file name where to store the HSTS cache on close +- `CURLOPT_HSTS_CTRL` - enable HSTS for this easy handle +- `CURLOPT_HSTS` - specify filename where to store the HSTS cache on close (and possibly read from at startup) -## curl cmdline options +## curl command line options - - `--hsts [filename]` - enable HSTS, use the file as HSTS cache. If filename - is `""` (no length) then no file will be used, only in-memory cache. +- `--hsts [filename]` - enable HSTS, use the file as HSTS cache. If filename + is `""` (no length) then no file is used, only in-memory cache. ## HSTS cache file format @@ -30,15 +36,13 @@ Lines starting with `#` are ignored. For each hsts entry: - [host name] "YYYYMMDD HH:MM:SS" + [hostname] "YYYYMMDD HH:MM:SS" -The `[host name]` is dot-prefixed if it is a includeSubDomain. +The `[hostname]` is dot-prefixed if it includes subdomains. The time stamp is when the entry expires. -I considered using wget's file format for the HSTS cache. However, they store the time stamp as the epoch (number of seconds since 1970) and I strongly disagree with using that format. Instead I opted to use a format similar to the curl alt-svc cache file format. - ## Possible future additions - - `CURLOPT_HSTS_PRELOAD` - provide a set of preloaded HSTS host names - - ability to save to something else than a file +- `CURLOPT_HSTS_PRELOAD` - provide a set of HSTS hostnames to load first +- ability to save to something else than a file diff --git a/docs/HTTP-COOKIES.md b/docs/HTTP-COOKIES.md index 9d1e099d1a67..2a32aae6053c 100644 --- a/docs/HTTP-COOKIES.md +++ b/docs/HTTP-COOKIES.md @@ -1,134 +1,171 @@ + + # HTTP Cookies ## Cookie overview - Cookies are `name=contents` pairs that a HTTP server tells the client to - hold and then the client sends back those to the server on subsequent - requests to the same domains and paths for which the cookies were set. - - Cookies are either "session cookies" which typically are forgotten when the - session is over which is often translated to equal when browser quits, or - the cookies aren't session cookies they have expiration dates after which - the client will throw them away. - - Cookies are set to the client with the Set-Cookie: header and are sent to - servers with the Cookie: header. - - For a very long time, the only spec explaining how to use cookies was the - original [Netscape spec from 1994](https://curl.se/rfc/cookie_spec.html). - - In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally - published and details how cookies work within HTTP. In 2016, an update which - added support for prefixes was - [proposed](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00), - and in 2017, another update was - [drafted](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01) - to deprecate modification of 'secure' cookies from non-secure origins. Both - of these drafts have been incorporated into a proposal to - [replace](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02) - RFC6265. Cookie prefixes and secure cookie modification protection has been - implemented by curl. +Cookies are `name=contents` pairs that an HTTP server tells the client to +hold and then the client sends back those to the server on subsequent +requests to the same domains and paths for which the cookies were set. + +Cookies are either "session cookies" which typically are forgotten when the +session is over which is often translated to equal when browser quits, or +the cookies are not session cookies they have expiration dates after which +the client throws them away. + +Cookies are set to the client with the Set-Cookie: header and are sent to +servers with the Cookie: header. + +For a long time, the only spec explaining how to use cookies was the +original [Netscape spec from 1994](https://curl.se/rfc/cookie_spec.html). + +In 2011, [RFC 6265](https://datatracker.ietf.org/doc/html/rfc6265) was finally +published and details how cookies work within HTTP. In 2016, an update which +added support for prefixes was +[proposed](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes-00), +and in 2017, another update was +[drafted](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-alone-01) +to deprecate modification of 'secure' cookies from non-secure origins. Both +of these drafts have been incorporated into a proposal to +[replace](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-11) +RFC 6265. Cookie prefixes and secure cookie modification protection has been +implemented by curl. + +curl considers `http://localhost` to be a *secure context*, meaning that it +allows and uses cookies marked with the `secure` keyword even when done over +plain HTTP for this host. curl does this to match how popular browsers work +with secure cookies. + +## Super cookies + +A single cookie can be set for a domain that matches multiple hosts. Like if +set for `example.com` it gets sent to both `aa.example.com` as well as +`bb.example.com`. + +A challenge with this concept is that there are certain domains for which +cookies should not be allowed at all, because they are *Public +Suffixes*. Similarly, a client never accepts cookies set directly for the +top-level domain like for example `.com`. Cookies set for *too broad* +domains are generally referred to as *super cookies*. + +If curl is built with PSL (**Public Suffix List**) support, it detects and +discards cookies that are specified for such suffix domains that should not +be allowed to have cookies. + +if curl is *not* built with PSL support, it has no ability to stop super +cookies. ## Cookies saved to disk - Netscape once created a file format for storing cookies on disk so that they - would survive browser restarts. curl adopted that file format to allow - sharing the cookies with browsers, only to see browsers move away from that - format. Modern browsers no longer use it, while curl still does. +Netscape once created a file format for storing cookies on disk so that they +would survive browser restarts. curl adopted that file format to allow +sharing the cookies with browsers, only to see browsers move away from that +format. Modern browsers no longer use it, while curl still does. - The netscape cookie file format stores one cookie per physical line in the - file with a bunch of associated meta data, each field separated with - TAB. That file is called the cookiejar in curl terminology. +The Netscape cookie file format stores one cookie per physical line in the +file with a bunch of associated meta data, each field separated with +TAB. That file is called the cookie jar in curl terminology. - When libcurl saves a cookiejar, it creates a file header of its own in which - there is a URL mention that will link to the web version of this document. +When libcurl saves a cookie jar, it creates a file header of its own in +which there is a URL mention that links to the web version of this document. ## Cookie file format - The cookie file format is text based and stores one cookie per line. Lines - that start with `#` are treated as comments. +The cookie file format is text based and stores one cookie per line. Lines +that start with `#` are treated as comments. An exception is lines that +start with `#HttpOnly_`, which is a prefix for cookies that have the +`HttpOnly` attribute set. - Each line that each specifies a single cookie consists of seven text fields - separated with TAB characters. A valid line must end with a newline - character. +Each line that specifies a single cookie consists of seven text fields +separated with TAB characters. A valid line must end with a newline +character. ### Fields in the file - Field number, what type and example data and the meaning of it: +Field number, what type and example data and the meaning of it: - 0. string `example.com` - the domain name - 1. boolean `FALSE` - include subdomains - 2. string `/foobar/` - path - 3. boolean `TRUE` - send/receive over HTTPS only - 4. number `1462299217` - expires at - seconds since Jan 1st 1970, or 0 - 5. string `person` - name of the cookie - 6. string `daniel` - value of the cookie +0. string `example.com` - the domain name +1. boolean `FALSE` - include subdomains +2. string `/foobar/` - path +3. boolean `TRUE` - send/receive over HTTPS only +4. number `1462299217` - expires at - seconds since Jan 1st 1970, or 0 +5. string `person` - name of the cookie +6. string `daniel` - value of the cookie ## Cookies with curl the command line tool - curl has a full cookie "engine" built in. If you just activate it, you can - have curl receive and send cookies exactly as mandated in the specs. +curl has a full cookie "engine" built in. If you activate it, you can have +curl receive and send cookies exactly as mandated in the specs. - Command line options: +Command line options: - `-b, --cookie` +[`-b, --cookie`](https://curl.se/docs/manpage.html#-b) - tell curl a file to read cookies from and start the cookie engine, or if it - isn't a file it will pass on the given string. -b name=var works and so does - -b cookiefile. +tell curl a file to read cookies from and start the cookie engine, or if it +is not a file it passes on the given string. `-b name=var` works and so does +`-b cookiefile`. - `-j, --junk-session-cookies` +[`-j, --junk-session-cookies`](https://curl.se/docs/manpage.html#-j) - when used in combination with -b, it will skip all "session cookies" on load - so as to appear to start a new cookie session. +when used in combination with -b, it skips all "session cookies" on load so +as to appear to start a new cookie session. - `-c, --cookie-jar` +[`-c, --cookie-jar`](https://curl.se/docs/manpage.html#-c) - tell curl to start the cookie engine and write cookies to the given file - after the request(s) +tell curl to start the cookie engine and write cookies to the given file +after the request(s) ## Cookies with libcurl - libcurl offers several ways to enable and interface the cookie engine. These - options are the ones provided by the native API. libcurl bindings may offer - access to them using other means. +libcurl offers several ways to enable and interface the cookie engine. These +options are the ones provided by the native API. libcurl bindings may offer +access to them using other means. + +[`CURLOPT_COOKIE`](https://curl.se/libcurl/c/CURLOPT_COOKIE.html) + +Is used when you want to specify the exact contents of a cookie header to +send to the server. - `CURLOPT_COOKIE` +[`CURLOPT_COOKIEFILE`](https://curl.se/libcurl/c/CURLOPT_COOKIEFILE.html) - Is used when you want to specify the exact contents of a cookie header to - send to the server. +Tell libcurl to activate the cookie engine, and to read the initial set of +cookies from the given file. Read-only. - `CURLOPT_COOKIEFILE` +[`CURLOPT_COOKIEJAR`](https://curl.se/libcurl/c/CURLOPT_COOKIEJAR.html) - Tell libcurl to activate the cookie engine, and to read the initial set of - cookies from the given file. Read-only. +Tell libcurl to activate the cookie engine, and when the easy handle is +closed save all known cookies to the given cookie jar file. Write-only. - `CURLOPT_COOKIEJAR` +[`CURLOPT_COOKIELIST`](https://curl.se/libcurl/c/CURLOPT_COOKIELIST.html) - Tell libcurl to activate the cookie engine, and when the easy handle is - closed save all known cookies to the given cookiejar file. Write-only. +Provide detailed information about a single cookie to add to the internal +storage of cookies. Pass in the cookie as an HTTP header with all the +details set, or pass in a line from a Netscape cookie file. This option can +also be used to flush the cookies etc. - `CURLOPT_COOKIELIST` +[`CURLOPT_COOKIESESSION`](https://curl.se/libcurl/c/CURLOPT_COOKIESESSION.html) - Provide detailed information about a single cookie to add to the internal - storage of cookies. Pass in the cookie as a HTTP header with all the details - set, or pass in a line from a netscape cookie file. This option can also be - used to flush the cookies etc. +Tell libcurl to ignore all cookies it is about to load that are session +cookies. - `CURLINFO_COOKIELIST` +[`CURLINFO_COOKIELIST`](https://curl.se/libcurl/c/CURLINFO_COOKIELIST.html) - Extract cookie information from the internal cookie storage as a linked - list. +Extract cookie information from the internal cookie storage as a linked +list. -## Cookies with javascript +## Cookies with JavaScript - These days a lot of the web is built up by javascript. The webbrowser loads - complete programs that render the page you see. These javascript programs - can also set and access cookies. +These days a lot of the web is built up by JavaScript. The web browser loads +complete programs that render the page you see. These JavaScript programs +can also set and access cookies. - Since curl and libcurl are plain HTTP clients without any knowledge of or - capability to handle javascript, such cookies will not be detected or used. +Since curl and libcurl are plain HTTP clients without any knowledge of or +capability to handle JavaScript, such cookies are not detected or used. - Often, if you want to mimic what a browser does on such websites, you can - record web browser HTTP traffic when using such a site and then repeat the - cookie operations using curl or libcurl. +Often, if you want to mimic what a browser does on such websites, you can +record web browser HTTP traffic when using such a site and then repeat the +cookie operations using curl or libcurl. diff --git a/docs/HTTP2.md b/docs/HTTP2.md deleted file mode 100644 index d4430676768d..000000000000 --- a/docs/HTTP2.md +++ /dev/null @@ -1,121 +0,0 @@ -HTTP/2 with curl -================ - -[HTTP/2 Spec](https://www.rfc-editor.org/rfc/rfc7540.txt) -[http2 explained](https://daniel.haxx.se/http2/) - -Build prerequisites -------------------- - - nghttp2 - - OpenSSL, libressl, BoringSSL, NSS, GnuTLS, mbedTLS, wolfSSL or Schannel - with a new enough version. - -[nghttp2](https://nghttp2.org/) -------------------------------- - -libcurl uses this 3rd party library for the low level protocol handling -parts. The reason for this is that HTTP/2 is much more complex at that layer -than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already -existing and well functional library. - -We require at least version 1.12.0. - -Over an http:// URL -------------------- - -If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will -include an upgrade header in the initial request to the host to allow -upgrading to HTTP/2. - -Possibly we can later introduce an option that will cause libcurl to fail if -not possible to upgrade. Possibly we introduce an option that makes libcurl -use HTTP/2 at once over http:// - -Over an https:// URL --------------------- - -If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use -ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce -an option that will cause libcurl to fail if not possible to use HTTP/2. - -`CURL_HTTP_VERSION_2TLS` was added in 7.47.0 as a way to ask libcurl to prefer -HTTP/2 for HTTPS but stick to 1.1 by default for plain old HTTP connections. - -ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is -for a similar purpose, was made prior to ALPN and is used for SPDY so early -HTTP/2 servers are implemented using NPN before ALPN support is widespread. - -`CURLOPT_SSL_ENABLE_ALPN` and `CURLOPT_SSL_ENABLE_NPN` are offered to allow -applications to explicitly disable ALPN or NPN. - -SSL libs --------- - -The challenge is the ALPN and NPN support and all our different SSL -backends. You may need a fairly updated SSL library version for it to provide -the necessary TLS features. Right now we support: - - - OpenSSL: ALPN and NPN - - libressl: ALPN and NPN - - BoringSSL: ALPN and NPN - - NSS: ALPN and NPN - - GnuTLS: ALPN - - mbedTLS: ALPN - - Schannel: ALPN - - wolfSSL: ALPN - - Secure Transport: ALPN - -Multiplexing ------------- - -Starting in 7.43.0, libcurl fully supports HTTP/2 multiplexing, which is the -term for doing multiple independent transfers over the same physical TCP -connection. - -To take advantage of multiplexing, you need to use the multi interface and set -`CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will -attempt to re-use existing HTTP/2 connections and just add a new stream over -that when doing subsequent parallel requests. - -While libcurl sets up a connection to a HTTP server there is a period during -which it doesn't know if it can pipeline or do multiplexing and if you add new -transfers in that period, libcurl will default to start new connections for -those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you -can ask that a transfer should rather wait and see in case there's a -connection for the same host in progress that might end up being possible to -multiplex on. It favours keeping the number of connections low to the cost of -slightly longer time to first byte transferred. - -Applications ------------- - -We hide HTTP/2's binary nature and convert received HTTP/2 traffic to headers -in HTTP 1.1 style. This allows applications to work unmodified. - -curl tool ---------- - -curl offers the `--http2` command line option to enable use of HTTP/2. - -curl offers the `--http2-prior-knowledge` command line option to enable use of -HTTP/2 without HTTP/1.1 Upgrade. - -Since 7.47.0, the curl tool enables HTTP/2 by default for HTTPS connections. - -curl tool limitations ---------------------- - -The command line tool doesn't support HTTP/2 server push. It supports -multiplexing when the parallel transfer option is used. - -HTTP Alternative Services -------------------------- - -Alt-Svc is an extension with a corresponding frame (ALTSVC) in HTTP/2 that -tells the client about an alternative "route" to the same content for the same -origin server that you get the response from. A browser or long-living client -can use that hint to create a new connection asynchronously. For libcurl, we -may introduce a way to bring such clues to the application and/or let a -subsequent request use the alternate route automatically. - -[Detailed in RFC 7838](https://tools.ietf.org/html/rfc7838) diff --git a/docs/HTTP3.md b/docs/HTTP3.md index 2f377fd354f0..a3db0253ffad 100644 --- a/docs/HTTP3.md +++ b/docs/HTTP3.md @@ -1,142 +1,358 @@ + + # HTTP3 (and QUIC) ## Resources -[HTTP/3 Explained](https://daniel.haxx.se/http3-explained/) - the online free +[HTTP/3 Explained](https://http3-explained.haxx.se/en/) - the online free book describing the protocols involved. -[QUIC implementation](https://github.com/curl/curl/wiki/QUIC-implementation) - -the wiki page describing the plan for how to support QUIC and HTTP/3 in curl -and libcurl. - [quicwg.org](https://quicwg.org/) - home of the official protocol drafts ## QUIC libraries -QUIC libraries we're experimenting with: +QUIC libraries we are using: [ngtcp2](https://github.com/ngtcp2/ngtcp2) -[quiche](https://github.com/cloudflare/quiche) +[quiche](https://github.com/cloudflare/quiche) - **EXPERIMENTAL** -## Experimental! +## Experimental -HTTP/3 and QUIC support in curl is considered **EXPERIMENTAL** until further -notice. It needs to be enabled at build-time. +HTTP/3 support using *quiche* in curl is considered **EXPERIMENTAL** until +further notice. Only the *ngtcp2* backend is not experimental. -Further development and tweaking of the HTTP/3 support in curl will happen in -in the master branch using pull-requests, just like ordinary changes. +Further development and tweaking of the HTTP/3 support in curl happens in the +master branch using pull-requests like ordinary changes. + +To fix before we remove the experimental label: + +- the used QUIC library needs to consider itself non-beta +- it is fine to "leave" individual backends as experimental if necessary # ngtcp2 version -## Build with OpenSSL +Building curl with ngtcp2 involves 3 components: `ngtcp2` itself, `nghttp3` +and a QUIC supporting TLS library. The supported TLS libraries are covered +below. + +While any version of `ngtcp2` and `nghttp3` from v1.0.0 on are expected to +work, using the latest versions often brings functional and performance +improvements. -Build (patched) OpenSSL +The build examples use `$NGHTTP3_VERSION` and `$NGTCP2_VERSION` as +placeholders for the version you build. - % git clone --depth 1 -b OpenSSL_1_1_1k+quic https://github.com/quictls/openssl +## Build with OpenSSL or fork + +OpenSSL v3.5.0+ requires *ngtcp2* v1.12.0+. Earlier versions do not work. + +Build OpenSSL (v3.5.0+) or fork AWS-LC, BoringSSL, LibreSSL or quictls: + + # Instructions for OpenSSL v3.5.0+ + % git clone --depth 1 -b openssl-$OPENSSL_VERSION https://github.com/openssl/openssl % cd openssl - % ./config enable-tls1_3 --prefix= + % ./config --prefix=/path/to/openssl --libdir=lib % make - % make install_sw + % make install -Build nghttp3 +Build nghttp3: % cd .. - % git clone https://github.com/ngtcp2/nghttp3 + % git clone -b $NGHTTP3_VERSION https://github.com/ngtcp2/nghttp3 % cd nghttp3 - % autoreconf -i - % ./configure --prefix= --enable-lib-only + % git submodule update --init + % autoreconf -fi + % ./configure --prefix=/path/to/nghttp3 --enable-lib-only % make % make install -Build ngtcp2 +Build ngtcp2: % cd .. - % git clone https://github.com/ngtcp2/ngtcp2 + % git clone -b $NGTCP2_VERSION https://github.com/ngtcp2/ngtcp2 % cd ngtcp2 - % autoreconf -i - % ./configure PKG_CONFIG_PATH=/lib/pkgconfig:/lib/pkgconfig LDFLAGS="-Wl,-rpath,/lib" --prefix= --enable-lib-only + % autoreconf -fi + # Change --with-openssl to --with-boringssl for AWS-LC and BoringSSL + % ./configure PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/openssl/lib" --prefix=/path/to/ngtcp2 --enable-lib-only --with-openssl % make % make install -Build curl +Build curl (with autotools): % cd .. % git clone https://github.com/curl/curl % cd curl - % ./buildconf - % LDFLAGS="-Wl,-rpath,/lib" ./configure --with-openssl= --with-nghttp3= --with-ngtcp2= + % autoreconf -fi + % ./configure PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/openssl/lib" --with-openssl=/path/to/openssl --with-ngtcp2=/path/to/ngtcp2 --with-nghttp3=/path/to/nghttp3 % make + % make install + +Build curl (with CMake): + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % PKG_CONFIG_PATH=/path/to/openssl/lib/pkgconfig:/path/to/ngtcp2/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig cmake -B bld -DOPENSSL_ROOT_DIR=/path/to/openssl -DUSE_NGTCP2=ON + % cmake --build bld ## Build with GnuTLS -Build GnuTLS +Build GnuTLS: - % git clone --depth 1 https://gitlab.com/gnutls/gnutls.git + % git clone --depth 1 https://gitlab.com/gnutls/gnutls % cd gnutls % ./bootstrap - % ./configure --disable-doc --prefix= + % ./configure --prefix=/path/to/gnutls + % make + % make install + +Build nghttp3: + + % cd .. + % git clone -b $NGHTTP3_VERSION https://github.com/ngtcp2/nghttp3 + % cd nghttp3 + % git submodule update --init + % autoreconf -fi + % ./configure --prefix=/path/to/nghttp3 --enable-lib-only + % make + % make install + +Build ngtcp2: + + % cd .. + % git clone -b $NGTCP2_VERSION https://github.com/ngtcp2/ngtcp2 + % cd ngtcp2 + % autoreconf -fi + % ./configure PKG_CONFIG_PATH=/path/to/gnutls/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/gnutls/lib" --prefix=/path/to/ngtcp2 --enable-lib-only --with-gnutls + % make + % make install + +Build curl (with autotools): + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % autoreconf -fi + % ./configure PKG_CONFIG_PATH=/path/to/gnutls/lib/pkgconfig --with-gnutls=/path/to/gnutls --with-ngtcp2=/path/to/ngtcp2 --with-nghttp3=/path/to/nghttp3 + % make + % make install + +Build curl (with CMake): + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % PKG_CONFIG_PATH=/path/to/gnutls/lib/pkgconfig:/path/to/ngtcp2/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig cmake -B bld -DCURL_USE_GNUTLS=ON -DUSE_NGTCP2=ON + % cmake --build bld + +## Build with wolfSSL + +Build wolfSSL: + + % git clone https://github.com/wolfSSL/wolfssl + % cd wolfssl + % autoreconf -fi + % ./configure --prefix=/path/to/wolfssl --enable-quic --enable-session-ticket --enable-earlydata --enable-psk --enable-harden --enable-altcertchains % make % make install -Build nghttp3 +Build nghttp3: % cd .. - % git clone https://github.com/ngtcp2/nghttp3 + % git clone -b $NGHTTP3_VERSION https://github.com/ngtcp2/nghttp3 % cd nghttp3 - % autoreconf -i - % ./configure --prefix= --enable-lib-only + % git submodule update --init + % autoreconf -fi + % ./configure --prefix=/path/to/nghttp3 --enable-lib-only % make % make install -Build ngtcp2 +Build ngtcp2: % cd .. - % git clone https://github.com/ngtcp2/ngtcp2 + % git clone -b $NGTCP2_VERSION https://github.com/ngtcp2/ngtcp2 % cd ngtcp2 - % autoreconf -i - % ./configure PKG_CONFIG_PATH=/lib/pkgconfig:/lib/pkgconfig LDFLAGS="-Wl,-rpath,/lib" --prefix= --enable-lib-only --with-gnutls + % autoreconf -fi + % ./configure PKG_CONFIG_PATH=/path/to/wolfssl/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig LDFLAGS="-Wl,-rpath,/path/to/wolfssl/lib" --prefix=/path/to/ngtcp2 --enable-lib-only --with-wolfssl % make % make install -Build curl +Build curl (with autotools): % cd .. % git clone https://github.com/curl/curl % cd curl - % ./buildconf - % ./configure --without-openssl --with-gnutls= --with-nghttp3= --with-ngtcp2= + % autoreconf -fi + % ./configure PKG_CONFIG_PATH=/path/to/wolfssl/lib/pkgconfig --with-wolfssl=/path/to/wolfssl --with-ngtcp2=/path/to/ngtcp2 --with-nghttp3=/path/to/nghttp3 % make + % make install + +Build curl (with CMake): + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % PKG_CONFIG_PATH=/path/to/wolfssl/lib/pkgconfig:/path/to/ngtcp2/lib/pkgconfig:/path/to/nghttp3/lib/pkgconfig cmake -B bld -DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON + % cmake --build bld # quiche version -## build +quiche support is **EXPERIMENTAL** + +Since the quiche build manages its dependencies, curl can be built against the +latest version. You are *probably* able to build against their main branch, +but in case of problems, we recommend their latest release tag. + +## Build Build quiche and BoringSSL: - % git clone --recursive https://github.com/cloudflare/quiche + % git clone --recursive -b 0.22.0 https://github.com/cloudflare/quiche % cd quiche - % cargo build --release --features ffi,pkg-config-meta,qlog - % mkdir deps/boringssl/src/lib - % ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) deps/boringssl/src/lib/ + % cargo build --package quiche --release --features ffi,pkg-config-meta,qlog + % ln -s libquiche.so target/release/libquiche.so.0 + % mkdir quiche/deps/boringssl/src/lib + % ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/ Build curl: % cd .. % git clone https://github.com/curl/curl % cd curl - % ./buildconf - % ./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" --with-openssl=$PWD/../quiche/deps/boringssl/src --with-quiche=$PWD/../quiche/target/release + % autoreconf -fi + % ./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" --with-openssl=$PWD/../quiche/quiche/deps/boringssl/src --with-quiche=$PWD/../quiche/target/release % make + % make install + +If `make install` results in `Permission denied` error, you need to prepend +it with `sudo`. -## Run +# `--http3` -Use HTTP/3 directly: +Use only HTTP/3: - curl --http3 https://nghttp2.org:4433/ + % curl --http3-only https://example.org:4433/ + +Use HTTP/3 with fallback to HTTP/2 or HTTP/1.1 (see "HTTPS eyeballing" below): + + % curl --http3 https://example.org:4433/ Upgrade via Alt-Svc: - curl --alt-svc altsvc.cache https://quic.aiortc.org/ + % curl --alt-svc altsvc.cache https://curl.se/ See this [list of public HTTP/3 servers](https://bagder.github.io/HTTP3-test/) + +### HTTPS eyeballing + +With option `--http3` curl attempts earlier HTTP versions as well should the +connect attempt via HTTP/3 fail "fast enough". This strategy is similar +to IPv4/6 happy eyeballing where the alternate address family is used in +parallel after a short delay. + +The IPv4/6 eyeballing has a default of 200ms and you may override that via +`--happy-eyeballs-timeout-ms value`. Since HTTP/3 is still relatively new, we +decided to use this timeout also for the HTTP eyeballing - with a slight +twist. + +The `happy-eyeballs-timeout-ms` value is the **hard** timeout, meaning after +that time expired, a TLS connection is opened in addition to negotiate HTTP/2 +or HTTP/1.1. At half of that value - currently - is the **soft** timeout. The +soft timeout fires, when there has been **no data at all** seen from the +server on the HTTP/3 connection. + +Without you specifying anything, the hard timeout is 200ms and the soft is +100ms: + +* Ideally, the whole QUIC handshake happens and curl has an HTTP/3 connection + in less than 100ms. +* When QUIC is not supported (or UDP does not work for this network path), no + reply is seen and the HTTP/2 TLS+TCP connection starts 100ms later. +* In the worst case, UDP replies start before 100ms, but drag on. This starts + the TLS+TCP connection after 200ms. +* When the QUIC handshake fails, the TLS+TCP connection is attempted right + away. For example, when the QUIC server presents the wrong certificate. + +The whole transfer only fails, when **both** QUIC and TLS+TCP fail to +handshake or time out. + +Note that all this happens in addition to IP version happy eyeballing. If the +name resolution for the server gives more than one IP address, curl tries all +those until one succeeds - as with all other protocols. If those IP addresses +contain both IPv6 and IPv4, those attempts happen, delayed, in parallel (the +actual eyeballing). + +## Known Bugs + +Check out the [list of known HTTP3 bugs](https://curl.se/docs/knownbugs.html#HTTP3). + +# HTTP/3 Test server + +This is not advice on how to run anything in production. This is for +development and experimenting. + +## Prerequisite(s) + +An existing local HTTP/1.1 server that hosts files. Preferably also a few huge +ones. You can easily create huge local files like `truncate -s=8G 8GB` - they +are huge but do not occupy that much space on disk since they are big holes. + +In a Debian setup you can install apache2. It runs on port 80 and has a +document root in `/var/www/html`. Download the 8GB file from apache with `curl +localhost/8GB -o dev/null` + +In this description we setup and run an HTTP/3 reverse-proxy in front of the +HTTP/1 server. + +## Setup + +You can select either or both of these server solutions. + +### nghttpx + +Get, build and install quictls, nghttp3 and ngtcp2 as described +above. + +Get, build and install nghttp2: + + % git clone https://github.com/nghttp2/nghttp2 + % cd nghttp2 + % autoreconf -fi + % PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/home/daniel/build-quictls/lib/pkgconfig:/home/daniel/build-nghttp3/lib/pkgconfig:/home/daniel/build-ngtcp2/lib/pkgconfig LDFLAGS=-L/home/daniel/build-quictls/lib CFLAGS=-I/home/daniel/build-quictls/include ./configure --enable-maintainer-mode --prefix=/home/daniel/build-nghttp2 --disable-shared --enable-app --enable-http3 --without-jemalloc --without-libxml2 --without-systemd + % make && make install + +Run the local h3 server on port 9443, make it proxy all traffic through to +HTTP/1 on localhost port 80. For local toying, we can use the test cert that +exists in curl's test dir. + + % CERT=/path/to/stunnel.pem + % $HOME/bin/nghttpx $CERT $CERT --backend=localhost,80 \ + --frontend="localhost,9443;quic" + +### Caddy + +[Install Caddy](https://caddyserver.com/docs/install). For easiest use, the +binary should be either in your PATH or your current directory. + +Create a `Caddyfile` with the following content: +~~~ +localhost:7443 { + respond "Hello, world! you are using {http.request.proto}" +} +~~~ + +Then run Caddy: + + % ./caddy start + +Making requests to `https://localhost:7443` should tell you which protocol is +being used. + +You can change the hard-coded response to something more useful by replacing +`respond` with `reverse_proxy` or `file_server`, for example: `reverse_proxy +localhost:80` diff --git a/docs/HTTPSRR.md b/docs/HTTPSRR.md new file mode 100644 index 000000000000..bb96526b3985 --- /dev/null +++ b/docs/HTTPSRR.md @@ -0,0 +1,100 @@ + + +# HTTPS RR + +[RFC 9460](https://datatracker.ietf.org/doc/html/rfc9460) documents the HTTPS +DNS Resource Record. + +curl features **experimental** support for HTTPS RR. + +- The ALPN list from the record is parsed and used +- The ECH field is stored - and used if ECH is enabled in the build +- The port number is not used (Firefox supports it, Chrome does not) +- The target name is not used +- The IP addresses (`Ipv6hints`, `Ipv4hints`) from the HTTPS RR are not used +- It only supports a single HTTPS RR per hostname +- Hostnames without A/AAAA records but *with* HTTPS RR fails +- consider service profiles where the RR provides different addresses for TCP + vs QUIC etc + +`HTTPSRR` is listed as a feature in the `curl -V` output if curl contains +HTTPS RR support. If c-ares is not included in the build, the HTTPS RR support +is limited to DoH. + +`asyn-rr` is listed as a feature in the `curl -V` output if c-ares is used for +additional resolves in addition to a "normal" resolve done with the threaded +resolver. + +The data extracted from the HTTPS RR is stored in the in-memory DNS cache to +be reused on subsequent uses of the same hostnames. + +## limitations + +We have decided to work on the HTTPS RR support by following what seems to be +(widely) used, and wait with implementing the details of the record +that do not seem to be deployed. HTTPS RR is a DNS field with many odd corners +and complexities and we might as well avoid them if no one seems to want them. + +## build + + ./configure --enable-httpsrr + +or + + cmake -DUSE_HTTPSRR=ON + +## ALPN + +The list of ALPN IDs is parsed but may not be completely respected because of +what the HTTP version preference is set to, which is a problem we are working +on. Also, getting an `HTTP/1.1` ALPN in the HTTPS RR field for an HTTP:// +transfer should imply switching to HTTPS, HSTS style. Which curl currently +does not. + +## DoH + +When HTTPS RR is enabled in the curl build, The DoH code asks for an HTTPS +record in addition to the A and AAAA records, and if an HTTPS RR answer is +returned, curl parses it and stores the retrieved information. + +## Non-DoH + +If DoH is not used for name resolving in an HTTPS RR enabled build, we must +provide the ability using the regular resolver backends. We use the c-ares DNS +library for the HTTPS RR lookup. Version 1.28.0 or later. + +### c-ares + +If curl is built to use the c-ares library for name resolves, an HTTPS RR +enabled build makes a request for the HTTPS RR in addition to the regular +lookup. + +### Threaded resolver + +When built to use the threaded resolver, which is the default, an HTTPS RR +build still needs a c-ares installation provided so that a separate request +for the HTTPS record can be done in parallel to the regular getaddrinfo() +call. + +This is done by specifying both c-ares and threaded resolver to configure: + + ./configure --enable-ares=... --enable-threaded-resolver + +or to cmake: + + cmake -DENABLE_ARES=ON -DENABLE_THREADED_RESOLVER=ON + +Because the HTTPS record is handled separately from the A/AAAA record +retrieval, by a separate library, there is a small risk for discrepancies. + +When building curl using the threaded resolver with HTTPS RR support (using +c-ares), the `curl -V` output looks exactly like a c-ares resolver build. + +## HTTPS RR Options + +Because curl is a low level transfer tool for which users sometimes want +detailed control, we need to offer options to control HTTPS RR use. diff --git a/docs/HYPER.md b/docs/HYPER.md deleted file mode 100644 index da6c663377b3..000000000000 --- a/docs/HYPER.md +++ /dev/null @@ -1,69 +0,0 @@ -# Hyper - -Hyper is a separate HTTP library written in Rust. curl can be told to use this -library as a backend to deal with HTTP. - -## Experimental! - -Hyper support in curl is considered **EXPERIMENTAL** until further notice. It -needs to be explicitly enabled at build-time. - -Further development and tweaking of the Hyper backend support in curl will -happen in in the master branch using pull-requests, just like ordinary -changes. - -## Hyper version - -The C API for Hyper is brand new and is still under development. - -## build curl with hyper - -Build hyper and enable the C API: - - % git clone https://github.com/hyperium/hyper - % cd hyper - % RUSTFLAGS="--cfg hyper_unstable_ffi" cargo build --features client,http1,http2,ffi - -Build curl to use hyper's C API: - - % git clone https://github.com/curl/curl - % cd curl - % ./buildconf - % ./configure --with-hyper= - % make - -# using Hyper internally - -Hyper is a low level HTTP transport library. curl itself provides all HTTP -headers and Hyper provides all received headers back to curl. - -Therefore, most of the "header logic" in curl as in responding to and acting -on specific input and output headers are done the same way in curl code. - -The API in Hyper delivers received HTTP headers as (cleaned up) name=value -pairs, making it impossible for curl to know the exact byte representation -over the wire with Hyper. - -## Limitations - -The hyper backend doesn't support - -- `CURLOPT_IGNORE_CONTENT_LENGTH` -- RTSP - -## Remaining issues - -This backend is still not feature complete with the native backend. Areas that -still need attention and verification include: - -- multiplexed HTTP/2 -- h2 Upgrade: -- pausing transfers -- co-exist with a HTTP/3 build -- receiving HTTP/1 trailers -- sending HTTP/1 trailers -- accept-encoding -- transfer encoding -- alt-svc -- hsts -- DoH ([#6389](https://github.com/curl/curl/issues/6389)) diff --git a/docs/INFRASTRUCTURE.md b/docs/INFRASTRUCTURE.md new file mode 100644 index 000000000000..2f24845cddc4 --- /dev/null +++ b/docs/INFRASTRUCTURE.md @@ -0,0 +1,201 @@ + + +# Infrastructure in the curl project + +Overview of infrastructure we maintain, host and run in the project for the +project. + +## git repository + +Since 2010, the main curl git repository has been hosted by GitHub, available +at https://github.com/curl/curl. + +We also use the issue tracker, pull requests and discussions on GitHub. + +curl has an "enterprise account" on GitHub and is an "organization" on the +site. + +We accept sponsorship via GitHub Sponsors. + +## CI services + +For every pull request and git push to the master repository, a number of +build and testing jobs are run on a set of different CI services. The exact +services vary over time. GitHub Actions and AppVeyor are the primary ones +these days. + +## Test Clutch + +A [Test Clutch](https://github.com/dfandrich/testclutch) instance generates +regular reports on curl CI test results at https://testclutch.curl.se/ as well +as writing comments on curl pull requests whose tests have failed. The jobs +are hosted on a Virtuozzo Application Platform PaaS instance and is managed by +Dan Fandrich. The configuration code is available and managed at +https://github.com/dfandrich/testclutch-curl-web + +## Autobuilds + +The curl autobuild system is a set of scripts that build and test curl and +send all output logs back to the autobuild server. The results are +continuously collected and visualized on the curl website at +. + +The autobuild system and server is maintained by Daniel Stenberg. + +## OSS-Fuzz + +Google runs the [OSS-Fuzz](https://google.github.io/oss-fuzz/) project which +also runs fuzzing on curl code, non-stop, in their infrastructure and they +send us emails in the rare instances they actually find something. + +OSS-Fuzz notifies those that are members in the "curl team". Any curl +maintainer who wants to is welcome to participate. It requires a Google +account. + +## Coverity + +We regularly run our code through the [Coverity static code +analyzer](https://scan.coverity.com/) thanks to them offering this service to +us free of charge. + +## CodeSonar + +[CodeSonar](https://www.adacore.com/codesonar) analyzes the curl +source code daily and emails Daniel Stenberg whenever it finds suspected +problems in the source code. I hope and expect that we can invite other +maintainers to access these reports soon. + +## Domain names + +The project runs services and website using a few different curl related +domain names, including `curl.se` and `curl.dev`. Daniel Stenberg owns these +domain names. + +Until a few years ago, the curl website was present at `curl.haxx.se`. The +`haxx.se` domain is owned by Haxx AB, administered by Daniel Stenberg. The +curl.haxx.se name is meant to keep working and be redirecting to curl.se for +the foreseeable future. + +## Websites + +The main curl website at `curl.se` is maintained by curl maintainers and the +content is available and managed at https://github.com/curl/curl-www. The site +updates from git and runs make every 20 minutes. Any change pushed to git can +thus take up to 20 minutes until it takes effect on the origin server. + +The content on `curl.dev` is available and managed at +https://github.com/curl/curl.dev/ + +The content on `everything-curl.dev` is available and managed at +https://github.com/curl/everything-curl/ + +The machine hosting the website contents for these three sites is owned by +Haxx AB and is primarily managed by Daniel Stenberg (co-owner of the Haxx +company). The machine is physically located in Sweden. + +curl release tarballs are hosted on https://curl.se/download.html. They are +uploaded there at release-time by the release manager. + +curl-for-win downloads are hosted on https://curl.se/windows/ and are uploaded +to the server by Viktor Szakats. + +curl-for-QNX downloads are hosted on and are uploaded +to the server by Daniel Stenberg. + +Daily release tarball-like snapshots are generated automatically and are +provided for download at . + +CA certificate bundles are extracted from the Firefox source code, hosted by +Mozilla and converted to PEM file format and is offered for download. The +conversion checks for updates daily. The bundle is provided for download at +. + +There is an automated "download check bot" that runs twice daily to scan for +available curl downloads to populate the curl download page appropriately with +the correct updated information. The bot uses URLs and patterns for all +download packages and is maintained in a database, maintained by Daniel +Stenberg and Dan Fandrich. + +The TLS certificate for the origin curl web server is automatically updated +from Let's Encrypt. + +## CDN + +Fastly runs the Content Delivery Network (CDN) that fronts all the curl +websites. The CDN caches content that it gets from the origin server. +Recently, roughly 99.99% of web requests are satisfied by the CDN without +having to reach the origin. + +The CDN caches different content at different lengths depending on the +content-type. The caching thus adds to the time for a change to have an effect +on the site from the moment it gets pushed to the git repository. + +Using this setup, we provide four IPv4 addresses and eight IPv6 addresses for +anycast access to the site. Should be snappy from virtually everywhere across +the globe. + +The CDN servers support HTTP/1, HTTP/2 and HTTP/3. They set HSTS for a year. +The `HTTP://` version of the site redirects to `HTTPS://`. + +Fastly manages the TLS certificates from Let's Encrypt for the servers they +run on the behalf of curl. + +## Containers + +The curl project offer container builds of curl. The source repository for +them is located at . + +Container images are hosted at and + + +## DNS + +The primary domain name, `curl.se` is managed by Kirei and is offered over +fault-tolerant anycast servers. High availability and fast access for +everyone. + +The actual physical DNS files and origin bind instance is managed by Daniel +Stenberg. + +## Mailing lists + +The curl related mailing lists are hosted by Haxx AB on `lists.haxx.se` and +are maintained by Daniel Stenberg. This includes the mailman2 and Postfix +instances used for this. + +## Email + +We use a few rare additional curl related email aliases in the curl domains. +They go through the mail server `mail.haxx.se` maintained by Daniel Stenberg + +## Open Collective + +We use [Open Collective](https://opencollective.com/curl) as our "fiscal +host". All money sent to and received by the curl project is managed by Open +Collective. + +## Merchandise + +We have stickers, coffee mugs and coasters. They are managed by Daniel who +sits on the inventory. The best way to get your hands on curl merchandise is +to attend events where Daniel is physically. + +## Chat + +Some curl developers, maintainers, users and enthusiasts use IRC for real-time +chat about curl and related topics. This done in the `#curl` channel on the +`libra.chat` IRC network. **Daniel Stenberg** (`bagder`) is registered owner +of the channel. We do not run any IRC servers or services ourselves. + +`curelbot` is a service in the channel that shows details about GitHub issues +and pull requests when publicly mentioned using #[number]. The bot is run by +user `TheAssassin`. + +There is a Matrix bridge to the IRC channel called `matrix.curl.se`. The +bridge is setup and run by **Sergio Durigan Junior** and **Daniel Stenberg**. + +[curl online chat documentation](https://curl.se/docs/irc.html) diff --git a/docs/INSTALL-CMAKE.md b/docs/INSTALL-CMAKE.md new file mode 100644 index 000000000000..7178a457d2df --- /dev/null +++ b/docs/INSTALL-CMAKE.md @@ -0,0 +1,612 @@ + + +# Building with CMake + +This document describes how to configure, build and install curl and libcurl +from source code using the CMake build tool. To build with CMake, you of +course first have to install CMake. The minimum required version of CMake is +specified in the file `CMakeLists.txt` found in the top of the curl source +tree. Once the correct version of CMake is installed you can follow the +instructions below for the platform you are building on. + +CMake builds can be configured either from the command line, or from one of +CMake's GUIs. + +# Configuring + +A CMake configuration of curl is similar to the autotools build of curl. +It consists of the following steps after you have unpacked the source. + +We recommend building with CMake on Windows. For instructions on migrating +from the `projects/Windows` Visual Studio solution files, see +[this section](#migrating-from-visual-studio-ide-project-files). + +## Using `cmake` + +You can configure for in source tree builds or for a build tree +that is apart from the source tree. + +- Build in the source tree. + + $ cmake -B . + +- Build in a separate directory (parallel to the curl source tree in this + example). The build directory is created for you. This is recommended over + building in the source tree to separate source and build artifacts. + + $ cmake -B ../curl-build + +For the full list of CMake build configuration variables see +[the corresponding section](#cmake-build-options). + +### Build system generator selection + +You can override CMake's default by using `-G `. For example +on Windows with multiple build systems if you have MinGW-w64 then you could use +`-G "MinGW Makefiles"`. +[List of generator names](https://cmake.org/cmake/help/latest/manual/cmake-generators.7.html). + +## Using `ccmake` + +CMake comes with a curses based interface called `ccmake`. To run `ccmake` +on a curl use the instructions for the command line cmake, but substitute +`ccmake` for `cmake`. + +This brings up a curses interface with instructions on the bottom of the +screen. You can press the "c" key to configure the project, and the "g" key to +generate the project. After the project is generated, you can run make. + +## Using `cmake-gui` + +CMake also comes with a Qt based GUI called `cmake-gui`. To configure with +`cmake-gui`, you run `cmake-gui` and follow these steps: + +1. Fill in the "Where is the source code" combo box with the path to + the curl source tree. +2. Fill in the "Where to build the binaries" combo box with the path to + the directory for your build tree, ideally this should not be the same + as the source tree, but a parallel directory called curl-build or + something similar. +3. Once the source and binary directories are specified, press the + "Configure" button. +4. Select the native build tool that you want to use. +5. At this point you can change any of the options presented in the GUI. + Once you have selected all the options you want, click the "Generate" + button. + +# Building + +Build (you have to specify the build directory). + + $ cmake --build ../curl-build + +## Static builds + +The CMake build setup is primarily done to work with shared/dynamic third +party dependencies. When linking with shared libraries, the dependency "chain" +is handled automatically by the library loader - on all modern systems. + +If you instead link with a static library, you need to provide all the +dependency libraries already at the link command line. + +Figuring out all the dependency libraries for a given library is hard, as it +might involve figuring out the dependencies of the dependencies and they vary +between platforms and can change between versions. + +When using static dependencies, the build scripts mostly assume that you, the +user, provide all the necessary additional dependency libraries as additional +arguments in the build. + +Building statically is not for the faint of heart. + +### Fallback for CMake before version 3.13 + +CMake before version 3.13 does not support the `--build` option. In that +case, you have to `cd` to the build directory and use the building tool that +corresponds to the build files that CMake generated for you. This example +assumes that CMake generates `Makefile`: + + $ cd ../curl-build + $ make + +# Testing + +(The test suite does not yet work with the cmake build) + +# Installing + +Install to default location (you have to specify the build directory). + + $ cmake --install ../curl-build + +Do not use `--prefix` to change the installation prefix as the output produced +by the `curl-config` script is determined at CMake configure time. If you want +to set a custom install prefix for curl, set +[`CMAKE_INSTALL_PREFIX`](https://cmake.org/cmake/help/latest/variable/CMAKE_INSTALL_PREFIX.html) +when configuring the CMake build. + +### Fallback for CMake before version 3.15 + +CMake before version 3.15 does not support the `--install` option. In that +case, you have to `cd` to the build directory and use the building tool that +corresponds to the build files that CMake generated for you. This example +assumes that CMake generates `Makefile`: + + $ cd ../curl-build + $ make install + +# CMake usage + +This section describes how to locate and use curl/libcurl from CMake-based +projects. + +## Using `find_package` + +To locate libcurl from CMake, one can use the standard +[`find_package`](https://cmake.org/cmake/help/latest/command/find_package.html) +command in the typical fashion: + +```cmake +find_package(CURL 8.12.0 REQUIRED) # FATAL_ERROR if CURL is not found +``` + +This invokes the CMake-provided +[FindCURL](https://cmake.org/cmake/help/latest/module/FindCURL.html) find module, +which first performs a search using the `find_package` +[config mode](https://cmake.org/cmake/help/latest/command/find_package.html#config-mode-search-procedure). +This is supported by the `CURLConfig.cmake` CMake config script which is +available if the given CURL was built and installed using CMake. + +### Detecting CURL features/protocols + +Since version 8.12.0, `CURLConfig.cmake` publishes the supported CURL features +and protocols (see [release notes](https://curl.se/ch/8.12.0.html)). These can +be specified using the `find_package` keywords `COMPONENTS` and +`OPTIONAL_COMPONENTS`, with protocols in all caps, e.g. `HTTPS`, `LDAP`, while +features should be in their original sentence case, e.g. `AsynchDNS`, +`UnixSockets`. If any of the `COMPONENTS` are missing, then CURL is considered +as *not* found. + +Here is an example of using `COMPONENTS` and `OPTIONAL_COMPONENTS` in +`find_package` with CURL: + +```cmake +# CURL_FOUND is FALSE if no HTTPS but brotli and zstd can be missing +find_package(CURL 8.12.0 COMPONENTS HTTPS OPTIONAL_COMPONENTS brotli zstd) +``` + +One can also check the defined `CURL_SUPPORTS_` variables +if a particular feature/protocol is supported. For example: + +```cmake +# check HTTPS +if(CURL_SUPPORTS_HTTPS) + message(STATUS "CURL supports HTTPS") +else() + message(STATUS "CURL does NOT support HTTPS") +endif() +``` + +### Linking against libcurl + +To link a CMake target against libcurl one can use +[`target_link_libraries`](https://cmake.org/cmake/help/latest/command/target_link_libraries.html) +as usual: + +```cmake +target_link_libraries(my_target PRIVATE CURL::libcurl) +``` + +# CMake build options + +- `BUILD_CURL_EXE`: Build curl executable. Default: `ON` +- `BUILD_EXAMPLES`: Build libcurl examples. Default: `ON` +- `BUILD_LIBCURL_DOCS`: Build libcurl man pages. Default: `ON` +- `BUILD_MISC_DOCS`: Build misc man pages (e.g. `curl-config` and `mk-ca-bundle`). Default: `ON` +- `BUILD_SHARED_LIBS`: Build shared libraries. Default: `ON` (if target platform supports shared libs, otherwise `OFF`) +- `BUILD_STATIC_CURL`: Build curl executable with static libcurl. Default: `OFF` (turns to `ON`, when building static libcurl only) +- `BUILD_STATIC_LIBS`: Build static libraries. Default: `OFF` (turns to `ON` if `BUILD_SHARED_LIBS` is `OFF`) +- `BUILD_TESTING`: Build tests. Default: `ON` +- `CURL_BUILD_EVERYTHING`: Build optional build targets (examples, tests) by default. Default: `OFF` + Set `QUICK` to build examples quickly with the `curl-examples-build` target (for build tests). + Set `NOEXAMPLES` to not build examples. +- `CURL_CLANG_TIDY`: Run the build through `clang-tidy`. Default: `OFF` + If enabled, it implies `CURL_DISABLE_TYPECHECK=ON` and force-disables unity mode + for libcurl and the curl tool. +- `CURL_CLANG_TIDYFLAGS`: Custom options to pass to `clang-tidy`. Default: (empty) +- `CURL_CODE_COVERAGE`: Enable code coverage build options. Default: `OFF` +- `CURL_COMPLETION_FISH`: Install fish completions. Default: `OFF` +- `CURL_COMPLETION_FISH_DIR`: Custom fish completion install directory. +- `CURL_COMPLETION_ZSH`: Install zsh completions. Default: `OFF` +- `CURL_COMPLETION_ZSH_DIR`: Custom zsh completion install directory. +- `CURL_DEFAULT_SSL_BACKEND`: Override default TLS backend in MultiSSL builds. + Accepted values in order of default priority: + `wolfssl`, `gnutls`, `mbedtls`, `openssl`, `schannel`, `rustls` +- `CURL_DROP_UNUSED`: Drop unused code and data from built binaries. Default: `OFF` +- `CURL_ENABLE_EXPORT_TARGET`: Enable CMake export target. Default: `ON` +- `CURL_GCC_ANALYZER`: Enable GCC `--analyzer` option. Default: `OFF` +- `CURL_HIDDEN_SYMBOLS`: Hide libcurl internal symbols (=hide all symbols that are not officially external). Default: `ON` +- `CURL_LIBCURL_SOVERSION`: Enable libcurl SOVERSION. Default: `ON` for supported platforms +- `CURL_LIBCURL_VERSIONED_SYMBOLS`: Enable libcurl versioned symbols. Default: `OFF` +- `CURL_LIBCURL_VERSIONED_SYMBOLS_PREFIX`: Override default versioned symbol prefix. Default: `_` or `MULTISSL_` +- `CURL_LINT`: Run lint checks while building. Default: `OFF` +- `CURL_LTO`: Enable compiler Link Time Optimizations. Default: `OFF` +- `CURL_PATCHSTAMP`: Set security patch string for `curl -V`/`curl --version` output. +- `CURL_STATIC_CRT`: Build libcurl with static CRT with MSVC (`/MT`) (requires UCRT, static libcurl or no curl executable). Default: `OFF` +- `CURL_TARGET_WINDOWS_VERSION`: Minimum target Windows version as hex string, e.g. `0x0a00` for Windows 10. +- `CURL_WERROR`: Turn compiler warnings into errors. Default: `OFF` +- `ENABLE_CURL_MANUAL`: Build the man page for curl and enable its `-M`/`--manual` option. Default: `ON` +- `ENABLE_DEBUG`: Enable curl debug features (for developing curl itself). Default: `OFF` +- `IMPORT_LIB_SUFFIX`: Import library suffix. Default: `_imp` for MSVC-like toolchains, otherwise empty. +- `LIBCURL_OUTPUT_NAME`: Basename of the curl library. Default: `libcurl` +- `PICKY_COMPILER`: Enable picky compiler options. Default: `ON` +- `SHARE_LIB_OBJECT`: Build shared and static libcurl in a single pass (requires CMake 3.12 or newer). Default: `ON` for Windows +- `STATIC_LIB_SUFFIX`: Static library suffix. Default: (empty) + +## CA bundle options + +- `CURL_CA_BUNDLE`: Absolute path to the CA bundle. Set `none` to disable or `auto` for auto-detection. Default: `auto` +- `CURL_CA_EMBED`: Absolute path to the CA bundle to embed in the curl tool. Default: (disabled) +- `CURL_CA_FALLBACK`: Use built-in CA store of OpenSSL. Default: `OFF` +- `CURL_CA_NATIVE`: Use native CA store. Default: `OFF` + Supported by GnuTLS, OpenSSL (including forks) on Windows, wolfSSL. +- `CURL_CA_PATH`: Absolute path to a directory containing CA certificates stored individually. Set `none` to disable or `auto` for auto-detection. Default: `auto` +- `CURL_CA_SEARCH_SAFE`: Enable safe CA bundle search (within the curl tool directory) on Windows. Default: `OFF` + +## Enabling features + +- `CURL_ENABLE_NTLM`: Enable NTLM support. Default: `OFF` +- `CURL_ENABLE_SSL`: Enable SSL support. Default: `ON` +- `CURL_WINDOWS_SSPI`: Enable SSPI on Windows. Default: =`CURL_USE_SCHANNEL` +- `ENABLE_IPV6`: Enable IPv6 support. Default: `ON` if target supports IPv6. +- `ENABLE_THREADED_RESOLVER`: Enable threaded DNS lookup. Default: `ON` if c-ares is not enabled and target supports threading. +- `ENABLE_UNICODE`: Use the Unicode version of the Windows API functions. Default: `OFF` +- `ENABLE_UNIX_SOCKETS`: Enable Unix domain sockets support. Default: `ON` +- `USE_ECH`: Enable ECH support. Default: `OFF` +- `USE_HTTPSRR`: Enable HTTPS RR support. Default: `OFF` +- `USE_SSLS_EXPORT`: Enable experimental SSL session import/export. Default: `OFF` + +## Disabling features + +- `CURL_DISABLE_ALTSVC`: Disable alt-svc support. Default: `OFF` +- `CURL_DISABLE_AWS`: Disable **aws-sigv4**. Default: `OFF` +- `CURL_DISABLE_BASIC_AUTH`: Disable Basic authentication. Default: `OFF` +- `CURL_DISABLE_BEARER_AUTH`: Disable Bearer authentication. Default: `OFF` +- `CURL_DISABLE_BINDLOCAL`: Disable local binding support. Default: `OFF` +- `CURL_DISABLE_CA_SEARCH`: Disable unsafe CA bundle search in PATH on Windows. Default: `OFF` (turns to `ON`, when `CURL_CA_NATIVE=ON`) +- `CURL_DISABLE_COOKIES`: Disable cookies support. Default: `OFF` +- `CURL_DISABLE_DICT`: Disable DICT. Default: `OFF` +- `CURL_DISABLE_DIGEST_AUTH`: Disable Digest authentication. Default: `OFF` +- `CURL_DISABLE_DOH`: Disable DNS-over-HTTPS. Default: `OFF` +- `CURL_DISABLE_FILE`: Disable FILE. Default: `OFF` +- `CURL_DISABLE_FORM_API`: Disable **form-api**. Default: =`CURL_DISABLE_MIME` +- `CURL_DISABLE_FTP`: Disable FTP. Default: `OFF` +- `CURL_DISABLE_GETOPTIONS`: Disable `curl_easy_options` API for existing options to `curl_easy_setopt`. Default: `OFF` +- `CURL_DISABLE_GOPHER`: Disable Gopher. Default: `OFF` +- `CURL_DISABLE_HEADERS_API`: Disable **headers-api** support. Default: `OFF` +- `CURL_DISABLE_HSTS`: Disable HSTS support. Default: `OFF` +- `CURL_DISABLE_HTTP`: Disable HTTP. Default: `OFF` +- `CURL_DISABLE_HTTP_AUTH`: Disable all HTTP authentication methods. Default: `OFF` +- `CURL_DISABLE_IMAP`: Disable IMAP. Default: `OFF` +- `CURL_DISABLE_INSTALL`: Disable installation targets. Default: `OFF` +- `CURL_DISABLE_IPFS`: Disable IPFS. Default: `OFF` +- `CURL_DISABLE_KERBEROS_AUTH`: Disable Kerberos authentication. Default: `OFF` +- `CURL_DISABLE_LDAP`: Disable LDAP. Default: `OFF` +- `CURL_DISABLE_LDAPS`: Disable LDAPS. Default: =`CURL_DISABLE_LDAP` +- `CURL_DISABLE_LIBCURL_OPTION`: Disable `--libcurl` option from the curl tool. Default: `OFF` +- `CURL_DISABLE_MIME`: Disable MIME support. Default: `OFF` +- `CURL_DISABLE_MQTT`: Disable MQTT. Default: `OFF` +- `CURL_DISABLE_NEGOTIATE_AUTH`: Disable negotiate authentication. Default: `OFF` +- `CURL_DISABLE_NETRC`: Disable netrc parser. Default: `OFF` +- `CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG`: Disable automatic loading of OpenSSL configuration. Default: `OFF` +- `CURL_DISABLE_PARSEDATE`: Disable date parsing. Default: `OFF` +- `CURL_DISABLE_POP3`: Disable POP3. Default: `OFF` +- `CURL_DISABLE_PROGRESS_METER`: Disable built-in progress meter. Default: `OFF` +- `CURL_DISABLE_PROXY`: Disable proxy support. Default: `OFF` +- `CURL_DISABLE_RTSP`: Disable RTSP. Default: `OFF` +- `CURL_DISABLE_SHA512_256`: Disable SHA-512/256 hash algorithm. Default: `OFF` +- `CURL_DISABLE_SHUFFLE_DNS`: Disable shuffle DNS feature. Default: `OFF` +- `CURL_DISABLE_SMB`: Disable SMB. Default: `OFF` +- `CURL_DISABLE_SMTP`: Disable SMTP. Default: `OFF` +- `CURL_DISABLE_SOCKETPAIR`: Disable use of socketpair for curl_multi_poll(). Default: `OFF` +- `CURL_DISABLE_SRP`: Disable TLS-SRP support. Default: `OFF` +- `CURL_DISABLE_TELNET`: Disable Telnet. Default: `OFF` +- `CURL_DISABLE_TFTP`: Disable TFTP. Default: `OFF` +- `CURL_DISABLE_TYPECHECK`: Disable curl_easy_setopt()/curl_easy_getinfo() type checking. Default: `OFF` +- `CURL_DISABLE_VERBOSE_STRINGS`: Disable verbose strings. Default: `OFF` +- `CURL_DISABLE_WEBSOCKETS`: Disable WebSocket. Default: `OFF` +- `HTTP_ONLY`: Disable all protocols except HTTP (This overrides all `CURL_DISABLE_*` options). Default: `OFF` + +## Environment + +- `CI`: Assume running under CI if set. +- `CURL_BUILDINFO`: Print `buildinfo.txt` if set. +- `CURL_CI`: Assume running under CI if set. + +## CMake options + +- `CMAKE_BUILD_TYPE`: (see CMake) +- `CMAKE_DEBUG_POSTFIX`: Default: `-d` +- `CMAKE_IMPORT_LIBRARY_SUFFIX` (see CMake) +- `CMAKE_INSTALL_BINDIR` (see CMake) +- `CMAKE_INSTALL_INCLUDEDIR` (see CMake) +- `CMAKE_INSTALL_LIBDIR` (see CMake) +- `CMAKE_INSTALL_PREFIX` (see CMake) +- `CMAKE_STATIC_LIBRARY_SUFFIX` (see CMake) +- `CMAKE_UNITY_BUILD_BATCH_SIZE`: Set the number of sources in a "unity" unit. Default: `0` (all) +- `CMAKE_UNITY_BUILD`: Enable "unity" (aka "jumbo") builds. Default: `OFF` + +Details via CMake +[variables](https://cmake.org/cmake/help/latest/manual/cmake-variables.7.html) and +[install directories](https://cmake.org/cmake/help/latest/module/GNUInstallDirs.html). + +## Dependencies + +- `CURL_BROTLI`: Use brotli (`ON`, `OFF` or `AUTO`). Default: `AUTO` +- `CURL_USE_CMAKECONFIG`: Enable detecting dependencies via CMake Config. Default: `ON` for MSVC (except under vcpkg), if not cross-compiling. (experimental) +- `CURL_USE_GNUTLS`: Enable GnuTLS for SSL/TLS. Default: `OFF` +- `CURL_USE_GSASL`: Use libgsasl. Default: `OFF` +- `CURL_USE_GSSAPI`: Use GSSAPI implementation. Default: `OFF` +- `CURL_USE_LIBBACKTRACE`: Use [libbacktrace](https://github.com/ianlancetaylor/libbacktrace). Requires debug-enabled build and DWARF debug information. Default: `OFF` +- `CURL_USE_LIBPSL`: Use libpsl. Default: `ON` +- `CURL_USE_LIBSSH2`: Use libssh2. Default: `ON` +- `CURL_USE_LIBSSH`: Use libssh. Default: `OFF` +- `CURL_USE_LIBUV`: Use libuv for event-based tests. Default: `OFF` +- `CURL_USE_MBEDTLS`: Enable mbedTLS for SSL/TLS. Default: `OFF` +- `CURL_USE_OPENSSL`: Enable OpenSSL for SSL/TLS. Default: `ON` if no other TLS backend was enabled. +- `CURL_USE_PKGCONFIG`: Enable `pkg-config` to detect dependencies. Default: `ON` for Unix (except Android, Apple devices), vcpkg, MinGW if not cross-compiling. +- `CURL_USE_RUSTLS`: Enable Rustls for SSL/TLS. Default: `OFF` +- `CURL_USE_SCHANNEL`: Enable Windows native SSL/TLS (Schannel). Default: `OFF` +- `CURL_USE_WOLFSSL`: Enable wolfSSL for SSL/TLS. Default: `OFF` +- `CURL_ZLIB`: Use zlib (`ON`, `OFF` or `AUTO`). Default: `AUTO` +- `CURL_ZSTD`: Use zstd (`ON`, `OFF` or `AUTO`). Default: `AUTO` +- `ENABLE_ARES`: Enable c-ares support. Default: `OFF` +- `USE_APPLE_IDN`: Use Apple built-in IDN support. Default: `OFF` +- `USE_APPLE_SECTRUST`: Use Apple OS-native certificate verification. Default: `OFF` +- `USE_LIBIDN2`: Use libidn2 for IDN support. Default: `ON` +- `USE_NGHTTP2`: Use nghttp2 library. Default: `ON` +- `USE_NGTCP2`: Use ngtcp2 and nghttp3 libraries for HTTP/3 support. Default: `OFF` +- `USE_QUICHE`: Use quiche library for HTTP/3 support. Default: `OFF` +- `USE_WIN32_IDN`: Use WinIDN for IDN support. Default: `OFF` +- `USE_WIN32_LDAP`: Use Windows LDAP implementation. Default: `ON` + +## Dependency options (via CMake) + +- `OPENSSL_ROOT_DIR`: Absolute path to the root installation of OpenSSL (and forks). +- `OPENSSL_INCLUDE_DIR`: Absolute path to OpenSSL include directory. +- `OPENSSL_SSL_LIBRARY`: Absolute path to `ssl` library. With MSVC, CMake uses variables `SSL_EAY_DEBUG`/`SSL_EAY_RELEASE` instead. +- `OPENSSL_CRYPTO_LIBRARY`: Absolute path to `crypto` library. With MSVC, CMake uses variables `LIB_EAY_DEBUG`/`LIB_EAY_RELEASE` instead. +- `OPENSSL_USE_STATIC_LIBS`: Look for static OpenSSL libraries. +- `ZLIB_INCLUDE_DIR`: Absolute path to zlib include directory. +- `ZLIB_LIBRARY`: Absolute path to `zlib` library. +- `ZLIB_USE_STATIC_LIBS`: Look for static `zlib` library (requires CMake v3.24). +- `_DIR`: Absolute path to `` CMake Config directory where `*.cmake` files reside. Used when `CURL_USE_CMAKECONFIG` is enabled. + `` may be: + `Libssh2`, `MbedTLS`, `NGHTTP2`, `NGHTTP3`, + `NGTCP2` 1.19.0+ (with non-fork OpenSSL only), + `Zstd` 1.4.5+. + +## Dependency options (tools) + +- `CLANG_TIDY`: Absolute path to `clang-tidy` tool used with `CURL_CLANG_TIDY=ON`. Default: search for `clang-tidy` +- `PERL_EXECUTABLE`: Absolute path to Perl binary used throughout the build and tests. Default: auto-detect + +## Dependency options (libraries) + +- `AMISSL_INCLUDE_DIR`: Absolute path to AmiSSL include directory. +- `AMISSL_STUBS_LIBRARY`: Absolute path to `amisslstubs` library. +- `AMISSL_AUTO_LIBRARY`: Absolute path to `amisslauto` library. +- `BORINGSSL_VERSION`: Set BoringSSL version for `curl -V`/`curl --version` output. +- `BROTLI_INCLUDE_DIR`: Absolute path to brotli include directory. +- `BROTLICOMMON_LIBRARY`: Absolute path to `brotlicommon` library. +- `BROTLIDEC_LIBRARY`: Absolute path to `brotlidec` library. +- `BROTLI_USE_STATIC_LIBS`: Configure for static brotli libraries. (experimental) +- `CARES_INCLUDE_DIR`: Absolute path to c-ares include directory. +- `CARES_LIBRARY`: Absolute path to `cares` library. +- `CARES_USE_STATIC_LIBS`: Configure for static c-ares libraries. (experimental) +- `DL_LIBRARY`: Absolute path to `dl` library. (for Rustls) +- `GNUTLS_INCLUDE_DIR`: Absolute path to GnuTLS include directory. +- `GNUTLS_LIBRARY`: Absolute path to `gnutls` library. +- `GSS_ROOT_DIR`: Absolute path to the root installation of GSS. (also supported as environment) +- `LDAP_INCLUDE_DIR`: Absolute path to LDAP include directory. +- `LDAP_LIBRARY`: Absolute path to `ldap` library. +- `LDAP_LBER_LIBRARY`: Absolute path to `lber` library. +- `LIBBACKTRACE_INCLUDE_DIR`: Absolute path to libbacktrace include directory (https://github.com/ianlancetaylor/libbacktrace). +- `LIBBACKTRACE_LIBRARY`: Absolute path to `libbacktrace` library. +- `LIBGSASL_INCLUDE_DIR`: Absolute path to libgsasl include directory. +- `LIBGSASL_LIBRARY`: Absolute path to `libgsasl` library. +- `LIBIDN2_INCLUDE_DIR`: Absolute path to libidn2 include directory. +- `LIBIDN2_LIBRARY`: Absolute path to `libidn2` library. +- `LIBPSL_INCLUDE_DIR`: Absolute path to libpsl include directory. +- `LIBPSL_LIBRARY`: Absolute path to `libpsl` library. +- `LIBSSH_INCLUDE_DIR`: Absolute path to libssh include directory. +- `LIBSSH_LIBRARY`: Absolute path to `libssh` library. +- `LIBSSH_USE_STATIC_LIBS`: Configure for static libssh libraries. (experimental) +- `LIBSSH2_INCLUDE_DIR`: Absolute path to libssh2 include directory. +- `LIBSSH2_LIBRARY`: Absolute path to `libssh2` library. +- `LIBSSH2_USE_STATIC_LIBS`: Configure for static libssh2 libraries. (experimental) +- `LIBUV_INCLUDE_DIR`: Absolute path to libuv include directory. +- `LIBUV_LIBRARY`: Absolute path to `libuv` library. +- `MATH_LIBRARY`: Absolute path to `m` library. (for Rustls, wolfSSL) +- `MBEDTLS_INCLUDE_DIR`: Absolute path to mbedTLS include directory. +- `MBEDTLS_LIBRARY`: Absolute path to `mbedtls` library. +- `MBEDX509_LIBRARY`: Absolute path to `mbedx509` library. +- `MBEDCRYPTO_LIBRARY`: Absolute path to `mbedcrypto` library. +- `MBEDTLS_USE_STATIC_LIBS`: Configure for static mbedTLS libraries. (experimental) +- `NGHTTP2_INCLUDE_DIR`: Absolute path to nghttp2 include directory. +- `NGHTTP2_LIBRARY`: Absolute path to `nghttp2` library. +- `NGHTTP2_USE_STATIC_LIBS`: Configure for static nghttp2 libraries. (experimental) +- `NGHTTP3_INCLUDE_DIR`: Absolute path to nghttp3 include directory. +- `NGHTTP3_LIBRARY`: Absolute path to `nghttp3` library. +- `NGHTTP3_USE_STATIC_LIBS`: Configure for static nghttp3 libraries. (experimental) +- `NGTCP2_INCLUDE_DIR`: Absolute path to ngtcp2 include directory. +- `NGTCP2_LIBRARY`: Absolute path to `ngtcp2` library. +- `NGTCP2_CRYPTO_BORINGSSL_LIBRARY`: Absolute path to `ngtcp2_crypto_boringssl` library. (also for AWS-LC) +- `NGTCP2_CRYPTO_GNUTLS_LIBRARY`: Absolute path to `ngtcp2_crypto_gnutls` library. +- `NGTCP2_CRYPTO_LIBRESSL_LIBRARY`: Absolute path to `ngtcp2_crypto_libressl` library. (requires ngtcp2 1.15.0+) +- `NGTCP2_CRYPTO_OSSL_LIBRARY`: Absolute path to `ngtcp2_crypto_ossl` library. +- `NGTCP2_CRYPTO_QUICTLS_LIBRARY`: Absolute path to `ngtcp2_crypto_quictls` library. (also for LibreSSL with ngtcp2 <1.15.0) +- `NGTCP2_CRYPTO_WOLFSSL_LIBRARY`: Absolute path to `ngtcp2_crypto_wolfssl` library. +- `NGTCP2_USE_STATIC_LIBS`: Configure for static ngtcp2 libraries. (experimental) +- `NETTLE_INCLUDE_DIR`: Absolute path to nettle include directory. +- `NETTLE_LIBRARY`: Absolute path to `nettle` library. +- `PTHREAD_LIBRARY`: Absolute path to `pthread` library. (for Rustls) +- `QUICHE_INCLUDE_DIR`: Absolute path to quiche include directory. +- `QUICHE_LIBRARY`: Absolute path to `quiche` library. +- `RUSTLS_INCLUDE_DIR`: Absolute path to Rustls include directory. +- `RUSTLS_LIBRARY`: Absolute path to `rustls` library. +- `WATT_ROOT`: Absolute path to the root installation of Watt-32. +- `WOLFSSL_INCLUDE_DIR`: Absolute path to wolfSSL include directory. +- `WOLFSSL_LIBRARY`: Absolute path to `wolfssl` library. +- `ZSTD_INCLUDE_DIR`: Absolute path to zstd include directory. +- `ZSTD_LIBRARY`: Absolute path to `zstd` library. +- `ZSTD_USE_STATIC_LIBS`: Configure for static zstd libraries. (experimental) + +Examples: + +- `-DLIBPSL_INCLUDE_DIR=/path/to/libpl/include`, + which directory contains `libpsl.h`. + No ending slash or backslash is necessary. + +- `-DNGHTTP3_INCLUDE_DIR=/path/to/libnghttp3/include`, + which directory contains an `nghttp3` subdirectory with `.h` files in it. + +- `-DLIBPSL_LIBRARY=/path/to/libpsl/lib/libpsl.a` + Always a single library, with its complete filename, as-is on the file system. + +- `-DOPENSSL_ROOT_DIR=/path/to/openssl`, + which directory (typically) contains `include` and `lib` subdirectories. + No ending slash or backslash is necessary. + +## Dependency options (Apple frameworks) + +- `COREFOUNDATION_FRAMEWORK`: Absolute path to `CoreFoundation` framework. (for IPv6 non-c-ares, SecTrust, wolfSSL) +- `CORESERVICES_FRAMEWORK`: Absolute path to `CoreServices` framework. (for IPv6 non-c-ares, SecTrust) +- `FOUNDATION_FRAMEWORK`: Absolute path to `Foundation` framework. (for Rustls) +- `SECURITY_FRAMEWORK`: Absolute path to `Security` framework. (for Rustls, SecTrust, wolfSSL) +- `SYSTEMCONFIGURATION_FRAMEWORK`: Absolute path to `SystemConfiguration` framework. (for IPv6 non-c-ares) + +## Test tools + +- `APXS`: Absolute path. Default: search for `apxs` +- `CADDY`: Absolute path. Default: search for `caddy` +- `HTTPD_NGHTTPX`: Absolute path. Default: search for `nghttpx` +- `HTTPD`: Absolute path. Default: search for `apache2` +- `DANTED`: Absolute path. Default: search for `danted` +- `TEST_NGHTTPX`: Absolute path. Default: search for `nghttpx` +- `VSFTPD`: Absolute path. Default: search for `vsftps` +- `SSHD`: Absolute path. Default: search for `sshd` +- `SFTPD`: Absolute path. Default: search for `sftp-server` + +## Feature detection variables + +By default the curl CMake build script detects the version of some dependencies +using `check_symbol_exists()`. Those checks do not work in the case that both +CURL and its dependency are included as sub-projects in a larger build using +`FetchContent`. To support that case, additional variables may be defined by +the parent project, ideally in the "extra" find package redirect file: + + +Available variables: + +- `HAVE_DES_ECB_ENCRYPT`: `DES_ecb_encrypt` present in OpenSSL (or fork). +- `HAVE_GNUTLS_SRP`: `gnutls_srp_verifier` present in GnuTLS. +- `HAVE_LDAP_INIT_FD`: `ldap_init_fd` present in LDAP library. +- `HAVE_LDAP_URL_PARSE`: `ldap_url_parse` present in LDAP library. +- `HAVE_MBEDTLS_DES_CRYPT_ECB`: `mbedtls_des_crypt_ecb` present in mbedTLS <4. +- `HAVE_OPENSSL_SRP`: `SSL_CTX_set_srp_username` present in OpenSSL (or fork). +- `HAVE_QUICHE_CONN_SET_QLOG_FD`: `quiche_conn_set_qlog_fd` present in quiche. +- `HAVE_RUSTLS_SUPPORTED_HPKE`: `rustls_supported_hpke` present in Rustls (unused if Rustls is detected via `pkg-config`). +- `HAVE_SSL_SET0_WBIO`: `SSL_set0_wbio` present in OpenSSL (or fork). +- `HAVE_SSL_SET1_ECH_CONFIG_LIST`: `SSL_set1_ech_config_list` present in OpenSSL (or fork). +- `HAVE_SSL_SET_QUIC_TLS_CBS`: `SSL_set_quic_tls_cbs` in OpenSSL. +- `HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT`: `SSL_set_quic_use_legacy_codepoint` in OpenSSL fork. +- `HAVE_WOLFSSL_BIO_NEW`: `wolfSSL_BIO_new` present in wolfSSL. +- `HAVE_WOLFSSL_BIO_SET_SHUTDOWN`: `wolfSSL_BIO_set_shutdown` present in wolfSSL. +- `HAVE_WOLFSSL_CTX_GENERATEECHCONFIG`: `wolfSSL_CTX_GenerateEchConfig` present in wolfSSL. +- `HAVE_WOLFSSL_DES_ECB_ENCRYPT`: `wolfSSL_DES_ecb_encrypt` present in wolfSSL. +- `HAVE_WOLFSSL_GET_PEER_CERTIFICATE`: `wolfSSL_get_peer_certificate` present in wolfSSL. +- `HAVE_WOLFSSL_SET_QUIC_USE_LEGACY_CODEPOINT`: + `wolfSSL_set_quic_use_legacy_codepoint` present in wolfSSL. +- `HAVE_WOLFSSL_USEALPN`: `wolfSSL_UseALPN` present in wolfSSL. + +For each of the above variables, if the variable is *defined* (either to `ON` +or `OFF`), the symbol detection is skipped. If the variable is *not defined*, +the feature detection is performed. + +Note: These variables are internal and subject to change. + +## Useful build targets + +- `testdeps`: Build test dependencies (test binaries, test certificates). + Test certificates: `build-certs` (clean with `clean-certs`) +- `tests`: Run tests (`runtests.pl`). Customize via the `TFLAGS` environment variable, e.g. `TFLAGS=1621`. + Other flavors: `test-am`, `test-ci`, `test-event`, `test-full`, `test-nonflaky`, `test-quiet`, `test-torture` +- `tt`: Build test binaries (servers, tools). + Individual targets: `curlinfo`, `libtests`, `servers`, `tunits`, `units` +- `curl-pytest`: Run tests (pytest). + Other flavor: `curl-test-ci` +- `curl-examples`: Build examples + Individual targets: `curl-example-`, + where is the .c filename without extension. +- `curl-examples-build`: Build examples quickly but without the ability to run them. (for build tests) +- `curl-man`: Build man pages. (built by default unless disabled) +- `curl`: Build curl tool. +- `curl_uninstall`: Uninstall curl. +- `curl-completion-fish`: Build shell completions for fish. (built by default if enabled) +- `curl-completion-zsh`: Build shell completions for zsh. (built by default if enabled) +- `curl-ca-bundle`: Build the CA bundle via `scripts/mk-ca-bundle.pl`. +- `curl-ca-firefox`: Build the CA bundle via `scripts/firefox-db2pem.sh`. +- `curl-lint`: Run lint checks. +- `curl-listcats`: Generate help category constants for `src/tool_help.h` from documentation. +- `curl-listhelp`: Generate `src/tool_listhelp.c` from documentation. +- `curl-optiontable`: Generate `lib/easyoptions.c` from documentation. + +# Migrating from Visual Studio IDE Project Files + +We recommend using CMake to build curl with MSVC. + +The project build files reside in project/Windows/VC\* for VS2010, VS2012 and +VS2013. + +These CMake Visual Studio generators require CMake v3.24 or older. You can +download them from . + +You can also use `-G "NMake Makefiles"`, which is supported by all CMake +versions. + +Configuration element | Equivalent CMake options +:-------------------------------- | :-------------------------------- +`VC10` | `-G "Visual Studio 10 2010"` +`VC11` | `-G "Visual Studio 11 2012"` +`VC12` | `-G "Visual Studio 12 2013"` +`x64` | `-A x64` +`Win32` | `-A Win32` +`DLL` | `BUILD_SHARED_LIBS=ON`, `BUILD_STATIC_LIBS=OFF`, (default) +`LIB` | `BUILD_SHARED_LIBS=OFF`, `BUILD_STATIC_LIBS=ON` +`Debug` | `CMAKE_BUILD_TYPE=Debug` (`-G "NMake Makefiles"` only) +`Release` | `CMAKE_BUILD_TYPE=Release` (`-G "NMake Makefiles"` only) +`DLL Windows SSPI` | `CURL_USE_SCHANNEL=ON` (with SSPI enabled by default) +`DLL OpenSSL` | `CURL_USE_OPENSSL=ON`, optional: `OPENSSL_ROOT_DIR`, `OPENSSL_USE_STATIC_LIBS=ON` +`DLL libssh2` | `CURL_USE_LIBSSH2=ON`, optional: `LIBSSH2_INCLUDE_DIR`, `LIBSSH2_LIBRARY` +`DLL WinIDN` | `USE_WIN32_IDN=ON` + +For example these commands: + + > cd projects/Windows + > ./generate.bat VC12 + > msbuild "-property:Configuration=DLL Debug - DLL Windows SSPI - DLL WinIDN" VC12/curl-all.sln + +translate to: + + > cmake . -G "Visual Studio 12 2013" -A x64 -DCURL_USE_SCHANNEL=ON -DUSE_WIN32_IDN=ON -DCURL_USE_LIBPSL=OFF + > cmake --build . --config Debug --parallel + +We do *not* specify `-DCMAKE_BUILD_TYPE=Debug` here as we might do for the +`"NMake Makefiles"` generator because the Visual Studio generators are +[multi-config generators](https://cmake.org/cmake/help/latest/prop_gbl/GENERATOR_IS_MULTI_CONFIG.html) +and therefore ignore the value of `CMAKE_BUILD_TYPE`. diff --git a/docs/INSTALL.cmake b/docs/INSTALL.cmake deleted file mode 100644 index 828d9b9c5451..000000000000 --- a/docs/INSTALL.cmake +++ /dev/null @@ -1,89 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - How To Compile with CMake - -Building with CMake -========================== - This document describes how to compile, build and install curl and libcurl - from source code using the CMake build tool. To build with CMake, you will - of course have to first install CMake. The minimum required version of - CMake is specified in the file CMakeLists.txt found in the top of the curl - source tree. Once the correct version of CMake is installed you can follow - the instructions below for the platform you are building on. - - CMake builds can be configured either from the command line, or from one - of CMake's GUI's. - -Current flaws in the curl CMake build -===================================== - - Missing features in the cmake build: - - - Builds libcurl without large file support - - Does not support all SSL libraries (only OpenSSL, Schannel, - Secure Transport, and mbed TLS, NSS, WolfSSL) - - Doesn't allow different resolver backends (no c-ares build support) - - No RTMP support built - - Doesn't allow build curl and libcurl debug enabled - - Doesn't allow a custom CA bundle path - - Doesn't allow you to disable specific protocols from the build - - Doesn't find or use krb4 or GSS - - Rebuilds test files too eagerly, but still can't run the tests - - Doesn't detect the correct strerror_r flavor when cross-compiling (issue #1123) - - -Command Line CMake -================== - A CMake build of curl is similar to the autotools build of curl. It - consists of the following steps after you have unpacked the source. - - 1. Create an out of source build tree parallel to the curl source - tree and change into that directory - - $ mkdir curl-build - $ cd curl-build - - 2. Run CMake from the build tree, giving it the path to the top of - the curl source tree. CMake will pick a compiler for you. If you - want to specify the compile, you can set the CC environment - variable prior to running CMake. - - $ cmake ../curl - $ make - - 3. Install to default location: - - $ make install - - (The test suite does not work with the cmake build) - -ccmake -========= - CMake comes with a curses based interface called ccmake. To run ccmake on - a curl use the instructions for the command line cmake, but substitute - ccmake ../curl for cmake ../curl. This will bring up a curses interface - with instructions on the bottom of the screen. You can press the "c" key - to configure the project, and the "g" key to generate the project. After - the project is generated, you can run make. - -cmake-gui -========= - CMake also comes with a Qt based GUI called cmake-gui. To configure with - cmake-gui, you run cmake-gui and follow these steps: - 1. Fill in the "Where is the source code" combo box with the path to - the curl source tree. - 2. Fill in the "Where to build the binaries" combo box with the path - to the directory for your build tree, ideally this should not be the - same as the source tree, but a parallel directory called curl-build or - something similar. - 3. Once the source and binary directories are specified, press the - "Configure" button. - 4. Select the native build tool that you want to use. - 5. At this point you can change any of the options presented in the - GUI. Once you have selected all the options you want, click the - "Generate" button. - 6. Run the native build tool that you used CMake to generate. diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 84fe82919995..790727100a59 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -1,33 +1,42 @@ -# how to install curl and libcurl + + +# How to install curl and libcurl ## Installing Binary Packages Lots of people download binary distributions of curl and libcurl. This document does not describe how to install curl or libcurl using such a binary package. This document describes how to compile, build and install curl and -libcurl from source code. +libcurl from [source code](https://curl.se/download.html). ## Building using vcpkg -You can download and install curl and libcurl using the [vcpkg](https://github.com/Microsoft/vcpkg/) dependency manager: +You can download and install curl and libcurl using +the [vcpkg](https://github.com/Microsoft/vcpkg) dependency manager: - git clone https://github.com/Microsoft/vcpkg.git + git clone https://github.com/Microsoft/vcpkg cd vcpkg ./bootstrap-vcpkg.sh ./vcpkg integrate install vcpkg install curl[tool] -The curl port in vcpkg is kept up to date by Microsoft team members and community contributors. If the version is out of date, please [create an issue or pull request](https://github.com/Microsoft/vcpkg) on the vcpkg repository. +The curl port in vcpkg is kept up to date by Microsoft team members and +community contributors. If the version is out of date, please [create an issue +or pull request](https://github.com/Microsoft/vcpkg) on the vcpkg repository. ## Building from git If you get your code off a git repository instead of a release tarball, see -the `GIT-INFO` file in the root directory for specific instructions on how to -proceed. +the [GIT-INFO.md](https://github.com/curl/curl/blob/master/GIT-INFO.md) file in +the root directory for specific instructions on how to proceed. # Unix -A normal Unix installation is made in three or four steps (after you've +A normal Unix installation is made in three or four steps (after you have unpacked the source archive): ./configure --with-openssl [--with-gnutls --with-wolfssl] @@ -37,6 +46,9 @@ unpacked the source archive): (Adjust the configure line accordingly to use the TLS library you want.) +By default curl builds with libpsl (Public Suffix List) support. If libpsl is +not available on your system, install it or disable it with `--without-libpsl`. + You probably need to be root when doing the last command. Get a full listing of all available configure options by invoking it like: @@ -56,10 +68,9 @@ your own home directory: make make install -The configure script always tries to find a working SSL library unless -explicitly told not to. If you have OpenSSL installed in the default search -path for your compiler/linker, you don't need to do anything special. If you -have OpenSSL installed in `/usr/local/ssl`, you can run configure like: +The configure script requires you to select a TLS backend explicitly unless +you disable TLS with `--without-ssl`. If you have OpenSSL installed in the +default search path for your compiler/linker, you can run configure like: ./configure --with-openssl @@ -72,134 +83,290 @@ Without pkg-config installed, use this: ./configure --with-openssl=/opt/OpenSSL -If you insist on forcing a build without SSL support, even though you may -have OpenSSL installed in your system, you can run configure like this: +If you insist on forcing a build without SSL support, you can run configure +like this: ./configure --without-ssl If you have OpenSSL installed, but with the libraries in one place and the header files somewhere else, you have to set the `LDFLAGS` and `CPPFLAGS` -environment variables prior to running configure. Something like this should +environment variables prior to running configure. Something like this should work: - CPPFLAGS="-I/path/to/ssl/include" LDFLAGS="-L/path/to/ssl/lib" ./configure + CPPFLAGS="-I/path/to/ssl/include" LDFLAGS="-L/path/to/ssl/lib" ./configure --with-openssl -If you have shared SSL libs installed in a directory where your run-time -linker doesn't find them (which usually causes configure failures), you can -provide this option to gcc to set a hard-coded path to the run-time linker: +If you have shared SSL libs installed in a directory where your runtime +linker does not find them (which usually causes configure failures), you can +provide this option to gcc to set a hard-coded path to the runtime linker: LDFLAGS=-Wl,-R/usr/local/ssl/lib ./configure --with-openssl -## More Options +## Static builds To force a static library compile, disable the shared library creation by running configure like: ./configure --disable-shared -To tell the configure script to skip searching for thread-safe functions, add -an option like: +The configure script is primarily done to work with shared/dynamic third party +dependencies. When linking with shared libraries, the dependency "chain" is +handled automatically by the library loader - on all modern systems. + +If you instead link with a static library, you need to provide all the +dependency libraries already at the link command line. + +Figuring out all the dependency libraries for a given library is hard, as it +might involve figuring out the dependencies of the dependencies and they vary +between platforms and change between versions. + +When using static dependencies, the build scripts mostly assume that you, the +user, provide all the necessary additional dependency libraries as additional +arguments in the build. With configure, by setting `LIBS` or `LDFLAGS` on the +command line. + +Building statically is not for the faint of heart. - ./configure --disable-thread +## Debug -If you're a curl developer and use gcc, you might want to enable more debug +If you are a curl developer and use gcc, you might want to enable more debug options with the `--enable-debug` option. curl can be built to use a whole range of libraries to provide various useful -services, and configure will try to auto-detect a decent default. But if you -want to alter it, you can select how to deal with each individual library. +services, and configure tries to auto-detect a decent default. If you want to +alter it, you can select how to deal with each individual library. + +To debug the build itself, you can set the environment variable +`CURL_TRACE_PKG_CONFIG` to a non-empty value to enable detailed trace +information and verbose errors from `pkg-config` module detection invocations. ## Select TLS backend -These options are provided to select TLS backend to use. +These options are provided to select the TLS backend to use. + +- AmiSSL: `--with-amissl` +- GnuTLS: `--with-gnutls`. +- mbedTLS: `--with-mbedtls` +- OpenSSL: `--with-openssl` (also for BoringSSL, AWS-LC, LibreSSL, and quictls) +- Rustls: `--with-rustls` +- Schannel: `--with-schannel` +- wolfSSL: `--with-wolfssl` + +You can build curl with *multiple* TLS backends at your choice, but some TLS +backends cannot be combined: if you build with an OpenSSL fork (or wolfSSL), +you cannot add another OpenSSL fork (or wolfSSL) because they have +conflicting identical symbol names. + +When you build with multiple TLS backends, you can select the active one at +runtime when curl starts up. + +### Selecting TLS Trust Anchors Defaults + +Verifying a server certificate established a chain of trust that needs to +start somewhere. Those "root" certificates make the set of Trust Anchors. + +While the build system tries to find good defaults on the platform you +use, you may specify these explicitly. The following options are provided: - - AmiSSL: `--with-amissl` - - BearSSL: `--with-bearssl` - - GnuTLS: `--with-gnutls`. - - mbedTLS: `--with-mbedtls` - - MesaLink: `--with-mesalink` - - NSS: `--with-nss` - - OpenSSL: `--with-openssl` (also for BoringSSL and libressl) - - rustls: `--with-rustls` - - schannel: `--with-schannel` - - secure transport: `--with-secure-transport` - - wolfSSL: `--with-wolfssl` +- `--with-ca-bundle=FILE`: the file that libcurl loads default root + certificates from. +- `--with-ca-path=DIRECTORY`: a directory in which root certificates files + are found. +- `--with-ca-embed=FILE`: a file read *at build time* and added to `libcurl`. +- `--with-ca-fallback`: an OpenSSL specific option for delegating default + trust anchor selection to what OpenSSL thinks is best, *if* there are + no other certificates configured by the application. +- `--with-apple-sectrust`: use the system "SecTrust" service on Apple + operating systems for verification. (Added in 8.17.0) + +## MultiSSL and HTTP/3 + +HTTP/3 needs QUIC and QUIC needs TLS. Building libcurl with HTTP/3 and QUIC +support is not compatible with the MultiSSL feature: they are mutually +exclusive. If you need MultiSSL in your build, you cannot have HTTP/3 support +and vice versa. + +libcurl can only use a single TLS library with QUIC and that *same* TLS +library needs to be used for the other TLS using protocols. + +## Configure finding libs in wrong directory + +When the configure script checks for third-party libraries, it adds those +directories to the `LDFLAGS` variable and then tries linking to see if it +works. When successful, the found directory is kept in the `LDFLAGS` variable +when the script continues to execute and do more tests and possibly check for +more libraries. + +This can make subsequent checks for libraries wrongly detect another +installation in a directory that was previously added to `LDFLAGS` by another +library check. # Windows -## Building Windows DLLs and C run-time (CRT) linkage issues +Building for Windows Vista/Server 2008 is required as a minimum. - As a general rule, building a DLL with static CRT linkage is highly - discouraged, and intermixing CRTs in the same app is something to avoid at - any cost. +You can build curl with: - Reading and comprehending Microsoft Knowledge Base articles KB94248 and - KB140584 is a must for any Windows developer. Especially important is full - understanding if you are not going to follow the advice given above. +- Microsoft Visual Studio 2010 v10.0 or later (`_MSC_VER >= 1600`) +- MinGW-w64 3.0 or later (`__MINGW64_VERSION_MAJOR >= 3`) - - [How To Use the C Run-Time](https://support.microsoft.com/help/94248/how-to-use-the-c-run-time) - - [Run-Time Library Compiler Options](https://docs.microsoft.com/cpp/build/reference/md-mt-ld-use-run-time-library) - - [Potential Errors Passing CRT Objects Across DLL Boundaries](https://docs.microsoft.com/cpp/c-runtime-library/potential-errors-passing-crt-objects-across-dll-boundaries) +## Building Windows DLLs and C runtime (CRT) linkage issues -If your app is misbehaving in some strange way, or it is suffering from -memory corruption, before asking for further help, please try first to -rebuild every single library your app uses as well as your app using the -debug multithreaded dynamic C runtime. +As a general rule, building a DLL with static CRT linkage is highly +discouraged, and intermixing CRTs in the same app is something to avoid at +any cost. - If you get linkage errors read section 5.7 of the FAQ document. +Reading and comprehending Microsoft Knowledge Base articles KB94248 and +KB140584 is a must for any Windows developer. Especially important is full +understanding if you are not going to follow the advice given above. -## MingW32 +- [How To Use the C Runtime](https://learn.microsoft.com/troubleshoot/developer/visualstudio/cpp/libraries/use-c-run-time) +- [Runtime Library Compiler Options](https://learn.microsoft.com/cpp/build/reference/md-mt-ld-use-run-time-library) +- [Potential Errors Passing CRT Objects Across DLL Boundaries](https://learn.microsoft.com/cpp/c-runtime-library/potential-errors-passing-crt-objects-across-dll-boundaries) -Make sure that MinGW32's bin dir is in the search path, for example: +If your app is misbehaving in some strange way, or it is suffering from memory +corruption, before asking for further help, please try first to rebuild every +single library your app uses as well as your app using the debug +multi-threaded dynamic C runtime. -```cmd -set PATH=c:\mingw32\bin;%PATH% -``` +If you get linkage errors read section 5.7 of the FAQ document. + +## Cygwin + +Almost identical to the Unix installation. Essentially run the configure script in the +curl source tree root with `sh configure`, then run `make`. + +To expand on building with `cygwin` first ensure it is in your path, and there are no +conflicting tools (*i.e. Chocolatey with sed package*). If so move `cygwin` ahead of any items +in your path that would conflict with `cygwin` commands, making sure you have the `sh` +executable in `/bin/` or you see the configure fail toward the end. + +Download the setup installer from +[`cygwin`](https://cygwin.com/) to begin. Additional `cygwin` +packages are needed for the install. For more on installing packages visit +[`cygwin setup`](https://cygwin.com/faq/faq.html#faq.setup.cli). + +Either run setup-x86_64.exe, then search and select packages individually, or try: + + setup-x86_64.exe -P binutils -P gcc-core -P libpsl-devel -P libtool -P perl -P make -then run `mingw32-make mingw32` in the root dir. There are other -make targets available to build libcurl with more features, use: +If the latter, matching packages should appear in the install rows (*is fickle though*) after selecting +the download site i.e. `https://mirrors.kernel.org/`. In either case, follow the GUI prompts +until you reach the "Select Packages" window; then select packages, click next, and finish +the `cygwin` package installation. - - `mingw32-make mingw32-zlib` to build with Zlib support; - - `mingw32-make mingw32-ssl-zlib` to build with SSL and Zlib enabled; - - `mingw32-make mingw32-ssh2-ssl-zlib` to build with SSH2, SSL, Zlib; - - `mingw32-make mingw32-ssh2-ssl-sspi-zlib` to build with SSH2, SSL, Zlib - and SSPI support. +Download the latest version of the `cygwin` packages required (*and suggested*) for a successful install: -If you have any problems linking libraries or finding header files, be sure -to verify that the provided `Makefile.m32` files use the proper paths, and -adjust as necessary. It is also possible to override these paths with -environment variables, for example: +
+ Package List -```cmd -set ZLIB_PATH=c:\zlib-1.2.8 -set OPENSSL_PATH=c:\openssl-1.0.2c -set LIBSSH2_PATH=c:\libssh2-1.6.0 ``` + binutil - required + gcc-core - required + libpsl-devel - required + libtool - required + perl - required + make - required + - NOTE - if there is an error regarding make, open the cygwin terminal, and run: + ln -s /usr/bin/make /usr/bin/gmake +``` + +
-It is also possible to build with other LDAP SDKs than MS LDAP; currently -it is possible to build with native Win32 OpenLDAP, or with the Novell CLDAP -SDK. If you want to use these you need to set these vars: +Once all the packages have been installed, begin the process of installing curl from the source code: -```cmd -set LDAP_SDK=c:\openldap -set USE_LDAP_OPENLDAP=1 +
+ configure_options + +``` + --with-gnutls + --with-mbedtls + --with-openssl (also works for OpenSSL forks) + --with-rustls + --with-wolfssl + --without-ssl ``` -or for using the Novell SDK: +
+ +1. `sh configure ` +2. `make` + +If any error occurs during curl installation, try: + +- reinstalling the required `cygwin` packages from the list above +- temporarily move `cygwin` to the top of your path +- install all of the suggested `cygwin` packages -```cmd -set USE_LDAP_NOVELL=1 +## MS-DOS + +You can use either autotools or cmake: + +```sh +./configure \ + CC=/path/to/djgpp/bin/i586-pc-msdosdjgpp-gcc \ + AR=/path/to/djgpp/bin/i586-pc-msdosdjgpp-ar \ + RANLIB=/path/to/djgpp/bin/i586-pc-msdosdjgpp-ranlib \ + WATT_ROOT=/path/to/djgpp/net/watt \ + --host=i586-pc-msdosdjgpp \ + --with-openssl=/path/to/djgpp \ + --with-zlib=/path/to/djgpp \ + --without-libpsl \ + --disable-shared ``` -If you want to enable LDAPS support then set LDAPS=1. +```sh +cmake . \ + -DCMAKE_SYSTEM_NAME=DOS \ + -DCMAKE_C_COMPILER_TARGET=i586-pc-msdosdjgpp \ + -DCMAKE_C_COMPILER=/path/to/djgpp/bin/i586-pc-msdosdjgpp-gcc \ + -DWATT_ROOT=/path/to/djgpp/net/watt \ + -DOPENSSL_INCLUDE_DIR=/path/to/djgpp/include \ + -DOPENSSL_SSL_LIBRARY=/path/to/djgpp/lib/libssl.a \ + -DOPENSSL_CRYPTO_LIBRARY=/path/to/djgpp/lib/libcrypto.a \ + -DZLIB_INCLUDE_DIR=/path/to/djgpp/include \ + -DZLIB_LIBRARY=/path/to/djgpp/lib/libz.a \ + -DCURL_USE_LIBPSL=OFF +``` -## Cygwin +Notes: + +- Requires DJGPP 2.04 or upper. + +- Compile Watt-32 (and OpenSSL) with the same version of DJGPP. Otherwise + things go wrong because things like FS-extensions and `errno` values have + been changed between releases. + +## AmigaOS -Almost identical to the unix installation. Run the configure script in the -curl source tree root with `sh configure`. Make sure you have the `sh` -executable in `/bin/` or you'll see the configure fail toward the end. +You can use either autotools or cmake: -Run `make` +```sh +./configure \ + CC=/opt/amiga/bin/m68k-amigaos-gcc \ + AR=/opt/amiga/bin/m68k-amigaos-ar \ + RANLIB=/opt/amiga/bin/m68k-amigaos-ranlib \ + --host=m68k-amigaos \ + --with-amissl \ + CFLAGS='-O0 -msoft-float -mcrt=clib2' \ + CPPFLAGS=-I/path/to/AmiSSL/Developer/include \ + LDFLAGS=-L/path/to/AmiSSL/Developer/lib/AmigaOS3 \ + LIBS='-lnet -lm -latomic' \ + --without-libpsl \ + --disable-shared +``` + +```sh +cmake . \ + -DAMIGA=1 \ + -DCMAKE_SYSTEM_NAME=Generic \ + -DCMAKE_C_COMPILER_TARGET=m68k-unknown-amigaos \ + -DCMAKE_C_COMPILER=/opt/amiga/bin/m68k-amigaos-gcc \ + -DCMAKE_C_FLAGS='-O0 -msoft-float -mcrt=clib2' \ + -DAMISSL_INCLUDE_DIR=/path/to/AmiSSL/Developer/include \ + -DAMISSL_STUBS_LIBRARY=/path/to/AmiSSL/Developer/lib/AmigaOS3/libamisslstubs.a \ + -DAMISSL_AUTO_LIBRARY=/path/to/AmiSSL/Developer/lib/AmigaOS3/libamisslauto.a \ + -DCURL_USE_LIBPSL=OFF +``` ## Disabling Specific Protocols in Windows builds @@ -208,35 +375,32 @@ environment, therefore, you cannot use the various disable-protocol options of the configure utility on this platform. You can use specific defines to disable specific protocols and features. See -[CURL-DISABLE.md](CURL-DISABLE.md) for the full list. +[CURL-DISABLE](https://github.com/curl/curl/blob/master/docs/CURL-DISABLE.md) +for the full list. If you want to set any of these defines you have the following options: - - Modify `lib/config-win32.h` - - Modify `lib/curl_setup.h` - - Modify `winbuild/Makefile.vc` - - Modify the "Preprocessor Definitions" in the libcurl project +- Modify `lib/config-win32.h` +- Modify `lib/curl_setup.h` +- Modify the "Preprocessor Definitions" in the libcurl project Note: The pre-processor settings can be found using the Visual Studio IDE -under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> -Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later -versions. +under "Project -> Properties -> Configuration Properties -> C/C++ -> +Preprocessor". -## Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds +## Using BSD-style lwIP instead of Winsock TCP/IP stack in Windows builds In order to compile libcurl and curl using BSD-style lwIP TCP/IP stack it is -necessary to make definition of preprocessor symbol `USE_LWIPSOCK` visible to -libcurl and curl compilation processes. To set this definition you have the -following alternatives: +necessary to make the definition of the preprocessor symbol `USE_LWIPSOCK` +visible to libcurl and curl compilation processes. To set this definition you +have the following alternatives: - - Modify `lib/config-win32.h` and `src/config-win32.h` - - Modify `winbuild/Makefile.vc` - - Modify the "Preprocessor Definitions" in the libcurl project +- Modify `lib/config-win32.h` +- Modify the "Preprocessor Definitions" in the libcurl project Note: The pre-processor settings can be found using the Visual Studio IDE -under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> -Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later -versions. +under "Project -> Properties -> Configuration Properties -> C/C++ -> +Preprocessor". Once that libcurl has been built with BSD-style lwIP TCP/IP stack support, in order to use it with your program it is mandatory that your program includes @@ -244,110 +408,64 @@ lwIP header file `` (or another lwIP header that includes this) before including any libcurl header. Your program does not need the `USE_LWIPSOCK` preprocessor definition which is for libcurl internals only. -Compilation has been verified with [lwIP -1.4.0](https://download.savannah.gnu.org/releases/lwip/lwip-1.4.0.zip) and -[contrib-1.4.0](https://download.savannah.gnu.org/releases/lwip/contrib-1.4.0.zip). +Compilation has been verified with lwIP 1.4.0. This BSD-style lwIP TCP/IP stack support must be considered experimental given that it has been verified that lwIP 1.4.0 still needs some polish, and libcurl -might yet need some additional adjustment, caveat emptor. +might yet need some additional adjustment. ## Important static libcurl usage note When building an application that uses the static libcurl library on Windows, -you must add `-DCURL_STATICLIB` to your `CFLAGS`. Otherwise the linker will -look for dynamic import symbols. +you must add `-DCURL_STATICLIB` to your `CFLAGS`. Otherwise the linker looks +for dynamic import symbols. ## Legacy Windows and SSL -Schannel (from Windows SSPI), is the native SSL library in Windows. However, -Schannel in Windows <= XP is unable to connect to servers that -no longer support the legacy handshakes and algorithms used by those -versions. If you will be using curl in one of those earlier versions of -Windows you should choose another SSL backend such as OpenSSL. - -# Apple Platforms (macOS, iOS, tvOS, watchOS, and their simulator counterparts) - -On modern Apple operating systems, curl can be built to use Apple's SSL/TLS -implementation, Secure Transport, instead of OpenSSL. To build with Secure -Transport for SSL/TLS, use the configure option `--with-secure-transport`. (It -is not necessary to use the option `--without-openssl`.) - -When Secure Transport is in use, the curl options `--cacert` and `--capath` -and their libcurl equivalents, will be ignored, because Secure Transport uses -the certificates stored in the Keychain to evaluate whether or not to trust -the server. This, of course, includes the root certificates that ship with the -OS. The `--cert` and `--engine` options, and their libcurl equivalents, are -currently unimplemented in curl with Secure Transport. - -In general, a curl build for an Apple `ARCH/SDK/DEPLOYMENT_TARGET` combination -can be taken by providing appropriate values for `ARCH`, `SDK`, `DEPLOYMENT_TARGET` -below and running the commands: - -```bash -# Set these three according to your needs -export ARCH=x86_64 -export SDK=macosx -export DEPLOYMENT_TARGET=10.8 - -export CFLAGS="-arch $ARCH -isysroot $(xcrun -sdk $SDK --show-sdk-path) -m$SDK-version-min=$DEPLOYMENT_TARGET" -./configure --host=$ARCH-apple-darwin --prefix $(pwd)/artifacts --with-secure-transport -make -j8 -make install -``` +Schannel (from Windows SSPI), is the native SSL library in Windows. Schannel +in Windows <= XP is unable to connect to servers that no longer support the +legacy handshakes and algorithms used by those versions. If you are using curl +in one of those earlier versions of Windows you should choose another SSL +backend such as OpenSSL. -Above will build curl for macOS platform with `x86_64` architecture and `10.8` as deployment target. - -Here is an example for iOS device: +# Android -```bash -export ARCH=arm64 -export SDK=iphoneos -export DEPLOYMENT_TARGET=11.0 +When building curl for Android you can either use CMake or `configure`. -export CFLAGS="-arch $ARCH -isysroot $(xcrun -sdk $SDK --show-sdk-path) -m$SDK-version-min=$DEPLOYMENT_TARGET" -./configure --host=$ARCH-apple-darwin --prefix $(pwd)/artifacts --with-secure-transport -make -j8 -make install -``` +Before you can build curl for Android, you need to install the Android NDK +first. This can be done using the SDK Manager that is part of Android Studio. +Once you have installed the Android NDK, you need to figure out where it has +been installed and then set up some environment variables before launching +the build. -Another example for watchOS simulator for macs with Apple Silicon: +Examples to compile for `aarch64` and API level 29: -```bash -export ARCH=arm64 -export SDK=watchsimulator -export DEPLOYMENT_TARGET=5.0 +with CMake, where `ANDROID_NDK_HOME` points into your NDK: -export CFLAGS="-arch $ARCH -isysroot $(xcrun -sdk $SDK --show-sdk-path) -m$SDK-version-min=$DEPLOYMENT_TARGET" -./configure --host=$ARCH-apple-darwin --prefix $(pwd)/artifacts --with-secure-transport -make -j8 -make install +```sh +cmake . \ + -DANDROID_ABI=arm64-v8a \ + -DANDROID_PLATFORM=android-29 \ + -DCMAKE_TOOLCHAIN_FILE="$ANDROID_NDK_HOME/build/cmake/android.toolchain.cmake" \ + -DCURL_ENABLE_SSL=OFF \ + -DCURL_USE_LIBPSL=OFF ``` -In all above, the built libraries and executables can be found in `artifacts` folder. +with `configure`, on macOS: -# Android - -When building curl for Android it's recommended to use a Linux environment -since using curl's `configure` script is the easiest way to build curl -for Android. Before you can build curl for Android, you need to install the -Android NDK first. This can be done using the SDK Manager that is part of -Android Studio. Once you have installed the Android NDK, you need to figure out -where it has been installed and then set up some environment variables before -launching `configure`. On macOS, those variables could look like this to compile -for `aarch64` and API level 29: - -```bash -export NDK=~/Library/Android/sdk/ndk/20.1.5948944 +```sh +export ANDROID_NDK_HOME=~/Library/Android/sdk/ndk/25.1.8937393 # Point into your NDK. +# Same tag for Apple Silicon. Other OS values here: +# https://developer.android.com/ndk/guides/other_build_systems#overview export HOST_TAG=darwin-x86_64 -export TOOLCHAIN=$NDK/toolchains/llvm/prebuilt/$HOST_TAG -export AR=$TOOLCHAIN/bin/aarch64-linux-android-ar -export AS=$TOOLCHAIN/bin/aarch64-linux-android-as +export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/$HOST_TAG +export AR=$TOOLCHAIN/bin/llvm-ar +export AS=$TOOLCHAIN/bin/llvm-as export CC=$TOOLCHAIN/bin/aarch64-linux-android29-clang export CXX=$TOOLCHAIN/bin/aarch64-linux-android29-clang++ -export LD=$TOOLCHAIN/bin/aarch64-linux-android-ld -export RANLIB=$TOOLCHAIN/bin/aarch64-linux-android-ranlib -export STRIP=$TOOLCHAIN/bin/aarch64-linux-android-strip +export LD=$TOOLCHAIN/bin/ld +export RANLIB=$TOOLCHAIN/bin/llvm-ranlib +export STRIP=$TOOLCHAIN/bin/llvm-strip ``` When building on Linux or targeting other API levels or architectures, you need @@ -355,19 +473,20 @@ to adjust those variables accordingly. After that you can build curl like this: ./configure --host aarch64-linux-android --with-pic --disable-shared -Note that this won't give you SSL/TLS support. If you need SSL/TLS, you have -to build curl against a SSL/TLS layer, e.g. OpenSSL, because it's impossible for -curl to access Android's native SSL/TLS layer. To build curl for Android using -OpenSSL, follow the OpenSSL build instructions and then install `libssl.a` and -`libcrypto.a` to `$TOOLCHAIN/sysroot/usr/lib` and copy `include/openssl` to -`$TOOLCHAIN/sysroot/usr/include`. Now you can build curl for Android using -OpenSSL like this: - - ./configure --host aarch64-linux-android --with-pic --disable-shared --with-openssl="$TOOLCHAIN/sysroot/usr" - -Note, however, that you must target at least Android M (API level 23) or `configure` -won't be able to detect OpenSSL since `stderr` (and the like) weren't defined -before Android M. +Note that this does not give you SSL/TLS support. If you need SSL/TLS, you +have to build curl with an SSL/TLS library, e.g. OpenSSL, because it is +impossible for curl to access Android's native SSL/TLS layer. To build curl +for Android using OpenSSL, follow the OpenSSL build instructions and then +install `libssl.a` and `libcrypto.a` to `$TOOLCHAIN/sysroot/usr/lib` and copy +`include/openssl` to `$TOOLCHAIN/sysroot/usr/include`. Now you can build curl +for Android using OpenSSL like this: + +```sh +# For OpenSSL/BoringSSL. In general, you need to the SSL/TLS layer's transitive +# dependencies if you are linking statically. +LIBS='-lssl -lcrypto -lc++' +./configure --host aarch64-linux-android --with-pic --disable-shared --with-openssl="$TOOLCHAIN/sysroot/usr" +``` # IBM i @@ -375,28 +494,28 @@ For IBM i (formerly OS/400), you can use curl in two different ways: - Natively, running in the **ILE**. The obvious use is being able to call curl from ILE C or RPG applications. - - You will need to build this from source. See `packages/OS400/README` for - the ILE specific build instructions. -- In the **PASE** environment, which runs AIX programs. curl will be built as - it would be on AIX. - - IBM provides builds of curl in their Yum repository for PASE software. - - To build from source, follow the Unix instructions. +- You need to build this from source. See `projects/OS400/README` for the ILE + specific build instructions. +- In the **PASE** environment, which runs AIX programs. curl is built as it + would be on AIX. +- IBM provides builds of curl in their Yum repository for PASE software. +- To build from source, follow the Unix instructions. There are some additional limitations and quirks with curl on this platform; they affect both environments. -## Multithreading notes +## Multi-threading notes -By default, jobs in IBM i won't start with threading enabled. (Exceptions +By default, jobs in IBM i does not start with threading enabled. (Exceptions include interactive PASE sessions started by `QP2TERM` or SSH.) If you use -curl in an environment without threading when options like async DNS were -enabled, you'll messages like: +curl in an environment without threading when options like asynchronous DNS +were enabled, you get messages like: ``` getaddrinfo() thread failed to start ``` -Don't panic! curl and your program aren't broken. You can fix this by: +Do not panic. curl and your program are not broken. You can fix this by: - Set the environment variable `QIBM_MULTI_THREADED` to `Y` before starting your program. This can be done at whatever scope you feel is appropriate. @@ -409,14 +528,12 @@ Download and unpack the curl package. `cd` to the new directory. (e.g. `cd curl-7.12.3`) Set environment variables to point to the cross-compile toolchain and call -configure with any options you need. Be sure and specify the `--host` and -`--build` parameters at configuration time. The following script is an -example of cross-compiling for the IBM 405GP PowerPC processor using the -toolchain from MonteVista for Hardhat Linux. - -```bash -#! /bin/sh +configure with any options you need. Be sure and specify the `--host` and +`--build` parameters at configuration time. The following script is an example +of cross-compiling for the IBM 405GP PowerPC processor using the toolchain on +Linux. +```sh export PATH=$PATH:/opt/hardhat/devkit/ppc/405/bin export CPPFLAGS="-I/opt/hardhat/devkit/ppc/405/target/usr/include" export AR=ppc_405-ar @@ -426,18 +543,16 @@ export RANLIB=ppc_405-ranlib export CC=ppc_405-gcc export NM=ppc_405-nm -./configure --target=powerpc-hardhat-linux - --host=powerpc-hardhat-linux - --build=i586-pc-linux-gnu - --prefix=/opt/hardhat/devkit/ppc/405/target/usr/local - --exec-prefix=/usr/local +./configure \ + --target=powerpc-hardhat-linux + --host=powerpc-hardhat-linux + --build=i586-pc-linux-gnu + --prefix=/opt/hardhat/devkit/ppc/405/target/usr/local + --exec-prefix=/usr/local ``` -You may also need to provide a parameter like `--with-random=/dev/urandom` to -configure as it cannot detect the presence of a random number generating -device for a target system. The `--prefix` parameter specifies where curl -will be installed. If `configure` completes successfully, do `make` and `make -install` as usual. +The `--prefix` parameter specifies where curl gets installed. If `configure` +completes successfully, do `make` and `make install` as usual. In some cases, you may be able to simplify the above commands to as little as: @@ -448,89 +563,118 @@ In some cases, you may be able to simplify the above commands to as little as: There are a number of configure options that can be used to reduce the size of libcurl for embedded applications where binary size is an important factor. First, be sure to set the `CFLAGS` variable when configuring with any relevant -compiler optimization flags to reduce the size of the binary. For gcc, this -would mean at minimum the -Os option, and potentially the `-march=X`, -`-mdynamic-no-pic` and `-flto` options as well, e.g. +compiler optimization flags to reduce the size of the binary. For gcc, this +would mean at minimum the `-Os` option, and others like the following that +may be relevant in some environments: `-march=X`, `-mthumb`, `-m32`, +`-mdynamic-no-pic`, `-flto`, `-fdata-sections`, `-ffunction-sections`, +`-fno-unwind-tables`, `-fno-asynchronous-unwind-tables`, +`-fno-record-gcc-switches`, `-fsection-anchors`, `-fno-plt`, +`-Wl,--gc-sections`, `-Wl,-dead_strip` (Apple), `-Wl,-Bsymbolic`, `-Wl,-s` + +For example, this is how to combine a few of these options: - ./configure CFLAGS='-Os' LDFLAGS='-Wl,-Bsymbolic'... + ./configure CC=gcc CFLAGS='-Os -ffunction-sections' LDFLAGS='-Wl,--gc-sections'... Note that newer compilers often produce smaller code than older versions due to improved optimization. Be sure to specify as many `--disable-` and `--without-` flags on the configure command-line as you can to disable all the libcurl features that you -know your application is not going to need. Besides specifying the -`--disable-PROTOCOL` flags for all the types of URLs your application will not -use, here are some other flags that can reduce the size of the library: - - - `--disable-ares` (disables support for the C-ARES DNS library) - - `--disable-cookies` (disables support for HTTP cookies) - - `--disable-crypto-auth` (disables HTTP cryptographic authentication) - - `--disable-ipv6` (disables support for IPv6) - - `--disable-manual` (disables support for the built-in documentation) - - `--disable-proxy` (disables support for HTTP and SOCKS proxies) - - `--disable-unix-sockets` (disables support for UNIX sockets) - - `--disable-verbose` (eliminates debugging strings and error code strings) - - `--disable-versioned-symbols` (disables support for versioned symbols) - - `--enable-hidden-symbols` (eliminates unneeded symbols in the shared library) - - `--without-libidn` (disables support for the libidn DNS library) - - `--without-librtmp` (disables support for RTMP) - - `--without-openssl` (disables support for SSL/TLS) - - `--without-zlib` (disables support for on-the-fly decompression) - -The GNU compiler and linker have a number of options that can reduce the -size of the libcurl dynamic libraries on some platforms even further. -Specify them by providing appropriate `CFLAGS` and `LDFLAGS` variables on -the configure command-line, e.g. - - CFLAGS="-Os -ffunction-sections -fdata-sections - -fno-unwind-tables -fno-asynchronous-unwind-tables -flto" - LDFLAGS="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections" +know your application is not going to need. Besides specifying the +`--disable-PROTOCOL` flags for all the types of URLs your application do not +use, here are some other flags that can reduce the size of the library by +disabling support for some features (run `./configure --help` to see them all): + +- `--disable-aws` (cryptographic authentication) +- `--disable-basic-auth` (cryptographic authentication) +- `--disable-bearer-auth` (cryptographic authentication) +- `--disable-digest-auth` (cryptographic authentication) +- `--disable-http-auth` (all HTTP authentication) +- `--disable-kerberos-auth` (cryptographic authentication) +- `--disable-negotiate-auth` (cryptographic authentication) +- `--disable-ntlm` (NTLM authentication) +- `--disable-alt-svc` (HTTP Alt-Svc) +- `--disable-ares` (the C-ARES DNS library) +- `--disable-cookies` (HTTP cookies) +- `--disable-dateparse` (date parsing for time conditionals) +- `--disable-dnsshuffle` (internal server load spreading) +- `--disable-doh` (DNS-over-HTTP) +- `--disable-form-api` (POST form API) +- `--disable-get-easy-options` (lookup easy options at runtime) +- `--disable-headers-api` (API to access headers) +- `--disable-hsts` (HTTP Strict Transport Security) +- `--disable-ipv6` (IPv6) +- `--disable-libcurl-option` (--libcurl C code generation support) +- `--disable-manual` (--manual built-in documentation) +- `--disable-mime` (MIME API) +- `--disable-netrc` (.netrc file) +- `--disable-progress-meter` (graphical progress meter in library) +- `--disable-proxy` (HTTP and SOCKS proxies) +- `--disable-socketpair` (socketpair for asynchronous name resolving) +- `--disable-threaded-resolver` (threaded name resolver) +- `--disable-tls-srp` (Secure Remote Password authentication for TLS) +- `--disable-unix-sockets` (Unix sockets) +- `--disable-verbose` (eliminates debugging strings and error code strings) +- `--disable-versioned-symbols` (versioned symbols) +- `--enable-symbol-hiding` (eliminates unneeded symbols in the shared library) +- `--without-brotli` (Brotli on-the-fly decompression) +- `--without-libpsl` (Public Suffix List in cookies) +- `--without-nghttp2` (HTTP/2 using nghttp2) +- `--without-ngtcp2` (HTTP/2 using ngtcp2) +- `--without-zstd` (Zstd on-the-fly decompression) +- `--without-libidn2` (internationalized domain names) +- `--without-ssl` (SSL/TLS) +- `--without-zlib` (gzip/deflate on-the-fly decompression) Be sure also to strip debugging symbols from your binaries after compiling -using 'strip' (or the appropriate variant if cross-compiling). If space is -really tight, you may be able to remove some unneeded sections of the shared -library using the -R option to objcopy (e.g. the .comment section). +using 'strip' or an option like `-s`. If space is really tight, you may be able +to gain a few bytes by removing some unneeded sections of the shared library +using the -R option to objcopy (e.g. the .comment section). -Using these techniques it is possible to create a basic HTTP-only shared -libcurl library for i386 Linux platforms that is only 113 KiB in size, and an -FTP-only library that is 113 KiB in size (as of libcurl version 7.50.3, using -gcc 5.4.0). +Using these techniques it is possible to create a basic HTTP-only libcurl +shared library for i386 Linux platforms that is only 137 KiB in size +(as of libcurl version 8.13.0, using gcc 14.2.0). -You may find that statically linking libcurl to your application will result -in a lower total size than dynamically linking. +You may find that statically linking libcurl to your application results in a +lower total size than dynamically linking. -Note that the curl test harness can detect the use of some, but not all, of -the `--disable` statements suggested above. Use will cause tests relying on -those features to fail. The test harness can be manually forced to skip the +The curl test harness can detect the use of some, but not all, of the +`--disable` statements suggested above. Use of these can cause tests relying +on those features to fail. The test harness can be manually forced to skip the relevant tests by specifying certain key words on the `runtests.pl` command -line. Following is a list of appropriate key words: +line. Following is a list of appropriate key words for those configure options +that are not automatically detected: - - `--disable-cookies` !cookies - - `--disable-manual` !--manual - - `--disable-proxy` !HTTP\ proxy !proxytunnel !SOCKS4 !SOCKS5 +- `--disable-cookies` !cookies +- `--disable-dateparse` !RETRY-AFTER !`CURLOPT_TIMECONDITION` !`CURLINFO_FILETIME` !`If-Modified-Since` !`curl_getdate` !`-z` +- `--disable-libcurl-option` !`--libcurl` +- `--disable-verbose` !verbose\ logs -# PORTS +# Ports This is a probably incomplete list of known CPU architectures and operating systems that curl has been compiled for. If you know a system curl compiles -and runs on, that isn't listed, please let us know! - -## 85 Operating Systems - -AIX, AmigaOS, Android, Aros, BeOS, Blackberry 10, Blackberry Tablet OS, Cell -OS, ChromeOS, Cisco IOS, Cygwin, Dragonfly BSD, eCOS, FreeBSD, FreeDOS, -FreeRTOS, Fuchsia, Garmin OS, Genode, Haiku, HardenedBSD, HP-UX, Hurd, -Illumos, Integrity, iOS, ipadOS, IRIX, LineageOS, Linux, Lua RTOS, Mac OS 9, -macOS, Mbed, Micrium, MINIX, MorphOS, MPE/iX, MS-DOS, NCR MP-RAS, NetBSD, -Netware, Nintendo Switch, NonStop OS, NuttX, OpenBSD, OpenStep, Orbis OS, -OS/2, OS/400, OS21, Plan 9, PlayStation Portable, QNX, Qubes OS, ReactOS, -Redox, RICS OS, Sailfish OS, SCO Unix, Serenity, SINIX-Z, Solaris, SunOS, -Syllable OS, Symbian, Tizen, TPF, Tru64, tvOS, ucLinux, Ultrix, UNICOS, -UnixWare, VMS, vxWorks, WebOS, Wii system software, Windows, Windows CE, Xbox -System, z/OS, z/TPF, z/VM, z/VSE - -## 22 CPU Architectures - -Alpha, ARC, ARM, AVR32, Cell, HP-PA, Itanium, m68k, MicroBlaze, MIPS, Nios, -OpenRISC, POWER, PowerPC, RISC-V, s390, SH4, SPARC, VAX, x86, x86-64, Xtensa +and runs on, that is not listed, please let us know. + +## 108 Operating Systems + + AIX, AmigaOS, Android, ArcaOS, Aros, Atari FreeMiNT, Azure Sphere, BeOS, + Blackberry 10, Blackberry Tablet OS, Cell OS, Cesium, CheriBSD, Chrome OS, + Cisco IOS, DG/UX, DR DOS, Dragonfly BSD, eCOS, FreeBSD, FreeDOS, FreeRTOS, + Fuchsia, Garmin OS, Genode, Haiku, HardenedBSD, HP-UX, Hurd, IBM I, + illumos, Integrity, iOS, ipadOS, IRIX, KasperskyOS, Linux, Lua RTOS, + Mac OS 9, macOS, Maemo, Mbed, Meego, Micrium, MINIX, Minoca, Moblin, + MorphOS, MPE/iX, MS-DOS, NCR MP-RAS, NetBSD, Netware, NextStep, + Nintendo 3DS, Nintendo Switch, NonStop OS, NuttX, OpenBSD, OpenStep, + Orbis OS, OS/2, OS21, PikeOS, Plan 9, PlayStation Portable, QNX, Qubes OS, + ReactOS, Redox, RISC OS, ROS, RTEMS, Sailfish OS, SCO Unix, Serenity, + SINIX-Z, SkyOS, SmartOS, Solaris, Sortix, SunOS, Syllable OS, Symbian, + Tizen, TPF, Tru64, tvOS, ucLinux, Ultrix, UNICOS, UnixWare, visionOS, VMS, + vxWorks, watchOS, Wear OS, WebOS, Wii System Software, Wii U, Windows, + Xbox System, Xenix, z/OS, z/TPF, z/VM, z/VSE, Zephyr + +## 28 CPU Architectures + + Alpha, ARC, ARM, AVR32, C-SKY, CompactRISC, Elbrus, ETRAX, HP-PA, Itanium, + LoongArch, m68k, m88k, MicroBlaze, MIPS, Nios, OpenRISC, POWER, PowerPC, + RISC-V, s390, SH4, SPARC, Tilera, VAX, x86, Xtensa, z/arch diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md index a1a8e11c9317..8c9419f34729 100644 --- a/docs/INTERNALS.md +++ b/docs/INTERNALS.md @@ -1,1107 +1,68 @@ -curl internals -============== - - - [Intro](#intro) - - [git](#git) - - [Portability](#Portability) - - [Windows vs Unix](#winvsunix) - - [Library](#Library) - - [`Curl_connect`](#Curl_connect) - - [`multi_do`](#multi_do) - - [`Curl_readwrite`](#Curl_readwrite) - - [`multi_done`](#multi_done) - - [`Curl_disconnect`](#Curl_disconnect) - - [HTTP(S)](#http) - - [FTP](#ftp) - - [Kerberos](#kerberos) - - [TELNET](#telnet) - - [FILE](#file) - - [SMB](#smb) - - [LDAP](#ldap) - - [E-mail](#email) - - [General](#general) - - [Persistent Connections](#persistent) - - [multi interface/non-blocking](#multi) - - [SSL libraries](#ssl) - - [Library Symbols](#symbols) - - [Return Codes and Informationals](#returncodes) - - [AP/ABI](#abi) - - [Client](#client) - - [Memory Debugging](#memorydebug) - - [Test Suite](#test) - - [Asynchronous name resolves](#asyncdns) - - [c-ares](#cares) - - [`curl_off_t`](#curl_off_t) - - [curlx](#curlx) - - [Content Encoding](#contentencoding) - - [`hostip.c` explained](#hostip) - - [Track Down Memory Leaks](#memoryleak) - - [`multi_socket`](#multi_socket) - - [Structs in libcurl](#structs) - - [Curl_easy](#Curl_easy) - - [connectdata](#connectdata) - - [Curl_multi](#Curl_multi) - - [Curl_handler](#Curl_handler) - - [conncache](#conncache) - - [Curl_share](#Curl_share) - - [CookieInfo](#CookieInfo) - - -Intro -===== - - This project is split in two. The library and the client. The client part - uses the library, but the library is designed to allow other applications to - use it. - - The largest amount of code and complexity is in the library part. - - - -git -=== - - All changes to the sources are committed to the git repository as soon as - they're somewhat verified to work. Changes shall be committed as independently - as possible so that individual changes can be easily spotted and tracked - afterwards. - - Tagging shall be used extensively, and by the time we release new archives we - should tag the sources with a name similar to the released version number. - - -Portability -=========== - - We write curl and libcurl to compile with C89 compilers. On 32-bit and up - machines. Most of libcurl assumes more or less POSIX compliance but that's - not a requirement. - - We write libcurl to build and work with lots of third party tools, and we - want it to remain functional and buildable with these and later versions - (older versions may still work but is not what we work hard to maintain): - -Dependencies ------------- - - - OpenSSL 0.9.7 - - GnuTLS 3.1.10 - - zlib 1.1.4 - - libssh2 1.0 - - c-ares 1.6.0 - - libidn2 2.0.0 - - wolfSSL 2.0.0 - - openldap 2.0 - - MIT Kerberos 1.2.4 - - GSKit V5R3M0 - - NSS 3.14.x - - Heimdal ? - - nghttp2 1.12.0 - - WinSock 2.2 (on Windows 95+ and Windows CE .NET 4.1+) - -Operating Systems ------------------ - - On systems where configure runs, we aim at working on them all - if they have - a suitable C compiler. On systems that don't run configure, we strive to keep - curl running correctly on: - - - Windows 98 - - AS/400 V5R3M0 - - Symbian 9.1 - - Windows CE ? - - TPF ? - -Build tools ------------ - - When writing code (mostly for generating stuff included in release tarballs) - we use a few "build tools" and we make sure that we remain functional with - these versions: - - - GNU Libtool 1.4.2 - - GNU Autoconf 2.57 - - GNU Automake 1.7 - - GNU M4 1.4 - - perl 5.004 - - roffit 0.5 - - groff ? (any version that supports `groff -Tps -man [in] [out]`) - - ps2pdf (gs) ? - - -Windows vs Unix -=============== - - There are a few differences in how to program curl the Unix way compared to - the Windows way. Perhaps the four most notable details are: - - 1. Different function names for socket operations. - - In curl, this is solved with defines and macros, so that the source looks - the same in all places except for the header file that defines them. The - macros in use are `sclose()`, `sread()` and `swrite()`. - - 2. Windows requires a couple of init calls for the socket stuff. - - That's taken care of by the `curl_global_init()` call, but if other libs - also do it etc there might be reasons for applications to alter that - behavior. - - We require WinSock version 2.2 and load this version during global init. - - 3. The file descriptors for network communication and file operations are - not as easily interchangeable as in Unix. - - We avoid this by not trying any funny tricks on file descriptors. - - 4. When writing data to stdout, Windows makes end-of-lines the DOS way, thus - destroying binary data, although you do want that conversion if it is - text coming through... (sigh) - - We set stdout to binary under windows - - Inside the source code, We make an effort to avoid `#ifdef [Your OS]`. All - conditionals that deal with features *should* instead be in the format - `#ifdef HAVE_THAT_WEIRD_FUNCTION`. Since Windows can't run configure scripts, - we maintain a `curl_config-win32.h` file in lib directory that is supposed to - look exactly like a `curl_config.h` file would have looked like on a Windows - machine! - - Generally speaking: always remember that this will be compiled on dozens of - operating systems. Don't walk on the edge! - - -Library -======= - - (See [Structs in libcurl](#structs) for the separate section describing all - major internal structs and their purposes.) - - There are plenty of entry points to the library, namely each publicly defined - function that libcurl offers to applications. All of those functions are - rather small and easy-to-follow. All the ones prefixed with `curl_easy` are - put in the `lib/easy.c` file. - - `curl_global_init()` and `curl_global_cleanup()` should be called by the - application to initialize and clean up global stuff in the library. As of - today, it can handle the global SSL initialization if SSL is enabled and it - can initialize the socket layer on Windows machines. libcurl itself has no - "global" scope. - - All printf()-style functions use the supplied clones in `lib/mprintf.c`. This - makes sure we stay absolutely platform independent. - - [ `curl_easy_init()`][2] allocates an internal struct and makes some - initializations. The returned handle does not reveal internals. This is the - `Curl_easy` struct which works as an "anchor" struct for all `curl_easy` - functions. All connections performed will get connect-specific data allocated - that should be used for things related to particular connections/requests. - - [`curl_easy_setopt()`][1] takes three arguments, where the option stuff must - be passed in pairs: the parameter-ID and the parameter-value. The list of - options is documented in the man page. This function mainly sets things in - the `Curl_easy` struct. - - `curl_easy_perform()` is just a wrapper function that makes use of the multi - API. It basically calls `curl_multi_init()`, `curl_multi_add_handle()`, - `curl_multi_wait()`, and `curl_multi_perform()` until the transfer is done - and then returns. - - Some of the most important key functions in `url.c` are called from - `multi.c` when certain key steps are to be made in the transfer operation. - - -Curl_connect() --------------- - - Analyzes the URL, it separates the different components and connects to the - remote host. This may involve using a proxy and/or using SSL. The - `Curl_resolv()` function in `lib/hostip.c` is used for looking up host - names (it does then use the proper underlying method, which may vary - between platforms and builds). - - When `Curl_connect` is done, we are connected to the remote site. Then it - is time to tell the server to get a document/file. `Curl_do()` arranges - this. - - This function makes sure there's an allocated and initiated `connectdata` - struct that is used for this particular connection only (although there may - be several requests performed on the same connect). A bunch of things are - initialized/inherited from the `Curl_easy` struct. - - -multi_do() ---------- - - `multi_do()` makes sure the proper protocol-specific function is called. - The functions are named after the protocols they handle. - - The protocol-specific functions of course deal with protocol-specific - negotiations and setup. When they're ready to start the actual file - transfer they call the `Curl_setup_transfer()` function (in - `lib/transfer.c`) to setup the transfer and returns. - - If this DO function fails and the connection is being re-used, libcurl will - then close this connection, setup a new connection and re-issue the DO - request on that. This is because there is no way to be perfectly sure that - we have discovered a dead connection before the DO function and thus we - might wrongly be re-using a connection that was closed by the remote peer. - - -Curl_readwrite() ----------------- - - Called during the transfer of the actual protocol payload. - - During transfer, the progress functions in `lib/progress.c` are called at - frequent intervals (or at the user's choice, a specified callback might get - called). The speedcheck functions in `lib/speedcheck.c` are also used to - verify that the transfer is as fast as required. - - -multi_done() ------------ - - Called after a transfer is done. This function takes care of everything - that has to be done after a transfer. This function attempts to leave - matters in a state so that `multi_do()` should be possible to call again on - the same connection (in a persistent connection case). It might also soon - be closed with `Curl_disconnect()`. - - -Curl_disconnect() ------------------ - - When doing normal connections and transfers, no one ever tries to close any - connections so this is not normally called when `curl_easy_perform()` is - used. This function is only used when we are certain that no more transfers - are going to be made on the connection. It can be also closed by force, or - it can be called to make sure that libcurl doesn't keep too many - connections alive at the same time. - - This function cleans up all resources that are associated with a single - connection. - - -HTTP(S) -======= - - HTTP offers a lot and is the protocol in curl that uses the most lines of - code. There is a special file `lib/formdata.c` that offers all the - multipart post functions. - - base64-functions for user+password stuff (and more) is in `lib/base64.c` - and all functions for parsing and sending cookies are found in - `lib/cookie.c`. - - HTTPS uses in almost every case the same procedure as HTTP, with only two - exceptions: the connect procedure is different and the function used to read - or write from the socket is different, although the latter fact is hidden in - the source by the use of `Curl_read()` for reading and `Curl_write()` for - writing data to the remote server. - - `http_chunks.c` contains functions that understands HTTP 1.1 chunked transfer - encoding. - - An interesting detail with the HTTP(S) request, is the `Curl_add_buffer()` - series of functions we use. They append data to one single buffer, and when - the building is finished the entire request is sent off in one single write. - This is done this way to overcome problems with flawed firewalls and lame - servers. - - -FTP -=== - - The `Curl_if2ip()` function can be used for getting the IP number of a - specified network interface, and it resides in `lib/if2ip.c`. - - `Curl_ftpsendf()` is used for sending FTP commands to the remote server. It - was made a separate function to prevent us programmers from forgetting that - they must be CRLF terminated. They must also be sent in one single `write()` - to make firewalls and similar happy. - - -Kerberos -======== - - Kerberos support is mainly in `lib/krb5.c` but also `curl_sasl_sspi.c` and - `curl_sasl_gssapi.c` for the email protocols and `socks_gssapi.c` and - `socks_sspi.c` for SOCKS5 proxy specifics. - - -TELNET -====== - - Telnet is implemented in `lib/telnet.c`. - - -FILE -==== - - The `file://` protocol is dealt with in `lib/file.c`. - - -SMB -=== - - The `smb://` protocol is dealt with in `lib/smb.c`. - - -LDAP -==== - - Everything LDAP is in `lib/ldap.c` and `lib/openldap.c`. - - -E-mail -====== - - The e-mail related source code is in `lib/imap.c`, `lib/pop3.c` and - `lib/smtp.c`. - - -General -======= - - URL encoding and decoding, called escaping and unescaping in the source code, - is found in `lib/escape.c`. - - While transferring data in `Transfer()` a few functions might get used. - `curl_getdate()` in `lib/parsedate.c` is for HTTP date comparisons (and - more). - - `lib/getenv.c` offers `curl_getenv()` which is for reading environment - variables in a neat platform independent way. That's used in the client, but - also in `lib/url.c` when checking the proxy environment variables. Note that - contrary to the normal unix `getenv()`, this returns an allocated buffer that - must be `free()`ed after use. - - `lib/netrc.c` holds the `.netrc` parser. - - `lib/timeval.c` features replacement functions for systems that don't have - `gettimeofday()` and a few support functions for timeval conversions. - - A function named `curl_version()` that returns the full curl version string - is found in `lib/version.c`. - - -Persistent Connections -====================== - - The persistent connection support in libcurl requires some considerations on - how to do things inside of the library. - - - The `Curl_easy` struct returned in the [`curl_easy_init()`][2] call - must never hold connection-oriented data. It is meant to hold the root data - as well as all the options etc that the library-user may choose. - - - The `Curl_easy` struct holds the "connection cache" (an array of - pointers to `connectdata` structs). - - - This enables the 'curl handle' to be reused on subsequent transfers. - - - When libcurl is told to perform a transfer, it first checks for an already - existing connection in the cache that we can use. Otherwise it creates a - new one and adds that to the cache. If the cache is full already when a new - connection is added, it will first close the oldest unused one. - - - When the transfer operation is complete, the connection is left - open. Particular options may tell libcurl not to, and protocols may signal - closure on connections and then they won't be kept open, of course. - - - When `curl_easy_cleanup()` is called, we close all still opened connections, - unless of course the multi interface "owns" the connections. - - The curl handle must be re-used in order for the persistent connections to - work. - - -multi interface/non-blocking -============================ - - The multi interface is a non-blocking interface to the library. To make that - interface work as well as possible, no low-level functions within libcurl - must be written to work in a blocking manner. (There are still a few spots - violating this rule.) - - One of the primary reasons we introduced c-ares support was to allow the name - resolve phase to be perfectly non-blocking as well. - - The FTP and the SFTP/SCP protocols are examples of how we adapt and adjust - the code to allow non-blocking operations even on multi-stage command- - response protocols. They are built around state machines that return when - they would otherwise block waiting for data. The DICT, LDAP and TELNET - protocols are crappy examples and they are subject for rewrite in the future - to better fit the libcurl protocol family. - - -SSL libraries -============= - - Originally libcurl supported SSLeay for SSL/TLS transports, but that was then - extended to its successor OpenSSL but has since also been extended to several - other SSL/TLS libraries and we expect and hope to further extend the support - in future libcurl versions. - - To deal with this internally in the best way possible, we have a generic SSL - function API as provided by the `vtls/vtls.