diff --git a/CMake/Helpers/CMakeWindows.cmake b/CMake/Helpers/CMakeWindows.cmake index f3eb061aae..998e7aaa6a 100644 --- a/CMake/Helpers/CMakeWindows.cmake +++ b/CMake/Helpers/CMakeWindows.cmake @@ -32,7 +32,7 @@ set_target_properties(Etterna PROPERTIES COMPILE_DEFINITIONS "${cdefs}") target_compile_options(Etterna PRIVATE /W3) # Linking - Windows Only -target_link_libraries(Etterna curl) +target_link_libraries(Etterna libcurl) target_link_libraries(Etterna ffmpeg) find_package(DirectX REQUIRED) @@ -51,14 +51,12 @@ list(APPEND WIN_DLLS "${PROJECT_SOURCE_DIR}/extern/ffmpeg/windows/${ARCH}/avcodec-55.dll" "${PROJECT_SOURCE_DIR}/extern/ffmpeg/windows/${ARCH}/avformat-55.dll" "${PROJECT_SOURCE_DIR}/extern/ffmpeg/windows/${ARCH}/avutil-52.dll" - "${PROJECT_SOURCE_DIR}/extern/ffmpeg/windows/${ARCH}/swscale-2.dll" - "${PROJECT_SOURCE_DIR}/extern/libcurl/windows/${ARCH}/libcurl.dll") + "${PROJECT_SOURCE_DIR}/extern/ffmpeg/windows/${ARCH}/swscale-2.dll") if(ARCH STREQUAL "32bit") list(APPEND WIN_DLLS "${OPENSSL_ROOT_DIR}/libssl-1_1.dll" "${OPENSSL_ROOT_DIR}/libcrypto-1_1.dll") # SSL else() # 64bit list(APPEND WIN_DLLS "${OPENSSL_ROOT_DIR}/libssl-1_1-x64.dll" "${OPENSSL_ROOT_DIR}/libcrypto-1_1-x64.dll") # SSL - list(APPEND WIN_DLLS "${PROJECT_SOURCE_DIR}/extern/libcurl/windows/${ARCH}/libcurl.dll") # CURL endif() foreach(dll ${WIN_DLLS}) diff --git a/CMakeLists.txt b/CMakeLists.txt index 0c2dfb06d0..c2e8507c6f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -40,6 +40,10 @@ set(SQLITECPP_RUN_CPPLINT OFF CACHE BOOL "" FORCE) # Disable SQLiteCpp linting set(CLANG_FORMAT_CMD OFF CACHE BOOL "" FORCE) # Disable discord clang-format set(BUILD_EXAMPLES OFF CACHE BOOL "" FORCE) # Disable discord examples set(USE_STATIC_CRT ON CACHE BOOL "" FORCE) # Have discord-rpc link statically +set(BUILD_TESTING OFF CACHE BOOL "" FORCE) # Disable libuv testing +if(WIN32) + set(CURL_STATIC_CRT ON CACHE BOOL "" FORCE) # Have curl link statically - Windows only option +endif() ## CMake related variables set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}/CMake/Modules) # Tell CMake where to access FindXXX.cmake files diff --git a/extern/CMakeLists.txt b/extern/CMakeLists.txt index a4dc1969a2..0fccfad572 100644 --- a/extern/CMakeLists.txt +++ b/extern/CMakeLists.txt @@ -24,7 +24,7 @@ add_subdirectory(glew-1.5.8) add_subdirectory(pcre) add_subdirectory(stb) add_subdirectory(zlib) -add_subdirectory(libcurl) +add_subdirectory(curl) add_subdirectory(mad-0.15.1b) add_subdirectory(newogg) add_subdirectory(newvorbis) diff --git a/extern/curl/.azure-pipelines.yml b/extern/curl/.azure-pipelines.yml new file mode 100644 index 0000000000..9e2d74e993 --- /dev/null +++ b/extern/curl/.azure-pipelines.yml @@ -0,0 +1,428 @@ +# Starter pipeline +# Start with a minimal pipeline that you can customize to build and deploy your code. +# Add steps that build, run tests, deploy, and more: +# https://aka.ms/yaml + +trigger: +- 'master' +- '*/ci' + +stages: + +########################################## +### Linux jobs first +########################################## + +- stage: linux + dependsOn: [] + jobs: + - job: vanilla + displayName: ubuntu default + timeoutInMinutes: 20 + pool: + vmImage: 'ubuntu-latest' + steps: + - script: ./buildconf && ./configure --enable-debug --enable-werror + displayName: 'configure debug' + + - script: make + displayName: 'make' + + - script: make test-nonflaky + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: disable_ipv6 + displayName: ubuntu w/o IPv6 + timeoutInMinutes: 20 + pool: + vmImage: 'ubuntu-latest' + steps: + - script: ./buildconf && ./configure --disable-ipv6 + displayName: 'configure disable ipv6' + + - script: make + displayName: 'make' + + - script: make test-nonflaky + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: disable_http_smtp_imap + displayName: ubuntu w/o HTTP/SMTP/IMAP + timeoutInMinutes: 20 + pool: + vmImage: 'ubuntu-latest' + steps: + - script: ./buildconf && ./configure --disable-http --disable-smtp --disable-imap + displayName: 'configure disable http/smtp/imap' + + - script: make + displayName: 'make' + + - script: make test-nonflaky + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: disable_thredres + displayName: ubuntu sync resolver + timeoutInMinutes: 20 + pool: + vmImage: 'ubuntu-latest' + steps: + - script: ./buildconf && ./configure --disable-threaded-resolver + displayName: 'configure disable threaded-resolver' + + - script: make + displayName: 'make' + + - script: make test-nonflaky + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: http_only + displayName: ubuntu HTTP only + timeoutInMinutes: 20 + pool: + vmImage: 'ubuntu-latest' + steps: + - script: ./buildconf && ./configure --disable-dict --disable-file --disable-ftp --disable-gopher --disable-imap --disable-ldap --disable-pop3 --disable-rtmp --disable-rtsp --disable-scp --disable-sftp --disable-smb --disable-smtp --disable-telnet --disable-tftp + displayName: 'configure disable non-http' + + - script: make + displayName: 'make' + + - script: make test-nonflaky + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + +- stage: linux_torture + dependsOn: linux + jobs: + - job: torture + displayName: ubuntu torture tests + timeoutInMinutes: 50 + pool: + vmImage: 'ubuntu-latest' + steps: + - script: sudo apt install libnghttp2-dev + displayName: 'apt install' + + - script: ./buildconf && ./configure --enable-debug --disable-shared --disable-threaded-resolver --enable-alt-svc + displayName: 'configure torture' + + - script: make + displayName: 'make' + + - script: make "TFLAGS=-n -t --shallow=40 '!FTP'" test-nonflaky + displayName: 'torture test' + +########################################## +### macOS jobs below +########################################## + +- stage: macos + dependsOn: [] + jobs: + - job: macos_vanilla + displayName: macos default + timeoutInMinutes: 30 + pool: + vmImage: 'macOS-latest' + steps: + - script: brew update && brew install libtool autoconf automake nghttp2 pkg-config + displayName: 'brew install' + + - script: ./buildconf && ./configure --enable-debug --enable-werror --without-brotli + displayName: 'configure debug without brotli' + + - script: make + displayName: 'make' + + - script: make test-nonflaky + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: macos_libssh2 + displayName: macos libssh2 + timeoutInMinutes: 30 + pool: + vmImage: 'macOS-latest' + steps: + - script: brew update && brew install libtool autoconf automake nghttp2 pkg-config libssh2 + displayName: 'brew install' + + - script: ./buildconf && ./configure --enable-debug --with-libssh2 + displayName: 'configure debug with libssh2' + + - script: make + displayName: 'make' + + - script: make test-nonflaky + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: macos_cmake + displayName: macos cmake openssl + timeoutInMinutes: 20 + pool: + vmImage: 'macOS-latest' + steps: + - script: brew update && brew install libtool autoconf automake nghttp2 pkg-config openssl + displayName: 'brew install' + + - script: cmake -H. -Bbuild -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON && cmake --build build + displayName: 'cmake build' + +- stage: macos_torture + dependsOn: macos + jobs: + - job: macos_torture + displayName: macos torture + timeoutInMinutes: 50 + pool: + vmImage: 'macOS-latest' + steps: + - script: brew update && brew install libtool autoconf automake nghttp2 pkg-config + displayName: 'brew install' + + - script: ./buildconf && ./configure --enable-debug --disable-shared --disable-threaded-resolver --enable-alt-svc + displayName: 'configure torture' + + - script: make + displayName: 'make' + + - script: make "TFLAGS=-n -t --shallow=25 '!FTP'" test-nonflaky + displayName: 'torture test' + +########################################## +### Windows jobs below +########################################## + +- stage: windows + dependsOn: [] + jobs: + - job: windows_msys2_mingw32_debug_openssl + displayName: msys2 mingw32 debug openssl + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys2-mingw32:ltsc2019 + env: + MSYSTEM: MINGW32 + MSYS2_PATH_TYPE: inherit + TFLAGS: "~323 ~1056 ~1299" + steps: + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=i686-w64-mingw32 --build=i686-w64-mingw32 --enable-debug --enable-werror" + displayName: 'configure debug' + + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: windows_msys2_mingw64_debug_openssl + displayName: msys2 mingw64 debug openssl + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys2-mingw64:ltsc2019 + env: + MSYSTEM: MINGW64 + MSYS2_PATH_TYPE: inherit + TFLAGS: "~323 ~1056 ~1299" + steps: + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --enable-debug --enable-werror" + displayName: 'configure debug' + + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: windows_msys1_mingw_debug_openssl + displayName: msys1 mingw debug openssl + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys1-mingw:ltsc2019 + env: + TFLAGS: "~203 ~1056 ~1143" + steps: + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug" + displayName: 'configure debug' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: windows_msys1_mingw32_debug_openssl + displayName: msys1 mingw32 debug openssl + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys1-mingw32:ltsc2019 + env: + TFLAGS: "~203 ~1056 ~1143 ~1299" + steps: + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --without-zlib" + displayName: 'configure debug without zlib' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: windows_msys1_mingw64_debug_openssl + displayName: msys1 mingw64 debug openssl + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys1-mingw64:ltsc2019 + env: + TFLAGS: "~203 ~1056 ~1143 ~1299" + steps: + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --without-zlib" + displayName: 'configure debug without zlib' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: windows_msys2_mingw32_debug_schannel + displayName: msys2 mingw32 debug schannel + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys2-mingw32:ltsc2019 + env: + MSYSTEM: MINGW32 + MSYS2_PATH_TYPE: inherit + TFLAGS: "~165 ~310 ~1013 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001" + steps: + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=i686-w64-mingw32 --build=i686-w64-mingw32 --enable-debug --enable-werror --enable-sspi --without-ssl --with-schannel --with-winidn" + displayName: 'configure debug with sspi/schannel/winidn' + + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: windows_msys2_mingw64_debug_schannel + displayName: msys2 mingw64 debug schannel + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys2-mingw64:ltsc2019 + env: + MSYSTEM: MINGW64 + MSYS2_PATH_TYPE: inherit + TFLAGS: "~165 ~310 ~1013 ~1056 ~1299 ~1448 ~2034 ~2037 ~2041 ~2046 ~2047 ~3000 ~3001" + steps: + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --enable-debug --enable-werror --enable-sspi --without-ssl --with-schannel --with-winidn" + displayName: 'configure debug with sspi/schannel/winidn' + + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\msys64\usr\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: windows_msys1_mingw_debug_schannel + displayName: msys1 mingw debug schannel + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys1-mingw:ltsc2019 + env: + TFLAGS: "~203 ~305 ~310 ~311 ~312 ~313 ~404 ~1013 ~1056 ~1143 ~2034 ~2035 ~2037 ~2038 ~2041 ~2042 ~2048 ~3000 ~3001" + steps: + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --enable-sspi --without-ssl --with-schannel --with-winidn" + displayName: 'configure debug with sspi/schannel/winidn' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: windows_msys1_mingw32_debug_schannel + displayName: msys1 mingw32 debug schannel + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys1-mingw32:ltsc2019 + env: + TFLAGS: "~203 ~310 ~1013 ~1056 ~1143 ~1299 ~2034 ~2037 ~2041 ~3000 ~3001" + steps: + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --enable-sspi --without-ssl --with-schannel --with-winidn --without-zlib" + displayName: 'configure debug with sspi/schannel/winidn without zlib' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + + - job: windows_msys1_mingw64_debug_schannel + displayName: msys1 mingw64 debug schannel + timeoutInMinutes: 70 + pool: + vmImage: 'windows-2019' + container: + image: mback2k/curl-docker-winbuildenv-msys1-mingw64:ltsc2019 + env: + TFLAGS: "~203 ~310 ~1013 ~1056 ~1143 ~1299 ~2034 ~2037 ~2041 ~3000 ~3001" + steps: + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && ./buildconf && ./configure --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --enable-sspi --without-ssl --with-schannel --with-winidn --without-zlib" + displayName: 'configure debug with sspi/schannel/winidn without zlib' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make" + displayName: 'make' + + - script: C:\MinGW\msys\1.0\bin\sh -l -c "cd $(echo '%cd%') && make test-nonflaky" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" diff --git a/extern/curl/.cirrus.yml b/extern/curl/.cirrus.yml new file mode 100644 index 0000000000..5bf6b35a48 --- /dev/null +++ b/extern/curl/.cirrus.yml @@ -0,0 +1,53 @@ +# Cirrus CI configuration +# https://cirrus-ci.com/github/curl/curl + +task: + name: FreeBSD + freebsd_instance: + matrix: + # A stable 13.0 image likely won't be available before early 2021 + # image_family: freebsd-13-0-snap + image_family: freebsd-12-1 + # The stable 11.3 image causes "Agent is not responding" so use a snapshot + image_family: freebsd-11-3-snap + + env: + CIRRUS_CLONE_DEPTH: 10 + MAKE_FLAGS: -j 2 + + pkginstall_script: + - pkg install -y autoconf automake libtool pkgconf brotli openldap-client heimdal libpsl libmetalink libssh2 openssh-portable libidn2 librtmp libnghttp2 nghttp2 stunnel + - pkg delete -y curl + configure_script: + - ./buildconf + - case `uname -r` in + 13.0*) + export CC=clang; + export CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g"; + export CXXFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g"; + export LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer" ;; + esac + - ./configure --prefix="${HOME}"/install --enable-debug --with-libssh2 --with-brotli --with-gssapi --with-libidn2 --enable-manual --enable-ldap --enable-ldaps --with-librtmp --with-libmetalink --with-libpsl --with-nghttp2 || { tail -300 config.log; false; } + compile_script: + - make V=1 + test_script: + # blackhole? + - sysctl net.inet.tcp.blackhole + # make sure we don't run blackhole != 0 + - sudo sysctl net.inet.tcp.blackhole=0 + # Some tests won't run if run as root so run them as another user. + # Make directories world writable so the test step can write wherever it needs. + - find . -type d -exec chmod 777 {} \; + # TODO: A number of tests are failing on different FreeBSD versions and so + # are disabled. This should be investigated. + - SKIP_TESTS='' + - uname -r + - case `uname -r` in + 13.0*) SKIP_TESTS='!323 !1242 !1243 !2002 !2003';; + 12.1*) SKIP_TESTS='!323 !1242 !1243 !2002 !2003';; + 11.3*) SKIP_TESTS='!504 !1242 !1243 !2002 !2003';; + 10.4*) SKIP_TESTS='!310 !311 !312 !313 !1082 !1242 !1243 !2002 !2003 !2034 !2035 !2037 !2038 !2041 !2042 !2048 !3000 !3001';; + esac + - sudo -u nobody make V=1 TFLAGS="-n -a -p !flaky ${SKIP_TESTS}" test-nonflaky + install_script: + - make V=1 install diff --git a/extern/curl/.dir-locals.el b/extern/curl/.dir-locals.el new file mode 100644 index 0000000000..ed91b128c5 --- /dev/null +++ b/extern/curl/.dir-locals.el @@ -0,0 +1,10 @@ +;;; Directory Local Variables +;;; See Info node `(emacs) Directory Variables' for more information. + +((nil . ((indent-tabs-mode . nil) + (show-trailing-whitespace . t))) + (c-mode . ((c-basic-offset . 2) + )) + (c++-mode . ((c-basic-offset . 2) + )) + ) diff --git a/extern/curl/.gitattributes b/extern/curl/.gitattributes new file mode 100644 index 0000000000..cd3fde9545 --- /dev/null +++ b/extern/curl/.gitattributes @@ -0,0 +1,8 @@ +*.dsw -crlf +buildconf eol=lf +configure.ac eol=lf +*.m4 eol=lf +*.in eol=lf +*.am eol=lf +*.sh eol=lf +*.[ch] whitespace=tab-in-indent diff --git a/extern/curl/.github/CONTRIBUTING.md b/extern/curl/.github/CONTRIBUTING.md new file mode 100644 index 0000000000..bce89b4442 --- /dev/null +++ b/extern/curl/.github/CONTRIBUTING.md @@ -0,0 +1,23 @@ +How to contribute to curl +========================= + +Join the community +------------------ + + 1. Click 'watch' on the github repo + + 2. Subscribe to the suitable [mailing lists](https://curl.haxx.se/mail/) + +Read [CONTRIBUTE](../docs/CONTRIBUTE.md) +--------------------------------------- + +Send your suggestions using one of these methods: +------------------------------------------------- + + 1. in a mail to the mailing list + + 2. as a [pull request](https://github.com/curl/curl/pulls) + + 3. as an [issue](https://github.com/curl/curl/issues) + +/ The curl team! diff --git a/extern/curl/.github/FUNDING.yml b/extern/curl/.github/FUNDING.yml new file mode 100644 index 0000000000..fb9cb5b485 --- /dev/null +++ b/extern/curl/.github/FUNDING.yml @@ -0,0 +1 @@ +open_collective: curl diff --git a/extern/curl/.github/ISSUE_TEMPLATE b/extern/curl/.github/ISSUE_TEMPLATE new file mode 100644 index 0000000000..452cafb592 --- /dev/null +++ b/extern/curl/.github/ISSUE_TEMPLATE @@ -0,0 +1,19 @@ + + +### I did this + +### I expected the following + +### curl/libcurl version + +[curl -V output] + +### operating system + + diff --git a/extern/curl/.github/lock.yml b/extern/curl/.github/lock.yml new file mode 100644 index 0000000000..66e79128e4 --- /dev/null +++ b/extern/curl/.github/lock.yml @@ -0,0 +1,8 @@ +# Configuration for lock-threads - https://github.com/dessant/lock-threads + +# Number of days of inactivity before a closed issue or pull request is locked +daysUntilLock: 90 +# Comment to post before locking. Set to `false` to disable +lockComment: false +# Limit to only `issues` or `pulls` +# only: issues diff --git a/extern/curl/.github/stale.yml b/extern/curl/.github/stale.yml new file mode 100644 index 0000000000..9bcd4eb1d5 --- /dev/null +++ b/extern/curl/.github/stale.yml @@ -0,0 +1,17 @@ +# Number of days of inactivity before an issue becomes stale +daysUntilStale: 180 +# Number of days of inactivity before a stale issue is closed +daysUntilClose: 14 +# Issues with these labels will never be considered stale +exemptLabels: + - pinned + - security +# Label to use when marking an issue as stale +staleLabel: stale +# Comment to post when marking an issue as stale. Set to `false` to disable +markComment: > + This issue has been automatically marked as stale because it has not had + recent activity. It will be closed if no further activity occurs. Thank you + for your contributions. +# Comment to post when closing a stale issue. Set to `false` to disable +closeComment: false diff --git a/extern/curl/.github/workflows/cpp.yml b/extern/curl/.github/workflows/cpp.yml new file mode 100644 index 0000000000..94eb070d5e --- /dev/null +++ b/extern/curl/.github/workflows/cpp.yml @@ -0,0 +1,17 @@ +name: Build on Ubuntu with default options + +on: [push] + +jobs: + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + - name: configure + run: ./buildconf && ./configure + - name: make + run: make + - name: make check + run: make test-nonflaky diff --git a/extern/curl/.github/workflows/fuzz.yml b/extern/curl/.github/workflows/fuzz.yml new file mode 100644 index 0000000000..296acc7970 --- /dev/null +++ b/extern/curl/.github/workflows/fuzz.yml @@ -0,0 +1,23 @@ +name: CIFuzz +on: [pull_request] +jobs: + Fuzzing: + runs-on: ubuntu-latest + steps: + - name: Build Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'curl' + dry-run: false + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'curl' + fuzz-seconds: 600 + dry-run: false + - name: Upload Crash + uses: actions/upload-artifact@v1 + if: failure() + with: + name: artifacts + path: ./out/artifacts diff --git a/extern/curl/.gitignore b/extern/curl/.gitignore new file mode 100644 index 0000000000..9b040fea07 --- /dev/null +++ b/extern/curl/.gitignore @@ -0,0 +1,60 @@ +*.asc +*.dll +*.exe +*.exp +*.la +*.lib +*.lo +*.o +*.obj +*.pdb +*.pyc +*~ +.*.sw? +.cproject +.deps +.dirstamp +.libs +.project +.settings +/.vs +/build/ +/builds/ +__pycache__ +CHANGES.dist +Debug +INSTALL +Makefile +Makefile.in +Release +TAGS +aclocal.m4 +aclocal.m4.bak +autom4te.cache +compile +config.cache +config.guess +config.log +config.status +config.sub +configure +curl-*.tar.bz2 +curl-*.tar.gz +curl-*.tar.xz +curl-*.zip +curl-config +depcomp +install-sh +libcurl.pc +libtool +ltmain.sh +missing +mkinstalldirs +tags +test-driver +scripts/_curl +scripts/curl.fish +curl_fuzzer +curl_fuzzer_seed_corpus.zip +libstandaloneengine.a +.checksrc diff --git a/extern/curl/.lgtm.yml b/extern/curl/.lgtm.yml new file mode 100644 index 0000000000..030c563bd8 --- /dev/null +++ b/extern/curl/.lgtm.yml @@ -0,0 +1,10 @@ +extraction: + cpp: + prepare: + packages: # to avoid confusion with libopenafs-dev which also provides a des.h + - libssl-dev + after_prepare: # make sure lgtm.com doesn't use CMake (which generates and runs tests) + - rm -f CMakeLists.txt + - ./buildconf + configure: # enable as many optional features as possible + command: ./configure --enable-ares --with-libssh2 --with-gssapi --with-librtmp --with-libmetalink diff --git a/extern/curl/.mailmap b/extern/curl/.mailmap new file mode 100644 index 0000000000..14b7b73ada --- /dev/null +++ b/extern/curl/.mailmap @@ -0,0 +1,61 @@ +Guenter Knauf +Gisle Vanem +Gisle Vanem +Alessandro Ghedini +Alessandro Ghedini +Björn Stenberg +Björn Stenberg +Viktor Szakats +Viktor Szakats +Daniel Gustafsson +Daniel Gustafsson +Linus Nielsen +Yamada Yasuharu +Ulion +Tim Rühsen +Steve Holme +Claes Jakobsson +Sergei Nikulov +Patrick Monnerat +Patrick Monnerat +Patrick Monnerat +Patrick Monnerat +Nick Zitzmann +Peter Wu +David Woodhouse +Marcel Raad +Marcel Raad +Marcel Raad +Anthony Bryan +Travis Burtrum +Dmitry Kostjuchenko +Richard Alcock +Richard Alcock +Jan Ehrhardt +Florin Petriuc +Pavel Pavlov +Jason Juang +Carlo Teubner +Joel Depooter +Sebastian Mundry +Rainer Canavan +Dan Fandrich +Henrik S. Gaßmann +Jiří Malák +Nick Zitzmann +Kees Dekker +Max Savenkov +Daniel Jelinski <30433125+djelinski@users.noreply.github.com> +Amit Katyal +Giorgos Oikonomou +Evgeny Grin +Peter Pih +Anton Malov +Marquis de Muesli +Kyohei Kadota +Lucas Pardue +Massimiliano Fantuzzi +Niall O'Reilly +Mohammad Hasbini +Andrew Ishchuk +Nicolas Guillier <59726521+nicoguillier@users.noreply.github.com> diff --git a/extern/curl/.travis.yml b/extern/curl/.travis.yml new file mode 100644 index 0000000000..4174168ece --- /dev/null +++ b/extern/curl/.travis.yml @@ -0,0 +1,441 @@ +language: c +sudo: required +cache: + directories: + - $HOME/wolfssl-4.0.0-stable + - $HOME/mesalink-1.0.0 + - $HOME/nghttp2-1.39.2 + +env: + global: + - LD_LIBRARY_PATH=/usr/local/lib + +addons: + apt: + config: + retries: true + sources: &common_sources + - ubuntu-toolchain-r-test + packages: &common_packages + - cmake + - gcc-8 + - valgrind + - libev-dev + - libc-ares-dev + - g++-8 + - libstdc++-8-dev + - stunnel4 + - libidn2-0-dev + - gnutls-bin + +matrix: + include: + - os: linux + compiler: gcc + dist: trusty + env: + - T=normal C="--with-gssapi --with-libssh2" CHECKSRC=1 + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - krb5-user + - libssh2-1-dev + - os: linux + compiler: gcc + dist: trusty + env: + - T=normal C=--with-libssh + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libssh-dev + - os: linux + compiler: gcc + dist: trusty + env: + - T=normal C="--enable-ares" + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + - os: linux + compiler: gcc + dist: bionic + env: + - T=normal C="--disable-verbose" CPPFLAGS="-Wno-variadic-macros" NOTESTS=1 + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: gcc + dist: bionic + before_install: + # Install and use the current stable release of Go + - gimme --list + - eval "$(gimme stable)" + - gimme --list + env: + - T=novalgrind BORINGSSL=yes C="--with-ssl=$HOME/boringssl" LD_LIBRARY_PATH=/home/travis/boringssl/lib:/usr/local/lib + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - ppa:longsleep/golang-backports + - *common_sources + packages: + - *common_packages + - os: linux + compiler: gcc + dist: bionic + before_install: + # Install and use the current stable release of Go + - gimme --list + - eval "$(gimme stable)" + - gimme --list + env: + - T=novalgrind BORINGSSL=yes QUICHE="yes" C="--with-ssl=$HOME/boringssl --with-quiche=$HOME/quiche/target/release --enable-alt-svc" LD_LIBRARY_PATH=/home/travis/boringssl/lib:$HOME/quiche/target/release:/usr/local/lib + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: gcc + dist: xenial + env: + - T=novalgrind NGTCP2=yes C="--with-ssl=$HOME/ngbuild --with-ngtcp2=$HOME/ngbuild --with-nghttp3=$HOME/ngbuild --enable-alt-svc" NOTESTS= + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: gcc + dist: bionic + env: + - T=debug-wolfssl C="--with-wolfssl --without-ssl" + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: gcc + dist: bionic + env: + - T=debug-mesalink C="--with-mesalink --without-ssl" + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: clang + dist: xenial + env: + - T=debug + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-xenial-7 + packages: + - *common_packages + - clang-7 + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: clang + dist: xenial + env: + - T=debug C="--enable-alt-svc" + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-xenial-7 + packages: + - *common_packages + - clang-7 + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: clang + dist: xenial + env: + - T=debug C="--with-mbedtls --without-ssl" + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-xenial-7 + packages: + - *common_packages + - clang-7 + - libpsl-dev + - libbrotli-dev + - libmbedtls-dev + - os: linux + compiler: clang + dist: bionic + env: + - T=debug C="--with-gnutls --without-ssl" + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-bionic-7 + packages: + - *common_packages + - clang-7 + - libgnutls28-dev + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: clang + dist: bionic + env: + - T=debug C="--with-nss --without-ssl" NOTESTS=1 CPPFLAGS="-isystem /usr/include/nss" + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-bionic-7 + packages: + - *common_packages + - clang-7 + - libnss3-dev + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: gcc + dist: trusty + env: + - T=iconv + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + - os: osx + compiler: gcc + env: T=debug C="--disable-dict --disable-file --disable-ftp --disable-gopher --disable-imap --disable-ldap --disable-pop3 --disable-rtmp --disable-rtsp --disable-scp --disable-sftp --disable-smb --disable-smtp --disable-telnet --disable-tftp --disable-unix-sockets --disable-shared --enable-debug --enable-maintainer-mode --without-brotli --without-gssapi --without-libidn2 --without-libmetalink --without-libpsl --without-librtmp --without-libssh2 --without-nghttp2 --without-ntlm-auth --without-ssl --without-zlib" + - os: osx + compiler: gcc + env: T=debug C=--enable-ares + - os: osx + compiler: gcc + env: T=debug C="--with-ssl=/usr/local/opt/openssl --with-libmetalink" + - os: osx + compiler: gcc + env: T=debug C="--with-ssl=/usr/local/opt/libressl --with-libmetalink" + - os: osx + compiler: clang + osx_image: xcode10 + env: T=debug C="--without-ssl --with-darwinssl --with-libmetalink" + - os: osx + compiler: clang + env: T=normal + - os: osx + compiler: clang + env: T=cmake + - os: linux + compiler: gcc + dist: bionic + env: + - T=cmake + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: clang + dist: bionic + env: + - T=cmake + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-bionic-7 + packages: + - *common_packages + - clang-7 + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: gcc + dist: xenial + env: + - T=torture + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - lcov + - libpsl-dev + - libbrotli-dev + - libssh2-1-dev + - os: linux + compiler: gcc + dist: bionic + env: + - T=distcheck + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: clang + dist: bionic + env: + - T=fuzzer + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-bionic-7 + packages: + - *common_packages + - clang-7 + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: clang + dist: bionic + env: + - T=tidy + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-bionic-7 + packages: + - *common_packages + - clang-7 + - clang-tidy-7 + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: clang + dist: bionic + env: + - T=scan-build + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-bionic-7 + packages: + - *common_packages + - clang-7 + - libpsl-dev + - libbrotli-dev + - os: linux + compiler: clang + dist: xenial + env: + - T=debug CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g" LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer" LIBS="-ldl -lubsan" + - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" + addons: + apt: + sources: + - *common_sources + - llvm-toolchain-xenial-7 + packages: + - *common_packages + - clang-7 + - libpsl-dev + - libbrotli-dev + - os: linux + arch: arm64 + compiler: gcc + dist: bionic + env: + - T=debug C="--enable-alt-svc" + - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libpsl-dev + - libbrotli-dev + - libev-dev + - libssl-dev + - libtool + - pkg-config + - zlib1g-dev + +before_install: + - export "${OVERRIDE_CC-blank=}" + - export "${OVERRIDE_CXX-blank=}" + +install: + - if [ "$T" = "coverage" ]; then pip2 install --user cpp-coveralls; fi + - if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew update > /dev/null; fi + - if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew reinstall libtool > /dev/null; fi + - if [ "$TRAVIS_OS_NAME" == "osx" ]; then brew install rtmpdump libssh2 c-ares libmetalink libressl nghttp2 libmetalink; fi + +# before_script and script: +# Travis isn't reliable catching errors in inline script commands (#3730). +# Do not add anything here, instead add to the respective script. +before_script: + - ./scripts/travis/before_script.sh || travis_terminate 1 +script: + - ./scripts/travis/script.sh || travis_terminate 1 + +# whitelist branches to avoid testing feature branches twice (as branch and as pull request) +branches: + only: + - master + - /\/ci$/ + +notifications: + email: false diff --git a/extern/curl/CHANGES b/extern/curl/CHANGES new file mode 100644 index 0000000000..4d13ef6963 --- /dev/null +++ b/extern/curl/CHANGES @@ -0,0 +1,7 @@ +See https://curl.haxx.se/changes.html for the edited and human readable online +version of what has changed over the years in different curl releases. + +Generate a CHANGES file like the one present in every release like this: + +$ git log --pretty=fuller --no-color --date=short --decorate=full | \ + ./scripts/log2changes.pl diff --git a/extern/curl/CMake/CMakeConfigurableFile.in b/extern/curl/CMake/CMakeConfigurableFile.in new file mode 100644 index 0000000000..df2c382e9b --- /dev/null +++ b/extern/curl/CMake/CMakeConfigurableFile.in @@ -0,0 +1 @@ +@CMAKE_CONFIGURABLE_FILE_CONTENT@ diff --git a/extern/curl/CMake/CurlSymbolHiding.cmake b/extern/curl/CMake/CurlSymbolHiding.cmake new file mode 100644 index 0000000000..8e5fd67a0a --- /dev/null +++ b/extern/curl/CMake/CurlSymbolHiding.cmake @@ -0,0 +1,55 @@ +include(CheckCSourceCompiles) + +option(CURL_HIDDEN_SYMBOLS "Set to ON to hide libcurl internal symbols (=hide all symbols that aren't officially external)." ON) +mark_as_advanced(CURL_HIDDEN_SYMBOLS) + +if(CURL_HIDDEN_SYMBOLS) + set(SUPPORTS_SYMBOL_HIDING FALSE) + + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + set(SUPPORTS_SYMBOL_HIDING TRUE) + set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))") + set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") + elseif(CMAKE_COMPILER_IS_GNUCC) + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.4) + # note: this is considered buggy prior to 4.0 but the autotools don't care, so let's ignore that fact + set(SUPPORTS_SYMBOL_HIDING TRUE) + set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))") + set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") + endif() + elseif(CMAKE_C_COMPILER_ID MATCHES "SunPro" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 8.0) + set(SUPPORTS_SYMBOL_HIDING TRUE) + set(_SYMBOL_EXTERN "__global") + set(_CFLAG_SYMBOLS_HIDE "-xldscope=hidden") + elseif(CMAKE_C_COMPILER_ID MATCHES "Intel" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.0) + # note: this should probably just check for version 9.1.045 but I'm not 100% sure + # so let's do it the same way autotools do. + set(SUPPORTS_SYMBOL_HIDING TRUE) + set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))") + set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") + check_c_source_compiles("#include + int main (void) { printf(\"icc fvisibility bug test\"); return 0; }" _no_bug) + if(NOT _no_bug) + set(SUPPORTS_SYMBOL_HIDING FALSE) + set(_SYMBOL_EXTERN "") + set(_CFLAG_SYMBOLS_HIDE "") + endif() + elseif(MSVC) + set(SUPPORTS_SYMBOL_HIDING TRUE) + endif() + + set(HIDES_CURL_PRIVATE_SYMBOLS ${SUPPORTS_SYMBOL_HIDING}) +elseif(MSVC) + if(NOT CMAKE_VERSION VERSION_LESS 3.7) + set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS TRUE) #present since 3.4.3 but broken + set(HIDES_CURL_PRIVATE_SYMBOLS FALSE) + else() + message(WARNING "Hiding private symbols regardless CURL_HIDDEN_SYMBOLS being disabled.") + set(HIDES_CURL_PRIVATE_SYMBOLS TRUE) + endif() +else() + set(HIDES_CURL_PRIVATE_SYMBOLS FALSE) +endif() + +set(CURL_CFLAG_SYMBOLS_HIDE ${_CFLAG_SYMBOLS_HIDE}) +set(CURL_EXTERN_SYMBOL ${_SYMBOL_EXTERN}) diff --git a/extern/curl/CMake/CurlTests.c b/extern/curl/CMake/CurlTests.c new file mode 100644 index 0000000000..3ef35f0253 --- /dev/null +++ b/extern/curl/CMake/CurlTests.c @@ -0,0 +1,617 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#ifdef TIME_WITH_SYS_TIME +/* Time with sys/time test */ + +#include +#include +#include + +int +main () +{ +if ((struct tm *) 0) +return 0; + ; + return 0; +} + +#endif + +#ifdef HAVE_FCNTL_O_NONBLOCK + +/* headers for FCNTL_O_NONBLOCK test */ +#include +#include +#include +/* */ +#if defined(sun) || defined(__sun__) || \ + defined(__SUNPRO_C) || defined(__SUNPRO_CC) +# if defined(__SVR4) || defined(__srv4__) +# define PLATFORM_SOLARIS +# else +# define PLATFORM_SUNOS4 +# endif +#endif +#if (defined(_AIX) || defined(__xlC__)) && !defined(_AIX41) +# define PLATFORM_AIX_V3 +#endif +/* */ +#if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) || defined(__BEOS__) +#error "O_NONBLOCK does not work on this platform" +#endif + +int +main () +{ + /* O_NONBLOCK source test */ + int flags = 0; + if(0 != fcntl(0, F_SETFL, flags | O_NONBLOCK)) + return 1; + return 0; +} +#endif + +/* tests for gethostbyaddr_r or gethostbyname_r */ +#if defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT) || \ + defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT) || \ + defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT) || \ + defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) || \ + defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) || \ + defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) +# define _REENTRANT + /* no idea whether _REENTRANT is always set, just invent a new flag */ +# define TEST_GETHOSTBYFOO_REENTRANT +#endif +#if defined(HAVE_GETHOSTBYADDR_R_5) || \ + defined(HAVE_GETHOSTBYADDR_R_7) || \ + defined(HAVE_GETHOSTBYADDR_R_8) || \ + defined(HAVE_GETHOSTBYNAME_R_3) || \ + defined(HAVE_GETHOSTBYNAME_R_5) || \ + defined(HAVE_GETHOSTBYNAME_R_6) || \ + defined(TEST_GETHOSTBYFOO_REENTRANT) +#include +#include +int main(void) +{ + char *address = "example.com"; + int length = 0; + int type = 0; + struct hostent h; + int rc = 0; +#if defined(HAVE_GETHOSTBYADDR_R_5) || \ + defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT) || \ + \ + defined(HAVE_GETHOSTBYNAME_R_3) || \ + defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) + struct hostent_data hdata; +#elif defined(HAVE_GETHOSTBYADDR_R_7) || \ + defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT) || \ + defined(HAVE_GETHOSTBYADDR_R_8) || \ + defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT) || \ + \ + defined(HAVE_GETHOSTBYNAME_R_5) || \ + defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) || \ + defined(HAVE_GETHOSTBYNAME_R_6) || \ + defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) + char buffer[8192]; + int h_errnop; + struct hostent *hp; +#endif + +#ifndef gethostbyaddr_r + (void)gethostbyaddr_r; +#endif + +#if defined(HAVE_GETHOSTBYADDR_R_5) || \ + defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT) + rc = gethostbyaddr_r(address, length, type, &h, &hdata); + (void)rc; +#elif defined(HAVE_GETHOSTBYADDR_R_7) || \ + defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT) + hp = gethostbyaddr_r(address, length, type, &h, buffer, 8192, &h_errnop); + (void)hp; +#elif defined(HAVE_GETHOSTBYADDR_R_8) || \ + defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT) + rc = gethostbyaddr_r(address, length, type, &h, buffer, 8192, &hp, &h_errnop); + (void)rc; +#endif + +#if defined(HAVE_GETHOSTBYNAME_R_3) || \ + defined(HAVE_GETHOSTBYNAME_R_3_REENTRANT) + rc = gethostbyname_r(address, &h, &hdata); +#elif defined(HAVE_GETHOSTBYNAME_R_5) || \ + defined(HAVE_GETHOSTBYNAME_R_5_REENTRANT) + rc = gethostbyname_r(address, &h, buffer, 8192, &h_errnop); + (void)hp; /* not used for test */ +#elif defined(HAVE_GETHOSTBYNAME_R_6) || \ + defined(HAVE_GETHOSTBYNAME_R_6_REENTRANT) + rc = gethostbyname_r(address, &h, buffer, 8192, &hp, &h_errnop); +#endif + + (void)length; + (void)type; + (void)rc; + return 0; +} +#endif + +#ifdef HAVE_SOCKLEN_T +#ifdef _WIN32 +#include +#else +#include +#include +#endif +int +main () +{ +if ((socklen_t *) 0) + return 0; +if (sizeof (socklen_t)) + return 0; + ; + return 0; +} +#endif +#ifdef HAVE_IN_ADDR_T +#include +#include +#include + +int +main () +{ +if ((in_addr_t *) 0) + return 0; +if (sizeof (in_addr_t)) + return 0; + ; + return 0; +} +#endif + +#ifdef HAVE_BOOL_T +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_STDBOOL_H +#include +#endif +int +main () +{ +if (sizeof (bool *) ) + return 0; + ; + return 0; +} +#endif + +#ifdef STDC_HEADERS +#include +#include +#include +#include +int main() { return 0; } +#endif +#ifdef RETSIGTYPE_TEST +#include +#include +#ifdef signal +# undef signal +#endif +#ifdef __cplusplus +extern "C" void (*signal (int, void (*)(int)))(int); +#else +void (*signal ()) (); +#endif + +int +main () +{ + return 0; +} +#endif +#ifdef HAVE_INET_NTOA_R_DECL +#include + +typedef void (*func_type)(); + +int main() +{ +#ifndef inet_ntoa_r + func_type func; + func = (func_type)inet_ntoa_r; + (void)func; +#endif + return 0; +} +#endif +#ifdef HAVE_INET_NTOA_R_DECL_REENTRANT +#define _REENTRANT +#include + +typedef void (*func_type)(); + +int main() +{ +#ifndef inet_ntoa_r + func_type func; + func = (func_type)&inet_ntoa_r; + (void)func; +#endif + return 0; +} +#endif +#ifdef HAVE_GETADDRINFO +#include +#include +#include + +int main(void) { + struct addrinfo hints, *ai; + int error; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; +#ifndef getaddrinfo + (void)getaddrinfo; +#endif + error = getaddrinfo("127.0.0.1", "8080", &hints, &ai); + if (error) { + return 1; + } + return 0; +} +#endif +#ifdef HAVE_FILE_OFFSET_BITS +#ifdef _FILE_OFFSET_BITS +#undef _FILE_OFFSET_BITS +#endif +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int main () { ; return 0; } +#endif +#ifdef HAVE_IOCTLSOCKET +/* includes start */ +#ifdef HAVE_WINDOWS_H +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif +# include +# ifdef HAVE_WINSOCK2_H +# include +# else +# ifdef HAVE_WINSOCK_H +# include +# endif +# endif +#endif + +int +main () +{ + +/* ioctlsocket source code */ + int socket; + unsigned long flags = ioctlsocket(socket, FIONBIO, &flags); + + ; + return 0; +} + +#endif +#ifdef HAVE_IOCTLSOCKET_CAMEL +/* includes start */ +#ifdef HAVE_WINDOWS_H +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif +# include +# ifdef HAVE_WINSOCK2_H +# include +# else +# ifdef HAVE_WINSOCK_H +# include +# endif +# endif +#endif + +int +main () +{ + +/* IoctlSocket source code */ + if(0 != IoctlSocket(0, 0, 0)) + return 1; + ; + return 0; +} +#endif +#ifdef HAVE_IOCTLSOCKET_CAMEL_FIONBIO +/* includes start */ +#ifdef HAVE_WINDOWS_H +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif +# include +# ifdef HAVE_WINSOCK2_H +# include +# else +# ifdef HAVE_WINSOCK_H +# include +# endif +# endif +#endif + +int +main () +{ + +/* IoctlSocket source code */ + long flags = 0; + if(0 != ioctlsocket(0, FIONBIO, &flags)) + return 1; + ; + return 0; +} +#endif +#ifdef HAVE_IOCTLSOCKET_FIONBIO +/* includes start */ +#ifdef HAVE_WINDOWS_H +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif +# include +# ifdef HAVE_WINSOCK2_H +# include +# else +# ifdef HAVE_WINSOCK_H +# include +# endif +# endif +#endif + +int +main () +{ + + int flags = 0; + if(0 != ioctlsocket(0, FIONBIO, &flags)) + return 1; + + ; + return 0; +} +#endif +#ifdef HAVE_IOCTL_FIONBIO +/* headers for FIONBIO test */ +/* includes start */ +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif +#ifdef HAVE_SYS_SOCKET_H +# include +#endif +#ifdef HAVE_SYS_IOCTL_H +# include +#endif +#ifdef HAVE_STROPTS_H +# include +#endif + +int +main () +{ + + int flags = 0; + if(0 != ioctl(0, FIONBIO, &flags)) + return 1; + + ; + return 0; +} +#endif +#ifdef HAVE_IOCTL_SIOCGIFADDR +/* headers for FIONBIO test */ +/* includes start */ +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif +#ifdef HAVE_SYS_SOCKET_H +# include +#endif +#ifdef HAVE_SYS_IOCTL_H +# include +#endif +#ifdef HAVE_STROPTS_H +# include +#endif +#include + +int +main () +{ + struct ifreq ifr; + if(0 != ioctl(0, SIOCGIFADDR, &ifr)) + return 1; + + ; + return 0; +} +#endif +#ifdef HAVE_SETSOCKOPT_SO_NONBLOCK +/* includes start */ +#ifdef HAVE_WINDOWS_H +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif +# include +# ifdef HAVE_WINSOCK2_H +# include +# else +# ifdef HAVE_WINSOCK_H +# include +# endif +# endif +#endif +/* includes start */ +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_SOCKET_H +# include +#endif +/* includes end */ + +int +main () +{ + if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0)) + return 1; + ; + return 0; +} +#endif +#ifdef HAVE_GLIBC_STRERROR_R +#include +#include + +void check(char c) {} + +int +main () { + char buffer[1024]; + /* This will not compile if strerror_r does not return a char* */ + check(strerror_r(EACCES, buffer, sizeof(buffer))[0]); + return 0; +} +#endif +#ifdef HAVE_POSIX_STRERROR_R +#include +#include + +/* float, because a pointer can't be implicitly cast to float */ +void check(float f) {} + +int +main () { + char buffer[1024]; + /* This will not compile if strerror_r does not return an int */ + check(strerror_r(EACCES, buffer, sizeof(buffer))); + return 0; +} +#endif +#ifdef HAVE_FSETXATTR_6 +#include /* header from libc, not from libattr */ +int +main() { + fsetxattr(0, 0, 0, 0, 0, 0); + return 0; +} +#endif +#ifdef HAVE_FSETXATTR_5 +#include /* header from libc, not from libattr */ +int +main() { + fsetxattr(0, 0, 0, 0, 0); + return 0; +} +#endif +#ifdef HAVE_CLOCK_GETTIME_MONOTONIC +#include +int +main() { + struct timespec ts = {0, 0}; + clock_gettime(CLOCK_MONOTONIC, &ts); + return 0; +} +#endif +#ifdef HAVE_BUILTIN_AVAILABLE +int +main() { + if(__builtin_available(macOS 10.12, *)) {} + return 0; +} +#endif +#ifdef HAVE_VARIADIC_MACROS_C99 +#define c99_vmacro3(first, ...) fun3(first, __VA_ARGS__) +#define c99_vmacro2(first, ...) fun2(first, __VA_ARGS__) + +int fun3(int arg1, int arg2, int arg3); +int fun2(int arg1, int arg2); + +int fun3(int arg1, int arg2, int arg3) { + return arg1 + arg2 + arg3; +} +int fun2(int arg1, int arg2) { + return arg1 + arg2; +} + +int +main() { + int res3 = c99_vmacro3(1, 2, 3); + int res2 = c99_vmacro2(1, 2); + (void)res3; + (void)res2; + return 0; +} +#endif +#ifdef HAVE_VARIADIC_MACROS_GCC +#define gcc_vmacro3(first, args...) fun3(first, args) +#define gcc_vmacro2(first, args...) fun2(first, args) + +int fun3(int arg1, int arg2, int arg3); +int fun2(int arg1, int arg2); + +int fun3(int arg1, int arg2, int arg3) { + return arg1 + arg2 + arg3; +} +int fun2(int arg1, int arg2) { + return arg1 + arg2; +} + +int +main() { + int res3 = gcc_vmacro3(1, 2, 3); + int res2 = gcc_vmacro2(1, 2); + (void)res3; + (void)res2; + return 0; +} +#endif diff --git a/extern/curl/CMake/FindBearSSL.cmake b/extern/curl/CMake/FindBearSSL.cmake new file mode 100644 index 0000000000..20d239a4fd --- /dev/null +++ b/extern/curl/CMake/FindBearSSL.cmake @@ -0,0 +1,9 @@ +find_path(BEARSSL_INCLUDE_DIRS bearssl.h) + +find_library(BEARSSL_LIBRARY bearssl) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(BEARSSL DEFAULT_MSG + BEARSSL_INCLUDE_DIRS BEARSSL_LIBRARY) + +mark_as_advanced(BEARSSL_INCLUDE_DIRS BEARSSL_LIBRARY) diff --git a/extern/curl/CMake/FindBrotli.cmake b/extern/curl/CMake/FindBrotli.cmake new file mode 100644 index 0000000000..351b8f757b --- /dev/null +++ b/extern/curl/CMake/FindBrotli.cmake @@ -0,0 +1,20 @@ +include(FindPackageHandleStandardArgs) + +find_path(BROTLI_INCLUDE_DIR "brotli/decode.h") + +find_library(BROTLICOMMON_LIBRARY NAMES brotlicommon) +find_library(BROTLIDEC_LIBRARY NAMES brotlidec) + +find_package_handle_standard_args(BROTLI + FOUND_VAR + BROTLI_FOUND + REQUIRED_VARS + BROTLIDEC_LIBRARY + BROTLICOMMON_LIBRARY + BROTLI_INCLUDE_DIR + FAIL_MESSAGE + "Could NOT find BROTLI" +) + +set(BROTLI_INCLUDE_DIRS ${BROTLI_INCLUDE_DIR}) +set(BROTLI_LIBRARIES ${BROTLICOMMON_LIBRARY} ${BROTLIDEC_LIBRARY}) diff --git a/extern/curl/CMake/FindCARES.cmake b/extern/curl/CMake/FindCARES.cmake new file mode 100644 index 0000000000..3d1bae6dcf --- /dev/null +++ b/extern/curl/CMake/FindCARES.cmake @@ -0,0 +1,24 @@ +# - Find c-ares +# Find the c-ares includes and library +# This module defines +# CARES_INCLUDE_DIR, where to find ares.h, etc. +# CARES_LIBRARIES, the libraries needed to use c-ares. +# CARES_FOUND, If false, do not try to use c-ares. +# also defined, but not for general use are +# CARES_LIBRARY, where to find the c-ares library. + +find_path(CARES_INCLUDE_DIR ares.h) + +set(CARES_NAMES ${CARES_NAMES} cares) +find_library(CARES_LIBRARY + NAMES ${CARES_NAMES} + ) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(CARES + REQUIRED_VARS CARES_LIBRARY CARES_INCLUDE_DIR) + +mark_as_advanced( + CARES_LIBRARY + CARES_INCLUDE_DIR + ) diff --git a/extern/curl/CMake/FindGSS.cmake b/extern/curl/CMake/FindGSS.cmake new file mode 100644 index 0000000000..a2f150cdaf --- /dev/null +++ b/extern/curl/CMake/FindGSS.cmake @@ -0,0 +1,289 @@ +# - Try to find the GSS Kerberos library +# Once done this will define +# +# GSS_ROOT_DIR - Set this variable to the root installation of GSS +# +# Read-Only variables: +# GSS_FOUND - system has the Heimdal library +# GSS_FLAVOUR - "MIT" or "Heimdal" if anything found. +# GSS_INCLUDE_DIR - the Heimdal include directory +# GSS_LIBRARIES - The libraries needed to use GSS +# GSS_LINK_DIRECTORIES - Directories to add to linker search path +# GSS_LINKER_FLAGS - Additional linker flags +# GSS_COMPILER_FLAGS - Additional compiler flags +# GSS_VERSION - This is set to version advertised by pkg-config or read from manifest. +# In case the library is found but no version info available it'll be set to "unknown" + +set(_MIT_MODNAME mit-krb5-gssapi) +set(_HEIMDAL_MODNAME heimdal-gssapi) + +include(CheckIncludeFile) +include(CheckIncludeFiles) +include(CheckTypeSize) + +set(_GSS_ROOT_HINTS + "${GSS_ROOT_DIR}" + "$ENV{GSS_ROOT_DIR}" +) + +# try to find library using system pkg-config if user didn't specify root dir +if(NOT GSS_ROOT_DIR AND NOT "$ENV{GSS_ROOT_DIR}") + if(UNIX) + find_package(PkgConfig QUIET) + pkg_search_module(_GSS_PKG ${_MIT_MODNAME} ${_HEIMDAL_MODNAME}) + list(APPEND _GSS_ROOT_HINTS "${_GSS_PKG_PREFIX}") + elseif(WIN32) + list(APPEND _GSS_ROOT_HINTS "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos;InstallDir]") + endif() +endif() + +if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approach. + find_file(_GSS_CONFIGURE_SCRIPT + NAMES + "krb5-config" + HINTS + ${_GSS_ROOT_HINTS} + PATH_SUFFIXES + bin + NO_CMAKE_PATH + NO_CMAKE_ENVIRONMENT_PATH + ) + + # if not found in user-supplied directories, maybe system knows better + find_file(_GSS_CONFIGURE_SCRIPT + NAMES + "krb5-config" + PATH_SUFFIXES + bin + ) + + if(_GSS_CONFIGURE_SCRIPT) + execute_process( + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--cflags" "gssapi" + OUTPUT_VARIABLE _GSS_CFLAGS + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + message(STATUS "CFLAGS: ${_GSS_CFLAGS}") + if(NOT _GSS_CONFIGURE_FAILED) # 0 means success + # should also work in an odd case when multiple directories are given + string(STRIP "${_GSS_CFLAGS}" _GSS_CFLAGS) + string(REGEX REPLACE " +-I" ";" _GSS_CFLAGS "${_GSS_CFLAGS}") + string(REGEX REPLACE " +-([^I][^ \\t;]*)" ";-\\1" _GSS_CFLAGS "${_GSS_CFLAGS}") + + foreach(_flag ${_GSS_CFLAGS}) + if(_flag MATCHES "^-I.