[ch]` system, and they are the only - SSL functions we must use from within libcurl. vtls is then crafted to use - the appropriate lower-level function calls to whatever SSL library that is in - use. For example `vtls/openssl.[ch]` for the OpenSSL library. - - -Library Symbols -=============== - - All symbols used internally in libcurl must use a `Curl_` prefix if they're - used in more than a single file. Single-file symbols must be made static. - Public ("exported") symbols must use a `curl_` prefix. (There are exceptions, - but they are to be changed to follow this pattern in future versions.) Public - API functions are marked with `CURL_EXTERN` in the public header files so - that all others can be hidden on platforms where this is possible. - - -Return Codes and Informationals -=============================== - - I've made things simple. Almost every function in libcurl returns a CURLcode, - that must be `CURLE_OK` if everything is OK or otherwise a suitable error - code as the `curl/curl.h` include file defines. The very spot that detects an - error must use the `Curl_failf()` function to set the human-readable error - description. - - In aiding the user to understand what's happening and to debug curl usage, we - must supply a fair number of informational messages by using the - `Curl_infof()` function. Those messages are only displayed when the user - explicitly asks for them. They are best used when revealing information that - isn't otherwise obvious. - - -API/ABI -======= - - We make an effort to not export or show internals or how internals work, as - that makes it easier to keep a solid API/ABI over time. See docs/libcurl/ABI - for our promise to users. - - -Client -====== - - `main()` resides in `src/tool_main.c`. - - `src/tool_hugehelp.c` is automatically generated by the `mkhelp.pl` perl - script to display the complete "manual" and the `src/tool_urlglob.c` file - holds the functions used for the URL-"globbing" support. Globbing in the - sense that the `{}` and `[]` expansion stuff is there. - - The client mostly sets up its `config` struct properly, then - it calls the `curl_easy_*()` functions of the library and when it gets back - control after the `curl_easy_perform()` it cleans up the library, checks - status and exits. - - When the operation is done, the `ourWriteOut()` function in `src/writeout.c` - may be called to report about the operation. That function is mostly using the - `curl_easy_getinfo()` function to extract useful information from the curl - session. - - It may loop and do all this several times if many URLs were specified on the - command line or config file. - - -Memory Debugging -================ - - The file `lib/memdebug.c` contains debug-versions of a few functions. - Functions such as `malloc()`, `free()`, `fopen()`, `fclose()`, etc that - somehow deal with resources that might give us problems if we "leak" them. - The functions in the memdebug system do nothing fancy, they do their normal - function and then log information about what they just did. The logged data - can then be analyzed after a complete session, - - `memanalyze.pl` is the perl script present in `tests/` that analyzes a log - file generated by the memory tracking system. It detects if resources are - allocated but never freed and other kinds of errors related to resource - management. - - Internally, definition of preprocessor symbol `DEBUGBUILD` restricts code - which is only compiled for debug enabled builds. And symbol `CURLDEBUG` is - used to differentiate code which is _only_ used for memory - tracking/debugging. - - Use `-DCURLDEBUG` when compiling to enable memory debugging, this is also - switched on by running configure with `--enable-curldebug`. Use - `-DDEBUGBUILD` when compiling to enable a debug build or run configure with - `--enable-debug`. - - `curl --version` will list 'Debug' feature for debug enabled builds, and - will list 'TrackMemory' feature for curl debug memory tracking capable - builds. These features are independent and can be controlled when running - the configure script. When `--enable-debug` is given both features will be - enabled, unless some restriction prevents memory tracking from being used. - - -Test Suite -========== - - The test suite is placed in its own subdirectory directly off the root in the - curl archive tree, and it contains a bunch of scripts and a lot of test case - data. - - The main test script is `runtests.pl` that will invoke test servers like - `httpserver.pl` and `ftpserver.pl` before all the test cases are performed. - The test suite currently only runs on Unix-like platforms. - - You'll find a description of the test suite in the `tests/README` file, and - the test case data files in the `tests/FILEFORMAT` file. - - The test suite automatically detects if curl was built with the memory - debugging enabled, and if it was, it will detect memory leaks, too. - - -Asynchronous name resolves -========================== - - libcurl can be built to do name resolves asynchronously, using either the - normal resolver in a threaded manner or by using c-ares. - - -[c-ares][3] ------- - -### Build libcurl to use a c-ares - -1. ./configure --enable-ares=/path/to/ares/install -2. make - -### c-ares on win32 - - First I compiled c-ares. I changed the default C runtime library to be the - single-threaded rather than the multi-threaded (this seems to be required to - prevent linking errors later on). Then I simply build the areslib project - (the other projects adig/ahost seem to fail under MSVC). - - Next was libcurl. I opened `lib/config-win32.h` and I added a: - `#define USE_ARES 1` - - Next thing I did was I added the path for the ares includes to the include - path, and the libares.lib to the libraries. - - Lastly, I also changed libcurl to be single-threaded rather than - multi-threaded, again this was to prevent some duplicate symbol errors. I'm - not sure why I needed to change everything to single-threaded, but when I - didn't I got redefinition errors for several CRT functions (`malloc()`, - `stricmp()`, etc.) - - -`curl_off_t` -========== - - `curl_off_t` is a data type provided by the external libcurl include - headers. It is the type meant to be used for the [`curl_easy_setopt()`][1] - options that end with LARGE. The type is 64-bit large on most modern - platforms. - - -curlx -===== - - The libcurl source code offers a few functions by source only. They are not - part of the official libcurl API, but the source files might be useful for - others so apps can optionally compile/build with these sources to gain - additional functions. - - We provide them through a single header file for easy access for apps: - `curlx.h` - -`curlx_strtoofft()` -------------------- - A macro that converts a string containing a number to a `curl_off_t` number. - This might use the `curlx_strtoll()` function which is provided as source - code in strtoofft.c. Note that the function is only provided if no - `strtoll()` (or equivalent) function exist on your platform. If `curl_off_t` - is only a 32-bit number on your platform, this macro uses `strtol()`. - -Future ------- - - Several functions will be removed from the public `curl_` name space in a - future libcurl release. They will then only become available as `curlx_` - functions instead. To make the transition easier, we already today provide - these functions with the `curlx_` prefix to allow sources to be built - properly with the new function names. The concerned functions are: - - - `curlx_getenv` - - `curlx_strequal` - - `curlx_strnequal` - - `curlx_mvsnprintf` - - `curlx_msnprintf` - - `curlx_maprintf` - - `curlx_mvaprintf` - - `curlx_msprintf` - - `curlx_mprintf` - - `curlx_mfprintf` - - `curlx_mvsprintf` - - `curlx_mvprintf` - - `curlx_mvfprintf` - - -Content Encoding -================ - -## About content encodings - - [HTTP/1.1][4] specifies that a client may request that a server encode its - response. This is usually used to compress a response using one (or more) - encodings from a set of commonly available compression techniques. These - schemes include `deflate` (the zlib algorithm), `gzip`, `br` (brotli) and - `compress`. A client requests that the server perform an encoding by including - an `Accept-Encoding` header in the request document. The value of the header - should be one of the recognized tokens `deflate`, ... (there's a way to - register new schemes/tokens, see sec 3.5 of the spec). A server MAY honor - the client's encoding request. When a response is encoded, the server - includes a `Content-Encoding` header in the response. The value of the - `Content-Encoding` header indicates which encodings were used to encode the - data, in the order in which they were applied. - - It's also possible for a client to attach priorities to different schemes so - that the server knows which it prefers. See sec 14.3 of RFC 2616 for more - information on the `Accept-Encoding` header. See sec - [3.1.2.2 of RFC 7231][15] for more information on the `Content-Encoding` - header. - -## Supported content encodings - - The `deflate`, `gzip` and `br` content encodings are supported by libcurl. - Both regular and chunked transfers work fine. The zlib library is required - for the `deflate` and `gzip` encodings, while the brotli decoding library is - for the `br` encoding. - -## The libcurl interface - - To cause libcurl to request a content encoding use: - - [`curl_easy_setopt`][1](curl, [`CURLOPT_ACCEPT_ENCODING`][5], string) - - where string is the intended value of the `Accept-Encoding` header. - - Currently, libcurl does support multiple encodings but only - understands how to process responses that use the `deflate`, `gzip` and/or - `br` content encodings, so the only values for [`CURLOPT_ACCEPT_ENCODING`][5] - that will work (besides `identity`, which does nothing) are `deflate`, - `gzip` and `br`. If a response is encoded using the `compress` or methods, - libcurl will return an error indicating that the response could - not be decoded. If `` is NULL no `Accept-Encoding` header is - generated. If `` is a zero-length string, then an `Accept-Encoding` - header containing all supported encodings will be generated. - - The [`CURLOPT_ACCEPT_ENCODING`][5] must be set to any non-NULL value for - content to be automatically decoded. If it is not set and the server still - sends encoded content (despite not having been asked), the data is returned - in its raw form and the `Content-Encoding` type is not checked. - -## The curl interface - - Use the [`--compressed`][6] option with curl to cause it to ask servers to - compress responses using any format supported by curl. - - -`hostip.c` explained -==================== - - The main compile-time defines to keep in mind when reading the `host*.c` - source file are these: - -## `CURLRES_IPV6` - - this host has `getaddrinfo()` and family, and thus we use that. The host may - not be able to resolve IPv6, but we don't really have to take that into - account. Hosts that aren't IPv6-enabled have `CURLRES_IPV4` defined. - -## `CURLRES_ARES` - - is defined if libcurl is built to use c-ares for asynchronous name - resolves. This can be Windows or \*nix. - -## `CURLRES_THREADED` - - is defined if libcurl is built to use threading for asynchronous name - resolves. The name resolve will be done in a new thread, and the supported - asynch API will be the same as for ares-builds. This is the default under - (native) Windows. - - If any of the two previous are defined, `CURLRES_ASYNCH` is defined too. If - libcurl is not built to use an asynchronous resolver, `CURLRES_SYNCH` is - defined. - -## `host*.c` sources - - The `host*.c` sources files are split up like this: - - - `hostip.c` - method-independent resolver functions and utility functions - - `hostasyn.c` - functions for asynchronous name resolves - - `hostsyn.c` - functions for synchronous name resolves - - `asyn-ares.c` - functions for asynchronous name resolves using c-ares - - `asyn-thread.c` - functions for asynchronous name resolves using threads - - `hostip4.c` - IPv4 specific functions - - `hostip6.c` - IPv6 specific functions - - The `hostip.h` is the single united header file for all this. It defines the - `CURLRES_*` defines based on the `config*.h` and `curl_setup.h` defines. - - -Track Down Memory Leaks -======================= - -## Single-threaded - - Please note that this memory leak system is not adjusted to work in more - than one thread. If you want/need to use it in a multi-threaded app. Please - adjust accordingly. - -## Build - - Rebuild libcurl with `-DCURLDEBUG` (usually, rerunning configure with - `--enable-debug` fixes this). `make clean` first, then `make` so that all - files are actually rebuilt properly. It will also make sense to build - libcurl with the debug option (usually `-g` to the compiler) so that - debugging it will be easier if you actually do find a leak in the library. - - This will create a library that has memory debugging enabled. - -## Modify Your Application - - Add a line in your application code: - -```c - curl_dbg_memdebug("dump"); -``` - - This will make the malloc debug system output a full trace of all resource - using functions to the given file name. Make sure you rebuild your program - and that you link with the same libcurl you built for this purpose as - described above. - -## Run Your Application - - Run your program as usual. Watch the specified memory trace file grow. - - Make your program exit and use the proper libcurl cleanup functions etc. So - that all non-leaks are returned/freed properly. - -## Analyze the Flow - - Use the `tests/memanalyze.pl` perl script to analyze the dump file: - - tests/memanalyze.pl dump - - This now outputs a report on what resources that were allocated but never - freed etc. This report is very fine for posting to the list! - - If this doesn't produce any output, no leak was detected in libcurl. Then - the leak is mostly likely to be in your code. - - -`multi_socket` -============== - - Implementation of the `curl_multi_socket` API - - The main ideas of this API are simply: - - 1. The application can use whatever event system it likes as it gets info - from libcurl about what file descriptors libcurl waits for what action - on. (The previous API returns `fd_sets` which is very - `select()`-centric). - - 2. When the application discovers action on a single socket, it calls - libcurl and informs that there was action on this particular socket and - libcurl can then act on that socket/transfer only and not care about - any other transfers. (The previous API always had to scan through all - the existing transfers.) - - The idea is that [`curl_multi_socket_action()`][7] calls a given callback - with information about what socket to wait for what action on, and the - callback only gets called if the status of that socket has changed. - - We also added a timer callback that makes libcurl call the application when - the timeout value changes, and you set that with [`curl_multi_setopt()`][9] - and the [`CURLMOPT_TIMERFUNCTION`][10] option. To get this to work, - Internally, there's an added struct to each easy handle in which we store - an "expire time" (if any). The structs are then "splay sorted" so that we - can add and remove times from the linked list and yet somewhat swiftly - figure out both how long there is until the next nearest timer expires - and which timer (handle) we should take care of now. Of course, the upside - of all this is that we get a [`curl_multi_timeout()`][8] that should also - work with old-style applications that use [`curl_multi_perform()`][11]. - - We created an internal "socket to easy handles" hash table that given - a socket (file descriptor) returns the easy handle that waits for action on - that socket. This hash is made using the already existing hash code - (previously only used for the DNS cache). - - To make libcurl able to report plain sockets in the socket callback, we had - to re-organize the internals of the [`curl_multi_fdset()`][12] etc so that - the conversion from sockets to `fd_sets` for that function is only done in - the last step before the data is returned. I also had to extend c-ares to - get a function that can return plain sockets, as that library too returned - only `fd_sets` and that is no longer good enough. The changes done to c-ares - are available in c-ares 1.3.1 and later. - - -Structs in libcurl -================== - -This section should cover 7.32.0 pretty accurately, but will make sense even -for older and later versions as things don't change drastically that often. - - -## Curl_easy - - The `Curl_easy` struct is the one returned to the outside in the external API - as a `CURL *`. This is usually known as an easy handle in API documentations - and examples. - - Information and state that is related to the actual connection is in the - `connectdata` struct. When a transfer is about to be made, libcurl will - either create a new connection or re-use an existing one. The particular - connectdata that is used by this handle is pointed out by - `Curl_easy->easy_conn`. - - Data and information that regard this particular single transfer is put in - the `SingleRequest` sub-struct. - - When the `Curl_easy` struct is added to a multi handle, as it must be in - order to do any transfer, the `->multi` member will point to the `Curl_multi` - struct it belongs to. The `->prev` and `->next` members will then be used by - the multi code to keep a linked list of `Curl_easy` structs that are added to - that same multi handle. libcurl always uses multi so `->multi` *will* point - to a `Curl_multi` when a transfer is in progress. - - `->mstate` is the multi state of this particular `Curl_easy`. When - `multi_runsingle()` is called, it will act on this handle according to which - state it is in. The mstate is also what tells which sockets to return for a - specific `Curl_easy` when [`curl_multi_fdset()`][12] is called etc. - - The libcurl source code generally use the name `data` for the variable that - points to the `Curl_easy`. - - When doing multiplexed HTTP/2 transfers, each `Curl_easy` is associated with - an individual stream, sharing the same connectdata struct. Multiplexing - makes it even more important to keep things associated with the right thing! - - -## connectdata - - A general idea in libcurl is to keep connections around in a connection - "cache" after they have been used in case they will be used again and then - re-use an existing one instead of creating a new as it creates a significant - performance boost. - - Each `connectdata` identifies a single physical connection to a server. If - the connection can't be kept alive, the connection will be closed after use - and then this struct can be removed from the cache and freed. - - Thus, the same `Curl_easy` can be used multiple times and each time select - another `connectdata` struct to use for the connection. Keep this in mind, - as it is then important to consider if options or choices are based on the - connection or the `Curl_easy`. - - Functions in libcurl will assume that `connectdata->data` points to the - `Curl_easy` that uses this connection (for the moment). - - As a special complexity, some protocols supported by libcurl require a - special disconnect procedure that is more than just shutting down the - socket. It can involve sending one or more commands to the server before - doing so. Since connections are kept in the connection cache after use, the - original `Curl_easy` may no longer be around when the time comes to shut down - a particular connection. For this purpose, libcurl holds a special dummy - `closure_handle` `Curl_easy` in the `Curl_multi` struct to use when needed. - - FTP uses two TCP connections for a typical transfer but it keeps both in - this single struct and thus can be considered a single connection for most - internal concerns. - - The libcurl source code generally use the name `conn` for the variable that - points to the connectdata. - - -## Curl_multi - - Internally, the easy interface is implemented as a wrapper around multi - interface functions. This makes everything multi interface. - - `Curl_multi` is the multi handle struct exposed as `CURLM *` in external - APIs. - - This struct holds a list of `Curl_easy` structs that have been added to this - handle with [`curl_multi_add_handle()`][13]. The start of the list is - `->easyp` and `->num_easy` is a counter of added `Curl_easy`s. - - `->msglist` is a linked list of messages to send back when - [`curl_multi_info_read()`][14] is called. Basically a node is added to that - list when an individual `Curl_easy`'s transfer has completed. - - `->hostcache` points to the name cache. It is a hash table for looking up - name to IP. The nodes have a limited life time in there and this cache is - meant to reduce the time for when the same name is wanted within a short - period of time. - - `->timetree` points to a tree of `Curl_easy`s, sorted by the remaining time - until it should be checked - normally some sort of timeout. Each `Curl_easy` - has one node in the tree. - - `->sockhash` is a hash table to allow fast lookups of socket descriptor for - which `Curl_easy` uses that descriptor. This is necessary for the - `multi_socket` API. - - `->conn_cache` points to the connection cache. It keeps track of all - connections that are kept after use. The cache has a maximum size. - - `->closure_handle` is described in the `connectdata` section. - - The libcurl source code generally use the name `multi` for the variable that - points to the `Curl_multi` struct. - - -## Curl_handler - - Each unique protocol that is supported by libcurl needs to provide at least - one `Curl_handler` struct. It defines what the protocol is called and what - functions the main code should call to deal with protocol specific issues. - In general, there's a source file named `[protocol].c` in which there's a - `struct Curl_handler Curl_handler_[protocol]` declared. In `url.c` there's - then the main array with all individual `Curl_handler` structs pointed to - from a single array which is scanned through when a URL is given to libcurl - to work with. - - The concrete function pointer prototypes can be found in `lib/urldata.h`. - - `->scheme` is the URL scheme name, usually spelled out in uppercase. That's - "HTTP" or "FTP" etc. SSL versions of the protocol need their own - `Curl_handler` setup so HTTPS separate from HTTP. - - `->setup_connection` is called to allow the protocol code to allocate - protocol specific data that then gets associated with that `Curl_easy` for - the rest of this transfer. It gets freed again at the end of the transfer. - It will be called before the `connectdata` for the transfer has been - selected/created. Most protocols will allocate its private `struct - [PROTOCOL]` here and assign `Curl_easy->req.p.[protocol]` to it. - - `->connect_it` allows a protocol to do some specific actions after the TCP - connect is done, that can still be considered part of the connection phase. - - Some protocols will alter the `connectdata->recv[]` and - `connectdata->send[]` function pointers in this function. - - `->connecting` is similarly a function that keeps getting called as long as - the protocol considers itself still in the connecting phase. - - `->do_it` is the function called to issue the transfer request. What we call - the DO action internally. If the DO is not enough and things need to be kept - getting done for the entire DO sequence to complete, `->doing` is then - usually also provided. Each protocol that needs to do multiple commands or - similar for do/doing need to implement their own state machines (see SCP, - SFTP, FTP). Some protocols (only FTP and only due to historical reasons) has - a separate piece of the DO state called `DO_MORE`. - - `->doing` keeps getting called while issuing the transfer request command(s) - - `->done` gets called when the transfer is complete and DONE. That's after the - main data has been transferred. - - `->do_more` gets called during the `DO_MORE` state. The FTP protocol uses - this state when setting up the second connection. - - `->proto_getsock` - `->doing_getsock` - `->domore_getsock` - `->perform_getsock` - Functions that return socket information. Which socket(s) to wait for which - I/O action(s) during the particular multi state. - - `->disconnect` is called immediately before the TCP connection is shutdown. - - `->readwrite` gets called during transfer to allow the protocol to do extra - reads/writes - - `->attach` attaches a transfer to the connection. - - `->defport` is the default report TCP or UDP port this protocol uses - - `->protocol` is one or more bits in the `CURLPROTO_*` set. The SSL versions - have their "base" protocol set and then the SSL variation. Like - "HTTP|HTTPS". - - `->flags` is a bitmask with additional information about the protocol that will - make it get treated differently by the generic engine: - - - `PROTOPT_SSL` - will make it connect and negotiate SSL - - - `PROTOPT_DUAL` - this protocol uses two connections - - - `PROTOPT_CLOSEACTION` - this protocol has actions to do before closing the - connection. This flag is no longer used by code, yet still set for a bunch - of protocol handlers. - - - `PROTOPT_DIRLOCK` - "direction lock". The SSH protocols set this bit to - limit which "direction" of socket actions that the main engine will - concern itself with. - - - `PROTOPT_NONETWORK` - a protocol that doesn't use network (read `file:`) - - - `PROTOPT_NEEDSPWD` - this protocol needs a password and will use a default - one unless one is provided - - - `PROTOPT_NOURLQUERY` - this protocol can't handle a query part on the URL - (?foo=bar) - - -## conncache - - Is a hash table with connections for later re-use. Each `Curl_easy` has a - pointer to its connection cache. Each multi handle sets up a connection - cache that all added `Curl_easy`s share by default. - - -## Curl_share - - The libcurl share API allocates a `Curl_share` struct, exposed to the - external API as `CURLSH *`. - - The idea is that the struct can have a set of its own versions of caches and - pools and then by providing this struct in the `CURLOPT_SHARE` option, those - specific `Curl_easy`s will use the caches/pools that this share handle - holds. - - Then individual `Curl_easy` structs can be made to share specific things - that they otherwise wouldn't, such as cookies. - - The `Curl_share` struct can currently hold cookies, DNS cache and the SSL - session cache. - - -## CookieInfo - - This is the main cookie struct. It holds all known cookies and related - information. Each `Curl_easy` has its own private `CookieInfo` even when - they are added to a multi handle. They can be made to share cookies by using - the share API. - - -[1]: https://curl.se/libcurl/c/curl_easy_setopt.html -[2]: https://curl.se/libcurl/c/curl_easy_init.html -[3]: https://c-ares.haxx.se/ -[4]: https://tools.ietf.org/html/rfc7230 "RFC 7230" -[5]: https://curl.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html -[6]: https://curl.se/docs/manpage.html#--compressed -[7]: https://curl.se/libcurl/c/curl_multi_socket_action.html -[8]: https://curl.se/libcurl/c/curl_multi_timeout.html -[9]: https://curl.se/libcurl/c/curl_multi_setopt.html -[10]: https://curl.se/libcurl/c/CURLMOPT_TIMERFUNCTION.html -[11]: https://curl.se/libcurl/c/curl_multi_perform.html -[12]: https://curl.se/libcurl/c/curl_multi_fdset.html -[13]: https://curl.se/libcurl/c/curl_multi_add_handle.html -[14]: https://curl.se/libcurl/c/curl_multi_info_read.html -[15]: https://tools.ietf.org/html/rfc7231#section-3.1.2.2 + + +# curl internals + +The canonical libcurl internals documentation is now in the [everything +curl](https://everything.curl.dev/internals) book. This file lists supported +versions of libs and build tools. + +## Portability + +We write curl and libcurl to compile with C89 compilers on 32-bit and up +machines. Most of libcurl assumes more or less POSIX compliance but that is +not a requirement. The compiler must support a 64-bit integer type as well as +supply a stdint.h header file that defines C99-style fixed-width integer types +like uint32_t. + +We write libcurl to build and work with lots of third party tools, and we +want it to remain functional and buildable with these and later versions +(older versions may still work but is not what we work hard to maintain): + +## Dependencies + +We aim to support these or later versions. + +- brotli 1.0.0 (2017-09-21) +- c-ares 1.6.0 (2008-12-09) +- GnuTLS 3.6.5 (2018-12-01) +- libidn2 2.0.0 (2017-03-29) +- LibreSSL 2.9.1 (2019-04-22) +- libssh 0.9.0 (2019-06-28) +- libssh2 1.9.0 (2019-06-20) +- mbedTLS 3.2.0 (2022-07-11) +- MIT Kerberos 1.3 (2003-07-31) +- nghttp2 1.15.0 (2016-09-25) +- OpenLDAP 2.0 (2000-08-01) +- OpenSSL 3.0.0 (2021-09-07) +- Windows Vista 6.0 (2006-11-08 - 2012-04-10) +- wolfSSL 3.4.6 (2017-09-22) +- zlib 1.2.5.2 (2011-12-11) +- zstd 1.0 (2016-08-31) + +## Build tools + +When writing code (mostly for generating stuff included in release tarballs) +we use a few "build tools" and we make sure that we remain functional with +these versions: + +- clang-tidy 17.0.0 (2023-09-19), recommended: 19.1.0 or later (2024-09-17) +- cmake 3.18 (2020-07-15) +- GNU autoconf 2.59 (2003-11-06) +- GNU automake 1.7 (2002-09-25) +- GNU libtool 1.4.2 (2001-09-11) +- GNU m4 1.4 (2007-09-21) +- mingw-w64 3.0 (2013-09-20) +- perl 5.8 (2002-07-19), on Windows: 5.22 (2015-06-01) +- Visual Studio 2010 10.0 (2010-04-12 - 2020-07-14) + +## Library Symbols + +All symbols used internally in libcurl must use a `Curl_` prefix if they are +used in more than a single file. Single-file symbols must be made static. +Public ("exported") symbols must use a `curl_` prefix. Public API functions +are marked with `CURL_EXTERN` in the public header files so that all others +can be hidden on platforms where this is possible. diff --git a/docs/IPFS.md b/docs/IPFS.md new file mode 100644 index 000000000000..2cf64543b93f --- /dev/null +++ b/docs/IPFS.md @@ -0,0 +1,150 @@ + + +# IPFS + +For an overview about IPFS, visit the [IPFS project site](https://ipfs.tech/). + +In IPFS there are two protocols. IPFS and IPNS (their workings are explained +in detail [here](https://docs.ipfs.tech/concepts/)). The ideal way to access +data on the IPFS network is through those protocols. For example to access +the Big Buck Bunny video the ideal way to access it is like: +`ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi` + +## IPFS Gateways + +IPFS Gateway acts as a bridge between traditional HTTP clients and IPFS. +IPFS Gateway specifications of HTTP semantics can be found +[here](https://specs.ipfs.tech/http-gateways/). + +### Deserialized responses + +By default, a gateway acts as a bridge between traditional HTTP clients and +IPFS and performs necessary hash verification and deserialization. Through such +gateway, users can download files, directories, and other content-addressed +data stored with IPFS or IPNS as if they were stored in a traditional web +server. + +### Verifiable responses + +By explicitly requesting +[application/vnd.ipld.raw](https://www.iana.org/assignments/media-types/application/vnd.ipld.raw) or +[application/vnd.ipld.car](https://www.iana.org/assignments/media-types/application/vnd.ipld.car) +responses, by means defined in +[Trustless Gateway Specification](https://specs.ipfs.tech/http-gateways/trustless-gateway/), +the user is able to fetch raw content-addressed data and +[perform hash verification themselves](https://docs.ipfs.tech/reference/http/gateway/#trustless-verifiable-retrieval). + +This enables users to use untrusted, public gateways without worrying they +might return invalid/malicious bytes. + +## IPFS and IPNS protocol handling + +There are various ways to access data from the IPFS network. One such way is +through the concept of public +"[gateways](https://docs.ipfs.tech/concepts/ipfs-gateway/#overview)". The +short version is that entities can offer gateway services. An example here +that is hosted by Protocol Labs (who also makes IPFS) is `dweb.link` and +`ipfs.io`. Both sites expose gateway functionality. Getting a file through +`ipfs.io` looks like this: +`https://ipfs.io/ipfs/bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi` + +If you were to be [running your own IPFS +node](https://docs.ipfs.tech/how-to/command-line-quick-start/) then you, by +default, also have a [local gateway](https://specs.ipfs.tech/http-gateways/) +running. In its default configuration the earlier example would then also work +in this link: + +`http://127.0.0.1:8080/ipfs/bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi` + +## curl handling of the IPFS protocols + +The IPFS integration in curl hides this gateway logic for you. Instead of +providing a full URL to a file on IPFS like this: + +```sh +curl http://127.0.0.1:8080/ipfs/bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi +``` + +You can provide it with the IPFS protocol instead: +```sh +curl ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi +``` + +With the IPFS protocol way of asking a file, curl still needs to know the +gateway. curl essentially rewrites the IPFS based URL to a gateway URL. + +### IPFS_GATEWAY environment variable + +If the `IPFS_GATEWAY` environment variable is found, its value is used as +gateway. + +### Automatic gateway detection + +When you provide no additional details to curl then it: + +1. First looks for the `IPFS_GATEWAY` environment variable and use that if it + is set. +2. Looks for the file: `~/.ipfs/gateway`. If it can find that file then it + means that you have a local gateway running and that file contains the URL + to your local gateway. + +If curl fails, you are presented with an error message and a link to this page +to the option most applicable to solving the issue. + +### `--ipfs-gateway` argument + +You can also provide a `--ipfs-gateway` argument to curl. This overrules any +other gateway setting. curl does not fallback to the other options if the +provided gateway did not work. + +## Gateway redirects + +A gateway could redirect to another place. For example, `dweb.link` redirects +[path based](https://docs.ipfs.tech/how-to/address-ipfs-on-web/#path-gateway) +requests to [subdomain +based](https://docs.ipfs.tech/how-to/address-ipfs-on-web/#subdomain-gateway) +ones. A request using: + + curl ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi --ipfs-gateway https://dweb.link + +Which would be translated to: + + https://dweb.link/ipfs/bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi + +redirects to: + + https://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi.ipfs.dweb.link + +If you trust this behavior from your gateway of choice then passing the `-L` +option follows the redirect. + +## Error messages and hints + +Depending on the arguments, curl could present the user with an error. + +### Gateway file and environment variable + +curl tried to look for the file: `~/.ipfs/gateway` but could not find it. It +also tried to look for the `IPFS_GATEWAY` environment variable but could not +find that either. This happens when no extra arguments are passed to curl and +letting it try to figure it out [automatically](#automatic-gateway-detection). + +Any IPFS implementation that has gateway support should expose its URL in +`~/.ipfs/gateway`. If you are already running a gateway, make sure it exposes +the file where curl expects to find it. + +Alternatively you could set the `IPFS_GATEWAY` environment variable or pass +the `--ipfs-gateway` flag to the curl command. + +### Malformed gateway URL + +The command executed evaluates in an invalid URL. This could be anywhere in +the URL, but a likely point is a wrong gateway URL. + +Inspect the URL set via the `IPFS_GATEWAY` environment variable or passed with +the `--ipfs-gateway` flag. Alternatively opt to go for the +[automatic](#automatic-gateway-detection) gateway detection. diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS deleted file mode 100644 index eb31f70a4599..000000000000 --- a/docs/KNOWN_BUGS +++ /dev/null @@ -1,1086 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - Known Bugs - -These are problems and bugs known to exist at the time of this release. Feel -free to join in and help us correct one or more of these! Also be sure to -check the changelog of the current development status, as one or more of these -problems may have been fixed or changed somewhat since this was written! - - 1. HTTP - 1.2 Multiple methods in a single WWW-Authenticate: header - 1.3 STARTTRANSFER time is wrong for HTTP POSTs - 1.4 multipart formposts file name encoding - 1.5 Expect-100 meets 417 - 1.6 Unnecessary close when 401 received waiting for 100 - 1.7 Deflate error after all content was received - 1.8 DoH isn't used for all name resolves when enabled - 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM - - 2. TLS - 2.1 CURLINFO_SSL_VERIFYRESULT has limited support - 2.2 DER in keychain - 2.3 Unable to use PKCS12 certificate with Secure Transport - 2.4 Secure Transport won't import PKCS#12 client certificates without a password - 2.5 Client cert handling with Issuer DN differs between backends - 2.6 CURL_GLOBAL_SSL - 2.7 Client cert (MTLS) issues with Schannel - 2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname - 2.9 TLS session cache doesn't work with TFO - 2.10 Store TLS context per transfer instead of per connection - 2.11 Schannel TLS 1.2 handshake bug in old Windows versions - 2.12 FTPS with Schannel times out file list operation - 2.14 Secure Transport disabling hostname validation also disables SNI - - 3. Email protocols - 3.1 IMAP SEARCH ALL truncated response - 3.2 No disconnect command - 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses - 3.4 AUTH PLAIN for SMTP is not working on all servers - - 4. Command line - 4.1 -J and -O with %-encoded file names - 4.2 -J with -C - fails - 4.3 --retry and transfer timeouts - - 5. Build and portability issues - 5.1 OS400 port requires deprecated IBM library - 5.2 curl-config --libs contains private details - 5.3 curl compiled on OSX 10.13 failed to run on OSX 10.10 - 5.4 Build with statically built dependency - 5.5 can't handle Unicode arguments in non-Unicode builds on Windows - 5.7 Visual Studio project gaps - 5.8 configure finding libs in wrong directory - 5.9 Utilize Requires.private directives in libcurl.pc - 5.10 SMB tests fail with Python 2 - 5.11 configure --with-gssapi with Heimdal is ignored on macOS - 5.12 flaky Windows CI builds - - 6. Authentication - 6.1 NTLM authentication and unicode - 6.2 MIT Kerberos for Windows build - 6.3 NTLM in system context uses wrong name - 6.4 Negotiate and Kerberos V5 need a fake user name - 6.5 NTLM doesn't support password with § character - 6.6 libcurl can fail to try alternatives with --proxy-any - 6.7 Don't clear digest for single realm - 6.8 RTSP authentication breaks without redirect support - 6.9 SHA-256 digest not supported in Windows SSPI builds - 6.10 curl never completes Negotiate over HTTP - 6.11 Negotiate on Windows fails - - 7. FTP - 7.1 FTP without or slow 220 response - 7.2 FTP with CONNECT and slow server - 7.3 FTP with NOBODY and FAILONERROR - 7.4 FTP with ACCT - 7.5 ASCII FTP - 7.6 FTP with NULs in URL parts - 7.7 FTP and empty path parts in the URL - 7.8 Premature transfer end but healthy control channel - 7.9 Passive transfer tries only one IP address - 7.10 FTPS needs session reuse - - 8. TELNET - 8.1 TELNET and time limitations don't work - 8.2 Microsoft telnet server - - 9. SFTP and SCP - 9.1 SFTP doesn't do CURLOPT_POSTQUOTE correct - 9.2 wolfssh: publickey auth doesn't work - 9.3 Remote recursive folder creation with SFTP - - 10. SOCKS - 10.3 FTPS over SOCKS - 10.4 active FTP over a SOCKS - - 11. Internals - 11.1 Curl leaks .onion hostnames in DNS - 11.2 error buffer not set if connection to multiple addresses fails - 11.3 c-ares deviates from stock resolver on http://1346569778 - 11.4 HTTP test server 'connection-monitor' problems - 11.5 Connection information when using TCP Fast Open - 11.6 slow connect to localhost on Windows - 11.7 signal-based resolver timeouts - 11.8 DoH leaks memory after followlocation - 11.9 DoH doesn't inherit all transfer options - 11.10 Blocking socket operations in non-blocking API - 11.11 A shared connection cache is not thread-safe - 11.12 'no_proxy' string-matches IPv6 numerical addresses - 11.13 wakeup socket disconnect causes havoc - 11.14 Multi perform hangs waiting for threaded resolver - 11.15 CURLOPT_OPENSOCKETPAIRFUNCTION is missing - 11.16 libcurl uses renames instead of locking for atomic operations - - 12. LDAP - 12.1 OpenLDAP hangs after returning results - 12.2 LDAP on Windows does authentication wrong? - 12.3 LDAP on Windows doesn't work - 12.4 LDAPS with NSS is slow - - 13. TCP/IP - 13.1 --interface for ipv6 binds to unusable IP address - - 14. DICT - 14.1 DICT responses show the underlying protocol - - 15. CMake - 15.1 use correct SONAME - 15.2 support build with GnuTLS - 15.3 unusable tool_hugehelp.c with MinGW - 15.4 build docs/curl.1 - 15.5 build on Linux links libcurl to libdl - 15.6 uses -lpthread instead of Threads::Threads - 15.7 generated .pc file contains strange entries - 15.8 libcurl.pc uses absolute library paths - 15.9 cert paths autodetected when cross-compiling - 15.10 libspsl is not supported - 15.11 ExternalProject_Add does not set CURL_CA_PATH - 15.12 cannot enable LDAPS on Windows - - 16. Applications - 16.1 pulseUI VPN client - - 17. HTTP/2 - 17.1 Excessive HTTP/2 packets with TCP_NODELAY - 17.2 HTTP/2 frames while in the connection pool kill reuse - 17.3 ENHANCE_YOUR_CALM causes infinite retries - 17.4 Connection failures with parallel HTTP/2 - - 18. HTTP/3 - 18.1 If the HTTP/3 server closes connection during upload curl hangs - 18.2 Uploading HTTP/3 files gets interrupted at certain file sizes - 18.3 HTTP/3 download is 5x times slower than HTTP/2 - -============================================================================== - -1. HTTP - -1.2 Multiple methods in a single WWW-Authenticate: header - - The HTTP responses headers WWW-Authenticate: can provide information about - multiple authentication methods as multiple headers or as several methods - within a single header. The latter way, several methods in the same physical - line, is not supported by libcurl's parser. (For no good reason.) - -1.3 STARTTRANSFER time is wrong for HTTP POSTs - - Wrong STARTTRANSFER timer accounting for POST requests Timer works fine with - GET requests, but while using POST the time for CURLINFO_STARTTRANSFER_TIME - is wrong. While using POST CURLINFO_STARTTRANSFER_TIME minus - CURLINFO_PRETRANSFER_TIME is near to zero every time. - - https://github.com/curl/curl/issues/218 - https://curl.se/bug/view.cgi?id=1213 - -1.4 multipart formposts file name encoding - - When creating multipart formposts. The file name part can be encoded with - something beyond ascii but currently libcurl will only pass in the verbatim - string the app provides. There are several browsers that already do this - encoding. The key seems to be the updated draft to RFC2231: - https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 - -1.5 Expect-100 meets 417 - - If an upload using Expect: 100-continue receives an HTTP 417 response, it - ought to be automatically resent without the Expect:. A workaround is for - the client application to redo the transfer after disabling Expect:. - https://curl.se/mail/archive-2008-02/0043.html - -1.6 Unnecessary close when 401 received waiting for 100 - - libcurl closes the connection if an HTTP 401 reply is received while it is - waiting for the 100-continue response. - https://curl.se/mail/lib-2008-08/0462.html - -1.7 Deflate error after all content was received - - There's a situation where we can get an error in a HTTP response that is - compressed, when that error is detected after all the actual body contents - have been received and delivered to the application. This is tricky, but is - ultimately a broken server. - - See https://github.com/curl/curl/issues/2719 - -1.8 DoH isn't used for all name resolves when enabled - - Even if DoH is specified to be used, there are some name resolves that are - done without it. This should be fixed. When the internal function - `Curl_resolver_wait_resolv()` is called, it doesn't use DoH to complete the - resolve as it otherwise should. - - See https://github.com/curl/curl/pull/3857 and - https://github.com/curl/curl/pull/3850 - -1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM - - I'm using libcurl to POST form data using a FILE* with the CURLFORM_STREAM - option of curl_formadd(). I've noticed that if the connection drops at just - the right time, the POST is reattempted without the data from the file. It - seems like the file stream position isn't getting reset to the beginning of - the file. I found the CURLOPT_SEEKFUNCTION option and set that with a - function that performs an fseek() on the FILE*. However, setting that didn't - seem to fix the issue or even get called. See - https://github.com/curl/curl/issues/768 - - -2. TLS - -2.1 CURLINFO_SSL_VERIFYRESULT has limited support - - CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL, NSS and - GnuTLS backends, so relying on this information in a generic app is flaky. - -2.2 DER in keychain - - Curl doesn't recognize certificates in DER format in keychain, but it works - with PEM. https://curl.se/bug/view.cgi?id=1065 - -2.3 Unable to use PKCS12 certificate with Secure Transport - - See https://github.com/curl/curl/issues/5403 - -2.4 Secure Transport won't import PKCS#12 client certificates without a password - - libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that - function rejects certificates that do not have a password. - https://github.com/curl/curl/issues/1308 - -2.5 Client cert handling with Issuer DN differs between backends - - When the specified client certificate doesn't match any of the - server-specified DNs, the OpenSSL and GnuTLS backends behave differently. - The github discussion may contain a solution. - - See https://github.com/curl/curl/issues/1411 - -2.6 CURL_GLOBAL_SSL - - Since libcurl 7.57.0, the flag CURL_GLOBAL_SSL is a no-op. The change was - merged in https://github.com/curl/curl/commit/d661b0afb571a - - It was removed since it was - - A) never clear for applications on how to deal with init in the light of - different SSL backends (the option was added back in the days when life - was simpler) - - B) multissl introduced dynamic switching between SSL backends which - emphasized (A) even more - - C) libcurl uses some TLS backend functionality even for non-TLS functions (to - get "good" random) so applications trying to avoid the init for - performance reasons would do wrong anyway - - D) never very carefully documented so all this mostly just happened to work - for some users - - However, in spite of the problems with the feature, there were some users who - apparently depended on this feature and who now claim libcurl is broken for - them. The fix for this situation is not obvious as a downright revert of the - patch is totally ruled out due to those reasons above. - - https://github.com/curl/curl/issues/2276 - -2.7 Client cert (MTLS) issues with Schannel - - See https://github.com/curl/curl/issues/3145 - -2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname - - This seems to be a limitation in the underlying Schannel API. - - https://github.com/curl/curl/issues/3284 - -2.9 TLS session cache doesn't work with TFO - - See https://github.com/curl/curl/issues/4301 - -2.10 Store TLS context per transfer instead of per connection - - The GnuTLS `backend->cred` and the OpenSSL `backend->ctx` data and their - proxy versions (and possibly other TLS backends), could be better moved to be - stored in the Curl_easy handle instead of in per connection so that a single - transfer that makes multiple connections can reuse the context and reduce - memory consumption. - - https://github.com/curl/curl/issues/5102 - -2.11 Schannel TLS 1.2 handshake bug in old Windows versions - - In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake - implementation likely has a bug that can rarely cause the key exchange to - fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED. - - https://github.com/curl/curl/issues/5488 - -2.12 FTPS with Schannel times out file list operation - - "Instead of the command completing, it just sits there until the timeout - expires." - the same command line seems to work with other TLS backends and - other operating systems. See https://github.com/curl/curl/issues/5284. - -2.14 Secure Transport disabling hostname validation also disables SNI - - SNI is the hostname that is sent by the TLS library to the server as part of - the TLS handshake. Secure Transport does not send SNI when hostname validation - is disabled. Servers that host multiple websites may not know which - certificate to serve without SNI or which backend server to connect to. The - server may serve the certificate of a default server or abort. - - If a server aborts a handshake then curl shows error "SSL peer handshake - failed, the server most likely requires a client certificate to connect". - In this case the error may also have been caused by lack of SNI. - - https://github.com/curl/curl/issues/6347 - -3. Email protocols - -3.1 IMAP SEARCH ALL truncated response - - IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the - code reveals that pingpong.c contains some truncation code, at line 408, when - it deems the server response to be too large truncating it to 40 characters" - https://curl.se/bug/view.cgi?id=1366 - -3.2 No disconnect command - - The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and - SMTP if a failure occurs during the authentication phase of a connection. - -3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses - - You have to tell libcurl not to expect a body, when dealing with one line - response commands. Please see the POP3 examples and test cases which show - this for the NOOP and DELE commands. https://curl.se/bug/?i=740 - -3.4 AUTH PLAIN for SMTP is not working on all servers - - Specifying "--login-options AUTH=PLAIN" on the command line doesn't seem to - work correctly. - - See https://github.com/curl/curl/issues/4080 - -4. Command line - -4.1 -J and -O with %-encoded file names - - -J/--remote-header-name doesn't decode %-encoded file names. RFC6266 details - how it should be done. The can of worm is basically that we have no charset - handling in curl and ascii >=128 is a challenge for us. Not to mention that - decoding also means that we need to check for nastiness that is attempted, - like "../" sequences and the like. Probably everything to the left of any - embedded slashes should be cut off. - https://curl.se/bug/view.cgi?id=1294 - - -O also doesn't decode %-encoded names, and while it has even less - information about the charset involved the process is similar to the -J case. - - Note that we won't add decoding to -O without the user asking for it with - some other means as well, since -O has always been documented to use the name - exactly as specified in the URL. - -4.2 -J with -C - fails - - When using -J (with -O), automatically resumed downloading together with "-C - -" fails. Without -J the same command line works! This happens because the - resume logic is worked out before the target file name (and thus its - pre-transfer size) has been figured out! - https://curl.se/bug/view.cgi?id=1169 - -4.3 --retry and transfer timeouts - - If using --retry and the transfer timeouts (possibly due to using -m or - -y/-Y) the next attempt doesn't resume the transfer properly from what was - downloaded in the previous attempt but will truncate and restart at the - original position where it was at before the previous failed attempt. See - https://curl.se/mail/lib-2008-01/0080.html and Mandriva bug report - https://qa.mandriva.com/show_bug.cgi?id=22565 - -5. Build and portability issues - -5.1 OS400 port requires deprecated IBM library - - curl for OS400 requires QADRT to build, which provides ASCII wrappers for - libc/POSIX functions in the ILE, but IBM no longer supports or even offers - this library to download. - - See https://github.com/curl/curl/issues/5176 - -5.2 curl-config --libs contains private details - - "curl-config --libs" will include details set in LDFLAGS when configure is - run that might be needed only for building libcurl. Further, curl-config - --cflags suffers from the same effects with CFLAGS/CPPFLAGS. - -5.3 curl compiled on OSX 10.13 failed to run on OSX 10.10 - - See https://github.com/curl/curl/issues/2905 - -5.4 Build with statically built dependency - - The build scripts in curl (autotools, cmake and others) are primarily done to - work with shared/dynamic third party dependencies. When linking with shared - libraries, the dependency "chain" is handled automatically by the library - loader - on all modern systems. - - If you instead link with a static library, we need to provide all the - dependency libraries already at the link command line. - - Figuring out all the dependency libraries for a given library is hard, as it - might also involve figuring out the dependencies of the dependencies and they - may vary between platforms and even change between versions. - - When using static dependencies, the build scripts will mostly assume that - you, the user, will provide all the necessary additional dependency libraries - as additional arguments in the build. With configure, by setting LIBS/LDFLAGS - on the command line. - - We welcome help to improve curl's ability to link with static libraries, but - it is likely a task that we can never fully support. - -5.5 can't handle Unicode arguments in non-Unicode builds on Windows - - If a URL or filename can't be encoded using the user's current codepage then - it can only be encoded properly in the Unicode character set. Windows uses - UTF-16 encoding for Unicode and stores it in wide characters, however curl - and libcurl are not equipped for that at the moment except when built with - _UNICODE and UNICODE defined. And, except for Cygwin, Windows can't use UTF-8 - as a locale. - - https://curl.se/bug/?i=345 - https://curl.se/bug/?i=731 - https://curl.se/bug/?i=3747 - -5.7 Visual Studio project gaps - - The Visual Studio projects lack some features that the autoconf and nmake - builds offer, such as the following: - - - support for zlib and nghttp2 - - use of static runtime libraries - - add the test suite components - - In addition to this the following could be implemented: - - - support for other development IDEs - - add PATH environment variables for third-party DLLs - -5.8 configure finding libs in wrong directory - - When the configure script checks for third-party libraries, it adds those - directories to the LDFLAGS variable and then tries linking to see if it - works. When successful, the found directory is kept in the LDFLAGS variable - when the script continues to execute and do more tests and possibly check for - more libraries. - - This can make subsequent checks for libraries wrongly detect another - installation in a directory that was previously added to LDFLAGS by another - library check! - - A possibly better way to do these checks would be to keep the pristine LDFLAGS - even after successful checks and instead add those verified paths to a - separate variable that only after all library checks have been performed gets - appended to LDFLAGS. - -5.9 Utilize Requires.private directives in libcurl.pc - - https://github.com/curl/curl/issues/864 - -5.10 SMB tests fail with Python 2 - - The error message says "TreeConnectAndX not found". - - See https://github.com/curl/curl/issues/5983 - -5.11 configure --with-gssapi with Heimdal is ignored on macOS - - ... unless you also pass --with-gssapi-libs - - https://github.com/curl/curl/issues/3841 - -5.12 flaky Windows CI builds - - We run many CI builds for each commit and PR on github, and especially a - number of the Windows builds are very flaky. This means that we rarely get - all CI builds go green and complete without errors. This is very unfortunate - as it makes us sometimes miss actual build problems and it is surprising to - newcomers to the project who (rightfully) don't expect this. - - See https://github.com/curl/curl/issues/6972 - -6. Authentication - -6.1 NTLM authentication and unicode - - NTLM authentication involving unicode user name or password only works - properly if built with UNICODE defined together with the Schannel - backend. The original problem was mentioned in: - https://curl.se/mail/lib-2009-10/0024.html - https://curl.se/bug/view.cgi?id=896 - - The Schannel version verified to work as mentioned in - https://curl.se/mail/lib-2012-07/0073.html - -6.2 MIT Kerberos for Windows build - - libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's - library header files exporting symbols/macros that should be kept private to - the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/ - -6.3 NTLM in system context uses wrong name - - NTLM authentication using SSPI (on Windows) when (lib)curl is running in - "system context" will make it use wrong(?) user name - at least when compared - to what winhttp does. See https://curl.se/bug/view.cgi?id=535 - -6.4 Negotiate and Kerberos V5 need a fake user name - - In order to get Negotiate (SPNEGO) authentication to work in HTTP or Kerberos - V5 in the e-mail protocols, you need to provide a (fake) user name (this - concerns both curl and the lib) because the code wrongly only considers - authentication if there's a user name provided by setting - conn->bits.user_passwd in url.c https://curl.se/bug/view.cgi?id=440 How? - https://curl.se/mail/lib-2004-08/0182.html A possible solution is to - either modify this variable to be set or introduce a variable such as - new conn->bits.want_authentication which is set when any of the authentication - options are set. - -6.5 NTLM doesn't support password with § character - - https://github.com/curl/curl/issues/2120 - -6.6 libcurl can fail to try alternatives with --proxy-any - - When connecting via a proxy using --proxy-any, a failure to establish an - authentication will cause libcurl to abort trying other options if the - failed method has a higher preference than the alternatives. As an example, - --proxy-any against a proxy which advertise Negotiate and NTLM, but which - fails to set up Kerberos authentication won't proceed to try authentication - using NTLM. - - https://github.com/curl/curl/issues/876 - -6.7 Don't clear digest for single realm - - https://github.com/curl/curl/issues/3267 - -6.8 RTSP authentication breaks without redirect support - - RTSP authentication broke in 7.66.0. A work-around is to enable RTSP in - CURLOPT_REDIR_PROTOCOLS. Authentication should however not be considered an - actual redirect so a "proper" fix needs to be different and not require users - to allow redirects to RTSP to work. - - See https://github.com/curl/curl/pull/4750 - -6.9 SHA-256 digest not supported in Windows SSPI builds - - Windows builds of curl that have SSPI enabled use the native Windows API calls - to create authentication strings. The call to InitializeSecurityContext fails - with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR. - - Microsoft does not document supported digest algorithms and that SEC_E error - code is not a documented error for InitializeSecurityContext (digest). - - https://github.com/curl/curl/issues/6302 - -6.10 curl never completes Negotiate over HTTP - - Apparently it isn't working correctly...? - - See https://github.com/curl/curl/issues/5235 - -6.11 Negotiate on Windows fails - - When using --negotiate (or NTLM) with curl on Windows, SSL/TSL handshake - fails despite having a valid kerberos ticket cached. Works without any issue - in Unix/Linux. - - https://github.com/curl/curl/issues/5881 - - -7. FTP - -7.1 FTP without or slow 220 response - - If a connection is made to a FTP server but the server then just never sends - the 220 response or otherwise is dead slow, libcurl will not acknowledge the - connection timeout during that phase but only the "real" timeout - which may - surprise users as it is probably considered to be the connect phase to most - people. Brought up (and is being misunderstood) in: - https://curl.se/bug/view.cgi?id=856 - -7.2 FTP with CONNECT and slow server - - When doing FTP over a socks proxy or CONNECT through HTTP proxy and the multi - interface is used, libcurl will fail if the (passive) TCP connection for the - data transfer isn't more or less instant as the code does not properly wait - for the connect to be confirmed. See test case 564 for a first shot at a test - case. - -7.3 FTP with NOBODY and FAILONERROR - - It seems sensible to be able to use CURLOPT_NOBODY and CURLOPT_FAILONERROR - with FTP to detect if a file exists or not, but it is not working: - https://curl.se/mail/lib-2008-07/0295.html - -7.4 FTP with ACCT - - When doing an operation over FTP that requires the ACCT command (but not when - logging in), the operation will fail since libcurl doesn't detect this and - thus fails to issue the correct command: - https://curl.se/bug/view.cgi?id=635 - -7.5 ASCII FTP - - FTP ASCII transfers do not follow RFC959. They don't convert the data - accordingly (not for sending nor for receiving). RFC 959 section 3.1.1.1 - clearly describes how this should be done: - - The sender converts the data from an internal character representation to - the standard 8-bit NVT-ASCII representation (see the Telnet - specification). The receiver will convert the data from the standard - form to his own internal form. - - Since 7.15.4 at least line endings are converted. - -7.6 FTP with NULs in URL parts - - FTP URLs passed to curl may contain NUL (0x00) in the RFC 1738 , - , and components, encoded as "%00". The problem is that - curl_unescape does not detect this, but instead returns a shortened C string. - From a strict FTP protocol standpoint, NUL is a valid character within RFC - 959 , so the way to handle this correctly in curl would be to use a - data structure other than a plain C string, one that can handle embedded NUL - characters. From a practical standpoint, most FTP servers would not - meaningfully support NUL characters within RFC 959 , anyway (e.g., - Unix pathnames may not contain NUL). - -7.7 FTP and empty path parts in the URL - - libcurl ignores empty path parts in FTP URLs, whereas RFC1738 states that - such parts should be sent to the server as 'CWD ' (without an argument). The - only exception to this rule, is that we knowingly break this if the empty - part is first in the path, as then we use the double slashes to indicate that - the user wants to reach the root dir (this exception SHALL remain even when - this bug is fixed). - -7.8 Premature transfer end but healthy control channel - - When 'multi_done' is called before the transfer has been completed the normal - way, it is considered a "premature" transfer end. In this situation, libcurl - closes the connection assuming it doesn't know the state of the connection so - it can't be reused for subsequent requests. - - With FTP however, this isn't necessarily true but there are a bunch of - situations (listed in the ftp_done code) where it *could* keep the connection - alive even in this situation - but the current code doesn't. Fixing this would - allow libcurl to reuse FTP connections better. - -7.9 Passive transfer tries only one IP address - - When doing FTP operations through a proxy at localhost, the reported spotted - that curl only tried to connect once to the proxy, while it had multiple - addresses and a failed connect on one address should make it try the next. - - After switching to passive mode (EPSV), curl should try all IP addresses for - "localhost". Currently it tries ::1, but it should also try 127.0.0.1. - - See https://github.com/curl/curl/issues/1508 - -7.10 FTPS needs session reuse - - When the control connection is reused for a subsequent transfer, some FTPS - servers complain about "missing session reuse" for the data channel for the - second transfer. - - https://github.com/curl/curl/issues/4654 - -8. TELNET - -8.1 TELNET and time limitations don't work - - When using telnet, the time limitation options don't work. - https://curl.se/bug/view.cgi?id=846 - -8.2 Microsoft telnet server - - There seems to be a problem when connecting to the Microsoft telnet server. - https://curl.se/bug/view.cgi?id=649 - - -9. SFTP and SCP - -9.1 SFTP doesn't do CURLOPT_POSTQUOTE correct - - When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server - using the multi interface, the commands are not being sent correctly and - instead the connection is "cancelled" (the operation is considered done) - prematurely. There is a half-baked (busy-looping) patch provided in the bug - report but it cannot be accepted as-is. See - https://curl.se/bug/view.cgi?id=748 - -9.2 wolfssh: publickey auth doesn't work - - When building curl to use the wolfSSH backend for SFTP, the publickey - authentication doesn't work. This is simply functionality not written for curl - yet, the necessary API for make this work is provided by wolfSSH. - - See https://github.com/curl/curl/issues/4820 - -9.3 Remote recursive folder creation with SFTP - - On this servers, the curl fails to create directories on the remote server - even when CURLOPT_FTP_CREATE_MISSING_DIRS option is set. - - See https://github.com/curl/curl/issues/5204 - - -10. SOCKS - -10.3 FTPS over SOCKS - - libcurl doesn't support FTPS over a SOCKS proxy. - -10.4 active FTP over a SOCKS - - libcurl doesn't support active FTP over a SOCKS proxy - - -11. Internals - -11.1 Curl leaks .onion hostnames in DNS - - Curl sends DNS requests for hostnames with a .onion TLD. This leaks - information about what the user is attempting to access, and violates this - requirement of RFC7686: https://tools.ietf.org/html/rfc7686 - - Issue: https://github.com/curl/curl/issues/543 - -11.2 error buffer not set if connection to multiple addresses fails - - If you ask libcurl to resolve a hostname like example.com to IPv6 addresses - only. But you only have IPv4 connectivity. libcurl will correctly fail with - CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER - remains empty. Issue: https://github.com/curl/curl/issues/544 - -11.3 c-ares deviates from stock resolver on http://1346569778 - - When using the socket resolvers, that URL becomes: - - * Rebuilt URL to: http://1346569778/ - * Trying 80.67.6.50... - - but with c-ares it instead says "Could not resolve: 1346569778 (Domain name - not found)" - - See https://github.com/curl/curl/issues/893 - -11.4 HTTP test server 'connection-monitor' problems - - The 'connection-monitor' feature of the sws HTTP test server doesn't work - properly if some tests are run in unexpected order. Like 1509 and then 1525. - - See https://github.com/curl/curl/issues/868 - -11.5 Connection information when using TCP Fast Open - - CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is - enabled. - - See https://github.com/curl/curl/issues/1332 and - https://github.com/curl/curl/issues/4296 - -11.6 slow connect to localhost on Windows - - When connecting to "localhost" on Windows, curl will resolve the name for - both ipv4 and ipv6 and try to connect to both happy eyeballs-style. Something - in there does however make it take 200 milliseconds to succeed - which is the - HAPPY_EYEBALLS_TIMEOUT define exactly. Lowering that define speeds up the - connection, suggesting a problem in the HE handling. - - If we can *know* that we're talking to a local host, we should lower the - happy eyeballs delay timeout for IPv6 (related: hardcode the "localhost" - addresses, mentioned in TODO). Possibly we should reduce that delay for all. - - https://github.com/curl/curl/issues/2281 - -11.7 signal-based resolver timeouts - - libcurl built without an asynchronous resolver library uses alarm() to time - out DNS lookups. When a timeout occurs, this causes libcurl to jump from the - signal handler back into the library with a sigsetjmp, which effectively - causes libcurl to continue running within the signal handler. This is - non-portable and could cause problems on some platforms. A discussion on the - problem is available at https://curl.se/mail/lib-2008-09/0197.html - - Also, alarm() provides timeout resolution only to the nearest second. alarm - ought to be replaced by setitimer on systems that support it. - -11.8 DoH leaks memory after followlocation - - https://github.com/curl/curl/issues/4592 - -11.9 DoH doesn't inherit all transfer options - - Some options are not inherited because they are not relevant for the DoH SSL - connections, or inheriting the option may result in unexpected behavior. For - example the user's debug function callback is not inherited because it would - be unexpected for internal handles (ie DoH handles) to be passed to that - callback. - - If an option is not inherited then it is not possible to set it separately for - DoH without a DoH-specific option. For example: CURLOPT_DOH_SSL_VERIFYHOST, - CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS. - - See https://github.com/curl/curl/issues/6605 - -11.10 Blocking socket operations in non-blocking API - - The list of blocking socket operations is in TODO section "More non-blocking". - -11.11 A shared connection cache is not thread-safe - - The share interface offers CURL_LOCK_DATA_CONNECT to have multiple easy - handle share a connection cache, but due to how connections are used they are - still not thread-safe when used shared. - - See https://github.com/curl/curl/issues/4915 and lib1541.c - -11.12 'no_proxy' string-matches IPv6 numerical addresses - - This has the downside that "::1" for example doesn't match "::0:1" even - though they are in fact the same address. - - See https://github.com/curl/curl/issues/5745 - -11.13 wakeup socket disconnect causes havoc - - waking an iPad breaks the wakeup socket pair, triggering a POLLIN event and - resulting in SOCKERRNO being set to ENOTCONN. - - This condition, and other possible error conditions on the wakeup socket, are - not handled, so the condition remains on the FD and curl_multi_poll will - never block again. - - See https://github.com/curl/curl/issues/6132 and - https://github.com/curl/curl/pull/6133 - -11.14 Multi perform hangs waiting for threaded resolver - - If a threaded resolver takes a long time to complete, libcurl can be blocked - waiting for it for a longer time than expected - and longer than the set - timeouts. - - See https://github.com/curl/curl/issues/2975 and - https://github.com/curl/curl/issues/4852 - -11.15 CURLOPT_OPENSOCKETPAIRFUNCTION is missing - - When libcurl creates sockets with socketpair(), those are not "exposed" in - CURLOPT_OPENSOCKETFUNCTION and therefore might surprise and be unknown to - applications that expects and wants all sockets known beforehand. One way to - address this issue is to introduce a CURLOPT_OPENSOCKETPAIRFUNCTION callback. - - https://github.com/curl/curl/issues/5747 - -11.16 libcurl uses renames instead of locking for atomic operations - - For saving cookies, alt-svc and hsts files. This is bad when for example the - file is stored in a directory where the application has no write permission - but it has permission for the file. - - https://github.com/curl/curl/issues/6882 - https://github.com/curl/curl/pull/6884 - -12. LDAP - -12.1 OpenLDAP hangs after returning results - - By configuration defaults, openldap automatically chase referrals on - secondary socket descriptors. The OpenLDAP backend is asynchronous and thus - should monitor all socket descriptors involved. Currently, these secondary - descriptors are not monitored, causing openldap library to never receive - data from them. - - As a temporary workaround, disable referrals chasing by configuration. - - The fix is not easy: proper automatic referrals chasing requires a - synchronous bind callback and monitoring an arbitrary number of socket - descriptors for a single easy handle (currently limited to 5). - - Generic LDAP is synchronous: OK. - - See https://github.com/curl/curl/issues/622 and - https://curl.se/mail/lib-2016-01/0101.html - -12.2 LDAP on Windows does authentication wrong? - - https://github.com/curl/curl/issues/3116 - -12.3 LDAP on Windows doesn't work - - A simple curl command line getting "ldap://ldap.forumsys.com" returns an - error that says "no memory" ! - - https://github.com/curl/curl/issues/4261 - -12.4 LDAPS with NSS is slow - - See https://github.com/curl/curl/issues/5874 - -13. TCP/IP - -13.1 --interface for ipv6 binds to unusable IP address - - Since IPv6 provides a lot of addresses with different scope, binding to an - IPv6 address needs to take the proper care so that it doesn't bind to a - locally scoped address as that is bound to fail. - - https://github.com/curl/curl/issues/686 - -14. DICT - -14.1 DICT responses show the underlying protocol - - When getting a DICT response, the protocol parts of DICT aren't stripped off - from the output. - - https://github.com/curl/curl/issues/1809 - -15. CMake - -15.1 use correct SONAME - - The autotools build sets the SONAME properly according to VERSIONINFO in - lib/Makefile.am and so should cmake to make comparable build. - - See https://github.com/curl/curl/pull/5935 - -15.2 support build with GnuTLS - -15.3 unusable tool_hugehelp.c with MinGW - - see https://github.com/curl/curl/issues/3125 - -15.4 build docs/curl.1 - - The cmake build doesn't create the docs/curl.1 file and therefor must rely on - it being there already. This makes the --manual option not work and test - cases like 1139 can't function. - -15.5 build on Linux links libcurl to libdl - - ... which it shouldn't need to! - - See https://github.com/curl/curl/issues/6165 - -15.6 uses -lpthread instead of Threads::Threads - - See https://github.com/curl/curl/issues/6166 - -15.7 generated .pc file contains strange entries - - The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc - -lgcc -lgcc_s - - See https://github.com/curl/curl/issues/6167 - -15.8 libcurl.pc uses absolute library paths - - The libcurl.pc file generated by cmake contains things like Libs.private: - /usr/lib64/libssl.so /usr/lib64/libcrypto.so /usr/lib64/libz.so. The - autotools equivalent would say Libs.private: -lssl -lcrypto -lz - - See https://github.com/curl/curl/issues/6169 - -15.9 cert paths autodetected when cross-compiling - - The autotools build disables the ca_path/ca_bundle detection when - cross-compiling. The cmake build keeps doing the detection. - - See https://github.com/curl/curl/issues/6178 - -15.10 libspsl is not supported - - See https://github.com/curl/curl/issues/6214 - -15.11 ExternalProject_Add does not set CURL_CA_PATH - - CURL_CA_BUNDLE and CURL_CA_PATH are not set properly when cmake's - ExternalProject_Add is used to build curl as a dependency. - - See https://github.com/curl/curl/issues/6313 - -15.12 cannot enable LDAPS on Windows - - See https://github.com/curl/curl/issues/6284 - -16. Applications - -16.1 pulseUI VPN client - - This application crashes at startup with libcurl 7.74.0 (and presumably later - versions too) after we cleaned up OpenSSL initialization. Since this is the - only known application to do this, we suspect it is related to something they - are doing in their setup that isn't kosher. We have not been able to get in - contact with them nor got any technical details to help us debug this - further. - - See - https://community.pulsesecure.net/t5/Pulse-Desktop-Clients/Linux-Pulse-Client-does-not-work-with-curl-7-74/m-p/44378 - and https://github.com/curl/curl/issues/6306 - -17. HTTP/2 - -17.1 Excessive HTTP/2 packets with TCP_NODELAY - - Because of how curl sets TCP_NODELAY by default, HTTP/2 requests are issued - using more separate TCP packets than it would otherwise need to use. This - means spending more bytes than it has to. Just disabling TCP_NODELAY for - HTTP/2 is also not the correct fix because that then makes the outgoing - packets to get delayed. - - See https://github.com/curl/curl/issues/6363 - -17.2 HTTP/2 frames while in the connection pool kill reuse - - If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to - curl while the connection is held in curl's connection pool, the socket will - be found readable when considered for reuse and that makes curl think it is - dead and then it will be closed and a new connection gets created instead. - - This is *best* fixed by adding monitoring to connections while they are kept - in the pool so that pings can be responded to appropriately. - -17.3 ENHANCE_YOUR_CALM causes infinite retries - - Infinite retries with 2 parallel requests on one connection receiving GOAWAY - with ENHANCE_YOUR_CALM error code. - - See https://github.com/curl/curl/issues/5119 - -17.4 Connection failures with parallel HTTP/2 - - See https://github.com/curl/curl/issues/5611 - - -18. HTTP/3 - -18.1 If the HTTP/3 server closes connection during upload curl hangs - - See https://github.com/curl/curl/issues/6606 - -18.2 Uploading HTTP/3 files gets interrupted at certain file sizes - - See https://github.com/curl/curl/issues/6510 - -18.3 HTTP/3 download is 5x times slower than HTTP/2 - - See https://github.com/curl/curl/issues/6494 diff --git a/docs/KNOWN_BUGS.md b/docs/KNOWN_BUGS.md new file mode 100644 index 000000000000..5c747644c72d --- /dev/null +++ b/docs/KNOWN_BUGS.md @@ -0,0 +1,560 @@ + + +# Known bugs intro + +These are problems and bugs known to exist at the time of this release. Feel +free to join in and help us correct one or more of these. Also be sure to +check the changelog of the current development status, as one or more of these +problems may have been fixed or changed somewhat since this was written. + +# TLS + +## IMAPS connection fails with Rustls error + +[curl issue 10457](https://github.com/curl/curl/issues/10457) + +## Access violation sending client cert with Schannel + +When using Schannel to do client certs, curl sets `PKCS12_NO_PERSIST_KEY` to +avoid leaking the private key into the filesystem. Unfortunately that flag +instead seems to trigger a crash. + +See [curl issue 17626](https://github.com/curl/curl/issues/17626) + +## Client cert handling with Issuer `DN` differs between backends + +When the specified client certificate does not match any of the +server-specified `DN` fields, the OpenSSL and GnuTLS backends behave +differently. The GitHub discussion may contain a solution. + +See [curl issue 1411](https://github.com/curl/curl/issues/1411) + +## Client cert (MTLS) issues with Schannel + +See [curl issue 3145](https://github.com/curl/curl/issues/3145) + +## Schannel TLS 1.2 handshake bug in old Windows versions + +In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake +implementation likely has a bug that can rarely cause the key exchange to +fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED. + +[curl issue 5488](https://github.com/curl/curl/issues/5488) + +## `CURLOPT_CERTINFO` results in `CURLE_OUT_OF_MEMORY` with Schannel + +[curl issue 8741](https://github.com/curl/curl/issues/8741) + +## mbedTLS and CURLE_AGAIN handling + +[curl issue 15801](https://github.com/curl/curl/issues/15801) + +# Email protocols + +## IMAP `SEARCH ALL` truncated response + +IMAP `SEARCH ALL` truncates output on large boxes. "A quick search of the code +reveals that `pingpong.c` contains some truncation code, at line 408, when it +deems the server response to be too large truncating it to 40 characters" + +https://curl.se/bug/view.cgi?id=1366 + +## No disconnect command + +The disconnect commands (`LOGOUT` and `QUIT`) may not be sent by IMAP, POP3 +and SMTP if a failure occurs during the authentication phase of a connection. + +## `AUTH PLAIN` for SMTP is not working on all servers + +Specifying `--login-options AUTH=PLAIN` on the command line does not seem to +work correctly. + +See [curl issue 4080](https://github.com/curl/curl/issues/4080) + +## `APOP` authentication fails on POP3 + +See [curl issue 10073](https://github.com/curl/curl/issues/10073) + +## POP3 issue when reading small chunks + + CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982 + +See [curl issue 12063](https://github.com/curl/curl/issues/12063) + +# Command line + +## `-T /dev/stdin` may upload with an incorrect content length + +`-T` stats the path to figure out its size in bytes to use it as +`Content-Length` if it is a regular file. + +The problem with that is that on BSD and some other UNIX systems (not Linux), +open(path) may not give you a file descriptor with a 0 offset from the start +of the file. + +See [curl issue 12177](https://github.com/curl/curl/issues/12177) + +## `-T -` always uploads chunked + +When the `<` shell operator is used. curl should realize that stdin is a +regular file in this case, and that it can do a non-chunked upload, like it +would do if you used `-T` file. + +See [curl issue 12171](https://github.com/curl/curl/issues/12171) + +# Build and portability issues + +## OS400 port requires deprecated IBM library + +curl for OS400 requires `QADRT` to build, which provides ASCII wrappers for +libc/POSIX functions in the ILE, but IBM no longer supports or even offers +this library to download. + +See [curl issue 5176](https://github.com/curl/curl/issues/5176) + +## `curl-config --libs` contains private details + +`curl-config --libs` include details set in `LDFLAGS` when configure is run +that might be needed only for building libcurl. Further, `curl-config +--cflags` suffers from the same effects with `CFLAGS`/`CPPFLAGS`. + +## `LDFLAGS` passed too late making libs linked incorrectly + +Compiling latest curl on HP-UX and linking against a custom OpenSSL (which is +on the default loader/linker path), fails because the generated Makefile has +`LDFLAGS` passed on after `LIBS`. + +See [curl issue 14893](https://github.com/curl/curl/issues/14893) + +## Cygwin: make install installs curl-config.1 twice + +[curl issue 8839](https://github.com/curl/curl/issues/8839) + +## flaky CI builds + +We run many CI builds for each commit and PR on GitHub, and especially a +number of the Windows builds are flaky. This means that we rarely get all CI +builds go green and complete without errors. This is unfortunate as it makes +us sometimes miss actual build problems and it is surprising to newcomers to +the project who (rightfully) do not expect this. + +See [curl issue 6972](https://github.com/curl/curl/issues/6972) + +## long paths are not fully supported on Windows + +curl on Windows cannot access long paths (paths longer than 260 characters). +As a workaround, the Windows path prefix `\\?\` which disables all path +interpretation may work to allow curl to access the path. For example: +`\\?\c:\longpath`. + +See [curl issue 8361](https://github.com/curl/curl/issues/8361) + +## Unicode on Windows + +Passing in a Unicode filename with -o: + +[curl issue 11461](https://github.com/curl/curl/issues/11461) + +Passing in Unicode character with -d: + +[curl issue 12231](https://github.com/curl/curl/issues/12231) + +Windows Unicode builds use the home directory in current locale. + +The Windows Unicode builds of curl use the current locale, but expect Unicode +UTF-8 encoded paths for internal use such as open, access and stat. The user's +home directory is retrieved via curl_getenv in the current locale and not as +UTF-8 encoded Unicode. + +See [curl pull request 7252](https://github.com/curl/curl/pull/7252) and [curl pull request 7281](https://github.com/curl/curl/pull/7281) + +Cannot handle Unicode arguments in non-Unicode builds on Windows + +If a URL or filename cannot be encoded using the user's current code page then +it can only be encoded properly in the Unicode character set. Windows uses +UTF-16 encoding for Unicode and stores it in wide characters, however curl and +libcurl are not equipped for that at the moment except when built with +_UNICODE and UNICODE defined. Except for Cygwin, Windows cannot use UTF-8 as a +locale. + +https://curl.se/bug/?i=345 +https://curl.se/bug/?i=731 +https://curl.se/bug/?i=3747 + +NTLM authentication and Unicode + +NTLM authentication involving Unicode username or password only works properly +if built with UNICODE defined together with the Schannel backend. The original +problem was mentioned in: https://curl.se/mail/lib-2009-10/0024.html and +https://curl.se/bug/view.cgi?id=896 + +The Schannel version verified to work as mentioned in +https://curl.se/mail/lib-2012-07/0073.html + +# Authentication + +## Digest `auth-int` for PUT/POST + +We do not support auth-int for Digest using PUT or POST + +## MIT Kerberos for Windows build + +libcurl fails to build with MIT Kerberos for Windows (`KfW`) due to its +library header files exporting symbols/macros that should be kept private to +the library. + +## NTLM in system context uses wrong name + +NTLM authentication using SSPI (on Windows) when (lib)curl is running in +"system context" makes it use wrong(?) username - at least when compared to +what `winhttp` does. See https://curl.se/bug/view.cgi?id=535 + +## NTLM does not support password with Unicode 'SECTION SIGN' character + +Code point: U+00A7 + +https://en.wikipedia.org/wiki/Section_sign +[curl issue 2120](https://github.com/curl/curl/issues/2120) + +## libcurl can fail to try alternatives with `--proxy-any` + +When connecting via a proxy using `--proxy-any`, a failure to establish an +authentication causes libcurl to abort trying other options if the failed +method has a higher preference than the alternatives. As an example, +`--proxy-any` against a proxy which advertise Negotiate and NTLM, but which +fails to set up Kerberos authentication does not proceed to try authentication +using NTLM. + +[curl issue 876](https://github.com/curl/curl/issues/876) + +## Do not clear digest for single realm + +[curl issue 3267](https://github.com/curl/curl/issues/3267) + +## SHA-256 digest not supported in Windows SSPI builds + +Windows builds of curl that have SSPI enabled use the native Windows API calls +to create authentication strings. The call to `InitializeSecurityContext` fails +with `SEC_E_QOP_NOT_SUPPORTED` which causes curl to fail with +`CURLE_AUTH_ERROR`. + +Microsoft does not document supported digest algorithms and that `SEC_E` error +code is not a documented error for `InitializeSecurityContext` (digest). + +[curl issue 6302](https://github.com/curl/curl/issues/6302) + +## curl never completes Negotiate over HTTP + +Apparently it is not working correctly...? + +See [curl issue 5235](https://github.com/curl/curl/issues/5235) + +## Negotiate on Windows fails + +When using `--negotiate` (or NTLM) with curl on Windows, SSL/TLS handshake +fails despite having a valid kerberos ticket cached. Works without any issue +in Unix/Linux. + +[curl issue 5881](https://github.com/curl/curl/issues/5881) + +## Negotiate authentication against Hadoop + +[curl issue 8264](https://github.com/curl/curl/issues/8264) + +# FTP + +## FTP with ACCT + +When doing an operation over FTP that requires the `ACCT` command (but not when +logging in), the operation fails since libcurl does not detect this and thus +fails to issue the correct command: https://curl.se/bug/view.cgi?id=635 + +## FTPS server compatibility on Windows with Schannel + +FTPS is not widely used with the Schannel TLS backend and so there may be more +bugs compared to other TLS backends such as OpenSSL. In the past users have +reported hanging and failed connections. It is likely some changes to curl +since then fixed the issues. None of the reported issues can be reproduced any +longer. + +If you encounter an issue connecting to your server via FTPS with the latest +curl and Schannel then please search for open issues or file a new issue. + +# SFTP and SCP + +## SFTP does not do `CURLOPT_POSTQUOTE` correct + +When libcurl sends `CURLOPT_POSTQUOTE` commands when connected to an SFTP +server using the multi interface, the commands are not being sent correctly +and instead the connection is canceled (the operation is considered done) +prematurely. There is a half-baked (busy-looping) patch provided in the bug +report but it cannot be accepted as-is. See +https://curl.se/bug/view.cgi?id=748 + +## Remote recursive folder creation with SFTP + +On this servers, the curl fails to create directories on the remote server +even when the `CURLOPT_FTP_CREATE_MISSING_DIRS` option is set. + +See [curl issue 5204](https://github.com/curl/curl/issues/5204) + +## libssh blocking and infinite loop problem + +In the `SSH_SFTP_INIT` state for libssh, the ssh session working mode is set +to blocking mode. If the network is suddenly disconnected during sftp +transmission, curl is stuck, even if curl is configured with a timeout. + +[curl issue 8632](https://github.com/curl/curl/issues/8632) + +## Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!" + +Running SCP and SFTP tests on Cygwin makes this warning message appear. + +[curl issue 11244](https://github.com/curl/curl/issues/11244) + +# Connection + +## `--interface` with link-scoped IPv6 address + +When you give the `--interface` option telling curl to use a specific +interface for its outgoing traffic in combination with an IPv6 address in the +URL that uses a link-local scope, curl might pick the wrong address from the +named interface and the subsequent transfer fails. + +Example command line: + + curl --interface eth0 'http://[fe80:928d:xxff:fexx:xxxx]/' + +The fact that the given IP address is link-scoped should probably be used as +input to somehow make curl make a better choice for this. + +[curl issue 14782](https://github.com/curl/curl/issues/14782) + +## Does not acknowledge getaddrinfo sorting policy + +Even if a user edits `/etc/gai.conf` to prefer IPv4, curl still prefers and +tries IPv6 addresses first. + +[curl issue 16718](https://github.com/curl/curl/issues/16718) + +## SOCKS-SSPI discards the security context + +After a successful SSPI/GSS-API exchange, the function queries and logs the +authenticated username and reports the supported data-protection level, but +then immediately deletes the negotiated SSPI security context and frees the +credentials before returning. The negotiated context is not stored on the +connection and is therefore never used to protect later SOCKS5 traffic. + +## cannot use absolute Unix domain filename for SOCKS on Windows + +curl supports using a Unix domain socket path for speaking SOCKS to a proxy, +by providing a filename in the URL used for `-x` (`CURLOPT_PROXY`), but that +path cannot be a proper absolute Windows path with a drive letter etc. + +A solution for this probably requires that we add and provide a +`--unix-socket` (`CURLOPT_UNIX_SOCKET_PATH`) option alternative for proxy +communication. + +See [curl issue 19825](https://github.com/curl/curl/issues/19825) + +# Internals + +## GSSAPI library name + version is missing in `curl_version_info()` + +The struct needs to be expanded and code added to store this info. + +See [curl issue 13492](https://github.com/curl/curl/issues/13492) + +## error buffer not set if connection to multiple addresses fails + +If you ask libcurl to resolve a hostname like example.com to IPv6 addresses +when you only have IPv4 connectivity. libcurl fails with +`CURLE_COULDNT_CONNECT`, but the error buffer set by `CURLOPT_ERRORBUFFER` +remains empty. Issue: [curl issue 544](https://github.com/curl/curl/issues/544) + +## HTTP test server 'connection-monitor' problems + +The `connection-monitor` feature of the HTTP test server does not work +properly if some tests are run in unexpected order. Like 1509 and then 1525. + +See [curl issue 868](https://github.com/curl/curl/issues/868) + +## Connection information when using TCP Fast Open + +`CURLINFO_LOCAL_PORT` (and possibly a few other) fails when TCP Fast Open is +enabled. + +See [curl issue 1332](https://github.com/curl/curl/issues/1332) and +[curl issue 4296](https://github.com/curl/curl/issues/4296) + +## test cases sometimes timeout + +Occasionally, one of the tests timeouts. Inexplicably. + +See [curl issue 13350](https://github.com/curl/curl/issues/13350) + +## `CURLOPT_CONNECT_TO` does not work for HTTPS proxy + +It is unclear if the same option should even cover the proxy connection or if +if requires a separate option. + +See [curl issue 14481](https://github.com/curl/curl/issues/14481) + +## WinIDN test failures + +Test 165 disabled when built with WinIDN. + +## setting a disabled option should return `CURLE_NOT_BUILT_IN` + +When curl has been built with specific features or protocols disabled, setting +such options with `curl_easy_setopt()` should rather return +`CURLE_NOT_BUILT_IN` instead of `CURLE_UNKNOWN_OPTION` to signal the +difference to the application + +See [curl issue 15472](https://github.com/curl/curl/issues/15472) + +# LDAP + +## OpenLDAP hangs after returning results + +By configuration defaults, OpenLDAP automatically chase referrals on secondary +socket descriptors. The OpenLDAP backend is asynchronous and thus should +monitor all socket descriptors involved. Currently, these secondary +descriptors are not monitored, causing OpenLDAP library to never receive data +from them. + +As a temporary workaround, disable referrals chasing by configuration. + +The fix is not easy: proper automatic referrals chasing requires a synchronous +bind callback and monitoring an arbitrary number of socket descriptors for a +single easy handle (currently limited to 5). + +Generic LDAP is synchronous: OK. + +See [curl issue 622](https://github.com/curl/curl/issues/622) and +https://curl.se/mail/lib-2016-01/0101.html + +## LDAP on Windows does authentication wrong? + +[curl issue 3116](https://github.com/curl/curl/issues/3116) + +## LDAP on Windows does not work + +A simple curl command line getting `ldap://ldap.forumsys.com` returns an error +that says `no memory` ! + +[curl issue 4261](https://github.com/curl/curl/issues/4261) + +## LDAPS requests to Active Directory server hang + +[curl issue 9580](https://github.com/curl/curl/issues/9580) + +# TCP/IP + +## telnet code does not handle partial writes properly + +It probably does not happen too easily because of how slow and infrequent +sends are normally performed. + +## Trying local ports fails on Windows + +This makes `--local-port [range]` to not work since curl cannot properly +detect if a port is already in use, so it tries the first port, uses that and +then subsequently fails anyway if that was actually in use. + +[curl issue 8112](https://github.com/curl/curl/issues/8112) + +# CMake + +## cmake outputs: no version information available + +Something in the SONAME generation seems to be wrong in the cmake build. + +[curl issue 11158](https://github.com/curl/curl/issues/11158) + +## uses `-lpthread` instead of `Threads::Threads` + +See [curl issue 6166](https://github.com/curl/curl/issues/6166) + +## generated `.pc` file contains strange entries + +The `Libs.private` field of the generated `.pc` file contains `-lgcc -lgcc_s +-lc -lgcc -lgcc_s`. + +See [curl issue 6167](https://github.com/curl/curl/issues/6167) + +## CMake build with MIT Kerberos does not work + +Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2 +try_compile started respecting the `CMAKE_EXE_FLAGS`. The code dealing with +MIT Kerberos detection sets few variables to potentially weird mix of space, +and ;-separated flags. It had to blow up at some point. All the CMake checks +that involve compilation are doomed from that point, the configured tree +cannot be built. + +[curl issue 6904](https://github.com/curl/curl/issues/6904) + +# Authentication + +## `--aws-sigv4` does not handle multipart/form-data correctly + +[curl issue 13351](https://github.com/curl/curl/issues/13351) + +# HTTP/2 + +## HTTP/2 prior knowledge over proxy + +[curl issue 12641](https://github.com/curl/curl/issues/12641) + +## HTTP/2 frames while in the connection pool kill reuse + +If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to +curl while the connection is held in curl's connection pool, the socket is +found readable when considered for reuse and that makes curl think it is dead +and then it is closed and a new connection gets created instead. + +This is *best* fixed by adding monitoring to connections while they are kept +in the pool so that pings can be responded to appropriately. + +## `ENHANCE_YOUR_CALM` causes infinite retries + +Infinite retries with 2 parallel requests on one connection receiving `GOAWAY` +with `ENHANCE_YOUR_CALM` error code. + +See [curl issue 5119](https://github.com/curl/curl/issues/5119) + +## HTTP/2 + TLS spends a lot of time in recv + +It has been observed that by making the speed limit less accurate we could +improve this performance. (by reverting +[db5c9f4f9e0779](https://github.com/curl/curl/commit/db5c9f4f9e0779b49624752b135281a0717b277b)) +Can we find a golden middle ground? + +See https://curl.se/mail/lib-2024-05/0026.html and +[curl issue 13416](https://github.com/curl/curl/issues/13416) + +# HTTP/3 + +## connection migration does not work + +[curl issue 7695](https://github.com/curl/curl/issues/7695) + +## quiche: QUIC connection is draining + +The transfer ends with error "QUIC connection is draining". + +[curl issue 12037](https://github.com/curl/curl/issues/12037) + +# RTSP + +## Some methods do not support response bodies + +The RTSP implementation is written to assume that a number of RTSP methods +always get responses without bodies, even though there seems to be no +indication in the RFC that this is always the case. + +[curl issue 12414](https://github.com/curl/curl/issues/12414) diff --git a/docs/KNOWN_RISKS.md b/docs/KNOWN_RISKS.md new file mode 100644 index 000000000000..82125f0c6623 --- /dev/null +++ b/docs/KNOWN_RISKS.md @@ -0,0 +1,149 @@ + + +# Known Risks + +This is an incomplete list of known risks when running and using curl and +libcurl. + +# Risks + +## Insecure transfers + +When using curl to perform transfers with protocols that are insecure or the +server identity is unverified, everything that is sent and received can be +intercepted by eavesdroppers and the servers can easily be spoofed by +impostors. + +## Untrusted input + +You should **never** run curl command lines or use curl config files provided +to you from untrusted sources. + +curl can do a lot of things, and you should only ask it do things you want and +deem correct. + +Even accepting only the URL part without careful vetting might make curl do +things you do not like. Like accessing internal hosts, like connecting to +rogue servers that redirect to even weirder places, like using ports or +protocols that play tricks on you. + +## Command line misuse + +The command line tool and its options should be used and be expected to work +as documented. Relying on undocumented functions or side-effects is unreliable +as they may cause problems or get changed behavior between releases. + +For several command line options, you can confuse either curl or the involved +server endpoint by using characters or byte sequences for the option that are +not expected. For example, adding line feeds and/or carriage returns to inputs +can produce unexpected, invalid, or insecure results. + +## API misuse + +Applications using the libcurl API in a way that is not documented to work or +even documented to not work, is unsafe and might cause security problems. We +only guarantee secure and proper functionality when the APIs are used as +documented. + +## Local attackers already present + +When there is a local attacker present locally, curl cannot prevent such an +adversary to use curl's full potential. Possibly in malicious ways. + +## Remote attackers already present + +When there is a remote attacker already present in the server, curl cannot +protect its operations against mischief. For example, if an attacker manages +to insert a symlink in your remote upload directory the upload may cause +havoc. Maybe the attacker makes certain responses come back with unexpected +content. + +## Debug & Experiments + +We encourage users to test curl experiments and use debug code, but only in +controlled environments and setups - never in production. + +Using debug builds and experimental curl features in production is a security +risk. Do not do that. + +The same applies to scripts and software which are not installed by default +through the make install rule: they are not intended or made for production +use. + +## URL inconsistencies + +URL parser inconsistencies between browsers and curl are expected and are not +considered security vulnerabilities. The WHATWG URL Specification and RFC +3986+ (the plus meaning that it is an extended version) [are not completely +interoperable](https://github.com/bagder/docs/blob/master/URL-interop.md). + +You must never expect two independent URL parsers to treat every URL +identically. + +## Visible command line arguments + +The curl command blanks the contents of a number of command line arguments to +prevent them from appearing in process listings. It does not blank all +arguments, even though some that are not blanked might contain sensitive data. + +- not all systems allow the arguments to be blanked in the first place +- since curl blanks the argument itself they are readable for a short moment + no matter what +- virtually every argument can contain sensitive data, depending on use +- blanking all arguments would make it impractical for users to differentiate + curl command lines in process listings + +## HTTP headers in redirects + +It is powerful to provide a set of custom headers to curl. Beware that when +asking curl to follow HTTP redirects, it also sends those headers to the new +URL which might be a different server. That might do another redirect etc. + +curl makes some limited attempts to not leak credentials this way when set +using the standard curl options, but when you pass on custom headers curl +cannot know what headers or details in those headers are sensitive. + +## Verbose logs + +When asked to provide verbose output and trace logging, curl may output and +show details that are private and sensitive. Like for example raw credentials +or the password weakly disguised using base64 encoding. + +## Terminal output and escape sequences + +Content that is transferred from a server and gets displayed in a terminal by +curl may contain escape sequences or use other tricks to fool the user. Escape +sequences, moving cursor, changing color etc, is also frequently used for +good. To reduce the risk of getting fooled, save files and browse them after +download using a display method that minimizes risks. + +## Legacy dependencies + +Every curl build is made to use a range of third party libraries. Each third +party library also needs to be safe and secure for the entire operation to be +risk-free. + +Relying on legacy dependencies is a risk. + +## Weak algorithms + +curl supports several cryptographic algorithms that are considered weak, like +DES and MD5. These algorithms are still in use because some protocols and +transfer options require use of them. For example NTLM or legacy HTTP Digest +authentication. + +curl users should consider switching to servers and options that use modern +and secure algorithms. + +## Compression bombs + +When asking curl or libcurl to automatically decompress data on arrival, there +is a risk that the size of the output from the decompression process ends up +many times larger than the input data size. + +Since curl 8.20.0, users can mitigate this risk by setting the max filesize +option that also covers the decompressed size. diff --git a/docs/MAIL-ETIQUETTE b/docs/MAIL-ETIQUETTE deleted file mode 100644 index 80d06b6406fb..000000000000 --- a/docs/MAIL-ETIQUETTE +++ /dev/null @@ -1,285 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -MAIL ETIQUETTE - - 1. About the lists - 1.1 Mailing Lists - 1.2 Netiquette - 1.3 Do Not Mail a Single Individual - 1.4 Subscription Required - 1.5 Moderation of new posters - 1.6 Handling trolls and spam - 1.7 How to unsubscribe - 1.8 I posted, now what? - 1.9 Your emails are public - - 2. Sending mail - 2.1 Reply or New Mail - 2.2 Reply to the List - 2.3 Use a Sensible Subject - 2.4 Do Not Top-Post - 2.5 HTML is not for mails - 2.6 Quoting - 2.7 Digest - 2.8 Please Tell Us How You Solved The Problem! - -============================================================================== - -1. About the lists - - 1.1 Mailing Lists - - The mailing lists we have are all listed and described at - https://curl.se/mail/ - - Each mailing list is targeted to a specific set of users and subjects, - please use the one or the ones that suit you the most. - - Each mailing list has hundreds up to thousands of readers, meaning that - each mail sent will be received and read by a very large number of people. - People from various cultures, regions, religions and continents. - - 1.2 Netiquette - - Netiquette is a common term for how to behave on the internet. Of course, in - each particular group and subculture there will be differences in what is - acceptable and what is considered good manners. - - This document outlines what we in the curl project consider to be good - etiquette, and primarily this focus on how to behave on and how to use our - mailing lists. - - 1.3 Do Not Mail a Single Individual - - Many people send one question to one person. One person gets many mails, and - there is only one person who can give you a reply. The question may be - something that other people would also like to ask. These other people have - no way to read the reply, but to ask the one person the question. The one - person consequently gets overloaded with mail. - - If you really want to contact an individual and perhaps pay for his or her - services, by all means go ahead, but if it's just another curl question, - take it to a suitable list instead. - - 1.4 Subscription Required - - All curl mailing lists require that you are subscribed to allow a mail to go - through to all the subscribers. - - If you post without being subscribed (or from a different mail address than - the one you are subscribed with), your mail will simply be silently - discarded. You have to subscribe first, then post. - - The reason for this unfortunate and strict subscription policy is of course - to stop spam from pestering the lists. - - 1.5 Moderation of new posters - - Several of the curl mailing lists automatically make all posts from new - subscribers be moderated. This means that after you've subscribed and - sent your first mail to a list, that mail will not be let through to the - list until a mailing list administrator has verified that it is OK and - permits it to get posted. - - Once a first post has been made that proves the sender is actually talking - about curl-related subjects, the moderation "flag" will be switched off and - future posts will go through without being moderated. - - The reason for this moderation policy is that we do suffer from spammers who - actually subscribe and send spam to our lists. - - 1.6 Handling trolls and spam - - Despite our good intentions and hard work to keep spam off the lists and to - maintain a friendly and positive atmosphere, there will be times when spam - and or trolls get through. - - Troll - "someone who posts inflammatory, extraneous, or off-topic messages - in an online community" - - Spam - "use of electronic messaging systems to send unsolicited bulk - messages" - - No matter what, we NEVER EVER respond to trolls or spammers on the list. If - you believe the list admin should do something in particular, contact him/her - off-list. The subject will be taken care of as much as possible to prevent - repeated offenses, but responding on the list to such messages never leads to - anything good and only puts the light even more on the offender: which was - the entire purpose of it getting sent to the list in the first place. - - Don't feed the trolls! - - 1.7 How to unsubscribe - - You can unsubscribe the same way you subscribed in the first place. You go - to the page for the particular mailing list you're subscribed to and you enter - your email address and password and press the unsubscribe button. - - Also, the instructions to unsubscribe are included in the headers of every - mail that is sent out to all curl related mailing lists and there's a footer - in each mail that links to the "admin" page on which you can unsubscribe and - change other options. - - You NEVER EVER email the mailing list requesting someone else to take you off - the list. - - 1.8 I posted, now what? - - If you aren't subscribed with the exact same email address that you used to - send the email, your post will just be silently discarded. - - If you posted for the first time to the mailing list, you first need to wait - for an administrator to allow your email to go through (moderated). This normally - happens very quickly but in case we're asleep, you may have to wait a few - hours. - - Once your email goes through it is sent out to several hundred or even - thousands of recipients. Your email may cover an area that not that many people - know about or are interested in. Or possibly the person who knows about it - is on vacation or under a very heavy work load right now. You may have to wait - for a response and you should not expect to get a response at all, but - hopefully you get an answer within a couple of days. - - You do yourself and all of us a service when you include as many details as - possible already in your first email. Mention your operating system and - environment. Tell us which curl version you're using and tell us what you - did, what happened and what you expected would happen. Preferably, show us - what you did with details enough to allow others to help point out the problem - or repeat the same steps in their locations. - - Failing to include details will only delay responses and make people respond - and ask for more details and you will have to send a follow-up email that - includes them. - - Expect the responses to primarily help YOU debug the issue, or ask YOU - questions that can lead you or others towards a solution or explanation to - whatever you experience. - - If you are a repeat offender to the guidelines outlined in this document, - chances are that people will ignore you at will and your chances to get - responses in the future will greatly diminish. - - 1.9 Your emails are public - - Your email, its contents and all its headers and the details in those - headers will be received by every subscriber of the mailing list that you - send your email to. - - Your email as sent to a curl mailing list will end up in mail archives, on - the curl website and elsewhere, for others to see and read. Today and in - the future. In addition to the archives, the mail is sent out to thousands - of individuals. There is no way to undo a sent email. - - When sending emails to a curl mailing list, do not include sensitive - information such as user names and passwords; use fake ones, temporary ones - or just remove them completely from the mail. Note that this includes base64 - encoded HTTP Basic auth headers. - - This public nature of the curl mailing lists makes automatically inserted mail - footers about mails being "private" or "only meant for the recipient" or - similar even more silly than usual. Because they are absolutely not private - when sent to a public mailing list. - - -2. Sending mail - - 2.1 Reply or New Mail - - Please do not reply to an existing message as a short-cut to post a message - to the lists. - - Many mail programs and web archivers use information within mails to keep - them together as "threads", as collections of posts that discuss a certain - subject. If you don't intend to reply on the same or similar subject, don't - just hit reply on an existing mail and change subject, create a new mail. - - 2.2 Reply to the List - - When replying to a message from the list, make sure that you do "group - reply" or "reply to all", and not just reply to the author of the single - mail you reply to. - - We're actively discouraging replying back to the single person by setting - the Reply-To: field in outgoing mails back to the mailing list address, - making it harder for people to mail the author directly, if only by mistake. - - 2.3 Use a Sensible Subject - - Please use a subject of the mail that makes sense and that is related to the - contents of your mail. It makes it a lot easier to find your mail afterwards - and it makes it easier to track mail threads and topics. - - 2.4 Do Not Top-Post - - If you reply to a message, don't use top-posting. Top-posting is when you - write the new text at the top of a mail and you insert the previous quoted - mail conversation below. It forces users to read the mail in a backwards - order to properly understand it. - - This is why top posting is so bad (in top posting order): - - A: Because it messes up the order in which people normally read text. - Q: Why is top-posting such a bad thing? - A: Top-posting. - Q: What is the most annoying thing in e-mail? - - Apart from the screwed up read order (especially when mixed together in a - thread when someone responds using the mandated bottom-posting style), it - also makes it impossible to quote only parts of the original mail. - - When you reply to a mail. You let the mail client insert the previous mail - quoted. Then you put the cursor on the first line of the mail and you move - down through the mail, deleting all parts of the quotes that don't add - context for your comments. When you want to add a comment you do so, inline, - right after the quotes that relate to your comment. Then you continue - downwards again. - - When most of the quotes have been removed and you've added your own words, - you're done! - - 2.5 HTML is not for mails - - Please switch off those HTML encoded messages. You can mail all those funny - mails to your friends. We speak plain text mails. - - 2.6 Quoting - - Quote as little as possible. Just enough to provide the context you cannot - leave out. A lengthy description can be found here: - - https://www.netmeister.org/news/learn2quote.html - - 2.7 Digest - - We allow subscribers to subscribe to the "digest" version of the mailing - lists. A digest is a collection of mails lumped together in one single mail. - - Should you decide to reply to a mail sent out as a digest, there are two - things you MUST consider if you really really cannot subscribe normally - instead: - - Cut off all mails and chatter that is not related to the mail you want to - reply to. - - Change the subject name to something sensible and related to the subject, - preferably even the actual subject of the single mail you wanted to reply to - - 2.8 Please Tell Us How You Solved The Problem! - - Many people mail questions to the list, people spend some of their time and - make an effort in providing good answers to these questions. - - If you are the one who asks, please consider responding once more in case - one of the hints was what solved your problems. The guys who write answers - feel good to know that they provided a good answer and that you fixed the - problem. Far too often, the person who asked the question is never heard from - again, and we never get to know if he/she is gone because the problem was - solved or perhaps because the problem was unsolvable! - - Getting the solution posted also helps other users that experience the same - problem(s). They get to see (possibly in the web archives) that the - suggested fixes actually has helped at least one person. diff --git a/docs/MAIL-ETIQUETTE.md b/docs/MAIL-ETIQUETTE.md new file mode 100644 index 000000000000..9c2527d04ddd --- /dev/null +++ b/docs/MAIL-ETIQUETTE.md @@ -0,0 +1,257 @@ + + +# Mail etiquette + +## About the lists + +### Mailing Lists + +The mailing lists we have are all listed and described on the [curl +website](https://curl.se/mail/). + +Each mailing list is targeted to a specific set of users and subjects, please +use the one or the ones that suit you the most. + +Each mailing list has hundreds up to thousands of readers, meaning that each +mail sent is received and read by a large number of people. People from +various cultures, regions, religions and continents. + +### Netiquette + +Netiquette is a common term for how to behave on the Internet. Of course, in +each particular group and subculture there are differences in what is +acceptable and what is considered good manners. + +This document outlines what we in the curl project consider to be good +etiquette, and primarily this focus on how to behave on and how to use our +mailing lists. + +### Do Not Mail a Single Individual + +Many people send one question to one person. One person gets many mails, and +there is only one person who can give you a reply. The question may be +something that other people would also like to ask. These other people have no +way to read the reply, but to ask the one person the question. The one person +consequently gets overloaded with mail. + +If you really want to contact an individual and perhaps pay for his or her +services, by all means go ahead, but if it is another curl question, take it +to a suitable list instead. + +### Subscription Required + +All curl mailing lists require that you are subscribed to allow a mail to go +through to all the subscribers. + +If you post without being subscribed (or from a different mail address than +the one you are subscribed with), your mail is silently discarded. You +have to subscribe first, then post. + +The reason for this unfortunate and strict subscription policy is of course to +stop spam from pestering the lists. + +### Moderation of new posters + +Several of the curl mailing lists automatically make all posts from new +subscribers be moderated. After you have subscribed and sent your first mail +to a list, that mail is not let through to the list until a mailing list +administrator has verified that it is OK and permits it to get posted. + +Once a first post has been made that proves the sender is actually talking +about curl-related subjects, the moderation "flag" is switched off and future +posts go through without being moderated. + +The reason for this moderation policy is that we do suffer from spammers who +actually subscribe and send spam to our lists. + +### Handling trolls and spam + +Despite our good intentions and hard work to keep spam off the lists and to +maintain a friendly and positive atmosphere, there are times when spam and or +trolls get through. + +Troll - "someone who posts inflammatory, extraneous, or off-topic messages in +an online community" + +Spam - "use of electronic messaging systems to send unsolicited bulk messages" + +No matter what, we NEVER EVER respond to trolls or spammers on the list. If +you believe the list admin should do something in particular, contact them +off-list. The subject is taken care of as much as possible to prevent repeated +offenses, but responding on the list to such messages never leads to anything +good and only puts the light even more on the offender: which was the entire +purpose of it getting sent to the list in the first place. + +Do not feed the trolls. + +### How to unsubscribe + +You can unsubscribe the same way you subscribed in the first place. You go to +the page for the particular mailing list you are subscribed to and you enter +your email address and password and press the unsubscribe button. + +Also, the instructions to unsubscribe are included in the headers of every +mail that is sent out to all curl related mailing lists and there is a footer +in each mail that links to the "admin" page on which you can unsubscribe and +change other options. + +You NEVER EVER email the mailing list requesting someone else to take you off +the list. + +### I posted, now what? + +If you are not subscribed with the same email address that you used to send +the email, your post is silently discarded. + +If you posted for the first time to the mailing list, you first need to wait +for an administrator to allow your email to go through (moderated). This +normally happens quickly but in case we are asleep, you may have to wait a few +hours. + +Once your email goes through it is sent out to several hundred or even +thousands of recipients. Your email may cover an area that not that many +people know about or are interested in. Or possibly the person who knows about +it is on vacation or under a heavy work load right now. You may have to wait +for a response and you should not expect to get a response at all. Ideally, +you get an answer within a couple of days. + +You do yourself and all of us a service when you include as many details as +possible already in your first email. Mention your operating system and +environment. Tell us which curl version you are using and tell us what you +did, what happened and what you expected would happen. Preferably, show us +what you did with details enough to allow others to help point out the problem +or repeat the steps in their locations. + +Failing to include details only delays responses and make people respond and +ask for more details and you have to send follow-up emails that include them. + +Expect the responses to primarily help YOU debug the issue, or ask YOU +questions that can lead you or others towards a solution or explanation to +whatever you experience. + +If you are a repeat offender to the guidelines outlined in this document, +chances are that people ignore you and your chances to get responses in the +future greatly diminish. + +### Your emails are public + +Your email, its contents and all its headers and the details in those headers +are received by every subscriber of the mailing list that you send your email +to. + +Your email as sent to a curl mailing list ends up in mail archives, on the +curl website and elsewhere, for others to see and read. Today and in the +future. In addition to the archives, the mail is sent out to thousands of +individuals. There is no way to undo a sent email. + +When sending emails to a curl mailing list, do not include sensitive +information such as usernames and passwords; use fake ones, temporary ones or +remove them completely from the mail. Note that this includes base64 encoded +HTTP Basic auth headers. + +This public nature of the curl mailing lists makes automatically inserted mail +footers about mails being "private" or "only meant for the recipient" or +similar even more silly than usual. Because they are absolutely not private +when sent to a public mailing list. + +## Sending mail + +### Reply or New Mail + +Please do not reply to an existing message as a short-cut to post a message to +the lists. + +Many mail programs and web archivers use information within mails to keep them +together as "threads", as collections of posts that discuss a certain subject. +If you do not intend to reply on the same or similar subject, do not hit reply +on an existing mail and change the subject, create a new mail. + +### Reply to the List + +When replying to a message from the list, make sure that you do "group reply" +or "reply to all", and not reply to the author of the single mail you reply +to. + +We are actively discouraging replying to the single person by setting the +correct field in outgoing mails back asking for replies to get sent to the +mailing list address, making it harder for people to reply to the author only +by mistake. + +### Use a Sensible Subject + +Please use a subject of the mail that makes sense and that is related to the +contents of your mail. It makes it a lot easier to find your mail afterwards +and it makes it easier to track mail threads and topics. + +### Do Not Top-Post + +If you reply to a message, do not use top-posting. Top-posting is when you +write the new text at the top of a mail and you insert the previous quoted +mail conversation below. It forces users to read the mail in a backwards order +to properly understand it. + +This is why top posting is so bad (in top posting order): + + A: Because it messes up the order in which people normally read text. + Q: Why is top-posting such a bad thing? + A: Top-posting. + Q: What is the most annoying thing in email? + +Apart from the screwed up read order (especially when mixed together in a +thread when someone responds using the mandated bottom-posting style), it also +makes it impossible to quote only parts of the original mail. + +When you reply to a mail. You let the mail client insert the previous mail +quoted. Then you put the cursor on the first line of the mail and you move +down through the mail, deleting all parts of the quotes that do not add +context for your comments. When you want to add a comment you do so, inline, +right after the quotes that relate to your comment. Then you continue +downwards again. + +When most of the quotes have been removed and you have added your own words, +you are done. + +### HTML is not for mails + +Please switch off those HTML encoded messages. You can mail all those funny +mails to your friends. We speak plain text mails. + +### Quoting + +Quote as little as possible. Enough to provide the context you cannot leave +out. + +### Digest + +We allow subscribers to subscribe to the "digest" version of the mailing +lists. A digest is a collection of mails lumped together in one single mail. + +Should you decide to reply to a mail sent out as a digest, there are two +things you MUST consider if you really, really cannot subscribe normally +instead: + +Cut off all mails and chatter that is not related to the mail you want to +reply to. + +Change the subject name to something sensible and related to the subject, +preferably even the actual subject of the single mail you wanted to reply to + +### Please Tell Us How You Solved The Problem + +Many people mail questions to the list, people spend some of their time and +make an effort in providing good answers to these questions. + +If you are the one who asks, please consider responding once more in case one +of the hints was what solved your problems. The guys who write answers feel +good to know that they provided a good answer and that you fixed the problem. +Far too often, the person who asked the question is never heard from again, +and we never get to know if they are gone because the problem was solved or +perhaps because the problem was unsolvable. + +Getting the solution posted also helps other users that experience the same +problem(s). They get to see (possibly in the web archives) that the suggested +fixes actually have helped at least one person. diff --git a/docs/MANUAL.md b/docs/MANUAL.md index a637c66c0a44..e6f5123d2b5b 100644 --- a/docs/MANUAL.md +++ b/docs/MANUAL.md @@ -1,3 +1,9 @@ + + # curl tutorial ## Simple Usage @@ -6,33 +12,37 @@ Get the main page from a web-server: curl https://www.example.com/ -Get the README file the user's home directory at funet's ftp-server: +Get a README file from an FTP server: - curl ftp://ftp.funet.fi/README + curl ftp://ftp.example.com/README -Get a web page from a server using port 8000: +Get a webpage from a server using port 8000: - curl http://www.weirdserver.com:8000/ + curl http://www.example.com:8000/ Get a directory listing of an FTP site: - curl ftp://ftp.funet.fi + curl ftp://ftp.example.com/ + +Get the all terms matching curl from a dictionary: + + curl dict://dict.example.com/m:curl Get the definition of curl from a dictionary: - curl dict://dict.org/m:curl + curl dict://dict.example.com/d:curl Fetch two documents at once: - curl ftp://ftp.funet.fi/ http://www.weirdserver.com:8000/ + curl ftp://ftp.example.com/ https://www.example.com:8000/ Get a file off an FTPS server: - curl ftps://files.are.secure.com/secrets.txt + curl ftps://files.are.example.com/secrets.txt or use the more appropriate FTPS way to get the same file: - curl --ftp-ssl ftp://files.are.secure.com/secrets.txt + curl --ssl-reqd ftp://files.are.example.com/secrets.txt Get a file from an SSH server using SFTP: @@ -59,15 +69,14 @@ Get a file from an SMB server: ## Download to a File -Get a web page and store in a local file with a specific name: +Get a webpage and store in a local file with a specific name: - curl -o thatpage.html http://www.example.com/ + curl -o thatpage.html https://www.example.com/ -Get a web page and store in a local file, make the local file get the name of -the remote document (if no file name part is specified in the URL, this will -fail): +Get a webpage and store in a local file, make the local file get the name of +the remote document (if no filename part is specified in the URL, this fails): - curl -O http://www.example.com/index.html + curl -O https://www.example.com/index.html Fetch two files and store them with their remote names: @@ -77,22 +86,22 @@ Fetch two files and store them with their remote names: ### FTP -To ftp files using name+passwd, include them in the URL like: +To ftp files using name and password, include them in the URL like: - curl ftp://name:passwd@machine.domain:port/full/path/to/file + curl ftp://name:passwd@ftp.server.example:port/full/path/to/file -or specify them with the -u flag like +or specify them with the `-u` flag like - curl -u name:passwd ftp://machine.domain:port/full/path/to/file + curl -u name:passwd ftp://ftp.server.example:port/full/path/to/file ### FTPS -It is just like for FTP, but you may also want to specify and use SSL-specific -options for certificates etc. +It is like FTP, but you may also want to specify and use SSL-specific options +for certificates etc. -Note that using `FTPS://` as prefix is the "implicit" way as described in the -standards while the recommended "explicit" way is done by using FTP:// and the -`--ftp-ssl` option. +Note that using `FTPS://` as prefix is the *implicit* way as described in the +standards while the recommended *explicit* way is done by using `FTP://` and +the `--ssl-reqd` option. ### SFTP / SCP @@ -100,20 +109,20 @@ This is similar to FTP, but you can use the `--key` option to specify a private key to use instead of a password. Note that the private key may itself be protected by a password that is unrelated to the login password of the remote system; this password is specified using the `--pass` option. -Typically, curl will automatically extract the public key from the private key +Typically, curl automatically extracts the public key from the private key file, but in cases where curl does not have the proper library support, a matching public key file must be specified using the `--pubkey` option. ### HTTP -Curl also supports user and password in HTTP URLs, thus you can pick a file +curl also supports user and password in HTTP(S) URLs. You can download a file like: - curl http://name:passwd@machine.domain/full/path/to/file + curl https://name:passwd@http.server.example/full/path/to/file or specify user and password separately like in - curl -u name:passwd http://machine.domain/full/path/to/file + curl -u name:passwd https://http.server.example/full/path/to/file HTTP offers many different methods of authentication and curl supports several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which @@ -122,7 +131,7 @@ secure ones out of the ones that the server accepts for the given URL, by using `--anyauth`. **Note**! According to the URL specification, HTTP URLs can not contain a user -and password, so that style will not work when using curl via a proxy, even +and password, so that style does not work when using curl via a proxy, even though curl allows it at other times. When using a proxy, you _must_ use the `-u` style for user and password. @@ -140,28 +149,28 @@ servers. Get an ftp file using an HTTP proxy named my-proxy that uses port 888: - curl -x my-proxy:888 ftp://ftp.leachsite.com/README + curl -x my-proxy:888 ftp://ftp.example.com/README -Get a file from an HTTP server that requires user and password, using the +Get a file from an HTTPS server that requires user and password, using the same proxy as above: - curl -u user:passwd -x my-proxy:888 http://www.get.this/ + curl -u user:passwd -x my-proxy:888 https://www.example.com/ Some proxies require special authentication. Specify by using -U as above: - curl -U user:passwd -x my-proxy:888 http://www.get.this/ + curl -U user:passwd -x my-proxy:888 https://www.example.com/ A comma-separated list of hosts and domains which do not use the proxy can be specified as: - curl --noproxy localhost,get.this -x my-proxy:888 http://www.get.this/ + curl --noproxy example.com -x my-proxy:888 https://www.example.com/ If the proxy is specified with `--proxy1.0` instead of `--proxy` or `-x`, then -curl will use HTTP/1.0 instead of HTTP/1.1 for any `CONNECT` attempts. +curl uses HTTP/1.0 instead of HTTP/1.1 for any `CONNECT` attempts. curl also supports SOCKS4 and SOCKS5 proxies with `--socks4` and `--socks5`. -See also the environment variables Curl supports that offer further proxy +See also the environment variables curl supports that offer further proxy control. Most FTP proxy servers are set up to appear as a normal FTP server from the @@ -170,33 +179,43 @@ curl supports the `-u`, `-Q` and `--ftp-account` options that can be used to set up transfers through many FTP proxies. For example, a file can be uploaded to a remote FTP server using a Blue Coat FTP proxy with the options: - curl -u "username@ftp.server Proxy-Username:Remote-Pass" + curl -u "username@ftp.server.example Proxy-Username:Remote-Pass" --ftp-account Proxy-Password --upload-file local-file - ftp://my-ftp.proxy.server:21/remote/upload/path/ + ftp://my-ftp.proxy.example:21/remote/upload/path/ See the manual for your FTP proxy to determine the form it expects to set up transfers, and curl's `-v` option to see exactly what curl is sending. +## Piping + +Get a key file and add it with `apt-key` (when on a system that uses `apt` for +package management): + + curl -L https://apt.example.org/llvm-snapshot.gpg.key | sudo apt-key add - + +The '|' pipes the output to STDIN. `-` tells `apt-key` that the key file +should be read from STDIN. + ## Ranges HTTP 1.1 introduced byte-ranges. Using this, a client can request to get only -one or more subparts of a specified document. Curl supports this with the `-r` -flag. +one or more sub-parts of a specified document. curl supports this with the +`-r` flag. Get the first 100 bytes of a document: - curl -r 0-99 http://www.get.this/ + curl -r 0-99 https://www.example.com/ Get the last 500 bytes of a document: - curl -r -500 http://www.get.this/ + curl -r -500 https://www.example.com/ -Curl also supports simple ranges for FTP files as well. Then you can only +curl also supports simple ranges for FTP files as well. Then you can only specify start and stop position. Get the first 100 bytes of a document using FTP: - curl -r 0-99 ftp://www.get.this/README + curl -r 0-99 ftp://www.example.com/README ## Uploading @@ -204,26 +223,26 @@ Get the first 100 bytes of a document using FTP: Upload all data on stdin to a specified server: - curl -T - ftp://ftp.upload.com/myfile + curl -T - ftp://ftp.example.com/myfile Upload data from a specified file, login with user and password: - curl -T uploadfile -u user:passwd ftp://ftp.upload.com/myfile + curl -T uploadfile -u user:passwd ftp://ftp.example.com/myfile -Upload a local file to the remote site, and use the local file name at the +Upload a local file to the remote site, and use the local filename at the remote site too: - curl -T uploadfile -u user:passwd ftp://ftp.upload.com/ + curl -T uploadfile -u user:passwd ftp://ftp.example.com/ Upload a local file to get appended to the remote file: - curl -T localfile -a ftp://ftp.upload.com/remotefile + curl -T localfile -a ftp://ftp.example.com/remotefile -Curl also supports ftp upload through a proxy, but only if the proxy is +curl also supports ftp upload through a proxy, but only if the proxy is configured to allow that kind of tunneling. If it does, you can run curl in a fashion similar to: - curl --proxytunnel -x proxy:port -T localfile ftp.upload.com + curl --proxytunnel -x proxy:port -T localfile ftp.example.com ### SMB / SMBS @@ -232,9 +251,9 @@ fashion similar to: ### HTTP -Upload all data on stdin to a specified HTTP site: +Upload all data on stdin to a specified HTTPS site: - curl -T - http://www.upload.com/myfile + curl -T - https://www.example.com/myfile Note that the HTTP server must have been configured to accept PUT before this can be done successfully. @@ -243,20 +262,19 @@ For other ways to do HTTP data upload, see the POST section below. ## Verbose / Debug -If curl fails where it isn't supposed to, if the servers don't let you in, if -you can't understand the responses: use the `-v` flag to get verbose -fetching. Curl will output lots of info and what it sends and receives in -order to let the user see all client-server interaction (but it won't show you -the actual data). +If curl fails where it is not supposed to, if the servers do not let you in, +if you cannot understand the responses: use the `-v` flag to get verbose +fetching. curl outputs lots of info and what it sends and receives in order to +let the user see all client-server interaction (but it does not show you the +actual data). - curl -v ftp://ftp.upload.com/ + curl -v ftp://ftp.example.com/ To get even more details and information on what curl does, try using the -`--trace` or `--trace-ascii` options with a given file name to log to, like +`--trace` or `--trace-ascii` options with a given filename to log to, like this: - curl --trace trace.txt www.haxx.se - + curl --trace my-trace.txt www.haxx.se ## Detailed Information @@ -267,61 +285,66 @@ info on a single file for HTTP and FTP. The HTTP information is a lot more extensive. For HTTP, you can get the header information (the same as `-I` would show) -shown before the data by using `-i`/`--include`. Curl understands the +shown before the data by using `-i`/`--include`. curl understands the `-D`/`--dump-header` option when getting files from both FTP and HTTP, and it -will then store the headers in the specified file. +then stores the headers in the specified file. Store the HTTP headers in a separate file (headers.txt in the example): curl --dump-header headers.txt curl.se -Note that headers stored in a separate file can be very useful at a later time -if you want curl to use cookies sent by the server. More about that in the +Note that headers stored in a separate file can be useful at a later time if +you want curl to use cookies sent by the server. More about that in the cookies section. ## POST (HTTP) -It's easy to post data using curl. This is done using the `-d ` option. +It is easy to post data using curl. This is done using the `-d ` option. The post data must be urlencoded. -Post a simple "name" and "phone" guestbook. +Post a simple `name` and `phone` guestbook. + + curl -d "name=Rafael%20Sagula&phone=3320780" https://www.example.com/guest.cgi - curl -d "name=Rafael%20Sagula&phone=3320780" http://www.where.com/guest.cgi +Or automatically [URL encode the data](https://everything.curl.dev/http/post/url-encode). + + curl --data-urlencode "name=Rafael Sagula&phone=3320780" + https://www.example.com/guest.cgi How to post a form with curl, lesson #1: Dig out all the `` tags in the form that you want to fill in. -If there's a "normal" post, you use `-d` to post. `-d` takes a full "post -string", which is in the format +If there is a normal post, you use `-d` to post. `-d` takes a full post +string, which is in the format =&=&... -The 'variable' names are the names set with `"name="` in the `` tags, -and the data is the contents you want to fill in for the inputs. The data -*must* be properly URL encoded. That means you replace space with + and that -you replace weird letters with %XX where XX is the hexadecimal representation +The variable names are the names set with `"name="` in the `` tags, and +the data is the contents you want to fill in for the inputs. The data *must* +be properly URL encoded. That means you replace space with + and that you +replace weird letters with `%XX` where `XX` is the hexadecimal representation of the letter's ASCII code. Example: -(page located at `http://www.formpost.com/getthis/`) +(say if `https://example.com` had the following html) ```html
- - - - + + + +
``` -We want to enter user 'foobar' with password '12345'. +We want to enter user `foobar` with password `12345`. -To post to this, you enter a curl command line like: +To post to this, you would enter a curl command line like: curl -d "user=foobar&pass=12345&id=blablabla&ding=submit" - http://www.formpost.com/getthis/post.cgi + https://example.com/post.cgi While `-d` uses the application/x-www-form-urlencoded mime-type, generally understood by CGI's and similar, curl also supports the more capable @@ -330,33 +353,33 @@ multipart/form-data type. This latter type supports things like file upload. `-F` accepts parameters like `-F "name=contents"`. If you want the contents to be read from a file, use `@filename` as contents. When specifying a file, you can also specify the file content type by appending `;type=` to the -file name. You can also post the contents of several files in one field. For -example, the field name 'coolfiles' is used to send three files, with +filename. You can also post the contents of several files in one field. For +example, the field name `coolfiles` is used to send three files, with different content types using the following syntax: curl -F "coolfiles=@fil1.gif;type=image/gif,fil2.txt,fil3.html" - http://www.post.com/postit.cgi + https://www.example.com/postit.cgi -If the content-type is not specified, curl will try to guess from the file +If the content-type is not specified, curl tries to guess from the file extension (it only knows a few), or use the previously specified type (from an -earlier file if several files are specified in a list) or else it will use the -default type 'application/octet-stream'. +earlier file if several files are specified in a list) or else it uses the +default type `application/octet-stream`. Emulate a fill-in form with `-F`. Let's say you fill in three fields in a -form. One field is a file name which to post, one field is your name and one +form. One field is a filename which to post, one field is your name and one field is a file description. We want to post the file we have written named -"cooltext.txt". To let curl do the posting of this data instead of your -favourite browser, you have to read the HTML source of the form page and find +`cooltext.txt`. To let curl do the posting of this data instead of your +favorite browser, you have to read the HTML source of the form page and find the names of the input fields. In our example, the input field names are -'file', 'yourname' and 'filedescription'. +`file`, `yourname` and `filedescription`. curl -F "file=@cooltext.txt" -F "yourname=Daniel" -F "filedescription=Cool text file with cool text inside" - http://www.post.com/postit.cgi + https://www.example.com/postit.cgi To send two files in one post you can do it in two ways: -Send multiple files in a single "field" with a single field name: +Send multiple files in a single field with a single field name: curl -F "pictures=@dog.gif,cat.gif" $URL @@ -373,23 +396,23 @@ allow a user to trick curl into uploading a file. ## Referrer An HTTP request has the option to include information about which address -referred it to the actual page. Curl allows you to specify the referrer to be +referred it to the actual page. curl allows you to specify the referrer to be used on the command line. It is especially useful to fool or trick stupid servers or CGI scripts that rely on that information being available or contain certain data. - curl -e www.coolsite.com http://www.showme.com/ + curl -e www.example.org https://www.example.com/ ## User Agent An HTTP request has the option to include information about the browser that -generated the request. Curl allows it to be specified on the command line. It +generated the request. curl allows it to be specified on the command line. It is especially useful to fool or trick stupid servers or CGI scripts that only accept certain browsers. Example: - curl -A 'Mozilla/3.0 (Win95; I)' http://www.nationsbank.com/ + curl -A 'Mozilla/3.0 (Win95; I)' https://www.bank.example.com/ Other common strings: @@ -415,56 +438,56 @@ client's side. The server sets cookies by sending a response line in the headers that looks like `Set-Cookie: ` where the data part then typically contains a set of `NAME=VALUE` pairs (separated by semicolons `;` like `NAME1=VALUE1; NAME2=VALUE2;`). The server can also specify for what path -the "cookie" should be used for (by specifying `path=value`), when the cookie +the cookie should be used for (by specifying `path=value`), when the cookie should expire (`expire=DATE`), for what domain to use it (`domain=NAME`) and if it should be used on secure connections only (`secure`). -If you've received a page from a server that contains a header like: +If you have received a page from a server that contains a header like: ```http Set-Cookie: sessionid=boo123; path="/foo"; ``` it means the server wants that first pair passed on when we get anything in a -path beginning with "/foo". +path beginning with `/foo`. Example, get a page that wants my name passed in a cookie: - curl -b "name=Daniel" www.sillypage.com + curl -b "name=Daniel" www.example.com -Curl also has the ability to use previously received cookies in following +curl also has the ability to use previously received cookies in following sessions. If you get cookies from a server and store them in a file in a manner similar to: curl --dump-header headers www.example.com ... you can then in a second connect to that (or another) site, use the -cookies from the 'headers' file like: +cookies from the `headers.txt` file like: - curl -b headers www.example.com + curl -b headers.txt www.example.com While saving headers to a file is a working way to store cookies, it is however error-prone and not the preferred way to do this. Instead, make curl -save the incoming cookies using the well-known netscape cookie format like +save the incoming cookies using the well-known Netscape cookie format like this: curl -c cookies.txt www.example.com -Note that by specifying `-b` you enable the "cookie awareness" and with `-L` -you can make curl follow a location: (which often is used in combination with -cookies). So that if a site sends cookies and a location, you can use a +Note that by specifying `-b` you enable the cookie engine and with `-L` you +can make curl follow a `location:` (which often is used in combination with +cookies). If a site sends cookies and a location field, you can use a non-existing file to trigger the cookie awareness like: curl -L -b empty.txt www.example.com The file to read cookies from must be formatted using plain HTTP headers OR as -netscape's cookie file. Curl will determine what kind it is based on the file -contents. In the above command, curl will parse the header and store the -cookies received from www.example.com. curl will send to the server the -stored cookies which match the request as it follows the location. The file -"empty.txt" may be a nonexistent file. +Netscape's cookie file. curl determines what kind it is based on the file +contents. In the above command, curl parses the header and store the cookies +received from www.example.com. curl sends the stored cookies which match the +request to the server as it follows the location. The file `empty.txt` may be +a nonexistent file. -To read and write cookies from a netscape cookie file, you can set both `-b` +To read and write cookies from a Netscape cookie file, you can set both `-b` and `-c` to use the same file: curl -b cookies.txt -c cookies.txt www.example.com @@ -480,26 +503,26 @@ happening. The different fields in the output have the following meaning: From left-to-right: - - % - percentage completed of the whole transfer - - Total - total size of the whole expected transfer - - % - percentage completed of the download - - Received - currently downloaded amount of bytes - - % - percentage completed of the upload - - Xferd - currently uploaded amount of bytes - - Average Speed Dload - the average transfer speed of the download - - Average Speed Upload - the average transfer speed of the upload - - Time Total - expected time to complete the operation - - Time Current - time passed since the invoke - - Time Left - expected time left to completion - - Curr.Speed - the average transfer speed the last 5 seconds (the first +- `%` - percentage completed of the whole transfer +- `Total` - total size of the whole expected transfer +- `%` - percentage completed of the download +- `Received` - currently downloaded amount of bytes +- `%` - percentage completed of the upload +- `Xferd` - currently uploaded amount of bytes +- `Average Speed Dload` - the average transfer speed of the download +- `Average Speed Upload` - the average transfer speed of the upload +- `Time Total` - expected time to complete the operation +- `Time Current` - time passed since the invoke +- `Time Left` - expected time left to completion +- `Curr.Speed` - the average transfer speed the last 5 seconds (the first 5 seconds of a transfer is based on less time of course.) -The `-#` option will display a totally different progress bar that doesn't -need much explanation! +The `-#` option displays a totally different progress bar that does not need +much explanation! ## Speed Limit -Curl allows the user to set the transfer speed conditions that must be met to +curl allows the user to set the transfer speed conditions that must be met to let the transfer keep going. By using the switch `-y` and `-Y` you can make curl abort transfers if the transfer speed is below the specified lowest limit for a specified time. @@ -507,39 +530,39 @@ for a specified time. To have curl abort the download if the speed is slower than 3000 bytes per second for 1 minute, run: - curl -Y 3000 -y 60 www.far-away-site.com + curl -Y 3000 -y 60 www.far-away.example.com -This can very well be used in combination with the overall time limit, so -that the above operation must be completed in whole within 30 minutes: +This can be used in combination with the overall time limit, so that the above +operation must be completed in whole within 30 minutes: - curl -m 1800 -Y 3000 -y 60 www.far-away-site.com + curl -m 1800 -Y 3000 -y 60 www.far-away.example.com Forcing curl not to transfer data faster than a given rate is also possible, -which might be useful if you're using a limited bandwidth connection and you -don't want your transfer to use all of it (sometimes referred to as -"bandwidth throttle"). +which might be useful if you are using a limited bandwidth connection and you +do not want your transfer to use all of it (sometimes referred to as +*bandwidth throttle*). Make curl transfer data no faster than 10 kilobytes per second: - curl --limit-rate 10K www.far-away-site.com + curl --limit-rate 10K www.far-away.example.com or - curl --limit-rate 10240 www.far-away-site.com + curl --limit-rate 10240 www.far-away.example.com Or prevent curl from uploading data faster than 1 megabyte per second: - curl -T upload --limit-rate 1M ftp://uploadshereplease.com + curl -T upload --limit-rate 1M ftp://uploads.example.com When using the `--limit-rate` option, the transfer rate is regulated on a -per-second basis, which will cause the total transfer speed to become lower -than the given number. Sometimes of course substantially lower, if your -transfer stalls during periods. +per-second basis, which causes the total transfer speed to become lower than +the given number. Sometimes of course substantially lower, if your transfer +stalls during periods. ## Config File -Curl automatically tries to read the `.curlrc` file (or `_curlrc` file on -Microsoft Windows systems) from the user's home dir on startup. +curl automatically tries to read the `.curlrc` file (or `_curlrc` file on +Microsoft Windows systems) from the user's home directory on startup. The config file could be made up with normal command line switches, but you can also specify the long options without the dashes to make it more @@ -558,7 +581,7 @@ Example, set default time out and proxy in a config file: # We want a 30 minute timeout: -m 1800 # ... and we use a proxy for all accesses: - proxy = proxy.our.domain.com:8080 + proxy = proxy.our.domain.example.com:8080 Whitespaces ARE significant at the end of lines, but all whitespace leading up to the first characters of each line are ignored. @@ -566,31 +589,31 @@ up to the first characters of each line are ignored. Prevent curl from reading the default file by using -q as the first command line parameter, like: - curl -q www.thatsite.com + curl -q www.example.org Force curl to get and display a local help page in case it is invoked without URL by making a config file similar to: - # default url to get - url = "http://help.with.curl.com/curlhelp.html" + # default URL to get + url = "https://help.with.curl.example.com/curlhelp.html" You can specify another config file to be read by using the `-K`/`--config` -flag. If you set config file name to `-` it'll read the config from stdin, -which can be handy if you want to hide options from being visible in process -tables etc: +flag. If you set config filename to `-` it reads the config from stdin, which +can be handy if you want to hide options from being visible in process tables +etc: - echo "user = user:passwd" | curl -K - http://that.secret.site.com + echo "user = user:passwd" | curl -K - https://that.secret.example.com ## Extra Headers -When using curl in your own very special programs, you may end up needing -to pass on your own custom headers when getting a web page. You can do -this by using the `-H` flag. +When using curl in your own programs, you may end up needing to pass on your +own custom headers when getting a webpage. You can do this by using the `-H` +flag. Example, send the header `X-you-and-me: yes` to the server when getting a page: - curl -H "X-you-and-me: yes" www.love.com + curl -H "X-you-and-me: yes" love.example.com This can also be useful in case you want curl to send a different text in a header than it normally does. The `-H` header you specify then replaces the @@ -598,22 +621,22 @@ header curl would normally send. If you replace an internal header with an empty one, you prevent that header from being sent. To prevent the `Host:` header from being used: - curl -H "Host:" www.server.com + curl -H "Host:" server.example.com ## FTP and Path Names Do note that when getting files with a `ftp://` URL, the given path is -relative the directory you enter. To get the file `README` from your home +relative to the directory you enter. To get the file `README` from your home directory at your ftp site, do: - curl ftp://user:passwd@my.site.com/README + curl ftp://user:passwd@my.example.com/README -But if you want the README file from the root directory of that very same -site, you need to specify the absolute file name: +If you want the README file from the root directory of that same site, you +need to specify the absolute filename: - curl ftp://user:passwd@my.site.com//README + curl ftp://user:passwd@my.example.com//README -(I.e with an extra slash in front of the file name.) +(I.e with an extra slash in front of the filename.) ## SFTP and SCP and Path Names @@ -631,13 +654,13 @@ do this. The default way for curl is to issue the PASV command which causes the server to open another port and await another connection performed by the -client. This is good if the client is behind a firewall that doesn't allow +client. This is good if the client is behind a firewall that does not allow incoming connections. - curl ftp.download.com + curl ftp.example.com -If the server, for example, is behind a firewall that doesn't allow -connections on ports other than 21 (or if it just doesn't support the `PASV` +If the server, for example, is behind a firewall that does not allow +connections on ports other than 21 (or if it does not support the `PASV` command), the other way to do it is to use the `PORT` command and instruct the server to connect to the client on the given IP number and port (as parameters to the PORT command). @@ -646,26 +669,26 @@ The `-P` flag to curl supports a few different options. Your machine may have several IP-addresses and/or network interfaces and curl allows you to select which of them to use. Default address can also be used: - curl -P - ftp.download.com + curl -P - ftp.example.com Download with `PORT` but use the IP address of our `le0` interface (this does -not work on windows): +not work on Windows): - curl -P le0 ftp.download.com + curl -P le0 ftp.example.com Download with `PORT` but use 192.168.0.10 as our IP address to use: - curl -P 192.168.0.10 ftp.download.com + curl -P 192.168.0.10 ftp.example.com ## Network Interface -Get a web page from a server using a specified port for the interface: +Get a webpage from a server using a specified port for the interface: - curl --interface eth0:1 http://www.example.com/ + curl --interface eth0:1 https://www.example.com/ or - curl --interface 192.168.1.10 http://www.example.com/ + curl --interface 192.168.1.10 https://www.example.com/ ## HTTPS @@ -675,32 +698,31 @@ using the HTTPS protocol. Example: - curl https://www.secure-site.com + curl https://secure.example.com curl is also capable of using client certificates to get/post files from sites that require valid certificates. The only drawback is that the certificate needs to be in PEM-format. PEM is a standard and open format to store certificates with, but it is not used by the most commonly used browsers. If -you want curl to use the certificates you use with your (favourite) browser, -you may need to download/compile a converter that can convert your browser's +you want curl to use the certificates you use with your favorite browser, you +may need to download/compile a converter that can convert your browser's formatted certificates to PEM formatted ones. Example on how to automatically retrieve a document using a certificate with a personal password: - curl -E /path/to/cert.pem:password https://secure.site.com/ + curl -E /path/to/cert.pem:password https://secure.example.com/ -If you neglect to specify the password on the command line, you will be -prompted for the correct password before any data can be received. +If you neglect to specify the password on the command line, you are prompted +for the correct password before any data can be received. Many older HTTPS servers have problems with specific SSL or TLS versions, which newer versions of OpenSSL etc use, therefore it is sometimes useful to -specify what SSL-version curl should use. Use -3, -2 or -1 to specify that -exact SSL version to use (for SSLv3, SSLv2 or TLSv1 respectively): +specify what TLS version curl should use.: - curl -2 https://secure.site.com/ + curl --tlv1.0 https://secure.example.com/ -Otherwise, curl will attempt to use a sensible TLS default version. +Otherwise, curl attempts to use a sensible TLS default version. ## Resuming File Transfers @@ -709,15 +731,15 @@ resume on HTTP(S) downloads as well as FTP uploads and downloads. Continue downloading a document: - curl -C - -o file ftp://ftp.server.com/path/file + curl -C - -o file ftp://ftp.example.com/path/file Continue uploading a document: - curl -C - -T file ftp://ftp.server.com/path/file + curl -C - -T file ftp://ftp.example.com/path/file Continue downloading a document from a web server - curl -C - -o file http://www.server.com/ + curl -C - -o file https://www.example.com/ ## Time Conditions @@ -728,20 +750,20 @@ them with the `-z`/`--time-cond` flag. For example, you can easily make a download that only gets performed if the remote file is newer than a local copy. It would be made like: - curl -z local.html http://remote.server.com/remote.html + curl -z local.html https://remote.example.com/remote.html Or you can download a file only if the local file is newer than the remote one. Do this by prepending the date string with a `-`, as in: - curl -z -local.html http://remote.server.com/remote.html + curl -z -local.html https://remote.example.com/remote.html -You can specify a "free text" date as condition. Tell curl to only download -the file if it was updated since January 12, 2012: +You can specify a plain text date as condition. Tell curl to only download the +file if it was updated since January 12, 2012: - curl -z "Jan 12 2012" http://remote.server.com/remote.html + curl -z "Jan 12 2012" https://remote.example.com/remote.html -Curl will then accept a wide range of date formats. You always make the date -check the other way around by prepending it with a dash (`-`). +curl accepts a wide range of date formats. You always make the date check the +other way around by prepending it with a dash (`-`). ## DICT @@ -751,8 +773,8 @@ For fun try curl dict://dict.org/d:heisenbug:jargon curl dict://dict.org/d:daniel:gcide -Aliases for 'm' are 'match' and 'find', and aliases for 'd' are 'define' and -'lookup'. For example, +Aliases for `m` are `match` and `find`, and aliases for `d` are `define` and +`lookup`. For example, curl dict://dict.org/find:curl @@ -767,42 +789,39 @@ Authentication support is still missing ## LDAP If you have installed the OpenLDAP library, curl can take advantage of it and -offer `ldap://` support. On Windows, curl will use WinLDAP from Platform SDK -by default. +offer `ldap://` support. On Windows, curl uses WinLDAP from Platform SDK by +default. -Default protocol version used by curl is LDAPv3. LDAPv2 will be used as -fallback mechanism in case if LDAPv3 will fail to connect. +Default protocol version used by curl is LDAP version 3. Version 2 is used as +a fallback mechanism in case version 3 fails to connect. -LDAP is a complex thing and writing an LDAP query is not an easy task. I do -advise you to dig up the syntax description for that elsewhere. One such place -might be: [RFC 2255, The LDAP URL +LDAP is a complex thing and writing an LDAP query is not an easy +task. Familiarize yourself with the exact syntax description elsewhere. One +such place might be: [RFC 2255, The LDAP URL Format](https://curl.se/rfc/rfc2255.txt) -To show you an example, this is how I can get all people from my local LDAP -server that has a certain sub-domain in their email address: +To show you an example, this is how to get all people from an LDAP server that +has a certain subdomain in their email address: - curl -B "ldap://ldap.frontec.se/o=frontec??sub?mail=*sth.frontec.se" - -If I want the same info in HTML format, I can get it by not using the `-B` -(enforce ASCII) flag. + curl -B "ldap://ldap.example.com/o=frontec??sub?mail=*sth.example.com" You also can use authentication when accessing LDAP catalog: - curl -u user:passwd "ldap://ldap.frontec.se/o=frontec??sub?mail=*" - curl "ldap://user:passwd@ldap.frontec.se/o=frontec??sub?mail=*" + curl -u user:passwd "ldap://ldap.example.com/o=frontec??sub?mail=*" + curl "ldap://user:passwd@ldap.example.com/o=frontec??sub?mail=*" -By default, if user and password provided, OpenLDAP/WinLDAP will use basic +By default, if user and password are provided, OpenLDAP/WinLDAP uses basic authentication. On Windows you can control this behavior by providing one of `--basic`, `--ntlm` or `--digest` option in curl command line - curl --ntlm "ldap://user:passwd@ldap.frontec.se/o=frontec??sub?mail=*" + curl --ntlm "ldap://user:passwd@ldap.example.com/o=frontec??sub?mail=*" -On Windows, if no user/password specified, auto-negotiation mechanism will be -used with current logon credentials (SSPI/SPNEGO). +On Windows, if no user/password specified, auto-negotiation mechanism is used +with current logon credentials (SSPI/SPNEGO). ## Environment Variables -Curl reads and understands the following environment variables: +curl reads and understands the following proxy related environment variables: http_proxy, HTTPS_PROXY, FTP_PROXY @@ -811,17 +830,17 @@ with ALL_PROXY -A comma-separated list of host names that shouldn't go through any proxy is +A comma-separated list of hostnames that should not go through any proxy is set in (only an asterisk, `*` matches all hosts) NO_PROXY -If the host name matches one of these strings, or the host is within the -domain of one of these strings, transactions with that node will not be -proxied. When a domain is used, it needs to start with a period. A user can +If the hostname matches one of these strings, or the host is within the domain +of one of these strings, transactions with that node is not done over the +proxy. When a domain is used, it needs to start with a period. A user can specify that both www.example.com and foo.example.com should not use a proxy by setting `NO_PROXY` to `.example.com`. By including the full name you can -exclude specific host names, so to make `www.example.com` not use a proxy but +exclude specific hostnames, so to make `www.example.com` not use a proxy but still have `foo.example.com` do it, set `NO_PROXY` to `www.example.com`. The usage of the `-x`/`--proxy` flag overrides the environment variables. @@ -830,16 +849,16 @@ The usage of the `-x`/`--proxy` flag overrides the environment variables. Unix introduced the `.netrc` concept a long time ago. It is a way for a user to specify name and password for commonly visited FTP sites in a file so that -you don't have to type them in each time you visit those sites. You realize -this is a big security risk if someone else gets hold of your passwords, so -therefore most unix programs won't read this file unless it is only readable -by yourself (curl doesn't care though). +you do not have to type them in each time you visit those sites. You realize +this is a big security risk if someone else gets hold of your passwords, +therefore most Unix programs do not read this file unless it is only readable +by yourself (curl does not care though). -Curl supports `.netrc` files if told to (using the `-n`/`--netrc` and -`--netrc-optional` options). This is not restricted to just FTP, so curl can -use it for all protocols where authentication is used. +curl supports `.netrc` files if told to (using the `-n`/`--netrc` and +`--netrc-optional` options). This is not restricted to FTP, so curl can use it +for all protocols where authentication is used. -A very simple `.netrc` file could look something like: +A simple `.netrc` file could look something like: machine curl.se login iamdaniel password mysecret @@ -852,31 +871,31 @@ information from the previous transfer you want to extract. To display the amount of bytes downloaded together with some text and an ending newline: - curl -w 'We downloaded %{size_download} bytes\n' www.download.com + curl -w 'We downloaded %{size_download} bytes\n' www.example.com ## Kerberos FTP Transfer -Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need the +curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need the kerberos package installed and used at curl build time for it to be available. -First, get the krb-ticket the normal way, like with the kinit/kauth tool. +First, get the krb-ticket the normal way, like with the `kinit`/`kauth` tool. Then use curl in way similar to: - curl --krb private ftp://krb4site.com -u username:fakepwd + curl --krb private ftp://krb4site.example.com -u username:fakepwd -There's no use for a password on the `-u` switch, but a blank one will make -curl ask for one and you already entered the real password to kinit/kauth. +There is no use for a password on the `-u` switch, but a blank one makes curl +ask for one and you already entered the real password to `kinit`/`kauth`. ## TELNET -The curl telnet support is basic and very easy to use. Curl passes all data -passed to it on stdin to the remote server. Connect to a remote telnet server -using a command line similar to: +The curl telnet support is basic and easy to use. curl passes all data passed +to it on stdin to the remote server. Connect to a remote telnet server using a +command line similar to: - curl telnet://remote.server.com + curl telnet://remote.example.com -And enter the data to pass to the server on stdin. The result will be sent to -stdout or to the file you specify with `-o`. +Enter the data to pass to the server on stdin. The result is sent to stdout or +to the file you specify with `-o`. You might want the `-N`/`--no-buffer` option to switch off the buffered output for slow connections or similar. @@ -884,64 +903,63 @@ for slow connections or similar. Pass options to the telnet protocol negotiation, by using the `-t` option. To tell the server we use a vt100 terminal, try something like: - curl -tTTYPE=vt100 telnet://remote.server.com + curl -tTTYPE=vt100 telnet://remote.example.com Other interesting options for it `-t` include: - - `XDISPLOC=` Sets the X display location. - - `NEW_ENV=` Sets an environment variable. +- `XDISPLOC=` Sets the X display location. +- `NEW_ENV=` Sets an environment variable. NOTE: The telnet protocol does not specify any way to login with a specified -user and password so curl can't do that automatically. To do that, you need to +user and password so curl cannot do that automatically. To do that, you need to track when the login prompt is received and send the username and password accordingly. ## Persistent Connections -Specifying multiple files on a single command line will make curl transfer all -of them, one after the other in the specified order. +Specifying multiple files on a single command line makes curl transfer all of +them, one after the other in the specified order. -libcurl will attempt to use persistent connections for the transfers so that -the second transfer to the same host can use the same connection that was -already initiated and was left open in the previous transfer. This greatly -decreases connection time for all but the first transfer and it makes a far -better use of the network. +libcurl attempts to use persistent connections for the transfers so that the +second transfer to the same host can use the same connection that was already +initiated and was left open in the previous transfer. This greatly decreases +connection time for all but the first transfer and it makes a far better use +of the network. Note that curl cannot use persistent connections for transfers that are used -in subsequence curl invokes. Try to stuff as many URLs as possible on the same -command line if they are using the same host, as that'll make the transfers +in subsequent curl invokes. Try to stuff as many URLs as possible on the same +command line if they are using the same host, as that makes the transfers faster. If you use an HTTP proxy for file transfers, practically all transfers -will be persistent. +are persistent. ## Multiple Transfers With A Single Command Line As is mentioned above, you can download multiple files with one command line -by simply adding more URLs. If you want those to get saved to a local file -instead of just printed to stdout, you need to add one save option for each -URL you specify. Note that this also goes for the `-O` option (but not +by adding more URLs. If you want those to get saved to a local file +instead of printed to stdout, you need to add one save option for each URL you +specify. Note that this also goes for the `-O` option (but not `--remote-name-all`). For example: get two files and use `-O` for the first and a custom file name for the second: - curl -O http://url.com/file.txt ftp://ftp.com/moo.exe -o moo.jpg + curl -O https://example.com/file.txt ftp://example.com/moo.exe -o moo.jpg You can also upload multiple files in a similar fashion: - curl -T local1 ftp://ftp.com/moo.exe -T local2 ftp://ftp.com/moo2.txt + curl -T local1 ftp://example.com/moo.exe -T local2 ftp://example.com/moo2.txt ## IPv6 -curl will connect to a server with IPv6 when a host lookup returns an IPv6 -address and fall back to IPv4 if the connection fails. The `--ipv4` and -`--ipv6` options can specify which address to use when both are -available. IPv6 addresses can also be specified directly in URLs using the -syntax: +curl connects to a server with IPv6 when a host lookup returns an IPv6 address +and fall back to IPv4 if the connection fails. The `--ipv4` and `--ipv6` +options can specify which address to use when both are available. IPv6 +addresses can also be specified directly in URLs using the syntax: - http://[2001:1890:1112:1::20]/overview.html + https://[2001:1890:1112:1::20]/overview.html When this style is used, the `-g` option must be given to stop curl from -interpreting the square brackets as special globbing characters. Link local +interpreting the square brackets as special globbing characters. Link local and site local addresses including a scope identifier, such as `fe80::1234%1`, may also be used, but the scope portion must be numeric or match an existing network interface on Linux and the percent character must be URL escaped. The @@ -963,28 +981,27 @@ these mailing lists instead of mailing any individual. Available lists include: -### curl-users +### `curl-users` -Users of the command line tool. How to use it, what doesn't work, new +Users of the command line tool. How to use it, what does not work, new features, related tools, questions, news, installations, compilations, running, porting etc. -### curl-library +### `curl-library` Developers using or developing libcurl. Bugs, extensions, improvements. -### curl-announce +### `curl-announce` Low-traffic. Only receives announcements of new public versions. At worst, that makes something like one or two mails per month, but usually only one mail every second month. -### curl-and-php +### `curl-and-php` Using the curl functions in PHP. Everything curl with a PHP angle. Or PHP with a curl angle. -### curl-and-python +### `curl-and-python` Python hackers using curl with or without the python binding pycurl. - diff --git a/docs/MQTT.md b/docs/MQTT.md deleted file mode 100644 index 741b07297099..000000000000 --- a/docs/MQTT.md +++ /dev/null @@ -1,29 +0,0 @@ -# MQTT in curl - -## Usage - -A plain "GET" subscribes to the topic and prints all published messages. -Doing a "POST" publishes the post data to the topic and exits. - -Example subscribe: - - curl mqtt://host/home/bedroom/temp - -Example publish: - - curl -d 75 mqtt://host/home/bedroom/dimmer - -## What does curl deliver as a response to a subscribe - -It outputs two bytes topic length (MSB | LSB), the topic followed by the -payload. - -## Caveats - -Remaining limitations: - - No username support - - Only QoS level 0 is implemented for publish - - No way to set retain flag for publish - - No username/password support - - No TLS (mqtts) support - - Naive EAGAIN handling won't handle split messages diff --git a/docs/Makefile.am b/docs/Makefile.am index 656d1ace0b7e..fa7ab3d33146 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,112 +18,136 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### AUTOMAKE_OPTIONS = foreign no-dependencies -# EXTRA_DIST breaks with $(abs_builddir) so build it using this variable -# but distribute it (using the relative file name) in the next variable -man_MANS = $(abs_builddir)/curl.1 -noinst_man_MANS = curl.1 mk-ca-bundle.1 -dist_man_MANS = curl-config.1 -GENHTMLPAGES = curl.html curl-config.html mk-ca-bundle.html -PDFPAGES = curl.pdf curl-config.pdf mk-ca-bundle.pdf -MANDISTPAGES = curl.1.dist curl-config.1.dist - -HTMLPAGES = $(GENHTMLPAGES) index.html - -# Build targets in this file (.) before cmdline-opts to ensure that -# the curl.1 rule below runs first -SUBDIRS = . cmdline-opts -DIST_SUBDIRS = $(SUBDIRS) examples libcurl - -CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES) $(MANDISTPAGES) curl.1 - -EXTRA_DIST = \ - $(noinst_man_MANS) \ - ALTSVC.md \ - BINDINGS.md \ - BUFREF.md \ - BUG-BOUNTY.md \ - BUGS.md \ - CHECKSRC.md \ - CIPHERS.md \ - CMakeLists.txt \ - CODE_OF_CONDUCT.md \ - CODE_REVIEW.md \ - CODE_STYLE.md \ - CONTRIBUTE.md \ - CURL-DISABLE.md \ - DEPRECATE.md \ - DYNBUF.md \ - ECH.md \ - EXPERIMENTAL.md \ - FAQ \ - FEATURES.md \ - GOVERNANCE.md \ - HELP-US.md \ - HISTORY.md \ - HSTS.md \ - HTTP-COOKIES.md \ - HTTP2.md \ - HTTP3.md \ - HYPER.md \ - INSTALL \ - INSTALL.cmake \ - INSTALL.md \ - INTERNALS.md \ - KNOWN_BUGS \ - MAIL-ETIQUETTE \ - MQTT.md \ - NEW-PROTOCOL.md \ - options-in-versions \ - PARALLEL-TRANSFERS.md \ - README.md \ - RELEASE-PROCEDURE.md \ - RUSTLS.md \ - ROADMAP.md \ - SECURITY-PROCESS.md \ - SSL-PROBLEMS.md \ - SSLCERTS.md \ - THANKS \ - TODO \ - TheArtOfHttpScripting.md \ - URL-SYNTAX.md \ - VERSIONS.md - -MAN2HTML= roffit $< >$@ - -SUFFIXES = .1 .html .pdf - -# $(abs_builddir) is to disable VPATH when searching for this file, which -# would otherwise find the copy in $(srcdir) which breaks the $(HUGE) -# rule in src/Makefile.am in out-of-tree builds that references the file in the -# build directory. -# -# First, seed the used copy of curl.1 with the prebuilt copy (in an out-of-tree -# build), then run make recursively to rebuild it only if its dependencies -# have changed. -$(abs_builddir)/curl.1: - if test "$(top_builddir)x" != "$(top_srcdir)x" -a -e "$(srcdir)/curl.1"; then \ - $(INSTALL_DATA) "$(srcdir)/curl.1" $@; fi - cd cmdline-opts && $(MAKE) - -html: $(HTMLPAGES) - cd libcurl && $(MAKE) html - -pdf: $(PDFPAGES) - cd libcurl && $(MAKE) pdf - -.1.html: - $(MAN2HTML) - -.1.pdf: - @(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \ - groff -Tps -man $< >$$foo.ps; \ - ps2pdf $$foo.ps $@; \ - rm $$foo.ps; \ - echo "converted $< to $@") +if BUILD_DOCS +# if we disable man page building, ignore these +MK_CA_DOCS = mk-ca-bundle.1 +CURLCONF_DOCS = curl-config.1 +TEST_DOCS = runtests.1 testcurl.1 +man_MANS = curl-config.1 wcurl.1 +endif + +CURLPAGES = curl-config.md mk-ca-bundle.md wcurl.md runtests.md testcurl.md + +SUBDIRS = . cmdline-opts libcurl +DIST_SUBDIRS = $(SUBDIRS) examples + +if BUILD_DOCS +CLEANFILES = $(MK_CA_DOCS) $(man_MANS) $(TEST_DOCS) +endif + +TESTDOCS = \ + tests/FILEFORMAT.md \ + tests/HTTP.md \ + tests/TEST-SUITE.md + +INTERNALDOCS = \ + internals/BUFQ.md \ + internals/BUFREF.md \ + internals/CHECKSRC.md \ + internals/CLIENT-READERS.md \ + internals/CLIENT-WRITERS.md \ + internals/CODE_STYLE.md \ + internals/CONNECTION-FILTERS.md \ + internals/CURLX.md \ + internals/DYNBUF.md \ + internals/HASH.md \ + internals/LLIST.md \ + internals/MID.md \ + internals/MQTT.md \ + internals/MULTI-EV.md \ + internals/NEW-PROTOCOL.md \ + internals/PORTING.md \ + internals/RATELIMITS.md \ + internals/README.md \ + internals/SCORECARD.md \ + internals/SPLAY.md \ + internals/STRPARSE.md \ + internals/TIME-KEEPING.md \ + internals/TLS-SESSIONS.md \ + internals/UINT_SETS.md \ + internals/WEBSOCKET.md + +EXTRA_DIST = \ + $(CURLPAGES) \ + $(INTERNALDOCS) \ + $(TESTDOCS) \ + ALTSVC.md \ + BINDINGS.md \ + BUG-BOUNTY.md \ + BUGS.md \ + CIPHERS.md \ + CIPHERS-TLS12.md \ + CMakeLists.txt \ + CODE_OF_CONDUCT.md \ + CODE_REVIEW.md \ + CONTRIBUTE.md \ + CURL-DISABLE.md \ + CURLDOWN.md \ + DEPRECATE.md \ + DISTROS.md \ + EARLY-RELEASE.md \ + ECH.md \ + EXPERIMENTAL.md \ + FAQ.md \ + FEATURES.md \ + GOVERNANCE.md \ + HELP-US.md \ + HISTORY.md \ + HSTS.md \ + HTTP-COOKIES.md \ + HTTP3.md \ + HTTPSRR.md \ + INFRASTRUCTURE.md \ + INSTALL \ + INSTALL-CMAKE.md \ + INSTALL.md \ + INTERNALS.md \ + IPFS.md \ + KNOWN_BUGS.md \ + KNOWN_RISKS.md \ + MAIL-ETIQUETTE.md \ + MANUAL.md \ + options-in-versions \ + README.md \ + RELEASE-PROCEDURE.md \ + RUSTLS.md \ + ROADMAP.md \ + SECURITY-ADVISORY.md \ + SPONSORS.md \ + SSL-PROBLEMS.md \ + SSLCERTS.md \ + THANKS \ + TODO.md \ + TheArtOfHttpScripting.md \ + URL-SYNTAX.md \ + VERSIONS.md \ + VULN-DISCLOSURE-POLICY.md + +CD2NROFF = $(top_srcdir)/scripts/cd2nroff $< >$@ + +CD2 = $(CD2_$(V)) +CD2_0 = @echo " RENDER " $@; +CD2_1 = +CD2_ = $(CD2_0) + +SUFFIXES = .1 .md + +all: $(MK_CA_DOCS) $(CURLCONF_DOCS) $(TEST_DOCS) + +.md.1: + $(CD2)$(CD2NROFF) + +curl-config.1: curl-config.md + +mk-ca-bundle.1: mk-ca-bundle.md + +wcurl.1: wcurl.md distclean: rm -f $(CLEANFILES) diff --git a/docs/NEW-PROTOCOL.md b/docs/NEW-PROTOCOL.md deleted file mode 100644 index 9984eea2aa90..000000000000 --- a/docs/NEW-PROTOCOL.md +++ /dev/null @@ -1,110 +0,0 @@ -# Adding a new protocol? - -Every once in a while someone comes up with the idea of adding support for yet -another protocol to curl. After all, curl already supports 25 something -protocols and it is the Internet transfer machine for the world. - -In the curl project we love protocols and we love supporting many protocols -and do it well. - -So how do you proceed to add a new protocol and what are the requirements? - -## No fixed set of requirements - -This document is an attempt to describe things to consider. There is no -checklist of the twenty-seven things you need to cross off. We view the entire -effort as a whole and then judge if it seems to be the right thing - for -now. The more things that look right, fit our patterns and are done in ways -that align with our thinking, the better are the chances that we will agree -that supporting this protocol is a grand idea. - -## Mutual benefit is preferred - -curl is not here for your protocol. Your protocol is not here for curl. The -best cooperation and end result occur when all involved parties mutually see -and agree that supporting this protocol in curl would be good for everyone. -Heck, for the world! - -Consider "selling us" the idea that we need an implementation merged in curl, -to be fairly important. *Why* do we want curl to support this new protocol? - -## Protocol requirements - -### Client-side - -The protocol implementation is for a client's side of a "communication -session". - -### Transfer oriented - -The protocol itself should be focused on *transfers*. Be it uploads or -downloads or both. It should at least be possible to view the transfers as -such, like we can view reading emails over POP3 as a download and sending -emails over SMTP as an upload. - -If you cannot even shoehorn the protocol into a transfer focused view, then -you are up for a tough argument. - -### URL - -There should be a documented URL format. If there is an RFC for it there is no -question about it but the syntax doesn't have to be a published RFC. It could -be enough if it is already in use by other implementations. - -If you make up the syntax just in order to be able to propose it to curl, then -you are in a bad place. URLs are designed and defined for interoperability. -There should at least be a good chance that other clients and servers can be -implemented supporting the same URL syntax and work the same or similar way. - -URLs work on registered 'schemes'. There is a register of [all officially -recognized -schemes](https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml). If -your protocol is not in there, is it really a protocol we want? - -### Wide and public use - -The protocol shall already be used or have an expectation of getting used -widely. Experimental protocols are better off worked on in experiments first, -to prove themselves before they are adopted by curl. - -## Code - -Of course the code needs to be written, provided, licensed agreeably and it -should follow our code guidelines and review comments have to be dealt with. -If the implementation needs third party code, that third party code should not -have noticeably lesser standards than the curl project itself. - -## Tests - -As much of the protocol implementation as possible needs to be verified by -curl test cases. We must have the implementation get tested by CI jobs, -torture tests and more. - -We've experienced many times in the past how new implementations were brought -to curl and immediately once the code had been merged, the originator vanished -from the face of the earth. That is fine, but we need to take the necessary -precautions so when it happens we are still fine. - -Our test infrastructure is powerful enough to test just about every possible -protocol - but it might require a bit of an effort to make it happen. - -## Documentation - -We cannot assume that users are particularly familiar with specific details -and peculiarities of the protocol. It needs documentation. - -Maybe it even needs some internal documentation so that the developers who -will try to debug something five years from now can figure out functionality a -little easier! - -The protocol specification itself should be freely available without requiring -any NDA or similar. - -## Don't compare - -We are constantly raising the bar and we are constantly improving the -project. A lot of things we did in the past would not be acceptable if done -today. Therefore, you might be tempted to use shortcuts or "hacks" you can -spot other - existing - protocol implementations have used, but there is -nothing to gain from that. The bar has been raised. Former "cheats" won't be -tolerated anymore. diff --git a/docs/PARALLEL-TRANSFERS.md b/docs/PARALLEL-TRANSFERS.md deleted file mode 100644 index da688ea050ef..000000000000 --- a/docs/PARALLEL-TRANSFERS.md +++ /dev/null @@ -1,58 +0,0 @@ -# Parallel transfers - -curl 7.66.0 introduces support for doing multiple transfers simultaneously; in -parallel. - -## -Z, --parallel - -When this command line option is used, curl will perform the transfers given -to it at the same time. It will do up to `--parallel-max` concurrent -transfers, with a default value of 50. - -## Progress meter - -The progress meter that is displayed when doing parallel transfers is -completely different than the regular one used for each single transfer. - - It shows: - - o percent download (if known, which means *all* transfers need to have a - known size) - o percent upload (if known, with the same caveat as for download) - o total amount of downloaded data - o total amount of uploaded data - o number of transfers to perform - o number of concurrent transfers being transferred right now - o number of transfers queued up waiting to start - o total time all transfers are expected to take (if sizes are known) - o current time the transfers have spent so far - o estimated time left (if sizes are known) - o current transfer speed (the faster of UL/DL speeds measured over the last - few seconds) - -Example: - - DL% UL% Dled Uled Xfers Live Qd Total Current Left Speed - 72 -- 37.9G 0 101 30 23 0:00:55 0:00:34 0:00:22 2752M - -## Behavior differences - -Connections are shared fine between different easy handles, but the -"authentication contexts" are not. So for example doing HTTP Digest auth with -one handle for a particular transfer and then continue on with another handle -that reuses the same connection, the second handle can't send the necessary -Authorization header at once since the context is only kept in the original -easy handle. - -To fix this, the authorization state could be made possible to share with the -share API as well, as a context per origin + path (realm?) basically. - -Visible in test 153, 1412 and more. - -## Feedback! - -This is early days for parallel transfer support. Keep your eyes open for -unintended side effects or downright bugs. - -Tell us what you think and how you think we could improve this feature! - diff --git a/docs/README.md b/docs/README.md index 078385043266..22d96ea9bd86 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,12 +1,18 @@ + + ![curl logo](https://curl.se/logo/curl-logo.svg) # Documentation -You'll find a mix of various documentation in this directory and -subdirectories, using several different formats. Some of them are not ideal -for reading directly in your browser. +You find a mix of various documentation in this directory and subdirectories, +using several different formats. Some of them are not ideal for reading +directly in your browser. -If you'd rather see the rendered version of the documentation, check out the +If you would rather see the rendered version of the documentation, check out the curl website's [documentation section](https://curl.se/docs/) for general curl stuff or the [libcurl section](https://curl.se/libcurl/) for libcurl related documentation. diff --git a/docs/RELEASE-PROCEDURE.md b/docs/RELEASE-PROCEDURE.md index 3faad6511783..36c786cbfe90 100644 --- a/docs/RELEASE-PROCEDURE.md +++ b/docs/RELEASE-PROCEDURE.md @@ -1,39 +1,37 @@ -curl release procedure - how to do a release -============================================ + -- run `./scripts/copyright.pl` and correct possible omissions +# curl release procedure - how to do a release + +## in the source code repo - edit `RELEASE-NOTES` to be accurate - update `docs/THANKS` +- update the "past releases" section in `docs/VERSIONS.md` + - make sure all relevant changes are committed on the master branch - tag the git repo in this style: `git tag -a curl-7_34_0`. -a annotates the tag and we use underscores instead of dots in the version number. Make sure the tag is GPG signed (using -s). -- run "./maketgz 7.34.0" to build the release tarballs. It is important that - you run this on a machine with the correct set of autotools etc installed - as this is what then will be shipped and used by most users on \*nix like - systems. +- run `./scripts/dmaketgz 7.34.0` to build the release tarballs. - push the git commits and the new tag -- gpg sign the 4 tarballs as maketgz suggests +- GPG sign the 4 tarballs as `maketgz` suggests - upload the 8 resulting files to the primary download directory -in the curl-www repo --------------------- +## in the curl-www repo - edit `Makefile` (version number and date), -- edit `_newslog.html` (announce the new release) and - - edit `_changes.html` (insert changes+bugfixes from RELEASE-NOTES) - commit all local changes @@ -44,68 +42,94 @@ in the curl-www repo (the website then updates its contents automatically) -on GitHub ---------- +## on GitHub - edit the newly made release tag so that it is listed as the latest release -inform ------- +## inform - send an email to curl-users, curl-announce and curl-library. Insert the RELEASE-NOTES into the mail. -celebrate ---------- +- if there are any advisories associated with the release, send each markdown + file to the above lists as well as to `oss-security@lists.openwall.com` + (unless the problem is unique to the non-open operating systems) + +## celebrate - suitable beverage intake is encouraged for the festivities -curl release scheduling -======================= +# curl release scheduling -Release Cycle -------------- +## Release Cycle -We do releases every 8 weeks on Wednesdays. If critical problems arise, we can -insert releases outside of the schedule or we can move the release date - but -this is rare. +We normally do releases every 8 weeks on Wednesdays. If important problems +arise, we can insert releases outside the schedule or we can move the release +date. -Each 8 week release cycle is split in two 4-week periods. +Each 8 week (56 days) release cycle is divided into three distinct periods: -- During the first 4 weeks after a release, we allow new features and changes - to curl and libcurl. If we accept any such changes, we bump the minor number - used for the next release. +- During the first 10 calendar days after a release, we are in "cool down". We + do not merge features but only bug-fixes. If a regression is reported, we + might do a follow-up patch release. -- During the second 4-week period we do not merge any features or changes, we - then only focus on fixing bugs and polishing things to make a solid coming - release. +- During the following 3 weeks (21 days) there is a feature window: we allow + new features and changes to curl and libcurl. If we accept any such changes, + we bump the minor number used for the next release. -- After a regular procedure-following release (made on Wednesdays), the - feature window remains closed until the following Monday in case of special - actions or patch releases etc. +- During the next 25 days we are in feature freeze. We do not merge any + features or changes, and we only focus on fixing bugs and polishing things + to make the pending release a solid one. If a future release date happens to end up on a "bad date", like in the middle -of common public holidays or when the lead release manager is away traveling, -the release date can be moved forwards or backwards a full week. This is then +of common public holidays or when the lead release manager is unavailable, the +release date can be moved forwards or backwards a full week. This is then advertised well in advance. -Coming dates ------------- - -Based on the description above, here are some planned release dates (at the -time of this writing): - -- March 31, 2021 (7.76.0) -- May 26, 2021 -- July 21, 2021 -- September 15, 2021 -- November 10, 2021 -- January 5, 2022 -- March 2, 2022 -- April 27, 2022 -- June 22, 2022 -- August 17, 2022 - -The above (and more) curl-related dates are published in -[iCalendar format](https://calendar.google.com/calendar/ical/c9u5d64odop9js55oltfarjk6g%40group.calendar.google.com/public/basic.ics) -as well. +# Release Candidates + +We ship release candidate tarballs on three occasions in preparation for the +pending release: + +- Release candidate one (**rc1**) ships the same Saturday the feature freeze + starts. Twenty-five days before the release. Tagged like `rc-7_34_0-1`. + +- Release candidate two (**rc2**) ships nine days later, sixteen days before + the release. On a Monday. Tagged like `rc-7_34_0-2`. + +- Release candidate tree (**rc3**) ships nine days later, seven days before + the release. On a Wednesday. Tagged like `rc-7_34_0-3`. + +Release candidate tarballs are ephemeral and each such tarball is only kept +around for a few weeks. They are provided on their dedicated webpage at: +https://curl.se/rc/ + +The git tags for release candidate are temporary and remain set only for a +limited period of time. + +**Do not use release candidates in production**. They are work in progress. +Use them for testing and verification only. Use actual releases in production. + +# Critical problems + +We can break the release cycle and do a patch release at any point if a +critical enough problem is reported. There is no exact definition of how to +assess such criticality, but if an issue is highly disturbing or has a +security impact on a large enough share of the user population it might +qualify. + +If you think an issue qualifies, bring it to the curl-library mailing list and +push for it. + +# Coming dates + +Based on the description above, here are some planned future release dates: + +- March 11, 2026 +- April 29, 2026 +- June 24, 2026 +- August 19, 2026 +- October 14, 2026 +- December 9, 2026 +- February 3, 2027 +- March 31, 2027 diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md index 79e8b03a2b7e..abf306b3350b 100644 --- a/docs/ROADMAP.md +++ b/docs/ROADMAP.md @@ -1,24 +1,17 @@ + + # curl the next few years - perhaps Roadmap of things Daniel Stenberg wants to work on next. It is intended to serve as a guideline for others for information, feedback and possible participation. -## "Complete" the HTTP/3 support - -curl has experimental support for HTTP/3 since a good while back. There are -some functionality missing and once the final specs are published we want to -eventually remove the "experimental" label from this functionality. - -## HTTPS DNS records - -As a DNS version of alt-svc and also a pre-requisite for ECH (see below). - -See: https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-02 - -## ECH (Encrypted Client Hello - formerly known as ESNI) +## WebSocket - See Daniel's post on [Support of Encrypted - SNI](https://curl.se/mail/lib-2019-03/0000.html) on the mailing list. +Agree that it is a good enough API and remove the EXPERIMENTAL label. - Initial work exists in https://github.com/curl/curl/pull/4011 +## diff --git a/docs/RUSTLS.md b/docs/RUSTLS.md index ecce430046eb..4f904a97e082 100644 --- a/docs/RUSTLS.md +++ b/docs/RUSTLS.md @@ -1,26 +1,85 @@ + + # Rustls -[Rustls is a TLS backend written in Rust.](https://docs.rs/rustls/). Curl can +[Rustls is a TLS backend written in Rust](https://docs.rs/rustls/). curl can be built to use it as an alternative to OpenSSL or other TLS backends. We use -the [rustls-ffi C bindings](https://github.com/rustls/rustls-ffi/). This -version of curl depends on version v0.7.0 of rustls-ffi. +the [rustls-ffi C bindings](https://github.com/rustls/rustls-ffi). This +version of curl is compatible with `rustls-ffi` v0.15.x. -# Building with rustls +## Getting rustls-ffi -First, [install Rust](https://rustup.rs/). +To build `curl` with `rustls` support you need to have `rustls-ffi` available first. +There are three options for this: -Next, check out, build, and install the appropriate version of rustls-ffi: +1. Install it from your package manager, if available. +2. Download pre-built binaries. +3. Build it from source. - % cargo install cbindgen - % git clone https://github.com/rustls/rustls-ffi -b v0.7.0 - % cd rustls-ffi +### Installing rustls-ffi from a package manager + +See the [rustls-ffi README] for packaging status. Availability and details for installation +differ between distributions. + +Once installed, build `curl` using `--with-rustls`. + + % git clone https://github.com/curl/curl + % cd curl + % autoreconf -fi + % ./configure --with-rustls % make - % make DESTDIR=${HOME}/rustls-ffi-built/ install -Now configure and build curl with rustls: +[rustls-ffi README]: https://github.com/rustls/rustls-ffi?tab=readme-ov-file + +### Downloading pre-built rustls-ffi binaries + +Pre-built binaries are available on the [releases page] on GitHub for releases since 0.15.0. +Download the appropriate archive for your platform and extract it to a directory of your choice +(e.g. `${HOME}/rustls-ffi-built`). + +Once downloaded, build `curl` using `--with-rustls` and the path to the extracted binaries. % git clone https://github.com/curl/curl % cd curl - % ./buildconf + % autoreconf -fi % ./configure --with-rustls=${HOME}/rustls-ffi-built % make + +[releases page]: https://github.com/rustls/rustls-ffi/releases + +### Building rustls-ffi from source + +Building `rustls-ffi` from source requires both a rust compiler, and the [cargo-c] cargo plugin. + +To install a Rust compiler, use [rustup] or your package manager to install +the **1.73+** or newer toolchain. + +To install `cargo-c`, use your [package manager][cargo-c pkg], download +[a pre-built archive][cargo-c prebuilt], or build it from source with `cargo install cargo-c`. + +Next, check out, build, and install the appropriate version of `rustls-ffi` using `cargo`: + + % git clone https://github.com/rustls/rustls-ffi -b v0.15.0 + % cd rustls-ffi + % cargo capi install --release --prefix=${HOME}/rustls-ffi-built + +Now configure and build `curl` using `--with-rustls`: + + % git clone https://github.com/curl/curl + % cd curl + % autoreconf -fi + % ./configure --with-rustls=${HOME}/rustls-ffi-built + % make + +See the [rustls-ffi README][cryptography provider] for more information on cryptography providers and +their build/platform requirements. + +[cargo-c]: https://github.com/lu-zero/cargo-c +[rustup]: https://rustup.rs/ +[cargo-c pkg]: https://github.com/lu-zero/cargo-c?tab=readme-ov-file#availability +[cargo-c prebuilt]: https://github.com/lu-zero/cargo-c/releases +[cryptography provider]: https://github.com/cpu/rustls-ffi?tab=readme-ov-file#cryptography-provider diff --git a/docs/SECURITY-ADVISORY.md b/docs/SECURITY-ADVISORY.md new file mode 100644 index 000000000000..4f3e1df2c9ad --- /dev/null +++ b/docs/SECURITY-ADVISORY.md @@ -0,0 +1,135 @@ + + +# Anatomy of a curl security advisory + +As described in the [Security Process](https://curl.se/dev/secprocess.html) +document, when a security vulnerability has been reported to the project and +confirmed, we author an advisory document for the issue. It should ideally +be written in cooperation with the reporter to make sure all the angles and +details of the problem are gathered and described correctly and succinctly. + +## New document + +A security advisory for curl is created in the `docs/` folder in the +[curl-www](https://github.com/curl/curl-www) repository. It should be named +`$CVEID.md` where `$CVEID` is the full CVE Id that has been registered for the +flaw. Like `CVE-2016-0755`. The `.md` extension of course means that the +document is written using markdown. + +The standard way to go about this is to first write the `VULNERABILITY` +section for the document, so that there is description of the flaw available, +then paste this description into the CVE Id request. + +### `vuln.pm` + +The new issue should be entered at the top of the list in the file `vuln.pm` +in the same directory. It holds a large array with all published curl +vulnerabilities. All fields should be filled in accordingly, separated by a +pipe character (`|`). + +The eleven fields for each CVE in `vuln.pm` are, in order: + +HTML page name, first vulnerable version, last vulnerable version, name of +the issue, CVE Id, announce date (`YYYYMMDD`), report to the project date +(`YYYYMMDD`), CWE, awarded reward amount (USD), area (single word), C-issue +(`-` if not a C issue at all, `OVERFLOW` , `OVERREAD`, `DOUBLE_FREE`, +`USE_AFTER_FREE`, `NULL_MISTAKE`, `UNINIT`) + +### `Makefile` + +The new CVE webpage filename needs to be added in the `Makefile`'s `CVELIST` +macro. + +When the markdown is in place and the `Makefile` and `vuln.pm` are updated, +all other files and metadata for all curl advisories and versions get +generated automatically using those files. + +## Document format + +The easy way is to start with a recent previously published advisory and blank +out old texts and save it using a new name. Save the subtitles and general +layout. + +Some details and metadata are extracted from this document so it is important +to stick to the existing format. + +The first list must be the title of the issue. + +### VULNERABILITY + +The first subtitle should be `VULNERABILITY`. That should then include a +through and detailed description of the flaw. Including how it can be +triggered and maybe something about what might happen if triggered or +exploited. + +### INFO + +The next section is `INFO` which adds meta data information about the flaw. It +specifically mentions the official CVE Id for the issue and it must list the +CWE Id, starting on its own line. We write CWE identifiers in advisories with +the full (official) explanation on the right side of a colon. Like this: + +`CWE-305: Authentication Bypass by Primary Weakness` + +### AFFECTED VERSIONS + +The third section first lists what versions that are affected, then adds +clarity by stressing what versions that are *not* affected. A third line adds +information about which specific git commit that introduced the vulnerability. + +The `Introduced-in` commit should be a full URL that displays the commit, but +should work as a stand-alone commit hash if everything up to the last slash is +cut out. + +An example using the correct syntax: + +~~~ +- Affected versions: curl 7.16.1 to and including 7.88.1 +- Not affected versions: curl < 7.16.1 and curl >= 8.0.0 +- Introduced-in: https://github.com/curl/curl/commit/2147284cad +~~~ + +### THE SOLUTION + +This section describes and discusses the fix. The only mandatory information +here is the link to the git commit that fixes the problem. + +The `Fixed-in` value should be a full URL that displays the commit, but should +work as a stand-alone commit hash if everything up to the last slash is cut +out. + +Example: + +`- Fixed-in: https://github.com/curl/curl/commit/af369db4d3833272b8ed` + +### RECOMMENDATIONS + +This section lists the recommended actions for the users in a top to bottom +priority order and should ideally contain three items but no less than two. + +The top two are almost always `upgrade curl to version XXX` and `apply the +patch to your local version`. + +### TIMELINE + +Detail when this report was received in the project. When package distributors +were notified (via the distros mailing list or similar) + +When the advisory and fixed version are released. + +### CREDITS + +Mention the reporter and patch author at least, then everyone else involved +you think deserves a mention. + +If you want to mention more than one name, separate the names with comma +(`,`). + +~~~ +- Reported-by: Full Name +- Patched-by: Full Name +~~~ diff --git a/docs/SECURITY-PROCESS.md b/docs/SECURITY-PROCESS.md deleted file mode 100644 index a5d487adfba1..000000000000 --- a/docs/SECURITY-PROCESS.md +++ /dev/null @@ -1,140 +0,0 @@ -curl security process -===================== - -This document describes how security vulnerabilities should be handled in the -curl project. - -Publishing Information ----------------------- - -All known and public curl or libcurl related vulnerabilities are listed on -[the curl website security page](https://curl.se/docs/security.html). - -Security vulnerabilities **should not** be entered in the project's public bug -tracker. - -Vulnerability Handling ----------------------- - -The typical process for handling a new security vulnerability is as follows. - -No information should be made public about a vulnerability until it is -formally announced at the end of this process. That means, for example that a -bug tracker entry must NOT be created to track the issue since that will make -the issue public and it should not be discussed on any of the project's public -mailing lists. Also messages associated with any commits should not make any -reference to the security nature of the commit if done prior to the public -announcement. - -- The person discovering the issue, the reporter, reports the vulnerability on - [https://hackerone.com/curl](https://hackerone.com/curl). Issues filed there - reach a handful of selected and trusted people. - -- Messages that do not relate to the reporting or managing of an undisclosed - security vulnerability in curl or libcurl are ignored and no further action - is required. - -- A person in the security team responds to the original report to acknowledge - that a human has seen the report. - -- The security team investigates the report and either rejects it or accepts - it. - -- If the report is rejected, the team writes to the reporter to explain why. - -- If the report is accepted, the team writes to the reporter to let him/her - know it is accepted and that they are working on a fix. - -- The security team discusses the problem, works out a fix, considers the - impact of the problem and suggests a release schedule. This discussion - should involve the reporter as much as possible. - -- The release of the information should be "as soon as possible" and is most - often synchronized with an upcoming release that contains the fix. If the - reporter, or anyone else involved, thinks the next planned release is too - far away, then a separate earlier release should be considered. - -- Write a security advisory draft about the problem that explains what the - problem is, its impact, which versions it affects, solutions or workarounds, - when the release is out and make sure to credit all contributors properly. - Figure out the CWE (Common Weakness Enumeration) number for the flaw. - -- Request a CVE number from - [HackerOne](https://docs.hackerone.com/programs/cve-requests.html) - -- Consider informing - [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros) - to prepare them about the upcoming public security vulnerability - announcement - attach the advisory draft for information. Note that - 'distros' won't accept an embargo longer than 14 days and they do not care - for Windows-specific flaws. - -- Update the "security advisory" with the CVE number. - -- The security team commits the fix in a private branch. The commit message - should ideally contain the CVE number. This fix is usually also distributed - to the 'distros' mailing list to allow them to use the fix prior to the - public announcement. - -- No more than 48 hours before the release, the private branch is merged into - the master branch and pushed. Once pushed, the information is accessible to - the public and the actual release should follow suit immediately afterwards. - The time between the push and the release is used for final tests and - reviews. - -- The project team creates a release that includes the fix. - -- The project team announces the release and the vulnerability to the world in - the same manner we always announce releases. It gets sent to the - curl-announce, curl-library and curl-users mailing lists. - -- The security web page on the website should get the new vulnerability - mentioned. - -curl-security (at haxx dot se) ------------------------------- - -This is a private mailing list for discussions on and about curl security -issues. - -Who is on this list? There are a couple of criteria you must meet, and then we -might ask you to join the list or you can ask to join it. It really isn't very -formal. We basically only require that you have a long-term presence in the -curl project and you have shown an understanding for the project and its way -of working. You must've been around for a good while and you should have no -plans in vanishing in the near future. - -We do not make the list of participants public mostly because it tends to vary -somewhat over time and a list somewhere will only risk getting outdated. - -Publishing Security Advisories ------------------------------- - -1. Write up the security advisory, using markdown syntax. Use the same - subtitles as last time to maintain consistency. - -2. Name the advisory file after the allocated CVE id. - -3. Add a line on the top of the array in `curl-www/docs/vuln.pm'. - -4. Put the new advisory markdown file in the curl-www/docs/ directory. Add it - to the git repo. - -5. Run `make` in your local web checkout and verify that things look fine. - -6. On security advisory release day, push the changes on the curl-www - repository's remote master branch. - -Hackerone ---------- - -Request the issue to be disclosed. If there are sensitive details present in -the report and discussion, those should be redacted from the disclosure. The -default policy is to disclose as much as possible as soon as the vulnerability -has been published. - -Bug Bounty ----------- - -See [BUG-BOUNTY](https://curl.se/docs/bugbounty.html) for details on the -bug bounty program. diff --git a/docs/SPONSORS.md b/docs/SPONSORS.md new file mode 100644 index 000000000000..dc9d26fe6b25 --- /dev/null +++ b/docs/SPONSORS.md @@ -0,0 +1,55 @@ + + +# curl sponsors + +A sponsor is someone who donates money or resources to the curl project for no +specific service in return. + +curl accepts donations via [GitHub sponsors](https://github.com/sponsors/curl) +and [Open Collective](https://opencollective.com/curl). + +An even better way to contribute to the project might be to pay an engineer or +two to spend work hours on curl related tasks. + +We promise to use donated funds for things and activities that we believe are +beneficial for the project and its development. That includes but is not +limited to developer conferences, infrastructure, development, services and +hardware. + +Recurring donations above a certain amount of money puts the sponsor at a +named sponsor level: **Silver**, **Gold**, **Platinum** or **Top**. + +Sponsors on a named level can provide their logo image and preferred URL and +get recognition on the curl website's [sponsor +page](https://curl.se/sponsors.html), assuming they meet the project's +standards and requirements. + +- **Silver Sponsor** at least 100 USD/month +- **Gold Sponsor** at least 500 USD/month +- **Platinum Sponsor** at least 1000 USD/month +- **Top Sponsor** outstanding extra valuable help + +## Sponsor requirements + +A named level sponsor is entitled a logo and link on the curl website assuming +the company, brand and link are not deemed unsuitable. The curl team reserves +the right to make that decision at its own discretion. + +Sponsors may be denied a website presence for example if involved with drugs, +gambling, pornography, social media manipulation etc. + +## Past Sponsors + +Sponsors that stop paying are considered *Past Sponsors* and are not displayed +on the sponsor page anymore. We thank you for your contributions. + +## Donations + +Please note that sponsorship and donations are exactly that: donations to the +curl project. They are used to help and further the project as the project +leadership deems best. No goods or services are expected or promised in +return. Requests for refunds for such purposes are rejected. diff --git a/docs/SSL-PROBLEMS.md b/docs/SSL-PROBLEMS.md index 54f98534486e..4809f84a97e9 100644 --- a/docs/SSL-PROBLEMS.md +++ b/docs/SSL-PROBLEMS.md @@ -1,98 +1,97 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| + # SSL problems - First, let's establish that we often refer to TLS and SSL interchangeably as - SSL here. The current protocol is called TLS, it was called SSL a long time - ago. +First, let's establish that we often refer to TLS and SSL interchangeably as +SSL here. The current protocol is called TLS, it was called SSL a long time +ago. - There are several known reasons why a connection that involves SSL might - fail. This is a document that attempts to details the most common ones and - how to mitigate them. +There are several known reasons why a connection that involves SSL might +fail. This is a document that attempts to detail the most common ones and +how to mitigate them. ## CA certs - CA certs are used to digitally verify the server's certificate. You need a - "ca bundle" for this. See lots of more details on this in the SSLCERTS - document. +CA certs are used to digitally verify the server's certificate. You need a +"ca bundle" for this. See lots of more details on this in the `SSLCERTS` +document. ## CA bundle missing intermediate certificates - When using said CA bundle to verify a server cert, you will experience - problems if your CA store does not contain the certificates for the - intermediates if the server doesn't provide them. +When using said CA bundle to verify a server cert, you may experience +problems if your CA store does not contain the certificates for the +intermediates if the server does not provide them. - The TLS protocol mandates that the intermediate certificates are sent in the - handshake, but as browsers have ways to survive or work around such - omissions, missing intermediates in TLS handshakes still happen that - browser-users won't notice. +The TLS protocol mandates that the intermediate certificates are sent in the +handshake, but as browsers have ways to survive or work around such +omissions, missing intermediates in TLS handshakes still happen that browser +users do not notice. - Browsers work around this problem in two ways: they cache intermediate - certificates from previous transfers and some implement the TLS "AIA" - extension that lets the client explicitly download such certificates on - demand. +Browsers work around this problem in two ways: they cache intermediate +certificates from previous transfers and some implement the TLS "AIA" +extension that lets the client explicitly download such certificates on +demand. ## Protocol version - Some broken servers fail to support the protocol negotiation properly that - SSL servers are supposed to handle. This may cause the connection to fail - completely. Sometimes you may need to explicitly select a SSL version to use - when connecting to make the connection succeed. +Some broken servers fail to support the protocol negotiation properly that +SSL servers are supposed to handle. This may cause the connection to fail +completely. Sometimes you may need to explicitly select an SSL version to +use when connecting to make the connection succeed. - An additional complication can be that modern SSL libraries sometimes are - built with support for older SSL and TLS versions disabled! +An additional complication can be that modern SSL libraries sometimes are +built with support for older SSL and TLS versions disabled. - All versions of SSL and the TLS versions before 1.2 are considered insecure - and should be avoided. Use TLS 1.2 or later. +All versions of SSL and the TLS versions before 1.2 are considered insecure +and should be avoided. Use TLS 1.2 or later. ## Ciphers - Clients give servers a list of ciphers to select from. If the list doesn't - include any ciphers the server wants/can use, the connection handshake - fails. - - curl has recently disabled the user of a whole bunch of seriously insecure - ciphers from its default set (slightly depending on SSL backend in use). +Clients give servers a list of ciphers to select from. If the list does not +include any ciphers the server wants/can use, the connection handshake +fails. - You may have to explicitly provide an alternative list of ciphers for curl - to use to allow the server to use a WEAK cipher for you. +curl has recently disabled the user of a whole bunch of seriously insecure +ciphers from its default set (slightly depending on SSL backend in use). - Note that these weak ciphers are identified as flawed. For example, this - includes symmetric ciphers with less than 128 bit keys and RC4. +You may have to explicitly provide an alternative list of ciphers for curl +to use to allow the server to use a weak cipher for you. - Schannel in Windows XP is not able to connect to servers that no longer - support the legacy handshakes and algorithms used by those versions, so we - advice against building curl to use Schannel on really old Windows versions. +Note that these weak ciphers are identified as flawed. For example, this +includes symmetric ciphers with less than 128-bit keys and RC4. - References: +Schannel in Windows XP is not able to connect to servers that no longer +support the legacy handshakes and algorithms used by those versions, so we +advise against building curl to use Schannel on really old Windows versions. - https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 +Reference: [Prohibiting RC4 Cipher +Suites](https://datatracker.ietf.org/doc/html/draft-popov-tls-prohibiting-rc4-01) ## Allow BEAST - BEAST is the name of a TLS 1.0 attack that surfaced 2011. When adding means - to mitigate this attack, it turned out that some broken servers out there in - the wild didn't work properly with the BEAST mitigation in place. +BEAST is the name of a TLS 1.0 attack that surfaced 2011. When adding means +to mitigate this attack, it turned out that some broken servers out there in +the wild did not work properly with the BEAST mitigation in place. - To make such broken servers work, the --ssl-allow-beast option was - introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability - but on the other hand it allows curl to connect to that kind of strange - servers. +To make such broken servers work, the --ssl-allow-beast option was +introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability +but on the other hand it allows curl to connect to that kind of strange +servers. ## Disabling certificate revocation checks - Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) - depending on the OS or build configuration. The --ssl-no-revoke option was - introduced in 7.44.0 to disable revocation checking but currently is only - supported for Schannel (the native Windows SSL library), with an exception - in the case of Windows' Untrusted Publishers block list which it seems can't - be bypassed. This option may have broader support to accommodate other SSL - backends in the future. +Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) +depending on the OS or build configuration. The --ssl-no-revoke option was +introduced in 7.44.0 to disable revocation checking but currently is only +supported for Schannel (the native Windows SSL library), with an exception +in the case of Windows' Untrusted Publishers block list which it seems cannot +be bypassed. This option may have broader support to accommodate other SSL +backends in the future. - References: +References: - https://curl.se/docs/ssl-compared.html +https://curl.se/docs/ssl-compared.html diff --git a/docs/SSLCERTS.md b/docs/SSLCERTS.md index 415b540ada0a..3506fbd787d1 100644 --- a/docs/SSLCERTS.md +++ b/docs/SSLCERTS.md @@ -1,173 +1,155 @@ -SSL Certificate Verification -============================ + -SSL is the old name. It is called TLS these days. +# TLS Certificate Verification +## Native vs file based -Native SSL ----------- +If curl was built with Schannel support, then curl uses the Windows native CA +store for verification. On Apple operating systems, it is possible to use Apple's +"SecTrust" services for certain TLS backends, details below. +All other TLS libraries use a file based CA store by +default. -If libcurl was built with Schannel or Secure Transport support (the native SSL -libraries included in Windows and Mac OS X), then this does not apply to -you. Scroll down for details on how the OS-native engines handle SSL -certificates. If you're not sure, then run "curl -V" and read the results. If -the version string says `Schannel` in it, then it was built with Schannel -support. +## Verification -It is about trust ------------------ +Every trusted server certificate is digitally signed by a Certificate +Authority, a CA. -This system is about trust. In your local CA certificate store you have certs -from *trusted* Certificate Authorities that you then can use to verify that the -server certificates you see are valid. They're signed by one of the CAs you -trust. +In your local CA store you have a collection of certificates from *trusted* +certificate authorities that TLS clients like curl use to verify servers. -Which CAs do you trust? You can decide to trust the same set of companies your -operating system trusts, or the set one of the known browsers trust. That's -basically trust via someone else you trust. You should just be aware that -modern operating systems and browsers are setup to trust *hundreds* of -companies and recent years several such CAs have been found untrustworthy. - -Certificate Verification ------------------------- - -libcurl performs peer SSL certificate verification by default. This is done -by using a CA certificate store that the SSL library can use to make sure the -peer's server certificate is valid. +curl does certificate verification by default. This is done by verifying the +signature and making sure the certificate was crafted for the server name +provided in the URL. If you communicate with HTTPS, FTPS or other TLS-using servers using -certificates that are signed by CAs present in the store, you can be sure -that the remote server really is the one it claims to be. +certificates signed by a CA whose certificate is present in the store, you can +be sure that the remote server really is the one it claims to be. -If the remote server uses a self-signed certificate, if you don't install a CA -cert store, if the server uses a certificate signed by a CA that isn't +If the remote server uses a self-signed certificate, if you do not install a +CA cert store, if the server uses a certificate signed by a CA that is not included in the store you use or if the remote host is an impostor -impersonating your favorite site, and you want to transfer files from this -server, do one of the following: - - 1. Tell libcurl to *not* verify the peer. With libcurl you disable this with - `curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);` - - With the curl command line tool, you disable this with -k/--insecure. - - 2. Get a CA certificate that can verify the remote server and use the proper - option to point out this CA cert for verification when connecting. For - libcurl hackers: `curl_easy_setopt(curl, CURLOPT_CAINFO, cacert);` - - With the curl command line tool: --cacert [file] - - 3. Add the CA cert for your server to the existing default CA certificate - store. The default CA certificate store can be changed at compile time with - the following configure options: - - --with-ca-bundle=FILE: use the specified file as CA certificate store. CA - certificates need to be concatenated in PEM format into this file. - - --with-ca-path=PATH: use the specified path as CA certificate store. CA - certificates need to be stored as individual PEM files in this directory. - You may need to run c_rehash after adding files there. - - If neither of the two options is specified, configure will try to auto-detect - a setting. It's also possible to explicitly not hardcode any default store - but rely on the built in default the crypto library may provide instead. - You can achieve that by passing both --without-ca-bundle and - --without-ca-path to the configure script. - - If you use Internet Explorer, this is one way to get extract the CA cert - for a particular server: - - - View the certificate by double-clicking the padlock - - Find out where the CA certificate is kept (Certificate> - Authority Information Access>URL) - - Get a copy of the crt file using curl - - Convert it from crt to PEM using the openssl tool: - openssl x509 -inform DES -in yourdownloaded.crt \ - -out outcert.pem -text - - Add the 'outcert.pem' to the CA certificate store or use it stand-alone - as described below. - - If you use the 'openssl' tool, this is one way to get extract the CA cert - for a particular server: - - - `openssl s_client -showcerts -servername server -connect server:443 > cacert.pem` - - type "quit", followed by the "ENTER" key - - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE" - markers. - - If you want to see the data in the certificate, you can do: "openssl - x509 -inform PEM -in certfile -text -out certdata" where certfile is - the cert you extracted from logfile. Look in certdata. - - If you want to trust the certificate, you can add it to your CA - certificate store or use it stand-alone as described. Just remember that - the security is no better than the way you obtained the certificate. - - 4. If you're using the curl command line tool, you can specify your own CA - cert file by setting the environment variable `CURL_CA_BUNDLE` to the path - of your choice. - - If you're using the curl command line tool on Windows, curl will search - for a CA cert file named "curl-ca-bundle.crt" in these directories and in - this order: - 1. application's directory - 2. current working directory - 3. Windows System directory (e.g. C:\windows\system32) - 4. Windows Directory (e.g. C:\windows) - 5. all directories along %PATH% - - 5. Get a better/different/newer CA cert bundle! One option is to extract the - one a recent Firefox browser uses by running 'make ca-bundle' in the curl - build tree root, or possibly download a version that was generated this - way for you: [CA Extract](https://curl.se/docs/caextract.html) - -Neglecting to use one of the above methods when dealing with a server using a -certificate that isn't signed by one of the certificates in the installed CA -certificate store, will cause SSL to report an error ("certificate verify -failed") during the handshake and SSL will then refuse further communication -with that server. - -Certificate Verification with NSS ---------------------------------- - -If libcurl was built with NSS support, then depending on the OS distribution, -it is probably required to take some additional steps to use the system-wide -CA cert db. RedHat ships with an additional module, libnsspem.so, which -enables NSS to read the OpenSSL PEM CA bundle. On openSUSE you can install -p11-kit-nss-trust which makes NSS use the system wide CA certificate store. NSS -also has a new [database format](https://wiki.mozilla.org/NSS_Shared_DB). - -Starting with version 7.19.7, libcurl automatically adds the 'sql:' prefix to -the certdb directory (either the hardcoded default /etc/pki/nssdb or the -directory configured with SSL_DIR environment variable). To check which certdb -format your distribution provides, examine the default certdb location: -/etc/pki/nssdb; the new certdb format can be identified by the filenames -cert9.db, key4.db, pkcs11.txt; filenames of older versions are cert8.db, -key3.db, secmod.db. - -Certificate Verification with Schannel and Secure Transport ------------------------------------------------------------ - -If libcurl was built with Schannel (Microsoft's native TLS engine) or Secure -Transport (Apple's native TLS engine) support, then libcurl will still perform -peer certificate verification, but instead of using a CA cert bundle, it will -use the certificates that are built into the OS. These are the same -certificates that appear in the Internet Options control panel (under Windows) -or Keychain Access application (under OS X). Any custom security rules for -certificates will be honored. - -Schannel will run CRL checks on certificates unless peer verification is -disabled. Secure Transport on iOS will run OCSP checks on certificates unless -peer verification is disabled. Secure Transport on OS X will run either OCSP -or CRL checks on certificates if those features are enabled, and this behavior -can be adjusted in the preferences of Keychain Access. - -HTTPS proxy ------------ - -Since version 7.52.0, curl can do HTTPS to the proxy separately from the -connection to the server. This TLS connection is handled separately from the -server connection so instead of `--insecure` and `--cacert` to control the +impersonating your favorite site, the certificate check fails and reports an +error. + +If you think it wrongly failed the verification, consider one of the following +sections. + +### Skip verification + +Tell curl to *not* verify the peer with `-k`/`--insecure`. + +We **strongly** recommend this is avoided and that even if you end up doing +this for experimentation or development, **never** skip verification in +production. + +### Use a custom CA store + +Get a CA certificate that can verify the remote server and use the proper +option to point out this CA cert for verification when connecting - for this +specific transfer only. + +With the curl command line tool: `--cacert [file]` + +If you use the curl command line tool without a native CA store, then you can +specify your own CA cert file by setting the environment variable +`CURL_CA_BUNDLE` to the path of your choice. `SSL_CERT_FILE` and `SSL_CERT_DIR` +are also supported. + +If you are using the curl command line tool on Windows, curl searches for a CA +cert file named `curl-ca-bundle.crt` in these directories and in this order: + 1. application's directory + 2. current working directory + 3. Windows System directory (e.g. C:\Windows\System32) + 4. Windows Directory (e.g. C:\Windows) + 5. all directories along %PATH% + +curl 8.11.0 added a build-time option to disable this search behavior, and +another option to restrict search to the application's directory. + +### Use the native store + +In several environments, in particular on Microsoft and Apple operating +systems, you can ask curl to use the system's native CA store when verifying +the certificate. Depending on how curl was built, this may already be the +default. + +With the curl command line tool: `--ca-native`. + +### Modify the CA store + +Add the CA cert for your server to the existing default CA certificate store. + +Usually you can figure out the path to the local CA store by looking at the +verbose output that `curl -v` shows when you connect to an HTTPS site. + +### Change curl's default CA store + +The default CA certificate store curl uses is set at build time. When you +build curl you can point out your preferred path. + +### Extract CA cert from a server + + curl -w %{certs} https://example.com > cacert.pem + +The certificate has `BEGIN CERTIFICATE` and `END CERTIFICATE` markers. + +### Get the Mozilla CA store + +Download a version of the Firefox CA store converted to PEM format on the [CA +Extract](https://curl.se/docs/caextract.html) page. It always features the +latest Firefox bundle. + +## Native CA store + +### Windows + Schannel + +If curl was built with Schannel, then curl uses the certificates that are +built into the OS. These are the same certificates that appear in the +Internet Options control panel (under Windows). +Any custom security rules for certificates are honored. + +Schannel runs CRL checks on certificates unless peer verification is disabled. + +### Apple + OpenSSL/GnuTLS + +When curl is built with Apple SecTrust enabled and uses an OpenSSL compatible +TLS backend or GnuTLS, the default verification is handled by that Apple +service. As in: + + curl https://example.com + +You may still provide your own certificates on the command line, such as: + + curl --cacert mycerts.pem https://example.com + +In this situation, Apple SecTrust is **not** used and verification is done +**only** with the trust anchors found in `mycerts.pem`. If you want **both** +Apple SecTrust and your own file to be considered, use: + + curl --ca-native --cacert mycerts.pem https://example.com + +#### Other Combinations + +How well the use of native CA stores work in all other combinations depends +on the TLS backend and the OS. Many TLS backends offer functionality to access +the native CA on a range of operating systems. Some provide this only on specific +configurations. + +Specific support in curl exists for Windows and OpenSSL compatible TLS backends. +It tries to load the certificates from the Windows "CA" and "ROOT" stores for +transfers requesting the native CA. Due to Window's delayed population of those +stores, this might not always find all certificates. + +## HTTPS proxy + +curl can do HTTPS to the proxy separately from the connection to the server. +This TLS connection is handled and verified separately from the server +connection so instead of `--insecure` and `--cacert` to control the certificate verification, you use `--proxy-insecure` and `--proxy-cacert`. With these options, you make sure that the TLS connection and the trust of the proxy can be kept totally separate from the TLS connection to the server. diff --git a/docs/THANKS b/docs/THANKS index 2844ef1564d5..08c50b123fb5 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -4,18 +4,31 @@ If you have contributed but are missing here, please let us know! +0xee on github 0xflotus on github +12932 on github +1337vt on github 1ocalhost on github 3dyd on github 3eka on github +4lan.m +5533asdg on github +8U61ife on github +9cel +a1346054 on github Aaro Koskinen Aaron Oneal Aaron Orenstein Aaron Scarisbrick aasivov on github +Abdullah Alyan +Abhinav Singh +Abhinav Singhal Abram Pousada accountantM on github -AceCrow on Github +AceCrow on github +ad0p on github +Adam Averay Adam Barclay Adam Brown Adam Coyne @@ -24,86 +37,131 @@ Adam Langley Adam Light Adam Marcionek Adam Piggott +Adam Rosenfield Adam Sampson +adamse on github Adam Tkac +ad-chaos on github +Aditya Garg +Ádler Jonas Gross Adnan Khan adnn on github Adrian Burcea +Adriano Meirelles Adrian Peniak Adrian Schuur -Adriano Meirelles +afengsoft on github afrind on github +Aftab Alam +Ahmad Gani ahodesuka on github +aisle-research-bot +ajak in #curl Ajit Dhumale +Akhilesh Nema Akhil Kedia Aki Koskinen +Aki Sakurai Akos Pasztory Akshay Vernekar Alain Danteny Alain Miniussi +Alan Coopersmith Alan Jenkins Alan Pinstein Albert Chin-A-Young Albert Choy +Alberto Leiva Popper +Albin Vass +albrechtd on github Alejandro Alvarez Ayllon Alejandro Colomar Alejandro R. Sedeño Aleksandar Milivojevic +Aleksander Mazur +Aleksandr Krotov +Aleksandr Sergeev +Aleksei Bavshin Aleksey Tulinov +alervd on github Ales Mlakar Ales Novak Alessandro Ghedini Alessandro Vesely Alex aka WindEagle -Alex Baines -Alex Bligh -Alex Chan -Alex Fishman -Alex Gaynor -Alex Grebenschikov -Alex Gruz -Alex Kiernan -Alex Konev -Alex Malinovich -Alex Mayorga -Alex McLellan -Alex Neblett -Alex Nichols -Alex Potapenko -Alex Rousskov -Alex Samorukov -Alex Suykov -Alex Vinnik -Alex Xu +Alexander Bartel +Alexander Batischev Alexander Beedie +Alexander Blach +Alexander Chuykov Alexander Dyagilev Alexander Elgert +Alexander Jaeger +Alexander Kanavin Alexander Klauer Alexander Kourakos Alexander Krasnostavsky Alexander Lazic Alexander Pepper Alexander Peslyak +Alexander Shtuchkin Alexander Sinditskiy Alexander Traud Alexander V. Tikhonov Alexander Zhuravlev +Alexandre Bury +Alexandre Ferrieux Alexandre Pion +Alex Baines +Alex Bligh +Alex Bozarth +Alex Chan +Alex Crichton Alexey Borzov Alexey Eremikhin +Alexey Larikov Alexey Melnichuk Alexey Pesternikov +Alexey Savchuk Alexey Simak Alexey Zakhlestin +Alex Fishman +Alex Gaynor +Alex Grebenschikov +Alex Gruz Alexis Carvalho Alexis La Goutte +Alexis Savin +Alexis Vachette +Alex Kiernan +Alex Klyubin +Alex Konev +Alex Malinovich +Alex Mayorga +Alex McLellan +Alex Neblett +Alex Nichols +Alex Potapenko +Alex Rousskov +Alex Samorukov +Alex Snast +Alex Suykov +Alex Vinnik +Alex Xu Alfonso Martone Alfred Gebert +Alice Lee Poetics +Ali Khodkar +ALittleDruid on github +Ali Utku Selen Allen Pulsifer +Alois Klink Alona Rossen Amaury Denoyelle +Ameda Amahru amishmm on github Amit Katyal +Ammar Faizi Amol Pattekar Amr Shahin Anatol Belski @@ -112,16 +170,17 @@ Anders Bakken Anders Berg Anders Gustafsson Anders Havn -Anders Roxell Anderson Sasaki Anderson Toshiyuki Sasaki +Anders Roxell Andi Jahja -Andre Guibert de Bruet -Andre Heinecke +Andrea Pappacoda Andreas Damm Andreas Falkenhahn Andreas Farber Andreas Fischer +Andreas Huebner +Andreas Kiefer Andreas Kostyrka Andreas Malzahn Andreas Ntaflos @@ -130,18 +189,28 @@ Andreas Rieke Andreas Roth Andreas Schneider Andreas Schuldei +Andreas Sommer Andreas Streichardt +Andreas Westin Andreas Wurf +Andre Guibert de Bruet +Andre Heinecke Andrei Benea Andrei Bica Andrei Cipu +Andrei Florea Andrei Karas +Andrei Korshikov Andrei Kurushin Andrei Neculau +Andrei Rybak Andrei Sedoi Andrei Valeriu BICA Andrei Virtosu Andrej E Baranov +Andrés García +Andrew +Andrew Ayer Andrew Barnert Andrew Barnes Andrew Benham @@ -151,214 +220,339 @@ Andrew de los Reyes Andrew Francis Andrew Fuller Andrew Ishchuk +Andrew Kaster +Andrew Kirillov Andrew Krieger Andrew Kurushin +Andrew Kvalheim Andrew Lambert Andrew Moise +Andrew Olsen Andrew Potter Andrew Robbins Andrew Wansink +Andrey Alifanov Andrey Gursky Andrey Labunets Andrii Moiseiev Andrius Merkys -Andrés García +Andriy Druk +Andy Alt Andy Cedilnik Andy Fiddaman +Andy Pan +Andy Reitz Andy Serpa +Andy Stamp Andy Tsouladze +And-yW on github Angus Mackay anio on github +annalee +Anna Liberty +anon00000000 on github +anonymous237 on hackerone anshnd on github +Anssi Kolehmainen Antarpreet Singh Anthon Pang Anthony Avina Anthony Bryan Anthony G. Basile +Anthony Hu Anthony Ramine Anthony Shaw Antoine Aubert +Antoine Bollengier Antoine Calando +Antoine du Hamel +Antoine Pietri +Antoine Pitrou Anton Bychkov Anton Gerasimov +Antonio Larrosa +Antoni Villalonga Anton Kalmykov Anton Malov -Anton Yabchinskiy -Antoni Villalonga -Antonio Larrosa Antony74 on github +Anton Yabchinskiy Antti Hätälä +antypanty on hackerone +Anubhav Rai +apparentorder on github +April King +Aquila Macedo arainchik on github Archangel_SDY on github +Arian van Putten +Arjan van de Ven Arkadiusz Miskiewicz +arlt on github Armel Asselin Arnaud Compan Arnaud Ebalard Arnaud Rebillout +Arnav Purushotam +Arnav-Purushotam-CUBoulder +Arne Soete Aron Bergman Aron Rotteveel Artak Galoyan Arthur Murray +Artur Sinila Arve Knudsen Arvid Norberg arvids-kokins-bidstack on github asavah on github +Asger Hautop Drewsen Ashish Shukla Ashwin Metpalli -Ask Bjørn Hansen Askar Safin +Ask Bjørn Hansen +AtariDreams on github Ates Goral +atjg on github +Augment code Augustus Saunders +Aurélien Pierre Austin Green +Austin Moore +av223119 on github Avery Fay +awesomekosm on github awesomenode on github +Axel Chong +Axel Morawietz Axel Tillequin +Ayesh Karunaratne Ayoub Boudhar Ayushman Singh Chauhan b9a1 on github +Bachue Zhou +Baitinq on github Balaji Parasuram -Balaji S Rao Balaji Salunke +Balaji S Rao +Balakrishnan Balasubramanian Balazs Kovacsics +balikalina on github Balint Szilakszi +BANADDA +baranyaib90 on github Barry Abrahamson Barry Pollard +Bartosz Ruszczak Bart Whiteley Baruch Siach Bas Mevissen -Bas van Schaik +Bastian Krause Bastien Bouclet Basuke Suzuki +Bas van Schaik baumanj on github bdry on github beckenc on github +behindtheblackwall on hackerone +Ben +Benau on github +Ben Bodenmiller Ben Boeckel +Benbuck Nason Ben Darnell +Ben Fritz Ben Greear -Ben Kohler -Ben Madsen -Ben Noordhuis -Ben Van Hof -Ben Voris -Ben Winslow -Benbuck Nason Benjamin Gerard Benjamin Gilbert Benjamin Johnson Benjamin Kircher +Benjamin Loison Benjamin Riefenstahl Benjamin Ritcey Benjamin Sergeant -Benoit Neil +Ben Kohler +Ben Madsen +Ben Noordhuis +Benoit Neil (Sukender) +Benoit Pierre Benoit Sigoure +Ben Van Hof +Ben Voris +Ben Winslow +Ben Zanin Bernard Leak Bernard Spil +Bernat Mut Bernd Mueller Bernhard Iselborn Bernhard M. Wiedemann Bernhard Reutner-Fischer Bernhard Walle +Berthin Torres Callañaupa Bert Huijben Bertrand Demiddelaer Bertrand Simonnet +beslick5 on github Bevan Weiss +Bhanu Prakash Bill Doyle Bill Egert Bill Hoffman +billionai on github Bill Middlecamp Bill Nagel Bill Pyne +Billy O'Neal Billyzou0741326 on github +Bin Lan +Bin Meng +Biswapriyo Nath Bjarni Ingi Gislason Bjoern Franke Bjoern Sikora Bjorn Augustsson Bjorn Reese Björn Stenberg +black-desk on github Blaise Potard Blake Burkhart +blankie bnfp on github +bo0tzz on github +Bo Anderson +bobmitchell1956 on github +BobodevMm on github Bob Relyea Bob Richmond Bob Schader -bobmitchell1956 on github Bodo Bergmann Bogdan Nicula +BohwaZ +boilingoden +boingball +Boris Kuschel +Boris Okunskiy +Boris Rasin +Boris Verkhovskiy Brad Burdick Brad Fitzpatrick +Bradford Bruce +Brad Forschinger Brad Harder Brad Hards +Brad House Brad King Brad Spencer -Bradford Bruce bramus on github Brandon Casey Brandon Dong Brandon Wang +BratSinot on github +Brendan Dolan-Gavitt Brendan Jurd +Brendon Smith +Brennan Kinney Brent Beardsley +Brett Buddin Brian Akins Brian Bergeron Brian Carpenter Brian Chaplin Brian Childs Brian Chrisman +Brian Chrzanowski +Brian Clemens Brian Dessent Brian E. Gallew +Brian Green +Brian Harris Brian Inglis Brian J. Murrell +Brian Lund +brian m. carlson +Brian Nixon Brian Prodoehl Brian R Duffy Brian Ulm Brock Noland -Bru Rom Bruce Mitchener Bruce Stephens +bruce.yoon BrumBrum on hackerone +Bruno Baguette Bruno de Carvalho Bruno Grasselli +Bruno Henrique Batista Cruz da Silva Bruno Thomsen +Bru Rom Bryan Henderson Bryan Kemp bsammon on github +bsergean on github +bsr13 on hackerone +bttrfl on github +bubbleguuum on github Bubu on github buzo-ffm on github bxac on github Bylon2 on github Byrial Jensen +Cajus Pollmeier Caleb Raitto +calm329 +calvin2021y on github Calvin Buckley +Calvin Ruocco +Cameron Blomquist Cameron Cawley Cameron Kaiser Cameron MacMinn +Cameron Will Camille Moncelier Caolan McNamara +Caolán McNamara +Cao ZhenXiang Captain Basil Carie Pointer -Carl Zogheib +Carlo Alberto +Carlo Cabrera Carlo Cannas Carlo Marcelo Arenas Belón +Carlos Henrique Lima Melara +Carlos ORyan Carlo Teubner Carlo Wood -Carlos ORyan +Carl Zogheib Carsten Lange +Casey Bodley Casey O'Donnell Catalin Patulea +Catena cyber causal-agent on github cbartl on github cclauss on github +Cédric Connes +Cédric Deltheil +Cering on github Cesar Eduardo Barros +Ch40zz on github Chad Monroe Chandrakant Bagul +Chara White +Charles Cazabon Charles Kerr Charles Romestant +Charlie C +chemodax Chen Prog +chensong1211 on github Cherish98 on github Chester Liu Chih-Chung Chang Chih-Hsuan Yen -Chris "Bob Bob" +Chilledheart on github +Chloe Kudryavtsev Chris Araman +Chris "Bob Bob" Chris Carlmar Chris Combes Chris Conlon @@ -370,41 +564,60 @@ Chris Maltby Chris Mumford Chris Paulson-Ellis Chris Roberts +Chris Sauer Chris Smowton -Chris Young +Chris Stubbs +Chris Swan +Chris Talbot Christian Fillion Christian Grothoff -Christian Heimes Christian Hägele +Christian Heimes +Christian Hesse +Christian Heusel Christian Krause Christian Kurz Christian Robottom Reis Christian Schmitz +Christian Schmitza Christian Stewart Christian Vogt Christian Weisgerber -Christoph Krey -Christoph M. Becker Christophe Demory Christophe Dervieux Christophe Legry +Christopher Boyd Christopher Conroy +Christopher Dannemiller +Christopher Degawa Christopher Head Christopher Palow -Christopher R. Palmer Christopher Reid +Christopher R. Palmer +Christopher Sauer Christopher Stone +Christoph Jabs +Christoph Krey +Christoph M. Becker +Christoph Reiter +Chris Webb +Chris Young +chrysos349 on github Chungtsun Li Ciprian Badescu +civodul on github Claes Jakobsson Clarence Gardner Claudio Neves +claudiusaiz on github clbr on github Clemens Gruber +Clément Notin Cliff Crosland Clifford Wolf Clint Clayton -Clément Notin +Cloudogu Siebels +CMD cmfrolick on github codesniffer13 on github Cody Jones @@ -412,16 +625,29 @@ Cody Mack COFFEETALES on github coinhubs on github Colby Ranger +Cole Helbling +Cole Leavitt Colin Blair +Colin Cross Colin Hogben +Colin Leroy +Colin Leroy-Mira +Colin O'Dell Colin Watson +Colman Mbuya Colm Buckley +Colton Willey Constantine Sapuntzakis +consulion on github +cooldadpresident on github +coralw on github +Corinna Brandt +correctmost on github Cory Benfield Cory Nelson Costya Shulyupin -Craig A West Craig Andrews +Craig A West Craig Davison Craig de Stigter Craig Markwardt @@ -430,75 +656,102 @@ Cris Bailiff Cristian Greco Cristian Morales Vega Cristian Rodríguez +CueXXIII on github +curl.stunt430 Curt Bogmine Cynthia Coan Cyril B Cyrill Osterwalder -Cédric Connes -Cédric Deltheil -D. Flinkmann +d1r3ct0r d4d on hackerone d912e3 on github -Da-Yoon Chung daboul on github Dag Ekengren +Dagfinn Ilmari Mannsåker +Dag Haavi Finstad Dagobert Michelsen +dahmono on github Daiki Ueno Dair Grant +Dalei Dambaev Alexander Damian Dixon Damien Adant Damien Vielpeau +Damien Walsh Dan Becker Dan Cristian Dan Donahue Dan Fandrich -Dan Jacobson -Dan Johnson -Dan Kenigsberg -Dan Locks -Dan McNulty -Dan Nelson -Dan Petitt -Dan Torop -Dan Zitter Daniel at touchtunes +Dániel Bakai Daniel Bankhead Daniel Black +Daniel Böhmer Daniel Carpenter Daniel Cater +Daniel Díaz Daniel Egger +Daniel Engberg +Daniel Faust +Daniel Fosco Daniel Gustafsson +Daniel Hallberg Daniel Hwang Daniel Jeliński +Daniel J. H. Daniel Johnson Daniel Kahn Gillmor +Daniel Katz Daniel Krügler Daniel Kurečka Daniel Lee Hwang Daniel Lublin Daniel Marjamäki +Daniel McCarney Daniel Melani Daniel Mentz +Daniel Pouzzner Daniel Romero +Daniel Santos Daniel Schauenberg Daniel Seither Daniel Shahaf Daniel Silverstone Daniel Steinberg Daniel Stenberg +Daniel Szmulewicz +Daniel Terhorst-North Daniel Theron +Daniel Valenzuela +Daniel Wade +Daniel Woelfel +Daniil Gentili +Dan Johnson +Dan Kenigsberg +Dan Locks +Dan McDonald +Dan McNulty +Dan Nelson +Dan Petitt +Dan Rosser +Dan Torop +Dan Zitter Daphne Luong +Darío Hereñú Dario Nieuwenhuis Dario Weißer +Darren Banfi Darryl House Darshan Mody -Darío Hereñú dasimx on github +DasKutti on github +Dave Cottlehuber Dave Dribin Dave Halbakken Dave Hamilton Dave May +Dave Nicolson Dave Reisner Dave Thompson Dave Vasilevsky @@ -507,45 +760,66 @@ David Bau David Benjamin David Binderman David Blaikie +David Bohman David Byron +David Carlier David Cohen David Cook David Demelier -David E. Narváez David Earl +Davide Cassioli +davidedec on github +Davide Masserut +David E. Narváez David Eriksson David Garske David Goerger David Houlder David Hu David Hull -David J Meyer David James +David J Meyer David Kalnischkies David Kierznowski David Kimdon +David Korczynski David L. David Lang David LeBlanc David Lopes David Lord David McCreedy +David McLaughlin David Odin David Phillips David Rosenstrauch David Ryskalczyk David Sanderson +David Sardari David Schweikert David Shaw David Strauss +David Suter David Tarendash David Thiel David Walser David Woodhouse David Wright David Yan -davidedec on github +David Zhuang +Da-Yoon Chung +dbalsom dbrowndan on github +dEajL3kA +dEajL3kA on github +Deal(一线灵) +defnull +dekerser on github +deliciouslytyped on github +delogicsreal on github +Demi Marie Obenour +denandz on github +dengjfzh on github Dengminwen Denis Baručić Denis Chaplygin @@ -553,12 +827,22 @@ Denis Feklushkin Denis Goleshchikhin Denis Laxalde Denis Ollier +Deniz Parlak +Deniz Sökmen Dennis Clarke Dennis Felsing +dependabot[bot] Derek Higgins +Derek Huang +Derzsi Dániel Desmond O. Chang destman on github Detlef Schmier +Devdatta Talele +devgs on github +Dexter Gerig +dfdity on github +D. Flinkmann Dheeraj Sangamkar Didier Brisebourg Diego Bes @@ -574,19 +858,26 @@ Dimitrios Apostolou Dimitrios Siganos Dimitris Sarris Dinar +Diogo Correia +Diogo Teles Sant'Anna +Dion Williams Dirk Eddelbuettel Dirk Feytons +Dirk Hünniger +Dirkjan Bussink Dirk Manske +Dirk Rosenkranz Dirk Wetter -Dirkjan Bussink Diven Qi divinity76 on github +Divy Le Ray dkjjr89 on github dkwolfe4 on github Dmitri Shubin Dmitri Tikhonov Dmitriy Sergeyev dmitrmax on github +Dmitry Atamanov Dmitry Bartsevich Dmitry Eremin-Solenikov Dmitry Falko @@ -597,18 +888,27 @@ Dmitry Mikhirev Dmitry Popov Dmitry Rechkin Dmitry S. Baikov +Dmitry Tretyakov Dmitry Wagin dnivras on github +dogma +DoI Dolbneff A.V Domenico Andreoli +Domen Kožar Dominick Meglio Dominik Hölzl +Dominik Klemba +Dominik Piątkowski +Dominik Thalhammer +Dominik Tomecki Dominique Leuenberger -Don J Olmstead Dongliang Mu +Donguk Kim +Don J Olmstead +Dorian Craps Doron Behar Doug Kaufman -Doug Porter Douglas Creager Douglas E. Wegscheid Douglas Kilpatrick @@ -616,6 +916,7 @@ Douglas Mencken Douglas R. Horner Douglas R. Reno Douglas Steinwand +Doug Porter Dov Murik dpull on github Drake Arconis @@ -624,103 +925,163 @@ Duane Cathey Duncan Mac-Vicar Prett Duncan Wilcox Dustin Boswell +Dustin L. Howett Dusty Mabe Duy Phan Thanh Dwarakanath Yadavalli +dwickr +Dylam De La Torre +Dylan Anthony Dylan Ellicott Dylan Salisbury -Dániel Bakai +eaglegai on github Early Ehlinger Earnestly on github Eason-Yu on github +Ebe Janchivdorj ebejan on github Ebenezer Ikonne -Ed Morley +ed0d2b2ce19451f2 +Eddie Lumpkin Edgaras Janušauskas Edin Kadribasic +edmcln on github Edmond Yu +Ed Morley +Edoardo Lolletti Eduard Bloch +Eduard Strehlau Edward Kimmel Edward Rudd Edward Sheldrake Edward Thomson +Edwin Török Eelco Dolstra Eetu Ojanen +eeverettrbx on github Egon Eckert +Egor Pugin Ehren Bendler Eldar Zaitov elelel on github elephoenix on github -Eli Schwartz Elia Tufarolo +Eli Schwartz +Elliot Killick Elliot Saba +Elliott Balsley Ellis Pritchard Elmira A Semenova +Elms +Eloy Degen elsamuko on github +elvinasp on github emanruse on github Emanuele Bovisio +Emanuele Torre +Emanuel Komínek Emil Engler +Emiliano Ida +Emilio Cobos Álvarez +Emilio López +Emilio Pozuelo Monfort Emil Lerner +Emil Österlund Emil Romanus -Emiliano Ida Emmanuel Tychon +Emre Çalışkan +Enno Boland Enrico Scholz Enrik Berkhan +enWILLYado on github +epicmkirzinger on github +eppesuig Eramoto Masaya Eric Cooper Eric Curtin Eric Gallager Eric Hu +Eric Knibbe +Erick Nuwendam Eric Landes Eric Lavigne Eric Lubin Eric Melville Eric Mertens +Eric Murphy +Eric Musser +Eric Norris +Érico Nogueira +Érico Nogueira Rolim Eric Rautman Eric Rescorla Eric Ridge Eric Rosenquist -Eric S. Raymond Eric Sauvageau +Eric S. Raymond Eric Thelin Eric Vergnaud +Eric Vigeant Eric Wong Eric Wu Eric Young -Erick Nuwendam Erik Jacobsen Erik Janssen Erik Johansson Erik Minekus Erik Olsson +Erik Schnetter +Erik Stenlund Ernest Beinrohr Ernst Sjöstrand Erwan Legrand Erwin Authried +Esdras de Morais da Silva +Eshan Kelkar Estanislau Augé-Pujadas +Ethan Alker +Ethan Everett Ethan Glasser Camp +Ethan Wilkes Etienne Simard Eugene Kotlyarov +Evangelos Foutras Evan Jordan Even Rouault Evert Pot -Evgeny Grin +Evgeny Grin (Karlson2k) Evgeny Turnaev eXeC64 on github +extrimexxx on github Eygene Ryabinkin Eylem Ugurel +Fabian Fischer Fabian Frank Fabian Hiernaux Fabian Keil Fabian Ruff +Fabian Vogt +Fabian Yamaguchi Fabrice Fontaine +Fabrício Canedo Fabrizio Ammollo Fahim Chandurwala Faizur Rahman +Faraz Fallahi +farazrbx on github +Farzin on github +Fata Nugraha +Fawad Mirza +Fay Stegerman +FC Stegerman +Fd929c2CE5fA on github fds242 on github Federico Bianchi +Federico Pellegrin Fedor Karpelevitch Fedor Korotkov +feelingseas on github +FeignClaims on github Feist Josselin Felipe Gasper Felix Hädicke @@ -729,19 +1090,35 @@ Felix von Leitner Felix Yan Feng Tu Fernando Muñoz +ffath-vo on github +Filip Lundgren Filip Salomonsson +finkjsc on github Firefox OS +Fizn-Ahmd on github +fjaell on github Flameborn on github Flavio Medeiros +Florian Eckert +Florian Friedrich +Florian Imdahl +Florian Kohnhäuser Florian Pritz Florian Schoppmann +Florian Van Heghe Florian Weimer Florin Petriuc Forrest Cahoon Francisco Moraes +Francisco Munoz +Francisco Olarte Francisco Sedano +François Charlier +François Michel Francois Petitjean +François Rigault Francois Rivard +Frank Buss Frank Denis Frank Gevaerts Frank Hempel @@ -751,22 +1128,35 @@ Frank Meier Frank Ticheler Frank Van Uffelen František Kučera -François Charlier -François Rigault -Fred Machado -Fred New -Fred Noz -Fred Stluka +Frazer Smith Frederic Lepied Frederik B Frederik Wedel-Heinen +Fred Machado +Fred New +Fred Noz Fredrik Thulin +Fred Stluka FuccDucc on github +Fujii Hironori fullincome on github +fundawang on github +fuzzard +Gabe +Gabriel Corona Gabriel Kuri +Gabriel Marin +Gabriel Simmer Gabriel Sjoberg +Gaelan Steele +Gaël Portay +galen11 on github +Gambit Communications Ganesh Kamath +Ganesh Viswanathan +gaoxingwang on github Garrett Holmstrom +Garrett Squire Gary Maxwell Gaurav Malhotra Gautam Kachroo @@ -774,120 +1164,184 @@ Gautam Mani Gavin Wong Gavrie Philipson Gaz Iqbal -Gaël Portay +gclinch on github +Gealber Morales Geeknik Labs Geoff Beier Georeth Zhou +George Liu Georg Horn Georg Huettenegger Georg Lippitsch +Georg Schulz-Allgaier Georg Wicherski -George Liu Gerd v. Egidy Gergely Nagy Gerhard Herre +Gerome Fournier Gerrit Bruchhäuser +Gerrit Renker Ghennadi Procopciuc Giancarlo Formicuccia Giaslas Georgios -Gil Weber Gilad Gilbert Ramirez Jr. Gilles Blanc Gilles Vollant +Gil Weber Giorgos Oikonomou Gisle Vanem +git-bruh on github GitYuanQu on github Giuseppe Attardi Giuseppe D'Ambrosio Giuseppe Persico +gkarracer on github +Gleb Ivanovsky Glen A Johnson Jr. Glen Nakamura -Glen Scott +Glenn de boer Glenn Sheridan +Glenn Strauss +Glen Scott +godmar on github +Godwin Stewart +Gökhan Şengün +Gonçalo Carvalho +Google Big Sleep Google Inc. Gordon Marler +Gordon Parke Gorilla Maguila +Goro FUJI +Götz Babin-Ebell Gou Lingfeng +Graham Campbell +Graham Christensen Grant Erickson Grant Pannell +graywolf on github Greg Hewgill +Greg Hudson Greg Morse Greg Onufer -Greg Pratt -Greg Rowe -Greg Zavertnik Gregor Jasny Gregory Jefferis +Gregory Muchka Gregory Nicholls +Gregory Panakkal Gregory Szorc +Greg Pratt +Greg Rowe +Greg Zavertnik Griffin Downs Grigory Entin +Grisha Levit +Gruber Glass +gudyuu on hackerone Guenole Bescon Guido Berhoerster +Guilherme Puida +Guillaume Algis Guillaume Arluison guitared on github +Gunamoi Software +Gunni on github Gunter Knauf +guoxinvmware on github Gustaf Hui Gustavo Grieco +Gusted Guy Poizat GwanYeong Kim Gwenole Beauchesne -Gökhan Şengün -Götz Babin-Ebell +Gwen Shapira +h1zzz on github H3RSKO on github Hagai Auro Haibo Huang +Hakan Sunay Halil Hamish Mackenzie +hammlee96 on github hamstergene on github -Han Han -Han Qiao +Hamza Bensliman Hang Kin Lau Hang Su +Han Han +Hannah Schierling Hannes Magnusson Hanno Böck Hanno Kranzhoff -Hans Steegers +Han Qiao +Hans-Christian Egtvedt Hans-Christian Noren Egtvedt Hans-Jurgen May +Hans Steegers Hao Wu Hardeep Singh Haris Okanovic +Harmen Stoppels Harold Stuart +Harry Mallon +Harry Sarson Harry Sintonen Harshal Pradhan Hauke Duden -He Qin +Haydar Alaidrus +Hayden Roche Heikki Korpela Heinrich Ko Heinrich Schaefer Helge Klein +Helmut Grohne Helmut K. C. Tessarek Helwing Lutz Hendrik Visage +Henning Schild Henri Gomez Henrik Gaßmann +Henrik Holst +henrikjehgmti on github Henrik Storner Henry Ludemann Henry Roeland +He Qin +herdiyanitdev on hackerone +Hermes Zhang Herve Amblard +HexTheDragon +hgdagon on github +Hide Ishikawa Hidemoto Nakada +highmtworks on github +hiimmat on github Himanshu Gupta +Hind Montassif +Hiroki Kurosawa +Hirotaka Tagawa Ho-chi Chen Hoi-Ho Chan +Hongfei Li Hongli Lai Hongyi Zhao Howard Blaise Howard Chu hsiao yi +HsiehYuho on github htasta on github +huanghuihui0904 Hubert Kario +Hugh Macdonald Hugo van Kemenade +humbleacolyte +Hunt Darlener +Huseyin Tintas Huzaifa Sidhpurwala huzunhao on github hydra3333 on github Hzhijun iammrtau on github +Ian Blanes Ian D Allen Ian Fette Ian Ford @@ -896,12 +1350,18 @@ Ian Lynagh Ian Spence Ian Turner Ian Wilkes +iAroc on github +IcedCoffeee on github +iconoclasthero +icy17 on github Ignacio Vazquez-Abrams +Ignat Loskutov Igor Franchuk Igor Khristophorov Igor Makarov Igor Novoseltsev Igor Polyakov +Igor Todorovski Ihor Karpenko ihsinme on github Iida Yosiaki @@ -909,14 +1369,20 @@ Ikko Ashimine Ilguiz Latypov Ilja van Sprundel Illarion Taev +illusory-dream on github +Ilmari Lauhakangas Ilya Kosarev imilli on github Immanuel Gregoire +ImpatientHippo on github Inca R infinnovation-dev on github Ingmar Runge Ingo Ralf Blum Ingo Wilken +Inho Oh +Int64x86 on github +IoannisGS on github Ionuț-Francisc Oancea Irfan Adilovic Ironbars13 on github @@ -924,26 +1390,42 @@ Irving Wolfe Isaac Boukris Isaiah Norton Ishan SinghLevett +İsmail Dönmez +Itay Bookstein Ithubg on github +Ivan Ivan Avdeev +ivanfywang +Ivan Kuchin IvanoG on github +Ivan Tsybulin Ivo Bellin Salarin iz8mbw on github -J. Bromley -Jack Boos Yu -Jack Zhang +Jacek Migacz Jackarain on github +JackBoosY on github +Jack Boos Yu Jacky Lam +Jack Zhang Jacob Barthelmeh +Jacob Champion Jacob Hoffman-Andrews +Jacob Mealey Jacob Meuser Jacob Moshenko +Jacob Tolar Jactry Zeng Jad Chamcham Jaime Fullaondo +Jake Yuesong Li jakirkham on github +Jakob Hirsch +Jakub Bochenski +Jakub Jelen +Jakub Stasiak Jakub Wilk Jakub Zakrzewski +James Abbatiello James Atwill James Brown James Bursa @@ -955,23 +1437,35 @@ James Fuller James Gallagher James Griffiths James Housley +James Keast James Knight James Le Cuirot +James Lucas James MacMillan James Slaughter Jamie Lokier Jamie Newton Jamie Wilkinson Jan Alexander Steffens +JanB on github Jan Chren +janedenone on github Jan Ehrhardt +Jan Engelhardt Jan Koen Annot +janko-js on github Jan Kunder +Jan Macku +Jan Mazur +Janne Blomqvist +Janne Johansson +János Fekete +Jan-Piet Mens Jan Schaumann Jan Schmidt Jan Van Boghout -JanB on github -Janne Johansson +Jan Venekamp +Jan Verbeek Jared Jennings Jared Lundell Jari Aalto @@ -979,6 +1473,7 @@ Jari Sundell jasal82 on github Jason Baietto Jason Glasgow +Jason Hood Jason Juang Jason Lee Jason Liu @@ -990,14 +1485,21 @@ Javier G. Sogo Javier Navarro Javier Sixto Jay Austin +Jay Dommaschk Jayesh A Shah +Jay Guerette +Jay Wu Jaz Fresh -Jean Fabrice -Jean Gressmann -Jean Jacques Drouin +JazJas on github +jbgoog on github +J. Bromley +Jean-Christophe Amiel Jean-Claude Chauve +Jean Fabrice Jean-Francois Bertrand Jean-Francois Durand +Jean Gressmann +Jean Jacques Drouin Jean-Louis Lemaire Jean-Marc Ranger Jean-Noël Rouvignac @@ -1008,27 +1510,40 @@ Jeff Hodges Jeff Johnson Jeff King Jeff Lawson +Jeff Luszcz Jeff Mears Jeff Phillips Jeff Pohlmeyer -Jeff Weber +Jeffrey Tolar Jeffrey Walton +jeffrson on github +Jeff Weber +Jelle Raaijmakers +Jelle van der Waa +Jenny Heino Jens Finkhaeuser Jens Rantil Jens Schleusener Jeremie Rapin +Jeremy Drake +Jeremy Falcon Jeremy Friesner Jeremy Huddleston Jeremy Lainé Jeremy Lin Jeremy Maitin-Shepard Jeremy Pearson +Jérémy Rabasco +Jérémy Rocher Jeremy Tan Jeremy Thibault Jeroen Koekkoek Jeroen Ooms +Jérôme Leclercq +Jerome Mao Jerome Muffat-Meridol Jerome Robert +Jerome St-Louis Jerome Vouillon Jerry Krinock Jerry Wu @@ -1037,42 +1552,69 @@ Jesper Jensen Jesse Chisholm Jesse Noller Jesse Tan +Jess Lowe +Jesus Malo Poyatos jethrogb on github +jhauga +jhoyla on github +Jiacai Liu +Jiang Wenjian +Jiawen Geng +Jicea Jie He +Jiehong on github +Jilayne Lovejoy +Jim Beveridge Jim Drash Jim Freeman -Jim Fuller Jim Hollinger +Jim King Jim Meyering Jimmy Gaussen +Jimmy Sjölund +Jiří Bok Jiri Dvorak Jiri Hruska Jiri Jaburek Jiří Malák +Jiri Stary +Jishan Shaikh +Jiwoo Park +Jixinqi +Jiyong Yang +jkamp-aws on github +jmaggard10 on github jmdavitt on github jnbr on github Jocelyn Jaubert Jochem Broekhoff +Jochen Sprickerhof +Joe Birr-Pixton +Joe Cise Joe Halpin -Joe Malicki -Joe Mason +JoelAtWisetech on github Joel Chen Joel Depooter Joel Jakobsson Joel Teichroeb +Joe Malicki +Joe Mason joey-l-us on github Jofell Gallardo Johan Anderson +Johan Eliasson Johan Lantz -Johan Nilsson -Johan van Selst Johann150 on github Johannes Bauer Johannes Ernst Johannes G. Kristinsson Johannes Lesr Johannes Schindelin +Johan Nilsson +Johann Sebastian Schicho +Johan van Selst John A. Bristor +John Bampton John Bradshaw John Butterfield John Coffey @@ -1084,6 +1626,9 @@ John Dunn John E. Malmberg John Gardiner Myers John Hascall +John Haugabook +John Hawthorn +John H. Ayad John Janssen John Joseph Bachir John Kelly @@ -1092,62 +1637,87 @@ John Lask John Levon John Lightsey John Marino +John-Mark Bell John Marshall John McGowan +Johnny Luong John P. McCaskey +John Porter +John Rodriguez John Schroeder +John Sherrill John Simpson John Starks John Suprock John V. Chow +John Walker John Wanghui John Weismiller John Wilkinson -John-Mark Bell -Johnny Luong Jojojov on github -Jon DeVree -Jon Grubbs -Jon Johnson Jr -Jon Nelson -Jon Rumsey -Jon Sargeant -Jon Seymour -Jon Spencer -Jon Torrey -Jon Travis -Jon Turner -Jon Wilkes +Jonas Bülow Jonas Forsman +Jonas Haag Jonas Minnberg Jonas Schnelli +Jonas 'Sortie' Termansen Jonas Vautherin Jonatan Lander Jonatan Vela Jonathan Cardoso Machado Jonathan Hseu +Jonathan Matthews Jonathan Moerman Jonathan Nieder +Jonathan Perkin +Jonathan Rosa Jonathan Watt +Jonathan Wernberg +Jon DeVree Jongki Suwandi +Jon Grubbs +Jon Johnson Jr +Jon Nelson +jonny112 on github +Jon Rumsey +Jon Sargeant +Jon Seymour +Jon Spencer +Jon Torrey +Jon Travis +Jon Turner +Jon Wilkes Joombalaya on github Joonas Kuorilehto Jordan Brown +Jörg Mueller-Tolk +Jörn Hartroth Jose Alf -Jose Kahan Josef Wolf +José Joaquín Atria +Jose Kahan +Joseph Birr-Pixton Joseph Chen +Joseph Tharayil Josh Bialkowski -Josh Kapell +Josh Brobst joshhe on github +Joshix-1 on github +Josh Kapell +Josh McCullough +Josh Soref Joshua Kwan +Joshua Rogers +Joshua Root Joshua Swink +Joshua Vandaële Josie Huddleston +Josip Medved Josue Andrade Gomes -José Joaquín Atria Jozef Kralik -JP Mens Juan Barreto +Juan Belon +Juan Cruz Viotti Juan F. Codagnone Juan Ignacio Hervás Juan RP @@ -1155,6 +1725,7 @@ Judson Bishop Juergen Hoetzel Juergen Wilke Jukka Pihl +Julian K. Julian Montes Julian Noble Julian Ospald @@ -1164,73 +1735,108 @@ Julian Z Julien Chaffraix Julien Nabet Julien Royer -Jun-ichiro itojun Hagino -Jun-ya Kato +Juliusz Sosinowicz jungle-boogie on github Junho Choi +Jun-ichiro itojun Hagino +junsik on github +Jun Tseng +Jun-ya Kato +Jürgen Gmach Jurij Smakov +jurisuk on github Juro Bystricky +JustAnotherArchivist on github +justchen1369 on github Justin Clift Justin Ehlert Justin Fletcher Justin Karneges Justin Maggard +Justin Steventon jveazey on github +jvreelanda on github +jvvprasad78 on github jzinn on github -János Fekete -Jérémy Rocher -Jörg Mueller-Tolk -Jörn Hartroth -Jürgen Gmach -K. R. Walker ka7 on github +Kadambini Nema Kael1117 on github Kai Engert +Kailun Qin Kai Noda +Kai Pastor Kai Sommerfeld Kai-Uwe Rommel Kalle Vahlman +kalvdans on github Kamil Dudka Kane York -Kang Lin Kang-Jin Lee +Kang Lin +Kantanat Wannapaka +kapsiR on github +Kareem +Kari Pahula Karl Chen Karl Moerder Karol Pietrzak +Kartatz on github +Karthik Das +Karthik Dasari +Karthikdasari0423 on github Kartik Mahajan Kaspar Brand Katie Wang Katsuhiko YOSHIDA +kayrus on github Kazuho Oku +kchow-FTNT on github +Keerthi Timmaraju Kees Cook Kees Dekker +Keitagit-kun on github Keith MacDonald Keith McGuigan Keith Mok +Kelly Kaoudis Ken Brown Ken Hirsch -Ken Rastatter Kenneth Davidson +Kenneth Myhra Kenny To +Keno Fischer +Ken Rastatter Kent Boortz +Kerem Kat Keshav Krity +Kevin Adler Kevin Baughman Kevin Burke +Kevin Daudt Kevin Fisk Kevin Ji Kevin Lussier Kevin R. Bulgrien Kevin Reed Kevin Roth +Kevin Ryan Kevin Smith +Kevin Sun Kevin Ushey +Kev Jackson Kim Minjoong +Kimmo Kinnunen Kim Rinnewitz Kim Vandry -Kimmo Kinnunen +kirbyn17 on hackerone +Kirill Efimov Kirill Marchuk +Kirill Obukhov +kit-ty-kate on github Kjell Ericson Kjetil Jacobsen +kkalganov on github +kkmuffme on github Klaus Crusius Klaus Stein Klevtsov Vadim @@ -1240,23 +1846,37 @@ Koichi Shiraishi kokke on github Konstantin Isakov Konstantin Kushnir +Konstantin Kuzov +Konstantin Vlasov +KotlinIsland on github kotoriのねこ +koujaz on github kouzhudong on github Kovalkov Dmitrii +kpcyrd on github kreshano on github -Kris Kennaway Krishnendu Majumdar +Kris Kennaway Krister Johansen Kristian Gunstone Kristian Köhntopp Kristian Mide Kristiyan Tsaklev Kristoffer Gleditsch +kriztalz +K. R. Walker +Kuan-Wei Chiu +kuchara on github Kunal Chandarana Kunal Ekawde +kupavcevdenis on github Kurt Fankhauser +Kushal Das +Kvarec Lezki +kwind on github Kwon-Young Choi Kyle Abramowitz +kyled-dell on github Kyle Edwards Kyle J. McKay Kyle L. Huff @@ -1274,34 +1894,50 @@ Larry Lin Larry Stefani Larry Stone Lars Buitinck +Lars Francke Lars Gustafsson Lars J. Aas Lars Johannesen +Lars Karlitski +Lars Kellogg-Stedman Lars Nilsson Lars Torben Wilson +Lau Laurent Bonnans +Laurent Dufresne +Laurențiu Nicola Laurent Rabret -Lauri Kasanen Laurie Clark-Michalek +Lauri Kasanen Lawrence Gripper Lawrence Matthews Lawrence Wagerfield +Leah Neukirchen +Lealem Amedie +Leandro Coutinho +Lee Li +LeeRiva Legoff Vincent Lehel Bernadt Leif W Leigh Purdie Leith Bade +Lenaic Lefever Len Krause Len Marinaccio -Lenaic Lefever Lenny Rachitsky -Leo Neat -Leon Breedt -Leon Winter Leonardo Rosati Leonardo Taccari -Li Xinwei +Leon Breedt +Leo Neat +Leon Timmermans +Leon Winter +Leszek Kubik +letshack9707 on hackerone +lf- on github Liam Healy +Liam Warfield +LigH-de on github lijian996 on github Lijo Antony lilongyan-huawei on github @@ -1309,24 +1945,43 @@ Linas Vepstas Lindley French Ling Thio Linos Giannopoulos +Lin Sun Linus Lewandowski Linus Nielsen Feltzing Linus Nordberg Lior Kaplan Lisa Xu +Litter White Liviu Chircu +Li Xinwei Liza Alenchery +lizhuang0630 on github +lkordos on github +lllaffer on github Lloyd Fournier Lluís Batlle i Rossell locpyl-tidnyd on github Loganaden Velvindron +Logan Buth Loic Dachary +Loïc Yhuel +lolbinarycat on github +lomberd2 on github +LoRd_MuldeR Loren Kirkby +Lorenzo Miniero +Louis Solofrizzo +lRoccoon on github Luan Cestari +Luật Nguyễn Luca Altea Luca Boccassi +Luca Kellermann +Luca Niccoli Lucas Adamski Lucas Clemente Vella +Lucas Holt +Lucas Nussbaum Lucas Pardue Lucas Servén Marín Lucas Severo @@ -1335,162 +1990,238 @@ Ludek Finstrle Ludovico Cavedon Ludwig Nussel Lukas Ruzicka +Lukas Tribus +Lukáš Zaoral Lukasz Czekierda +Łukasz Domeradzki lukaszgn on github Luke Amery Luke Call Luke Dashjr Luke Granger-Brown +Luke Hamburg +Luke Wilde +luminixinc on github Luo Jinghua Luong Dinh Dung Luz Paz -Luật Nguyễn +lwthiker on github Lyman Epp Lyndon Hill -M.R.T on github +Maarten Billemont +Maciej Domanski Maciej Karpiuk Maciej Puzio Maciej W. Rozycki +MacKenzie madblobfish on github +madoe on github +MaeIsBad on github +magisterquis on hackerone Mahmoud Samir Fayed -Maks Naumov +Maksim Arhipov Maksim Kuzevanov +Maksim Ściepanienka Maksim Stsepanenka +Maks Naumov +Maksymilian Arciemowicz +Malik Idrees Hasan Khan Mamoru Tasaka Mamta Upadhyay Mandy Wu Manfred Schwarb -MAntoniak on github +Manuel Einfalt Manuel Massing +Manuel Strehl Manuj Bhatia Marc Aldorasi +Marc-Antoine Perennou Marc Boucher Marc Deslauriers Marc Doughty -Marc Hesse -Marc Hörsken -Marc Kleine-Budde -Marc Renault -Marc Schlatter -Marc-Antoine Perennou -marc-groundctl on github Marcel Hernandez -Marcel Raad -Marcel Roelofs +Marcel Lang Marcelo Echeverria Marcelo Juchem +Marcel Raad +Marcel Roelofs +marc-groundctl on github +Marc Hesse +Marc Hörsken Marcin Adamski Marcin Gryszkalis Marcin Konicki +Marcin Rataj +Marc Kleine-Budde Marco Deckel Marco G. Salvagno +Marco Kamner Marco Maggi Marcos Diazr +marcos-ng on github +Marc Renault +Marc Schlatter Marcus Hoffmann Marcus Klein +Marcus Müller Marcus Sundberg +Marcus T Marcus Webster +Margu Marian Klymov +Marin Hannache Mario Schroeder +Marius Albrecht +Marius Kleidl Mark Brand Mark Butler Mark Davies +Mark Dodgson +Mark Gaiser Mark Hamilton +Mark Huang Mark Incley +Mark Itzcovitz Mark Karpeles Mark Lentczner Mark Nottingham +Mark Phillips +Mark Roszko Mark Salisbury +Mark Seuffert +Mark Sinkovics Mark Snelling +Mark Swaanenburg Mark Tully -Mark W. Eichin -Mark Wotton Markus Duft Markus Elfring Markus Koetter Markus Moeller Markus Oberhumer Markus Olsson +Markus Sommer +Markus Unterwaditzer Markus Westerlind +Mark W. Eichin +Mark Wotton Maros Priputen Marquis de Muesli +marski on github Martijn Koster +Martin Ågren Martin Ankerl Martin Bašti Martin C. Martin +Martin D'Aloia Martin Dorey Martin Drasar Martin Dreher +martinevsky Martin Frodl Martin Galvan Martin Gartner Martin Hager Martin Halle +Martin Harrigan Martin Hedenfalk +Martin Howarth Martin Jansen Martin Kammerhofer Martin Kepplinger Martin Lemke +Martin Peck +Martin Schmatz Martin Skinner Martin Staael Martin Storsjö +Martin Strunz Martin V Martin Vejnár +Martin Waleczek +Martxel Marty Kuhrt Maruko +Marwan Yassini Masaya Suzuki masbug on github Massimiliano Fantuzzi Massimiliano Ziccardi Massimo Callegari +MasterInQuestion on github +Master Inspire Mateusz Loskot +Mathesh V +Mathew Benson Mathias Axelsson +Mathias Fuchs Mathias Gumz +Mathieu Carbonneaux +Mathieu Garaud Mathieu Legare Matias N. Goldberg Mats Lidell +Mats Lindestam Matt Arsenault -Matt Ford -Matt Holt -Matt Kraai -Matt McClure -Matt Veenstra -Matt Witherspoon -Matt Wixson +Matteo Baccan Matteo Bignotti Matteo Bignottignotti Matteo Rocco +Matt Ford Matthew Blain Matthew Clarke Matthew Hall Matthew Kerwin +Matthew Thompson Matthew Whitehead Matthias Bolte Matthias Gatto Matthias Naegler +Matthieu Baerts +Matt Holt Mattias Fornander +Matt Jolly +Matt Kraai +Matt McClure +Matt Veenstra +Matt Witherspoon +Matt Wixson Matus Uzak +mauke Maurice Barnum +Maurício Meneghini Fauth +Mauricio Scheffer Mauro Iorio Mauro Rappa Max Dymond +Max Eliaser +Max Faxälv +Maxim Dzhura +Maxime Larocque +Maxime Legros +Maxim Ivanov +Maxim Perenesenko +Maxim Prohorov Max Katsev Max Kellermann Max Khon +Max Mehl Max Peal Max Savenkov -Maxim Ivanov -Maxim Perenesenko -Maxim Prohorov -Maxime Larocque -Maxime Legros +Max Zettlmeißl mbeifuss on github mccormickt12 on github +Median Median Stride +Megamouse on github +mehatzri on github Mehmet Bozkurt Mekonikum Melissa Mears +Melroy van den Berg +Mel Zuser Mert Yazıcıoğlu Mettgut Jamalla +Micah Snyder +Michael Afanasiev Michael Anti Michael Baentsch Michael Benedict @@ -1500,10 +2231,12 @@ Michael Calmer Michael Cronenworth Michael Curtis Michael Day +Michael Drake Michael Felt Michael Forney Michael Gmelin Michael Goffioul +Michael Heimpold Michael Hordijk Michael Jahn Michael Jerris @@ -1511,9 +2244,10 @@ Michael Kalinin Michael Kaufmann Michael Kilburn Michael Kolechkin -Michael Kujawa Michael König +Michael Kujawa Michael Lee +Michael Litwak Michael Maltese Michael Mealling Michael Mueller @@ -1522,25 +2256,28 @@ Michael O'Farrell Michael Olbrich Michael Osipov Michael Schmid +Michael Schuster Michael Smith Michael Stapelberg Michael Steuer Michael Stillwell +Michael Trebilcock Michael Vittiglio Michael Wallner +Michał Antoniak Michal Bonino -Michal Marek -Michal Rus -Michal Trybus Michal Čaplygin -Michał Antoniak Michał Fita Michał Górny Michał Janiszewski Michał Kowalczyk +Michal Marek +Michał Petryka Michał Piechowski -Michel Promonet +Michal Rus +Michal Trybus Michele Bini +Michel Promonet Miguel Angel Miguel Diaz migueljcrum on github @@ -1552,6 +2289,7 @@ Mike Bytnar Mike Crowe Mike Dobbs Mike Dowell +Mike Duglas Mike Frysinger Mike Gelfand Mike Giancola @@ -1564,44 +2302,74 @@ Mike Power Mike Protts Mike Revi Mike Tzou +Mikhail Kuznetsov Miklos Nemeth +Milon Renatus Miloš Ljumović Mingliang Zhu Mingtao Yang Miroslav Franc Miroslav Spousta Mischa Salle +Mitchell Blank Jr Mitz Wark mkzero on github +modbw on github +Mohamed Daahir Mohamed Lrhazi Mohamed Osama Mohammad AlSaleh Mohammad Hasbini +Mohammadreza Hendiani +Mohammed Naser +Mohammed Sadiq Mohun Biswas momala454 on github +Momoka Yamamoto +MonkeybreadSoftware on github +Montg0mery on github moohoorama on github +Morgan Willcock +Moritz +Moritz Buhl +Moritz Knüsel Morten Minde Neergaard Mostyn Bramley-Moore Moti Avrahami MrdUkk on github MrSorcus on github +M.R.T on github +mschroeder-fzj on github +Muhamad Arga Reksapati Muhammad Herdiansyah +Muhammad Hussein Ammari Muhammed Yavuz Nuzumlalı Murugan Balraj +musvaage on github Muz Dima Myk Taylor +n0name321 on github Nach M. S. Nagai H +nait-furry naost3rn on github +Nao Yonashiro +Natanael Copa Nate Prewitt -Nathan Coulter -Nathan O'Sullivan Nathanael Nerode +Nathan Coulter Nathaniel J. Smith Nathaniel R. Lewis Nathaniel Waisbrot +Nathan-M-code on github +Nathan Moinvaziri +Nathan O'Sullivan +Natris on github +na-trium-144 on github Naveen Chandran Naveen Noel +ncaklovic on github +Neal McBurnett Neal Poole nedres on github neex on github @@ -1609,85 +2377,142 @@ Nehal J Wani neheb on github Neil Bowers Neil Dunbar +Neil Horman +Neil Johari Neil Kolban Neil Spring +NeimadTL +nekopsykose on github +Nemos2024 on github +neutric on github +nevakrien on github nevv on HackerOne/curl +newfunction +newfunction on hackerone +Niall McGee Niall O'Reilly -niallor on github +nian6324 on github nianxuejie on github -Nic Roets Nicholas Maniscalco +Nicholas Nethercote +Nick Banks +Nick Coghlan Nick Draffen Nick Gimbrone Nick Humfrey +Nick Korepanov +Nicklas Avén Nick Miyake +nick-telia on github Nick Zitzmann -Nicklas Avén -Nico Baggus nico-abram on github +Nico Baggus Nicolas Berloquin Nicolas Croiset +Nicolas F. Nicolas François +Nicolas George Nicolas Grekas Nicolas Guillier Nicolas Morey-Chaisemartin +Nicolas Noben +Nicolás Ojeda Bär +Nicolás San Martín Nicolas Sterchele +Nico Rieck +Nic Roets +Niels Martignène Niels van Tongeren +Nigel Brittain Nikita Schmidt +Nikita Taranov Nikitinskit Dmitriy Niklas Angebrand Niklas Hambüchen Nikolai Kondrashov Nikos Mavrogiannopoulos Nikos Tsipinakis +Nils Goroll +nimaje on github niner on github Ning Dong -Nir Soffer +NINIKA +Niracler Li Niranjan Hasabnis +Nir Azkiel +Nir Soffer Nis Jorgensen nk +Noam Moshe +nobedee on github NobodyXu on github Nobuhiro Ban Nodak Sodak +nono303 on github nopjmp on github Norbert Frese Norbert Kett +norbertmm on github Norbert Novotny nosajsnikta on github -NTMan on Github +NTMan on github +Nuno Goncalves +Nuru on github Octavio Schroeder +odek86 on github Ofer +ohyeaah on github Okhin Vasilij -Ola Mork Olaf Flebbe Olaf Hering Olaf Stüben +Ola Mork +Oleg Jukovec Oleg Pudeyev +Oleguer Llopart Olen Andoni olesteban on github Oli Kingshott +Oliver Chang Oliver Gondža Oliver Graute Oliver Kuckertz +oliverpool on github +Oliver Roberts Oliver Schindler Oliver Urbann Olivier Berger +Olivier Bonaventure Olivier Brunel Omar Ramadan omau on github +Omdahake on github +Ondřej Hlavatý +Ondřej Koláček +opensignature on github +opensslonzos-github on github +Ophir Lojkine Orange Tsai Oren Souroujon Oren Tirosh Orgad Shaneh Ori Avtalion +orycho on github osabc on github +Osaila on github +Osama Albahrani Oscar Koeroo Oscar Norlander Oskar Liljeblad +Oskar Sigvardsson Oumph on github +Outvi V ovidiu-benea on github -P R Schaffner +Oxan van Leeuwen +Ozan Cansel +Pablo Busse Palo Markovic +pandada8 on github Paolo Mossino Paolo Piacentini Paras Sethia @@ -1696,9 +2521,9 @@ Pascal Gaudette Pascal Terjan Pasha Kuznetsov Pasi Karkkainen -Pat Ray patelvivekv1993 on github patnyb on github +Pat Ray Patrice Guerin Patricia Muscalu Patrick Bihan-Faou @@ -1709,31 +2534,41 @@ Patrick Rapin Patrick Schlangen Patrick Scott Patrick Smith +Patrick Steinhardt +Patrick Stoeckle Patrick Watson Patrik Thunstrom Pau Garcia i Quiles Paul B. Omta Paul Donohue Paul Dreik +Paul Gilmartin Paul Groke Paul Harrington Paul Harris Paul Hoffman Paul Howarth +Paul Johnson Paul Joyce Paul Marks Paul Marquis Paul Moore Paul Nolan Paul Oliver +Paulo Roberto Tomasi Paul Querna Paul Saab +Paul Seligman Paul Vixie -Paulo Roberto Tomasi +Paul Wise Pavel Cenek Pavel Gushchin +Pavel Kalyugin +Pavel Kropachev Pavel Löbl +Pavel Mayorov Pavel Orehov +Pavel P Pavel Pavlov Pavel Raiskup Pavel Rochnyak @@ -1741,29 +2576,43 @@ Pavel Volgarev Pavol Markovic Pawel A. Gajda Pawel Kierski +Paweł Kowalski Paweł Wegner +Paweł Witas +PBudmark on github +Pedro Henrique Pedro Larroy Pedro Monreal Pedro Neves +pelioro on hackerone pendrek at hackerone Peng Li Peng-Yu Chen +pennae on github Per Jensen Per Lundberg Per Malmberg Per Nilsson +Petar Popovic +Pete Cordell Pete Lomax Peter Bray Peter Forret Peter Frühberger Peter Gal +Peter Goodman Peter Heuchert Peter Hjalmarsson -Peter Korsgaard +Pēteris Caune +Peteris Krumins +Peter Kokot Peter Körner +Peter Korsgaard +Peter Krefting Peter Lamare Peter Lamberg Peter Laser +Peter Marko Peter O'Gorman Peter Pentchev Peter Piekarski @@ -1778,90 +2627,139 @@ Peter Verhas Peter Wang Peter Wu Peter Wullinger -Peteris Krumins Petr Bahula Petr Novak Petr Pisar +Petr Štetiar Petr Voytsik Phil Blundell Phil Crump -Phil Karn -Phil Lisiecki -Phil Pellouchoud +Phil E. Taylor +Philip Chan Philip Craig Philip Gladstone +Philip Heiduck Philip Langdale -Philip Prindeville -Philipp Klaus Krause -Philipp Waehnert +Philippe Antoine +Philippe Antoine on HackerOne Philippe Hameau Philippe Marguinaud +Philipp Engel Philippe Raoult Philippe Vaucher +Philipp Klaus Krause +Philip Prindeville +Philipp Waehnert +Philip Sanetra +Phil Karn +Phil Lisiecki +Phil Pellouchoud Pierre Pierre Brico Pierre Chapuis +Pierre-Etienne Meunier Pierre Joye +Pierre Yager Pierre Ynard Pierre-Yves Bigourdan +Pierrick Charron +Pino Toscano Piotr Dobrogost Piotr Komborski +Piotr Nakraszewicz +PleaseJustDont +plv1313 on github Po-Chuan Hsieh +Pocs Norbert +pojomi +Pontakorn Prasertsuk Pontus Lundkvist Pooyan McSporran Poul T Lomholt Pramod Sharma Prash Dush Praveen Pvs +Prithvi MK +privetryan on github Priyanka Shah +ProceduralMan on github +programmerlexi on github +promptfuzz_ on hackerone +Pronyushkin Petr +prpr19xx on github +P R Schaffner Przemysław Tomaszewski pszemus on github +pszlazak on github puckipedia on github Puneet Pawaia +qhill +qhill on github qiandu2006 on github +Qriist on github Quagmire Quanah Gibson-Mount Quentin Balland Quinn Slack -R. Dennis Steed +Radek Brich Radek Zajic Radoslav Georgiev +Radu Hociung Radu Simionescu -Rafa Muyo Rafael Antonio +Rafaël Carré Rafael Sagula +Rafał Mikrut +Rafa Muyo Rafayel Mkrtchyan -Rafaël Carré +Rahul Krishna M Rainer Canavan Rainer Jung Rainer Koenig Rainer Müller +RainRat +Raito Bezarius Rajesh Naganathan Rajkumar Mandal +Ralf A. Timmermann +ralfjunker on github Ralf S. Engelschall Ralph Beckmann Ralph Langendam Ralph Mitchell +Ralph Sennhauser +Ramiro Garcia Ram Krushna Mishra +rampageX on github ramsay-jones on github -Ran Mozes +RanBarLavie on github Randall S. Becker +Randolf J Randy Armstrong Randy McMurchy +Ran Mozes Raphael Gozzo +r-a-sattarov on github Rasmus Melchior Jacobsen +Rasmus Thomsen +Raul Onitza-Klugman Ravi Pratap Ray Dassen Ray Pekowski Ray Satiro Razvan Cojocaru +Razvan Pricope rcombs on github +R. Dennis Steed +Red Hat Product Security Reed Loden Reinhard Max Reinout van Schouwen +RekGRpth on github Remco van Hooff Remi Gacogne Remo E +Rémy Léone Renato Botelho Renaud Allard Renaud Chaillat @@ -1870,17 +2768,18 @@ Renaud Guillard Renaud Lehoux Rene Bernhardt Rene Rebe +renovate[bot] +renovate[bot] +RepoRascal on hackerone Reuven Wachtfogel +RevaliQaQ on github Reza Arbab +Rianov Viacheslav +riastradh on github Ricardo Cadime Ricardo Gomes -Rich Burridge -Rich FitzJohn -Rich Gray -Rich Mirch -Rich Rauenzahn -Rich Salz -Rich Turner +Ricardo Martins +Ricardo M. Correia Richard Adams Richard Alcock Richard Archer @@ -1893,57 +2792,90 @@ Richard Gorton Richard Gray Richard Hosking Richard Hsu +Richard Levitte +Richard Marion Richard Michael Richard Moore Richard Prescott Richard Silverman Richard van den Berg +Richard Whitehouse +Richard W.M. Jones +Rich Burridge +Rich FitzJohn +Rich Gray +Rich Mirch +Rich Rauenzahn +Rich Salz +Rich Turner Richy Kim Rici Lake +Rickard Hallerbäck Rick Deist +Ricki Hirner Rick Jones +Rick Lane Rick Richardson Rick Welykochy -Rickard Hallerbäck -Ricki Hirner Ricky Leverence Ricky-Tigg on github +RiderALT on github Rider Linden Rikard Falkeborn +rilysh +Rinku Das +rinsuki on github rl1987 on github +rmg-x on github +rm-rmonaghan on github +Rob Boeckermann +RobBotic1 on github +Robby Simpson Rob Cotrone Rob Crittenden Rob Davies -Rob Jones -Rob Sanders -Rob Stanzel -Rob Ward +Rob de Wit Robert A. Monat Robert B. Harris -Robert D. Young +Robert Brose +Robert Charles Muir Robert Dunaj +Robert D. Young Robert Foreman Robert Iakobashvili Robert Kolcun Robert Linden +Robert Maynard +Robert Moreton +Roberto Hidalgo Robert Olson Robert Prag Robert Ronto Robert Schumann +Robert Simpson +Robert Southee Robert Weaver Robert Wruck +Robert W. Van Kirk +Robin A. Meade Robin Cornelius Robin Douine Robin Johnson Robin Kay +Robin Marx +Rob Jones +Rob Sanders Robson Braga Araujo -Rod Widdowson +Rob Stanzel +Rob Ward Rodger Combs Rodney Simmons Rodric Glaser Rodrigo Silva +Rod Widdowson Roger Leigh Roger Orr +Roger Young Roland Blom Roland Hieber Roland Krikava @@ -1956,386 +2888,599 @@ Romain Geissler romamik om github Roman Koifman Roman Mamedov +Roman Zharkov Romulo A. Ceccon +Ronald Crane +Ronan Pigott Ron Eldor +Ronnie Mose Ron Parker Ron Zapp -Ronnie Mose +Rosen Penev Rosimildo da Silva Ross Burton +roughtex on github Roy Bellingan +Roy Li Roy Shan +RubisetCie on github +Rudi Heitbaum Rui LIU +Rui Pinheiro Rune Kleveland Ruslan Baratov Ruslan Gazizov +Rutger Broekhoff Rutger Hofman Ruurd Beerstra -RuurdBeerstra on github +rwmjones on github Ryan Beck-Buysse Ryan Braud +ryancaicse on github +Ryan Carsten Schmidt Ryan Chan +Ryan Hooper +Ryan Mast Ryan Nelson Ryan Schmidt Ryan Scott +Ryan Sleevi Ryan Winograd Ryuichi KAWAMATA -Rémy Léone -S. Moonesamy +rzrymiak on github +s0urc3_ on hackerone +saimen Sai Ram Kunala +Sakthi SK Salah-Eddin Shaban Saleem Abdulrasool +SaltyMilk Salvador Dávila Salvatore Sorrentino +Samanta Navarro Sam Deane Sam Hurst +Sam James +Sam Jessup +sammydono on github +Sampo Kellomaki Sam Roth Sam Schanken -Samanta Navarro -Sampo Kellomaki +Samuel Chiang Samuel Díaz García +Samuel Dionne-Riel +Samuel Henrique Samuel Listopad Samuel Marks Samuel Surtees Samuel Thibault Samuel Tranchet +SandakovMM on github Sander Gates Sandor Feldi +Sandro Jaeckel +Sanjay Pujare Santhana Todatry Santino Keupp Saqib Ali Sara Golemon +Sarah Gooding Saran Neti +Sascha Frinken Sascha Swiercy +Sascha Zengler +Satadru Pramanik +Satana de Sant'Ana Saul good +saurabhsingh-dev on github Saurav Babu sayrer on github +sbernatsky on github SBKarr on github +SC404 +Scarlett McAllister +Schrijvers Luc Scott Bailey Scott Barrett Scott Cantor Scott Davis Scott McCreary +Scott Mutter +Scott Talbert +sd0 on hackerone Sean Boudreau Sean Burford Sean MacLennan Sean McArthur Sean Miller +Sean Molenaar Sebastiaan van Erk +Sebastian Andersson +Sebastian Carlos Sebastian Haglund Sebastian Mundry +Sebastian Neubauer Sebastian Pohlschmidt Sebastian Rasmussen +Sebastian Sterk +Sebastian Walz +Sébastien Helleu +Sébastien Willemijns +selmelc on hackerone +SendSonS on github Senthil Raja Velu Sergei Kuzmin Sergei Nikulov +Sergey +Sergey Alirzaev +Sergey Bronnikov +Sergey Fionov +Sergey Katsubo Sergey Markelov Sergey Ogryzkov +Sergey Ryabinin Sergey Tatarincev Sergii Kavunenko Sergii Pylypenko Sergio Ballestrero Sergio Barresi Sergio Borghese +Sergio Durigan Junior +Sergio-IME on github +Sergio Mijatovic sergio-nsk on github Serj Kalichev +Sertonix +SerusDev on github Seshubabu Pasam Seth Mos Sevan Janiyan -Sh Diao +sfan5 on github +Sgharat on github Shachaf Ben-Kiki +ShadowZzj on github Shailesh Kapse Shankar Jadhavar Shao Shuchao Sharad Gupta Shard +Sharon Brizinov Shaun Jackman +Shaun Mirani Shawn Landden Shawn Poulson +Sh Diao +Sheshadri.V +Shikha Sharma Shine Fan Shiraz Kanga +shithappens2016 on github Shlomi Fish Shmulik Regev +Shohei Maeda Siddhartha Prakash Jain +siddharthchhabrap on github Sidney San Martín Siegfried Gyuricsko silveja1 on github +Simon Berger Simon Chalifoux +Simon Dalvai Simon Dick Simon H. Simon Josefsson +Simon K Simon Legner Simon Liu Simon Warta +simplerobot on github +Sinkevich Artem Siva Sivaraman +Slaven Rezić SLDiggie on github +Smackd0wn on github +S. Moonesamy smuellerDD on github sn on hackerone sofaboss on github +Sohom Datta Somnath Kundu Song Ma Sonia Subramanian +Sören Tempel +southernedge on github Spacen Jasset +spectreglobalsec on hackerone +Spenser Black Spezifant on github Spiridonoff A.V Spoon Man Spork Schivago +ssdbest on github sspiri on github sstruchtrup on github +st751228051 on github Stadler Stephan -Stan van de Burgt +Stan Hu +Stanislav Fort Stanislav Ivochkin +Stanislav Lange +Stanislav Osipov Stanislav Zidek +Stanley Wucw +Stan van de Burgt +Stathis Kapnidis +Stav Nir steelman on github Stefan Agner Stefan Bühler Stefan Eissing Stefan Esser Stefan Grether +Stefan Huber Stefan Kanthak Stefan Karpinski Stefan Krause +Štefan Kremeň Stefan Neis +Stefano Simonelli Stefan Strogin +Stefan Talpalaru Stefan Teleman Stefan Tomanek Stefan Ulrich Stefan Yohansson -Stefano Simonelli +Steffen Kieß Steinar H. Gunderson steini2000 on github Stepan Broz Stepan Efremov Stephan Bergmann +Stephane Pellegrino +Stephan Guilloux Stephan Lagerholm Stephan Mühlstrasser +stephannn on github Stephan Szabo +Stephen Boost Stephen Brokenshire Stephen Collyer +Stephen Farrell Stephen Kick +Stephen M. Coakley Stephen More Stephen Toub Sterling Hughes Steve Green -Steve H Truong Steve Havelka +Steve Herrell Steve Holme +Steve H Truong Steve Lhomme Steve Little Steve Marx -Steve Oliphant -Steve Roskowski -Steve Walch +Steven Allen Steven Bazyl Steven G. Johnson Steven Gu Steven M. Schweda +stevenpackardblp on github Steven Parkes Steven Penny +Steve Oliphant +Steve Roskowski +Steve Walch +Stewart Gebbie Stian Soiland-Reyes Stoned Elipot stootill on github Stuart Henderson +Sukanya Hanumanthu SumatraPeter on github Sune Ahlgren +Sunny Sunny Bean Sunny Purushe +sunriseL +SuperIlu on github +SuperStormer on github Sven Anders Sven Blumenstein Sven Neuhaus Sven Wegener Svyatoslav Mishyn swalkaus at yahoo.com +sylgal on github Sylvestre Ledru Symeon Paraschoudis -Sébastien Willemijns -T. Bharath -T. Yamada +T200proX7 on github Tadej Vengust Tae Hyoung Ahn -Tae Wong Taiyu Len +Tal Regev +Tamás Bálint Misius +Tamir Duberstein Taneli Vähäkangas Tanguy Fautre +Taras Kushnir tarek112 on github +Tatsuhiko Miyagawa Tatsuhiro Tsujikawa +tawmoto on github +T. Bharath tbugfinder on github +Ted Lyngmo Teemu Yli-Elsila +Teh Kok How Temprimus +Tenant HellTower +Terence Eden Terri Oda Terry Wu +Tetetest thanhchungbtc on github -The Infinnovation team TheAssassin on github +TheBitBrine +The Infinnovation team +TheKnarf on github +Theo +Theo Buehler +Theodore A. Roth Theodore Dubois therealhirudo on github +Thiago Suchorski +Thibault de Villèle +thisisgk on github tholin on github +Thomas +Thomas1664 on github Thomas Bouzerar Thomas Braun Thomas Danielsson +Thomas Ferguson Thomas Gamper Thomas Glanzmann +Thomas Guillem Thomas J. Moore Thomas Klausner -Thomas L. Shinnick Thomas Lopatic +Thomas L. Shinnick Thomas M. DuBuisson Thomas Petazzoni +Thomas Pyle Thomas Ruecker Thomas Schwinge +Thomas Taylor Thomas Tonino Thomas van Hesteren Thomas Vegas +Thomas Weißschuh +Thorsten Klein Thorsten Schöning +Tianyi Song Tiit Pikma Till Maas +Till Wegmüller Tim Ansell Tim Baker Tim Bartley +Tim Becker Tim Chen Tim Costello +Tim Friedrich Brüggemann Tim Harder Tim Heckman +Tim Hill Tim Mcdonough +Timmy Schierling Tim Newsome +Timo Lange +Timo Sirainen +Timotej Lazar +Timothe Litt +Timothy Gu +Timothy Polich +Timo Tijhof Tim Rühsen Tim Sedlmeyer Tim Sneddon Tim Stack Tim Starling Tim Tassonis +Timur Artikov Tim Verhoeven -Timo Lange -Timo Sirainen -Timotej Lazar -Timothe Litt -Timothy Gu -Timothy Polich +Tim Yuer Tinus van den Berg +tinyboxvk +tiymat TJ Saunders +Tk Xiong +tkzv on github +tlahn on github tmkk on github Tobias Blomberg +Tobias Bora Tobias Gabriel Tobias Hieta Tobias Hintze Tobias Lindgren Tobias Markus +Tobias Nießen +Tobias Nygren +Tobias Nyholm Tobias Rundström +Tobias Schaefer Tobias Stoeckmann +Tobias Wendorff +Tobias Zimmermann Toby Peterson Todd A Ouska +Todd Gamblin Todd Kaufmann Todd Kulesza Todd Short Todd Vierling -Tom Benoist -Tom Donovan -Tom G. Christensen -Tom Grace -Tom Greenslade -Tom Lee -Tom Mattison -Tom Moers -Tom Mueller -Tom Regner -Tom Seddon -Tom Sparrow -Tom van der Woerdt -Tom Wright -Tom Zerucha Tomas Berger Tomas Hoger Tomas Jakobsson +Tomáš Malý Tomas Mlcoch Tomas Mraz Tomas Pospisek Tomas Szepe Tomas Tomecek +Tomas Volf Tomasz Kojm Tomasz Lacki +Tom Benoist +Tom Donovan +Tom Eccles +Tom G. Christensen +Tom Grace +Tom Greenslade +Tom Lee +Tom Mattison Tommie Gannert tommink[at]post.pl +Tom Moers +Tom Mueller +tommy +Tommy Chiang Tommy Odom Tommy Petty Tommy Tam -Ton Voon +Tom Regner +Tom Seddon +Tom Sparrow +Tom St Denis +Tom van der Woerdt +Tom Wright +tomy2105 on github +Tom Zerucha Toni Moreno +Ton Voon Tony Kelman -tonystz on Github +tonystz on github +Toon Claes Toon Verwaest Tor Arntsen Torben Dannhauer +Torben Dury +Török Edwin Torsten Foertsch Toshio Kuratomi Toshiyuki Maezawa tpaukrt on github Traian Nicolescu +Trail of Bits +tranzystorekk on github Travis Burtrum +Travis Lane Travis Obenhaus +Tristan Perrault Trivikram Kamat Troels Walsted Hansen Troy Engel +trrui-huawei +Trumeet on github +trxvorr +Trzik on github Tseng Jun Tuomas Siipola Tuomo Rinne Tupone Alfredo +Turiiya +T. Yamada Tyler Hall -Török Edwin +u20221022 on github Ulf Härnhammar Ulf Samuelsson Ulrich Doehner Ulrich Telle Ulrich Zadow +UnicornZhang on github +updatede on github UrsusArctos on github +User Sg ustcqidi on github +Vadim Grinshpun +Vaibhav Kumar Valentin David +Valentín Gutiérrez +Valentin Richter Valentyn Korniienko +Valerie Snyder Valerii Zapodovnikov vanillajonathan on github Varnavas Papaioannou Vasiliy Faronov +Vasiliy Ulyanov Vasily Lobaskin Vasy Okhin Venkat Akella Venkataramana Mokkapati +Venkat Krishna R Vicente Garcia +Victor Kislov Victor Magierski Victor Snezhko +VictorVG on github Victor Vieux Vijay Panghal Vikram Saxena +Viktor Dukhovni +Viktor Petersson Viktor Szakats Vilhelm Prytz Ville Skyttä Vilmos Nebehaj Vincas Razma Vincent Bronner +Vincent Grande Vincent Le Normand Vincent Penquerc'h Vincent Sanders Vincent Torri +violetlige on github vitaha85 on github +Vitaly Varyvdin +Vítor Galvão +vl409 on github Vlad Grachov -Vlad Ureche Vladimir Grishchenko Vladimir Kotal Vladimir Lazarenko +Vladimir Panteleev Vladimir Varlamov +Vladislavs Sokurenko +Vlad Ureche Vlastimil Ovčáčík +vlkl-sap on github +vlubart on github Vojtech Janota -Vojtech Minarik Vojtěch Král +Vojtech Minarik Volker Schmid +Vollstrecker on github Vsevolod Novikov vshmuk on hackerone +vulnerabilityspotter on hackerone +Vulpes Vulpes +vuonganh1993 on github +vvb2060 on github Vyron Tsingaras -W. Mark Kubacki +w0x42 on hackerone Waldek Kozba +Waldemar Kornewald Walter J. Mack +WangDaLei on github +wangzhikun Ward Willats Warren Menzer Wayne Haigh +Wei Chong Tan Wenchao Li +Weng Xuetian Wenxiang Qian Werner Koch Werner Stolz @@ -2343,74 +3488,138 @@ Wes Hinsley wesinator on github Wesley Laxton Wesley Miaw +Wesley Moore Wez Furlong Wham Bang Wilfredo Sanchez +Wilhelm von Thiele Will Dietz -Will Roberts +Willem Hoek Willem Sparreboom -William A. Rowe Jr William Ahern +William A. Rowe Jr +William Desportes +William Tang +Will Roberts +Winni Neessen +W. Mark Kubacki wmsch on github wncboy on github Wojciech Zwiefka +wolfsage on hackerone +Wolf Vollprecht Wouter Van Rooy Wu Yongzheng +Wu Zheng +wxiaoguang on github Wyatt O'Day +Wyatt OʼDay +Wyuer on github +x1sc0 on github +x2018 on github Xavier Bouchoux +XCas13 +xfangfang XhmikosR on github XhstormR on github -Xiang Xiao +xiadnoring on github Xiangbin Li +xianghongai on github +Xiang Xiao +xiaofeng +Xiaoke Wang Xiaoyin Liu +Xì Gà +Xi Ruoyao XmiliaH on github +xmoezzz on github xnynx on github +xtonik on github xwxbug on github +x-xiang on github +XYenon Yaakov Selkowitz +Yadhu Krishna M +Yair Lenga Yang Tse +Yaobin Wen +yaoy6 on github Yarram Sunil Yasuharu Yamada Yasuhiro Matsumoto Yechiel Kalmenson +Yedaya Katsman Yehezkel Horowitz Yehoshua Hershberg ygthien on github +Yifei Kong +Yihang Zhou Yi Huang Yiming Jing Yingwei Liu +yiyuaner on github Ymir1711 on github Yonggang Luo +Yongkang Huang +Yoshimasa Ohno +Younes El-karama youngchopin on github Yousuke Kimoto -Yu Xin +Yuhao Jiang Yukihiro Kawada Yun SangHo +Yurii Rashkovskii Yuri Slobodyanyuk +Yuriy Chernyshov Yuriy Sosov +yushicheng7788 on github Yusuke Nakamura +Yu Xin +Yuyi Wang Yves Arrouye Yves Lejeune +YX Hao +z2_ Zachary Seguin Zdenek Pavlas Zekun Ni zelinchen on github +zengwei +zengwei2000 Zenju on github Zero King -Zhao Yisha +Zespre Schmidt +zhanghu on xiaomi +Zhang Wen +Zhang Xiuhua +Zhaoming Luo Zhaoyang Wu +Zhao Yisha +zhengqwe on github Zhibiao Wu +Zhicheng Chen +zhihaoy on github Zhouyihai Ding ZimCodes on github +zjyhjqs zloi-user on github +zmcx16 on github Zmey Petroff +zopsicle on github Zvi Har'El zzq1015 on github -Ádler Jonas Gross -İsmail Dönmez -Łukasz Domeradzki -Štefan Kremeň +Борис Верховский +Йоте Коваленко Анатолий Викторович +наб Никита Дорохин ウさん 不确定 加藤郁之 +包布丁 +南宫雪珊 +左潇峰 +李四 +梦终无痕 +積丹尼 Dan Jacobson +罗朝辉 diff --git a/docs/THANKS-filter b/docs/THANKS-filter index 2555f3e67d5f..cc964a49b2a9 100644 --- a/docs/THANKS-filter +++ b/docs/THANKS-filter @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,16 +18,18 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### # # This is a list of names we have recorded that already are thanked # appropriately in THANKS. This list contains variations of their names and # their "canonical" name. This file is used for scripting purposes to avoid # duplicate entries and will not be included in release tarballs. -# When removing dupes that aren't identical names from THANKS, add a line +# When removing dupes that are not identical names from THANKS, add a line # here! # -# Used-by: contributor.sh +# Used-by: contributors.sh s/Andres Garcia/Andrés García/ s/Chris Conroy/Christopher Conroy/ s/Francois Charlier/François Charlier/ @@ -126,3 +128,37 @@ s# *autobuild https://.*## s/William A Rowe Jr/William A. Rowe Jr/ s/jonrumsey on github/Jon Rumsey/ s/Travis Burtrum on github// +s/i-ky on github/Gleb Ivanovsky/ +s/ *via curl-library *// +s/Evgeny Grin$/Evgeny Grin (Karlson2k)/ +s/Karlson2k on github/Evgeny Grin (Karlson2k)/ +s/Dan Frandrich/Dan Fandrich/ +s/Dan Fandrich\./Dan Fandrich/ +s/GitHub$// +s/pszlazak$/pszlazak on github/ +s/Randall$/Randall S. Becker/ +s/talregev on github/Tal Regev/ +s/daniel-j-h/Daniel J. H./ +s/hongfei.li/Hongfei Li/ +s/z2_ on hackerone/z2_/ +s/z2-2z on github/z2_/ +s/janedenone on hackerone/janedenone on github/ +s/Benjamin Riefenstahl Mecom/Benjamin Riefenstahl/ +s/Micah Snyder)/Micah Snyder/ +s/\#14922// +s/vvb2060\z/vvb2060 on github/ +s/kartatz\z/Kartatz on github/i +s/Karthikdasari0423\z/Karthikdasari0423 on github/ +s/niallor on github/Niall O'Reilly/ +s/RuurdBeerstra on github/Ruurd Beerstra/ +s/Smackd0wn\z/Smackd0wn on github/ +s/Testclutch// +s/edmcln\z/edmcln on github/ +s/andrewkirillov-ibm/Andrew Kirillov/ +s/\(.*\) via #[0-9]*// +s/jethrogb$/jethrogb on github/ +s/on github/on github/i +s/Maksim Sciepanienka/Maksim Ściepanienka/ +s/Qriist.*/Qriist on github/ +s/Viktor Szakatas/Viktor Szakats/ +s/Val S\./Valerie Snyder/ diff --git a/docs/TODO b/docs/TODO deleted file mode 100644 index 83939c0b7f06..000000000000 --- a/docs/TODO +++ /dev/null @@ -1,1280 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - Things that could be nice to do in the future - - Things to do in project curl. Please tell us what you think, contribute and - send us patches that improve things! - - Be aware that these are things that we could do, or have once been considered - things we could do. If you want to work on any of these areas, please - consider bringing it up for discussions first on the mailing list so that we - all agree it is still a good idea for the project! - - All bugs documented in the KNOWN_BUGS document are subject for fixing! - - 1. libcurl - 1.1 TFO support on Windows - 1.2 Consult %APPDATA% also for .netrc - 1.3 struct lifreq - 1.4 alt-svc sharing - 1.5 get rid of PATH_MAX - 1.6 native IDN support on macOS - 1.7 Support HTTP/2 for HTTP(S) proxies - 1.8 CURLOPT_RESOLVE for any port number - 1.9 Cache negative name resolves - 1.10 auto-detect proxy - 1.11 minimize dependencies with dynamically loaded modules - 1.12 updated DNS server while running - 1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION - 1.14 Typesafe curl_easy_setopt() - 1.15 Monitor connections in the connection pool - 1.16 Try to URL encode given URL - 1.17 Add support for IRIs - 1.18 try next proxy if one doesn't work - 1.19 provide timing info for each redirect - 1.20 SRV and URI DNS records - 1.21 netrc caching and sharing - 1.22 CURLINFO_PAUSE_STATE - 1.23 Offer API to flush the connection pool - 1.24 TCP Fast Open for windows - 1.25 Expose tried IP addresses that failed - 1.27 hardcode the "localhost" addresses - 1.28 FD_CLOEXEC - 1.29 Upgrade to websockets - 1.30 config file parsing - - 2. libcurl - multi interface - 2.1 More non-blocking - 2.2 Better support for same name resolves - 2.3 Non-blocking curl_multi_remove_handle() - 2.4 Split connect and authentication process - 2.5 Edge-triggered sockets should work - 2.6 multi upkeep - 2.7 Virtual external sockets - 2.8 dynamically decide to use socketpair - - 3. Documentation - 3.2 Provide cmake config-file - - 4. FTP - 4.1 HOST - 4.2 Alter passive/active on failure and retry - 4.3 Earlier bad letter detection - 4.5 ASCII support - 4.6 GSSAPI via Windows SSPI - 4.7 STAT for LIST without data connection - 4.8 Option to ignore private IP addresses in PASV response - - 5. HTTP - 5.1 Better persistency for HTTP 1.0 - 5.2 Set custom client ip when using haproxy protocol - 5.3 Rearrange request header order - 5.4 Allow SAN names in HTTP/2 server push - 5.5 auth= in URLs - 5.6 alt-svc should fallback if alt-svc doesn't work - - 6. TELNET - 6.1 ditch stdin - 6.2 ditch telnet-specific select - 6.3 feature negotiation debug data - - 7. SMTP - 7.2 Enhanced capability support - 7.3 Add CURLOPT_MAIL_CLIENT option - - 8. POP3 - 8.2 Enhanced capability support - - 9. IMAP - 9.1 Enhanced capability support - - 10. LDAP - 10.1 SASL based authentication mechanisms - 10.2 CURLOPT_SSL_CTX_FUNCTION for LDAPS - 10.3 Paged searches on LDAP server - - 11. SMB - 11.1 File listing support - 11.2 Honor file timestamps - 11.3 Use NTLMv2 - 11.4 Create remote directories - - 12. FILE - 12.1 Directory listing for FILE: - - 13. SSL - 13.1 TLS-PSK with OpenSSL - 13.2 Provide mutex locking API - 13.4 Cache/share OpenSSL contexts - 13.5 Export session ids - 13.6 Provide callback for cert verification - 13.8 Support DANE - 13.9 TLS record padding - 13.10 Support Authority Information Access certificate extension (AIA) - 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY - 13.13 Make sure we forbid TLS 1.3 post-handshake authentication - 13.14 Support the clienthello extension - - 14. GnuTLS - 14.2 check connection - - 15. Schannel - 15.1 Extend support for client certificate authentication - 15.2 Extend support for the --ciphers option - 15.4 Add option to allow abrupt server closure - - 16. SASL - 16.1 Other authentication mechanisms - 16.2 Add QOP support to GSSAPI authentication - 16.3 Support binary messages (i.e.: non-base64) - - 17. SSH protocols - 17.1 Multiplexing - 17.2 Handle growing SFTP files - 17.3 Support better than MD5 hostkey hash - 17.4 Support CURLOPT_PREQUOTE - 17.5 SSH over HTTPS proxy with more backends - - 18. Command line tool - 18.1 sync - 18.2 glob posts - 18.3 prevent file overwriting - 18.4 --proxycommand - 18.5 UTF-8 filenames in Content-Disposition - 18.6 Option to make -Z merge lined based outputs on stdout - 18.7 at least N milliseconds between requests - 18.8 Consider convenience options for JSON and XML? - 18.9 Choose the name of file in braces for complex URLs - 18.10 improve how curl works in a windows console window - 18.11 Windows: set attribute 'archive' for completed downloads - 18.12 keep running, read instructions from pipe/socket - 18.13 Ratelimit or wait between serial requests - 18.14 --dry-run - 18.15 --retry should resume - 18.16 send only part of --data - 18.17 consider file name from the redirected URL with -O ? - 18.18 retry on network is unreachable - 18.19 expand ~/ in config files - 18.20 host name sections in config files - 18.21 retry on the redirected-to URL - 18.23 Set the modification date on an uploaded file - 18.24 Use multiple parallel transfers for a single download - 18.25 Prevent terminal injection when writing to terminal - 18.26 Custom progress meter update interval - - 19. Build - 19.1 roffit - 19.2 Enable PIE and RELRO by default - 19.3 Don't use GNU libtool on OpenBSD - 19.4 Package curl for Windows in a signed installer - - 20. Test suite - 20.1 SSL tunnel - 20.2 nicer lacking perl message - 20.3 more protocols supported - 20.4 more platforms supported - 20.5 Add support for concurrent connections - 20.6 Use the RFC6265 test suite - 20.7 Support LD_PRELOAD on macOS - 20.8 Run web-platform-tests url tests - 20.9 Bring back libssh tests on Travis - - 21. MQTT - 21.1 Support rate-limiting - -============================================================================== - -1. libcurl - -1.1 TFO support on Windows - - TCP Fast Open is supported on several platforms but not on Windows. Work on - this was once started but never finished. - - See https://github.com/curl/curl/pull/3378 - -1.2 Consult %APPDATA% also for .netrc - - %APPDATA%\.netrc is not considered when running on Windows. Shouldn't it? - - See https://github.com/curl/curl/issues/4016 - -1.3 struct lifreq - - Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and - SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete. - To support IPv6 interface addresses for network interfaces properly. - -1.4 alt-svc sharing - - The share interface could benefit from allowing the alt-svc cache to be - possible to share between easy handles. - - See https://github.com/curl/curl/issues/4476 - -1.5 get rid of PATH_MAX - - Having code use and rely on PATH_MAX is not nice: - https://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html - - Currently the libssh2 SSH based code uses it, but to remove PATH_MAX from - there we need libssh2 to properly tell us when we pass in a too small buffer - and its current API (as of libssh2 1.2.7) doesn't. - -1.6 native IDN support on macOS - - On recent macOS versions, the getaddrinfo() function itself has built-in IDN - support. By setting the AI_CANONNAME flag, the function will return the - encoded name in the ai_canonname struct field in the returned information. - This could be used by curl on macOS when built without a separate IDN library - and an IDN host name is used in a URL. - - See initial work in https://github.com/curl/curl/pull/5371 - -1.7 Support HTTP/2 for HTTP(S) proxies - - Support for doing HTTP/2 to HTTP and HTTPS proxies is still missing. - - See https://github.com/curl/curl/issues/3570 - -1.8 CURLOPT_RESOLVE for any port number - - This option allows applications to set a replacement IP address for a given - host + port pair. Consider making support for providing a replacement address - for the host name on all port numbers. - - See https://github.com/curl/curl/issues/1264 - -1.9 Cache negative name resolves - - A name resolve that has failed is likely to fail when made again within a - short period of time. Currently we only cache positive responses. - -1.10 auto-detect proxy - - libcurl could be made to detect the system proxy setup automatically and use - that. On Windows, macOS and Linux desktops for example. - - The pull-request to use libproxy for this was deferred due to doubts on the - reliability of the dependency and how to use it: - https://github.com/curl/curl/pull/977 - - libdetectproxy is a (C++) library for detecting the proxy on Windows - https://github.com/paulharris/libdetectproxy - -1.11 minimize dependencies with dynamically loaded modules - - We can create a system with loadable modules/plug-ins, where these modules - would be the ones that link to 3rd party libs. That would allow us to avoid - having to load ALL dependencies since only the necessary ones for this - app/invoke/used protocols would be necessary to load. See - https://github.com/curl/curl/issues/349 - -1.12 updated DNS server while running - - If /etc/resolv.conf gets updated while a program using libcurl is running, it - is may cause name resolves to fail unless res_init() is called. We should - consider calling res_init() + retry once unconditionally on all name resolve - failures to mitigate against this. Firefox works like that. Note that Windows - doesn't have res_init() or an alternative. - - https://github.com/curl/curl/issues/2251 - -1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION - - curl will create most sockets via the CURLOPT_OPENSOCKETFUNCTION callback and - close them with the CURLOPT_CLOSESOCKETFUNCTION callback. However, c-ares - does not use those functions and instead opens and closes the sockets - itself. This means that when curl passes the c-ares socket to the - CURLMOPT_SOCKETFUNCTION it isn't owned by the application like other sockets. - - See https://github.com/curl/curl/issues/2734 - -1.14 Typesafe curl_easy_setopt() - - One of the most common problems in libcurl using applications is the lack of - type checks for curl_easy_setopt() which happens because it accepts varargs - and thus can take any type. - - One possible solution to this is to introduce a few different versions of the - setopt version for the different kinds of data you can set. - - curl_easy_set_num() - sets a long value - - curl_easy_set_large() - sets a curl_off_t value - - curl_easy_set_ptr() - sets a pointer - - curl_easy_set_cb() - sets a callback PLUS its callback data - -1.15 Monitor connections in the connection pool - - libcurl's connection cache or pool holds a number of open connections for the - purpose of possible subsequent connection reuse. It may contain a few up to a - significant amount of connections. Currently, libcurl leaves all connections - as they are and first when a connection is iterated over for matching or - reuse purpose it is verified that it is still alive. - - Those connections may get closed by the server side for idleness or they may - get a HTTP/2 ping from the peer to verify that they're still alive. By adding - monitoring of the connections while in the pool, libcurl can detect dead - connections (and close them) better and earlier, and it can handle HTTP/2 - pings to keep such ones alive even when not actively doing transfers on them. - -1.16 Try to URL encode given URL - - Given a URL that for example contains spaces, libcurl could have an option - that would try somewhat harder than it does now and convert spaces to %20 and - perhaps URL encoded byte values over 128 etc (basically do what the redirect - following code already does). - - https://github.com/curl/curl/issues/514 - -1.17 Add support for IRIs - - IRIs (RFC 3987) allow localized, non-ascii, names in the URL. To properly - support this, curl/libcurl would need to translate/encode the given input - from the input string encoding into percent encoded output "over the wire". - - To make that work smoothly for curl users even on Windows, curl would - probably need to be able to convert from several input encodings. - -1.18 try next proxy if one doesn't work - - Allow an application to specify a list of proxies to try, and failing to - connect to the first go on and try the next instead until the list is - exhausted. Browsers support this feature at least when they specify proxies - using PACs. - - https://github.com/curl/curl/issues/896 - -1.19 provide timing info for each redirect - - curl and libcurl provide timing information via a set of different - time-stamps (CURLINFO_*_TIME). When curl is following redirects, those - returned time value are the accumulated sums. An improvement could be to - offer separate timings for each redirect. - - https://github.com/curl/curl/issues/6743 - -1.20 SRV and URI DNS records - - Offer support for resolving SRV and URI DNS records for libcurl to know which - server to connect to for various protocols (including HTTP!). - -1.21 netrc caching and sharing - - The netrc file is read and parsed each time a connection is setup, which - means that if a transfer needs multiple connections for authentication or - redirects, the file might be reread (and parsed) multiple times. This makes - it impossible to provide the file as a pipe. - -1.22 CURLINFO_PAUSE_STATE - - Return information about the transfer's current pause state, in both - directions. https://github.com/curl/curl/issues/2588 - -1.23 Offer API to flush the connection pool - - Sometimes applications want to flush all the existing connections kept alive. - An API could allow a forced flush or just a forced loop that would properly - close all connections that have been closed by the server already. - -1.24 TCP Fast Open for windows - - libcurl supports the CURLOPT_TCP_FASTOPEN option since 7.49.0 for Linux and - Mac OS. Windows supports TCP Fast Open starting with Windows 10, version 1607 - and we should add support for it. - -1.25 Expose tried IP addresses that failed - - When libcurl fails to connect to a host, it should be able to offer the - application the list of IP addresses that were used in the attempt. - - https://github.com/curl/curl/issues/2126 - -1.27 hardcode the "localhost" addresses - - There's this new spec getting adopted that says "localhost" should always and - unconditionally be a local address and not get resolved by a DNS server. A - fine way for curl to fix this would be to simply hard-code the response to - 127.0.0.1 and/or ::1 (depending on what IP versions that are requested). This - is what the browsers probably will do with this hostname. - - https://bugzilla.mozilla.org/show_bug.cgi?id=1220810 - - https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02 - -1.28 FD_CLOEXEC - - It sets the close-on-exec flag for the file descriptor, which causes the file - descriptor to be automatically (and atomically) closed when any of the - exec-family functions succeed. Should probably be set by default? - - https://github.com/curl/curl/issues/2252 - -1.29 Upgrade to websockets - - libcurl could offer a smoother path to get to a websocket connection. - See https://github.com/curl/curl/issues/3523 - - Michael Kaufmann suggestion here: - https://curl.se/video/curlup-2017/2017-03-19_05_Michael_Kaufmann_Websocket_support_for_curl.mp4 - -1.30 config file parsing - - Consider providing an API, possibly in a separate companion library, for - parsing a config file like curl's -K/--config option to allow applications to - get the same ability to read curl options from files. - - See https://github.com/curl/curl/issues/3698 - -2. libcurl - multi interface - -2.1 More non-blocking - - Make sure we don't ever loop because of non-blocking sockets returning - EWOULDBLOCK or similar. Blocking cases include: - - - Name resolves on non-windows unless c-ares or the threaded resolver is used. - - - The threaded resolver may block on cleanup: - https://github.com/curl/curl/issues/4852 - - - file:// transfers - - - TELNET transfers - - - GSSAPI authentication for FTP transfers - - - The "DONE" operation (post transfer protocol-specific actions) for the - protocols SFTP, SMTP, FTP. Fixing multi_done() for this is a worthy task. - - - curl_multi_remove_handle for any of the above. See section 2.3. - -2.2 Better support for same name resolves - - If a name resolve has been initiated for name NN and a second easy handle - wants to resolve that name as well, make it wait for the first resolve to end - up in the cache instead of doing a second separate resolve. This is - especially needed when adding many simultaneous handles using the same host - name when the DNS resolver can get flooded. - -2.3 Non-blocking curl_multi_remove_handle() - - The multi interface has a few API calls that assume a blocking behavior, like - add_handle() and remove_handle() which limits what we can do internally. The - multi API need to be moved even more into a single function that "drives" - everything in a non-blocking manner and signals when something is done. A - remove or add would then only ask for the action to get started and then - multi_perform() etc still be called until the add/remove is completed. - -2.4 Split connect and authentication process - - The multi interface treats the authentication process as part of the connect - phase. As such any failures during authentication won't trigger the relevant - QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP. - -2.5 Edge-triggered sockets should work - - The multi_socket API should work with edge-triggered socket events. One of - the internal actions that need to be improved for this to work perfectly is - the 'maxloops' handling in transfer.c:readwrite_data(). - -2.6 multi upkeep - - In libcurl 7.62.0 we introduced curl_easy_upkeep. It unfortunately only works - on easy handles. We should introduces a version of that for the multi handle, - and also consider doing "upkeep" automatically on connections in the - connection pool when the multi handle is in used. - - See https://github.com/curl/curl/issues/3199 - -2.7 Virtual external sockets - - libcurl performs operations on the given file descriptor that presumes it is - a socket and an application cannot replace them at the moment. Allowing an - application to fully replace those would allow a larger degree of freedom and - flexibility. - - See https://github.com/curl/curl/issues/5835 - -2.8 dynamically decide to use socketpair - - For users who don't use curl_multi_wait() or don't care for - curl_multi_wakeup(), we could introduce a way to make libcurl NOT - create a socketpair in the multi handle. - - See https://github.com/curl/curl/issues/4829 - -3. Documentation - -3.2 Provide cmake config-file - - A config-file package is a set of files provided by us to allow applications - to write cmake scripts to find and use libcurl easier. See - https://github.com/curl/curl/issues/885 - -4. FTP - -4.1 HOST - - HOST is a command for a client to tell which host name to use, to offer FTP - servers named-based virtual hosting: - - https://tools.ietf.org/html/rfc7151 - -4.2 Alter passive/active on failure and retry - - When trying to connect passively to a server which only supports active - connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the - connection. There could be a way to fallback to an active connection (and - vice versa). https://curl.se/bug/feature.cgi?id=1754793 - -4.3 Earlier bad letter detection - - Make the detection of (bad) %0d and %0a codes in FTP URL parts earlier in the - process to avoid doing a resolve and connect in vain. - -4.5 ASCII support - - FTP ASCII transfers do not follow RFC959. They don't convert the data - accordingly. - -4.6 GSSAPI via Windows SSPI - - In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5) - via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add - support for GSSAPI authentication via Windows SSPI. - -4.7 STAT for LIST without data connection - - Some FTP servers allow STAT for listing directories instead of using LIST, - and the response is then sent over the control connection instead of as the - otherwise usedw data connection: https://www.nsftools.com/tips/RawFTP.htm#STAT - - This is not detailed in any FTP specification. - -4.8 Option to ignore private IP addresses in PASV response - - Some servers respond with and some other FTP client implementations can - ignore private (RFC 1918 style) IP addresses when received in PASV responses. - To consider for libcurl as well. See https://github.com/curl/curl/issues/1455 - -5. HTTP - -5.1 Better persistency for HTTP 1.0 - - "Better" support for persistent connections over HTTP 1.0 - https://curl.se/bug/feature.cgi?id=1089001 - -5.2 Set custom client ip when using haproxy protocol - - This would allow testing servers with different client ip addresses (without - using x-forward-for header). - - https://github.com/curl/curl/issues/5125 - -5.3 Rearrange request header order - - Server implementors often make an effort to detect browser and to reject - clients it can detect to not match. One of the last details we cannot yet - control in libcurl's HTTP requests, which also can be exploited to detect - that libcurl is in fact used even when it tries to impersonate a browser, is - the order of the request headers. I propose that we introduce a new option in - which you give headers a value, and then when the HTTP request is built it - sorts the headers based on that number. We could then have internally created - headers use a default value so only headers that need to be moved have to be - specified. - -5.4 Allow SAN names in HTTP/2 server push - - curl only allows HTTP/2 push promise if the provided :authority header value - exactly matches the host name given in the URL. It could be extended to allow - any name that would match the Subject Alternative Names in the server's TLS - certificate. - - See https://github.com/curl/curl/pull/3581 - -5.5 auth= in URLs - - Add the ability to specify the preferred authentication mechanism to use by - using ;auth= in the login part of the URL. - - For example: - - http://test:pass;auth=NTLM@example.com would be equivalent to specifying - --user test:pass;auth=NTLM or --user test:pass --ntlm from the command line. - - Additionally this should be implemented for proxy base URLs as well. - -5.6 alt-svc should fallback if alt-svc doesn't work - - The alt-svc: header provides a set of alternative services for curl to use - instead of the original. If the first attempted one fails, it should try the - next etc and if all alternatives fail go back to the original. - - See https://github.com/curl/curl/issues/4908 - -6. TELNET - -6.1 ditch stdin - - Reading input (to send to the remote server) on stdin is a crappy solution - for library purposes. We need to invent a good way for the application to be - able to provide the data to send. - -6.2 ditch telnet-specific select - - Move the telnet support's network select() loop go away and merge the code - into the main transfer loop. Until this is done, the multi interface won't - work for telnet. - -6.3 feature negotiation debug data - - Add telnet feature negotiation data to the debug callback as header data. - - -7. SMTP - -7.2 Enhanced capability support - - Add the ability, for an application that uses libcurl, to obtain the list of - capabilities returned from the EHLO command. - -7.3 Add CURLOPT_MAIL_CLIENT option - - Rather than use the URL to specify the mail client string to present in the - HELO and EHLO commands, libcurl should support a new CURLOPT specifically for - specifying this data as the URL is non-standard and to be honest a bit of a - hack ;-) - - Please see the following thread for more information: - https://curl.se/mail/lib-2012-05/0178.html - - -8. POP3 - -8.2 Enhanced capability support - - Add the ability, for an application that uses libcurl, to obtain the list of - capabilities returned from the CAPA command. - -9. IMAP - -9.1 Enhanced capability support - - Add the ability, for an application that uses libcurl, to obtain the list of - capabilities returned from the CAPABILITY command. - -10. LDAP - -10.1 SASL based authentication mechanisms - - Currently the LDAP module only supports ldap_simple_bind_s() in order to bind - to an LDAP server. However, this function sends username and password details - using the simple authentication mechanism (as clear text). However, it should - be possible to use ldap_bind_s() instead specifying the security context - information ourselves. - -10.2 CURLOPT_SSL_CTX_FUNCTION for LDAPS - - CURLOPT_SSL_CTX_FUNCTION works perfectly for HTTPS and email protocols, but - it has no effect for LDAPS connections. - - https://github.com/curl/curl/issues/4108 - -10.3 Paged searches on LDAP server - - https://github.com/curl/curl/issues/4452 - -11. SMB - -11.1 File listing support - - Add support for listing the contents of a SMB share. The output should - probably be the same as/similar to FTP. - -11.2 Honor file timestamps - - The timestamp of the transferred file should reflect that of the original - file. - -11.3 Use NTLMv2 - - Currently the SMB authentication uses NTLMv1. - -11.4 Create remote directories - - Support for creating remote directories when uploading a file to a directory - that doesn't exist on the server, just like --ftp-create-dirs. - - -12. FILE - -12.1 Directory listing for FILE: - - Add support for listing the contents of a directory accessed with FILE. The - output should probably be the same as/similar to FTP. - - -13. SSL - -13.1 TLS-PSK with OpenSSL - - Transport Layer Security pre-shared key ciphersuites (TLS-PSK) is a set of - cryptographic protocols that provide secure communication based on pre-shared - keys (PSKs). These pre-shared keys are symmetric keys shared in advance among - the communicating parties. - - https://github.com/curl/curl/issues/5081 - -13.2 Provide mutex locking API - - Provide a libcurl API for setting mutex callbacks in the underlying SSL - library, so that the same application code can use mutex-locking - independently of OpenSSL or GnutTLS being used. - -13.4 Cache/share OpenSSL contexts - - "Look at SSL cafile - quick traces look to me like these are done on every - request as well, when they should only be necessary once per SSL context (or - once per handle)". The major improvement we can rather easily do is to make - sure we don't create and kill a new SSL "context" for every request, but - instead make one for every connection and re-use that SSL context in the same - style connections are re-used. It will make us use slightly more memory but - it will libcurl do less creations and deletions of SSL contexts. - - Technically, the "caching" is probably best implemented by getting added to - the share interface so that easy handles who want to and can reuse the - context specify that by sharing with the right properties set. - - https://github.com/curl/curl/issues/1110 - -13.5 Export session ids - - Add an interface to libcurl that enables "session IDs" to get - exported/imported. Cris Bailiff said: "OpenSSL has functions which can - serialise the current SSL state to a buffer of your choice, and recover/reset - the state from such a buffer at a later date - this is used by mod_ssl for - apache to implement and SSL session ID cache". - -13.6 Provide callback for cert verification - - OpenSSL supports a callback for customised verification of the peer - certificate, but this doesn't seem to be exposed in the libcurl APIs. Could - it be? There's so much that could be done if it were! - -13.8 Support DANE - - DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL - keys and certs over DNS using DNSSEC as an alternative to the CA model. - https://www.rfc-editor.org/rfc/rfc6698.txt - - An initial patch was posted by Suresh Krishnaswamy on March 7th 2013 - (https://curl.se/mail/lib-2013-03/0075.html) but it was a too simple - approach. See Daniel's comments: - https://curl.se/mail/lib-2013-03/0103.html . libunbound may be the - correct library to base this development on. - - Björn Stenberg wrote a separate initial take on DANE that was never - completed. - -13.9 TLS record padding - - TLS (1.3) offers optional record padding and OpenSSL provides an API for it. - I could make sense for libcurl to offer this ability to applications to make - traffic patterns harder to figure out by network traffic observers. - - See https://github.com/curl/curl/issues/5398 - -13.10 Support Authority Information Access certificate extension (AIA) - - AIA can provide various things like CRLs but more importantly information - about intermediate CA certificates that can allow validation path to be - fulfilled when the HTTPS server doesn't itself provide them. - - Since AIA is about downloading certs on demand to complete a TLS handshake, - it is probably a bit tricky to get done right. - - See https://github.com/curl/curl/issues/2793 - -13.11 Support intermediate & root pinning for PINNEDPUBLICKEY - - CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root - certificates when comparing the pinned keys. Therefore it is not compatible - with "HTTP Public Key Pinning" as there also intermediate and root - certificates can be pinned. This is very useful as it prevents webadmins from - "locking themselves out of their servers". - - Adding this feature would make curls pinning 100% compatible to HPKP and - allow more flexible pinning. - -13.13 Make sure we forbid TLS 1.3 post-handshake authentication - - RFC 8740 explains how using HTTP/2 must forbid the use of TLS 1.3 - post-handshake authentication. We should make sure to live up to that. - - See https://github.com/curl/curl/issues/5396 - -13.14 Support the clienthello extension - - Certain stupid networks and middle boxes have a problem with SSL handshake - packets that are within a certain size range because how that sets some bits - that previously (in older TLS version) were not set. The clienthello - extension adds padding to avoid that size range. - - https://tools.ietf.org/html/rfc7685 - https://github.com/curl/curl/issues/2299 - -14. GnuTLS - -14.2 check connection - - Add a way to check if the connection seems to be alive, to correspond to the - SSL_peak() way we use with OpenSSL. - -15. Schannel - -15.1 Extend support for client certificate authentication - - The existing support for the -E/--cert and --key options could be - extended by supplying a custom certificate and key in PEM format, see: - - Getting a Certificate for Schannel - https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx - -15.2 Extend support for the --ciphers option - - The existing support for the --ciphers option could be extended - by mapping the OpenSSL/GnuTLS cipher suites to the Schannel APIs, see - - Specifying Schannel Ciphers and Cipher Strengths - https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx - -15.4 Add option to allow abrupt server closure - - libcurl w/schannel will error without a known termination point from the - server (such as length of transfer, or SSL "close notify" alert) to prevent - against a truncation attack. Really old servers may neglect to send any - termination point. An option could be added to ignore such abrupt closures. - - https://github.com/curl/curl/issues/4427 - -16. SASL - -16.1 Other authentication mechanisms - - Add support for other authentication mechanisms such as OLP, - GSS-SPNEGO and others. - -16.2 Add QOP support to GSSAPI authentication - - Currently the GSSAPI authentication only supports the default QOP of auth - (Authentication), whilst Kerberos V5 supports both auth-int (Authentication - with integrity protection) and auth-conf (Authentication with integrity and - privacy protection). - -16.3 Support binary messages (i.e.: non-base64) - - Mandatory to support LDAP SASL authentication. - - -17. SSH protocols - -17.1 Multiplexing - - SSH is a perfectly fine multiplexed protocols which would allow libcurl to do - multiple parallel transfers from the same host using the same connection, - much in the same spirit as HTTP/2 does. libcurl however does not take - advantage of that ability but will instead always create a new connection for - new transfers even if an existing connection already exists to the host. - - To fix this, libcurl would have to detect an existing connection and "attach" - the new transfer to the existing one. - -17.2 Handle growing SFTP files - - The SFTP code in libcurl checks the file size *before* a transfer starts and - then proceeds to transfer exactly that amount of data. If the remote file - grows while the transfer is in progress libcurl won't notice and will not - adapt. The OpenSSH SFTP command line tool does and libcurl could also just - attempt to download more to see if there is more to get... - - https://github.com/curl/curl/issues/4344 - -17.3 Support better than MD5 hostkey hash - - libcurl offers the CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 option for verifying the - server's key. MD5 is generally being deprecated so we should implement - support for stronger hashing algorithms. libssh2 itself is what provides this - underlying functionality and it supports at least SHA-1 as an alternative. - SHA-1 is also being deprecated these days so we should consider working with - libssh2 to instead offer support for SHA-256 or similar. - -17.4 Support CURLOPT_PREQUOTE - - The two other QUOTE options are supported for SFTP, but this was left out for - unknown reasons! - -17.5 SSH over HTTPS proxy with more backends - - The SSH based protocols SFTP and SCP didn't work over HTTPS proxy at - all until PR https://github.com/curl/curl/pull/6021 brought the - functionality with the libssh2 backend. Presumably, this support - can/could be added for the other backends as well. - -18. Command line tool - -18.1 sync - - "curl --sync http://example.com/feed[1-100].rss" or - "curl --sync http://example.net/{index,calendar,history}.html" - - Downloads a range or set of URLs using the remote name, but only if the - remote file is newer than the local file. A Last-Modified HTTP date header - should also be used to set the mod date on the downloaded file. - -18.2 glob posts - - Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. - This is easily scripted though. - -18.3 prevent file overwriting - - Add an option that prevents curl from overwriting existing local files. When - used, and there already is an existing file with the target file name - (either -O or -o), a number should be appended (and increased if already - existing). So that index.html becomes first index.html.1 and then - index.html.2 etc. - -18.4 --proxycommand - - Allow the user to make curl run a command and use its stdio to make requests - and not do any network connection by itself. Example: - - curl --proxycommand 'ssh pi@raspberrypi.local -W 10.1.1.75 80' \ - http://some/otherwise/unavailable/service.php - - See https://github.com/curl/curl/issues/4941 - -18.5 UTF-8 filenames in Content-Disposition - - RFC 6266 documents how UTF-8 names can be passed to a client in the - Content-Disposition header, and curl does not support this. - - https://github.com/curl/curl/issues/1888 - -18.6 Option to make -Z merge lined based outputs on stdout - - When a user requests multiple lined based files using -Z and sends them to - stdout, curl will not "merge" and send complete lines fine but may very well - send partial lines from several sources. - - https://github.com/curl/curl/issues/5175 - -18.7 at least N milliseconds between requests - - Allow curl command lines issue a lot of request against services that limit - users to no more than N requests/second or similar. Could be implemented with - an option asking that at least a certain time has elapsed since the previous - request before the next one will be performed. Example: - - $ curl "https://example.com/api?input=[1-1000]" -d yadayada --after 500 - - See https://github.com/curl/curl/issues/3920 - -18.8 Consider convenience options for JSON and XML? - - Could we add `--xml` or `--json` to add headers needed to call rest API: - - `--xml` adds -H 'Content-Type: application/xml' -H "Accept: application/xml" and - `--json` adds -H 'Content-Type: application/json' -H "Accept: application/json" - - Setting Content-Type when doing a GET or any other method without a body - would be a bit strange I think - so maybe only add CT for requests with body? - Maybe plain `--xml` and ` --json` are a bit too brief and generic. Maybe - `--http-json` etc? - - See https://github.com/curl/curl/issues/5203 - -18.9 Choose the name of file in braces for complex URLs - - When using braces to download a list of URLs and you use complicated names - in the list of alternatives, it could be handy to allow curl to use other - names when saving. - - Consider a way to offer that. Possibly like - {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the - colon is the output name. - - See https://github.com/curl/curl/issues/221 - -18.10 improve how curl works in a windows console window - - If you pull the scrollbar when transferring with curl in a Windows console - window, the transfer is interrupted and can get disconnected. This can - probably be improved. See https://github.com/curl/curl/issues/322 - -18.11 Windows: set attribute 'archive' for completed downloads - - The archive bit (FILE_ATTRIBUTE_ARCHIVE, 0x20) separates files that shall be - backed up from those that are either not ready or have not changed. - - Downloads in progress are neither ready to be backed up, nor should they be - opened by a different process. Only after a download has been completed it's - sensible to include it in any integer snapshot or backup of the system. - - See https://github.com/curl/curl/issues/3354 - -18.12 keep running, read instructions from pipe/socket - - Provide an option that makes curl not exit after the last URL (or even work - without a given URL), and then make it read instructions passed on a pipe or - over a socket to make further instructions so that a second subsequent curl - invoke can talk to the still running instance and ask for transfers to get - done, and thus maintain its connection pool, DNS cache and more. - -18.13 Ratelimit or wait between serial requests - - Consider a command line option that can make curl do multiple serial requests - slow, potentially with a (random) wait between transfers. There's also a - proposed set of standard HTTP headers to let servers let the client adapt to - its rate limits: - https://www.ietf.org/id/draft-polli-ratelimit-headers-02.html - - See https://github.com/curl/curl/issues/5406 - -18.14 --dry-run - - A command line option that makes curl show exactly what it would do and send - if it would run for real. - - See https://github.com/curl/curl/issues/5426 - -18.15 --retry should resume - - When --retry is used and curl actually retries transfer, it should use the - already transferred data and do a resumed transfer for the rest (when - possible) so that it doesn't have to transfer the same data again that was - already transferred before the retry. - - See https://github.com/curl/curl/issues/1084 - -18.16 send only part of --data - - When the user only wants to send a small piece of the data provided with - --data or --data-binary, like when that data is a huge file, consider a way - to specify that curl should only send a piece of that. One suggested syntax - would be: "--data-binary @largefile.zip!1073741823-2147483647". - - See https://github.com/curl/curl/issues/1200 - -18.17 consider file name from the redirected URL with -O ? - - When a user gives a URL and uses -O, and curl follows a redirect to a new - URL, the file name is not extracted and used from the newly redirected-to URL - even if the new URL may have a much more sensible file name. - - This is clearly documented and helps for security since there's no surprise - to users which file name that might get overwritten. But maybe a new option - could allow for this or maybe -J should imply such a treatment as well as -J - already allows for the server to decide what file name to use so it already - provides the "may overwrite any file" risk. - - This is extra tricky if the original URL has no file name part at all since - then the current code path will error out with an error message, and we can't - *know* already at that point if curl will be redirected to a URL that has a - file name... - - See https://github.com/curl/curl/issues/1241 - -18.18 retry on network is unreachable - - The --retry option retries transfers on "transient failures". We later added - --retry-connrefused to also retry for "connection refused" errors. - - Suggestions have been brought to also allow retry on "network is unreachable" - errors and while totally reasonable, maybe we should consider a way to make - this more configurable than to add a new option for every new error people - want to retry for? - - https://github.com/curl/curl/issues/1603 - -18.19 expand ~/ in config files - - For example .curlrc could benefit from being able to do this. - - See https://github.com/curl/curl/issues/2317 - -18.20 host name sections in config files - - config files would be more powerful if they could set different - configurations depending on used URLs, host name or possibly origin. Then a - default .curlrc could a specific user-agent only when doing requests against - a certain site. - -18.21 retry on the redirected-to URL - - When curl is told to --retry a failed transfer and follows redirects, it - might get a HTTP 429 response from the redirected-to URL and not the original - one, which then could make curl decide to rather retry the transfer on that - URL only instead of the original operation to the original URL. - - Perhaps extra emphasized if the original transfer is a large POST that - redirects to a separate GET, and that GET is what gets the 529 - - See https://github.com/curl/curl/issues/5462 - -18.23 Set the modification date on an uploaded file - - For SFTP and possibly FTP, curl could offer an option to set the - modification time for the uploaded file. - - See https://github.com/curl/curl/issues/5768 - -18.24 Use multiple parallel transfers for a single download - - To enhance transfer speed, downloading a single URL can be split up into - multiple separate range downloads that get combined into a single final - result. - - An ideal implementation would not use a specified number of parallel - transfers, but curl could: - - First start getting the full file as transfer A - - If after N seconds have passed and the transfer is expected to continue for - M seconds or more, add a new transfer (B) that asks for the second half of - A's content (and stop A at the middle). - - If splitting up the work improves the transfer rate, it could then be done - again. Then again, etc up to a limit. - - This way, if transfer B fails (because Range: isn't supported) it will let - transfer A remain the single one. N and M could be set to some sensible - defaults. - - See https://github.com/curl/curl/issues/5774 - -18.25 Prevent terminal injection when writing to terminal - - curl could offer an option to make escape sequence either non-functional or - avoid cursor moves or similar to reduce the risk of a user getting tricked by - clever tricks. - - See https://github.com/curl/curl/issues/6150 - -18.26 Custom progress meter update interval - - Users who are for example doing large downloads in CI or remote setups might - want the occasional progress meter update to see that the transfer is - progressing and hasn't stuck, but they may not appreciate the - many-times-a-second frequency curl can end up doing it with now. - -19. Build - -19.1 roffit - - Consider extending 'roffit' to produce decent ASCII output, and use that - instead of (g)nroff when building src/tool_hugehelp.c - -19.2 Enable PIE and RELRO by default - - Especially when having programs that execute curl via the command line, PIE - renders the exploitation of memory corruption vulnerabilities a lot more - difficult. This can be attributed to the additional information leaks being - required to conduct a successful attack. RELRO, on the other hand, masks - different binary sections like the GOT as read-only and thus kills a handful - of techniques that come in handy when attackers are able to arbitrarily - overwrite memory. A few tests showed that enabling these features had close - to no impact, neither on the performance nor on the general functionality of - curl. - -19.3 Don't use GNU libtool on OpenBSD - When compiling curl on OpenBSD with "--enable-debug" it will give linking - errors when you use GNU libtool. This can be fixed by using the libtool - provided by OpenBSD itself. However for this the user always needs to invoke - make with "LIBTOOL=/usr/bin/libtool". It would be nice if the script could - have some magic to detect if this system is an OpenBSD host and then use the - OpenBSD libtool instead. - - See https://github.com/curl/curl/issues/5862 - -19.4 Package curl for Windows in a signed installer - - See https://github.com/curl/curl/issues/5424 - -20. Test suite - -20.1 SSL tunnel - - Make our own version of stunnel for simple port forwarding to enable HTTPS - and FTP-SSL tests without the stunnel dependency, and it could allow us to - provide test tools built with either OpenSSL or GnuTLS - -20.2 nicer lacking perl message - - If perl wasn't found by the configure script, don't attempt to run the tests - but explain something nice why it doesn't. - -20.3 more protocols supported - - Extend the test suite to include more protocols. The telnet could just do FTP - or http operations (for which we have test servers). - -20.4 more platforms supported - - Make the test suite work on more platforms. OpenBSD and Mac OS. Remove - fork()s and it should become even more portable. - -20.5 Add support for concurrent connections - - Tests 836, 882 and 938 were designed to verify that separate connections - aren't used when using different login credentials in protocols that - shouldn't re-use a connection under such circumstances. - - Unfortunately, ftpserver.pl doesn't appear to support multiple concurrent - connections. The read while() loop seems to loop until it receives a - disconnect from the client, where it then enters the waiting for connections - loop. When the client opens a second connection to the server, the first - connection hasn't been dropped (unless it has been forced - which we - shouldn't do in these tests) and thus the wait for connections loop is never - entered to receive the second connection. - -20.6 Use the RFC6265 test suite - - A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at - https://github.com/abarth/http-state/tree/master/tests - - It'd be really awesome if someone would write a script/setup that would run - curl with that test suite and detect deviances. Ideally, that would even be - incorporated into our regular test suite. - -20.7 Support LD_PRELOAD on macOS - - LD_RELOAD doesn't work on macOS, but there are tests which require it to run - properly. Look into making the preload support in runtests.pl portable such - that it uses DYLD_INSERT_LIBRARIES on macOS. - -20.8 Run web-platform-tests url tests - - Run web-platform-tests url tests and compare results with browsers on wpt.fyi - - It would help us find issues to fix and help us document where our parser - differs from the WHATWG URL spec parsers. - - See https://github.com/curl/curl/issues/4477 - -20.9 Bring back libssh tests on Travis - - In https://github.com/curl/curl/pull/7012 we remove the libssh builds and - tests from Travis CI due to them not working. This should be remedied and - libssh builds be brought back. - - -21. MQTT - -21.1 Support rate-limiting - - The rate-limiting logic is done in the PERFORMING state in multi.c but MQTT - is not (yet) implemented to use that! diff --git a/docs/TODO.md b/docs/TODO.md new file mode 100644 index 000000000000..2be796f8c92f --- /dev/null +++ b/docs/TODO.md @@ -0,0 +1,1032 @@ + + +# TODO intro + +Things to do in project curl. Please tell us what you think, contribute and +send us patches that improve things. + +Be aware that these are things that we could do, or have once been considered +things we could do. If you want to work on any of these areas, please consider +bringing it up for discussions first on the mailing list so that we all agree +it is still a good idea for the project. + +All bugs documented in the [known_bugs +document](https://curl.se/docs/knownbugs.html) are subject for fixing. + +# libcurl + +## Consult `%APPDATA%` also for `.netrc` + +`%APPDATA%\.netrc` is not considered when running on Windows. Should it not? + +See [curl issue 4016](https://github.com/curl/curl/issues/4016) + +## `struct lifreq` + +Use `struct lifreq` and `SIOCGLIFADDR` instead of `struct ifreq` and +`SIOCGIFADDR` on newer Solaris versions as they claim the latter is obsolete. +To support IPv6 interface addresses for network interfaces properly. + +## alt-svc sharing + +The share interface could benefit from allowing the alt-svc cache to be +possible to share between easy handles. + +See [curl issue 4476](https://github.com/curl/curl/issues/4476) + +The share interface offers CURL_LOCK_DATA_CONNECT to have multiple easy +handle share a connection cache, but due to how connections are used they are +still not thread-safe when used shared. + +See [curl issue 4915](https://github.com/curl/curl/issues/4915) and lib1541.c + +The share interface offers CURL_LOCK_DATA_HSTS to have multiple easy handle +share an HSTS cache, but this is not thread-safe. + +## thread-safe sharing + +Using the share interface users can share some data between easy handles but +several of the sharing options are documented as not safe and supported to +share between multiple concurrent threads. Fixing this would enable more users +to share data in more powerful ways. + +## updated DNS server while running + +If `/etc/resolv.conf` gets updated while a program using libcurl is running, it +is may cause name resolves to fail unless `res_init()` is called. We should +consider calling `res_init()` + retry once unconditionally on all name resolve +failures to mitigate against this. Firefox works like that. Note that Windows +does not have `res_init()` or an alternative. + +[curl issue 2251](https://github.com/curl/curl/issues/2251) + +## c-ares and CURLOPT_OPENSOCKETFUNCTION + +curl creates most sockets via the CURLOPT_OPENSOCKETFUNCTION callback and +close them with the CURLOPT_CLOSESOCKETFUNCTION callback. c-ares does not use +those functions and instead opens and closes the sockets itself. This means +that when curl passes the c-ares socket to the CURLMOPT_SOCKETFUNCTION it is +not owned by the application like other sockets. + +See [curl issue 2734](https://github.com/curl/curl/issues/2734) + +## Monitor connections in the connection pool + +libcurl's connection cache or pool holds a number of open connections for the +purpose of possible subsequent connection reuse. It may contain a few up to a +significant amount of connections. Currently, libcurl leaves all connections +as they are and first when a connection is iterated over for matching or reuse +purpose it is verified that it is still alive. + +Those connections may get closed by the server side for idleness or they may +get an HTTP/2 ping from the peer to verify that they are still alive. By +adding monitoring of the connections while in the pool, libcurl can detect +dead connections (and close them) better and earlier, and it can handle HTTP/2 +pings to keep such ones alive even when not actively doing transfers on them. + +## Try to URL encode given URL + +Given a URL that for example contains spaces, libcurl could have an option +that would try somewhat harder than it does now and convert spaces to %20 and +perhaps URL encoded byte values over 128 etc (do what the redirect following +code already does). + +[curl issue 514](https://github.com/curl/curl/issues/514) + +## Add support for IRIs + +IRIs (RFC 3987) allow localized, non-ASCII, names in the URL. To properly +support this, curl/libcurl would need to translate/encode the given input +from the input string encoding into percent encoded output "over the wire". + +To make that work smoothly for curl users even on Windows, curl would probably +need to be able to convert from several input encodings. + +## try next proxy if one does not work + +Allow an application to specify a list of proxies to try, and failing to +connect to the first go on and try the next instead until the list is +exhausted. Browsers support this feature at least when they specify proxies +using `PAC`. + +[curl issue 896](https://github.com/curl/curl/issues/896) + +## provide timing info for each redirect + +curl and libcurl provide timing information via a set of different time-stamps +(CURLINFO_*_TIME). When curl is following redirects, those returned time value +are the accumulated sums. An improvement could be to offer separate timings +for each redirect. + +[curl issue 6743](https://github.com/curl/curl/issues/6743) + +## CURLINFO_PAUSE_STATE + +Return information about the transfer's current pause state, in both +directions. See [curl issue 2588](https://github.com/curl/curl/issues/2588) + +## Expose tried IP addresses that failed + +When libcurl fails to connect to a host, it could offer the application the +addresses that were used in the attempt. Source + destination IP, source + +destination port and protocol (UDP or TCP) for each failure. Possibly as a +callback. Perhaps also provide reason. + +[curl issue 2126](https://github.com/curl/curl/issues/2126) + +## erase secrets from heap/stack after use + +Introducing a concept and system to erase secrets from memory after use, it +could help mitigate and lessen the impact of (future) security problems etc. +However: most secrets are passed to libcurl as clear text from the application +and then clearing them within the library adds nothing... + +[curl issue 7268](https://github.com/curl/curl/issues/7268) + +## make DoH inherit more transfer properties + +Some options are not inherited because they are not relevant for the DoH SSL +connections, or inheriting the option may result in unexpected behavior. For +example the user's debug function callback is not inherited because it would +be unexpected for internal handles (i.e DoH handles) to be passed to that +callback. + +If an option is not inherited then it is not possible to set it separately +for DoH without a DoH-specific option. For example: +`CURLOPT_DOH_SSL_VERIFYHOST`, `CURLOPT_DOH_SSL_VERIFYPEER` and +`CURLOPT_DOH_SSL_VERIFYSTATUS`. + +See [curl issue 6605](https://github.com/curl/curl/issues/6605) + +# libcurl - multi interface + +## More non-blocking + +Make sure we do not ever loop because of non-blocking sockets returning +`EWOULDBLOCK` or similar. Blocking cases include: + +- Name resolves on non-Windows unless c-ares or the threaded resolver is used. +- The threaded resolver may block on cleanup: + [curl issue 4852](https://github.com/curl/curl/issues/4852) +- `file://` transfers +- TELNET transfers +- GSSAPI authentication for FTP transfers +- The "DONE" operation (post transfer protocol-specific actions) for the +protocols SFTP, SMTP, FTP. Fixing `multi_done()` for this is a worthy task. +- `curl_multi_remove_handle()` for any of the above. +- Calling `curl_ws_send()` from a callback + +## Better support for same name resolves + +If a name resolve has been initiated for a given name and a second easy handle +wants to resolve that same name as well, make it wait for the first resolve to +end up in the cache instead of doing a second separate resolve. This is +especially needed when adding many simultaneous handles using the same +hostname when the DNS resolver can get flooded. + +## Non-blocking `curl_multi_remove_handle()` + +The multi interface has a few API calls that assume a blocking behavior, like +`add_handle()` and `remove_handle()` which limits what we can do internally. +The multi API need to be moved even more into a single function that "drives" +everything in a non-blocking manner and signals when something is done. A +remove or add would then only ask for the action to get started and then +`multi_perform()` etc still be called until the add/remove is completed. + +## Split connect and authentication process + +The multi interface treats the authentication process as part of the connect +phase. As such any failures during authentication does not trigger the +relevant QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP. + +## Edge-triggered sockets should work + +The multi_socket API should work with edge-triggered socket events. One of the +internal actions that need to be improved for this to work perfectly is the +`maxloops` handling in `transfer.c:readwrite_data()`. + +## multi upkeep + +In libcurl 7.62.0 we introduced `curl_easy_upkeep`. It unfortunately only +works on easy handles. We should introduces a version of that for the multi +handle, and also consider doing `upkeep` automatically on connections in the +connection pool when the multi handle is in used. + +See [curl issue 3199](https://github.com/curl/curl/issues/3199) + +## Virtual external sockets + +libcurl performs operations on the given file descriptor that presumes it is a +socket and an application cannot replace them at the moment. Allowing an +application to fully replace those would allow a larger degree of freedom and +flexibility. + +See [curl issue 5835](https://github.com/curl/curl/issues/5835) + +## dynamically decide to use socketpair + +For users who do not use `curl_multi_wait()` or do not care for +`curl_multi_wakeup()`, we could introduce a way to make libcurl NOT create a +socketpair in the multi handle. + +See [curl issue 4829](https://github.com/curl/curl/issues/4829) + +# Documentation + +## Improve documentation about fork safety + +See [curl issue 6968](https://github.com/curl/curl/issues/6968) + +# FTP + +## A fixed directory listing format + +Since listing the contents of a remove directory with FTP is returning the +list in a format and style the server likes without any established or even +defacto standard existing, it would be a feature to users if curl could parse +the directory listing and output a general curl format that is fixed and the +same, independent of the server's choice. This would allow users to better and +more reliably extract information about remote content via FTP directory +listings. + +## GSSAPI via Windows SSPI + +In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5) +via third-party GSS-API libraries, such as MIT Kerberos, also add support for +GSSAPI authentication via Windows SSPI. + +## STAT for LIST without data connection + +Some FTP servers allow STAT for listing directories instead of using LIST, and +the response is then sent over the control connection instead of as the +otherwise used data connection. + +This is not detailed in any FTP specification. + +## Passive transfer could try other IP addresses + +When doing FTP operations through a proxy at localhost, the reported spotted +that curl only tried to connect once to the proxy, while it had multiple +addresses and a failed connect on one address should make it try the next. + +After switching to passive mode (EPSV), curl could try all IP addresses for +`localhost`. Currently it tries `::1`, but it should also try `127.0.0.1`. + +See [curl issue 1508](https://github.com/curl/curl/issues/1508) + +# HTTP + +## Provide the error body from a CONNECT response + +When curl receives a body response from a CONNECT request to a proxy, it +always reads and ignores it. It would make some users happy if curl instead +optionally would be able to make that responsible available. Via a new +callback? Through some other means? + +See [curl issue 9513](https://github.com/curl/curl/issues/9513) + +## Obey `Retry-After` in redirects + +The `Retry-After` response header is said to dictate "the minimum time that +the user agent is asked to wait before issuing the redirected request" and +libcurl does not obey this. + +See [curl issue 11447](https://github.com/curl/curl/issues/11447) + +## Rearrange request header order + +Server implementers often make an effort to detect browser and to reject +clients it can detect to not match. One of the last details we cannot yet +control in libcurl's HTTP requests, which also can be exploited to detect that +libcurl is in fact used even when it tries to impersonate a browser, is the +order of the request headers. I propose that we introduce a new option in +which you give headers a value, and then when the HTTP request is built it +sorts the headers based on that number. We could then have internally created +headers use a default value so only headers that need to be moved have to be +specified. + +## Allow SAN names in HTTP/2 server push + +curl only allows HTTP/2 push promise if the provided :authority header value +exactly matches the hostname given in the URL. It could be extended to allow +any name that would match the Subject Alternative Names in the server's TLS +certificate. + +See [curl pull request 3581](https://github.com/curl/curl/pull/3581) + +## `auth=` in URLs + +Add the ability to specify the preferred authentication mechanism to use by +using `;auth=` in the login part of the URL. + +For example: + +`http://test:pass;auth=NTLM@example.com` would be equivalent to specifying +`--user test:pass;auth=NTLM` or `--user test:pass --ntlm` from the command +line. + +Additionally this should be implemented for proxy base URLs as well. + +## Require HTTP version X or higher + +curl and libcurl provide options for trying higher HTTP versions (for example +HTTP/2) but then still allows the server to pick version 1.1. We could +consider adding a way to require a minimum version. + +See [curl issue 7980](https://github.com/curl/curl/issues/7980) + +# TELNET + +## ditch stdin + +Reading input (to send to the remote server) on stdin is a crappy solution for +library purposes. We need to invent a good way for the application to be able +to provide the data to send. + +## ditch telnet-specific select + +Move the telnet support's network `select()` loop go away and merge the code +into the main transfer loop. Until this is done, the multi interface does not +work for telnet. + +## feature negotiation debug data + +Add telnet feature negotiation data to the debug callback as header data. + +## exit immediately upon connection if stdin is /dev/null + +If it did, curl could be used to probe if there is an server there listening +on a specific port. That is, the following command would exit immediately +after the connection is established with exit code 0: + + curl -s --connect-timeout 2 telnet://example.com:80 NOTIFY=SUCCESS,FAILURE");`. + +[curl issue 8232](https://github.com/curl/curl/issues/8232) + +## Enhanced capability support + +Add the ability, for an application that uses libcurl, to obtain the list of +capabilities returned from the EHLO command. + +## Add `CURLOPT_MAIL_CLIENT` option + +Rather than use the URL to specify the mail client string to present in the +`HELO` and `EHLO` commands, libcurl should support a new `CURLOPT` +specifically for specifying this data as the URL is non-standard and to be +honest a bit of a hack. + +Please see the following thread for more information: +https://curl.se/mail/lib-2012-05/0178.html + +# POP3 + +## Enhanced capability support + +Add the ability, for an application that uses libcurl, to obtain the list of +capabilities returned from the CAPA command. + +# IMAP + +## Enhanced capability support + +Add the ability, for an application that uses libcurl, to obtain the list of +capabilities returned from the CAPABILITY command. + +# LDAP + +## SASL based authentication mechanisms + +Currently the LDAP module only supports `ldap_simple_bind_s()` in order to +bind to an LDAP server. This function sends username and password details +using the simple authentication mechanism (as clear text). It should be +possible to use `ldap_bind_s()` instead specifying the security context +information ourselves. + +## `CURLOPT_SSL_CTX_FUNCTION` for LDAPS + +`CURLOPT_SSL_CTX_FUNCTION` works perfectly for HTTPS and email protocols, but +it has no effect for LDAPS connections. + +[curl issue 4108](https://github.com/curl/curl/issues/4108) + +## Paged searches on LDAP server + +[curl issue 4452](https://github.com/curl/curl/issues/4452) + +## Certificate-Based Authentication + +LDAPS not possible with macOS and Windows with Certificate-Based Authentication + +[curl issue 9641](https://github.com/curl/curl/issues/9641) + +# SMB + +## Support modern versions + +curl only supports version 1, which barely anyone is using anymore. + +## File listing support + +Add support for listing the contents of an SMB share. The output should +probably be the same as/similar to FTP. + +## Honor file timestamps + +The timestamp of the transferred file should reflect that of the original +file. + +## Use NTLMv2 + +Currently the SMB authentication uses NTLMv1. + +## Create remote directories + +Support for creating remote directories when uploading a file to a directory +that does not exist on the server, like `--ftp-create-dirs`. + +# FILE + +## Directory listing on non-POSIX + +Listing the contents of a directory accessed with FILE only works on platforms +with `opendir()`. Support could be added for more systems, like Windows. + +# TLS + +## `TLS-PSK` with OpenSSL + +Transport Layer Security pre-shared key cipher suites (`TLS-PSK`) is a set of +cryptographic protocols that provide secure communication based on pre-shared +keys (`PSK`). These pre-shared keys are symmetric keys shared in advance among +the communicating parties. + +[curl issue 5081](https://github.com/curl/curl/issues/5081) + +## TLS channel binding + +TLS 1.2 and 1.3 provide the ability to extract some secret data from the TLS +connection and use it in the client request (usually in some sort of +authentication) to ensure that the data sent is bound to the specific TLS +connection and cannot be successfully intercepted by a proxy. This +functionality can be used in a standard authentication mechanism such as +GSS-API or SCRAM, or in custom approaches like custom HTTP Authentication +headers. + +For TLS 1.2, the binding type is usually `tls-unique`, and for TLS 1.3 it is +`tls-exporter`. + +- https://datatracker.ietf.org/doc/html/rfc5929 +- https://datatracker.ietf.org/doc/html/rfc9266 +- [curl issue 9226](https://github.com/curl/curl/issues/9226) + +## Defeat TLS fingerprinting + +By changing the order of TLS extensions provided in the TLS handshake, it is +sometimes possible to circumvent TLS fingerprinting by servers. The TLS +extension order is of course not the only way to fingerprint a client. + +## Consider OCSP stapling by default + +Treat a negative response a reason for aborting the connection. Since OCSP +stapling is presumed to get used much less in the future when Let's Encrypt +drops the OCSP support, the benefit of this might however be limited. + +[curl issue 15483](https://github.com/curl/curl/issues/15483) + +## Provide callback for cert verification + +OpenSSL supports a callback for customized verification of the peer +certificate, but this does not seem to be exposed in the libcurl APIs. Could +it be? There is so much that could be done if it were. + +## Less memory massaging with Schannel + +The Schannel backend does a lot of custom memory management we would rather +avoid: the repeated allocation + free in sends and the custom memory + realloc +system for encrypted and decrypted data. That should be avoided and reduced +for 1) efficiency and 2) safety. + +## Support DANE + +[DNS-Based Authentication of Named Entities +(DANE)](https://datatracker.ietf.org/doc/html/rfc6698) is a way to provide +SSL keys and certs over DNS using DNSSEC as an alternative to the CA model. + +A patch was posted on March 7 2013 +(https://curl.se/mail/lib-2013-03/0075.html) but it was a too simple approach. +See Daniel's comments: https://curl.se/mail/lib-2013-03/0103.html + +Björn Stenberg once wrote a separate initial take on DANE that was never +completed. + +## TLS record padding + +TLS (1.3) offers optional record padding and OpenSSL provides an API for it. I +could make sense for libcurl to offer this ability to applications to make +traffic patterns harder to figure out by network traffic observers. + +See [curl issue 5398](https://github.com/curl/curl/issues/5398) + +## Support Authority Information Access certificate extension (AIA) + +AIA can provide various things like certificate revocation lists but more +importantly information about intermediate CA certificates that can allow +validation path to be fulfilled when the HTTPS server does not itself provide +them. + +Since AIA is about downloading certs on demand to complete a TLS handshake, it +is probably a bit tricky to get done right and a serious privacy leak. + +See [curl issue 2793](https://github.com/curl/curl/issues/2793) + +## Some TLS options are not offered for HTTPS proxies + +Some TLS related options to the command line tool and libcurl are only +provided for the server and not for HTTPS proxies. `--proxy-tls-max`, +`--proxy-tlsv1.3`, `--proxy-curves` and a few more. For more Documentation on +this see: https://curl.se/libcurl/c/tls-options.html + +[curl issue 12286](https://github.com/curl/curl/issues/12286) + +## Make sure we forbid TLS 1.3 post-handshake authentication + +RFC 8740 explains how using HTTP/2 must forbid the use of TLS 1.3 +post-handshake authentication. We should make sure to live up to that. + +See [curl issue 5396](https://github.com/curl/curl/issues/5396) + +## Support the `clienthello` extension + +Certain stupid networks and middle boxes have a problem with SSL handshake +packets that are within a certain size range because how that sets some bits +that previously (in older TLS version) were not set. The `clienthello` +extension adds padding to avoid that size range. + +- https://datatracker.ietf.org/doc/html/rfc7685 +- [curl issue 2299](https://github.com/curl/curl/issues/2299) + +## Share the CA cache + +For TLS backends that supports CA caching, it makes sense to allow the share +object to be used to store the CA cache as well via the share API. Would allow +multiple easy handles to reuse the CA cache and save themselves from a lot of +extra processing overhead. + +## Add missing features to TLS backends + +The feature matrix at https://curl.se/libcurl/c/tls-options.html shows which +features are supported by which TLS backends, and thus also where there are +feature gaps. + +# Proxy + +## Retry SOCKS handshake on address type not supported + +When curl resolves a hostname, it might get a mix of IPv6 and IPv4 returned. +curl might then use an IPv6 address with a SOCKS5 proxy, which - if it does +not support IPv6 - returns "Address type not supported" and curl exits with +that error. + +Perhaps it is preferred if curl would in this situation instead first retry +the SOCKS handshake again for this case and then use one of the IPv4 addresses +for the target host. + +See [curl issue 17222](https://github.com/curl/curl/issues/17222) + +# Schannel + +## Extend support for client certificate authentication + +The existing support for the `-E`/`--cert` and `--key` options could be +extended by supplying a custom certificate and key in PEM format, see: +[Getting a Certificate for +Schannel](https://learn.microsoft.com/windows/win32/secauthn/getting-a-certificate-for-schannel) + +## Extend support for the `--ciphers` option + +The existing support for the `--ciphers` option could be extended by mapping +the OpenSSL/GnuTLS cipher suites to the Schannel APIs, see [Specifying +Schannel Ciphers and Cipher +Strengths](https://learn.microsoft.com/windows/win32/secauthn/specifying-schannel-ciphers-and-cipher-strengths). + +## Add option to allow abrupt server closure + +libcurl with Schannel errors without a known termination point from the server +(such as length of transfer, or SSL "close notify" alert) to prevent against a +truncation attack. Really old servers may neglect to send any termination +point. An option could be added to ignore such abrupt closures. + +[curl issue 4427](https://github.com/curl/curl/issues/4427) + +# SASL + +## Other authentication mechanisms + +Add support for other authentication mechanisms such as `OLP`, `GSS-SPNEGO` +and others. + +## Add `QOP` support to GSSAPI authentication + +Currently the GSSAPI authentication only supports the default `QOP` of auth +(Authentication), whilst Kerberos V5 supports both `auth-int` (Authentication +with integrity protection) and `auth-conf` (Authentication with integrity and +privacy protection). + +# SSH protocols + +## Multiplexing + +SSH is a perfectly fine multiplexed protocols which would allow libcurl to do +multiple parallel transfers from the same host using the same connection, much +in the same spirit as HTTP/2 does. libcurl however does not take advantage of +that ability but does instead always create a new connection for new transfers +even if an existing connection already exists to the host. + +To fix this, libcurl would have to detect an existing connection and "attach" +the new transfer to the existing one. + +## Handle growing SFTP files + +The SFTP code in libcurl checks the file size *before* a transfer starts and +then proceeds to transfer exactly that amount of data. If the remote file +grows while the transfer is in progress libcurl does not notice and does not +adapt. The OpenSSH SFTP command line tool does and libcurl could also attempt +to download more to see if there is more to get... + +[curl issue 4344](https://github.com/curl/curl/issues/4344) + +## Read keys from `~/.ssh/id_ecdsa`, `id_ed25519` + +The libssh2 backend in curl is limited to only reading keys from `id_rsa` and +`id_dsa`, which makes it fail connecting to servers that use more modern key +types. + +[curl issue 8586](https://github.com/curl/curl/issues/8586) + +## Support `CURLOPT_PREQUOTE` + +The two other `QUOTE` options are supported for SFTP, but this was left out +for unknown reasons. + +## SSH over HTTPS proxy for libssh + +The SSH based protocols SFTP and SCP did not work over HTTPS proxy at all +until [curl pull request 6021](https://github.com/curl/curl/pull/6021) brought +the functionality with the libssh2 backend. Presumably, this support can/could +be added for the libssh backend as well. + +## SFTP with `SCP://` + +OpenSSH 9 switched their `scp` tool to speak SFTP under the hood. Going +forward it might be worth having curl or libcurl attempt SFTP if SCP fails to +follow suite. + +# Command line tool + +## multi-threading + +When asked to do transfers in parallel, the curl tool could be extended to use +a number of independent worker threads. This would allow faster transfers in +situations where curl becomes CPU bound. + +Ideally, curl would (with permission) fire up new threads on demand when it +deems that it might be helpful. Perhaps, if it has more transfers to add and +the existing transfers make the CPU busy enough and there are more cores +available. + +## sync + +`curl --sync http://example.com/feed[1-100].rss` or +`curl --sync http://example.net/{index,calendar,history}.html` + +Downloads a range or set of URLs using the remote name, but only if the remote +file is newer than the local file. A `Last-Modified` HTTP date header should +also be used to set the mod date on the downloaded file. + +## glob posts + +Globbing support for `-d` and `-F`, as in `curl -d "name=foo[0-9]" URL`. This +is easily scripted though. + +## `--proxycommand` + +Allow the user to make curl run a command and use its stdio to make requests +and not do any network connection by itself. Example: + + curl --proxycommand 'ssh pi@raspberrypi.local -W 10.1.1.75 80' \ + http://some/otherwise/unavailable/service.php + +See [curl issue 4941](https://github.com/curl/curl/issues/4941) + +## UTF-8 filenames in Content-Disposition + +RFC 6266 documents how UTF-8 names can be passed to a client in the +`Content-Disposition` header, and curl does not support this. + +[curl issue 1888](https://github.com/curl/curl/issues/1888) + +## Option to make `-Z` merge lined based outputs on stdout + +When a user requests multiple lined based files using `-Z` and sends them to +stdout, curl does not *merge* and send complete lines fine but may send +partial lines from several sources. + +[curl issue 5175](https://github.com/curl/curl/issues/5175) + +## specify which response codes that make `-f`/`--fail` return error + +Allows a user to better specify exactly which error code(s) that are fine and +which are errors for their specific uses cases + +## Choose the name of file in braces for complex URLs + +When using braces to download a list of URLs and you use complicated names +in the list of alternatives, it could be handy to allow curl to use other +names when saving. + +Consider a way to offer that. Possibly like +`{partURL1:name1,partURL2:name2,partURL3:name3}` where the name following the +colon is the output name. + +See [curl issue 221](https://github.com/curl/curl/issues/221) + +## improve how curl works in a Windows console window + +If you pull the scroll bar when transferring with curl in a Windows console +window, the transfer is interrupted and can get disconnected. This can +probably be improved. See [curl issue 322](https://github.com/curl/curl/issues/322) + +## Windows: set attribute 'archive' for completed downloads + +The archive bit (`FILE_ATTRIBUTE_ARCHIVE, 0x20`) separates files that shall be +backed up from those that are either not ready or have not changed. + +Downloads in progress are neither ready to be backed up, nor should they be +opened by a different process. Only after a download has been completed it is +sensible to include it in any integer snapshot or backup of the system. + +See [curl issue 3354](https://github.com/curl/curl/issues/3354) + +## keep running, read instructions from pipe/socket + +Provide an option that makes curl not exit after the last URL (or even work +without a given URL), and then make it read instructions passed on a pipe or +over a socket to make further instructions so that a second subsequent curl +invoke can talk to the still running instance and ask for transfers to get +done, and thus maintain its connection pool, DNS cache and more. + +## Acknowledge `Ratelimit` headers + +Consider a command line option that can make curl do multiple serial requests +while acknowledging server specified [rate +limits](https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/). + +See [curl issue 5406](https://github.com/curl/curl/issues/5406) + +## `--dry-run` + +A command line option that makes curl show exactly what it would do and send +if it would run for real. + +See [curl issue 5426](https://github.com/curl/curl/issues/5426) + +## `--retry` should resume + +When `--retry` is used and curl actually retries transfer, it should use the +already transferred data and do a resumed transfer for the rest (when +possible) so that it does not have to transfer the same data again that was +already transferred before the retry. + +See [curl issue 1084](https://github.com/curl/curl/issues/1084) + +## retry on network is unreachable + +The `--retry` option retries transfers on *transient failures*. We later added +`--retry-connrefused` to also retry for *connection refused* errors. + +Suggestions have been brought to also allow retry on *network is unreachable* +errors and while totally reasonable, maybe we should consider a way to make +this more configurable than to add a new option for every new error people +want to retry for? + +[curl issue 1603](https://github.com/curl/curl/issues/1603) + +## hostname sections in config files + +config files would be more powerful if they could set different configurations +depending on used URLs, hostname or possibly origin. Then a default `.curlrc` +could a specific user-agent only when doing requests against a certain site. + +## retry on the redirected-to URL + +When curl is told to `--retry` a failed transfer and follows redirects, it +might get an HTTP 429 response from the redirected-to URL and not the original +one, which then could make curl decide to rather retry the transfer on that +URL only instead of the original operation to the original URL. + +Perhaps extra emphasized if the original transfer is a large POST that +redirects to a separate GET, and that GET is what gets the 529 + +See [curl issue 5462](https://github.com/curl/curl/issues/5462) + +## Set the modification date on an uploaded file + +For SFTP and possibly FTP, curl could offer an option to set the modification +time for the uploaded file. + +See [curl issue 5768](https://github.com/curl/curl/issues/5768) + +## Use multiple parallel transfers for a single download + +To enhance transfer speed, downloading a single URL can be split up into +multiple separate range downloads that get combined into a single final +result. + +An ideal implementation would not use a specified number of parallel +transfers, but curl could: +- First start getting the full file as transfer A +- If after N seconds have passed and the transfer is expected to continue for + M seconds or more, add a new transfer (B) that asks for the second half of + A's content (and stop A at the middle). +- If splitting up the work improves the transfer rate, it could then be done + again. Then again, etc up to a limit. + +This way, if transfer B fails (because Range: is not supported) it lets +transfer A remain the single one. N and M could be set to some sensible +defaults. + +See [curl issue 5774](https://github.com/curl/curl/issues/5774) + +## Prevent terminal injection when writing to terminal + +curl could offer an option to make escape sequence either non-functional or +avoid cursor moves or similar to reduce the risk of a user getting tricked by +clever tricks. + +See [curl issue 6150](https://github.com/curl/curl/issues/6150) + +## `-J` and `-O` with %-encoded filenames + +`-J`/`--remote-header-name` does not decode %-encoded filenames. RFC 6266 +details how it should be done. The can of worm is that we have no charset +handling in curl and ASCII >=128 is a challenge for us. Not to mention that +decoding also means that we need to check for nastiness that is attempted, +like `../` sequences and the like. Probably everything to the left of any +embedded slashes should be cut off. See https://curl.se/bug/view.cgi?id=1294 + +`-O` also does not decode %-encoded names, and while it has even less +information about the charset involved the process is similar to the `-J` +case. + +Note that we do not decode `-O` without the user asking for it with some other +means, since `-O` has always been documented to use the name exactly as +specified in the URL. + +## `-J` with `-C -` + +When using `-J` (with `-O`), automatically resumed downloading together with +`-C -` fails. Without `-J` the same command line works. This happens because +the resume logic is worked out before the target filename (and thus its +pre-transfer size) has been figured out. This can be improved. + +https://curl.se/bug/view.cgi?id=1169 + +## `--retry` and transfer timeouts + +If using `--retry` and the transfer timeouts (possibly due to using -m or +`-y`/`-Y`) the next attempt does not resume the transfer properly from what +was downloaded in the previous attempt but truncates and restarts at the +original position where it was at before the previous failed attempt. See +https://curl.se/mail/lib-2008-01/0080.html + +# Build + +## Enable `PIE` and `RELRO` by default + +Especially when having programs that execute curl via the command line, `PIE` +renders the exploitation of memory corruption vulnerabilities a lot more +difficult. This can be attributed to the additional information leaks being +required to conduct a successful attack. `RELRO`, on the other hand, masks +different binary sections like the `GOT` as read-only and thus kills a handful +of techniques that come in handy when attackers are able to arbitrarily +overwrite memory. A few tests showed that enabling these features had close to +no impact, neither on the performance nor on the general functionality of +curl. + +## Do not use GNU libtool on OpenBSD + +When compiling curl on OpenBSD with `--enable-debug` it gives linking errors +when you use GNU libtool. This can be fixed by using the libtool provided by +OpenBSD itself. However for this the user always needs to invoke make with +`LIBTOOL=/usr/bin/libtool`. It would be nice if the script could have some +logic to detect if this system is an OpenBSD host and then use the OpenBSD +libtool instead. + +See [curl issue 5862](https://github.com/curl/curl/issues/5862) + +## Package curl for Windows in a signed installer + +See [curl issue 5424](https://github.com/curl/curl/issues/5424) + +## make configure use `--cache-file` more and better + +The configure script can be improved to cache more values so that repeated +invokes run much faster. + +See [curl issue 7753](https://github.com/curl/curl/issues/7753) + +# Test suite + +## SSL tunnel + +Make our own version of stunnel for simple port forwarding to enable HTTPS and +FTP-SSL tests without the stunnel dependency, and it could allow us to provide +test tools built with either OpenSSL or GnuTLS + +## more protocols supported + +Extend the test suite to include more protocols. The telnet could do FTP or +http operations (for which we have test servers). + +## more platforms supported + +Make the test suite work on more platforms. OpenBSD and macOS. Remove fork()s +and it should become even more portable. + +## write an SMB test server to replace impacket + +This would allow us to run SMB tests on more platforms and do better and more +covering tests. + +See [curl issue 15697](https://github.com/curl/curl/issues/15697) + +## Use the RFC 6265 test suite + +A test suite made for HTTP cookies (RFC 6265) by Adam Barth [is +available](https://github.com/abarth/http-state/tree/master/tests). + +It would be good if someone would write a script/setup that would run curl +with that test suite and detect deviance. Ideally, that would even be +incorporated into our regular test suite. + +## Run web-platform-tests URL tests + +Run web-platform-tests URL tests and compare results with browsers on +`wpt.fyi`. + +It would help us find issues to fix and help us document where our parser +differs from the WHATWG URL spec parsers. + +See [curl issue 4477](https://github.com/curl/curl/issues/4477) + +# MQTT + +## Support rate-limiting + +The rate-limiting logic is done in the PERFORMING state in multi.c but MQTT is +not (yet) implemented to use that. + +## Support MQTTS + +## Handle network blocks + +Running test suite with `CURL_DBG_SOCK_WBLOCK=90 ./runtests.pl -a mqtt` makes +several MQTT test cases fail where they should not. + +## large payloads + +libcurl unnecessarily allocates heap memory to hold the entire payload to get +sent, when the data is already perfectly accessible where it is when +`CURLOPT_POSTFIELDS` is used. This is highly inefficient for larger payloads. +Additionally, libcurl does not support using the read callback for sending +MQTT which is yet another way to avoid having to hold large payload in memory. + +# TFTP + +## TFTP does not convert LF to CRLF for `mode=netascii` + +RFC 3617 defines that an TFTP transfer can be done using `netascii` mode. curl +does not support extracting that mode from the URL nor does it treat such +transfers specifically. It should probably do LF to CRLF translations for +them. + +See [curl issue 12655](https://github.com/curl/curl/issues/12655) + +# Gopher + +## Handle network blocks + +Running test suite with `CURL_DBG_SOCK_WBLOCK=90 ./runtests.pl -a 1200 to +1300` makes several Gopher test cases fail where they should not. diff --git a/docs/TheArtOfHttpScripting.md b/docs/TheArtOfHttpScripting.md index 5ba328269c55..7f300f070395 100644 --- a/docs/TheArtOfHttpScripting.md +++ b/docs/TheArtOfHttpScripting.md @@ -1,226 +1,240 @@ -# The Art Of Scripting HTTP Requests Using Curl + + +# The Art Of Scripting HTTP Requests Using curl ## Background - This document assumes that you're familiar with HTML and general networking. +This document assumes that you are familiar with HTML and general networking. - The increasing amount of applications moving to the web has made "HTTP - Scripting" more frequently requested and wanted. To be able to automatically - extract information from the web, to fake users, to post or upload data to - web servers are all important tasks today. +The increasing amount of applications moving to the web has made "HTTP +Scripting" more frequently requested and wanted. To be able to automatically +extract information from the web, to fake users, to post or upload data to +web servers are all important tasks today. - Curl is a command line tool for doing all sorts of URL manipulations and - transfers, but this particular document will focus on how to use it when - doing HTTP requests for fun and profit. I will assume that you know how to - invoke `curl --help` or `curl --manual` to get basic information about it. +curl is a command line tool for doing all sorts of URL manipulations and +transfers, but this particular document focuses on how to use it when doing +HTTP requests for fun and profit. This documents assumes that you know how to +invoke `curl --help` or `curl --manual` to get basic information about it. - Curl is not written to do everything for you. It makes the requests, it gets - the data, it sends data and it retrieves the information. You probably need - to glue everything together using some kind of script language or repeated - manual invokes. +curl is not written to do everything for you. It makes the requests, it gets +the data, it sends data and it retrieves the information. You probably need +to glue everything together using some kind of script language or repeated +manual invokes. ## The HTTP Protocol - HTTP is the protocol used to fetch data from web servers. It is a very simple - protocol that is built upon TCP/IP. The protocol also allows information to - get sent to the server from the client using a few different methods, as will - be shown here. +HTTP is the protocol used to fetch data from web servers. It is a simple +protocol that is built upon TCP/IP. The protocol also allows information to +get sent to the server from the client using a few different methods, as is +shown here. - HTTP is plain ASCII text lines being sent by the client to a server to - request a particular action, and then the server replies a few text lines - before the actual requested content is sent to the client. +HTTP is plain ASCII text lines being sent by the client to a server to +request a particular action, and then the server replies a few text lines +before the actual requested content is sent to the client. - The client, curl, sends a HTTP request. The request contains a method (like - GET, POST, HEAD etc), a number of request headers and sometimes a request - body. The HTTP server responds with a status line (indicating if things went - well), response headers and most often also a response body. The "body" part - is the plain data you requested, like the actual HTML or the image etc. +The client, curl, sends an HTTP request. The request contains a method (like +GET, POST, HEAD etc), a number of request headers and sometimes a request +body. The HTTP server responds with a status line (indicating if things went +well), response headers and most often also a response body. The "body" part +is the plain data you requested, like the actual HTML or the image etc. ## See the Protocol - Using curl's option [`--verbose`](https://curl.se/docs/manpage.html#-v) - (`-v` as a short option) will display what kind of commands curl sends to the - server, as well as a few other informational texts. +Using curl's option [`--verbose`](https://curl.se/docs/manpage.html#-v) (`-v` +as a short option) displays what kind of commands curl sends to the server, +as well as a few other informational texts. - `--verbose` is the single most useful option when it comes to debug or even - understand the curl<->server interaction. +`--verbose` is the single most useful option when it comes to debug or even +understand the curl<->server interaction. - Sometimes even `--verbose` is not enough. Then - [`--trace`](https://curl.se/docs/manpage.html#-trace) and - [`--trace-ascii`](https://curl.se/docs/manpage.html#--trace-ascii) - offer even more details as they show **everything** curl sends and - receives. Use it like this: +Sometimes even `--verbose` is not enough. Then +[`--trace`](https://curl.se/docs/manpage.html#-trace) and +[`--trace-ascii`](https://curl.se/docs/manpage.html#--trace-ascii) +offer even more details as they show **everything** curl sends and +receives. Use it like this: - curl --trace-ascii debugdump.txt http://www.example.com/ + curl --trace-ascii debugdump.txt https://www.example.com/ ## See the Timing - Many times you may wonder what exactly is taking all the time, or you just - want to know the amount of milliseconds between two points in a transfer. For - those, and other similar situations, the - [`--trace-time`](https://curl.se/docs/manpage.html#--trace-time) option - is what you need. It'll prepend the time to each trace output line: +Many times you may wonder what exactly is taking all the time, or you want to +know the amount of milliseconds between two points in a transfer. For those, +and other similar situations, the +[`--trace-time`](https://curl.se/docs/manpage.html#--trace-time) option is +what you need. It prepends the time to each trace output line: + + curl --trace-ascii d.txt --trace-time https://example.com/ - curl --trace-ascii d.txt --trace-time http://example.com/ +## See which Transfer + +When doing parallel transfers, it is relevant to see which transfer is doing +what. When response headers are received (and logged) you need to know which +transfer these are for. +[`--trace-ids`](https://curl.se/docs/manpage.html#--trace-ids) option is what +you need. It prepends the transfer and connection identifier to each trace +output line: + + curl --trace-ascii d.txt --trace-ids https://example.com/ ## See the Response - By default curl sends the response to stdout. You need to redirect it - somewhere to avoid that, most often that is done with ` -o` or `-O`. +By default curl sends the response to stdout. You need to redirect it +somewhere to avoid that, most often that is done with `-o` or `-O`. # URL ## Spec - The Uniform Resource Locator format is how you specify the address of a - particular resource on the Internet. You know these, you've seen URLs like - https://curl.se or https://yourbank.com a million times. RFC 3986 is the - canonical spec. And yeah, the formal name is not URL, it is URI. +The Uniform Resource Locator format is how you specify the address of a +particular resource on the Internet. You know these, you have seen URLs like +https://curl.se/ or https://example.com/ a million times. RFC 3986 is the +canonical spec. The formal name is not URL, it is **URI**. ## Host - The host name is usually resolved using DNS or your /etc/hosts file to an IP - address and that's what curl will communicate with. Alternatively you specify - the IP address directly in the URL instead of a name. +The hostname is usually resolved using DNS or your /etc/hosts file to an IP +address and that is what curl communicates with. Alternatively you specify +the IP address directly in the URL instead of a name. - For development and other trying out situations, you can point to a different - IP address for a host name than what would otherwise be used, by using curl's - [`--resolve`](https://curl.se/docs/manpage.html#--resolve) option: +For development and other trying out situations, you can point to a different +IP address for a hostname than what would otherwise be used, by using curl's +[`--resolve`](https://curl.se/docs/manpage.html#--resolve) option: - curl --resolve www.example.org:80:127.0.0.1 http://www.example.org/ + curl --resolve www.example.org:80:127.0.0.1 https://www.example.org/ ## Port number - Each protocol curl supports operates on a default port number, be it over TCP - or in some cases UDP. Normally you don't have to take that into - consideration, but at times you run test servers on other ports or - similar. Then you can specify the port number in the URL with a colon and a - number immediately following the host name. Like when doing HTTP to port - 1234: +Each protocol curl supports operates on a default port number, be it over TCP +or in some cases UDP. Normally you do not have to take that into +consideration, but at times you run test servers on other ports or +similar. Then you can specify the port number in the URL with a colon and a +number immediately following the hostname. Like when doing HTTP to port +1234: - curl http://www.example.org:1234/ + curl https://www.example.org:1234/ - The port number you specify in the URL is the number that the server uses to - offer its services. Sometimes you may use a local proxy, and then you may - need to specify that proxy's port number separately for what curl needs to - connect to locally. Like when using a HTTP proxy on port 4321: +The port number you specify in the URL is the number that the server uses to +offer its services. Sometimes you may use a proxy, and then you may +need to specify that proxy's port number separately from what curl needs to +connect to the server. Like when using an HTTP proxy on port 4321: - curl --proxy http://proxy.example.org:4321 http://remote.example.org/ + curl --proxy http://proxy.example.org:4321 https://remote.example.org/ -## User name and password +## Username and password - Some services are setup to require HTTP authentication and then you need to - provide name and password which is then transferred to the remote site in - various ways depending on the exact authentication protocol used. +Some services are setup to require HTTP authentication and then you need to +provide name and password which is then transferred to the remote site in +various ways depending on the exact authentication protocol used. - You can opt to either insert the user and password in the URL or you can - provide them separately: +You can opt to either insert the user and password in the URL or you can +provide them separately: - curl http://user:password@example.org/ + curl https://user:password@example.org/ - or +or - curl -u user:password http://example.org/ + curl -u user:password https://example.org/ - You need to pay attention that this kind of HTTP authentication is not what - is usually done and requested by user-oriented websites these days. They tend - to use forms and cookies instead. +You need to pay attention that this kind of HTTP authentication is not what +is usually done and requested by user-oriented websites these days. They tend +to use forms and cookies instead. ## Path part - The path part is just sent off to the server to request that it sends back - the associated response. The path is what is to the right side of the slash - that follows the host name and possibly port number. +The path part is sent off to the server to request that it sends back the +associated response. The path is what is to the right side of the slash that +follows the hostname and possibly port number. # Fetch a page ## GET - The simplest and most common request/operation made using HTTP is to GET a - URL. The URL could itself refer to a web page, an image or a file. The client - issues a GET request to the server and receives the document it asked for. - If you issue the command line +The simplest and most common request/operation made using HTTP is to GET a +URL. The URL could itself refer to a webpage, an image or a file. The client +issues a GET request to the server and receives the document it asked for. +If you issue the command line - curl https://curl.se + curl https://curl.se/ - you get a web page returned in your terminal window. The entire HTML document - that that URL holds. +you get a webpage returned in your terminal window. The entire HTML document +this URL identifies. - All HTTP replies contain a set of response headers that are normally hidden, - use curl's [`--include`](https://curl.se/docs/manpage.html#-i) (`-i`) - option to display them as well as the rest of the document. +All HTTP replies contain a set of response headers that are normally hidden, +use curl's [`--include`](https://curl.se/docs/manpage.html#-i) (`-i`) +option to display them as well as the rest of the document. ## HEAD - You can ask the remote server for ONLY the headers by using the - [`--head`](https://curl.se/docs/manpage.html#-I) (`-I`) option which - will make curl issue a HEAD request. In some special cases servers deny the - HEAD method while others still work, which is a particular kind of annoyance. +You can ask the remote server for ONLY the headers by using the +[`--head`](https://curl.se/docs/manpage.html#-I) (`-I`) option which makes +curl issue a HEAD request. In some special cases servers deny the HEAD method +while others still work, which is a particular kind of annoyance. - The HEAD method is defined and made so that the server returns the headers - exactly the way it would do for a GET, but without a body. It means that you - may see a `Content-Length:` in the response headers, but there must not be an - actual body in the HEAD response. +The HEAD method is defined and made so that the server returns the headers +exactly the way it would do for a GET, but without a body. It means that you +may see a `Content-Length:` in the response headers, but there must not be an +actual body in the HEAD response. ## Multiple URLs in a single command line - A single curl command line may involve one or many URLs. The most common case - is probably to just use one, but you can specify any amount of URLs. Yes - any. No limits. You'll then get requests repeated over and over for all the - given URLs. - - Example, send two GETs: +A single curl command line may involve one or many URLs. The most common case +is probably to use one, but you can specify any amount of URLs. Yes any. No +limits. You then get requests repeated over and over for all the given URLs. - curl http://url1.example.com http://url2.example.com +Example, send two GET requests: - If you use [`--data`](https://curl.se/docs/manpage.html#-d) to POST to - the URL, using multiple URLs means that you send that same POST to all the - given URLs. + curl https://url1.example.com https://url2.example.com - Example, send two POSTs: +If you use [`--data`](https://curl.se/docs/manpage.html#-d) to POST to +the URL, using multiple URLs means that you send that same POST to all the +given URLs. - curl --data name=curl http://url1.example.com http://url2.example.com +Example, send two POSTs: + curl --data name=curl https://url1.example.com https://url2.example.com ## Multiple HTTP methods in a single command line - Sometimes you need to operate on several URLs in a single command line and do - different HTTP methods on each. For this, you'll enjoy the - [`--next`](https://curl.se/docs/manpage.html#-:) option. It is basically - a separator that separates a bunch of options from the next. All the URLs - before `--next` will get the same method and will get all the POST data - merged into one. +Sometimes you need to operate on several URLs in a single command line and do +different HTTP methods on each. For this, you might enjoy the +[`--next`](https://curl.se/docs/manpage.html#-:) option. It is a separator +that separates a bunch of options from the next. All the URLs before `--next` +get the same method and get all the POST data merged into one. - When curl reaches the `--next` on the command line, it'll sort of reset the - method and the POST data and allow a new set. +When curl reaches the `--next` on the command line, it resets the method and +the POST data and allow a new set. - Perhaps this is best shown with a few examples. To send first a HEAD and then - a GET: +Perhaps this is best shown with a few examples. To send first a HEAD and then +a GET: - curl -I http://example.com --next http://example.com + curl -I https://example.com --next https://example.com - To first send a POST and then a GET: +To first send a POST and then a GET: - curl -d score=10 http://example.com/post.cgi --next http://example.com/results.html + curl -d score=10 https://example.com/post.cgi --next https://example.com/results.html # HTML forms ## Forms explained - Forms are the general way a website can present a HTML page with fields for - the user to enter data in, and then press some kind of 'OK' or 'Submit' - button to get that data sent to the server. The server then typically uses - the posted data to decide how to act. Like using the entered words to search - in a database, or to add the info in a bug tracking system, display the - entered address on a map or using the info as a login-prompt verifying that - the user is allowed to see what it is about to see. +Forms are the general way a website can present an HTML page with fields for +the user to enter data in, and then press some kind of 'OK' or 'Submit' +button to get that data sent to the server. The server then typically uses +the posted data to decide how to act. Like using the entered words to search +in a database, or to add the info in a bug tracking system, display the +entered address on a map or using the info as a login-prompt verifying that +the user is allowed to see what it is about to see. - Of course there has to be some kind of program on the server end to receive - the data you send. You cannot just invent something out of the air. +Of course there has to be some kind of program on the server end to receive +the data you send. You cannot invent something out of the air. ## GET - A GET-form uses the method GET, as specified in HTML like: +A GET-form uses the method GET, as specified in HTML like: ```html