*") + string(REGEX REPLACE "^-I" "" _val "${_flag}") + list(APPEND _GSS_INCLUDE_DIR "${_val}") + else() + list(APPEND _GSS_COMPILER_FLAGS "${_flag}") + endif() + endforeach() + endif() + + execute_process( + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--libs" "gssapi" + OUTPUT_VARIABLE _GSS_LIB_FLAGS + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}") + + if(NOT _GSS_CONFIGURE_FAILED) # 0 means success + # this script gives us libraries and link directories. Blah. We have to deal with it. + string(STRIP "${_GSS_LIB_FLAGS}" _GSS_LIB_FLAGS) + string(REGEX REPLACE " +-(L|l)" ";-\\1" _GSS_LIB_FLAGS "${_GSS_LIB_FLAGS}") + string(REGEX REPLACE " +-([^Ll][^ \\t;]*)" ";-\\1" _GSS_LIB_FLAGS "${_GSS_LIB_FLAGS}") + + foreach(_flag ${_GSS_LIB_FLAGS}) + if(_flag MATCHES "^-l.*") + string(REGEX REPLACE "^-l" "" _val "${_flag}") + list(APPEND _GSS_LIBRARIES "${_val}") + elseif(_flag MATCHES "^-L.*") + string(REGEX REPLACE "^-L" "" _val "${_flag}") + list(APPEND _GSS_LINK_DIRECTORIES "${_val}") + else() + list(APPEND _GSS_LINKER_FLAGS "${_flag}") + endif() + endforeach() + endif() + + execute_process( + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--version" + OUTPUT_VARIABLE _GSS_VERSION + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + + # older versions may not have the "--version" parameter. In this case we just don't care. + if(_GSS_CONFIGURE_FAILED) + set(_GSS_VERSION 0) + endif() + + execute_process( + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--vendor" + OUTPUT_VARIABLE _GSS_VENDOR + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + OUTPUT_STRIP_TRAILING_WHITESPACE + ) + + # older versions may not have the "--vendor" parameter. In this case we just don't care. + if(_GSS_CONFIGURE_FAILED) + set(GSS_FLAVOUR "Heimdal") # most probably, shouldn't really matter + else() + if(_GSS_VENDOR MATCHES ".*H|heimdal.*") + set(GSS_FLAVOUR "Heimdal") + else() + set(GSS_FLAVOUR "MIT") + endif() + endif() + + else() # either there is no config script or we are on a platform that doesn't provide one (Windows?) + + find_path(_GSS_INCLUDE_DIR + NAMES + "gssapi/gssapi.h" + HINTS + ${_GSS_ROOT_HINTS} + PATH_SUFFIXES + include + inc + ) + + if(_GSS_INCLUDE_DIR) #jay, we've found something + set(CMAKE_REQUIRED_INCLUDES "${_GSS_INCLUDE_DIR}") + check_include_files( "gssapi/gssapi_generic.h;gssapi/gssapi_krb5.h" _GSS_HAVE_MIT_HEADERS) + + if(_GSS_HAVE_MIT_HEADERS) + set(GSS_FLAVOUR "MIT") + else() + # prevent compiling the header - just check if we can include it + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D__ROKEN_H__") + check_include_file( "roken.h" _GSS_HAVE_ROKEN_H) + + check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H) + if(_GSS_HAVE_ROKEN_H OR _GSS_HAVE_HEIMDAL_ROKEN_H) + set(GSS_FLAVOUR "Heimdal") + endif() + set(CMAKE_REQUIRED_DEFINITIONS "") + endif() + else() + # I'm not convinced if this is the right way but this is what autotools do at the moment + find_path(_GSS_INCLUDE_DIR + NAMES + "gssapi.h" + HINTS + ${_GSS_ROOT_HINTS} + PATH_SUFFIXES + include + inc + ) + + if(_GSS_INCLUDE_DIR) + set(GSS_FLAVOUR "Heimdal") + endif() + endif() + + # if we have headers, check if we can link libraries + if(GSS_FLAVOUR) + set(_GSS_LIBDIR_SUFFIXES "") + set(_GSS_LIBDIR_HINTS ${_GSS_ROOT_HINTS}) + get_filename_component(_GSS_CALCULATED_POTENTIAL_ROOT "${_GSS_INCLUDE_DIR}" PATH) + list(APPEND _GSS_LIBDIR_HINTS ${_GSS_CALCULATED_POTENTIAL_ROOT}) + + if(WIN32) + if(CMAKE_SIZEOF_VOID_P EQUAL 8) + list(APPEND _GSS_LIBDIR_SUFFIXES "lib/AMD64") + if(GSS_FLAVOUR STREQUAL "MIT") + set(_GSS_LIBNAME "gssapi64") + else() + set(_GSS_LIBNAME "libgssapi") + endif() + else() + list(APPEND _GSS_LIBDIR_SUFFIXES "lib/i386") + if(GSS_FLAVOUR STREQUAL "MIT") + set(_GSS_LIBNAME "gssapi32") + else() + set(_GSS_LIBNAME "libgssapi") + endif() + endif() + else() + list(APPEND _GSS_LIBDIR_SUFFIXES "lib;lib64") # those suffixes are not checked for HINTS + if(GSS_FLAVOUR STREQUAL "MIT") + set(_GSS_LIBNAME "gssapi_krb5") + else() + set(_GSS_LIBNAME "gssapi") + endif() + endif() + + find_library(_GSS_LIBRARIES + NAMES + ${_GSS_LIBNAME} + HINTS + ${_GSS_LIBDIR_HINTS} + PATH_SUFFIXES + ${_GSS_LIBDIR_SUFFIXES} + ) + + endif() + endif() +else() + if(_GSS_PKG_${_MIT_MODNAME}_VERSION) + set(GSS_FLAVOUR "MIT") + set(_GSS_VERSION _GSS_PKG_${_MIT_MODNAME}_VERSION) + else() + set(GSS_FLAVOUR "Heimdal") + set(_GSS_VERSION _GSS_PKG_${_MIT_HEIMDAL}_VERSION) + endif() +endif() + +set(GSS_INCLUDE_DIR ${_GSS_INCLUDE_DIR}) +set(GSS_LIBRARIES ${_GSS_LIBRARIES}) +set(GSS_LINK_DIRECTORIES ${_GSS_LINK_DIRECTORIES}) +set(GSS_LINKER_FLAGS ${_GSS_LINKER_FLAGS}) +set(GSS_COMPILER_FLAGS ${_GSS_COMPILER_FLAGS}) +set(GSS_VERSION ${_GSS_VERSION}) + +if(GSS_FLAVOUR) + if(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "Heimdal") + if(CMAKE_SIZEOF_VOID_P EQUAL 8) + set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.amd64.manifest") + else() + set(HEIMDAL_MANIFEST_FILE "Heimdal.Application.x86.manifest") + endif() + + if(EXISTS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}") + file(STRINGS "${GSS_INCLUDE_DIR}/${HEIMDAL_MANIFEST_FILE}" heimdal_version_str + REGEX "^.*version=\"[0-9]\\.[^\"]+\".*$") + + string(REGEX MATCH "[0-9]\\.[^\"]+" + GSS_VERSION "${heimdal_version_str}") + endif() + + if(NOT GSS_VERSION) + set(GSS_VERSION "Heimdal Unknown") + endif() + elseif(NOT GSS_VERSION AND GSS_FLAVOUR STREQUAL "MIT") + get_filename_component(_MIT_VERSION "[HKEY_LOCAL_MACHINE\\SOFTWARE\\MIT\\Kerberos\\SDK\\CurrentVersion;VersionString]" NAME CACHE) + if(WIN32 AND _MIT_VERSION) + set(GSS_VERSION "${_MIT_VERSION}") + else() + set(GSS_VERSION "MIT Unknown") + endif() + endif() +endif() + +include(FindPackageHandleStandardArgs) + +set(_GSS_REQUIRED_VARS GSS_LIBRARIES GSS_FLAVOUR) + +find_package_handle_standard_args(GSS + REQUIRED_VARS + ${_GSS_REQUIRED_VARS} + VERSION_VAR + GSS_VERSION + FAIL_MESSAGE + "Could NOT find GSS, try to set the path to GSS root folder in the system variable GSS_ROOT_DIR" +) + +mark_as_advanced(GSS_INCLUDE_DIR GSS_LIBRARIES) diff --git a/extern/curl/CMake/FindLibSSH2.cmake b/extern/curl/CMake/FindLibSSH2.cmake new file mode 100644 index 0000000000..91e17c1db1 --- /dev/null +++ b/extern/curl/CMake/FindLibSSH2.cmake @@ -0,0 +1,22 @@ +# - Try to find the libssh2 library +# Once done this will define +# +# LIBSSH2_FOUND - system has the libssh2 library +# LIBSSH2_INCLUDE_DIR - the libssh2 include directory +# LIBSSH2_LIBRARY - the libssh2 library name + +find_path(LIBSSH2_INCLUDE_DIR libssh2.h) + +find_library(LIBSSH2_LIBRARY NAMES ssh2 libssh2) + +if(LIBSSH2_INCLUDE_DIR) + file(STRINGS "${LIBSSH2_INCLUDE_DIR}/libssh2.h" libssh2_version_str REGEX "^#define[\t ]+LIBSSH2_VERSION[\t ]+\"(.*)\"") + string(REGEX REPLACE "^.*\"([^\"]+)\"" "\\1" LIBSSH2_VERSION "${libssh2_version_str}") +endif() + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(LibSSH2 + REQUIRED_VARS LIBSSH2_LIBRARY LIBSSH2_INCLUDE_DIR + VERSION_VAR LIBSSH2_VERSION) + +mark_as_advanced(LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY) diff --git a/extern/curl/CMake/FindMbedTLS.cmake b/extern/curl/CMake/FindMbedTLS.cmake new file mode 100644 index 0000000000..a916395892 --- /dev/null +++ b/extern/curl/CMake/FindMbedTLS.cmake @@ -0,0 +1,13 @@ +find_path(MBEDTLS_INCLUDE_DIRS mbedtls/ssl.h) + +find_library(MBEDTLS_LIBRARY mbedtls) +find_library(MBEDX509_LIBRARY mbedx509) +find_library(MBEDCRYPTO_LIBRARY mbedcrypto) + +set(MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARY}" "${MBEDX509_LIBRARY}" "${MBEDCRYPTO_LIBRARY}") + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(MBEDTLS DEFAULT_MSG + MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) + +mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) diff --git a/extern/curl/CMake/FindNGHTTP2.cmake b/extern/curl/CMake/FindNGHTTP2.cmake new file mode 100644 index 0000000000..5138e99999 --- /dev/null +++ b/extern/curl/CMake/FindNGHTTP2.cmake @@ -0,0 +1,18 @@ +include(FindPackageHandleStandardArgs) + +find_path(NGHTTP2_INCLUDE_DIR "nghttp2/nghttp2.h") + +find_library(NGHTTP2_LIBRARY NAMES nghttp2) + +find_package_handle_standard_args(NGHTTP2 + FOUND_VAR + NGHTTP2_FOUND + REQUIRED_VARS + NGHTTP2_LIBRARY + NGHTTP2_INCLUDE_DIR +) + +set(NGHTTP2_INCLUDE_DIRS ${NGHTTP2_INCLUDE_DIR}) +set(NGHTTP2_LIBRARIES ${NGHTTP2_LIBRARY}) + +mark_as_advanced(NGHTTP2_INCLUDE_DIRS NGHTTP2_LIBRARIES) diff --git a/extern/curl/CMake/FindNSS.cmake b/extern/curl/CMake/FindNSS.cmake new file mode 100644 index 0000000000..0043ce8531 --- /dev/null +++ b/extern/curl/CMake/FindNSS.cmake @@ -0,0 +1,17 @@ +if(UNIX) + find_package(PkgConfig QUIET) + pkg_search_module(PC_NSS nss) +endif() +if(NOT PC_NSS_FOUND) + return() +endif() + +set(NSS_LIBRARIES ${PC_NSS_LINK_LIBRARIES}) +set(NSS_INCLUDE_DIRS ${PC_NSS_INCLUDE_DIRS}) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(NSS + REQUIRED_VARS NSS_LIBRARIES NSS_INCLUDE_DIRS + VERSION_VAR PC_NSS_VERSION) + +mark_as_advanced(NSS_INCLUDE_DIRS NSS_LIBRARIES) diff --git a/extern/curl/CMake/Macros.cmake b/extern/curl/CMake/Macros.cmake new file mode 100644 index 0000000000..7f71345156 --- /dev/null +++ b/extern/curl/CMake/Macros.cmake @@ -0,0 +1,88 @@ +#File defines convenience macros for available feature testing + +# This macro checks if the symbol exists in the library and if it +# does, it prepends library to the list. It is intended to be called +# multiple times with a sequence of possibly dependent libraries in +# order of least-to-most-dependent. Some libraries depend on others +# to link correctly. +macro(check_library_exists_concat LIBRARY SYMBOL VARIABLE) + check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}" + ${VARIABLE}) + if(${VARIABLE}) + set(CURL_LIBS ${LIBRARY} ${CURL_LIBS}) + endif() +endmacro() + +# Check if header file exists and add it to the list. +# This macro is intended to be called multiple times with a sequence of +# possibly dependent header files. Some headers depend on others to be +# compiled correctly. +macro(check_include_file_concat FILE VARIABLE) + check_include_files("${CURL_INCLUDES};${FILE}" ${VARIABLE}) + if(${VARIABLE}) + set(CURL_INCLUDES ${CURL_INCLUDES} ${FILE}) + set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -D${VARIABLE}") + endif() +endmacro() + +# For other curl specific tests, use this macro. +macro(curl_internal_test CURL_TEST) + if(NOT DEFINED "${CURL_TEST}") + set(MACRO_CHECK_FUNCTION_DEFINITIONS + "-D${CURL_TEST} ${CURL_TEST_DEFINES} ${CMAKE_REQUIRED_FLAGS}") + if(CMAKE_REQUIRED_LIBRARIES) + set(CURL_TEST_ADD_LIBRARIES + "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}") + endif() + + message(STATUS "Performing Curl Test ${CURL_TEST}") + try_compile(${CURL_TEST} + ${CMAKE_BINARY_DIR} + ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c + CMAKE_FLAGS -DCOMPILE_DEFINITIONS:STRING=${MACRO_CHECK_FUNCTION_DEFINITIONS} + "${CURL_TEST_ADD_LIBRARIES}" + OUTPUT_VARIABLE OUTPUT) + if(${CURL_TEST}) + set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}") + message(STATUS "Performing Curl Test ${CURL_TEST} - Success") + file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log + "Performing Curl Test ${CURL_TEST} passed with the following output:\n" + "${OUTPUT}\n") + else() + message(STATUS "Performing Curl Test ${CURL_TEST} - Failed") + set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}") + file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log + "Performing Curl Test ${CURL_TEST} failed with the following output:\n" + "${OUTPUT}\n") + endif() + endif() +endmacro() + +macro(curl_nroff_check) + find_program(NROFF NAMES gnroff nroff) + if(NROFF) + # Need a way to write to stdin, this will do + file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" "test") + # Tests for a valid nroff option to generate a manpage + foreach(_MANOPT "-man" "-mandoc") + execute_process(COMMAND "${NROFF}" ${_MANOPT} + OUTPUT_VARIABLE NROFF_MANOPT_OUTPUT + INPUT_FILE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" + ERROR_QUIET) + # Save the option if it was valid + if(NROFF_MANOPT_OUTPUT) + message("Found *nroff option: -- ${_MANOPT}") + set(NROFF_MANOPT ${_MANOPT}) + set(NROFF_USEFUL ON) + break() + endif() + endforeach() + # No need for the temporary file + file(REMOVE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt") + if(NOT NROFF_USEFUL) + message(WARNING "Found no *nroff option to get plaintext from man pages") + endif() + else() + message(WARNING "Found no *nroff program") + endif() +endmacro() diff --git a/extern/curl/CMake/OtherTests.cmake b/extern/curl/CMake/OtherTests.cmake new file mode 100644 index 0000000000..8b150290c7 --- /dev/null +++ b/extern/curl/CMake/OtherTests.cmake @@ -0,0 +1,264 @@ +include(CheckCSourceCompiles) +# The begin of the sources (macros and includes) +set(_source_epilogue "#undef inline") + +macro(add_header_include check header) + if(${check}) + set(_source_epilogue "${_source_epilogue}\n#include <${header}>") + endif() +endmacro() + +set(signature_call_conv) +if(HAVE_WINDOWS_H) + add_header_include(HAVE_WINSOCK2_H "winsock2.h") + add_header_include(HAVE_WINDOWS_H "windows.h") + add_header_include(HAVE_WINSOCK_H "winsock.h") + set(_source_epilogue + "${_source_epilogue}\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif") + set(signature_call_conv "PASCAL") + if(HAVE_LIBWS2_32) + set(CMAKE_REQUIRED_LIBRARIES ws2_32) + endif() +else() + add_header_include(HAVE_SYS_TYPES_H "sys/types.h") + add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h") +endif() + +set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) + +check_c_source_compiles("${_source_epilogue} +int main(void) { + recv(0, 0, 0, 0); + return 0; +}" curl_cv_recv) +if(curl_cv_recv) + if(NOT DEFINED curl_cv_func_recv_args OR curl_cv_func_recv_args STREQUAL "unknown") + foreach(recv_retv "int" "ssize_t" ) + foreach(recv_arg1 "SOCKET" "int" ) + foreach(recv_arg2 "char *" "void *" ) + foreach(recv_arg3 "int" "size_t" "socklen_t" "unsigned int") + foreach(recv_arg4 "int" "unsigned int") + if(NOT curl_cv_func_recv_done) + unset(curl_cv_func_recv_test CACHE) + check_c_source_compiles(" + ${_source_epilogue} + extern ${recv_retv} ${signature_call_conv} + recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4}); + int main(void) { + ${recv_arg1} s=0; + ${recv_arg2} buf=0; + ${recv_arg3} len=0; + ${recv_arg4} flags=0; + ${recv_retv} res = recv(s, buf, len, flags); + (void) res; + return 0; + }" + curl_cv_func_recv_test) + message(STATUS + "Tested: ${recv_retv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})") + if(curl_cv_func_recv_test) + set(curl_cv_func_recv_args + "${recv_arg1},${recv_arg2},${recv_arg3},${recv_arg4},${recv_retv}") + set(RECV_TYPE_ARG1 "${recv_arg1}") + set(RECV_TYPE_ARG2 "${recv_arg2}") + set(RECV_TYPE_ARG3 "${recv_arg3}") + set(RECV_TYPE_ARG4 "${recv_arg4}") + set(RECV_TYPE_RETV "${recv_retv}") + set(HAVE_RECV 1) + set(curl_cv_func_recv_done 1) + endif() + endif() + endforeach() + endforeach() + endforeach() + endforeach() + endforeach() + else() + string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG1 "${curl_cv_func_recv_args}") + string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG2 "${curl_cv_func_recv_args}") + string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG3 "${curl_cv_func_recv_args}") + string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" RECV_TYPE_ARG4 "${curl_cv_func_recv_args}") + string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" RECV_TYPE_RETV "${curl_cv_func_recv_args}") + endif() + + if(curl_cv_func_recv_args STREQUAL "unknown") + message(FATAL_ERROR "Cannot find proper types to use for recv args") + endif() +else() + message(FATAL_ERROR "Unable to link function recv") +endif() +set(curl_cv_func_recv_args "${curl_cv_func_recv_args}" CACHE INTERNAL "Arguments for recv") +set(HAVE_RECV 1) + +check_c_source_compiles("${_source_epilogue} +int main(void) { + send(0, 0, 0, 0); + return 0; +}" curl_cv_send) +if(curl_cv_send) + if(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown") + foreach(send_retv "int" "ssize_t" ) + foreach(send_arg1 "SOCKET" "int" "ssize_t" ) + foreach(send_arg2 "const char *" "const void *" "void *" "char *") + foreach(send_arg3 "int" "size_t" "socklen_t" "unsigned int") + foreach(send_arg4 "int" "unsigned int") + if(NOT curl_cv_func_send_done) + unset(curl_cv_func_send_test CACHE) + check_c_source_compiles(" + ${_source_epilogue} + extern ${send_retv} ${signature_call_conv} + send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4}); + int main(void) { + ${send_arg1} s=0; + ${send_arg2} buf=0; + ${send_arg3} len=0; + ${send_arg4} flags=0; + ${send_retv} res = send(s, buf, len, flags); + (void) res; + return 0; + }" + curl_cv_func_send_test) + message(STATUS + "Tested: ${send_retv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})") + if(curl_cv_func_send_test) + string(REGEX REPLACE "(const) .*" "\\1" send_qual_arg2 "${send_arg2}") + string(REGEX REPLACE "const (.*)" "\\1" send_arg2 "${send_arg2}") + set(curl_cv_func_send_args + "${send_arg1},${send_arg2},${send_arg3},${send_arg4},${send_retv},${send_qual_arg2}") + set(SEND_TYPE_ARG1 "${send_arg1}") + set(SEND_TYPE_ARG2 "${send_arg2}") + set(SEND_TYPE_ARG3 "${send_arg3}") + set(SEND_TYPE_ARG4 "${send_arg4}") + set(SEND_TYPE_RETV "${send_retv}") + set(HAVE_SEND 1) + set(curl_cv_func_send_done 1) + endif() + endif() + endforeach() + endforeach() + endforeach() + endforeach() + endforeach() + else() + string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG1 "${curl_cv_func_send_args}") + string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG2 "${curl_cv_func_send_args}") + string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG3 "${curl_cv_func_send_args}") + string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG4 "${curl_cv_func_send_args}") + string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" SEND_TYPE_RETV "${curl_cv_func_send_args}") + string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" SEND_QUAL_ARG2 "${curl_cv_func_send_args}") + endif() + + if("${curl_cv_func_send_args}" STREQUAL "unknown") + message(FATAL_ERROR "Cannot find proper types to use for send args") + endif() + set(SEND_QUAL_ARG2 "const") +else() + message(FATAL_ERROR "Unable to link function send") +endif() +set(curl_cv_func_send_args "${curl_cv_func_send_args}" CACHE INTERNAL "Arguments for send") +set(HAVE_SEND 1) + +check_c_source_compiles("${_source_epilogue} + int main(void) { + int flag = MSG_NOSIGNAL; + (void)flag; + return 0; + }" HAVE_MSG_NOSIGNAL) + +if(NOT HAVE_WINDOWS_H) + add_header_include(HAVE_SYS_TIME_H "sys/time.h") + add_header_include(TIME_WITH_SYS_TIME "time.h") + add_header_include(HAVE_TIME_H "time.h") +endif() +check_c_source_compiles("${_source_epilogue} +int main(void) { + struct timeval ts; + ts.tv_sec = 0; + ts.tv_usec = 0; + (void)ts; + return 0; +}" HAVE_STRUCT_TIMEVAL) + +set(HAVE_SIG_ATOMIC_T 1) +set(CMAKE_REQUIRED_FLAGS) +if(HAVE_SIGNAL_H) + set(CMAKE_REQUIRED_FLAGS "-DHAVE_SIGNAL_H") + set(CMAKE_EXTRA_INCLUDE_FILES "signal.h") +endif() +check_type_size("sig_atomic_t" SIZEOF_SIG_ATOMIC_T) +if(HAVE_SIZEOF_SIG_ATOMIC_T) + check_c_source_compiles(" + #ifdef HAVE_SIGNAL_H + # include + #endif + int main(void) { + static volatile sig_atomic_t dummy = 0; + (void)dummy; + return 0; + }" HAVE_SIG_ATOMIC_T_NOT_VOLATILE) + if(NOT HAVE_SIG_ATOMIC_T_NOT_VOLATILE) + set(HAVE_SIG_ATOMIC_T_VOLATILE 1) + endif() +endif() + +if(HAVE_WINDOWS_H) + set(CMAKE_EXTRA_INCLUDE_FILES winsock2.h) +else() + set(CMAKE_EXTRA_INCLUDE_FILES) + if(HAVE_SYS_SOCKET_H) + set(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h) + endif() +endif() + +check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE) +if(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE) + set(HAVE_STRUCT_SOCKADDR_STORAGE 1) +endif() + +unset(CMAKE_TRY_COMPILE_TARGET_TYPE) + +if(NOT DEFINED CMAKE_TOOLCHAIN_FILE) + # if not cross-compilation... + include(CheckCSourceRuns) + set(CMAKE_REQUIRED_FLAGS "") + if(HAVE_SYS_POLL_H) + set(CMAKE_REQUIRED_FLAGS "-DHAVE_SYS_POLL_H") + elseif(HAVE_POLL_H) + set(CMAKE_REQUIRED_FLAGS "-DHAVE_POLL_H") + endif() + check_c_source_runs(" + #include + #include + + #ifdef HAVE_SYS_POLL_H + # include + #elif HAVE_POLL_H + # include + #endif + + int main(void) + { + if(0 != poll(0, 0, 10)) { + return 1; /* fail */ + } + else { + /* detect the 10.12 poll() breakage */ + struct timeval before, after; + int rc; + size_t us; + + gettimeofday(&before, NULL); + rc = poll(NULL, 0, 500); + gettimeofday(&after, NULL); + + us = (after.tv_sec - before.tv_sec) * 1000000 + + (after.tv_usec - before.tv_usec); + + if(us < 400000) { + return 1; + } + } + return 0; + }" HAVE_POLL_FINE) +endif() + diff --git a/extern/curl/CMake/Platforms/WindowsCache.cmake b/extern/curl/CMake/Platforms/WindowsCache.cmake new file mode 100644 index 0000000000..ead4115a31 --- /dev/null +++ b/extern/curl/CMake/Platforms/WindowsCache.cmake @@ -0,0 +1,123 @@ +if(NOT UNIX) + if(WIN32) + set(HAVE_LIBDL 0) + set(HAVE_LIBUCB 0) + set(HAVE_LIBSOCKET 0) + set(NOT_NEED_LIBNSL 0) + set(HAVE_LIBNSL 0) + set(HAVE_GETHOSTNAME 1) + set(HAVE_LIBZ 0) + + set(HAVE_DLOPEN 0) + + set(HAVE_ALLOCA_H 0) + set(HAVE_ARPA_INET_H 0) + set(HAVE_DLFCN_H 0) + set(HAVE_FCNTL_H 1) + set(HAVE_INTTYPES_H 0) + set(HAVE_IO_H 1) + set(HAVE_MALLOC_H 1) + set(HAVE_MEMORY_H 1) + set(HAVE_NETDB_H 0) + set(HAVE_NETINET_IF_ETHER_H 0) + set(HAVE_NETINET_IN_H 0) + set(HAVE_NET_IF_H 0) + set(HAVE_PROCESS_H 1) + set(HAVE_PWD_H 0) + set(HAVE_SETJMP_H 1) + set(HAVE_SGTTY_H 0) + set(HAVE_SIGNAL_H 1) + set(HAVE_SOCKIO_H 0) + set(HAVE_STDINT_H 0) + set(HAVE_STDLIB_H 1) + set(HAVE_STRINGS_H 0) + set(HAVE_STRING_H 1) + set(HAVE_SYS_PARAM_H 0) + set(HAVE_SYS_POLL_H 0) + set(HAVE_SYS_SELECT_H 0) + set(HAVE_SYS_SOCKET_H 0) + set(HAVE_SYS_SOCKIO_H 0) + set(HAVE_SYS_STAT_H 1) + set(HAVE_SYS_TIME_H 0) + set(HAVE_SYS_TYPES_H 1) + set(HAVE_SYS_UTIME_H 1) + set(HAVE_TERMIOS_H 0) + set(HAVE_TERMIO_H 0) + set(HAVE_TIME_H 1) + set(HAVE_UNISTD_H 0) + set(HAVE_UTIME_H 0) + set(HAVE_X509_H 0) + set(HAVE_ZLIB_H 0) + + set(HAVE_SIZEOF_LONG_DOUBLE 1) + set(SIZEOF_LONG_DOUBLE 8) + + set(HAVE_SOCKET 1) + set(HAVE_POLL 0) + set(HAVE_SELECT 1) + set(HAVE_STRDUP 1) + set(HAVE_STRSTR 1) + set(HAVE_STRTOK_R 0) + set(HAVE_STRFTIME 1) + set(HAVE_UNAME 0) + set(HAVE_STRCASECMP 0) + set(HAVE_STRICMP 1) + set(HAVE_STRCMPI 1) + set(HAVE_GETHOSTBYADDR 1) + set(HAVE_GETTIMEOFDAY 0) + set(HAVE_INET_ADDR 1) + set(HAVE_INET_NTOA 1) + set(HAVE_INET_NTOA_R 0) + set(HAVE_TCGETATTR 0) + set(HAVE_TCSETATTR 0) + set(HAVE_PERROR 1) + set(HAVE_CLOSESOCKET 1) + set(HAVE_SETVBUF 0) + set(HAVE_SIGSETJMP 0) + set(HAVE_GETPASS_R 0) + set(HAVE_STRLCAT 0) + set(HAVE_GETPWUID 0) + set(HAVE_GETEUID 0) + set(HAVE_UTIME 1) + set(HAVE_RAND_EGD 0) + set(HAVE_RAND_SCREEN 0) + set(HAVE_RAND_STATUS 0) + set(HAVE_GMTIME_R 0) + set(HAVE_LOCALTIME_R 0) + set(HAVE_GETHOSTBYADDR_R 0) + set(HAVE_GETHOSTBYNAME_R 0) + set(HAVE_SIGNAL_FUNC 1) + set(HAVE_SIGNAL_MACRO 0) + + set(HAVE_GETHOSTBYADDR_R_5 0) + set(HAVE_GETHOSTBYADDR_R_5_REENTRANT 0) + set(HAVE_GETHOSTBYADDR_R_7 0) + set(HAVE_GETHOSTBYADDR_R_7_REENTRANT 0) + set(HAVE_GETHOSTBYADDR_R_8 0) + set(HAVE_GETHOSTBYADDR_R_8_REENTRANT 0) + set(HAVE_GETHOSTBYNAME_R_3 0) + set(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0) + set(HAVE_GETHOSTBYNAME_R_5 0) + set(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0) + set(HAVE_GETHOSTBYNAME_R_6 0) + set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0) + + set(TIME_WITH_SYS_TIME 0) + set(HAVE_O_NONBLOCK 0) + set(HAVE_IN_ADDR_T 0) + set(HAVE_INET_NTOA_R_DECL 0) + set(HAVE_INET_NTOA_R_DECL_REENTRANT 0) + if(ENABLE_IPV6) + set(HAVE_GETADDRINFO 1) + else() + set(HAVE_GETADDRINFO 0) + endif() + set(STDC_HEADERS 1) + set(RETSIGTYPE_TEST 1) + + set(HAVE_SIGACTION 0) + set(HAVE_MACRO_SIGSETJMP 0) + else() + message("This file should be included on Windows platform only") + endif() +endif() diff --git a/extern/curl/CMake/Utilities.cmake b/extern/curl/CMake/Utilities.cmake new file mode 100644 index 0000000000..ffc411ae98 --- /dev/null +++ b/extern/curl/CMake/Utilities.cmake @@ -0,0 +1,12 @@ +# File containing various utilities + +# Returns a list of arguments that evaluate to true +function(count_true output_count_var) + set(lst_len 0) + foreach(option_var IN LISTS ARGN) + if(${option_var}) + math(EXPR lst_len "${lst_len} + 1") + endif() + endforeach() + set(${output_count_var} ${lst_len} PARENT_SCOPE) +endfunction() diff --git a/extern/curl/CMake/cmake_uninstall.cmake.in b/extern/curl/CMake/cmake_uninstall.cmake.in new file mode 100644 index 0000000000..db8e5367db --- /dev/null +++ b/extern/curl/CMake/cmake_uninstall.cmake.in @@ -0,0 +1,26 @@ +if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") + message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") +endif() + +if(NOT DEFINED CMAKE_INSTALL_PREFIX) + set(CMAKE_INSTALL_PREFIX "@CMAKE_INSTALL_PREFIX@") +endif() +message(${CMAKE_INSTALL_PREFIX}) + +file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files) +string(REGEX REPLACE "\n" ";" files "${files}") +foreach(file ${files}) + message(STATUS "Uninstalling $ENV{DESTDIR}${file}") + if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") + exec_program( + "@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\"" + OUTPUT_VARIABLE rm_out + RETURN_VALUE rm_retval + ) + if(NOT "${rm_retval}" STREQUAL 0) + message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}") + endif() + else() + message(STATUS "File $ENV{DESTDIR}${file} does not exist.") + endif() +endforeach() diff --git a/extern/curl/CMake/curl-config.cmake.in b/extern/curl/CMake/curl-config.cmake.in new file mode 100644 index 0000000000..1294e173a0 --- /dev/null +++ b/extern/curl/CMake/curl-config.cmake.in @@ -0,0 +1,12 @@ +@PACKAGE_INIT@ + +include(CMakeFindDependencyMacro) +if(@USE_OPENSSL@) + find_dependency(OpenSSL @OPENSSL_VERSION_MAJOR@) +endif() +if(@USE_ZLIB@) + find_dependency(ZLIB @ZLIB_VERSION_MAJOR@) +endif() + +include("${CMAKE_CURRENT_LIST_DIR}/@TARGETS_EXPORT_NAME@.cmake") +check_required_components("@PROJECT_NAME@") diff --git a/extern/curl/CMakeLists.txt b/extern/curl/CMakeLists.txt new file mode 100644 index 0000000000..73b053b315 --- /dev/null +++ b/extern/curl/CMakeLists.txt @@ -0,0 +1,1423 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### +# curl/libcurl CMake script +# by Tetetest and Sukender (Benoit Neil) + +# TODO: +# The output .so file lacks the soname number which we currently have within the lib/Makefile.am file +# Add full (4 or 5 libs) SSL support +# Add INSTALL target (EXTRA_DIST variables in Makefile.am may be moved to Makefile.inc so that CMake/CPack is aware of what's to include). +# Add CTests(?) +# Check on all possible platforms +# Test with as many configurations possible (With or without any option) +# Create scripts that help keeping the CMake build system up to date (to reduce maintenance). According to Tetetest: +# - lists of headers that 'configure' checks for; +# - curl-specific tests (the ones that are in m4/curl-*.m4 files); +# - (most obvious thing:) curl version numbers. +# Add documentation subproject +# +# To check: +# (From Daniel Stenberg) The cmake build selected to run gcc with -fPIC on my box while the plain configure script did not. +# (From Daniel Stenberg) The gcc command line use neither -g nor any -O options. As a developer, I also treasure our configure scripts's --enable-debug option that sets a long range of "picky" compiler options. +cmake_minimum_required(VERSION 3.0...3.16 FATAL_ERROR) + +set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}") +include(Utilities) +include(Macros) +include(CMakeDependentOption) +include(CheckCCompilerFlag) + +project(CURL C) + +message(WARNING "the curl cmake build system is poorly maintained. Be aware") + +file(STRINGS ${CURL_SOURCE_DIR}/include/curl/curlver.h CURL_VERSION_H_CONTENTS REGEX "#define LIBCURL_VERSION( |_NUM )") +string(REGEX MATCH "#define LIBCURL_VERSION \"[^\"]*" + CURL_VERSION ${CURL_VERSION_H_CONTENTS}) +string(REGEX REPLACE "[^\"]+\"" "" CURL_VERSION ${CURL_VERSION}) +string(REGEX MATCH "#define LIBCURL_VERSION_NUM 0x[0-9a-fA-F]+" + CURL_VERSION_NUM ${CURL_VERSION_H_CONTENTS}) +string(REGEX REPLACE "[^0]+0x" "" CURL_VERSION_NUM ${CURL_VERSION_NUM}) + + +# Setup package meta-data +# SET(PACKAGE "curl") +message(STATUS "curl version=[${CURL_VERSION}]") +# SET(PACKAGE_TARNAME "curl") +# SET(PACKAGE_NAME "curl") +# SET(PACKAGE_VERSION "-") +# SET(PACKAGE_STRING "curl-") +# SET(PACKAGE_BUGREPORT "a suitable curl mailing list => https://curl.haxx.se/mail/") +set(OPERATING_SYSTEM "${CMAKE_SYSTEM_NAME}") +set(OS "\"${CMAKE_SYSTEM_NAME}\"") + +include_directories(${CURL_SOURCE_DIR}/include) + +option(CURL_WERROR "Turn compiler warnings into errors" OFF) +option(PICKY_COMPILER "Enable picky compiler options" ON) +option(BUILD_CURL_EXE "Set to ON to build curl executable." ON) +option(BUILD_SHARED_LIBS "Build shared libraries" ON) +option(ENABLE_ARES "Set to ON to enable c-ares support" OFF) +if(WIN32) + option(CURL_STATIC_CRT "Set to ON to build libcurl with static CRT on Windows (/MT)." OFF) + option(ENABLE_INET_PTON "Set to OFF to prevent usage of inet_pton when building against modern SDKs while still requiring compatibility with older Windows versions, such as Windows XP, Windows Server 2003 etc." ON) + set(CURL_TARGET_WINDOWS_VERSION "" CACHE STRING "Minimum target Windows version as hex string") + if(CURL_TARGET_WINDOWS_VERSION) + add_definitions(-D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}) + elseif(ENABLE_INET_PTON) + # _WIN32_WINNT_VISTA (0x0600) + add_definitions(-D_WIN32_WINNT=0x0600) + else() + # _WIN32_WINNT_WINXP (0x0501) + add_definitions(-D_WIN32_WINNT=0x0501) + endif() +endif() +option(CURL_LTO "Turn on compiler Link Time Optimizations" OFF) + +cmake_dependent_option(ENABLE_THREADED_RESOLVER "Set to ON to enable threaded DNS lookup" + ON "NOT ENABLE_ARES" + OFF) + +option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF) +option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF) + +if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) + if(PICKY_COMPILER) + foreach(_CCOPT -pedantic -Wall -W -Wpointer-arith -Wwrite-strings -Wunused -Wshadow -Winline -Wnested-externs -Wmissing-declarations -Wmissing-prototypes -Wno-long-long -Wfloat-equal -Wno-multichar -Wsign-compare -Wundef -Wno-format-nonliteral -Wendif-labels -Wstrict-prototypes -Wdeclaration-after-statement -Wstrict-aliasing=3 -Wcast-align -Wtype-limits -Wold-style-declaration -Wmissing-parameter-type -Wempty-body -Wclobbered -Wignored-qualifiers -Wconversion -Wno-sign-conversion -Wvla -Wdouble-promotion -Wno-system-headers -Wno-pedantic-ms-format) + # surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each new + # test result in. + string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) + check_c_compiler_flag(${_CCOPT} ${_optvarname}) + if(${_optvarname}) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_CCOPT}") + endif() + endforeach() + endif() +endif() + +if(ENABLE_DEBUG) + # DEBUGBUILD will be defined only for Debug builds + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$:DEBUGBUILD>) + set(ENABLE_CURLDEBUG ON) +endif() + +if(ENABLE_CURLDEBUG) + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG) +endif() + +# For debug libs and exes, add "-d" postfix +if(NOT DEFINED CMAKE_DEBUG_POSTFIX) + set(CMAKE_DEBUG_POSTFIX "-d") +endif() + +# initialize CURL_LIBS +set(CURL_LIBS "") + +if(ENABLE_ARES) + set(USE_ARES 1) + find_package(CARES REQUIRED) + list(APPEND CURL_LIBS ${CARES_LIBRARY}) +endif() + +include(CurlSymbolHiding) + +option(HTTP_ONLY "disables all protocols except HTTP (This overrides all CURL_DISABLE_* options)" OFF) +mark_as_advanced(HTTP_ONLY) +option(CURL_DISABLE_FTP "disables FTP" OFF) +mark_as_advanced(CURL_DISABLE_FTP) +option(CURL_DISABLE_LDAP "disables LDAP" OFF) +mark_as_advanced(CURL_DISABLE_LDAP) +option(CURL_DISABLE_TELNET "disables Telnet" OFF) +mark_as_advanced(CURL_DISABLE_TELNET) +option(CURL_DISABLE_DICT "disables DICT" OFF) +mark_as_advanced(CURL_DISABLE_DICT) +option(CURL_DISABLE_FILE "disables FILE" OFF) +mark_as_advanced(CURL_DISABLE_FILE) +option(CURL_DISABLE_TFTP "disables TFTP" OFF) +mark_as_advanced(CURL_DISABLE_TFTP) +option(CURL_DISABLE_HTTP "disables HTTP" OFF) +mark_as_advanced(CURL_DISABLE_HTTP) + +option(CURL_DISABLE_LDAPS "to disable LDAPS" OFF) +mark_as_advanced(CURL_DISABLE_LDAPS) + +option(CURL_DISABLE_RTSP "to disable RTSP" OFF) +mark_as_advanced(CURL_DISABLE_RTSP) +option(CURL_DISABLE_PROXY "to disable proxy" OFF) +mark_as_advanced(CURL_DISABLE_PROXY) +option(CURL_DISABLE_POP3 "to disable POP3" OFF) +mark_as_advanced(CURL_DISABLE_POP3) +option(CURL_DISABLE_IMAP "to disable IMAP" OFF) +mark_as_advanced(CURL_DISABLE_IMAP) +option(CURL_DISABLE_SMTP "to disable SMTP" OFF) +mark_as_advanced(CURL_DISABLE_SMTP) +option(CURL_DISABLE_GOPHER "to disable Gopher" OFF) +mark_as_advanced(CURL_DISABLE_GOPHER) + +if(HTTP_ONLY) + set(CURL_DISABLE_FTP ON) + set(CURL_DISABLE_LDAP ON) + set(CURL_DISABLE_LDAPS ON) + set(CURL_DISABLE_TELNET ON) + set(CURL_DISABLE_DICT ON) + set(CURL_DISABLE_FILE ON) + set(CURL_DISABLE_TFTP ON) + set(CURL_DISABLE_RTSP ON) + set(CURL_DISABLE_POP3 ON) + set(CURL_DISABLE_IMAP ON) + set(CURL_DISABLE_SMB ON) + set(CURL_DISABLE_SMTP ON) + set(CURL_DISABLE_GOPHER ON) +endif() + +option(CURL_DISABLE_COOKIES "to disable cookies support" OFF) +mark_as_advanced(CURL_DISABLE_COOKIES) + +option(CURL_DISABLE_CRYPTO_AUTH "to disable cryptographic authentication" OFF) +mark_as_advanced(CURL_DISABLE_CRYPTO_AUTH) +option(CURL_DISABLE_VERBOSE_STRINGS "to disable verbose strings" OFF) +mark_as_advanced(CURL_DISABLE_VERBOSE_STRINGS) +option(ENABLE_IPV6 "Define if you want to enable IPv6 support" ON) +mark_as_advanced(ENABLE_IPV6) +if(ENABLE_IPV6 AND NOT WIN32) + include(CheckStructHasMember) + check_struct_has_member("struct sockaddr_in6" sin6_addr "netinet/in.h" + HAVE_SOCKADDR_IN6_SIN6_ADDR) + check_struct_has_member("struct sockaddr_in6" sin6_scope_id "netinet/in.h" + HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID) + if(NOT HAVE_SOCKADDR_IN6_SIN6_ADDR) + message(WARNING "struct sockaddr_in6 not available, disabling IPv6 support") + # Force the feature off as this name is used as guard macro... + set(ENABLE_IPV6 OFF + CACHE BOOL "Define if you want to enable IPv6 support" FORCE) + endif() +endif() + +curl_nroff_check() +find_package(Perl) + +cmake_dependent_option(ENABLE_MANUAL "to provide the built-in manual" + ON "NROFF_USEFUL;PERL_FOUND" + OFF) + +if(NOT PERL_FOUND) + message(STATUS "Perl not found, testing disabled.") + set(BUILD_TESTING OFF) +endif() +if(ENABLE_MANUAL) + set(USE_MANUAL ON) +endif() + +# We need ansi c-flags, especially on HP +set(CMAKE_C_FLAGS "${CMAKE_ANSI_CFLAGS} ${CMAKE_C_FLAGS}") +set(CMAKE_REQUIRED_FLAGS ${CMAKE_ANSI_CFLAGS}) + +if(CURL_STATIC_CRT) + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} /MT") + set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} /MTd") +endif() + +# Disable warnings on Borland to avoid changing 3rd party code. +if(BORLAND) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -w-") +endif() + +# If we are on AIX, do the _ALL_SOURCE magic +if(${CMAKE_SYSTEM_NAME} MATCHES AIX) + set(_ALL_SOURCE 1) +endif() + +# Include all the necessary files for macros +include(CMakePushCheckState) +include(CheckFunctionExists) +include(CheckIncludeFile) +include(CheckIncludeFiles) +include(CheckLibraryExists) +include(CheckSymbolExists) +include(CheckTypeSize) +include(CheckCSourceCompiles) + +# On windows preload settings +if(WIN32) + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_=") + include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake) +endif() + +if(ENABLE_THREADED_RESOLVER) + find_package(Threads REQUIRED) + if(WIN32) + set(USE_THREADS_WIN32 ON) + else() + set(USE_THREADS_POSIX ${CMAKE_USE_PTHREADS_INIT}) + set(HAVE_PTHREAD_H ${CMAKE_USE_PTHREADS_INIT}) + endif() + set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT}) +endif() + +# Check for all needed libraries +check_library_exists_concat("${CMAKE_DL_LIBS}" dlopen HAVE_LIBDL) +check_library_exists_concat("socket" connect HAVE_LIBSOCKET) +check_library_exists("c" gethostbyname "" NOT_NEED_LIBNSL) + +# Yellowtab Zeta needs different libraries than BeOS 5. +if(BEOS) + set(NOT_NEED_LIBNSL 1) + check_library_exists_concat("bind" gethostbyname HAVE_LIBBIND) + check_library_exists_concat("bnetapi" closesocket HAVE_LIBBNETAPI) +endif() + +if(NOT NOT_NEED_LIBNSL) + check_library_exists_concat("nsl" gethostbyname HAVE_LIBNSL) +endif() + +check_function_exists(gethostname HAVE_GETHOSTNAME) + +if(WIN32) + check_library_exists_concat("ws2_32" getch HAVE_LIBWS2_32) + check_library_exists_concat("winmm" getch HAVE_LIBWINMM) + list(APPEND CURL_LIBS "advapi32") +endif() + +# check SSL libraries +# TODO support GnuTLS and WolfSSL + +if(APPLE) + option(CMAKE_USE_SECTRANSP "enable Apple OS native SSL/TLS" OFF) +endif() +if(WIN32) + option(CMAKE_USE_WINSSL "enable Windows native SSL/TLS" OFF) + cmake_dependent_option(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON + CMAKE_USE_WINSSL OFF) +endif() +option(CMAKE_USE_MBEDTLS "Enable mbedTLS for SSL/TLS" OFF) +option(CMAKE_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF) +option(CMAKE_USE_NSS "Enable NSS for SSL/TLS" OFF) + +set(openssl_default ON) +if(WIN32 OR CMAKE_USE_SECTRANSP OR CMAKE_USE_WINSSL OR CMAKE_USE_MBEDTLS OR CMAKE_USE_NSS) + set(openssl_default OFF) +endif() +option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ${openssl_default}) + +count_true(enabled_ssl_options_count + CMAKE_USE_WINSSL + CMAKE_USE_SECTRANSP + CMAKE_USE_OPENSSL + CMAKE_USE_MBEDTLS + CMAKE_USE_BEARSSL + CMAKE_USE_NSS +) +if(enabled_ssl_options_count GREATER "1") + set(CURL_WITH_MULTI_SSL ON) +endif() + +if(CMAKE_USE_WINSSL) + set(SSL_ENABLED ON) + set(USE_SCHANNEL ON) # Windows native SSL/TLS support + set(USE_WINDOWS_SSPI ON) # CMAKE_USE_WINSSL implies CURL_WINDOWS_SSPI + list(APPEND CURL_LIBS "crypt32") +endif() +if(CURL_WINDOWS_SSPI) + set(USE_WINDOWS_SSPI ON) + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DSECURITY_WIN32") +endif() + +if(CMAKE_USE_DARWINSSL) + message(FATAL_ERROR "The cmake option CMAKE_USE_DARWINSSL was renamed to CMAKE_USE_SECTRANSP.") +endif() + +if(CMAKE_USE_SECTRANSP) + find_library(COREFOUNDATION_FRAMEWORK "CoreFoundation") + if(NOT COREFOUNDATION_FRAMEWORK) + message(FATAL_ERROR "CoreFoundation framework not found") + endif() + + find_library(SECURITY_FRAMEWORK "Security") + if(NOT SECURITY_FRAMEWORK) + message(FATAL_ERROR "Security framework not found") + endif() + + set(SSL_ENABLED ON) + set(USE_SECTRANSP ON) + list(APPEND CURL_LIBS "${COREFOUNDATION_FRAMEWORK}" "${SECURITY_FRAMEWORK}") +endif() + +if(CMAKE_USE_OPENSSL) + find_package(OpenSSL REQUIRED) + set(SSL_ENABLED ON) + set(USE_OPENSSL ON) + + # Depend on OpenSSL via imported targets if supported by the running + # version of CMake. This allows our dependents to get our dependencies + # transitively. + if(NOT CMAKE_VERSION VERSION_LESS 3.4) + list(APPEND CURL_LIBS OpenSSL::SSL OpenSSL::Crypto) + else() + list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES}) + include_directories(${OPENSSL_INCLUDE_DIR}) + endif() + + set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) + check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) + check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H) + check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H) + check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H) + check_include_file("openssl/ssl.h" HAVE_OPENSSL_SSL_H) + check_include_file("openssl/x509.h" HAVE_OPENSSL_X509_H) + check_include_file("openssl/rand.h" HAVE_OPENSSL_RAND_H) + check_symbol_exists(RAND_status "${CURL_INCLUDES}" HAVE_RAND_STATUS) + check_symbol_exists(RAND_screen "${CURL_INCLUDES}" HAVE_RAND_SCREEN) + check_symbol_exists(RAND_egd "${CURL_INCLUDES}" HAVE_RAND_EGD) +endif() + +if(CMAKE_USE_MBEDTLS) + find_package(MbedTLS REQUIRED) + set(SSL_ENABLED ON) + set(USE_MBEDTLS ON) + list(APPEND CURL_LIBS ${MBEDTLS_LIBRARIES}) + include_directories(${MBEDTLS_INCLUDE_DIRS}) +endif() + +if(CMAKE_USE_BEARSSL) + find_package(BearSSL REQUIRED) + set(SSL_ENABLED ON) + set(USE_BEARSSL ON) + list(APPEND CURL_LIBS ${BEARSSL_LIBRARY}) + include_directories(${BEARSSL_INCLUDE_DIRS}) +endif() + +if(CMAKE_USE_NSS) + find_package(NSS REQUIRED) + include_directories(${NSS_INCLUDE_DIRS}) + list(APPEND CURL_LIBS ${NSS_LIBRARIES}) + set(SSL_ENABLED ON) + set(USE_NSS ON) + cmake_push_check_state() + set(CMAKE_REQUIRED_INCLUDES ${NSS_INCLUDE_DIRS}) + set(CMAKE_REQUIRED_LIBRARIES ${NSS_LIBRARIES}) + check_symbol_exists(PK11_CreateManagedGenericObject "pk11pub.h" HAVE_PK11_CREATEMANAGEDGENERICOBJECT) + cmake_pop_check_state() +endif() + +option(USE_NGHTTP2 "Use Nghttp2 library" OFF) +if(USE_NGHTTP2) + find_package(NGHTTP2 REQUIRED) + include_directories(${NGHTTP2_INCLUDE_DIRS}) + list(APPEND CURL_LIBS ${NGHTTP2_LIBRARIES}) +endif() + +if(WIN32) + set(USE_WIN32_CRYPTO ON) +endif() + +if(NOT CURL_DISABLE_LDAP) + if(WIN32) + option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON) + if(USE_WIN32_LDAP) + check_library_exists_concat("wldap32" cldap_open HAVE_WLDAP32) + if(NOT HAVE_WLDAP32) + set(USE_WIN32_LDAP OFF) + endif() + endif() + endif() + + option(CMAKE_USE_OPENLDAP "Use OpenLDAP code." OFF) + mark_as_advanced(CMAKE_USE_OPENLDAP) + set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library") + set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library") + + if(CMAKE_USE_OPENLDAP AND USE_WIN32_LDAP) + message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CMAKE_USE_OPENLDAP at the same time") + endif() + + # Now that we know, we're not using windows LDAP... + if(USE_WIN32_LDAP) + check_include_file_concat("winldap.h" HAVE_WINLDAP_H) + check_include_file_concat("winber.h" HAVE_WINBER_H) + else() + # Check for LDAP + set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) + check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP) + check_library_exists_concat(${CMAKE_LBER_LIB} ber_init HAVE_LIBLBER) + + set(CMAKE_REQUIRED_INCLUDES_BAK ${CMAKE_REQUIRED_INCLUDES}) + set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory") + if(CMAKE_LDAP_INCLUDE_DIR) + list(APPEND CMAKE_REQUIRED_INCLUDES ${CMAKE_LDAP_INCLUDE_DIR}) + endif() + check_include_file_concat("ldap.h" HAVE_LDAP_H) + check_include_file_concat("lber.h" HAVE_LBER_H) + + if(NOT HAVE_LDAP_H) + message(STATUS "LDAP_H not found CURL_DISABLE_LDAP set ON") + set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) + set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used + elseif(NOT HAVE_LIBLDAP) + message(STATUS "LDAP library '${CMAKE_LDAP_LIB}' not found CURL_DISABLE_LDAP set ON") + set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) + set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used + else() + if(CMAKE_USE_OPENLDAP) + set(USE_OPENLDAP ON) + endif() + if(CMAKE_LDAP_INCLUDE_DIR) + include_directories(${CMAKE_LDAP_INCLUDE_DIR}) + endif() + set(NEED_LBER_H ON) + set(_HEADER_LIST) + if(HAVE_WINDOWS_H) + list(APPEND _HEADER_LIST "windows.h") + endif() + if(HAVE_SYS_TYPES_H) + list(APPEND _HEADER_LIST "sys/types.h") + endif() + list(APPEND _HEADER_LIST "ldap.h") + + set(_SRC_STRING "") + foreach(_HEADER ${_HEADER_LIST}) + set(_INCLUDE_STRING "${_INCLUDE_STRING}#include <${_HEADER}>\n") + endforeach() + + set(_SRC_STRING + " + ${_INCLUDE_STRING} + int main(int argc, char ** argv) + { + BerValue *bvp = NULL; + BerElement *bep = ber_init(bvp); + ber_free(bep, 1); + return 0; + }" + ) + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1") + list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) + if(HAVE_LIBLBER) + list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) + endif() + check_c_source_compiles("${_SRC_STRING}" NOT_NEED_LBER_H) + unset(CMAKE_REQUIRED_LIBRARIES) + + if(NOT_NEED_LBER_H) + set(NEED_LBER_H OFF) + else() + set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DNEED_LBER_H") + endif() + endif() + endif() +endif() + +# No ldap, no ldaps. +if(CURL_DISABLE_LDAP) + if(NOT CURL_DISABLE_LDAPS) + message(STATUS "LDAP needs to be enabled to support LDAPS") + set(CURL_DISABLE_LDAPS ON CACHE BOOL "" FORCE) + endif() +endif() + +if(NOT CURL_DISABLE_LDAPS) + check_include_file_concat("ldap_ssl.h" HAVE_LDAP_SSL_H) + check_include_file_concat("ldapssl.h" HAVE_LDAPSSL_H) +endif() + +# Check for idn +check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2) + +# Check for symbol dlopen (same as HAVE_LIBDL) +check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN) + +option(CURL_ZLIB "Set to ON to enable building curl with zlib support." ON) +set(HAVE_LIBZ OFF) +set(HAVE_ZLIB_H OFF) +set(USE_ZLIB OFF) +if(CURL_ZLIB) + find_package(ZLIB QUIET) + if(ZLIB_FOUND) + set(HAVE_ZLIB_H ON) + set(HAVE_LIBZ ON) + set(USE_ZLIB ON) + + # Depend on ZLIB via imported targets if supported by the running + # version of CMake. This allows our dependents to get our dependencies + # transitively. + if(NOT CMAKE_VERSION VERSION_LESS 3.4) + list(APPEND CURL_LIBS ZLIB::ZLIB) + else() + list(APPEND CURL_LIBS ${ZLIB_LIBRARIES}) + include_directories(${ZLIB_INCLUDE_DIRS}) + endif() + list(APPEND CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIRS}) + endif() +endif() + +option(CURL_BROTLI "Set to ON to enable building curl with brotli support." OFF) +set(HAVE_BROTLI OFF) +if(CURL_BROTLI) + find_package(Brotli QUIET) + if(BROTLI_FOUND) + set(HAVE_BROTLI ON) + list(APPEND CURL_LIBS ${BROTLI_LIBRARIES}) + include_directories(${BROTLI_INCLUDE_DIRS}) + list(APPEND CMAKE_REQUIRED_INCLUDES ${BROTLI_INCLUDE_DIRS}) + endif() +endif() + +#libSSH2 +option(CMAKE_USE_LIBSSH2 "Use libSSH2" ON) +mark_as_advanced(CMAKE_USE_LIBSSH2) +set(USE_LIBSSH2 OFF) +set(HAVE_LIBSSH2 OFF) +set(HAVE_LIBSSH2_H OFF) + +if(CMAKE_USE_LIBSSH2) + find_package(LibSSH2) + if(LIBSSH2_FOUND) + list(APPEND CURL_LIBS ${LIBSSH2_LIBRARY}) + set(CMAKE_REQUIRED_LIBRARIES ${LIBSSH2_LIBRARY}) + list(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}") + include_directories("${LIBSSH2_INCLUDE_DIR}") + set(HAVE_LIBSSH2 ON) + set(USE_LIBSSH2 ON) + + # find_package has already found the headers + set(HAVE_LIBSSH2_H ON) + set(CURL_INCLUDES ${CURL_INCLUDES} "${LIBSSH2_INCLUDE_DIR}/libssh2.h") + set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DHAVE_LIBSSH2_H") + + # now check for specific libssh2 symbols as they were added in different versions + set(CMAKE_EXTRA_INCLUDE_FILES "libssh2.h") + check_function_exists(libssh2_version HAVE_LIBSSH2_VERSION) + check_function_exists(libssh2_init HAVE_LIBSSH2_INIT) + check_function_exists(libssh2_exit HAVE_LIBSSH2_EXIT) + check_function_exists(libssh2_scp_send64 HAVE_LIBSSH2_SCP_SEND64) + check_function_exists(libssh2_session_handshake HAVE_LIBSSH2_SESSION_HANDSHAKE) + set(CMAKE_EXTRA_INCLUDE_FILES "") + unset(CMAKE_REQUIRED_LIBRARIES) + endif() +endif() + +option(CMAKE_USE_GSSAPI "Use GSSAPI implementation (right now only Heimdal is supported with CMake build)" OFF) +mark_as_advanced(CMAKE_USE_GSSAPI) + +if(CMAKE_USE_GSSAPI) + find_package(GSS) + + set(HAVE_GSSAPI ${GSS_FOUND}) + if(GSS_FOUND) + + message(STATUS "Found ${GSS_FLAVOUR} GSSAPI version: \"${GSS_VERSION}\"") + + list(APPEND CMAKE_REQUIRED_INCLUDES ${GSS_INCLUDE_DIR}) + check_include_file_concat("gssapi/gssapi.h" HAVE_GSSAPI_GSSAPI_H) + check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H) + check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H) + + if(GSS_FLAVOUR STREQUAL "Heimdal") + set(HAVE_GSSHEIMDAL ON) + else() # MIT + set(HAVE_GSSMIT ON) + set(_INCLUDE_LIST "") + if(HAVE_GSSAPI_GSSAPI_H) + list(APPEND _INCLUDE_LIST "gssapi/gssapi.h") + endif() + if(HAVE_GSSAPI_GSSAPI_GENERIC_H) + list(APPEND _INCLUDE_LIST "gssapi/gssapi_generic.h") + endif() + if(HAVE_GSSAPI_GSSAPI_KRB5_H) + list(APPEND _INCLUDE_LIST "gssapi/gssapi_krb5.h") + endif() + + string(REPLACE ";" " " _COMPILER_FLAGS_STR "${GSS_COMPILER_FLAGS}") + string(REPLACE ";" " " _LINKER_FLAGS_STR "${GSS_LINKER_FLAGS}") + + foreach(_dir ${GSS_LINK_DIRECTORIES}) + set(_LINKER_FLAGS_STR "${_LINKER_FLAGS_STR} -L\"${_dir}\"") + endforeach() + + set(CMAKE_REQUIRED_FLAGS "${_COMPILER_FLAGS_STR} ${_LINKER_FLAGS_STR}") + set(CMAKE_REQUIRED_LIBRARIES ${GSS_LIBRARIES}) + check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" ${_INCLUDE_LIST} HAVE_GSS_C_NT_HOSTBASED_SERVICE) + if(NOT HAVE_GSS_C_NT_HOSTBASED_SERVICE) + set(HAVE_OLD_GSSMIT ON) + endif() + unset(CMAKE_REQUIRED_LIBRARIES) + + endif() + + include_directories(${GSS_INCLUDE_DIR}) + link_directories(${GSS_LINK_DIRECTORIES}) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GSS_COMPILER_FLAGS}") + set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") + list(APPEND CURL_LIBS ${GSS_LIBRARIES}) + + else() + message(WARNING "GSSAPI support has been requested but no supporting libraries found. Skipping.") + endif() +endif() + +option(ENABLE_UNIX_SOCKETS "Define if you want Unix domain sockets support" ON) +if(ENABLE_UNIX_SOCKETS) + include(CheckStructHasMember) + check_struct_has_member("struct sockaddr_un" sun_path "sys/un.h" USE_UNIX_SOCKETS) +else() + unset(USE_UNIX_SOCKETS CACHE) +endif() + +# +# CA handling +# +set(CURL_CA_BUNDLE "auto" CACHE STRING + "Path to the CA bundle. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") +set(CURL_CA_FALLBACK OFF CACHE BOOL + "Set ON to use built-in CA store of TLS backend. Defaults to OFF") +set(CURL_CA_PATH "auto" CACHE STRING + "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") + +if("${CURL_CA_BUNDLE}" STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or file path.") +elseif("${CURL_CA_BUNDLE}" STREQUAL "none") + unset(CURL_CA_BUNDLE CACHE) +elseif("${CURL_CA_BUNDLE}" STREQUAL "auto") + unset(CURL_CA_BUNDLE CACHE) + set(CURL_CA_BUNDLE_AUTODETECT TRUE) +else() + set(CURL_CA_BUNDLE_SET TRUE) +endif() + +if("${CURL_CA_PATH}" STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or directory path.") +elseif("${CURL_CA_PATH}" STREQUAL "none") + unset(CURL_CA_PATH CACHE) +elseif("${CURL_CA_PATH}" STREQUAL "auto") + unset(CURL_CA_PATH CACHE) + if(NOT USE_NSS) + set(CURL_CA_PATH_AUTODETECT TRUE) + endif() +else() + set(CURL_CA_PATH_SET TRUE) +endif() + +if(CURL_CA_BUNDLE_SET AND CURL_CA_PATH_AUTODETECT) + # Skip autodetection of unset CA path because CA bundle is set explicitly +elseif(CURL_CA_PATH_SET AND CURL_CA_BUNDLE_AUTODETECT) + # Skip autodetection of unset CA bundle because CA path is set explicitly +elseif(CURL_CA_PATH_AUTODETECT OR CURL_CA_BUNDLE_AUTODETECT) + # first try autodetecting a CA bundle, then a CA path + + if(CURL_CA_BUNDLE_AUTODETECT) + set(SEARCH_CA_BUNDLE_PATHS + /etc/ssl/certs/ca-certificates.crt + /etc/pki/tls/certs/ca-bundle.crt + /usr/share/ssl/certs/ca-bundle.crt + /usr/local/share/certs/ca-root-nss.crt + /etc/ssl/cert.pem) + + foreach(SEARCH_CA_BUNDLE_PATH ${SEARCH_CA_BUNDLE_PATHS}) + if(EXISTS "${SEARCH_CA_BUNDLE_PATH}") + message(STATUS "Found CA bundle: ${SEARCH_CA_BUNDLE_PATH}") + set(CURL_CA_BUNDLE "${SEARCH_CA_BUNDLE_PATH}") + set(CURL_CA_BUNDLE_SET TRUE CACHE BOOL "Path to the CA bundle has been set") + break() + endif() + endforeach() + endif() + + if(CURL_CA_PATH_AUTODETECT AND (NOT CURL_CA_PATH_SET)) + if(EXISTS "/etc/ssl/certs") + set(CURL_CA_PATH "/etc/ssl/certs") + set(CURL_CA_PATH_SET TRUE CACHE BOOL "Path to the CA bundle has been set") + endif() + endif() +endif() + +if(CURL_CA_PATH_SET AND NOT USE_OPENSSL AND NOT USE_MBEDTLS) + message(FATAL_ERROR + "CA path only supported by OpenSSL, GnuTLS or mbed TLS. " + "Set CURL_CA_PATH=none or enable one of those TLS backends.") +endif() + +# Check for header files +if(NOT UNIX) + check_include_file_concat("windows.h" HAVE_WINDOWS_H) + check_include_file_concat("winsock.h" HAVE_WINSOCK_H) + check_include_file_concat("ws2tcpip.h" HAVE_WS2TCPIP_H) + check_include_file_concat("winsock2.h" HAVE_WINSOCK2_H) + if(NOT CURL_WINDOWS_SSPI AND USE_OPENSSL) + set(CURL_LIBS ${CURL_LIBS} "crypt32") + endif() +endif() + +check_include_file_concat("stdio.h" HAVE_STDIO_H) +check_include_file_concat("inttypes.h" HAVE_INTTYPES_H) +check_include_file_concat("sys/filio.h" HAVE_SYS_FILIO_H) +check_include_file_concat("sys/ioctl.h" HAVE_SYS_IOCTL_H) +check_include_file_concat("sys/param.h" HAVE_SYS_PARAM_H) +check_include_file_concat("sys/poll.h" HAVE_SYS_POLL_H) +check_include_file_concat("sys/resource.h" HAVE_SYS_RESOURCE_H) +check_include_file_concat("sys/select.h" HAVE_SYS_SELECT_H) +check_include_file_concat("sys/socket.h" HAVE_SYS_SOCKET_H) +check_include_file_concat("sys/sockio.h" HAVE_SYS_SOCKIO_H) +check_include_file_concat("sys/stat.h" HAVE_SYS_STAT_H) +check_include_file_concat("sys/time.h" HAVE_SYS_TIME_H) +check_include_file_concat("sys/types.h" HAVE_SYS_TYPES_H) +check_include_file_concat("sys/uio.h" HAVE_SYS_UIO_H) +check_include_file_concat("sys/un.h" HAVE_SYS_UN_H) +check_include_file_concat("sys/utime.h" HAVE_SYS_UTIME_H) +check_include_file_concat("sys/xattr.h" HAVE_SYS_XATTR_H) +check_include_file_concat("alloca.h" HAVE_ALLOCA_H) +check_include_file_concat("arpa/inet.h" HAVE_ARPA_INET_H) +check_include_file_concat("arpa/tftp.h" HAVE_ARPA_TFTP_H) +check_include_file_concat("assert.h" HAVE_ASSERT_H) +check_include_file_concat("crypto.h" HAVE_CRYPTO_H) +check_include_file_concat("des.h" HAVE_DES_H) +check_include_file_concat("err.h" HAVE_ERR_H) +check_include_file_concat("errno.h" HAVE_ERRNO_H) +check_include_file_concat("fcntl.h" HAVE_FCNTL_H) +check_include_file_concat("idn2.h" HAVE_IDN2_H) +check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H) +check_include_file_concat("io.h" HAVE_IO_H) +check_include_file_concat("krb.h" HAVE_KRB_H) +check_include_file_concat("libgen.h" HAVE_LIBGEN_H) +check_include_file_concat("locale.h" HAVE_LOCALE_H) +check_include_file_concat("net/if.h" HAVE_NET_IF_H) +check_include_file_concat("netdb.h" HAVE_NETDB_H) +check_include_file_concat("netinet/in.h" HAVE_NETINET_IN_H) +check_include_file_concat("netinet/tcp.h" HAVE_NETINET_TCP_H) + +check_include_file_concat("pem.h" HAVE_PEM_H) +check_include_file_concat("poll.h" HAVE_POLL_H) +check_include_file_concat("pwd.h" HAVE_PWD_H) +check_include_file_concat("rsa.h" HAVE_RSA_H) +check_include_file_concat("setjmp.h" HAVE_SETJMP_H) +check_include_file_concat("sgtty.h" HAVE_SGTTY_H) +check_include_file_concat("signal.h" HAVE_SIGNAL_H) +check_include_file_concat("ssl.h" HAVE_SSL_H) +check_include_file_concat("stdbool.h" HAVE_STDBOOL_H) +check_include_file_concat("stdint.h" HAVE_STDINT_H) +check_include_file_concat("stdio.h" HAVE_STDIO_H) +check_include_file_concat("stdlib.h" HAVE_STDLIB_H) +check_include_file_concat("string.h" HAVE_STRING_H) +check_include_file_concat("strings.h" HAVE_STRINGS_H) +check_include_file_concat("stropts.h" HAVE_STROPTS_H) +check_include_file_concat("termio.h" HAVE_TERMIO_H) +check_include_file_concat("termios.h" HAVE_TERMIOS_H) +check_include_file_concat("time.h" HAVE_TIME_H) +check_include_file_concat("unistd.h" HAVE_UNISTD_H) +check_include_file_concat("utime.h" HAVE_UTIME_H) +check_include_file_concat("x509.h" HAVE_X509_H) + +check_include_file_concat("process.h" HAVE_PROCESS_H) +check_include_file_concat("stddef.h" HAVE_STDDEF_H) +check_include_file_concat("dlfcn.h" HAVE_DLFCN_H) +check_include_file_concat("malloc.h" HAVE_MALLOC_H) +check_include_file_concat("memory.h" HAVE_MEMORY_H) +check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H) +check_include_file_concat("stdint.h" HAVE_STDINT_H) +check_include_file_concat("sockio.h" HAVE_SOCKIO_H) +check_include_file_concat("sys/utsname.h" HAVE_SYS_UTSNAME_H) + +check_type_size(size_t SIZEOF_SIZE_T) +check_type_size(ssize_t SIZEOF_SSIZE_T) +check_type_size("long long" SIZEOF_LONG_LONG) +check_type_size("long" SIZEOF_LONG) +check_type_size("short" SIZEOF_SHORT) +check_type_size("int" SIZEOF_INT) +check_type_size("__int64" SIZEOF___INT64) +check_type_size("long double" SIZEOF_LONG_DOUBLE) +check_type_size("time_t" SIZEOF_TIME_T) +if(NOT HAVE_SIZEOF_SSIZE_T) + if(SIZEOF_LONG EQUAL SIZEOF_SIZE_T) + set(ssize_t long) + endif() + if(NOT ssize_t AND SIZEOF___INT64 EQUAL SIZEOF_SIZE_T) + set(ssize_t __int64) + endif() +endif() +# off_t is sized later, after the HAVE_FILE_OFFSET_BITS test + +if(HAVE_SIZEOF_LONG_LONG) + set(HAVE_LONGLONG 1) + set(HAVE_LL 1) +endif() + +find_file(RANDOM_FILE urandom /dev) +mark_as_advanced(RANDOM_FILE) + +# Check for some functions that are used +if(HAVE_LIBWS2_32) + set(CMAKE_REQUIRED_LIBRARIES ws2_32) +elseif(HAVE_LIBSOCKET) + set(CMAKE_REQUIRED_LIBRARIES socket) +endif() + +check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) +check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) +check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT) +check_symbol_exists(poll "${CURL_INCLUDES}" HAVE_POLL) +check_symbol_exists(strdup "${CURL_INCLUDES}" HAVE_STRDUP) +check_symbol_exists(strstr "${CURL_INCLUDES}" HAVE_STRSTR) +check_symbol_exists(strtok_r "${CURL_INCLUDES}" HAVE_STRTOK_R) +check_symbol_exists(strftime "${CURL_INCLUDES}" HAVE_STRFTIME) +check_symbol_exists(uname "${CURL_INCLUDES}" HAVE_UNAME) +check_symbol_exists(strcasecmp "${CURL_INCLUDES}" HAVE_STRCASECMP) +check_symbol_exists(stricmp "${CURL_INCLUDES}" HAVE_STRICMP) +check_symbol_exists(strcmpi "${CURL_INCLUDES}" HAVE_STRCMPI) +check_symbol_exists(strncmpi "${CURL_INCLUDES}" HAVE_STRNCMPI) +check_symbol_exists(alarm "${CURL_INCLUDES}" HAVE_ALARM) +if(NOT HAVE_STRNCMPI) + set(HAVE_STRCMPI) +endif() +check_symbol_exists(gethostbyaddr "${CURL_INCLUDES}" HAVE_GETHOSTBYADDR) +check_symbol_exists(gethostbyaddr_r "${CURL_INCLUDES}" HAVE_GETHOSTBYADDR_R) +check_symbol_exists(gettimeofday "${CURL_INCLUDES}" HAVE_GETTIMEOFDAY) +check_symbol_exists(inet_addr "${CURL_INCLUDES}" HAVE_INET_ADDR) +check_symbol_exists(inet_ntoa "${CURL_INCLUDES}" HAVE_INET_NTOA) +check_symbol_exists(inet_ntoa_r "${CURL_INCLUDES}" HAVE_INET_NTOA_R) +check_symbol_exists(tcsetattr "${CURL_INCLUDES}" HAVE_TCSETATTR) +check_symbol_exists(tcgetattr "${CURL_INCLUDES}" HAVE_TCGETATTR) +check_symbol_exists(perror "${CURL_INCLUDES}" HAVE_PERROR) +check_symbol_exists(closesocket "${CURL_INCLUDES}" HAVE_CLOSESOCKET) +check_symbol_exists(setvbuf "${CURL_INCLUDES}" HAVE_SETVBUF) +check_symbol_exists(sigsetjmp "${CURL_INCLUDES}" HAVE_SIGSETJMP) +check_symbol_exists(getpass_r "${CURL_INCLUDES}" HAVE_GETPASS_R) +check_symbol_exists(strlcat "${CURL_INCLUDES}" HAVE_STRLCAT) +check_symbol_exists(getpwuid "${CURL_INCLUDES}" HAVE_GETPWUID) +check_symbol_exists(getpwuid_r "${CURL_INCLUDES}" HAVE_GETPWUID_R) +check_symbol_exists(geteuid "${CURL_INCLUDES}" HAVE_GETEUID) +check_symbol_exists(usleep "${CURL_INCLUDES}" HAVE_USLEEP) +check_symbol_exists(utime "${CURL_INCLUDES}" HAVE_UTIME) +check_symbol_exists(gmtime_r "${CURL_INCLUDES}" HAVE_GMTIME_R) +check_symbol_exists(localtime_r "${CURL_INCLUDES}" HAVE_LOCALTIME_R) + +check_symbol_exists(gethostbyname "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME) +check_symbol_exists(gethostbyname_r "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME_R) + +check_symbol_exists(signal "${CURL_INCLUDES}" HAVE_SIGNAL_FUNC) +check_symbol_exists(SIGALRM "${CURL_INCLUDES}" HAVE_SIGNAL_MACRO) +if(HAVE_SIGNAL_FUNC AND HAVE_SIGNAL_MACRO) + set(HAVE_SIGNAL 1) +endif() +check_symbol_exists(uname "${CURL_INCLUDES}" HAVE_UNAME) +check_symbol_exists(strtoll "${CURL_INCLUDES}" HAVE_STRTOLL) +check_symbol_exists(_strtoi64 "${CURL_INCLUDES}" HAVE__STRTOI64) +check_symbol_exists(strerror_r "${CURL_INCLUDES}" HAVE_STRERROR_R) +check_symbol_exists(siginterrupt "${CURL_INCLUDES}" HAVE_SIGINTERRUPT) +check_symbol_exists(perror "${CURL_INCLUDES}" HAVE_PERROR) +check_symbol_exists(fork "${CURL_INCLUDES}" HAVE_FORK) +check_symbol_exists(getaddrinfo "${CURL_INCLUDES}" HAVE_GETADDRINFO) +check_symbol_exists(freeaddrinfo "${CURL_INCLUDES}" HAVE_FREEADDRINFO) +check_symbol_exists(freeifaddrs "${CURL_INCLUDES}" HAVE_FREEIFADDRS) +check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE) +check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE) +check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME) +check_symbol_exists(getpeername "${CURL_INCLUDES}" HAVE_GETPEERNAME) +check_symbol_exists(getsockname "${CURL_INCLUDES}" HAVE_GETSOCKNAME) +check_symbol_exists(if_nametoindex "${CURL_INCLUDES}" HAVE_IF_NAMETOINDEX) +check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT) +check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE) +check_symbol_exists(setmode "${CURL_INCLUDES}" HAVE_SETMODE) +check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT) +check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL) +check_symbol_exists(ioctl "${CURL_INCLUDES}" HAVE_IOCTL) +check_symbol_exists(setsockopt "${CURL_INCLUDES}" HAVE_SETSOCKOPT) +check_function_exists(mach_absolute_time HAVE_MACH_ABSOLUTE_TIME) +check_symbol_exists(inet_pton "${CURL_INCLUDES}" HAVE_INET_PTON) + +check_symbol_exists(fsetxattr "${CURL_INCLUDES}" HAVE_FSETXATTR) +if(HAVE_FSETXATTR) + foreach(CURL_TEST HAVE_FSETXATTR_5 HAVE_FSETXATTR_6) + curl_internal_test(${CURL_TEST}) + endforeach() +endif() + +# sigaction and sigsetjmp are special. Use special mechanism for +# detecting those, but only if previous attempt failed. +if(HAVE_SIGNAL_H) + check_symbol_exists(sigaction "signal.h" HAVE_SIGACTION) +endif() + +if(NOT HAVE_SIGSETJMP) + if(HAVE_SETJMP_H) + check_symbol_exists(sigsetjmp "setjmp.h" HAVE_MACRO_SIGSETJMP) + if(HAVE_MACRO_SIGSETJMP) + set(HAVE_SIGSETJMP 1) + endif() + endif() +endif() + +# If there is no stricmp(), do not allow LDAP to parse URLs +if(NOT HAVE_STRICMP) + set(HAVE_LDAP_URL_PARSE 1) +endif() + +# Do curl specific tests +foreach(CURL_TEST + HAVE_FCNTL_O_NONBLOCK + HAVE_IOCTLSOCKET + HAVE_IOCTLSOCKET_CAMEL + HAVE_IOCTLSOCKET_CAMEL_FIONBIO + HAVE_IOCTLSOCKET_FIONBIO + HAVE_IOCTL_FIONBIO + HAVE_IOCTL_SIOCGIFADDR + HAVE_SETSOCKOPT_SO_NONBLOCK + HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID + TIME_WITH_SYS_TIME + HAVE_O_NONBLOCK + HAVE_GETHOSTBYADDR_R_5 + HAVE_GETHOSTBYADDR_R_7 + HAVE_GETHOSTBYADDR_R_8 + HAVE_GETHOSTBYADDR_R_5_REENTRANT + HAVE_GETHOSTBYADDR_R_7_REENTRANT + HAVE_GETHOSTBYADDR_R_8_REENTRANT + HAVE_GETHOSTBYNAME_R_3 + HAVE_GETHOSTBYNAME_R_5 + HAVE_GETHOSTBYNAME_R_6 + HAVE_GETHOSTBYNAME_R_3_REENTRANT + HAVE_GETHOSTBYNAME_R_5_REENTRANT + HAVE_GETHOSTBYNAME_R_6_REENTRANT + HAVE_IN_ADDR_T + HAVE_BOOL_T + STDC_HEADERS + RETSIGTYPE_TEST + HAVE_INET_NTOA_R_DECL + HAVE_INET_NTOA_R_DECL_REENTRANT + HAVE_GETADDRINFO + HAVE_FILE_OFFSET_BITS + HAVE_VARIADIC_MACROS_C99 + HAVE_VARIADIC_MACROS_GCC + ) + curl_internal_test(${CURL_TEST}) +endforeach() + +if(HAVE_FILE_OFFSET_BITS) + set(_FILE_OFFSET_BITS 64) + set(CMAKE_REQUIRED_FLAGS "-D_FILE_OFFSET_BITS=64") +endif() +check_type_size("off_t" SIZEOF_OFF_T) + +# include this header to get the type +set(CMAKE_REQUIRED_INCLUDES "${CURL_SOURCE_DIR}/include") +set(CMAKE_EXTRA_INCLUDE_FILES "curl/system.h") +check_type_size("curl_off_t" SIZEOF_CURL_OFF_T) +set(CMAKE_EXTRA_INCLUDE_FILES "") + +set(CMAKE_REQUIRED_FLAGS) + +foreach(CURL_TEST + HAVE_GLIBC_STRERROR_R + HAVE_POSIX_STRERROR_R + ) + curl_internal_test(${CURL_TEST}) +endforeach() + +# Check for reentrant +foreach(CURL_TEST + HAVE_GETHOSTBYADDR_R_5 + HAVE_GETHOSTBYADDR_R_7 + HAVE_GETHOSTBYADDR_R_8 + HAVE_GETHOSTBYNAME_R_3 + HAVE_GETHOSTBYNAME_R_5 + HAVE_GETHOSTBYNAME_R_6 + HAVE_INET_NTOA_R_DECL_REENTRANT) + if(NOT ${CURL_TEST}) + if(${CURL_TEST}_REENTRANT) + set(NEED_REENTRANT 1) + endif() + endif() +endforeach() + +if(NEED_REENTRANT) + foreach(CURL_TEST + HAVE_GETHOSTBYADDR_R_5 + HAVE_GETHOSTBYADDR_R_7 + HAVE_GETHOSTBYADDR_R_8 + HAVE_GETHOSTBYNAME_R_3 + HAVE_GETHOSTBYNAME_R_5 + HAVE_GETHOSTBYNAME_R_6) + set(${CURL_TEST} 0) + if(${CURL_TEST}_REENTRANT) + set(${CURL_TEST} 1) + endif() + endforeach() +endif() + +if(HAVE_INET_NTOA_R_DECL_REENTRANT) + set(HAVE_INET_NTOA_R_DECL 1) + set(NEED_REENTRANT 1) +endif() + +# Check clock_gettime(CLOCK_MONOTONIC, x) support +curl_internal_test(HAVE_CLOCK_GETTIME_MONOTONIC) + +# Check compiler support of __builtin_available() +curl_internal_test(HAVE_BUILTIN_AVAILABLE) + +# Some other minor tests + +if(NOT HAVE_IN_ADDR_T) + set(in_addr_t "unsigned long") +endif() + +# Fix libz / zlib.h + +if(NOT CURL_SPECIAL_LIBZ) + if(NOT HAVE_LIBZ) + set(HAVE_ZLIB_H 0) + endif() + + if(NOT HAVE_ZLIB_H) + set(HAVE_LIBZ 0) + endif() +endif() + +# Check for nonblocking +set(HAVE_DISABLED_NONBLOCKING 1) +if(HAVE_FIONBIO OR + HAVE_IOCTLSOCKET OR + HAVE_IOCTLSOCKET_CASE OR + HAVE_O_NONBLOCK) + set(HAVE_DISABLED_NONBLOCKING) +endif() + +if(RETSIGTYPE_TEST) + set(RETSIGTYPE void) +else() + set(RETSIGTYPE int) +endif() + +if(CMAKE_COMPILER_IS_GNUCC AND APPLE) + include(CheckCCompilerFlag) + check_c_compiler_flag(-Wno-long-double HAVE_C_FLAG_Wno_long_double) + if(HAVE_C_FLAG_Wno_long_double) + # The Mac version of GCC warns about use of long double. Disable it. + get_source_file_property(MPRINTF_COMPILE_FLAGS mprintf.c COMPILE_FLAGS) + if(MPRINTF_COMPILE_FLAGS) + set(MPRINTF_COMPILE_FLAGS "${MPRINTF_COMPILE_FLAGS} -Wno-long-double") + else() + set(MPRINTF_COMPILE_FLAGS "-Wno-long-double") + endif() + set_source_files_properties(mprintf.c PROPERTIES + COMPILE_FLAGS ${MPRINTF_COMPILE_FLAGS}) + endif() +endif() + +# TODO test which of these headers are required +if(WIN32) + set(CURL_PULL_WS2TCPIP_H ${HAVE_WS2TCPIP_H}) +else() + set(CURL_PULL_SYS_TYPES_H ${HAVE_SYS_TYPES_H}) + set(CURL_PULL_SYS_SOCKET_H ${HAVE_SYS_SOCKET_H}) + set(CURL_PULL_SYS_POLL_H ${HAVE_SYS_POLL_H}) +endif() +set(CURL_PULL_STDINT_H ${HAVE_STDINT_H}) +set(CURL_PULL_INTTYPES_H ${HAVE_INTTYPES_H}) + +include(CMake/OtherTests.cmake) + +add_definitions(-DHAVE_CONFIG_H) + +# For Windows, all compilers used by CMake should support large files +if(WIN32) + set(USE_WIN32_LARGE_FILES ON) + + # Use the manifest embedded in the Windows Resource + set(CMAKE_RC_FLAGS "${CMAKE_RC_FLAGS} -DCURL_EMBED_MANIFEST") +endif() + +if(MSVC) + # Disable default manifest added by CMake + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /MANIFEST:NO") + + add_definitions(-D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE) + if(CMAKE_C_FLAGS MATCHES "/W[0-4]") + string(REGEX REPLACE "/W[0-4]" "/W4" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") + else() + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W4") + endif() +endif() + +if(CURL_WERROR) + if(MSVC_VERSION) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") + else() + # this assumes clang or gcc style options + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Werror") + endif() +endif() + +if(CURL_LTO) + if(CMAKE_VERSION VERSION_LESS 3.9) + message(FATAL_ERROR "Requested LTO but your cmake version ${CMAKE_VERSION} is to old. You need at least 3.9") + endif() + + cmake_policy(SET CMP0069 NEW) + + include(CheckIPOSupported) + check_ipo_supported(RESULT CURL_HAS_LTO OUTPUT CURL_LTO_ERROR LANGUAGES C) + if(CURL_HAS_LTO) + message(STATUS "LTO supported and enabled") + else() + message(FATAL_ERROR "LTO was requested - but compiler doesn't support it\n${CURL_LTO_ERROR}") + endif() +endif() + + +# Ugly (but functional) way to include "Makefile.inc" by transforming it (= regenerate it). +function(transform_makefile_inc INPUT_FILE OUTPUT_FILE) + file(READ ${INPUT_FILE} MAKEFILE_INC_TEXT) + string(REPLACE "$(top_srcdir)" "\${CURL_SOURCE_DIR}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) + string(REPLACE "$(top_builddir)" "\${CURL_BINARY_DIR}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) + + string(REGEX REPLACE "\\\\\n" "!π!α!" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) + string(REGEX REPLACE "([a-zA-Z_][a-zA-Z0-9_]*)[\t ]*=[\t ]*([^\n]*)" "SET(\\1 \\2)" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) + string(REPLACE "!π!α!" "\n" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) + + string(REGEX REPLACE "\\$\\(([a-zA-Z_][a-zA-Z0-9_]*)\\)" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) # Replace $() with ${} + string(REGEX REPLACE "@([a-zA-Z_][a-zA-Z0-9_]*)@" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) # Replace @@ with ${}, even if that may not be read by CMake scripts. + file(WRITE ${OUTPUT_FILE} ${MAKEFILE_INC_TEXT}) + +endfunction() + +include(GNUInstallDirs) + +set(CURL_INSTALL_CMAKE_DIR ${CMAKE_INSTALL_LIBDIR}/cmake/${PROJECT_NAME}) +set(TARGETS_EXPORT_NAME "${PROJECT_NAME}Targets") +set(generated_dir "${CMAKE_CURRENT_BINARY_DIR}/generated") +set(project_config "${generated_dir}/${PROJECT_NAME}Config.cmake") +set(version_config "${generated_dir}/${PROJECT_NAME}ConfigVersion.cmake") + +if(USE_MANUAL) + add_subdirectory(docs) +endif() + +add_subdirectory(lib) + +if(BUILD_CURL_EXE) + add_subdirectory(src) +endif() + +include(CTest) +if(BUILD_TESTING) + add_subdirectory(tests) +endif() + +# NTLM support requires crypto function adaptions from various SSL libs +# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS +if(NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR USE_WINDOWS_SSPI OR USE_DARWINSSL OR USE_MBEDTLS OR USE_WIN32_CRYPTO)) + set(use_ntlm ON) +else() + set(use_ntlm OFF) +endif() + +# Helper to populate a list (_items) with a label when conditions (the remaining +# args) are satisfied +macro(_add_if label) + # needs to be a macro to allow this indirection + if(${ARGN}) + set(_items ${_items} "${label}") + endif() +endmacro() + +# Clear list and try to detect available features +set(_items) +_add_if("SSL" SSL_ENABLED) +_add_if("IPv6" ENABLE_IPV6) +_add_if("unix-sockets" USE_UNIX_SOCKETS) +_add_if("libz" HAVE_LIBZ) +_add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32) +_add_if("IDN" HAVE_LIBIDN2) +_add_if("Largefile" (CURL_SIZEOF_CURL_OFF_T GREATER 4) AND + ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES)) +# TODO SSP1 (WinSSL) check is missing +_add_if("SSPI" USE_WINDOWS_SSPI) +_add_if("GSS-API" HAVE_GSSAPI) +# TODO SSP1 missing for SPNEGO +_add_if("SPNEGO" NOT CURL_DISABLE_CRYPTO_AUTH AND + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) +_add_if("Kerberos" NOT CURL_DISABLE_CRYPTO_AUTH AND + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) +# NTLM support requires crypto function adaptions from various SSL libs +# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS +_add_if("NTLM" use_ntlm) +# TODO missing option (autoconf: --enable-ntlm-wb) +_add_if("NTLM_WB" use_ntlm AND NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED) +# TODO missing option (--enable-tls-srp), depends on GNUTLS_SRP/OPENSSL_SRP +_add_if("TLS-SRP" USE_TLS_SRP) +# TODO option --with-nghttp2 tests for nghttp2 lib and nghttp2/nghttp2.h header +_add_if("HTTP2" USE_NGHTTP2) +_add_if("HTTPS-proxy" SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS OR USE_NSS)) +string(REPLACE ";" " " SUPPORT_FEATURES "${_items}") +message(STATUS "Enabled features: ${SUPPORT_FEATURES}") + +# Clear list and try to detect available protocols +set(_items) +_add_if("HTTP" NOT CURL_DISABLE_HTTP) +_add_if("HTTPS" NOT CURL_DISABLE_HTTP AND SSL_ENABLED) +_add_if("FTP" NOT CURL_DISABLE_FTP) +_add_if("FTPS" NOT CURL_DISABLE_FTP AND SSL_ENABLED) +_add_if("FILE" NOT CURL_DISABLE_FILE) +_add_if("TELNET" NOT CURL_DISABLE_TELNET) +_add_if("LDAP" NOT CURL_DISABLE_LDAP) +# CURL_DISABLE_LDAP implies CURL_DISABLE_LDAPS +# TODO check HAVE_LDAP_SSL (in autoconf this is enabled with --enable-ldaps) +_add_if("LDAPS" NOT CURL_DISABLE_LDAPS AND + ((USE_OPENLDAP AND SSL_ENABLED) OR + (NOT USE_OPENLDAP AND HAVE_LDAP_SSL))) +_add_if("DICT" NOT CURL_DISABLE_DICT) +_add_if("TFTP" NOT CURL_DISABLE_TFTP) +_add_if("GOPHER" NOT CURL_DISABLE_GOPHER) +_add_if("POP3" NOT CURL_DISABLE_POP3) +_add_if("POP3S" NOT CURL_DISABLE_POP3 AND SSL_ENABLED) +_add_if("IMAP" NOT CURL_DISABLE_IMAP) +_add_if("IMAPS" NOT CURL_DISABLE_IMAP AND SSL_ENABLED) +_add_if("SMB" NOT CURL_DISABLE_SMB AND use_ntlm) +_add_if("SMBS" NOT CURL_DISABLE_SMB AND SSL_ENABLED AND use_ntlm) +_add_if("SMTP" NOT CURL_DISABLE_SMTP) +_add_if("SMTPS" NOT CURL_DISABLE_SMTP AND SSL_ENABLED) +_add_if("SCP" USE_LIBSSH2) +_add_if("SFTP" USE_LIBSSH2) +_add_if("RTSP" NOT CURL_DISABLE_RTSP) +_add_if("RTMP" USE_LIBRTMP) +if(_items) + list(SORT _items) +endif() +string(REPLACE ";" " " SUPPORT_PROTOCOLS "${_items}") +message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}") + +# Clear list and collect SSL backends +set(_items) +_add_if("WinSSL" SSL_ENABLED AND USE_WINDOWS_SSPI) +_add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL) +_add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP) +_add_if("mbedTLS" SSL_ENABLED AND USE_MBEDTLS) +_add_if("BearSSL" SSL_ENABLED AND USE_BEARSSL) +_add_if("NSS" SSL_ENABLED AND USE_NSS) +if(_items) + list(SORT _items) +endif() +string(REPLACE ";" " " SSL_BACKENDS "${_items}") +message(STATUS "Enabled SSL backends: ${SSL_BACKENDS}") + +# curl-config needs the following options to be set. +set(CC "${CMAKE_C_COMPILER}") +# TODO probably put a -D... options here? +set(CONFIGURE_OPTIONS "") +# TODO when to set "-DCURL_STATICLIB" for CPPFLAG_CURL_STATICLIB? +set(CPPFLAG_CURL_STATICLIB "") +set(CURLVERSION "${CURL_VERSION}") +if(BUILD_SHARED_LIBS) + set(ENABLE_SHARED "yes") + set(ENABLE_STATIC "no") +else() + set(ENABLE_SHARED "no") + set(ENABLE_STATIC "yes") +endif() +set(exec_prefix "\${prefix}") +set(includedir "\${prefix}/include") +set(LDFLAGS "${CMAKE_SHARED_LINKER_FLAGS}") +set(LIBCURL_LIBS "") +set(libdir "${CMAKE_INSTALL_PREFIX}/lib") +foreach(_lib ${CMAKE_C_IMPLICIT_LINK_LIBRARIES} ${CURL_LIBS}) + if(_lib MATCHES ".*/.*" OR _lib MATCHES "^-") + set(LIBCURL_LIBS "${LIBCURL_LIBS} ${_lib}") + else() + set(LIBCURL_LIBS "${LIBCURL_LIBS} -l${_lib}") + endif() +endforeach() +# "a" (Linux) or "lib" (Windows) +string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}") +set(prefix "${CMAKE_INSTALL_PREFIX}") +# Set this to "yes" to append all libraries on which -lcurl is dependent +set(REQUIRE_LIB_DEPS "no") +# SUPPORT_FEATURES +# SUPPORT_PROTOCOLS +set(VERSIONNUM "${CURL_VERSION_NUM}") + +# Finally generate a "curl-config" matching this config +# Use: +# * ENABLE_SHARED +# * ENABLE_STATIC +configure_file("${CURL_SOURCE_DIR}/curl-config.in" + "${CURL_BINARY_DIR}/curl-config" @ONLY) +install(FILES "${CURL_BINARY_DIR}/curl-config" + DESTINATION ${CMAKE_INSTALL_BINDIR} + PERMISSIONS + OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE + WORLD_READ WORLD_EXECUTE) + +# Finally generate a pkg-config file matching this config +configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in" + "${CURL_BINARY_DIR}/libcurl.pc" @ONLY) +install(FILES "${CURL_BINARY_DIR}/libcurl.pc" + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + +# install headers +install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl" + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} + FILES_MATCHING PATTERN "*.h") + +include(CMakePackageConfigHelpers) +write_basic_package_version_file( + "${version_config}" + VERSION ${CURL_VERSION} + COMPATIBILITY SameMajorVersion +) + +# Use: +# * TARGETS_EXPORT_NAME +# * PROJECT_NAME +configure_package_config_file(CMake/curl-config.cmake.in + "${project_config}" + INSTALL_DESTINATION ${CURL_INSTALL_CMAKE_DIR} +) + +install( + EXPORT "${TARGETS_EXPORT_NAME}" + NAMESPACE "${PROJECT_NAME}::" + DESTINATION ${CURL_INSTALL_CMAKE_DIR} +) + +install( + FILES ${version_config} ${project_config} + DESTINATION ${CURL_INSTALL_CMAKE_DIR} +) + +# Workaround for MSVS10 to avoid the Dialog Hell +# FIXME: This could be removed with future version of CMake. +if(MSVC_VERSION EQUAL 1600) + set(CURL_SLN_FILENAME "${CMAKE_CURRENT_BINARY_DIR}/CURL.sln") + if(EXISTS "${CURL_SLN_FILENAME}") + file(APPEND "${CURL_SLN_FILENAME}" "\n# This should be regenerated!\n") + endif() +endif() + +if(NOT TARGET uninstall) + configure_file( + ${CMAKE_CURRENT_SOURCE_DIR}/CMake/cmake_uninstall.cmake.in + ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake + IMMEDIATE @ONLY) + + add_custom_target(uninstall + COMMAND ${CMAKE_COMMAND} -P + ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake) +endif() diff --git a/extern/curl/COPYING b/extern/curl/COPYING new file mode 100644 index 0000000000..9d9e4af8d8 --- /dev/null +++ b/extern/curl/COPYING @@ -0,0 +1,22 @@ +COPYRIGHT AND PERMISSION NOTICE + +Copyright (c) 1996 - 2020, Daniel Stenberg, , and many +contributors, see the THANKS file. + +All rights reserved. + +Permission to use, copy, modify, and distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright +notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN +NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE +OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of a copyright holder shall not +be used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization of the copyright holder. diff --git a/extern/curl/GIT-INFO b/extern/curl/GIT-INFO new file mode 100644 index 0000000000..51df76ab4f --- /dev/null +++ b/extern/curl/GIT-INFO @@ -0,0 +1,44 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +GIT-INFO + +This file is only present in git - never in release archives. It contains +information about other files and things that the git repository keeps in its +inner sanctum. + +To build in environments that support configure, after having extracted +everything from git, do this: + +./buildconf +./configure +make + + Daniel uses a ./configure line similar to this for easier development: + + ./configure --disable-shared --enable-debug --enable-maintainer-mode + +In environments that don't support configure (i.e. Microsoft), do this: + +buildconf.bat + + +REQUIREMENTS + + For buildconf (not buildconf.bat) to work, you need the following software +installed: + + o autoconf 2.57 (or later) + o automake 1.7 (or later) + o libtool 1.4.2 (or later) + o GNU m4 (required by autoconf) + + o nroff + perl + + If you don't have nroff and perl and you for some reason don't want to + install them, you can rename the source file src/tool_hugehelp.c.cvs to + src/tool_hugehelp.c and avoid having to generate this file. This will + give you a stubbed version of the file that doesn't contain actual content. diff --git a/extern/curl/MacOSX-Framework b/extern/curl/MacOSX-Framework new file mode 100755 index 0000000000..e6badcde54 --- /dev/null +++ b/extern/curl/MacOSX-Framework @@ -0,0 +1,137 @@ +#!/bin/bash +# This script performs all of the steps needed to build a +# universal binary libcurl.framework for Mac OS X 10.4 or greater. +# +# Hendrik Visage: +# Generalizations added since Snowleopard (10.6) do not include +# the 10.4u SDK. +# +# Also note: +# 10.5 is the *ONLY* SDK that support PPC64 :( -- 10.6 do not have ppc64 support +#If you need to have PPC64 support then change below to 1 +PPC64_NEEDED=0 +# Apple does not support building for PPC anymore in Xcode 4 and later. +# If you're using Xcode 3 or earlier and need PPC support, then change +# the setting below to 1 +PPC_NEEDED=0 + +# For me the default is to develop for the platform I am on, and if you +#desire compatibility with older versions then change USE_OLD to 1 :) +USE_OLD=0 + +VERSION=`/usr/bin/sed -ne 's/^#define LIBCURL_VERSION "\(.*\)"/\1/p' include/curl/curlver.h` +FRAMEWORK_VERSION=Versions/Release-$VERSION + +#I also wanted to "copy over" the system, and thus the reason I added the +# version to Versions/Release-7.20.1 etc. +# now a simple rsync -vaP libcurl.framework /Library/Frameworks will install it +# and setup the right paths to this version, leaving the system version +# "intact", so you can "fix" it later with the links to Versions/A/... + +DEVELOPER_PATH=`xcode-select --print-path` +# Around Xcode 4.3, SDKs were moved from the Developer folder into the +# MacOSX.platform folder +if test -d "$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs"; then + SDK_PATH="$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs" +else + SDK_PATH="$DEVELOPER_PATH/SDKs"; +fi +OLD_SDK=`ls $SDK_PATH|head -1` +NEW_SDK=`ls -r $SDK_PATH|head -1` + +if test "0"$USE_OLD -gt 0 +then + SDK32=$OLD_SDK +else + SDK32=$NEW_SDK +fi + +MACVER=`echo $SDK32|sed -e s/[a-zA-Z]//g -e s/.\$//` + +SDK32_DIR=$SDK_PATH/$SDK32 +MINVER32='-mmacosx-version-min='$MACVER +if test $PPC_NEEDED -gt 0; then + ARCHES32='-arch i386 -arch ppc' +else + ARCHES32='-arch i386' +fi + +if test $PPC64_NEEDED -gt 0 +then + SDK64=10.5 + ARCHES64='-arch x86_64 -arch ppc64' + SDK64=`ls $SDK_PATH|grep 10.5|head -1` +else + ARCHES64='-arch x86_64' + #We "know" that 10.4 and earlier do not support 64bit + OLD_SDK64=`ls $SDK_PATH|egrep -v "10.[0-4]"|head -1` + NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4][^0-9]" | head -1` + if test $USE_OLD -gt 0 + then + SDK64=$OLD_SDK64 + else + SDK64=$NEW_SDK64 + fi +fi + +SDK64_DIR=$SDK_PATH/$SDK64 +MACVER64=`echo $SDK64|sed -e s/[a-zA-Z]//g -e s/.\$//` + +MINVER64='-mmacosx-version-min='$MACVER64 + +if test ! -z $SDK32; then + echo "----Configuring libcurl for 32 bit universal framework..." + make clean + ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \ + CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32" \ + LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 -Wl,-headerpad_max_install_names" \ + CC=$CC + + echo "----Building 32 bit libcurl..." + make -j `sysctl -n hw.logicalcpu_max` + + echo "----Creating 32 bit framework..." + rm -r libcurl.framework + mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources + cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl + install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl + /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist + mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl + cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl + pushd libcurl.framework + ln -fs ${FRAMEWORK_VERSION}/libcurl libcurl + ln -fs ${FRAMEWORK_VERSION}/Resources Resources + ln -fs ${FRAMEWORK_VERSION}/Headers Headers + cd Versions + ln -fs $(basename "${FRAMEWORK_VERSION}") Current + + echo Testing for SDK64 + if test -d $SDK64_DIR; then + echo entering... + popd + make clean + echo "----Configuring libcurl for 64 bit universal framework..." + ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \ + CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64" \ + LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 -Wl,-headerpad_max_install_names" \ + CC=$CC + + echo "----Building 64 bit libcurl..." + make -j `sysctl -n hw.logicalcpu_max` + + echo "----Appending 64 bit framework to 32 bit framework..." + cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 + install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 + cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 + pwd + lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl + rm libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 + fi + + pwd + lipo -info libcurl.framework/${FRAMEWORK_VERSION}/libcurl + echo "libcurl.framework is built and can now be included in other projects." + echo "Copy libcurl.framework to your bundle's Contents/Frameworks folder, ~/Library/Frameworks or /Library/Frameworks." +else + echo "Building libcurl.framework requires Mac OS X 10.4 or later with the MacOSX10.4/5/6 SDK installed." +fi diff --git a/extern/curl/Makefile.am b/extern/curl/Makefile.am new file mode 100644 index 0000000000..1e9ecd8c47 --- /dev/null +++ b/extern/curl/Makefile.am @@ -0,0 +1,728 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### + +AUTOMAKE_OPTIONS = foreign + +ACLOCAL_AMFLAGS = -I m4 + +CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in \ + CMake/CurlTests.c CMake/FindGSS.cmake CMake/OtherTests.cmake \ + CMake/Platforms/WindowsCache.cmake CMake/Utilities.cmake \ + CMake/Macros.cmake \ + CMake/CurlSymbolHiding.cmake CMake/FindCARES.cmake \ + CMake/FindLibSSH2.cmake CMake/FindNGHTTP2.cmake \ + CMake/FindMbedTLS.cmake CMake/FindBearSSL.cmake \ + CMake/cmake_uninstall.cmake.in CMake/curl-config.cmake.in + +VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl +VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist +VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc +VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl +VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist +VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc + +VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl +VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist +VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc +VC7_SRCTMPL = projects/Windows/VC7/src/curl.tmpl +VC7_SRCVCPROJ = projects/Windows/VC7/src/curl.vcproj.dist +VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc + +VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl +VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist +VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc +VC71_SRCTMPL = projects/Windows/VC7.1/src/curl.tmpl +VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curl.vcproj.dist +VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc + +VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl +VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist +VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc +VC8_SRCTMPL = projects/Windows/VC8/src/curl.tmpl +VC8_SRCVCPROJ = projects/Windows/VC8/src/curl.vcproj.dist +VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc + +VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl +VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist +VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc +VC9_SRCTMPL = projects/Windows/VC9/src/curl.tmpl +VC9_SRCVCPROJ = projects/Windows/VC9/src/curl.vcproj.dist +VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc + +VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl +VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist +VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc +VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl +VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist +VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc + +VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl +VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist +VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc +VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl +VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist +VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc + +VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl +VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist +VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc +VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl +VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist +VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc + +VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl +VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist +VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc +VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl +VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist +VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc + +VC15_LIBTMPL = projects/Windows/VC15/lib/libcurl.tmpl +VC15_LIBVCXPROJ = projects/Windows/VC15/lib/libcurl.vcxproj.dist +VC15_LIBVCXPROJ_DEPS = $(VC15_LIBTMPL) Makefile.am lib/Makefile.inc +VC15_SRCTMPL = projects/Windows/VC15/src/curl.tmpl +VC15_SRCVCXPROJ = projects/Windows/VC15/src/curl.vcxproj.dist +VC15_SRCVCXPROJ_DEPS = $(VC15_SRCTMPL) Makefile.am src/Makefile.inc + +VC_DIST = projects/README \ + projects/build-openssl.bat \ + projects/build-wolfssl.bat \ + projects/checksrc.bat \ + projects/Windows/VC6/curl-all.dsw \ + projects/Windows/VC6/lib/libcurl.dsw \ + projects/Windows/VC6/src/curl.dsw \ + projects/Windows/VC7/curl-all.sln \ + projects/Windows/VC7/lib/libcurl.sln \ + projects/Windows/VC7/src/curl.sln \ + projects/Windows/VC7.1/curl-all.sln \ + projects/Windows/VC7.1/lib/libcurl.sln \ + projects/Windows/VC7.1/src/curl.sln \ + projects/Windows/VC8/curl-all.sln \ + projects/Windows/VC8/lib/libcurl.sln \ + projects/Windows/VC8/src/curl.sln \ + projects/Windows/VC9/curl-all.sln \ + projects/Windows/VC9/lib/libcurl.sln \ + projects/Windows/VC9/src/curl.sln \ + projects/Windows/VC10/curl-all.sln \ + projects/Windows/VC10/lib/libcurl.sln \ + projects/Windows/VC10/lib/libcurl.vcxproj.filters \ + projects/Windows/VC10/src/curl.sln \ + projects/Windows/VC10/src/curl.vcxproj.filters \ + projects/Windows/VC11/curl-all.sln \ + projects/Windows/VC11/lib/libcurl.sln \ + projects/Windows/VC11/lib/libcurl.vcxproj.filters \ + projects/Windows/VC11/src/curl.sln \ + projects/Windows/VC11/src/curl.vcxproj.filters \ + projects/Windows/VC12/curl-all.sln \ + projects/Windows/VC12/lib/libcurl.sln \ + projects/Windows/VC12/lib/libcurl.vcxproj.filters \ + projects/Windows/VC12/src/curl.sln \ + projects/Windows/VC12/src/curl.vcxproj.filters \ + projects/Windows/VC14/curl-all.sln \ + projects/Windows/VC14/lib/libcurl.sln \ + projects/Windows/VC14/lib/libcurl.vcxproj.filters \ + projects/Windows/VC14/src/curl.sln \ + projects/Windows/VC14/src/curl.vcxproj.filters \ + projects/Windows/VC15/curl-all.sln \ + projects/Windows/VC15/lib/libcurl.sln \ + projects/Windows/VC15/lib/libcurl.vcxproj.filters \ + projects/Windows/VC15/src/curl.sln \ + projects/Windows/VC15/src/curl.vcxproj.filters \ + projects/generate.bat \ + projects/wolfssl_options.h \ + projects/wolfssl_override.props + +WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat \ + winbuild/MakefileBuild.vc winbuild/Makefile.vc + +PLAN9_DIST = plan9/include/mkfile \ + plan9/include/mkfile \ + plan9/mkfile.proto \ + plan9/mkfile \ + plan9/BUILD.PLAN9.txt \ + plan9/lib/mkfile.inc \ + plan9/lib/mkfile \ + plan9/src/mkfile.inc \ + plan9/src/mkfile + +EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ + RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework \ + scripts/updatemanpages.pl $(CMAKE_DIST) \ + $(VC_DIST) $(WINBUILD_DIST) $(PLAN9_DIST) \ + lib/libcurl.vers.in buildconf.bat scripts/coverage.sh scripts/completion.pl + +CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ + $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ) \ + $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) \ + $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) \ + $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) $(VC15_LIBVCXPROJ) $(VC15_SRCVCXPROJ) + +bin_SCRIPTS = curl-config + +SUBDIRS = lib src +DIST_SUBDIRS = $(SUBDIRS) tests packages scripts include docs + +pkgconfigdir = $(libdir)/pkgconfig +pkgconfig_DATA = libcurl.pc + +# List of files required to generate VC IDE .dsp, .vcproj and .vcxproj files +include lib/Makefile.inc +include src/Makefile.inc + +dist-hook: + rm -rf $(top_builddir)/tests/log + find $(distdir) -name "*.dist" -exec rm {} \; + (distit=`find $(srcdir) -name "*.dist" | grep -v ./ares/`; \ + for file in $$distit; do \ + strip=`echo $$file | sed -e s/^$(srcdir)// -e s/\.dist//`; \ + cp -p $$file $(distdir)$$strip; \ + done) + +html: + cd docs && $(MAKE) html + +pdf: + cd docs && $(MAKE) pdf + +check: test examples check-docs + +if CROSSCOMPILING +test-full: test +test-torture: test + +test: + @echo "NOTICE: we can't run the tests when cross-compiling!" + +else + +test: + @(cd tests; $(MAKE) all quiet-test) + +test-full: + @(cd tests; $(MAKE) all full-test) + +test-nonflaky: + @(cd tests; $(MAKE) all nonflaky-test) + +test-torture: + @(cd tests; $(MAKE) all torture-test) + +test-event: + @(cd tests; $(MAKE) all event-test) + +test-am: + @(cd tests; $(MAKE) all am-test) + +endif + +examples: + @(cd docs/examples; $(MAKE) check) + +check-docs: + @(cd docs/libcurl; $(MAKE) check) + +# Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros +# must contain the following line: +# %_topdir /home/loic/local/rpm +# and that /home/loic/local/rpm contains the directory SOURCES, BUILD etc. +# +# cd /home/loic/local/rpm ; mkdir -p SOURCES BUILD RPMS/i386 SPECS SRPMS +# +# If additional configure flags are needed to build the package, add the +# following in ~/.rpmmacros +# %configure CFLAGS="%{optflags}" ./configure %{_target_platform} --prefix=%{_prefix} ${AM_CONFIGFLAGS} +# and run make rpm in the following way: +# AM_CONFIGFLAGS='--with-uri=/home/users/loic/local/RedHat-6.2' make rpm +# + +rpms: + $(MAKE) RPMDIST=curl rpm + $(MAKE) RPMDIST=curl-ssl rpm + +rpm: + RPM_TOPDIR=`rpm --showrc | $(PERL) -n -e 'print if(s/.*_topdir\s+(.*)/$$1/)'` ; \ + cp $(srcdir)/packages/Linux/RPM/$(RPMDIST).spec $$RPM_TOPDIR/SPECS ; \ + cp $(PACKAGE)-$(VERSION).tar.gz $$RPM_TOPDIR/SOURCES ; \ + rpm -ba --clean --rmsource $$RPM_TOPDIR/SPECS/$(RPMDIST).spec ; \ + mv $$RPM_TOPDIR/RPMS/i386/$(RPMDIST)-*.rpm . ; \ + mv $$RPM_TOPDIR/SRPMS/$(RPMDIST)-*.src.rpm . + +# +# Build a Solaris pkgadd format file +# run 'make pkgadd' once you've done './configure' and 'make' to make a Solaris pkgadd format +# file (which ends up back in this directory). +# The pkgadd file is in 'pkgtrans' format, so to install on Solaris, do +# pkgadd -d ./HAXXcurl-* +# + +# gak - libtool requires an absolute directory, hence the pwd below... +pkgadd: + umask 022 ; \ + $(MAKE) install DESTDIR=`/bin/pwd`/packages/Solaris/root ; \ + cat COPYING > $(srcdir)/packages/Solaris/copyright ; \ + cd $(srcdir)/packages/Solaris && $(MAKE) package + +# +# Build a cygwin binary tarball installation file +# resulting .tar.bz2 file will end up at packages/Win32/cygwin +cygwinbin: + $(MAKE) -C packages/Win32/cygwin cygwinbin + +# We extend the standard install with a custom hook: +install-data-hook: + cd include && $(MAKE) install + cd docs && $(MAKE) install + cd docs/libcurl && $(MAKE) install + +# We extend the standard uninstall with a custom hook: +uninstall-hook: + cd include && $(MAKE) uninstall + cd docs && $(MAKE) uninstall + cd docs/libcurl && $(MAKE) uninstall + +ca-bundle: lib/mk-ca-bundle.pl + @echo "generating a fresh ca-bundle.crt" + @perl $< -b -l -u lib/ca-bundle.crt + +ca-firefox: lib/firefox-db2pem.sh + @echo "generating a fresh ca-bundle.crt" + ./lib/firefox-db2pem.sh lib/ca-bundle.crt + +checksrc: + cd lib && $(MAKE) checksrc + cd src && $(MAKE) checksrc + cd tests && $(MAKE) checksrc + cd include/curl && $(MAKE) checksrc + cd docs/examples && $(MAKE) checksrc + +.PHONY: vc-ide + +vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ + $(VC7_SRCVCPROJ_DEPS) $(VC71_LIBVCPROJ_DEPS) $(VC71_SRCVCPROJ_DEPS) \ + $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS) \ + $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS) \ + $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS) \ + $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) \ + $(VC15_LIBVCXPROJ_DEPS) $(VC15_SRCVCXPROJ_DEPS) + @(win32_lib_srcs='$(LIB_CFILES)'; \ + win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ + win32_lib_rc='$(LIB_RCFILES)'; \ + win32_lib_vauth_srcs='$(LIB_VAUTH_CFILES)'; \ + win32_lib_vauth_hdrs='$(LIB_VAUTH_HFILES)'; \ + win32_lib_vquic_srcs='$(LIB_VQUIC_CFILES)'; \ + win32_lib_vquic_hdrs='$(LIB_VQUIC_HFILES)'; \ + win32_lib_vssh_srcs='$(LIB_VSSH_CFILES)'; \ + win32_lib_vssh_hdrs='$(LIB_VSSH_HFILES)'; \ + win32_lib_vtls_srcs='$(LIB_VTLS_CFILES)'; \ + win32_lib_vtls_hdrs='$(LIB_VTLS_HFILES)'; \ + win32_src_srcs='$(CURL_CFILES)'; \ + win32_src_hdrs='$(CURL_HFILES)'; \ + win32_src_rc='$(CURL_RCFILES)'; \ + win32_src_x_srcs='$(CURLX_CFILES)'; \ + win32_src_x_hdrs='$(CURLX_HFILES) ../lib/config-win32.h'; \ + \ + sorted_lib_srcs=`for file in $$win32_lib_srcs; do echo $$file; done | sort`; \ + sorted_lib_hdrs=`for file in $$win32_lib_hdrs; do echo $$file; done | sort`; \ + sorted_lib_vauth_srcs=`for file in $$win32_lib_vauth_srcs; do echo $$file; done | sort`; \ + sorted_lib_vauth_hdrs=`for file in $$win32_lib_vauth_hdrs; do echo $$file; done | sort`; \ + sorted_lib_vquic_srcs=`for file in $$win32_lib_vquic_srcs; do echo $$file; done | sort`; \ + sorted_lib_vquic_hdrs=`for file in $$win32_lib_vquic_hdrs; do echo $$file; done | sort`; \ + sorted_lib_vssh_srcs=`for file in $$win32_lib_vssh_srcs; do echo $$file; done | sort`; \ + sorted_lib_vssh_hdrs=`for file in $$win32_lib_vssh_hdrs; do echo $$file; done | sort`; \ + sorted_lib_vtls_srcs=`for file in $$win32_lib_vtls_srcs; do echo $$file; done | sort`; \ + sorted_lib_vtls_hdrs=`for file in $$win32_lib_vtls_hdrs; do echo $$file; done | sort`; \ + sorted_src_srcs=`for file in $$win32_src_srcs; do echo $$file; done | sort`; \ + sorted_src_hdrs=`for file in $$win32_src_hdrs; do echo $$file; done | sort`; \ + sorted_src_x_srcs=`for file in $$win32_src_x_srcs; do echo $$file; done | sort`; \ + sorted_src_x_hdrs=`for file in $$win32_src_x_hdrs; do echo $$file; done | sort`; \ + \ + awk_code='\ +function gen_element(type, dir, file)\ +{\ + sub(/vauth\//, "", file);\ + sub(/vquic\//, "", file);\ + sub(/vssh\//, "", file);\ + sub(/vtls\//, "", file);\ +\ + spaces=" ";\ + if(dir == "lib\\vauth" ||\ + dir == "lib\\vquic" ||\ + dir == "lib\\vssh" ||\ + dir == "lib\\vtls")\ + tabs=" ";\ + else\ + tabs=" ";\ +\ + if(type == "dsp") {\ + printf("# Begin Source File\r\n");\ + printf("\r\n");\ + printf("SOURCE=..\\..\\..\\..\\%s\\%s\r\n", dir, file);\ + printf("# End Source File\r\n");\ + }\ + else if(type == "vcproj1") {\ + printf("%s\r\n",\ + tabs, dir, file);\ + printf("%s\r\n", tabs);\ + }\ + else if(type == "vcproj2") {\ + printf("%s\r\n", tabs);\ + printf("%s\r\n", tabs);\ + }\ + else if(type == "vcxproj") {\ + i = index(file, ".");\ + ext = substr(file, i == 0 ? 0 : i + 1);\ +\ + if(ext == "c")\ + printf("%s\r\n",\ + spaces, dir, file);\ + else if(ext == "h")\ + printf("%s\r\n",\ + spaces, dir, file);\ + else if(ext == "rc")\ + printf("%s\r\n",\ + spaces, dir, file);\ + }\ +}\ +\ +{\ +\ + if($$0 == "CURL_LIB_C_FILES") {\ + split(lib_srcs, arr);\ + for(val in arr) gen_element(proj_type, "lib", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_H_FILES") {\ + split(lib_hdrs, arr);\ + for(val in arr) gen_element(proj_type, "lib", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_RC_FILES") {\ + split(lib_rc, arr);\ + for(val in arr) gen_element(proj_type, "lib", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VAUTH_C_FILES") {\ + split(lib_vauth_srcs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VAUTH_H_FILES") {\ + split(lib_vauth_hdrs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VQUIC_C_FILES") {\ + split(lib_vquic_srcs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vquic", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VQUIC_H_FILES") {\ + split(lib_vquic_hdrs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vquic", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VSSH_C_FILES") {\ + split(lib_vssh_srcs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vssh", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VSSH_H_FILES") {\ + split(lib_vssh_hdrs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vssh", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VTLS_C_FILES") {\ + split(lib_vtls_srcs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\ + }\ + else if($$0 == "CURL_LIB_VTLS_H_FILES") {\ + split(lib_vtls_hdrs, arr);\ + for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\ + }\ + else if($$0 == "CURL_SRC_C_FILES") {\ + split(src_srcs, arr);\ + for(val in arr) gen_element(proj_type, "src", arr[val]);\ + }\ + else if($$0 == "CURL_SRC_H_FILES") {\ + split(src_hdrs, arr);\ + for(val in arr) gen_element(proj_type, "src", arr[val]);\ + }\ + else if($$0 == "CURL_SRC_RC_FILES") {\ + split(src_rc, arr);\ + for(val in arr) gen_element(proj_type, "src", arr[val]);\ + }\ + else if($$0 == "CURL_SRC_X_C_FILES") {\ + split(src_x_srcs, arr);\ + for(val in arr) {\ + sub(/..\/lib\//, "", arr[val]);\ + gen_element(proj_type, "lib", arr[val]);\ + }\ + }\ + else if($$0 == "CURL_SRC_X_H_FILES") {\ + split(src_x_hdrs, arr);\ + for(val in arr) {\ + sub(/..\/lib\//, "", arr[val]);\ + gen_element(proj_type, "lib", arr[val]);\ + }\ + }\ + else\ + printf("%s\r\n", $$0);\ +}';\ + \ + echo "generating '$(VC6_LIBDSP)'"; \ + awk -v proj_type=dsp \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC6_LIBTMPL) > $(VC6_LIBDSP) || { exit 1; }; \ + \ + echo "generating '$(VC6_SRCDSP)'"; \ + awk -v proj_type=dsp \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC6_SRCTMPL) > $(VC6_SRCDSP) || { exit 1; }; \ + \ + echo "generating '$(VC7_LIBVCPROJ)'"; \ + awk -v proj_type=vcproj1 \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC7_LIBTMPL) > $(VC7_LIBVCPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC7_SRCVCPROJ)'"; \ + awk -v proj_type=vcproj1 \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC7_SRCTMPL) > $(VC7_SRCVCPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC71_LIBVCPROJ)'"; \ + awk -v proj_type=vcproj1 \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC71_LIBTMPL) > $(VC71_LIBVCPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC71_SRCVCPROJ)'"; \ + awk -v proj_type=vcproj1 \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC71_SRCTMPL) > $(VC71_SRCVCPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC8_LIBVCPROJ)'"; \ + awk -v proj_type=vcproj2 \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC8_LIBTMPL) > $(VC8_LIBVCPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC8_SRCVCPROJ)'"; \ + awk -v proj_type=vcproj2 \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC8_SRCTMPL) > $(VC8_SRCVCPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC9_LIBVCPROJ)'"; \ + awk -v proj_type=vcproj2 \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC9_LIBTMPL) > $(VC9_LIBVCPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC9_SRCVCPROJ)'"; \ + awk -v proj_type=vcproj2 \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC9_SRCTMPL) > $(VC9_SRCVCPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC10_LIBVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC10_LIBTMPL) > $(VC10_LIBVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC10_SRCVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC10_SRCTMPL) > $(VC10_SRCVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC11_LIBVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC11_LIBTMPL) > $(VC11_LIBVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC11_SRCVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC11_SRCTMPL) > $(VC11_SRCVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC12_LIBVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC12_LIBTMPL) > $(VC12_LIBVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC12_SRCVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC14_LIBVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC14_SRCVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC15_LIBVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ + -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ + -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ + -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ + -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ + -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC15_LIBTMPL) > $(VC15_LIBVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC15_SRCVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC15_SRCTMPL) > $(VC15_SRCVCXPROJ) || { exit 1; };) + +tidy: + (cd src && $(MAKE) tidy) + (cd lib && $(MAKE) tidy) diff --git a/extern/curl/Makefile.dist b/extern/curl/Makefile.dist new file mode 100644 index 0000000000..a6316ab5fe --- /dev/null +++ b/extern/curl/Makefile.dist @@ -0,0 +1,127 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### + +all: + ./configure + make + +ssl: + ./configure --with-ssl + make + +watcom: .SYMBOLIC + cd lib && $(MAKE) -u -f Makefile.Watcom + cd src && $(MAKE) -u -f Makefile.Watcom + +watcom-clean: .SYMBOLIC + cd lib && $(MAKE) -u -f Makefile.Watcom clean + cd src && $(MAKE) -u -f Makefile.Watcom clean + +watcom-vclean: .SYMBOLIC + cd lib && $(MAKE) -u -f Makefile.Watcom vclean + cd src && $(MAKE) -u -f Makefile.Watcom vclean + +mingw32: + $(MAKE) -C lib -f Makefile.m32 + $(MAKE) -C src -f Makefile.m32 + +mingw32-clean: + $(MAKE) -C lib -f Makefile.m32 clean + $(MAKE) -C src -f Makefile.m32 clean + $(MAKE) -C docs/examples -f Makefile.m32 clean + +mingw32-vclean mingw32-distclean: + $(MAKE) -C lib -f Makefile.m32 vclean + $(MAKE) -C src -f Makefile.m32 vclean + $(MAKE) -C docs/examples -f Makefile.m32 vclean + +mingw32-examples%: + $(MAKE) -C docs/examples -f Makefile.m32 CFG=$@ + +mingw32%: + $(MAKE) -C lib -f Makefile.m32 CFG=$@ + $(MAKE) -C src -f Makefile.m32 CFG=$@ + +vc: + cd winbuild + nmake /f Makefile.vc MACHINE=x86 + +vc-x64: + cd winbuild + nmake /f Makefile.vc MACHINE=x64 + +djgpp: + $(MAKE) -C lib -f Makefile.dj + $(MAKE) -C src -f Makefile.dj + +cygwin: + ./configure + make + +cygwin-ssl: + ./configure --with-ssl + make + +amiga: + cd ./lib && make -f makefile.amiga + cd ./src && make -f makefile.amiga + +netware: + $(MAKE) -C lib -f Makefile.netware + $(MAKE) -C src -f Makefile.netware + +netware-clean: + $(MAKE) -C lib -f Makefile.netware clean + $(MAKE) -C src -f Makefile.netware clean + $(MAKE) -C docs/examples -f Makefile.netware clean + +netware-vclean netware-distclean: + $(MAKE) -C lib -f Makefile.netware vclean + $(MAKE) -C src -f Makefile.netware vclean + $(MAKE) -C docs/examples -f Makefile.netware vclean + +netware-install: + $(MAKE) -C lib -f Makefile.netware install + $(MAKE) -C src -f Makefile.netware install + +netware-examples-%: + $(MAKE) -C docs/examples -f Makefile.netware CFG=$@ + +netware-%: + $(MAKE) -C lib -f Makefile.netware CFG=$@ + $(MAKE) -C src -f Makefile.netware CFG=$@ + +unix: all + +unix-ssl: ssl + +linux: all + +linux-ssl: ssl + +ca-bundle: lib/mk-ca-bundle.pl + @echo "generate a fresh ca-bundle.crt" + @perl $< -b -l -u lib/ca-bundle.crt + +ca-firefox: lib/firefox-db2pem.sh + @echo "generate a fresh ca-bundle.crt" + ./lib/firefox-db2pem.sh lib/ca-bundle.crt diff --git a/extern/curl/README b/extern/curl/README new file mode 100644 index 0000000000..490faca163 --- /dev/null +++ b/extern/curl/README @@ -0,0 +1,57 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +README + + Curl is a command line tool for transferring data specified with URL + syntax. Find out how to use curl by reading the curl.1 man page or the + MANUAL document. Find out how to install Curl by reading the INSTALL + document. + + libcurl is the library curl is using to do its job. It is readily + available to be used by your software. Read the libcurl.3 man page to + learn how! + + You find answers to the most frequent questions we get in the FAQ document. + + Study the COPYING file for distribution terms and similar. If you distribute + curl binaries or other binaries that involve libcurl, you might enjoy the + LICENSE-MIXING document. + + All of those documents and more can be found in the docs/ directory. + +CONTACT + + If you have problems, questions, ideas or suggestions, please contact us + by posting to a suitable mailing list. See https://curl.haxx.se/mail/ + + All contributors to the project are listed in the THANKS document. + +WEB SITE + + Visit the curl web site for the latest news and downloads: + + https://curl.haxx.se/ + +GIT + + To download the very latest source off the GIT server do this: + + git clone https://github.com/curl/curl.git + + (you'll get a directory named curl created, filled with the source code) + +SECURITY PROBLEMS + + Report suspected security problems via our HackerOne page and not in public! + + https://hackerone.com/curl + +NOTICE + + Curl contains pieces of source code that is Copyright (c) 1998, 1999 + Kungliga Tekniska Högskolan. This notice is included here to comply with the + distribution terms. diff --git a/extern/curl/README.md b/extern/curl/README.md new file mode 100644 index 0000000000..16e4b006cf --- /dev/null +++ b/extern/curl/README.md @@ -0,0 +1,86 @@ +![curl logo](https://curl.haxx.se/logo/curl-logo.svg) + +[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/63/badge)](https://bestpractices.coreinfrastructure.org/projects/63) +[![Coverity passed](https://scan.coverity.com/projects/curl/badge.svg)](https://scan.coverity.com/projects/curl) +[![Travis-CI Build Status](https://travis-ci.org/curl/curl.svg?branch=master)](https://travis-ci.org/curl/curl) +[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/l1vv31029huhf4g4?svg=true)](https://ci.appveyor.com/project/curlorg/curl) +[![Azure DevOps Build Status](https://dev.azure.com/daniel0244/curl/_apis/build/status/curl.curl?branchName=master)](https://dev.azure.com/daniel0244/curl/_build/latest?definitionId=1&branchName=master) +[![Cirrus Build Status](https://api.cirrus-ci.com/github/curl/curl.svg?branch=master)](https://cirrus-ci.com/github/curl/curl) +[![Backers on Open Collective](https://opencollective.com/curl/backers/badge.svg)](#backers) +[![Sponsors on Open Collective](https://opencollective.com/curl/sponsors/badge.svg)](#sponsors) +[![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/curl/curl.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/curl/curl/context:cpp) +[![Codacy Badge](https://api.codacy.com/project/badge/Grade/d11483a0cc5c4ebd9da4ff9f7cd56690)](https://www.codacy.com/app/curl/curl?utm_source=github.com&utm_medium=referral&utm_content=curl/curl&utm_campaign=Badge_Grade) +[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/curl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:curl) + +Curl is a command-line tool for transferring data specified with URL +syntax. Find out how to use curl by reading [the curl.1 man +page](https://curl.haxx.se/docs/manpage.html) or [the MANUAL +document](https://curl.haxx.se/docs/manual.html). Find out how to install Curl +by reading [the INSTALL document](https://curl.haxx.se/docs/install.html). + +libcurl is the library curl is using to do its job. It is readily available to +be used by your software. Read [the libcurl.3 man +page](https://curl.haxx.se/libcurl/c/libcurl.html) to learn how! + +You can find answers to the most frequent questions we get in [the FAQ +document](https://curl.haxx.se/docs/faq.html). + +Study [the COPYING file](https://curl.haxx.se/docs/copyright.html) for +distribution terms and similar. If you distribute curl binaries or other +binaries that involve libcurl, you might enjoy [the LICENSE-MIXING +document](https://curl.haxx.se/legal/licmix.html). + +## Contact + +If you have problems, questions, ideas or suggestions, please contact us by +posting to a suitable [mailing list](https://curl.haxx.se/mail/). + +All contributors to the project are listed in [the THANKS +document](https://curl.haxx.se/docs/thanks.html). + +## Website + +Visit the [curl web site](https://curl.haxx.se/) for the latest news and +downloads. + +## Git + +To download the very latest source from the Git server do this: + + git clone https://github.com/curl/curl.git + +(you'll get a directory named curl created, filled with the source code) + +## Security problems + +Report suspected security problems via [our HackerOne +page](https://hackerone.com/curl) and not in public! + +## Notice + +Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga +Tekniska Högskolan. This notice is included here to comply with the +distribution terms. + +## Backers + +Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/curl#backer)] + + + +## Sponsors + +Support this project by becoming a sponsor. Your logo will show up here with a +link to your website. [[Become a +sponsor](https://opencollective.com/curl#sponsor)] + + + + + + + + + + + diff --git a/extern/curl/RELEASE-NOTES b/extern/curl/RELEASE-NOTES new file mode 100644 index 0000000000..ef3e38d14a --- /dev/null +++ b/extern/curl/RELEASE-NOTES @@ -0,0 +1,80 @@ +curl and libcurl 7.69.1 + + Public curl releases: 190 + Command line options: 230 + curl_easy_setopt() options: 270 + Public functions in libcurl: 82 + Contributors: 2133 + +This release includes the following bugfixes: + + o ares: store dns parameters for duphandle [20] + o cirrus-ci: disable the FreeBSD 13 builds [3] + o curl_share_setopt.3: Note sharing cookies doesn't enable the engine [11] + o lib1564: reduce number of mid-wait wakeup calls [16] + o libssh: Fix matching user-specified MD5 hex key [7] + o MANUAL: update a dict-using command line + o mime: do not perform more than one read in a row [18] + o mime: fix the binary encoder to handle large data properly [17] + o mime: latch last read callback status [19] + o multi: skip EINTR check on wakeup socket if it was closed [12] + o pause: bail out on bad input [8] + o pause: force a connection recheck after unpausing (take 2) [5] + o pause: return early for calls that don't change pause state [10] + o runtests.1: rephrase how to specify what tests to run [2] + o runtests: fix missing use of exe_ext helper function + o seek: fix fall back for missing ftruncate on Windows [4] + o sftp: fix segfault regression introduced by #4747 in 7.69.0 [22] + o sha256: Added SecureTransport implementation [15] + o sha256: Added WinCrypt implementation [15] + o socks4: fix host resolve regression [14] + o socks5: host name resolv regression fix [6] + o tests/server: fix missing use of exe_ext helper function [24] + o tests: fix static ip:port instead of dynamic values being used [23] + o tests: make sleeping portable by avoiding select [1] + o unit1612: fix the inclusion and compilation of the HMAC unit test [9] + o urldata: remove the 'stream_was_rewound' connectdata struct member [13] + o version: make curl_version* thread-safe without using global context [21] + +This release includes the following known bugs: + + o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) + +This release would not have looked like this without help, code, reports and +advice from friends like these: + + amishmm on github, Anders Berg, Andy Fiddaman, Christopher Reid, + Dan Fandrich, Daniel Stenberg, Ernst Sjöstrand, fds242 on github, + Fedor Korotkov, Felipe Gasper, Jim Fuller, Marcel Raad, Marc Hörsken, + MrdUkk on github, Patrick Monnerat, Ray Satiro, RuurdBeerstra on github, + Steve Holme, vitaha85 on github, + (19 contributors) + + Thanks! (and sorry if I forgot to mention someone) + +References to bug reports and discussions on issues: + + [1] = https://curl.haxx.se/bug/?i=5035 + [2] = https://curl.haxx.se/bug/?i=5033 + [3] = https://curl.haxx.se/bug/?i=5028 + [4] = https://curl.haxx.se/bug/?i=5055 + [5] = https://curl.haxx.se/bug/?i=5049 + [6] = https://curl.haxx.se/bug/?i=5053 + [7] = https://curl.haxx.se/bug/?i=4971 + [8] = https://curl.haxx.se/bug/?i=5050 + [9] = https://curl.haxx.se/bug/?i=5024 + [10] = https://curl.haxx.se/bug/?i=5026 + [11] = https://curl.haxx.se/mail/lib-2020-03/0019.html + [12] = https://curl.haxx.se/bug/?i=5047 + [13] = https://curl.haxx.se/bug/?i=5046 + [14] = https://curl.haxx.se/bug/?i=5061 + [15] = https://curl.haxx.se/bug/?i=5030 + [16] = https://curl.haxx.se/bug/?i=5037 + [17] = https://curl.haxx.se/bug/?i=4860 + [18] = https://curl.haxx.se/bug/?i=4826 + [19] = https://curl.haxx.se/bug/?i=4813 + [20] = https://curl.haxx.se/bug/?i=4893 + [21] = https://curl.haxx.se/bug/?i=5010 + [22] = https://curl.haxx.se/bug/?i=5041 + [23] = https://curl.haxx.se/bug/?i=5065 + [24] = https://curl.haxx.se/bug/?i=5064 diff --git a/extern/curl/SECURITY.md b/extern/curl/SECURITY.md new file mode 100644 index 0000000000..871c06a503 --- /dev/null +++ b/extern/curl/SECURITY.md @@ -0,0 +1,10 @@ +# Security Policy + +See [docs/SECURITY-PROCESS.md](docs/SECURITY-PROCESS.md) for full details. + +## Reporting a Vulnerability + +If you have found or just suspect a security problem somewhere in curl or libcurl, +report it on [https://hackerone.com/curl](https://hackerone.com/curl). + +We treat security issuse with confidentiality until disclosed controlled and responsibly. diff --git a/extern/curl/acinclude.m4 b/extern/curl/acinclude.m4 new file mode 100644 index 0000000000..3ad55c3885 --- /dev/null +++ b/extern/curl/acinclude.m4 @@ -0,0 +1,2572 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** + +dnl CURL_CHECK_DEF (SYMBOL, [INCLUDES], [SILENT]) +dnl ------------------------------------------------- +dnl Use the C preprocessor to find out if the given object-style symbol +dnl is defined and get its expansion. This macro will not use default +dnl includes even if no INCLUDES argument is given. This macro will run +dnl silently when invoked with three arguments. If the expansion would +dnl result in a set of double-quoted strings the returned expansion will +dnl actually be a single double-quoted string concatenating all them. + +AC_DEFUN([CURL_CHECK_DEF], [ + AC_REQUIRE([CURL_CPP_P])dnl + OLDCPPFLAGS=$CPPFLAGS + # CPPPFLAG comes from CURL_CPP_P + CPPFLAGS="$CPPFLAGS $CPPPFLAG" + AS_VAR_PUSHDEF([ac_HaveDef], [curl_cv_have_def_$1])dnl + AS_VAR_PUSHDEF([ac_Def], [curl_cv_def_$1])dnl + if test -z "$SED"; then + AC_MSG_ERROR([SED not set. Cannot continue without SED being set.]) + fi + if test -z "$GREP"; then + AC_MSG_ERROR([GREP not set. Cannot continue without GREP being set.]) + fi + ifelse($3,,[AC_MSG_CHECKING([for preprocessor definition of $1])]) + tmp_exp="" + AC_PREPROC_IFELSE([ + AC_LANG_SOURCE( +ifelse($2,,,[$2])[[ +#ifdef $1 +CURL_DEF_TOKEN $1 +#endif + ]]) + ],[ + tmp_exp=`eval "$ac_cpp conftest.$ac_ext" 2>/dev/null | \ + "$GREP" CURL_DEF_TOKEN 2>/dev/null | \ + "$SED" 's/.*CURL_DEF_TOKEN[[ ]][[ ]]*//' 2>/dev/null | \ + "$SED" 's/[["]][[ ]]*[["]]//g' 2>/dev/null` + if test -z "$tmp_exp" || test "$tmp_exp" = "$1"; then + tmp_exp="" + fi + ]) + if test -z "$tmp_exp"; then + AS_VAR_SET(ac_HaveDef, no) + ifelse($3,,[AC_MSG_RESULT([no])]) + else + AS_VAR_SET(ac_HaveDef, yes) + AS_VAR_SET(ac_Def, $tmp_exp) + ifelse($3,,[AC_MSG_RESULT([$tmp_exp])]) + fi + AS_VAR_POPDEF([ac_Def])dnl + AS_VAR_POPDEF([ac_HaveDef])dnl + CPPFLAGS=$OLDCPPFLAGS +]) + + +dnl CURL_CHECK_DEF_CC (SYMBOL, [INCLUDES], [SILENT]) +dnl ------------------------------------------------- +dnl Use the C compiler to find out only if the given symbol is defined +dnl or not, this can not find out its expansion. This macro will not use +dnl default includes even if no INCLUDES argument is given. This macro +dnl will run silently when invoked with three arguments. + +AC_DEFUN([CURL_CHECK_DEF_CC], [ + AS_VAR_PUSHDEF([ac_HaveDef], [curl_cv_have_def_$1])dnl + ifelse($3,,[AC_MSG_CHECKING([for compiler definition of $1])]) + AC_COMPILE_IFELSE([ + AC_LANG_SOURCE( +ifelse($2,,,[$2])[[ +int main (void) +{ +#ifdef $1 + return 0; +#else + force compilation error +#endif +} + ]]) + ],[ + tst_symbol_defined="yes" + ],[ + tst_symbol_defined="no" + ]) + if test "$tst_symbol_defined" = "yes"; then + AS_VAR_SET(ac_HaveDef, yes) + ifelse($3,,[AC_MSG_RESULT([yes])]) + else + AS_VAR_SET(ac_HaveDef, no) + ifelse($3,,[AC_MSG_RESULT([no])]) + fi + AS_VAR_POPDEF([ac_HaveDef])dnl +]) + + +dnl CURL_CHECK_LIB_XNET +dnl ------------------------------------------------- +dnl Verify if X/Open network library is required. + +AC_DEFUN([CURL_CHECK_LIB_XNET], [ + AC_MSG_CHECKING([if X/Open network library is required]) + tst_lib_xnet_required="no" + AC_COMPILE_IFELSE([ + AC_LANG_SOURCE([[ +int main (void) +{ +#if defined(__hpux) && defined(_XOPEN_SOURCE) && (_XOPEN_SOURCE >= 600) + return 0; +#elif defined(__hpux) && defined(_XOPEN_SOURCE_EXTENDED) + return 0; +#else + force compilation error +#endif +} + ]]) + ],[ + tst_lib_xnet_required="yes" + LIBS="-lxnet $LIBS" + ]) + AC_MSG_RESULT([$tst_lib_xnet_required]) +]) + + +dnl CURL_CHECK_AIX_ALL_SOURCE +dnl ------------------------------------------------- +dnl Provides a replacement of traditional AC_AIX with +dnl an uniform behaviour across all autoconf versions, +dnl and with our own placement rules. + +AC_DEFUN([CURL_CHECK_AIX_ALL_SOURCE], [ + AH_VERBATIM([_ALL_SOURCE], + [/* Define to 1 if OS is AIX. */ +#ifndef _ALL_SOURCE +# undef _ALL_SOURCE +#endif]) + AC_BEFORE([$0], [AC_SYS_LARGEFILE])dnl + AC_BEFORE([$0], [CURL_CONFIGURE_REENTRANT])dnl + AC_BEFORE([$0], [CURL_CONFIGURE_PULL_SYS_POLL])dnl + AC_MSG_CHECKING([if OS is AIX (to define _ALL_SOURCE)]) + AC_EGREP_CPP([yes_this_is_aix],[ +#ifdef _AIX + yes_this_is_aix +#endif + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE(_ALL_SOURCE) + ],[ + AC_MSG_RESULT([no]) + ]) +]) + + +dnl CURL_CHECK_HEADER_WINDOWS +dnl ------------------------------------------------- +dnl Check for compilable and valid windows.h header + +AC_DEFUN([CURL_CHECK_HEADER_WINDOWS], [ + AC_CACHE_CHECK([for windows.h], [curl_cv_header_windows_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include + ]],[[ +#if defined(__CYGWIN__) || defined(__CEGCC__) + HAVE_WINDOWS_H shall not be defined. +#else + int dummy=2*WINVER; +#endif + ]]) + ],[ + curl_cv_header_windows_h="yes" + ],[ + curl_cv_header_windows_h="no" + ]) + ]) + case "$curl_cv_header_windows_h" in + yes) + AC_DEFINE_UNQUOTED(HAVE_WINDOWS_H, 1, + [Define to 1 if you have the windows.h header file.]) + ;; + esac +]) + + +dnl CURL_CHECK_NATIVE_WINDOWS +dnl ------------------------------------------------- +dnl Check if building a native Windows target + +AC_DEFUN([CURL_CHECK_NATIVE_WINDOWS], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_CACHE_CHECK([whether build target is a native Windows one], [curl_cv_native_windows], [ + if test "$curl_cv_header_windows_h" = "no"; then + curl_cv_native_windows="no" + else + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + ]],[[ +#if defined(__MINGW32__) || defined(__MINGW32CE__) || \ + (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64))) + int dummy=1; +#else + Not a native Windows build target. +#endif + ]]) + ],[ + curl_cv_native_windows="yes" + ],[ + curl_cv_native_windows="no" + ]) + fi + ]) + AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$curl_cv_native_windows" = xyes) +]) + + +dnl CURL_CHECK_HEADER_WINSOCK +dnl ------------------------------------------------- +dnl Check for compilable and valid winsock.h header + +AC_DEFUN([CURL_CHECK_HEADER_WINSOCK], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_CACHE_CHECK([for winsock.h], [curl_cv_header_winsock_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#include + ]],[[ +#if defined(__CYGWIN__) || defined(__CEGCC__) + HAVE_WINSOCK_H shall not be defined. +#else + int dummy=WSACleanup(); +#endif + ]]) + ],[ + curl_cv_header_winsock_h="yes" + ],[ + curl_cv_header_winsock_h="no" + ]) + ]) + case "$curl_cv_header_winsock_h" in + yes) + AC_DEFINE_UNQUOTED(HAVE_WINSOCK_H, 1, + [Define to 1 if you have the winsock.h header file.]) + ;; + esac +]) + + +dnl CURL_CHECK_HEADER_WINSOCK2 +dnl ------------------------------------------------- +dnl Check for compilable and valid winsock2.h header + +AC_DEFUN([CURL_CHECK_HEADER_WINSOCK2], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_CACHE_CHECK([for winsock2.h], [curl_cv_header_winsock2_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#include + ]],[[ +#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) + HAVE_WINSOCK2_H shall not be defined. +#else + int dummy=2*IPPROTO_ESP; +#endif + ]]) + ],[ + curl_cv_header_winsock2_h="yes" + ],[ + curl_cv_header_winsock2_h="no" + ]) + ]) + case "$curl_cv_header_winsock2_h" in + yes) + AC_DEFINE_UNQUOTED(HAVE_WINSOCK2_H, 1, + [Define to 1 if you have the winsock2.h header file.]) + ;; + esac +]) + + +dnl CURL_CHECK_HEADER_WS2TCPIP +dnl ------------------------------------------------- +dnl Check for compilable and valid ws2tcpip.h header + +AC_DEFUN([CURL_CHECK_HEADER_WS2TCPIP], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_CACHE_CHECK([for ws2tcpip.h], [curl_cv_header_ws2tcpip_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#include +#include + ]],[[ +#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) + HAVE_WS2TCPIP_H shall not be defined. +#else + int dummy=2*IP_PKTINFO; +#endif + ]]) + ],[ + curl_cv_header_ws2tcpip_h="yes" + ],[ + curl_cv_header_ws2tcpip_h="no" + ]) + ]) + case "$curl_cv_header_ws2tcpip_h" in + yes) + AC_DEFINE_UNQUOTED(HAVE_WS2TCPIP_H, 1, + [Define to 1 if you have the ws2tcpip.h header file.]) + ;; + esac +]) + + +dnl CURL_CHECK_HEADER_WINLDAP +dnl ------------------------------------------------- +dnl Check for compilable and valid winldap.h header + +AC_DEFUN([CURL_CHECK_HEADER_WINLDAP], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_CACHE_CHECK([for winldap.h], [curl_cv_header_winldap_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#endif +#include + ]],[[ +#if defined(__CYGWIN__) || defined(__CEGCC__) + HAVE_WINLDAP_H shall not be defined. +#else + LDAP *ldp = ldap_init("dummy", LDAP_PORT); + ULONG res = ldap_unbind(ldp); +#endif + ]]) + ],[ + curl_cv_header_winldap_h="yes" + ],[ + curl_cv_header_winldap_h="no" + ]) + ]) + case "$curl_cv_header_winldap_h" in + yes) + AC_DEFINE_UNQUOTED(HAVE_WINLDAP_H, 1, + [Define to 1 if you have the winldap.h header file.]) + ;; + esac +]) + + +dnl CURL_CHECK_HEADER_WINBER +dnl ------------------------------------------------- +dnl Check for compilable and valid winber.h header + +AC_DEFUN([CURL_CHECK_HEADER_WINBER], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINLDAP])dnl + AC_CACHE_CHECK([for winber.h], [curl_cv_header_winber_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#endif +#include +#include + ]],[[ +#if defined(__CYGWIN__) || defined(__CEGCC__) + HAVE_WINBER_H shall not be defined. +#else + BERVAL *bvp = NULL; + BerElement *bep = ber_init(bvp); + ber_free(bep, 1); +#endif + ]]) + ],[ + curl_cv_header_winber_h="yes" + ],[ + curl_cv_header_winber_h="no" + ]) + ]) + case "$curl_cv_header_winber_h" in + yes) + AC_DEFINE_UNQUOTED(HAVE_WINBER_H, 1, + [Define to 1 if you have the winber.h header file.]) + ;; + esac +]) + + +dnl CURL_CHECK_HEADER_LBER +dnl ------------------------------------------------- +dnl Check for compilable and valid lber.h header, +dnl and check if it is needed even with ldap.h + +AC_DEFUN([CURL_CHECK_HEADER_LBER], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_CACHE_CHECK([for lber.h], [curl_cv_header_lber_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#else +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#endif +#ifndef NULL +#define NULL (void *)0 +#endif +#include + ]],[[ + BerValue *bvp = NULL; + BerElement *bep = ber_init(bvp); + ber_free(bep, 1); + ]]) + ],[ + curl_cv_header_lber_h="yes" + ],[ + curl_cv_header_lber_h="no" + ]) + ]) + if test "$curl_cv_header_lber_h" = "yes"; then + AC_DEFINE_UNQUOTED(HAVE_LBER_H, 1, + [Define to 1 if you have the lber.h header file.]) + # + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#else +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#endif +#ifndef NULL +#define NULL (void *)0 +#endif +#ifndef LDAP_DEPRECATED +#define LDAP_DEPRECATED 1 +#endif +#include + ]],[[ + BerValue *bvp = NULL; + BerElement *bep = ber_init(bvp); + ber_free(bep, 1); + ]]) + ],[ + curl_cv_need_header_lber_h="no" + ],[ + curl_cv_need_header_lber_h="yes" + ]) + # + case "$curl_cv_need_header_lber_h" in + yes) + AC_DEFINE_UNQUOTED(NEED_LBER_H, 1, + [Define to 1 if you need the lber.h header file even with ldap.h]) + ;; + esac + fi +]) + + +dnl CURL_CHECK_HEADER_LDAP +dnl ------------------------------------------------- +dnl Check for compilable and valid ldap.h header + +AC_DEFUN([CURL_CHECK_HEADER_LDAP], [ + AC_REQUIRE([CURL_CHECK_HEADER_LBER])dnl + AC_CACHE_CHECK([for ldap.h], [curl_cv_header_ldap_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#else +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#endif +#ifndef LDAP_DEPRECATED +#define LDAP_DEPRECATED 1 +#endif +#ifdef NEED_LBER_H +#include +#endif +#include + ]],[[ + LDAP *ldp = ldap_init("dummy", LDAP_PORT); + int res = ldap_unbind(ldp); + ]]) + ],[ + curl_cv_header_ldap_h="yes" + ],[ + curl_cv_header_ldap_h="no" + ]) + ]) + case "$curl_cv_header_ldap_h" in + yes) + AC_DEFINE_UNQUOTED(HAVE_LDAP_H, 1, + [Define to 1 if you have the ldap.h header file.]) + ;; + esac +]) + + +dnl CURL_CHECK_HEADER_LDAP_SSL +dnl ------------------------------------------------- +dnl Check for compilable and valid ldap_ssl.h header + +AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [ + AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl + AC_CACHE_CHECK([for ldap_ssl.h], [curl_cv_header_ldap_ssl_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#else +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#endif +#ifndef LDAP_DEPRECATED +#define LDAP_DEPRECATED 1 +#endif +#ifdef NEED_LBER_H +#include +#endif +#ifdef HAVE_LDAP_H +#include +#endif +#include + ]],[[ + LDAP *ldp = ldapssl_init("dummy", LDAPS_PORT, 1); + ]]) + ],[ + curl_cv_header_ldap_ssl_h="yes" + ],[ + curl_cv_header_ldap_ssl_h="no" + ]) + ]) + case "$curl_cv_header_ldap_ssl_h" in + yes) + AC_DEFINE_UNQUOTED(HAVE_LDAP_SSL_H, 1, + [Define to 1 if you have the ldap_ssl.h header file.]) + ;; + esac +]) + + +dnl CURL_CHECK_HEADER_LDAPSSL +dnl ------------------------------------------------- +dnl Check for compilable and valid ldapssl.h header + +AC_DEFUN([CURL_CHECK_HEADER_LDAPSSL], [ + AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl + AC_CACHE_CHECK([for ldapssl.h], [curl_cv_header_ldapssl_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#else +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#endif +#ifndef NULL +#define NULL (void *)0 +#endif +#ifndef LDAP_DEPRECATED +#define LDAP_DEPRECATED 1 +#endif +#ifdef NEED_LBER_H +#include +#endif +#ifdef HAVE_LDAP_H +#include +#endif +#include + ]],[[ + char *cert_label = NULL; + LDAP *ldp = ldap_ssl_init("dummy", LDAPS_PORT, cert_label); + ]]) + ],[ + curl_cv_header_ldapssl_h="yes" + ],[ + curl_cv_header_ldapssl_h="no" + ]) + ]) + case "$curl_cv_header_ldapssl_h" in + yes) + AC_DEFINE_UNQUOTED(HAVE_LDAPSSL_H, 1, + [Define to 1 if you have the ldapssl.h header file.]) + ;; + esac +]) + + +dnl CURL_CHECK_LIBS_WINLDAP +dnl ------------------------------------------------- +dnl Check for libraries needed for WINLDAP support, +dnl and prepended to LIBS any needed libraries. +dnl This macro can take an optional parameter with a +dnl white space separated list of libraries to check +dnl before the WINLDAP default ones. + +AC_DEFUN([CURL_CHECK_LIBS_WINLDAP], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINBER])dnl + # + AC_MSG_CHECKING([for WINLDAP libraries]) + # + u_libs="" + # + ifelse($1,,,[ + for x_lib in $1; do + case "$x_lib" in + -l*) + l_lib="$x_lib" + ;; + *) + l_lib="-l$x_lib" + ;; + esac + if test -z "$u_libs"; then + u_libs="$l_lib" + else + u_libs="$u_libs $l_lib" + fi + done + ]) + # + curl_cv_save_LIBS="$LIBS" + curl_cv_ldap_LIBS="unknown" + # + for x_nlibs in '' "$u_libs" \ + '-lwldap32' ; do + if test "$curl_cv_ldap_LIBS" = "unknown"; then + if test -z "$x_nlibs"; then + LIBS="$curl_cv_save_LIBS" + else + LIBS="$x_nlibs $curl_cv_save_LIBS" + fi + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINLDAP_H +#include +#endif +#ifdef HAVE_WINBER_H +#include +#endif +#endif + ]],[[ + BERVAL *bvp = NULL; + BerElement *bep = ber_init(bvp); + LDAP *ldp = ldap_init("dummy", LDAP_PORT); + ULONG res = ldap_unbind(ldp); + ber_free(bep, 1); + ]]) + ],[ + curl_cv_ldap_LIBS="$x_nlibs" + ]) + fi + done + # + LIBS="$curl_cv_save_LIBS" + # + case X-"$curl_cv_ldap_LIBS" in + X-unknown) + AC_MSG_RESULT([cannot find WINLDAP libraries]) + ;; + X-) + AC_MSG_RESULT([no additional lib required]) + ;; + *) + if test -z "$curl_cv_save_LIBS"; then + LIBS="$curl_cv_ldap_LIBS" + else + LIBS="$curl_cv_ldap_LIBS $curl_cv_save_LIBS" + fi + AC_MSG_RESULT([$curl_cv_ldap_LIBS]) + ;; + esac + # +]) + + +dnl CURL_CHECK_LIBS_LDAP +dnl ------------------------------------------------- +dnl Check for libraries needed for LDAP support, +dnl and prepended to LIBS any needed libraries. +dnl This macro can take an optional parameter with a +dnl white space separated list of libraries to check +dnl before the default ones. + +AC_DEFUN([CURL_CHECK_LIBS_LDAP], [ + AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl + # + AC_MSG_CHECKING([for LDAP libraries]) + # + u_libs="" + # + ifelse($1,,,[ + for x_lib in $1; do + case "$x_lib" in + -l*) + l_lib="$x_lib" + ;; + *) + l_lib="-l$x_lib" + ;; + esac + if test -z "$u_libs"; then + u_libs="$l_lib" + else + u_libs="$u_libs $l_lib" + fi + done + ]) + # + curl_cv_save_LIBS="$LIBS" + curl_cv_ldap_LIBS="unknown" + # + for x_nlibs in '' "$u_libs" \ + '-lldap' \ + '-lldap -llber' \ + '-llber -lldap' \ + '-lldapssl -lldapx -lldapsdk' \ + '-lldapsdk -lldapx -lldapssl' \ + '-lldap -llber -lssl -lcrypto' ; do + + if test "$curl_cv_ldap_LIBS" = "unknown"; then + if test -z "$x_nlibs"; then + LIBS="$curl_cv_save_LIBS" + else + LIBS="$x_nlibs $curl_cv_save_LIBS" + fi + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#else +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#endif +#ifndef NULL +#define NULL (void *)0 +#endif +#ifndef LDAP_DEPRECATED +#define LDAP_DEPRECATED 1 +#endif +#ifdef NEED_LBER_H +#include +#endif +#ifdef HAVE_LDAP_H +#include +#endif + ]],[[ + BerValue *bvp = NULL; + BerElement *bep = ber_init(bvp); + LDAP *ldp = ldap_init("dummy", LDAP_PORT); + int res = ldap_unbind(ldp); + ber_free(bep, 1); + ]]) + ],[ + curl_cv_ldap_LIBS="$x_nlibs" + ]) + fi + done + # + LIBS="$curl_cv_save_LIBS" + # + case X-"$curl_cv_ldap_LIBS" in + X-unknown) + AC_MSG_RESULT([cannot find LDAP libraries]) + ;; + X-) + AC_MSG_RESULT([no additional lib required]) + ;; + *) + if test -z "$curl_cv_save_LIBS"; then + LIBS="$curl_cv_ldap_LIBS" + else + LIBS="$curl_cv_ldap_LIBS $curl_cv_save_LIBS" + fi + AC_MSG_RESULT([$curl_cv_ldap_LIBS]) + ;; + esac + # +]) + + +dnl CURL_CHECK_HEADER_MALLOC +dnl ------------------------------------------------- +dnl Check for compilable and valid malloc.h header, +dnl and check if it is needed even with stdlib.h + +AC_DEFUN([CURL_CHECK_HEADER_MALLOC], [ + AC_CACHE_CHECK([for malloc.h], [curl_cv_header_malloc_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include + ]],[[ + void *p = malloc(10); + void *q = calloc(10,10); + free(p); + free(q); + ]]) + ],[ + curl_cv_header_malloc_h="yes" + ],[ + curl_cv_header_malloc_h="no" + ]) + ]) + if test "$curl_cv_header_malloc_h" = "yes"; then + AC_DEFINE_UNQUOTED(HAVE_MALLOC_H, 1, + [Define to 1 if you have the malloc.h header file.]) + # + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include + ]],[[ + void *p = malloc(10); + void *q = calloc(10,10); + free(p); + free(q); + ]]) + ],[ + curl_cv_need_header_malloc_h="no" + ],[ + curl_cv_need_header_malloc_h="yes" + ]) + # + case "$curl_cv_need_header_malloc_h" in + yes) + AC_DEFINE_UNQUOTED(NEED_MALLOC_H, 1, + [Define to 1 if you need the malloc.h header file even with stdlib.h]) + ;; + esac + fi +]) + + +dnl CURL_CHECK_HEADER_MEMORY +dnl ------------------------------------------------- +dnl Check for compilable and valid memory.h header, +dnl and check if it is needed even with stdlib.h for +dnl memory related functions. + +AC_DEFUN([CURL_CHECK_HEADER_MEMORY], [ + AC_CACHE_CHECK([for memory.h], [curl_cv_header_memory_h], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include + ]],[[ + void *p = malloc(10); + void *q = calloc(10,10); + free(p); + free(q); + ]]) + ],[ + curl_cv_header_memory_h="yes" + ],[ + curl_cv_header_memory_h="no" + ]) + ]) + if test "$curl_cv_header_memory_h" = "yes"; then + AC_DEFINE_UNQUOTED(HAVE_MEMORY_H, 1, + [Define to 1 if you have the memory.h header file.]) + # + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include + ]],[[ + void *p = malloc(10); + void *q = calloc(10,10); + free(p); + free(q); + ]]) + ],[ + curl_cv_need_header_memory_h="no" + ],[ + curl_cv_need_header_memory_h="yes" + ]) + # + case "$curl_cv_need_header_memory_h" in + yes) + AC_DEFINE_UNQUOTED(NEED_MEMORY_H, 1, + [Define to 1 if you need the memory.h header file even with stdlib.h]) + ;; + esac + fi +]) + +dnl TYPE_SOCKADDR_STORAGE +dnl ------------------------------------------------- +dnl Check for struct sockaddr_storage. Most IPv6-enabled +dnl hosts have it, but AIX 4.3 is one known exception. + +AC_DEFUN([TYPE_SOCKADDR_STORAGE], +[ + AC_CHECK_TYPE([struct sockaddr_storage], + AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE, 1, + [if struct sockaddr_storage is defined]), , + [ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#endif +#else +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#endif + ]) +]) + +dnl CURL_CHECK_FUNC_RECV +dnl ------------------------------------------------- +dnl Test if the socket recv() function is available, +dnl and check its return type and the types of its +dnl arguments. If the function succeeds HAVE_RECV +dnl will be defined, defining the types of the arguments +dnl in RECV_TYPE_ARG1, RECV_TYPE_ARG2, RECV_TYPE_ARG3 +dnl and RECV_TYPE_ARG4, defining the type of the function +dnl return value in RECV_TYPE_RETV. + +AC_DEFUN([CURL_CHECK_FUNC_RECV], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl + AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_CHECK_HEADERS(sys/types.h sys/socket.h) + # + AC_MSG_CHECKING([for recv]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#else +#ifdef HAVE_PROTO_BSDSOCKET_H +#include +struct Library *SocketBase = NULL; +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#endif + ]],[[ + recv(0, 0, 0, 0); + ]]) + ],[ + AC_MSG_RESULT([yes]) + curl_cv_recv="yes" + ],[ + AC_MSG_RESULT([no]) + curl_cv_recv="no" + ]) + # + if test "$curl_cv_recv" = "yes"; then + AC_CACHE_CHECK([types of args and return type for recv], + [curl_cv_func_recv_args], [ + curl_cv_func_recv_args="unknown" + for recv_retv in 'int' 'ssize_t'; do + for recv_arg1 in 'int' 'ssize_t' 'SOCKET'; do + for recv_arg2 in 'char *' 'void *'; do + for recv_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do + for recv_arg4 in 'int' 'unsigned int'; do + if test "$curl_cv_func_recv_args" = "unknown"; then + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#define RECVCALLCONV PASCAL +#else +#ifdef HAVE_PROTO_BSDSOCKET_H +#include +struct Library *SocketBase = NULL; +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#define RECVCALLCONV +#endif +#ifndef HAVE_PROTO_BSDSOCKET_H + extern $recv_retv RECVCALLCONV + recv($recv_arg1, $recv_arg2, $recv_arg3, $recv_arg4); +#endif + ]],[[ + $recv_arg1 s=0; + $recv_arg2 buf=0; + $recv_arg3 len=0; + $recv_arg4 flags=0; + $recv_retv res = recv(s, buf, len, flags); + ]]) + ],[ + curl_cv_func_recv_args="$recv_arg1,$recv_arg2,$recv_arg3,$recv_arg4,$recv_retv" + ]) + fi + done + done + done + done + done + ]) # AC-CACHE-CHECK + if test "$curl_cv_func_recv_args" = "unknown"; then + AC_MSG_ERROR([Cannot find proper types to use for recv args]) + else + recv_prev_IFS=$IFS; IFS=',' + set dummy `echo "$curl_cv_func_recv_args" | sed 's/\*/\*/g'` + IFS=$recv_prev_IFS + shift + # + AC_DEFINE_UNQUOTED(RECV_TYPE_ARG1, $[1], + [Define to the type of arg 1 for recv.]) + AC_DEFINE_UNQUOTED(RECV_TYPE_ARG2, $[2], + [Define to the type of arg 2 for recv.]) + AC_DEFINE_UNQUOTED(RECV_TYPE_ARG3, $[3], + [Define to the type of arg 3 for recv.]) + AC_DEFINE_UNQUOTED(RECV_TYPE_ARG4, $[4], + [Define to the type of arg 4 for recv.]) + AC_DEFINE_UNQUOTED(RECV_TYPE_RETV, $[5], + [Define to the function return type for recv.]) + # + AC_DEFINE_UNQUOTED(HAVE_RECV, 1, + [Define to 1 if you have the recv function.]) + curl_cv_func_recv="yes" + fi + else + AC_MSG_ERROR([Unable to link function recv]) + fi +]) + + +dnl CURL_CHECK_FUNC_SEND +dnl ------------------------------------------------- +dnl Test if the socket send() function is available, +dnl and check its return type and the types of its +dnl arguments. If the function succeeds HAVE_SEND +dnl will be defined, defining the types of the arguments +dnl in SEND_TYPE_ARG1, SEND_TYPE_ARG2, SEND_TYPE_ARG3 +dnl and SEND_TYPE_ARG4, defining the type of the function +dnl return value in SEND_TYPE_RETV, and also defining the +dnl type qualifier of second argument in SEND_QUAL_ARG2. + +AC_DEFUN([CURL_CHECK_FUNC_SEND], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl + AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_CHECK_HEADERS(sys/types.h sys/socket.h) + # + AC_MSG_CHECKING([for send]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#else +#ifdef HAVE_PROTO_BSDSOCKET_H +#include +struct Library *SocketBase = NULL; +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#endif + ]],[[ + send(0, 0, 0, 0); + ]]) + ],[ + AC_MSG_RESULT([yes]) + curl_cv_send="yes" + ],[ + AC_MSG_RESULT([no]) + curl_cv_send="no" + ]) + # + if test "$curl_cv_send" = "yes"; then + AC_CACHE_CHECK([types of args and return type for send], + [curl_cv_func_send_args], [ + curl_cv_func_send_args="unknown" + for send_retv in 'int' 'ssize_t'; do + for send_arg1 in 'int' 'ssize_t' 'SOCKET'; do + for send_arg2 in 'char *' 'void *' 'const char *' 'const void *'; do + for send_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do + for send_arg4 in 'int' 'unsigned int'; do + if test "$curl_cv_func_send_args" = "unknown"; then + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#define SENDCALLCONV PASCAL +#else +#ifdef HAVE_PROTO_BSDSOCKET_H +#include +struct Library *SocketBase = NULL; +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#define SENDCALLCONV +#endif +#ifndef HAVE_PROTO_BSDSOCKET_H + extern $send_retv SENDCALLCONV + send($send_arg1, $send_arg2, $send_arg3, $send_arg4); +#endif + ]],[[ + $send_arg1 s=0; + $send_arg3 len=0; + $send_arg4 flags=0; + $send_retv res = send(s, 0, len, flags); + ]]) + ],[ + curl_cv_func_send_args="$send_arg1,$send_arg2,$send_arg3,$send_arg4,$send_retv" + ]) + fi + done + done + done + done + done + ]) # AC-CACHE-CHECK + if test "$curl_cv_func_send_args" = "unknown"; then + AC_MSG_ERROR([Cannot find proper types to use for send args]) + else + send_prev_IFS=$IFS; IFS=',' + set dummy `echo "$curl_cv_func_send_args" | sed 's/\*/\*/g'` + IFS=$send_prev_IFS + shift + # + send_qual_type_arg2=$[2] + # + AC_DEFINE_UNQUOTED(SEND_TYPE_ARG1, $[1], + [Define to the type of arg 1 for send.]) + AC_DEFINE_UNQUOTED(SEND_TYPE_ARG3, $[3], + [Define to the type of arg 3 for send.]) + AC_DEFINE_UNQUOTED(SEND_TYPE_ARG4, $[4], + [Define to the type of arg 4 for send.]) + AC_DEFINE_UNQUOTED(SEND_TYPE_RETV, $[5], + [Define to the function return type for send.]) + # + prev_sh_opts=$- + # + case $prev_sh_opts in + *f*) + ;; + *) + set -f + ;; + esac + # + case "$send_qual_type_arg2" in + const*) + send_qual_arg2=const + send_type_arg2=`echo $send_qual_type_arg2 | sed 's/^const //'` + ;; + *) + send_qual_arg2= + send_type_arg2=$send_qual_type_arg2 + ;; + esac + # + AC_DEFINE_UNQUOTED(SEND_QUAL_ARG2, $send_qual_arg2, + [Define to the type qualifier of arg 2 for send.]) + AC_DEFINE_UNQUOTED(SEND_TYPE_ARG2, $send_type_arg2, + [Define to the type of arg 2 for send.]) + # + case $prev_sh_opts in + *f*) + ;; + *) + set +f + ;; + esac + # + AC_DEFINE_UNQUOTED(HAVE_SEND, 1, + [Define to 1 if you have the send function.]) + curl_cv_func_send="yes" + fi + else + AC_MSG_ERROR([Unable to link function send]) + fi +]) + +dnl CURL_CHECK_MSG_NOSIGNAL +dnl ------------------------------------------------- +dnl Check for MSG_NOSIGNAL + +AC_DEFUN([CURL_CHECK_MSG_NOSIGNAL], [ + AC_CHECK_HEADERS(sys/types.h sys/socket.h) + AC_CACHE_CHECK([for MSG_NOSIGNAL], [curl_cv_msg_nosignal], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#else +#ifdef HAVE_PROTO_BSDSOCKET_H +#include +struct Library *SocketBase = NULL; +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#endif + ]],[[ + int flag=MSG_NOSIGNAL; + ]]) + ],[ + curl_cv_msg_nosignal="yes" + ],[ + curl_cv_msg_nosignal="no" + ]) + ]) + case "$curl_cv_msg_nosignal" in + yes) + AC_DEFINE_UNQUOTED(HAVE_MSG_NOSIGNAL, 1, + [Define to 1 if you have the MSG_NOSIGNAL flag.]) + ;; + esac +]) + + +dnl CURL_CHECK_STRUCT_TIMEVAL +dnl ------------------------------------------------- +dnl Check for timeval struct + +AC_DEFUN([CURL_CHECK_STRUCT_TIMEVAL], [ + AC_REQUIRE([AC_HEADER_TIME])dnl + AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK])dnl + AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_CHECK_HEADERS(sys/types.h sys/time.h time.h sys/socket.h) + AC_CACHE_CHECK([for struct timeval], [curl_cv_struct_timeval], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#ifdef TIME_WITH_SYS_TIME +#include +#endif +#else +#ifdef HAVE_TIME_H +#include +#endif +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + ]],[[ + struct timeval ts; + ts.tv_sec = 0; + ts.tv_usec = 0; + ]]) + ],[ + curl_cv_struct_timeval="yes" + ],[ + curl_cv_struct_timeval="no" + ]) + ]) + case "$curl_cv_struct_timeval" in + yes) + AC_DEFINE_UNQUOTED(HAVE_STRUCT_TIMEVAL, 1, + [Define to 1 if you have the timeval struct.]) + ;; + esac +]) + + +dnl TYPE_SIG_ATOMIC_T +dnl ------------------------------------------------- +dnl Check if the sig_atomic_t type is available, and +dnl verify if it is already defined as volatile. + +AC_DEFUN([TYPE_SIG_ATOMIC_T], [ + AC_CHECK_HEADERS(signal.h) + AC_CHECK_TYPE([sig_atomic_t],[ + AC_DEFINE(HAVE_SIG_ATOMIC_T, 1, + [Define to 1 if sig_atomic_t is an available typedef.]) + ], ,[ +#ifdef HAVE_SIGNAL_H +#include +#endif + ]) + case "$ac_cv_type_sig_atomic_t" in + yes) + # + AC_MSG_CHECKING([if sig_atomic_t is already defined as volatile]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#ifdef HAVE_SIGNAL_H +#include +#endif + ]],[[ + static volatile sig_atomic_t dummy = 0; + ]]) + ],[ + AC_MSG_RESULT([no]) + curl_cv_sig_atomic_t_volatile="no" + ],[ + AC_MSG_RESULT([yes]) + curl_cv_sig_atomic_t_volatile="yes" + ]) + # + if test "$curl_cv_sig_atomic_t_volatile" = "yes"; then + AC_DEFINE(HAVE_SIG_ATOMIC_T_VOLATILE, 1, + [Define to 1 if sig_atomic_t is already defined as volatile.]) + fi + ;; + esac +]) + + +dnl TYPE_IN_ADDR_T +dnl ------------------------------------------------- +dnl Check for in_addr_t: it is used to receive the return code of inet_addr() +dnl and a few other things. + +AC_DEFUN([TYPE_IN_ADDR_T], [ + AC_CHECK_TYPE([in_addr_t], ,[ + dnl in_addr_t not available + AC_CACHE_CHECK([for in_addr_t equivalent], + [curl_cv_in_addr_t_equiv], [ + curl_cv_in_addr_t_equiv="unknown" + for t in "unsigned long" int size_t unsigned long; do + if test "$curl_cv_in_addr_t_equiv" = "unknown"; then + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#else +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#endif + ]],[[ + $t data = inet_addr ("1.2.3.4"); + ]]) + ],[ + curl_cv_in_addr_t_equiv="$t" + ]) + fi + done + ]) + case "$curl_cv_in_addr_t_equiv" in + unknown) + AC_MSG_ERROR([Cannot find a type to use in place of in_addr_t]) + ;; + *) + AC_DEFINE_UNQUOTED(in_addr_t, $curl_cv_in_addr_t_equiv, + [Type to use in place of in_addr_t when system does not provide it.]) + ;; + esac + ],[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#else +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#endif + ]) +]) + + +dnl CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC +dnl ------------------------------------------------- +dnl Check if monotonic clock_gettime is available. + +AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [ + AC_REQUIRE([AC_HEADER_TIME])dnl + AC_CHECK_HEADERS(sys/types.h sys/time.h time.h) + AC_MSG_CHECKING([for monotonic clock_gettime]) + # + if test "x$dontwant_rt" = "xno" ; then + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#ifdef TIME_WITH_SYS_TIME +#include +#endif +#else +#ifdef HAVE_TIME_H +#include +#endif +#endif + ]],[[ + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); + ]]) + ],[ + AC_MSG_RESULT([yes]) + curl_func_clock_gettime="yes" + ],[ + AC_MSG_RESULT([no]) + curl_func_clock_gettime="no" + ]) + fi + dnl Definition of HAVE_CLOCK_GETTIME_MONOTONIC is intentionally postponed + dnl until library linking and run-time checks for clock_gettime succeed. +]) + + +dnl CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC +dnl ------------------------------------------------- +dnl If monotonic clock_gettime is available then, +dnl check and prepended to LIBS any needed libraries. + +AC_DEFUN([CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC], [ + AC_REQUIRE([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC])dnl + # + if test "$curl_func_clock_gettime" = "yes"; then + # + AC_MSG_CHECKING([for clock_gettime in libraries]) + # + curl_cv_save_LIBS="$LIBS" + curl_cv_gclk_LIBS="unknown" + # + for x_xlibs in '' '-lrt' '-lposix4' ; do + if test "$curl_cv_gclk_LIBS" = "unknown"; then + if test -z "$x_xlibs"; then + LIBS="$curl_cv_save_LIBS" + else + LIBS="$x_xlibs $curl_cv_save_LIBS" + fi + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#ifdef TIME_WITH_SYS_TIME +#include +#endif +#else +#ifdef HAVE_TIME_H +#include +#endif +#endif + ]],[[ + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); + ]]) + ],[ + curl_cv_gclk_LIBS="$x_xlibs" + ]) + fi + done + # + LIBS="$curl_cv_save_LIBS" + # + case X-"$curl_cv_gclk_LIBS" in + X-unknown) + AC_MSG_RESULT([cannot find clock_gettime]) + AC_MSG_WARN([HAVE_CLOCK_GETTIME_MONOTONIC will not be defined]) + curl_func_clock_gettime="no" + ;; + X-) + AC_MSG_RESULT([no additional lib required]) + curl_func_clock_gettime="yes" + ;; + *) + if test -z "$curl_cv_save_LIBS"; then + LIBS="$curl_cv_gclk_LIBS" + else + LIBS="$curl_cv_gclk_LIBS $curl_cv_save_LIBS" + fi + AC_MSG_RESULT([$curl_cv_gclk_LIBS]) + curl_func_clock_gettime="yes" + ;; + esac + # + dnl only do runtime verification when not cross-compiling + if test "x$cross_compiling" != "xyes" && + test "$curl_func_clock_gettime" = "yes"; then + AC_MSG_CHECKING([if monotonic clock_gettime works]) + CURL_RUN_IFELSE([ + AC_LANG_PROGRAM([[ +#ifdef HAVE_STDLIB_H +#include +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#ifdef TIME_WITH_SYS_TIME +#include +#endif +#else +#ifdef HAVE_TIME_H +#include +#endif +#endif + ]],[[ + struct timespec ts; + if (0 == clock_gettime(CLOCK_MONOTONIC, &ts)) + exit(0); + else + exit(1); + ]]) + ],[ + AC_MSG_RESULT([yes]) + ],[ + AC_MSG_RESULT([no]) + AC_MSG_WARN([HAVE_CLOCK_GETTIME_MONOTONIC will not be defined]) + curl_func_clock_gettime="no" + LIBS="$curl_cv_save_LIBS" + ]) + fi + # + case "$curl_func_clock_gettime" in + yes) + AC_DEFINE_UNQUOTED(HAVE_CLOCK_GETTIME_MONOTONIC, 1, + [Define to 1 if you have the clock_gettime function and monotonic timer.]) + ;; + esac + # + fi + # +]) + + +dnl CURL_CHECK_LIBS_CONNECT +dnl ------------------------------------------------- +dnl Verify if network connect function is already available +dnl using current libraries or if another one is required. + +AC_DEFUN([CURL_CHECK_LIBS_CONNECT], [ + AC_REQUIRE([CURL_INCLUDES_WINSOCK2])dnl + AC_REQUIRE([CURL_INCLUDES_BSDSOCKET])dnl + AC_MSG_CHECKING([for connect in libraries]) + tst_connect_save_LIBS="$LIBS" + tst_connect_need_LIBS="unknown" + for tst_lib in '' '-lsocket' ; do + if test "$tst_connect_need_LIBS" = "unknown"; then + LIBS="$tst_lib $tst_connect_save_LIBS" + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ + $curl_includes_winsock2 + $curl_includes_bsdsocket + #if !defined(HAVE_WINDOWS_H) && !defined(HAVE_PROTO_BSDSOCKET_H) + int connect(int, void*, int); + #endif + ]],[[ + if(0 != connect(0, 0, 0)) + return 1; + ]]) + ],[ + tst_connect_need_LIBS="$tst_lib" + ]) + fi + done + LIBS="$tst_connect_save_LIBS" + # + case X-"$tst_connect_need_LIBS" in + X-unknown) + AC_MSG_RESULT([cannot find connect]) + AC_MSG_ERROR([cannot find connect function in libraries.]) + ;; + X-) + AC_MSG_RESULT([yes]) + ;; + *) + AC_MSG_RESULT([$tst_connect_need_LIBS]) + LIBS="$tst_connect_need_LIBS $tst_connect_save_LIBS" + ;; + esac +]) + + +dnl CURL_DEFINE_UNQUOTED (VARIABLE, [VALUE]) +dnl ------------------------------------------------- +dnl Like AC_DEFINE_UNQUOTED this macro will define a C preprocessor +dnl symbol that can be further used in custom template configuration +dnl files. This macro, unlike AC_DEFINE_UNQUOTED, does not use a third +dnl argument for the description. Symbol definitions done with this +dnl macro are intended to be exclusively used in handcrafted *.h.in +dnl template files. Contrary to what AC_DEFINE_UNQUOTED does, this one +dnl prevents autoheader generation and insertion of symbol template +dnl stub and definition into the first configuration header file. Do +dnl not use this macro as a replacement for AC_DEFINE_UNQUOTED, each +dnl one serves different functional needs. + +AC_DEFUN([CURL_DEFINE_UNQUOTED], [ +cat >>confdefs.h <<_EOF +[@%:@define] $1 ifelse($#, 2, [$2], 1) +_EOF +]) + +dnl CURL_CONFIGURE_PULL_SYS_POLL +dnl ------------------------------------------------- +dnl The need for the sys/poll.h inclusion arises mainly to properly +dnl interface AIX systems which define macros 'events' and 'revents'. + +AC_DEFUN([CURL_CONFIGURE_PULL_SYS_POLL], [ + AC_REQUIRE([CURL_INCLUDES_POLL])dnl + # + tst_poll_events_macro_defined="unknown" + # + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + $curl_includes_poll + ]],[[ +#if defined(events) || defined(revents) + return 0; +#else + force compilation error +#endif + ]]) + ],[ + tst_poll_events_macro_defined="yes" + ],[ + tst_poll_events_macro_defined="no" + ]) + # + if test "$tst_poll_events_macro_defined" = "yes"; then + if test "x$ac_cv_header_sys_poll_h" = "xyes"; then + CURL_DEFINE_UNQUOTED([CURL_PULL_SYS_POLL_H]) + fi + fi + # +]) + + +dnl CURL_CHECK_FUNC_SELECT +dnl ------------------------------------------------- +dnl Test if the socket select() function is available, +dnl and check its return type and the types of its +dnl arguments. If the function succeeds HAVE_SELECT +dnl will be defined, defining the types of the +dnl arguments in SELECT_TYPE_ARG1, SELECT_TYPE_ARG234 +dnl and SELECT_TYPE_ARG5, defining the type of the +dnl function return value in SELECT_TYPE_RETV, and +dnl also defining the type qualifier of fifth argument +dnl in SELECT_QUAL_ARG5. + +AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ + AC_REQUIRE([CURL_CHECK_STRUCT_TIMEVAL])dnl + AC_CHECK_HEADERS(sys/select.h sys/socket.h) + # + AC_MSG_CHECKING([for select]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#ifdef TIME_WITH_SYS_TIME +#include +#endif +#else +#ifdef HAVE_TIME_H +#include +#endif +#endif +#ifndef HAVE_WINDOWS_H +#ifdef HAVE_PROTO_BSDSOCKET_H +#include +struct Library *SocketBase = NULL; +#define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0) +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#endif + ]],[[ + select(0, 0, 0, 0, 0); + ]]) + ],[ + AC_MSG_RESULT([yes]) + curl_cv_select="yes" + ],[ + AC_MSG_RESULT([no]) + curl_cv_select="no" + ]) + # + if test "$curl_cv_select" = "yes"; then + AC_CACHE_CHECK([types of args and return type for select], + [curl_cv_func_select_args], [ + curl_cv_func_select_args="unknown" + for sel_retv in 'int' 'ssize_t'; do + for sel_arg1 in 'int' 'ssize_t' 'size_t' 'unsigned long int' 'unsigned int'; do + for sel_arg234 in 'fd_set *' 'int *' 'void *'; do + for sel_arg5 in 'struct timeval *' 'const struct timeval *'; do + if test "$curl_cv_func_select_args" = "unknown"; then + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#undef inline +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#define SELECTCALLCONV PASCAL +#endif +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#ifdef TIME_WITH_SYS_TIME +#include +#endif +#else +#ifdef HAVE_TIME_H +#include +#endif +#endif +#ifndef HAVE_WINDOWS_H +#ifdef HAVE_PROTO_BSDSOCKET_H +#include +struct Library *SocketBase = NULL; +#define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0) +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#define SELECTCALLCONV +#endif +#ifndef HAVE_STRUCT_TIMEVAL + struct timeval { + long tv_sec; + long tv_usec; + }; +#endif +#ifndef HAVE_PROTO_BSDSOCKET_H + extern $sel_retv SELECTCALLCONV + select($sel_arg1, + $sel_arg234, + $sel_arg234, + $sel_arg234, + $sel_arg5); +#endif + ]],[[ + $sel_arg1 nfds=0; + $sel_arg234 rfds=0; + $sel_arg234 wfds=0; + $sel_arg234 efds=0; + $sel_retv res = select(nfds, rfds, wfds, efds, 0); + ]]) + ],[ + curl_cv_func_select_args="$sel_arg1,$sel_arg234,$sel_arg5,$sel_retv" + ]) + fi + done + done + done + done + ]) # AC-CACHE-CHECK + if test "$curl_cv_func_select_args" = "unknown"; then + AC_MSG_WARN([Cannot find proper types to use for select args]) + AC_MSG_WARN([HAVE_SELECT will not be defined]) + else + select_prev_IFS=$IFS; IFS=',' + set dummy `echo "$curl_cv_func_select_args" | sed 's/\*/\*/g'` + IFS=$select_prev_IFS + shift + # + sel_qual_type_arg5=$[3] + # + AC_DEFINE_UNQUOTED(SELECT_TYPE_ARG1, $[1], + [Define to the type of arg 1 for select.]) + AC_DEFINE_UNQUOTED(SELECT_TYPE_ARG234, $[2], + [Define to the type of args 2, 3 and 4 for select.]) + AC_DEFINE_UNQUOTED(SELECT_TYPE_RETV, $[4], + [Define to the function return type for select.]) + # + prev_sh_opts=$- + # + case $prev_sh_opts in + *f*) + ;; + *) + set -f + ;; + esac + # + case "$sel_qual_type_arg5" in + const*) + sel_qual_arg5=const + sel_type_arg5=`echo $sel_qual_type_arg5 | sed 's/^const //'` + ;; + *) + sel_qual_arg5= + sel_type_arg5=$sel_qual_type_arg5 + ;; + esac + # + AC_DEFINE_UNQUOTED(SELECT_QUAL_ARG5, $sel_qual_arg5, + [Define to the type qualifier of arg 5 for select.]) + AC_DEFINE_UNQUOTED(SELECT_TYPE_ARG5, $sel_type_arg5, + [Define to the type of arg 5 for select.]) + # + case $prev_sh_opts in + *f*) + ;; + *) + set +f + ;; + esac + # + AC_DEFINE_UNQUOTED(HAVE_SELECT, 1, + [Define to 1 if you have the select function.]) + curl_cv_func_select="yes" + fi + fi +]) + + +dnl CURL_VERIFY_RUNTIMELIBS +dnl ------------------------------------------------- +dnl Verify that the shared libs found so far can be used when running +dnl programs, since otherwise the situation will create odd configure errors +dnl that are misleading people. +dnl +dnl Make sure this test is run BEFORE the first test in the script that +dnl runs anything, which at the time of this writing is the AC_CHECK_SIZEOF +dnl macro. It must also run AFTER all lib-checking macros are complete. + +AC_DEFUN([CURL_VERIFY_RUNTIMELIBS], [ + + dnl this test is of course not sensible if we are cross-compiling! + if test "x$cross_compiling" != xyes; then + + dnl just run a program to verify that the libs checked for previous to this + dnl point also is available run-time! + AC_MSG_CHECKING([run-time libs availability]) + CURL_RUN_IFELSE([ +int main() +{ + return 0; +} +], + AC_MSG_RESULT([fine]), + AC_MSG_RESULT([failed]) + AC_MSG_ERROR([one or more libs available at link-time are not available run-time. Libs used at link-time: $LIBS]) + ) + + dnl if this test fails, configure has already stopped + fi +]) + + +dnl CURL_CHECK_VARIADIC_MACROS +dnl ------------------------------------------------- +dnl Check compiler support of variadic macros + +AC_DEFUN([CURL_CHECK_VARIADIC_MACROS], [ + AC_CACHE_CHECK([for compiler support of C99 variadic macro style], + [curl_cv_variadic_macros_c99], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#define c99_vmacro3(first, ...) fun3(first, __VA_ARGS__) +#define c99_vmacro2(first, ...) fun2(first, __VA_ARGS__) + int fun3(int arg1, int arg2, int arg3); + int fun2(int arg1, int arg2); + int fun3(int arg1, int arg2, int arg3) + { return arg1 + arg2 + arg3; } + int fun2(int arg1, int arg2) + { return arg1 + arg2; } + ]],[[ + int res3 = c99_vmacro3(1, 2, 3); + int res2 = c99_vmacro2(1, 2); + ]]) + ],[ + curl_cv_variadic_macros_c99="yes" + ],[ + curl_cv_variadic_macros_c99="no" + ]) + ]) + case "$curl_cv_variadic_macros_c99" in + yes) + AC_DEFINE_UNQUOTED(HAVE_VARIADIC_MACROS_C99, 1, + [Define to 1 if compiler supports C99 variadic macro style.]) + ;; + esac + AC_CACHE_CHECK([for compiler support of old gcc variadic macro style], + [curl_cv_variadic_macros_gcc], [ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#define gcc_vmacro3(first, args...) fun3(first, args) +#define gcc_vmacro2(first, args...) fun2(first, args) + int fun3(int arg1, int arg2, int arg3); + int fun2(int arg1, int arg2); + int fun3(int arg1, int arg2, int arg3) + { return arg1 + arg2 + arg3; } + int fun2(int arg1, int arg2) + { return arg1 + arg2; } + ]],[[ + int res3 = gcc_vmacro3(1, 2, 3); + int res2 = gcc_vmacro2(1, 2); + ]]) + ],[ + curl_cv_variadic_macros_gcc="yes" + ],[ + curl_cv_variadic_macros_gcc="no" + ]) + ]) + case "$curl_cv_variadic_macros_gcc" in + yes) + AC_DEFINE_UNQUOTED(HAVE_VARIADIC_MACROS_GCC, 1, + [Define to 1 if compiler supports old gcc variadic macro style.]) + ;; + esac +]) + + +dnl CURL_CHECK_CA_BUNDLE +dnl ------------------------------------------------- +dnl Check if a default ca-bundle should be used +dnl +dnl regarding the paths this will scan: +dnl /etc/ssl/certs/ca-certificates.crt Debian systems +dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva +dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat +dnl /usr/local/share/certs/ca-root-nss.crt FreeBSD +dnl /etc/ssl/cert.pem OpenBSD, FreeBSD (symlink) +dnl /etc/ssl/certs/ (ca path) SUSE + +AC_DEFUN([CURL_CHECK_CA_BUNDLE], [ + + AC_MSG_CHECKING([default CA cert bundle/path]) + + AC_ARG_WITH(ca-bundle, +AC_HELP_STRING([--with-ca-bundle=FILE], +[Path to a file containing CA certificates (example: /etc/ca-bundle.crt)]) +AC_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]), + [ + want_ca="$withval" + if test "x$want_ca" = "xyes"; then + AC_MSG_ERROR([--with-ca-bundle=FILE requires a path to the CA bundle]) + fi + ], + [ want_ca="unset" ]) + AC_ARG_WITH(ca-path, +AC_HELP_STRING([--with-ca-path=DIRECTORY], +[Path to a directory containing CA certificates stored individually, with \ +their filenames in a hash format. This option can be used with the OpenSSL, \ +GnuTLS and mbedTLS backends. Refer to OpenSSL c_rehash for details. \ +(example: /etc/certificates)]) +AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), + [ + want_capath="$withval" + if test "x$want_capath" = "xyes"; then + AC_MSG_ERROR([--with-ca-path=DIRECTORY requires a path to the CA path directory]) + fi + ], + [ want_capath="unset"]) + + ca_warning=" (warning: certs not found)" + capath_warning=" (warning: certs not found)" + check_capath="" + + if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \ + "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then + dnl both given + ca="$want_ca" + capath="$want_capath" + elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then + dnl --with-ca-bundle given + ca="$want_ca" + capath="no" + elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then + dnl --with-ca-path given + if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$MBEDTLS_ENABLED" != "x1"; then + AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or mbedTLS]) + fi + capath="$want_capath" + ca="no" + else + dnl first try autodetecting a CA bundle , then a CA path + dnl both autodetections can be skipped by --without-ca-* + ca="no" + capath="no" + if test "x$cross_compiling" != "xyes"; then + dnl NOT cross-compiling and... + dnl neither of the --with-ca-* options are provided + if test "x$want_ca" = "xunset"; then + dnl the path we previously would have installed the curl ca bundle + dnl to, and thus we now check for an already existing cert in that + dnl place in case we find no other + if test "x$prefix" != xNONE; then + cac="${prefix}/share/curl/curl-ca-bundle.crt" + else + cac="$ac_default_prefix/share/curl/curl-ca-bundle.crt" + fi + + for a in /etc/ssl/certs/ca-certificates.crt \ + /etc/pki/tls/certs/ca-bundle.crt \ + /usr/share/ssl/certs/ca-bundle.crt \ + /usr/local/share/certs/ca-root-nss.crt \ + /etc/ssl/cert.pem \ + "$cac"; do + if test -f "$a"; then + ca="$a" + break + fi + done + fi + if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \ + "x$OPENSSL_ENABLED" = "x1"; then + check_capath="/etc/ssl/certs/" + fi + else + dnl no option given and cross-compiling + AC_MSG_WARN([skipped the ca-cert path detection when cross-compiling]) + fi + fi + + if test "x$ca" = "xno" || test -f "$ca"; then + ca_warning="" + fi + + if test "x$capath" != "xno"; then + check_capath="$capath" + fi + + if test ! -z "$check_capath"; then + for a in "$check_capath"; do + if test -d "$a" && ls "$a"/[[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]].0 >/dev/null 2>/dev/null; then + if test "x$capath" = "xno"; then + capath="$a" + fi + capath_warning="" + break + fi + done + fi + + if test "x$capath" = "xno"; then + capath_warning="" + fi + + if test "x$ca" != "xno"; then + CURL_CA_BUNDLE='"'$ca'"' + AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle]) + AC_SUBST(CURL_CA_BUNDLE) + AC_MSG_RESULT([$ca]) + fi + if test "x$capath" != "xno"; then + CURL_CA_PATH="\"$capath\"" + AC_DEFINE_UNQUOTED(CURL_CA_PATH, "$capath", [Location of default ca path]) + AC_MSG_RESULT([$capath (capath)]) + fi + if test "x$ca" = "xno" && test "x$capath" = "xno"; then + AC_MSG_RESULT([no]) + fi + + AC_MSG_CHECKING([whether to use builtin CA store of SSL library]) + AC_ARG_WITH(ca-fallback, +AC_HELP_STRING([--with-ca-fallback], [Use the built in CA store of the SSL library]) +AC_HELP_STRING([--without-ca-fallback], [Don't use the built in CA store of the SSL library]), + [ + if test "x$with_ca_fallback" != "xyes" -a "x$with_ca_fallback" != "xno"; then + AC_MSG_ERROR([--with-ca-fallback only allows yes or no as parameter]) + fi + ], + [ with_ca_fallback="no"]) + AC_MSG_RESULT([$with_ca_fallback]) + if test "x$with_ca_fallback" = "xyes"; then + if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1"; then + AC_MSG_ERROR([--with-ca-fallback only works with OpenSSL or GnuTLS]) + fi + AC_DEFINE_UNQUOTED(CURL_CA_FALLBACK, 1, [define "1" to use built in CA store of SSL library ]) + fi +]) + +dnl CURL_CHECK_WIN32_LARGEFILE +dnl ------------------------------------------------- +dnl Check if curl's WIN32 large file will be used + +AC_DEFUN([CURL_CHECK_WIN32_LARGEFILE], [ + AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_MSG_CHECKING([whether build target supports WIN32 file API]) + curl_win32_file_api="no" + if test "$curl_cv_header_windows_h" = "yes"; then + if test x"$enable_largefile" != "xno"; then + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + ]],[[ +#if !defined(_WIN32_WCE) && \ + (defined(__MINGW32__) || \ + (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64)))) + int dummy=1; +#else + WIN32 large file API not supported. +#endif + ]]) + ],[ + curl_win32_file_api="win32_large_files" + ]) + fi + if test "$curl_win32_file_api" = "no"; then + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + ]],[[ +#if defined(_WIN32_WCE) || defined(__MINGW32__) || defined(_MSC_VER) + int dummy=1; +#else + WIN32 small file API not supported. +#endif + ]]) + ],[ + curl_win32_file_api="win32_small_files" + ]) + fi + fi + case "$curl_win32_file_api" in + win32_large_files) + AC_MSG_RESULT([yes (large file enabled)]) + AC_DEFINE_UNQUOTED(USE_WIN32_LARGE_FILES, 1, + [Define to 1 if you are building a Windows target with large file support.]) + ;; + win32_small_files) + AC_MSG_RESULT([yes (large file disabled)]) + AC_DEFINE_UNQUOTED(USE_WIN32_SMALL_FILES, 1, + [Define to 1 if you are building a Windows target without large file support.]) + ;; + *) + AC_MSG_RESULT([no]) + ;; + esac +]) + +dnl CURL_EXPORT_PCDIR ($pcdir) +dnl ------------------------ +dnl if $pcdir is not empty, set PKG_CONFIG_LIBDIR to $pcdir and export +dnl +dnl we need this macro since pkg-config distinguishes among empty and unset +dnl variable while checking PKG_CONFIG_LIBDIR +dnl + +AC_DEFUN([CURL_EXPORT_PCDIR], [ + if test -n "$1"; then + PKG_CONFIG_LIBDIR="$1" + export PKG_CONFIG_LIBDIR + fi +]) + +dnl CURL_CHECK_PKGCONFIG ($module, [$pcdir]) +dnl ------------------------ +dnl search for the pkg-config tool. Set the PKGCONFIG variable to hold the +dnl path to it, or 'no' if not found/present. +dnl +dnl If pkg-config is present, check that it has info about the $module or +dnl return "no" anyway! +dnl +dnl Optionally PKG_CONFIG_LIBDIR may be given as $pcdir. +dnl + +AC_DEFUN([CURL_CHECK_PKGCONFIG], [ + if test -n "$PKG_CONFIG"; then + PKGCONFIG="$PKG_CONFIG" + else + AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no], + [$PATH:/usr/bin:/usr/local/bin]) + fi + + if test "x$PKGCONFIG" != "xno"; then + AC_MSG_CHECKING([for $1 options with pkg-config]) + dnl ask pkg-config about $1 + itexists=`CURL_EXPORT_PCDIR([$2]) dnl + $PKGCONFIG --exists $1 >/dev/null 2>&1 && echo 1` + + if test -z "$itexists"; then + dnl pkg-config does not have info about the given module! set the + dnl variable to 'no' + PKGCONFIG="no" + AC_MSG_RESULT([no]) + else + AC_MSG_RESULT([found]) + fi + fi +]) + + +dnl CURL_GENERATE_CONFIGUREHELP_PM +dnl ------------------------------------------------- +dnl Generate test harness configurehelp.pm module, defining and +dnl initializing some perl variables with values which are known +dnl when the configure script runs. For portability reasons, test +dnl harness needs information on how to run the C preprocessor. + +AC_DEFUN([CURL_GENERATE_CONFIGUREHELP_PM], [ + AC_REQUIRE([AC_PROG_CPP])dnl + tmp_cpp=`eval echo "$ac_cpp" 2>/dev/null` + if test -z "$tmp_cpp"; then + tmp_cpp='cpp' + fi + cat >./tests/configurehelp.pm <<_EOF +[@%:@] This is a generated file. Do not edit. + +package configurehelp; + +use strict; +use warnings; +use Exporter; + +use vars qw( + @ISA + @EXPORT_OK + \$Cpreprocessor + ); + +@ISA = qw(Exporter); + +@EXPORT_OK = qw( + \$Cpreprocessor + ); + +\$Cpreprocessor = '$tmp_cpp'; + +1; +_EOF +]) + +dnl CURL_CPP_P +dnl +dnl Check if $cpp -P should be used for extract define values due to gcc 5 +dnl splitting up strings and defines between line outputs. gcc by default +dnl (without -P) will show TEST EINVAL TEST as +dnl +dnl # 13 "conftest.c" +dnl TEST +dnl # 13 "conftest.c" 3 4 +dnl 22 +dnl # 13 "conftest.c" +dnl TEST + +AC_DEFUN([CURL_CPP_P], [ + AC_MSG_CHECKING([if cpp -P is needed]) + AC_EGREP_CPP([TEST.*TEST], [ + #include +TEST EINVAL TEST + ], [cpp=no], [cpp=yes]) + AC_MSG_RESULT([$cpp]) + + dnl we need cpp -P so check if it works then + if test "x$cpp" = "xyes"; then + AC_MSG_CHECKING([if cpp -P works]) + OLDCPPFLAGS=$CPPFLAGS + CPPFLAGS="$CPPFLAGS -P" + AC_EGREP_CPP([TEST.*TEST], [ + #include +TEST EINVAL TEST + ], [cpp_p=yes], [cpp_p=no]) + AC_MSG_RESULT([$cpp_p]) + + if test "x$cpp_p" = "xno"; then + AC_MSG_WARN([failed to figure out cpp -P alternative]) + # without -P + CPPPFLAG="" + else + # with -P + CPPPFLAG="-P" + fi + dnl restore CPPFLAGS + CPPFLAGS=$OLDCPPFLAGS + else + # without -P + CPPPFLAG="" + fi +]) + + +dnl CURL_MAC_CFLAGS +dnl +dnl Check if -mmacosx-version-min, -miphoneos-version-min or any +dnl similar are set manually, otherwise do. And set +dnl -Werror=partial-availability. +dnl + +AC_DEFUN([CURL_MAC_CFLAGS], [ + + tst_cflags="no" + case $host_os in + darwin*) + tst_cflags="yes" + ;; + esac + + AC_MSG_CHECKING([for good-to-use Mac CFLAGS]) + AC_MSG_RESULT([$tst_cflags]); + + if test "$tst_cflags" = "yes"; then + AC_MSG_CHECKING([for *version-min in CFLAGS]) + min="" + if test -z "$(echo $CFLAGS | grep m.*os.*-version-min)"; then + min="-mmacosx-version-min=10.8" + CFLAGS="$CFLAGS $min" + fi + if test -z "$min"; then + AC_MSG_RESULT([set by user]) + else + AC_MSG_RESULT([$min set]) + fi + + old_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -Werror=partial-availability" + AC_MSG_CHECKING([whether $CC accepts -Werror=partial-availability]) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM()], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + CFLAGS=$old_CFLAGS]) + fi + +]) + + +dnl CURL_SUPPORTS_BUILTIN_AVAILABLE +dnl +dnl Check to see if the compiler supports __builtin_available. This built-in +dnl compiler function first appeared in Apple LLVM 9.0.0. It's so new that, at +dnl the time this macro was written, the function was not yet documented. Its +dnl purpose is to return true if the code is running under a certain OS version +dnl or later. + +AC_DEFUN([CURL_SUPPORTS_BUILTIN_AVAILABLE], [ + AC_MSG_CHECKING([to see if the compiler supports __builtin_available()]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include + ]],[[ + if (__builtin_available(macOS 10.8, iOS 5.0, *)) {} + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_BUILTIN_AVAILABLE, 1, + [Define to 1 if you have the __builtin_available function.]) + ],[ + AC_MSG_RESULT([no]) + ]) +]) diff --git a/extern/curl/appveyor.yml b/extern/curl/appveyor.yml new file mode 100644 index 0000000000..25361a0b64 --- /dev/null +++ b/extern/curl/appveyor.yml @@ -0,0 +1,218 @@ +version: 7.50.0.{build} + +environment: + matrix: + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: CMake + PRJ_GEN: "Visual Studio 9 2008" + PRJ_CFG: Release + OPENSSL: OFF + WINSSL: ON + HTTP_ONLY: OFF + TESTING: OFF + SHARED: ON + DISABLED_TESTS: "" + COMPILER_PATH: "" + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" + BUILD_SYSTEM: CMake + PRJ_GEN: "Visual Studio 16 2019" + TARGET: "-A x64" + PRJ_CFG: Debug + OPENSSL: OFF + WINSSL: ON + HTTP_ONLY: OFF + TESTING: ON + SHARED: OFF + DISABLED_TESTS: "!1139" + COMPILER_PATH: "" + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" + BUILD_SYSTEM: CMake + PRJ_GEN: "Visual Studio 16 2019" + TARGET: "-A x64" + PRJ_CFG: Release + OPENSSL: ON + WINSSL: OFF + HTTP_ONLY: OFF + TESTING: OFF + SHARED: ON + DISABLED_TESTS: "" + COMPILER_PATH: "" + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: CMake + PRJ_GEN: "Visual Studio 10 2010 Win64" + PRJ_CFG: Debug + OPENSSL: OFF + WINSSL: OFF + HTTP_ONLY: OFF + TESTING: ON + SHARED: OFF + DISABLED_TESTS: "!1139" + COMPILER_PATH: "" + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" + BUILD_SYSTEM: CMake + PRJ_GEN: "Visual Studio 16 2019" + TARGET: "-A x64" + PRJ_CFG: Debug + OPENSSL: OFF + WINSSL: OFF + HTTP_ONLY: OFF + TESTING: ON + SHARED: OFF + DISABLED_TESTS: "!1139" + COMPILER_PATH: "" + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" + BUILD_SYSTEM: CMake + PRJ_GEN: "Visual Studio 16 2019" + TARGET: "-A x64" + PRJ_CFG: Debug + OPENSSL: OFF + WINSSL: OFF + HTTP_ONLY: ON + TESTING: ON + SHARED: OFF + DISABLED_TESTS: "!1139" + COMPILER_PATH: "" + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: CMake + PRJ_GEN: "MSYS Makefiles" + PRJ_CFG: Debug + OPENSSL: OFF + WINSSL: OFF + HTTP_ONLY: OFF + TESTING: ON + SHARED: OFF + DISABLED_TESTS: "!1139" + COMPILER_PATH: "C:\\mingw-w64\\x86_64-8.1.0-posix-seh-rt_v6-rev0\\mingw64\\bin" + MSYS2_ARG_CONV_EXCL: "/*" + BUILD_OPT: -k + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: CMake + PRJ_GEN: "MSYS Makefiles" + PRJ_CFG: Debug + OPENSSL: OFF + WINSSL: ON + HTTP_ONLY: OFF + TESTING: ON + SHARED: OFF + DISABLED_TESTS: "!1139" + COMPILER_PATH: "C:\\mingw-w64\\i686-6.3.0-posix-dwarf-rt_v5-rev1\\mingw32\\bin" + MSYS2_ARG_CONV_EXCL: "/*" + BUILD_OPT: -k + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: CMake + PRJ_GEN: "MSYS Makefiles" + PRJ_CFG: Debug + OPENSSL: OFF + WINSSL: OFF + HTTP_ONLY: OFF + TESTING: ON + SHARED: OFF + DISABLED_TESTS: "!1139" + COMPILER_PATH: "C:\\MinGW\\bin" + MSYS2_ARG_CONV_EXCL: "/*" + BUILD_OPT: -k + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: winbuild_vs2015 + DEBUG: yes + PATHPART: debug + TESTING: OFF + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: winbuild_vs2015 + DEBUG: no + PATHPART: release + TESTING: OFF + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" + BUILD_SYSTEM: winbuild_vs2017 + DEBUG: yes + PATHPART: debug + TESTING: OFF + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" + BUILD_SYSTEM: winbuild_vs2017 + DEBUG: no + PATHPART: release + TESTING: OFF + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" + BUILD_SYSTEM: VisualStudioSolution + PRJ_CFG: "DLL Debug - DLL Windows SSPI - DLL WinIDN" + TESTING: OFF + VC_VERSION: VC15 + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" + BUILD_SYSTEM: CMake + PRJ_GEN: "Visual Studio 16 2019" + TARGET: "-A ARM64" + PRJ_CFG: Release + OPENSSL: OFF + WINSSL: ON + HTTP_ONLY: OFF + TESTING: OFF + SHARED: OFF + DISABLED_TESTS: "" + COMPILER_PATH: "" + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: autotools + TESTING: ON + DISABLED_TESTS: "!19 !1056 !1233 !1242 !1243 !2002 !2003" + CONFIG_ARGS: "--enable-debug --enable-werror --enable-alt-svc --disable-threaded-resolver --disable-proxy" + +install: + - set "PATH=C:\msys64\usr\bin;%PATH%" + - if not "%COMPILER_PATH%"=="" ( + set "PATH=%COMPILER_PATH%;%PATH%" ) + +build_script: + - if %BUILD_SYSTEM%==CMake ( + cmake . + -G"%PRJ_GEN%" + %TARGET% + -DCMAKE_USE_OPENSSL=%OPENSSL% + -DCMAKE_USE_WINSSL=%WINSSL% + -DHTTP_ONLY=%HTTP_ONLY% + -DBUILD_SHARED_LIBS=%SHARED% + -DBUILD_TESTING=%TESTING% + -DCURL_WERROR=ON + -DENABLE_DEBUG=ON + -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE="" + -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG="" + -DCMAKE_INSTALL_PREFIX="C:/CURL" + -DCMAKE_BUILD_TYPE=%PRJ_CFG% && + cmake --build . --config %PRJ_CFG% --parallel 2 --clean-first -- %BUILD_OPT% + ) else ( + if %BUILD_SYSTEM%==VisualStudioSolution ( + cd projects && + .\\generate.bat %VC_VERSION% && + msbuild.exe /p:Configuration="%PRJ_CFG%" "Windows\\%VC_VERSION%\\curl-all.sln" + ) else ( + if %BUILD_SYSTEM%==winbuild_vs2015 ( + call buildconf.bat && + cd winbuild && + call "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd" /x64 && + call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86_amd64 && + nmake /f Makefile.vc mode=dll VC=14 "SSL_PATH=C:\OpenSSL-v111-Win64" WITH_SSL=dll MACHINE=x64 DEBUG=%DEBUG% && + ..\builds\libcurl-vc14-x64-%PATHPART%-dll-ssl-dll-ipv6-sspi\bin\curl.exe -V + ) else ( + if %BUILD_SYSTEM%==winbuild_vs2017 ( + call buildconf.bat && + cd winbuild && + call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat" && + nmake /f Makefile.vc mode=dll VC=15 "SSL_PATH=C:\OpenSSL-v111-Win64" WITH_SSL=dll MACHINE=x64 DEBUG=%DEBUG% && + ..\builds\libcurl-vc15-x64-%PATHPART%-dll-ssl-dll-ipv6-sspi\bin\curl.exe -V + ) else ( + if %BUILD_SYSTEM%==autotools ( + bash.exe -e -l -c "cd /c/projects/curl && ./buildconf && ./configure %CONFIG_ARGS% && make && make examples && cd tests && make" + ))))) + +test_script: + - if %TESTING%==ON ( + bash.exe -e -l -c "cd /c/projects/curl/tests && ./runtests.pl -a -p !flaky %DISABLED_TESTS%" ) + +# whitelist branches to avoid testing feature branches twice (as branch and as pull request) +branches: + only: + - master + - /\/ci$/ + +artifacts: + - path: '**/curl.exe' + name: curl + - path: '**/libcurl.dll' + name: libcurl diff --git a/extern/curl/buildconf b/extern/curl/buildconf new file mode 100755 index 0000000000..5095753129 --- /dev/null +++ b/extern/curl/buildconf @@ -0,0 +1,448 @@ +#!/bin/sh +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### + +#-------------------------------------------------------------------------- +# die prints argument string to stdout and exits this shell script. +# +die(){ + echo "buildconf: $@" + exit 1 +} + +#-------------------------------------------------------------------------- +# findtool works as 'which' but we use a different name to make it more +# obvious we aren't using 'which'! ;-) +# Unlike 'which' does, the current directory is ignored. +# +findtool(){ + file="$1" + + if { echo "$file" | grep "/" >/dev/null 2>&1; } then + # when file is given with a path check it first + if test -f "$file"; then + echo "$file" + return + fi + fi + + old_IFS=$IFS; IFS=':' + for path in $PATH + do + IFS=$old_IFS + # echo "checks for $file in $path" >&2 + if test "$path" -a "$path" != '.' -a -f "$path/$file"; then + echo "$path/$file" + return + fi + done + IFS=$old_IFS +} + +#-------------------------------------------------------------------------- +# removethis() removes all files and subdirectories with the given name, +# inside and below the current subdirectory at invocation time. +# +removethis(){ + if test "$#" = "1"; then + find . -depth -name $1 -print > buildconf.tmp.$$ + while read fdname + do + if test -f "$fdname"; then + rm -f "$fdname" + elif test -d "$fdname"; then + rm -f -r "$fdname" + fi + done < buildconf.tmp.$$ + rm -f buildconf.tmp.$$ + fi +} + +#-------------------------------------------------------------------------- +# Ensure that buildconf runs from the subdirectory where configure.ac lives +# +if test ! -f configure.ac || + test ! -f src/tool_main.c || + test ! -f lib/urldata.h || + test ! -f include/curl/curl.h || + test ! -f m4/curl-functions.m4; then + echo "Can not run buildconf from outside of curl's source subdirectory!" + echo "Change to the subdirectory where buildconf is found, and try again." + exit 1 +fi + +#-------------------------------------------------------------------------- +# autoconf 2.57 or newer. Unpatched version 2.67 does not generate proper +# configure script. Unpatched version 2.68 is simply unusable, we should +# disallow 2.68 usage. +# +need_autoconf="2.57" +ac_version=`${AUTOCONF:-autoconf} --version 2>/dev/null|head -n 1| sed -e 's/^[^0-9]*//' -e 's/[a-z]* *$//'` +if test -z "$ac_version"; then + echo "buildconf: autoconf not found." + echo " You need autoconf version $need_autoconf or newer installed." + exit 1 +fi +old_IFS=$IFS; IFS='.'; set $ac_version; IFS=$old_IFS +if test "$1" = "2" -a "$2" -lt "57" || test "$1" -lt "2"; then + echo "buildconf: autoconf version $ac_version found." + echo " You need autoconf version $need_autoconf or newer installed." + echo " If you have a sufficient autoconf installed, but it" + echo " is not named 'autoconf', then try setting the" + echo " AUTOCONF environment variable." + exit 1 +fi + +if test "$1" = "2" -a "$2" -eq "67"; then + echo "buildconf: autoconf version $ac_version (BAD)" + echo " Unpatched version generates broken configure script." +elif test "$1" = "2" -a "$2" -eq "68"; then + echo "buildconf: autoconf version $ac_version (BAD)" + echo " Unpatched version generates unusable configure script." +else + echo "buildconf: autoconf version $ac_version (ok)" +fi + +am4te_version=`${AUTOM4TE:-autom4te} --version 2>/dev/null|head -n 1| sed -e 's/autom4te\(.*\)/\1/' -e 's/^[^0-9]*//' -e 's/[a-z]* *$//'` +if test -z "$am4te_version"; then + echo "buildconf: autom4te not found. Weird autoconf installation!" + exit 1 +fi +if test "$am4te_version" = "$ac_version"; then + echo "buildconf: autom4te version $am4te_version (ok)" +else + echo "buildconf: autom4te version $am4te_version (ERROR: does not match autoconf version)" + exit 1 +fi + +#-------------------------------------------------------------------------- +# autoheader 2.50 or newer +# +ah_version=`${AUTOHEADER:-autoheader} --version 2>/dev/null|head -n 1| sed -e 's/^[^0-9]*//' -e 's/[a-z]* *$//'` +if test -z "$ah_version"; then + echo "buildconf: autoheader not found." + echo " You need autoheader version 2.50 or newer installed." + exit 1 +fi +old_IFS=$IFS; IFS='.'; set $ah_version; IFS=$old_IFS +if test "$1" = "2" -a "$2" -lt "50" || test "$1" -lt "2"; then + echo "buildconf: autoheader version $ah_version found." + echo " You need autoheader version 2.50 or newer installed." + echo " If you have a sufficient autoheader installed, but it" + echo " is not named 'autoheader', then try setting the" + echo " AUTOHEADER environment variable." + exit 1 +fi + +echo "buildconf: autoheader version $ah_version (ok)" + +#-------------------------------------------------------------------------- +# automake 1.7 or newer +# +need_automake="1.7" +am_version=`${AUTOMAKE:-automake} --version 2>/dev/null|head -n 1| sed -e 's/^.* \([0-9]\)/\1/' -e 's/[a-z]* *$//' -e 's/\(.*\)\(-p.*\)/\1/'` +if test -z "$am_version"; then + echo "buildconf: automake not found." + echo " You need automake version $need_automake or newer installed." + exit 1 +fi +old_IFS=$IFS; IFS='.'; set $am_version; IFS=$old_IFS +if test "$1" = "1" -a "$2" -lt "7" || test "$1" -lt "1"; then + echo "buildconf: automake version $am_version found." + echo " You need automake version $need_automake or newer installed." + echo " If you have a sufficient automake installed, but it" + echo " is not named 'automake', then try setting the" + echo " AUTOMAKE environment variable." + exit 1 +fi + +echo "buildconf: automake version $am_version (ok)" + +acloc_version=`${ACLOCAL:-aclocal} --version 2>/dev/null|head -n 1| sed -e 's/^.* \([0-9]\)/\1/' -e 's/[a-z]* *$//' -e 's/\(.*\)\(-p.*\)/\1/'` +if test -z "$acloc_version"; then + echo "buildconf: aclocal not found. Weird automake installation!" + exit 1 +fi +if test "$acloc_version" = "$am_version"; then + echo "buildconf: aclocal version $acloc_version (ok)" +else + echo "buildconf: aclocal version $acloc_version (ERROR: does not match automake version)" + exit 1 +fi + +#-------------------------------------------------------------------------- +# GNU libtoolize preliminary check +# +want_lt_major=1 +want_lt_minor=4 +want_lt_patch=2 +want_lt_version=1.4.2 + +# This approach that tries 'glibtoolize' first is intended for systems that +# have GNU libtool named as 'glibtoolize' and libtoolize not being GNU's. + +libtoolize=`findtool glibtoolize 2>/dev/null` +if test ! -x "$libtoolize"; then + libtoolize=`findtool ${LIBTOOLIZE:-libtoolize}` +fi +if test -z "$libtoolize"; then + echo "buildconf: libtoolize not found." + echo " You need GNU libtoolize $want_lt_version or newer installed." + exit 1 +fi + +lt_pver=`$libtoolize --version 2>/dev/null|head -n 1` +lt_qver=`echo $lt_pver|sed -e "s/([^)]*)//g" -e "s/^[^0-9]*//g"` +lt_version=`echo $lt_qver|sed -e "s/[- ].*//" -e "s/\([a-z]*\)$//"` +if test -z "$lt_version"; then + echo "buildconf: libtoolize not found." + echo " You need GNU libtoolize $want_lt_version or newer installed." + exit 1 +fi +old_IFS=$IFS; IFS='.'; set $lt_version; IFS=$old_IFS +lt_major=$1 +lt_minor=$2 +lt_patch=$3 + +if test -z "$lt_major"; then + lt_status="bad" +elif test "$lt_major" -gt "$want_lt_major"; then + lt_status="good" +elif test "$lt_major" -lt "$want_lt_major"; then + lt_status="bad" +elif test -z "$lt_minor"; then + lt_status="bad" +elif test "$lt_minor" -gt "$want_lt_minor"; then + lt_status="good" +elif test "$lt_minor" -lt "$want_lt_minor"; then + lt_status="bad" +elif test -z "$lt_patch"; then + lt_status="bad" +elif test "$lt_patch" -gt "$want_lt_patch"; then + lt_status="good" +elif test "$lt_patch" -lt "$want_lt_patch"; then + lt_status="bad" +else + lt_status="good" +fi +if test "$lt_status" != "good"; then + echo "buildconf: libtoolize version $lt_version found." + echo " You need GNU libtoolize $want_lt_version or newer installed." + exit 1 +fi + +echo "buildconf: libtoolize version $lt_version (ok)" + +#-------------------------------------------------------------------------- +# m4 check +# +m4=`(${M4:-m4} --version 0<&- || ${M4:-gm4} --version) 2>/dev/null 0<&- | head -n 1`; +m4_version=`echo $m4 | sed -e 's/^.* \([0-9]\)/\1/' -e 's/[a-z]* *$//'` + +if { echo $m4 | grep "GNU" >/dev/null 2>&1; } then + echo "buildconf: GNU m4 version $m4_version (ok)" +else + if test -z "$m4"; then + echo "buildconf: m4 version not recognized. You need a GNU m4 installed!" + else + echo "buildconf: m4 version $m4 found. You need a GNU m4 installed!" + fi + exit 1 +fi + +#-------------------------------------------------------------------------- +# perl check +# +PERL=`findtool ${PERL:-perl}` +if test -z "$PERL"; then + echo "buildconf: perl not found" + exit 1 +fi + +#-------------------------------------------------------------------------- +# Remove files generated on previous buildconf/configure run. +# +for fname in .deps \ + .libs \ + *.la \ + *.lo \ + *.a \ + *.o \ + Makefile \ + Makefile.in \ + aclocal.m4 \ + aclocal.m4.bak \ + ares_build.h \ + ares_config.h \ + ares_config.h.in \ + autom4te.cache \ + compile \ + config.guess \ + curl_config.h \ + curl_config.h.in \ + config.log \ + config.lt \ + config.status \ + config.sub \ + configure \ + configurehelp.pm \ + curl-config \ + depcomp \ + libcares.pc \ + libcurl.pc \ + libtool \ + libtool.m4 \ + libtool.m4.tmp \ + ltmain.sh \ + ltoptions.m4 \ + ltsugar.m4 \ + ltversion.m4 \ + lt~obsolete.m4 \ + missing \ + install-sh \ + stamp-h1 \ + stamp-h2 \ + stamp-h3 ; do + removethis "$fname" +done + +#-------------------------------------------------------------------------- +# run the correct scripts now +# + +echo "buildconf: running libtoolize" +${libtoolize} --copy --force || die "libtoolize command failed" + +# When using libtool 1.5.X (X < 26) we copy libtool.m4 to our local m4 +# subdirectory and this local copy is patched to fix some warnings that +# are triggered when running aclocal and using autoconf 2.62 or later. + +if test "$lt_major" = "1" && test "$lt_minor" = "5"; then + if test -z "$lt_patch" || test "$lt_patch" -lt "26"; then + echo "buildconf: copying libtool.m4 to local m4 subdir" + ac_dir=`${ACLOCAL:-aclocal} --print-ac-dir` + if test -f $ac_dir/libtool.m4; then + cp -f $ac_dir/libtool.m4 m4/libtool.m4 + else + echo "buildconf: $ac_dir/libtool.m4 not found" + fi + if test -f m4/libtool.m4; then + echo "buildconf: renaming some variables in local m4/libtool.m4" + $PERL -i.tmp -pe \ + 's/lt_prog_compiler_pic_works/lt_cv_prog_compiler_pic_works/g; \ + s/lt_prog_compiler_static_works/lt_cv_prog_compiler_static_works/g;' \ + m4/libtool.m4 + rm -f m4/libtool.m4.tmp + fi + fi +fi + +if test -f m4/libtool.m4; then + echo "buildconf: converting all mv to mv -f in local m4/libtool.m4" + $PERL -i.tmp -pe 's/\bmv +([^-\s])/mv -f $1/g' m4/libtool.m4 + rm -f m4/libtool.m4.tmp +fi + +echo "buildconf: running aclocal" +${ACLOCAL:-aclocal} -I m4 $ACLOCAL_FLAGS || die "aclocal command failed" + +echo "buildconf: converting all mv to mv -f in local aclocal.m4" +$PERL -i.bak -pe 's/\bmv +([^-\s])/mv -f $1/g' aclocal.m4 + +echo "buildconf: running autoheader" +${AUTOHEADER:-autoheader} || die "autoheader command failed" + +echo "buildconf: running autoconf" +${AUTOCONF:-autoconf} || die "autoconf command failed" + +if test -d ares; then + cd ares + echo "buildconf: running in ares" + ./buildconf + cd .. +fi + +echo "buildconf: running automake" +${AUTOMAKE:-automake} --add-missing --copy || die "automake command failed" + +#-------------------------------------------------------------------------- +# GNU libtool complementary check +# +# Depending on the libtool and automake versions being used, config.guess +# might not be installed in the subdirectory until automake has finished. +# So we can not attempt to use it until this very last buildconf stage. +# +if test ! -f ./config.guess; then + echo "buildconf: config.guess not found" +else + buildhost=`./config.guess 2>/dev/null|head -n 1` + case $buildhost in + *-*-darwin*) + need_lt_major=1 + need_lt_minor=5 + need_lt_patch=26 + need_lt_check="yes" + ;; + *-*-hpux*) + need_lt_major=1 + need_lt_minor=5 + need_lt_patch=24 + need_lt_check="yes" + ;; + esac + if test ! -z "$need_lt_check"; then + if test -z "$lt_major"; then + lt_status="bad" + elif test "$lt_major" -gt "$need_lt_major"; then + lt_status="good" + elif test "$lt_major" -lt "$need_lt_major"; then + lt_status="bad" + elif test -z "$lt_minor"; then + lt_status="bad" + elif test "$lt_minor" -gt "$need_lt_minor"; then + lt_status="good" + elif test "$lt_minor" -lt "$need_lt_minor"; then + lt_status="bad" + elif test -z "$lt_patch"; then + lt_status="bad" + elif test "$lt_patch" -gt "$need_lt_patch"; then + lt_status="good" + elif test "$lt_patch" -lt "$need_lt_patch"; then + lt_status="bad" + else + lt_status="good" + fi + if test "$lt_status" != "good"; then + need_lt_version="$need_lt_major.$need_lt_minor.$need_lt_patch" + echo "buildconf: libtool version $lt_version found." + echo " $buildhost requires GNU libtool $need_lt_version or newer installed." + rm -f configure + exit 1 + fi + fi +fi + +#-------------------------------------------------------------------------- +# Finished successfully. +# +echo "buildconf: OK" +exit 0 diff --git a/extern/curl/buildconf.bat b/extern/curl/buildconf.bat new file mode 100644 index 0000000000..0435233151 --- /dev/null +++ b/extern/curl/buildconf.bat @@ -0,0 +1,317 @@ +@echo off +rem *************************************************************************** +rem * _ _ ____ _ +rem * Project ___| | | | _ \| | +rem * / __| | | | |_) | | +rem * | (__| |_| | _ <| |___ +rem * \___|\___/|_| \_\_____| +rem * +rem * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. +rem * +rem * This software is licensed as described in the file COPYING, which +rem * you should have received as part of this distribution. The terms +rem * are also available at https://curl.haxx.se/docs/copyright.html. +rem * +rem * You may opt to use, copy, modify, merge, publish, distribute and/or sell +rem * copies of the Software, and permit persons to whom the Software is +rem * furnished to do so, under the terms of the COPYING file. +rem * +rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +rem * KIND, either express or implied. +rem * +rem *************************************************************************** + +rem NOTES +rem +rem This batch file must be used to set up a git tree to build on systems where +rem there is no autotools support (i.e. DOS and Windows). +rem + +:begin + rem Set our variables + if "%OS%" == "Windows_NT" setlocal + set MODE=GENERATE + + rem Switch to this batch file's directory + cd /d "%~0\.." 1>NUL 2>&1 + + rem Check we are running from a curl git repository + if not exist GIT-INFO goto norepo + + rem Detect programs. HAVE_ + rem When not found the variable is set undefined. The undefined pattern + rem allows for statements like "if not defined HAVE_PERL (command)" + groff --version NUL 2>&1 + if errorlevel 1 (set HAVE_GROFF=) else (set HAVE_GROFF=Y) + nroff --version NUL 2>&1 + if errorlevel 1 (set HAVE_NROFF=) else (set HAVE_NROFF=Y) + perl --version NUL 2>&1 + if errorlevel 1 (set HAVE_PERL=) else (set HAVE_PERL=Y) + gzip --version NUL 2>&1 + if errorlevel 1 (set HAVE_GZIP=) else (set HAVE_GZIP=Y) + +:parseArgs + if "%~1" == "" goto start + + if /i "%~1" == "-clean" ( + set MODE=CLEAN + ) else if /i "%~1" == "-?" ( + goto syntax + ) else if /i "%~1" == "-h" ( + goto syntax + ) else if /i "%~1" == "-help" ( + goto syntax + ) else ( + goto unknown + ) + + shift & goto parseArgs + +:start + if "%MODE%" == "GENERATE" ( + echo. + echo Generating prerequisite files + + call :generate + if errorlevel 3 goto nogenhugehelp + if errorlevel 2 goto nogenmakefile + if errorlevel 1 goto warning + + ) else ( + echo. + echo Removing prerequisite files + + call :clean + if errorlevel 2 goto nocleanhugehelp + if errorlevel 1 goto nocleanmakefile + ) + + goto success + +rem Main generate function. +rem +rem Returns: +rem +rem 0 - success +rem 1 - success with simplified tool_hugehelp.c +rem 2 - failed to generate Makefile +rem 3 - failed to generate tool_hugehelp.c +rem +:generate + if "%OS%" == "Windows_NT" setlocal + set BASIC_HUGEHELP=0 + + rem Create Makefile + echo * %CD%\Makefile + if exist Makefile.dist ( + copy /Y Makefile.dist Makefile 1>NUL 2>&1 + if errorlevel 1 ( + if "%OS%" == "Windows_NT" endlocal + exit /B 2 + ) + ) + + rem Create tool_hugehelp.c + echo * %CD%\src\tool_hugehelp.c + call :genHugeHelp + if errorlevel 2 ( + if "%OS%" == "Windows_NT" endlocal + exit /B 3 + ) + if errorlevel 1 ( + set BASIC_HUGEHELP=1 + ) + cmd /c exit 0 + + rem Setup c-ares git tree + if exist ares\buildconf.bat ( + echo. + echo Configuring c-ares build environment + cd ares + call buildconf.bat + cd .. + ) + + if "%BASIC_HUGEHELP%" == "1" ( + if "%OS%" == "Windows_NT" endlocal + exit /B 1 + ) + + if "%OS%" == "Windows_NT" endlocal + exit /B 0 + +rem Main clean function. +rem +rem Returns: +rem +rem 0 - success +rem 1 - failed to clean Makefile +rem 2 - failed to clean tool_hugehelp.c +rem +:clean + rem Remove Makefile + echo * %CD%\Makefile + if exist Makefile ( + del Makefile 2>NUL + if exist Makefile ( + exit /B 1 + ) + ) + + rem Remove tool_hugehelp.c + echo * %CD%\src\tool_hugehelp.c + if exist src\tool_hugehelp.c ( + del src\tool_hugehelp.c 2>NUL + if exist src\tool_hugehelp.c ( + exit /B 2 + ) + ) + + exit /B + +rem Function to generate src\tool_hugehelp.c +rem +rem Returns: +rem +rem 0 - full tool_hugehelp.c generated +rem 1 - simplified tool_hugehelp.c +rem 2 - failure +rem +:genHugeHelp + if "%OS%" == "Windows_NT" setlocal + set LC_ALL=C + set ROFFCMD= + set BASIC=1 + + if defined HAVE_PERL ( + if defined HAVE_GROFF ( + set ROFFCMD=groff -mtty-char -Tascii -P-c -man + ) else if defined HAVE_NROFF ( + set ROFFCMD=nroff -c -Tascii -man + ) + ) + + if defined ROFFCMD ( + echo #include "tool_setup.h"> src\tool_hugehelp.c + echo #include "tool_hugehelp.h">> src\tool_hugehelp.c + + if defined HAVE_GZIP ( + echo #ifndef HAVE_LIBZ>> src\tool_hugehelp.c + ) + + %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl docs\MANUAL >> src\tool_hugehelp.c + if defined HAVE_GZIP ( + echo #else>> src\tool_hugehelp.c + %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl -c docs\MANUAL >> src\tool_hugehelp.c + echo #endif /^* HAVE_LIBZ ^*/>> src\tool_hugehelp.c + ) + + set BASIC=0 + ) else ( + if exist src\tool_hugehelp.c.cvs ( + copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c 1>NUL 2>&1 + ) else ( + echo #include "tool_setup.h"> src\tool_hugehelp.c + echo #include "tool_hugehelp.h">> src\tool_hugehelp.c + echo.>> src\tool_hugehelp.c + echo void hugehelp(void^)>> src\tool_hugehelp.c + echo {>> src\tool_hugehelp.c + echo #ifdef USE_MANUAL>> src\tool_hugehelp.c + echo fputs("Built-in manual not included\n", stdout^);>> src\tool_hugehelp.c + echo #endif>> src\tool_hugehelp.c + echo }>> src\tool_hugehelp.c + ) + ) + + findstr "/C:void hugehelp(void)" src\tool_hugehelp.c 1>NUL 2>&1 + if errorlevel 1 ( + if "%OS%" == "Windows_NT" endlocal + exit /B 2 + ) + + if "%BASIC%" == "1" ( + if "%OS%" == "Windows_NT" endlocal + exit /B 1 + ) + + if "%OS%" == "Windows_NT" endlocal + exit /B 0 + +rem Function to clean-up local variables under DOS, Windows 3.x and +rem Windows 9x as setlocal isn't available until Windows NT +rem +:dosCleanup + set MODE= + set HAVE_GROFF= + set HAVE_NROFF= + set HAVE_PERL= + set HAVE_GZIP= + set BASIC_HUGEHELP= + set LC_ALL + set ROFFCMD= + set BASIC= + + exit /B + +:syntax + rem Display the help + echo. + echo Usage: buildconf [-clean] + echo. + echo -clean - Removes the files + goto error + +:unknown + echo. + echo Error: Unknown argument '%1' + goto error + +:norepo + echo. + echo Error: This batch file should only be used with a curl git repository + goto error + +:nogenmakefile + echo. + echo Error: Unable to generate Makefile + goto error + +:nogenhugehelp + echo. + echo Error: Unable to generate src\tool_hugehelp.c + goto error + +:nocleanmakefile + echo. + echo Error: Unable to clean Makefile + goto error + +:nocleanhugehelp + echo. + echo Error: Unable to clean src\tool_hugehelp.c + goto error + +:warning + echo. + echo Warning: The curl manual could not be integrated in the source. This means when + echo you build curl the manual will not be available (curl --man^). Integration of + echo the manual is not required and a summary of the options will still be available + echo (curl --help^). To integrate the manual your PATH is required to have + echo groff/nroff, perl and optionally gzip for compression. + goto success + +:error + if "%OS%" == "Windows_NT" ( + endlocal + ) else ( + call :dosCleanup + ) + exit /B 1 + +:success + if "%OS%" == "Windows_NT" ( + endlocal + ) else ( + call :dosCleanup + ) + exit /B 0 diff --git a/extern/curl/configure.ac b/extern/curl/configure.ac new file mode 100755 index 0000000000..e7ad63925e --- /dev/null +++ b/extern/curl/configure.ac @@ -0,0 +1,4918 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +#*************************************************************************** +dnl Process this file with autoconf to produce a configure script. + +AC_PREREQ(2.57) + +dnl We don't know the version number "statically" so we use a dash here +AC_INIT([curl], [-], [a suitable curl mailing list: https://curl.haxx.se/mail/]) + +XC_OVR_ZZ50 +XC_OVR_ZZ60 +CURL_OVERRIDE_AUTOCONF + +dnl configure script copyright +AC_COPYRIGHT([Copyright (c) 1998 - 2020 Daniel Stenberg, +This configure script may be copied, distributed and modified under the +terms of the curl license; see COPYING for more details]) + +AC_CONFIG_SRCDIR([lib/urldata.h]) +AC_CONFIG_HEADERS(lib/curl_config.h) +AC_CONFIG_MACRO_DIR([m4]) +AM_MAINTAINER_MODE +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) + +CURL_CHECK_OPTION_DEBUG +CURL_CHECK_OPTION_OPTIMIZE +CURL_CHECK_OPTION_WARNINGS +CURL_CHECK_OPTION_WERROR +CURL_CHECK_OPTION_CURLDEBUG +CURL_CHECK_OPTION_SYMBOL_HIDING +CURL_CHECK_OPTION_ARES +CURL_CHECK_OPTION_RT +CURL_CHECK_OPTION_ESNI + +XC_CHECK_PATH_SEPARATOR + +# +# save the configure arguments +# +CONFIGURE_OPTIONS="\"$ac_configure_args\"" +AC_SUBST(CONFIGURE_OPTIONS) + +CURL_CFLAG_EXTRAS="" +if test X"$want_werror" = Xyes; then + CURL_CFLAG_EXTRAS="-Werror" + if test "$compiler_id" = "GNU_C"; then + dnl enable -pedantic-errors for GCC 5 and later, + dnl as before that it was the same as -Werror=pedantic + if test "$compiler_num" -ge "500"; then + CURL_CFLAG_EXTRAS="$CURL_CFLAG_EXTRAS -pedantic-errors" + fi + fi +fi +AC_SUBST(CURL_CFLAG_EXTRAS) + +dnl SED is mandatory for configure process and libtool. +dnl Set it now, allowing it to be changed later. +if test -z "$SED"; then + dnl allow it to be overridden + AC_PATH_PROG([SED], [sed], [not_found], + [$PATH:/usr/bin:/usr/local/bin]) + if test -z "$SED" || test "$SED" = "not_found"; then + AC_MSG_ERROR([sed not found in PATH. Cannot continue without sed.]) + fi +fi +AC_SUBST([SED]) + +dnl GREP is mandatory for configure process and libtool. +dnl Set it now, allowing it to be changed later. +if test -z "$GREP"; then + dnl allow it to be overridden + AC_PATH_PROG([GREP], [grep], [not_found], + [$PATH:/usr/bin:/usr/local/bin]) + if test -z "$GREP" || test "$GREP" = "not_found"; then + AC_MSG_ERROR([grep not found in PATH. Cannot continue without grep.]) + fi +fi +AC_SUBST([GREP]) + +dnl EGREP is mandatory for configure process and libtool. +dnl Set it now, allowing it to be changed later. +if test -z "$EGREP"; then + dnl allow it to be overridden + if echo a | ($GREP -E '(a|b)') >/dev/null 2>&1; then + AC_MSG_CHECKING([for egrep]) + EGREP="$GREP -E" + AC_MSG_RESULT([$EGREP]) + else + AC_PATH_PROG([EGREP], [egrep], [not_found], + [$PATH:/usr/bin:/usr/local/bin]) + fi +fi +if test -z "$EGREP" || test "$EGREP" = "not_found"; then + AC_MSG_ERROR([egrep not found in PATH. Cannot continue without egrep.]) +fi +AC_SUBST([EGREP]) + +dnl AR is mandatory for configure process and libtool. +dnl This is target dependent, so check it as a tool. +if test -z "$AR"; then + dnl allow it to be overridden + AC_PATH_TOOL([AR], [ar], [not_found], + [$PATH:/usr/bin:/usr/local/bin]) + if test -z "$AR" || test "$AR" = "not_found"; then + AC_MSG_ERROR([ar not found in PATH. Cannot continue without ar.]) + fi +fi +AC_SUBST([AR]) + +AC_SUBST(libext) + +dnl figure out the libcurl version +CURLVERSION=`$SED -ne 's/^#define LIBCURL_VERSION "\(.*\)".*/\1/p' ${srcdir}/include/curl/curlver.h` +XC_CHECK_PROG_CC + +dnl for --enable-code-coverage +CURL_COVERAGE + +XC_AUTOMAKE +AC_MSG_CHECKING([curl version]) +AC_MSG_RESULT($CURLVERSION) + +AC_SUBST(CURLVERSION) + +dnl +dnl we extract the numerical version for curl-config only +VERSIONNUM=`$SED -ne 's/^#define LIBCURL_VERSION_NUM 0x\([0-9A-Fa-f]*\).*/\1/p' ${srcdir}/include/curl/curlver.h` +AC_SUBST(VERSIONNUM) + +dnl Solaris pkgadd support definitions +PKGADD_PKG="HAXXcurl" +PKGADD_NAME="curl - a client that groks URLs" +PKGADD_VENDOR="curl.haxx.se" +AC_SUBST(PKGADD_PKG) +AC_SUBST(PKGADD_NAME) +AC_SUBST(PKGADD_VENDOR) + +dnl +dnl initialize all the info variables + curl_ssl_msg="no (--with-{ssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl,bearssl} )" + curl_ssh_msg="no (--with-{libssh,libssh2})" + curl_zlib_msg="no (--with-zlib)" + curl_brotli_msg="no (--with-brotli)" + curl_gss_msg="no (--with-gssapi)" +curl_tls_srp_msg="no (--enable-tls-srp)" + curl_res_msg="default (--enable-ares / --enable-threaded-resolver)" + curl_ipv6_msg="no (--enable-ipv6)" +curl_unix_sockets_msg="no (--enable-unix-sockets)" + curl_idn_msg="no (--with-{libidn2,winidn})" + curl_manual_msg="no (--enable-manual)" +curl_libcurl_msg="enabled (--disable-libcurl-option)" +curl_verbose_msg="enabled (--disable-verbose)" + curl_sspi_msg="no (--enable-sspi)" + curl_ldap_msg="no (--enable-ldap / --with-ldap-lib / --with-lber-lib)" + curl_ldaps_msg="no (--enable-ldaps)" + curl_rtsp_msg="no (--enable-rtsp)" + curl_rtmp_msg="no (--with-librtmp)" + curl_mtlnk_msg="no (--with-libmetalink)" + curl_psl_msg="no (--with-libpsl)" + + ssl_backends= + +dnl +dnl Save some initial values the user might have provided +dnl +INITIAL_LDFLAGS=$LDFLAGS +INITIAL_LIBS=$LIBS + +dnl +dnl Detect the canonical host and target build environment +dnl + +AC_CANONICAL_HOST +dnl Get system canonical name +AC_DEFINE_UNQUOTED(OS, "${host}", [cpu-machine-OS]) + +# Silence warning: ar: 'u' modifier ignored since 'D' is the default +AC_SUBST(AR_FLAGS, [cr]) + +dnl This defines _ALL_SOURCE for AIX +CURL_CHECK_AIX_ALL_SOURCE + +dnl Our configure and build reentrant settings +CURL_CONFIGURE_THREAD_SAFE +CURL_CONFIGURE_REENTRANT + +dnl check for how to do large files +AC_SYS_LARGEFILE + +XC_LIBTOOL + +# +# Automake conditionals based on libtool related checks +# + +AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSION_INFO], + [test "x$xc_lt_shlib_use_version_info" = 'xyes']) +AM_CONDITIONAL([CURL_LT_SHLIB_USE_NO_UNDEFINED], + [test "x$xc_lt_shlib_use_no_undefined" = 'xyes']) +AM_CONDITIONAL([CURL_LT_SHLIB_USE_MIMPURE_TEXT], + [test "x$xc_lt_shlib_use_mimpure_text" = 'xyes']) + +# +# Due to libtool and automake machinery limitations of not allowing +# specifying separate CPPFLAGS or CFLAGS when compiling objects for +# inclusion of these in shared or static libraries, we are forced to +# build using separate configure runs for shared and static libraries +# on systems where different CPPFLAGS or CFLAGS are mandatory in order +# to compile objects for each kind of library. Notice that relying on +# the '-DPIC' CFLAG that libtool provides is not valid given that the +# user might for example choose to build static libraries with PIC. +# + +# +# Make our Makefile.am files use the staticlib CPPFLAG only when strictly +# targeting a static library and not building its shared counterpart. +# + +AM_CONDITIONAL([USE_CPPFLAG_CURL_STATICLIB], + [test "x$xc_lt_build_static_only" = 'xyes']) + +# +# Make staticlib CPPFLAG variable and its definition visible in output +# files unconditionally, providing an empty definition unless strictly +# targeting a static library and not building its shared counterpart. +# + +CPPFLAG_CURL_STATICLIB= +if test "x$xc_lt_build_static_only" = 'xyes'; then + CPPFLAG_CURL_STATICLIB='-DCURL_STATICLIB' +fi +AC_SUBST([CPPFLAG_CURL_STATICLIB]) + + +# Determine whether all dependent libraries must be specified when linking +if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno" +then + REQUIRE_LIB_DEPS=no +else + REQUIRE_LIB_DEPS=yes +fi +AC_SUBST(REQUIRE_LIB_DEPS) +AM_CONDITIONAL(USE_EXPLICIT_LIB_DEPS, test x$REQUIRE_LIB_DEPS = xyes) + +dnl check if there's a way to force code inline +AC_C_INLINE + +dnl ********************************************************************** +dnl platform/compiler/architecture specific checks/flags +dnl ********************************************************************** + +CURL_CHECK_COMPILER +CURL_SET_COMPILER_BASIC_OPTS +CURL_SET_COMPILER_DEBUG_OPTS +CURL_SET_COMPILER_OPTIMIZE_OPTS +CURL_SET_COMPILER_WARNING_OPTS + +if test "$compiler_id" = "INTEL_UNIX_C"; then + # + if test "$compiler_num" -ge "1000"; then + dnl icc 10.X or later + CFLAGS="$CFLAGS -shared-intel" + elif test "$compiler_num" -ge "900"; then + dnl icc 9.X specific + CFLAGS="$CFLAGS -i-dynamic" + fi + # +fi + +CURL_CHECK_COMPILER_HALT_ON_ERROR +CURL_CHECK_COMPILER_ARRAY_SIZE_NEGATIVE +CURL_CHECK_COMPILER_PROTOTYPE_MISMATCH +CURL_CHECK_COMPILER_SYMBOL_HIDING + +CURL_CHECK_CURLDEBUG +AM_CONDITIONAL(CURLDEBUG, test x$want_curldebug = xyes) + +supports_unittests=yes +# cross-compilation of unit tests static library/programs fails when +# libcurl shared library is built. This might be due to a libtool or +# automake issue. In this case we disable unit tests. +if test "x$cross_compiling" != "xno" && + test "x$enable_shared" != "xno"; then + supports_unittests=no +fi + +# IRIX 6.5.24 gcc 3.3 autobuilds fail unittests library compilation due to +# a problem related with OpenSSL headers and library versions not matching. +# Disable unit tests while time to further investigate this is found. +case $host in + mips-sgi-irix6.5) + if test "$compiler_id" = "GNU_C"; then + supports_unittests=no + fi + ;; +esac + +# All AIX autobuilds fails unit tests linking against unittests library +# due to unittests library being built with no symbols or members. Libtool ? +# Disable unit tests while time to further investigate this is found. +case $host_os in + aix*) + supports_unittests=no + ;; +esac + +dnl Build unit tests when option --enable-debug is given. +if test "x$want_debug" = "xyes" && + test "x$supports_unittests" = "xyes"; then + want_unittests=yes +else + want_unittests=no +fi +AM_CONDITIONAL(BUILD_UNITTESTS, test x$want_unittests = xyes) + +dnl ********************************************************************** +dnl Compilation based checks should not be done before this point. +dnl ********************************************************************** + +dnl ********************************************************************** +dnl Make sure that our checks for headers windows.h winsock.h winsock2.h +dnl and ws2tcpip.h take precedence over any other further checks which +dnl could be done later using AC_CHECK_HEADER or AC_CHECK_HEADERS for +dnl this specific header files. And do them before its results are used. +dnl ********************************************************************** + +CURL_CHECK_HEADER_WINDOWS +CURL_CHECK_NATIVE_WINDOWS +case X-"$curl_cv_native_windows" in + X-yes) + CURL_CHECK_HEADER_WINSOCK + CURL_CHECK_HEADER_WINSOCK2 + CURL_CHECK_HEADER_WS2TCPIP + CURL_CHECK_HEADER_WINLDAP + CURL_CHECK_HEADER_WINBER + ;; + *) + curl_cv_header_winsock_h="no" + curl_cv_header_winsock2_h="no" + curl_cv_header_ws2tcpip_h="no" + curl_cv_header_winldap_h="no" + curl_cv_header_winber_h="no" + ;; +esac +CURL_CHECK_WIN32_LARGEFILE + +CURL_MAC_CFLAGS +CURL_SUPPORTS_BUILTIN_AVAILABLE + + +dnl ************************************************************ +dnl switch off particular protocols +dnl +AC_MSG_CHECKING([whether to support http]) +AC_ARG_ENABLE(http, +AC_HELP_STRING([--enable-http],[Enable HTTP support]) +AC_HELP_STRING([--disable-http],[Disable HTTP support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_HTTP, 1, [to disable HTTP]) + disable_http="yes" + AC_MSG_WARN([disable HTTP disables FTP over proxy and RTSP]) + AC_SUBST(CURL_DISABLE_HTTP, [1]) + AC_DEFINE(CURL_DISABLE_RTSP, 1, [to disable RTSP]) + AC_SUBST(CURL_DISABLE_RTSP, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) +AC_MSG_CHECKING([whether to support ftp]) +AC_ARG_ENABLE(ftp, +AC_HELP_STRING([--enable-ftp],[Enable FTP support]) +AC_HELP_STRING([--disable-ftp],[Disable FTP support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_FTP, 1, [to disable FTP]) + AC_SUBST(CURL_DISABLE_FTP, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) +AC_MSG_CHECKING([whether to support file]) +AC_ARG_ENABLE(file, +AC_HELP_STRING([--enable-file],[Enable FILE support]) +AC_HELP_STRING([--disable-file],[Disable FILE support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_FILE, 1, [to disable FILE]) + AC_SUBST(CURL_DISABLE_FILE, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) +AC_MSG_CHECKING([whether to support ldap]) +AC_ARG_ENABLE(ldap, +AC_HELP_STRING([--enable-ldap],[Enable LDAP support]) +AC_HELP_STRING([--disable-ldap],[Disable LDAP support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) + AC_SUBST(CURL_DISABLE_LDAP, [1]) + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ],[ + AC_MSG_RESULT(yes) ] +) +AC_MSG_CHECKING([whether to support ldaps]) +AC_ARG_ENABLE(ldaps, +AC_HELP_STRING([--enable-ldaps],[Enable LDAPS support]) +AC_HELP_STRING([--disable-ldaps],[Disable LDAPS support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + AC_SUBST(CURL_DISABLE_LDAPS, [1]) + ;; + *) if test "x$CURL_DISABLE_LDAP" = "x1" ; then + AC_MSG_RESULT(LDAP needs to be enabled to support LDAPS) + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + AC_SUBST(CURL_DISABLE_LDAPS, [1]) + else + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation]) + AC_SUBST(HAVE_LDAP_SSL, [1]) + fi + ;; + esac ],[ + if test "x$CURL_DISABLE_LDAP" = "x1" ; then + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + AC_SUBST(CURL_DISABLE_LDAPS, [1]) + else + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_LDAP_SSL, 1, [Use LDAPS implementation]) + AC_SUBST(HAVE_LDAP_SSL, [1]) + fi ] +) + +AC_MSG_CHECKING([whether to support rtsp]) +AC_ARG_ENABLE(rtsp, +AC_HELP_STRING([--enable-rtsp],[Enable RTSP support]) +AC_HELP_STRING([--disable-rtsp],[Disable RTSP support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_RTSP, 1, [to disable RTSP]) + AC_SUBST(CURL_DISABLE_RTSP, [1]) + ;; + *) if test x$CURL_DISABLE_HTTP = x1 ; then + AC_MSG_ERROR(HTTP support needs to be enabled in order to enable RTSP support!) + else + AC_MSG_RESULT(yes) + curl_rtsp_msg="enabled" + fi + ;; + esac ], + if test "x$CURL_DISABLE_HTTP" != "x1"; then + AC_MSG_RESULT(yes) + curl_rtsp_msg="enabled" + else + AC_MSG_RESULT(no) + fi +) + +AC_MSG_CHECKING([whether to support proxies]) +AC_ARG_ENABLE(proxy, +AC_HELP_STRING([--enable-proxy],[Enable proxy support]) +AC_HELP_STRING([--disable-proxy],[Disable proxy support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_PROXY, 1, [to disable proxies]) + AC_SUBST(CURL_DISABLE_PROXY, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +AC_MSG_CHECKING([whether to support dict]) +AC_ARG_ENABLE(dict, +AC_HELP_STRING([--enable-dict],[Enable DICT support]) +AC_HELP_STRING([--disable-dict],[Disable DICT support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_DICT, 1, [to disable DICT]) + AC_SUBST(CURL_DISABLE_DICT, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) +AC_MSG_CHECKING([whether to support telnet]) +AC_ARG_ENABLE(telnet, +AC_HELP_STRING([--enable-telnet],[Enable TELNET support]) +AC_HELP_STRING([--disable-telnet],[Disable TELNET support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_TELNET, 1, [to disable TELNET]) + AC_SUBST(CURL_DISABLE_TELNET, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) +AC_MSG_CHECKING([whether to support tftp]) +AC_ARG_ENABLE(tftp, +AC_HELP_STRING([--enable-tftp],[Enable TFTP support]) +AC_HELP_STRING([--disable-tftp],[Disable TFTP support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_TFTP, 1, [to disable TFTP]) + AC_SUBST(CURL_DISABLE_TFTP, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +AC_MSG_CHECKING([whether to support pop3]) +AC_ARG_ENABLE(pop3, +AC_HELP_STRING([--enable-pop3],[Enable POP3 support]) +AC_HELP_STRING([--disable-pop3],[Disable POP3 support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_POP3, 1, [to disable POP3]) + AC_SUBST(CURL_DISABLE_POP3, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + + +AC_MSG_CHECKING([whether to support imap]) +AC_ARG_ENABLE(imap, +AC_HELP_STRING([--enable-imap],[Enable IMAP support]) +AC_HELP_STRING([--disable-imap],[Disable IMAP support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_IMAP, 1, [to disable IMAP]) + AC_SUBST(CURL_DISABLE_IMAP, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + + +AC_MSG_CHECKING([whether to support smb]) +AC_ARG_ENABLE(smb, +AC_HELP_STRING([--enable-smb],[Enable SMB/CIFS support]) +AC_HELP_STRING([--disable-smb],[Disable SMB/CIFS support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SMB, 1, [to disable SMB/CIFS]) + AC_SUBST(CURL_DISABLE_SMB, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +AC_MSG_CHECKING([whether to support smtp]) +AC_ARG_ENABLE(smtp, +AC_HELP_STRING([--enable-smtp],[Enable SMTP support]) +AC_HELP_STRING([--disable-smtp],[Disable SMTP support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SMTP, 1, [to disable SMTP]) + AC_SUBST(CURL_DISABLE_SMTP, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +AC_MSG_CHECKING([whether to support gopher]) +AC_ARG_ENABLE(gopher, +AC_HELP_STRING([--enable-gopher],[Enable Gopher support]) +AC_HELP_STRING([--disable-gopher],[Disable Gopher support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_GOPHER, 1, [to disable Gopher]) + AC_SUBST(CURL_DISABLE_GOPHER, [1]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + + +dnl ********************************************************************** +dnl Check for built-in manual +dnl ********************************************************************** + +AC_MSG_CHECKING([whether to provide built-in manual]) +AC_ARG_ENABLE(manual, +AC_HELP_STRING([--enable-manual],[Enable built-in manual]) +AC_HELP_STRING([--disable-manual],[Disable built-in manual]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + ;; + *) AC_MSG_RESULT(yes) + USE_MANUAL="1" + ;; + esac ], + AC_MSG_RESULT(yes) + USE_MANUAL="1" +) +dnl The actual use of the USE_MANUAL variable is done much later in this +dnl script to allow other actions to disable it as well. + +dnl ************************************************************ +dnl disable C code generation support +dnl +AC_MSG_CHECKING([whether to enable generation of C code]) +AC_ARG_ENABLE(libcurl_option, +AC_HELP_STRING([--enable-libcurl-option],[Enable --libcurl C code generation support]) +AC_HELP_STRING([--disable-libcurl-option],[Disable --libcurl C code generation support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_LIBCURL_OPTION, 1, [to disable --libcurl C code generation option]) + curl_libcurl_msg="no" + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ********************************************************************** +dnl Checks for libraries. +dnl ********************************************************************** + +AC_MSG_CHECKING([whether to use libgcc]) +AC_ARG_ENABLE(libgcc, +AC_HELP_STRING([--enable-libgcc],[use libgcc when linking]), +[ case "$enableval" in + yes) + LIBS="-lgcc $LIBS" + AC_MSG_RESULT(yes) + ;; + *) AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +CURL_CHECK_LIB_XNET + +dnl gethostbyname without lib or in the nsl lib? +AC_CHECK_FUNC(gethostbyname, + [HAVE_GETHOSTBYNAME="1" + ], + [ AC_CHECK_LIB(nsl, gethostbyname, + [HAVE_GETHOSTBYNAME="1" + LIBS="-lnsl $LIBS" + ]) + ]) + +if test "$HAVE_GETHOSTBYNAME" != "1" +then + dnl gethostbyname in the socket lib? + AC_CHECK_LIB(socket, gethostbyname, + [HAVE_GETHOSTBYNAME="1" + LIBS="-lsocket $LIBS" + ]) +fi + +if test "$HAVE_GETHOSTBYNAME" != "1" +then + dnl gethostbyname in the watt lib? + AC_CHECK_LIB(watt, gethostbyname, + [HAVE_GETHOSTBYNAME="1" + CPPFLAGS="-I/dev/env/WATT_ROOT/inc" + LDFLAGS="-L/dev/env/WATT_ROOT/lib" + LIBS="-lwatt $LIBS" + ]) +fi + +dnl At least one system has been identified to require BOTH nsl and socket +dnl libs at the same time to link properly. +if test "$HAVE_GETHOSTBYNAME" != "1" +then + AC_MSG_CHECKING([for gethostbyname with both nsl and socket libs]) + my_ac_save_LIBS=$LIBS + LIBS="-lnsl -lsocket $LIBS" + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ + ]],[[ + gethostbyname(); + ]]) + ],[ + AC_MSG_RESULT([yes]) + HAVE_GETHOSTBYNAME="1" + ],[ + AC_MSG_RESULT([no]) + LIBS=$my_ac_save_LIBS + ]) +fi + +if test "$HAVE_GETHOSTBYNAME" != "1" +then + dnl This is for winsock systems + if test "$curl_cv_header_windows_h" = "yes"; then + if test "$curl_cv_header_winsock_h" = "yes"; then + case $host in + *-*-mingw32ce*) + winsock_LIB="-lwinsock" + ;; + *) + winsock_LIB="-lwsock32" + ;; + esac + fi + if test "$curl_cv_header_winsock2_h" = "yes"; then + winsock_LIB="-lws2_32" + fi + if test ! -z "$winsock_LIB"; then + my_ac_save_LIBS=$LIBS + LIBS="$winsock_LIB $LIBS" + AC_MSG_CHECKING([for gethostbyname in $winsock_LIB]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#ifdef HAVE_WINDOWS_H +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#ifdef HAVE_WINSOCK2_H +#include +#else +#ifdef HAVE_WINSOCK_H +#include +#endif +#endif +#endif + ]],[[ + gethostbyname("www.dummysite.com"); + ]]) + ],[ + AC_MSG_RESULT([yes]) + HAVE_GETHOSTBYNAME="1" + ],[ + AC_MSG_RESULT([no]) + winsock_LIB="" + LIBS=$my_ac_save_LIBS + ]) + fi + fi +fi + +if test "$HAVE_GETHOSTBYNAME" != "1" +then + dnl This is for Minix 3.1 + AC_MSG_CHECKING([for gethostbyname for Minix 3]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +/* Older Minix versions may need here instead */ +#include + ]],[[ + gethostbyname("www.dummysite.com"); + ]]) + ],[ + AC_MSG_RESULT([yes]) + HAVE_GETHOSTBYNAME="1" + ],[ + AC_MSG_RESULT([no]) + ]) +fi + +if test "$HAVE_GETHOSTBYNAME" != "1" +then + dnl This is for eCos with a stubbed DNS implementation + AC_MSG_CHECKING([for gethostbyname for eCos]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#include +#include + ]],[[ + gethostbyname("www.dummysite.com"); + ]]) + ],[ + AC_MSG_RESULT([yes]) + HAVE_GETHOSTBYNAME="1" + ],[ + AC_MSG_RESULT([no]) + ]) +fi + +if test "$HAVE_GETHOSTBYNAME" != "1" +then + dnl This is for AmigaOS with bsdsocket.library - needs testing before -lnet + AC_MSG_CHECKING([for gethostbyname for AmigaOS bsdsocket.library]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +#include +struct Library *SocketBase = NULL; + ]],[[ + gethostbyname("www.dummysite.com"); + ]]) + ],[ + AC_MSG_RESULT([yes]) + HAVE_GETHOSTBYNAME="1" + HAVE_PROTO_BSDSOCKET_H="1" + AC_DEFINE(HAVE_PROTO_BSDSOCKET_H, 1, [if Amiga bsdsocket.library is in use]) + AC_SUBST(HAVE_PROTO_BSDSOCKET_H, [1]) + ],[ + AC_MSG_RESULT([no]) + ]) +fi + +if test "$HAVE_GETHOSTBYNAME" != "1" +then + dnl gethostbyname in the network lib - for Haiku OS + AC_CHECK_LIB(network, gethostbyname, + [HAVE_GETHOSTBYNAME="1" + LIBS="-lnetwork $LIBS" + ]) +fi + +if test "$HAVE_GETHOSTBYNAME" != "1" +then + dnl gethostbyname in the net lib - for BeOS + AC_CHECK_LIB(net, gethostbyname, + [HAVE_GETHOSTBYNAME="1" + LIBS="-lnet $LIBS" + ]) +fi + + +if test "$HAVE_GETHOSTBYNAME" != "1"; then + AC_MSG_ERROR([couldn't find libraries for gethostbyname()]) +fi + +CURL_CHECK_LIBS_CONNECT + +CURL_NETWORK_LIBS=$LIBS + +dnl ********************************************************************** +dnl In case that function clock_gettime with monotonic timer is available, +dnl check for additional required libraries. +dnl ********************************************************************** +CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC + +dnl ********************************************************************** +dnl The preceding library checks are all potentially useful for test +dnl servers and libtest cases which require networking and clock_gettime +dnl support. Save the list of required libraries at this point for use +dnl while linking those test servers and programs. +dnl ********************************************************************** +CURL_NETWORK_AND_TIME_LIBS=$LIBS + +dnl ********************************************************************** +dnl Check for the presence of ZLIB libraries and headers +dnl ********************************************************************** + +dnl Check for & handle argument to --with-zlib. + +clean_CPPFLAGS=$CPPFLAGS +clean_LDFLAGS=$LDFLAGS +clean_LIBS=$LIBS +ZLIB_LIBS="" +AC_ARG_WITH(zlib, +AC_HELP_STRING([--with-zlib=PATH],[search for zlib in PATH]) +AC_HELP_STRING([--without-zlib],[disable use of zlib]), + [OPT_ZLIB="$withval"]) + +if test "$OPT_ZLIB" = "no" ; then + AC_MSG_WARN([zlib disabled]) +else + if test "$OPT_ZLIB" = "yes" ; then + OPT_ZLIB="" + fi + + if test -z "$OPT_ZLIB" ; then + CURL_CHECK_PKGCONFIG(zlib) + + if test "$PKGCONFIG" != "no" ; then + LIBS="`$PKGCONFIG --libs-only-l zlib` $LIBS" + LDFLAGS="$LDFLAGS `$PKGCONFIG --libs-only-L zlib`" + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags-only-I zlib`" + OPT_ZLIB="" + HAVE_LIBZ="1" + fi + + if test -z "$HAVE_LIBZ"; then + + dnl Check for the lib without setting any new path, since many + dnl people have it in the default path + + AC_CHECK_LIB(z, inflateEnd, + dnl libz found, set the variable + [HAVE_LIBZ="1" + LIBS="-lz $LIBS"], + dnl if no lib found, try /usr/local + [OPT_ZLIB="/usr/local"]) + fi + fi + + dnl Add a nonempty path to the compiler flags + if test -n "$OPT_ZLIB"; then + CPPFLAGS="$CPPFLAGS -I$OPT_ZLIB/include" + LDFLAGS="$LDFLAGS -L$OPT_ZLIB/lib$libsuff" + fi + + AC_CHECK_HEADER(zlib.h, + [ + dnl zlib.h was found + HAVE_ZLIB_H="1" + dnl if the lib wasn't found already, try again with the new paths + if test "$HAVE_LIBZ" != "1"; then + AC_CHECK_LIB(z, gzread, + [ + dnl the lib was found! + HAVE_LIBZ="1" + LIBS="-lz $LIBS" + ], + [ CPPFLAGS=$clean_CPPFLAGS + LDFLAGS=$clean_LDFLAGS]) + fi + ], + [ + dnl zlib.h was not found, restore the flags + CPPFLAGS=$clean_CPPFLAGS + LDFLAGS=$clean_LDFLAGS] + ) + + if test "$HAVE_LIBZ" = "1" && test "$HAVE_ZLIB_H" != "1" + then + AC_MSG_WARN([configure found only the libz lib, not the header file!]) + HAVE_LIBZ="" + CPPFLAGS=$clean_CPPFLAGS + LDFLAGS=$clean_LDFLAGS + LIBS=$clean_LIBS + elif test "$HAVE_LIBZ" != "1" && test "$HAVE_ZLIB_H" = "1" + then + AC_MSG_WARN([configure found only the libz header file, not the lib!]) + CPPFLAGS=$clean_CPPFLAGS + LDFLAGS=$clean_LDFLAGS + LIBS=$clean_LIBS + elif test "$HAVE_LIBZ" = "1" && test "$HAVE_ZLIB_H" = "1" + then + dnl both header and lib were found! + AC_SUBST(HAVE_LIBZ) + AC_DEFINE(HAVE_ZLIB_H, 1, [if you have the zlib.h header file]) + AC_DEFINE(HAVE_LIBZ, 1, [if zlib is available]) + + ZLIB_LIBS="-lz" + LIBS="-lz $clean_LIBS" + + dnl replace 'HAVE_LIBZ' in the automake makefile.ams + AMFIXLIB="1" + AC_MSG_NOTICE([found both libz and libz.h header]) + curl_zlib_msg="enabled" + fi +fi + +dnl set variable for use in automakefile(s) +AM_CONDITIONAL(HAVE_LIBZ, test x"$AMFIXLIB" = x1) +AC_SUBST(ZLIB_LIBS) + +dnl ********************************************************************** +dnl Check for the presence of BROTLI decoder libraries and headers +dnl ********************************************************************** + +dnl Brotli project home page: https://github.com/google/brotli + +dnl Default to compiler & linker defaults for BROTLI files & libraries. +OPT_BROTLI=off +AC_ARG_WITH(brotli,dnl +AC_HELP_STRING([--with-brotli=PATH],[Where to look for brotli, PATH points to the BROTLI installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AC_HELP_STRING([--without-brotli], [disable BROTLI]), + OPT_BROTLI=$withval) + +if test X"$OPT_BROTLI" != Xno; then + dnl backup the pre-brotli variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_BROTLI" in + yes) + dnl --with-brotli (without path) used + CURL_CHECK_PKGCONFIG(libbrotlidec) + + if test "$PKGCONFIG" != "no" ; then + LIB_BROTLI=`$PKGCONFIG --libs-only-l libbrotlidec` + LD_BROTLI=`$PKGCONFIG --libs-only-L libbrotlidec` + CPP_BROTLI=`$PKGCONFIG --cflags-only-I libbrotlidec` + version=`$PKGCONFIG --modversion libbrotlidec` + DIR_BROTLI=`echo $LD_BROTLI | $SED -e 's/-L//'` + fi + + ;; + off) + dnl no --with-brotli option given, just check default places + ;; + *) + dnl use the given --with-brotli spot + PREFIX_BROTLI=$OPT_BROTLI + ;; + esac + + dnl if given with a prefix, we set -L and -I based on that + if test -n "$PREFIX_BROTLI"; then + LIB_BROTLI="-lbrotlidec" + LD_BROTLI=-L${PREFIX_BROTLI}/lib$libsuff + CPP_BROTLI=-I${PREFIX_BROTLI}/include + DIR_BROTLI=${PREFIX_BROTLI}/lib$libsuff + fi + + LDFLAGS="$LDFLAGS $LD_BROTLI" + CPPFLAGS="$CPPFLAGS $CPP_BROTLI" + LIBS="$LIB_BROTLI $LIBS" + + AC_CHECK_LIB(brotlidec, BrotliDecoderDecompress) + + AC_CHECK_HEADERS(brotli/decode.h, + curl_brotli_msg="enabled (libbrotlidec)" + HAVE_BROTLI=1 + AC_DEFINE(HAVE_BROTLI, 1, [if BROTLI is in use]) + AC_SUBST(HAVE_BROTLI, [1]) + ) + + if test X"$OPT_BROTLI" != Xoff && + test "$HAVE_BROTLI" != "1"; then + AC_MSG_ERROR([BROTLI libs and/or directories were not found where specified!]) + fi + + if test "$HAVE_BROTLI" = "1"; then + if test -n "$DIR_BROTLI"; then + dnl when the brotli shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH + dnl to prevent further configure tests to fail due to this + + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_BROTLI" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_BROTLI to CURL_LIBRARY_PATH]) + fi + fi + else + dnl no brotli, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + fi +fi + +dnl ********************************************************************** +dnl Check for LDAP +dnl ********************************************************************** + +LDAPLIBNAME="" +AC_ARG_WITH(ldap-lib, +AC_HELP_STRING([--with-ldap-lib=libname],[Specify name of ldap lib file]), + [LDAPLIBNAME="$withval"]) + +LBERLIBNAME="" +AC_ARG_WITH(lber-lib, +AC_HELP_STRING([--with-lber-lib=libname],[Specify name of lber lib file]), + [LBERLIBNAME="$withval"]) + +if test x$CURL_DISABLE_LDAP != x1 ; then + + CURL_CHECK_HEADER_LBER + CURL_CHECK_HEADER_LDAP + CURL_CHECK_HEADER_LDAPSSL + CURL_CHECK_HEADER_LDAP_SSL + + if test -z "$LDAPLIBNAME" ; then + if test "$curl_cv_native_windows" = "yes"; then + dnl Windows uses a single and unique LDAP library name + LDAPLIBNAME="wldap32" + LBERLIBNAME="no" + fi + fi + + if test "$LDAPLIBNAME" ; then + AC_CHECK_LIB("$LDAPLIBNAME", ldap_init,, [ + AC_MSG_WARN(["$LDAPLIBNAME" is not an LDAP library: LDAP disabled]) + AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) + AC_SUBST(CURL_DISABLE_LDAP, [1]) + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + AC_SUBST(CURL_DISABLE_LDAPS, [1])]) + else + dnl Try to find the right ldap libraries for this system + CURL_CHECK_LIBS_LDAP + case X-"$curl_cv_ldap_LIBS" in + X-unknown) + AC_MSG_WARN([Cannot find libraries for LDAP support: LDAP disabled]) + AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) + AC_SUBST(CURL_DISABLE_LDAP, [1]) + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + AC_SUBST(CURL_DISABLE_LDAPS, [1]) + ;; + esac + fi +fi + +if test x$CURL_DISABLE_LDAP != x1 ; then + + if test "$LBERLIBNAME" ; then + dnl If name is "no" then don't define this library at all + dnl (it's only needed if libldap.so's dependencies are broken). + if test "$LBERLIBNAME" != "no" ; then + AC_CHECK_LIB("$LBERLIBNAME", ber_free,, [ + AC_MSG_WARN(["$LBERLIBNAME" is not an LBER library: LDAP disabled]) + AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) + AC_SUBST(CURL_DISABLE_LDAP, [1]) + AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) + AC_SUBST(CURL_DISABLE_LDAPS, [1])]) + fi + fi +fi + +if test x$CURL_DISABLE_LDAP != x1 ; then + AC_CHECK_FUNCS([ldap_url_parse ldap_init_fd]) + + if test "$LDAPLIBNAME" = "wldap32"; then + curl_ldap_msg="enabled (winldap)" + AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation]) + else + curl_ldap_msg="enabled (OpenLDAP)" + if test "x$ac_cv_func_ldap_init_fd" = "xyes"; then + AC_DEFINE(USE_OPENLDAP, 1, [Use OpenLDAP-specific code]) + AC_SUBST(USE_OPENLDAP, [1]) + fi + fi +fi + +if test x$CURL_DISABLE_LDAPS != x1 ; then + curl_ldaps_msg="enabled" +fi + +dnl ********************************************************************** +dnl Checks for IPv6 +dnl ********************************************************************** + +AC_MSG_CHECKING([whether to enable IPv6]) +AC_ARG_ENABLE(ipv6, +AC_HELP_STRING([--enable-ipv6],[Enable IPv6 (with IPv4) support]) +AC_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + ipv6=no + ;; + *) AC_MSG_RESULT(yes) + ipv6=yes + ;; + esac ], + + AC_TRY_RUN([ /* are AF_INET6 and sockaddr_in6 available? */ +#include +#ifdef HAVE_WINSOCK2_H +#include +#include +#else +#include +#include +#if defined (__TANDEM) +# include +#endif +#endif +#include /* for exit() */ +main() +{ + struct sockaddr_in6 s; + (void)s; + if (socket(AF_INET6, SOCK_STREAM, 0) < 0) + exit(1); + else + exit(0); +} +], + AC_MSG_RESULT(yes) + ipv6=yes, + AC_MSG_RESULT(no) + ipv6=no, + AC_MSG_RESULT(yes) + ipv6=yes +)) + +if test "$ipv6" = yes; then + curl_ipv6_msg="enabled" + AC_DEFINE(ENABLE_IPV6, 1, [Define if you want to enable IPv6 support]) + IPV6_ENABLED=1 + AC_SUBST(IPV6_ENABLED) + + AC_MSG_CHECKING([if struct sockaddr_in6 has sin6_scope_id member]) + AC_TRY_COMPILE([ +#include +#ifdef HAVE_WINSOCK2_H +#include +#include +#else +#include +#if defined (__TANDEM) +# include +#endif +#endif] , + struct sockaddr_in6 s; s.sin6_scope_id = 0; , have_sin6_scope_id=yes) + if test "$have_sin6_scope_id" = yes; then + AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID, 1, [Define to 1 if struct sockaddr_in6 has the sin6_scope_id member]) + else + AC_MSG_RESULT([no]) + fi +fi + +dnl ********************************************************************** +dnl Check if the operating system allows programs to write to their own argv[] +dnl ********************************************************************** + +AC_MSG_CHECKING([if argv can be written to]) +CURL_RUN_IFELSE([ +int main(int argc, char ** argv) { + argv[0][0] = ' '; + return (argv[0][0] == ' ')?0:1; +} +],[ + curl_cv_writable_argv=yes +],[ + curl_cv_writable_argv=no +],[ + curl_cv_writable_argv=cross +]) +case $curl_cv_writable_argv in +yes) + AC_DEFINE(HAVE_WRITABLE_ARGV, 1, [Define this symbol if your OS supports changing the contents of argv]) + AC_MSG_RESULT(yes) + ;; +no) + AC_MSG_RESULT(no) + ;; +*) + AC_MSG_RESULT(no) + AC_MSG_WARN([the previous check could not be made default was used]) + ;; +esac + +dnl ********************************************************************** +dnl Check for GSS-API libraries +dnl ********************************************************************** + +dnl check for GSS-API stuff in the /usr as default + +GSSAPI_ROOT="/usr" +AC_ARG_WITH(gssapi-includes, + AC_HELP_STRING([--with-gssapi-includes=DIR], + [Specify location of GSS-API headers]), + [ GSSAPI_INCS="-I$withval" + want_gss="yes" ] +) + +AC_ARG_WITH(gssapi-libs, + AC_HELP_STRING([--with-gssapi-libs=DIR], + [Specify location of GSS-API libs]), + [ GSSAPI_LIB_DIR="-L$withval" + want_gss="yes" ] +) + +AC_ARG_WITH(gssapi, + AC_HELP_STRING([--with-gssapi=DIR], + [Where to look for GSS-API]), [ + GSSAPI_ROOT="$withval" + if test x"$GSSAPI_ROOT" != xno; then + want_gss="yes" + if test x"$GSSAPI_ROOT" = xyes; then + dnl if yes, then use default root + GSSAPI_ROOT="/usr" + fi + fi +]) + +: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} + +save_CPPFLAGS="$CPPFLAGS" +AC_MSG_CHECKING([if GSS-API support is requested]) +if test x"$want_gss" = xyes; then + AC_MSG_RESULT(yes) + + if test -z "$GSSAPI_INCS"; then + if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then + GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` + elif test -f "$KRB5CONFIG"; then + GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` + elif test "$GSSAPI_ROOT" != "yes"; then + GSSAPI_INCS="-I$GSSAPI_ROOT/include" + fi + fi + + CPPFLAGS="$CPPFLAGS $GSSAPI_INCS" + + AC_CHECK_HEADER(gss.h, + [ + dnl found in the given dirs + AC_DEFINE(HAVE_GSSGNU, 1, [if you have GNU GSS]) + gnu_gss=yes + ], + [ + dnl not found, check Heimdal or MIT + AC_CHECK_HEADERS([gssapi/gssapi.h], [], [not_mit=1]) + AC_CHECK_HEADERS( + [gssapi/gssapi_generic.h gssapi/gssapi_krb5.h], + [], + [not_mit=1], + [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_GSSAPI_GSSAPI_H +#include +#endif + ]) + if test "x$not_mit" = "x1"; then + dnl MIT not found, check for Heimdal + AC_CHECK_HEADER(gssapi.h, + [ + dnl found + AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have Heimdal]) + ], + [ + dnl no header found, disabling GSS + want_gss=no + AC_MSG_WARN(disabling GSS-API support since no header files were found) + ] + ) + else + dnl MIT found + AC_DEFINE(HAVE_GSSMIT, 1, [if you have MIT Kerberos]) + dnl check if we have a really old MIT Kerberos version (<= 1.2) + AC_MSG_CHECKING([if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include +#include +#include + ]],[[ + gss_import_name( + (OM_uint32 *)0, + (gss_buffer_t)0, + GSS_C_NT_HOSTBASED_SERVICE, + (gss_name_t *)0); + ]]) + ],[ + AC_MSG_RESULT([yes]) + ],[ + AC_MSG_RESULT([no]) + AC_DEFINE(HAVE_OLD_GSSMIT, 1, + [if you have an old MIT Kerberos version, lacking GSS_C_NT_HOSTBASED_SERVICE]) + ]) + fi + ] + ) +else + AC_MSG_RESULT(no) +fi +if test x"$want_gss" = xyes; then + AC_DEFINE(HAVE_GSSAPI, 1, [if you have GSS-API libraries]) + HAVE_GSSAPI=1 + curl_gss_msg="enabled (MIT Kerberos/Heimdal)" + + if test -n "$gnu_gss"; then + curl_gss_msg="enabled (GNU GSS)" + LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR" + LIBS="-lgss $LIBS" + elif test -z "$GSSAPI_LIB_DIR"; then + case $host in + *-*-darwin*) + LIBS="-lgssapi_krb5 -lresolv $LIBS" + ;; + *) + if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then + dnl krb5-config doesn't have --libs-only-L or similar, put everything + dnl into LIBS + gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi` + LIBS="$gss_libs $LIBS" + elif test -f "$KRB5CONFIG"; then + dnl krb5-config doesn't have --libs-only-L or similar, put everything + dnl into LIBS + gss_libs=`$KRB5CONFIG --libs gssapi` + LIBS="$gss_libs $LIBS" + else + case $host in + *-hp-hpux*) + gss_libname="gss" + ;; + *) + gss_libname="gssapi" + ;; + esac + + if test "$GSSAPI_ROOT" != "yes"; then + LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff" + LIBS="-l$gss_libname $LIBS" + else + LIBS="-l$gss_libname $LIBS" + fi + fi + ;; + esac + else + LDFLAGS="$LDFLAGS $GSSAPI_LIB_DIR" + case $host in + *-hp-hpux*) + LIBS="-lgss $LIBS" + ;; + *) + LIBS="-lgssapi $LIBS" + ;; + esac + fi +else + CPPFLAGS="$save_CPPFLAGS" +fi + +build_libstubgss=no +if test x"$want_gss" = "xyes"; then + build_libstubgss=yes +fi + +AM_CONDITIONAL(BUILD_STUB_GSS, test "x$build_libstubgss" = "xyes") + +dnl ------------------------------------------------------------- +dnl parse --with-default-ssl-backend so it can be validated below +dnl ------------------------------------------------------------- + +DEFAULT_SSL_BACKEND=no +VALID_DEFAULT_SSL_BACKEND= +AC_ARG_WITH(default-ssl-backend, +AC_HELP_STRING([--with-default-ssl-backend=NAME],[Use NAME as default SSL backend]) +AC_HELP_STRING([--without-default-ssl-backend],[Use implicit default SSL backend]), + [DEFAULT_SSL_BACKEND=$withval]) +case "$DEFAULT_SSL_BACKEND" in + no) + dnl --without-default-ssl-backend option used + ;; + default|yes) + dnl --with-default-ssl-backend option used without name + AC_MSG_ERROR([The name of the default SSL backend is required.]) + ;; + *) + dnl --with-default-ssl-backend option used with name + AC_SUBST(DEFAULT_SSL_BACKEND) + dnl needs to be validated below + VALID_DEFAULT_SSL_BACKEND=no + ;; +esac + +dnl ********************************************************************** + +dnl ------------------------------------------------- +dnl check winssl option before other SSL libraries +dnl ------------------------------------------------- + +OPT_WINSSL=no +AC_ARG_WITH(winssl,dnl +AC_HELP_STRING([--with-winssl],[enable Windows native SSL/TLS]) +AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]), + OPT_WINSSL=$withval) + +AC_ARG_WITH(schannel,dnl +AC_HELP_STRING([--with-schannel],[enable Windows native SSL/TLS]) +AC_HELP_STRING([--without-schannel], [disable Windows native SSL/TLS]), + OPT_WINSSL=$withval) + +AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)]) +if test -z "$ssl_backends" -o "x$OPT_WINSSL" != xno; then + ssl_msg= + if test "x$OPT_WINSSL" != "xno" && + test "x$curl_cv_native_windows" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support]) + AC_SUBST(USE_SCHANNEL, [1]) + ssl_msg="Windows-native" + test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + WINSSL_ENABLED=1 + # --with-winssl implies --enable-sspi + AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) + AC_SUBST(USE_WINDOWS_SSPI, [1]) + curl_sspi_msg="enabled" + LIBS="-lcrypt32 $LIBS" + else + AC_MSG_RESULT(no) + fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +else + AC_MSG_RESULT(no) +fi + +OPT_SECURETRANSPORT=no +AC_ARG_WITH(darwinssl,dnl +AC_HELP_STRING([--with-darwinssl],[enable Apple OS native SSL/TLS]) +AC_HELP_STRING([--without-darwinssl], [disable Apple OS native SSL/TLS]), + OPT_SECURETRANSPORT=$withval) + +AC_ARG_WITH(secure-transport,dnl +AC_HELP_STRING([--with-secure-transport],[enable Apple OS native SSL/TLS]) +AC_HELP_STRING([--without-secure-transport], [disable Apple OS native SSL/TLS]), + OPT_SECURETRANSPORT=$withval) + +AC_MSG_CHECKING([whether to enable Secure Transport]) +if test -z "$ssl_backends" -o "x$OPT_SECURETRANSPORT" != xno; then + if test "x$OPT_SECURETRANSPORT" != "xno" && + test -d "/System/Library/Frameworks/Security.framework"; then + AC_MSG_RESULT(yes) + AC_DEFINE(USE_SECTRANSP, 1, [enable Secure Transport]) + AC_SUBST(USE_SECTRANSP, [1]) + ssl_msg="Secure Transport" + test secure-transport != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + SECURETRANSPORT_ENABLED=1 + LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security" + else + AC_MSG_RESULT(no) + fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +else + AC_MSG_RESULT(no) +fi + +OPT_AMISSL=no +AC_ARG_WITH(amissl,dnl +AC_HELP_STRING([--with-amissl],[enable Amiga native SSL/TLS (AmiSSL)]) +AC_HELP_STRING([--without-amissl], [disable Amiga native SSL/TLS (AmiSSL)]), + OPT_AMISSL=$withval) + +AC_MSG_CHECKING([whether to enable Amiga native SSL/TLS (AmiSSL)]) +if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then + if test -z "$ssl_backends" -o "x$OPT_AMISSL" != xno; then + ssl_msg= + if test "x$OPT_AMISSL" != "xno"; then + AC_MSG_RESULT(yes) + ssl_msg="AmiSSL" + test amissl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + AMISSL_ENABLED=1 + LIBS="-lamisslauto $LIBS" + AC_DEFINE(USE_AMISSL, 1, [if AmiSSL is in use]) + AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]) + else + AC_MSG_RESULT(no) + fi + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" + else + AC_MSG_RESULT(no) + fi +else + AC_MSG_RESULT(no) +fi + +dnl ********************************************************************** +dnl Check for the presence of SSL libraries and headers +dnl ********************************************************************** + +dnl Default to compiler & linker defaults for SSL files & libraries. +OPT_SSL=off +dnl Default to no CA bundle +ca="no" +AC_ARG_WITH(ssl,dnl +AC_HELP_STRING([--with-ssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AC_HELP_STRING([--without-ssl], [disable OpenSSL]), + OPT_SSL=$withval) + +if test -z "$ssl_backends" -o "x$OPT_SSL" != xno && + test X"$OPT_SSL" != Xno; then + ssl_msg= + + dnl backup the pre-ssl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + dnl This is for Msys/Mingw + case $host in + *-*-msys* | *-*-mingw*) + AC_MSG_CHECKING([for gdi32]) + my_ac_save_LIBS=$LIBS + LIBS="-lgdi32 $LIBS" + AC_TRY_LINK([#include + #include ], + [GdiFlush();], + [ dnl worked! + AC_MSG_RESULT([yes])], + [ dnl failed, restore LIBS + LIBS=$my_ac_save_LIBS + AC_MSG_RESULT(no)] + ) + ;; + esac + + case "$OPT_SSL" in + yes) + dnl --with-ssl (without path) used + if test x$cross_compiling != xyes; then + dnl only do pkg-config magic when not cross-compiling + PKGTEST="yes" + fi + PREFIX_OPENSSL=/usr/local/ssl + LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff" + ;; + off) + dnl no --with-ssl option given, just check default places + if test x$cross_compiling != xyes; then + dnl only do pkg-config magic when not cross-compiling + PKGTEST="yes" + fi + PREFIX_OPENSSL= + ;; + *) + dnl check the given --with-ssl spot + PKGTEST="no" + PREFIX_OPENSSL=$OPT_SSL + + dnl Try pkg-config even when cross-compiling. Since we + dnl specify PKG_CONFIG_LIBDIR we're only looking where + dnl the user told us to look + OPENSSL_PCDIR="$OPT_SSL/lib/pkgconfig" + if test -f "$OPENSSL_PCDIR/openssl.pc"; then + AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"]) + PKGTEST="yes" + elif test ! -f "$PREFIX_OPENSSL/include/openssl/ssl.h"; then + AC_MSG_ERROR([$PREFIX_OPENSSL is a bad --with-ssl prefix!]) + fi + + dnl in case pkg-config comes up empty, use what we got + dnl via --with-ssl + LIB_OPENSSL="$PREFIX_OPENSSL/lib$libsuff" + if test "$PREFIX_OPENSSL" != "/usr" ; then + SSL_LDFLAGS="-L$LIB_OPENSSL" + SSL_CPPFLAGS="-I$PREFIX_OPENSSL/include" + fi + SSL_CPPFLAGS="$SSL_CPPFLAGS -I$PREFIX_OPENSSL/include/openssl" + ;; + esac + + if test "$PKGTEST" = "yes"; then + + CURL_CHECK_PKGCONFIG(openssl, [$OPENSSL_PCDIR]) + + if test "$PKGCONFIG" != "no" ; then + SSL_LIBS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl + $PKGCONFIG --libs-only-l --libs-only-other openssl 2>/dev/null` + + SSL_LDFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl + $PKGCONFIG --libs-only-L openssl 2>/dev/null` + + SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl + $PKGCONFIG --cflags-only-I openssl 2>/dev/null` + + AC_SUBST(SSL_LIBS) + AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"]) + AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"]) + AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"]) + + LIB_OPENSSL=`echo $SSL_LDFLAGS | sed -e 's/-L//g'` + + dnl use the values pkg-config reported. This is here + dnl instead of below with CPPFLAGS and LDFLAGS because we only + dnl learn about this via pkg-config. If we only have + dnl the argument to --with-ssl we don't know what + dnl additional libs may be necessary. Hope that we + dnl don't need any. + LIBS="$SSL_LIBS $LIBS" + fi + fi + + dnl finally, set flags to use SSL + CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS" + LDFLAGS="$LDFLAGS $SSL_LDFLAGS" + + AC_CHECK_LIB(crypto, HMAC_Update,[ + HAVECRYPTO="yes" + LIBS="-lcrypto $LIBS" + ],[ + LDFLAGS="$CLEANLDFLAGS -L$LIB_OPENSSL" + if test "$PKGCONFIG" = "no" ; then + # only set this if pkg-config wasn't used + CPPFLAGS="$CLEANCPPFLAGS -I$PREFIX_OPENSSL/include/openssl -I$PREFIX_OPENSSL/include" + fi + AC_CHECK_LIB(crypto, HMAC_Init_ex,[ + HAVECRYPTO="yes" + LIBS="-lcrypto $LIBS"], [ + + dnl still no, but what about with -ldl? + AC_MSG_CHECKING([OpenSSL linking with -ldl]) + LIBS="$CLEANLIBS -lcrypto -ldl" + AC_TRY_LINK( + [ + #include + ], + [ + ERR_clear_error(); + ], + [ + AC_MSG_RESULT(yes) + HAVECRYPTO="yes" + ], + [ + AC_MSG_RESULT(no) + dnl ok, so what about both -ldl and -lpthread? + + AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread]) + LIBS="$CLEANLIBS -lcrypto -ldl -lpthread" + AC_TRY_LINK( + [ + #include + ], + [ + ERR_clear_error(); + ], + [ + AC_MSG_RESULT(yes) + HAVECRYPTO="yes" + ], + [ + AC_MSG_RESULT(no) + LDFLAGS="$CLEANLDFLAGS" + CPPFLAGS="$CLEANCPPFLAGS" + LIBS="$CLEANLIBS" + + ]) + + ]) + + ]) + ]) + + if test X"$HAVECRYPTO" = X"yes"; then + dnl This is only reasonable to do if crypto actually is there: check for + dnl SSL libs NOTE: it is important to do this AFTER the crypto lib + + AC_CHECK_LIB(ssl, SSL_connect) + + if test "$ac_cv_lib_ssl_SSL_connect" != yes; then + dnl we didn't find the SSL lib, try the RSAglue/rsaref stuff + AC_MSG_CHECKING(for ssl with RSAglue/rsaref libs in use); + OLIBS=$LIBS + LIBS="-lRSAglue -lrsaref $LIBS" + AC_CHECK_LIB(ssl, SSL_connect) + if test "$ac_cv_lib_ssl_SSL_connect" != yes; then + dnl still no SSL_connect + AC_MSG_RESULT(no) + LIBS=$OLIBS + else + AC_MSG_RESULT(yes) + fi + + else + + dnl Have the libraries--check for OpenSSL headers + AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ + openssl/pem.h openssl/ssl.h openssl/err.h, + ssl_msg="OpenSSL" + test openssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + OPENSSL_ENABLED=1 + AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])) + + if test $ac_cv_header_openssl_x509_h = no; then + dnl we don't use the "action" part of the AC_CHECK_HEADERS macro + dnl since 'err.h' might in fact find a krb4 header with the same + dnl name + AC_CHECK_HEADERS(x509.h rsa.h crypto.h pem.h ssl.h err.h) + + if test $ac_cv_header_x509_h = yes && + test $ac_cv_header_crypto_h = yes && + test $ac_cv_header_ssl_h = yes; then + dnl three matches + ssl_msg="OpenSSL" + OPENSSL_ENABLED=1 + fi + fi + fi + + if test X"$OPENSSL_ENABLED" != X"1"; then + LIBS="$CLEANLIBS" + fi + + if test X"$OPT_SSL" != Xoff && + test "$OPENSSL_ENABLED" != "1"; then + AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) + fi + fi + + if test X"$OPENSSL_ENABLED" = X"1"; then + dnl These can only exist if OpenSSL exists + dnl OpenSSL_version is introduced in 3.0.0 + + AC_CHECK_FUNCS( RAND_egd \ + SSLv2_client_method \ + OpenSSL_version ) + + AC_MSG_CHECKING([for BoringSSL]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + #include + ]],[[ + #ifndef OPENSSL_IS_BORINGSSL + #error not boringssl + #endif + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1, + [Define to 1 if using BoringSSL.]) + ssl_msg="BoringSSL" + ],[ + AC_MSG_RESULT([no]) + ]) + + AC_MSG_CHECKING([for libressl]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#include + ]],[[ + int dummy = LIBRESSL_VERSION_NUMBER; + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1, + [Define to 1 if using libressl.]) + ssl_msg="libressl" + ],[ + AC_MSG_RESULT([no]) + ]) + fi + + if test "$OPENSSL_ENABLED" = "1"; then + if test -n "$LIB_OPENSSL"; then + dnl when the ssl shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH + dnl to prevent further configure tests to fail due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$LIB_OPENSSL" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $LIB_OPENSSL to CURL_LIBRARY_PATH]) + fi + fi + CURL_CHECK_OPENSSL_API + check_for_ca_bundle=1 + fi + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +if test X"$OPT_SSL" != Xoff && + test X"$OPT_SSL" != Xno && + test "$OPENSSL_ENABLED" != "1"; then + AC_MSG_NOTICE([OPT_SSL: $OPT_SSL]) + AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED]) + AC_MSG_ERROR([--with-ssl was given but OpenSSL could not be detected]) +fi + +dnl ********************************************************************** +dnl Check for the random seed preferences +dnl ********************************************************************** + +if test X"$OPENSSL_ENABLED" = X"1"; then + AC_ARG_WITH(egd-socket, + AC_HELP_STRING([--with-egd-socket=FILE], + [Entropy Gathering Daemon socket pathname]), + [ EGD_SOCKET="$withval" ] + ) + if test -n "$EGD_SOCKET" ; then + AC_DEFINE_UNQUOTED(EGD_SOCKET, "$EGD_SOCKET", + [your Entropy Gathering Daemon socket pathname] ) + fi + + dnl Check for user-specified random device + AC_ARG_WITH(random, + AC_HELP_STRING([--with-random=FILE], + [read randomness from FILE (default=/dev/urandom)]), + [ RANDOM_FILE="$withval" ], + [ + if test x$cross_compiling != xyes; then + dnl Check for random device + AC_CHECK_FILE("/dev/urandom", [ RANDOM_FILE="/dev/urandom"] ) + else + AC_MSG_WARN([skipped the /dev/urandom detection when cross-compiling]) + fi + ] + ) + if test -n "$RANDOM_FILE" && test X"$RANDOM_FILE" != Xno ; then + AC_SUBST(RANDOM_FILE) + AC_DEFINE_UNQUOTED(RANDOM_FILE, "$RANDOM_FILE", + [a suitable file to read random data from]) + fi +fi + +dnl --- +dnl We require OpenSSL with SRP support. +dnl --- +if test "$OPENSSL_ENABLED" = "1"; then + AC_CHECK_LIB(crypto, SRP_Calc_client_key, + [ + AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key]) + AC_SUBST(HAVE_OPENSSL_SRP, [1]) + ]) +fi + +dnl --- +dnl Whether the OpenSSL configuration will be loaded automatically +dnl --- +if test X"$OPENSSL_ENABLED" = X"1"; then +AC_ARG_ENABLE(openssl-auto-load-config, +AC_HELP_STRING([--enable-openssl-auto-load-config],[Enable automatic loading of OpenSSL configuration]) +AC_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading of OpenSSL configuration]), +[ if test X"$enableval" = X"no"; then + AC_MSG_NOTICE([automatic loading of OpenSSL configuration disabled]) + AC_DEFINE(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG, 1, [if the OpenSSL configuration won't be loaded automatically]) + fi +]) +fi + +dnl ---------------------------------------------------- +dnl check for GnuTLS +dnl ---------------------------------------------------- + +dnl Default to compiler & linker defaults for GnuTLS files & libraries. +OPT_GNUTLS=no + +AC_ARG_WITH(gnutls,dnl +AC_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to the installation root]) +AC_HELP_STRING([--without-gnutls], [disable GnuTLS detection]), + OPT_GNUTLS=$withval) + +if test -z "$ssl_backends" -o "x$OPT_GNUTLS" != xno; then + ssl_msg= + + if test X"$OPT_GNUTLS" != Xno; then + + addld="" + addlib="" + gtlslib="" + version="" + addcflags="" + + if test "x$OPT_GNUTLS" = "xyes"; then + dnl this is with no partiular path given + CURL_CHECK_PKGCONFIG(gnutls) + + if test "$PKGCONFIG" != "no" ; then + addlib=`$PKGCONFIG --libs-only-l gnutls` + addld=`$PKGCONFIG --libs-only-L gnutls` + addcflags=`$PKGCONFIG --cflags-only-I gnutls` + version=`$PKGCONFIG --modversion gnutls` + gtlslib=`echo $addld | $SED -e 's/-L//'` + else + dnl without pkg-config, we try libgnutls-config as that was how it + dnl used to be done + check=`libgnutls-config --version 2>/dev/null` + if test -n "$check"; then + addlib=`libgnutls-config --libs` + addcflags=`libgnutls-config --cflags` + version=`libgnutls-config --version` + gtlslib=`libgnutls-config --prefix`/lib$libsuff + fi + fi + else + dnl this is with a given path, first check if there's a libgnutls-config + dnl there and if not, make an educated guess + cfg=$OPT_GNUTLS/bin/libgnutls-config + check=`$cfg --version 2>/dev/null` + if test -n "$check"; then + addlib=`$cfg --libs` + addcflags=`$cfg --cflags` + version=`$cfg --version` + gtlslib=`$cfg --prefix`/lib$libsuff + else + dnl without pkg-config and libgnutls-config, we guess a lot! + addlib=-lgnutls + addld=-L$OPT_GNUTLS/lib$libsuff + addcflags=-I$OPT_GNUTLS/include + version="" # we just don't know + gtlslib=$OPT_GNUTLS/lib$libsuff + fi + fi + + if test -z "$version"; then + dnl lots of efforts, still no go + version="unknown" + fi + + if test -n "$addlib"; then + + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLDFLAGS="$LDFLAGS" + + LIBS="$addlib $LIBS" + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + AC_CHECK_LIB(gnutls, gnutls_check_version, + [ + AC_DEFINE(USE_GNUTLS, 1, [if GnuTLS is enabled]) + AC_SUBST(USE_GNUTLS, [1]) + GNUTLS_ENABLED=1 + USE_GNUTLS="yes" + ssl_msg="GnuTLS" + test gnutls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" + ]) + + if test "x$USE_GNUTLS" = "xyes"; then + AC_MSG_NOTICE([detected GnuTLS version $version]) + check_for_ca_bundle=1 + if test -n "$gtlslib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$gtlslib" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $gtlslib to CURL_LIBRARY_PATH]) + fi + fi + AC_CHECK_FUNCS([gnutls_certificate_set_x509_key_file2 gnutls_alpn_set_protocols gnutls_ocsp_req_init]) + fi + + fi + + fi dnl GNUTLS not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +dnl --- +dnl Check which crypto backend GnuTLS uses +dnl --- + +if test "$GNUTLS_ENABLED" = "1"; then + USE_GNUTLS_NETTLE= + # First check if we can detect either crypto library via transitive linking + AC_CHECK_LIB(gnutls, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ]) + if test "$USE_GNUTLS_NETTLE" = ""; then + AC_CHECK_LIB(gnutls, gcry_control, [ USE_GNUTLS_NETTLE=0 ]) + fi + # If not, try linking directly to both of them to see if they are available + if test "$USE_GNUTLS_NETTLE" = ""; then + AC_CHECK_LIB(nettle, nettle_MD5Init, [ USE_GNUTLS_NETTLE=1 ]) + fi + if test "$USE_GNUTLS_NETTLE" = ""; then + AC_CHECK_LIB(gcrypt, gcry_control, [ USE_GNUTLS_NETTLE=0 ]) + fi + if test "$USE_GNUTLS_NETTLE" = ""; then + AC_MSG_ERROR([GnuTLS found, but neither gcrypt nor nettle found]) + fi + if test "$USE_GNUTLS_NETTLE" = "1"; then + AC_DEFINE(USE_GNUTLS_NETTLE, 1, [if GnuTLS uses nettle as crypto backend]) + AC_SUBST(USE_GNUTLS_NETTLE, [1]) + LIBS="-lnettle $LIBS" + else + LIBS="-lgcrypt $LIBS" + fi +fi + +dnl --- +dnl We require GnuTLS with SRP support. +dnl --- +if test "$GNUTLS_ENABLED" = "1"; then + AC_CHECK_LIB(gnutls, gnutls_srp_verifier, + [ + AC_DEFINE(HAVE_GNUTLS_SRP, 1, [if you have the function gnutls_srp_verifier]) + AC_SUBST(HAVE_GNUTLS_SRP, [1]) + ]) +fi + +dnl ---------------------------------------------------- +dnl check for mbedTLS +dnl ---------------------------------------------------- + +OPT_MBEDTLS=no + +_cppflags=$CPPFLAGS +_ldflags=$LDFLAGS +AC_ARG_WITH(mbedtls,dnl +AC_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root]) +AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]), + OPT_MBEDTLS=$withval) + +if test -z "$ssl_backends" -o "x$OPT_MBEDTLS" != xno; then + ssl_msg= + + if test X"$OPT_MBEDTLS" != Xno; then + + if test "$OPT_MBEDTLS" = "yes"; then + OPT_MBEDTLS="" + fi + + if test -z "$OPT_MBEDTLS" ; then + dnl check for lib first without setting any new path + + AC_CHECK_LIB(mbedtls, mbedtls_havege_init, + dnl libmbedtls found, set the variable + [ + AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled]) + AC_SUBST(USE_MBEDTLS, [1]) + MBEDTLS_ENABLED=1 + USE_MBEDTLS="yes" + ssl_msg="mbedTLS" + test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], [], -lmbedx509 -lmbedcrypto) + fi + + addld="" + addlib="" + addcflags="" + mbedtlslib="" + + if test "x$USE_MBEDTLS" != "xyes"; then + dnl add the path and test again + addld=-L$OPT_MBEDTLS/lib$libsuff + addcflags=-I$OPT_MBEDTLS/include + mbedtlslib=$OPT_MBEDTLS/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + AC_CHECK_LIB(mbedtls, mbedtls_ssl_init, + [ + AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled]) + AC_SUBST(USE_MBEDTLS, [1]) + MBEDTLS_ENABLED=1 + USE_MBEDTLS="yes" + ssl_msg="mbedTLS" + test mbedtls != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + ], -lmbedx509 -lmbedcrypto) + fi + + if test "x$USE_MBEDTLS" = "xyes"; then + AC_MSG_NOTICE([detected mbedTLS]) + check_for_ca_bundle=1 + + LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS" + + if test -n "$mbedtlslib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$mbedtlslib" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $mbedtlslib to CURL_LIBRARY_PATH]) + fi + fi + fi + + fi dnl mbedTLS not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +dnl ---------------------------------------------------- +dnl check for wolfSSL +dnl ---------------------------------------------------- + +dnl Default to compiler & linker defaults for wolfSSL files & libraries. +OPT_WOLFSSL=no + +_cppflags=$CPPFLAGS +_ldflags=$LDFLAGS + +AC_ARG_WITH(wolfssl,dnl +AC_HELP_STRING([--with-wolfssl=PATH],[where to look for WolfSSL, PATH points to the installation root (default: system lib default)]) +AC_HELP_STRING([--without-wolfssl], [disable WolfSSL detection]), + OPT_WOLFSSL=$withval) + +if test -z "$ssl_backends" -o "x$OPT_WOLFSSL" != xno; then + ssl_msg= + + if test X"$OPT_WOLFSSL" != Xno; then + + if test "$OPT_WOLFSSL" = "yes"; then + OPT_WOLFSSL="" + fi + + addld="" + addlib="" + addcflags="" + + if test "x$USE_WOLFSSL" != "xyes"; then + addld=-L$OPT_WOLFSSL/lib$libsuff + addcflags=-I$OPT_WOLFSSL/include + wolfssllibpath=$OPT_WOLFSSL/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + my_ac_save_LIBS="$LIBS" + LIBS="-lwolfssl -lm $LIBS" + + AC_MSG_CHECKING([for wolfSSL_Init in -lwolfssl]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +/* These aren't needed for detection and confuse WolfSSL. + They are set up properly later if it is detected. */ +#undef SIZEOF_LONG +#undef SIZEOF_LONG_LONG +#include + ]],[[ + return wolfSSL_Init(); + ]]) + ],[ + AC_MSG_RESULT(yes) + AC_DEFINE(USE_WOLFSSL, 1, [if wolfSSL is enabled]) + AC_SUBST(USE_WOLFSSL, [1]) + WOLFSSL_ENABLED=1 + USE_WOLFSSL="yes" + ssl_msg="WolfSSL" + test wolfssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + AC_MSG_RESULT(no) + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + wolfssllibpath="" + ]) + LIBS="$my_ac_save_LIBS" + fi + + if test "x$USE_WOLFSSL" = "xyes"; then + AC_MSG_NOTICE([detected wolfSSL]) + check_for_ca_bundle=1 + + dnl wolfssl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined! + AX_COMPILE_CHECK_SIZEOF(long long) + + LIBS="-lwolfssl -lm $LIBS" + + dnl Recent WolfSSL versions build without SSLv3 by default + dnl WolfSSL needs configure --enable-opensslextra to have *get_peer* + AC_CHECK_FUNCS(wolfSSLv3_client_method \ + wolfSSL_get_peer_certificate \ + wolfSSL_UseALPN) + + if test -n "$wolfssllibpath"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$wolfssllibpath" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $wolfssllibpath to CURL_LIBRARY_PATH]) + fi + fi + + fi + + fi dnl wolfSSL not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +dnl ---------------------------------------------------- +dnl check for MesaLink +dnl ---------------------------------------------------- + +dnl Default to compiler & linker defaults for MesaLink files & libraries. +OPT_MESALINK=no + +_cppflags=$CPPFLAGS +_ldflags=$LDFLAGS +AC_ARG_WITH(mesalink,dnl +AC_HELP_STRING([--with-mesalink=PATH],[where to look for MesaLink, PATH points to the installation root]) +AC_HELP_STRING([--without-mesalink], [disable MesaLink detection]), + OPT_MESALINK=$withval) + +if test -z "$ssl_backends" -o "x$OPT_MESALINK" != xno; then + ssl_msg= + + if test X"$OPT_MESALINK" != Xno; then + + if test "$OPT_MESALINK" = "yes"; then + OPT_MESALINK="" + fi + + if test -z "$OPT_MESALINK" ; then + dnl check for lib first without setting any new path + + AC_CHECK_LIB(mesalink, mesalink_library_init, + dnl libmesalink found, set the variable + [ + AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled]) + AC_SUBST(USE_MESALINK, [1]) + MESALINK_ENABLED=1 + USE_MESALINK="yes" + ssl_msg="MesaLink" + test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ]) + fi + + addld="" + addlib="" + addcflags="" + mesalinklib="" + + if test "x$USE_MESALINK" != "xyes"; then + dnl add the path and test again + addld=-L$OPT_MESALINK/lib$libsuff + addcflags=-I$OPT_MESALINK/include + mesalinklib=$OPT_MESALINK/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + AC_CHECK_LIB(mesalink, mesalink_library_init, + [ + AC_DEFINE(USE_MESALINK, 1, [if MesaLink is enabled]) + AC_SUBST(USE_MESALINK, [1]) + MESALINK_ENABLED=1 + USE_MESALINK="yes" + ssl_msg="MesaLink" + test mesalink != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + ]) + fi + + if test "x$USE_MESALINK" = "xyes"; then + AC_MSG_NOTICE([detected MesaLink]) + + LIBS="-lmesalink $LIBS" + + if test -n "$mesalinklib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl LD_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mesalinklib" + export LD_LIBRARY_PATH + AC_MSG_NOTICE([Added $mesalinklib to LD_LIBRARY_PATH]) + fi + fi + fi + + fi dnl MesaLink not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +dnl ---------------------------------------------------- +dnl check for BearSSL +dnl ---------------------------------------------------- + +OPT_BEARSSL=no + +_cppflags=$CPPFLAGS +_ldflags=$LDFLAGS +AC_ARG_WITH(bearssl,dnl +AC_HELP_STRING([--with-bearssl=PATH],[where to look for BearSSL, PATH points to the installation root]) +AC_HELP_STRING([--without-bearssl], [disable BearSSL detection]), + OPT_BEARSSL=$withval) + +if test -z "$ssl_backends" -o "x$OPT_BEARSSL" != xno; then + ssl_msg= + + if test X"$OPT_BEARSSL" != Xno; then + + if test "$OPT_BEARSSL" = "yes"; then + OPT_BEARSSL="" + fi + + if test -z "$OPT_BEARSSL" ; then + dnl check for lib first without setting any new path + + AC_CHECK_LIB(bearssl, br_ssl_client_init_full, + dnl libbearssl found, set the variable + [ + AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled]) + AC_SUBST(USE_BEARSSL, [1]) + BEARSSL_ENABLED=1 + USE_BEARSSL="yes" + ssl_msg="BearSSL" + test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], [], -lbearssl) + fi + + addld="" + addlib="" + addcflags="" + bearssllib="" + + if test "x$USE_BEARSSL" != "xyes"; then + dnl add the path and test again + addld=-L$OPT_BEARSSL/lib$libsuff + addcflags=-I$OPT_BEARSSL/include + bearssllib=$OPT_BEARSSL/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + AC_CHECK_LIB(bearssl, br_ssl_client_init_full, + [ + AC_DEFINE(USE_BEARSSL, 1, [if BearSSL is enabled]) + AC_SUBST(USE_BEARSSL, [1]) + BEARSSL_ENABLED=1 + USE_BEARSSL="yes" + ssl_msg="BearSSL" + test bearssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + ], -lbearssl) + fi + + if test "x$USE_BEARSSL" = "xyes"; then + AC_MSG_NOTICE([detected BearSSL]) + check_for_ca_bundle=1 + + LIBS="-lbearssl $LIBS" + + if test -n "$bearssllib"; then + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$bearssllib" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $bearssllib to CURL_LIBRARY_PATH]) + fi + fi + fi + + fi dnl BearSSL not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +dnl ---------------------------------------------------- +dnl NSS. Only check if GnuTLS and OpenSSL are not enabled +dnl ---------------------------------------------------- + +dnl Default to compiler & linker defaults for NSS files & libraries. +OPT_NSS=no + +AC_ARG_WITH(nss,dnl +AC_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the installation root]) +AC_HELP_STRING([--without-nss], [disable NSS detection]), + OPT_NSS=$withval) + +if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then + ssl_msg= + + if test X"$OPT_NSS" != Xno; then + + addld="" + addlib="" + addcflags="" + nssprefix="" + version="" + + if test "x$OPT_NSS" = "xyes"; then + + CURL_CHECK_PKGCONFIG(nss) + + if test "$PKGCONFIG" != "no" ; then + addlib=`$PKGCONFIG --libs nss` + addcflags=`$PKGCONFIG --cflags nss` + version=`$PKGCONFIG --modversion nss` + nssprefix=`$PKGCONFIG --variable=prefix nss` + else + dnl Without pkg-config, we check for nss-config + + check=`nss-config --version 2>/dev/null` + if test -n "$check"; then + addlib=`nss-config --libs` + addcflags=`nss-config --cflags` + version=`nss-config --version` + nssprefix=`nss-config --prefix` + else + addlib="-lnss3" + addcflags="" + version="unknown" + fi + fi + else + NSS_PCDIR="$OPT_NSS/lib/pkgconfig" + if test -f "$NSS_PCDIR/nss.pc"; then + CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR]) + if test "$PKGCONFIG" != "no" ; then + addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss` + addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss` + addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss` + version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss` + nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss` + fi + fi + fi + + if test -z "$addlib"; then + # Without pkg-config, we'll kludge in some defaults + AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.]) + addld="-L$OPT_NSS/lib" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addcflags="-I$OPT_NSS/include" + version="unknown" + nssprefix=$OPT_NSS + fi + + CLEANLDFLAGS="$LDFLAGS" + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" + + LDFLAGS="$addld $LDFLAGS" + LIBS="$addlib $LIBS" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 + AC_CHECK_LIB(nss3, SSL_VersionRangeSet, + [ + AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) + AC_SUBST(USE_NSS, [1]) + USE_NSS="yes" + NSS_ENABLED=1 + ssl_msg="NSS" + test nss != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes + ], + [ + LDFLAGS="$CLEANLDFLAGS" + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" + ]) + + if test "x$USE_NSS" = "xyes"; then + AC_MSG_NOTICE([detected NSS version $version]) + + dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because + dnl PK11_DestroyGenericObject() does not release resources allocated by + dnl PK11_CreateGenericObject() early enough. + AC_CHECK_FUNC(PK11_CreateManagedGenericObject, + [ + AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1, + [if you have the PK11_CreateManagedGenericObject function]) + ]) + + dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS + NSS_LIBS=$addlib + AC_SUBST([NSS_LIBS]) + + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl CURL_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$nssprefix/lib$libsuff" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to CURL_LIBRARY_PATH]) + fi + + fi dnl NSS found + + fi dnl NSS not disabled + + test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" +fi + +case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED" in +x) + AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) + AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl or --with-bearssl to address this.]) + ;; +x1) + # one SSL backend is enabled + AC_SUBST(SSL_ENABLED) + SSL_ENABLED="1" + AC_MSG_NOTICE([built with one SSL backend]) + ;; +*) + # more than one SSL backend is enabled + AC_SUBST(SSL_ENABLED) + SSL_ENABLED="1" + AC_SUBST(CURL_WITH_MULTI_SSL) + CURL_WITH_MULTI_SSL="1" + AC_DEFINE(CURL_WITH_MULTI_SSL, 1, [built with multiple SSL backends]) + AC_MSG_NOTICE([built with multiple SSL backends]) + ;; +esac + +if test -n "$ssl_backends"; then + curl_ssl_msg="enabled ($ssl_backends)" +fi + +if test no = "$VALID_DEFAULT_SSL_BACKEND" +then + if test -n "$SSL_ENABLED" + then + AC_MSG_ERROR([Default SSL backend $DEFAULT_SSL_BACKEND not enabled!]) + else + AC_MSG_ERROR([Default SSL backend requires SSL!]) + fi +elif test yes = "$VALID_DEFAULT_SSL_BACKEND" +then + AC_DEFINE_UNQUOTED([CURL_DEFAULT_SSL_BACKEND], ["$DEFAULT_SSL_BACKEND"], [Default SSL backend]) +fi + +dnl ********************************************************************** +dnl Check for the CA bundle +dnl ********************************************************************** + +if test -n "$check_for_ca_bundle"; then + CURL_CHECK_CA_BUNDLE +fi + +dnl ********************************************************************** +dnl Check for libpsl +dnl ********************************************************************** + +AC_ARG_WITH(libpsl, + AS_HELP_STRING([--without-libpsl], + [disable support for libpsl cookie checking]), + with_libpsl=$withval, + with_libpsl=yes) +if test $with_libpsl != "no"; then + AC_SEARCH_LIBS(psl_builtin, psl, + [curl_psl_msg="enabled"; + AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled]) + ], + [curl_psl_msg="no (libpsl not found)"; + AC_MSG_WARN([libpsl was not found]) + ] + ) +fi +AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "enabled"]) + +dnl ********************************************************************** +dnl Check for libmetalink +dnl ********************************************************************** + +OPT_LIBMETALINK=no + +AC_ARG_WITH(libmetalink,dnl +AC_HELP_STRING([--with-libmetalink=PATH],[where to look for libmetalink, PATH points to the installation root]) +AC_HELP_STRING([--without-libmetalink], [disable libmetalink detection]), + OPT_LIBMETALINK=$withval) + +if test X"$OPT_LIBMETALINK" != Xno; then + + addld="" + addlib="" + addcflags="" + version="" + libmetalinklib="" + + PKGTEST="no" + if test "x$OPT_LIBMETALINK" = "xyes"; then + dnl this is with no partiular path given + PKGTEST="yes" + CURL_CHECK_PKGCONFIG(libmetalink) + else + dnl When particular path is given, set PKG_CONFIG_LIBDIR using the path. + LIBMETALINK_PCDIR="$OPT_LIBMETALINK/lib/pkgconfig" + AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$LIBMETALINK_PCDIR"]) + if test -f "$LIBMETALINK_PCDIR/libmetalink.pc"; then + PKGTEST="yes" + fi + if test "$PKGTEST" = "yes"; then + CURL_CHECK_PKGCONFIG(libmetalink, [$LIBMETALINK_PCDIR]) + fi + fi + if test "$PKGTEST" = "yes" && test "$PKGCONFIG" != "no"; then + addlib=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl + $PKGCONFIG --libs-only-l libmetalink` + addld=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl + $PKGCONFIG --libs-only-L libmetalink` + addcflags=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl + $PKGCONFIG --cflags-only-I libmetalink` + version=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl + $PKGCONFIG --modversion libmetalink` + libmetalinklib=`echo $addld | $SED -e 's/-L//'` + fi + if test -n "$addlib"; then + + clean_CPPFLAGS="$CPPFLAGS" + clean_LDFLAGS="$LDFLAGS" + clean_LIBS="$LIBS" + CPPFLAGS="$clean_CPPFLAGS $addcflags" + LDFLAGS="$clean_LDFLAGS $addld" + LIBS="$addlib $clean_LIBS" + AC_MSG_CHECKING([if libmetalink is recent enough]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +# include + ]],[[ + if(0 != metalink_strerror(0)) /* added in 0.1.0 */ + return 1; + ]]) + ],[ + AC_MSG_RESULT([yes ($version)]) + want_metalink="yes" + ],[ + AC_MSG_RESULT([no ($version)]) + AC_MSG_NOTICE([libmetalink library defective or too old]) + want_metalink="no" + ]) + if test "x$OPENSSL_ENABLED" != "x1" -a "x$USE_WINDOWS_SSPI" != "x1" \ + -a "x$GNUTLS_ENABLED" != "x1" -a "x$NSS_ENABLED" != "x1" \ + -a "x$SECURETRANSPORT_ENABLED" != "x1"; then + AC_MSG_WARN([metalink support requires a compatible SSL/TLS backend]) + want_metalink="no" + fi + CPPFLAGS="$clean_CPPFLAGS" + LDFLAGS="$clean_LDFLAGS" + LIBS="$clean_LIBS" + if test "$want_metalink" = "yes"; then + dnl finally libmetalink will be used + AC_DEFINE(USE_METALINK, 1, [Define to enable metalink support]) + LIBMETALINK_LIBS=$addlib + LIBMETALINK_LDFLAGS=$addld + LIBMETALINK_CPPFLAGS=$addcflags + AC_SUBST([LIBMETALINK_LIBS]) + AC_SUBST([LIBMETALINK_LDFLAGS]) + AC_SUBST([LIBMETALINK_CPPFLAGS]) + curl_mtlnk_msg="enabled" + fi + + fi +fi + +dnl ********************************************************************** +dnl Check for the presence of LIBSSH2 libraries and headers +dnl ********************************************************************** + +dnl Default to compiler & linker defaults for LIBSSH2 files & libraries. +OPT_LIBSSH2=off +AC_ARG_WITH(libssh2,dnl +AC_HELP_STRING([--with-libssh2=PATH],[Where to look for libssh2, PATH points to the libssh2 installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AC_HELP_STRING([--with-libssh2], [enable libssh2]), + OPT_LIBSSH2=$withval, OPT_LIBSSH2=no) + + +OPT_LIBSSH=off +AC_ARG_WITH(libssh,dnl +AC_HELP_STRING([--with-libssh=PATH],[Where to look for libssh, PATH points to the libssh installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AC_HELP_STRING([--with-libssh], [enable libssh]), + OPT_LIBSSH=$withval, OPT_LIBSSH=no) + +OPT_WOLFSSH=off +AC_ARG_WITH(wolfssh,dnl +AC_HELP_STRING([--with-wolfssh=PATH],[Where to look for wolfssh, PATH points to the wolfSSH installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AC_HELP_STRING([--with-wolfssh], [enable wolfssh]), + OPT_WOLFSSH=$withval, OPT_WOLFSSH=no) + +if test X"$OPT_LIBSSH2" != Xno; then + dnl backup the pre-libssh2 variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_LIBSSH2" in + yes) + dnl --with-libssh2 (without path) used + CURL_CHECK_PKGCONFIG(libssh2) + + if test "$PKGCONFIG" != "no" ; then + LIB_SSH2=`$PKGCONFIG --libs libssh2` + LD_SSH2=`$PKGCONFIG --libs-only-L libssh2` + CPP_SSH2=`$PKGCONFIG --cflags-only-I libssh2` + version=`$PKGCONFIG --modversion libssh2` + DIR_SSH2=`echo $LD_SSH2 | $SED -e 's/-L//'` + fi + + ;; + off) + dnl no --with-libssh2 option given, just check default places + ;; + *) + dnl use the given --with-libssh2 spot + PREFIX_SSH2=$OPT_LIBSSH2 + ;; + esac + + dnl if given with a prefix, we set -L and -I based on that + if test -n "$PREFIX_SSH2"; then + LIB_SSH2="-lssh2" + LD_SSH2=-L${PREFIX_SSH2}/lib$libsuff + CPP_SSH2=-I${PREFIX_SSH2}/include + DIR_SSH2=${PREFIX_SSH2}/lib$libsuff + fi + + LDFLAGS="$LDFLAGS $LD_SSH2" + CPPFLAGS="$CPPFLAGS $CPP_SSH2" + LIBS="$LIB_SSH2 $LIBS" + + AC_CHECK_LIB(ssh2, libssh2_channel_open_ex) + + AC_CHECK_HEADERS(libssh2.h, + curl_ssh_msg="enabled (libSSH2)" + LIBSSH2_ENABLED=1 + AC_DEFINE(USE_LIBSSH2, 1, [if libSSH2 is in use]) + AC_SUBST(USE_LIBSSH2, [1]) + ) + + if test X"$OPT_LIBSSH2" != Xoff && + test "$LIBSSH2_ENABLED" != "1"; then + AC_MSG_ERROR([libSSH2 libs and/or directories were not found where specified!]) + fi + + if test "$LIBSSH2_ENABLED" = "1"; then + if test -n "$DIR_SSH2"; then + dnl when the libssh2 shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH + dnl to prevent further configure tests to fail due to this + + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_SSH2" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_SSH2 to CURL_LIBRARY_PATH]) + fi + fi + else + dnl no libssh2, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + fi +elif test X"$OPT_LIBSSH" != Xno; then + dnl backup the pre-libssh variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_LIBSSH" in + yes) + dnl --with-libssh (without path) used + CURL_CHECK_PKGCONFIG(libssh) + + if test "$PKGCONFIG" != "no" ; then + LIB_SSH=`$PKGCONFIG --libs-only-l libssh` + LD_SSH=`$PKGCONFIG --libs-only-L libssh` + CPP_SSH=`$PKGCONFIG --cflags-only-I libssh` + version=`$PKGCONFIG --modversion libssh` + DIR_SSH=`echo $LD_SSH | $SED -e 's/-L//'` + fi + + ;; + off) + dnl no --with-libssh option given, just check default places + ;; + *) + dnl use the given --with-libssh spot + PREFIX_SSH=$OPT_LIBSSH + ;; + esac + + dnl if given with a prefix, we set -L and -I based on that + if test -n "$PREFIX_SSH"; then + LIB_SSH="-lssh" + LD_SSH=-L${PREFIX_SSH}/lib$libsuff + CPP_SSH=-I${PREFIX_SSH}/include + DIR_SSH=${PREFIX_SSH}/lib$libsuff + fi + + LDFLAGS="$LDFLAGS $LD_SSH" + CPPFLAGS="$CPPFLAGS $CPP_SSH" + LIBS="$LIB_SSH $LIBS" + + AC_CHECK_LIB(ssh, ssh_new) + + AC_CHECK_HEADERS(libssh/libssh.h, + curl_ssh_msg="enabled (libSSH)" + LIBSSH_ENABLED=1 + AC_DEFINE(USE_LIBSSH, 1, [if libSSH is in use]) + AC_SUBST(USE_LIBSSH, [1]) + ) + + if test X"$OPT_LIBSSH" != Xoff && + test "$LIBSSH_ENABLED" != "1"; then + AC_MSG_ERROR([libSSH libs and/or directories were not found where specified!]) + fi + + if test "$LIBSSH_ENABLED" = "1"; then + if test -n "$DIR_SSH"; then + dnl when the libssh shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to CURL_LIBRARY_PATH + dnl to prevent further configure tests to fail due to this + + if test "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_SSH" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_SSH to CURL_LIBRARY_PATH]) + fi + fi + else + dnl no libssh, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + fi +elif test X"$OPT_WOLFSSH" != Xno; then + dnl backup the pre-wolfssh variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + + if test "$OPT_WOLFSSH" != yes; then + WOLFCONFIG="$OPT_WOLFSSH/bin/wolfssh-config" + LDFLAGS="$LDFLAGS `$WOLFCONFIG --libs`" + CPPFLAGS="$CPPFLAGS `$WOLFCONFIG --cflags`" + fi + + AC_CHECK_LIB(wolfssh, wolfSSH_Init) + + AC_CHECK_HEADERS(wolfssh/ssh.h, + curl_ssh_msg="enabled (wolfSSH)" + WOLFSSH_ENABLED=1 + AC_DEFINE(USE_WOLFSSH, 1, [if wolfSSH is in use]) + AC_SUBST(USE_WOLFSSH, [1]) + ) + +fi + +dnl ********************************************************************** +dnl Check for the presence of LIBRTMP libraries and headers +dnl ********************************************************************** + +dnl Default to compiler & linker defaults for LIBRTMP files & libraries. +OPT_LIBRTMP=off +AC_ARG_WITH(librtmp,dnl +AC_HELP_STRING([--with-librtmp=PATH],[Where to look for librtmp, PATH points to the LIBRTMP installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AC_HELP_STRING([--without-librtmp], [disable LIBRTMP]), + OPT_LIBRTMP=$withval) + +if test X"$OPT_LIBRTMP" != Xno; then + dnl backup the pre-librtmp variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_LIBRTMP" in + yes) + dnl --with-librtmp (without path) used + CURL_CHECK_PKGCONFIG(librtmp) + + if test "$PKGCONFIG" != "no" ; then + LIB_RTMP=`$PKGCONFIG --libs-only-l librtmp` + LD_RTMP=`$PKGCONFIG --libs-only-L librtmp` + CPP_RTMP=`$PKGCONFIG --cflags-only-I librtmp` + version=`$PKGCONFIG --modversion librtmp` + DIR_RTMP=`echo $LD_RTMP | $SED -e 's/-L//'` + else + dnl To avoid link errors, we do not allow --librtmp without + dnl a pkgconfig file + AC_MSG_ERROR([--librtmp was specified but could not find librtmp pkgconfig file.]) + fi + + ;; + off) + dnl no --with-librtmp option given, just check default places + LIB_RTMP="-lrtmp" + ;; + *) + dnl use the given --with-librtmp spot + LIB_RTMP="-lrtmp" + PREFIX_RTMP=$OPT_LIBRTMP + ;; + esac + + dnl if given with a prefix, we set -L and -I based on that + if test -n "$PREFIX_RTMP"; then + LD_RTMP=-L${PREFIX_RTMP}/lib$libsuff + CPP_RTMP=-I${PREFIX_RTMP}/include + DIR_RTMP=${PREFIX_RTMP}/lib$libsuff + fi + + LDFLAGS="$LDFLAGS $LD_RTMP" + CPPFLAGS="$CPPFLAGS $CPP_RTMP" + LIBS="$LIB_RTMP $LIBS" + + AC_CHECK_LIB(rtmp, RTMP_Init, + [ + AC_CHECK_HEADERS(librtmp/rtmp.h, + curl_rtmp_msg="enabled (librtmp)" + LIBRTMP_ENABLED=1 + AC_DEFINE(USE_LIBRTMP, 1, [if librtmp is in use]) + AC_SUBST(USE_LIBRTMP, [1]) + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + if test X"$OPT_LIBRTMP" != Xoff && + test "$LIBRTMP_ENABLED" != "1"; then + AC_MSG_ERROR([librtmp libs and/or directories were not found where specified!]) + fi + +fi + +dnl ********************************************************************** +dnl Check for linker switch for versioned symbols +dnl ********************************************************************** + +versioned_symbols_flavour= +AC_MSG_CHECKING([whether versioned symbols are wanted]) +AC_ARG_ENABLE(versioned-symbols, +AC_HELP_STRING([--enable-versioned-symbols], [Enable versioned symbols in shared library]) +AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shared library]), +[ case "$enableval" in + yes) AC_MSG_RESULT(yes) + AC_MSG_CHECKING([if libraries can be versioned]) + GLD=`$LD --help < /dev/null 2>/dev/null | grep version-script` + if test -z "$GLD"; then + AC_MSG_RESULT(no) + AC_MSG_WARN([You need an ld version supporting the --version-script option]) + else + AC_MSG_RESULT(yes) + if test "x$CURL_WITH_MULTI_SSL" = "x1"; then + versioned_symbols_flavour="MULTISSL_" + elif test "x$OPENSSL_ENABLED" = "x1"; then + versioned_symbols_flavour="OPENSSL_" + elif test "x$GNUTLS_ENABLED" = "x1"; then + versioned_symbols_flavour="GNUTLS_" + elif test "x$NSS_ENABLED" = "x1"; then + versioned_symbols_flavour="NSS_" + elif test "x$WOLFSSL_ENABLED" = "x1"; then + versioned_symbols_flavour="WOLFSSL_" + elif test "x$WINSSL_ENABLED" = "x1"; then + versioned_symbols_flavour="SCHANNEL_" + elif test "x$SECURETRANSPORT_ENABLED" = "x1"; then + versioned_symbols_flavour="SECURE_TRANSPORT_" + else + versioned_symbols_flavour="" + fi + versioned_symbols="yes" + fi + ;; + + *) AC_MSG_RESULT(no) + ;; + esac +], [ +AC_MSG_RESULT(no) +] +) + +AC_SUBST([CURL_LT_SHLIB_VERSIONED_FLAVOUR], + ["$versioned_symbols_flavour"]) +AM_CONDITIONAL([CURL_LT_SHLIB_USE_VERSIONED_SYMBOLS], + [test "x$versioned_symbols" = 'xyes']) + +dnl ------------------------------------------------- +dnl check winidn option before other IDN libraries +dnl ------------------------------------------------- + +AC_MSG_CHECKING([whether to enable Windows native IDN (Windows native builds only)]) +OPT_WINIDN="default" +AC_ARG_WITH(winidn, +AC_HELP_STRING([--with-winidn=PATH],[enable Windows native IDN]) +AC_HELP_STRING([--without-winidn], [disable Windows native IDN]), + OPT_WINIDN=$withval) +case "$OPT_WINIDN" in + no|default) + dnl --without-winidn option used or configure option not specified + want_winidn="no" + AC_MSG_RESULT([no]) + ;; + yes) + dnl --with-winidn option used without path + want_winidn="yes" + want_winidn_path="default" + AC_MSG_RESULT([yes]) + ;; + *) + dnl --with-winidn option used with path + want_winidn="yes" + want_winidn_path="$withval" + AC_MSG_RESULT([yes ($withval)]) + ;; +esac + +if test "$want_winidn" = "yes"; then + dnl winidn library support has been requested + clean_CPPFLAGS="$CPPFLAGS" + clean_LDFLAGS="$LDFLAGS" + clean_LIBS="$LIBS" + WINIDN_LIBS="-lnormaliz" + WINIDN_CPPFLAGS="-DWINVER=0x0600" + # + if test "$want_winidn_path" != "default"; then + dnl path has been specified + dnl pkg-config not available or provides no info + WINIDN_LDFLAGS="-L$want_winidn_path/lib$libsuff" + WINIDN_CPPFLAGS="-I$want_winidn_path/include" + WINIDN_DIR="$want_winidn_path/lib$libsuff" + fi + # + CPPFLAGS="$CPPFLAGS $WINIDN_CPPFLAGS" + LDFLAGS="$LDFLAGS $WINIDN_LDFLAGS" + LIBS="$WINIDN_LIBS $LIBS" + # + AC_MSG_CHECKING([if IdnToUnicode can be linked]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ + #include + ]],[[ + IdnToUnicode(0, NULL, 0, NULL, 0); + ]]) + ],[ + AC_MSG_RESULT([yes]) + tst_links_winidn="yes" + ],[ + AC_MSG_RESULT([no]) + tst_links_winidn="no" + ]) + # + if test "$tst_links_winidn" = "yes"; then + AC_DEFINE(USE_WIN32_IDN, 1, [Define to 1 if you have the `normaliz' (WinIDN) library (-lnormaliz).]) + AC_DEFINE(WANT_IDN_PROTOTYPES, 1, [Define to 1 to provide own prototypes.]) + AC_SUBST([IDN_ENABLED], [1]) + curl_idn_msg="enabled (Windows-native)" + else + AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled]) + CPPFLAGS="$clean_CPPFLAGS" + LDFLAGS="$clean_LDFLAGS" + LIBS="$clean_LIBS" + fi +fi + +dnl ********************************************************************** +dnl Check for the presence of IDN libraries and headers +dnl ********************************************************************** + +AC_MSG_CHECKING([whether to build with libidn2]) +OPT_IDN="default" +AC_ARG_WITH(libidn2, +AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage]) +AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]), + [OPT_IDN=$withval]) +case "$OPT_IDN" in + no) + dnl --without-libidn2 option used + want_idn="no" + AC_MSG_RESULT([no]) + ;; + default) + dnl configure option not specified + want_idn="yes" + want_idn_path="default" + AC_MSG_RESULT([(assumed) yes]) + ;; + yes) + dnl --with-libidn2 option used without path + want_idn="yes" + want_idn_path="default" + AC_MSG_RESULT([yes]) + ;; + *) + dnl --with-libidn2 option used with path + want_idn="yes" + want_idn_path="$withval" + AC_MSG_RESULT([yes ($withval)]) + ;; +esac + +if test "$want_idn" = "yes"; then + dnl idn library support has been requested + clean_CPPFLAGS="$CPPFLAGS" + clean_LDFLAGS="$LDFLAGS" + clean_LIBS="$LIBS" + PKGCONFIG="no" + # + if test "$want_idn_path" != "default"; then + dnl path has been specified + IDN_PCDIR="$want_idn_path/lib$libsuff/pkgconfig" + CURL_CHECK_PKGCONFIG(libidn2, [$IDN_PCDIR]) + if test "$PKGCONFIG" != "no"; then + IDN_LIBS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl + $PKGCONFIG --libs-only-l libidn2 2>/dev/null` + IDN_LDFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl + $PKGCONFIG --libs-only-L libidn2 2>/dev/null` + IDN_CPPFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl + $PKGCONFIG --cflags-only-I libidn2 2>/dev/null` + IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'` + else + dnl pkg-config not available or provides no info + IDN_LIBS="-lidn2" + IDN_LDFLAGS="-L$want_idn_path/lib$libsuff" + IDN_CPPFLAGS="-I$want_idn_path/include" + IDN_DIR="$want_idn_path/lib$libsuff" + fi + else + dnl path not specified + CURL_CHECK_PKGCONFIG(libidn2) + if test "$PKGCONFIG" != "no"; then + IDN_LIBS=`$PKGCONFIG --libs-only-l libidn2 2>/dev/null` + IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn2 2>/dev/null` + IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn2 2>/dev/null` + IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'` + else + dnl pkg-config not available or provides no info + IDN_LIBS="-lidn2" + fi + fi + # + if test "$PKGCONFIG" != "no"; then + AC_MSG_NOTICE([pkg-config: IDN_LIBS: "$IDN_LIBS"]) + AC_MSG_NOTICE([pkg-config: IDN_LDFLAGS: "$IDN_LDFLAGS"]) + AC_MSG_NOTICE([pkg-config: IDN_CPPFLAGS: "$IDN_CPPFLAGS"]) + AC_MSG_NOTICE([pkg-config: IDN_DIR: "$IDN_DIR"]) + else + AC_MSG_NOTICE([IDN_LIBS: "$IDN_LIBS"]) + AC_MSG_NOTICE([IDN_LDFLAGS: "$IDN_LDFLAGS"]) + AC_MSG_NOTICE([IDN_CPPFLAGS: "$IDN_CPPFLAGS"]) + AC_MSG_NOTICE([IDN_DIR: "$IDN_DIR"]) + fi + # + CPPFLAGS="$CPPFLAGS $IDN_CPPFLAGS" + LDFLAGS="$LDFLAGS $IDN_LDFLAGS" + LIBS="$IDN_LIBS $LIBS" + # + AC_MSG_CHECKING([if idn2_lookup_ul can be linked]) + AC_LINK_IFELSE([ + AC_LANG_FUNC_LINK_TRY([idn2_lookup_ul]) + ],[ + AC_MSG_RESULT([yes]) + tst_links_libidn="yes" + ],[ + AC_MSG_RESULT([no]) + tst_links_libidn="no" + ]) + # + AC_CHECK_HEADERS( idn2.h ) + + if test "$tst_links_libidn" = "yes"; then + AC_DEFINE(HAVE_LIBIDN2, 1, [Define to 1 if you have the `idn2' library (-lidn2).]) + dnl different versions of libidn have different setups of these: + + AC_SUBST([IDN_ENABLED], [1]) + curl_idn_msg="enabled (libidn2)" + if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$IDN_DIR" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $IDN_DIR to CURL_LIBRARY_PATH]) + fi + else + AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled]) + CPPFLAGS="$clean_CPPFLAGS" + LDFLAGS="$clean_LDFLAGS" + LIBS="$clean_LIBS" + fi +fi + + +dnl Let's hope this split URL remains working: +dnl https://www15.software.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/ \ +dnl genprogc/thread_quick_ref.htm + + +dnl ********************************************************************** +dnl Check for nghttp2 +dnl ********************************************************************** + +OPT_H2="yes" + +if test "x$disable_http" = "xyes"; then + # without HTTP, nghttp2 is no use + OPT_H2="no" +fi + +AC_ARG_WITH(nghttp2, +AC_HELP_STRING([--with-nghttp2=PATH],[Enable nghttp2 usage]) +AC_HELP_STRING([--without-nghttp2],[Disable nghttp2 usage]), + [OPT_H2=$withval]) +case "$OPT_H2" in + no) + dnl --without-nghttp2 option used + want_h2="no" + ;; + yes) + dnl --with-nghttp2 option used without path + want_h2="default" + want_h2_path="" + ;; + *) + dnl --with-nghttp2 option used with path + want_h2="yes" + want_h2_path="$withval/lib/pkgconfig" + ;; +esac + +curl_h2_msg="disabled (--with-nghttp2)" +if test X"$want_h2" != Xno; then + dnl backup the pre-nghttp2 variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libnghttp2, $want_h2_path) + + if test "$PKGCONFIG" != "no" ; then + LIB_H2=`CURL_EXPORT_PCDIR([$want_h2_path]) + $PKGCONFIG --libs-only-l libnghttp2` + AC_MSG_NOTICE([-l is $LIB_H2]) + + CPP_H2=`CURL_EXPORT_PCDIR([$want_h2_path]) dnl + $PKGCONFIG --cflags-only-I libnghttp2` + AC_MSG_NOTICE([-I is $CPP_H2]) + + LD_H2=`CURL_EXPORT_PCDIR([$want_h2_path]) + $PKGCONFIG --libs-only-L libnghttp2` + AC_MSG_NOTICE([-L is $LD_H2]) + + LDFLAGS="$LDFLAGS $LD_H2" + CPPFLAGS="$CPPFLAGS $CPP_H2" + LIBS="$LIB_H2 $LIBS" + + # use nghttp2_session_set_local_window_size to require nghttp2 + # >= 1.12.0 + AC_CHECK_LIB(nghttp2, nghttp2_session_set_local_window_size, + [ + AC_CHECK_HEADERS(nghttp2/nghttp2.h, + curl_h2_msg="enabled (nghttp2)" + NGHTTP2_ENABLED=1 + AC_DEFINE(USE_NGHTTP2, 1, [if nghttp2 is in use]) + AC_SUBST(USE_NGHTTP2, [1]) + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no nghttp2 pkg-config found, deal with it + if test X"$want_h2" != Xdefault; then + dnl To avoid link errors, we do not allow --with-nghttp2 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-nghttp2 was specified but could not find libnghttp2 pkg-config file.]) + fi + fi + +fi + +dnl ********************************************************************** +dnl Check for ngtcp2 (QUIC) +dnl ********************************************************************** + +OPT_TCP2="yes" +curl_h3_msg="disabled (--with-ngtcp2, --with-quiche)" + +if test "x$disable_http" = "xyes"; then + # without HTTP, ngtcp2 is no use + OPT_TCP2="no" +fi + +AC_ARG_WITH(ngtcp2, +AC_HELP_STRING([--with-ngtcp2=PATH],[Enable ngtcp2 usage]) +AC_HELP_STRING([--without-ngtcp2],[Disable ngtcp2 usage]), + [OPT_TCP2=$withval]) +case "$OPT_TCP2" in + no) + dnl --without-ngtcp2 option used + want_tcp2="no" + ;; + yes) + dnl --with-ngtcp2 option used without path + want_tcp2="default" + want_tcp2_path="" + ;; + *) + dnl --with-ngtcp2 option used with path + want_tcp2="yes" + want_tcp2_path="$withval/lib/pkgconfig" + ;; +esac + +curl_tcp2_msg="disabled (--with-ngtcp2)" +if test X"$want_tcp2" != Xno; then + dnl backup the pre-ngtcp2 variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libngtcp2, $want_tcp2_path) + + if test "$PKGCONFIG" != "no" ; then + LIB_TCP2=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-l libngtcp2` + AC_MSG_NOTICE([-l is $LIB_TCP2]) + + CPP_TCP2=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl + $PKGCONFIG --cflags-only-I libngtcp2` + AC_MSG_NOTICE([-I is $CPP_TCP2]) + + LD_TCP2=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-L libngtcp2` + AC_MSG_NOTICE([-L is $LD_TCP2]) + + LDFLAGS="$LDFLAGS $LD_TCP2" + CPPFLAGS="$CPPFLAGS $CPP_TCP2" + LIBS="$LIB_TCP2 $LIBS" + + if test "x$cross_compiling" != "xyes"; then + DIR_TCP2=`echo $LD_TCP2 | $SED -e 's/-L//'` + fi + AC_CHECK_LIB(ngtcp2, ngtcp2_conn_client_new, + [ + AC_CHECK_HEADERS(ngtcp2/ngtcp2.h, + NGTCP2_ENABLED=1 + AC_DEFINE(USE_NGTCP2, 1, [if ngtcp2 is in use]) + AC_SUBST(USE_NGTCP2, [1]) + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_TCP2" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_TCP2 to CURL_LIBRARY_PATH]) + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no ngtcp2 pkg-config found, deal with it + if test X"$want_tcp2" != Xdefault; then + dnl To avoid link errors, we do not allow --with-ngtcp2 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2 pkg-config file.]) + fi + fi + +fi + +if test "x$NGTCP2_ENABLED" = "x1"; then + dnl backup the pre-ngtcp2_crypto_openssl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_openssl, $want_tcp2_path) + + if test "$PKGCONFIG" != "no" ; then + LIB_NGTCP2_CRYPTO_OPENSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-l libngtcp2_crypto_openssl` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_OPENSSL]) + + CPP_NGTCP2_CRYPTO_OPENSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_openssl` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_OPENSSL]) + + LD_NGTCP2_CRYPTO_OPENSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-L libngtcp2_crypto_openssl` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_OPENSSL]) + + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_OPENSSL" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_OPENSSL" + LIBS="$LIB_NGTCP2_CRYPTO_OPENSSL $LIBS" + + if test "x$cross_compiling" != "xyes"; then + DIR_NGTCP2_CRYPTO_OPENSSL=`echo $LD_NGTCP2_CRYPTO_OPENSSL | $SED -e 's/-L//'` + fi + AC_CHECK_LIB(ngtcp2_crypto_openssl, ngtcp2_crypto_ctx_initial, + [ + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + NGTCP2_ENABLED=1 + AC_DEFINE(USE_NGTCP2_CRYPTO_OPENSSL, 1, [if ngtcp2_crypto_openssl is in use]) + AC_SUBST(USE_NGTCP2_CRYPTO_OPENSSL, [1]) + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_OPENSSL" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_OPENSSL to CURL_LIBRARY_PATH]) + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no ngtcp2_crypto_openssl pkg-config found, deal with it + if test X"$want_tcp2" != Xdefault; then + dnl To avoid link errors, we do not allow --with-ngtcp2 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_openssl pkg-config file.]) + fi + fi +fi + +dnl ********************************************************************** +dnl Check for nghttp3 (HTTP/3 with ngtcp2) +dnl ********************************************************************** + +OPT_NGHTTP3="yes" + +if test "x$NGTCP2_ENABLED" = "x"; then + # without ngtcp2, nghttp3 is of no use for us + OPT_NGHTTP3="no" +fi + +AC_ARG_WITH(nghttp3, +AC_HELP_STRING([--with-nghttp3=PATH],[Enable nghttp3 usage]) +AC_HELP_STRING([--without-nghttp3],[Disable nghttp3 usage]), + [OPT_NGHTTP3=$withval]) +case "$OPT_NGHTTP3" in + no) + dnl --without-nghttp3 option used + want_nghttp3="no" + ;; + yes) + dnl --with-nghttp3 option used without path + want_nghttp3="default" + want_nghttp3_path="" + ;; + *) + dnl --with-nghttp3 option used with path + want_nghttp3="yes" + want_nghttp3_path="$withval/lib/pkgconfig" + ;; +esac + +curl_http3_msg="disabled (--with-nghttp3)" +if test X"$want_nghttp3" != Xno; then + dnl backup the pre-nghttp3 variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libnghttp3, $want_nghttp3_path) + + if test "$PKGCONFIG" != "no" ; then + LIB_NGHTTP3=`CURL_EXPORT_PCDIR([$want_nghttp3_path]) + $PKGCONFIG --libs-only-l libnghttp3` + AC_MSG_NOTICE([-l is $LIB_NGHTTP3]) + + CPP_NGHTTP3=`CURL_EXPORT_PCDIR([$want_nghttp3_path]) dnl + $PKGCONFIG --cflags-only-I libnghttp3` + AC_MSG_NOTICE([-I is $CPP_NGHTTP3]) + + LD_NGHTTP3=`CURL_EXPORT_PCDIR([$want_nghttp3_path]) + $PKGCONFIG --libs-only-L libnghttp3` + AC_MSG_NOTICE([-L is $LD_NGHTTP3]) + + LDFLAGS="$LDFLAGS $LD_NGHTTP3" + CPPFLAGS="$CPPFLAGS $CPP_NGHTTP3" + LIBS="$LIB_NGHTTP3 $LIBS" + + if test "x$cross_compiling" != "xyes"; then + DIR_NGHTTP3=`echo $LD_NGHTTP3 | $SED -e 's/-L//'` + fi + AC_CHECK_LIB(nghttp3, nghttp3_conn_client_new, + [ + AC_CHECK_HEADERS(nghttp3/nghttp3.h, + curl_h3_msg="enabled (ngtcp2 + nghttp3)" + NGHTTP3_ENABLED=1 + AC_DEFINE(USE_NGHTTP3, 1, [if nghttp3 is in use]) + AC_SUBST(USE_NGHTTP3, [1]) + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGHTTP3" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_NGHTTP3 to CURL_LIBRARY_PATH]) + experimental="$experimental HTTP3" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no nghttp3 pkg-config found, deal with it + if test X"$want_nghttp3" != Xdefault; then + dnl To avoid link errors, we do not allow --with-nghttp3 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-nghttp3 was specified but could not find nghttp3 pkg-config file.]) + fi + fi + +fi + +dnl ********************************************************************** +dnl Check for quiche (QUIC) +dnl ********************************************************************** + +OPT_QUICHE="yes" + +if test "x$disable_http" = "xyes" -o "x$USE_NGTCP" = "x1"; then + # without HTTP or with ngtcp2, quiche is no use + OPT_QUICHE="no" +fi + +AC_ARG_WITH(quiche, +AC_HELP_STRING([--with-quiche=PATH],[Enable quiche usage]) +AC_HELP_STRING([--without-quiche],[Disable quiche usage]), + [OPT_QUICHE=$withval]) +case "$OPT_QUICHE" in + no) + dnl --without-quiche option used + want_quiche="no" + ;; + yes) + dnl --with-quiche option used without path + want_quiche="default" + want_quiche_path="" + ;; + *) + dnl --with-quiche option used with path + want_quiche="yes" + want_quiche_path="$withval" + ;; +esac + +if test X"$want_quiche" != Xno; then + dnl backup the pre-quiche variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(quiche, $want_quiche_path) + + if test "$PKGCONFIG" != "no" ; then + LIB_QUICHE=`CURL_EXPORT_PCDIR([$want_quiche_path]) + $PKGCONFIG --libs-only-l quiche` + AC_MSG_NOTICE([-l is $LIB_QUICHE]) + + CPP_QUICHE=`CURL_EXPORT_PCDIR([$want_quiche_path]) dnl + $PKGCONFIG --cflags-only-I quiche` + AC_MSG_NOTICE([-I is $CPP_QUICHE]) + + LD_QUICHE=`CURL_EXPORT_PCDIR([$want_quiche_path]) + $PKGCONFIG --libs-only-L quiche` + AC_MSG_NOTICE([-L is $LD_QUICHE]) + + LDFLAGS="$LDFLAGS $LD_QUICHE" + CPPFLAGS="$CPPFLAGS $CPP_QUICHE" + LIBS="$LIB_QUICHE $LIBS" + + if test "x$cross_compiling" != "xyes"; then + DIR_QUICHE=`echo $LD_QUICHE | $SED -e 's/-L//'` + fi + AC_CHECK_LIB(quiche, quiche_connect, + [ + AC_CHECK_HEADERS(quiche.h, + experimental="$experimental HTTP3" + AC_MSG_NOTICE([HTTP3 support is experimental]) + curl_h3_msg="enabled (quiche)" + QUICHE_ENABLED=1 + AC_DEFINE(USE_QUICHE, 1, [if quiche is in use]) + AC_SUBST(USE_QUICHE, [1]) + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_QUICHE" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_QUICHE to CURL_LIBRARY_PATH]), + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + else + dnl no quiche pkg-config found, deal with it + if test X"$want_quiche" != Xdefault; then + dnl To avoid link errors, we do not allow --with-quiche without + dnl a pkgconfig file + AC_MSG_ERROR([--with-quiche was specified but could not find quiche pkg-config file.]) + fi + fi +fi + +dnl ********************************************************************** +dnl Check for zsh completion path +dnl ********************************************************************** + +OPT_ZSH_FPATH=default +AC_ARG_WITH(zsh-functions-dir, +AC_HELP_STRING([--with-zsh-functions-dir=PATH],[Install zsh completions to PATH]) +AC_HELP_STRING([--without-zsh-functions-dir],[Do not install zsh completions]), + [OPT_ZSH_FPATH=$withval]) +case "$OPT_ZSH_FPATH" in + no) + dnl --without-zsh-functions-dir option used + ;; + default|yes) + dnl --with-zsh-functions-dir option used without path + ZSH_FUNCTIONS_DIR="$datarootdir/zsh/site-functions" + AC_SUBST(ZSH_FUNCTIONS_DIR) + ;; + *) + dnl --with-zsh-functions-dir option used with path + ZSH_FUNCTIONS_DIR="$withval" + AC_SUBST(ZSH_FUNCTIONS_DIR) + ;; +esac + +dnl ********************************************************************** +dnl Check for fish completion path +dnl ********************************************************************** + +OPT_FISH_FPATH=default +AC_ARG_WITH(fish-functions-dir, +AC_HELP_STRING([--with-fish-functions-dir=PATH],[Install fish completions to PATH]) +AC_HELP_STRING([--without-fish-functions-dir],[Do not install fish completions]), + [OPT_FISH_FPATH=$withval]) +case "$OPT_FISH_FPATH" in + no) + dnl --without-fish-functions-dir option used + ;; + default|yes) + dnl --with-fish-functions-dir option used without path + CURL_CHECK_PKGCONFIG(fish) + if test "$PKGCONFIG" != "no" ; then + FISH_FUNCTIONS_DIR="$($PKGCONFIG --variable completionsdir fish)" + else + FISH_FUNCTIONS_DIR="$datarootdir/fish/vendor_completions.d" + fi + AC_SUBST(FISH_FUNCTIONS_DIR) + ;; + *) + dnl --with-fish-functions-dir option used with path + FISH_FUNCTIONS_DIR="$withval" + AC_SUBST(FISH_FUNCTIONS_DIR) + ;; +esac + +dnl ********************************************************************** +dnl Back to "normal" configuring +dnl ********************************************************************** + +dnl Checks for header files. +AC_HEADER_STDC + +CURL_CHECK_HEADER_MALLOC +CURL_CHECK_HEADER_MEMORY + +dnl Now check for the very most basic headers. Then we can use these +dnl ones as default-headers when checking for the rest! +AC_CHECK_HEADERS( + sys/types.h \ + sys/time.h \ + sys/select.h \ + sys/socket.h \ + sys/ioctl.h \ + sys/uio.h \ + assert.h \ + unistd.h \ + stdlib.h \ + arpa/inet.h \ + net/if.h \ + netinet/in.h \ + netinet/in6.h \ + sys/un.h \ + linux/tcp.h \ + netinet/tcp.h \ + netdb.h \ + sys/sockio.h \ + sys/stat.h \ + sys/param.h \ + termios.h \ + termio.h \ + sgtty.h \ + fcntl.h \ + alloca.h \ + time.h \ + io.h \ + pwd.h \ + utime.h \ + sys/utime.h \ + sys/poll.h \ + poll.h \ + socket.h \ + sys/resource.h \ + libgen.h \ + locale.h \ + errno.h \ + stdbool.h \ + arpa/tftp.h \ + sys/filio.h \ + sys/wait.h \ + setjmp.h, +dnl to do if not found +[], +dnl to do if found +[], +dnl default includes +[ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_NETINET_IN6_H +#include +#endif +#ifdef HAVE_SYS_UN_H +#include +#endif +] +) + + +dnl Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +CURL_CHECK_VARIADIC_MACROS +AC_TYPE_SIZE_T +AC_HEADER_TIME +CURL_CHECK_STRUCT_TIMEVAL +CURL_VERIFY_RUNTIMELIBS + +AX_COMPILE_CHECK_SIZEOF(size_t) +AX_COMPILE_CHECK_SIZEOF(long) +AX_COMPILE_CHECK_SIZEOF(int) +AX_COMPILE_CHECK_SIZEOF(short) +AX_COMPILE_CHECK_SIZEOF(time_t) +AX_COMPILE_CHECK_SIZEOF(off_t) + +o=$CPPFLAGS +CPPFLAGS="-I$srcdir/include $CPPFLAGS" +AX_COMPILE_CHECK_SIZEOF(curl_off_t, [ +#include +]) +CPPFLAGS=$o + +AC_CHECK_TYPE(long long, + [AC_DEFINE(HAVE_LONGLONG, 1, + [Define to 1 if the compiler supports the 'long long' data type.])] + longlong="yes" +) + +if test "xyes" = "x$longlong"; then + AC_MSG_CHECKING([if numberLL works]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + ]],[[ + long long val = 1000LL; + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_LL, 1, [if your compiler supports LL]) + ],[ + AC_MSG_RESULT([no]) + ]) +fi + + +# check for ssize_t +AC_CHECK_TYPE(ssize_t, , + AC_DEFINE(ssize_t, int, [the signed version of size_t])) + +# check for bool type +AC_CHECK_TYPE([bool],[ + AC_DEFINE(HAVE_BOOL_T, 1, + [Define to 1 if bool is an available type.]) +], ,[ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_STDBOOL_H +#include +#endif +]) + +# check for sa_family_t +AC_CHECK_TYPE(sa_family_t, + AC_DEFINE(CURL_SA_FAMILY_T, sa_family_t, [IP address type in sockaddr]), + [ + # The windows name? + AC_CHECK_TYPE(ADDRESS_FAMILY, + AC_DEFINE(CURL_SA_FAMILY_T, ADDRESS_FAMILY, [IP address type in sockaddr]), + AC_DEFINE(CURL_SA_FAMILY_T, unsigned short, [IP address type in sockaddr]), + [ +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + ]) + ], +[ +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +]) + +AC_MSG_CHECKING([if time_t is unsigned]) +CURL_RUN_IFELSE( + [ + #include + #include + time_t t = -1; + return (t > 0); + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_TIME_T_UNSIGNED, 1, [Define this if time_t is unsigned]) +],[ + AC_MSG_RESULT([no]) +],[ + dnl cross-compiling, most systems are unsigned + AC_MSG_RESULT([no]) +]) + +CURL_CONFIGURE_PULL_SYS_POLL + +TYPE_IN_ADDR_T + +TYPE_SOCKADDR_STORAGE + +TYPE_SIG_ATOMIC_T + +AC_TYPE_SIGNAL + +CURL_CHECK_FUNC_SELECT + +CURL_CHECK_FUNC_RECV +CURL_CHECK_FUNC_SEND +CURL_CHECK_MSG_NOSIGNAL + +CURL_CHECK_FUNC_ALARM +CURL_CHECK_FUNC_BASENAME +CURL_CHECK_FUNC_CLOSESOCKET +CURL_CHECK_FUNC_CLOSESOCKET_CAMEL +CURL_CHECK_FUNC_CONNECT +CURL_CHECK_FUNC_FCNTL +CURL_CHECK_FUNC_FREEADDRINFO +CURL_CHECK_FUNC_FREEIFADDRS +CURL_CHECK_FUNC_FSETXATTR +CURL_CHECK_FUNC_FTRUNCATE +CURL_CHECK_FUNC_GETADDRINFO +CURL_CHECK_FUNC_GAI_STRERROR +CURL_CHECK_FUNC_GETHOSTBYADDR +CURL_CHECK_FUNC_GETHOSTBYADDR_R +CURL_CHECK_FUNC_GETHOSTBYNAME +CURL_CHECK_FUNC_GETHOSTBYNAME_R +CURL_CHECK_FUNC_GETHOSTNAME +CURL_CHECK_FUNC_GETPEERNAME +CURL_CHECK_FUNC_GETSOCKNAME +CURL_CHECK_FUNC_IF_NAMETOINDEX +CURL_CHECK_FUNC_GETIFADDRS +CURL_CHECK_FUNC_GETSERVBYPORT_R +CURL_CHECK_FUNC_GMTIME_R +CURL_CHECK_FUNC_INET_NTOA_R +CURL_CHECK_FUNC_INET_NTOP +CURL_CHECK_FUNC_INET_PTON +CURL_CHECK_FUNC_IOCTL +CURL_CHECK_FUNC_IOCTLSOCKET +CURL_CHECK_FUNC_IOCTLSOCKET_CAMEL +CURL_CHECK_FUNC_LOCALTIME_R +CURL_CHECK_FUNC_MEMRCHR +CURL_CHECK_FUNC_POLL +CURL_CHECK_FUNC_SETSOCKOPT +CURL_CHECK_FUNC_SIGACTION +CURL_CHECK_FUNC_SIGINTERRUPT +CURL_CHECK_FUNC_SIGNAL +CURL_CHECK_FUNC_SIGSETJMP +CURL_CHECK_FUNC_SOCKET +CURL_CHECK_FUNC_SOCKETPAIR +CURL_CHECK_FUNC_STRCASECMP +CURL_CHECK_FUNC_STRCMPI +CURL_CHECK_FUNC_STRDUP +CURL_CHECK_FUNC_STRERROR_R +CURL_CHECK_FUNC_STRICMP +CURL_CHECK_FUNC_STRNCASECMP +CURL_CHECK_FUNC_STRNCMPI +CURL_CHECK_FUNC_STRNICMP +CURL_CHECK_FUNC_STRSTR +CURL_CHECK_FUNC_STRTOK_R +CURL_CHECK_FUNC_STRTOLL +CURL_CHECK_FUNC_WRITEV + +case $host in + *msdosdjgpp) + ac_cv_func_pipe=no + skipcheck_pipe=yes + AC_MSG_NOTICE([skip check for pipe on msdosdjgpp]) + ;; +esac + +AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Set if getpwuid_r() declaration is missing")], + [[#include + #include ]]) + + +AC_CHECK_FUNCS([fnmatch \ + geteuid \ + getpass_r \ + getppid \ + getpwuid \ + getpwuid_r \ + getrlimit \ + gettimeofday \ + if_nametoindex \ + mach_absolute_time \ + pipe \ + setlocale \ + setmode \ + setrlimit \ + usleep \ + utime \ + utimes +],[ +],[ + func="$ac_func" + eval skipcheck=\$skipcheck_$func + if test "x$skipcheck" != "xyes"; then + AC_MSG_CHECKING([deeper for $func]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ + ]],[[ + $func (); + ]]) + ],[ + AC_MSG_RESULT([yes]) + eval "ac_cv_func_$func=yes" + AC_DEFINE_UNQUOTED(XC_SH_TR_CPP([HAVE_$func]), [1], + [Define to 1 if you have the $func function.]) + ],[ + AC_MSG_RESULT([but still no]) + ]) + fi +]) + +CURL_CHECK_NONBLOCKING_SOCKET + +dnl ************************************************************ +dnl nroff tool stuff +dnl + +AC_PATH_PROG( PERL, perl, , + $PATH:/usr/local/bin/perl:/usr/bin/:/usr/local/bin ) +AC_SUBST(PERL) + +AC_PATH_PROGS( NROFF, gnroff nroff, , + $PATH:/usr/bin/:/usr/local/bin ) +AC_SUBST(NROFF) + +if test -n "$NROFF"; then + dnl only check for nroff options if an nroff command was found + + AC_MSG_CHECKING([how to use *nroff to get plain text from man pages]) + MANOPT="-man" + mancheck=`echo foo | $NROFF $MANOPT 2>/dev/null` + if test -z "$mancheck"; then + MANOPT="-mandoc" + mancheck=`echo foo | $NROFF $MANOPT 2>/dev/null` + if test -z "$mancheck"; then + MANOPT="" + AC_MSG_RESULT([failed]) + AC_MSG_WARN([found no *nroff option to get plaintext from man pages]) + else + AC_MSG_RESULT([$MANOPT]) + fi + else + AC_MSG_RESULT([$MANOPT]) + fi + AC_SUBST(MANOPT) +fi + +if test -z "$MANOPT" +then + dnl if no nroff tool was found, or no option that could convert man pages + dnl was found, then disable the built-in manual stuff + AC_MSG_WARN([disabling built-in manual]) + USE_MANUAL="no"; +fi + +dnl ************************************************************************* +dnl If the manual variable still is set, then we go with providing a built-in +dnl manual + +if test "$USE_MANUAL" = "1"; then + AC_DEFINE(USE_MANUAL, 1, [If you want to build curl with the built-in manual]) + curl_manual_msg="enabled" +fi + +dnl set variable for use in automakefile(s) +AM_CONDITIONAL(USE_MANUAL, test x"$USE_MANUAL" = x1) + +CURL_CHECK_LIB_ARES +AM_CONDITIONAL(USE_EMBEDDED_ARES, test x$embedded_ares = xyes) + +if test "x$curl_cv_native_windows" != "xyes" && + test "x$enable_shared" = "xyes"; then + build_libhostname=yes +else + build_libhostname=no +fi +AM_CONDITIONAL(BUILD_LIBHOSTNAME, test x$build_libhostname = xyes) + +if test "x$want_ares" != xyes; then + CURL_CHECK_OPTION_THREADED_RESOLVER +fi + +dnl ************************************************************ +dnl disable POSIX threads +dnl +AC_MSG_CHECKING([whether to use POSIX threads for threaded resolver]) +AC_ARG_ENABLE(pthreads, +AC_HELP_STRING([--enable-pthreads], + [Enable POSIX threads (default for threaded resolver)]) +AC_HELP_STRING([--disable-pthreads],[Disable POSIX threads]), +[ case "$enableval" in + no) AC_MSG_RESULT(no) + want_pthreads=no + ;; + *) AC_MSG_RESULT(yes) + want_pthreads=yes + ;; + esac ], [ + AC_MSG_RESULT(auto) + want_pthreads=auto + ] +) + +dnl turn off pthreads if rt is disabled +if test "$want_pthreads" != "no"; then + if test "$want_pthreads" = "yes" && test "$dontwant_rt" = "yes"; then + AC_MSG_ERROR([options --enable-pthreads and --disable-rt are mutually exclusive]) + fi + if test "$dontwant_rt" != "no"; then + dnl if --enable-pthreads was explicit then warn it's being ignored + if test "$want_pthreads" = "yes"; then + AC_MSG_WARN([--enable-pthreads Ignored since librt is disabled.]) + fi + want_pthreads=no + fi +fi + +dnl turn off pthreads if no threaded resolver +if test "$want_pthreads" != "no" && test "$want_thres" != "yes"; then + want_pthreads=no +fi + +dnl detect pthreads +if test "$want_pthreads" != "no"; then + AC_CHECK_HEADER(pthread.h, + [ AC_DEFINE(HAVE_PTHREAD_H, 1, [if you have ]) + save_CFLAGS="$CFLAGS" + + dnl first check for function without lib + AC_CHECK_FUNC(pthread_create, [USE_THREADS_POSIX=1] ) + + dnl on HPUX, life is more complicated... + case $host in + *-hp-hpux*) + dnl it doesn't actually work without -lpthread + USE_THREADS_POSIX="" + ;; + *) + ;; + esac + + dnl if it wasn't found without lib, search for it in pthread lib + if test "$USE_THREADS_POSIX" != "1" + then + CFLAGS="$CFLAGS -pthread" + AC_CHECK_LIB(pthread, pthread_create, + [USE_THREADS_POSIX=1], + [ CFLAGS="$save_CFLAGS"]) + fi + + if test "x$USE_THREADS_POSIX" = "x1" + then + AC_DEFINE(USE_THREADS_POSIX, 1, [if you want POSIX threaded DNS lookup]) + curl_res_msg="POSIX threaded" + fi + ]) +fi + +dnl threaded resolver check +if test "$want_thres" = "yes" && test "x$USE_THREADS_POSIX" != "x1"; then + if test "$want_pthreads" = "yes"; then + AC_MSG_ERROR([--enable-pthreads but pthreads was not found]) + fi + dnl If native Windows fallback on Win32 threads since no POSIX threads + if test "$curl_cv_native_windows" = "yes"; then + USE_THREADS_WIN32=1 + AC_DEFINE(USE_THREADS_WIN32, 1, [if you want Win32 threaded DNS lookup]) + curl_res_msg="Win32 threaded" + else + AC_MSG_ERROR([Threaded resolver enabled but no thread library found]) + fi +fi + +dnl ************************************************************ +dnl disable verbose text strings +dnl +AC_MSG_CHECKING([whether to enable verbose strings]) +AC_ARG_ENABLE(verbose, +AC_HELP_STRING([--enable-verbose],[Enable verbose strings]) +AC_HELP_STRING([--disable-verbose],[Disable verbose strings]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_VERBOSE_STRINGS, 1, [to disable verbose strings]) + curl_verbose_msg="no" + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl enable SSPI support +dnl +AC_MSG_CHECKING([whether to enable SSPI support (Windows native builds only)]) +AC_ARG_ENABLE(sspi, +AC_HELP_STRING([--enable-sspi],[Enable SSPI]) +AC_HELP_STRING([--disable-sspi],[Disable SSPI]), +[ case "$enableval" in + yes) + if test "$curl_cv_native_windows" = "yes"; then + AC_MSG_RESULT(yes) + AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) + AC_SUBST(USE_WINDOWS_SSPI, [1]) + curl_sspi_msg="enabled" + else + AC_MSG_RESULT(no) + AC_MSG_WARN([--enable-sspi Ignored. Only supported on native Windows builds.]) + fi + ;; + *) + if test "x$WINSSL_ENABLED" = "x1"; then + # --with-winssl implies --enable-sspi + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + fi + ;; + esac ], + if test "x$WINSSL_ENABLED" = "x1"; then + # --with-winssl implies --enable-sspi + AC_MSG_RESULT(yes) + else + AC_MSG_RESULT(no) + fi +) + +dnl ************************************************************ +dnl disable cryptographic authentication +dnl +AC_MSG_CHECKING([whether to enable cryptographic authentication methods]) +AC_ARG_ENABLE(crypto-auth, +AC_HELP_STRING([--enable-crypto-auth],[Enable cryptographic authentication]) +AC_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_CRYPTO_AUTH, 1, [to disable cryptographic authentication]) + CURL_DISABLE_CRYPTO_AUTH=1 + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +CURL_CHECK_OPTION_NTLM_WB + +CURL_CHECK_NTLM_WB + +dnl ************************************************************ +dnl disable TLS-SRP authentication +dnl +AC_MSG_CHECKING([whether to enable TLS-SRP authentication]) +AC_ARG_ENABLE(tls-srp, +AC_HELP_STRING([--enable-tls-srp],[Enable TLS-SRP authentication]) +AC_HELP_STRING([--disable-tls-srp],[Disable TLS-SRP authentication]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + want_tls_srp=no + ;; + *) AC_MSG_RESULT(yes) + want_tls_srp=yes + ;; + esac ], + AC_MSG_RESULT(yes) + want_tls_srp=yes +) + +if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then + AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication]) + USE_TLS_SRP=1 + curl_tls_srp_msg="enabled" +fi + +dnl ************************************************************ +dnl disable Unix domain sockets support +dnl +AC_MSG_CHECKING([whether to enable Unix domain sockets]) +AC_ARG_ENABLE(unix-sockets, +AC_HELP_STRING([--enable-unix-sockets],[Enable Unix domain sockets]) +AC_HELP_STRING([--disable-unix-sockets],[Disable Unix domain sockets]), +[ case "$enableval" in + no) AC_MSG_RESULT(no) + want_unix_sockets=no + ;; + *) AC_MSG_RESULT(yes) + want_unix_sockets=yes + ;; + esac ], [ + AC_MSG_RESULT(auto) + want_unix_sockets=auto + ] +) +if test "x$want_unix_sockets" != "xno"; then + AC_CHECK_MEMBER([struct sockaddr_un.sun_path], [ + AC_DEFINE(USE_UNIX_SOCKETS, 1, [Use Unix domain sockets]) + AC_SUBST(USE_UNIX_SOCKETS, [1]) + curl_unix_sockets_msg="enabled" + ], [ + if test "x$want_unix_sockets" = "xyes"; then + AC_MSG_ERROR([--enable-unix-sockets is not available on this platform!]) + fi + ], [ + #include + ]) +fi + +dnl ************************************************************ +dnl disable cookies support +dnl +AC_MSG_CHECKING([whether to support cookies]) +AC_ARG_ENABLE(cookies, +AC_HELP_STRING([--enable-cookies],[Enable cookies support]) +AC_HELP_STRING([--disable-cookies],[Disable cookies support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_COOKIES, 1, [to disable cookies support]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable HTTP authentication support +dnl +AC_MSG_CHECKING([whether to support HTTP authentication]) +AC_ARG_ENABLE(http-auth, +AC_HELP_STRING([--enable-http-auth],[Enable HTTP authentication support]) +AC_HELP_STRING([--disable-http-auth],[Disable HTTP authentication support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_HTTP_AUTH, 1, [disable HTTP authentication]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable DoH support +dnl +AC_MSG_CHECKING([whether to support DoH]) +AC_ARG_ENABLE(doh, +AC_HELP_STRING([--enable-doh],[Enable DoH support]) +AC_HELP_STRING([--disable-doh],[Disable DoH support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_DOH, 1, [disable DoH]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable mime API support +dnl +AC_MSG_CHECKING([whether to support the MIME API]) +AC_ARG_ENABLE(mime, +AC_HELP_STRING([--enable-mime],[Enable mime API support]) +AC_HELP_STRING([--disable-mime],[Disable mime API support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_MIME, 1, [disable mime API]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable date parsing +dnl +AC_MSG_CHECKING([whether to support date parsing]) +AC_ARG_ENABLE(dateparse, +AC_HELP_STRING([--enable-dateparse],[Enable date parsing]) +AC_HELP_STRING([--disable-dateparse],[Disable date parsing]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_PARSEDATE, 1, [disable date parsing]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable netrc +dnl +AC_MSG_CHECKING([whether to support netrc parsing]) +AC_ARG_ENABLE(netrc, +AC_HELP_STRING([--enable-netrc],[Enable netrc parsing]) +AC_HELP_STRING([--disable-netrc],[Disable netrc parsing]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_NETRC, 1, [disable netrc parsing]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable progress-meter +dnl +AC_MSG_CHECKING([whether to support progress-meter]) +AC_ARG_ENABLE(progress-meter, +AC_HELP_STRING([--enable-progress-meter],[Enable progress-meter]) +AC_HELP_STRING([--disable-progress-meter],[Disable progress-meter]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_PROGRESS_METER, 1, [disable progress-meter]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable shuffle DNS support +dnl +AC_MSG_CHECKING([whether to support DNS shuffling]) +AC_ARG_ENABLE(dnsshuffle, +AC_HELP_STRING([--enable-dnsshuffle],[Enable DNS shuffling]) +AC_HELP_STRING([--disable-dnsshuffle],[Disable DNS shuffling]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SHUFFLE_DNS, 1, [disable DNS shuffling]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl switch on/off alt-svc +dnl +curl_altsvc_msg="no (--enable-alt-svc)"; +AC_MSG_CHECKING([whether to support alt-svc]) +AC_ARG_ENABLE(alt-svc, +AC_HELP_STRING([--enable-alt-svc],[Enable alt-svc support]) +AC_HELP_STRING([--disable-alt-svc],[Disable alt-svc support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + ;; + *) AC_MSG_RESULT(yes) + curl_altsvc_msg="enabled"; + enable_altsvc="yes" + ;; + esac ], + AC_MSG_RESULT(no) +) + +if test "$enable_altsvc" = "yes"; then + AC_DEFINE(USE_ALTSVC, 1, [to enable alt-svc]) + experimental="$experimental alt-svc" +fi + +dnl ************************************************************* +dnl check whether ESNI support, if desired, is actually available +dnl +if test "x$want_esni" != "xno"; then + AC_MSG_CHECKING([whether ESNI support is available]) + + dnl assume NOT and look for sufficient condition + ESNI_ENABLED=0 + ESNI_SUPPORT='' + + dnl OpenSSL with a chosen ESNI function should be enough + dnl so more exhaustive checking seems unnecessary for now + if test "x$OPENSSL_ENABLED" = "x1"; then + AC_CHECK_FUNCS(SSL_get_esni_status, + ESNI_SUPPORT="ESNI support available (OpenSSL with SSL_get_esni_status)" + ESNI_ENABLED=1) + + dnl add 'elif' chain here for additional implementations + fi + + dnl now deal with whatever we found + if test "x$ESNI_ENABLED" = "x1"; then + AC_DEFINE(USE_ESNI, 1, [if ESNI support is available]) + AC_MSG_RESULT($ESNI_SUPPORT) + experimental="$experimental ESNI" + else + AC_MSG_ERROR([--enable-esni ignored: No ESNI support found]) + fi +fi + +dnl ************************************************************ +dnl hiding of library internal symbols +dnl +CURL_CONFIGURE_SYMBOL_HIDING + +dnl +dnl All the library dependencies put into $LIB apply to libcurl only. +dnl +LIBCURL_LIBS=$LIBS + +AC_SUBST(LIBCURL_LIBS) +AC_SUBST(CURL_NETWORK_LIBS) +AC_SUBST(CURL_NETWORK_AND_TIME_LIBS) + +dnl BLANK_AT_MAKETIME may be used in our Makefile.am files to blank +dnl LIBS variable used in generated makefile at makefile processing +dnl time. Doing this functionally prevents LIBS from being used for +dnl all link targets in given makefile. +BLANK_AT_MAKETIME= +AC_SUBST(BLANK_AT_MAKETIME) + +AM_CONDITIONAL(CROSSCOMPILING, test x$cross_compiling = xyes) + +dnl yes or no +ENABLE_SHARED="$enable_shared" +AC_SUBST(ENABLE_SHARED) + +dnl to let curl-config output the static libraries correctly +ENABLE_STATIC="$enable_static" +AC_SUBST(ENABLE_STATIC) + + +dnl +dnl For keeping supported features and protocols also in pkg-config file +dnl since it is more cross-compile friendly than curl-config +dnl + +if test "x$OPENSSL_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" +elif test -n "$SSL_ENABLED"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" +fi +if test "x$IPV6_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES IPv6" +fi +if test "x$USE_UNIX_SOCKETS" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES UnixSockets" +fi +if test "x$HAVE_LIBZ" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES libz" +fi +if test "x$HAVE_BROTLI" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES brotli" +fi +if test "x$USE_ARES" = "x1" -o "x$USE_THREADS_POSIX" = "x1" \ + -o "x$USE_THREADS_WIN32" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES AsynchDNS" +fi +if test "x$IDN_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES IDN" +fi +if test "x$USE_WINDOWS_SSPI" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES SSPI" +fi + +if test "x$HAVE_GSSAPI" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API" +fi + +if test "x$curl_psl_msg" = "xenabled"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES PSL" +fi + +if test "x$enable_altsvc" = "xyes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES alt-svc" +fi + +if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ + \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then + SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO" +fi + +if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ + \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then + SUPPORT_FEATURES="$SUPPORT_FEATURES Kerberos" +fi + +if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then + if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ + -o "x$NSS_ENABLED" = "x1" -o "x$SECURETRANSPORT_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" + + if test "x$CURL_DISABLE_HTTP" != "x1" -a \ + "x$NTLM_WB_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB" + fi + fi +fi + +if test "x$USE_TLS_SRP" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES TLS-SRP" +fi + +if test "x$USE_NGHTTP2" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2" +fi + +if test "x$USE_NGTCP2" = "x1" -o "x$USE_QUICHE" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP3" +fi + +if test "x$CURL_WITH_MULTI_SSL" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES MultiSSL" +fi + +if test "x$OPENSSL_ENABLED" = "x1" -o "x$GNUTLS_ENABLED" = "x1" \ + -o "x$NSS_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" +fi + +if test "x$ESNI_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES ESNI" +fi + +AC_SUBST(SUPPORT_FEATURES) + +dnl For supported protocols in pkg-config file +if test "x$CURL_DISABLE_HTTP" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTP" + if test "x$SSL_ENABLED" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTPS" + fi +fi +if test "x$CURL_DISABLE_FTP" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS FTP" + if test "x$SSL_ENABLED" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS FTPS" + fi +fi +if test "x$CURL_DISABLE_FILE" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS FILE" +fi +if test "x$CURL_DISABLE_TELNET" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS TELNET" +fi +if test "x$CURL_DISABLE_LDAP" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS LDAP" + if test "x$CURL_DISABLE_LDAPS" != "x1"; then + if (test "x$USE_OPENLDAP" = "x1" && test "x$SSL_ENABLED" = "x1") || + (test "x$USE_OPENLDAP" != "x1" && test "x$HAVE_LDAP_SSL" = "x1"); then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS LDAPS" + fi + fi +fi +if test "x$CURL_DISABLE_DICT" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS DICT" +fi +if test "x$CURL_DISABLE_TFTP" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS TFTP" +fi +if test "x$CURL_DISABLE_GOPHER" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS GOPHER" +fi +if test "x$CURL_DISABLE_POP3" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS POP3" + if test "x$SSL_ENABLED" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS POP3S" + fi +fi +if test "x$CURL_DISABLE_IMAP" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAP" + if test "x$SSL_ENABLED" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS IMAPS" + fi +fi +if test "x$CURL_DISABLE_SMB" != "x1" \ + -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ + -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ + -o "x$NSS_ENABLED" = "x1" -o "x$SECURETRANSPORT_ENABLED" = "x1" \); then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" + if test "x$SSL_ENABLED" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMBS" + fi +fi +if test "x$CURL_DISABLE_SMTP" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTP" + if test "x$SSL_ENABLED" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMTPS" + fi +fi +if test "x$USE_LIBSSH2" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SCP" + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SFTP" +fi +if test "x$USE_LIBSSH" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SCP" + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SFTP" +fi +if test "x$USE_WOLFSSH" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SCP" + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SFTP" +fi +if test "x$CURL_DISABLE_RTSP" != "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS RTSP" +fi +if test "x$USE_LIBRTMP" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS RTMP" +fi + +dnl replace spaces with newlines +dnl sort the lines +dnl replace the newlines back to spaces +SUPPORT_PROTOCOLS=`echo $SUPPORT_PROTOCOLS | tr ' ' '\012' | sort | tr '\012' ' '` + +AC_SUBST(SUPPORT_PROTOCOLS) + +dnl squeeze whitespace out of some variables + +squeeze CFLAGS +squeeze CPPFLAGS +squeeze DEFS +squeeze LDFLAGS +squeeze LIBS + +squeeze LIBCURL_LIBS +squeeze CURL_NETWORK_LIBS +squeeze CURL_NETWORK_AND_TIME_LIBS + +squeeze SUPPORT_FEATURES +squeeze SUPPORT_PROTOCOLS + +XC_CHECK_BUILD_FLAGS + +SSL_BACKENDS=${ssl_backends} +AC_SUBST(SSL_BACKENDS) + +if test "x$want_curldebug_assumed" = "xyes" && + test "x$want_curldebug" = "xyes" && test "x$USE_ARES" = "x1"; then + ac_configure_args="$ac_configure_args --enable-curldebug" +fi + +AC_CONFIG_FILES([Makefile \ + docs/Makefile \ + docs/examples/Makefile \ + docs/libcurl/Makefile \ + docs/libcurl/opts/Makefile \ + docs/cmdline-opts/Makefile \ + include/Makefile \ + include/curl/Makefile \ + src/Makefile \ + lib/Makefile \ + scripts/Makefile \ + lib/libcurl.vers \ + tests/Makefile \ + tests/certs/Makefile \ + tests/certs/scripts/Makefile \ + tests/data/Makefile \ + tests/server/Makefile \ + tests/libtest/Makefile \ + tests/unit/Makefile \ + packages/Makefile \ + packages/vms/Makefile \ + curl-config \ + libcurl.pc +]) +AC_OUTPUT + +CURL_GENERATE_CONFIGUREHELP_PM + +XC_AMEND_DISTCLEAN([lib src tests/unit tests/server tests/libtest docs/examples]) + +AC_MSG_NOTICE([Configured to build curl/libcurl: + + Host setup: ${host} + Install prefix: ${prefix} + Compiler: ${CC} + CFLAGS: ${CFLAGS} + CPPFLAGS: ${CPPFLAGS} + LDFLAGS: ${LDFLAGS} + LIBS: ${LIBS} + + curl version: ${CURLVERSION} + SSL: ${curl_ssl_msg} + SSH: ${curl_ssh_msg} + zlib: ${curl_zlib_msg} + brotli: ${curl_brotli_msg} + GSS-API: ${curl_gss_msg} + TLS-SRP: ${curl_tls_srp_msg} + resolver: ${curl_res_msg} + IPv6: ${curl_ipv6_msg} + Unix sockets: ${curl_unix_sockets_msg} + IDN: ${curl_idn_msg} + Build libcurl: Shared=${enable_shared}, Static=${enable_static} + Built-in manual: ${curl_manual_msg} + --libcurl option: ${curl_libcurl_msg} + Verbose errors: ${curl_verbose_msg} + Code coverage: ${curl_coverage_msg} + SSPI: ${curl_sspi_msg} + ca cert bundle: ${ca}${ca_warning} + ca cert path: ${capath}${capath_warning} + ca fallback: ${with_ca_fallback} + LDAP: ${curl_ldap_msg} + LDAPS: ${curl_ldaps_msg} + RTSP: ${curl_rtsp_msg} + RTMP: ${curl_rtmp_msg} + Metalink: ${curl_mtlnk_msg} + PSL: ${curl_psl_msg} + Alt-svc: ${curl_altsvc_msg} + HTTP2: ${curl_h2_msg} + HTTP3: ${curl_h3_msg} + ESNI: ${curl_esni_msg} + Protocols: ${SUPPORT_PROTOCOLS} + Features: ${SUPPORT_FEATURES} +]) +if test -n "$experimental"; then + cat >&2 << _EOF + WARNING: $experimental enabled but marked EXPERIMENTAL. Use with caution! +_EOF +fi diff --git a/extern/curl/curl-config.in b/extern/curl/curl-config.in new file mode 100644 index 0000000000..0a7e0353fa --- /dev/null +++ b/extern/curl/curl-config.in @@ -0,0 +1,194 @@ +#! /bin/sh +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 2001 - 2018, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +includedir=@includedir@ +cppflag_curl_staticlib=@CPPFLAG_CURL_STATICLIB@ + +usage() +{ + cat <&2 + exit 1 + fi + ;; + + --configure) + echo @CONFIGURE_OPTIONS@ + ;; + + *) + echo "unknown option: $1" + usage 1 + ;; + esac + shift +done + +exit 0 diff --git a/extern/curl/docs/.gitignore b/extern/curl/docs/.gitignore new file mode 100644 index 0000000000..60f329382c --- /dev/null +++ b/extern/curl/docs/.gitignore @@ -0,0 +1,4 @@ +*.html +*.pdf +curl.1 +*.1.dist diff --git a/extern/curl/docs/ALTSVC.md b/extern/curl/docs/ALTSVC.md new file mode 100644 index 0000000000..6a462bbbc8 --- /dev/null +++ b/extern/curl/docs/ALTSVC.md @@ -0,0 +1,39 @@ +# Alt-Svc + +curl features **EXPERIMENTAL** support for the Alt-Svc: HTTP header. + +## Enable Alt-Svc in build + +`./configure --enable-alt-svc` + +## Standard + +[RFC 7838](https://tools.ietf.org/html/rfc7838) + +# Alt-Svc cache file format + +This a text based file with one line per entry and each line consists of nine +space separated fields. + +## Example + + h2 quic.tech 8443 h3-22 quic.tech 8443 "20190808 06:18:37" 0 0 + +## Fields + +1. The ALPN id for the source origin +2. The host name for the source origin +3. The port number for the source origin +4. The ALPN id for the destination host +5. The host name for the destination host +6. The host number for the destination host +7. The expiration date and time of this entry within double quotes. The date format is "YYYYMMDD HH:MM:SS" and the time zone is GMT. +8. Boolean (1 or 0) if "persist" was set for this entry +9. Integer priority value (not currently used) + +# TODO + +- handle multiple response headers, when one of them says `clear` (should + override them all) +- using `Age:` value for caching age as per spec +- `CURLALTSVC_IMMEDIATELY` support diff --git a/extern/curl/docs/BINDINGS.md b/extern/curl/docs/BINDINGS.md new file mode 100644 index 0000000000..d0e80b8ac6 --- /dev/null +++ b/extern/curl/docs/BINDINGS.md @@ -0,0 +1,127 @@ +libcurl bindings +================ + + Creative people have written bindings or interfaces for various environments + and programming languages. Using one of these allows you to take advantage of + curl powers from within your favourite language or system. + + This is a list of all known interfaces as of this writing. + + The bindings listed below are not part of the curl/libcurl distribution + archives, but must be downloaded and installed separately. + +[Ada95](https://web.archive.org/web/20070403105909/www.almroth.com/adacurl/index.html) Written by Andreas Almroth + +[Basic](http://scriptbasic.com/) ScriptBasic bindings written by Peter Verhas + +C++: [curlpp](http://curlpp.org/) Written by Jean-Philippe Barrette-LaPierre, +[curlcpp](https://github.com/JosephP91/curlcpp) by Giuseppe Persico and [C++ +Requests](https://github.com/whoshuu/cpr) by Huu Nguyen + +[Ch](https://chcurl.sourceforge.io/) Written by Stephen Nestinger and Jonathan Rogado + +Cocoa: [BBHTTP](https://github.com/brunodecarvalho/BBHTTP) written by Bruno de Carvalho +[curlhandle](https://github.com/karelia/curlhandle) Written by Dan Wood + +Clojure: [clj-curl](https://github.com/lsevero/clj-curl) by Lucas Severo + +[D](https://dlang.org/library/std/net/curl.html) Written by Kenneth Bogert + +[Delphi](https://github.com/Mercury13/curl4delphi) Written by Mikhail Merkuryev + +[Dylan](https://dylanlibs.sourceforge.io/) Written by Chris Double + +[Eiffel](https://room.eiffel.com/library/curl) Written by Eiffel Software + +[Euphoria](https://web.archive.org/web/20050204080544/rays-web.com/eulibcurl.htm) Written by Ray Smith + +[Falcon](http://www.falconpl.org/index.ftd?page_id=prjs&prj_id=curl) + +[Ferite](https://web.archive.org/web/20150102192018/ferite.org/) Written by Paul Querna + +[Gambas](https://gambas.sourceforge.io/) + +[glib/GTK+](https://web.archive.org/web/20100526203452/atterer.net/glibcurl) Written by Richard Atterer + +Go: [go-curl](https://github.com/andelf/go-curl) by ShuYu Wang + +[Guile](http://www.lonelycactus.com/guile-curl.html) Written by Michael L. Gran + +[Harbour](https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl) Written by Viktor Szakáts + +[Haskell](https://hackage.haskell.org/cgi-bin/hackage-scripts/package/curl) Written by Galois, Inc + +[Java](https://github.com/pjlegato/curl-java) + +[Julia](https://github.com/forio/Curl.jl) Written by Paul Howe + +[Kapito](https://github.com/puzza007/katipo) is an Erlang HTTP library around libcurl. + +[Lisp](https://common-lisp.net/project/cl-curl/) Written by Liam Healy + +Lua: [luacurl](http://luacurl.luaforge.net/) by Alexander Marinov, [Lua-cURL](https://github.com/Lua-cURL) by Jürgen Hötzel + +[Mono](https://forge.novell.com/modules/xfmod/project/?libcurl-mono) Written by Jeffrey Phillips + +[.NET](https://sourceforge.net/projects/libcurl-net/) libcurl-net by Jeffrey Phillips + +[Nim](https://nimble.directory/pkg/libcurl) wrapper for libcurl + +[node.js](https://github.com/JCMais/node-libcurl) node-libcurl by Jonathan Cardoso Machado + +[Object-Pascal](https://web.archive.org/web/20020610214926/www.tekool.com/opcurl) Free Pascal, Delphi and Kylix binding written by Christophe Espern. + +[OCaml](https://opam.ocaml.org/packages/ocurl/) Written by Lars Nilsson and ygrek + +[Pascal](https://web.archive.org/web/20030804091414/houston.quik.com/jkp/curlpas/) Free Pascal, Delphi and Kylix binding written by Jeffrey Pohlmeyer. + +Perl: [WWW::Curl](https://github.com/szbalint/WWW--Curl) Maintained by Cris +Bailiff and Bálint Szilakszi, +[perl6-net-curl](https://github.com/azawawi/perl6-net-curl) by Ahmad M. Zawawi +[NET::Curl](https://metacpan.org/pod/Net::Curl) by Przemyslaw Iskra + +[PHP](https://php.net/curl) Originally written by Sterling Hughes + +[PostgreSQL](https://github.com/pramsey/pgsql-http) - HTTP client for PostgreSQL + +[PureBasic](https://www.purebasic.com/documentation/http/index.html) uses libcurl in its "native" HTTP subsystem + +[Python](http://pycurl.io/) PycURL by Kjetil Jacobsen + +[R](https://cran.r-project.org/package=curl) + +[Rexx](https://rexxcurl.sourceforge.io/) Written Mark Hessling + +[Ring](https://ring-lang.sourceforge.io/doc1.3/libcurl.html) RingLibCurl by Mahmoud Fayed + +RPG, support for ILE/RPG on OS/400 is included in source distribution + +Ruby: [curb](https://github.com/taf2/curb) written by Ross Bamford + +[Rust](https://github.com/carllerche/curl-rust) curl-rust - by Carl Lerche + +[Scheme](https://www.metapaper.net/lisovsky/web/curl/) Bigloo binding by Kirill Lisovsky + +[Scilab](https://help.scilab.org/docs/current/fr_FR/getURL.html) binding by Sylvestre Ledru + +[S-Lang](https://www.jedsoft.org/slang/modules/curl.html) by John E Davis + +[Smalltalk](http://www.squeaksource.com/CurlPlugin/) Written by Danil Osipchuk + +[SP-Forth](https://sourceforge.net/p/spf/spf/ci/master/tree/devel/~ac/lib/lin/curl/) Written by Andrey Cherezov + +[SPL](http://www.clifford.at/spl/) Written by Clifford Wolf + +[Tcl](https://web.archive.org/web/20160826011806/mirror.yellow5.com/tclcurl/) Tclcurl by Andrés García + +[Visual Basic](https://sourceforge.net/projects/libcurl-vb/) libcurl-vb by Jeffrey Phillips + +[Visual Foxpro](https://web.archive.org/web/20130730181523/www.ctl32.com.ar/libcurl.asp) by Carlos Alloatti + +[Q](https://q-lang.sourceforge.io/) The libcurl module is part of the default install + +[wxWidgets](https://wxcode.sourceforge.io/components/wxcurl/) Written by Casey O'Donnell + +[XBLite](https://web.archive.org/web/20060426150418/perso.wanadoo.fr/xblite/libraries.html) Written by David Szafranski + +[Xojo](https://github.com/charonn0/RB-libcURL) Written by Andrew Lambert diff --git a/extern/curl/docs/BUG-BOUNTY.md b/extern/curl/docs/BUG-BOUNTY.md new file mode 100644 index 0000000000..8ee9ac62f4 --- /dev/null +++ b/extern/curl/docs/BUG-BOUNTY.md @@ -0,0 +1,106 @@ +# The curl bug bounty + +The curl project runs a bug bounty program in association with +[HackerOne](https://www.hackerone.com) and the [Internet Bug +Bounty](https://internetbugbounty.org). + +# How does it work? + +Start out by posting your suspected security vulnerability directly to [curl's +HackerOne program](https://hackerone.com/curl). + +After you have reported a security issue, it has been deemed credible, and a +patch and advisory has been made public, you may be eligible for a bounty from +this program. + +See all details at [https://hackerone.com/curl](https://hackerone.com/curl) + +This bounty is relying on funds from sponsors. If you