@@ -229,36 +243,35 @@
``` - In your favorite browser, this form will appear with a text box to fill in - and a press-button labeled "OK". If you fill in '1905' and press the OK - button, your browser will then create a new URL to get for you. The URL will - get `junk.cgi?birthyear=1905&press=OK` appended to the path part of the - previous URL. +In your favorite browser, this form appears with a text box to fill in and a +press-button labeled "OK". If you fill in '1905' and press the OK button, +your browser then creates a new URL to get for you. The URL gets +`junk.cgi?birthyear=1905&press=OK` appended to the path part of the previous +URL. - If the original form was seen on the page `www.example.com/when/birth.html`, - the second page you'll get will become - `www.example.com/when/junk.cgi?birthyear=1905&press=OK`. +If the original form was seen on the page `www.example.com/when/birth.html`, +the second page you get becomes +`www.example.com/when/junk.cgi?birthyear=1905&press=OK`. - Most search engines work this way. +Most search engines work this way. - To make curl do the GET form post for you, just enter the expected created - URL: +To make curl do the GET form post for you, enter the expected created URL: - curl "http://www.example.com/when/junk.cgi?birthyear=1905&press=OK" + curl "https://www.example.com/when/junk.cgi?birthyear=1905&press=OK" ## POST - The GET method makes all input field names get displayed in the URL field of - your browser. That's generally a good thing when you want to be able to - bookmark that page with your given data, but it is an obvious disadvantage if - you entered secret information in one of the fields or if there are a large - amount of fields creating a very long and unreadable URL. +The GET method makes all input field names get displayed in the URL field of +your browser. That is generally a good thing when you want to be able to +bookmark that page with your given data, but it is an obvious disadvantage if +you entered secret information in one of the fields or if there are a large +amount of fields creating a long and unreadable URL. - The HTTP protocol then offers the POST method. This way the client sends the - data separated from the URL and thus you won't see any of it in the URL - address field. +The HTTP protocol then offers the POST method. This way the client sends the +data separated from the URL and thus you do not see any of it in the URL +address field. - The form would look very similar to the previous one: +The form would look similar to the previous one: ```html
@@ -267,59 +280,56 @@
``` - And to use curl to post this form with the same data filled in as before, we - could do it like: +To use curl to post this form with the same data filled in as before, we +could do it like: - curl --data "birthyear=1905&press=%20OK%20" http://www.example.com/when.cgi + curl --data "birthyear=1905&press=%20OK%20" https://www.example.com/when/junk.cgi - This kind of POST will use the Content-Type - `application/x-www-form-urlencoded' and is the most widely used POST kind. +This kind of POST uses the Content-Type `application/x-www-form-urlencoded` +and is the most widely used POST kind. - The data you send to the server MUST already be properly encoded, curl will - not do that for you. For example, if you want the data to contain a space, - you need to replace that space with %20 etc. Failing to comply with this will - most likely cause your data to be received wrongly and messed up. +The data you send to the server MUST already be properly encoded, curl does +not do that for you. For example, if you want the data to contain a space, +you need to replace that space with `%20`, etc. Failing to comply with this +most likely causes your data to be received wrongly and messed up. - Recent curl versions can in fact url-encode POST data for you, like this: +Recent curl versions can in fact URL encode POST data for you, like this: - curl --data-urlencode "name=I am Daniel" http://www.example.com + curl --data-urlencode "name=I am Daniel" https://www.example.com - If you repeat `--data` several times on the command line, curl will - concatenate all the given data pieces - and put a `&` symbol between each - data segment. +If you repeat `--data` several times on the command line, curl concatenates +all the given data pieces - and put a `&` symbol between each data segment. ## File Upload POST - Back in late 1995 they defined an additional way to post data over HTTP. It - is documented in the RFC 1867, why this method sometimes is referred to as - RFC1867-posting. +Back in late 1995 they defined an additional way to post data over HTTP. It +is documented in the RFC 1867, why this method sometimes is referred to as +RFC 1867-posting. - This method is mainly designed to better support file uploads. A form that - allows a user to upload a file could be written like this in HTML: +This method is mainly designed to better support file uploads. A form that +allows a user to upload a file could be written like this in HTML: -```html -
- - -
-``` +
+ + +
- This clearly shows that the Content-Type about to be sent is - `multipart/form-data`. +This clearly shows that the Content-Type about to be sent is +`multipart/form-data`. - To post to a form like this with curl, you enter a command line like: +To post to a form like this with curl, you enter a command line like: curl --form upload=@localfilename --form press=OK [URL] ## Hidden Fields - A very common way for HTML based applications to pass state information - between pages is to add hidden fields to the forms. Hidden fields are already - filled in, they aren't displayed to the user and they get passed along just - as all the other fields. +A common way for HTML based applications to pass state information between +pages is to add hidden fields to the forms. Hidden fields are already filled +in, they are not displayed to the user and they get passed along as all the +other fields. - A similar example form with one visible field, one hidden field and one - submit button could look like: +A similar example form with one visible field, one hidden field and one +submit button could look like: ```html
@@ -329,124 +339,126 @@
``` - To POST this with curl, you won't have to think about if the fields are - hidden or not. To curl they're all the same: +To POST this with curl, you do not have to think about if the fields are +hidden or not. To curl they are all the same: curl --data "birthyear=1905&press=OK&person=daniel" [URL] ## Figure Out What A POST Looks Like - When you're about fill in a form and send to a server by using curl instead - of a browser, you're of course very interested in sending a POST exactly the - way your browser does. +When you are about to fill in a form and send it to a server by using curl +instead of a browser, you are of course interested in sending a POST exactly +the way your browser does. - An easy way to get to see this, is to save the HTML page with the form on - your local disk, modify the 'method' to a GET, and press the submit button - (you could also change the action URL if you want to). +An easy way to get to see this, is to save the HTML page with the form on +your local disk, modify the 'method' to a GET, and press the submit button +(you could also change the action URL if you want to). - You will then clearly see the data get appended to the URL, separated with a - `?`-letter as GET forms are supposed to. +You then clearly see the data get appended to the URL, separated with a +`?`-letter as GET forms are supposed to. # HTTP upload ## PUT - Perhaps the best way to upload data to a HTTP server is to use PUT. Then - again, this of course requires that someone put a program or script on the - server end that knows how to receive a HTTP PUT stream. +Perhaps the best way to upload data to an HTTP server is to use PUT. Then +again, this of course requires that someone put a program or script on the +server end that knows how to receive an HTTP PUT stream. - Put a file to a HTTP server with curl: +Put a file to an HTTP server with curl: - curl --upload-file uploadfile http://www.example.com/receive.cgi + curl --upload-file uploadfile https://www.example.com/receive.cgi # HTTP Authentication ## Basic Authentication - HTTP Authentication is the ability to tell the server your username and - password so that it can verify that you're allowed to do the request you're - doing. The Basic authentication used in HTTP (which is the type curl uses by - default) is **plain text** based, which means it sends username and password - only slightly obfuscated, but still fully readable by anyone that sniffs on - the network between you and the remote server. +HTTP Authentication is the ability to tell the server your username and +password so that it can verify that you are allowed to do the request you are +doing. The Basic authentication used in HTTP (which is the type curl uses by +default) is **plain text** based, which means it sends username and password +only slightly obfuscated, but still fully readable by anyone that sniffs on +the network between you and the remote server. - To tell curl to use a user and password for authentication: +To tell curl to use a user and password for authentication: - curl --user name:password http://www.example.com + curl --user myname:password https://www.example.com ## Other Authentication - The site might require a different authentication method (check the headers - returned by the server), and then - [`--ntlm`](https://curl.se/docs/manpage.html#--ntlm), - [`--digest`](https://curl.se/docs/manpage.html#--digest), - [`--negotiate`](https://curl.se/docs/manpage.html#--negotiate) or even - [`--anyauth`](https://curl.se/docs/manpage.html#--anyauth) might be - options that suit you. +The site might require a different authentication method (check the headers +returned by the server), and then +[`--ntlm`](https://curl.se/docs/manpage.html#--ntlm), +[`--digest`](https://curl.se/docs/manpage.html#--digest), +[`--negotiate`](https://curl.se/docs/manpage.html#--negotiate) or even +[`--anyauth`](https://curl.se/docs/manpage.html#--anyauth) might be +options that suit you. ## Proxy Authentication - Sometimes your HTTP access is only available through the use of a HTTP - proxy. This seems to be especially common at various companies. A HTTP proxy - may require its own user and password to allow the client to get through to - the Internet. To specify those with curl, run something like: +Sometimes your HTTP access is only available through the use of an HTTP +proxy. This seems to be especially common at various companies. An HTTP proxy +may require its own user and password to allow the client to get through to +the Internet. To specify those with curl, run something like: curl --proxy-user proxyuser:proxypassword curl.se - If your proxy requires the authentication to be done using the NTLM method, - use [`--proxy-ntlm`](https://curl.se/docs/manpage.html#--proxy-ntlm), if - it requires Digest use - [`--proxy-digest`](https://curl.se/docs/manpage.html#--proxy-digest). +If your proxy requires the authentication to be done using the NTLM method, +use [`--proxy-ntlm`](https://curl.se/docs/manpage.html#--proxy-ntlm), if +it requires Digest use +[`--proxy-digest`](https://curl.se/docs/manpage.html#--proxy-digest). - If you use any one of these user+password options but leave out the password - part, curl will prompt for the password interactively. +If you use any one of these user+password options but leave out the password +part, curl prompts for the password interactively. ## Hiding credentials - Do note that when a program is run, its parameters might be possible to see - when listing the running processes of the system. Thus, other users may be - able to watch your passwords if you pass them as plain command line - options. There are ways to circumvent this. +Do note that when a program is run, its parameters might be possible to see +when listing the running processes of the system. Thus, other users may be +able to watch your passwords if you pass them as plain command line +options. There are ways to circumvent this. - It is worth noting that while this is how HTTP Authentication works, very - many websites will not use this concept when they provide logins etc. See the - Web Login chapter further below for more details on that. +It is worth noting that while this is how HTTP Authentication works, many +websites do not use this concept when they provide logins etc. See the Web +Login chapter further below for more details on that. # More HTTP Headers ## Referer - A HTTP request may include a 'referer' field (yes it is misspelled), which - can be used to tell from which URL the client got to this particular - resource. Some programs/scripts check the referer field of requests to verify - that this wasn't arriving from an external site or an unknown page. While - this is a stupid way to check something so easily forged, many scripts still - do it. Using curl, you can put anything you want in the referer-field and - thus more easily be able to fool the server into serving your request. +An HTTP request may include a 'referer' field (yes it is misspelled), which +can be used to tell from which URL the client got to this particular +resource. Some programs/scripts check the referer field of requests to verify +that this was not arriving from an external site or an unknown page. While +this is a stupid way to check something so easily forged, many scripts still +do it. Using curl, you can put anything you want in the referer-field and +thus more easily be able to fool the server into serving your request. - Use curl to set the referer field with: +Use curl to set the referer field with: - curl --referer http://www.example.come http://www.example.com + curl --referer https://www.example.come https://www.example.com ## User Agent - Very similar to the referer field, all HTTP requests may set the User-Agent - field. It names what user agent (client) that is being used. Many - applications use this information to decide how to display pages. Silly web - programmers try to make different pages for users of different browsers to - make them look the best possible for their particular browsers. They usually - also do different kinds of javascript, vbscript etc. +Similar to the referer field, all HTTP requests may set the User-Agent +field. It names what user agent (client) that is being used. Many +applications use this information to decide how to display pages. Silly web +programmers try to make different pages for users of different browsers to +make them look the best possible for their particular browsers. They usually +also do different kinds of JavaScript etc. + +At times, you may learn that getting a page with curl does not return the +same page that you see when getting the page with your browser. Then you know +it is time to set the User Agent field to fool the server into thinking you +are one of those browsers. - At times, you will see that getting a page with curl will not return the same - page that you see when getting the page with your browser. Then you know it - is time to set the User Agent field to fool the server into thinking you're - one of those browsers. +By default, curl uses curl/VERSION, such as User-Agent: curl/8.11.0. - To make curl look like Internet Explorer 5 on a Windows 2000 box: +To make curl look like Internet Explorer 5 on a Windows 2000 box: curl --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" [URL] - Or why not look like you're using Netscape 4.73 on an old Linux box: +Or why not look like you are using Netscape 4.73 on an old Linux box: curl --user-agent "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL] @@ -454,140 +466,136 @@ ## Location header - When a resource is requested from a server, the reply from the server may - include a hint about where the browser should go next to find this page, or a - new page keeping newly generated output. The header that tells the browser to - redirect is `Location:`. +When a resource is requested from a server, the reply from the server may +include a hint about where the browser should go next to find this page, or a +new page keeping newly generated output. The header that tells the browser to +redirect is `Location:`. - Curl does not follow `Location:` headers by default, but will simply display - such pages in the same manner it displays all HTTP replies. It does however - feature an option that will make it attempt to follow the `Location:` - pointers. +curl does not follow `Location:` headers by default, but displays such +pages in the same manner it displays all HTTP replies. It does however +feature an option that makes it attempt to follow the `Location:` pointers. - To tell curl to follow a Location: +To tell curl to follow a Location: - curl --location http://www.example.com + curl --location https://www.example.com - If you use curl to POST to a site that immediately redirects you to another - page, you can safely use - [`--location`](https://curl.se/docs/manpage.html#-L) (`-L`) and - `--data`/`--form` together. curl will only use POST in the first request, and - then revert to GET in the following operations. +If you use curl to POST to a site that immediately redirects you to another +page, you can safely use [`--location`](https://curl.se/docs/manpage.html#-L) +(`-L`) and `--data`/`--form` together. curl only uses POST in the first +request, and then revert to GET in the following operations. ## Other redirects - Browser typically support at least two other ways of redirects that curl - doesn't: first the html may contain a meta refresh tag that asks the browser - to load a specific URL after a set number of seconds, or it may use - javascript to do it. +Browsers typically support at least two other ways of redirects that curl +does not: first the html may contain a meta refresh tag that asks the browser +to load a specific URL after a set number of seconds, or it may use +JavaScript to do it. # Cookies ## Cookie Basics - The way the web browsers do "client side state control" is by using - cookies. Cookies are just names with associated contents. The cookies are - sent to the client by the server. The server tells the client for what path - and host name it wants the cookie sent back, and it also sends an expiration - date and a few more properties. +The way the web browsers do "client side state control" is by using cookies. +Cookies are names with associated contents. The cookies are sent to the client +by the server. The server tells the client for what path and hostname it wants +the cookie sent back, and it also sends an expiration date and a few more +properties. - When a client communicates with a server with a name and path as previously - specified in a received cookie, the client sends back the cookies and their - contents to the server, unless of course they are expired. +When a client communicates with a server with a name and path as previously +specified in a received cookie, the client sends back the cookies and their +contents to the server, unless of course they are expired. - Many applications and servers use this method to connect a series of requests - into a single logical session. To be able to use curl in such occasions, we - must be able to record and send back cookies the way the web application - expects them. The same way browsers deal with them. +Many applications and servers use this method to connect a series of requests +into a single logical session. To be able to use curl in such occasions, we +must be able to record and send back cookies the way the web application +expects them. The same way browsers deal with them. ## Cookie options - The simplest way to send a few cookies to the server when getting a page with - curl is to add them on the command line like: +The simplest way to send a few cookies to the server when getting a page with +curl is to add them on the command line like: - curl --cookie "name=Daniel" http://www.example.com + curl --cookie "name=Daniel" https://www.example.com - Cookies are sent as common HTTP headers. This is practical as it allows curl - to record cookies simply by recording headers. Record cookies with curl by - using the [`--dump-header`](https://curl.se/docs/manpage.html#-D) (`-D`) - option like: +Cookies are sent as common HTTP headers. This is practical as it allows curl +to record cookies by recording headers. Record cookies with curl by +using the [`--dump-header`](https://curl.se/docs/manpage.html#-D) (`-D`) +option like: - curl --dump-header headers_and_cookies http://www.example.com + curl --dump-header headers_and_cookies https://www.example.com - (Take note that the - [`--cookie-jar`](https://curl.se/docs/manpage.html#-c) option described - below is a better way to store cookies.) +(Take note that the +[`--cookie-jar`](https://curl.se/docs/manpage.html#-c) option described +below is a better way to store cookies.) - Curl has a full blown cookie parsing engine built-in that comes in use if you - want to reconnect to a server and use cookies that were stored from a - previous connection (or hand-crafted manually to fool the server into - believing you had a previous connection). To use previously stored cookies, - you run curl like: +curl has a full blown cookie parsing engine built-in that comes in use if you +want to reconnect to a server and use cookies that were stored from a +previous connection (or hand-crafted manually to fool the server into +believing you had a previous connection). To use previously stored cookies, +you run curl like: - curl --cookie stored_cookies_in_file http://www.example.com + curl --cookie stored_cookies_in_file https://www.example.com - Curl's "cookie engine" gets enabled when you use the - [`--cookie`](https://curl.se/docs/manpage.html#-b) option. If you only - want curl to understand received cookies, use `--cookie` with a file that - doesn't exist. Example, if you want to let curl understand cookies from a - page and follow a location (and thus possibly send back cookies it received), - you can invoke it like: +curl's "cookie engine" gets enabled when you use the +[`--cookie`](https://curl.se/docs/manpage.html#-b) option. If you only +want curl to understand received cookies, use `--cookie` with a file that +does not exist. Example, if you want to let curl understand cookies from a +page and follow a location (and thus possibly send back cookies it received), +you can invoke it like: - curl --cookie nada --location http://www.example.com + curl --cookie nada --location https://www.example.com - Curl has the ability to read and write cookie files that use the same file - format that Netscape and Mozilla once used. It is a convenient way to share - cookies between scripts or invokes. The `--cookie` (`-b`) switch - automatically detects if a given file is such a cookie file and parses it, - and by using the `--cookie-jar` (`-c`) option you'll make curl write a new - cookie file at the end of an operation: +curl has the ability to read and write cookie files that use the same file +format that Netscape and Mozilla once used. It is a convenient way to share +cookies between scripts or invokes. The `--cookie` (`-b`) switch +automatically detects if a given file is such a cookie file and parses it, +and by using the `--cookie-jar` (`-c`) option you make curl write a new +cookie file at the end of an operation: curl --cookie cookies.txt --cookie-jar newcookies.txt \ - http://www.example.com + https://www.example.com # HTTPS ## HTTPS is HTTP secure - There are a few ways to do secure HTTP transfers. By far the most common - protocol for doing this is what is generally known as HTTPS, HTTP over - SSL. SSL encrypts all the data that is sent and received over the network and - thus makes it harder for attackers to spy on sensitive information. +There are a few ways to do secure HTTP transfers. By far the most common +protocol for doing this is what is generally known as HTTPS, HTTP over +SSL. SSL encrypts all the data that is sent and received over the network and +thus makes it harder for attackers to spy on sensitive information. - SSL (or TLS as the latest version of the standard is called) offers a - truckload of advanced features to allow all those encryptions and key - infrastructure mechanisms encrypted HTTP requires. +SSL (or TLS as the current version of the standard is called) offers a set of +advanced features to do secure transfers over HTTP. - Curl supports encrypted fetches when built to use a TLS library and it can be - built to use one out of a fairly large set of libraries - `curl -V` will show - which one your curl was built to use (if any!). To get a page from a HTTPS - server, simply run curl like: +curl supports encrypted fetches when built to use a TLS library and it can be +built to use one out of a fairly large set of libraries - `curl -V` shows +which one your curl was built to use (if any). To get a page from an HTTPS +server, run curl like: curl https://secure.example.com ## Certificates - In the HTTPS world, you use certificates to validate that you are the one - you claim to be, as an addition to normal passwords. Curl supports client- - side certificates. All certificates are locked with a pass phrase, which you - need to enter before the certificate can be used by curl. The pass phrase - can be specified on the command line or if not, entered interactively when - curl queries for it. Use a certificate with curl on a HTTPS server like: +In the HTTPS world, you use certificates to validate that you are the one you +claim to be, as an addition to normal passwords. curl supports client- side +certificates. All certificates are locked with a passphrase, which you need +to enter before the certificate can be used by curl. The passphrase can be +specified on the command line or if not, entered interactively when curl +queries for it. Use a certificate with curl on an HTTPS server like: curl --cert mycert.pem https://secure.example.com - curl also tries to verify that the server is who it claims to be, by - verifying the server's certificate against a locally stored CA cert - bundle. Failing the verification will cause curl to deny the connection. You - must then use [`--insecure`](https://curl.se/docs/manpage.html#-k) - (`-k`) in case you want to tell curl to ignore that the server can't be - verified. +curl also tries to verify that the server is who it claims to be, by +verifying the server's certificate against a locally stored CA cert bundle. +Failing the verification causes curl to deny the connection. You must then +use [`--insecure`](https://curl.se/docs/manpage.html#-k) (`-k`) in case you +want to tell curl to ignore that the server cannot be verified. - More about server certificate verification and ca cert bundles can be read in - the [SSLCERTS document](https://curl.se/docs/sslcerts.html). +More about server certificate verification and ca cert bundles can be read in +the [`SSLCERTS` document](https://curl.se/docs/sslcerts.html). - At times you may end up with your own CA cert store and then you can tell - curl to use that to verify the server's certificate: +At times you may end up with your own CA cert store and then you can tell +curl to use that to verify the server's certificate: curl --cacert ca-bundle.pem https://example.com/ @@ -595,106 +603,106 @@ ## Modify method and headers - Doing fancy stuff, you may need to add or change elements of a single curl - request. +Doing fancy stuff, you may need to add or change elements of a single curl +request. - For example, you can change the POST request to a PROPFIND and send the data - as `Content-Type: text/xml` (instead of the default Content-Type) like this: +For example, you can change the POST method to `PROPFIND` and send the data +as `Content-Type: text/xml` (instead of the default `Content-Type`) like +this: curl --data "" --header "Content-Type: text/xml" \ --request PROPFIND example.com - You can delete a default header by providing one without content. Like you - can ruin the request by chopping off the Host: header: +You can delete a default header by providing one without content. Like you +can ruin the request by chopping off the `Host:` header: - curl --header "Host:" http://www.example.com + curl --header "Host:" https://www.example.com - You can add headers the same way. Your server may want a `Destination:` - header, and you can add it: +You can add headers the same way. Your server may want a `Destination:` +header, and you can add it: - curl --header "Destination: http://nowhere" http://example.com + curl --header "Destination: nowhere" https://example.com ## More on changed methods - It should be noted that curl selects which methods to use on its own - depending on what action to ask for. `-d` will do POST, `-I` will do HEAD and - so on. If you use the - [`--request`](https://curl.se/docs/manpage.html#-X) / `-X` option you - can change the method keyword curl selects, but you will not modify curl's - behavior. This means that if you for example use -d "data" to do a POST, you - can modify the method to a `PROPFIND` with `-X` and curl will still think it - sends a POST . You can change the normal GET to a POST method by simply - adding `-X POST` in a command line like: +It should be noted that curl selects which methods to use on its own +depending on what action to ask for. `-d` makes a POST, `-I` makes a HEAD and +so on. If you use the [`--request`](https://curl.se/docs/manpage.html#-X) / +`-X` option you can change the method keyword curl selects, but you do not +modify curl's behavior. This means that if you for example use -d "data" to +do a POST, you can modify the method to a `PROPFIND` with `-X` and curl still +thinks it sends a POST. You can change the normal GET to a POST method by +adding `-X POST` in a command line like: - curl -X POST http://example.org/ + curl -X POST https://example.org/ - ... but curl will still think and act as if it sent a GET so it won't send - any request body etc. +curl however still acts as if it sent a GET so it does not send any request +body etc. # Web Login ## Some login tricks - While not strictly just HTTP related, it still causes a lot of people - problems so here's the executive run-down of how the vast majority of all - login forms work and how to login to them using curl. - - It can also be noted that to do this properly in an automated fashion, you - will most certainly need to script things and do multiple curl invokes etc. - - First, servers mostly use cookies to track the logged-in status of the - client, so you will need to capture the cookies you receive in the - responses. Then, many sites also set a special cookie on the login page (to - make sure you got there through their login page) so you should make a habit - of first getting the login-form page to capture the cookies set there. - - Some web-based login systems feature various amounts of javascript, and - sometimes they use such code to set or modify cookie contents. Possibly they - do that to prevent programmed logins, like this manual describes how to... - Anyway, if reading the code isn't enough to let you repeat the behavior - manually, capturing the HTTP requests done by your browsers and analyzing the - sent cookies is usually a working method to work out how to shortcut the - javascript need. - - In the actual `
` tag for the login, lots of sites fill-in - random/session or otherwise secretly generated hidden tags and you may need - to first capture the HTML code for the login form and extract all the hidden - fields to be able to do a proper login POST. Remember that the contents need - to be URL encoded when sent in a normal POST. +While not strictly HTTP related, it still causes a lot of people problems so +here's the executive run-down of how the vast majority of all login forms work +and how to login to them using curl. + +It can also be noted that to do this properly in an automated fashion, you +most certainly need to script things and do multiple curl invokes etc. + +First, servers mostly use cookies to track the logged-in status of the +client, so you need to capture the cookies you receive in the responses. +Then, many sites also set a special cookie on the login page (to make sure +you got there through their login page) so you should make a habit of first +getting the login-form page to capture the cookies set there. + +Some web-based login systems feature various amounts of JavaScript, and +sometimes they use such code to set or modify cookie contents. Possibly they +do that to prevent programmed logins, like this manual describes how to... +Anyway, if reading the code is not enough to let you repeat the behavior +manually, capturing the HTTP requests done by your browsers and analyzing the +sent cookies is usually a working method to work out how to shortcut the +JavaScript need. + +In the actual `` tag for the login, lots of sites fill-in +random/session or otherwise secretly generated hidden tags and you may need +to first capture the HTML code for the login form and extract all the hidden +fields to be able to do a proper login POST. Remember that the contents need +to be URL encoded when sent in a normal POST. # Debug ## Some debug tricks - Many times when you run curl on a site, you'll notice that the site doesn't - seem to respond the same way to your curl requests as it does to your - browser's. +Many times when you run curl on a site, you notice that the site does not +seem to respond the same way to your curl requests as it does to your +browser's. - Then you need to start making your curl requests more similar to your - browser's requests: +Then you need to start making your curl requests more similar to your +browser's requests: - - Use the `--trace-ascii` option to store fully detailed logs of the requests - for easier analyzing and better understanding +- Use the `--trace-ascii` option to store fully detailed logs of the requests + for easier analyzing and better understanding - - Make sure you check for and use cookies when needed (both reading with - `--cookie` and writing with `--cookie-jar`) +- Make sure you check for and use cookies when needed (both reading with + `--cookie` and writing with `--cookie-jar`) - - Set user-agent (with [`-A`](https://curl.se/docs/manpage.html#-A)) to - one like a recent popular browser does +- Set user-agent (with [`-A`](https://curl.se/docs/manpage.html#-A)) to + one like a recent popular browser does - - Set referer (with [`-E`](https://curl.se/docs/manpage.html#-E)) like - it is set by the browser +- Set referer (with [`-E`](https://curl.se/docs/manpage.html#-E)) like + it is set by the browser - - If you use POST, make sure you send all the fields and in the same order as - the browser does it. +- If you use POST, make sure you send all the fields and in the same order as + the browser does it. ## Check what the browsers do - A very good helper to make sure you do this right, is the web browsers' - developers tools that let you view all headers you send and receive (even - when using HTTPS). +A good helper to make sure you do this right, is the web browsers' developers +tools that let you view all headers you send and receive (even when using +HTTPS). - A more raw approach is to capture the HTTP traffic on the network with tools - such as Wireshark or tcpdump and check what headers that were sent and - received by the browser. (HTTPS forces you to use `SSLKEYLOGFILE` to do - that.) +A more raw approach is to capture the HTTP traffic on the network with tools +such as Wireshark or tcpdump and check what headers that were sent and +received by the browser. (HTTPS forces you to use `SSLKEYLOGFILE` to do +that.) diff --git a/docs/URL-SYNTAX.md b/docs/URL-SYNTAX.md index a97eb0d9ffad..45b6f5ab454c 100644 --- a/docs/URL-SYNTAX.md +++ b/docs/URL-SYNTAX.md @@ -1,3 +1,9 @@ + + # URL syntax and their use in curl ## Specifications @@ -5,8 +11,9 @@ The official "URL syntax" is primarily defined in these two different specifications: - - [RFC 3986](https://tools.ietf.org/html/rfc3986) (although URL is called "URI" in there) - - [The WHATWG URL Specification](https://url.spec.whatwg.org/) +- [RFC 3986](https://datatracker.ietf.org/doc/html/rfc3986) (although URL is called + "URI" in there) +- [The WHATWG URL Specification](https://url.spec.whatwg.org/) RFC 3986 is the earlier one, and curl has always tried to adhere to that one (since it shipped in January 2005). @@ -19,18 +26,18 @@ changes over time. URL parsers as implemented in browsers, libraries and tools usually opt to support one of the mentioned specifications. Bugs, differences in interpretations and the moving nature of the WHATWG spec does however make it -very unlikely that multiple parsers treat URLs the exact same way! +unlikely that multiple parsers treat URLs the same way. ## Security Due to the inherent differences between URL parser implementations, it is considered a security risk to mix different implementations and assume the -same behavior! +same behavior. -For example, if you use one parser to check if a URL uses a good host name or +For example, if you use one parser to check if a URL uses a good hostname or the correct auth field, and then pass on that same URL to a *second* parser, -there will always be a risk it treats the same URL differently. There is no -right and wrong in URL land, only differences of opinions. +there is always a risk it treats the same URL differently. There is no right +and wrong in URL land, only differences of opinions. libcurl offers a separate API to its URL parser for this reason, among others. @@ -41,8 +48,8 @@ security concerns: 1. If you have an application that runs as or in a server application, getting an unfiltered URL can trick your application to access a local resource - instead of a remote resource. Protecting yourself against localhost accesses is very - hard when accepting user provided URLs. + instead of a remote resource. Protecting yourself against localhost accesses + is hard when accepting user provided URLs. 2. Such custom URLs can access other ports than you planned as port numbers are part of the regular URL format. The combination of a local host and a @@ -51,28 +58,31 @@ security concerns: 3. Such a URL might use other schemes than you thought of or planned for. -## "RFC3986 plus" +## "RFC 3986 plus" curl recognizes a URL syntax that we call "RFC 3986 plus". It is grounded on -the well established RFC 3986 to make sure previously written command lines and -curl using scripts will remain working. +the well established RFC 3986 to make sure previously written command lines +and curl using scripts remain working. curl's URL parser allows a few deviations from the spec in order to inter-operate better with URLs that appear in the wild. -### spaces +### Spaces + +A URL provided to curl cannot contain spaces. They need to be provided URL +encoded to be accepted in a URL by curl. -In particular `Location:` headers that indicate to the client where a resource -has been redirected to, sometimes contain spaces. This is a violation of RFC -3986 but is fine in the WHATWG spec. curl handles these by re-encoding them to -`%20`. +An exception to this rule: `Location:` response headers that indicate to a +client where a resource has been redirected to, sometimes contain spaces. This +is a violation of RFC 3986 but is fine in the WHATWG spec. curl handles these +by re-encoding them to `%20`. -### non-ASCII +### Non-ASCII Byte values in a provided URL that are outside of the printable ASCII range are percent-encoded by curl. -### multiple slashes +### Multiple slashes An absolute URL always starts with a "scheme" followed by a colon. For all the schemes curl supports, the colon must be followed by two slashes according to @@ -88,18 +98,17 @@ curl supports "URLs" that do not start with a scheme. This is not supported by any of the specifications. This is a shortcut to entering URLs that was supported by browsers early on and has been mimicked by curl. -Based on what the host name starts with, curl will "guess" what protocol to -use: +Based on what the hostname starts with, curl "guesses" what protocol to use: - - `ftp.` means FTP - - `dict.` means DICT - - `ldap.` means LDAP - - `imap.` means IMAP - - `smtp.` means SMTP - - `pop3.` means POP3 - - all other means HTTP +- `ftp.` means FTP +- `dict.` means DICT +- `ldap.` means LDAP +- `imap.` means IMAP +- `smtp.` means SMTP +- `pop3.` means POP3 +- all other means HTTP -### globbing letters +### Globbing letters The curl command line tool supports "globbing" of URLs. It means that you can create ranges and lists using `[N-M]` and `{one,two,three}` sequences. The @@ -121,7 +130,7 @@ character or string. For example, this could look like: - http://user:password@www.example.com:80/index.hmtl?foo=bar#top + https://user:password@www.example.com:80/index.html?foo=bar#top ## Scheme @@ -132,9 +141,8 @@ curl supports the following schemes on URLs specified to transfer. They are matched case insensitively: `dict`, `file`, `ftp`, `ftps`, `gopher`, `gophers`, `http`, `https`, `imap`, -`imaps`, `ldap`, `ldaps`, `mqtt`, `pop3`, `pop3s`, `rtmp`, `rtmpe`, `rtmps`, -`rtmpt`, `rtmpte`, `rtmpts`, `rtsp`, `smb`, `smbs`, `smtp`, `smtps`, `telnet`, -`tftp` +`imaps`, `ldap`, `ldaps`, `mqtt`, `pop3`, `pop3s`, `rtsp`, `smb`, `smbs`, +`smtp`, `smtps`, `telnet`, `tftp` When the URL is specified to identify a proxy, curl recognizes the following schemes: @@ -143,13 +151,13 @@ schemes: ## Userinfo -The userinfo field can be used to set user name and password for +The userinfo field can be used to set username and password for authentication purposes in this transfer. The use of this field is discouraged since it often means passing around the password in plain text and is thus a security risk. URLs for IMAP, POP3 and SMTP also support *login options* as part of the -userinfo field. They're provided as a semicolon after the password and then +userinfo field. They are provided as a semicolon after the password and then the options. ## Hostname @@ -160,19 +168,19 @@ local network name of the machine on your network or the IP address of the server or machine represented by either an IPv4 or IPv6 address (within brackets). For example: - http://www.example.com/ + https://www.example.com/ - http://hostname/ + https://hostname.example/ - http://192.168.0.1/ + https://192.168.0.1/ - http://[2001:1890:1112:1::20]/ + https://[2001:1890:1112:1::20]/ ### "localhost" -Starting in curl 7.77.0, curl will use loopback IP addresses for the name -`localhost`: `127.0.0.1` and `::1`. It will not try to resolve the name using -the resolver functions. +Starting in curl 7.77.0, curl uses loopback IP addresses for the name +`localhost`: `127.0.0.1` and `::1`. It does not resolve the name using the +resolver functions. This is done to make sure the host accessed is truly the localhost - the local machine. @@ -180,30 +188,29 @@ machine. ### IDNA If curl was built with International Domain Name (IDN) support, it can also -handle host names using non-ASCII characters. +handle hostnames using non-ASCII characters. When built with libidn2, curl uses the IDNA 2008 standard. This is equivalent to the WHATWG URL spec, but differs from certain browsers that use IDNA 2003 Transitional Processing. The two standards have a huge overlap but differ -slightly, perhaps most famously in how they deal with the German "double s" -(`ß`). +slightly, perhaps most famously in how they deal with the +[German "double s"](https://en.wikipedia.org/wiki/%c3%9f). -When winidn is used, curl uses IDNA 2003 Transitional Processing, like the rest +When WinIDN is used, curl uses IDNA 2003 Transitional Processing, like the rest of Windows. ## Port number -If there's a colon after the hostname, that should be followed by the port +If there is a colon after the hostname, that should be followed by the port number to use. 1 - 65535. curl also supports a blank port number field - but only if the URL starts with a scheme. -If the port number is not specified in the URL, curl will used a default port -based on the provide scheme: +If the port number is not specified in the URL, curl uses a default port +number based on the provide scheme: -DICT 2628, FTP 21, FTPS 990, GOPHER 70, GOPHERS 70, HTTP 80, HTTPS 443, -IMAP 132, IMAPS 993, LDAP 369, LDAPS 636, MQTT 1883, POP3 110, POP3S 995, -RTMP 1935, RTMPS 443, RTMPT 80, RTSP 554, SCP 22, SFTP 22, SMB 445, SMBS 445, -SMTP 25, SMTPS 465, TELNET 23, TFTP 69 +DICT 2628, FTP 21, FTPS 990, GOPHER 70, GOPHERS 70, HTTP 80, HTTPS 443, IMAP +143, IMAPS 993, LDAP 389, LDAPS 636, MQTT 1883, POP3 110, POP3S 995, RTSP 554, +SCP 22, SFTP 22, SMB 445, SMBS 445, SMTP 25, SMTPS 465, TELNET 23, TFTP 69 # Scheme specific behaviors @@ -212,12 +219,12 @@ SMTP 25, SMTPS 465, TELNET 23, TFTP 69 The path part of an FTP request specifies the file to retrieve and from which directory. If the file part is omitted then libcurl downloads the directory listing for the directory specified. If the directory is omitted then the -directory listing for the root / home directory will be returned. +directory listing for the root / home directory is returned. FTP servers typically put the user in its "home directory" after login, which then differs between users. To explicitly specify the root directory of an FTP -server start the path with double slash `//` or `/%2f` (2F is the hexadecimal -value of the ascii code for the slash). +server, start the path with double slash `//` or `/%2f` (2F is the hexadecimal +value of the ASCII code for the slash). ## FILE @@ -227,14 +234,14 @@ to read or write such a path. curl only allows the hostname part of a FILE URL to be one out of these three alternatives: `localhost`, `127.0.0.1` or blank ("", zero characters). -Anything else will make curl fail to parse the URL. +Anything else makes curl fail to parse the URL. ### Windows-specific FILE details -curl accepts that the FILE URL's path starts with a "drive letter". That's a +curl accepts that the FILE URL's path starts with a "drive letter". That is a single letter `a` to `z` followed by a colon or a pipe character (`|`). -The Windows operating system itself will convert some file accesses to perform +The Windows operating system itself converts some file accesses to perform network accesses over SMB/CIFS, through several different file path patterns. This way, a `file://` URL passed to curl *might* be converted into a network access inadvertently and unknowingly to curl. This is a Windows feature curl @@ -255,7 +262,7 @@ A folder list on the user's inbox: imap://user:password@mail.example.com/INBOX -Select the user's inbox and fetch message with uid = 1: +Select the user's inbox and fetch message with `uid = 1`: imap://user:password@mail.example.com/INBOX/;UID=1 @@ -285,31 +292,49 @@ subject line: imap://user:password@mail.example.com/INBOX?SUBJECT%20shadows -For more information about the individual components of an IMAP URL please see -RFC 5092. +Searching via the query part of the URL `?` is a search request for the +results to be returned as message sequence numbers (`MAILINDEX`). It is +possible to make a search request for results to be returned as unique ID +numbers (`UID`) by using a custom curl request via `-X`. `UID` numbers are +unique per session (and multiple sessions when `UIDVALIDITY` is the same). For +example, if you are searching for `"foo bar"` in header+body (`TEXT`) and you +want the matching `MAILINDEX` numbers returned then you could search via URL: + + imap://user:password@mail.example.com/INBOX?TEXT%20%22foo%20bar%22 + +If you want matching `UID` numbers you have to use a custom request: + + imap://user:password@mail.example.com/INBOX -X "UID SEARCH TEXT \"foo bar\"" + +For more information about IMAP commands please see RFC 9051. For more +information about the individual components of an IMAP URL please see RFC 5092. + +* Note old curl versions would `FETCH` by message sequence number when `UID` +was specified in the URL. That was a bug fixed in 7.62.0, which added +`MAILINDEX` to `FETCH` by mail sequence number. ## LDAP -The path part of a LDAP request can be used to specify the: Distinguished -Name, Attributes, Scope, Filter and Extension for a LDAP search. Each field is -separated by a question mark and when that field is not required an empty +The path part of an LDAP request can be used to specify the: Distinguished +Name, Attributes, Scope, Filter and Extension for an LDAP search. Each field +is separated by a question mark and when that field is not required an empty string with the question mark separator should be included. -Search for the DN as `My Organisation`: +Search for the `DN` as `My Organization`: - ldap://ldap.example.com/o=My%20Organisation + ldap://ldap.example.com/o=My%20Organization -the same search but will only return postalAddress attributes: +the same search but only return `postalAddress` attributes: - ldap://ldap.example.com/o=My%20Organisation?postalAddress + ldap://ldap.example.com/o=My%20Organization?postalAddress -Search for an empty DN and request information about the +Search for an empty `DN` and request information about the `rootDomainNamingContext` attribute for an Active Directory server: ldap://ldap.example.com/?rootDomainNamingContext -For more information about the individual components of a LDAP URL please -see [RFC 4516](https://tools.ietf.org/html/rfc4516). +For more information about the individual components of an LDAP URL please see +[RFC 4516](https://datatracker.ietf.org/doc/html/rfc4516). ## POP3 @@ -330,37 +355,27 @@ To specify a path relative to the user's home directory on the server, prepend The path part of an SFTP URL specifies the file to retrieve or upload. If the path ends with a slash (`/`) then a directory listing is returned instead of a file. If the path is omitted entirely then the directory listing for the root -/ home directory will be returned. +/ home directory is returned. ## SMB -The path part of a SMB request specifies the file to retrieve and from what +The path part of an SMB request specifies the file to retrieve and from what share and directory or the share to upload to and as such, may not be omitted. -If the user name is embedded in the URL then it must contain the domain name +If the username is embedded in the URL then it must contain the domain name and as such, the backslash must be URL encoded as %2f. +When uploading to SMB, the size of the file needs to be known ahead of time, +meaning that you can upload a file passed to curl over a pipe like stdin. + curl supports SMB version 1 (only) ## SMTP -The path part of a SMTP request specifies the host name to present during -communication with the mail server. If the path is omitted, then libcurl will -attempt to resolve the local computer's host name. However, this may not -return the fully qualified domain name that is required by some mail servers -and specifying this path allows you to set an alternative name, such as your +The path part of an SMTP request specifies the hostname to present during +communication with the mail server. If the path is omitted, then libcurl +attempts to resolve the local computer's hostname. This may not return the +fully qualified domain name that is required by some mail servers and +specifying this path allows you to set an alternative name, such as your machine's fully qualified domain name, which you might have obtained from an external function such as gethostname or getaddrinfo. The default smtp port is 25. Some servers use port 587 as an alternative. - -## RTMP - -There's no official URL spec for RTMP so libcurl uses the URL syntax supported -by the underlying librtmp library. It has a syntax where it wants a -traditional URL, followed by a space and a series of space-separated -`name=value` pairs. - -While space is not typically a "legal" letter, libcurl accepts them. When a -user wants to pass in a `#` (hash) character it will be treated as a fragment -and get cut off by libcurl if provided literally. You will instead have to -escape it by providing it as backslash and its ASCII value in hexadecimal: -`\23`. diff --git a/docs/VERSIONS.md b/docs/VERSIONS.md index bcc7474d9c47..e211487561b0 100644 --- a/docs/VERSIONS.md +++ b/docs/VERSIONS.md @@ -1,57 +1,344 @@ -Version Numbers and Releases -============================ + - The version numbering is always built up using the same system: +# Version Numbers and Releases - X.Y.Z +The command line tool curl and the library libcurl are individually +versioned, but they usually follow each other closely. - - X is main version number - - Y is release number - - Z is patch number +The version numbering is always built up using the same system: + + X.Y.Z + +- X is main version number +- Y is release number +- Z is patch number ## Bumping numbers - One of these numbers will get bumped in each new release. The numbers to the - right of a bumped number will be reset to zero. +One of these numbers get bumped in each new release. The numbers to the right +of a bumped number are reset to zero. - The main version number will get bumped when *really* big, world colliding - changes are made. The release number is bumped when changes are performed or - things/features are added. The patch number is bumped when the changes are - mere bugfixes. +The main version number is bumped when *really* big, world colliding changes +are made. The release number is bumped when changes are performed or +things/features are added. The patch number is bumped when the changes are +mere bugfixes. - It means that after release 1.2.3, we can release 2.0.0 if something really - big has been made, 1.3.0 if not that big changes were made or 1.2.4 if only - bugs were fixed. +It means that after release 1.2.3, we can release 2.0.0 if something really +big has been made, 1.3.0 if not that big changes were made or 1.2.4 if only +bugs were fixed. - Bumping, as in increasing the number with 1, is unconditionally only - affecting one of the numbers (except the ones to the right of it, that may be - set to zero). 1 becomes 2, 3 becomes 4, 9 becomes 10, 88 becomes 89 and 99 - becomes 100. So, after 1.2.9 comes 1.2.10. After 3.99.3, 3.100.0 might come. +Bumping, as in increasing the number with 1, is unconditionally only affecting +one of the numbers (except the ones to the right of it, that may be set to +zero). 1 becomes 2, 3 becomes 4, 9 becomes 10, 88 becomes 89 and 99 +becomes 100. After 1.2.9 comes 1.2.10. After 3.99.3, 3.100.0 might come. - All original curl source release archives are named according to the libcurl - version (not according to the curl client version that, as said before, might - differ). +All original curl source release archives are named according to the libcurl +version (not according to the curl client version that, as said before, might +differ). - As a service to any application that might want to support new libcurl - features while still being able to build with older versions, all releases - have the libcurl version stored in the curl/curlver.h file using a static - numbering scheme that can be used for comparison. The version number is - defined as: +As a service to any application that might want to support new libcurl +features while still being able to build with older versions, all releases +have the libcurl version stored in the `curl/curlver.h` file using a static +numbering scheme that can be used for comparison. The version number is +defined as: ```c #define LIBCURL_VERSION_NUM 0xXXYYZZ ``` - Where XX, YY and ZZ are the main version, release and patch numbers in - hexadecimal. All three number fields are always represented using two digits - (eight bits each). 1.2 would appear as "0x010200" while version 9.11.7 - appears as "0x090b07". +Where `XX`, `YY` and `ZZ` are the main version, release and patch numbers in +hexadecimal. All three number fields are always represented using two digits +(eight bits each). 1.2 would appear as "0x010200" while version 9.11.7 +appears as `0x090b07`. + +This 6-digit hexadecimal number is always a greater number in a more recent +release. It makes comparisons with greater than and less than work. + +This number is also available as three separate defines: +`LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`. + +## Past releases - This 6-digit hexadecimal number is always a greater number in a more recent - release. It makes comparisons with greater than and less than work. +This is a list of all public releases with their version numbers and release +dates. The tool was called `httpget` before 2.0, `urlget` before 4.0 then +`curl` since 4.0. `libcurl` and `curl` are always released in sync, using the +same version numbers. - This number is also available as three separate defines: - `LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`. +- 8.20.0: pending +- 8.19.0: March 11, 2026 +- 8.18.0: January 7, 2026 +- 8.17.0: November 5, 2025 +- 8.16.0: September 10, 2025 +- 8.15.0: July 16, 2025 +- 8.14.1: June 4 2025 +- 8.14.0: May 28 2025 +- 8.13.0: April 2 2025 +- 8.12.1: February 13 2025 +- 8.12.0: February 5 2025 +- 8.11.1: December 11 2024 +- 8.11.0: November 6 2024 +- 8.10.1: September 18 2024 +- 8.10.0: September 11 2024 +- 8.9.1: July 31 2024 +- 8.9.0: July 24 2024 +- 8.8.0: May 22 2024 +- 8.7.1: March 27 2024 +- 8.7.0: March 27 2024 +- 8.6.0: January 31 2024 +- 8.5.0: December 6 2023 +- 8.4.0: October 11 2023 +- 8.3.0: September 13 2023 +- 8.2.1: July 26 2023 +- 8.2.0: July 19 2023 +- 8.1.2: May 30 2023 +- 8.1.1: May 23 2023 +- 8.1.0: May 17 2023 +- 8.0.1: March 20 2023 +- 8.0.0: March 20 2023 +- 7.88.1: February 20 2023 +- 7.88.0: February 15 2023 +- 7.87.0: December 21 2022 +- 7.86.0: October 26 2022 +- 7.85.0: August 31 2022 +- 7.84.0: June 27 2022 +- 7.83.1: May 11 2022 +- 7.83.0: April 27 2022 +- 7.82.0: March 5 2022 +- 7.81.0: January 5 2022 +- 7.80.0: November 10 2021 +- 7.79.1: September 22 2021 +- 7.79.0: September 15 2021 +- 7.78.0: July 21 2021 +- 7.77.0: May 26 2021 +- 7.76.1: April 14 2021 +- 7.76.0: March 31 2021 +- 7.75.0: February 3 2021 +- 7.74.0: December 9 2020 +- 7.73.0: October 14 2020 +- 7.72.0: August 19 2020 +- 7.71.1: July 1 2020 +- 7.71.0: June 24 2020 +- 7.70.0: April 29 2020 +- 7.69.1: March 11 2020 +- 7.69.0: March 4 2020 +- 7.68.0: January 8 2020 +- 7.67.0: November 6 2019 +- 7.66.0: September 11 2019 +- 7.65.3: July 19 2019 +- 7.65.2: July 17 2019 +- 7.65.1: June 5 2019 +- 7.65.0: May 22 2019 +- 7.64.1: March 27 2019 +- 7.64.0: February 6 2019 +- 7.63.0: December 12 2018 +- 7.62.0: October 31 2018 +- 7.61.1: September 5 2018 +- 7.61.0: July 11 2018 +- 7.60.0: May 16 2018 +- 7.59.0: March 14 2018 +- 7.58.0: January 24 2018 +- 7.57.0: November 29 2017 +- 7.56.1: October 23 2017 +- 7.56.0: October 4 2017 +- 7.55.1: August 14 2017 +- 7.55.0: August 9 2017 +- 7.54.1: June 14 2017 +- 7.54.0: April 19 2017 +- 7.53.1: February 24 2017 +- 7.53.0: February 22 2017 +- 7.52.1: December 23 2016 +- 7.52.0: December 21 2016 +- 7.51.0: November 2 2016 +- 7.50.3: September 14 2016 +- 7.50.2: September 7 2016 +- 7.50.1: August 3 2016 +- 7.50.0: July 21 2016 +- 7.49.1: May 30 2016 +- 7.49.0: May 18 2016 +- 7.48.0: March 23 2016 +- 7.47.1: February 8 2016 +- 7.47.0: January 27 2016 +- 7.46.0: December 2 2015 +- 7.45.0: October 7 2015 +- 7.44.0: August 12 2015 +- 7.43.0: June 17 2015 +- 7.42.1: April 29 2015 +- 7.42.0: April 22 2015 +- 7.41.0: February 25 2015 +- 7.40.0: January 8 2015 +- 7.39.0: November 5 2014 +- 7.38.0: September 10 2014 +- 7.37.1: July 16 2014 +- 7.37.0: May 21 2014 +- 7.36.0: March 26 2014 +- 7.35.0: January 29 2014 +- 7.34.0: December 17 2013 +- 7.33.0: October 14 2013 +- 7.32.0: August 12 2013 +- 7.31.0: June 22 2013 +- 7.30.0: April 12 2013 +- 7.29.0: February 6 2013 +- 7.28.1: November 20 2012 +- 7.28.0: October 10 2012 +- 7.27.0: July 27 2012 +- 7.26.0: May 24 2012 +- 7.25.0: March 22 2012 +- 7.24.0: January 24 2012 +- 7.23.1: November 17 2011 +- 7.23.0: November 15 2011 +- 7.22.0: September 13 2011 +- 7.21.7: June 23 2011 +- 7.21.6: April 22 2011 +- 7.21.5: April 17 2011 +- 7.21.4: February 17 2011 +- 7.21.3: December 15 2010 +- 7.21.2: October 13 2010 +- 7.21.1: August 11 2010 +- 7.21.0: June 16 2010 +- 7.20.1: April 14 2010 +- 7.20.0: February 9 2010 +- 7.19.7: November 4 2009 +- 7.19.6: August 12 2009 +- 7.19.5: May 18 2009 +- 7.19.4: March 3 2009 +- 7.19.3: January 19 2009 +- 7.19.2: November 13 2008 +- 7.19.1: November 5 2008 +- 7.19.0: September 1 2008 +- 7.18.2: June 4 2008 +- 7.18.1: March 30 2008 +- 7.18.0: January 28 2008 +- 7.17.1: October 29 2007 +- 7.17.0: September 13 2007 +- 7.16.4: July 10 2007 +- 7.16.3: June 25 2007 +- 7.16.2: April 11 2007 +- 7.16.1: January 29 2007 +- 7.16.0: October 30 2006 +- 7.15.5: August 7 2006 +- 7.15.4: June 12 2006 +- 7.15.3: March 20 2006 +- 7.15.2: February 27 2006 +- 7.15.1: December 7 2005 +- 7.15.0: October 13 2005 +- 7.14.1: September 1 2005 +- 7.14.0: May 16 2005 +- 7.13.2: April 4 2005 +- 7.13.1: March 4 2005 +- 7.13.0: February 1 2005 +- 7.12.3: December 20 2004 +- 7.12.2: October 18 2004 +- 7.12.1: August 10 2004 +- 7.12.0: June 2 2004 +- 7.11.2: April 26 2004 +- 7.11.1: March 19 2004 +- 7.11.0: January 22 2004 +- 7.10.8: November 1 2003 +- 7.10.7: August 15 2003 +- 7.10.6: July 28 2003 +- 7.10.5: May 19 2003 +- 7.10.4: April 2 2003 +- 7.10.3: January 14 2003 +- 7.10.2: November 18 2002 +- 7.10.1: October 11 2002 +- 7.10: October 1 2002 +- 7.9.8: June 13 2002 +- 7.9.7: May 10 2002 +- 7.9.6: April 14 2002 +- 7.9.5: March 7 2002 +- 7.9.4: March 4 2002 +- 7.9.3: January 23 2002 +- 7.9.2: December 5 2001 +- 7.9.1: November 4 2001 +- 7.9: September 23 2001 +- 7.8.1: August 20 2001 +- 7.8: June 7 2001 +- 7.7.3: May 4 2001 +- 7.7.2: April 22 2001 +- 7.7.1: April 3 2001 +- 7.7: March 22 2001 +- 7.6.1: February 9 2001 +- 7.6: January 26 2001 +- 7.5.2: January 4 2001 +- 7.5.1: December 11 2000 +- 7.5: December 1 2000 +- 7.4.2: November 15 2000 +- 7.4.1: October 16 2000 +- 7.4: October 16 2000 +- 7.3: September 28 2000 +- 7.2.1: August 31 2000 +- 7.2: August 30 2000 +- 7.1.1: August 21 2000 +- 7.1: August 7 2000 +- 6.5.2: March 21 2000 +- 6.5.1: March 20 2000 +- 6.5: March 13 2000 +- 6.4: January 17 2000 +- 6.3.1: November 23 1999 +- 6.3: November 10 1999 +- 6.2: October 21 1999 +- 6.1: October 17 1999 +- 6.0: September 13 1999 +- 5.11: August 25 1999 +- 5.10: August 13 1999 +- 5.9.1: July 30 1999 +- 5.9: May 22 1999 +- 5.8: May 5 1999 +- 5.7.1: April 23 1999 +- 5.7: April 20 1999 +- 5.5.1: January 27 1999 +- 5.5: January 15 1999 +- 5.4: January 7 1999 +- 5.3: December 21 1998 +- 5.2.1: December 14 1998 +- 5.2: December 14 1998 +- 5.0: December 1 1998 +- 4.10: October 26 1998 +- 4.9: October 7 1998 +- 4.8.4: September 20 1998 +- 4.8.3: September 7 1998 +- 4.8.2: August 14 1998 +- 4.8.1: August 7 1998 +- 4.8: July 30 1998 +- 4.7: July 20 1998 +- 4.6: July 3 1998 +- 4.5.1: June 12 1998 +- 4.5: May 30 1998 +- 4.4: May 13 1998 +- 4.3: April 30 1998 +- 4.2: April 15 1998 +- 4.1: April 3 1998 +- 4.0: March 20 1998 +- 3.12: March 14 1998 +- 3.11: February 9 1998 +- 3.10: February 4 1998 +- 3.9: February 4 1998 +- 3.7: January 15 1998 +- 3.6: January 1 1998 +- 3.5: December 15 1997 +- 3.2: December 1 1997 +- 3.1: November 24 1997 +- 3.0: November 1 1997 +- 2.9: October 15 1997 +- 2.8: October 1 1997 +- 2.7: September 20 1997 +- 2.6: September 10 1997 +- 2.5: September 1 1997 +- 2.4: August 27 1997 +- 2.3: August 21 1997 +- 2.2: August 14 1997 +- 2.1: August 10 1997 +- 2.0: August 1 1997 +- 1.5: July 21 1997 +- 1.4: July 15 1997 +- 1.3: June 1 1997 +- 1.2: May 1 1997 +- 1.1: April 20 1997 +- 1.0: April 8 1997 +- 0.3: February 1 1997 +- 0.2: December 17 1996 +- 0.1: November 11 1996 diff --git a/docs/VULN-DISCLOSURE-POLICY.md b/docs/VULN-DISCLOSURE-POLICY.md new file mode 100644 index 000000000000..abc7ef2c0a96 --- /dev/null +++ b/docs/VULN-DISCLOSURE-POLICY.md @@ -0,0 +1,451 @@ + + +# curl vulnerability disclosure policy + +This document describes how security vulnerabilities are handled in the curl +project. + +There is no bug bounty and the curl project never offers rewards for reported +vulnerabilities. + +## Publishing Information + +All known and public curl or libcurl related vulnerabilities are listed on +[the curl website security page](https://curl.se/docs/security.html). + +Security vulnerabilities **should not** be entered in the project's public bug +tracker. + +## Vulnerability Handling + +The typical process for handling a new security vulnerability is as follows. + +No information should be made public about a vulnerability until it is +formally announced at the end of this process. That means, for example, that a +bug tracker entry must NOT be created to track the issue since that makes the +issue public and it should not be discussed on any of the project's public +mailing lists. Messages associated with any commits should not make any +reference to the security nature of the commit if done prior to the public +announcement. + +- The person discovering the issue, the reporter, reports the vulnerability on + [HackerOne](https://hackerone.com/curl). Issues filed there reach a handful + of selected and trusted people. + +- Messages that do not relate to the reporting or managing of an undisclosed + security vulnerability in curl or libcurl are ignored and no further action + is required. + +- A person in the security team responds to the original report to acknowledge + that a human has seen the report. + +- The security team investigates the report and either rejects it or accepts + it. See below for examples of problems that are not considered + vulnerabilities. + +- If the report is rejected, the team writes to the reporter to explain why. + +- If the report is accepted, the team writes to the reporter to let them + know it is accepted and that they are working on a fix. + +- The security team discusses the problem, works out a fix, considers the + impact of the problem and suggests a release schedule. This discussion + should involve the reporter as much as possible. + +- The release of the information should be "as soon as possible" and is most + often synchronized with an upcoming release that contains the fix. If the + reporter, or anyone else involved, thinks the next planned release is too + far away, then a separate earlier release should be considered. + +- Write a security advisory draft about the problem that explains what the + problem is, its impact, which versions it affects, solutions or workarounds, + when the release is out and make sure to credit all contributors properly. + Figure out the CWE (Common Weakness Enumeration) number for the flaw. See + [SECURITY-ADVISORY](https://curl.se/dev/advisory.html) for help on creating + the advisory. + +- Request a CVE Id for the issue. curl is a CNA (CVE Numbering Authority) and + can request its own numbers. + +- Update the "security advisory" with the CVE number. + +- The security team commits the fix in a private branch. The commit message + should ideally contain the CVE number. If the severity level of the issue is + set to Low or Medium, the fix is allowed to get merged into the master + repository via a normal PR - but without mentioning it being a security + vulnerability. + +- No more than seven days before release, inform + [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros) + to prepare them about the upcoming public security vulnerability + announcement - attach the advisory draft for information with CVE and + current patch. 'distros' does not accept an embargo longer than 7 days and + they do not care for Windows-specific flaws. + +- No more than 48 hours before the release, the private branch is merged into + the master branch and pushed. Once pushed, the information is accessible to + the public and the actual release should follow suit immediately afterwards. + The time between the push and the release is used for final tests and + reviews. + +- The project team creates a release that includes the fix. + +- The project team announces the release and the vulnerability to the world in + the same manner we always announce releases. It gets sent to the + curl-announce, curl-library and curl-users mailing lists. + +- The security webpage on the website should get the new vulnerability + mentioned. + +## security (at curl dot se) + +This is a private mailing list for discussions on and about curl security +issues. + +Who is on this list? There are a couple of criteria you must meet, and then we +might ask you to join the list or you can ask to join it. It really is not a +formal process. We only require that you have a long-term presence in the curl +project and you have shown an understanding for the project and its way of +working. You must have been around for a good while and you should have no +plans of vanishing in the near future. + +We do not make the list of participants public mostly because it tends to vary +somewhat over time and a list somewhere only risks getting outdated. + +## Publishing Security Advisories + +1. Write up the security advisory, using markdown syntax. Use the same + subtitles as last time to maintain consistency. + +2. Name the advisory file after the allocated CVE id. + +3. Add a line on the top of the array in `curl-www/docs/vuln.pm`. + +4. Put the new advisory markdown file in the `curl-www/docs/` directory. Add it + to the git repository. + +5. Run `make` in your local web checkout and verify that things look fine. + +6. On security advisory release day, push the changes on the curl-www + repository's remote master branch. + +## Disclose the report + +Request the issue to be disclosed. If there are sensitive details present in +the report and discussion, those should be redacted from the disclosure. The +default policy is to disclose as much as possible as soon as the vulnerability +has been published. + +*All* reports submitted to the project, valid or not, should be disclosed and +made public. + +# Severity levels + +The curl project's security team rates security problems using four severity +levels depending how serious we consider the problem to be. We use **Low**, +**Medium**, **High** and **Critical**. We refrain from using numerical scoring +of vulnerabilities. + +We do not support CVSS as a method to grade security vulnerabilities, so we do +not set them for CVE records published by the curl project. We believe CVSS is +a broken system that often does not properly evaluate to suitable severity +levels that reflect all dimensions and factors involved. Other organizations +however set and provide CVSS scores for curl vulnerabilities. You need to +decide for yourself if you believe they know enough about the subjects +involved to make reasonable assessments. Deciding between four different +severity levels is hard enough for us. + +When deciding severity level on a particular issue, we take all the factors +into account: attack vector, attack complexity, required privileges, necessary +build configuration, protocols involved, platform specifics and also what +effects a possible exploit or trigger of the issue can lead to, including +confidentiality, integrity or availability problems. + +## Low + +This is a security problem that is truly hard or unlikely to exploit or +trigger. Due to timing, platform requirements or the fact that options or +protocols involved are rare etc. [Past +example](https://curl.se/docs/CVE-2022-43552.html) + +## Medium + +This is a security problem that is less hard than **Low** to exploit or +trigger. Less strict timing, wider platform availability or involving more +widely used options or protocols. A problem that usually needs something else +to also happen to become serious. [Past +example](https://curl.se/docs/CVE-2022-32206.html) + +## High + +This issue is in itself a serious problem with real world impact. Flaws that +can easily compromise the confidentiality, integrity or availability of +resources. Exploiting or triggering this problem is not hard. [Past +example](https://curl.se/docs/CVE-2019-3822.html) + +## Critical + +Easily exploitable by a remote unauthenticated attacker and lead to system +compromise (arbitrary code execution) without requiring user interaction, with +a common configuration on a popular platform. This issue has few restrictions +and requirements and can be exploited easily using most curl configurations. +[Past example](https://curl.se/docs/CVE-2000-0973.html) + +# Not security issues + +This is an incomplete list of issues that are not considered vulnerabilities. + +## Small memory leaks + +We do not consider a small memory leak a security problem; even if the amount +of allocated memory grows by a small amount every now and then. Long-living +applications and services already need to have countermeasures and deal with +growing memory usage, be it leaks or increased use. A small memory or resource +leak is then expected to *not* cause a security problem. + +Of course there can be a discussion if a leak is small or not. A large leak +can be considered a security problem due to the DOS risk. If leaked memory +contains sensitive data it might also qualify as a security problem. + +## Never-ending transfers + +We do not consider flaws that cause a transfer to never end to be a security +problem. There are already several benign and likely reasons for transfers to +stall and never end, so applications that cannot deal with never-ending +transfers already need to have counter-measures established. + +Well known attacks, like [Slowloris](https://en.wikipedia.org/wiki/Slowloris_(cyber_attack)), that send partial +requests are usually not considered a flaw. If the problem avoids the regular counter-measures when it causes a never- +ending transfer, it might be a security problem. + +## Not practically possible + +If the flaw or vulnerability cannot practically get executed on existing +hardware it is not a security problem. + +## API misuse + +If a reported issue only triggers by an application using the API in a way +that is not documented to work or even documented to not work, it is probably +not going to be considered a security problem. We only guarantee secure and +proper functionality when the APIs are used as expected and documented. + +There can be a discussion about what the documentation actually means and how +to interpret the text, which might end up with us still agreeing that it is a +security problem. + +## Local attackers already present + +When an issue can only be attacked or misused by an attacker present on the +local system or network, the bar is raised. If a local user wrongfully has +elevated rights on your system enough to attack curl, they can probably +already do much worse harm and the problem is not really in curl. + +## Debug & Experiments + +Vulnerabilities in features which are off by default (in the build) and +documented as experimental, or exist only in debug mode, are not eligible for a +reward and we do not consider them security problems. + +The same applies to scripts and software which are not installed by default +through the make install rule. + +## URL inconsistencies + +URL parser inconsistencies between browsers and curl are expected and are not +considered security vulnerabilities. The WHATWG URL Specification and RFC +3986+ (the plus meaning that it is an extended version) [are not completely +interoperable](https://github.com/bagder/docs/blob/master/URL-interop.md). + +Obvious parser bugs can still be vulnerabilities of course. + +## Visible command line arguments + +The curl command blanks the contents of a number of command line arguments to +prevent them from appearing in process listings. It does not blank all +arguments, even though some that are not blanked might contain sensitive +data. We consider this functionality a best-effort and omissions are not +security vulnerabilities. + +- not all systems allow the arguments to be blanked in the first place +- since curl blanks the argument itself they are readable for a short moment + no matter what +- virtually every argument can contain sensitive data, depending on use +- blanking all arguments would make it impractical for users to differentiate + curl command lines in process listings + +## Busy-loops + +Busy-loops that consume 100% CPU time but eventually end (perhaps due to a set +timeout value or otherwise) are not considered security problems. Applications +are supposed to already handle situations when the transfer loop legitimately +consumes 100% CPU time, so while a prolonged such busy-loop is a nasty bug, we +do not consider it a security problem. + +## Saving files + +curl cannot protect against attacks where an attacker has write access to the +same directory where curl is directed to save files. + +## Tricking a user to run a command line + +A creative, misleading or funny looking command line is not a security +problem. The curl command line tool takes options and URLs on the command line +and if an attacker can trick the user to run a specifically crafted curl +command line, all bets are off. Such an attacker can already have the user run +a much worse command that can do something fatal (like `sudo rm -rf /`). + +## Terminal output and escape sequences + +Content that is transferred from a server and gets displayed in a terminal by +curl may contain escape sequences or use other tricks to fool the user. This +is curl working as designed and is not a curl security problem. Escape +sequences, moving cursor, changing color etc, is also frequently used for +good. To reduce the risk of getting fooled, save files and browse them after +download using a display method that minimizes risks. + +## NULL dereferences and crashes + +If a malicious server can trigger a NULL dereference in curl or otherwise +cause curl to crash (and nothing worse), chances are big that we do not +consider that a security problem. + +Malicious servers can already cause considerable harm and denial of service +like scenarios without having to trigger such code paths. For example by +stalling, being terribly slow or by delivering enormous amounts of data. +Additionally, applications are expected to handle "normal" crashes without +that being the end of the world. + +There need to be more and special circumstances to treat such problems as +security issues. + +## Legacy dependencies + +Problems that can be triggered only by the use of a *legacy dependency* are +not considered security problems. + +A *legacy dependency* is here defined as: + +- the legacy version was released over ten years ago AND + +- the legacy version is no longer in use by any existing still supported + operating system or distribution AND + +- there are modern versions of equivalent or better functionality offered and + in common use + +## weak algorithms required for functionality + +curl supports several algorithms that are considered weak, like DES and MD5. +These algorithms are still not curl security vulnerabilities or security +problems as they are only used when the users explicitly ask for their use by +using the protocols or options that require the use of those algorithms. + +When servers upgrade to use secure alternatives, curl users should use those +options/protocols. + +## CRLF in data + +curl makes barely any claims of *cleaning* input or rejecting invalid data. A +user that uses a curl feature can send in *creative* sequences that include +carriage-return (CR) or line-feed (LF) characters. + +Therefore, we reject the idea of *CRLF injection* as a security problem. It is +a *feature* that users can send creative byte sequences. If users do not want +to send such octets, they are in control and should avoid sending such bytes +to curl. + +For example, a user might pass in a username that looks like +`Mr[CR][LF]Smith`. It may cause some minor havoc in the protocol handling, +depending on what protocol is used. + +# curl major incident response + +Vulnerability disclosure manages the full life cycle of a vulnerability +affecting curl - where the **curl-security** team privately engages with +reporters coordinating on embargo and eventual release of security fixes. + +For most vulnerabilities (even critical vulnerabilities) this is the +normal _'mode'_ of incident response. + +A **major incident** is defined as something that has much larger scope and +impact on users and developers of curl. + +A major incident usually encompasses one or more of the following: +* broad and deep impact on developers, distros and users +* high visibility +* remote code execution +* exploit readily available +* critical curl infrastructure compromised +* time sensitive +* premature disclosure (e.g. embargo broken) + +A major incident is declared only when it is deemed that the normal +vulnerability disclosure process is not sufficient. + +The curl **major incident** process is as follows: + +## Major incident begins + +Only a member of the **curl-security** team can declare a **major incident** +via any or all of the following communication channels: + +* **irc**: channel #curl on the network [Libera.Chat](https://libera.chat/) +* **mailing-lists**: + * curl-announce + * curl-users + * curl-distros +* **website**: [curl.se](https://curl.se/) + +This declaration may also be transmitted via other channels, though the +above are considered official channels. + +The veracity of such a communication can be verified by consulting two +or more **curl-security** team members. + +This announcement nominates, from **curl-security** team, the following +roles: + +* **incident lead** - Coordinates technical efforts +* **communication lead** - Single point of public contact + +It is likely that our [BDFL](https://en.wikipedia.org/wiki/Benevolent_dictator_for_life) occupies +one of these roles, though this plan does not depend on it. + +A declaration may also contain more detailed information but as we honor +embargoes and vulnerability disclosure throughout this process, it may also +contain a brief notification that a **major incident** is occurring. + +## Major incident ongoing + +During the incident - all press, media, legal or commercial entities should contact +communication leader (security@curl.se). + +Existing **curl-security** team internal communication channels are used +for all internal communication. + +Existing vulnerability disclosure process are followed for any embargoes +and fixes. + +Where possible, public communication are provided: +* regular communication from communication leader (for example daily update) +* asynchronous communication from incident leader + +* Delivered to the aforementioned curl communication channels. + +A log is kept of all external and internal communication. + +Once fixes have been released we may provide a more detailed postmortem and +overall timeline of events. + +## Major incident ends + +Both the incident and communication leads declare when a **major incident** +has finished. + +Any notices are removed and a return to normal vulnerability disclosure +process. diff --git a/docs/cmdline-opts/.gitignore b/docs/cmdline-opts/.gitignore new file mode 100644 index 000000000000..8d42e2c53d51 --- /dev/null +++ b/docs/cmdline-opts/.gitignore @@ -0,0 +1,5 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +curl.txt diff --git a/docs/cmdline-opts/CMakeLists.txt b/docs/cmdline-opts/CMakeLists.txt index ae25c5c4ac07..83949969aed7 100644 --- a/docs/cmdline-opts/CMakeLists.txt +++ b/docs/cmdline-opts/CMakeLists.txt @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,16 +18,41 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -set(MANPAGE "${CURL_BINARY_DIR}/docs/curl.1") - -# Load DPAGES and OTHERPAGES from shared file -transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") +# Get SUPPORT, DPAGES variables +curl_transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") include("${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") -add_custom_command(OUTPUT "${MANPAGE}" - COMMAND "${PERL_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/gen.pl" mainpage "${CMAKE_CURRENT_SOURCE_DIR}" > "${MANPAGE}" - DEPENDS ${DPAGES} ${OTHERPAGES} +add_custom_command(OUTPUT "${CURL_MANPAGE}" "${CURL_ASCIIPAGE}" + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/managen" mainpage ${DPAGES} > "${CURL_MANPAGE}" + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/managen" ascii ${DPAGES} > "${CURL_ASCIIPAGE}" + DEPENDS "${PROJECT_SOURCE_DIR}/scripts/managen" ${DPAGES} ${SUPPORT} + "${CMAKE_CURRENT_SOURCE_DIR}/Makefile.inc" + "${CMAKE_CURRENT_SOURCE_DIR}/mainpage.idx" VERBATIM ) -add_custom_target(generate-curl.1 DEPENDS "${MANPAGE}") + +add_custom_target(generate-curl.1 ALL DEPENDS "${CURL_MANPAGE}") + +if(NOT CURL_DISABLE_INSTALL) + install(FILES "${CURL_MANPAGE}" DESTINATION "${CMAKE_INSTALL_MANDIR}/man1") +endif() + +if(PERL_EXECUTABLE) + add_custom_target(curl-listhelp + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + COMMENT "Generating src/tool_listhelp.c" VERBATIM USES_TERMINAL + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/managen" -d "${CMAKE_CURRENT_SOURCE_DIR}" listhelp ${DPAGES} + > "${PROJECT_SOURCE_DIR}/src/tool_listhelp.c" + DEPENDS "${PROJECT_SOURCE_DIR}/scripts/managen" ${DPAGES} + ) + add_custom_target(curl-listcats + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + COMMENT "Generating help category constants for src/tool_help.h" VERBATIM USES_TERMINAL + COMMAND "${PERL_EXECUTABLE}" "${PROJECT_SOURCE_DIR}/scripts/managen" listcats ${DPAGES} + DEPENDS "${PROJECT_SOURCE_DIR}/scripts/managen" ${DPAGES} + ) +endif() diff --git a/docs/cmdline-opts/MANPAGE.md b/docs/cmdline-opts/MANPAGE.md index b903bc25e09d..1e4facd954cf 100644 --- a/docs/cmdline-opts/MANPAGE.md +++ b/docs/cmdline-opts/MANPAGE.md @@ -1,58 +1,166 @@ + + # curl man page generator -This is the curl man page generator. It generates a single nroff man page +`managen` is the curl man page generator. It generates a single nroff man page output from the set of sources files in this directory. -There is one source file for each supported command line option. The output -gets `page-header` prepended and `page-footer` appended. The format is -described below. +The `mainpage.idx` file lists all files that are rendered in that order to +produce the output. The special `%options` keyword inserts all command line +options documented. + +The `%options` documentation is created with one source file for each +supported command line option. + +The documentation file format is described below. It is meant to look similar +to markdown which is why it uses `.md` file extensions. ## Option files Each command line option is described in a file named `.d`, where -option name is written without any prefixing dashes. Like the file name for -the -v, --verbose option is named `verbose.d`. +option name is written without any prefixing dashes. Like the filename for the +`-v, --verbose` option is named `verbose.d`. + +Each file has a set of meta-data in the top of the file, followed by a body of +text. + +The documentation files that do not document options have no meta-data part. -Each file has a set of meta-data and a body of text. +A line that starts with ``. ### Meta-data - Short: (single letter, without dash) - Long: (long form name, without dashes) + --- (start of meta-data) + Added: (version number in which this was added) Arg: (the argument the option takes) + c: (copyright line) + Example: + - (an example command line, without "curl" and can use `$URL`) + - (another example) + Experimental: yes (if so) + Help: (short text for the --help output for this option) + Long: (long form name, without dashes) Magic: (description of "magic" options) - Tags: (space separated list) - Protocols: (space separated list for which protocols this option works) - Added: (version number in which this was added) + Multi: single/append/boolean/mutex/custom/per-URL (if used more than once) Mutexed: (space separated list of options this overrides, no dashes) + Protocols: (space separated list for which protocols this option works) Requires: (space separated list of features this requires, no dashes) - See-also: (space separated list of related options, no dashes) - Help: (short text for the --help output for this option) + Scope: global (if the option is global) + See-also: + - (a related option, no dashes) + - (another related option, no dashes) + Short: (single letter, without dash) + SPDX-License-Identifier: curl + Tags: (space separated list) --- (end of meta-data) ### Body The body of the description. Only refer to options with their long form option -version, like `--verbose`. The output generator will replace such with the +version, like `--verbose`. The output generator replaces such option with the correct markup that shows both short and long version. -Text written within `*asterisks*` will get shown using italics. Text within -two `**asterisks**` will get shown using bold. +Text written within `*asterisks*` is shown using italics. Text within two +`**asterisks**` is shown using bold. + +Text that is prefixed with a space is treated like an "example" and gets +output in monospace. + +Within the body, describe a list of items like this: + + ## item 1 + description + + ## item 2 + second description -## Header and footer +The list is automatically terminated at end of file, or you can do it +explicitly with an empty "header": -`page-header` is the file that will be output before the generated options -output for the master man page. + ## -`page-footer` is appended after all the individual options. +Angle brackets (`<>`) need to be escaped when used in text like `\<` and +`\>`. This, to ensure that the text renders nicely as markdown. + +### Headers + +The `#` header can be used by non-option files and it produces a +`.SH` output. + +If the `#` header is used for a command line option file, that header is +ignored in the generated output. It can still serve a purpose in the +source file as it helps the user identify what option the file is for. + +### Variables + +There are three different "variables" that can be used when creating the +output. They need to be written within backticks in the source file (to escape +getting spellchecked by CI jobs): `%DATE`, `%VERSION` and `%GLOBALS`. + +During rendering, the generator expands them as follows: + +- `%VERSION` -- replaced with the curl version string read from + `include/curl/curlver.h` (e.g. `8.12.0`). Can be overridden by setting + the `CURL_MAKETGZ_VERSION` environment variable. +- `%DATE` -- replaced with the current date in `YYYY-MM-DD` format, or + the date derived from `SOURCE_DATE_EPOCH` if that environment variable + is set (for reproducible builds). +- `%GLOBALS` -- replaced with a comma-separated list of all command line + options that have `Scope: global` in their meta-data. ## Generate -`./gen.pl mainpage` +`managen mainpage [list of markdown option file names]` This command outputs a single huge nroff file, meant to become `curl.1`. The full curl man page. -`./gen.pl listhelp` +`managen ascii [list of markdown option file names]` + +This command outputs a single text file, meant to become `curl.txt`. The full +curl man page in text format, used to build `tool_hugehelp.c`. + +`managen listhelp` Generates a full `curl --help` output for all known command line options. + +## Generating the man page + +The `curl.1` man page is generated from the source files in this directory +using the `managen` Perl script located in `scripts/managen`. The build +system runs this automatically, but it can also be invoked manually. + +### Prerequisites + +The generator requires Perl. The version string is read from +`include/curl/curlver.h` (or from the `CURL_MAKETGZ_VERSION` environment +variable if set). The date defaults to the current date unless +`SOURCE_DATE_EPOCH` is set. + +### Manual invocation + +From the `docs/cmdline-opts` directory, run: + + cd docs/cmdline-opts + perl ../../scripts/managen -I ../../include mainpage ./*.md > curl.1 + +This produces the complete `curl.1` nroff man page. To produce a plain-text +version instead, replace `mainpage` with `ascii`: + + perl ../../scripts/managen -I ../../include ascii ./*.md > curl.txt + +The `-d` flag specifies the directory containing `mainpage.idx` and the +`.md` option files. The `-I` flag specifies the include directory root +used to locate `curl/curlver.h` for the version string. + +### How it works + +The generator reads `mainpage.idx`, which lists the documentation source +files in their intended order. Each line names one `.md` file to render. +When the generator encounters the `%options` keyword in `mainpage.idx`, +it inserts the documentation for every command line option (one `.md` file +per option), sorted alphabetically by long option name. diff --git a/docs/cmdline-opts/Makefile.am b/docs/cmdline-opts/Makefile.am index f416d553e3d3..019dd57b8a56 100644 --- a/docs/cmdline-opts/Makefile.am +++ b/docs/cmdline-opts/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,18 +18,47 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### AUTOMAKE_OPTIONS = foreign no-dependencies -MANPAGE = $(top_builddir)/docs/curl.1 +MANPAGE = curl.1 +ASCIIPAGE = curl.txt +# Get SUPPORT, DPAGES variables include Makefile.inc -EXTRA_DIST = $(DPAGES) MANPAGE.md gen.pl $(OTHERPAGES) CMakeLists.txt +EXTRA_DIST = $(DPAGES) MANPAGE.md $(SUPPORT) CMakeLists.txt mainpage.idx + +GEN = $(GN_$(V)) +GN_0 = @echo " GENERATE" $@; +GN_1 = +GN_ = $(GN_0) + +MANAGEN=$(top_srcdir)/scripts/managen +MAXLINE=$(top_srcdir)/scripts/maxline + +# Maximum number of columns accepted in the ASCII version of the man page +INCDIR=$(top_srcdir)/include + +if BUILD_DOCS +CLEANFILES = $(MANPAGE) $(ASCIIPAGE) +man_MANS = $(MANPAGE) + +all: $(MANPAGE) $(ASCIIPAGE) + +endif + +$(MANPAGE): $(DPAGES) $(SUPPORT) mainpage.idx Makefile.inc $(MANAGEN) + $(GEN)(rm -f $(MANPAGE) && @PERL@ $(MANAGEN) -d $(srcdir) -I $(INCDIR) mainpage $(DPAGES) > manpage.tmp.$$$$ && mv manpage.tmp.$$$$ $(MANPAGE)) + +$(ASCIIPAGE): $(DPAGES) $(SUPPORT) mainpage.idx Makefile.inc $(MANAGEN) + $(GEN)(rm -f $(ASCIIPAGE) && @PERL@ $(MANAGEN) -d $(srcdir) -I $(INCDIR) ascii $(DPAGES) > asciipage.tmp.$$$$ && mv asciipage.tmp.$$$$ $(ASCIIPAGE)) -all: $(MANPAGE) +listhelp: + $(MANAGEN) -d $(srcdir) listhelp $(DPAGES) > $(top_builddir)/src/tool_listhelp.c -$(MANPAGE): $(DPAGES) $(OTHERPAGES) Makefile.inc - @echo "generate $(MANPAGE)" - @(cd $(srcdir) && @PERL@ ./gen.pl mainpage $(DPAGES)) > $(MANPAGE) +listcats: + @$(MANAGEN) listcats $(DPAGES) diff --git a/docs/cmdline-opts/Makefile.inc b/docs/cmdline-opts/Makefile.inc index 6e04552e96c0..f7236af1b127 100644 --- a/docs/cmdline-opts/Makefile.inc +++ b/docs/cmdline-opts/Makefile.inc @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,251 +18,303 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -# Shared between Makefile.am and CMakeLists.txt +# Shared between CMakeLists.txt and Makefile.am -DPAGES = \ - abstract-unix-socket.d \ - alt-svc.d \ - anyauth.d \ - append.d \ - aws-sigv4.d \ - basic.d \ - cacert.d \ - capath.d \ - cert-status.d \ - cert-type.d \ - cert.d \ - ciphers.d \ - compressed-ssh.d \ - compressed.d \ - config.d \ - connect-timeout.d \ - connect-to.d \ - continue-at.d \ - cookie-jar.d \ - cookie.d \ - create-dirs.d \ - create-file-mode.d \ - crlf.d \ - crlfile.d \ - curves.d \ - data-ascii.d \ - data-binary.d \ - data-raw.d \ - data-urlencode.d \ - data.d \ - delegation.d \ - digest.d \ - disable-eprt.d \ - disable-epsv.d \ - disable.d \ - disallow-username-in-url.d \ - dns-interface.d \ - dns-ipv4-addr.d \ - dns-ipv6-addr.d \ - dns-servers.d \ - doh-cert-status.d \ - doh-insecure.d \ - doh-url.d \ - dump-header.d \ - egd-file.d \ - engine.d \ - etag-compare.d \ - etag-save.d \ - expect100-timeout.d \ - fail-early.d \ - fail-with-body.d \ - fail.d \ - false-start.d \ - form-string.d \ - form.d \ - ftp-account.d \ - ftp-alternative-to-user.d \ - ftp-create-dirs.d \ - ftp-method.d \ - ftp-pasv.d \ - ftp-port.d \ - ftp-pret.d \ - ftp-skip-pasv-ip.d \ - ftp-ssl-ccc-mode.d \ - ftp-ssl-ccc.d \ - ftp-ssl-control.d \ - get.d \ - globoff.d \ - happy-eyeballs-timeout-ms.d \ - haproxy-protocol.d \ - head.d \ - header.d \ - help.d \ - hostpubmd5.d \ - hsts.d \ - http0.9.d \ - http1.0.d \ - http1.1.d \ - http2-prior-knowledge.d \ - http2.d \ - http3.d \ - ignore-content-length.d \ - include.d \ - insecure.d \ - interface.d \ - ipv4.d \ - ipv6.d \ - junk-session-cookies.d \ - keepalive-time.d \ - key-type.d \ - key.d \ - krb.d \ - libcurl.d \ - limit-rate.d \ - list-only.d \ - local-port.d \ - location-trusted.d \ - location.d \ - login-options.d \ - mail-auth.d \ - mail-from.d \ - mail-rcpt-allowfails.d \ - mail-rcpt.d \ - manual.d \ - max-filesize.d \ - max-redirs.d \ - max-time.d \ - metalink.d \ - negotiate.d \ - netrc-file.d \ - netrc-optional.d \ - netrc.d \ - next.d \ - no-alpn.d \ - no-buffer.d \ - no-keepalive.d \ - no-npn.d \ - no-progress-meter.d \ - no-sessionid.d \ - noproxy.d \ - ntlm-wb.d \ - ntlm.d \ - oauth2-bearer.d \ - output-dir.d \ - output.d \ - parallel-immediate.d \ - parallel-max.d \ - parallel.d \ - pass.d \ - path-as-is.d \ - pinnedpubkey.d \ - post301.d \ - post302.d \ - post303.d \ - preproxy.d \ - progress-bar.d \ - proto-default.d \ - proto-redir.d \ - proto.d \ - proxy-anyauth.d \ - proxy-basic.d \ - proxy-cacert.d \ - proxy-capath.d \ - proxy-cert-type.d \ - proxy-cert.d \ - proxy-ciphers.d \ - proxy-crlfile.d \ - proxy-digest.d \ - proxy-header.d \ - proxy-insecure.d \ - proxy-key-type.d \ - proxy-key.d \ - proxy-negotiate.d \ - proxy-ntlm.d \ - proxy-pass.d \ - proxy-pinnedpubkey.d \ - proxy-service-name.d \ - proxy-ssl-allow-beast.d \ - proxy-ssl-auto-client-cert.d \ - proxy-tls13-ciphers.d \ - proxy-tlsauthtype.d \ - proxy-tlspassword.d \ - proxy-tlsuser.d \ - proxy-tlsv1.d \ - proxy-user.d \ - proxy.d \ - proxy1.0.d \ - proxytunnel.d \ - pubkey.d \ - quote.d \ - random-file.d \ - range.d \ - raw.d \ - referer.d \ - remote-header-name.d \ - remote-name-all.d \ - remote-name.d \ - remote-time.d \ - request-target.d \ - request.d \ - resolve.d \ - retry-all-errors.d \ - retry-connrefused.d \ - retry-delay.d \ - retry-max-time.d \ - retry.d \ - sasl-authzid.d \ - sasl-ir.d \ - service-name.d \ - show-error.d \ - silent.d \ - socks4.d \ - socks4a.d \ - socks5-basic.d \ - socks5-gssapi-nec.d \ - socks5-gssapi-service.d \ - socks5-gssapi.d \ - socks5-hostname.d \ - socks5.d \ - speed-limit.d \ - speed-time.d \ - ssl-allow-beast.d \ - ssl-auto-client-cert.d \ - ssl-no-revoke.d \ - ssl-reqd.d \ - ssl-revoke-best-effort.d \ - ssl.d \ - sslv2.d \ - sslv3.d \ - stderr.d \ - styled-output.d \ - suppress-connect-headers.d \ - tcp-fastopen.d \ - tcp-nodelay.d \ - telnet-option.d \ - tftp-blksize.d \ - tftp-no-options.d \ - time-cond.d \ - tls-max.d \ - tls13-ciphers.d \ - tlsauthtype.d \ - tlspassword.d \ - tlsuser.d \ - tlsv1.0.d \ - tlsv1.1.d \ - tlsv1.2.d \ - tlsv1.3.d \ - tlsv1.d \ - tr-encoding.d \ - trace-ascii.d \ - trace-time.d \ - trace.d \ - unix-socket.d \ - upload-file.d \ - url.d \ - use-ascii.d \ - user-agent.d \ - user.d \ - verbose.d \ - version.d \ - write-out.d \ - xattr.d +SUPPORT = \ + _AUTHORS.md \ + _BUGS.md \ + _DESCRIPTION.md \ + _ENVIRONMENT.md \ + _EXITCODES.md \ + _FILES.md \ + _GLOBBING.md \ + _NAME.md \ + _OPTIONS.md \ + _OUTPUT.md \ + _PROGRESS.md \ + _PROTOCOLS.md \ + _PROXYPREFIX.md \ + _SEEALSO.md \ + _SYNOPSIS.md \ + _URL.md \ + _VARIABLES.md \ + _VERSION.md \ + _WWW.md -OTHERPAGES = page-footer page-header +DPAGES = \ + abstract-unix-socket.md \ + alt-svc.md \ + anyauth.md \ + append.md \ + aws-sigv4.md \ + basic.md \ + ca-native.md \ + cacert.md \ + capath.md \ + cert-status.md \ + cert-type.md \ + cert.md \ + ciphers.md \ + compressed-ssh.md \ + compressed.md \ + config.md \ + connect-timeout.md \ + connect-to.md \ + continue-at.md \ + cookie-jar.md \ + cookie.md \ + create-dirs.md \ + create-file-mode.md \ + crlf.md \ + crlfile.md \ + curves.md \ + data-ascii.md \ + data-binary.md \ + data-raw.md \ + data-urlencode.md \ + data.md \ + delegation.md \ + digest.md \ + disable-eprt.md \ + disable-epsv.md \ + disable.md \ + disallow-username-in-url.md \ + dns-interface.md \ + dns-ipv4-addr.md \ + dns-ipv6-addr.md \ + dns-servers.md \ + doh-cert-status.md \ + doh-insecure.md \ + doh-url.md \ + dump-ca-embed.md \ + dump-header.md \ + ech.md \ + egd-file.md \ + engine.md \ + etag-compare.md \ + etag-save.md \ + expect100-timeout.md \ + fail-early.md \ + fail-with-body.md \ + fail.md \ + false-start.md \ + follow.md \ + form-escape.md \ + form-string.md \ + form.md \ + ftp-account.md \ + ftp-alternative-to-user.md \ + ftp-create-dirs.md \ + ftp-method.md \ + ftp-pasv.md \ + ftp-port.md \ + ftp-pret.md \ + ftp-skip-pasv-ip.md \ + ftp-ssl-ccc-mode.md \ + ftp-ssl-ccc.md \ + ftp-ssl-control.md \ + get.md \ + globoff.md \ + happy-eyeballs-timeout-ms.md \ + haproxy-protocol.md \ + haproxy-clientip.md \ + head.md \ + header.md \ + help.md \ + hostpubmd5.md \ + hostpubsha256.md \ + hsts.md \ + http0.9.md \ + http1.0.md \ + http1.1.md \ + http2-prior-knowledge.md \ + http2.md \ + http3.md \ + http3-only.md \ + ignore-content-length.md \ + insecure.md \ + interface.md \ + ip-tos.md \ + ipfs-gateway.md \ + ipv4.md \ + ipv6.md \ + json.md \ + junk-session-cookies.md \ + keepalive-cnt.md \ + keepalive-time.md \ + key-type.md \ + key.md \ + knownhosts.md \ + krb.md \ + libcurl.md \ + limit-rate.md \ + list-only.md \ + local-port.md \ + location-trusted.md \ + location.md \ + login-options.md \ + mail-auth.md \ + mail-from.md \ + mail-rcpt-allowfails.md \ + mail-rcpt.md \ + manual.md \ + max-filesize.md \ + max-redirs.md \ + max-time.md \ + metalink.md \ + mptcp.md \ + negotiate.md \ + netrc-file.md \ + netrc-optional.md \ + netrc.md \ + next.md \ + no-alpn.md \ + no-buffer.md \ + no-clobber.md \ + no-keepalive.md \ + no-npn.md \ + no-progress-meter.md \ + no-sessionid.md \ + noproxy.md \ + ntlm-wb.md \ + ntlm.md \ + oauth2-bearer.md \ + output-dir.md \ + out-null.md \ + output.md \ + parallel-immediate.md \ + parallel-max-host.md \ + parallel-max.md \ + parallel.md \ + pass.md \ + path-as-is.md \ + pinnedpubkey.md \ + post301.md \ + post302.md \ + post303.md \ + preproxy.md \ + progress-bar.md \ + proto-default.md \ + proto-redir.md \ + proto.md \ + proxy-anyauth.md \ + proxy-basic.md \ + proxy-ca-native.md \ + proxy-cacert.md \ + proxy-capath.md \ + proxy-cert-type.md \ + proxy-cert.md \ + proxy-ciphers.md \ + proxy-crlfile.md \ + proxy-digest.md \ + proxy-header.md \ + proxy-http2.md \ + proxy-insecure.md \ + proxy-key-type.md \ + proxy-key.md \ + proxy-negotiate.md \ + proxy-ntlm.md \ + proxy-pass.md \ + proxy-pinnedpubkey.md \ + proxy-service-name.md \ + proxy-ssl-allow-beast.md \ + proxy-ssl-auto-client-cert.md \ + proxy-tls13-ciphers.md \ + proxy-tlsauthtype.md \ + proxy-tlspassword.md \ + proxy-tlsuser.md \ + proxy-tlsv1.md \ + proxy-user.md \ + proxy.md \ + proxy1.0.md \ + proxytunnel.md \ + pubkey.md \ + quote.md \ + random-file.md \ + range.md \ + rate.md \ + raw.md \ + referer.md \ + remote-header-name.md \ + remote-name-all.md \ + remote-name.md \ + remote-time.md \ + remove-on-error.md \ + request-target.md \ + request.md \ + resolve.md \ + retry-all-errors.md \ + retry-connrefused.md \ + retry-delay.md \ + retry-max-time.md \ + retry.md \ + sasl-authzid.md \ + sasl-ir.md \ + service-name.md \ + show-error.md \ + show-headers.md \ + silent.md \ + sigalgs.md \ + skip-existing.md \ + socks4.md \ + socks4a.md \ + socks5-basic.md \ + socks5-gssapi-nec.md \ + socks5-gssapi-service.md \ + socks5-gssapi.md \ + socks5-hostname.md \ + socks5.md \ + speed-limit.md \ + speed-time.md \ + ssl-allow-beast.md \ + ssl-auto-client-cert.md \ + ssl-no-revoke.md \ + ssl-reqd.md \ + ssl-revoke-best-effort.md \ + ssl-sessions.md \ + ssl.md \ + sslv2.md \ + sslv3.md \ + stderr.md \ + styled-output.md \ + suppress-connect-headers.md \ + tcp-fastopen.md \ + tcp-nodelay.md \ + telnet-option.md \ + tftp-blksize.md \ + tftp-no-options.md \ + time-cond.md \ + tls-earlydata.md \ + tls-max.md \ + tls13-ciphers.md \ + tlsauthtype.md \ + tlspassword.md \ + tlsuser.md \ + tlsv1.0.md \ + tlsv1.1.md \ + tlsv1.2.md \ + tlsv1.3.md \ + tlsv1.md \ + tr-encoding.md \ + trace-ascii.md \ + trace-config.md \ + trace-ids.md \ + trace-time.md \ + trace.md \ + unix-socket.md \ + upload-file.md \ + upload-flags.md \ + url.md \ + url-query.md \ + use-ascii.md \ + user-agent.md \ + user.md \ + variable.md \ + verbose.md \ + version.md \ + vlan-priority.md \ + write-out.md \ + xattr.md diff --git a/docs/cmdline-opts/_AUTHORS.md b/docs/cmdline-opts/_AUTHORS.md new file mode 100644 index 000000000000..0c9bfb953888 --- /dev/null +++ b/docs/cmdline-opts/_AUTHORS.md @@ -0,0 +1,5 @@ + + +# AUTHORS +Daniel Stenberg is the main author, but the whole list of contributors is +found in the separate THANKS file. diff --git a/docs/cmdline-opts/_BUGS.md b/docs/cmdline-opts/_BUGS.md new file mode 100644 index 000000000000..45630d4352e9 --- /dev/null +++ b/docs/cmdline-opts/_BUGS.md @@ -0,0 +1,5 @@ + + +# BUGS +If you experience any problems with curl, submit an issue in the project's bug +tracker on GitHub: https://github.com/curl/curl/issues diff --git a/docs/cmdline-opts/_DESCRIPTION.md b/docs/cmdline-opts/_DESCRIPTION.md new file mode 100644 index 000000000000..bb21f0ba325a --- /dev/null +++ b/docs/cmdline-opts/_DESCRIPTION.md @@ -0,0 +1,11 @@ + + +# DESCRIPTION + +**curl** is a tool for transferring data from or to a server using URLs. It +supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, +IMAP, IMAPS, LDAP, LDAPS, MQTT, MQTTS, POP3, POP3S, RTSP, SCP, SFTP, SMB, +SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. + +curl is powered by libcurl for all transfer-related features. See +*libcurl(3)* for details. diff --git a/docs/cmdline-opts/_ENVIRONMENT.md b/docs/cmdline-opts/_ENVIRONMENT.md new file mode 100644 index 000000000000..1ac85fb12841 --- /dev/null +++ b/docs/cmdline-opts/_ENVIRONMENT.md @@ -0,0 +1,119 @@ + + +# ENVIRONMENT +The environment variables can be specified in lower case or upper case. The +lower case version has precedence. `http_proxy` is an exception as it is only +available in lower case. + +Using an environment variable to set the proxy has the same effect as using +the --proxy option. + +## `http_proxy [protocol://][:port]` +Sets the proxy server to use for HTTP. + +## `HTTPS_PROXY [protocol://][:port]` +Sets the proxy server to use for HTTPS. + +## `[url-protocol]_PROXY [protocol://][:port]` +Sets the proxy server to use for [url-protocol], where the protocol is a +protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP, +SMTP, LDAP, etc. + +## `ALL_PROXY [protocol://][:port]` +Sets the proxy server to use if no protocol-specific proxy is set. + +## `NO_PROXY ` +list of hostnames that should not go through any proxy. If set to an asterisk +'*' only, it matches all hosts. Each name in this list is matched as either a +domain name which contains the hostname, or the hostname itself. + +This environment variable disables use of the proxy even when specified with +the --proxy option. That is + + NO_PROXY=direct.example.com curl -x http://proxy.example.com + https://direct.example.com + +accesses the target URL directly, and + + NO_PROXY=direct.example.com curl -x http://proxy.example.com + https://somewhere.example.com + +accesses the target URL through the proxy. + +The list of hostnames can also include numerical IP addresses, and IPv6 +versions should then be given without enclosing brackets. + +IP addresses can be specified using CIDR notation: an appended slash and +number specifies the number of "network bits" out of the address to use in the +comparison (added in 7.86.0). For example "192.168.0.0/16" would match all +addresses starting with "192.168". + +## `APPDATA ` +On Windows, this variable is used when trying to find the home directory. If +the primary home variables are all unset. + +## `COLUMNS ` +If set, the specified number of characters is used as the terminal width when +the alternative progress-bar is shown. If not set, curl tries to figure it out +using other ways. + +## `CURL_CA_BUNDLE ` +If set, it is used as the --cacert value. This environment variable is ignored +if Schannel is used as the TLS backend. + +## `CURL_HOME ` +If set, is the first variable curl checks when trying to find its home +directory. If not set, it continues to check *XDG_CONFIG_HOME* + +## `CURL_SSL_BACKEND ` +If curl was built with support for "MultiSSL", meaning that it has built-in +support for more than one TLS backend, this environment variable can be set to +the case insensitive name of the particular backend to use when curl is +invoked. Setting a name that is not a built-in alternative makes curl stay +with the default. + +SSL backend names (case-insensitive): **gnutls**, **mbedtls**, **openssl**, +**rustls**, **schannel**, **wolfssl** + +## `HOME ` +If set, this is used to find the home directory when that is needed. Like when +looking for the default .curlrc. *CURL_HOME* and *XDG_CONFIG_HOME* +have preference. + +## `NETRC ` +If set, this is used to find the `.netrc` file. It overrides all other netrc +file location mechanisms and should be set to the full file path. +(Added in curl 8.16.0) + +## `QLOGDIR ` +If curl was built with HTTP/3 support, setting this environment variable to a +local directory makes curl produce **qlogs** in that directory, using file +names named after the destination connection id (in hex). Do note that these +files can become rather large. Works with the ngtcp2 and quiche QUIC backends. + +## `SHELL` +Used on VMS when trying to detect if using a **DCL** or a **Unix** shell. + +## `SSL_CERT_DIR ` +If set, it is used as the --capath value. This environment variable is ignored +if Schannel is used as the TLS backend. + +## `SSL_CERT_FILE ` +If set, it is used as the --cacert value. This environment variable is ignored +if Schannel is used as the TLS backend. + +## `SSLKEYLOGFILE ` +If you set this environment variable to a filename, curl stores TLS secrets +from its connections in that file when invoked to enable you to analyze the +TLS traffic in real time using network analyzing tools such as Wireshark. This +works with the following TLS backends: OpenSSL, LibreSSL (TLS 1.2 max), +BoringSSL, GnuTLS, wolfSSL and Rustls. + +## `USERPROFILE ` +On Windows, this variable is used when trying to find the home directory. If +the other, primary, variables are all unset. If set, curl uses the path +**"$USERPROFILE\Application Data"**. + +## `XDG_CONFIG_HOME ` +If *CURL_HOME* is not set, this variable is checked when looking for a +default .curlrc file. diff --git a/docs/cmdline-opts/_EXITCODES.md b/docs/cmdline-opts/_EXITCODES.md new file mode 100644 index 000000000000..333e198d7c72 --- /dev/null +++ b/docs/cmdline-opts/_EXITCODES.md @@ -0,0 +1,203 @@ + + +# EXIT CODES +There are a bunch of different error codes and their corresponding error +messages that may appear under error conditions. At the time of this writing, +the exit codes are: +## 0 +Success. The operation completed successfully according to the instructions. +## 1 +Unsupported protocol. This build of curl has no support for this protocol. +## 2 +Failed to initialize. +## 3 +URL malformed. The syntax was not correct. +## 4 +A feature or option that was needed to perform the desired request was not +enabled or was explicitly disabled at build-time. To make curl able to do +this, you probably need another build of libcurl. +## 5 +Could not resolve proxy. The given proxy host could not be resolved. +## 6 +Could not resolve host. The given remote host could not be resolved. +## 7 +Failed to connect to host. +## 8 +Weird server reply. The server sent data curl could not parse. +## 9 +FTP access denied. The server denied login or denied access to the particular +resource or directory you wanted to reach. Most often you tried to change to a +directory that does not exist on the server. +## 10 +FTP accept failed. While waiting for the server to connect back when an active +FTP session is used, an error code was sent over the control connection or +similar. +## 11 +FTP weird PASS reply. curl could not parse the reply sent to the PASS request. +## 12 +During an active FTP session while waiting for the server to connect back to +curl, the timeout expired. +## 13 +FTP weird PASV reply, curl could not parse the reply sent to the PASV request. +## 14 +FTP weird 227 format. curl could not parse the 227-line the server sent. +## 15 +FTP cannot use host. Could not resolve the host IP we got in the 227-line. +## 16 +HTTP/2 error. A problem was detected in the HTTP2 framing layer. This is +somewhat generic and can be one out of several problems, see the error message +for details. +## 17 +FTP could not set binary. Could not change transfer method to binary. +## 18 +Partial file. Only a part of the file was transferred. +## 19 +FTP could not download/access the given file, the RETR (or similar) command +failed. +## 21 +FTP quote error. A quote command returned error from the server. +## 22 +HTTP page not retrieved. The requested URL was not found or returned another +error with the HTTP error code being 400 or above. This return code only +appears if --fail is used. +## 23 +Write error. curl could not write data to a local file system or similar. +## 25 +Failed starting the upload. For FTP, the server typically denied the STOR +command. +## 26 +Read error. Various reading problems. +## 27 +Out of memory. A memory allocation request failed. +## 28 +Operation timeout. The specified time-out period was reached according to the +conditions. +## 30 +FTP PORT failed. The PORT command failed. Not all FTP servers support the PORT +command, try doing a transfer using PASV instead. +## 31 +FTP could not use REST. The REST command failed. This command is used for +resumed FTP transfers. +## 33 +HTTP range error. The range "command" did not work. +## 34 +HTTP post error. Internal post-request generation error. +## 35 +SSL connect error. The SSL handshaking failed. +## 36 +Bad download resume. Could not continue an earlier aborted download. +## 37 +FILE could not read file. Failed to open the file. Permissions? +## 38 +LDAP cannot bind. LDAP bind operation failed. +## 39 +LDAP search failed. +## 41 +Function not found. A required LDAP function was not found. +## 42 +Aborted by callback. An application told curl to abort the operation. +## 43 +Internal error. A function was called with a bad parameter. +## 45 +Interface error. A specified outgoing interface could not be used. +## 47 +Too many redirects. When following redirects, curl hit the maximum amount. +## 48 +Unknown option specified to libcurl. This indicates that you passed a weird +option to curl that was passed on to libcurl and rejected. Read up in the +manual. +## 49 +Malformed telnet option. +## 52 +The server did not reply anything, which here is considered an error. +## 53 +SSL crypto engine not found. +## 54 +Cannot set SSL crypto engine as default. +## 55 +Failed sending network data. +## 56 +Failure in receiving network data. +## 58 +Problem with the local certificate. +## 59 +Could not use specified SSL cipher. +## 60 +Peer certificate cannot be authenticated with known CA certificates. +## 61 +Unrecognized transfer encoding. +## 63 +Maximum file size exceeded. +## 64 +Requested FTP SSL level failed. +## 65 +Sending the data requires a rewind that failed. +## 66 +Failed to initialize SSL Engine. +## 67 +The username, password, or similar was not accepted and curl failed to log in. +## 68 +File not found on TFTP server. +## 69 +Permission problem on TFTP server. +## 70 +Out of disk space on TFTP server. +## 71 +Illegal TFTP operation. +## 72 +Unknown TFTP transfer ID. +## 73 +File already exists (TFTP). +## 74 +No such user (TFTP). +## 77 +Problem reading the SSL CA cert (path? access rights?). +## 78 +The resource referenced in the URL does not exist. +## 79 +An unspecified error occurred during the SSH session. +## 80 +Failed to shut down the SSL connection. +## 82 +Could not load CRL file, missing or wrong format (added in 7.19.0). +## 83 +Issuer check failed (added in 7.19.0). +## 84 +The FTP PRET command failed. +## 85 +Mismatch of RTSP CSeq numbers. +## 86 +Mismatch of RTSP Session Identifiers. +## 87 +Unable to parse FTP file list. +## 88 +FTP chunk callback reported error. +## 89 +No connection available, the session is queued. +## 90 +SSL public key does not match pinned public key. +## 91 +Invalid SSL certificate status. +## 92 +Stream error in HTTP/2 framing layer. +## 93 +An API function was called from inside a callback. +## 94 +An authentication function returned an error. +## 95 +A problem was detected in the HTTP/3 layer. This is somewhat generic and can +be one out of several problems, see the error message for details. +## 96 +QUIC connection error. This error may be caused by an SSL library error. QUIC +is the protocol used for HTTP/3 transfers. +## 97 +Proxy handshake error. +## 98 +A client-side certificate is required to complete the TLS handshake. +## 99 +Poll or select returned fatal error. +## 100 +A value or data field grew larger than allowed. +## XX +More error codes might appear here in future releases. The existing ones are +meant to never change. diff --git a/docs/cmdline-opts/_FILES.md b/docs/cmdline-opts/_FILES.md new file mode 100644 index 000000000000..8c5d3faa7bd2 --- /dev/null +++ b/docs/cmdline-opts/_FILES.md @@ -0,0 +1,6 @@ + + +# FILES +*~/.curlrc* + +Default config file, see --config for details. diff --git a/docs/cmdline-opts/_GLOBBING.md b/docs/cmdline-opts/_GLOBBING.md new file mode 100644 index 000000000000..37c8d430693d --- /dev/null +++ b/docs/cmdline-opts/_GLOBBING.md @@ -0,0 +1,42 @@ + + +# GLOBBING +You can specify multiple URLs or parts of URLs by writing lists within braces +or ranges within brackets. We call this "globbing". + +Provide a list with three different names like this: + + https://fun.example/{one,two,three}.jpg + + sftp://{one,two,three}.example/README + +Do sequences of alphanumeric series by using [] as in: + + ftp://ftp.example.com/file[1-100].txt + +With leading zeroes: + + ftp://ftp.example.com/file[001-100].txt + +With letters through the alphabet: + + ftp://ftp.example.com/file[a-z].txt + +Nested sequences are not supported, but you can use several ones next to each +other: + + https://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html + +You can specify a step counter for the ranges to get every Nth number or +letter: + + https://example.com/file[1-100:10].txt + + https://example.com/file[a-z:2].txt + +When using [] or {} sequences when invoked from a command line prompt, you +probably have to put the full URL within double quotes to avoid the shell from +interfering with it. This also goes for other characters treated special, like +for example '&', '?' and '*'. + +Switch off globbing with --globoff. diff --git a/docs/cmdline-opts/_NAME.md b/docs/cmdline-opts/_NAME.md new file mode 100644 index 000000000000..b0d89161441b --- /dev/null +++ b/docs/cmdline-opts/_NAME.md @@ -0,0 +1,4 @@ + + +# NAME +curl - transfer a URL diff --git a/docs/cmdline-opts/_OPTIONS.md b/docs/cmdline-opts/_OPTIONS.md new file mode 100644 index 000000000000..9155d857ec39 --- /dev/null +++ b/docs/cmdline-opts/_OPTIONS.md @@ -0,0 +1,39 @@ + + +# OPTIONS + +Options start with one or two dashes. Many of the options require an +additional value next to them. If provided text does not start with a dash, it +is presumed to be and treated as a URL. + +The short "single-dash" form of the options, -d for example, may be used with +or without a space between it and its value, although a space is a recommended +separator. The long double-dash form, --data for example, requires a space +between it and its value. + +Short version options that do not need any additional values can be used +immediately next to each other, like for example you can specify all the +options *-O*, *-L* and *-v* at once as *-OLv*. + +In general, all boolean options are enabled with --**option** and yet again +disabled with --**no-**option. That is, you use the same option name but +prefix it with `no-`. In this list we mostly show the --**option** version of +them. + +When --next is used, it resets the parser state and you start again with a +clean option state, except for the options that are global. Global options +retain their values and meaning even after --next. + +If the long option name ends with an equals sign (`=`), the argument is the +text following on its right side. (Added in 8.16.0) + +The first argument that is exactly two dashes (`--`), marks the end of +options; any argument after the end of options is interpreted as a URL +argument even if it starts with a dash. + +curl does little to no verification of the contents of command line arguments. +Passing in "creative octets" like newlines might trigger unexpected results. + +The following options are global: `%GLOBALS`. + +# ALL OPTIONS diff --git a/docs/cmdline-opts/_OUTPUT.md b/docs/cmdline-opts/_OUTPUT.md new file mode 100644 index 000000000000..32a5457afc49 --- /dev/null +++ b/docs/cmdline-opts/_OUTPUT.md @@ -0,0 +1,11 @@ + + +# OUTPUT +If not told otherwise, curl writes the received data to stdout. It can be +instructed to instead save that data into a local file, using the --output or +--remote-name options. If curl is given multiple URLs to transfer on the +command line, it similarly needs multiple options for where to save them. + +curl does not parse or otherwise "understand" the content it gets or writes as +output. It does no encoding or decoding, unless explicitly asked to with +dedicated command line options. diff --git a/docs/cmdline-opts/_PROGRESS.md b/docs/cmdline-opts/_PROGRESS.md new file mode 100644 index 000000000000..a506d041dca0 --- /dev/null +++ b/docs/cmdline-opts/_PROGRESS.md @@ -0,0 +1,26 @@ + + +# PROGRESS METER + +curl normally displays a progress meter during operations, indicating the +amount of transferred data, transfer speeds and estimated time left, etc. The +progress meter displays the transfer rate in bytes per second. The used +suffixes (`k` for kilo, `M` for mega, `G` for giga, `T` for tera, `P` for peta +and `E` for exa) are 1024 based. For example 1k is 1024 bytes. 1M is 1048576 +bytes. Strictly speaking this makes the units kibibyte and mebibyte etc. + +curl displays this data to the terminal by default, so if you invoke curl to +do an operation and it is about to write data to the terminal, it *disables* +the progress meter as otherwise it would mess up the output mixing progress +meter and response data. + +If you want a progress meter for HTTP POST or PUT requests, you need to +redirect the response output to a file, using shell redirect (\>), --output or +similar. + +This does not apply to FTP upload as that operation does not spit out any +response data to the terminal. + +If you prefer a progress bar instead of the regular meter, --progress-bar is +your friend. You can also disable the progress meter completely with the +--silent option. diff --git a/docs/cmdline-opts/_PROTOCOLS.md b/docs/cmdline-opts/_PROTOCOLS.md new file mode 100644 index 000000000000..831b944d24b7 --- /dev/null +++ b/docs/cmdline-opts/_PROTOCOLS.md @@ -0,0 +1,50 @@ + + +# PROTOCOLS +curl supports numerous protocols, or put in URL terms: schemes. Your +particular build may not support them all. +## DICT +Lets you lookup words using online dictionaries. +## FILE +Read or write local files. curl does not support accessing file:// URL +remotely, but when running on Microsoft Windows using the native UNC approach +works. Only absolute paths. +## FTP(S) +curl supports the File Transfer Protocol with a lot of tweaks and levers. With +or without using TLS. +## GOPHER(S) +Retrieve files. +## HTTP(S) +curl supports HTTP with numerous options and variations. It can speak HTTP +version 0.9, 1.0, 1.1, 2 and 3 depending on build options and the correct +command line options. +## IMAP(S) +Using the mail reading protocol, curl can download emails for you. With or +without using TLS. +## LDAP(S) +curl can do directory lookups for you, with or without TLS. +## MQTT +curl supports MQTT version 3. Downloading over MQTT equals subscribing to a +topic while uploading/posting equals publishing on a topic. MQTT over TLS is not +supported (yet). +## POP3(S) +Downloading from a pop3 server means getting an email. With or without using +TLS. +## RTSP +curl supports RTSP 1.0 downloads. +## SCP +curl supports SSH version 2 scp transfers. +## SFTP +curl supports SFTP (draft 5) done over SSH version 2. +## SMB(S) +curl supports SMB version 1 for upload and download. +## SMTP(S) +Uploading contents to an SMTP server means sending an email. With or without +TLS. +## TELNET +Fetching a telnet URL starts an interactive session where it sends what it +reads on stdin and outputs what the server sends it. +## TFTP +curl can do TFTP downloads and uploads. +## WS(S) +WebSocket done over HTTP/1. WSS implies that it works over HTTPS. diff --git a/docs/cmdline-opts/_PROXYPREFIX.md b/docs/cmdline-opts/_PROXYPREFIX.md new file mode 100644 index 000000000000..297b56c4b64c --- /dev/null +++ b/docs/cmdline-opts/_PROXYPREFIX.md @@ -0,0 +1,22 @@ + + +# PROXY PROTOCOL PREFIXES +The proxy string may be specified with a protocol:// prefix to specify +alternative proxy protocols. (Added in 7.21.7) + +If no protocol is specified in the proxy string or if the string does not +match a supported one, the proxy is treated as an HTTP proxy. + +The supported proxy protocol prefixes are as follows: +## http:// +Makes it use it as an HTTP proxy. The default if no scheme prefix is used. +## https:// +Makes it treated as an **HTTPS** proxy. +## socks4:// +Makes it the equivalent of --socks4 +## socks4a:// +Makes it the equivalent of --socks4a +## socks5:// +Makes it the equivalent of --socks5 +## socks5h:// +Makes it the equivalent of --socks5-hostname diff --git a/docs/cmdline-opts/_SEEALSO.md b/docs/cmdline-opts/_SEEALSO.md new file mode 100644 index 000000000000..aa1b25984bdd --- /dev/null +++ b/docs/cmdline-opts/_SEEALSO.md @@ -0,0 +1,5 @@ + + +# SEE ALSO + +**ftp(1)**, **wget(1)** diff --git a/docs/cmdline-opts/_SYNOPSIS.md b/docs/cmdline-opts/_SYNOPSIS.md new file mode 100644 index 000000000000..381587744884 --- /dev/null +++ b/docs/cmdline-opts/_SYNOPSIS.md @@ -0,0 +1,5 @@ + + +# SYNOPSIS + +**curl [options / URLs]** diff --git a/docs/cmdline-opts/_URL.md b/docs/cmdline-opts/_URL.md new file mode 100644 index 000000000000..288b9d0aa713 --- /dev/null +++ b/docs/cmdline-opts/_URL.md @@ -0,0 +1,28 @@ + + +# URL +The URL syntax is protocol-dependent. You can find a detailed description in +RFC 3986. + +If you provide a URL without a leading **protocol://** scheme, curl guesses +what protocol you want. It then defaults to HTTP but assumes others based on +often-used hostname prefixes. For example, for hostnames starting with `ftp.` +curl assumes you want FTP. + +You can specify any amount of URLs on the command line. They are fetched in a +sequential manner in the specified order unless you use --parallel. You can +specify command line options and URLs mixed and in any order on the command +line. + +curl attempts to reuse connections when doing multiple transfers, so that +getting many files from the same server do not use multiple connects and setup +handshakes. This improves speed. Connection reuse can only be done for URLs +specified for a single command line invocation and cannot be performed between +separate curl runs. + +Provide an IPv6 zone id in the URL with an escaped percentage sign. Like in + + http://[fe80::3%25eth0]/ + +Everything provided on the command line that is not a command line option or +its argument, curl assumes is a URL and treats it as such. diff --git a/docs/cmdline-opts/_VARIABLES.md b/docs/cmdline-opts/_VARIABLES.md new file mode 100644 index 000000000000..834fc5ef2837 --- /dev/null +++ b/docs/cmdline-opts/_VARIABLES.md @@ -0,0 +1,43 @@ + + +# VARIABLES +curl supports command line variables (added in 8.3.0). Set variables with +--variable name=content or --variable name@file (where `file` can be stdin if +set to a single dash (-)). + +Variable contents can be expanded in option parameters using `{{name}}` if the +option name is prefixed with `--expand-`. This gets the contents of the +variable `name` inserted, or a blank if the name does not exist as a +variable. Insert `{{` verbatim in the string by prefixing it with a backslash, +like `\{{`. + +You can access and expand environment variables by importing them with +`--variable %name`. This imports the variable called `name` but exits with an +error if that environment variable is not already set. To provide a default +value in case it is not already set, use `--variable %name=content` or +`--variable %name@content`. + +Example: get the USER environment variable and expand into the URL, fail if +USER is not set: + + --variable '%USER' + --expand-url = "https://example.com/api/{{USER}}/method" + +When expanding variables, curl supports a set of functions that can make the +variable contents more convenient to use. It can trim leading and trailing +white space with `trim`, output the contents as a JSON quoted string with +`json`, URL encode the string with `url`, base64 encode it with `b64` and +base64 decode it with `64dec`. To apply functions to a variable expansion, add +them colon separated to the right side of the variable. Variable content +holding null bytes that are not encoded when expanded causes an error. + +Example: get the contents of a file called $HOME/.secret into a variable +called "fix". Make sure that the content is trimmed and percent-encoded when +sent as POST data: + + --variable %HOME + --expand-variable fix@{{HOME}}/.secret + --expand-data "{{fix:trim:url}}" + https://example.com/ + +Command line variables and expansions were added in 8.3.0. diff --git a/docs/cmdline-opts/_VERSION.md b/docs/cmdline-opts/_VERSION.md new file mode 100644 index 000000000000..e0228fe9cdbb --- /dev/null +++ b/docs/cmdline-opts/_VERSION.md @@ -0,0 +1,15 @@ + + +# VERSION + +This man page describes curl `%VERSION`. If you use a later version, chances +are this man page does not fully document it. If you use an earlier version, +this document tries to include version information about which specific +version that introduced changes. + +You can always learn which the latest curl version is by running + + curl https://curl.se/info + +The online version of this man page is always showing the latest incarnation: +https://curl.se/docs/manpage.html diff --git a/docs/cmdline-opts/_WWW.md b/docs/cmdline-opts/_WWW.md new file mode 100644 index 000000000000..8656e9ee8c8f --- /dev/null +++ b/docs/cmdline-opts/_WWW.md @@ -0,0 +1,4 @@ + + +# WWW +https://curl.se/ diff --git a/docs/cmdline-opts/abstract-unix-socket.d b/docs/cmdline-opts/abstract-unix-socket.d deleted file mode 100644 index 8403cab9d156..000000000000 --- a/docs/cmdline-opts/abstract-unix-socket.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: abstract-unix-socket -Arg: -Help: Connect via abstract Unix domain socket -Added: 7.53.0 -Protocols: HTTP -Category: connection ---- -Connect through an abstract Unix domain socket, instead of using the network. -Note: netstat shows the path of an abstract socket prefixed with '@', however -the argument should not have this leading character. diff --git a/docs/cmdline-opts/abstract-unix-socket.md b/docs/cmdline-opts/abstract-unix-socket.md new file mode 100644 index 000000000000..b1b6100e1611 --- /dev/null +++ b/docs/cmdline-opts/abstract-unix-socket.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: abstract-unix-socket +Arg: +Help: Connect via abstract Unix domain socket +Added: 7.53.0 +Protocols: HTTP +Category: connection +Multi: single +See-also: + - unix-socket +Example: + - --abstract-unix-socket socketpath $URL +--- + +# `--abstract-unix-socket` + +Connect to the server through an abstract Unix domain socket, instead of using +the network. Note: netstat shows the path of an abstract socket prefixed with +`@`, however the \ argument should not have this leading character. diff --git a/docs/cmdline-opts/alt-svc.d b/docs/cmdline-opts/alt-svc.d deleted file mode 100644 index 5598b59b4807..000000000000 --- a/docs/cmdline-opts/alt-svc.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: alt-svc -Arg: -Protocols: HTTPS -Help: Enable alt-svc with this cache file -Added: 7.64.1 -Category: http ---- -WARNING: this option is experimental. Do not use in production. - -This option enables the alt-svc parser in curl. If the file name points to an -existing alt-svc cache file, that will be used. After a completed transfer, -the cache will be saved to the file name again if it has been modified. - -Specify a "" file name (zero length) to avoid loading/saving and make curl -just handle the cache in memory. - -If this option is used several times, curl will load contents from all the -files but the last one will be used for saving. diff --git a/docs/cmdline-opts/alt-svc.md b/docs/cmdline-opts/alt-svc.md new file mode 100644 index 000000000000..fe2e8736fa52 --- /dev/null +++ b/docs/cmdline-opts/alt-svc.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: alt-svc +Arg: +Protocols: HTTPS +Help: Enable alt-svc with this cache file +Added: 7.64.1 +Category: http +Multi: append +See-also: + - resolve + - connect-to +Example: + - --alt-svc svc.txt $URL +--- + +# `--alt-svc` + +Enable the alt-svc parser. If the filename points to an existing alt-svc cache +file, that gets used. After a completed transfer, the cache is saved to the +filename again if it has been modified. + +Specify a "" filename (zero length) to avoid loading/saving and make curl +handle the cache in memory. + +You may want to restrict your umask to prevent other users on the same system +to access the created file. + +If this option is used several times, curl loads contents from all the +files but the last one is used for saving. diff --git a/docs/cmdline-opts/anyauth.d b/docs/cmdline-opts/anyauth.d deleted file mode 100644 index bec0c0c86125..000000000000 --- a/docs/cmdline-opts/anyauth.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: anyauth -Help: Pick any authentication method -Protocols: HTTP -See-also: proxy-anyauth basic digest -Category: http proxy auth ---- -Tells curl to figure out authentication method by itself, and use the most -secure one the remote site claims to support. This is done by first doing a -request and checking the response-headers, thus possibly inducing an extra -network round-trip. This is used instead of setting a specific authentication -method, which you can do with --basic, --digest, --ntlm, and --negotiate. - -Using --anyauth is not recommended if you do uploads from stdin, since it may -require data to be sent twice and then the client must be able to rewind. If -the need should arise when uploading from stdin, the upload operation will -fail. - -Used together with --user. diff --git a/docs/cmdline-opts/anyauth.md b/docs/cmdline-opts/anyauth.md new file mode 100644 index 000000000000..2afde382242b --- /dev/null +++ b/docs/cmdline-opts/anyauth.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: anyauth +Help: Pick any authentication method +Protocols: HTTP +Category: http proxy auth +Added: 7.10.6 +Multi: custom +See-also: + - proxy-anyauth + - basic + - digest +Example: + - --anyauth --user me:pwd $URL +--- + +# `--anyauth` + +Figure out authentication method automatically, and use the most secure one +the remote site claims to support. This is done by first doing a request and +checking the response-headers, thus possibly inducing an extra network +round-trip. This option is used instead of setting a specific authentication +method, which you can do with --basic, --digest, --ntlm, and --negotiate. + +Using --anyauth is not recommended if you do uploads from stdin, since it may +require data to be sent twice and then the client must be able to rewind. If +the need should arise when uploading from stdin, the upload operation fails. + +Used together with --user. diff --git a/docs/cmdline-opts/append.d b/docs/cmdline-opts/append.d deleted file mode 100644 index 8bdb2594d45e..000000000000 --- a/docs/cmdline-opts/append.d +++ /dev/null @@ -1,9 +0,0 @@ -Short: a -Long: append -Help: Append to target file when uploading -Protocols: FTP SFTP -Category: ftp sftp ---- -When used in an upload, this makes curl append to the target file instead of -overwriting it. If the remote file doesn't exist, it will be created. Note -that this flag is ignored by some SFTP servers (including OpenSSH). diff --git a/docs/cmdline-opts/append.md b/docs/cmdline-opts/append.md new file mode 100644 index 000000000000..3d0030d6a739 --- /dev/null +++ b/docs/cmdline-opts/append.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: a +Long: append +Help: Append to target file when uploading +Protocols: FTP SFTP +Category: ftp sftp +Added: 4.8 +Multi: boolean +See-also: + - range + - continue-at +Example: + - --upload-file local --append ftp://example.com/ +--- + +# `--append` + +When used in an upload, this option makes curl append to the target file +instead of overwriting it. If the remote file does not exist, it is +created. Note that this flag is ignored by some SFTP servers (including +OpenSSH). diff --git a/docs/cmdline-opts/aws-sigv4.d b/docs/cmdline-opts/aws-sigv4.d deleted file mode 100644 index 26546df3f661..000000000000 --- a/docs/cmdline-opts/aws-sigv4.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: aws-sigv4 -Arg: -Help: Use AWS V4 signature authentication -Category: auth http -Added: 7.75.0 ---- -Use AWS V4 signature authentication in the transfer. - -The provider argument is a string that is used by the algorithm when creating -outgoing authentication headers. - -The region argument is a string that points to a geographic area of -a resources collection (region-code) when the region name is omitted from -the endpoint. - -The service argument is a string that points to a function provided by a cloud -(service-code) when the service name is omitted from the endpoint. diff --git a/docs/cmdline-opts/aws-sigv4.md b/docs/cmdline-opts/aws-sigv4.md new file mode 100644 index 000000000000..517cc1c5b08b --- /dev/null +++ b/docs/cmdline-opts/aws-sigv4.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: aws-sigv4 +Protocols: HTTP +Arg: +Help: AWS V4 signature auth +Category: auth http +Added: 7.75.0 +Multi: single +See-also: + - basic + - user +Example: + - --aws-sigv4 "aws:amz:us-east-2:es" --user "key:secret" $URL +--- + +# `--aws-sigv4` + +Use AWS V4 signature authentication in the transfer. + +The provider argument is a string that is used by the algorithm when creating +outgoing authentication headers. + +The region argument is a string that points to a geographic area of +a resources collection (region-code) when the region name is omitted from +the endpoint. + +The service argument is a string that points to a function provided by a cloud +(service-code) when the service name is omitted from the endpoint. diff --git a/docs/cmdline-opts/basic.d b/docs/cmdline-opts/basic.d deleted file mode 100644 index e222c51c1ce6..000000000000 --- a/docs/cmdline-opts/basic.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: basic -Help: Use HTTP Basic Authentication -See-also: proxy-basic -Protocols: HTTP -Category: auth ---- -Tells curl to use HTTP Basic authentication with the remote host. This is the -default and this option is usually pointless, unless you use it to override a -previously set option that sets a different authentication method (such as ---ntlm, --digest, or --negotiate). - -Used together with --user. diff --git a/docs/cmdline-opts/basic.md b/docs/cmdline-opts/basic.md new file mode 100644 index 000000000000..1c372fbc7138 --- /dev/null +++ b/docs/cmdline-opts/basic.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: basic +Help: HTTP Basic Authentication +Protocols: HTTP +Category: auth +Added: 7.10.6 +Multi: boolean +See-also: + - proxy-basic +Example: + - -u name:password --basic $URL +--- + +# `--basic` + +Use HTTP Basic authentication with the remote host. This method is the default +and this option is usually pointless, unless you use it to override a +previously set option that sets a different authentication method (such as +--ntlm, --digest, or --negotiate). + +Used together with --user. diff --git a/docs/cmdline-opts/ca-native.md b/docs/cmdline-opts/ca-native.md new file mode 100644 index 000000000000..4a887df558a6 --- /dev/null +++ b/docs/cmdline-opts/ca-native.md @@ -0,0 +1,44 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ca-native +Help: Load CA certs from the OS +Protocols: TLS +Category: tls +Added: 8.2.0 +Multi: boolean +See-also: + - cacert + - capath + - dump-ca-embed + - insecure + - proxy-ca-native +Example: + - --ca-native $URL +--- + +# `--ca-native` + +Use the operating system's native CA store for certificate verification. + +This option is independent of other CA certificate locations set at run time or +build time. Those locations are searched in addition to the native CA store. + +This option works with OpenSSL and its forks (LibreSSL, BoringSSL, etc) on +Windows (Added in 7.71.0) and on Apple OS when libcurl is built with +Apple SecTrust enabled. (Added in 8.17.0) + +This option works with wolfSSL on Windows, Linux (Debian, Ubuntu, Gentoo, +Fedora, RHEL), macOS, Android and iOS. (Added in 8.3.0) + +This option works with GnuTLS (Added in 8.5.0) and also uses Apple +SecTrust when libcurl is built with it. (Added in 8.17.0) + +This option works with Rustls on Windows, macOS, Android and iOS. On Linux it +is equivalent to using the Mozilla CA certificate bundle. When used with Rustls +_only_ the native CA store is consulted, not other locations set at run time or +build time. (Added in 8.13.0) + +This option currently has no effect for Schannel. This is the native TLS +library from Microsoft, that by default uses the native CA store for +verification unless overridden by a CA certificate location setting. diff --git a/docs/cmdline-opts/cacert.d b/docs/cmdline-opts/cacert.d deleted file mode 100644 index 793d8c1ba176..000000000000 --- a/docs/cmdline-opts/cacert.d +++ /dev/null @@ -1,34 +0,0 @@ -Long: cacert -Arg: -Help: CA certificate to verify peer against -Protocols: TLS -Category: tls ---- -Tells curl to use the specified certificate file to verify the peer. The file -may contain multiple CA certificates. The certificate(s) must be in PEM -format. Normally curl is built to use a default file for this, so this option -is typically used to alter that default file. - -curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is -set, and uses the given path as a path to a CA cert bundle. This option -overrides that variable. - -The windows version of curl will automatically look for a CA certs file named -\'curl-ca-bundle.crt\', either in the same directory as curl.exe, or in the -Current Working Directory, or in any folder along your PATH. - -If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module -(libnsspem.so) needs to be available for this option to work properly. - -(iOS and macOS only) If curl is built against Secure Transport, then this -option is supported for backward compatibility with other SSL engines, but it -should not be set. If the option is not set, then curl will use the -certificates in the system and user Keychain to verify the peer, which is the -preferred method of verifying the peer's certificate chain. - -(Schannel only) This option is supported for Schannel in Windows 7 or later with -libcurl 7.60 or later. This option is supported for backward compatibility -with other SSL engines; instead it is recommended to use Windows' store of -root certificates (the default for Schannel). - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/cacert.md b/docs/cmdline-opts/cacert.md new file mode 100644 index 000000000000..ae9be3824b59 --- /dev/null +++ b/docs/cmdline-opts/cacert.md @@ -0,0 +1,40 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: cacert +Arg: +Help: CA certificate to verify peer against +Protocols: TLS +Category: tls +Added: 7.5 +Multi: single +See-also: + - capath + - dump-ca-embed + - insecure +Example: + - --cacert CA-file.txt $URL +--- + +# `--cacert` + +Use the specified certificate file to verify the peer. The file may contain +multiple CA certificates. The certificate(s) must be in PEM format. Normally +curl is built to use a default file for this, so this option is typically used +to alter that default file. + +curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is set +and the TLS backend is not Schannel, and uses the given path as a path to a CA +cert bundle. This option overrides that variable. + +(Windows) curl automatically looks for a CA certs file named +'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the +Current Working Directory, or in any folder along your PATH. + +curl 8.11.0 added a build-time option to disable this search behavior, and +another option to restrict search to the application's directory. + +(Schannel) This option is supported for Schannel in Windows 7 or later (added +in 7.60.0). This option is supported for backward compatibility with other SSL +engines; instead it is recommended to use Windows' store of root certificates +(the default for Schannel). diff --git a/docs/cmdline-opts/capath.d b/docs/cmdline-opts/capath.d deleted file mode 100644 index 4ce077a1471e..000000000000 --- a/docs/cmdline-opts/capath.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: capath -Arg: -Help: CA directory to verify peer against -Protocols: TLS -Category: tls ---- -Tells curl to use the specified certificate directory to verify the -peer. Multiple paths can be provided by separating them with ":" (e.g. -\&"path1:path2:path3"). The certificates must be in PEM format, and if curl is -built against OpenSSL, the directory must have been processed using the -c_rehash utility supplied with OpenSSL. Using --capath can allow -OpenSSL-powered curl to make SSL-connections much more efficiently than using ---cacert if the --cacert file contains many CA certificates. - -If this option is set, the default capath value will be ignored, and if it is -used several times, the last one will be used. diff --git a/docs/cmdline-opts/capath.md b/docs/cmdline-opts/capath.md new file mode 100644 index 000000000000..68bc86fbbcf3 --- /dev/null +++ b/docs/cmdline-opts/capath.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: capath +Arg: +Help: CA directory to verify peer against +Protocols: TLS +Category: tls +Added: 7.9.8 +Multi: single +See-also: + - cacert + - dump-ca-embed + - insecure +Example: + - --capath /local/directory $URL +--- + +# `--capath` + +Use the specified certificate directory to verify the peer. If curl is built against +OpenSSL, multiple paths can be provided by separating them with the appropriate platform-specific +separator (e.g. `path1:path2:path3` on Unix-style platforms for `path1;path2;path3` on Windows). + +The certificates must be in PEM format, and if curl is built against OpenSSL, the +directory must have been processed using the c_rehash utility supplied with +OpenSSL. Using --capath can allow OpenSSL-powered curl to make SSL-connections +much more efficiently than using --cacert if the --cacert file contains many +CA certificates. + +If this option is set, the default capath value is ignored. diff --git a/docs/cmdline-opts/cert-status.d b/docs/cmdline-opts/cert-status.d deleted file mode 100644 index 63e35205101f..000000000000 --- a/docs/cmdline-opts/cert-status.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: cert-status -Protocols: TLS -Added: 7.41.0 -Help: Verify the status of the server cert via OCSP-staple -Category: tls ---- -Tells curl to verify the status of the server certificate by using the -Certificate Status Request (aka. OCSP stapling) TLS extension. - -If this option is enabled and the server sends an invalid (e.g. expired) -response, if the response suggests that the server certificate has been revoked, -or no response at all is received, the verification fails. - -This is currently only implemented in the OpenSSL, GnuTLS and NSS backends. diff --git a/docs/cmdline-opts/cert-status.md b/docs/cmdline-opts/cert-status.md new file mode 100644 index 000000000000..8b6e57b9edf0 --- /dev/null +++ b/docs/cmdline-opts/cert-status.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: cert-status +Protocols: TLS +Added: 7.41.0 +Help: Verify server cert status OCSP-staple +Category: tls +Multi: boolean +See-also: + - pinnedpubkey +Example: + - --cert-status $URL +--- + +# `--cert-status` + +Verify the status of the server certificate by using the Certificate Status +Request (aka. OCSP stapling) TLS extension. + +If this option is enabled and the server sends an invalid (e.g. expired) +response, if the response suggests that the server certificate has been +revoked, or no response at all is received, the verification fails. + +This support is currently only implemented in the OpenSSL and GnuTLS backends. diff --git a/docs/cmdline-opts/cert-type.d b/docs/cmdline-opts/cert-type.d deleted file mode 100644 index b041bcb06513..000000000000 --- a/docs/cmdline-opts/cert-type.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: cert-type -Protocols: TLS -Arg: -Help: Certificate type (DER/PEM/ENG) -See-also: cert key key-type -Category: tls ---- -Tells curl what type the provided client certificate is using. PEM, DER, ENG -and P12 are recognized types. If not specified, PEM is assumed. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/cert-type.md b/docs/cmdline-opts/cert-type.md new file mode 100644 index 000000000000..a96587ff6314 --- /dev/null +++ b/docs/cmdline-opts/cert-type.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: cert-type +Protocols: TLS +Arg: +Help: Certificate type (DER/PEM/ENG/PROV/P12) +Category: tls +Added: 7.9.3 +Multi: single +See-also: + - cert + - key + - key-type +Example: + - --cert-type PEM --cert file $URL +--- + +# `--cert-type` + +Set type of the provided client certificate. PEM, DER, ENG, PROV and P12 are +recognized types. + +The default type depends on the TLS backend and is usually PEM. For Schannel +it is P12. If --cert is a pkcs11: URI then ENG or PROV is the default type +(depending on OpenSSL version). diff --git a/docs/cmdline-opts/cert.d b/docs/cmdline-opts/cert.d deleted file mode 100644 index 2938e571fb46..000000000000 --- a/docs/cmdline-opts/cert.d +++ /dev/null @@ -1,51 +0,0 @@ -Short: E -Long: cert -Arg: -Help: Client certificate file and password -Protocols: TLS -See-also: cert-type key key-type -Category: tls ---- -Tells curl to use the specified client certificate file when getting a file -with HTTPS, FTPS or another SSL-based protocol. The certificate must be in -PKCS#12 format if using Secure Transport, or PEM format if using any other -engine. If the optional password isn't specified, it will be queried for on -the terminal. Note that this option assumes a \&"certificate" file that is the -private key and the client certificate concatenated! See --cert and --key to -specify them independently. - -If curl is built against the NSS SSL library then this option can tell -curl the nickname of the certificate to use within the NSS database defined -by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the -NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be -loaded. If you want to use a file from the current directory, please precede -it with "./" prefix, in order to avoid confusion with a nickname. If the -nickname contains ":", it needs to be preceded by "\\" so that it is not -recognized as password delimiter. If the nickname contains "\\", it needs to -be escaped as "\\\\" so that it is not recognized as an escape character. - -If curl is built against OpenSSL library, and the engine pkcs11 is available, -then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in -a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a -PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set -as "pkcs11" if none was provided and the --cert-type option will be set as -"ENG" if none was provided. - -(iOS and macOS only) If curl is built against Secure Transport, then the -certificate string can either be the name of a certificate/private key in the -system or user keychain, or the path to a PKCS#12-encoded certificate and -private key. If you want to use a file from the current directory, please -precede it with "./" prefix, in order to avoid confusion with a nickname. - -(Schannel only) Client certificates must be specified by a path -expression to a certificate store. (Loading PFX is not supported; you can -import it to a store first). You can use -"\\\\" to refer to a certificate -in the system certificates store, for example, -"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is -usually a SHA-1 hex string which you can see in certificate details. Following -store locations are supported: CurrentUser, LocalMachine, CurrentService, -Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, -LocalMachineEnterprise. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/cert.md b/docs/cmdline-opts/cert.md new file mode 100644 index 000000000000..2bc3d8fa29c6 --- /dev/null +++ b/docs/cmdline-opts/cert.md @@ -0,0 +1,53 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: E +Long: cert +Arg: +Help: Client certificate file and password +Protocols: TLS +Category: tls +Added: 5.0 +Multi: single +See-also: + - cert-type + - key + - key-type +Example: + - --cert certfile --key keyfile $URL +--- + +# `--cert` + +Use the specified client certificate file when getting a file with HTTPS, FTPS +or another SSL-based protocol. The certificate must be PEM format. If the +optional password is not specified, it is queried for on the terminal. Note +that this option assumes a certificate file that is the private key and the +client certificate concatenated. See --cert and --key to specify them +independently. + +In the \ portion of the argument, you must escape the character +`:` as `\:` so that it is not recognized as the password delimiter. Similarly, +you must escape the double quote character as \" so that it is not recognized +as an escape character. + +If curl is built against OpenSSL, and the engine pkcs11 or pkcs11 +provider is available, then a PKCS#11 URI (RFC 7512) can be used to specify a +certificate located in a PKCS#11 device. A string beginning with `pkcs11:` is +interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine +option is set as `pkcs11` if none was provided and the --cert-type option is +set as `ENG` or `PROV` if none was provided (depending on OpenSSL version). + +If curl is built against GnuTLS, a PKCS#11 URI can be used to specify +a certificate located in a PKCS#11 device. A string beginning with `pkcs11:` +is interpreted as a PKCS#11 URI. + +(Schannel) Client certificates must be specified by a path expression to a +certificate store. (Loading *PFX* is not supported; you can import it to a +store first). You can use "\\\\\" +to refer to a certificate in the system certificates store, for example, +*"CurrentUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a"*. Thumbprint is +usually a SHA-1 hex string which you can see in certificate details. Following +store locations are supported: *CurrentUser*, *LocalMachine*, +*CurrentService*, *Services*, *CurrentUserGroupPolicy*, +*LocalMachineGroupPolicy* and *LocalMachineEnterprise*. diff --git a/docs/cmdline-opts/ciphers.d b/docs/cmdline-opts/ciphers.d deleted file mode 100644 index 723b95923728..000000000000 --- a/docs/cmdline-opts/ciphers.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: ciphers -Arg: -Help: SSL ciphers to use -Protocols: TLS -Category: tls ---- -Specifies which ciphers to use in the connection. The list of ciphers must -specify valid ciphers. Read up on SSL cipher list details on this URL: - - https://curl.se/docs/ssl-ciphers.html - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/ciphers.md b/docs/cmdline-opts/ciphers.md new file mode 100644 index 000000000000..14f0425dbf5e --- /dev/null +++ b/docs/cmdline-opts/ciphers.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ciphers +Arg: +Help: TLS 1.2 (1.1, 1.0) ciphers to use +Protocols: TLS +Category: tls +Added: 7.9 +Multi: single +See-also: + - tls13-ciphers + - proxy-ciphers + - curves +Example: + - --ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 $URL +--- + +# `--ciphers` + +Specify which cipher suites to use in the connection if it negotiates TLS 1.2 +(1.1, 1.0). The list of ciphers suites must specify valid ciphers. Read up on +cipher suite details on this URL: + +https://curl.se/docs/ssl-ciphers.html diff --git a/docs/cmdline-opts/compressed-ssh.d b/docs/cmdline-opts/compressed-ssh.d deleted file mode 100644 index 849fe18b0007..000000000000 --- a/docs/cmdline-opts/compressed-ssh.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: compressed-ssh -Help: Enable SSH compression -Protocols: SCP SFTP -Added: 7.56.0 -Category: scp ssh ---- -Enables built-in SSH compression. -This is a request, not an order; the server may or may not do it. diff --git a/docs/cmdline-opts/compressed-ssh.md b/docs/cmdline-opts/compressed-ssh.md new file mode 100644 index 000000000000..07d3981b484e --- /dev/null +++ b/docs/cmdline-opts/compressed-ssh.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: compressed-ssh +Help: Enable SSH compression +Protocols: SCP SFTP +Added: 7.56.0 +Category: scp ssh +Multi: boolean +See-also: + - compressed +Example: + - --compressed-ssh sftp://example.com/ +--- + +# `--compressed-ssh` + +Enable SSH compression. This is a request, not an order; the server may or may +not do it. This allows the data to be sent compressed over the wire, and +automatically decompressed in the receiving end, to save bandwidth. diff --git a/docs/cmdline-opts/compressed.d b/docs/cmdline-opts/compressed.d deleted file mode 100644 index 26bc1514a55e..000000000000 --- a/docs/cmdline-opts/compressed.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: compressed -Help: Request compressed response -Protocols: HTTP -Category: http ---- -Request a compressed response using one of the algorithms curl supports, and -automatically decompress the content. Headers are not modified. - -If this option is used and the server sends an unsupported encoding, curl will -report an error. diff --git a/docs/cmdline-opts/compressed.md b/docs/cmdline-opts/compressed.md new file mode 100644 index 000000000000..a66cdff4fd86 --- /dev/null +++ b/docs/cmdline-opts/compressed.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: compressed +Help: Request compressed response +Protocols: HTTP +Category: http +Added: 7.10 +Multi: boolean +See-also: + - compressed-ssh +Example: + - --compressed $URL +--- + +# `--compressed` + +Request a compressed response using one of the algorithms curl supports, and +automatically decompress the content. + +Response headers are not modified when saved, so if they are "interpreted" +separately again at a later point they might appear to be saying that the +content is (still) compressed; while in fact it has already been decompressed. + +If this option is used and the server sends an unsupported encoding, curl +reports an error. This is a request, not an order; the server may or may not +deliver data compressed. + +**WARNING**: when decompressing data, even tiny transfers might be expanded +and generate a huge amount of bytes. diff --git a/docs/cmdline-opts/config.d b/docs/cmdline-opts/config.d deleted file mode 100644 index 254c7044b1b7..000000000000 --- a/docs/cmdline-opts/config.d +++ /dev/null @@ -1,68 +0,0 @@ -Long: config -Arg: -Help: Read config from a file -Short: K -Category: curl ---- - -Specify a text file to read curl arguments from. The command line arguments -found in the text file will be used as if they were provided on the command -line. - -Options and their parameters must be specified on the same line in the file, -separated by whitespace, colon, or the equals sign. Long option names can -optionally be given in the config file without the initial double dashes and -if so, the colon or equals characters can be used as separators. If the option -is specified with one or two dashes, there can be no colon or equals character -between the option and its parameter. - -If the parameter contains whitespace (or starts with : or =), the parameter -must be enclosed within quotes. Within double quotes, the following escape -sequences are available: \\\\, \\", \\t, \\n, \\r and \\v. A backslash -preceding any other letter is ignored. If the first column of a config line is -a '#' character, the rest of the line will be treated as a comment. Only write -one option per physical line in the config file. - -Specify the filename to --config as '-' to make curl read the file from stdin. - -Note that to be able to specify a URL in the config file, you need to specify -it using the --url option, and not by simply writing the URL on its own -line. So, it could look similar to this: - -url = "https://curl.se/docs/" - -When curl is invoked, it (unless --disable is used) checks for a default -config file and uses it if found. The default config file is checked for in -the following places in this order: - -1) Use the CURL_HOME environment variable if set - -2) Use the XDG_CONFIG_HOME environment variable if set (Added in 7.73.0) - -3) Use the HOME environment variable if set - -4) Non-windows: use getpwuid to find the home directory - -5) Windows: use APPDATA if set - -6) Windows: use "USERPROFILE\Application Data" if set - -7) On windows, if there is no .curlrc file in the home dir, it checks for one -in the same dir the curl executable is placed. On Unix-like systems, it will -simply try to load .curlrc from the determined home dir. - -.nf -# --- Example file --- -# this is a comment -url = "example.com" -output = "curlhere.html" -user-agent = "superagent/1.0" - -# and fetch another URL too -url = "example.com/docs/manpage.html" --O -referer = "http://nowhereatall.example.com/" -# --- End of example file --- -.fi - -This option can be used multiple times to load multiple config files. diff --git a/docs/cmdline-opts/config.md b/docs/cmdline-opts/config.md new file mode 100644 index 000000000000..637918df75dd --- /dev/null +++ b/docs/cmdline-opts/config.md @@ -0,0 +1,84 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: config +Arg: +Help: Read config from a file +Short: K +Category: curl +Added: 4.10 +Multi: append +See-also: + - disable +Example: + - --config file.txt $URL +--- + +# `--config` + +Specify a text file to read curl arguments from. The command line arguments +found in the text file are used as if they were provided on the command +line. + +Options and their parameters must be specified on the same line in the file, +separated by whitespace, colon, or the equals sign. Long option names can +optionally be given in the config file without the initial double dashes and +if so, the colon or equals characters can be used as separators. If the option +is specified with one or two dashes, there can be no colon or equals character +between the option and its parameter. + +If the parameter contains whitespace or starts with a colon (:) or equals sign +(=), it must be specified enclosed within double quotes ("like this"). Within +double quotes the following escape sequences are available: \\, \", \t, \n, \r +and \v. A backslash preceding any other letter is ignored. + +If the first non-blank column of a config line is a '#' character, that line +is treated as a comment. + +Only write one option per physical line in the config file. A single line is +required to be no more than 10 megabytes (since 8.2.0). + +Specify the filename to --config as minus "-" to make curl read the file from +stdin. + +Note that to be able to specify a URL in the config file, you need to specify +it using the --url option, and not by writing the URL on its own line. +It could look similar to this: + + url = "https://curl.se/docs/" + + # --- Example file --- + # this is a comment + url = "example.com" + output = "curlhere.html" + user-agent = "superagent/1.0" + + # and fetch another URL too + url = "example.com/docs/manpage.html" + -O + referer = "http://nowhereatall.example.com/" + # --- End of example file --- + +When curl is invoked, it (unless --disable is used) checks for a default +config file and uses it if found, even when --config is used. The default +config file is checked for in the following places in this order: + +1) **"$CURL_HOME/.curlrc"** + +2) **"$XDG_CONFIG_HOME/curlrc"** (Added in 7.73.0) + +3) **"$HOME/.curlrc"** + +4) Windows: **"%USERPROFILE%\.curlrc"** + +5) Windows: **"%APPDATA%\.curlrc"** + +6) Windows: **"%USERPROFILE%\Application Data\.curlrc"** + +7) Non-Windows: use getpwuid to find the home directory + +8) On Windows, if it finds no *.curlrc* file in the sequence described above, it +checks for one in the same directory the curl executable is placed. + +On Windows two filenames are checked per location: *.curlrc* and *_curlrc*, +preferring the former. Older versions on Windows checked for *_curlrc* only. diff --git a/docs/cmdline-opts/connect-timeout.d b/docs/cmdline-opts/connect-timeout.d deleted file mode 100644 index fa3277221a5d..000000000000 --- a/docs/cmdline-opts/connect-timeout.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: connect-timeout -Arg: -Help: Maximum time allowed for connection -See-also: max-time -Category: connection ---- -Maximum time in seconds that you allow curl's connection to take. This only -limits the connection phase, so if curl connects within the given period it -will continue - if not it will exit. Since version 7.32.0, this option -accepts decimal values. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/connect-timeout.md b/docs/cmdline-opts/connect-timeout.md new file mode 100644 index 000000000000..dc5f92704098 --- /dev/null +++ b/docs/cmdline-opts/connect-timeout.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: connect-timeout +Arg: +Help: Maximum time allowed to connect +Category: connection timeout +Added: 7.7 +Multi: single +See-also: + - max-time +Example: + - --connect-timeout 20 $URL + - --connect-timeout 3.14 $URL +--- + +# `--connect-timeout` + +Maximum time in seconds that you allow curl's connection to take. This only +limits the connection phase, so if curl connects within the given period it +continues - if not it exits. + +This option accepts decimal values (added in 7.32.0). The decimal value needs +to be provided using a dot (.) as decimal separator - not the local version +even if it might be using another separator. + +The connection phase is considered complete when the DNS lookup and requested +TCP, TLS or QUIC handshakes are done. diff --git a/docs/cmdline-opts/connect-to.d b/docs/cmdline-opts/connect-to.d deleted file mode 100644 index 2f015f8ac45e..000000000000 --- a/docs/cmdline-opts/connect-to.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: connect-to -Arg: -Help: Connect to host -Added: 7.49.0 -See-also: resolve header -Category: connection ---- - -For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. -This option is suitable to direct requests at a specific server, e.g. at a -specific cluster node in a cluster of servers. This option is only used to -establish the network connection. It does NOT affect the hostname/port that is -used for TLS/SSL (e.g. SNI, certificate verification) or for the application -protocols. "HOST1" and "PORT1" may be the empty string, meaning "any -host/port". "HOST2" and "PORT2" may also be the empty string, meaning "use the -request's original host/port". - -A "host" specified to this option is compared as a string, so it needs to -match the name used in request URL. It can be either numerical such as -"127.0.0.1" or the full host name such as "example.org". - -This option can be used many times to add many connect rules. diff --git a/docs/cmdline-opts/connect-to.md b/docs/cmdline-opts/connect-to.md new file mode 100644 index 000000000000..c7378318e2b0 --- /dev/null +++ b/docs/cmdline-opts/connect-to.md @@ -0,0 +1,40 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: connect-to +Arg: +Help: Connect to host2 instead of host1 +Added: 7.49.0 +Category: connection dns +Multi: append +See-also: + - resolve + - header +Example: + - --connect-to example.com:443:example.net:8443 $URL +--- + +# `--connect-to` + +For a request intended for the `HOST1:PORT1` pair, connect to `HOST2:PORT2` +instead. This option is only used to establish the network connection. It does +NOT affect the hostname/port number that is used for TLS/SSL (e.g. SNI, +certificate verification) or for the application protocols. + +`HOST1` and `PORT1` may be empty strings, meaning any host or any port number. +`HOST2` and `PORT2` may also be empty strings, meaning use the request's +original hostname and port number. + +A hostname specified to this option is compared as a string, so it needs to +match the name used in the request URL. It can be either numerical such as +`127.0.0.1` or the full hostname such as `example.org`. + +Example: redirect connects from the example.com hostname to 127.0.0.1 +independently of port number: + + curl --connect-to example.com::127.0.0.1: https://example.com/ + +Example: redirect connects from all hostnames to 127.0.0.1 independently of +port number: + + curl --connect-to ::127.0.0.1: http://example.com/ diff --git a/docs/cmdline-opts/continue-at.d b/docs/cmdline-opts/continue-at.d deleted file mode 100644 index c44d2f496fc4..000000000000 --- a/docs/cmdline-opts/continue-at.d +++ /dev/null @@ -1,16 +0,0 @@ -Short: C -Long: continue-at -Arg: -Help: Resumed transfer offset -See-also: range -Category: connection ---- -Continue/Resume a previous file transfer at the given offset. The given offset -is the exact number of bytes that will be skipped, counting from the beginning -of the source file before it is transferred to the destination. If used with -uploads, the FTP server command SIZE will not be used by curl. - -Use "-C -" to tell curl to automatically find out where/how to resume the -transfer. It then uses the given output/input files to figure that out. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/continue-at.md b/docs/cmdline-opts/continue-at.md new file mode 100644 index 000000000000..67a137609306 --- /dev/null +++ b/docs/cmdline-opts/continue-at.md @@ -0,0 +1,37 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: C +Long: continue-at +Arg: +Help: Resumed transfer offset +Category: connection +Added: 4.8 +Multi: single +See-also: + - range +Example: + - -C - $URL + - -C 400 $URL +--- + +# `--continue-at` + +Resume a previous transfer from the given byte offset. The given offset is the +exact number of bytes that are skipped, counting from the beginning of the +source file before it is transferred to the destination. If used with uploads, +the FTP server command SIZE is not used by curl. + +Use "-C -" to instruct curl to automatically find out where/how to resume the +transfer. It then uses the given output/input files to figure that out. + +When using this option for HTTP uploads using POST or PUT, functionality is +not guaranteed. The HTTP protocol has no standard interoperable resume upload +and curl uses a set of headers for this purpose that once proved working for +some servers and have been left for those who find that useful. + +This command line option is mutually exclusive with --range: you can only use +one of them for a single transfer. + +The --no-clobber and --remove-on-error options cannot be used together with +--continue-at. diff --git a/docs/cmdline-opts/cookie-jar.d b/docs/cmdline-opts/cookie-jar.d deleted file mode 100644 index f11991f4e946..000000000000 --- a/docs/cmdline-opts/cookie-jar.d +++ /dev/null @@ -1,25 +0,0 @@ -Short: c -Long: cookie-jar -Arg: -Protocols: HTTP -Help: Write cookies to after operation -Category: http ---- -Specify to which file you want curl to write all cookies after a completed -operation. Curl writes all cookies from its in-memory cookie storage to the -given file at the end of operations. If no cookies are known, no data will be -written. The file will be written using the Netscape cookie file format. If -you set the file name to a single dash, "-", the cookies will be written to -stdout. - -This command line option will activate the cookie engine that makes curl -record and use cookies. Another way to activate it is to use the --cookie -option. - -If the cookie jar can't be created or written to, the whole curl operation -won't fail or even report an error clearly. Using --verbose will get a warning -displayed, but that is the only visible feedback you get about this possibly -lethal situation. - -If this option is used several times, the last specified file name will be -used. diff --git a/docs/cmdline-opts/cookie-jar.md b/docs/cmdline-opts/cookie-jar.md new file mode 100644 index 000000000000..de09fd5274d4 --- /dev/null +++ b/docs/cmdline-opts/cookie-jar.md @@ -0,0 +1,42 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: c +Long: cookie-jar +Arg: +Protocols: HTTP +Help: Save cookies to after operation +Category: http +Added: 7.9 +Multi: single +See-also: + - cookie + - junk-session-cookies +Example: + - -c store-here.txt $URL + - -c store-here.txt -b read-these $URL +--- + +# `--cookie-jar` + +Specify to which file you want curl to write all cookies after a completed +operation. curl writes all cookies from its in-memory cookie storage to the +given file at the end of operations. Even if no cookies are known, a file is +created so that it removes any formerly existing cookies from the file. The +file uses the Netscape cookie file format. If you set the filename to a single +minus, "-", the cookies are written to stdout. + +The file specified with --cookie-jar is only used for output. No cookies are +read from the file. To read cookies, use the --cookie option. Both options +can specify the same file. + +This command line option activates the cookie engine that makes curl record +and use cookies. The --cookie option also activates it. + +If the cookie jar cannot be created or written to, the whole curl operation +does not fail or even report an error clearly. Using --verbose gets a warning +displayed, but that is the only visible feedback you get about this possibly +lethal situation. + +You may want to restrict your umask to prevent other users on the same system +to access the created file. diff --git a/docs/cmdline-opts/cookie.d b/docs/cmdline-opts/cookie.d deleted file mode 100644 index 5c40cf2d8437..000000000000 --- a/docs/cmdline-opts/cookie.d +++ /dev/null @@ -1,34 +0,0 @@ -Short: b -Long: cookie -Arg: -Protocols: HTTP -Help: Send cookies from string/file -Category: http ---- -Pass the data to the HTTP server in the Cookie header. It is supposedly -the data previously received from the server in a "Set-Cookie:" line. The -data should be in the format "NAME1=VALUE1; NAME2=VALUE2". - -If no '=' symbol is used in the argument, it is instead treated as a filename -to read previously stored cookie from. This option also activates the cookie -engine which will make curl record incoming cookies, which may be handy if -you're using this in combination with the --location option or do multiple URL -transfers on the same invoke. If the file name is exactly a minus ("-"), curl -will instead read the contents from stdin. - -The file format of the file to read cookies from should be plain HTTP headers -(Set-Cookie style) or the Netscape/Mozilla cookie file format. - -The file specified with --cookie is only used as input. No cookies will be -written to the file. To store cookies, use the --cookie-jar option. - -If you use the Set-Cookie file format and don't specify a domain then the -cookie is not sent since the domain will never match. To address this, set a -domain in Set-Cookie line (doing that will include sub-domains) or preferably: -use the Netscape format. - -This option can be used multiple times. - -Users very often want to both read cookies from a file and write updated -cookies back to a file, so using both --cookie and --cookie-jar in the same -command line is common. diff --git a/docs/cmdline-opts/cookie.md b/docs/cmdline-opts/cookie.md new file mode 100644 index 000000000000..30288fbcbad4 --- /dev/null +++ b/docs/cmdline-opts/cookie.md @@ -0,0 +1,63 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: b +Long: cookie +Arg: +Protocols: HTTP +Help: Send cookies from string/load from file +Category: http +Added: 4.9 +Multi: append +See-also: + - cookie-jar + - junk-session-cookies +Example: + - -b "" $URL + - -b cookiefile $URL + - -b cookiefile -c cookiefile $URL + - -b name=Jane $URL +--- + +# `--cookie` + +This option has two slightly separate cookie sending functions. + +Either: pass the exact data to send to the HTTP server in the Cookie header. +It is supposedly data previously received from the server in a `Set-Cookie:` +line. The data should be in the format `NAME1=VALUE1; NAME2=VALUE2`. When +given a set of specific cookies, curl populates its cookie header with this +content explicitly in all outgoing request(s). If multiple requests are done +due to authentication, followed redirects or similar, they all get this cookie +header passed on. + +Or: If no `=` symbol is used in the argument, it is instead treated as a +filename to read previously stored cookie from. This option also activates the +cookie engine which makes curl record incoming cookies, which may be handy if +you are using this in combination with the --location option or do multiple +URL transfers on the same invoke. + +If the filename is a single minus ("-"), curl reads the contents from stdin. +If the filename is an empty string ("") and is the only cookie input, curl +activates the cookie engine without any cookies. + +The file format of the file to read cookies from should be plain HTTP headers +(Set-Cookie style) or the Netscape/Mozilla cookie file format. + +The file specified with --cookie is only used as input. No cookies are written +to that file. To store cookies, use the --cookie-jar option. + +If you use the Set-Cookie file format and do not specify a domain then the +cookie is not sent since the domain never matches. To address this, set a +domain in Set-Cookie line (doing that includes subdomains) or preferably: use +the Netscape format. + +Users often want to both read cookies from a file and write updated cookies +back to a file, so using both --cookie and --cookie-jar in the same command +line is common. curl ignores filenames specified with --cookie which do not +exist or point to a directory. + +If curl is built with PSL (**Public Suffix List**) support, it detects and +discards cookies that are specified for such suffix domains that should not be +allowed to have cookies. If curl is *not* built with PSL support, it has no +ability to stop super cookies. diff --git a/docs/cmdline-opts/create-dirs.d b/docs/cmdline-opts/create-dirs.d deleted file mode 100644 index 48a8fd466f69..000000000000 --- a/docs/cmdline-opts/create-dirs.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: create-dirs -Help: Create necessary local directory hierarchy -Category: curl ---- -When used in conjunction with the --output option, curl will create the -necessary local directory hierarchy as needed. This option creates the dirs -mentioned with the --output option, nothing else. If the --output file name -uses no dir or if the dirs it mentions already exist, no dir will be created. - -Created dirs are made with mode 0750 on unix style file systems. - -To create remote directories when using FTP or SFTP, try --ftp-create-dirs. diff --git a/docs/cmdline-opts/create-dirs.md b/docs/cmdline-opts/create-dirs.md new file mode 100644 index 000000000000..89d24f76b5e3 --- /dev/null +++ b/docs/cmdline-opts/create-dirs.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: create-dirs +Help: Create necessary local directory hierarchy +Category: output +Added: 7.10.3 +Multi: boolean +See-also: + - ftp-create-dirs + - output-dir +Example: + - --create-dirs --output local/dir/file $URL +--- + +# `--create-dirs` + +When used in conjunction with the --output option, curl creates the necessary +local directory hierarchy as needed. This option creates the directories +mentioned with the --output option combined with the path possibly set with +--output-dir. If the combined output filename uses no directory, or if the +directories it mentions already exist, no directories are created. + +Created directories are made with mode 0750 on Unix-style file systems. + +To create remote directories when using FTP or SFTP, try --ftp-create-dirs. diff --git a/docs/cmdline-opts/create-file-mode.d b/docs/cmdline-opts/create-file-mode.d deleted file mode 100644 index a03c74ac3ca3..000000000000 --- a/docs/cmdline-opts/create-file-mode.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: create-file-mode -Arg: -Help: File mode for created files -Protocols: SFTP SCP FILE -Category: sftp scp file upload -See-also: ftp-create-dirs -Added: 7.75.0 ---- -When curl is used to create files remotely using one of the supported -protocols, this option allows the user to set which 'mode' to set on the file -at creation time, instead of the default 0644. - -This option takes an octal number as argument. diff --git a/docs/cmdline-opts/create-file-mode.md b/docs/cmdline-opts/create-file-mode.md new file mode 100644 index 000000000000..c6467d15a4df --- /dev/null +++ b/docs/cmdline-opts/create-file-mode.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: create-file-mode +Arg: +Help: File mode for created files +Protocols: SFTP SCP FILE +Category: sftp scp file upload +Added: 7.75.0 +Multi: single +See-also: + - ftp-create-dirs +Example: + - --create-file-mode 0777 -T localfile sftp://example.com/new +--- + +# `--create-file-mode` + +When curl is used to create files remotely using one of the supported +protocols, this option allows the user to set which 'mode' to set on the file +at creation time, instead of the default 0644. + +This option takes an octal number as argument. diff --git a/docs/cmdline-opts/crlf.d b/docs/cmdline-opts/crlf.d deleted file mode 100644 index 50c4bef81de3..000000000000 --- a/docs/cmdline-opts/crlf.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: crlf -Help: Convert LF to CRLF in upload -Protocols: FTP SMTP -Category: ftp smtp ---- -Convert LF to CRLF in upload. Useful for MVS (OS/390). - -(SMTP added in 7.40.0) diff --git a/docs/cmdline-opts/crlf.md b/docs/cmdline-opts/crlf.md new file mode 100644 index 000000000000..c36884113dc0 --- /dev/null +++ b/docs/cmdline-opts/crlf.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: crlf +Help: Convert LF to CRLF in upload +Protocols: FTP SMTP +Category: ftp smtp +Added: 5.7 +Multi: boolean +See-also: + - use-ascii +Example: + - --crlf -T file ftp://example.com/ +--- + +# `--crlf` + +Convert line feeds to carriage return plus line feeds in upload. Useful for +**MVS (OS/390)**. diff --git a/docs/cmdline-opts/crlfile.d b/docs/cmdline-opts/crlfile.d deleted file mode 100644 index 360e668d1e9d..000000000000 --- a/docs/cmdline-opts/crlfile.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: crlfile -Arg: -Protocols: TLS -Help: Get a CRL list in PEM format from the given file -Added: 7.19.7 -Category: tls ---- -Provide a file using PEM format with a Certificate Revocation List that may -specify peer certificates that are to be considered revoked. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/crlfile.md b/docs/cmdline-opts/crlfile.md new file mode 100644 index 000000000000..a762af09f113 --- /dev/null +++ b/docs/cmdline-opts/crlfile.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: crlfile +Arg: +Protocols: TLS +Help: Certificate Revocation list +Added: 7.19.7 +Category: tls +Multi: single +See-also: + - cacert + - capath +Example: + - --crlfile rejects.txt $URL +--- + +# `--crlfile` + +Provide a file using PEM format with a Certificate Revocation List that may +specify peer certificates that are to be considered revoked. diff --git a/docs/cmdline-opts/curves.d b/docs/cmdline-opts/curves.d deleted file mode 100644 index 47870a2789dc..000000000000 --- a/docs/cmdline-opts/curves.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: curves -Arg: -Help: (EC) TLS key exchange algorithm(s) to request -Protocols: TLS -Added: 7.73.0 -Category: tls ---- -Tells curl to request specific curves to use during SSL session establishment -according to RFC 8422, 5.1. Multiple algorithms can be provided by separating -them with ":" (e.g. "X25519:P-521"). The parameter is available identically -in the "openssl s_client/s_server" utilities. - ---curves allows a OpenSSL powered curl to make SSL-connections with exactly -the (EC) curve requested by the client, avoiding intransparent client/server -negotiations. - -If this option is set, the default curves list built into openssl will be -ignored. diff --git a/docs/cmdline-opts/curves.md b/docs/cmdline-opts/curves.md new file mode 100644 index 000000000000..9473aeaa7a8a --- /dev/null +++ b/docs/cmdline-opts/curves.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: curves +Arg: +Help: (EC) TLS key exchange algorithms to request +Protocols: TLS +Added: 7.73.0 +Category: tls +Multi: single +See-also: + - ciphers +Example: + - --curves X25519 $URL +--- + +# `--curves` + +Set specific curves to use during SSL session establishment according to RFC +8422, 5.1. Multiple algorithms can be provided by separating them with `:` +(e.g. `X25519:P-521`). The parameter is available identically in the OpenSSL +`s_client` and `s_server` utilities. + +--curves allows a OpenSSL powered curl to make SSL-connections with exactly +the (EC) curve requested by the client, avoiding nontransparent client/server +negotiations. + +If this option is set, the default curves list built into OpenSSL are ignored. diff --git a/docs/cmdline-opts/data-ascii.d b/docs/cmdline-opts/data-ascii.d deleted file mode 100644 index 3522f6345c81..000000000000 --- a/docs/cmdline-opts/data-ascii.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: data-ascii -Arg: -Help: HTTP POST ASCII data -Protocols: HTTP -Category: http post upload ---- -This is just an alias for --data. diff --git a/docs/cmdline-opts/data-ascii.md b/docs/cmdline-opts/data-ascii.md new file mode 100644 index 000000000000..c1d9d75bbdc5 --- /dev/null +++ b/docs/cmdline-opts/data-ascii.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data-ascii +Arg: +Help: HTTP POST ASCII data +Protocols: HTTP +Category: http post upload +Added: 7.2 +Multi: append +See-also: + - data-binary + - data-raw + - data-urlencode +Example: + - --data-ascii @file $URL +--- + +# `--data-ascii` + +This option is an alias for --data. diff --git a/docs/cmdline-opts/data-binary.d b/docs/cmdline-opts/data-binary.d deleted file mode 100644 index c40785ece121..000000000000 --- a/docs/cmdline-opts/data-binary.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: data-binary -Arg: -Help: HTTP POST binary data -Protocols: HTTP -Category: http post upload ---- -This posts data exactly as specified with no extra processing whatsoever. - -If you start the data with the letter @, the rest should be a filename. Data -is posted in a similar manner as --data does, except that newlines and -carriage returns are preserved and conversions are never done. - -Like --data the default content-type sent to the server is -application/x-www-form-urlencoded. If you want the data to be treated as -arbitrary binary data by the server then set the content-type to octet-stream: --H "Content-Type: application/octet-stream". - -If this option is used several times, the ones following the first will append -data as described in --data. diff --git a/docs/cmdline-opts/data-binary.md b/docs/cmdline-opts/data-binary.md new file mode 100644 index 000000000000..4c5e4da8d1a6 --- /dev/null +++ b/docs/cmdline-opts/data-binary.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data-binary +Arg: +Help: HTTP POST binary data +Protocols: HTTP +Category: http post upload +Added: 7.2 +Multi: append +See-also: + - data-ascii +Example: + - --data-binary @filename $URL +--- + +# `--data-binary` + +Post data exactly as specified with no extra processing whatsoever. + +If you start the data with the letter @, the rest should be a filename. +`@-` makes curl read the data from stdin. Data is posted in a similar +manner as --data does, except that newlines and carriage returns are +preserved and conversions are never done. + +Like --data the default content-type sent to the server is +application/x-www-form-urlencoded. If you want the data to be treated as +arbitrary binary data by the server then set the content-type to octet-stream: +-H "Content-Type: application/octet-stream". + +If this option is used several times, the ones following the first append +data as described in --data. diff --git a/docs/cmdline-opts/data-raw.d b/docs/cmdline-opts/data-raw.d deleted file mode 100644 index 4db83aefa026..000000000000 --- a/docs/cmdline-opts/data-raw.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: data-raw -Arg: -Protocols: HTTP -Help: HTTP POST data, '@' allowed -Added: 7.43.0 -See-also: data -Category: http post upload ---- -This posts data similarly to --data but without the special -interpretation of the @ character. diff --git a/docs/cmdline-opts/data-raw.md b/docs/cmdline-opts/data-raw.md new file mode 100644 index 000000000000..1033678bdeaa --- /dev/null +++ b/docs/cmdline-opts/data-raw.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data-raw +Arg: +Protocols: HTTP +Help: HTTP POST data, '@' allowed +Added: 7.43.0 +Category: http post upload +Multi: append +See-also: + - data +Example: + - --data-raw "hello" $URL + - --data-raw "@at@at@" $URL +--- + +# `--data-raw` + +Post data similarly to --data but without the special interpretation of the @ +character. diff --git a/docs/cmdline-opts/data-urlencode.d b/docs/cmdline-opts/data-urlencode.d deleted file mode 100644 index 2205f9db481c..000000000000 --- a/docs/cmdline-opts/data-urlencode.d +++ /dev/null @@ -1,34 +0,0 @@ -Long: data-urlencode -Arg: -Help: HTTP POST data url encoded -Protocols: HTTP -See-also: data data-raw -Added: 7.18.0 -Category: http post upload ---- -This posts data, similar to the other --data options with the exception -that this performs URL-encoding. - -To be CGI-compliant, the part should begin with a *name* followed -by a separator and a content specification. The part can be passed to -curl using one of the following syntaxes: -.RS -.IP "content" -This will make curl URL-encode the content and pass that on. Just be careful -so that the content doesn't contain any = or @ symbols, as that will then make -the syntax match one of the other cases below! -.IP "=content" -This will make curl URL-encode the content and pass that on. The preceding = -symbol is not included in the data. -.IP "name=content" -This will make curl URL-encode the content part and pass that on. Note that -the name part is expected to be URL-encoded already. -.IP "@filename" -This will make curl load data from the given file (including any newlines), -URL-encode that data and pass it on in the POST. -.IP "name@filename" -This will make curl load data from the given file (including any newlines), -URL-encode that data and pass it on in the POST. The name part gets an equal -sign appended, resulting in *name=urlencoded-file-content*. Note that the -name is expected to be URL-encoded already. -.RE diff --git a/docs/cmdline-opts/data-urlencode.md b/docs/cmdline-opts/data-urlencode.md new file mode 100644 index 000000000000..36fdf3df2f57 --- /dev/null +++ b/docs/cmdline-opts/data-urlencode.md @@ -0,0 +1,51 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data-urlencode +Arg: +Help: HTTP POST data URL encoded +Protocols: HTTP +Added: 7.18.0 +Category: http post upload +Multi: append +See-also: + - data + - data-raw +Example: + - --data-urlencode name=val $URL + - --data-urlencode =encodethis $URL + - --data-urlencode name@file $URL + - --data-urlencode @fileonly $URL +--- + +# `--data-urlencode` + +Post data, similar to the other --data options with the exception that this +performs URL-encoding. + +To be CGI-compliant, the \ part should begin with a *name* followed by +a separator and a content specification. The \ part can be passed to +curl using one of the following syntaxes: + +## content +URL-encode the content and pass that on. Be careful so that the content does +not contain any `=` or `@` symbols, as that makes the syntax match one of the +other cases below. + +## =content +URL-encode the content and pass that on. The preceding `=` symbol is not +included in the data. + +## name=content +URL-encode the content part and pass that on. Note that the name part is +expected to be URL-encoded already. + +## @filename +load data from the given file (including any newlines), URL-encode that data +and pass it on in the POST. Using `@-` makes curl read the data from stdin. + +## name@filename +load data from the given file (including any newlines), URL-encode that data +and pass it on in the POST. The name part gets an equal sign appended, +resulting in *name=urlencoded-file-content*. Note that the name is expected to +be URL-encoded already. diff --git a/docs/cmdline-opts/data.d b/docs/cmdline-opts/data.d deleted file mode 100644 index 53ba86b36d5b..000000000000 --- a/docs/cmdline-opts/data.d +++ /dev/null @@ -1,30 +0,0 @@ -Long: data -Short: d -Arg: -Help: HTTP POST data -Protocols: HTTP MQTT -See-also: data-binary data-urlencode data-raw -Mutexed: form head upload-file -Category: important http post upload ---- -Sends the specified data in a POST request to the HTTP server, in the same way -that a browser does when a user has filled in an HTML form and presses the -submit button. This will cause curl to pass the data to the server using the -content-type application/x-www-form-urlencoded. Compare to --form. - ---data-raw is almost the same but does not have a special interpretation of -the @ character. To post data purely binary, you should instead use the ---data-binary option. To URL-encode the value of a form field you may use ---data-urlencode. - -If any of these options is used more than once on the same command line, the -data pieces specified will be merged together with a separating -&-symbol. Thus, using '-d name=daniel -d skill=lousy' would generate a post -chunk that looks like \&'name=daniel&skill=lousy'. - -If you start the data with the letter @, the rest should be a file name to -read the data from, or - if you want curl to read the data from stdin. Posting -data from a file named \&'foobar' would thus be done with --data @foobar. When ---data is told to read from a file like that, carriage returns and newlines -will be stripped out. If you don't want the @ character to have a special -interpretation use --data-raw instead. diff --git a/docs/cmdline-opts/data.md b/docs/cmdline-opts/data.md new file mode 100644 index 000000000000..d95b02395369 --- /dev/null +++ b/docs/cmdline-opts/data.md @@ -0,0 +1,49 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data +Short: d +Arg: +Help: HTTP POST data +Protocols: HTTP MQTT +Mutexed: form head upload-file +Category: important http post upload +Added: 4.0 +Multi: append +See-also: + - data-binary + - data-urlencode + - data-raw +Example: + - -d "name=curl" $URL + - -d "name=curl" -d "tool=cmdline" $URL + - -d @filename $URL +--- + +# `--data` + +Send the specified data in a POST request to the HTTP server, in the same way +that a browser does when a user has filled in an HTML form and presses the +submit button. This option makes curl pass the data to the server using the +content-type application/x-www-form-urlencoded. Compared to --form. + +--data-raw is almost the same but does not have a special interpretation of +the @ character. To post data purely binary, you should instead use the +--data-binary option. To URL-encode the value of a form field you may use +--data-urlencode. + +If any of these options is used more than once on the same command line, the +data pieces specified are merged with a separating &-symbol. Thus, using +'-d name=daniel -d skill=lousy' would generate a post chunk that looks like +'name=daniel&skill=lousy'. + +If you start the data with the letter @, the rest should be a filename to read +the data from, or - if you want curl to read the data from stdin. Posting data +from a file named 'foobar' would thus be done with --data @foobar. When --data +is told to read from a file like that, carriage returns, newlines and null +bytes are stripped out. If you do not want the @ character to have a special +interpretation use --data-raw instead. + +The data for this option is passed on to the server exactly as provided on the +command line. curl does not convert, change or improve it. It is up to the +user to provide the data in the correct form. diff --git a/docs/cmdline-opts/delegation.d b/docs/cmdline-opts/delegation.d deleted file mode 100644 index fa2795f96475..000000000000 --- a/docs/cmdline-opts/delegation.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: delegation -Arg: -Help: GSS-API delegation permission -Protocols: GSS/kerberos -Category: auth ---- -Set LEVEL to tell the server what it is allowed to delegate when it -comes to user credentials. -.RS -.IP "none" -Don't allow any delegation. -.IP "policy" -Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos -service ticket, which is a matter of realm policy. -.IP "always" -Unconditionally allow the server to delegate. -.RE diff --git a/docs/cmdline-opts/delegation.md b/docs/cmdline-opts/delegation.md new file mode 100644 index 000000000000..c874a2b59d44 --- /dev/null +++ b/docs/cmdline-opts/delegation.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: delegation +Arg: +Help: GSS-API delegation permission +Protocols: GSS/kerberos +Category: auth +Added: 7.22.0 +Multi: single +See-also: + - insecure + - ssl +Example: + - --delegation "none" $URL +--- + +# `--delegation` + +Set LEVEL what curl is allowed to delegate when it comes to user credentials. + +## none +Do not allow any delegation. + +## policy +Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos +service ticket, which is a matter of realm policy. + +## always +Unconditionally allow the server to delegate. diff --git a/docs/cmdline-opts/digest.d b/docs/cmdline-opts/digest.d deleted file mode 100644 index da8c01e26523..000000000000 --- a/docs/cmdline-opts/digest.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: digest -Help: Use HTTP Digest Authentication -Protocols: HTTP -Mutexed: basic ntlm negotiate -See-also: user proxy-digest anyauth -Category: proxy auth http ---- -Enables HTTP Digest authentication. This is an authentication scheme that -prevents the password from being sent over the wire in clear text. Use this in -combination with the normal --user option to set user name and password. - -If this option is used several times, only the first one is used. diff --git a/docs/cmdline-opts/digest.md b/docs/cmdline-opts/digest.md new file mode 100644 index 000000000000..c67d7894c883 --- /dev/null +++ b/docs/cmdline-opts/digest.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: digest +Help: HTTP Digest Authentication +Protocols: HTTP +Category: proxy auth http +Added: 7.10.6 +Multi: boolean +See-also: + - user + - proxy-digest + - anyauth +Example: + - -u name:password --digest $URL +--- + +# `--digest` + +Enable HTTP Digest authentication. This authentication scheme avoids sending +the password over the wire in clear text. Use this in combination with the +normal --user option to set username and password. diff --git a/docs/cmdline-opts/disable-eprt.d b/docs/cmdline-opts/disable-eprt.d deleted file mode 100644 index ffcf684e4a3f..000000000000 --- a/docs/cmdline-opts/disable-eprt.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: disable-eprt -Help: Inhibit using EPRT or LPRT -Protocols: FTP -Category: ftp ---- -Tell curl to disable the use of the EPRT and LPRT commands when doing active -FTP transfers. Curl will normally always first attempt to use EPRT, then LPRT -before using PORT, but with this option, it will use PORT right away. EPRT and -LPRT are extensions to the original FTP protocol, and may not work on all -servers, but they enable more functionality in a better way than the -traditional PORT command. - ---eprt can be used to explicitly enable EPRT again and --no-eprt is an alias -for --disable-eprt. - -If the server is accessed using IPv6, this option will have no effect as EPRT -is necessary then. - -Disabling EPRT only changes the active behavior. If you want to switch to -passive mode you need to not use --ftp-port or force it with --ftp-pasv. diff --git a/docs/cmdline-opts/disable-eprt.md b/docs/cmdline-opts/disable-eprt.md new file mode 100644 index 000000000000..768b689c13b0 --- /dev/null +++ b/docs/cmdline-opts/disable-eprt.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: disable-eprt +Help: Inhibit using EPRT or LPRT +Protocols: FTP +Category: ftp +Added: 7.10.5 +Multi: boolean +See-also: + - disable-epsv + - ftp-port +Example: + - --disable-eprt ftp://example.com/ +--- + +# `--disable-eprt` + +Disable the use of the EPRT and LPRT commands when doing active FTP transfers. +curl normally first attempts to use EPRT before using PORT, but with this +option, it uses PORT right away. EPRT is an extension to the original FTP +protocol, and does not work on all servers, but enables more functionality in +a better way than the traditional PORT command. + +--eprt can be used to explicitly enable EPRT again and --no-eprt is an alias +for --disable-eprt. + +If the server is accessed using IPv6, this option has no effect as EPRT is +necessary then. + +Disabling EPRT only changes the active behavior. If you want to switch to +passive mode you need to not use --ftp-port or force it with --ftp-pasv. diff --git a/docs/cmdline-opts/disable-epsv.d b/docs/cmdline-opts/disable-epsv.d deleted file mode 100644 index df1de8304142..000000000000 --- a/docs/cmdline-opts/disable-epsv.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: disable-epsv -Help: Inhibit using EPSV -Protocols: FTP -Category: ftp ---- -(FTP) Tell curl to disable the use of the EPSV command when doing passive FTP -transfers. Curl will normally always first attempt to use EPSV before PASV, -but with this option, it will not try using EPSV. - ---epsv can be used to explicitly enable EPSV again and --no-epsv is an alias -for --disable-epsv. - -If the server is an IPv6 host, this option will have no effect as EPSV is -necessary then. - -Disabling EPSV only changes the passive behavior. If you want to switch to -active mode you need to use --ftp-port. diff --git a/docs/cmdline-opts/disable-epsv.md b/docs/cmdline-opts/disable-epsv.md new file mode 100644 index 000000000000..d13e076907b3 --- /dev/null +++ b/docs/cmdline-opts/disable-epsv.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: disable-epsv +Help: Inhibit using EPSV +Protocols: FTP +Category: ftp +Added: 7.9.2 +Multi: boolean +See-also: + - disable-eprt + - ftp-port +Example: + - --disable-epsv ftp://example.com/ +--- + +# `--disable-epsv` + +Disable the use of the EPSV command when doing passive FTP transfers. curl +normally first attempts to use EPSV before PASV, but with this option, it does +not try EPSV. + +--epsv can be used to explicitly enable EPSV again and --no-epsv is an alias +for --disable-epsv. + +If the server is an IPv6 host, this option has no effect as EPSV is necessary +then. + +Disabling EPSV only changes the passive behavior. If you want to switch to +active mode you need to use --ftp-port. diff --git a/docs/cmdline-opts/disable.d b/docs/cmdline-opts/disable.d deleted file mode 100644 index d90960884498..000000000000 --- a/docs/cmdline-opts/disable.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: disable -Short: q -Help: Disable .curlrc -Category: curl ---- -If used as the first parameter on the command line, the *curlrc* config -file will not be read and used. See the --config for details on the default -config file search path. diff --git a/docs/cmdline-opts/disable.md b/docs/cmdline-opts/disable.md new file mode 100644 index 000000000000..1370b91d7b0d --- /dev/null +++ b/docs/cmdline-opts/disable.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: disable +Short: q +Help: Disable .curlrc +Category: curl +Added: 5.0 +Multi: boolean +See-also: + - config +Example: + - -q $URL +--- + +# `--disable` + +If used as the **first** parameter on the command line, the *curlrc* config +file is not read or used. See the --config for details on the default config +file search path. diff --git a/docs/cmdline-opts/disallow-username-in-url.d b/docs/cmdline-opts/disallow-username-in-url.d deleted file mode 100644 index e124f675a96e..000000000000 --- a/docs/cmdline-opts/disallow-username-in-url.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: disallow-username-in-url -Help: Disallow username in url -Protocols: HTTP -Added: 7.61.0 -See-also: proto -Category: curl http ---- -This tells curl to exit if passed a url containing a username. diff --git a/docs/cmdline-opts/disallow-username-in-url.md b/docs/cmdline-opts/disallow-username-in-url.md new file mode 100644 index 000000000000..0507f531cc76 --- /dev/null +++ b/docs/cmdline-opts/disallow-username-in-url.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: disallow-username-in-url +Help: Disallow username in URL +Added: 7.61.0 +Category: curl +Multi: boolean +See-also: + - proto +Example: + - --disallow-username-in-url $URL +--- + +# `--disallow-username-in-url` + +Exit with error if passed a URL containing a username. Probably most useful +when the URL is being provided at runtime or similar. + +Accepting and using credentials in a URL is normally considered a security +hazard as they are easily leaked that way. diff --git a/docs/cmdline-opts/dns-interface.d b/docs/cmdline-opts/dns-interface.d deleted file mode 100644 index 3cb818ae3e3d..000000000000 --- a/docs/cmdline-opts/dns-interface.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: dns-interface -Arg: -Help: Interface to use for DNS requests -Protocols: DNS -See-also: dns-ipv4-addr dns-ipv6-addr -Added: 7.33.0 -Requires: c-ares -Category: dns ---- -Tell curl to send outgoing DNS requests through . This option is a -counterpart to --interface (which does not affect DNS). The supplied string -must be an interface name (not an address). diff --git a/docs/cmdline-opts/dns-interface.md b/docs/cmdline-opts/dns-interface.md new file mode 100644 index 000000000000..aee7400bc5d1 --- /dev/null +++ b/docs/cmdline-opts/dns-interface.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dns-interface +Arg: +Help: Interface to use for DNS requests +Protocols: DNS +Added: 7.33.0 +Requires: c-ares +Category: dns +Multi: single +See-also: + - dns-ipv4-addr + - dns-ipv6-addr +Example: + - --dns-interface eth0 $URL +--- + +# `--dns-interface` + +Send outgoing DNS requests through the given interface. This option is a +counterpart to --interface (which does not affect DNS). The supplied string +must be an interface name (not an address). diff --git a/docs/cmdline-opts/dns-ipv4-addr.d b/docs/cmdline-opts/dns-ipv4-addr.d deleted file mode 100644 index 5ebdda5cad05..000000000000 --- a/docs/cmdline-opts/dns-ipv4-addr.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: dns-ipv4-addr -Arg:
-Help: IPv4 address to use for DNS requests -Protocols: DNS -See-also: dns-interface dns-ipv6-addr -Added: 7.33.0 -Requires: c-ares -Category: dns ---- -Tell curl to bind to when making IPv4 DNS requests, so that -the DNS requests originate from this address. The argument should be a -single IPv4 address. diff --git a/docs/cmdline-opts/dns-ipv4-addr.md b/docs/cmdline-opts/dns-ipv4-addr.md new file mode 100644 index 000000000000..4a43cb1d9007 --- /dev/null +++ b/docs/cmdline-opts/dns-ipv4-addr.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dns-ipv4-addr +Arg:
+Help: IPv4 address to use for DNS requests +Protocols: DNS +Added: 7.33.0 +Requires: c-ares +Category: dns +Multi: single +See-also: + - dns-interface + - dns-ipv6-addr +Example: + - --dns-ipv4-addr 10.1.2.3 $URL +--- + +# `--dns-ipv4-addr` + +Bind to a specific IP address when making IPv4 DNS requests, so that the DNS +requests originate from this address. The argument should be a single IPv4 +address. diff --git a/docs/cmdline-opts/dns-ipv6-addr.d b/docs/cmdline-opts/dns-ipv6-addr.d deleted file mode 100644 index 10e8076461d4..000000000000 --- a/docs/cmdline-opts/dns-ipv6-addr.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: dns-ipv6-addr -Arg:
-Help: IPv6 address to use for DNS requests -Protocols: DNS -See-also: dns-interface dns-ipv4-addr -Added: 7.33.0 -Requires: c-ares -Category: dns ---- -Tell curl to bind to when making IPv6 DNS requests, so that -the DNS requests originate from this address. The argument should be a -single IPv6 address. diff --git a/docs/cmdline-opts/dns-ipv6-addr.md b/docs/cmdline-opts/dns-ipv6-addr.md new file mode 100644 index 000000000000..71123117678e --- /dev/null +++ b/docs/cmdline-opts/dns-ipv6-addr.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dns-ipv6-addr +Arg:
+Help: IPv6 address to use for DNS requests +Protocols: DNS +Added: 7.33.0 +Requires: c-ares +Category: dns +Multi: single +See-also: + - dns-interface + - dns-ipv4-addr +Example: + - --dns-ipv6-addr 2a04:4e42::561 $URL +--- + +# `--dns-ipv6-addr` + +Bind to a specific IP address when making IPv6 DNS requests, so that the DNS +requests originate from this address. The argument should be a single IPv6 +address. diff --git a/docs/cmdline-opts/dns-servers.d b/docs/cmdline-opts/dns-servers.d deleted file mode 100644 index 0ff26636c1f8..000000000000 --- a/docs/cmdline-opts/dns-servers.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: dns-servers -Arg: -Help: DNS server addrs to use -Requires: c-ares -Added: 7.33.0 -Category: dns ---- -Set the list of DNS servers to be used instead of the system default. -The list of IP addresses should be separated with commas. Port numbers -may also optionally be given as *:* after each IP -address. diff --git a/docs/cmdline-opts/dns-servers.md b/docs/cmdline-opts/dns-servers.md new file mode 100644 index 000000000000..bf6ba3fe9309 --- /dev/null +++ b/docs/cmdline-opts/dns-servers.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dns-servers +Arg: +Help: DNS server addrs to use +Protocols: DNS +Requires: c-ares +Added: 7.33.0 +Category: dns +Multi: single +See-also: + - dns-interface + - dns-ipv4-addr +Example: + - --dns-servers 192.168.0.1,192.168.0.2 $URL + - --dns-servers 10.0.0.1:53 $URL +--- + +# `--dns-servers` + +Set the list of DNS servers to be used instead of the system default. The list +of IP addresses should be separated with commas. Port numbers may also +optionally be given, appended to the IP address separated with a colon. diff --git a/docs/cmdline-opts/doh-cert-status.d b/docs/cmdline-opts/doh-cert-status.d deleted file mode 100644 index c99c9c1326a0..000000000000 --- a/docs/cmdline-opts/doh-cert-status.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: doh-cert-status -Help: Verify the status of the DOH server cert via OCSP-staple -Protocols: all -Added: 7.76.0 -Category: dns tls ---- -Same as --cert-status but used for DOH (DNS-over-HTTPS). diff --git a/docs/cmdline-opts/doh-cert-status.md b/docs/cmdline-opts/doh-cert-status.md new file mode 100644 index 000000000000..445eb3dcd04c --- /dev/null +++ b/docs/cmdline-opts/doh-cert-status.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: doh-cert-status +Help: Verify DoH server cert status OCSP-staple +Added: 7.76.0 +Category: dns tls +Protocols: DNS +Multi: boolean +See-also: + - doh-insecure +Example: + - --doh-cert-status --doh-url https://doh.example $URL +--- + +# `--doh-cert-status` + +Same as --cert-status but used for DoH (DNS-over-HTTPS). + +Verify the status of the DoH servers' certificate by using the Certificate +Status Request (aka. OCSP stapling) TLS extension. + +If this option is enabled and the DoH server sends an invalid (e.g. expired) +response, if the response suggests that the server certificate has been +revoked, or no response at all is received, the verification fails. + +This support is currently only implemented in the OpenSSL and GnuTLS backends. diff --git a/docs/cmdline-opts/doh-insecure.d b/docs/cmdline-opts/doh-insecure.d deleted file mode 100644 index af254db70547..000000000000 --- a/docs/cmdline-opts/doh-insecure.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: doh-insecure -Help: Allow insecure DOH server connections -Protocols: all -Added: 7.76.0 -Category: dns tls ---- -Same as --insecure but used for DOH (DNS-over-HTTPS). diff --git a/docs/cmdline-opts/doh-insecure.md b/docs/cmdline-opts/doh-insecure.md new file mode 100644 index 000000000000..ee1602a242fd --- /dev/null +++ b/docs/cmdline-opts/doh-insecure.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: doh-insecure +Help: Allow insecure DoH server connections +Added: 7.76.0 +Category: dns tls +Protocols: DNS +Multi: boolean +See-also: + - doh-url + - insecure + - proxy-insecure +Example: + - --doh-insecure --doh-url https://doh.example $URL +--- + +# `--doh-insecure` + +By default, every connection curl makes to a DoH server is verified to be +secure before the transfer takes place. This option tells curl to skip the +verification step and proceed without checking. + +**WARNING**: using this option makes the DoH transfer and name resolution +insecure. + +This option is equivalent to --insecure and --proxy-insecure but used for DoH +(DNS-over-HTTPS) only. diff --git a/docs/cmdline-opts/doh-url.d b/docs/cmdline-opts/doh-url.d deleted file mode 100644 index 090799440aa6..000000000000 --- a/docs/cmdline-opts/doh-url.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: doh-url -Arg: -Help: Resolve host names over DOH -Protocols: all -Added: 7.62.0 -Category: dns ---- -Specifies which DNS-over-HTTPS (DOH) server to use to resolve hostnames, -instead of using the default name resolver mechanism. The URL must be HTTPS. - -Some SSL options that you set for your transfer will apply to DOH since the -name lookups take place over SSL. However, the certificate verification -settings are not inherited and can be controlled separately via ---doh-insecure and --doh-cert-status. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/doh-url.md b/docs/cmdline-opts/doh-url.md new file mode 100644 index 000000000000..3d146a789cbf --- /dev/null +++ b/docs/cmdline-opts/doh-url.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: doh-url +Arg: +Help: Resolve hostnames over DoH +Added: 7.62.0 +Category: dns +Protocols: DNS +Multi: single +See-also: + - doh-insecure +Example: + - --doh-url https://doh.example $URL + - --doh-url https://doh.example --resolve doh.example:443:192.0.2.1 $URL +--- + +# `--doh-url` + +Specify which DNS-over-HTTPS (DoH) server to use to resolve hostnames, instead +of using the default name resolver mechanism. The URL must be HTTPS. + +Some SSL options that you set for your transfer also apply to DoH since the +name lookups take place over SSL. The certificate verification settings are +not inherited but are controlled separately via --doh-insecure and +--doh-cert-status. + +By default, DoH is bypassed when initially looking up DNS records of the DoH server. You can specify the IP address(es) of the DoH server with --resolve to avoid this. + +This option is unset if an empty string "" is used as the URL. +(Added in 7.85.0) diff --git a/docs/cmdline-opts/dump-ca-embed.md b/docs/cmdline-opts/dump-ca-embed.md new file mode 100644 index 000000000000..2ad123014bc4 --- /dev/null +++ b/docs/cmdline-opts/dump-ca-embed.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dump-ca-embed +Help: Write the embedded CA bundle to standard output +Protocols: TLS +Category: http proxy tls +Added: 8.10.0 +Multi: boolean +See-also: + - ca-native + - cacert + - capath + - proxy-ca-native + - proxy-cacert + - proxy-capath +Example: + - --dump-ca-embed +--- + +# `--dump-ca-embed` + +Write the CA bundle embedded in curl to standard output, then quit. + +If curl was not built with a default CA bundle embedded, the output is empty. diff --git a/docs/cmdline-opts/dump-header.d b/docs/cmdline-opts/dump-header.d deleted file mode 100644 index 8449dfe8516d..000000000000 --- a/docs/cmdline-opts/dump-header.d +++ /dev/null @@ -1,21 +0,0 @@ -Long: dump-header -Short: D -Arg: -Help: Write the received headers to -Protocols: HTTP FTP -See-also: output -Category: http ftp ---- -Write the received protocol headers to the specified file. - -This option is handy to use when you want to store the headers that an HTTP -site sends to you. Cookies from the headers could then be read in a second -curl invocation by using the --cookie option! The --cookie-jar option is a -better way to store cookies. - -If no headers are received, the use of this option will create an empty file. - -When used in FTP, the FTP server response lines are considered being "headers" -and thus are saved there. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/dump-header.md b/docs/cmdline-opts/dump-header.md new file mode 100644 index 000000000000..bdb0e874e35a --- /dev/null +++ b/docs/cmdline-opts/dump-header.md @@ -0,0 +1,35 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dump-header +Short: D +Arg: +Help: Write the received headers to +Protocols: HTTP FTP +Category: http ftp +Added: 5.7 +Multi: single +See-also: + - output +Example: + - --dump-header store.txt $URL + - --dump-header - $URL -o save +--- + +# `--dump-header` + +Write the received protocol headers to the specified file. If no headers are +received, the use of this option creates an empty file. Specify `-` as +filename (a single minus) to have it written to stdout. + +Starting in curl 8.10.0, specify `%` (a single percent sign) as filename +writes the output to stderr. + +When used in FTP, the FTP server response lines are considered being "headers" +and thus are saved there. + +Starting in curl 8.11.0, using the --create-dirs option can also create +missing directory components for the path provided in --dump-header. + +Having multiple transfers in one set of operations (i.e. the URLs in one +--next clause), appends them to the same file, separated by a blank line. diff --git a/docs/cmdline-opts/ech.md b/docs/cmdline-opts/ech.md new file mode 100644 index 000000000000..3d8f3873af4d --- /dev/null +++ b/docs/cmdline-opts/ech.md @@ -0,0 +1,52 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ech +Arg: +Help: Configure ECH +Added: 8.8.0 +Category: tls +Protocols: HTTPS +Multi: single +See-also: + - doh-url +Example: + - --ech true $URL +--- + +# `--ech` + +Specify how to do ECH (Encrypted Client Hello). + +The values allowed for \ can be: + +## `false` + +Do not attempt ECH. The is the default. + +## `grease` + +Send a GREASE ECH extension + +## `true` + +Attempt ECH if possible, but do not fail if ECH is not attempted. +(The connection fails if ECH is attempted but fails.) + +## `hard` + +Attempt ECH and fail if that is not possible. ECH only works with TLS 1.3 and +also requires using DoH or providing an ECHConfigList on the command line. + +## `ecl:` + +A base64 encoded ECHConfigList that is used for ECH. + +## `pn:` + +A name to use to over-ride the `public_name` field of an ECHConfigList (only +available with OpenSSL TLS support) + +## + +Most ECH related errors cause error *CURLE_ECH_REQUIRED* (101). diff --git a/docs/cmdline-opts/egd-file.d b/docs/cmdline-opts/egd-file.d deleted file mode 100644 index 05ede9ad1384..000000000000 --- a/docs/cmdline-opts/egd-file.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: egd-file -Arg: -Help: EGD socket path for random data -Protocols: TLS -See-also: random-file -Category: tls ---- -Specify the path name to the Entropy Gathering Daemon socket. The socket is -used to seed the random engine for SSL connections. diff --git a/docs/cmdline-opts/egd-file.md b/docs/cmdline-opts/egd-file.md new file mode 100644 index 000000000000..ef16b9964817 --- /dev/null +++ b/docs/cmdline-opts/egd-file.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: egd-file +Arg: +Help: EGD socket path for random data +Protocols: TLS +Category: deprecated +Added: 7.7 +Multi: single +See-also: + - random-file +Example: + - --egd-file /random/here $URL +--- + +# `--egd-file` + +Deprecated option (added in 7.84.0). Prior to that it only had an effect on +curl if built to use old versions of OpenSSL. + +Specify the path name to the Entropy Gathering Daemon socket. The socket is +used to seed the random engine for SSL connections. diff --git a/docs/cmdline-opts/engine.d b/docs/cmdline-opts/engine.d deleted file mode 100644 index 9ed0cf1b0bf2..000000000000 --- a/docs/cmdline-opts/engine.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: engine -Arg: -Help: Crypto engine to use -Protocols: TLS -Category: tls ---- -Select the OpenSSL crypto engine to use for cipher operations. Use --engine -list to print a list of build-time supported engines. Note that not all (or -none) of the engines may be available at run-time. diff --git a/docs/cmdline-opts/engine.md b/docs/cmdline-opts/engine.md new file mode 100644 index 000000000000..cde6949b8691 --- /dev/null +++ b/docs/cmdline-opts/engine.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: engine +Arg: +Help: Crypto engine to use +Protocols: TLS +Category: tls +Added: 7.9.3 +Multi: single +See-also: + - ciphers + - curves +Example: + - --engine flavor $URL +--- + +# `--engine` + +Select the OpenSSL crypto engine to use for cipher operations. Use `--engine +list` to print a list of build-time supported engines. Note that not all (and +possibly none) of the engines may be available at runtime. + +The OpenSSL concept "engines" has been superseded by "providers" in OpenSSL 3, +and this option should work fine to specify such as well. diff --git a/docs/cmdline-opts/etag-compare.d b/docs/cmdline-opts/etag-compare.d deleted file mode 100644 index c6ed39cb787c..000000000000 --- a/docs/cmdline-opts/etag-compare.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: etag-compare -Arg: -Help: Pass an ETag from a file as a custom header -Protocols: HTTP -Added: 7.68.0 -Category: http ---- -This option makes a conditional HTTP request for the specific -ETag read from the given file by sending a custom If-None-Match -header using the extracted ETag. - -For correct results, make sure that specified file contains only a single -line with a desired ETag. An empty file is parsed as an empty ETag. - -Use the option --etag-save to first save the ETag from a response, and -then use this option to compare using the saved ETag in a subsequent request. - -**COMPARISON**: There are 2 types of comparison or ETags: Weak and Strong. -This option expects, and uses a strong comparison. diff --git a/docs/cmdline-opts/etag-compare.md b/docs/cmdline-opts/etag-compare.md new file mode 100644 index 000000000000..64ab80cd12b4 --- /dev/null +++ b/docs/cmdline-opts/etag-compare.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: etag-compare +Arg: +Help: Load ETag from file +Protocols: HTTP +Added: 7.68.0 +Category: http +Multi: single +See-also: + - etag-save + - time-cond +Example: + - --etag-compare etag.txt $URL +--- + +# `--etag-compare` + +Make a conditional HTTP request for the specific ETag read from the given file +by sending a custom If-None-Match header using the stored ETag. + +For correct results, make sure that the specified file contains only a single +line with the desired ETag. A non-existing or empty file is treated as an +empty ETag. + +Use the option --etag-save to first save the ETag from a response, and then +use this option to compare against the saved ETag in a subsequent request. + +Use this option with a single URL only. diff --git a/docs/cmdline-opts/etag-save.d b/docs/cmdline-opts/etag-save.d deleted file mode 100644 index 95d1615aede4..000000000000 --- a/docs/cmdline-opts/etag-save.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: etag-save -Arg: -Help: Parse ETag from a request and save it to a file -Protocols: HTTP -Added: 7.68.0 -Category: http ---- -This option saves an HTTP ETag to the specified file. Etag is -usually part of headers returned by a request. When server sends an -ETag, it must be enveloped by a double quote. This option extracts the -ETag without the double quotes and saves it into the . - -A server can send a weak ETag which is prefixed by "W/". This identifier -is not considered, and only relevant ETag between quotation marks is parsed. - -It an ETag wasn't sent by the server or it cannot be parsed, an empty -file is created. diff --git a/docs/cmdline-opts/etag-save.md b/docs/cmdline-opts/etag-save.md new file mode 100644 index 000000000000..137a4d5a55f6 --- /dev/null +++ b/docs/cmdline-opts/etag-save.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: etag-save +Arg: +Help: Parse incoming ETag and save to a file +Protocols: HTTP +Added: 7.68.0 +Category: http +Multi: single +See-also: + - etag-compare +Example: + - --etag-save storetag.txt $URL +--- + +# `--etag-save` + +Save an HTTP ETag to the specified file. An ETag is a caching related header, +usually returned in a response. Use this option with a single URL only. + +If no ETag is sent by the server, an empty file is created. + +In many situations you want to use an existing etag in the request to avoid +downloading the same resource again but also save the new etag if it has +indeed changed, by using both etag options --etag-save and --etag-compare with +the same filename, in the same command line. + +Starting in curl 8.12.0, using the --create-dirs option can also create +missing directory components for the path provided in --etag-save. diff --git a/docs/cmdline-opts/expect100-timeout.d b/docs/cmdline-opts/expect100-timeout.d deleted file mode 100644 index 431a529c2971..000000000000 --- a/docs/cmdline-opts/expect100-timeout.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: expect100-timeout -Arg: -Help: How long to wait for 100-continue -Protocols: HTTP -Added: 7.47.0 -See-also: connect-timeout -Category: http ---- -Maximum time in seconds that you allow curl to wait for a 100-continue -response when curl emits an Expects: 100-continue header in its request. By -default curl will wait one second. This option accepts decimal values! When -curl stops waiting, it will continue as if the response has been received. diff --git a/docs/cmdline-opts/expect100-timeout.md b/docs/cmdline-opts/expect100-timeout.md new file mode 100644 index 000000000000..80cf4eba61a8 --- /dev/null +++ b/docs/cmdline-opts/expect100-timeout.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: expect100-timeout +Arg: +Help: How long to wait for 100-continue +Protocols: HTTP +Added: 7.47.0 +Category: http timeout +Multi: single +See-also: + - connect-timeout +Example: + - --expect100-timeout 2.5 -T file $URL +--- + +# `--expect100-timeout` + +Maximum time in seconds that you allow curl to wait for a 100-continue +response when curl emits an Expects: 100-continue header in its request. By +default curl waits one second. This option accepts decimal values. When curl +stops waiting, it continues as if a response was received. + +The decimal value needs to be provided using a dot (`.`) as decimal separator - +not the local version even if it might be using another separator. diff --git a/docs/cmdline-opts/fail-early.d b/docs/cmdline-opts/fail-early.d deleted file mode 100644 index 3fbe238af205..000000000000 --- a/docs/cmdline-opts/fail-early.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: fail-early -Help: Fail on first transfer error, do not continue -Added: 7.52.0 -Category: curl ---- -Fail and exit on the first detected transfer error. - -When curl is used to do multiple transfers on the command line, it will -attempt to operate on each given URL, one by one. By default, it will ignore -errors if there are more URLs given and the last URL's success will determine -the error code curl returns. So early failures will be "hidden" by subsequent -successful transfers. - -Using this option, curl will instead return an error on the first transfer -that fails, independent of the amount of URLs that are given on the command -line. This way, no transfer failures go undetected by scripts and similar. - -This option is global and does not need to be specified for each use of --next. - -This option does not imply --fail, which causes transfers to fail due to the -server's HTTP status code. You can combine the two options, however note --fail -is not global and is therefore contained by --next. diff --git a/docs/cmdline-opts/fail-early.md b/docs/cmdline-opts/fail-early.md new file mode 100644 index 000000000000..67edbf919ec5 --- /dev/null +++ b/docs/cmdline-opts/fail-early.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: fail-early +Help: Fail on first transfer error +Added: 7.52.0 +Category: curl global +Multi: boolean +Scope: global +See-also: + - fail + - fail-with-body +Example: + - --fail-early $URL https://two.example +--- + +# `--fail-early` + +Fail and exit on the first detected transfer error. + +When curl is used to do multiple transfers on the command line, it attempts to +operate on each given URL, one by one. By default, it ignores errors if there +are more URLs given and the last URL's success determines the error code curl +returns. Early failures are "hidden" by subsequent successful transfers. + +Using this option, curl instead returns an error on the first transfer that +fails, independent of the amount of URLs that are given on the command +line. This way, no transfer failures go undetected by scripts and similar. + +This option does not imply --fail, which causes transfers to fail due to the +server's HTTP status code. You can combine the two options, however note --fail +is not global and is therefore contained by --next. diff --git a/docs/cmdline-opts/fail-with-body.d b/docs/cmdline-opts/fail-with-body.d deleted file mode 100644 index 13609ff017ee..000000000000 --- a/docs/cmdline-opts/fail-with-body.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: fail-with-body -Protocols: HTTP -Help: Fail on HTTP errors but save the body -Category: http output -Added: 7.76.0 -See-also: fail ---- - -Return an error on server errors where the HTTP response code is 400 or -greater). In normal cases when an HTTP server fails to deliver a document, it -returns an HTML document stating so (which often also describes why and -more). This flag will still allow curl to output and save that content but -also to return error 22. - -This is an alternative option to --fail which makes curl fail for the same -circumstances but without saving the content. diff --git a/docs/cmdline-opts/fail-with-body.md b/docs/cmdline-opts/fail-with-body.md new file mode 100644 index 000000000000..670959ba9bcf --- /dev/null +++ b/docs/cmdline-opts/fail-with-body.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: fail-with-body +Protocols: HTTP +Help: Fail on HTTP errors but save the body +Category: http output +Added: 7.76.0 +Mutexed: fail +Multi: boolean +See-also: + - fail + - fail-early +Example: + - --fail-with-body $URL +--- + +# `--fail-with-body` + +Return an error on server errors where the HTTP response code is 400 or +greater). In normal cases when an HTTP server fails to deliver a document, it +returns an HTML document stating so (which often also describes why and more). +This option allows curl to output and save that content but also to return +error 22. + +This is an alternative option to --fail which makes curl fail for the same +circumstances but without saving the content. diff --git a/docs/cmdline-opts/fail.d b/docs/cmdline-opts/fail.d deleted file mode 100644 index d4d65fba4eda..000000000000 --- a/docs/cmdline-opts/fail.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: fail -Short: f -Protocols: HTTP -Help: Fail silently (no output at all) on HTTP errors -See-also: fail-with-body -Category: important http ---- -Fail silently (no output at all) on server errors. This is mostly done to -enable scripts etc to better deal with failed attempts. In normal cases -when an HTTP server fails to deliver a document, it returns an HTML document -stating so (which often also describes why and more). This flag will prevent -curl from outputting that and return error 22. - -This method is not fail-safe and there are occasions where non-successful -response codes will slip through, especially when authentication is involved -(response codes 401 and 407). diff --git a/docs/cmdline-opts/fail.md b/docs/cmdline-opts/fail.md new file mode 100644 index 000000000000..0c8db1367b54 --- /dev/null +++ b/docs/cmdline-opts/fail.md @@ -0,0 +1,35 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: fail +Short: f +Protocols: HTTP +Help: Fail fast with no output on HTTP errors +Category: important http +Mutexed: fail-with-body +Added: 4.0 +Multi: boolean +See-also: + - fail-with-body + - fail-early +Example: + - --fail $URL +--- + +# `--fail` + +Fail with error code 22 and with no response body output at all for HTTP +transfers returning HTTP response codes at 400 or greater. + +In normal cases when an HTTP server fails to deliver a document, it returns a +body of text stating so (which often also describes why and more) and a 4xx +HTTP response code. This command line option prevents curl from outputting +that data and instead returns error 22 early. By default, curl does not +consider HTTP response codes to indicate failure. + +To get both the error code and also save the content, use --fail-with-body +instead. + +This method is not fail-safe and there are occasions where non-successful +response codes slip through, especially when authentication is involved +(response codes 401 and 407). diff --git a/docs/cmdline-opts/false-start.d b/docs/cmdline-opts/false-start.d deleted file mode 100644 index abeff0eb5cfd..000000000000 --- a/docs/cmdline-opts/false-start.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: false-start -Help: Enable TLS False Start -Protocols: TLS -Added: 7.42.0 -Category: tls ---- -Tells curl to use false start during the TLS handshake. False start is a mode -where a TLS client will start sending application data before verifying the -server's Finished message, thus saving a round trip when performing a full -handshake. - -This is currently only implemented in the NSS and Secure Transport (on iOS 7.0 -or later, or OS X 10.9 or later) backends. diff --git a/docs/cmdline-opts/false-start.md b/docs/cmdline-opts/false-start.md new file mode 100644 index 000000000000..7c8c97669840 --- /dev/null +++ b/docs/cmdline-opts/false-start.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: false-start +Help: Enable TLS False Start +Protocols: TLS +Added: 7.42.0 +Category: deprecated +Multi: boolean +See-also: + - tcp-fastopen +Example: + - --false-start $URL +--- + +# `--false-start` + +No TLS backend currently supports this feature. + +Use false start during the TLS handshake. False start is a mode where a TLS +client starts sending application data before verifying the server's Finished +message, thus saving a round trip when performing a full handshake. diff --git a/docs/cmdline-opts/follow.md b/docs/cmdline-opts/follow.md new file mode 100644 index 000000000000..e791e36adf34 --- /dev/null +++ b/docs/cmdline-opts/follow.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: follow +Help: Follow redirects per spec +Category: http +Protocols: HTTP +Added: 8.16.0 +Multi: boolean +See-also: + - request + - location + - proto-redir + - max-redirs +Example: + - -X POST --follow $URL +--- + +# `--follow` + +Instructs curl to follow HTTP redirects and to do the custom request method +set with --request when following redirects as the HTTP specification says. + +The method string set with --request is used in subsequent requests for the +status codes 307 or 308, but may be reset to GET for 301, 302 and 303. + +This is subtly different than --location, as that option always set the custom +method in all subsequent requests independent of response code. + +Restrict which protocols a redirect is accepted to follow with --proto-redir. diff --git a/docs/cmdline-opts/form-escape.md b/docs/cmdline-opts/form-escape.md new file mode 100644 index 000000000000..7cf1cb7403db --- /dev/null +++ b/docs/cmdline-opts/form-escape.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: form-escape +Help: Escape form fields using backslash +Protocols: HTTP IMAP SMTP +Added: 7.81.0 +Category: http upload post +Multi: single +See-also: + - form +Example: + - --form-escape -F 'field\name=curl' -F 'file=@load"this' $URL +--- + +# `--form-escape` + +Pass on names of multipart form fields and files using backslash-escaping +instead of percent-encoding. diff --git a/docs/cmdline-opts/form-string.d b/docs/cmdline-opts/form-string.d deleted file mode 100644 index 04d2578c5596..000000000000 --- a/docs/cmdline-opts/form-string.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: form-string -Help: Specify multipart MIME data -Protocols: HTTP SMTP IMAP -Arg: -See-also: form -Category: http upload ---- -Similar to --form except that the value string for the named parameter is used -literally. Leading \&'@' and \&'<' characters, and the \&';type=' string in -the value have no special meaning. Use this in preference to --form if -there's any possibility that the string value may accidentally trigger the -\&'@' or \&'<' features of --form. diff --git a/docs/cmdline-opts/form-string.md b/docs/cmdline-opts/form-string.md new file mode 100644 index 000000000000..e58ad625d9f0 --- /dev/null +++ b/docs/cmdline-opts/form-string.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: form-string +Help: Specify multipart MIME data +Protocols: HTTP SMTP IMAP +Arg: +Category: http upload post smtp imap +Added: 7.13.2 +Multi: append +See-also: + - form +Example: + - --form-string "name=data" $URL +--- + +# `--form-string` + +Similar to --form except that the value string for the named parameter is used +literally. Leading @ and \< characters, and the `;type=` string in the value +have no special meaning. Use this in preference to --form if there is any +possibility that the string value may accidentally trigger the @ or \< +features of --form. diff --git a/docs/cmdline-opts/form.d b/docs/cmdline-opts/form.d deleted file mode 100644 index 2c65ddd9b4a1..000000000000 --- a/docs/cmdline-opts/form.d +++ /dev/null @@ -1,139 +0,0 @@ -Long: form -Short: F -Arg: -Help: Specify multipart MIME data -Protocols: HTTP SMTP IMAP -Mutexed: data head upload-file -Category: http upload ---- -For HTTP protocol family, this lets curl emulate a filled-in form in which a -user has pressed the submit button. This causes curl to POST data using the -Content-Type multipart/form-data according to RFC 2388. - -For SMTP and IMAP protocols, this is the mean to compose a multipart mail -message to transmit. - -This enables uploading of binary files etc. To force the 'content' part to be -a file, prefix the file name with an @ sign. To just get the content part from -a file, prefix the file name with the symbol <. The difference between @ and < -is then that @ makes a file get attached in the post as a file upload, while -the < makes a text field and just get the contents for that text field from a -file. - -Tell curl to read content from stdin instead of a file by using - as -filename. This goes for both @ and < constructs. When stdin is used, the -contents is buffered in memory first by curl to determine its size and allow a -possible resend. Defining a part's data from a named non-regular file (such -as a named pipe or similar) is unfortunately not subject to buffering and will -be effectively read at transmission time; since the full size is unknown -before the transfer starts, such data is sent as chunks by HTTP and rejected -by IMAP. - -Example: send an image to an HTTP server, where \&'profile' is the name of the -form-field to which the file portrait.jpg will be the input: - - curl -F profile=@portrait.jpg https://example.com/upload.cgi - -Example: send your name and shoe size in two text fields to the server: - - curl -F name=John -F shoesize=11 https://example.com/ - -Example: send your essay in a text field to the server. Send it as a plain -text field, but get the contents for it from a local file: - - curl -F "story=HTML message;type=text/html' \\ -.br - -F '=)' -F '=@textfile.txt' ... smtp://example.com - -Data can be encoded for transfer using encoder=. Available encodings are -*binary* and *8bit* that do nothing else than adding the corresponding -Content-Transfer-Encoding header, *7bit* that only rejects 8-bit characters -with a transfer error, *quoted-printable* and *base64* that encodes data -according to the corresponding schemes, limiting lines length to 76 -characters. - -Example: send multipart mail with a quoted-printable text message and a -base64 attached file: - - curl -F '=text message;encoder=quoted-printable' \\ -.br - -F '=@localfile;encoder=base64' ... smtp://example.com - -See further examples and details in the MANUAL. - -This option can be used multiple times. diff --git a/docs/cmdline-opts/form.md b/docs/cmdline-opts/form.md new file mode 100644 index 000000000000..87b019604fc7 --- /dev/null +++ b/docs/cmdline-opts/form.md @@ -0,0 +1,143 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: form +Short: F +Arg: +Help: Specify multipart MIME data +Protocols: HTTP SMTP IMAP +Mutexed: data head upload-file +Category: http upload post imap smtp +Added: 5.0 +Multi: append +See-also: + - data + - form-string + - form-escape +Example: + - --form "name=curl" --form "file=@loadthis" $URL +--- + +# `--form` + +For the HTTP protocol family, emulate a filled-in form in which a user has +pressed the submit button. This makes curl POST data using the Content-Type +multipart/form-data according to RFC 2388. + +For SMTP and IMAP protocols, this composes a multipart mail message to +transmit. + +This enables uploading of binary files etc. To force the 'content' part to be +a file, prefix the filename with an @ sign. To get the content part from a +file, prefix the filename with the symbol \<. The difference between @ and \< +is then that @ makes a file get attached in the post as a file upload, while +the \< makes a text field and gets the contents for that text field from a +file. + +Read content from stdin instead of a file by using a single "-" as filename. +This goes for both @ and \< constructs. When stdin is used, the contents is +buffered in memory first by curl to determine its size and allow a possible +resend. Defining a part's data from a named non-regular file (such as a named +pipe or similar) is not subject to buffering and is instead read at +transmission time; since the full size is unknown before the transfer starts, +such data is sent as chunks by HTTP and rejected by IMAP. + +Example: send an image to an HTTP server, where 'profile' is the name of the +form-field to which the file **portrait.jpg** is the input: + + curl -F profile=@portrait.jpg https://example.com/upload.cgi + +Example: send your name and shoe size in two text fields to the server: + + curl -F name=John -F shoesize=11 https://example.com/ + +Example: send your essay in a text field to the server. Send it as a plain +text field, but get the contents for it from a local file: + + curl -F "story=HTML message;type=text/html' \ + -F '=)' -F '=@textfile.txt' ... smtp://example.com + +Data can be encoded for transfer using encoder=. Available encodings are +*binary* and *8bit* that do nothing else than adding the corresponding +Content-Transfer-Encoding header, *7bit* that only rejects 8-bit characters +with a transfer error, *quoted-printable* and *base64* that encodes data +according to the corresponding schemes, limiting lines length to 76 +characters. + +Example: send multipart mail with a quoted-printable text message and a +base64 attached file: + + curl -F '=text message;encoder=quoted-printable' \ + -F '=@localfile;encoder=base64' ... smtp://example.com diff --git a/docs/cmdline-opts/ftp-account.d b/docs/cmdline-opts/ftp-account.d deleted file mode 100644 index bc04ba0472b6..000000000000 --- a/docs/cmdline-opts/ftp-account.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: ftp-account -Arg: -Help: Account data string -Protocols: FTP -Added: 7.13.0 -Category: ftp auth ---- -When an FTP server asks for "account data" after user name and password has -been provided, this data is sent off using the ACCT command. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/ftp-account.md b/docs/cmdline-opts/ftp-account.md new file mode 100644 index 000000000000..e275349dee0f --- /dev/null +++ b/docs/cmdline-opts/ftp-account.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-account +Arg: +Help: Account data string +Protocols: FTP +Added: 7.13.0 +Category: ftp auth +Multi: single +See-also: + - user +Example: + - --ftp-account "mr.robot" ftp://example.com/ +--- + +# `--ftp-account` + +When an FTP server asks for "account data" after username and password has +been provided, this data is sent off using the ACCT command. diff --git a/docs/cmdline-opts/ftp-alternative-to-user.d b/docs/cmdline-opts/ftp-alternative-to-user.d deleted file mode 100644 index 1714849063de..000000000000 --- a/docs/cmdline-opts/ftp-alternative-to-user.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: ftp-alternative-to-user -Arg: -Help: String to replace USER [name] -Protocols: FTP -Added: 7.15.5 -Category: ftp ---- -If authenticating with the USER and PASS commands fails, send this command. -When connecting to Tumbleweed's Secure Transport server over FTPS using a -client certificate, using "SITE AUTH" will tell the server to retrieve the -username from the certificate. diff --git a/docs/cmdline-opts/ftp-alternative-to-user.md b/docs/cmdline-opts/ftp-alternative-to-user.md new file mode 100644 index 000000000000..9bd3686001cc --- /dev/null +++ b/docs/cmdline-opts/ftp-alternative-to-user.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-alternative-to-user +Arg: +Help: String to replace USER [name] +Protocols: FTP +Added: 7.15.5 +Category: ftp +Multi: single +See-also: + - ftp-account + - user +Example: + - --ftp-alternative-to-user "U53r" ftp://example.com +--- + +# `--ftp-alternative-to-user` + +If authenticating with the USER and PASS commands fails, send this command. +When connecting to Tumbleweed's Secure Transport server over FTPS using a +client certificate, using "SITE AUTH" tells the server to retrieve the +username from the certificate. diff --git a/docs/cmdline-opts/ftp-create-dirs.d b/docs/cmdline-opts/ftp-create-dirs.d deleted file mode 100644 index 5d9dfda46a3e..000000000000 --- a/docs/cmdline-opts/ftp-create-dirs.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: ftp-create-dirs -Protocols: FTP SFTP -Help: Create the remote dirs if not present -See-also: create-dirs -Category: ftp sftp curl ---- -When an FTP or SFTP URL/operation uses a path that doesn't currently exist on -the server, the standard behavior of curl is to fail. Using this option, curl -will instead attempt to create missing directories. diff --git a/docs/cmdline-opts/ftp-create-dirs.md b/docs/cmdline-opts/ftp-create-dirs.md new file mode 100644 index 000000000000..3e851ccae983 --- /dev/null +++ b/docs/cmdline-opts/ftp-create-dirs.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-create-dirs +Protocols: FTP SFTP +Help: Create the remote dirs if not present +Category: ftp sftp +Added: 7.10.7 +Multi: boolean +See-also: + - create-dirs +Example: + - --ftp-create-dirs -T file ftp://example.com/remote/path/file +--- + +# `--ftp-create-dirs` + +When an FTP or SFTP URL/operation uses a path that does not currently exist on +the server, the standard behavior of curl is to fail. Using this option, curl +instead attempts to create missing directories. diff --git a/docs/cmdline-opts/ftp-method.d b/docs/cmdline-opts/ftp-method.d deleted file mode 100644 index 149340b82f58..000000000000 --- a/docs/cmdline-opts/ftp-method.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: ftp-method -Arg: -Help: Control CWD usage -Protocols: FTP -Added: 7.15.1 -Category: ftp ---- -Control what method curl should use to reach a file on an FTP(S) -server. The method argument should be one of the following alternatives: -.RS -.IP multicwd -curl does a single CWD operation for each path part in the given URL. For deep -hierarchies this means very many commands. This is how RFC 1738 says it should -be done. This is the default but the slowest behavior. -.IP nocwd -curl does no CWD at all. curl will do SIZE, RETR, STOR etc and give a full -path to the server for all these commands. This is the fastest behavior. -.IP singlecwd -curl does one CWD with the full target directory and then operates on the file -\&"normally" (like in the multicwd case). This is somewhat more standards -compliant than 'nocwd' but without the full penalty of 'multicwd'. -.RE diff --git a/docs/cmdline-opts/ftp-method.md b/docs/cmdline-opts/ftp-method.md new file mode 100644 index 000000000000..d2bff21d59f0 --- /dev/null +++ b/docs/cmdline-opts/ftp-method.md @@ -0,0 +1,36 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-method +Arg: +Help: Control CWD usage +Protocols: FTP +Added: 7.15.1 +Category: ftp +Multi: single +See-also: + - list-only +Example: + - --ftp-method multicwd ftp://example.com/dir1/dir2/file + - --ftp-method nocwd ftp://example.com/dir1/dir2/file + - --ftp-method singlecwd ftp://example.com/dir1/dir2/file +--- + +# `--ftp-method` + +Control what method curl should use to reach a file on an FTP(S) +server. The method argument should be one of the following alternatives: + +## multicwd +Do a single CWD operation for each path part in the given URL. For deep +hierarchies this means many commands. This is how RFC 1738 says it should be +done. This is the default but the slowest behavior. + +## nocwd +Do no CWD at all. curl does SIZE, RETR, STOR etc and gives the full path to +the server for each of these commands. This is the fastest behavior. + +## singlecwd +Do one CWD with the full target directory and then operate on the file +"normally" (like in the multicwd case). This is somewhat more standards +compliant than `nocwd` but without the full penalty of `multicwd`. diff --git a/docs/cmdline-opts/ftp-pasv.d b/docs/cmdline-opts/ftp-pasv.d deleted file mode 100644 index cbd548de322c..000000000000 --- a/docs/cmdline-opts/ftp-pasv.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: ftp-pasv -Help: Use PASV/EPSV instead of PORT -Protocols: FTP -Added: 7.11.0 -See-also: disable-epsv -Category: ftp ---- -Use passive mode for the data connection. Passive is the internal default -behavior, but using this option can be used to override a previous --ftp-port -option. - -If this option is used several times, only the first one is used. Undoing an -enforced passive really isn't doable but you must then instead enforce the -correct --ftp-port again. - -Passive mode means that curl will try the EPSV command first and then PASV, -unless --disable-epsv is used. diff --git a/docs/cmdline-opts/ftp-pasv.md b/docs/cmdline-opts/ftp-pasv.md new file mode 100644 index 000000000000..02deee30ded8 --- /dev/null +++ b/docs/cmdline-opts/ftp-pasv.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-pasv +Help: Send PASV/EPSV instead of PORT +Protocols: FTP +Added: 7.11.0 +Category: ftp +Multi: mutex +Mutexed: ftp-port +See-also: + - disable-epsv +Example: + - --ftp-pasv ftp://example.com/ +--- + +# `--ftp-pasv` + +Use passive mode for the data connection. Passive is the internal default +behavior, but using this option can be used to override a previous --ftp-port +option. + +Reversing an enforced passive really is not doable but you must then instead +enforce the correct --ftp-port again. + +Passive mode means that curl tries the EPSV command first and then PASV, +unless --disable-epsv is used. diff --git a/docs/cmdline-opts/ftp-port.d b/docs/cmdline-opts/ftp-port.d deleted file mode 100644 index 9bb1d43f0eeb..000000000000 --- a/docs/cmdline-opts/ftp-port.d +++ /dev/null @@ -1,33 +0,0 @@ -Long: ftp-port -Arg:
-Help: Use PORT instead of PASV -Short: P -Protocols: FTP -See-also: ftp-pasv disable-eprt -Category: ftp ---- -Reverses the default initiator/listener roles when connecting with FTP. This -option makes curl use active mode. curl then tells the server to connect back -to the client's specified address and port, while passive mode asks the server -to setup an IP address and port for it to connect to.
should be one -of: -.RS -.IP interface -e.g. "eth0" to specify which interface's IP address you want to use (Unix only) -.IP "IP address" -e.g. "192.168.10.1" to specify the exact IP address -.IP "host name" -e.g. "my.host.domain" to specify the machine -.IP "-" -make curl pick the same IP address that is already used for the control -connection -.RE - -If this option is used several times, the last one will be used. Disable the -use of PORT with --ftp-pasv. Disable the attempt to use the EPRT command -instead of PORT by using --disable-eprt. EPRT is really PORT++. - -Since 7.19.5, you can append \&":[start]-[end]\&" to the right of the address, -to tell curl what TCP port range to use. That means you specify a port range, -from a lower to a higher number. A single number works as well, but do note -that it increases the risk of failure since the port may not be available. diff --git a/docs/cmdline-opts/ftp-port.md b/docs/cmdline-opts/ftp-port.md new file mode 100644 index 000000000000..28cc34ba2f0b --- /dev/null +++ b/docs/cmdline-opts/ftp-port.md @@ -0,0 +1,51 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-port +Arg:
+Help: Send PORT instead of PASV +Short: P +Protocols: FTP +Category: ftp +Added: 4.0 +Multi: single +See-also: + - ftp-pasv + - disable-eprt +Example: + - -P - ftp:/example.com + - -P eth0 ftp:/example.com + - -P 192.168.0.2 ftp:/example.com +--- + +# `--ftp-port` + +Reverse the default initiator/listener roles when connecting with FTP. This +option makes curl use active mode. curl then commands the server to connect +back to the client's specified address and port, while passive mode asks the +server to setup an IP address and port for it to connect to. \ +should be one of: + +## interface +e.g. **eth0** to specify which interface's IP address you want to use (Unix only) + +## IP address +e.g. **192.168.10.1** to specify the exact IP address + +## hostname +e.g. **my.host.domain** to specify the machine + +## - +make curl pick the same IP address that is already used for the control +connection. This is the recommended choice. + +## + +Disable the use of PORT with --ftp-pasv. Disable the attempt to use the EPRT +command instead of PORT by using --disable-eprt. EPRT is really PORT++. + +You can also append ":[start]-[end]" to the right of the address, to tell +curl what TCP port range to use. That means you specify a port range, from a +lower to a higher number. A single number works as well, but do note that it +increases the risk of failure since the port may not be available. +(Added in 7.19.5) diff --git a/docs/cmdline-opts/ftp-pret.d b/docs/cmdline-opts/ftp-pret.d deleted file mode 100644 index e9c7d251a6ce..000000000000 --- a/docs/cmdline-opts/ftp-pret.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: ftp-pret -Help: Send PRET before PASV -Protocols: FTP -Added: 7.20.0 -Category: ftp ---- -Tell curl to send a PRET command before PASV (and EPSV). Certain FTP servers, -mainly drftpd, require this non-standard command for directory listings as -well as up and downloads in PASV mode. diff --git a/docs/cmdline-opts/ftp-pret.md b/docs/cmdline-opts/ftp-pret.md new file mode 100644 index 000000000000..48c48e3e77fc --- /dev/null +++ b/docs/cmdline-opts/ftp-pret.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-pret +Help: Send PRET before PASV +Protocols: FTP +Added: 7.20.0 +Category: ftp +Multi: boolean +See-also: + - ftp-port + - ftp-pasv +Example: + - --ftp-pret ftp://example.com/ +--- + +# `--ftp-pret` + +Send a PRET command before PASV (and EPSV). Certain FTP servers, mainly +drftpd, require this non-standard command for directory listings as well as up +and downloads in PASV mode. diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.d b/docs/cmdline-opts/ftp-skip-pasv-ip.d deleted file mode 100644 index bcf4e7e62f2e..000000000000 --- a/docs/cmdline-opts/ftp-skip-pasv-ip.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: ftp-skip-pasv-ip -Help: Skip the IP address for PASV -Protocols: FTP -Added: 7.14.2 -See-also: ftp-pasv -Category: ftp ---- -Tell curl to not use the IP address the server suggests in its response -to curl's PASV command when curl connects the data connection. Instead curl -will re-use the same IP address it already uses for the control -connection. - -Since curl 7.74.0 this option is enabled by default. - -This option has no effect if PORT, EPRT or EPSV is used instead of PASV. diff --git a/docs/cmdline-opts/ftp-skip-pasv-ip.md b/docs/cmdline-opts/ftp-skip-pasv-ip.md new file mode 100644 index 000000000000..37905e63b110 --- /dev/null +++ b/docs/cmdline-opts/ftp-skip-pasv-ip.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-skip-pasv-ip +Help: Skip the IP address for PASV +Protocols: FTP +Added: 7.15.0 +Category: ftp +Multi: boolean +See-also: + - ftp-pasv +Example: + - --ftp-skip-pasv-ip ftp://example.com/ +--- + +# `--ftp-skip-pasv-ip` + +Do not use the IP address the server suggests in its response to curl's PASV +command when curl connects the data connection. Instead curl reuses the same +IP address it already uses for the control connection. + +This option is enabled by default (added in 7.74.0). + +This option has no effect if PORT, EPRT or EPSV is used instead of PASV. diff --git a/docs/cmdline-opts/ftp-ssl-ccc-mode.d b/docs/cmdline-opts/ftp-ssl-ccc-mode.d deleted file mode 100644 index 6289e544a87e..000000000000 --- a/docs/cmdline-opts/ftp-ssl-ccc-mode.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: ftp-ssl-ccc-mode -Arg: -Help: Set CCC mode -Protocols: FTP -Added: 7.16.2 -See-also: ftp-ssl-ccc -Category: ftp tls ---- -Sets the CCC mode. The passive mode will not initiate the shutdown, but -instead wait for the server to do it, and will not reply to the shutdown from -the server. The active mode initiates the shutdown and waits for a reply from -the server. diff --git a/docs/cmdline-opts/ftp-ssl-ccc-mode.md b/docs/cmdline-opts/ftp-ssl-ccc-mode.md new file mode 100644 index 000000000000..3e9eb725c628 --- /dev/null +++ b/docs/cmdline-opts/ftp-ssl-ccc-mode.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-ssl-ccc-mode +Arg: +Help: Set CCC mode +Protocols: FTP +Added: 7.16.2 +Category: ftp tls +Multi: boolean +See-also: + - ftp-ssl-ccc +Example: + - --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/ +--- + +# `--ftp-ssl-ccc-mode` + +Set the CCC mode. The passive mode does not initiate the shutdown, but instead +waits for the server to do it, and does not reply to the shutdown from the +server. The active mode initiates the shutdown and waits for a reply from the +server. diff --git a/docs/cmdline-opts/ftp-ssl-ccc.d b/docs/cmdline-opts/ftp-ssl-ccc.d deleted file mode 100644 index 33cab4302a51..000000000000 --- a/docs/cmdline-opts/ftp-ssl-ccc.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: ftp-ssl-ccc -Help: Send CCC after authenticating -Protocols: FTP -See-also: ssl ftp-ssl-ccc-mode -Added: 7.16.1 -Category: ftp tls ---- -Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after -authenticating. The rest of the control channel communication will be -unencrypted. This allows NAT routers to follow the FTP transaction. The -default mode is passive. diff --git a/docs/cmdline-opts/ftp-ssl-ccc.md b/docs/cmdline-opts/ftp-ssl-ccc.md new file mode 100644 index 000000000000..40666646e936 --- /dev/null +++ b/docs/cmdline-opts/ftp-ssl-ccc.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-ssl-ccc +Help: Send CCC after authenticating +Protocols: FTP +Added: 7.16.1 +Category: ftp tls +Multi: boolean +See-also: + - ssl + - ftp-ssl-ccc-mode +Example: + - --ftp-ssl-ccc ftps://example.com/ +--- + +# `--ftp-ssl-ccc` + +Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after +authenticating. The rest of the control channel communication is +unencrypted. This allows NAT routers to follow the FTP transaction. The +default mode is passive. diff --git a/docs/cmdline-opts/ftp-ssl-control.d b/docs/cmdline-opts/ftp-ssl-control.d deleted file mode 100644 index 5191353ddc64..000000000000 --- a/docs/cmdline-opts/ftp-ssl-control.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: ftp-ssl-control -Help: Require SSL/TLS for FTP login, clear for transfer -Protocols: FTP -Added: 7.16.0 -Category: ftp tls ---- -Require SSL/TLS for the FTP login, clear for transfer. Allows secure -authentication, but non-encrypted data transfers for efficiency. Fails the -transfer if the server doesn't support SSL/TLS. diff --git a/docs/cmdline-opts/ftp-ssl-control.md b/docs/cmdline-opts/ftp-ssl-control.md new file mode 100644 index 000000000000..a68359a7b635 --- /dev/null +++ b/docs/cmdline-opts/ftp-ssl-control.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-ssl-control +Help: Require TLS for login, clear for transfer +Protocols: FTP +Added: 7.16.0 +Category: ftp tls +Multi: boolean +See-also: + - ssl +Example: + - --ftp-ssl-control ftp://example.com +--- + +# `--ftp-ssl-control` + +Require SSL/TLS for the FTP login, clear for transfer. Allows secure +authentication, but non-encrypted data transfers for efficiency. Fails the +transfer if the server does not support SSL/TLS. diff --git a/docs/cmdline-opts/gen.pl b/docs/cmdline-opts/gen.pl deleted file mode 100755 index e651f029a59b..000000000000 --- a/docs/cmdline-opts/gen.pl +++ /dev/null @@ -1,482 +0,0 @@ -#!/usr/bin/env perl -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### - -=begin comment - -This script generates the manpage. - -Example: gen.pl [files] > curl.1 - -Dev notes: - -We open *input* files in :crlf translation (a no-op on many platforms) in -case we have CRLF line endings in Windows but a perl that defaults to LF. -Unfortunately it seems some perls like msysgit can't handle a global input-only -:crlf so it has to be specified on each file open for text input. - -=end comment -=cut - -my %optshort; -my %optlong; -my %helplong; -my %arglong; -my %redirlong; -my %protolong; -my %catlong; - -# get the long name version, return the man page string -sub manpageify { - my ($k)=@_; - my $l; - if($optlong{$k} ne "") { - # both short + long - $l = "\\fI-".$optlong{$k}.", --$k\\fP"; - } - else { - # only long - $l = "\\fI--$k\\fP"; - } - return $l; -} - -sub printdesc { - my @desc = @_; - for my $d (@desc) { - if($d !~ /^.\\"/) { - # **bold** - $d =~ s/\*\*([^ ]*)\*\*/\\fB$1\\fP/g; - # *italics* - $d =~ s/\*([^ ]*)\*/\\fI$1\\fP/g; - } - # skip lines starting with space (examples) - if($d =~ /^[^ ]/) { - for my $k (keys %optlong) { - my $l = manpageify($k); - $d =~ s/--$k([^a-z0-9_-])/$l$1/; - } - } - # quote "bare" minuses in the output - $d =~ s/( |\\fI|^)--/$1\\-\\-/g; - $d =~ s/([ -]|\\fI|^)-/$1\\-/g; - print $d; - } -} - -sub seealso { - my($standalone, $data)=@_; - if($standalone) { - return sprintf - ".SH \"SEE ALSO\"\n$data\n"; - } - else { - return "See also $data. "; - } -} - -sub overrides { - my ($standalone, $data)=@_; - if($standalone) { - return ".SH \"OVERRIDES\"\n$data\n"; - } - else { - return $data; - } -} - -sub protocols { - my ($standalone, $data)=@_; - if($standalone) { - return ".SH \"PROTOCOLS\"\n$data\n"; - } - else { - return "($data) "; - } -} - -sub added { - my ($standalone, $data)=@_; - if($standalone) { - return ".SH \"ADDED\"\nAdded in curl version $data\n"; - } - else { - return "Added in $data. "; - } -} - -sub single { - my ($f, $standalone)=@_; - open(F, "<:crlf", "$f") || - return 1; - my $short; - my $long; - my $tags; - my $added; - my $protocols; - my $arg; - my $mutexed; - my $requires; - my $category; - my $seealso; - my $magic; # cmdline special option - while() { - if(/^Short: *(.)/i) { - $short=$1; - } - elsif(/^Long: *(.*)/i) { - $long=$1; - } - elsif(/^Added: *(.*)/i) { - $added=$1; - } - elsif(/^Tags: *(.*)/i) { - $tags=$1; - } - elsif(/^Arg: *(.*)/i) { - $arg=$1; - } - elsif(/^Magic: *(.*)/i) { - $magic=$1; - } - elsif(/^Mutexed: *(.*)/i) { - $mutexed=$1; - } - elsif(/^Protocols: *(.*)/i) { - $protocols=$1; - } - elsif(/^See-also: *(.*)/i) { - $seealso=$1; - } - elsif(/^Requires: *(.*)/i) { - $requires=$1; - } - elsif(/^Category: *(.*)/i) { - $category=$1; - } - elsif(/^Help: *(.*)/i) { - ; - } - elsif(/^---/) { - if(!$long) { - print STDERR "ERROR: no 'Long:' in $f\n"; - exit 1; - } - if(!$category) { - print STDERR "ERROR: no 'Category:' in $f\n"; - exit 2; - } - last; - } - else { - chomp; - print STDERR "WARN: unrecognized line in $f, ignoring:\n:'$_';" - } - } - my @desc; - while() { - push @desc, $_; - } - close(F); - my $opt; - if(defined($short) && $long) { - $opt = "-$short, --$long"; - } - elsif($short && !$long) { - $opt = "-$short"; - } - elsif($long && !$short) { - $opt = "--$long"; - } - - if($arg) { - $opt .= " $arg"; - } - - # quote "bare" minuses in opt - $opt =~ s/( |^)--/$1\\-\\-/g; - $opt =~ s/( |^)-/$1\\-/g; - if($standalone) { - print ".TH curl 1 \"30 Nov 2016\" \"curl 7.52.0\" \"curl manual\"\n"; - print ".SH OPTION\n"; - print "curl $opt\n"; - } - else { - print ".IP \"$opt\"\n"; - } - if($protocols) { - print protocols($standalone, $protocols); - } - - if($standalone) { - print ".SH DESCRIPTION\n"; - } - - printdesc(@desc); - undef @desc; - - my @foot; - if($seealso) { - my @m=split(/ /, $seealso); - my $mstr; - my $and = 0; - my $num = scalar(@m); - if($num > 2) { - # use commas up to this point - $and = $num - 1; - } - my $i = 0; - for my $k (@m) { - if(!$helplong{$k}) { - print STDERR "WARN: $f see-alsos a non-existing option: $k\n"; - } - my $l = manpageify($k); - my $sep = " and"; - if($and && ($i < $and)) { - $sep = ","; - } - $mstr .= sprintf "%s$l", $mstr?"$sep ":""; - $i++; - } - push @foot, seealso($standalone, $mstr); - } - if($requires) { - my $l = manpageify($long); - push @foot, "$l requires that the underlying libcurl". - " was built to support $requires. "; - } - if($mutexed) { - my @m=split(/ /, $mutexed); - my $mstr; - for my $k (@m) { - if(!$helplong{$k}) { - print STDERR "WARN: $f mutexes a non-existing option: $k\n"; - } - my $l = manpageify($k); - $mstr .= sprintf "%s$l", $mstr?" and ":""; - } - push @foot, overrides($standalone, "This option overrides $mstr. "); - } - if($added) { - push @foot, added($standalone, $added); - } - if($foot[0]) { - print "\n"; - my $f = join("", @foot); - $f =~ s/ +\z//; # remove trailing space - print "$f\n"; - } - return 0; -} - -sub getshortlong { - my ($f)=@_; - open(F, "<:crlf", "$f"); - my $short; - my $long; - my $help; - my $arg; - my $protocols; - my $category; - while() { - if(/^Short: (.)/i) { - $short=$1; - } - elsif(/^Long: (.*)/i) { - $long=$1; - } - elsif(/^Help: (.*)/i) { - $help=$1; - } - elsif(/^Arg: (.*)/i) { - $arg=$1; - } - elsif(/^Protocols: (.*)/i) { - $protocols=$1; - } - elsif(/^Category: (.*)/i) { - $category=$1; - } - elsif(/^---/) { - last; - } - } - close(F); - if($short) { - $optshort{$short}=$long; - } - if($long) { - $optlong{$long}=$short; - $helplong{$long}=$help; - $arglong{$long}=$arg; - $protolong{$long}=$protocols; - $catlong{$long}=$category; - } -} - -sub indexoptions { - my (@files) = @_; - foreach my $f (@files) { - getshortlong($f); - } -} - -sub header { - my ($f)=@_; - open(F, "<:crlf", "$f"); - my @d; - while() { - push @d, $_; - } - close(F); - printdesc(@d); -} - -sub listhelp { - foreach my $f (sort keys %helplong) { - my $long = $f; - my $short = $optlong{$long}; - my @categories = split ' ', $catlong{$long}; - my $bitmask; - my $opt; - - if(defined($short) && $long) { - $opt = "-$short, --$long"; - } - elsif($long && !$short) { - $opt = " --$long"; - } - for my $i (0 .. $#categories) { - $bitmask .= 'CURLHELP_' . uc $categories[$i]; - # If not last element, append | - if($i < $#categories) { - $bitmask .= ' | '; - } - } - my $arg = $arglong{$long}; - if($arg) { - $opt .= " $arg"; - } - my $desc = $helplong{$f}; - $desc =~ s/\"/\\\"/g; # escape double quotes - - my $line = sprintf " {\"%s\",\n \"%s\",\n %s},\n", $opt, $desc, $bitmask; - - if(length($opt) > 78) { - print STDERR "WARN: the --$long name is too long\n"; - } - elsif(length($desc) > 78) { - print STDERR "WARN: the --$long description is too long\n"; - } - print $line; - } -} - -sub listcats { - my %allcats; - foreach my $f (sort keys %helplong) { - my @categories = split ' ', $catlong{$f}; - foreach (@categories) { - $allcats{$_} = undef; - } - } - my @categories; - foreach my $key (keys %allcats) { - push @categories, $key; - } - @categories = sort @categories; - unshift @categories, 'hidden'; - for my $i (0..$#categories) { - print '#define ' . 'CURLHELP_' . uc($categories[$i]) . ' ' . "1u << " . $i . "u\n"; - } -} - -sub mainpage { - my (@files) = @_; - # show the page header - header("page-header"); - - # output docs for all options - foreach my $f (sort @files) { - if(single($f, 0)) { - print STDERR "Can't read $f?\n"; - } - } - - header("page-footer"); -} - -sub showonly { - my ($f) = @_; - if(single($f, 1)) { - print STDERR "$f: failed\n"; - } -} - -sub showprotocols { - my %prots; - foreach my $f (keys %optlong) { - my @p = split(/ /, $protolong{$f}); - for my $p (@p) { - $prots{$p}++; - } - } - for(sort keys %prots) { - printf "$_ (%d options)\n", $prots{$_}; - } -} - -sub getargs { - my ($f, @s) = @_; - if($f eq "mainpage") { - mainpage(@s); - return; - } - elsif($f eq "listhelp") { - listhelp(); - return; - } - elsif($f eq "single") { - showonly($s[0]); - return; - } - elsif($f eq "protos") { - showprotocols(); - return; - } - elsif($f eq "listcats") { - listcats(); - return; - } - - print "Usage: gen.pl [files]\n"; -} - -#------------------------------------------------------------------------ - -my $cmd = shift @ARGV; -my @files = @ARGV; # the rest are the files - -# learn all existing options -indexoptions(@files); - -getargs($cmd, @files); diff --git a/docs/cmdline-opts/get.d b/docs/cmdline-opts/get.d deleted file mode 100644 index d529bb4e0bb6..000000000000 --- a/docs/cmdline-opts/get.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: get -Short: G -Help: Put the post data in the URL and use GET -Category: http upload ---- -When used, this option will make all data specified with --data, --data-binary -or --data-urlencode to be used in an HTTP GET request instead of the POST -request that otherwise would be used. The data will be appended to the URL -with a '?' separator. - -If used in combination with --head, the POST data will instead be appended to -the URL with a HEAD request. - -If this option is used several times, only the first one is used. This is -because undoing a GET doesn't make sense, but you should then instead enforce -the alternative method you prefer. diff --git a/docs/cmdline-opts/get.md b/docs/cmdline-opts/get.md new file mode 100644 index 000000000000..ac0560ab696d --- /dev/null +++ b/docs/cmdline-opts/get.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: get +Short: G +Help: Put the post data in the URL and use GET +Protocols: HTTP +Category: http +Added: 7.8.1 +Multi: boolean +See-also: + - data + - request +Example: + - --get $URL + - --get -d "tool=curl" -d "age=old" $URL + - --get -I -d "tool=curl" $URL +--- + +# `--get` + +When used, this option makes all data specified with --data, --data-binary or +--data-urlencode to be used in an HTTP GET request instead of the POST request +that otherwise would be used. curl appends the provided data to the URL as a +query string. + +If used in combination with --head, the POST data is instead appended to the +URL with a HEAD request. diff --git a/docs/cmdline-opts/globoff.d b/docs/cmdline-opts/globoff.d deleted file mode 100644 index 4b5f30de916a..000000000000 --- a/docs/cmdline-opts/globoff.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: globoff -Short: g -Help: Disable URL sequences and ranges using {} and [] -Category: curl ---- -This option switches off the "URL globbing parser". When you set this option, -you can specify URLs that contain the letters {}[] without having them being -interpreted by curl itself. Note that these letters are not normal legal URL -contents but they should be encoded according to the URI standard. diff --git a/docs/cmdline-opts/globoff.md b/docs/cmdline-opts/globoff.md new file mode 100644 index 000000000000..5ef4b2ae8843 --- /dev/null +++ b/docs/cmdline-opts/globoff.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: globoff +Short: g +Help: Disable URL globbing with {} and [] +Category: curl +Added: 7.6 +Multi: boolean +See-also: + - config + - disable +Example: + - -g "https://example.com/{[]}}}}" +--- + +# `--globoff` + +Switch off the URL globbing function. When you set this option, you can +specify URLs that contain the letters {}[] without having curl itself +interpret them. Note that these letters are not normal legal URL contents but +they should be encoded according to the URI standard. + +curl detects numerical IPv6 addresses when used in URLs and excludes them from +the treatment, so they can still be used without having to disable globbing. diff --git a/docs/cmdline-opts/happy-eyeballs-timeout-ms.d b/docs/cmdline-opts/happy-eyeballs-timeout-ms.d deleted file mode 100644 index ceff2a7df649..000000000000 --- a/docs/cmdline-opts/happy-eyeballs-timeout-ms.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: happy-eyeballs-timeout-ms -Arg: -Help: Time for IPv6 before trying IPv4 -Added: 7.59.0 -Category: connection ---- -Happy eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6 -addresses for dual-stack hosts, preferring IPv6 first for the number of -milliseconds. If the IPv6 address cannot be connected to within that time then -a connection attempt is made to the IPv4 address in parallel. The first -connection to be established is the one that is used. - -The range of suggested useful values is limited. Happy Eyeballs RFC 6555 says -"It is RECOMMENDED that connection attempts be paced 150-250 ms apart to -balance human factors against network load." libcurl currently defaults to -200 ms. Firefox and Chrome currently default to 300 ms. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/happy-eyeballs-timeout-ms.md b/docs/cmdline-opts/happy-eyeballs-timeout-ms.md new file mode 100644 index 000000000000..f1abb3772576 --- /dev/null +++ b/docs/cmdline-opts/happy-eyeballs-timeout-ms.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: happy-eyeballs-timeout-ms +Arg: +Help: Time for IPv6 before IPv4 +Added: 7.59.0 +Category: connection timeout +Multi: single +See-also: + - max-time + - connect-timeout +Example: + - --happy-eyeballs-timeout-ms 500 $URL +--- + +# `--happy-eyeballs-timeout-ms` + +Set the timeout for Happy Eyeballs. + +Happy Eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6 +addresses for dual-stack hosts, giving IPv6 a head-start of the specified +number of milliseconds. If the IPv6 address cannot be connected to within that +time, then a connection attempt is made to the IPv4 address in parallel. The +first connection to be established is the one that is used. + +The range of suggested useful values is limited. Happy Eyeballs RFC 6555 says +"It is RECOMMENDED that connection attempts be paced 150-250 ms apart to +balance human factors against network load." libcurl currently defaults to +200 ms. Firefox and Chrome currently default to 300 ms. diff --git a/docs/cmdline-opts/haproxy-clientip.md b/docs/cmdline-opts/haproxy-clientip.md new file mode 100644 index 000000000000..4bbf26eccee5 --- /dev/null +++ b/docs/cmdline-opts/haproxy-clientip.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: haproxy-clientip +Arg: +Help: Set address in HAProxy PROXY +Protocols: HTTP +Added: 8.2.0 +Category: http proxy +Multi: single +See-also: + - proxy +Example: + - --haproxy-clientip $IP +--- + +# `--haproxy-clientip` + +Set a client IP in HAProxy PROXY protocol v1 header at the beginning of the +connection. + +For valid requests, IPv4 addresses must be indicated as a series of exactly +4 integers in the range [0..255] inclusive written in decimal representation +separated by exactly one dot between each other. Heading zeroes are not +permitted in front of numbers in order to avoid any possible confusion +with octal numbers. IPv6 addresses must be indicated as series of 4 hexadecimal +digits (upper or lower case) delimited by colons between each other, with the +acceptance of one double colon sequence to replace the largest acceptable range +of consecutive zeroes. The total number of decoded bits must be exactly 128. + +Otherwise, any string can be accepted for the client IP and get sent. + +It replaces --haproxy-protocol if used, it is not necessary to specify both flags. diff --git a/docs/cmdline-opts/haproxy-protocol.d b/docs/cmdline-opts/haproxy-protocol.d deleted file mode 100644 index 835820465a55..000000000000 --- a/docs/cmdline-opts/haproxy-protocol.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: haproxy-protocol -Help: Send HAProxy PROXY protocol v1 header -Protocols: HTTP -Added: 7.60.0 -Category: http proxy ---- -Send a HAProxy PROXY protocol v1 header at the beginning of the connection. This -is used by some load balancers and reverse proxies to indicate the client's -true IP address and port. - -This option is primarily useful when sending test requests to a service that -expects this header. diff --git a/docs/cmdline-opts/haproxy-protocol.md b/docs/cmdline-opts/haproxy-protocol.md new file mode 100644 index 000000000000..26456c80bf49 --- /dev/null +++ b/docs/cmdline-opts/haproxy-protocol.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: haproxy-protocol +Help: Send HAProxy PROXY protocol v1 header +Protocols: HTTP +Added: 7.60.0 +Category: http proxy +Multi: boolean +See-also: + - proxy +Example: + - --haproxy-protocol $URL +--- + +# `--haproxy-protocol` + +Send a HAProxy PROXY protocol v1 header at the beginning of the connection. +This is used by some load balancers and reverse proxies to indicate the +client's true IP address and port. + +This option is primarily useful when sending test requests to a service that +expects this header. diff --git a/docs/cmdline-opts/head.d b/docs/cmdline-opts/head.d deleted file mode 100644 index 6fe468511e17..000000000000 --- a/docs/cmdline-opts/head.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: head -Short: I -Help: Show document info only -Protocols: HTTP FTP FILE -Category: http ftp file ---- -Fetch the headers only! HTTP-servers feature the command HEAD which this uses -to get nothing but the header of a document. When used on an FTP or FILE file, -curl displays the file size and last modification time only. diff --git a/docs/cmdline-opts/head.md b/docs/cmdline-opts/head.md new file mode 100644 index 000000000000..7e005c7254df --- /dev/null +++ b/docs/cmdline-opts/head.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: head +Short: I +Help: Show document info only +Protocols: HTTP FTP FILE +Category: important http ftp file +Added: 4.0 +Multi: boolean +See-also: + - get + - verbose + - trace-ascii +Example: + - -I $URL +--- + +# `--head` + +Fetch the headers only. HTTP-servers feature the command HEAD which this uses +to get nothing but the header of a document. When used on an FTP or FILE URL, +curl displays the file size and last modification time only. diff --git a/docs/cmdline-opts/header.d b/docs/cmdline-opts/header.d deleted file mode 100644 index 121285ae3722..000000000000 --- a/docs/cmdline-opts/header.d +++ /dev/null @@ -1,44 +0,0 @@ -Long: header -Short: H -Arg:
-Help: Pass custom header(s) to server -Protocols: HTTP -Category: http -See-also: user-agent referer ---- -Extra header to include in the request when sending HTTP to a server. You may -specify any number of extra headers. Note that if you should add a custom -header that has the same name as one of the internal ones curl would use, your -externally set header will be used instead of the internal one. This allows -you to make even trickier stuff than curl would normally do. You should not -replace internally set headers without knowing perfectly well what you're -doing. Remove an internal header by giving a replacement without content on -the right side of the colon, as in: -H \&"Host:". If you send the custom -header with no-value then its header must be terminated with a semicolon, such -as \-H \&"X-Custom-Header;" to send "X-Custom-Header:". - -curl will make sure that each header you add/replace is sent with the proper -end-of-line marker, you should thus **not** add that as a part of the header -content: do not add newlines or carriage returns, they will only mess things -up for you. - -This option can take an argument in @filename style, which then adds a header -for each line in the input file. Using @- will make curl read the header file -from stdin. Added in 7.55.0. - -You need --proxy-header to send custom headers intended for a HTTP -proxy. Added in 7.37.0. - -Passing on a "Transfer-Encoding: chunked" header when doing a HTTP request -with a request body, will make curl send the data using chunked encoding. - -Example: - - curl -H "X-First-Name: Joe" http://example.com/ - -**WARNING**: headers set with this option will be set in all requests - even -after redirects are followed, like when told with --location. This can lead to -the header being sent to other hosts than the original host, so sensitive -headers should be used with caution combined with following redirects. - -This option can be used multiple times to add/replace/remove multiple headers. diff --git a/docs/cmdline-opts/header.md b/docs/cmdline-opts/header.md new file mode 100644 index 000000000000..9e1f2029e08f --- /dev/null +++ b/docs/cmdline-opts/header.md @@ -0,0 +1,69 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: header +Short: H +Arg:
+Help: Pass custom header(s) to server +Protocols: HTTP IMAP SMTP +Category: important http imap smtp +Added: 5.0 +Multi: append +See-also: + - user-agent + - referer + - proxy-header +Example: + - -H "X-First-Name: Joe" $URL + - -H "User-Agent: yes-please/2000" $URL + - -H "Host:" $URL + - -H @headers.txt $URL +--- + +# `--header` + +Extra header to include in information sent. When used within an HTTP request, +it is added to the regular request headers. + +For an IMAP or SMTP MIME uploaded mail built with --form options, it is +prepended to the resulting MIME document, effectively including it at the mail +global level. It does not affect raw uploaded mails (Added in 7.56.0). + +You may specify any number of extra headers. Note that if you should add a +custom header that has the same name as one of the internal ones curl would +use, your externally set header is used instead of the internal one. This +allows you to make even trickier stuff than curl would normally do. You should +not replace internally set headers without knowing perfectly well what you are +doing. Remove an internal header by giving a replacement without content on +the right side of the colon, as in: -H `Host:`. If you send the custom header +with no-value then its header must be terminated with a semicolon, such as -H +`X-Custom-Header;` to send `X-Custom-Header:`. + +curl makes sure that each header you add/replace is sent with the proper +end-of-line marker, you should thus **not** add that as a part of the header +content: do not add newlines or carriage returns, they only mess things up for +you. curl passes on the verbatim string you give it without any filter or +other safe guards. That includes white space and control characters. + +This option can take an argument in @filename style, which then adds a header +for each line in the input file. Using @- makes curl read the header file from +stdin. (Added in 7.55.0) + +Please note that most anti-spam utilities check the presence and value of +several MIME mail headers: these are `From:`, `To:`, `Date:` and `Subject:` +among others and should be added with this option. + +You need --proxy-header to send custom headers intended for an HTTP proxy. +(Added in 7.37.0) + +Passing on a `Transfer-Encoding: chunked` header when doing an HTTP request +with a request body, makes curl send the data using chunked encoding. + +**WARNING**: headers set with this option are set in all HTTP requests - even +after redirects are followed, like when told with --location. This can lead to +the header being sent to other hosts than the original host, so sensitive +headers should be used with caution combined with following redirects. + +`Authorization:` and `Cookie:` headers are explicitly *not* passed on in HTTP +requests when following redirects to other origins, unless --location-trusted +is used. diff --git a/docs/cmdline-opts/help.d b/docs/cmdline-opts/help.d deleted file mode 100644 index b7c68233a1e0..000000000000 --- a/docs/cmdline-opts/help.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: help -Arg: -Short: h -Help: Get help for commands -Category: important curl ---- -Usage help. This lists all commands of the . -If no arg was provided, curl will display the most important -command line arguments. -If the argument "all" was provided, curl will display all options available. -If the argument "category" was provided, curl will display all categories and -their meanings. diff --git a/docs/cmdline-opts/help.md b/docs/cmdline-opts/help.md new file mode 100644 index 000000000000..122c55cd4341 --- /dev/null +++ b/docs/cmdline-opts/help.md @@ -0,0 +1,39 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: help +Arg: +Short: h +Help: Get help for commands +Category: important curl +Added: 4.0 +Multi: custom +See-also: + - verbose +Example: + - --help all + - --help --insecure + - --help -f +--- + +# `--help` + +Usage help. Provide help for the subject given as an optional argument. + +If no argument is provided, curl displays the most important command line +arguments. + +The argument can either be a **category** or a **command line option**. When a +category is provided, curl shows all command line options within the given +category. Specify category `all` to list all available options. + +If `category` is specified, curl displays all available help categories. + +If the provided subject is instead an existing command line option, specified +either in its short form with a single dash and a single letter, or in the +long form with two dashes and a longer name, curl displays a help text for +that option in the terminal. + +The help output is extensive for some options. + +If the provided command line option is not known, curl says so. diff --git a/docs/cmdline-opts/hostpubmd5.d b/docs/cmdline-opts/hostpubmd5.d deleted file mode 100644 index c926ed8b5051..000000000000 --- a/docs/cmdline-opts/hostpubmd5.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: hostpubmd5 -Arg: -Help: Acceptable MD5 hash of the host public key -Protocols: SFTP SCP -Added: 7.17.1 -Category: sftp scp ---- -Pass a string containing 32 hexadecimal digits. The string should -be the 128 bit MD5 checksum of the remote host's public key, curl will refuse -the connection with the host unless the md5sums match. diff --git a/docs/cmdline-opts/hostpubmd5.md b/docs/cmdline-opts/hostpubmd5.md new file mode 100644 index 000000000000..5d480a5bcd04 --- /dev/null +++ b/docs/cmdline-opts/hostpubmd5.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: hostpubmd5 +Arg: +Help: Acceptable MD5 hash of host public key +Protocols: SFTP SCP +Added: 7.17.1 +Category: sftp scp ssh +Multi: single +See-also: + - hostpubsha256 +Example: + - --hostpubmd5 e5c1c49020640a5ab0f2034854c321a8 sftp://example.com/ +--- + +# `--hostpubmd5` + +Pass a string containing 32 hexadecimal digits. The string should be the 128 +bit **MD5** checksum of the remote host's public key, curl refuses the +connection with the host unless the checksums match. diff --git a/docs/cmdline-opts/hostpubsha256.md b/docs/cmdline-opts/hostpubsha256.md new file mode 100644 index 000000000000..e695a10cb588 --- /dev/null +++ b/docs/cmdline-opts/hostpubsha256.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: hostpubsha256 +Arg: +Help: Acceptable SHA256 hash of host public key +Protocols: SFTP SCP +Added: 7.80.0 +Category: sftp scp ssh +Multi: single +See-also: + - hostpubmd5 +Example: + - --hostpubsha256 NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ= sftp://example.com/ +--- + +# `--hostpubsha256` + +Pass a string containing a Base64-encoded SHA256 hash of the remote host's +public key. curl refuses the connection with the host unless the hashes match. + +This feature requires libcurl to be built with libssh2 and does not work with +other SSH backends. diff --git a/docs/cmdline-opts/hsts.d b/docs/cmdline-opts/hsts.d deleted file mode 100644 index 2399084bfcd3..000000000000 --- a/docs/cmdline-opts/hsts.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: hsts -Arg: -Protocols: HTTPS -Help: Enable HSTS with this cache file -Added: 7.74.0 -Category: http ---- -WARNING: this option is experimental. Do not use in production. - -This option enables HSTS for the transfer. If the file name points to an -existing HSTS cache file, that will be used. After a completed transfer, the -cache will be saved to the file name again if it has been modified. - -Specify a "" file name (zero length) to avoid loading/saving and make curl -just handle HSTS in memory. - -If this option is used several times, curl will load contents from all the -files but the last one will be used for saving. diff --git a/docs/cmdline-opts/hsts.md b/docs/cmdline-opts/hsts.md new file mode 100644 index 000000000000..bb1f1d27374b --- /dev/null +++ b/docs/cmdline-opts/hsts.md @@ -0,0 +1,35 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: hsts +Arg: +Protocols: HTTPS +Help: Enable HSTS with this cache file +Added: 7.74.0 +Category: http +Multi: append +See-also: + - proto +Example: + - --hsts cache.txt $URL +--- + +# `--hsts` + +Enable HSTS for the transfer. If the filename points to an existing HSTS cache +file, that is used. After a completed transfer, the cache is saved to the +filename again if it has been modified. + +If curl is told to use HTTP:// for a transfer involving a hostname that exists +in the HSTS cache, it upgrades the transfer to use HTTPS. Each HSTS cache +entry has an individual lifetime after which the upgrade is no longer +performed. + +Specify a "" filename (zero length) to avoid loading/saving and make curl +handle HSTS in memory. + +You may want to restrict your umask to prevent other users on the same system +to access the created file. + +If this option is used several times, curl loads contents from all the +files but the last one is used for saving. diff --git a/docs/cmdline-opts/http0.9.d b/docs/cmdline-opts/http0.9.d deleted file mode 100644 index 954c22a17ad5..000000000000 --- a/docs/cmdline-opts/http0.9.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: http0.9 -Tags: Versions -Protocols: HTTP -Added: -Help: Allow HTTP 0.9 responses -Category: http ---- -Tells curl to be fine with HTTP version 0.9 response. - -HTTP/0.9 is a completely headerless response and therefore you can also -connect with this to non-HTTP servers and still get a response since curl will -simply transparently downgrade - if allowed. - -Since curl 7.66.0, HTTP/0.9 is disabled by default. diff --git a/docs/cmdline-opts/http0.9.md b/docs/cmdline-opts/http0.9.md new file mode 100644 index 000000000000..65be14491c1f --- /dev/null +++ b/docs/cmdline-opts/http0.9.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http0.9 +Tags: Versions +Protocols: HTTP +Help: Allow HTTP/0.9 responses +Category: http +Added: 7.64.0 +Multi: boolean +See-also: + - http1.1 + - http2 + - http3 +Example: + - --http0.9 $URL +--- + +# `--http0.9` + +Accept an HTTP version 0.9 response. + +HTTP/0.9 is a response without headers and therefore you can also connect with +this to non-HTTP servers and still get a response since curl +transparently downgrades - if allowed. + +HTTP/0.9 is disabled by default (added in 7.66.0) diff --git a/docs/cmdline-opts/http1.0.d b/docs/cmdline-opts/http1.0.d deleted file mode 100644 index a4059dbf0f34..000000000000 --- a/docs/cmdline-opts/http1.0.d +++ /dev/null @@ -1,11 +0,0 @@ -Short: 0 -Long: http1.0 -Tags: Versions -Protocols: HTTP -Added: -Mutexed: http1.1 http2 -Help: Use HTTP 1.0 -Category: http ---- -Tells curl to use HTTP version 1.0 instead of using its internally preferred -HTTP version. diff --git a/docs/cmdline-opts/http1.0.md b/docs/cmdline-opts/http1.0.md new file mode 100644 index 000000000000..0252f0523046 --- /dev/null +++ b/docs/cmdline-opts/http1.0.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 0 +Long: http1.0 +Tags: Versions +Protocols: HTTP +Added: 7.9.1 +Mutexed: http1.1 http2 http2-prior-knowledge http3 +Help: Use HTTP/1.0 +Category: http +Multi: mutex +See-also: + - http0.9 + - http1.1 +Example: + - --http1.0 $URL +--- + +# `--http1.0` + +Use HTTP version 1.0 instead of using its internally preferred HTTP version. diff --git a/docs/cmdline-opts/http1.1.d b/docs/cmdline-opts/http1.1.d deleted file mode 100644 index a71a40bab2f4..000000000000 --- a/docs/cmdline-opts/http1.1.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: http1.1 -Tags: Versions -Protocols: HTTP -Added: 7.33.0 -Mutexed: http1.0 http2 -Help: Use HTTP 1.1 -Category: http ---- -Tells curl to use HTTP version 1.1. diff --git a/docs/cmdline-opts/http1.1.md b/docs/cmdline-opts/http1.1.md new file mode 100644 index 000000000000..14e5c74702aa --- /dev/null +++ b/docs/cmdline-opts/http1.1.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http1.1 +Tags: Versions +Protocols: HTTP +Added: 7.33.0 +Mutexed: http1.0 http2 http2-prior-knowledge http3 +Help: Use HTTP/1.1 +Category: http +Multi: mutex +See-also: + - http1.0 + - http0.9 +Example: + - --http1.1 $URL +--- + +# `--http1.1` + +Use HTTP version 1.1. This is the default with HTTP:// URLs. diff --git a/docs/cmdline-opts/http2-prior-knowledge.d b/docs/cmdline-opts/http2-prior-knowledge.d deleted file mode 100644 index ea2906edb465..000000000000 --- a/docs/cmdline-opts/http2-prior-knowledge.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: http2-prior-knowledge -Tags: Versions -Protocols: HTTP -Added: 7.49.0 -Mutexed: http1.1 http1.0 http2 -Requires: HTTP/2 -Help: Use HTTP 2 without HTTP/1.1 Upgrade -Category: http ---- -Tells curl to issue its non-TLS HTTP requests using HTTP/2 without HTTP/1.1 -Upgrade. It requires prior knowledge that the server supports HTTP/2 straight -away. HTTPS requests will still do HTTP/2 the standard way with negotiated -protocol version in the TLS handshake. diff --git a/docs/cmdline-opts/http2-prior-knowledge.md b/docs/cmdline-opts/http2-prior-knowledge.md new file mode 100644 index 000000000000..6351e06a7980 --- /dev/null +++ b/docs/cmdline-opts/http2-prior-knowledge.md @@ -0,0 +1,29 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http2-prior-knowledge +Tags: Versions +Protocols: HTTP +Added: 7.49.0 +Mutexed: http1.1 http1.0 http2 http3 +Requires: HTTP/2 +Help: Use HTTP/2 without HTTP/1.1 Upgrade +Category: http +Multi: boolean +See-also: + - http2 + - http3 +Example: + - --http2-prior-knowledge $URL +--- + +# `--http2-prior-knowledge` + +Issue a non-TLS HTTP request using HTTP/2 directly without HTTP/1.1 Upgrade. +It requires prior knowledge that the server supports HTTP/2 straight away. +HTTPS requests still do HTTP/2 the standard way with negotiated protocol +versions in the TLS handshake. + +Since 8.10.0 if this option is set for an HTTPS request then the application +layer protocol version (ALPN) offered to the server is only HTTP/2. Prior to +that both HTTP/1.1 and HTTP/2 were offered. diff --git a/docs/cmdline-opts/http2.d b/docs/cmdline-opts/http2.d deleted file mode 100644 index 197515ee8cbc..000000000000 --- a/docs/cmdline-opts/http2.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: http2 -Tags: Versions -Protocols: HTTP -Added: 7.33.0 -Mutexed: http1.1 http1.0 http2-prior-knowledge -Requires: HTTP/2 -See-also: no-alpn -Help: Use HTTP 2 -See-also: http1.1 http3 -Category: http ---- -Tells curl to use HTTP version 2. diff --git a/docs/cmdline-opts/http2.md b/docs/cmdline-opts/http2.md new file mode 100644 index 000000000000..f5180be2b533 --- /dev/null +++ b/docs/cmdline-opts/http2.md @@ -0,0 +1,34 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http2 +Tags: Versions +Protocols: HTTP +Added: 7.33.0 +Mutexed: http1.1 http1.0 http2-prior-knowledge http3 +Requires: HTTP/2 +Help: Use HTTP/2 +Category: http +Multi: mutex +See-also: + - http1.1 + - http3 + - no-alpn + - proxy-http2 +Example: + - --http2 $URL +--- + +# `--http2` + +Use HTTP/2. + +For HTTPS, this means curl negotiates HTTP/2 in the TLS handshake. curl does +this by default. + +For HTTP, this means curl attempts to upgrade the request to HTTP/2 using the +Upgrade: request header. + +When curl uses HTTP/2 over HTTPS, it does not itself insist on TLS 1.2 or +higher even though that is required by the specification. A user can add this +version requirement with --tlsv1.2. diff --git a/docs/cmdline-opts/http3-only.md b/docs/cmdline-opts/http3-only.md new file mode 100644 index 000000000000..400ac19ac2d7 --- /dev/null +++ b/docs/cmdline-opts/http3-only.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http3-only +Tags: Versions +Protocols: HTTP +Added: 7.88.0 +Mutexed: http1.1 http1.0 http2 http2-prior-knowledge http3 +Requires: HTTP/3 +Help: Use HTTP/3 only +Category: http +Multi: mutex +See-also: + - http1.1 + - http2 + - http3 +Example: + - --http3-only $URL +--- + +# `--http3-only` + +Instruct curl to use HTTP/3 to the host in the URL, with no fallback to +earlier HTTP versions. HTTP/3 can only be used for HTTPS and not for HTTP +URLs. For HTTP, this option triggers an error. + +This option allows a user to avoid using the Alt-Svc method of upgrading to +HTTP/3 when you know that the target speaks HTTP/3 on the given host and port. + +This option makes curl fail if a QUIC connection cannot be established, it +does not attempt any other HTTP versions on its own. Use --http3 for similar +functionality *with* a fallback. diff --git a/docs/cmdline-opts/http3.d b/docs/cmdline-opts/http3.d deleted file mode 100644 index 478b662aa90e..000000000000 --- a/docs/cmdline-opts/http3.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: http3 -Tags: Versions -Protocols: HTTP -Added: 7.66.0 -Mutexed: http1.1 http1.0 http2 http2-prior-knowledge -Requires: HTTP/3 -Help: Use HTTP v3 -See-also: http1.1 http2 -Category: http ---- - -WARNING: this option is experimental. Do not use in production. - -Tells curl to use HTTP version 3 directly to the host and port number used in -the URL. A normal HTTP/3 transaction will be done to a host and then get -redirected via Alt-SVc, but this option allows a user to circumvent that when -you know that the target speaks HTTP/3 on the given host and port. - -This option will make curl fail if a QUIC connection cannot be established, it -cannot fall back to a lower HTTP version on its own. diff --git a/docs/cmdline-opts/http3.md b/docs/cmdline-opts/http3.md new file mode 100644 index 000000000000..e4dfeef075be --- /dev/null +++ b/docs/cmdline-opts/http3.md @@ -0,0 +1,37 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http3 +Tags: Versions +Protocols: HTTP +Added: 7.66.0 +Mutexed: http1.1 http1.0 http2 http2-prior-knowledge http3-only +Requires: HTTP/3 +Help: Use HTTP/3 +Category: http +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --http3 $URL +--- + +# `--http3` + +Attempt HTTP/3 to the host in the URL, but fallback to earlier HTTP versions +if the HTTP/3 connection establishment fails or is slow. HTTP/3 is only +available for HTTPS and not for HTTP URLs. + +This option allows a user to avoid using the Alt-Svc method of upgrading to +HTTP/3 when you know or suspect that the target speaks HTTP/3 on the given +host and port. + +When asked to use HTTP/3, curl issues a separate attempt to use older HTTP +versions with a slight delay, so if the HTTP/3 transfer fails or is slow, curl +still tries to proceed with an older HTTP version. The fallback performs the +regular negotiation between HTTP/1 and HTTP/2. + +Use --http3-only for similar functionality *without* a fallback. + +curl cannot do HTTP/3 over any proxy. diff --git a/docs/cmdline-opts/ignore-content-length.d b/docs/cmdline-opts/ignore-content-length.d deleted file mode 100644 index cec990a8d653..000000000000 --- a/docs/cmdline-opts/ignore-content-length.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: ignore-content-length -Help: Ignore the size of the remote resource -Protocols: FTP HTTP -Category: http ftp ---- -For HTTP, Ignore the Content-Length header. This is particularly useful for -servers running Apache 1.x, which will report incorrect Content-Length for -files larger than 2 gigabytes. - -For FTP (since 7.46.0), skip the RETR command to figure out the size before -downloading a file. - -This option doesn't work if libcurl was built to use hyper for HTTP. diff --git a/docs/cmdline-opts/ignore-content-length.md b/docs/cmdline-opts/ignore-content-length.md new file mode 100644 index 000000000000..01ff43b06e12 --- /dev/null +++ b/docs/cmdline-opts/ignore-content-length.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ignore-content-length +Help: Ignore the size of the remote resource +Protocols: FTP HTTP +Category: http ftp +Added: 7.14.1 +Multi: boolean +See-also: + - ftp-skip-pasv-ip +Example: + - --ignore-content-length $URL +--- + +# `--ignore-content-length` + +For HTTP, ignore the Content-Length header. This is particularly useful for +servers running Apache 1.x, which reports incorrect Content-Length for files +larger than 2 gigabytes. + +For FTP, this makes curl skip the SIZE command to figure out the size before +downloading a file (added in 7.46.0). diff --git a/docs/cmdline-opts/include.d b/docs/cmdline-opts/include.d deleted file mode 100644 index 250d4accfd0c..000000000000 --- a/docs/cmdline-opts/include.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: include -Short: i -Help: Include protocol response headers in the output -See-also: verbose -Category: important verbose ---- -Include the HTTP response headers in the output. The HTTP response headers can -include things like server name, cookies, date of the document, HTTP version -and more... - -To view the request headers, consider the --verbose option. diff --git a/docs/cmdline-opts/insecure.d b/docs/cmdline-opts/insecure.d deleted file mode 100644 index 636f121e2b43..000000000000 --- a/docs/cmdline-opts/insecure.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: insecure -Short: k -Help: Allow insecure server connections when using SSL -Protocols: TLS -See-also: proxy-insecure cacert -Category: tls ---- - -By default, every SSL connection curl makes is verified to be secure. This -option allows curl to proceed and operate even for server connections -otherwise considered insecure. - -The server connection is verified by making sure the server's certificate -contains the right name and verifies successfully using the cert store. - -See this online resource for further details: - https://curl.se/docs/sslcerts.html diff --git a/docs/cmdline-opts/insecure.md b/docs/cmdline-opts/insecure.md new file mode 100644 index 000000000000..6b7009f251bb --- /dev/null +++ b/docs/cmdline-opts/insecure.md @@ -0,0 +1,41 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: insecure +Short: k +Help: Allow insecure server connections +Protocols: TLS SFTP SCP +Category: tls sftp scp ssh +Added: 7.10 +Multi: boolean +See-also: + - proxy-insecure + - cacert + - capath +Example: + - --insecure $URL +--- + +# `--insecure` + +By default, every secure connection curl makes is verified to be secure before +the transfer takes place. This option makes curl skip the verification step +and proceed without checking. + +When this option is not used for protocols using TLS, curl verifies the +server's TLS certificate before it continues: that the certificate contains +the right name which matches the hostname used in the URL and that the +certificate has been signed by a CA certificate present in the cert store. See +this online resource for further details: +**https://curl.se/docs/sslcerts.html** + +For SFTP and SCP, this option makes curl skip the *known_hosts* verification. +*known_hosts* is a file normally stored in the user's home directory in the +".ssh" subdirectory, which contains hostnames and their public keys. + +**WARNING**: using this option makes the transfer insecure. + +When curl uses secure protocols it trusts responses and allows for example +HSTS and Alt-Svc information to be stored and used subsequently. Using +--insecure can make curl trust and use such information from malicious +servers. diff --git a/docs/cmdline-opts/interface.d b/docs/cmdline-opts/interface.d deleted file mode 100644 index 196e7efa34f7..000000000000 --- a/docs/cmdline-opts/interface.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: interface -Arg: -Help: Use network INTERFACE (or address) -See-also: dns-interface -Category: connection ---- - -Perform an operation using a specified interface. You can enter interface -name, IP address or host name. An example could look like: - - curl --interface eth0:1 https://www.example.com/ - -If this option is used several times, the last one will be used. - -On Linux it can be used to specify a VRF, but the binary needs to either -have CAP_NET_RAW or to be run as root. More information about Linux VRF: -https://www.kernel.org/doc/Documentation/networking/vrf.txt diff --git a/docs/cmdline-opts/interface.md b/docs/cmdline-opts/interface.md new file mode 100644 index 000000000000..1609cc35d3d3 --- /dev/null +++ b/docs/cmdline-opts/interface.md @@ -0,0 +1,51 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: interface +Arg: +Help: Use network interface +Category: connection +Added: 7.3 +Multi: single +See-also: + - dns-interface +Example: + - --interface eth0 $URL + - --interface "host!10.0.0.1" $URL + - --interface "if!enp3s0" $URL +--- + +# `--interface` + +Perform the operation using a specified interface. You can enter interface +name, IP address or hostname. If you prefer to be specific, you can use the +following special syntax: + +## `if!` + +Interface name. If the provided name does not match an existing interface, +curl returns with error 45. + +## `host!` + +IP address or hostname. + +## `ifhost!!` + +Interface name and IP address or hostname. This syntax requires libcurl 8.9.0 +or later. + +If the provided name does not match an existing interface, curl returns with +error 45. + +## + +curl does not support using network interface names for this option on +Windows. + +That name resolve operation if a hostname is provided does **not** use +DNS-over-HTTPS even if --doh-url is set. + +On Linux this option can be used to specify a **VRF** (Virtual Routing and +Forwarding) device, but the binary then needs to either have the +**CAP_NET_RAW** capability set or to be run as root. diff --git a/docs/cmdline-opts/ip-tos.md b/docs/cmdline-opts/ip-tos.md new file mode 100644 index 000000000000..f5ef589e2354 --- /dev/null +++ b/docs/cmdline-opts/ip-tos.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ip-tos +Arg: +Help: Set IP Type of Service or Traffic Class +Added: 8.9.0 +Category: connection +Multi: single +See-also: + - tcp-nodelay + - vlan-priority +Example: + - --ip-tos CS5 $URL +--- + +# `--ip-tos` + +Set Type of Service (TOS) for IPv4 or Traffic Class for IPv6. + +The values allowed for \ can be a numeric value between 1 and 255 +or one of the following: + +CS0, CS1, CS2, CS3, CS4, CS5, CS6, CS7, AF11, AF12, AF13, AF21, AF22, AF23, +AF31, AF32, AF33, AF41, AF42, AF43, EF, VOICE-ADMIT, ECT1, ECT0, CE, LE, +LOWCOST, LOWDELAY, THROUGHPUT, RELIABILITY, MINCOST diff --git a/docs/cmdline-opts/ipfs-gateway.md b/docs/cmdline-opts/ipfs-gateway.md new file mode 100644 index 000000000000..16e197fcfefb --- /dev/null +++ b/docs/cmdline-opts/ipfs-gateway.md @@ -0,0 +1,40 @@ +--- +c: Copyright (C) Mark Gaiser, +SPDX-License-Identifier: curl +Long: ipfs-gateway +Arg: +Help: Gateway for IPFS +Protocols: IPFS +Added: 8.4.0 +Category: curl +Multi: single +See-also: + - help + - manual +Example: + - --ipfs-gateway $URL ipfs:// +--- + +# `--ipfs-gateway` + +Specify which gateway to use for IPFS and IPNS URLs. Not specifying this +instead makes curl check if the IPFS_GATEWAY environment variable is set, or +if a `~/.ipfs/gateway` file holding the gateway URL exists. + +If you run a local IPFS node, this gateway is by default available under +`http://localhost:8080`. A full example URL would look like: + + curl --ipfs-gateway http://localhost:8080 \ + ipfs://bafybeigagd5nmnn2iys2f3 + +There are many public IPFS gateways. See for example: +https://ipfs.github.io/public-gateway-checker/ + +If you opt to go for a remote gateway you need to be aware that you completely +trust the gateway. This might be fine in local gateways that you host +yourself. With remote gateways there could potentially be malicious actors +returning you data that does not match the request you made, inspect or even +interfere with the request. You may not notice this when using curl. A +mitigation could be to go for a "trustless" gateway. This means you locally +verify the data. Consult the docs page on trusted vs trustless: +https://docs.ipfs.tech/reference/http/gateway/#trusted-vs-trustless diff --git a/docs/cmdline-opts/ipv4.d b/docs/cmdline-opts/ipv4.d deleted file mode 100644 index a6691376a609..000000000000 --- a/docs/cmdline-opts/ipv4.d +++ /dev/null @@ -1,13 +0,0 @@ -Short: 4 -Long: ipv4 -Tags: Versions -Protocols: -Added: -Mutexed: ipv6 -Requires: -See-also: http1.1 http2 -Help: Resolve names to IPv4 addresses -Category: connection dns ---- -This option tells curl to resolve names to IPv4 addresses only, and not for -example try IPv6. diff --git a/docs/cmdline-opts/ipv4.md b/docs/cmdline-opts/ipv4.md new file mode 100644 index 000000000000..d7d571d5bd78 --- /dev/null +++ b/docs/cmdline-opts/ipv4.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 4 +Long: ipv4 +Tags: Versions +Protocols: +Added: 7.10.8 +Mutexed: ipv6 +Requires: +Help: Resolve names to IPv4 addresses +Category: connection dns +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --ipv4 $URL +--- + +# `--ipv4` + +Request only IPv4 addresses when resolving hostnames, and not for example any +IPv6. diff --git a/docs/cmdline-opts/ipv6.d b/docs/cmdline-opts/ipv6.d deleted file mode 100644 index ce0415caa915..000000000000 --- a/docs/cmdline-opts/ipv6.d +++ /dev/null @@ -1,13 +0,0 @@ -Short: 6 -Long: ipv6 -Tags: Versions -Protocols: -Added: -Mutexed: ipv4 -Requires: -See-also: http1.1 http2 -Help: Resolve names to IPv6 addresses -Category: connection dns ---- -This option tells curl to resolve names to IPv6 addresses only, and not for -example try IPv4. diff --git a/docs/cmdline-opts/ipv6.md b/docs/cmdline-opts/ipv6.md new file mode 100644 index 000000000000..c2f139877404 --- /dev/null +++ b/docs/cmdline-opts/ipv6.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 6 +Long: ipv6 +Tags: Versions +Protocols: +Added: 7.10.8 +Mutexed: ipv4 +Requires: +Help: Resolve names to IPv6 addresses +Category: connection dns +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --ipv6 $URL +--- + +# `--ipv6` + +Request only IPv6 addresses when resolving hostnames, and not for example any +IPv4. + +Your resolver may still respond to an IPv6-only resolve request by returning +IPv6 addresses that contain "mapped" IPv4 addresses for compatibility purposes. +macOS is known to do this. diff --git a/docs/cmdline-opts/json.md b/docs/cmdline-opts/json.md new file mode 100644 index 000000000000..3f1a9a1b749e --- /dev/null +++ b/docs/cmdline-opts/json.md @@ -0,0 +1,42 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: json +Arg: +Help: HTTP POST JSON +Protocols: HTTP +Mutexed: form head upload-file +Category: http post upload +Added: 7.82.0 +Multi: append +See-also: + - data-binary + - data-raw +Example: + - --json '{ "drink": "coffee" }' $URL + - --json '{ "drink":' --json ' "coffee" }' $URL + - --json @prepared $URL + - --json @- $URL < json.txt +--- + +# `--json` + +Send the specified JSON data in a POST request to the HTTP server. --json +works as a shortcut for passing on these three options: + + --data-binary [arg] + --header "Content-Type: application/json" + --header "Accept: application/json" + +There is **no verification** that the passed in data is actual JSON or that +the syntax is correct. + +If you start the data with the letter @, the rest should be a filename to read +the data from, or a single dash (-) if you want curl to read the data from +stdin. Posting data from a file named 'foobar' would thus be done with --json +@foobar and to instead read the data from stdin, use --json @-. + +If this option is used more than once on the same command line, the additional +data pieces are concatenated to the previous before sending. + +The headers this option sets can be overridden with --header as usual. diff --git a/docs/cmdline-opts/junk-session-cookies.d b/docs/cmdline-opts/junk-session-cookies.d deleted file mode 100644 index 993b77fa820a..000000000000 --- a/docs/cmdline-opts/junk-session-cookies.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: junk-session-cookies -Short: j -Help: Ignore session cookies read from file -Protocols: HTTP -See-also: cookie cookie-jar -Category: http ---- -When curl is told to read cookies from a given file, this option will make it -discard all "session cookies". This will basically have the same effect as if -a new session is started. Typical browsers always discard session cookies when -they're closed down. diff --git a/docs/cmdline-opts/junk-session-cookies.md b/docs/cmdline-opts/junk-session-cookies.md new file mode 100644 index 000000000000..668dfce2d67f --- /dev/null +++ b/docs/cmdline-opts/junk-session-cookies.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: junk-session-cookies +Short: j +Help: Ignore session cookies read from file +Protocols: HTTP +Category: http +Added: 7.9.7 +Multi: boolean +See-also: + - cookie + - cookie-jar +Example: + - --junk-session-cookies -b cookies.txt $URL +--- + +# `--junk-session-cookies` + +When curl is told to read cookies from a given file, this option makes it +discard all session cookies. This has the same effect as if a new session is +started. Typical browsers discard session cookies when they are closed down. + +Session cookies are cookies without a set expiry time. They are meant to only +last for "a session". diff --git a/docs/cmdline-opts/keepalive-cnt.md b/docs/cmdline-opts/keepalive-cnt.md new file mode 100644 index 000000000000..e56c976ecaa4 --- /dev/null +++ b/docs/cmdline-opts/keepalive-cnt.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: keepalive-cnt +Arg: +Help: Maximum number of keepalive probes +Added: 8.9.0 +Category: connection +Multi: single +See-also: + - keepalive-time + - no-keepalive +Example: + - --keepalive-cnt 3 $URL +--- + +# `--keepalive-cnt` + +Set the maximum number of keepalive probes TCP should send but get no response +before dropping the connection. This option is usually used in conjunction +with --keepalive-time. + +This option is supported on Linux, *BSD/macOS, Windows \>=10.0.16299, Solaris +11.4, and recent AIX, HP-UX and more. This option has no effect if +--no-keepalive is used. + +If unspecified, the option defaults to 9. diff --git a/docs/cmdline-opts/keepalive-time.d b/docs/cmdline-opts/keepalive-time.d deleted file mode 100644 index 41261535c835..000000000000 --- a/docs/cmdline-opts/keepalive-time.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: keepalive-time -Arg: -Help: Interval time for keepalive probes -Added: 7.18.0 -Category: connection ---- -This option sets the time a connection needs to remain idle before sending -keepalive probes and the time between individual keepalive probes. It is -currently effective on operating systems offering the TCP_KEEPIDLE and -TCP_KEEPINTVL socket options (meaning Linux, recent AIX, HP-UX and more). This -option has no effect if --no-keepalive is used. - -If this option is used several times, the last one will be used. If -unspecified, the option defaults to 60 seconds. diff --git a/docs/cmdline-opts/keepalive-time.md b/docs/cmdline-opts/keepalive-time.md new file mode 100644 index 000000000000..4b10ff6f4512 --- /dev/null +++ b/docs/cmdline-opts/keepalive-time.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: keepalive-time +Arg: +Help: Interval time for keepalive probes +Added: 7.18.0 +Category: connection timeout +Multi: single +See-also: + - no-keepalive + - keepalive-cnt + - max-time +Example: + - --keepalive-time 20 $URL +--- + +# `--keepalive-time` + +Set the time a connection needs to remain idle before sending keepalive probes +and the time between individual keepalive probes. It is currently effective on +operating systems offering the `TCP_KEEPIDLE` and `TCP_KEEPINTVL` socket +options (meaning Linux, *BSD/macOS, Windows, Solaris, and recent AIX, HP-UX and more). +Keepalive is used by the TCP stack to detect broken networks on idle connections. +The number of missed keepalive probes before declaring the connection down is OS +dependent and is commonly 8 (*BSD/macOS/AIX), 9 (Linux/AIX) or 5/10 (Windows), and +this number can be changed by specifying the curl option `keepalive-cnt`. +Note that this option has no effect if --no-keepalive is used. + +If unspecified, the option defaults to 60 seconds. diff --git a/docs/cmdline-opts/key-type.d b/docs/cmdline-opts/key-type.d deleted file mode 100644 index 50a068676ad7..000000000000 --- a/docs/cmdline-opts/key-type.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: key-type -Arg: -Help: Private key file type (DER/PEM/ENG) -Protocols: TLS -Category: tls ---- -Private key file type. Specify which type your --key provided private key -is. DER, PEM, and ENG are supported. If not specified, PEM is assumed. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/key-type.md b/docs/cmdline-opts/key-type.md new file mode 100644 index 000000000000..4128bfeafcd3 --- /dev/null +++ b/docs/cmdline-opts/key-type.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: key-type +Arg: +Help: Private key file type (DER/PEM/ENG) +Protocols: TLS +Category: tls +Added: 7.9.3 +Multi: single +See-also: + - key +Example: + - --key-type DER --key here $URL +--- + +# `--key-type` + +Private key file type. Specify which type your --key provided private key +is. DER, PEM, and ENG are supported. If not specified, PEM is assumed. diff --git a/docs/cmdline-opts/key.d b/docs/cmdline-opts/key.d deleted file mode 100644 index a762e6fafe97..000000000000 --- a/docs/cmdline-opts/key.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: key -Arg: -Protocols: TLS SSH -Help: Private key file name -Category: tls ssh ---- -Private key file name. Allows you to provide your private key in this separate -file. For SSH, if not specified, curl tries the following candidates in order: -\&'~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'. - -If curl is built against OpenSSL library, and the engine pkcs11 is available, -then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in a -PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a -PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set -as "pkcs11" if none was provided and the --key-type option will be set as -"ENG" if none was provided. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/key.md b/docs/cmdline-opts/key.md new file mode 100644 index 000000000000..cc4bc73fa5b3 --- /dev/null +++ b/docs/cmdline-opts/key.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: key +Arg: +Protocols: TLS SCP SFTP +Help: Private key filename +Category: tls ssh +Added: 7.9.3 +Multi: single +See-also: + - key-type + - cert +Example: + - --cert certificate --key here $URL +--- + +# `--key` + +Private key filename. Allows you to provide your private key in this separate +file. For SSH, if not specified, curl tries the following candidates in order: +`~/.ssh/id_rsa`, `~/.ssh/id_dsa`, `./id_rsa`, `./id_dsa`. + +If curl is built against OpenSSL library, and the engine pkcs11 or pkcs11 +provider is available, then a PKCS#11 URI (RFC 7512) can be used to specify a +private key located in a PKCS#11 device. A string beginning with `pkcs11:` is +interpreted as a PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine +option is set as `pkcs11` if none was provided and the --key-type option is +set as `ENG` or `PROV` if none was provided (depending on OpenSSL version). + +If curl is built against Schannel then this option is ignored for TLS +protocols (HTTPS, etc). That backend expects the private key to be already +present in the keychain or PKCS#12 file containing the certificate. diff --git a/docs/cmdline-opts/knownhosts.md b/docs/cmdline-opts/knownhosts.md new file mode 100644 index 000000000000..4b6386dd24ec --- /dev/null +++ b/docs/cmdline-opts/knownhosts.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: knownhosts +Arg: +Protocols: SCP SFTP +Help: Specify knownhosts path +Category: ssh +Added: 8.17.0 +Multi: single +See-also: + - hostpubsha256 + - hostpubmd5 + - insecure + - key +Example: + - --knownhosts filename --key here $URL +--- + +# `--knownhosts` + +When doing SCP and SFTP transfers, curl automatically checks a database +containing identification for all hosts it has ever been used with to verify +that the host it connects to is the same as previously. Host keys are stored +in such a known hosts file. curl uses the ~/.ssh/known_hosts in the user's +home directory by default. + +This option lets a user specify a specific file to check the host against. + +The known hosts check can be disabled with --insecure, but that makes the +transfer insecure and is strongly discouraged. diff --git a/docs/cmdline-opts/krb.d b/docs/cmdline-opts/krb.d deleted file mode 100644 index 7759cfb04be5..000000000000 --- a/docs/cmdline-opts/krb.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: krb -Arg: -Help: Enable Kerberos with security -Protocols: FTP -Requires: Kerberos -Category: ftp ---- -Enable Kerberos authentication and use. The level must be entered and should -be one of 'clear', 'safe', 'confidential', or 'private'. Should you use a -level that is not one of these, 'private' will instead be used. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/krb.md b/docs/cmdline-opts/krb.md new file mode 100644 index 000000000000..6d47a76d6ec4 --- /dev/null +++ b/docs/cmdline-opts/krb.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: krb +Arg: +Help: Enable Kerberos with security +Protocols: FTP +Requires: Kerberos +Category: deprecated +Added: 7.3 +Multi: single +See-also: + - delegation + - ssl +Example: + - --krb clear ftp://example.com/ +--- + +# `--krb` + +Deprecated option (added in 8.17.0). It has no function anymore. + +Enable Kerberos authentication and use. The level must be entered and should +be one of `clear`, `safe`, `confidential`, or `private`. Should you use a +level that is not one of these, `private` is used. diff --git a/docs/cmdline-opts/libcurl.d b/docs/cmdline-opts/libcurl.d deleted file mode 100644 index eb9850c680cc..000000000000 --- a/docs/cmdline-opts/libcurl.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: libcurl -Arg: -Help: Dump libcurl equivalent code of this command line -Added: 7.16.1 -Category: curl ---- -Append this option to any ordinary curl command line, and you will get a -libcurl-using C source code written to the file that does the equivalent -of what your command-line operation does! - -If this option is used several times, the last given file name will be -used. diff --git a/docs/cmdline-opts/libcurl.md b/docs/cmdline-opts/libcurl.md new file mode 100644 index 000000000000..e37e5aa0fadd --- /dev/null +++ b/docs/cmdline-opts/libcurl.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: libcurl +Arg: +Help: Generate libcurl code for this command line +Added: 7.16.1 +Category: curl global +Multi: single +Scope: global +See-also: + - verbose +Example: + - --libcurl client.c $URL +--- + +# `--libcurl` + +Append this option to any ordinary curl command line, and you get +libcurl-using C source code written to the file that does the equivalent of +what your command-line operation does. diff --git a/docs/cmdline-opts/limit-rate.d b/docs/cmdline-opts/limit-rate.d deleted file mode 100644 index cb3a8607707b..000000000000 --- a/docs/cmdline-opts/limit-rate.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: limit-rate -Arg: -Help: Limit transfer speed to RATE -Category: connection ---- -Specify the maximum transfer rate you want curl to use - for both downloads -and uploads. This feature is useful if you have a limited pipe and you'd like -your transfer not to use your entire bandwidth. To make it slower than it -otherwise would be. - -The given speed is measured in bytes/second, unless a suffix is appended. -Appending 'k' or 'K' will count the number as kilobytes, 'm' or 'M' makes it -megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K, 3m and 1G. - -If you also use the --speed-limit option, that option will take precedence and -might cripple the rate-limiting slightly, to help keeping the speed-limit -logic working. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/limit-rate.md b/docs/cmdline-opts/limit-rate.md new file mode 100644 index 000000000000..88f62709b0ab --- /dev/null +++ b/docs/cmdline-opts/limit-rate.md @@ -0,0 +1,42 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: limit-rate +Arg: +Help: Limit transfer speed to RATE +Category: connection +Added: 7.10 +Multi: single +See-also: + - rate + - speed-limit + - speed-time +Example: + - --limit-rate 123.45K $URL + - --limit-rate 1000 $URL + - --limit-rate 10M $URL + - --limit-rate 200K --max-time 60 $URL +--- + +# `--limit-rate` + +Specify the maximum transfer rate you want curl to use - for both downloads +and uploads. This feature is useful if you have a limited pipe and you would +like your transfer not to use your entire bandwidth. To make it slower than it +otherwise would be. + +The given speed is measured in bytes/second, unless a suffix is appended. +Appending 'k' or 'K' counts the number as kilobytes, 'm' or 'M' makes it +megabytes etc. The supported suffixes (k, M, G, T, P) are 1024-based. For +example 1k is 1024. Examples: 200K, 3m and 1G. + +The rate limiting logic works on averaging the transfer speed to no more than +the set threshold over a period of multiple seconds. + +If you also use the --speed-limit option, that option takes precedence and +might cripple the rate-limiting slightly, to help keep the speed-limit +logic working. + +Starting in curl 8.19.0, the rate can be specified using a fraction as in +`2.5M` for two and a half megabytes per second. It only works with a period +(`.`) delimiter, independent of what your locale might prefer. diff --git a/docs/cmdline-opts/list-only.d b/docs/cmdline-opts/list-only.d deleted file mode 100644 index c69885801b4d..000000000000 --- a/docs/cmdline-opts/list-only.d +++ /dev/null @@ -1,25 +0,0 @@ -Long: list-only -Short: l -Protocols: FTP POP3 -Help: List only mode -Added: 4.0 -Category: ftp pop3 ---- -(FTP) -When listing an FTP directory, this switch forces a name-only view. This is -especially useful if the user wants to machine-parse the contents of an FTP -directory since the normal directory view doesn't use a standard look or -format. When used like this, the option causes a NLST command to be sent to -the server instead of LIST. - -Note: Some FTP servers list only files in their response to NLST; they do not -include sub-directories and symbolic links. - -(POP3) -When retrieving a specific email from POP3, this switch forces a LIST command -to be performed instead of RETR. This is particularly useful if the user wants -to see if a specific message id exists on the server and what size it is. - -Note: When combined with --request, this option can be used to send an UIDL -command instead, so the user may use the email's unique identifier rather than -it's message id to make the request. diff --git a/docs/cmdline-opts/list-only.md b/docs/cmdline-opts/list-only.md new file mode 100644 index 000000000000..36d632103925 --- /dev/null +++ b/docs/cmdline-opts/list-only.md @@ -0,0 +1,43 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: list-only +Short: l +Protocols: FTP POP3 SFTP FILE +Help: List only mode +Added: 4.0 +Category: ftp pop3 sftp file +Multi: boolean +See-also: + - quote + - request +Example: + - --list-only ftp://example.com/dir/ +--- + +# `--list-only` + +When listing an FTP directory, force a name-only view. Maybe particularly +useful if the user wants to machine-parse the contents of an FTP directory +since the normal directory view does not use a standard look or format. When +used like this, the option causes an NLST command to be sent to the server +instead of LIST. + +Note: Some FTP servers list only files in their response to NLST; they do not +include subdirectories and symbolic links. + +When listing an SFTP directory, this switch forces a name-only view, one per +line. This is especially useful if the user wants to machine-parse the +contents of an SFTP directory since the normal directory view provides more +information than filenames. + +When retrieving a specific email from POP3, this switch forces a LIST command +to be performed instead of RETR. This is particularly useful if the user wants +to see if a specific message-id exists on the server and what size it is. + +For FILE, this option has no effect yet as directories are always listed in +this mode. + +Note: When combined with --request, this option can be used to send a UIDL +command instead, so the user may use the email's unique identifier rather than +its message-id to make the request. diff --git a/docs/cmdline-opts/local-port.d b/docs/cmdline-opts/local-port.d deleted file mode 100644 index 3f7a0e024a3d..000000000000 --- a/docs/cmdline-opts/local-port.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: local-port -Arg: -Help: Force use of RANGE for local port numbers -Added: 7.15.2 -Category: connection ---- -Set a preferred single number or range (FROM-TO) of local port numbers to use -for the connection(s). Note that port numbers by nature are a scarce resource -that will be busy at times so setting this range to something too narrow might -cause unnecessary connection setup failures. diff --git a/docs/cmdline-opts/local-port.md b/docs/cmdline-opts/local-port.md new file mode 100644 index 000000000000..b8c0d3fda1b7 --- /dev/null +++ b/docs/cmdline-opts/local-port.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: local-port +Arg: +Help: Use a local port number within RANGE +Added: 7.15.2 +Category: connection +Multi: single +See-also: + - globoff +Example: + - --local-port 1000-3000 $URL +--- + +# `--local-port` + +Set a preferred single number or range (FROM-TO) of local port numbers to use +for the connection(s). Note that port numbers by nature are a scarce resource +so setting this range to something too narrow might cause unnecessary +connection setup failures. diff --git a/docs/cmdline-opts/location-trusted.d b/docs/cmdline-opts/location-trusted.d deleted file mode 100644 index f01d842bc5e6..000000000000 --- a/docs/cmdline-opts/location-trusted.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: location-trusted -Help: Like --location, and send auth to other hosts -Protocols: HTTP -See-also: user -Category: http auth ---- -Like --location, but will allow sending the name + password to all hosts that -the site may redirect to. This may or may not introduce a security breach if -the site redirects you to a site to which you'll send your authentication info -(which is plaintext in the case of HTTP Basic authentication). diff --git a/docs/cmdline-opts/location-trusted.md b/docs/cmdline-opts/location-trusted.md new file mode 100644 index 000000000000..7d9810802c5d --- /dev/null +++ b/docs/cmdline-opts/location-trusted.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: location-trusted +Help: As --location, but send secrets to other hosts +Protocols: HTTP +Category: http auth +Added: 7.10.4 +Multi: boolean +See-also: + - user + - follow +Example: + - --location-trusted -u user:password $URL + - --location-trusted -H "Cookie: session=abc" $URL +--- + +# `--location-trusted` + +Instruct curl to follow HTTP redirects like --location, but permit curl to +send credentials and other secrets along to other hosts than the initial one. + +This may or may not introduce a security breach if the site redirects you to a +site to which you send this sensitive data to. Another host means that one or +more of hostname, protocol scheme or port number changed. + +This option also allows curl to pass long cookies set explicitly with --header. diff --git a/docs/cmdline-opts/location.d b/docs/cmdline-opts/location.d deleted file mode 100644 index c70b2eba885c..000000000000 --- a/docs/cmdline-opts/location.d +++ /dev/null @@ -1,26 +0,0 @@ -Long: location -Short: L -Help: Follow redirects -Protocols: HTTP -Category: http ---- -If the server reports that the requested page has moved to a different -location (indicated with a Location: header and a 3XX response code), this -option will make curl redo the request on the new place. If used together with ---include or --head, headers from all requested pages will be shown. When -authentication is used, curl only sends its credentials to the initial -host. If a redirect takes curl to a different host, it won't be able to -intercept the user+password. See also --location-trusted on how to change -this. You can limit the amount of redirects to follow by using the ---max-redirs option. - -When curl follows a redirect and if the request is a POST, it will do the -following request with a GET if the HTTP response was 301, 302, or 303. If the -response code was any other 3xx code, curl will re-send the following request -using the same unmodified method. - -You can tell curl to not change POST requests to GET after a 30x response by -using the dedicated options for that: --post301, --post302 and --post303. - -The method set with --request overrides the method curl would otherwise select -to use. diff --git a/docs/cmdline-opts/location.md b/docs/cmdline-opts/location.md new file mode 100644 index 000000000000..56950c2dfc1e --- /dev/null +++ b/docs/cmdline-opts/location.md @@ -0,0 +1,46 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: location +Short: L +Help: Follow redirects +Protocols: HTTP +Category: http +Added: 4.9 +Multi: boolean +See-also: + - resolve + - alt-svc + - follow + - proto-redir + - max-redirs +Example: + - -L $URL +--- + +# `--location` + +If the server reports that the requested page has moved to a different +location (indicated with a Location: header and a 3XX response code), this +option makes curl redo the request to the new place. If used together with +--show-headers or --head, headers from all requested pages are shown. + +When authentication is used, or when sending a cookie with `-H Cookie:`, curl +only sends its credentials to the initial host. If a redirect takes curl to a +different host, it does not get the credentials passed on. See +--location-trusted on how to change this. + +Limit the amount of redirects to follow by using the --max-redirs option. + +When curl follows a redirect and if the request is a POST, it sends the +following request with a GET if the HTTP response was 301, 302, or 303. If the +response code was any other 3xx code, curl resends the following request using +the same unmodified method. + +You can tell curl to not change POST requests to GET after a 30x response by +using the dedicated options for that: --post301, --post302 and --post303. + +The method set with --request overrides the method curl would otherwise select +to use. + +Restrict which protocols a redirect is accepted to follow with --proto-redir. diff --git a/docs/cmdline-opts/login-options.d b/docs/cmdline-opts/login-options.d deleted file mode 100644 index 887d5d517eaf..000000000000 --- a/docs/cmdline-opts/login-options.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: login-options -Arg: -Protocols: IMAP POP3 SMTP -Help: Server login options -Added: 7.34.0 -Category: imap pop3 smtp auth ---- -Specify the login options to use during server authentication. - -You can use the login options to specify protocol specific options that may -be used during authentication. At present only IMAP, POP3 and SMTP support -login options. For more information about the login options please see -RFC 2384, RFC 5092 and IETF draft draft-earhart-url-smtp-00.txt - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/login-options.md b/docs/cmdline-opts/login-options.md new file mode 100644 index 000000000000..fc8292a2b957 --- /dev/null +++ b/docs/cmdline-opts/login-options.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: login-options +Arg: +Protocols: IMAP LDAP POP3 SMTP +Help: Server login options +Added: 7.34.0 +Category: imap pop3 smtp auth ldap +Multi: single +See-also: + - user +Example: + - --login-options 'AUTH=*' imap://example.com +--- + +# `--login-options` + +Specify the login options to use during server authentication. + +You can use login options to specify protocol specific options that may be +used during authentication. At present only IMAP, POP3 and SMTP support login +options. For more information about login options please see RFC 2384, +RFC 5092 and the IETF draft +https://datatracker.ietf.org/doc/html/draft-earhart-url-smtp-00 + +Since 8.2.0, IMAP supports the login option `AUTH=+LOGIN`. With this option, +curl uses the plain (not SASL) `LOGIN IMAP` command even if the server +advertises SASL authentication. Care should be taken in using this option, as +it sends your password over the network in plain text. This does not work if +the IMAP server disables the plain `LOGIN` (e.g. to prevent password +snooping). diff --git a/docs/cmdline-opts/mail-auth.d b/docs/cmdline-opts/mail-auth.d deleted file mode 100644 index 529997161dd8..000000000000 --- a/docs/cmdline-opts/mail-auth.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: mail-auth -Arg:
-Protocols: SMTP -Help: Originator address of the original email -Added: 7.25.0 -See-also: mail-rcpt mail-from -Category: smtp ---- -Specify a single address. This will be used to specify the authentication -address (identity) of a submitted message that is being relayed to another -server. diff --git a/docs/cmdline-opts/mail-auth.md b/docs/cmdline-opts/mail-auth.md new file mode 100644 index 000000000000..deabb38b97ae --- /dev/null +++ b/docs/cmdline-opts/mail-auth.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: mail-auth +Arg:
+Protocols: SMTP +Help: Originator address of the original email +Added: 7.25.0 +Category: smtp +Multi: single +See-also: + - mail-rcpt + - mail-from +Example: + - --mail-auth user@example.com -T mail smtp://example.com/ +--- + +# `--mail-auth` + +Specify a single address. This is used to specify the authentication address +(identity) of a submitted message that is being relayed to another server. diff --git a/docs/cmdline-opts/mail-from.d b/docs/cmdline-opts/mail-from.d deleted file mode 100644 index faf48e2a4b02..000000000000 --- a/docs/cmdline-opts/mail-from.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: mail-from -Arg:
-Help: Mail from this address -Protocols: SMTP -Added: 7.20.0 -See-also: mail-rcpt mail-auth -Category: smtp ---- -Specify a single address that the given mail should get sent from. diff --git a/docs/cmdline-opts/mail-from.md b/docs/cmdline-opts/mail-from.md new file mode 100644 index 000000000000..96b062501be6 --- /dev/null +++ b/docs/cmdline-opts/mail-from.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: mail-from +Arg:
+Help: Mail from this address +Protocols: SMTP +Added: 7.20.0 +Category: smtp +Multi: single +See-also: + - mail-rcpt + - mail-auth +Example: + - --mail-from user@example.com -T mail smtp://example.com/ +--- + +# `--mail-from` + +Specify a single address that the given mail should get sent from. diff --git a/docs/cmdline-opts/mail-rcpt-allowfails.d b/docs/cmdline-opts/mail-rcpt-allowfails.d deleted file mode 100644 index 76457c32ea98..000000000000 --- a/docs/cmdline-opts/mail-rcpt-allowfails.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: mail-rcpt-allowfails -Help: Allow RCPT TO command to fail for some recipients -Protocols: SMTP -Added: 7.69.0 -Category: smtp ---- -When sending data to multiple recipients, by default curl will abort SMTP -conversation if at least one of the recipients causes RCPT TO command to -return an error. - -The default behavior can be changed by passing --mail-rcpt-allowfails -command-line option which will make curl ignore errors and proceed with the -remaining valid recipients. - -In case when all recipients cause RCPT TO command to fail, curl will abort SMTP -conversation and return the error received from to the last RCPT TO command. \ No newline at end of file diff --git a/docs/cmdline-opts/mail-rcpt-allowfails.md b/docs/cmdline-opts/mail-rcpt-allowfails.md new file mode 100644 index 000000000000..a82948bbc4fe --- /dev/null +++ b/docs/cmdline-opts/mail-rcpt-allowfails.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: mail-rcpt-allowfails +Help: Allow RCPT TO command to fail +Protocols: SMTP +Added: 7.69.0 +Category: smtp +Multi: boolean +See-also: + - mail-rcpt +Example: + - --mail-rcpt-allowfails --mail-rcpt dest@example.com smtp://example.com +--- + +# `--mail-rcpt-allowfails` + +When sending data to multiple recipients, by default curl aborts SMTP +conversation if at least one of the recipients causes RCPT TO command to +return an error. + +The default behavior can be changed by passing --mail-rcpt-allowfails +command-line option which makes curl ignore errors and proceed with the +remaining valid recipients. + +If all recipients trigger RCPT TO failures and this flag is specified, curl +still aborts the SMTP conversation and returns the error received from to the +last RCPT TO command. diff --git a/docs/cmdline-opts/mail-rcpt.d b/docs/cmdline-opts/mail-rcpt.d deleted file mode 100644 index d8ae046ee4de..000000000000 --- a/docs/cmdline-opts/mail-rcpt.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: mail-rcpt -Arg:
-Help: Mail to this address -Protocols: SMTP -Added: 7.20.0 -Category: smtp ---- -Specify a single address, user name or mailing list name. Repeat this -option several times to send to multiple recipients. - -When performing a mail transfer, the recipient should specify a valid email -address to send the mail to. - -When performing an address verification (VRFY command), the recipient should be -specified as the user name or user name and domain (as per Section 3.5 of -RFC5321). (Added in 7.34.0) - -When performing a mailing list expand (EXPN command), the recipient should be -specified using the mailing list name, such as "Friends" or "London-Office". -(Added in 7.34.0) diff --git a/docs/cmdline-opts/mail-rcpt.md b/docs/cmdline-opts/mail-rcpt.md new file mode 100644 index 000000000000..bd787c2fa08b --- /dev/null +++ b/docs/cmdline-opts/mail-rcpt.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: mail-rcpt +Arg:
+Help: Mail to this address +Protocols: SMTP +Added: 7.20.0 +Category: smtp +Multi: append +See-also: + - mail-rcpt-allowfails +Example: + - --mail-rcpt user@example.net smtp://example.com +--- + +# `--mail-rcpt` + +Specify a single email address, username or mailing list name. Repeat this +option several times to send to multiple recipients. + +When performing an address verification (**VRFY** command), the recipient +should be specified as the username or username and domain (as per Section 3.5 +of RFC 5321). (Added in 7.34.0) + +When performing a mailing list expand (EXPN command), the recipient should be +specified using the mailing list name, such as "Friends" or "London-Office". +(Added in 7.34.0) diff --git a/docs/cmdline-opts/mainpage.idx b/docs/cmdline-opts/mainpage.idx new file mode 100644 index 000000000000..8496ee46dc55 --- /dev/null +++ b/docs/cmdline-opts/mainpage.idx @@ -0,0 +1,43 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +_NAME.md +_SYNOPSIS.md +_DESCRIPTION.md +_URL.md +_GLOBBING.md +_VARIABLES.md +_OUTPUT.md +_PROTOCOLS.md +_PROGRESS.md +_VERSION.md +_OPTIONS.md +%options +_FILES.md +_ENVIRONMENT.md +_PROXYPREFIX.md +_EXITCODES.md +_BUGS.md +_AUTHORS.md +_WWW.md +_SEEALSO.md diff --git a/docs/cmdline-opts/manual.d b/docs/cmdline-opts/manual.d deleted file mode 100644 index 25ed08dd2747..000000000000 --- a/docs/cmdline-opts/manual.d +++ /dev/null @@ -1,6 +0,0 @@ -Long: manual -Short: M -Help: Display the full manual -Category: curl ---- -Manual. Display the huge help text. diff --git a/docs/cmdline-opts/manual.md b/docs/cmdline-opts/manual.md new file mode 100644 index 000000000000..bf44f3b8ad4c --- /dev/null +++ b/docs/cmdline-opts/manual.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: manual +Short: M +Help: Display the full manual +Category: curl +Added: 5.2 +Multi: custom +See-also: + - verbose + - libcurl + - trace +Example: + - --manual +--- + +# `--manual` + +Manual. Display the huge help text. diff --git a/docs/cmdline-opts/max-filesize.d b/docs/cmdline-opts/max-filesize.d deleted file mode 100644 index e1e2849fcf4a..000000000000 --- a/docs/cmdline-opts/max-filesize.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: max-filesize -Arg: -Help: Maximum file size to download -See-also: limit-rate -Category: connection ---- -Specify the maximum size (in bytes) of a file to download. If the file -requested is larger than this value, the transfer will not start and curl will -return with exit code 63. - -A size modifier may be used. For example, Appending 'k' or 'K' will count the -number as kilobytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it -gigabytes. Examples: 200K, 3m and 1G. (Added in 7.58.0) - -**NOTE**: The file size is not always known prior to download, and for such -files this option has no effect even if the file transfer ends up being larger -than this given limit. This concerns both FTP and HTTP transfers. diff --git a/docs/cmdline-opts/max-filesize.md b/docs/cmdline-opts/max-filesize.md new file mode 100644 index 000000000000..02b2293c56b2 --- /dev/null +++ b/docs/cmdline-opts/max-filesize.md @@ -0,0 +1,42 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: max-filesize +Arg: +Help: Maximum file size to download +Protocols: FTP HTTP MQTT +Category: connection +Added: 7.10.8 +Multi: single +See-also: + - limit-rate +Example: + - --max-filesize 100K $URL + - --max-filesize 2.6M $URL +--- + +# `--max-filesize` + +When set to a non-zero value, it specifies the maximum size (in bytes) of a +file to download. If the file requested is larger than this value, the +transfer does not start and curl returns with exit code 63. + +Setting the maximum value to zero disables the limit. + +A unit suffix letter can be used. Appending 'k' or 'K' counts the number as +kilobytes, 'm' or 'M' makes it megabytes etc. The supported suffixes (k, M, G, +T, P) are 1024-based. Examples: 200K, 3m and 1G. (Added in 7.58.0) + +**NOTE**: before curl 8.4.0, when the file size is not known prior to +download, for such files this option has no effect even if the file transfer +ends up being larger than this given limit. + +Starting with curl 8.4.0, this option aborts the transfer if it reaches the +threshold during transfer. + +Starting in curl 8.19.0, the maximum size can be specified using a fraction as +in `2.5M` for two and a half megabytes. It only works with a period (`.`) +delimiter, independent of what your locale might prefer. + +Since 8.20.0, this option also stops ongoing transfers that would reach this +threshold due to automatic decompression using --compressed. diff --git a/docs/cmdline-opts/max-redirs.d b/docs/cmdline-opts/max-redirs.d deleted file mode 100644 index ba16c43fc1f0..000000000000 --- a/docs/cmdline-opts/max-redirs.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: max-redirs -Arg: -Help: Maximum number of redirects allowed -Protocols: HTTP -Category: http ---- -Set maximum number of redirection-followings allowed. When --location is used, -is used to prevent curl from following redirections too much. By default, the -limit is set to 50 redirections. Set this option to -1 to make it unlimited. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/max-redirs.md b/docs/cmdline-opts/max-redirs.md new file mode 100644 index 000000000000..02bdfaa7fb63 --- /dev/null +++ b/docs/cmdline-opts/max-redirs.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: max-redirs +Arg: +Help: Maximum number of redirects allowed +Protocols: HTTP +Category: http +Added: 7.5 +Multi: single +See-also: + - location + - follow +Example: + - --max-redirs 3 --location $URL +--- + +# `--max-redirs` + +Set the maximum number of redirections to follow. When --location or --follow +are used, this option prevents curl from following too many redirects. By +default the limit is set to 50 redirects. Set this option to -1 to make it +unlimited. diff --git a/docs/cmdline-opts/max-time.d b/docs/cmdline-opts/max-time.d deleted file mode 100644 index c4e4ed7eb48c..000000000000 --- a/docs/cmdline-opts/max-time.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: max-time -Short: m -Arg: -Help: Maximum time allowed for the transfer -See-also: connect-timeout -Category: connection ---- -Maximum time in seconds that you allow the whole operation to take. This is -useful for preventing your batch jobs from hanging for hours due to slow -networks or links going down. Since 7.32.0, this option accepts decimal -values, but the actual timeout will decrease in accuracy as the specified -timeout increases in decimal precision. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/max-time.md b/docs/cmdline-opts/max-time.md new file mode 100644 index 000000000000..2475dd1986a3 --- /dev/null +++ b/docs/cmdline-opts/max-time.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: max-time +Short: m +Arg: +Help: Maximum time allowed for transfer +Category: connection timeout +Added: 4.0 +Multi: single +See-also: + - connect-timeout + - retry-max-time +Example: + - --max-time 10 $URL + - --max-time 2.92 $URL +--- + +# `--max-time` + +Set the maximum time in seconds that you allow each transfer to take. Prevents +your batch jobs from hanging for hours due to slow networks or links going +down. This option accepts decimal values (added in 7.32.0). + +If you enable retrying the transfer (--retry) then the maximum time counter is +reset each time the transfer is retried. You can use --retry-max-time to limit +the retry time. + +The decimal value needs to be provided using a dot (.) as decimal separator - +not the local version even if it might be using another separator. diff --git a/docs/cmdline-opts/metalink.d b/docs/cmdline-opts/metalink.d deleted file mode 100644 index 1dced5c72ff1..000000000000 --- a/docs/cmdline-opts/metalink.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: metalink -Help: Process given URLs as metalink XML file -Added: 7.27.0 -Category: misc ---- -This option was previously used to specify a metalink resource. Metalink -support has unfortunately been disabled in curl since 7.78.0 due to security -reasons. \ No newline at end of file diff --git a/docs/cmdline-opts/metalink.md b/docs/cmdline-opts/metalink.md new file mode 100644 index 000000000000..d3d3e2574655 --- /dev/null +++ b/docs/cmdline-opts/metalink.md @@ -0,0 +1,18 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: metalink +Help: Process given URLs as metalink XML file +Added: 7.27.0 +Category: deprecated +Multi: single +See-also: + - parallel +Example: + - --metalink file $URL +--- + +# `--metalink` + +This option was previously used to specify a Metalink resource. Metalink +support is disabled in curl for security reasons (added in 7.78.0). diff --git a/docs/cmdline-opts/mptcp.md b/docs/cmdline-opts/mptcp.md new file mode 100644 index 000000000000..4a1bb65c067e --- /dev/null +++ b/docs/cmdline-opts/mptcp.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Dorian Craps, +SPDX-License-Identifier: curl +Long: mptcp +Added: 8.9.0 +Help: Enable Multipath TCP +Category: connection +Multi: boolean +See-also: + - tcp-fastopen +Example: + - --mptcp $URL +--- + +# `--mptcp` + +Enable the use of Multipath TCP (MPTCP) for connections. MPTCP is an extension +to the standard TCP that allows multiple TCP streams over different network +paths between the same source and destination. This can enhance bandwidth and +improve reliability by using multiple paths simultaneously. + +MPTCP is beneficial in networks where multiple paths exist between clients and +servers, such as mobile networks where a device may switch between WiFi and +cellular data or in wired networks with multiple Internet Service Providers. + +This option is currently only supported on Linux starting from kernel 5.6. Only +TCP connections are modified, hence this option does not affect HTTP/3 (QUIC) +or UDP connections. + +The server curl connects to must also support MPTCP. If not, the connection +seamlessly falls back to TCP. diff --git a/docs/cmdline-opts/negotiate.d b/docs/cmdline-opts/negotiate.d deleted file mode 100644 index e247bfbee5b2..000000000000 --- a/docs/cmdline-opts/negotiate.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: negotiate -Help: Use HTTP Negotiate (SPNEGO) authentication -Protocols: HTTP -See-also: basic ntlm anyauth proxy-negotiate -Category: auth http ---- -Enables Negotiate (SPNEGO) authentication. - -This option requires a library built with GSS-API or SSPI support. Use ---version to see if your curl supports GSS-API/SSPI or SPNEGO. - -When using this option, you must also provide a fake --user option to activate -the authentication code properly. Sending a '-u :' is enough as the user name -and password from the --user option aren't actually used. - -If this option is used several times, only the first one is used. diff --git a/docs/cmdline-opts/negotiate.md b/docs/cmdline-opts/negotiate.md new file mode 100644 index 000000000000..b7982d7c484a --- /dev/null +++ b/docs/cmdline-opts/negotiate.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: negotiate +Help: Use HTTP Negotiate (SPNEGO) authentication +Protocols: HTTP +Category: auth http +Added: 7.10.6 +Multi: boolean +See-also: + - basic + - ntlm + - anyauth + - proxy-negotiate +Example: + - --negotiate -u : $URL +--- + +# `--negotiate` + +Enable Negotiate (SPNEGO) authentication. + +This option requires a library built with GSS-API or SSPI support. Use +--version to see if your curl supports GSS-API/SSPI or SPNEGO. + +When using this option, you must also provide a fake --user option to activate +the authentication code properly. Sending a '-u :' is enough as the username +and password from the --user option are not actually used. diff --git a/docs/cmdline-opts/netrc-file.d b/docs/cmdline-opts/netrc-file.d deleted file mode 100644 index 95fb2654a241..000000000000 --- a/docs/cmdline-opts/netrc-file.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: netrc-file -Help: Specify FILE for netrc -Arg: -Added: 7.21.5 -Mutexed: netrc -Category: curl ---- -This option is similar to --netrc, except that you provide the path (absolute -or relative) to the netrc file that curl should use. You can only specify one -netrc file per invocation. If several --netrc-file options are provided, -the last one will be used. - -It will abide by --netrc-optional if specified. diff --git a/docs/cmdline-opts/netrc-file.md b/docs/cmdline-opts/netrc-file.md new file mode 100644 index 000000000000..3df72ce145e7 --- /dev/null +++ b/docs/cmdline-opts/netrc-file.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: netrc-file +Help: Specify FILE for netrc +Arg: +Added: 7.21.5 +Mutexed: netrc +Category: auth +Multi: single +See-also: + - netrc + - user + - config +Example: + - --netrc-file netrc $URL +--- + +# `--netrc-file` + +Set the netrc file to use. Similar to --netrc, except that you also provide +the path (absolute or relative). + +It abides by --netrc-optional if specified. diff --git a/docs/cmdline-opts/netrc-optional.d b/docs/cmdline-opts/netrc-optional.d deleted file mode 100644 index e0b59d19b87c..000000000000 --- a/docs/cmdline-opts/netrc-optional.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: netrc-optional -Help: Use either .netrc or URL -Mutexed: netrc -See-also: netrc-file -Category: curl ---- -Very similar to --netrc, but this option makes the .netrc usage **optional** -and not mandatory as the --netrc option does. diff --git a/docs/cmdline-opts/netrc-optional.md b/docs/cmdline-opts/netrc-optional.md new file mode 100644 index 000000000000..9b9c068c88f6 --- /dev/null +++ b/docs/cmdline-opts/netrc-optional.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: netrc-optional +Help: Use either .netrc or URL +Mutexed: netrc +Category: auth +Added: 7.9.8 +Multi: boolean +See-also: + - netrc-file +Example: + - --netrc-optional $URL +--- + +# `--netrc-optional` + +Similar to --netrc, but this option makes the .netrc usage **optional** +and not mandatory as the --netrc option does. diff --git a/docs/cmdline-opts/netrc.d b/docs/cmdline-opts/netrc.d deleted file mode 100644 index cab3385b4732..000000000000 --- a/docs/cmdline-opts/netrc.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: netrc -Short: n -Help: Must read .netrc for user name and password -Category: curl ---- -Makes curl scan the *.netrc* (*_netrc* on Windows) file in the user's home -directory for login name and password. This is typically used for FTP on -Unix. If used with HTTP, curl will enable user authentication. See -*netrc(5)* *ftp(1)* for details on the file format. Curl will not -complain if that file doesn't have the right permissions (it should not be -either world- or group-readable). The environment variable "HOME" is used to -find the home directory. - -A quick and very simple example of how to setup a *.netrc* to allow curl -to FTP to the machine host.domain.com with user name \&'myself' and password -\&'secret' should look similar to: - -.B "machine host.domain.com login myself password secret" diff --git a/docs/cmdline-opts/netrc.md b/docs/cmdline-opts/netrc.md new file mode 100644 index 000000000000..03a7ed6e5ded --- /dev/null +++ b/docs/cmdline-opts/netrc.md @@ -0,0 +1,52 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: netrc +Short: n +Help: Must read .netrc for username and password +Category: auth +Added: 4.6 +Mutexed: netrc-file netrc-optional +Multi: boolean +See-also: + - netrc-file + - config + - user +Example: + - --netrc $URL +--- + +# `--netrc` + +Make curl scan the *.netrc* file in the user's home directory for login name +and password. This is typically used for FTP on Unix. If used with HTTP, curl +enables user authentication. See *netrc(5)* and *ftp(1)* for details on the +file format. curl does not complain if that file does not have the right +permissions (it should be neither world- nor group-readable). The environment +variable `HOME` is used to find the home directory. If the `NETRC` environment +variable is set, that filename is used as the netrc file. (Added in 8.16.0) + +If --netrc-file is used, that overrides all other ways to figure out the file. + +The netrc file provides credentials for a hostname independent of which +protocol and port number that are used. + +On Windows two filenames in the home directory are checked: *.netrc* and +*_netrc*, preferring the former. Older versions on Windows checked for +*_netrc* only. + +A quick and simple example of how to setup a *.netrc* to allow curl to access +the machine host.example.com with username `myself` and password `secret` +could look similar to: + + machine host.example.com + login myself + password secret + +curl also supports the `default` keyword. This is the same as machine name +except that default matches any name. There can be only one `default` token, +and it must be after all machine tokens. + +When providing a username in the URL and a *.netrc* file, curl looks for the +password for that specific user for the given host if such an entry appears in +the file before a "generic" `machine` entry without `login` specified. diff --git a/docs/cmdline-opts/next.d b/docs/cmdline-opts/next.d deleted file mode 100644 index 1adcc7535c13..000000000000 --- a/docs/cmdline-opts/next.d +++ /dev/null @@ -1,21 +0,0 @@ -Short: : -Long: next -Tags: -Protocols: -Added: 7.36.0 -Magic: divider -Help: Make next URL use its separate set of options -Category: curl ---- -Tells curl to use a separate operation for the following URL and associated -options. This allows you to send several URL requests, each with their own -specific options, for example, such as different user names or custom requests -for each. - ---next will reset all local options and only global ones will have their -values survive over to the operation following the --next instruction. Global -options include --verbose, --trace, --trace-ascii and --fail-early. - -For example, you can do both a GET and a POST in a single command line: - - curl www1.example.com --next -d postthis www2.example.com diff --git a/docs/cmdline-opts/next.md b/docs/cmdline-opts/next.md new file mode 100644 index 000000000000..cb67e907f438 --- /dev/null +++ b/docs/cmdline-opts/next.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: : +Long: next +Tags: +Protocols: +Added: 7.36.0 +Magic: divider +Help: Make next URL use separate options +Category: curl +Multi: append +See-also: + - parallel + - config +Example: + - $URL --next -d postthis www2.example.com + - -I $URL --next https://example.net/ +--- + +# `--next` + +Use a separate operation for the following URL and associated options. This +allows you to send several URL requests, each with their own specific options, +for example, such as different usernames or custom requests for each. + +--next resets all local options and only global ones have their values survive +over to the operation following the --next instruction. Global options include +--verbose, --trace, --trace-ascii and --fail-early. + +For example, you can do both a GET and a POST in a single command line: + + curl www1.example.com --next -d postthis www2.example.com diff --git a/docs/cmdline-opts/no-alpn.d b/docs/cmdline-opts/no-alpn.d deleted file mode 100644 index 8031b4f07987..000000000000 --- a/docs/cmdline-opts/no-alpn.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: no-alpn -Tags: HTTP/2 -Protocols: HTTPS -Added: 7.36.0 -See-also: no-npn http2 -Requires: TLS -Help: Disable the ALPN TLS extension -Category: tls http ---- -Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built -with an SSL library that supports ALPN. ALPN is used by a libcurl that supports -HTTP/2 to negotiate HTTP/2 support with the server during https sessions. diff --git a/docs/cmdline-opts/no-alpn.md b/docs/cmdline-opts/no-alpn.md new file mode 100644 index 000000000000..475294878727 --- /dev/null +++ b/docs/cmdline-opts/no-alpn.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-alpn +Tags: HTTP/2 +Protocols: HTTPS +Added: 7.36.0 +Requires: TLS +Help: Disable the ALPN TLS extension +Category: tls http +Multi: boolean +See-also: + - no-npn + - http2 +Example: + - --no-alpn $URL +--- + +# `--no-alpn` + +Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built +with an SSL library that supports ALPN. ALPN is used by a libcurl that supports +HTTP/2 to negotiate HTTP/2 support with the server during https sessions. + +Note that this is the negated option name documented. You can use --alpn to +enable ALPN. diff --git a/docs/cmdline-opts/no-buffer.d b/docs/cmdline-opts/no-buffer.d deleted file mode 100644 index 1079f47128cf..000000000000 --- a/docs/cmdline-opts/no-buffer.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: no-buffer -Short: N -Help: Disable buffering of the output stream -Category: curl ---- -Disables the buffering of the output stream. In normal work situations, curl -will use a standard buffered output stream that will have the effect that it -will output the data in chunks, not necessarily exactly when the data arrives. -Using this option will disable that buffering. - -Note that this is the negated option name documented. You can thus use ---buffer to enforce the buffering. diff --git a/docs/cmdline-opts/no-buffer.md b/docs/cmdline-opts/no-buffer.md new file mode 100644 index 000000000000..442beb0b3c01 --- /dev/null +++ b/docs/cmdline-opts/no-buffer.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-buffer +Short: N +Help: Disable buffering of the output stream +Category: output +Added: 6.5 +Multi: boolean +See-also: + - progress-bar +Example: + - --no-buffer $URL +--- + +# `--no-buffer` + +Disable the buffering of the output stream. In normal work situations, curl +uses a standard buffered output stream that has the effect that it outputs the +data in chunks, not necessarily exactly when the data arrives. Using this +option disables that buffering. + +Note that this is the negated option name documented. You can use --buffer to +enable buffering again. diff --git a/docs/cmdline-opts/no-clobber.md b/docs/cmdline-opts/no-clobber.md new file mode 100644 index 000000000000..02a74b25e4d4 --- /dev/null +++ b/docs/cmdline-opts/no-clobber.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-clobber +Help: Do not overwrite files that already exist +Category: output +Added: 7.83.0 +Multi: boolean +See-also: + - output + - remote-name +Example: + - --no-clobber --output local/dir/file $URL +--- + +# `--no-clobber` + +When used in conjunction with the --output, --remote-header-name, +--remote-name, or --remote-name-all options, curl avoids overwriting files +that already exist. Instead, a dot and a number gets appended to the name of +the file that would be created, up to filename.100 after which it does not +create any file. + +Note that this is the negated option name documented. You can thus use +--clobber to enforce the clobbering, even if --remote-header-name is +specified. + +The --continue-at option cannot be used together with --no-clobber. diff --git a/docs/cmdline-opts/no-keepalive.d b/docs/cmdline-opts/no-keepalive.d deleted file mode 100644 index 72f3bc9a5bc9..000000000000 --- a/docs/cmdline-opts/no-keepalive.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: no-keepalive -Help: Disable TCP keepalive on the connection -Category: connection ---- -Disables the use of keepalive messages on the TCP connection. curl otherwise -enables them by default. - -Note that this is the negated option name documented. You can thus use ---keepalive to enforce keepalive. diff --git a/docs/cmdline-opts/no-keepalive.md b/docs/cmdline-opts/no-keepalive.md new file mode 100644 index 000000000000..99dd0329dbeb --- /dev/null +++ b/docs/cmdline-opts/no-keepalive.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-keepalive +Help: Disable TCP keepalive on the connection +Category: connection +Added: 7.18.0 +Multi: boolean +See-also: + - keepalive-time + - keepalive-cnt +Example: + - --no-keepalive $URL +--- + +# `--no-keepalive` + +Disable the use of keepalive messages on the TCP connection. curl otherwise +enables them by default. + +Note that this is the negated option name documented. You can thus use +--keepalive to enforce keepalive. diff --git a/docs/cmdline-opts/no-npn.d b/docs/cmdline-opts/no-npn.d deleted file mode 100644 index 27e5974bdf7b..000000000000 --- a/docs/cmdline-opts/no-npn.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: no-npn -Tags: Versions HTTP/2 -Protocols: HTTPS -Added: 7.36.0 -Mutexed: -See-also: no-alpn http2 -Requires: TLS -Help: Disable the NPN TLS extension -Category: tls http ---- -Disable the NPN TLS extension. NPN is enabled by default if libcurl was built -with an SSL library that supports NPN. NPN is used by a libcurl that supports -HTTP/2 to negotiate HTTP/2 support with the server during https sessions. diff --git a/docs/cmdline-opts/no-npn.md b/docs/cmdline-opts/no-npn.md new file mode 100644 index 000000000000..dbb69e91bb50 --- /dev/null +++ b/docs/cmdline-opts/no-npn.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-npn +Tags: Versions HTTP/2 +Protocols: HTTPS +Added: 7.36.0 +Mutexed: +Requires: TLS +Help: Disable the NPN TLS extension +Category: deprecated +Multi: boolean +See-also: + - no-alpn + - http2 +Example: + - --no-npn $URL +--- + +# `--no-npn` + +curl never uses NPN, this option has no effect (added in 7.86.0). + +Disable the NPN TLS extension. NPN is enabled by default if libcurl was built +with an SSL library that supports NPN. NPN is used by a libcurl that supports +HTTP/2 to negotiate HTTP/2 support with the server during https sessions. diff --git a/docs/cmdline-opts/no-progress-meter.d b/docs/cmdline-opts/no-progress-meter.d deleted file mode 100644 index bf28d635d5f2..000000000000 --- a/docs/cmdline-opts/no-progress-meter.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: no-progress-meter -Help: Do not show the progress meter -See-also: verbose silent -Added: 7.67.0 -Category: verbose ---- -Option to switch off the progress meter output without muting or otherwise -affecting warning and informational messages like --silent does. - -Note that this is the negated option name documented. You can thus use ---progress-meter to enable the progress meter again. diff --git a/docs/cmdline-opts/no-progress-meter.md b/docs/cmdline-opts/no-progress-meter.md new file mode 100644 index 000000000000..72ec993762ca --- /dev/null +++ b/docs/cmdline-opts/no-progress-meter.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-progress-meter +Help: Do not show the progress meter +Added: 7.67.0 +Category: verbose +Multi: boolean +See-also: + - verbose + - silent +Example: + - --no-progress-meter -o store $URL +--- + +# `--no-progress-meter` + +Option to switch off the progress meter output without muting or otherwise +affecting warning and informational messages like --silent does. + +Note that this is the negated option name documented. You can thus use +--progress-meter to enable the progress meter again. diff --git a/docs/cmdline-opts/no-sessionid.d b/docs/cmdline-opts/no-sessionid.d deleted file mode 100644 index 013ca4cb47e7..000000000000 --- a/docs/cmdline-opts/no-sessionid.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: no-sessionid -Help: Disable SSL session-ID reusing -Protocols: TLS -Added: 7.16.0 -Category: tls ---- -Disable curl's use of SSL session-ID caching. By default all transfers are -done using the cache. Note that while nothing should ever get hurt by -attempting to reuse SSL session-IDs, there seem to be broken SSL -implementations in the wild that may require you to disable this in order for -you to succeed. - -Note that this is the negated option name documented. You can thus use ---sessionid to enforce session-ID caching. diff --git a/docs/cmdline-opts/no-sessionid.md b/docs/cmdline-opts/no-sessionid.md new file mode 100644 index 000000000000..08ba990beecf --- /dev/null +++ b/docs/cmdline-opts/no-sessionid.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-sessionid +Help: Disable SSL session-ID reusing +Protocols: TLS +Added: 7.16.0 +Category: tls +Multi: boolean +See-also: + - insecure +Example: + - --no-sessionid $URL +--- + +# `--no-sessionid` + +Disable curl's use of SSL session-ID caching. By default all transfers are +done using the cache. Note that while nothing should ever get hurt by +attempting to reuse SSL session-IDs, there seem to be broken SSL +implementations in the wild that may require you to disable this in order for +you to succeed. + +Note that this is the negated option name documented. You can thus use +--sessionid to enforce session-ID caching. diff --git a/docs/cmdline-opts/noproxy.d b/docs/cmdline-opts/noproxy.d deleted file mode 100644 index 12ce6d3ed205..000000000000 --- a/docs/cmdline-opts/noproxy.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: noproxy -Arg: -Help: List of hosts which do not use proxy -Added: 7.19.4 -Category: proxy ---- -Comma-separated list of hosts which do not use a proxy, if one is specified. -The only wildcard is a single * character, which matches all hosts, and -effectively disables the proxy. Each name in this list is matched as either -a domain which contains the hostname, or the hostname itself. For example, -local.com would match local.com, local.com:80, and www.local.com, but not -www.notlocal.com. - -Since 7.53.0, This option overrides the environment variables that disable the -proxy. If there's an environment variable disabling a proxy, you can set -noproxy list to \&"" to override it. diff --git a/docs/cmdline-opts/noproxy.md b/docs/cmdline-opts/noproxy.md new file mode 100644 index 000000000000..698549e155d6 --- /dev/null +++ b/docs/cmdline-opts/noproxy.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: noproxy +Arg: +Help: List of hosts which do not use proxy +Added: 7.19.4 +Category: proxy +Multi: single +See-also: + - proxy +Example: + - --noproxy "www.example" $URL +--- + +# `--noproxy` + +Comma-separated list of hosts for which not to use a proxy, if one is +specified. The only wildcard is a single `*` character, which matches all +hosts, and effectively disables the proxy. Each name in this list is matched +as either a domain which contains the hostname, or the hostname itself. For +example, `local.com` would match `local.com`, `local.com:80`, and +`www.local.com`, but not `www.notlocal.com`. + +This option overrides the environment variables that disable the proxy +(`no_proxy` and `NO_PROXY`) (added in 7.53.0). If there is an environment +variable disabling a proxy, you can set the no proxy list to "" to override +it. + +IP addresses specified to this option can be provided using CIDR notation +(added in 7.86.0): an appended slash and number specifies the number of +network bits out of the address to use in the comparison. For example +`192.168.0.0/16` would match all addresses starting with `192.168`. diff --git a/docs/cmdline-opts/ntlm-wb.d b/docs/cmdline-opts/ntlm-wb.d deleted file mode 100644 index 4a2f7e1e6a0f..000000000000 --- a/docs/cmdline-opts/ntlm-wb.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: ntlm-wb -Help: Use HTTP NTLM authentication with winbind -Protocols: HTTP -See-also: ntlm proxy-ntlm -Category: auth http ---- -Enables NTLM much in the style --ntlm does, but hand over the authentication -to the separate binary ntlmauth application that is executed when needed. diff --git a/docs/cmdline-opts/ntlm-wb.md b/docs/cmdline-opts/ntlm-wb.md new file mode 100644 index 000000000000..3a1d35cb16ad --- /dev/null +++ b/docs/cmdline-opts/ntlm-wb.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ntlm-wb +Help: HTTP NTLM authentication with winbind +Protocols: HTTP +Category: deprecated +Added: 7.22.0 +Multi: mutex +See-also: + - ntlm + - proxy-ntlm +Example: + - --ntlm-wb -u user:password $URL +--- + +# `--ntlm-wb` + +Deprecated option (added in 8.8.0). + +Enabled NTLM much in the style --ntlm does, but handed over the authentication +to a separate executable that was executed when needed. diff --git a/docs/cmdline-opts/ntlm.d b/docs/cmdline-opts/ntlm.d deleted file mode 100644 index c63c086ebe40..000000000000 --- a/docs/cmdline-opts/ntlm.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: ntlm -Help: Use HTTP NTLM authentication -Mutexed: basic negotiate digest anyauth -See-also: proxy-ntlm -Protocols: HTTP -Requires: TLS -Category: auth http ---- -Enables NTLM authentication. The NTLM authentication method was designed by -Microsoft and is used by IIS web servers. It is a proprietary protocol, -reverse-engineered by clever people and implemented in curl based on their -efforts. This kind of behavior should not be endorsed, you should encourage -everyone who uses NTLM to switch to a public and documented authentication -method instead, such as Digest. - -If you want to enable NTLM for your proxy authentication, then use ---proxy-ntlm. - -If this option is used several times, only the first one is used. diff --git a/docs/cmdline-opts/ntlm.md b/docs/cmdline-opts/ntlm.md new file mode 100644 index 000000000000..6850e115ae2f --- /dev/null +++ b/docs/cmdline-opts/ntlm.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ntlm +Help: HTTP NTLM authentication +Protocols: HTTP +Requires: TLS +Category: auth http +Added: 7.10.6 +Multi: boolean +See-also: + - proxy-ntlm +Example: + - --ntlm -u user:password $URL +--- + +# `--ntlm` + +Use NTLM authentication. The NTLM authentication method was designed by +Microsoft and is used by IIS web servers. It is a proprietary protocol, +reverse-engineered by clever people and implemented in curl based on their +efforts. This kind of behavior should not be endorsed, you should encourage +everyone who uses NTLM to switch to a public and documented authentication +method instead, such as Digest. + +If you want to enable NTLM for your proxy authentication, then use +--proxy-ntlm. diff --git a/docs/cmdline-opts/oauth2-bearer.d b/docs/cmdline-opts/oauth2-bearer.d deleted file mode 100644 index e0ea210ed8a0..000000000000 --- a/docs/cmdline-opts/oauth2-bearer.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: oauth2-bearer -Help: OAuth 2 Bearer Token -Arg: -Protocols: IMAP POP3 SMTP HTTP -Category: auth ---- -Specify the Bearer Token for OAUTH 2.0 server authentication. The Bearer Token -is used in conjunction with the user name which can be specified as part of -the --url or --user options. - -The Bearer Token and user name are formatted according to RFC 6750. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/oauth2-bearer.md b/docs/cmdline-opts/oauth2-bearer.md new file mode 100644 index 000000000000..b66477fc70c3 --- /dev/null +++ b/docs/cmdline-opts/oauth2-bearer.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: oauth2-bearer +Help: OAuth 2 Bearer Token +Arg: +Protocols: IMAP LDAP POP3 SMTP HTTP +Category: auth imap pop3 smtp ldap +Added: 7.33.0 +Multi: single +See-also: + - basic + - ntlm + - digest +Example: + - --oauth2-bearer "mF_9.B5f-4.1JqM" $URL +--- + +# `--oauth2-bearer` + +Specify the Bearer Token for OAUTH 2.0 server authentication. The Bearer Token +is used in conjunction with the username which can be specified as part of the +--url or --user options. + +The Bearer Token and username are formatted according to RFC 6750. diff --git a/docs/cmdline-opts/out-null.md b/docs/cmdline-opts/out-null.md new file mode 100644 index 000000000000..cca193e3af98 --- /dev/null +++ b/docs/cmdline-opts/out-null.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: out-null +Help: Discard response data into the void +Category: output +Added: 8.16.0 +Multi: per-URL +See-also: + - output + - remote-name + - remote-name-all + - remote-header-name +Example: + - "https://example.com" --out-null +--- + +# `--out-null` + +Discard all response output of a transfer silently. This is the more +efficient and portable version of + + curl https://host.example -o /dev/null + +The transfer is done in full, all data is received and checked, but +the bytes are not written anywhere. diff --git a/docs/cmdline-opts/output-dir.d b/docs/cmdline-opts/output-dir.d deleted file mode 100644 index d2ff7738efca..000000000000 --- a/docs/cmdline-opts/output-dir.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: output-dir -Arg: -Help: Directory to save files in -Added: 7.73.0 -See-also: remote-name remote-header-name -Category: curl ---- - -This option specifies the directory in which files should be stored, when ---remote-name or --output are used. - -The given output directory is used for all URLs and output options on the -command line, up until the first --next. - -If the specified target directory doesn't exist, the operation will fail -unless --create-dirs is also used. - -If this option is used multiple times, the last specified directory will be -used. diff --git a/docs/cmdline-opts/output-dir.md b/docs/cmdline-opts/output-dir.md new file mode 100644 index 000000000000..468ecc8a1176 --- /dev/null +++ b/docs/cmdline-opts/output-dir.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: output-dir +Arg: +Help: Directory to save files in +Added: 7.73.0 +Category: output +Multi: single +See-also: + - remote-name + - remote-header-name +Example: + - --output-dir "tmp" -O $URL +--- + +# `--output-dir` + +Specify the directory in which files should be stored, when --remote-name or +--output are used. + +The given output directory is used for all URLs and output options on the +command line, up until the first --next. + +If the specified target directory does not exist, the operation fails unless +--create-dirs is also used. diff --git a/docs/cmdline-opts/output.d b/docs/cmdline-opts/output.d deleted file mode 100644 index bf35bf4a09e3..000000000000 --- a/docs/cmdline-opts/output.d +++ /dev/null @@ -1,33 +0,0 @@ -Long: output -Arg: -Short: o -Help: Write to file instead of stdout -See-also: remote-name remote-name-all remote-header-name -Category: important curl ---- -Write output to instead of stdout. If you are using {} or [] to fetch -multiple documents, you should quote the URL and you can use '#' followed by a -number in the specifier. That variable will be replaced with the current -string for the URL being fetched. Like in: - - curl "http://{one,two}.example.com" -o "file_#1.txt" - -or use several variables like: - - curl "http://{site,host}.host[1-5].com" -o "#1_#2" - -You may use this option as many times as the number of URLs you have. For -example, if you specify two URLs on the same command line, you can use it like -this: - - curl -o aa example.com -o bb example.net - -and the order of the -o options and the URLs doesn't matter, just that the -first -o is for the first URL and so on, so the above command line can also be -written as - - curl example.com example.net -o aa -o bb - -See also the --create-dirs option to create the local directories -dynamically. Specifying the output as '-' (a single dash) will force the -output to be done to stdout. diff --git a/docs/cmdline-opts/output.md b/docs/cmdline-opts/output.md new file mode 100644 index 000000000000..0c4f7f9facdd --- /dev/null +++ b/docs/cmdline-opts/output.md @@ -0,0 +1,71 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: output +Arg: +Short: o +Help: Write to file instead of stdout +Category: important output +Added: 4.0 +Multi: per-URL +See-also: + - out-null + - remote-name + - remote-name-all + - remote-header-name + - compressed +Example: + - -o file $URL + - "http://{one,two}.example.com" -o "file_#1.txt" + - "http://{site,host}.host[1-5].example" -o "#1_#2" + - -o file $URL -o file2 https://example.net +--- + +# `--output` + +Write output to the given file instead of stdout. If you are using globbing to +fetch multiple documents, you should quote the URL and you can use `#` +followed by a number in the filename. That variable is then replaced with the +current string for the URL being fetched. Like in: + + curl "http://{one,two}.example.com" -o "file_#1.txt" + +or use several variables like: + + curl "http://{site,host}.host[1-5].example" -o "#1_#2" + +You may use this option as many times as the number of URLs you have. For +example, if you specify two URLs on the same command line, you can use it like +this: + + curl -o aa example.com -o bb example.net + +and the order of the -o options and the URLs does not matter, only that the +first -o is for the first URL and so on, so the above command line can also be +written as + + curl example.com example.net -o aa -o bb + +See also the --create-dirs option to create the local directories +dynamically. Specifying the output as '-' (a single dash) passes the output to +stdout. + +To suppress response bodies, you can redirect output to /dev/null: + + curl example.com -o /dev/null + +Or for Windows: + + curl example.com -o nul + +Or, even more efficient and portable, use + + curl example.com --out-null + +Specify the filename as single minus to force the output to stdout, to +override curl's internal binary output in terminal prevention: + + curl https://example.com/jpeg -o - + +Note that the binary output may be caused by the response being compressed, in +which case you may want to use the --compressed option. diff --git a/docs/cmdline-opts/page-footer b/docs/cmdline-opts/page-footer deleted file mode 100644 index b101ace35363..000000000000 --- a/docs/cmdline-opts/page-footer +++ /dev/null @@ -1,289 +0,0 @@ -.SH FILES -.I ~/.curlrc -.RS -Default config file, see --config for details. -.SH ENVIRONMENT -The environment variables can be specified in lower case or upper case. The -lower case version has precedence. http_proxy is an exception as it is only -available in lower case. - -Using an environment variable to set the proxy has the same effect as using -the --proxy option. - -.IP "http_proxy [protocol://][:port]" -Sets the proxy server to use for HTTP. -.IP "HTTPS_PROXY [protocol://][:port]" -Sets the proxy server to use for HTTPS. -.IP "[url-protocol]_PROXY [protocol://][:port]" -Sets the proxy server to use for [url-protocol], where the protocol is a -protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP, -SMTP, LDAP etc. -.IP "ALL_PROXY [protocol://][:port]" -Sets the proxy server to use if no protocol-specific proxy is set. -.IP "NO_PROXY " -list of host names that shouldn't go through any proxy. If set to an asterisk -\&'*' only, it matches all hosts. Each name in this list is matched as either -a domain name which contains the hostname, or the hostname itself. - -This environment variable disables use of the proxy even when specified with -the --proxy option. That is -.B NO_PROXY=direct.example.com curl -x http://proxy.example.com -.B http://direct.example.com -accesses the target URL directly, and -.B NO_PROXY=direct.example.com curl -x http://proxy.example.com -.B http://somewhere.example.com -accesses the target URL through the proxy. - -The list of host names can also be include numerical IP addresses, and IPv6 -versions should then be given without enclosing brackets. - -IPv6 numerical addresses are compared as strings, so they will only match if -the representations are the same: "::1" is the same as "::0:1" but they don't -match. -.IP "CURL_SSL_BACKEND " -If curl was built with support for "MultiSSL", meaning that it has built-in -support for more than one TLS backend, this environment variable can be set to -the case insensitive name of the particular backend to use when curl is -invoked. Setting a name that isn't a built-in alternative will make curl -stay with the default. - -SSL backend names (case-insensitive): bearssl, gnutls, gskit, mbedtls, -mesalink, nss, openssl, rustls, schannel, secure-transport, wolfssl -.IP "QLOGDIR " -If curl was built with HTTP/3 support, setting this environment variable to a -local directory will make curl produce qlogs in that directory, using file -names named after the destination connection id (in hex). Do note that these -files can become rather large. Works with both QUIC backends. -.IP "SSLKEYLOGFILE " -If you set this environment variable to a file name, curl will store TLS -secrets from its connections in that file when invoked to enable you to -analyze the TLS traffic in real time using network analyzing tools such as -Wireshark. This works with the following TLS backends: OpenSSL, libressl, -BoringSSL, GnuTLS, NSS and wolfSSL. -.SH "PROXY PROTOCOL PREFIXES" -Since curl version 7.21.7, the proxy string may be specified with a -protocol:// prefix to specify alternative proxy protocols. - -If no protocol is specified in the proxy string or if the string doesn't match -a supported one, the proxy will be treated as an HTTP proxy. - -The supported proxy protocol prefixes are as follows: -.IP "http://" -Makes it use it as an HTTP proxy. The default if no scheme prefix is used. -.IP "https://" -Makes it treated as an **HTTPS** proxy. -.IP "socks4://" -Makes it the equivalent of --socks4 -.IP "socks4a://" -Makes it the equivalent of --socks4a -.IP "socks5://" -Makes it the equivalent of --socks5 -.IP "socks5h://" -Makes it the equivalent of --socks5-hostname -.SH EXIT CODES -There are a bunch of different error codes and their corresponding error -messages that may appear during bad conditions. At the time of this writing, -the exit codes are: -.IP 1 -Unsupported protocol. This build of curl has no support for this protocol. -.IP 2 -Failed to initialize. -.IP 3 -URL malformed. The syntax was not correct. -.IP 4 -A feature or option that was needed to perform the desired request was not -enabled or was explicitly disabled at build-time. To make curl able to do -this, you probably need another build of libcurl! -.IP 5 -Couldn't resolve proxy. The given proxy host could not be resolved. -.IP 6 -Couldn't resolve host. The given remote host was not resolved. -.IP 7 -Failed to connect to host. -.IP 8 -Weird server reply. The server sent data curl couldn't parse. -.IP 9 -FTP access denied. The server denied login or denied access to the particular -resource or directory you wanted to reach. Most often you tried to change to a -directory that doesn't exist on the server. -.IP 10 -FTP accept failed. While waiting for the server to connect back when an active -FTP session is used, an error code was sent over the control connection or -similar. -.IP 11 -FTP weird PASS reply. Curl couldn't parse the reply sent to the PASS request. -.IP 12 -During an active FTP session while waiting for the server to connect back to -curl, the timeout expired. -.IP 13 -FTP weird PASV reply, Curl couldn't parse the reply sent to the PASV request. -.IP 14 -FTP weird 227 format. Curl couldn't parse the 227-line the server sent. -.IP 15 -FTP can't get host. Couldn't resolve the host IP we got in the 227-line. -.IP 16 -HTTP/2 error. A problem was detected in the HTTP2 framing layer. This is -somewhat generic and can be one out of several problems, see the error message -for details. -.IP 17 -FTP couldn't set binary. Couldn't change transfer method to binary. -.IP 18 -Partial file. Only a part of the file was transferred. -.IP 19 -FTP couldn't download/access the given file, the RETR (or similar) command -failed. -.IP 21 -FTP quote error. A quote command returned error from the server. -.IP 22 -HTTP page not retrieved. The requested url was not found or returned another -error with the HTTP error code being 400 or above. This return code only -appears if --fail is used. -.IP 23 -Write error. Curl couldn't write data to a local filesystem or similar. -.IP 25 -FTP couldn't STOR file. The server denied the STOR operation, used for FTP -uploading. -.IP 26 -Read error. Various reading problems. -.IP 27 -Out of memory. A memory allocation request failed. -.IP 28 -Operation timeout. The specified time-out period was reached according to the -conditions. -.IP 30 -FTP PORT failed. The PORT command failed. Not all FTP servers support the PORT -command, try doing a transfer using PASV instead! -.IP 31 -FTP couldn't use REST. The REST command failed. This command is used for -resumed FTP transfers. -.IP 33 -HTTP range error. The range "command" didn't work. -.IP 34 -HTTP post error. Internal post-request generation error. -.IP 35 -SSL connect error. The SSL handshaking failed. -.IP 36 -Bad download resume. Couldn't continue an earlier aborted download. -.IP 37 -FILE couldn't read file. Failed to open the file. Permissions? -.IP 38 -LDAP cannot bind. LDAP bind operation failed. -.IP 39 -LDAP search failed. -.IP 41 -Function not found. A required LDAP function was not found. -.IP 42 -Aborted by callback. An application told curl to abort the operation. -.IP 43 -Internal error. A function was called with a bad parameter. -.IP 45 -Interface error. A specified outgoing interface could not be used. -.IP 47 -Too many redirects. When following redirects, curl hit the maximum amount. -.IP 48 -Unknown option specified to libcurl. This indicates that you passed a weird -option to curl that was passed on to libcurl and rejected. Read up in the -manual! -.IP 49 -Malformed telnet option. -.IP 51 -The peer's SSL certificate or SSH MD5 fingerprint was not OK. -.IP 52 -The server didn't reply anything, which here is considered an error. -.IP 53 -SSL crypto engine not found. -.IP 54 -Cannot set SSL crypto engine as default. -.IP 55 -Failed sending network data. -.IP 56 -Failure in receiving network data. -.IP 58 -Problem with the local certificate. -.IP 59 -Couldn't use specified SSL cipher. -.IP 60 -Peer certificate cannot be authenticated with known CA certificates. -.IP 61 -Unrecognized transfer encoding. -.IP 62 -Invalid LDAP URL. -.IP 63 -Maximum file size exceeded. -.IP 64 -Requested FTP SSL level failed. -.IP 65 -Sending the data requires a rewind that failed. -.IP 66 -Failed to initialise SSL Engine. -.IP 67 -The user name, password, or similar was not accepted and curl failed to log in. -.IP 68 -File not found on TFTP server. -.IP 69 -Permission problem on TFTP server. -.IP 70 -Out of disk space on TFTP server. -.IP 71 -Illegal TFTP operation. -.IP 72 -Unknown TFTP transfer ID. -.IP 73 -File already exists (TFTP). -.IP 74 -No such user (TFTP). -.IP 75 -Character conversion failed. -.IP 76 -Character conversion functions required. -.IP 77 -Problem with reading the SSL CA cert (path? access rights?). -.IP 78 -The resource referenced in the URL does not exist. -.IP 79 -An unspecified error occurred during the SSH session. -.IP 80 -Failed to shut down the SSL connection. -.IP 82 -Could not load CRL file, missing or wrong format (added in 7.19.0). -.IP 83 -Issuer check failed (added in 7.19.0). -.IP 84 -The FTP PRET command failed -.IP 85 -RTSP: mismatch of CSeq numbers -.IP 86 -RTSP: mismatch of Session Identifiers -.IP 87 -unable to parse FTP file list -.IP 88 -FTP chunk callback reported error -.IP 89 -No connection available, the session will be queued -.IP 90 -SSL public key does not matched pinned public key -.IP 91 -Invalid SSL certificate status. -.IP 92 -Stream error in HTTP/2 framing layer. -.IP 93 -An API function was called from inside a callback. -.IP 94 -An authentication function returned an error. -.IP 95 -A problem was detected in the HTTP/3 layer. This is somewhat generic and can -be one out of several problems, see the error message for details. -.IP 96 -QUIC connection error. This error may be caused by an SSL library error. QUIC -is the protocol used for HTTP/3 transfers. -.IP XX -More error codes will appear here in future releases. The existing ones -are meant to never change. -.SH AUTHORS / CONTRIBUTORS -Daniel Stenberg is the main author, but the whole list of contributors is -found in the separate THANKS file. -.SH WWW -https://curl.se -.SH "SEE ALSO" -.BR ftp (1), -.BR wget (1) diff --git a/docs/cmdline-opts/page-header b/docs/cmdline-opts/page-header deleted file mode 100644 index b66310aa2ed4..000000000000 --- a/docs/cmdline-opts/page-header +++ /dev/null @@ -1,200 +0,0 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" ************************************************************************** -.\" -.\" DO NOT EDIT. Generated by the curl project gen.pl man page generator. -.\" -.TH curl 1 "16 Dec 2016" "Curl 7.52.0" "Curl Manual" -.SH NAME -curl \- transfer a URL -.SH SYNOPSIS -.B curl [options / URLs] -.SH DESCRIPTION -.B curl -is a tool to transfer data from or to a server, using one of the supported -protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, -LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, -SMTPS, TELNET and TFTP). The command is designed to work without user -interaction. - -curl offers a busload of useful tricks like proxy support, user -authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer -resume and more. As you will see below, the number of features will make your -head spin! - -curl is powered by libcurl for all transfer-related features. See -*libcurl(3)* for details. -.SH URL -The URL syntax is protocol-dependent. You'll find a detailed description in -RFC 3986. - -You can specify multiple URLs or parts of URLs by writing part sets within -braces and quoting the URL as in: - - "http://site.{one,two,three}.com" - -or you can get sequences of alphanumeric series by using [] as in: - - "ftp://ftp.example.com/file[1-100].txt" - - "ftp://ftp.example.com/file[001-100].txt" (with leading zeros) - - "ftp://ftp.example.com/file[a-z].txt" - -Nested sequences are not supported, but you can use several ones next to each -other: - - "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html" - -You can specify any amount of URLs on the command line. They will be fetched -in a sequential manner in the specified order. You can specify command line -options and URLs mixed and in any order on the command line. - -You can specify a step counter for the ranges to get every Nth number or -letter: - - "http://example.com/file[1-100:10].txt" - - "http://example.com/file[a-z:2].txt" - -When using [] or {} sequences when invoked from a command line prompt, you -probably have to put the full URL within double quotes to avoid the shell from -interfering with it. This also goes for other characters treated special, like -for example '&', '?' and '*'. - -Provide the IPv6 zone index in the URL with an escaped percentage sign and the -interface name. Like in - - "http://[fe80::3%25eth0]/" - -If you specify URL without protocol:// prefix, curl will attempt to guess what -protocol you might want. It will then default to HTTP but try other protocols -based on often-used host name prefixes. For example, for host names starting -with "ftp." curl will assume you want to speak FTP. - -curl will do its best to use what you pass to it as a URL. It is not trying to -validate it as a syntactically correct URL by any means but is instead -**very** liberal with what it accepts. - -curl will attempt to re-use connections for multiple file transfers, so that -getting many files from the same server will not do multiple connects / -handshakes. This improves speed. Of course this is only done on files -specified on a single command line and cannot be used between separate curl -invokes. -.SH OUTPUT -If not told otherwise, curl writes the received data to stdout. It can be -instructed to instead save that data into a local file, using the --output or ---remote-name options. If curl is given multiple URLs to transfer on the -command line, it similarly needs multiple options for where to save them. - -curl does not parse or otherwise "understand" the content it gets or writes as -output. It does no encoding or decoding, unless explicitly asked so with -dedicated command line options. -.SH PROTOCOLS -curl supports numerous protocols, or put in URL terms: schemes. Your -particular build may not support them all. -.IP DICT -Lets you lookup words using online dictionaries. -.IP FILE -Read or write local files. curl does not support accessing file:// URL -remotely, but when running on Microsoft Windows using the native UNC approach -will work. -.IP FTP(S) -curl supports the File Transfer Protocol with a lot of tweaks and levers. With -or without using TLS. -.IP GOPHER -Retrieve files. -.IP HTTP(S) -curl supports HTTP with numerous options and variations. It can speak HTTP -version 0.9, 1.0, 1.1, 2 and 3 depending on build options and the correct -command line options. -.IP IMAP(S) -Using the mail reading protocol, curl can "download" emails for you. With or -without using TLS. -.IP LDAP(S) -curl can do directory lookups for you, with or without TLS. -.IP MQTT -curl supports MQTT version 3. Downloading over MQTT equals "subscribe" to a -topic while uploading/posting equals "publish" on a topic. MQTT support is -experimental and TLS based MQTT is not supported (yet). -.IP POP3(S) -Downloading from a pop3 server means getting a mail. With or without using -TLS. -.IP RTMP(S) -The Realtime Messaging Protocol is primarily used to server streaming media -and curl can download it. -.IP RTSP -curl supports RTSP 1.0 downloads. -.IP SCP -curl supports SSH version 2 scp transfers. -.IP SFTP -curl supports SFTP (draft 5) done over SSH version 2. -.IP SMB(S) -curl supports SMB version 1 for upload and download. -.IP SMTP(S) -Uploading contents to an SMTP server means sending an email. With or without -TLS. -.IP TELNET -Telling curl to fetch a telnet URL starts an interactive session where it -sends what it reads on stdin and outputs what the server sends it. -.IP TFTP -curl can do TFTP downloads and uploads. -.SH "PROGRESS METER" -curl normally displays a progress meter during operations, indicating the -amount of transferred data, transfer speeds and estimated time left, etc. The -progress meter displays number of bytes and the speeds are in bytes per -second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is 1024 -bytes. 1M is 1048576 bytes. - -curl displays this data to the terminal by default, so if you invoke curl to -do an operation and it is about to write data to the terminal, it -*disables* the progress meter as otherwise it would mess up the output -mixing progress meter and response data. - -If you want a progress meter for HTTP POST or PUT requests, you need to -redirect the response output to a file, using shell redirect (>), --output or -similar. - -It is not the same case for FTP upload as that operation does not spit out -any response data to the terminal. - -If you prefer a progress "bar" instead of the regular meter, --progress-bar is -your friend. You can also disable the progress meter completely with the ---silent option. -.SH OPTIONS -Options start with one or two dashes. Many of the options require an -additional value next to them. - -The short "single-dash" form of the options, -d for example, may be used with -or without a space between it and its value, although a space is a recommended -separator. The long "double-dash" form, --data for example, requires a space -between it and its value. - -Short version options that don't need any additional values can be used -immediately next to each other, like for example you can specify all the -options -O, -L and -v at once as -OLv. - -In general, all boolean options are enabled with --**option** and yet again -disabled with --**no-**option. That is, you use the exact same option name -but prefix it with "no-". However, in this list we mostly only list and show -the --option version of them. (This concept with --no options was added in -7.19.0. Previously most options were toggled on/off on repeated use of the -same command line option.) diff --git a/docs/cmdline-opts/parallel-immediate.d b/docs/cmdline-opts/parallel-immediate.d deleted file mode 100644 index 95c8afc42cff..000000000000 --- a/docs/cmdline-opts/parallel-immediate.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: parallel-immediate -Help: Do not wait for multiplexing (with --parallel) -Added: 7.68.0 -See-also: parallel parallel-max -Category: connection curl ---- -When doing parallel transfers, this option will instruct curl that it should -rather prefer opening up more connections in parallel at once rather than -waiting to see if new transfers can be added as multiplexed streams on another -connection. diff --git a/docs/cmdline-opts/parallel-immediate.md b/docs/cmdline-opts/parallel-immediate.md new file mode 100644 index 000000000000..4d7a3ad51617 --- /dev/null +++ b/docs/cmdline-opts/parallel-immediate.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: parallel-immediate +Help: Do not wait for multiplexing +Added: 7.68.0 +Category: connection curl global +Multi: boolean +Scope: global +See-also: + - parallel + - parallel-max +Example: + - --parallel-immediate -Z $URL -o file1 $URL -o file2 +--- + +# `--parallel-immediate` + +When doing parallel transfers, this option instructs curl to prefer opening up +more connections in parallel at once rather than waiting to see if new +transfers can be added as multiplexed streams on another connection. + +By default, without this option set, curl prefers to wait a little and +multiplex new transfers over existing connections. It keeps the number of +connections low at the expense of risking a slightly slower transfer startup. diff --git a/docs/cmdline-opts/parallel-max-host.md b/docs/cmdline-opts/parallel-max-host.md new file mode 100644 index 000000000000..a21c9acdddc0 --- /dev/null +++ b/docs/cmdline-opts/parallel-max-host.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: parallel-max-host +Arg: +Help: Maximum connections to a single host +Added: 8.16.0 +Category: connection curl global +Multi: single +Scope: global +See-also: + - parallel + - parallel-max +Example: + - --parallel-max-host 5 -Z $URL ftp://example.com/ +--- + +# `--parallel-max-host` + +When asked to do parallel transfers, using --parallel, this option controls +the maximum amount of concurrent connections curl is allowed to do to the same +protocol + hostname + port number target. + +The limit is enforced by libcurl and queued "internally", which means that +transfers that are waiting for an available connection still look like started +transfers in the progress meter. + +The default is 0 (unlimited). 65535 is the largest supported value. diff --git a/docs/cmdline-opts/parallel-max.d b/docs/cmdline-opts/parallel-max.d deleted file mode 100644 index d49aeb7a9d9b..000000000000 --- a/docs/cmdline-opts/parallel-max.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: parallel-max -Help: Maximum concurrency for parallel transfers -Added: 7.66.0 -See-also: parallel -Category: connection curl ---- -When asked to do parallel transfers, using --parallel, this option controls -the maximum amount of transfers to do simultaneously. - -The default is 50. diff --git a/docs/cmdline-opts/parallel-max.md b/docs/cmdline-opts/parallel-max.md new file mode 100644 index 000000000000..a487f4cc9ead --- /dev/null +++ b/docs/cmdline-opts/parallel-max.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: parallel-max +Arg: +Help: Maximum concurrency for parallel transfers +Added: 7.66.0 +Category: connection curl global +Multi: single +Scope: global +See-also: + - parallel + - parallel-max-host +Example: + - --parallel-max 100 -Z $URL ftp://example.com/ +--- + +# `--parallel-max` + +When asked to do parallel transfers, using --parallel, this option controls +the maximum amount of transfers to do simultaneously. + +The default is 50. 65535 is the largest supported value. diff --git a/docs/cmdline-opts/parallel.d b/docs/cmdline-opts/parallel.d deleted file mode 100644 index d6b4affe3763..000000000000 --- a/docs/cmdline-opts/parallel.d +++ /dev/null @@ -1,8 +0,0 @@ -Short: Z -Long: parallel -Help: Perform transfers in parallel -Added: 7.66.0 -Category: connection curl ---- -Makes curl perform its transfers in parallel as compared to the regular serial -manner. diff --git a/docs/cmdline-opts/parallel.md b/docs/cmdline-opts/parallel.md new file mode 100644 index 000000000000..907ab8cb8527 --- /dev/null +++ b/docs/cmdline-opts/parallel.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: Z +Long: parallel +Help: Perform transfers in parallel +Added: 7.66.0 +Category: connection curl global +Multi: boolean +Scope: global +See-also: + - next + - verbose + - parallel-max + - parallel-immediate +Example: + - --parallel $URL -o file1 $URL -o file2 +--- + +# `--parallel` + +Make curl perform all transfers in parallel as compared to the regular serial +manner. Parallel transfer means that curl runs up to N concurrent transfers +simultaneously and if there are more than N transfers to handle, it starts new +ones when earlier transfers finish. + +With parallel transfers, the progress meter output is different from when +doing serial transfers, as it then displays the transfer status for multiple +transfers in a single line. + +The maximum amount of concurrent transfers is set with --parallel-max and it +defaults to 50. diff --git a/docs/cmdline-opts/pass.d b/docs/cmdline-opts/pass.d deleted file mode 100644 index f6633d242c21..000000000000 --- a/docs/cmdline-opts/pass.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: pass -Arg: -Help: Pass phrase for the private key -Protocols: SSH TLS -Category: ssh tls auth ---- -Passphrase for the private key - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/pass.md b/docs/cmdline-opts/pass.md new file mode 100644 index 000000000000..79c2f8738a13 --- /dev/null +++ b/docs/cmdline-opts/pass.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: pass +Arg: +Help: Passphrase for the private key +Protocols: TLS SCP SFTP +Category: ssh tls auth +Added: 7.9.3 +Multi: single +See-also: + - key + - user +Example: + - --pass secret --key file $URL +--- + +# `--pass` + +Passphrase for the private key used for SSH or TLS. diff --git a/docs/cmdline-opts/path-as-is.d b/docs/cmdline-opts/path-as-is.d deleted file mode 100644 index 0bfaf6639ba4..000000000000 --- a/docs/cmdline-opts/path-as-is.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: path-as-is -Help: Do not squash .. sequences in URL path -Added: 7.42.0 -Category: curl ---- -Tell curl to not handle sequences of /../ or /./ in the given URL -path. Normally curl will squash or merge them according to standards but with -this option set you tell it not to do that. diff --git a/docs/cmdline-opts/path-as-is.md b/docs/cmdline-opts/path-as-is.md new file mode 100644 index 000000000000..f3a60cff2459 --- /dev/null +++ b/docs/cmdline-opts/path-as-is.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: path-as-is +Help: Do not squash .. sequences in URL path +Added: 7.42.0 +Category: curl +Multi: boolean +See-also: + - request-target +Example: + - --path-as-is https://example.com/../../etc/passwd +--- + +# `--path-as-is` + +Do not handle sequences of /../ or /./ in the given URL path. Normally curl +squashes or merges them according to standards but with this option set you +tell it not to do that. diff --git a/docs/cmdline-opts/pinnedpubkey.d b/docs/cmdline-opts/pinnedpubkey.d deleted file mode 100644 index 4e0ed5edde56..000000000000 --- a/docs/cmdline-opts/pinnedpubkey.d +++ /dev/null @@ -1,33 +0,0 @@ -Long: pinnedpubkey -Arg: -Help: FILE/HASHES Public key to verify peer against -Protocols: TLS -Category: tls ---- -Tells curl to use the specified public key file (or hashes) to verify the -peer. This can be a path to a file which contains a single public key in PEM -or DER format, or any number of base64 encoded sha256 hashes preceded by -\'sha256//\' and separated by \';\' - -When negotiating a TLS or SSL connection, the server sends a certificate -indicating its identity. A public key is extracted from this certificate and -if it does not exactly match the public key provided to this option, curl will -abort the connection before sending or receiving any data. - -PEM/DER support: - -7.39.0: OpenSSL, GnuTLS and GSKit - -7.43.0: NSS and wolfSSL - -7.47.0: mbedtls - -sha256 support: - -7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL - -7.47.0: mbedtls - -Other SSL backends not supported. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/pinnedpubkey.md b/docs/cmdline-opts/pinnedpubkey.md new file mode 100644 index 000000000000..ff7c42b39d68 --- /dev/null +++ b/docs/cmdline-opts/pinnedpubkey.md @@ -0,0 +1,43 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: pinnedpubkey +Arg: +Help: Public key to verify peer against +Protocols: TLS +Category: tls +Added: 7.39.0 +Multi: single +See-also: + - hostpubsha256 +Example: + - --pinnedpubkey keyfile $URL + - --pinnedpubkey 'sha256//ce118b51897f4452dc' $URL +--- + +# `--pinnedpubkey` + +Use the specified public key file (or hashes) to verify the peer. This can be +a path to a file which contains a single public key in PEM or DER format, or +any number of base64 encoded sha256 hashes preceded by 'sha256//' and +separated by ';'. + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl +aborts the connection before sending or receiving any data. + +This option is independent of option --insecure. If you use both options +together then the peer is still verified by public key. + +PEM/DER support: + +OpenSSL and GnuTLS (added in 7.39.0), wolfSSL (added in 7.43.0), +mbedTLS (added in 7.47.0), Schannel (added in 7.58.1) + +sha256 support: + +OpenSSL, GnuTLS and wolfSSL (added in 7.44.0), mbedTLS (added in 7.47.0), +Schannel (added in 7.58.1) + +Other SSL backends not supported. diff --git a/docs/cmdline-opts/post301.d b/docs/cmdline-opts/post301.d deleted file mode 100644 index 64ead0536012..000000000000 --- a/docs/cmdline-opts/post301.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: post301 -Help: Do not switch to GET after following a 301 -Protocols: HTTP -See-also: post302 post303 location -Added: 7.17.1 -Category: http post ---- -Tells curl to respect RFC 7231/6.4.2 and not convert POST requests into GET -requests when following a 301 redirection. The non-RFC behavior is ubiquitous -in web browsers, so curl does the conversion by default to maintain -consistency. However, a server may require a POST to remain a POST after such -a redirection. This option is meaningful only when using --location. diff --git a/docs/cmdline-opts/post301.md b/docs/cmdline-opts/post301.md new file mode 100644 index 000000000000..3bcded869fd1 --- /dev/null +++ b/docs/cmdline-opts/post301.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: post301 +Help: Do not switch to GET after a 301 redirect +Protocols: HTTP +Added: 7.17.1 +Category: http post +Multi: boolean +See-also: + - post302 + - post303 + - location +Example: + - --post301 --location -d "data" $URL +--- + +# `--post301` + +Respect RFC 7231/6.4.2 and do not convert POST requests into GET requests when +following a 301 redirect. The non-RFC behavior is ubiquitous in web browsers, +so curl does the conversion by default to maintain consistency. A server may +require a POST to remain a POST after such a redirection. This option is +meaningful only when using --location. diff --git a/docs/cmdline-opts/post302.d b/docs/cmdline-opts/post302.d deleted file mode 100644 index d73cb9dcd758..000000000000 --- a/docs/cmdline-opts/post302.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: post302 -Help: Do not switch to GET after following a 302 -Protocols: HTTP -See-also: post301 post303 location -Added: 7.19.1 -Category: http post ---- -Tells curl to respect RFC 7231/6.4.3 and not convert POST requests into GET -requests when following a 302 redirection. The non-RFC behavior is ubiquitous -in web browsers, so curl does the conversion by default to maintain -consistency. However, a server may require a POST to remain a POST after such -a redirection. This option is meaningful only when using --location. diff --git a/docs/cmdline-opts/post302.md b/docs/cmdline-opts/post302.md new file mode 100644 index 000000000000..bcb35fc5df24 --- /dev/null +++ b/docs/cmdline-opts/post302.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: post302 +Help: Do not switch to GET after a 302 redirect +Protocols: HTTP +Added: 7.19.1 +Category: http post +Multi: boolean +See-also: + - post301 + - post303 + - location +Example: + - --post302 --location -d "data" $URL +--- + +# `--post302` + +Respect RFC 7231/6.4.3 and do not convert POST requests into GET requests when +following a 302 redirect. The non-RFC behavior is ubiquitous in web browsers, +so curl does the conversion by default to maintain consistency. A server may +require a POST to remain a POST after such a redirection. This option is +meaningful only when using --location. diff --git a/docs/cmdline-opts/post303.d b/docs/cmdline-opts/post303.d deleted file mode 100644 index 1a67e13efd28..000000000000 --- a/docs/cmdline-opts/post303.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: post303 -Help: Do not switch to GET after following a 303 -Protocols: HTTP -See-also: post302 post301 location -Added: 7.26.0 -Category: http post ---- -Tells curl to violate RFC 7231/6.4.4 and not convert POST requests into GET -requests when following 303 redirections. A server may require a POST to -remain a POST after a 303 redirection. This option is meaningful only when -using --location. diff --git a/docs/cmdline-opts/post303.md b/docs/cmdline-opts/post303.md new file mode 100644 index 000000000000..63dc0d7956ba --- /dev/null +++ b/docs/cmdline-opts/post303.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: post303 +Help: Do not switch to GET after a 303 redirect +Protocols: HTTP +Added: 7.26.0 +Category: http post +Multi: boolean +See-also: + - post302 + - post301 + - location +Example: + - --post303 --location -d "data" $URL +--- + +# `--post303` + +Violate RFC 7231/6.4.4 and do not convert POST requests into GET requests when +following 303 redirect. A server may require a POST to remain a POST after a +303 redirection. This option is meaningful only when using --location. diff --git a/docs/cmdline-opts/preproxy.d b/docs/cmdline-opts/preproxy.d deleted file mode 100644 index a917c16ed887..000000000000 --- a/docs/cmdline-opts/preproxy.d +++ /dev/null @@ -1,23 +0,0 @@ -Long: preproxy -Arg: [protocol://]host[:port] -Help: Use this proxy first -Added: 7.52.0 -Category: proxy ---- -Use the specified SOCKS proxy before connecting to an HTTP or HTTPS --proxy. In -such a case curl first connects to the SOCKS proxy and then connects (through -SOCKS) to the HTTP or HTTPS proxy. Hence pre proxy. - -The pre proxy string should be specified with a protocol:// prefix to specify -alternative proxy protocols. Use socks4://, socks4a://, socks5:// or -socks5h:// to request the specific SOCKS version to be used. No protocol -specified will make curl default to SOCKS4. - -If the port number is not specified in the proxy string, it is assumed to be -1080. - -User and password that might be provided in the proxy string are URL decoded -by curl. This allows you to pass in special characters such as @ by using %40 -or pass in a colon with %3a. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/preproxy.md b/docs/cmdline-opts/preproxy.md new file mode 100644 index 000000000000..87d94a9604fc --- /dev/null +++ b/docs/cmdline-opts/preproxy.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: preproxy +Arg: <[protocol://]host[:port]> +Help: Use this proxy first +Added: 7.52.0 +Category: proxy +Multi: single +See-also: + - proxy + - socks5 +Example: + - --preproxy socks5://proxy.example -x http://http.example $URL +--- + +# `--preproxy` + +Use the specified SOCKS proxy before connecting to an HTTP or HTTPS --proxy. In +such a case curl first connects to the SOCKS proxy and then connects (through +SOCKS) to the HTTP or HTTPS proxy. Hence pre proxy. + +The pre proxy string should be specified with a protocol:// prefix to specify +alternative proxy protocols. Use socks4://, socks4a://, socks5:// or +socks5h:// to request the specific SOCKS version to be used. No protocol +specified makes curl default to SOCKS4. + +If the port number is not specified in the proxy string, it is assumed to be +1080. + +User and password that might be provided in the proxy string are URL decoded +by curl. This allows you to pass in special characters such as @ by using %40 +or pass in a colon with %3a. diff --git a/docs/cmdline-opts/progress-bar.d b/docs/cmdline-opts/progress-bar.d deleted file mode 100644 index 299d5384a42c..000000000000 --- a/docs/cmdline-opts/progress-bar.d +++ /dev/null @@ -1,13 +0,0 @@ -Short: # -Long: progress-bar -Help: Display transfer progress as a bar -Category: verbose ---- -Make curl display transfer progress as a simple progress bar instead of the -standard, more informational, meter. - -This progress bar draws a single line of '#' characters across the screen and -shows a percentage if the transfer size is known. For transfers without a -known size, there will be space ship (-=o=-) that moves back and forth but -only while data is being transferred, with a set of flying hash sign symbols on -top. diff --git a/docs/cmdline-opts/progress-bar.md b/docs/cmdline-opts/progress-bar.md new file mode 100644 index 000000000000..6f08d7f7c7e9 --- /dev/null +++ b/docs/cmdline-opts/progress-bar.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: # +Long: progress-bar +Help: Display transfer progress as a bar +Category: verbose global +Added: 5.10 +Multi: boolean +Scope: global +See-also: + - styled-output +Example: + - -# -O $URL +--- + +# `--progress-bar` + +Make curl display transfer progress as a simple progress bar instead of the +standard, more informational, meter. + +This progress bar draws a single line of '#' characters across the screen and +shows a percentage if the transfer size is known. For transfers without a +known size, there is a space ship (-=o=-) that moves back and forth but only +while data is being transferred, with a set of flying hash sign symbols on +top. diff --git a/docs/cmdline-opts/proto-default.d b/docs/cmdline-opts/proto-default.d deleted file mode 100644 index 74d3932cf95b..000000000000 --- a/docs/cmdline-opts/proto-default.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: proto-default -Help: Use PROTOCOL for any URL missing a scheme -Arg: -Added: 7.45.0 -Category: connection curl ---- -Tells curl to use *protocol* for any URL missing a scheme name. - -Example: - - curl --proto-default https ftp.mozilla.org - -An unknown or unsupported protocol causes error -*CURLE_UNSUPPORTED_PROTOCOL* (1). - -This option does not change the default proxy protocol (http). - -Without this option curl would make a guess based on the host, see --url for -details. diff --git a/docs/cmdline-opts/proto-default.md b/docs/cmdline-opts/proto-default.md new file mode 100644 index 000000000000..209e5cdc83da --- /dev/null +++ b/docs/cmdline-opts/proto-default.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proto-default +Help: Use PROTOCOL for any URL missing a scheme +Arg: +Added: 7.45.0 +Category: connection curl +Multi: single +See-also: + - proto + - proto-redir +Example: + - --proto-default https ftp.example.com +--- + +# `--proto-default` + +Use *protocol* for any provided URL missing a scheme. + +An unknown or unsupported protocol causes error *CURLE_UNSUPPORTED_PROTOCOL*. + +This option does not change the default proxy protocol (http). + +Without this option set, curl guesses protocol based on the hostname, see +--url for details. diff --git a/docs/cmdline-opts/proto-redir.d b/docs/cmdline-opts/proto-redir.d deleted file mode 100644 index 10580ad834be..000000000000 --- a/docs/cmdline-opts/proto-redir.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: proto-redir -Arg: -Help: Enable/disable PROTOCOLS on redirect -Added: 7.20.2 -Category: connection curl ---- -Tells curl to limit what protocols it may use on redirect. Protocols denied by ---proto are not overridden by this option. See --proto for how protocols are -represented. - -Example, allow only HTTP and HTTPS on redirect: - - curl --proto-redir -all,http,https http://example.com - -By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2). -Older versions of curl allowed all protocols on redirect except several -disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and -since 7.40.0 SMB and SMBS are also disabled. Specifying *all* or *+all* -enables all protocols on redirect, including those disabled for security. diff --git a/docs/cmdline-opts/proto-redir.md b/docs/cmdline-opts/proto-redir.md new file mode 100644 index 000000000000..1f75bfdfd6c9 --- /dev/null +++ b/docs/cmdline-opts/proto-redir.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proto-redir +Arg: +Help: Enable/disable PROTOCOLS on redirect +Added: 7.21.0 +Category: connection curl +Multi: single +See-also: + - proto + - follow +Example: + - --proto-redir =http,https --follow $URL +--- + +# `--proto-redir` + +Limit what protocols to allow on redirects. Protocols denied by --proto are +not overridden by this option. See --proto for how protocols are represented. + +Example, allow only HTTP and HTTPS on redirect: + + curl --proto-redir -all,http,https --follow http://example.com + +By default curl only allows HTTP, HTTPS, FTP and FTPS on redirects +(added in 7.65.2). Specifying *all* or *+all* enables all protocols on +redirects, which is not good for security. diff --git a/docs/cmdline-opts/proto.d b/docs/cmdline-opts/proto.d deleted file mode 100644 index 051cb98e28aa..000000000000 --- a/docs/cmdline-opts/proto.d +++ /dev/null @@ -1,44 +0,0 @@ -Long: proto -Arg: -Help: Enable/disable PROTOCOLS -See-also: proto-redir proto-default -Added: 7.20.2 -Category: connection curl ---- -Tells curl to limit what protocols it may use in the transfer. Protocols are -evaluated left to right, are comma separated, and are each a protocol name or -\&'all', optionally prefixed by zero or more modifiers. Available modifiers are: -.RS -.TP 3 -.B + -Permit this protocol in addition to protocols already permitted (this is -the default if no modifier is used). -.TP -.B - -Deny this protocol, removing it from the list of protocols already permitted. -.TP -.B = -Permit only this protocol (ignoring the list already permitted), though -subject to later modification by subsequent entries in the comma separated -list. -.RE -.IP -For example: -.RS -.TP 15 -.B --proto -ftps -uses the default protocols, but disables ftps -.TP -.B --proto -all,https,+http -only enables http and https -.TP -.B --proto =http,https -also only enables http and https -.RE -.IP -Unknown protocols produce a warning. This allows scripts to safely rely on -being able to disable potentially dangerous protocols, without relying upon -support for that protocol being built into curl to avoid an error. - -This option can be used multiple times, in which case the effect is the same -as concatenating the protocols into one instance of the option. diff --git a/docs/cmdline-opts/proto.md b/docs/cmdline-opts/proto.md new file mode 100644 index 000000000000..cf288d456575 --- /dev/null +++ b/docs/cmdline-opts/proto.md @@ -0,0 +1,48 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proto +Arg: +Help: Enable/disable PROTOCOLS +Added: 7.21.0 +Category: connection curl +Multi: single +See-also: + - proto-redir + - proto-default +Example: + - --proto =http,https,sftp $URL +--- + +# `--proto` + +Limit what protocols to allow for transfers. Protocols are evaluated left to +right, are comma separated, and are each a protocol name or 'all', optionally +prefixed by zero or more modifiers. Available modifiers are: + +## + +Permit this protocol in addition to protocols already permitted (this is +the default if no modifier is used). + +## - +Deny this protocol, removing it from the list of protocols already permitted. + +## = +Permit only this protocol (ignoring the list already permitted), though +subject to later modification by subsequent entries in the comma separated +list. + +## + +For example: --proto -ftps uses the default protocols, but disables ftps + +--proto -all,https,+http only enables http and https + +--proto =http,https also only enables http and https + +Unknown and disabled protocols produce a warning. This allows scripts to +safely rely on being able to disable potentially dangerous protocols, without +relying upon support for that protocol being built into curl to avoid an error. + +This option can be used multiple times, in which case the effect is the same +as concatenating the protocols into one instance of the option. diff --git a/docs/cmdline-opts/proxy-anyauth.d b/docs/cmdline-opts/proxy-anyauth.d deleted file mode 100644 index 6410c0e6acaa..000000000000 --- a/docs/cmdline-opts/proxy-anyauth.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: proxy-anyauth -Help: Pick any proxy authentication method -Added: 7.13.2 -See-also: proxy proxy-basic proxy-digest -Category: proxy auth ---- -Tells curl to pick a suitable authentication method when communicating with -the given HTTP proxy. This might cause an extra request/response round-trip. diff --git a/docs/cmdline-opts/proxy-anyauth.md b/docs/cmdline-opts/proxy-anyauth.md new file mode 100644 index 000000000000..bb59b21e8fd4 --- /dev/null +++ b/docs/cmdline-opts/proxy-anyauth.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-anyauth +Help: Pick any proxy authentication method +Added: 7.13.2 +Category: proxy auth +Multi: custom +See-also: + - proxy + - proxy-basic + - proxy-digest +Example: + - --proxy-anyauth --proxy-user user:passwd -x proxy $URL +--- + +# `--proxy-anyauth` + +Automatically pick a suitable authentication method when communicating with +the given HTTP proxy. This might cause an extra request/response round-trip. diff --git a/docs/cmdline-opts/proxy-basic.d b/docs/cmdline-opts/proxy-basic.d deleted file mode 100644 index e842f9900107..000000000000 --- a/docs/cmdline-opts/proxy-basic.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: proxy-basic -Help: Use Basic authentication on the proxy -See-also: proxy proxy-anyauth proxy-digest -Category: proxy auth ---- -Tells curl to use HTTP Basic authentication when communicating with the given -proxy. Use --basic for enabling HTTP Basic with a remote host. Basic is the -default authentication method curl uses with proxies. diff --git a/docs/cmdline-opts/proxy-basic.md b/docs/cmdline-opts/proxy-basic.md new file mode 100644 index 000000000000..732ea1f45c40 --- /dev/null +++ b/docs/cmdline-opts/proxy-basic.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-basic +Help: Use Basic authentication on the proxy +Category: proxy auth +Added: 7.12.0 +Multi: boolean +See-also: + - proxy + - proxy-anyauth + - proxy-digest +Example: + - --proxy-basic --proxy-user user:passwd -x proxy $URL +--- + +# `--proxy-basic` + +Use HTTP Basic authentication when communicating with the given proxy. Use +--basic for enabling HTTP Basic with a remote host. Basic is the default +authentication method curl uses with proxies. diff --git a/docs/cmdline-opts/proxy-ca-native.md b/docs/cmdline-opts/proxy-ca-native.md new file mode 100644 index 000000000000..0252e993fcce --- /dev/null +++ b/docs/cmdline-opts/proxy-ca-native.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ca-native +Help: Load CA certs from the OS to verify proxy +Protocols: TLS +Category: tls +Added: 8.2.0 +Multi: boolean +See-also: + - ca-native + - cacert + - capath + - dump-ca-embed + - insecure +Example: + - --proxy-ca-native $URL +--- + +# `--proxy-ca-native` + +Use the operating system's native CA store for certificate verification of the +HTTPS proxy. + +This option is independent of other HTTPS proxy CA certificate locations set at +run time or build time. Those locations are searched in addition to the native +CA store. + +Equivalent to --ca-native but used in HTTPS proxy context. Refer to --ca-native +for TLS backend limitations. diff --git a/docs/cmdline-opts/proxy-cacert.d b/docs/cmdline-opts/proxy-cacert.d deleted file mode 100644 index bbc731a28f75..000000000000 --- a/docs/cmdline-opts/proxy-cacert.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: proxy-cacert -Help: CA certificate to verify peer against for proxy -Arg: -Added: 7.52.0 -See-also: proxy-capath cacert capath proxy -Category: proxy tls ---- -Same as --cacert but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-cacert.md b/docs/cmdline-opts/proxy-cacert.md new file mode 100644 index 000000000000..0b2405d1c96a --- /dev/null +++ b/docs/cmdline-opts/proxy-cacert.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-cacert +Help: CA certificates to verify proxy against +Arg: +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - proxy-capath + - cacert + - capath + - dump-ca-embed + - proxy +Example: + - --proxy-cacert CA-file.txt -x https://proxy.example $URL +--- + +# `--proxy-cacert` + +Use the specified certificate file to verify the HTTPS proxy. The file may +contain multiple CA certificates. The certificate(s) must be in PEM format. + +This allows you to use a different trust for the proxy compared to the remote +server connected to via the proxy. + +Equivalent to --cacert but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-capath.d b/docs/cmdline-opts/proxy-capath.d deleted file mode 100644 index cc342b755e8e..000000000000 --- a/docs/cmdline-opts/proxy-capath.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: proxy-capath -Help: CA directory to verify peer against for proxy -Arg: -Added: 7.52.0 -See-also: proxy-cacert proxy capath -Category: proxy tls ---- -Same as --capath but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-capath.md b/docs/cmdline-opts/proxy-capath.md new file mode 100644 index 000000000000..344756a43ebb --- /dev/null +++ b/docs/cmdline-opts/proxy-capath.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-capath +Help: CA directory to verify proxy against +Arg: +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - proxy-cacert + - proxy + - capath + - dump-ca-embed +Example: + - --proxy-capath /local/directory -x https://proxy.example $URL +--- + +# `--proxy-capath` + +Same as --capath but used in HTTPS proxy context. + +Use the specified certificate directory to verify the proxy. Multiple paths +can be provided by separating them with colon (`:`) (e.g. `path1:path2:path3`). The +certificates must be in PEM format, and if curl is built against OpenSSL, the +directory must have been processed using the c_rehash utility supplied with +OpenSSL. Using --proxy-capath can allow OpenSSL-powered curl to make +SSL-connections much more efficiently than using --proxy-cacert if the +--proxy-cacert file contains many CA certificates. + +If this option is set, the default capath value is ignored. diff --git a/docs/cmdline-opts/proxy-cert-type.d b/docs/cmdline-opts/proxy-cert-type.d deleted file mode 100644 index fb7596c178a0..000000000000 --- a/docs/cmdline-opts/proxy-cert-type.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-cert-type -Arg: -Added: 7.52.0 -Help: Client certificate type for HTTPS proxy -Category: proxy tls ---- -Same as --cert-type but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-cert-type.md b/docs/cmdline-opts/proxy-cert-type.md new file mode 100644 index 000000000000..3dcd2017c46e --- /dev/null +++ b/docs/cmdline-opts/proxy-cert-type.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-cert-type +Arg: +Added: 7.52.0 +Help: Client certificate type for HTTPS proxy +Category: proxy tls +Multi: single +See-also: + - proxy-cert + - proxy-key +Example: + - --proxy-cert-type PEM --proxy-cert file -x https://proxy.example $URL +--- + +# `--proxy-cert-type` + +Set type of the provided client certificate when using HTTPS proxy. PEM, DER, +ENG, PROV and P12 are recognized types. + +The default type depends on the TLS backend and is usually PEM. For Schannel +it is P12. If --proxy-cert is a pkcs11: URI then ENG or PROV is the default +type (depending on OpenSSL version). + +Equivalent to --cert-type but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-cert.d b/docs/cmdline-opts/proxy-cert.d deleted file mode 100644 index 7df2712f32d1..000000000000 --- a/docs/cmdline-opts/proxy-cert.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-cert -Arg: -Help: Set client certificate for proxy -Added: 7.52.0 -Category: proxy tls ---- -Same as --cert but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-cert.md b/docs/cmdline-opts/proxy-cert.md new file mode 100644 index 000000000000..929791e3a152 --- /dev/null +++ b/docs/cmdline-opts/proxy-cert.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-cert +Arg: +Help: Set client certificate for proxy +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - proxy + - proxy-key + - proxy-cert-type +Example: + - --proxy-cert file -x https://proxy.example $URL +--- + +# `--proxy-cert` + +Use the specified client certificate file when communicating with an HTTPS +proxy. The certificate must be PEM format. If the optional password is not +specified, it is queried for on the terminal. Use --proxy-key to provide the +private key. + +This option is the equivalent to --cert but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-ciphers.d b/docs/cmdline-opts/proxy-ciphers.d deleted file mode 100644 index 366555673110..000000000000 --- a/docs/cmdline-opts/proxy-ciphers.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-ciphers -Arg: -Help: SSL ciphers to use for proxy -Added: 7.52.0 -Category: proxy tls ---- -Same as --ciphers but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-ciphers.md b/docs/cmdline-opts/proxy-ciphers.md new file mode 100644 index 000000000000..4cb85e1e67fa --- /dev/null +++ b/docs/cmdline-opts/proxy-ciphers.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ciphers +Arg: +Help: TLS 1.2 (1.1, 1.0) ciphers to use for proxy +Protocols: TLS +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - proxy-tls13-ciphers + - ciphers + - proxy +Example: + - --proxy-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 -x https://proxy.example $URL +--- + +# `--proxy-ciphers` + +Same as --ciphers but used in HTTPS proxy context. + +Specify which cipher suites to use in the connection to your HTTPS proxy when +it negotiates TLS 1.2 (1.1, 1.0). The list of ciphers suites must specify +valid ciphers. Read up on cipher suite details on this URL: + +https://curl.se/docs/ssl-ciphers.html diff --git a/docs/cmdline-opts/proxy-crlfile.d b/docs/cmdline-opts/proxy-crlfile.d deleted file mode 100644 index 580dc50ce049..000000000000 --- a/docs/cmdline-opts/proxy-crlfile.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-crlfile -Arg: -Help: Set a CRL list for proxy -Added: 7.52.0 -Category: proxy tls ---- -Same as --crlfile but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-crlfile.md b/docs/cmdline-opts/proxy-crlfile.md new file mode 100644 index 000000000000..9f7d3304fa2b --- /dev/null +++ b/docs/cmdline-opts/proxy-crlfile.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-crlfile +Arg: +Help: Set a CRL list for proxy +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - crlfile + - proxy +Example: + - --proxy-crlfile rejects.txt -x https://proxy.example $URL +--- + +# `--proxy-crlfile` + +Provide filename for a PEM formatted file with a Certificate Revocation List +that specifies peer certificates that are considered revoked when +communicating with an HTTPS proxy. + +Equivalent to --crlfile but only used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-digest.d b/docs/cmdline-opts/proxy-digest.d deleted file mode 100644 index 52f1fcc67d09..000000000000 --- a/docs/cmdline-opts/proxy-digest.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-digest -Help: Use Digest authentication on the proxy -See-also: proxy proxy-anyauth proxy-basic -Category: proxy tls ---- -Tells curl to use HTTP Digest authentication when communicating with the given -proxy. Use --digest for enabling HTTP Digest with a remote host. diff --git a/docs/cmdline-opts/proxy-digest.md b/docs/cmdline-opts/proxy-digest.md new file mode 100644 index 000000000000..08984dcb5f6c --- /dev/null +++ b/docs/cmdline-opts/proxy-digest.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-digest +Help: Digest auth with the proxy +Category: proxy tls +Added: 7.12.0 +Multi: boolean +See-also: + - proxy + - proxy-anyauth + - proxy-basic +Example: + - --proxy-digest --proxy-user user:passwd -x proxy $URL +--- + +# `--proxy-digest` + +Use HTTP Digest authentication when communicating with the given proxy. Use +--digest for enabling HTTP Digest with a remote host. diff --git a/docs/cmdline-opts/proxy-header.d b/docs/cmdline-opts/proxy-header.d deleted file mode 100644 index c2b0928f9864..000000000000 --- a/docs/cmdline-opts/proxy-header.d +++ /dev/null @@ -1,25 +0,0 @@ -Long: proxy-header -Arg:
-Help: Pass custom header(s) to proxy -Protocols: HTTP -Added: 7.37.0 -Category: proxy ---- -Extra header to include in the request when sending HTTP to a proxy. You may -specify any number of extra headers. This is the equivalent option to --header -but is for proxy communication only like in CONNECT requests when you want a -separate header sent to the proxy to what is sent to the actual remote host. - -curl will make sure that each header you add/replace is sent with the proper -end-of-line marker, you should thus **not** add that as a part of the header -content: do not add newlines or carriage returns, they will only mess things -up for you. - -Headers specified with this option will not be included in requests that curl -knows will not be sent to a proxy. - -Starting in 7.55.0, this option can take an argument in @filename style, which -then adds a header for each line in the input file. Using @- will make curl -read the header file from stdin. - -This option can be used multiple times to add/replace/remove multiple headers. diff --git a/docs/cmdline-opts/proxy-header.md b/docs/cmdline-opts/proxy-header.md new file mode 100644 index 000000000000..459eb462f683 --- /dev/null +++ b/docs/cmdline-opts/proxy-header.md @@ -0,0 +1,39 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-header +Arg:
+Help: Pass custom header(s) to proxy +Protocols: HTTP +Added: 7.37.0 +Category: proxy +Multi: append +See-also: + - proxy + - header +Example: + - --proxy-header "X-First-Name: Joe" -x http://proxy $URL + - --proxy-header "User-Agent: surprise" -x http://proxy $URL + - --proxy-header "Host:" -x http://proxy $URL +--- + +# `--proxy-header` + +Extra header to include in the request when sending HTTP to a proxy. You may +specify any number of extra headers. This is the equivalent option to --header +but is for proxy communication only like in CONNECT requests when you want a +separate header sent to the proxy to what is sent to the actual remote host. + +curl makes sure that each header you add/replace is sent with the proper +end-of-line marker, you should thus **not** add that as a part of the header +content: do not add newlines or carriage returns, they only mess things up for +you. + +Headers specified with this option are not included in requests that curl +knows are not to be sent to a proxy. + +This option can take an argument in @filename style, which then adds a header +for each line in the input file (added in 7.55.0). Using @- makes curl read +the headers from stdin. + +This option can be used multiple times to add/replace/remove multiple headers. diff --git a/docs/cmdline-opts/proxy-http2.md b/docs/cmdline-opts/proxy-http2.md new file mode 100644 index 000000000000..ca6a091f328e --- /dev/null +++ b/docs/cmdline-opts/proxy-http2.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-http2 +Tags: Versions HTTP/2 +Protocols: HTTP +Added: 8.1.0 +Mutexed: +Requires: HTTP/2 +Help: Use HTTP/2 with HTTPS proxy +Category: http proxy +Multi: boolean +See-also: + - proxy +Example: + - --proxy-http2 -x proxy $URL +--- + +# `--proxy-http2` + +Negotiate HTTP/2 with an HTTPS proxy. The proxy might still only offer HTTP/1 +and then curl sticks to using that version. + +This has no effect for any other kinds of proxies. diff --git a/docs/cmdline-opts/proxy-insecure.d b/docs/cmdline-opts/proxy-insecure.d deleted file mode 100644 index e123f40192f7..000000000000 --- a/docs/cmdline-opts/proxy-insecure.d +++ /dev/null @@ -1,6 +0,0 @@ -Long: proxy-insecure -Help: Do HTTPS proxy connections without verifying the proxy -Added: 7.52.0 -Category: proxy tls ---- -Same as --insecure but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-insecure.md b/docs/cmdline-opts/proxy-insecure.md new file mode 100644 index 000000000000..0c2d8b99bc08 --- /dev/null +++ b/docs/cmdline-opts/proxy-insecure.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-insecure +Help: Skip HTTPS proxy cert verification +Added: 7.52.0 +Category: proxy tls +Multi: boolean +See-also: + - proxy + - insecure +Example: + - --proxy-insecure -x https://proxy.example $URL +--- + +# `--proxy-insecure` + +Same as --insecure but used in HTTPS proxy context. + +Every secure connection curl makes is verified to be secure before the +transfer takes place. This option makes curl skip the verification step with a +proxy and proceed without checking. + +When this option is not used for a proxy using HTTPS, curl verifies the +proxy's TLS certificate before it continues: that the certificate contains the +right name which matches the hostname and that the certificate has been signed +by a CA certificate present in the cert store. See this online resource for +further details: **https://curl.se/docs/sslcerts.html** + +**WARNING**: using this option makes the transfer to the proxy insecure. diff --git a/docs/cmdline-opts/proxy-key-type.d b/docs/cmdline-opts/proxy-key-type.d deleted file mode 100644 index 1906872ef658..000000000000 --- a/docs/cmdline-opts/proxy-key-type.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-key-type -Arg: -Help: Private key file type for proxy -Added: 7.52.0 -Category: proxy tls ---- -Same as --key-type but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-key-type.md b/docs/cmdline-opts/proxy-key-type.md new file mode 100644 index 000000000000..e4551400168d --- /dev/null +++ b/docs/cmdline-opts/proxy-key-type.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-key-type +Arg: +Help: Private key file type for proxy +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - proxy-key + - proxy +Example: + - --proxy-key-type DER --proxy-key here -x https://proxy.example $URL +--- + +# `--proxy-key-type` + +Specify the private key file type your --proxy-key provided private key uses. +DER, PEM, and ENG are supported. If not specified, PEM is assumed. + +Equivalent to --key-type but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-key.d b/docs/cmdline-opts/proxy-key.d deleted file mode 100644 index 57d469f435cf..000000000000 --- a/docs/cmdline-opts/proxy-key.d +++ /dev/null @@ -1,6 +0,0 @@ -Long: proxy-key -Help: Private key for HTTPS proxy -Arg: -Category: proxy tls ---- -Same as --key but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-key.md b/docs/cmdline-opts/proxy-key.md new file mode 100644 index 000000000000..8ee78c46eac6 --- /dev/null +++ b/docs/cmdline-opts/proxy-key.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-key +Help: Private key for HTTPS proxy +Arg: +Category: proxy tls +Added: 7.52.0 +Multi: single +See-also: + - proxy-key-type + - proxy +Example: + - --proxy-key here -x https://proxy.example $URL +--- + +# `--proxy-key` + +Specify the filename for your private key when using client certificates with +your HTTPS proxy. This option is the equivalent to --key but used in HTTPS +proxy context. diff --git a/docs/cmdline-opts/proxy-negotiate.d b/docs/cmdline-opts/proxy-negotiate.d deleted file mode 100644 index 72f35960e98b..000000000000 --- a/docs/cmdline-opts/proxy-negotiate.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-negotiate -Help: Use HTTP Negotiate (SPNEGO) authentication on the proxy -Added: 7.17.1 -See-also: proxy-anyauth proxy-basic -Category: proxy auth ---- -Tells curl to use HTTP Negotiate (SPNEGO) authentication when communicating -with the given proxy. Use --negotiate for enabling HTTP Negotiate (SPNEGO) -with a remote host. diff --git a/docs/cmdline-opts/proxy-negotiate.md b/docs/cmdline-opts/proxy-negotiate.md new file mode 100644 index 000000000000..0285155c6af5 --- /dev/null +++ b/docs/cmdline-opts/proxy-negotiate.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-negotiate +Help: HTTP Negotiate (SPNEGO) auth with the proxy +Added: 7.17.1 +Category: proxy auth +Multi: mutex +See-also: + - proxy-anyauth + - proxy-basic + - proxy-service-name +Example: + - --proxy-negotiate --proxy-user user:passwd -x proxy $URL +--- + +# `--proxy-negotiate` + +Use HTTP Negotiate (SPNEGO) authentication when communicating with the given +proxy. Use --negotiate for enabling HTTP Negotiate (SPNEGO) with a remote +host. diff --git a/docs/cmdline-opts/proxy-ntlm.d b/docs/cmdline-opts/proxy-ntlm.d deleted file mode 100644 index cb1ba7b00ee8..000000000000 --- a/docs/cmdline-opts/proxy-ntlm.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-ntlm -Help: Use NTLM authentication on the proxy -See-also: proxy-negotiate proxy-anyauth -Category: proxy auth ---- -Tells curl to use HTTP NTLM authentication when communicating with the given -proxy. Use --ntlm for enabling NTLM with a remote host. diff --git a/docs/cmdline-opts/proxy-ntlm.md b/docs/cmdline-opts/proxy-ntlm.md new file mode 100644 index 000000000000..a0b6a252d491 --- /dev/null +++ b/docs/cmdline-opts/proxy-ntlm.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ntlm +Help: NTLM authentication with the proxy +Category: proxy auth +Added: 7.10.7 +Multi: boolean +See-also: + - proxy-negotiate + - proxy-anyauth + - proxy-user +Example: + - --proxy-ntlm --proxy-user user:passwd -x http://proxy $URL +--- + +# `--proxy-ntlm` + +Use HTTP NTLM authentication when communicating with the given proxy. Use +--ntlm for enabling NTLM with a remote host. diff --git a/docs/cmdline-opts/proxy-pass.d b/docs/cmdline-opts/proxy-pass.d deleted file mode 100644 index 627451bbbe1f..000000000000 --- a/docs/cmdline-opts/proxy-pass.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-pass -Arg: -Help: Pass phrase for the private key for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth ---- -Same as --pass but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-pass.md b/docs/cmdline-opts/proxy-pass.md new file mode 100644 index 000000000000..1005d95d2f3a --- /dev/null +++ b/docs/cmdline-opts/proxy-pass.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-pass +Arg: +Help: Passphrase for private key for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: single +See-also: + - proxy + - proxy-key +Example: + - --proxy-pass secret --proxy-key here -x https://proxy.example $URL +--- + +# `--proxy-pass` + +Passphrase for the private key for HTTPS proxy client certificate. + +Equivalent to --pass but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-pinnedpubkey.d b/docs/cmdline-opts/proxy-pinnedpubkey.d deleted file mode 100644 index 2ab79f19e828..000000000000 --- a/docs/cmdline-opts/proxy-pinnedpubkey.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: proxy-pinnedpubkey -Arg: -Help: FILE/HASHES public key to verify proxy with -Protocols: TLS -Category: proxy tls ---- -Tells curl to use the specified public key file (or hashes) to verify the -proxy. This can be a path to a file which contains a single public key in PEM -or DER format, or any number of base64 encoded sha256 hashes preceded by -\'sha256//\' and separated by \';\' - -When negotiating a TLS or SSL connection, the server sends a certificate -indicating its identity. A public key is extracted from this certificate and -if it does not exactly match the public key provided to this option, curl will -abort the connection before sending or receiving any data. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/proxy-pinnedpubkey.md b/docs/cmdline-opts/proxy-pinnedpubkey.md new file mode 100644 index 000000000000..df0b0bb90739 --- /dev/null +++ b/docs/cmdline-opts/proxy-pinnedpubkey.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-pinnedpubkey +Arg: +Help: FILE/HASHES public key to verify proxy with +Protocols: TLS +Category: proxy tls +Added: 7.59.0 +Multi: single +See-also: + - pinnedpubkey + - proxy +Example: + - --proxy-pinnedpubkey keyfile $URL + - --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' $URL +--- + +# `--proxy-pinnedpubkey` + +Use the specified public key file (or hashes) to verify the proxy. This can be +a path to a file which contains a single public key in PEM or DER format, or +any number of base64 encoded sha256 hashes preceded by 'sha256//' and +separated by ';'. + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl +aborts the connection before sending or receiving any data. + +Before curl 8.10.0 this option did not work due to a bug. diff --git a/docs/cmdline-opts/proxy-service-name.d b/docs/cmdline-opts/proxy-service-name.d deleted file mode 100644 index f78072906e4f..000000000000 --- a/docs/cmdline-opts/proxy-service-name.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-service-name -Arg: -Help: SPNEGO proxy service name -Added: 7.43.0 -Category: proxy tls ---- -This option allows you to change the service name for proxy negotiation. diff --git a/docs/cmdline-opts/proxy-service-name.md b/docs/cmdline-opts/proxy-service-name.md new file mode 100644 index 000000000000..b3d665d8b4dc --- /dev/null +++ b/docs/cmdline-opts/proxy-service-name.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-service-name +Arg: +Help: SPNEGO proxy service name +Added: 7.43.0 +Category: proxy tls +Multi: single +See-also: + - service-name + - proxy + - proxy-negotiate +Example: + - --proxy-service-name "shrubbery" -x proxy $URL +--- + +# `--proxy-service-name` + +Set the service name for SPNEGO when doing proxy authentication. diff --git a/docs/cmdline-opts/proxy-ssl-allow-beast.d b/docs/cmdline-opts/proxy-ssl-allow-beast.d deleted file mode 100644 index 138001b36ba5..000000000000 --- a/docs/cmdline-opts/proxy-ssl-allow-beast.d +++ /dev/null @@ -1,6 +0,0 @@ -Long: proxy-ssl-allow-beast -Help: Allow security flaw for interop for HTTPS proxy -Added: 7.52.0 -Category: proxy tls ---- -Same as --ssl-allow-beast but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-ssl-allow-beast.md b/docs/cmdline-opts/proxy-ssl-allow-beast.md new file mode 100644 index 000000000000..909a7f026ed1 --- /dev/null +++ b/docs/cmdline-opts/proxy-ssl-allow-beast.md @@ -0,0 +1,29 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ssl-allow-beast +Help: Allow this security flaw for HTTPS proxy +Added: 7.52.0 +Category: proxy tls +Multi: boolean +See-also: + - ssl-allow-beast + - proxy +Example: + - --proxy-ssl-allow-beast -x https://proxy.example $URL +--- + +# `--proxy-ssl-allow-beast` + +Do not work around a security flaw in the TLS1.0 protocol known as BEAST when +communicating to an HTTPS proxy. If this option is not used, the TLS layer may +use workarounds known to cause interoperability problems with some older +server implementations. + +This option only changes how curl does TLS 1.0 with an HTTPS proxy and has no +effect on later TLS versions. + +**WARNING**: this option loosens the TLS security, and by using this flag you +ask for exactly that. + +Equivalent to --ssl-allow-beast but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-ssl-auto-client-cert.d b/docs/cmdline-opts/proxy-ssl-auto-client-cert.d deleted file mode 100644 index 054175457f28..000000000000 --- a/docs/cmdline-opts/proxy-ssl-auto-client-cert.d +++ /dev/null @@ -1,6 +0,0 @@ -Long: proxy-ssl-auto-client-cert -Help: Use auto client certificate for proxy (Schannel) -Added: 7.77.0 -Category: proxy tls ---- -Same as --ssl-auto-client-cert but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-ssl-auto-client-cert.md b/docs/cmdline-opts/proxy-ssl-auto-client-cert.md new file mode 100644 index 000000000000..e041b81523a2 --- /dev/null +++ b/docs/cmdline-opts/proxy-ssl-auto-client-cert.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ssl-auto-client-cert +Help: Auto client certificate for proxy +Added: 7.77.0 +Category: proxy tls +Multi: boolean +See-also: + - ssl-auto-client-cert + - proxy +Example: + - --proxy-ssl-auto-client-cert -x https://proxy.example $URL +--- + +# `--proxy-ssl-auto-client-cert` + +Same as --ssl-auto-client-cert but used in HTTPS proxy context. + +This is only supported by Schannel. diff --git a/docs/cmdline-opts/proxy-tls13-ciphers.d b/docs/cmdline-opts/proxy-tls13-ciphers.d deleted file mode 100644 index 9f03f135e163..000000000000 --- a/docs/cmdline-opts/proxy-tls13-ciphers.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: proxy-tls13-ciphers -Arg: -help: TLS 1.3 proxy cipher suites -Protocols: TLS -Category: proxy tls ---- -Specifies which cipher suites to use in the connection to your HTTPS proxy -when it negotiates TLS 1.3. The list of ciphers suites must specify valid -ciphers. Read up on TLS 1.3 cipher suite details on this URL: - - https://curl.se/docs/ssl-ciphers.html - -This option is currently used only when curl is built to use OpenSSL 1.1.1 or -later. If you are using a different SSL backend you can try setting TLS 1.3 -cipher suites by using the --proxy-ciphers option. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/proxy-tls13-ciphers.md b/docs/cmdline-opts/proxy-tls13-ciphers.md new file mode 100644 index 000000000000..6fcf6d79dcd9 --- /dev/null +++ b/docs/cmdline-opts/proxy-tls13-ciphers.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tls13-ciphers +Arg: +Help: TLS 1.3 proxy cipher suites +Protocols: TLS +Category: proxy tls +Added: 7.61.0 +Multi: single +See-also: + - proxy-ciphers + - tls13-ciphers + - proxy +Example: + - --proxy-tls13-ciphers TLS_AES_128_GCM_SHA256 -x proxy $URL +--- + +# `--proxy-tls13-ciphers` + +Same as --tls13-ciphers but used in HTTPS proxy context. + +Specify which cipher suites to use in the connection to your HTTPS proxy when +it negotiates TLS 1.3. The list of ciphers suites must specify valid ciphers. +Read up on TLS 1.3 cipher suite details on this URL: + +https://curl.se/docs/ssl-ciphers.html + +This option is used when curl is built to use OpenSSL 1.1.1 or later, +Schannel, wolfSSL, or mbedTLS 3.6.0 or later. + +Before curl 8.10.0 with mbedTLS or wolfSSL, TLS 1.3 cipher suites were set +by using the --proxy-ciphers option. diff --git a/docs/cmdline-opts/proxy-tlsauthtype.d b/docs/cmdline-opts/proxy-tlsauthtype.d deleted file mode 100644 index 5649a0f5f975..000000000000 --- a/docs/cmdline-opts/proxy-tlsauthtype.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-tlsauthtype -Arg: -Help: TLS authentication type for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth ---- -Same as --tlsauthtype but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-tlsauthtype.md b/docs/cmdline-opts/proxy-tlsauthtype.md new file mode 100644 index 000000000000..84becc149e99 --- /dev/null +++ b/docs/cmdline-opts/proxy-tlsauthtype.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tlsauthtype +Arg: +Help: TLS authentication type for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: single +See-also: + - proxy + - proxy-tlsuser + - proxy-tlspassword +Example: + - --proxy-tlsauthtype SRP -x https://proxy.example $URL +--- + +# `--proxy-tlsauthtype` + +Set TLS authentication type with HTTPS proxy. The only supported option is +`SRP`, for TLS-SRP (RFC 5054). This option works only if the underlying +libcurl is built with TLS-SRP support. + +Equivalent to --tlsauthtype but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-tlspassword.d b/docs/cmdline-opts/proxy-tlspassword.d deleted file mode 100644 index 38a33d45d4ca..000000000000 --- a/docs/cmdline-opts/proxy-tlspassword.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-tlspassword -Arg: -Help: TLS password for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth ---- -Same as --tlspassword but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-tlspassword.md b/docs/cmdline-opts/proxy-tlspassword.md new file mode 100644 index 000000000000..63c252156627 --- /dev/null +++ b/docs/cmdline-opts/proxy-tlspassword.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tlspassword +Arg: +Help: TLS password for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: single +See-also: + - proxy + - proxy-tlsuser +Example: + - --proxy-tlspassword passwd -x https://proxy.example $URL +--- + +# `--proxy-tlspassword` + +Set password to use with the TLS authentication method specified with +--proxy-tlsauthtype when using HTTPS proxy. Requires that --proxy-tlsuser is +set. + +This option does not work with TLS 1.3. + +Equivalent to --tlspassword but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-tlsuser.d b/docs/cmdline-opts/proxy-tlsuser.d deleted file mode 100644 index 587f7f510686..000000000000 --- a/docs/cmdline-opts/proxy-tlsuser.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: proxy-tlsuser -Arg: -Help: TLS username for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth ---- -Same as --tlsuser but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-tlsuser.md b/docs/cmdline-opts/proxy-tlsuser.md new file mode 100644 index 000000000000..610a2169b885 --- /dev/null +++ b/docs/cmdline-opts/proxy-tlsuser.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tlsuser +Arg: +Help: TLS username for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: single +See-also: + - proxy + - proxy-tlspassword +Example: + - --proxy-tlsuser smith -x https://proxy.example $URL +--- + +# `--proxy-tlsuser` + +Set username for use for HTTPS proxy with the TLS authentication method +specified with --proxy-tlsauthtype. Requires that --proxy-tlspassword also is +set. + +This option does not work with TLS 1.3. diff --git a/docs/cmdline-opts/proxy-tlsv1.d b/docs/cmdline-opts/proxy-tlsv1.d deleted file mode 100644 index 5003f5f707b2..000000000000 --- a/docs/cmdline-opts/proxy-tlsv1.d +++ /dev/null @@ -1,6 +0,0 @@ -Long: proxy-tlsv1 -Help: Use TLSv1 for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth ---- -Same as --tlsv1 but used in HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-tlsv1.md b/docs/cmdline-opts/proxy-tlsv1.md new file mode 100644 index 000000000000..20643fd82b80 --- /dev/null +++ b/docs/cmdline-opts/proxy-tlsv1.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tlsv1 +Help: TLSv1 for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: mutex +See-also: + - proxy +Example: + - --proxy-tlsv1 -x https://proxy.example $URL +--- + +# `--proxy-tlsv1` + +Use at least TLS version 1.x when negotiating with an HTTPS proxy. That means +TLS version 1.0 or higher + +Equivalent to --tlsv1 but for an HTTPS proxy context. diff --git a/docs/cmdline-opts/proxy-user.d b/docs/cmdline-opts/proxy-user.d deleted file mode 100644 index 82fc5170f4e7..000000000000 --- a/docs/cmdline-opts/proxy-user.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: proxy-user -Short: U -Arg: -Help: Proxy user and password -Category: proxy auth ---- -Specify the user name and password to use for proxy authentication. - -If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM -authentication then you can tell curl to select the user name and password -from your environment by specifying a single colon with this option: "-U :". - -On systems where it works, curl will hide the given option argument from -process listings. This is not enough to protect credentials from possibly -getting seen by other users on the same system as they will still be visible -for a brief moment before cleared. Such sensitive data should be retrieved -from a file instead or similar and never used in clear text in a command line. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/proxy-user.md b/docs/cmdline-opts/proxy-user.md new file mode 100644 index 000000000000..e2508eda05ce --- /dev/null +++ b/docs/cmdline-opts/proxy-user.md @@ -0,0 +1,29 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-user +Short: U +Arg: +Help: Proxy user and password +Category: proxy auth +Added: 4.0 +Multi: single +See-also: + - proxy-pass +Example: + - --proxy-user smith:secret -x proxy $URL +--- + +# `--proxy-user` + +Specify the username and password to use for proxy authentication. + +If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM +authentication then you can tell curl to select the username and password from +your environment by specifying a single colon with this option: "-U :". + +On systems where it works, curl hides the given option argument from process +listings. This is not enough to protect credentials from possibly getting seen +by other users on the same system as they still are visible for a moment +before being cleared. Such sensitive data should be retrieved from a file instead or +similar and never used in clear text in a command line. diff --git a/docs/cmdline-opts/proxy.d b/docs/cmdline-opts/proxy.d deleted file mode 100644 index 0592f13ba529..000000000000 --- a/docs/cmdline-opts/proxy.d +++ /dev/null @@ -1,40 +0,0 @@ -Long: proxy -Short: x -Arg: [protocol://]host[:port] -Help: Use this proxy -Category: proxy ---- -Use the specified proxy. - -The proxy string can be specified with a protocol:// prefix. No protocol -specified or http:// will be treated as HTTP proxy. Use socks4://, socks4a://, -socks5:// or socks5h:// to request a specific SOCKS version to be used. -(The protocol support was added in curl 7.21.7) - -HTTPS proxy support via https:// protocol prefix was added in 7.52.0 for -OpenSSL, GnuTLS and NSS. - -Unrecognized and unsupported proxy protocols cause an error since 7.52.0. -Prior versions may ignore the protocol and use http:// instead. - -If the port number is not specified in the proxy string, it is assumed to be -1080. - -This option overrides existing environment variables that set the proxy to -use. If there's an environment variable setting a proxy, you can set proxy to -\&"" to override it. - -All operations that are performed over an HTTP proxy will transparently be -converted to HTTP. It means that certain protocol specific operations might -not be available. This is not the case if you can tunnel through the proxy, as -one with the --proxytunnel option. - -User and password that might be provided in the proxy string are URL decoded -by curl. This allows you to pass in special characters such as @ by using %40 -or pass in a colon with %3a. - -The proxy host can be specified the exact same way as the proxy environment -variables, including the protocol prefix (http://) and the embedded user + -password. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/proxy.md b/docs/cmdline-opts/proxy.md new file mode 100644 index 000000000000..6cd456169d34 --- /dev/null +++ b/docs/cmdline-opts/proxy.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy +Short: x +Arg: <[protocol://]host[:port]> +Help: Use this proxy +Category: proxy +Added: 4.0 +Multi: single +See-also: + - socks5 + - proxy-basic +Example: + - --proxy http://proxy.example $URL +--- + +# `--proxy` + +Use the specified proxy. + +The proxy string can be specified with a protocol:// prefix. No protocol +specified or http:// it is treated as an HTTP proxy. Use socks4://, +socks4a://, socks5:// or socks5h:// to request a specific SOCKS version to be +used. (Added in 7.21.7) + +Unix domain sockets are supported for socks proxy. Set localhost for the host +part. e.g. socks5h://localhost/path/to/socket.sock + +HTTPS proxy support works with the https:// protocol prefix for OpenSSL and +GnuTLS (added in 7.52.0). It also works for mbedTLS, Rustls, Schannel and +wolfSSL (added in 7.87.0). + +Unrecognized and unsupported proxy protocol schemes cause an error. + +If the port number is not specified in the proxy string, it is assumed to be +1080. + +This option overrides existing environment variables that set the proxy to +use. If there is an environment variable setting a proxy, you can set proxy to +"" to override it. + +All operations that are performed over an HTTP proxy are transparently +converted to HTTP. It means that certain protocol specific operations might +not be available. This is not the case if you can tunnel through the proxy, as +one with the --proxytunnel option. + +User and password that might be provided in the proxy string are URL decoded +by curl. This allows you to pass in special characters such as @ by using %40 +or pass in a colon with %3a. + +The proxy host can be specified the same way as the proxy environment +variables, including the protocol prefix (http://) and the embedded user + +password. + +When a proxy is used, the active FTP mode as set with --ftp-port, cannot be +used. + +Doing FTP over an HTTP proxy without --proxytunnel makes curl do HTTP with an +FTP URL over the proxy. For such transfers, common FTP specific options do not +work, including --ssl-reqd and --ftp-ssl-control. diff --git a/docs/cmdline-opts/proxy1.0.d b/docs/cmdline-opts/proxy1.0.d deleted file mode 100644 index b8a232bf74c1..000000000000 --- a/docs/cmdline-opts/proxy1.0.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: proxy1.0 -Arg: -Help: Use HTTP/1.0 proxy on given port -Category: proxy ---- -Use the specified HTTP 1.0 proxy. If the port number is not specified, it is -assumed at port 1080. - -The only difference between this and the HTTP proxy option --proxy, is that -attempts to use CONNECT through the proxy will specify an HTTP 1.0 protocol -instead of the default HTTP 1.1. diff --git a/docs/cmdline-opts/proxy1.0.md b/docs/cmdline-opts/proxy1.0.md new file mode 100644 index 000000000000..4d3203a03250 --- /dev/null +++ b/docs/cmdline-opts/proxy1.0.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy1.0 +Arg: +Help: Use HTTP/1.0 proxy on given port +Category: proxy +Added: 7.19.4 +Multi: mutex +See-also: + - proxy + - socks5 + - preproxy +Example: + - --proxy1.0 http://proxy $URL +--- + +# `--proxy1.0` + +Use the specified HTTP 1.0 proxy. If the port number is not specified, it is +assumed at port 1080. + +The only difference between this and the HTTP proxy option --proxy, is that +attempts to use CONNECT through the proxy specifies an HTTP 1.0 protocol +instead of the default HTTP 1.1. diff --git a/docs/cmdline-opts/proxytunnel.d b/docs/cmdline-opts/proxytunnel.d deleted file mode 100644 index 94dae992f02c..000000000000 --- a/docs/cmdline-opts/proxytunnel.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: proxytunnel -Short: p -Help: Operate through an HTTP proxy tunnel (using CONNECT) -See-also: proxy -Category: proxy ---- -When an HTTP proxy is used --proxy, this option will make curl tunnel through -the proxy. The tunnel approach is made with the HTTP proxy CONNECT request and -requires that the proxy allows direct connect to the remote port number curl -wants to tunnel through to. - -To suppress proxy CONNECT response headers when curl is set to output headers -use --suppress-connect-headers. diff --git a/docs/cmdline-opts/proxytunnel.md b/docs/cmdline-opts/proxytunnel.md new file mode 100644 index 000000000000..fcec87480dba --- /dev/null +++ b/docs/cmdline-opts/proxytunnel.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxytunnel +Short: p +Help: HTTP proxy tunnel (using CONNECT) +Category: proxy +Added: 7.3 +Multi: boolean +See-also: + - proxy +Example: + - --proxytunnel -x http://proxy $URL +--- + +# `--proxytunnel` + +When an HTTP proxy is used --proxy, this option makes curl tunnel the traffic +through the proxy. The tunnel approach is made with the HTTP proxy CONNECT +request and requires that the proxy allows direct connection to the remote port +number curl wants to tunnel through to. + +To suppress proxy CONNECT response headers when curl is set to output headers +use --suppress-connect-headers. diff --git a/docs/cmdline-opts/pubkey.d b/docs/cmdline-opts/pubkey.d deleted file mode 100644 index 692daf6b0703..000000000000 --- a/docs/cmdline-opts/pubkey.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: pubkey -Arg: -Protocols: SFTP SCP -Help: SSH Public key file name -Category: sftp scp auth ---- -Public key file name. Allows you to provide your public key in this separate -file. - -If this option is used several times, the last one will be used. - -(As of 7.39.0, curl attempts to automatically extract the public key from the -private key file, so passing this option is generally not required. Note that -this public key extraction requires libcurl to be linked against a copy of -libssh2 1.2.8 or higher that is itself linked against OpenSSL.) diff --git a/docs/cmdline-opts/pubkey.md b/docs/cmdline-opts/pubkey.md new file mode 100644 index 000000000000..373d113c3f64 --- /dev/null +++ b/docs/cmdline-opts/pubkey.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: pubkey +Arg: +Protocols: SFTP SCP +Help: SSH Public key filename +Category: sftp scp ssh auth +Added: 7.16.2 +Multi: single +See-also: + - pass +Example: + - --pubkey file.pub sftp://example.com/ +--- + +# `--pubkey` + +Public key filename. Allows you to provide your public key in this separate +file. + +curl attempts to automatically extract the public key from the private key +file, so passing this option is generally not required. Note that this public +key extraction requires libcurl to be linked against a copy of libssh2 1.2.8 +or higher that is itself linked against OpenSSL. (Added in 7.39.0.) diff --git a/docs/cmdline-opts/quote.d b/docs/cmdline-opts/quote.d deleted file mode 100644 index 96b178cb5d5d..000000000000 --- a/docs/cmdline-opts/quote.d +++ /dev/null @@ -1,66 +0,0 @@ -Long: quote -Short: Q -Help: Send command(s) to server before transfer -Protocols: FTP SFTP -Category: ftp sftp ---- - -Send an arbitrary command to the remote FTP or SFTP server. Quote commands are -sent BEFORE the transfer takes place (just after the initial PWD command in an -FTP transfer, to be exact). To make commands take place after a successful -transfer, prefix them with a dash '-'. To make commands be sent after curl -has changed the working directory, just before the transfer command(s), prefix -the command with a '+' (this is only supported for FTP). You may specify any -number of commands. - -If the server returns failure for one of the commands, the entire operation -will be aborted. You must send syntactically correct FTP commands as RFC 959 -defines to FTP servers, or one of the commands listed below to SFTP servers. - -Prefix the command with an asterisk (*) to make curl continue even if the -command fails as by default curl will stop at first failure. - -This option can be used multiple times. - -SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP quote commands -itself before sending them to the server. File names may be quoted -shell-style to embed spaces or special characters. Following is the list of -all supported SFTP quote commands: -.RS -.IP "atime date file" -The atime command sets the last access time of the file named by the file -operand. The can be all sorts of date strings, see the -*curl_getdate(3)* man page for date expression details. (Added in 7.73.0) -.IP "chgrp group file" -The chgrp command sets the group ID of the file named by the file operand to -the group ID specified by the group operand. The group operand is a decimal -integer group ID. -.IP "chmod mode file" -The chmod command modifies the file mode bits of the specified file. The -mode operand is an octal integer mode number. -.IP "chown user file" -The chown command sets the owner of the file named by the file operand to the -user ID specified by the user operand. The user operand is a decimal -integer user ID. -.IP "ln source_file target_file" -The ln and symlink commands create a symbolic link at the target_file location -pointing to the source_file location. -.IP "mkdir directory_name" -The mkdir command creates the directory named by the directory_name operand. -.IP "mtime date file" -The mtime command sets the last modification time of the file named by the -file operand. The can be all sorts of date strings, see the -*curl_getdate(3)* man page for date expression details. (Added in 7.73.0) -.IP "pwd" -The pwd command returns the absolute pathname of the current working directory. -.IP "rename source target" -The rename command renames the file or directory named by the source -operand to the destination path named by the target operand. -.IP "rm file" -The rm command removes the file specified by the file operand. -.IP "rmdir directory" -The rmdir command removes the directory entry specified by the directory -operand, provided it is empty. -.IP "symlink source_file target_file" -See ln. -.RE diff --git a/docs/cmdline-opts/quote.md b/docs/cmdline-opts/quote.md new file mode 100644 index 000000000000..1ac2076b74ce --- /dev/null +++ b/docs/cmdline-opts/quote.md @@ -0,0 +1,93 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: quote +Arg: +Short: Q +Help: Send command(s) to server before transfer +Protocols: FTP SFTP +Category: ftp sftp +Added: 5.3 +Multi: append +See-also: + - request +Example: + - --quote "DELE file" ftp://example.com/foo +--- + +# `--quote` + +Send an arbitrary command to the remote FTP or SFTP server. Quote commands are +sent BEFORE the transfer takes place (immediately after the initial **PWD** +command in an FTP transfer, to be exact). To make commands take place after a +successful transfer, prefix them with a dash '-'. + +(FTP only) To make commands be sent after curl has changed the working +directory, immediately before the file transfer command(s), prefix the command +with a '+'. + +You may specify any number of commands. + +By default curl stops at first failure. To make curl continue even if the +command fails, prefix the command with an asterisk (*). Otherwise, if the +server returns failure for one of the commands, the entire operation is +aborted. + +You must send syntactically correct FTP commands as RFC 959 defines to FTP +servers, or one of the commands listed below to SFTP servers. + +SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP quote commands +itself before sending them to the server. Filenames must be provided within +double quotes to embed spaces, backslashes, quotes or double quotes. Within +double quotes the following escape sequences are available for that purpose: +\\, \", and \'. + +Following is the list of all supported SFTP quote commands: + +## atime date file +The atime command sets the last access time of the file named by the file +operand. The date expression can be all sorts of date strings, see the +*curl_getdate(3)* man page for date expression details. (Added in 7.73.0) + +## chgrp group file +The chgrp command sets the group ID of the file named by the file operand to +the group ID specified by the group operand. The group operand is a decimal +integer group ID. + +## chmod mode file +The chmod command modifies the file mode bits of the specified file. The +mode operand is an octal integer mode number. + +## chown user file +The chown command sets the owner of the file named by the file operand to the +user ID specified by the user operand. The user operand is a decimal +integer user ID. + +## ln source_file target_file +The ln and symlink commands create a symbolic link at the target_file location +pointing to the source_file location. + +## mkdir directory_name +The mkdir command creates the directory named by the directory_name operand. + +## mtime date file +The mtime command sets the last modification time of the file named by the +file operand. The date expression can be all sorts of date strings, see the +*curl_getdate(3)* man page for date expression details. (Added in 7.73.0) + +## pwd +The pwd command returns the absolute path name of the current working directory. + +## rename source target +The rename command renames the file or directory named by the source +operand to the destination path named by the target operand. + +## rm file +The rm command removes the file specified by the file operand. + +## rmdir directory +The rmdir command removes the directory entry specified by the directory +operand, provided it is empty. + +## symlink source_file target_file +See ln. diff --git a/docs/cmdline-opts/random-file.d b/docs/cmdline-opts/random-file.d deleted file mode 100644 index c57f52364e54..000000000000 --- a/docs/cmdline-opts/random-file.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: random-file -Arg: -Help: File for reading random data from -Category: misc ---- -Specify the path name to file containing what will be considered as random -data. The data may be used to seed the random engine for SSL connections. See -also the --egd-file option. diff --git a/docs/cmdline-opts/random-file.md b/docs/cmdline-opts/random-file.md new file mode 100644 index 000000000000..e2c8624abffa --- /dev/null +++ b/docs/cmdline-opts/random-file.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: random-file +Arg: +Help: File for reading random data from +Category: deprecated +Added: 7.7 +Multi: single +See-also: + - egd-file +Example: + - --random-file rubbish $URL +--- + +# `--random-file` + +Deprecated option. This option is ignored (added in 7.84.0). Prior to that it +only had an effect on curl if built to use old versions of OpenSSL. + +Specify the path name to file containing random data. The data may be used to +seed the random engine for SSL connections. diff --git a/docs/cmdline-opts/range.d b/docs/cmdline-opts/range.d deleted file mode 100644 index e2d1f62fcb7a..000000000000 --- a/docs/cmdline-opts/range.d +++ /dev/null @@ -1,48 +0,0 @@ -Long: range -Short: r -Help: Retrieve only the bytes within RANGE -Arg: -Protocols: HTTP FTP SFTP FILE -Category: http ftp sftp file ---- -Retrieve a byte range (i.e. a partial document) from an HTTP/1.1, FTP or SFTP -server or a local FILE. Ranges can be specified in a number of ways. -.RS -.TP 10 -.B 0-499 -specifies the first 500 bytes -.TP -.B 500-999 -specifies the second 500 bytes -.TP -.B -500 -specifies the last 500 bytes -.TP -.B 9500- -specifies the bytes from offset 9500 and forward -.TP -.B 0-0,-1 -specifies the first and last byte only(*)(HTTP) -.TP -.B 100-199,500-599 -specifies two separate 100-byte ranges(*) (HTTP) -.RE -.IP -(*) = NOTE that this will cause the server to reply with a multipart -response, which will be returned as-is by curl! Parsing or otherwise -transforming this response is the responsibility of the caller. - -Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the -\&'start-stop' range syntax. If a non-digit character is given in the range, -the server's response will be unspecified, depending on the server's -configuration. - -You should also be aware that many HTTP/1.1 servers do not have this feature -enabled, so that when you attempt to get a range, you'll instead get the whole -document. - -FTP and SFTP range downloads only support the simple 'start-stop' syntax -(optionally with one of the numbers omitted). FTP use depends on the extended -FTP command SIZE. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/range.md b/docs/cmdline-opts/range.md new file mode 100644 index 000000000000..ab1b12657567 --- /dev/null +++ b/docs/cmdline-opts/range.md @@ -0,0 +1,66 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: range +Short: r +Help: Retrieve only the bytes within RANGE +Arg: +Protocols: HTTP FTP SFTP FILE +Category: http ftp sftp file +Added: 4.0 +Multi: single +See-also: + - continue-at + - append +Example: + - --range 22-44 $URL +--- + +# `--range` + +Retrieve a byte range (i.e. a partial document) from an HTTP/1.1, FTP or SFTP +server or a local FILE. Ranges can be specified in a number of ways. + +## 0-499 +specifies the first 500 bytes + +## 500-999 +specifies the second 500 bytes + +## -500 +specifies the last 500 bytes + +## 9500- +specifies the bytes from offset 9500 and forward + +## 0-0,-1 +specifies the first and last byte only(*)(HTTP) + +## 100-199,500-599 +specifies two separate 100-byte ranges(*) (HTTP) + +## + +(*) = NOTE that if specifying multiple ranges and the server supports it then +it replies with a multiple part response that curl returns as-is. It +contains meta information in addition to the requested bytes. Parsing or +otherwise transforming this response is the responsibility of the caller. + +Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the +'start-stop' range syntax. If a non-digit character is given in the range, the +server's response is unspecified, depending on the server's configuration. + +Many HTTP/1.1 servers do not have this feature enabled, so that when you +attempt to get a range, curl instead gets the whole document. + +FTP and SFTP range downloads only support the simple 'start-stop' syntax +(optionally with one of the numbers omitted). FTP use depends on the extended +FTP command SIZE. + +When using this option for HTTP uploads using POST or PUT, functionality is +not guaranteed. The HTTP protocol has no standard interoperable resume upload +and curl uses a set of headers for this purpose that once proved working for +some servers and have been left for those who find that useful. + +This command line option is mutually exclusive with --continue-at: you can only +use one of them for a single transfer. diff --git a/docs/cmdline-opts/rate.md b/docs/cmdline-opts/rate.md new file mode 100644 index 000000000000..d389da574765 --- /dev/null +++ b/docs/cmdline-opts/rate.md @@ -0,0 +1,46 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: rate +Arg: +Help: Request rate for serial transfers +Category: connection global +Added: 7.84.0 +Multi: single +Scope: global +See-also: + - limit-rate + - retry-delay +Example: + - --rate 2/s $URL ... + - --rate 3/h $URL ... + - --rate 14/m $URL ... +--- + +# `--rate` + +Specify the maximum transfer frequency you allow curl to use - in number of +transfer starts per time unit (sometimes called request rate). Without this +option, curl starts the next transfer as fast as possible. + +If given several URLs and a transfer completes faster than the allowed rate, +curl waits until the next transfer is started to maintain the requested +rate. This option has no effect when --parallel is used. + +The request rate is provided as "N/U" where N is an integer number and U is a +time unit. Supported units are 's' (second), 'm' (minute), 'h' (hour) and 'd' +/(day, as in a 24 hour unit). The default time unit, if no "/U" is provided, +is number of transfers per hour. + +If curl is told to allow 10 requests per minute, it does not start the next +request until 6 seconds have elapsed since the previous transfer was started. + +This function uses millisecond resolution. If the allowed frequency is set +more than 1000 per second, it instead runs unrestricted. + +When retrying transfers, enabled with --retry, the separate retry delay logic +is used and not this setting. + +Starting in version 8.10.0, you can specify the number of time units in the rate +expression. Make curl do no more than 5 transfers per 15 seconds with "5/15s" +or limit it to 3 transfers per 4 hours with "3/4h". No spaces allowed. diff --git a/docs/cmdline-opts/raw.d b/docs/cmdline-opts/raw.d deleted file mode 100644 index 90e777263bd7..000000000000 --- a/docs/cmdline-opts/raw.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: raw -Help: Do HTTP "raw"; no transfer decoding -Added: 7.16.2 -Protocols: HTTP -Category: http ---- -When used, it disables all internal HTTP decoding of content or transfer -encodings and instead makes them passed on unaltered, raw. diff --git a/docs/cmdline-opts/raw.md b/docs/cmdline-opts/raw.md new file mode 100644 index 000000000000..ca63dc318ce8 --- /dev/null +++ b/docs/cmdline-opts/raw.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: raw +Help: Do HTTP raw; no transfer decoding +Added: 7.16.2 +Protocols: HTTP +Category: http +Multi: boolean +See-also: + - tr-encoding +Example: + - --raw $URL +--- + +# `--raw` + +When used, it disables all internal HTTP decoding of content or transfer +encodings and instead makes them passed on unaltered, raw. diff --git a/docs/cmdline-opts/referer.d b/docs/cmdline-opts/referer.d deleted file mode 100644 index 8b2057b9400b..000000000000 --- a/docs/cmdline-opts/referer.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: referer -Short: e -Arg: -Protocols: HTTP -Help: Referrer URL -See-also: user-agent header -Category: http ---- -Sends the "Referrer Page" information to the HTTP server. This can also be set -with the --header flag of course. When used with --location you can append -";auto" to the --referer URL to make curl automatically set the previous URL -when it follows a Location: header. The \&";auto" string can be used alone, -even if you don't set an initial --referer. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/referer.md b/docs/cmdline-opts/referer.md new file mode 100644 index 000000000000..1fec24850123 --- /dev/null +++ b/docs/cmdline-opts/referer.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: referer +Short: e +Arg: +Protocols: HTTP +Help: Referrer URL +Category: http +Added: 4.0 +Multi: single +See-also: + - user-agent + - header +Example: + - --referer "https://fake.example" $URL + - --referer "https://fake.example;auto" -L $URL + - --referer ";auto" -L $URL +--- + +# `--referer` + +Set the referrer URL in the HTTP request. This can also be set with the +--header flag of course. When used with --location you can append `;auto`" to +the --referer URL to make curl automatically set the previous URL when it +follows a Location: header. The `;auto` string can be used alone, even if you +do not set an initial --referer. diff --git a/docs/cmdline-opts/remote-header-name.d b/docs/cmdline-opts/remote-header-name.d deleted file mode 100644 index 325dade3f072..000000000000 --- a/docs/cmdline-opts/remote-header-name.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: remote-header-name -Short: J -Protocols: HTTP -Help: Use the header-provided filename -Category: output ---- -This option tells the --remote-name option to use the server-specified -Content-Disposition filename instead of extracting a filename from the URL. - -If the server specifies a file name and a file with that name already exists -in the current working directory it will not be overwritten and an error will -occur. If the server doesn't specify a file name then this option has no -effect. - -There's no attempt to decode %-sequences (yet) in the provided file name, so -this option may provide you with rather unexpected file names. - -**WARNING**: Exercise judicious use of this option, especially on Windows. A -rogue server could send you the name of a DLL or other file that could possibly -be loaded automatically by Windows or some third party software. diff --git a/docs/cmdline-opts/remote-header-name.md b/docs/cmdline-opts/remote-header-name.md new file mode 100644 index 000000000000..52ae98b01cff --- /dev/null +++ b/docs/cmdline-opts/remote-header-name.md @@ -0,0 +1,42 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remote-header-name +Short: J +Protocols: HTTP +Help: Use the header-provided filename +Category: output +Added: 7.20.0 +Multi: boolean +See-also: + - remote-name +Example: + - -OJ https://example.com/file +--- + +# `--remote-header-name` + +Tell the --remote-name option to use the server-specified Content-Disposition +filename instead of extracting a filename from the URL. If the server-provided +filename contains a path, that is stripped off before the filename is used. + +The file is saved in the current directory, or in the directory specified with +--output-dir. + +If the server specifies a filename and a file with that name already exists in +the destination directory, it is not overwritten and an error occurs - unless +you allow it by using the --clobber option. If the server does not specify a +filename then this option has no effect. + +There is no attempt to decode %-sequences (yet) in the provided filename, so +this option may provide you with rather unexpected filenames. + +This feature uses the name from the `filename` field, it does not yet support +the `filename*` field (filenames with explicit character sets). + +Starting in 8.19.0, curl falls back and uses the filename extracted from the +last redirect header if no `Content-Disposition:` header provides a filename. + +**WARNING**: Exercise judicious use of this option, especially on Windows. A +rogue server could send you the name of a DLL or other file that could be +loaded automatically by Windows or some third party software. diff --git a/docs/cmdline-opts/remote-name-all.d b/docs/cmdline-opts/remote-name-all.d deleted file mode 100644 index 299684c51d93..000000000000 --- a/docs/cmdline-opts/remote-name-all.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: remote-name-all -Help: Use the remote file name for all URLs -Added: 7.19.0 -Category: output ---- -This option changes the default action for all given URLs to be dealt with as -if --remote-name were used for each one. So if you want to disable that for a -specific URL after --remote-name-all has been used, you must use "-o -" or ---no-remote-name. diff --git a/docs/cmdline-opts/remote-name-all.md b/docs/cmdline-opts/remote-name-all.md new file mode 100644 index 000000000000..92d348e27c2e --- /dev/null +++ b/docs/cmdline-opts/remote-name-all.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remote-name-all +Help: Use the remote filename for all URLs +Added: 7.19.0 +Category: output +Multi: boolean +See-also: + - remote-name +Example: + - --remote-name-all ftp://example.com/file1 ftp://example.com/file2 +--- + +# `--remote-name-all` + +Change the default action for all given URLs to be dealt with as if +--remote-name were used for each one. If you want to disable that for a +specific URL after --remote-name-all has been used, you must use "-o -" or +--no-remote-name. diff --git a/docs/cmdline-opts/remote-name.d b/docs/cmdline-opts/remote-name.d deleted file mode 100644 index 184c32e4769e..000000000000 --- a/docs/cmdline-opts/remote-name.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: remote-name -Short: O -Help: Write output to a file named as the remote file -Category: important output ---- -Write output to a local file named like the remote file we get. (Only the file -part of the remote file is used, the path is cut off.) - -The file will be saved in the current working directory. If you want the file -saved in a different directory, make sure you change the current working -directory before invoking curl with this option. - -The remote file name to use for saving is extracted from the given URL, -nothing else, and if it already exists it will be overwritten. If you want the -server to be able to choose the file name refer to --remote-header-name which -can be used in addition to this option. If the server chooses a file name and -that name already exists it will not be overwritten. - -There is no URL decoding done on the file name. If it has %20 or other URL -encoded parts of the name, they will end up as-is as file name. - -You may use this option as many times as the number of URLs you have. diff --git a/docs/cmdline-opts/remote-name.md b/docs/cmdline-opts/remote-name.md new file mode 100644 index 000000000000..e39dd51aea08 --- /dev/null +++ b/docs/cmdline-opts/remote-name.md @@ -0,0 +1,42 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remote-name +Short: O +Help: Write output to file named as remote file +Category: important output +Added: 4.0 +Multi: per-URL +See-also: + - remote-name-all + - output-dir + - remote-header-name +Example: + - -O https://example.com/filename + - -O https://example.com/filename -O https://example.com/file2 +--- + +# `--remote-name` + +Write output to a local file named like the remote file we get. (Only the file +part of the remote file is used, the path is cut off.) + +The file is saved in the current working directory. If you want the file saved +in a different directory, make sure you change the current working directory +before invoking curl with this option or use --output-dir. + +The remote filename to use for saving is extracted from the given URL, nothing +else, and if it already exists it is overwritten. If you want the server to be +able to choose the filename refer to --remote-header-name which can be used in +addition to this option. If the server chooses a filename and that name +already exists it is not overwritten. + +There is no URL decoding done on the filename. If it has %20 or other URL +encoded parts of the name, they end up as-is as filename. + +You may use this option as many times as the number of URLs you have. + +Before curl 8.10.0, curl returned an error if the URL ended with a slash, +which means that there is no filename part in the URL. Starting in 8.10.0, +curl sets the filename to the last directory part of the URL or if that also +is missing to `curl_response` (without extension) for this situation. diff --git a/docs/cmdline-opts/remote-time.d b/docs/cmdline-opts/remote-time.d deleted file mode 100644 index 96fb4fbe9983..000000000000 --- a/docs/cmdline-opts/remote-time.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: remote-time -Short: R -Help: Set the remote file's time on the local output -Category: output ---- -When used, this will make curl attempt to figure out the timestamp of the -remote file, and if that is available make the local file get that same -timestamp. diff --git a/docs/cmdline-opts/remote-time.md b/docs/cmdline-opts/remote-time.md new file mode 100644 index 000000000000..3f8c702b458a --- /dev/null +++ b/docs/cmdline-opts/remote-time.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remote-time +Short: R +Help: Set remote file's time on local output +Category: output +Added: 7.9 +Multi: boolean +See-also: + - remote-name + - time-cond +Example: + - --remote-time -o foo $URL +--- + +# `--remote-time` + +Make curl attempt to figure out the timestamp of the remote file that is +getting downloaded, and if that is available make the local file get that same +timestamp. diff --git a/docs/cmdline-opts/remove-on-error.md b/docs/cmdline-opts/remove-on-error.md new file mode 100644 index 000000000000..ec7b88882b51 --- /dev/null +++ b/docs/cmdline-opts/remove-on-error.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remove-on-error +Help: Remove output file on errors +Category: output +Added: 7.83.0 +Multi: boolean +See-also: + - fail +Example: + - --remove-on-error -o output $URL +--- + +# `--remove-on-error` + +Remove the output file if an error occurs. If curl returns an error when told to +save output in a local file. This prevents curl from leaving a partial file in +the case of an error during transfer. + +If the output is not a regular file, this option has no effect. + +The --continue-at option cannot be used together with --remove-on-error. diff --git a/docs/cmdline-opts/request-target.d b/docs/cmdline-opts/request-target.d deleted file mode 100644 index df423f87d7f2..000000000000 --- a/docs/cmdline-opts/request-target.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: request-target -Help: Specify the target for this request -Protocols: HTTP -Added: 7.55.0 -Category: http ---- -Tells curl to use an alternative "target" (path) instead of using the path as -provided in the URL. Particularly useful when wanting to issue HTTP requests -without leading slash or other data that doesn't follow the regular URL -pattern, like "OPTIONS *". diff --git a/docs/cmdline-opts/request-target.md b/docs/cmdline-opts/request-target.md new file mode 100644 index 000000000000..c76b6b34de22 --- /dev/null +++ b/docs/cmdline-opts/request-target.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: request-target +Arg: +Help: Specify the target for this request +Protocols: HTTP +Added: 7.55.0 +Category: http +Multi: single +See-also: + - request +Example: + - --request-target "*" -X OPTIONS $URL +--- + +# `--request-target` + +Use an alternative target (path) instead of using the path as provided in the +URL. Particularly useful when wanting to issue HTTP requests without leading +slash or other data that does not follow the regular URL pattern, like +"OPTIONS *". + +curl passes on the verbatim string you give it in the request without any +filter or other safe guards. That includes white space and control characters. diff --git a/docs/cmdline-opts/request.d b/docs/cmdline-opts/request.d deleted file mode 100644 index 47c4c8b049af..000000000000 --- a/docs/cmdline-opts/request.d +++ /dev/null @@ -1,40 +0,0 @@ -Long: request -Short: X -Arg: -Help: Specify request command to use -Category: connection ---- -(HTTP) Specifies a custom request method to use when communicating with the -HTTP server. The specified request method will be used instead of the method -otherwise used (which defaults to GET). Read the HTTP 1.1 specification for -details and explanations. Common additional HTTP requests include PUT and -DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and -more. - -Normally you don't need this option. All sorts of GET, HEAD, POST and PUT -requests are rather invoked by using dedicated command line options. - -This option only changes the actual word used in the HTTP request, it does not -alter the way curl behaves. So for example if you want to make a proper HEAD -request, using -X HEAD will not suffice. You need to use the --head option. - -The method string you set with --request will be used for all requests, which -if you for example use --location may cause unintended side-effects when curl -doesn't change request method according to the HTTP 30x response codes - and -similar. - -(FTP) -Specifies a custom FTP command to use instead of LIST when doing file lists -with FTP. - -(POP3) -Specifies a custom POP3 command to use instead of LIST or RETR. (Added in -7.26.0) - -(IMAP) -Specifies a custom IMAP command to use instead of LIST. (Added in 7.30.0) - -(SMTP) -Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0) - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/request.md b/docs/cmdline-opts/request.md new file mode 100644 index 000000000000..2c9d7776e587 --- /dev/null +++ b/docs/cmdline-opts/request.md @@ -0,0 +1,58 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: request +Short: X +Arg: +Help: Specify request method to use +Category: connection pop3 ftp imap smtp +Added: 6.0 +Multi: single +See-also: + - request-target + - follow +Example: + - --request "DELETE" $URL + - -X NLST ftp://example.com/ +--- + +# `--request` + +Change the method to use when starting the transfer. + +curl passes on the verbatim string you give it in the request without any +filter or other safe guards. That includes white space and control characters. + +## HTTP +Specifies a custom request method to use when communicating with the HTTP +server. The specified request method is used instead of the method otherwise +used (which defaults to *GET*). Read the HTTP 1.1 specification for details +and explanations. Common additional HTTP requests include *PUT* and *DELETE*, +while related technologies like WebDAV offers *PROPFIND*, *COPY*, *MOVE* and +more. + +Normally you do not need this option. All sorts of *GET*, *HEAD*, *POST* and +*PUT* requests are rather invoked by using dedicated command line options. + +This option only changes the actual word used in the HTTP request, it does not +alter the way curl behaves. For example if you want to make a proper HEAD +request, using -X HEAD does not suffice. You need to use the --head option. + +If --location is used, the method string you set with --request is used for +all requests, which may cause unintended side-effects when curl does not +change request method according to the HTTP 30x response codes - and similar. +Consider using --follow instead in combination with --request. + +## FTP +Specifies a custom FTP command to use instead of *LIST* when doing file lists +with FTP. + +## POP3 +Specifies a custom POP3 command to use instead of *LIST* or *RETR*. +(Added in 7.26.0) + +## IMAP +Specifies a custom IMAP command to use instead of *LIST*. (Added in 7.30.0) + +## SMTP +Specifies a custom SMTP command to use instead of *HELP* or **VRFY**. (Added in 7.34.0) diff --git a/docs/cmdline-opts/resolve.d b/docs/cmdline-opts/resolve.d deleted file mode 100644 index ff10f28d969b..000000000000 --- a/docs/cmdline-opts/resolve.d +++ /dev/null @@ -1,36 +0,0 @@ -Long: resolve -Arg: <[+]host:port:addr[,addr]...> -Help: Resolve the host+port to this address -Added: 7.21.3 -Category: connection ---- -Provide a custom address for a specific host and port pair. Using this, you -can make the curl requests(s) use a specified address and prevent the -otherwise normally resolved address to be used. Consider it a sort of -/etc/hosts alternative provided on the command line. The port number should be -the number used for the specific protocol the host will be used for. It means -you need several entries if you want to provide address for the same host but -different ports. - -By specifying '*' as host you can tell curl to resolve any host and specific -port pair to the specified address. Wildcard is resolved last so any --resolve -with a specific host and port will be used first. - -The provided address set by this option will be used even if --ipv4 or --ipv6 -is set to make curl use another IP version. - -By prefixing the host with a '+' you can make the entry time out after curl's -default timeout (1 minute). Note that this will only make sense for long -running parallel transfers with a lot of files. In such cases, if this option -is used curl will try to resolve the host as it normally would once the -timeout has expired. - -Support for providing the IP address within [brackets] was added in 7.57.0. - -Support for providing multiple IP addresses per entry was added in 7.59.0. - -Support for resolving with wildcard was added in 7.64.0. - -Support for the '+' prefix was was added in 7.75.0. - -This option can be used many times to add many host names to resolve. diff --git a/docs/cmdline-opts/resolve.md b/docs/cmdline-opts/resolve.md new file mode 100644 index 000000000000..18733df0c2bf --- /dev/null +++ b/docs/cmdline-opts/resolve.md @@ -0,0 +1,50 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: resolve +Arg: <[+]host:port:addr[,addr]...> +Help: Resolve host+port to address +Added: 7.21.3 +Category: connection dns +Multi: append +See-also: + - connect-to + - alt-svc +Example: + - --resolve example.com:443:127.0.0.1 $URL + - --resolve example.com:443:[2001:db8::252f:efd6] $URL +--- + +# `--resolve` + +Provide a custom address for a specific host and port pair. Using this, you +can make the curl requests(s) use a specified address and prevent the +otherwise normally resolved address to be used. Consider it a sort of +/etc/hosts alternative provided on the command line. The port number should be +the number used for the specific protocol the host is used for. It means you +need several entries if you want to provide addresses for the same host but +different ports. + +By specifying `*` as host you can tell curl to resolve any host and specific +port pair to the specified address. Wildcard is resolved last so any --resolve +with a specific host and port is used first. + +The provided address set by this option is used even if --ipv4 or --ipv6 is +set to make curl use another IP version. + +By prefixing the host with a '+' you can make the entry time out after curl's +default timeout (1 minute). Note that this only makes sense for long running +parallel transfers with a lot of files. In such cases, if this option is used +curl tries to resolve the host as it normally would once the timeout has +expired. + +Provide IPv6 addresses within [brackets]. + +To redirect connects from a specific hostname or any hostname, independently +of port number, consider the --connect-to option. + +Support for resolving with wildcard was added in 7.64.0. + +Support for the '+' prefix was added in 7.75.0. + +Support for specifying the host component as an IPv6 address was added in 8.13.0. diff --git a/docs/cmdline-opts/retry-all-errors.d b/docs/cmdline-opts/retry-all-errors.d deleted file mode 100644 index 5ad1da0dec31..000000000000 --- a/docs/cmdline-opts/retry-all-errors.d +++ /dev/null @@ -1,28 +0,0 @@ -Long: retry-all-errors -Help: Retry all errors (use with --retry) -Added: 7.71.0 -Category: curl ---- -Retry on any error. This option is used together with --retry. - -This option is the "sledgehammer" of retrying. Do not use this option by -default (eg in curlrc), there may be unintended consequences such as sending or -receiving duplicate data. Do not use with redirected input or output. You'd be -much better off handling your unique problems in shell script. Please read the -example below. - -Warning: For server compatibility curl attempts to retry failed flaky transfers -as close as possible to how they were started, but this is not possible with -redirected input or output. For example, before retrying it removes output data -from a failed partial transfer that was written to an output file. However this -is not true of data redirected to a | pipe or > file, which are not reset. We -strongly suggest don't parse or record output via redirect in combination with -this option, since you may receive duplicate data. - -By default curl will not error on an HTTP response code that indicates an HTTP -error, if the transfer was successful. For example, if a server replies 404 -Not Found and the reply is fully received then that is not an error. When ---retry is used then curl will retry on some HTTP response codes that indicate -transient HTTP errors, but that does not include most 4xx response codes such -as 404. If you want to retry on all response codes that indicate HTTP errors -(4xx and 5xx) then combine with --fail. diff --git a/docs/cmdline-opts/retry-all-errors.md b/docs/cmdline-opts/retry-all-errors.md new file mode 100644 index 000000000000..cb337f3f16e6 --- /dev/null +++ b/docs/cmdline-opts/retry-all-errors.md @@ -0,0 +1,40 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry-all-errors +Help: Retry all errors (with --retry) +Added: 7.71.0 +Category: curl +Multi: boolean +See-also: + - retry +Example: + - --retry 5 --retry-all-errors $URL +--- + +# `--retry-all-errors` + +Retry on any error. This option is used together with --retry. + +This option is the "sledgehammer" of retrying. Do not use this option by +default (for example in your **curlrc**), there may be unintended consequences +such as sending or receiving duplicate data. Do not use with redirected input +or output. You might be better off handling your unique problems in a shell +script. Please read the example below. + +**WARNING**: For server compatibility curl attempts to retry failed flaky +transfers as close as possible to how they were started, but this is not +possible with redirected input or output. For example, before retrying it +removes output data from a failed partial transfer that was written to an +output file. However this is not true of data redirected to a | pipe or \> +file, which are not reset. We strongly suggest you do not parse or record +output via redirect in combination with this option, since you may receive +duplicate data. + +By default curl does not return an error for transfers with an HTTP response code +that indicates an HTTP error, if the transfer was successful. For example, if +a server replies 404 Not Found and the reply is fully received then that is +not an error. When --retry is used then curl retries on some HTTP response +codes that indicate transient HTTP errors, but that does not include most 4xx +response codes such as 404. If you want to retry on all response codes that +indicate HTTP errors (4xx and 5xx) then combine with --fail. diff --git a/docs/cmdline-opts/retry-connrefused.d b/docs/cmdline-opts/retry-connrefused.d deleted file mode 100644 index be34f973d5ca..000000000000 --- a/docs/cmdline-opts/retry-connrefused.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: retry-connrefused -Help: Retry on connection refused (use with --retry) -Added: 7.52.0 -Category: curl ---- -In addition to the other conditions, consider ECONNREFUSED as a transient -error too for --retry. This option is used together with --retry. diff --git a/docs/cmdline-opts/retry-connrefused.md b/docs/cmdline-opts/retry-connrefused.md new file mode 100644 index 000000000000..2e6ba8068696 --- /dev/null +++ b/docs/cmdline-opts/retry-connrefused.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry-connrefused +Help: Retry on connection refused (with --retry) +Added: 7.52.0 +Category: curl +Multi: boolean +See-also: + - retry + - retry-all-errors +Example: + - --retry-connrefused --retry 7 $URL +--- + +# `--retry-connrefused` + +In addition to the other conditions, also consider ECONNREFUSED as a transient +error for --retry. This option is used together with --retry. Normally, a +confused connection is not considered a transient error and therefore thus not +otherwise trigger a retry. diff --git a/docs/cmdline-opts/retry-delay.d b/docs/cmdline-opts/retry-delay.d deleted file mode 100644 index 5645c0e6a565..000000000000 --- a/docs/cmdline-opts/retry-delay.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: retry-delay -Arg: -Help: Wait time between retries -Added: 7.12.3 -Category: curl ---- -Make curl sleep this amount of time before each retry when a transfer has -failed with a transient error (it changes the default backoff time algorithm -between retries). This option is only interesting if --retry is also -used. Setting this delay to zero will make curl use the default backoff time. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/retry-delay.md b/docs/cmdline-opts/retry-delay.md new file mode 100644 index 000000000000..dbc78e00d854 --- /dev/null +++ b/docs/cmdline-opts/retry-delay.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry-delay +Arg: +Help: Wait time between retries +Added: 7.12.3 +Category: curl timeout +Multi: single +See-also: + - retry + - retry-max-time +Example: + - --retry-delay 5 --retry 7 $URL +--- + +# `--retry-delay` + +Make curl sleep this amount of time before each retry when a transfer has +failed with a transient error (it changes the default backoff time algorithm +between retries). This option is only interesting if --retry is also +used. Setting this delay to zero makes curl use the default backoff time. + +By default, curl uses an exponentially increasing timeout between retries. + +Starting in curl 8.16.0, this option accepts a time as decimal number for parts +of seconds. The decimal value needs to be provided using a dot (.) as decimal +separator - not the local version even if it might be using another separator. diff --git a/docs/cmdline-opts/retry-max-time.d b/docs/cmdline-opts/retry-max-time.d deleted file mode 100644 index 9d6faf3041ff..000000000000 --- a/docs/cmdline-opts/retry-max-time.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: retry-max-time -Arg: -Help: Retry only within this period -Added: 7.12.3 -Category: curl ---- -The retry timer is reset before the first transfer attempt. Retries will be -done as usual (see --retry) as long as the timer hasn't reached this given -limit. Notice that if the timer hasn't reached the limit, the request will be -made and while performing, it may take longer than this given time period. To -limit a single request\'s maximum time, use --max-time. Set this option to -zero to not timeout retries. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/retry-max-time.md b/docs/cmdline-opts/retry-max-time.md new file mode 100644 index 000000000000..a5777585814c --- /dev/null +++ b/docs/cmdline-opts/retry-max-time.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry-max-time +Arg: +Help: Retry only within this period +Added: 7.12.3 +Category: curl timeout +Multi: single +See-also: + - retry + - retry-delay +Example: + - --retry-max-time 30 --retry 10 $URL +--- + +# `--retry-max-time` + +The retry timer is reset before the first transfer attempt. Retries are done +as usual (see --retry) as long as the timer has not reached this given limit. +Notice that if the timer has not reached the limit, the request is made and +while performing, it may take longer than this given time period. To limit a +single request's maximum time, use --max-time. Set this option to zero to not +timeout retries. + +Starting in curl 8.16.0, this option accepts a time as decimal number for parts +of seconds. The decimal value needs to be provided using a dot (.) as decimal +separator - not the local version even if it might be using another separator. diff --git a/docs/cmdline-opts/retry.d b/docs/cmdline-opts/retry.d deleted file mode 100644 index bff0ef22696f..000000000000 --- a/docs/cmdline-opts/retry.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: retry -Arg: -Added: 7.12.3 -Help: Retry request if transient problems occur -Category: curl ---- -If a transient error is returned when curl tries to perform a transfer, it -will retry this number of times before giving up. Setting the number to 0 -makes curl do no retries (which is the default). Transient error means either: -a timeout, an FTP 4xx response code or an HTTP 408, 429, 500, 502, 503 or 504 -response code. - -When curl is about to retry a transfer, it will first wait one second and then -for all forthcoming retries it will double the waiting time until it reaches -10 minutes which then will be the delay between the rest of the retries. By -using --retry-delay you disable this exponential backoff algorithm. See also ---retry-max-time to limit the total time allowed for retries. - -Since curl 7.66.0, curl will comply with the Retry-After: response header if -one was present to know when to issue the next retry. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/retry.md b/docs/cmdline-opts/retry.md new file mode 100644 index 000000000000..4d9e83cd5f40 --- /dev/null +++ b/docs/cmdline-opts/retry.md @@ -0,0 +1,34 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry +Arg: +Added: 7.12.3 +Help: Retry request if transient problems occur +Category: curl +Multi: single +See-also: + - retry-max-time + - retry-connrefused + - retry-delay +Example: + - --retry 7 $URL +--- + +# `--retry` + +If a transient error is returned when curl tries to perform a transfer, it +retries this number of times before giving up. Setting the number to 0 makes +curl do no retries (which is the default). Transient error means either: a +timeout, an FTP 4xx response code or an HTTP 408, 429, 500, 502, 503, 504, 522 +or 524 response code. + +When curl is about to retry a transfer, it first waits one second and then for +all forthcoming retries it doubles the waiting time until it reaches 10 +minutes, which then remains the set fixed delay time between the rest of the +retries. By using --retry-delay you disable this exponential backoff +algorithm. See also --retry-max-time to limit the total time allowed for +retries. + +curl complies with the Retry-After: response header if one was present to know +when to issue the next retry (added in 7.66.0). diff --git a/docs/cmdline-opts/sasl-authzid.d b/docs/cmdline-opts/sasl-authzid.d deleted file mode 100644 index e802c80a16df..000000000000 --- a/docs/cmdline-opts/sasl-authzid.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: sasl-authzid -Arg: -Help: Identity for SASL PLAIN authentication -Added: 7.66.0 -Category: auth ---- -Use this authorisation identity (authzid), during SASL PLAIN authentication, -in addition to the authentication identity (authcid) as specified by --user. - -If the option isn't specified, the server will derive the authzid from the -authcid, but if specified, and depending on the server implementation, it may -be used to access another user's inbox, that the user has been granted access -to, or a shared mailbox for example. diff --git a/docs/cmdline-opts/sasl-authzid.md b/docs/cmdline-opts/sasl-authzid.md new file mode 100644 index 000000000000..4e92a2054152 --- /dev/null +++ b/docs/cmdline-opts/sasl-authzid.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: sasl-authzid +Arg: +Help: Identity for SASL PLAIN authentication +Protocols: LDAP IMAP POP3 SMTP +Added: 7.66.0 +Category: auth +Multi: single +See-also: + - login-options +Example: + - --sasl-authzid zid imap://example.com/ +--- + +# `--sasl-authzid` + +Use this authorization identity (**authzid**), during SASL PLAIN +authentication, in addition to the authentication identity (**authcid**) as +specified by --user. + +If the option is not specified, the server derives the **authzid** from the +**authcid**, but if specified, and depending on the server implementation, it +may be used to access another user's inbox, that the user has been granted +access to, or a shared mailbox for example. diff --git a/docs/cmdline-opts/sasl-ir.d b/docs/cmdline-opts/sasl-ir.d deleted file mode 100644 index 0041c3b4e779..000000000000 --- a/docs/cmdline-opts/sasl-ir.d +++ /dev/null @@ -1,6 +0,0 @@ -Long: sasl-ir -Help: Enable initial response in SASL authentication -Added: 7.31.0 -Category: auth ---- -Enable initial response in SASL authentication. diff --git a/docs/cmdline-opts/sasl-ir.md b/docs/cmdline-opts/sasl-ir.md new file mode 100644 index 000000000000..206bf29317a8 --- /dev/null +++ b/docs/cmdline-opts/sasl-ir.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: sasl-ir +Help: Initial response in SASL authentication +Protocols: LDAP IMAP POP3 SMTP +Added: 7.31.0 +Category: auth +Multi: boolean +See-also: + - sasl-authzid +Example: + - --sasl-ir imap://example.com/ +--- + +# `--sasl-ir` + +Enable initial response in SASL authentication. Such an "initial response" is +a message sent by the client to the server after the client selects an +authentication mechanism. diff --git a/docs/cmdline-opts/service-name.d b/docs/cmdline-opts/service-name.d deleted file mode 100644 index c64496b85856..000000000000 --- a/docs/cmdline-opts/service-name.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: service-name -Help: SPNEGO service name -Arg: -Added: 7.43.0 -Category: misc ---- -This option allows you to change the service name for SPNEGO. - -Examples: --negotiate --service-name sockd would use sockd/server-name. diff --git a/docs/cmdline-opts/service-name.md b/docs/cmdline-opts/service-name.md new file mode 100644 index 000000000000..f98409aa2528 --- /dev/null +++ b/docs/cmdline-opts/service-name.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: service-name +Help: SPNEGO service name +Arg: +Added: 7.43.0 +Category: auth +Multi: single +See-also: + - negotiate + - proxy-service-name +Example: + - --service-name sockd/server $URL +--- + +# `--service-name` + +Set the service name for SPNEGO. diff --git a/docs/cmdline-opts/show-error.d b/docs/cmdline-opts/show-error.d deleted file mode 100644 index 2124409e5669..000000000000 --- a/docs/cmdline-opts/show-error.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: show-error -Short: S -Help: Show error even when -s is used -See-also: no-progress-meter -Category: curl ---- -When used with --silent, it makes curl show an error message if it fails. diff --git a/docs/cmdline-opts/show-error.md b/docs/cmdline-opts/show-error.md new file mode 100644 index 000000000000..aaf865bc0ef3 --- /dev/null +++ b/docs/cmdline-opts/show-error.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: show-error +Short: S +Help: Show error even when -s is used +Category: curl global +Added: 5.9 +Multi: boolean +Scope: global +See-also: + - no-progress-meter +Example: + - --show-error --silent $URL +--- + +# `--show-error` + +When used with --silent, it makes curl show an error message if it fails. diff --git a/docs/cmdline-opts/show-headers.md b/docs/cmdline-opts/show-headers.md new file mode 100644 index 000000000000..d733784ac22d --- /dev/null +++ b/docs/cmdline-opts/show-headers.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: show-headers +Short: i +Help: Show response headers in output +Protocols: HTTP FTP +Category: important verbose output +Added: 4.8 +Multi: boolean +See-also: + - verbose + - dump-header +Example: + - -i $URL +--- + +# `--show-headers` + +Show response headers in the output. HTTP response headers can include things +like server name, cookies, date of the document, HTTP version and more. With +non-HTTP protocols, the "headers" are other server communication. + +This option makes the response headers get saved in the same stream/output as +the data. --dump-header exists to save headers in a separate stream. + +To view the request headers, consider the --verbose option. + +Prior to 7.75.0 curl did not print the headers if --fail was used in +combination with this option and there was an error reported by the server. + +This option was called --include before 8.10.0. The previous name remains +functional. diff --git a/docs/cmdline-opts/sigalgs.md b/docs/cmdline-opts/sigalgs.md new file mode 100644 index 000000000000..537b34f3ad6e --- /dev/null +++ b/docs/cmdline-opts/sigalgs.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: sigalgs +Arg: +Help: TLS signature algorithms to use +Protocols: TLS +Added: 8.14.0 +Category: tls +Multi: single +See-also: + - ciphers +Example: + - --sigalgs ecdsa_secp256r1_sha256 $URL +--- + +# `--sigalgs` + +Set specific signature algorithms to use during SSL session establishment according to RFC +5246, 7.4.1.4.1. + +An algorithm can use either a signature algorithm and a hash algorithm pair separated by a +`+` (e.g. `ECDSA+SHA224`), or its TLS 1.3 signature scheme name (e.g. `ed25519`). + +Multiple algorithms can be provided by separating them with `:` +(e.g. `DSA+SHA256:rsa_pss_pss_sha256`). The parameter is available as `-sigalgs` in the +OpenSSL `s_client` and `s_server` utilities. + +`--sigalgs` allows a OpenSSL powered curl to make SSL-connections with exactly +the signature algorithms requested by the client, avoiding nontransparent client/server +negotiations. + +If this option is set, the default signature algorithm list built into OpenSSL are ignored. diff --git a/docs/cmdline-opts/silent.d b/docs/cmdline-opts/silent.d deleted file mode 100644 index 58a522335efc..000000000000 --- a/docs/cmdline-opts/silent.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: silent -Short: s -Help: Silent mode -See-also: verbose stderr no-progress-meter -Category: important verbose ---- -Silent or quiet mode. Don't show progress meter or error messages. Makes Curl -mute. It will still output the data you ask for, potentially even to the -terminal/stdout unless you redirect it. - -Use --show-error in addition to this option to disable progress meter but -still show error messages. diff --git a/docs/cmdline-opts/silent.md b/docs/cmdline-opts/silent.md new file mode 100644 index 000000000000..2498ca56f4fb --- /dev/null +++ b/docs/cmdline-opts/silent.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: silent +Short: s +Help: Silent mode +Category: important verbose +Added: 4.0 +Multi: boolean +See-also: + - verbose + - stderr + - no-progress-meter +Example: + - -s $URL +--- + +# `--silent` + +Silent or quiet mode. Do not show progress meter, warning messages or error +messages. Makes curl mute. It still outputs the data you ask for, potentially +even to the terminal/stdout unless you redirect it. + +Use --show-error in addition to this option to disable progress meter but +still show error messages. diff --git a/docs/cmdline-opts/skip-existing.md b/docs/cmdline-opts/skip-existing.md new file mode 100644 index 000000000000..dbef2fae9242 --- /dev/null +++ b/docs/cmdline-opts/skip-existing.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: skip-existing +Help: Skip download if local file already exists +Category: curl output +Added: 8.10.0 +Multi: boolean +See-also: + - output + - remote-name + - no-clobber +Example: + - --skip-existing --output local/dir/file $URL +--- + +# `--skip-existing` + +If there is a local file present when a download is requested, the operation +is skipped. Note that curl cannot know if the local file was previously +downloaded fine, or if it is incomplete etc, it knows if there is a filename +present in the file system or not and it skips the transfer if it is. diff --git a/docs/cmdline-opts/socks4.d b/docs/cmdline-opts/socks4.d deleted file mode 100644 index 3cfb2540c00d..000000000000 --- a/docs/cmdline-opts/socks4.d +++ /dev/null @@ -1,21 +0,0 @@ -Long: socks4 -Arg: -Help: SOCKS4 proxy on given host + port -Added: 7.15.2 -Category: proxy ---- -Use the specified SOCKS4 proxy. If the port number is not specified, it is -assumed at port 1080. Using this socket type make curl resolve the host name -and passing the address on to the proxy. - -This option overrides any previous use of --proxy, as they are mutually -exclusive. - -Since 7.21.7, this option is superfluous since you can specify a socks4 proxy -with --proxy using a socks4:// protocol prefix. - -Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time ---proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to -the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/socks4.md b/docs/cmdline-opts/socks4.md new file mode 100644 index 000000000000..59ec172b8d86 --- /dev/null +++ b/docs/cmdline-opts/socks4.md @@ -0,0 +1,38 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks4 +Arg: +Help: SOCKS4 proxy on given host + port +Added: 7.15.2 +Category: proxy +Multi: single +Mutexed: proxy socks4a socks5 socks5-hostname +See-also: + - socks4a + - socks5 + - socks5-hostname +Example: + - --socks4 hostname:4096 $URL +--- + +# `--socks4` + +Use the specified SOCKS4 proxy. If the port number is not specified, it is +assumed at port 1080. Using this socket type makes curl resolve the hostname +and pass the address on to the proxy. + +To specify the proxy on a Unix domain socket, use localhost for host and +append the absolute path to the domain socket. For example: +`socks4://localhost/path/to/socket.sock` (the scheme may be omitted). + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +This option is superfluous since you can specify a socks4 proxy with --proxy +using a socks4:// protocol prefix. (Added in 7.21.7) + +--preproxy can be used to specify a SOCKS proxy at the same time proxy is used +with an HTTP/HTTPS proxy (added in 7.52.0). In such a case, curl first +connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or +HTTPS proxy. diff --git a/docs/cmdline-opts/socks4a.d b/docs/cmdline-opts/socks4a.d deleted file mode 100644 index d820566a1a86..000000000000 --- a/docs/cmdline-opts/socks4a.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: socks4a -Arg: -Help: SOCKS4a proxy on given host + port -Added: 7.18.0 -Category: proxy ---- -Use the specified SOCKS4a proxy. If the port number is not specified, it is -assumed at port 1080. This asks the proxy to resolve the host name. - -This option overrides any previous use of --proxy, as they are mutually -exclusive. - -Since 7.21.7, this option is superfluous since you can specify a socks4a proxy -with --proxy using a socks4a:// protocol prefix. - -Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time ---proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to -the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/socks4a.md b/docs/cmdline-opts/socks4a.md new file mode 100644 index 000000000000..9e451cf7b063 --- /dev/null +++ b/docs/cmdline-opts/socks4a.md @@ -0,0 +1,37 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks4a +Arg: +Help: SOCKS4a proxy on given host + port +Added: 7.18.0 +Category: proxy +Multi: single +Mutexed: proxy socks4 socks5 socks5-hostname +See-also: + - socks4 + - socks5 + - socks5-hostname +Example: + - --socks4a hostname:4096 $URL +--- + +# `--socks4a` + +Use the specified SOCKS4a proxy. If the port number is not specified, it is +assumed at port 1080. This asks the proxy to resolve the hostname. + +To specify the proxy on a Unix domain socket, use localhost for host and +append the absolute path to the domain socket. For example: +`socks4a://localhost/path/to/socket.sock` (the scheme may be omitted). + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +This option is superfluous since you can specify a socks4a proxy with --proxy +using a socks4a:// protocol prefix. (Added in 7.21.7) + +--preproxy can be used to specify a SOCKS proxy at the same time --proxy is +used with an HTTP/HTTPS proxy (added in 7.52.0). In such a case, curl first +connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or +HTTPS proxy. diff --git a/docs/cmdline-opts/socks5-basic.d b/docs/cmdline-opts/socks5-basic.d deleted file mode 100644 index 52d1e66194e7..000000000000 --- a/docs/cmdline-opts/socks5-basic.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: socks5-basic -Help: Enable username/password auth for SOCKS5 proxies -Added: 7.55.0 -Category: proxy auth ---- -Tells curl to use username/password authentication when connecting to a SOCKS5 -proxy. The username/password authentication is enabled by default. Use ---socks5-gssapi to force GSS-API authentication to SOCKS5 proxies. diff --git a/docs/cmdline-opts/socks5-basic.md b/docs/cmdline-opts/socks5-basic.md new file mode 100644 index 000000000000..dc2a5532f11c --- /dev/null +++ b/docs/cmdline-opts/socks5-basic.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-basic +Help: Username/password auth for SOCKS5 proxies +Added: 7.55.0 +Category: proxy auth +Multi: mutex +See-also: + - socks5 +Example: + - --socks5-basic --socks5 hostname:4096 $URL +--- + +# `--socks5-basic` + +Use username/password authentication when connecting to a SOCKS5 proxy. The +username/password authentication is enabled by default. Use --socks5-gssapi to +force GSS-API authentication to SOCKS5 proxies. diff --git a/docs/cmdline-opts/socks5-gssapi-nec.d b/docs/cmdline-opts/socks5-gssapi-nec.d deleted file mode 100644 index b538f33f362c..000000000000 --- a/docs/cmdline-opts/socks5-gssapi-nec.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: socks5-gssapi-nec -Help: Compatibility with NEC SOCKS5 server -Added: 7.19.4 -Category: proxy auth ---- -As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961 -says in section 4.3/4.4 it should be protected, but the NEC reference -implementation does not. The option --socks5-gssapi-nec allows the -unprotected exchange of the protection mode negotiation. diff --git a/docs/cmdline-opts/socks5-gssapi-nec.md b/docs/cmdline-opts/socks5-gssapi-nec.md new file mode 100644 index 000000000000..9cd91b96150f --- /dev/null +++ b/docs/cmdline-opts/socks5-gssapi-nec.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-gssapi-nec +Help: Compatibility with NEC SOCKS5 server +Added: 7.19.4 +Category: proxy auth +Protocols: GSS/kerberos +Multi: boolean +See-also: + - socks5 +Example: + - --socks5-gssapi-nec --socks5 hostname:4096 $URL +--- + +# `--socks5-gssapi-nec` + +As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961 +says in section 4.3/4.4 it should be protected, but the NEC reference +implementation does not. The option --socks5-gssapi-nec allows the +unprotected exchange of the protection mode negotiation. diff --git a/docs/cmdline-opts/socks5-gssapi-service.d b/docs/cmdline-opts/socks5-gssapi-service.d deleted file mode 100644 index e61d0f5ab31f..000000000000 --- a/docs/cmdline-opts/socks5-gssapi-service.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: socks5-gssapi-service -Arg: -Help: SOCKS5 proxy service name for GSS-API -Added: 7.19.4 -Category: proxy auth ---- -The default service name for a socks server is rcmd/server-fqdn. This option -allows you to change it. - -Examples: --socks5 proxy-name --socks5-gssapi-service sockd would use -sockd/proxy-name --socks5 proxy-name --socks5-gssapi-service sockd/real-name -would use sockd/real-name for cases where the proxy-name does not match the -principal name. diff --git a/docs/cmdline-opts/socks5-gssapi-service.md b/docs/cmdline-opts/socks5-gssapi-service.md new file mode 100644 index 000000000000..d847e65e247a --- /dev/null +++ b/docs/cmdline-opts/socks5-gssapi-service.md @@ -0,0 +1,18 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-gssapi-service +Arg: +Help: SOCKS5 proxy service name for GSS-API +Added: 7.19.4 +Category: proxy auth +Multi: single +See-also: + - socks5 +Example: + - --socks5-gssapi-service sockd --socks5 hostname:4096 $URL +--- + +# `--socks5-gssapi-service` + +Set the service name for a socks server. Default is **rcmd/server-fqdn**. diff --git a/docs/cmdline-opts/socks5-gssapi.d b/docs/cmdline-opts/socks5-gssapi.d deleted file mode 100644 index 72ae7aeb2b7e..000000000000 --- a/docs/cmdline-opts/socks5-gssapi.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: socks5-gssapi -Help: Enable GSS-API auth for SOCKS5 proxies -Added: 7.55.0 -Category: proxy auth ---- -Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy. -The GSS-API authentication is enabled by default (if curl is compiled with -GSS-API support). Use --socks5-basic to force username/password authentication -to SOCKS5 proxies. diff --git a/docs/cmdline-opts/socks5-gssapi.md b/docs/cmdline-opts/socks5-gssapi.md new file mode 100644 index 000000000000..b8520b22cc72 --- /dev/null +++ b/docs/cmdline-opts/socks5-gssapi.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-gssapi +Help: Enable GSS-API auth for SOCKS5 proxies +Added: 7.55.0 +Category: proxy auth +Protocols: GSS/kerberos +Multi: boolean +See-also: + - socks5 +Example: + - --socks5-gssapi --socks5 hostname:4096 $URL +--- + +# `--socks5-gssapi` + +Use GSS-API authentication when connecting to a SOCKS5 proxy. The GSS-API +authentication is enabled by default (if curl is compiled with GSS-API +support). Use --socks5-basic to force username/password authentication to +SOCKS5 proxies. diff --git a/docs/cmdline-opts/socks5-hostname.d b/docs/cmdline-opts/socks5-hostname.d deleted file mode 100644 index 247d7660e7f9..000000000000 --- a/docs/cmdline-opts/socks5-hostname.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: socks5-hostname -Arg: -Help: SOCKS5 proxy, pass host name to proxy -Added: 7.18.0 -Category: proxy ---- -Use the specified SOCKS5 proxy (and let the proxy resolve the host name). If -the port number is not specified, it is assumed at port 1080. - -This option overrides any previous use of --proxy, as they are mutually -exclusive. - -Since 7.21.7, this option is superfluous since you can specify a socks5 -hostname proxy with --proxy using a socks5h:// protocol prefix. - -Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time ---proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to -the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/socks5-hostname.md b/docs/cmdline-opts/socks5-hostname.md new file mode 100644 index 000000000000..b558248a78b9 --- /dev/null +++ b/docs/cmdline-opts/socks5-hostname.md @@ -0,0 +1,36 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-hostname +Arg: +Help: SOCKS5 proxy, pass hostname to proxy +Added: 7.18.0 +Category: proxy +Multi: single +Mutexed: proxy socks4 socks4a socks5 +See-also: + - socks5 + - socks4a +Example: + - --socks5-hostname proxy.example:7000 $URL +--- + +# `--socks5-hostname` + +Use the specified SOCKS5 proxy (and let the proxy resolve the hostname). If +the port number is not specified, it is assumed at port 1080. + +To specify the proxy on a Unix domain socket, use localhost for host and +append the absolute path to the domain socket. For example: +`socks5h://localhost/path/to/socket.sock` (the scheme may be omitted). + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +This option is superfluous since you can specify a socks5 hostname proxy with +--proxy using a socks5h:// protocol prefix. (Added in 7.21.7) + +--preproxy can be used to specify a SOCKS proxy at the same time --proxy is +used with an HTTP/HTTPS proxy (added in 7.52.0). In such a case, curl first +connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or +HTTPS proxy. diff --git a/docs/cmdline-opts/socks5.d b/docs/cmdline-opts/socks5.d deleted file mode 100644 index bbe92f0a1043..000000000000 --- a/docs/cmdline-opts/socks5.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: socks5 -Arg: -Help: SOCKS5 proxy on given host + port -Added: 7.18.0 -Category: proxy ---- -Use the specified SOCKS5 proxy - but resolve the host name locally. If the -port number is not specified, it is assumed at port 1080. - -This option overrides any previous use of --proxy, as they are mutually -exclusive. - -Since 7.21.7, this option is superfluous since you can specify a socks5 proxy -with --proxy using a socks5:// protocol prefix. - -Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time ---proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to -the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. - -If this option is used several times, the last one will be used. - -This option (as well as --socks4) does not work with IPV6, FTPS or LDAP. diff --git a/docs/cmdline-opts/socks5.md b/docs/cmdline-opts/socks5.md new file mode 100644 index 000000000000..3aa65b33adda --- /dev/null +++ b/docs/cmdline-opts/socks5.md @@ -0,0 +1,39 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5 +Arg: +Help: SOCKS5 proxy on given host + port +Added: 7.18.0 +Category: proxy +Multi: single +See-also: + - socks5-hostname + - socks4a +Mutexed: proxy socks4 socks4a socks5-hostname +Example: + - --socks5 proxy.example:7000 $URL + - --socks5 localhost/path/unix-domain $URL +--- + +# `--socks5` + +Use the specified SOCKS5 proxy - but resolve the hostname locally. If the +port number is not specified, it is assumed at port 1080. + +To specify the proxy on a Unix domain socket, use localhost for host and +append the absolute path to the domain socket. For example: +`socks5://localhost/path/to/socket.sock` (the scheme may be omitted). + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +This option is superfluous since you can specify a socks5 proxy with --proxy +using a socks5:// protocol prefix. (Added in 7.21.7) + +--preproxy can be used to specify a SOCKS proxy at the same time --proxy is +used with an HTTP/HTTPS proxy (added in 7.52.0). In such a case, curl first +connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or +HTTPS proxy. + +This option does not work with FTPS or LDAP. diff --git a/docs/cmdline-opts/speed-limit.d b/docs/cmdline-opts/speed-limit.d deleted file mode 100644 index 3f9ad3a46e6f..000000000000 --- a/docs/cmdline-opts/speed-limit.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: speed-limit -Short: Y -Arg: -Help: Stop transfers slower than this -Category: connection ---- -If a download is slower than this given speed (in bytes per second) for -speed-time seconds it gets aborted. speed-time is set with --speed-time and is -30 if not set. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/speed-limit.md b/docs/cmdline-opts/speed-limit.md new file mode 100644 index 000000000000..b95d6e7d49df --- /dev/null +++ b/docs/cmdline-opts/speed-limit.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: speed-limit +Short: Y +Arg: +Help: Stop transfers slower than this +Category: connection +Added: 4.7 +Multi: single +See-also: + - speed-time + - limit-rate + - max-time +Example: + - --speed-limit 300 --speed-time 10 $URL +--- + +# `--speed-limit` + +If a transfer is slower than this set speed (in bytes per second) for a given +number of seconds, it gets aborted. The time period is set with --speed-time +and is 30 seconds by default. diff --git a/docs/cmdline-opts/speed-time.d b/docs/cmdline-opts/speed-time.d deleted file mode 100644 index 81acabec46a0..000000000000 --- a/docs/cmdline-opts/speed-time.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: speed-time -Short: y -Arg: -Help: Trigger 'speed-limit' abort after this time -Category: connection ---- -If a download is slower than speed-limit bytes per second during a speed-time -period, the download gets aborted. If speed-time is used, the default -speed-limit will be 1 unless set with --speed-limit. - -This option controls transfers and thus will not affect slow connects etc. If -this is a concern for you, try the --connect-timeout option. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/speed-time.md b/docs/cmdline-opts/speed-time.md new file mode 100644 index 000000000000..f27702bec3e8 --- /dev/null +++ b/docs/cmdline-opts/speed-time.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: speed-time +Short: y +Arg: +Help: Trigger 'speed-limit' abort after this time +Category: connection timeout +Added: 4.7 +Multi: single +See-also: + - speed-limit + - limit-rate +Example: + - --speed-limit 300 --speed-time 10 $URL +--- + +# `--speed-time` + +If a transfer runs slower than speed-limit bytes per second during a +speed-time period, the transfer is aborted. If speed-time is used, the default +speed-limit is 1 unless set with --speed-limit. + +This option controls transfers (in both directions) but does not affect slow +connects etc. If this is a concern for you, try the --connect-timeout option. diff --git a/docs/cmdline-opts/ssl-allow-beast.d b/docs/cmdline-opts/ssl-allow-beast.d deleted file mode 100644 index f18fe7470487..000000000000 --- a/docs/cmdline-opts/ssl-allow-beast.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: ssl-allow-beast -Help: Allow security flaw to improve interop -Added: 7.25.0 -Category: tls ---- -This option tells curl to not work around a security flaw in the SSL3 and -TLS1.0 protocols known as BEAST. If this option isn't used, the SSL layer may -use workarounds known to cause interoperability problems with some older SSL -implementations. WARNING: this option loosens the SSL security, and by using -this flag you ask for exactly that. diff --git a/docs/cmdline-opts/ssl-allow-beast.md b/docs/cmdline-opts/ssl-allow-beast.md new file mode 100644 index 000000000000..f9933b77af8b --- /dev/null +++ b/docs/cmdline-opts/ssl-allow-beast.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-allow-beast +Help: Allow security flaw to improve interop +Protocols: TLS +Added: 7.25.0 +Category: tls +Multi: boolean +See-also: + - proxy-ssl-allow-beast + - insecure +Example: + - --ssl-allow-beast $URL +--- + +# `--ssl-allow-beast` + +Do not work around a security flaw in the TLS1.0 protocol known as BEAST. If +this option is not used, the TLS layer may use workarounds known to cause +interoperability problems with some older server implementations. + +This option only changes how curl does TLS 1.0 and has no effect on later TLS +versions. + +**WARNING**: this option loosens the TLS security, and by using this flag you +ask for exactly that. diff --git a/docs/cmdline-opts/ssl-auto-client-cert.d b/docs/cmdline-opts/ssl-auto-client-cert.d deleted file mode 100644 index 16108aef13a4..000000000000 --- a/docs/cmdline-opts/ssl-auto-client-cert.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: ssl-auto-client-cert -Help: Use auto client certificate (Schannel) -Added: 7.77.0 -See-also: proxy-ssl-auto-client-cert -Category: tls ---- -Tell libcurl to automatically locate and use a client certificate for -authentication, when requested by the server. This option is only supported -for Schannel (the native Windows SSL library). Prior to 7.77.0 this was the -default behavior in libcurl with Schannel. Since the server can request any -certificate that supports client authentication in the OS certificate store it -could be a privacy violation and unexpected. diff --git a/docs/cmdline-opts/ssl-auto-client-cert.md b/docs/cmdline-opts/ssl-auto-client-cert.md new file mode 100644 index 000000000000..4f0be5bd7e76 --- /dev/null +++ b/docs/cmdline-opts/ssl-auto-client-cert.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-auto-client-cert +Help: Use auto client certificate (Schannel) +Added: 7.77.0 +Category: tls +Protocols: TLS +Multi: boolean +See-also: + - proxy-ssl-auto-client-cert +Example: + - --ssl-auto-client-cert $URL +--- + +# `--ssl-auto-client-cert` + +(Schannel) Automatically locate and use a client certificate for +authentication, when requested by the server. Since the server can request any +certificate that supports client authentication in the OS certificate store it +could be a privacy violation and unexpected. diff --git a/docs/cmdline-opts/ssl-no-revoke.d b/docs/cmdline-opts/ssl-no-revoke.d deleted file mode 100644 index 3b1614243e24..000000000000 --- a/docs/cmdline-opts/ssl-no-revoke.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: ssl-no-revoke -Help: Disable cert revocation checks (Schannel) -Added: 7.44.0 -Category: tls ---- -(Schannel) This option tells curl to disable certificate revocation checks. -WARNING: this option loosens the SSL security, and by using this flag you ask -for exactly that. diff --git a/docs/cmdline-opts/ssl-no-revoke.md b/docs/cmdline-opts/ssl-no-revoke.md new file mode 100644 index 000000000000..16981f14d126 --- /dev/null +++ b/docs/cmdline-opts/ssl-no-revoke.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-no-revoke +Help: Disable cert revocation checks (Schannel) +Added: 7.44.0 +Protocols: TLS +Category: tls +Multi: boolean +See-also: + - crlfile +Example: + - --ssl-no-revoke $URL +--- + +# `--ssl-no-revoke` + +(Schannel) Disable certificate revocation checks. WARNING: this option loosens +the SSL security, and by using this flag you ask for exactly that. diff --git a/docs/cmdline-opts/ssl-reqd.d b/docs/cmdline-opts/ssl-reqd.d deleted file mode 100644 index 2e573e39d122..000000000000 --- a/docs/cmdline-opts/ssl-reqd.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: ssl-reqd -Help: Require SSL/TLS -Protocols: FTP IMAP POP3 SMTP -Added: 7.20.0 -Category: tls ---- -Require SSL/TLS for the connection. Terminates the connection if the server -doesn't support SSL/TLS. - -This option was formerly known as --ftp-ssl-reqd. diff --git a/docs/cmdline-opts/ssl-reqd.md b/docs/cmdline-opts/ssl-reqd.md new file mode 100644 index 000000000000..f21c145f5993 --- /dev/null +++ b/docs/cmdline-opts/ssl-reqd.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-reqd +Help: Require SSL/TLS +Protocols: FTP IMAP POP3 SMTP LDAP +Added: 7.20.0 +Category: tls imap pop3 smtp ldap +Multi: boolean +See-also: + - ssl + - insecure +Example: + - --ssl-reqd ftp://example.com +--- + +# `--ssl-reqd` + +Require SSL/TLS for the connection - often referred to as STARTTLS or STLS +because of the involved commands. Terminates the connection if the transfer +cannot be upgraded to use SSL/TLS. + +This option is handled in LDAP (added in 7.81.0). It is fully supported by the +OpenLDAP backend and rejected by the generic ldap backend if explicit TLS is +required. + +This option is unnecessary if you use a URL scheme that in itself implies +immediate and implicit use of TLS, like for FTPS, IMAPS, POP3S, SMTPS and +LDAPS. Such a transfer always fails if the TLS handshake does not work. + +This option was formerly known as --ftp-ssl-reqd. diff --git a/docs/cmdline-opts/ssl-revoke-best-effort.d b/docs/cmdline-opts/ssl-revoke-best-effort.d deleted file mode 100644 index af22da46115d..000000000000 --- a/docs/cmdline-opts/ssl-revoke-best-effort.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: ssl-revoke-best-effort -Help: Ignore missing/offline cert CRL dist points -Added: 7.70.0 -Category: tls ---- -(Schannel) This option tells curl to ignore certificate revocation checks when -they failed due to missing/offline distribution points for the revocation check -lists. diff --git a/docs/cmdline-opts/ssl-revoke-best-effort.md b/docs/cmdline-opts/ssl-revoke-best-effort.md new file mode 100644 index 000000000000..0257e05f47e6 --- /dev/null +++ b/docs/cmdline-opts/ssl-revoke-best-effort.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-revoke-best-effort +Help: Ignore missing cert CRL dist points +Added: 7.70.0 +Protocols: TLS +Category: tls +Multi: boolean +See-also: + - crlfile + - insecure +Example: + - --ssl-revoke-best-effort $URL +--- + +# `--ssl-revoke-best-effort` + +(Schannel) Ignore certificate revocation checks when they failed due to +missing/offline distribution points for the revocation check lists. diff --git a/docs/cmdline-opts/ssl-sessions.md b/docs/cmdline-opts/ssl-sessions.md new file mode 100644 index 000000000000..33ef984a3ec4 --- /dev/null +++ b/docs/cmdline-opts/ssl-sessions.md @@ -0,0 +1,39 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-sessions +Arg: +Protocols: TLS +Help: Load/save SSL session tickets from/to this file +Added: 8.12.0 +Category: tls +Multi: single +Experimental: yes +See-also: + - tls-earlydata +Example: + - --ssl-sessions sessions.txt $URL +--- + +# `--ssl-sessions` + +Use the given file to load SSL session tickets into curl's cache before +starting any transfers. At the end of a successful curl run, the cached +SSL sessions tickets are saved to the file, replacing any previous content. + +The file does not have to exist, but curl reports an error if it is +unable to create it. Unused loaded tickets are saved again, unless they +get replaced or purged from the cache for space reasons. + +Using a session file allows `--tls-earlydata` to send the first request +in "0-RTT" mode, should an SSL session with the feature be found. Note that +a server may not support early data. Also note that early data does +not provide forward secrecy, e.g. is not as secure. + +The SSL session tickets are stored as base64 encoded text, each ticket on +its own line. The hostnames are cryptographically salted and hashed. While +this prevents someone from easily seeing the hosts you contacted, they could +still check if a specific hostname matches one of the values. + +This feature requires that the underlying libcurl was built with the +experimental SSL session import/export feature (SSLS-EXPORT) enabled. diff --git a/docs/cmdline-opts/ssl.d b/docs/cmdline-opts/ssl.d deleted file mode 100644 index 8df460106b2c..000000000000 --- a/docs/cmdline-opts/ssl.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: ssl -Help: Try SSL/TLS -Protocols: FTP IMAP POP3 SMTP -Added: 7.20.0 -Category: tls ---- - -Try to use SSL/TLS for the connection. Reverts to a non-secure connection if -the server doesn't support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd -for different levels of encryption required. - -This option was formerly known as --ftp-ssl (Added in 7.11.0). That option -name can still be used but will be removed in a future version. diff --git a/docs/cmdline-opts/ssl.md b/docs/cmdline-opts/ssl.md new file mode 100644 index 000000000000..5951d0199123 --- /dev/null +++ b/docs/cmdline-opts/ssl.md @@ -0,0 +1,34 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl +Help: Try enabling TLS +Protocols: FTP IMAP POP3 SMTP LDAP +Added: 7.20.0 +Category: tls imap pop3 smtp ldap +Multi: boolean +See-also: + - ssl-reqd + - insecure + - ciphers +Example: + - --ssl pop3://example.com/ +--- + +# `--ssl` + +Warning: this is considered an insecure option. Consider using --ssl-reqd +instead to be sure curl upgrades to a secure connection. + +Try to use SSL/TLS for the connection - often referred to as STARTTLS or STLS +because of the involved commands. Reverts to a non-secure connection if the +server does not support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for +different levels of encryption required. + +This option is handled in LDAP (added in 7.81.0). It is fully supported by the +OpenLDAP backend and ignored by the generic ldap backend. + +Please note that a server may close the connection if the negotiation fails. + +This option was formerly known as --ftp-ssl (added in 7.11.0). That option +name can still be used but might be removed in a future version. diff --git a/docs/cmdline-opts/sslv2.d b/docs/cmdline-opts/sslv2.d deleted file mode 100644 index f9ee99d0d06c..000000000000 --- a/docs/cmdline-opts/sslv2.d +++ /dev/null @@ -1,13 +0,0 @@ -Short: 2 -Long: sslv2 -Tags: Versions -Protocols: SSL -Added: -Mutexed: sslv3 tlsv1 tlsv1.1 tlsv1.2 -Requires: TLS -See-also: http1.1 http2 -Help: Use SSLv2 -Category: tls ---- -This option previously asked curl to use SSLv2, but starting in curl 7.77.0 this -instruction is ignored. SSLv2 is widely considered insecure (see RFC 6176). diff --git a/docs/cmdline-opts/sslv2.md b/docs/cmdline-opts/sslv2.md new file mode 100644 index 000000000000..ea92a2cb461d --- /dev/null +++ b/docs/cmdline-opts/sslv2.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 2 +Long: sslv2 +Tags: Versions +Protocols: SSL +Added: 5.9 +Mutexed: sslv3 tlsv1 tlsv1.1 tlsv1.2 +Requires: TLS +Help: SSLv2 +Category: deprecated +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --sslv2 $URL +--- + +# `--sslv2` + +This option previously asked curl to use SSLv2, but is now ignored +(added in 7.77.0). SSLv2 is widely considered insecure (see RFC 6176). diff --git a/docs/cmdline-opts/sslv3.d b/docs/cmdline-opts/sslv3.d deleted file mode 100644 index e8b2c35e874e..000000000000 --- a/docs/cmdline-opts/sslv3.d +++ /dev/null @@ -1,14 +0,0 @@ -Short: 3 -Long: sslv3 -Tags: Versions -Protocols: SSL -Added: -Mutexed: sslv2 tlsv1 tlsv1.1 tlsv1.2 -Requires: TLS -See-also: http1.1 http2 -Help: Use SSLv3 -Category: tls ---- -This option previously asked curl to use SSLv3, but starting in curl 7.77.0 -this instruction is ignored. SSLv3 is widely considered insecure (see RFC -7568). diff --git a/docs/cmdline-opts/sslv3.md b/docs/cmdline-opts/sslv3.md new file mode 100644 index 000000000000..f022124e10b7 --- /dev/null +++ b/docs/cmdline-opts/sslv3.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 3 +Long: sslv3 +Tags: Versions +Protocols: SSL +Added: 5.9 +Mutexed: sslv2 tlsv1 tlsv1.1 tlsv1.2 +Requires: TLS +Help: SSLv3 +Category: deprecated +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --sslv3 $URL +--- + +# `--sslv3` + +This option previously asked curl to use SSLv3, but is now ignored +(added in 7.77.0). SSLv3 is widely considered insecure (see RFC 7568). diff --git a/docs/cmdline-opts/stderr.d b/docs/cmdline-opts/stderr.d deleted file mode 100644 index 1154efb33283..000000000000 --- a/docs/cmdline-opts/stderr.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: stderr -Arg: -Help: Where to redirect stderr -See-also: verbose silent -Category: verbose ---- -Redirect all writes to stderr to the specified file instead. If the file name -is a plain '-', it is instead written to stdout. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/stderr.md b/docs/cmdline-opts/stderr.md new file mode 100644 index 000000000000..7030e557b09c --- /dev/null +++ b/docs/cmdline-opts/stderr.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: stderr +Arg: +Help: Where to redirect stderr +Category: verbose global +Added: 6.2 +Multi: single +Scope: global +See-also: + - verbose + - silent +Example: + - --stderr output.txt $URL +--- + +# `--stderr` + +Redirect all writes to stderr to the specified file instead. If the filename +is a plain '-', it is instead written to stdout. diff --git a/docs/cmdline-opts/styled-output.d b/docs/cmdline-opts/styled-output.d deleted file mode 100644 index 8aa4a0f05efb..000000000000 --- a/docs/cmdline-opts/styled-output.d +++ /dev/null @@ -1,7 +0,0 @@ -Long: styled-output -Help: Enable styled output for HTTP headers -Added: 7.61.0 -Category: verbose ---- -Enables the automatic use of bold font styles when writing HTTP headers to the -terminal. Use --no-styled-output to switch them off. diff --git a/docs/cmdline-opts/styled-output.md b/docs/cmdline-opts/styled-output.md new file mode 100644 index 000000000000..8193896c5df2 --- /dev/null +++ b/docs/cmdline-opts/styled-output.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: styled-output +Help: Enable styled output for HTTP headers +Added: 7.61.0 +Category: verbose global +Multi: boolean +Scope: global +See-also: + - head + - verbose +Example: + - --styled-output -I $URL +--- + +# `--styled-output` + +Enable automatic use of bold font styles when writing HTTP headers to the +terminal. Use --no-styled-output to switch them off. + +Styled output requires a terminal that supports bold fonts. This feature is +not present on curl for Windows due to lack of this capability. diff --git a/docs/cmdline-opts/suppress-connect-headers.d b/docs/cmdline-opts/suppress-connect-headers.d deleted file mode 100644 index b4e2a17db12d..000000000000 --- a/docs/cmdline-opts/suppress-connect-headers.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: suppress-connect-headers -Help: Suppress proxy CONNECT response headers -See-also: dump-header include proxytunnel -Category: proxy ---- -When --proxytunnel is used and a CONNECT request is made don't output proxy -CONNECT response headers. This option is meant to be used with --dump-header or ---include which are used to show protocol headers in the output. It has no -effect on debug options such as --verbose or --trace, or any statistics. diff --git a/docs/cmdline-opts/suppress-connect-headers.md b/docs/cmdline-opts/suppress-connect-headers.md new file mode 100644 index 000000000000..91d99775caf3 --- /dev/null +++ b/docs/cmdline-opts/suppress-connect-headers.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: suppress-connect-headers +Help: Suppress proxy CONNECT response headers +Category: proxy +Added: 7.54.0 +Multi: boolean +See-also: + - dump-header + - show-headers + - proxytunnel +Example: + - --suppress-connect-headers --show-headers -x proxy $URL +--- + +# `--suppress-connect-headers` + +When --proxytunnel is used and a CONNECT request is made, do not output proxy +CONNECT response headers. This option is meant to be used with --dump-header +or --show-headers which are used to show protocol headers in the output. It +has no effect on debug options such as --verbose or --trace, or any +statistics. diff --git a/docs/cmdline-opts/tcp-fastopen.d b/docs/cmdline-opts/tcp-fastopen.d deleted file mode 100644 index faef499f3e5a..000000000000 --- a/docs/cmdline-opts/tcp-fastopen.d +++ /dev/null @@ -1,6 +0,0 @@ -Long: tcp-fastopen -Added: 7.49.0 -Help: Use TCP Fast Open -Category: connection ---- -Enable use of TCP Fast Open (RFC7413). diff --git a/docs/cmdline-opts/tcp-fastopen.md b/docs/cmdline-opts/tcp-fastopen.md new file mode 100644 index 000000000000..7a954d006a1e --- /dev/null +++ b/docs/cmdline-opts/tcp-fastopen.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: tcp-fastopen +Added: 7.49.0 +Help: Use TCP Fast Open +Category: connection +Multi: boolean +See-also: + - false-start +Example: + - --tcp-fastopen $URL +--- + +# `--tcp-fastopen` + +Enable use of TCP Fast Open (RFC 7413). TCP Fast Open is a TCP extension that +allows data to be sent earlier over the connection (before the final +handshake ACK) if the client and server have been connected previously. diff --git a/docs/cmdline-opts/tcp-nodelay.d b/docs/cmdline-opts/tcp-nodelay.d deleted file mode 100644 index 90483d2e404a..000000000000 --- a/docs/cmdline-opts/tcp-nodelay.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: tcp-nodelay -Help: Use the TCP_NODELAY option -Added: 7.11.2 -Category: connection ---- -Turn on the TCP_NODELAY option. See the *curl_easy_setopt(3)* man page for -details about this option. - -Since 7.50.2, curl sets this option by default and you need to explicitly -switch it off if you don't want it on. diff --git a/docs/cmdline-opts/tcp-nodelay.md b/docs/cmdline-opts/tcp-nodelay.md new file mode 100644 index 000000000000..605667181a76 --- /dev/null +++ b/docs/cmdline-opts/tcp-nodelay.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: tcp-nodelay +Help: Set TCP_NODELAY +Added: 7.11.2 +Category: connection +Multi: boolean +See-also: + - no-buffer +Example: + - --tcp-nodelay $URL +--- + +# `--tcp-nodelay` + +Turn on the TCP_NODELAY option. + +This option disables the Nagle algorithm on TCP connections. The purpose of +this algorithm is to minimize the number of small packets on the network +(where "small packets" means TCP segments less than the Maximum Segment Size +for the network). + +Maximizing the amount of data sent per TCP segment is good because it +amortizes the overhead of the send. In some cases small segments may need to +be sent without delay. This is less efficient than sending larger amounts of +data at a time, and can contribute to congestion on the network if overdone. + +curl sets this option by default and you need to explicitly switch it off if +you do not want it on (added in 7.50.2). diff --git a/docs/cmdline-opts/telnet-option.d b/docs/cmdline-opts/telnet-option.d deleted file mode 100644 index 789de3ea1f4d..000000000000 --- a/docs/cmdline-opts/telnet-option.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: telnet-option -Short: t -Arg: -Help: Set telnet option -Category: telnet ---- -Pass options to the telnet protocol. Supported options are: - -TTYPE= Sets the terminal type. - -XDISPLOC= Sets the X display location. - -NEW_ENV= Sets an environment variable. diff --git a/docs/cmdline-opts/telnet-option.md b/docs/cmdline-opts/telnet-option.md new file mode 100644 index 000000000000..ca82a4ceb8e5 --- /dev/null +++ b/docs/cmdline-opts/telnet-option.md @@ -0,0 +1,29 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: telnet-option +Short: t +Arg: +Help: Set telnet option +Category: telnet +Protocols: TELNET +Added: 7.7 +Multi: append +See-also: + - config +Example: + - -t TTYPE=vt100 telnet://example.com/ +--- + +# `--telnet-option` + +Pass options to the telnet protocol. Supported options are: + +## `TTYPE=` +Sets the terminal type. + +## `XDISPLOC=` +Sets the X display location. + +## `NEW_ENV=` +Sets an environment variable. diff --git a/docs/cmdline-opts/tftp-blksize.d b/docs/cmdline-opts/tftp-blksize.d deleted file mode 100644 index 6e67ed2e11f0..000000000000 --- a/docs/cmdline-opts/tftp-blksize.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: tftp-blksize -Arg: -Help: Set TFTP BLKSIZE option -Protocols: TFTP -Added: 7.20.0 -Category: tftp ---- -Set TFTP BLKSIZE option (must be >512). This is the block size that curl will -try to use when transferring data to or from a TFTP server. By default 512 -bytes will be used. - -If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/tftp-blksize.md b/docs/cmdline-opts/tftp-blksize.md new file mode 100644 index 000000000000..21d8476af060 --- /dev/null +++ b/docs/cmdline-opts/tftp-blksize.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: tftp-blksize +Arg: +Help: Set TFTP BLKSIZE option +Protocols: TFTP +Added: 7.20.0 +Category: tftp +Multi: single +See-also: + - tftp-no-options +Example: + - --tftp-blksize 1024 tftp://example.com/file +--- + +# `--tftp-blksize` + +Set the TFTP **BLKSIZE** option (must be 512 or larger). This is the block +size that curl tries to use when transferring data to or from a TFTP +server. By default 512 bytes are used. diff --git a/docs/cmdline-opts/tftp-no-options.d b/docs/cmdline-opts/tftp-no-options.d deleted file mode 100644 index 023327301fe8..000000000000 --- a/docs/cmdline-opts/tftp-no-options.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: tftp-no-options -Help: Do not send any TFTP options -Protocols: TFTP -Added: 7.48.0 -Category: tftp ---- -Tells curl not to send TFTP options requests. - -This option improves interop with some legacy servers that do not acknowledge -or properly implement TFTP options. When this option is used --tftp-blksize is -ignored. diff --git a/docs/cmdline-opts/tftp-no-options.md b/docs/cmdline-opts/tftp-no-options.md new file mode 100644 index 000000000000..27bbe55bba92 --- /dev/null +++ b/docs/cmdline-opts/tftp-no-options.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: tftp-no-options +Help: Do not send any TFTP options +Protocols: TFTP +Added: 7.48.0 +Category: tftp +Multi: boolean +See-also: + - tftp-blksize +Example: + - --tftp-no-options tftp://192.168.0.1/ +--- + +# `--tftp-no-options` + +Do not send TFTP options requests. This improves interop with some legacy +servers that do not acknowledge or properly implement TFTP options. When this +option is used --tftp-blksize is ignored. diff --git a/docs/cmdline-opts/time-cond.d b/docs/cmdline-opts/time-cond.d deleted file mode 100644 index 0b56c6ee3949..000000000000 --- a/docs/cmdline-opts/time-cond.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: time-cond -Short: z -Arg: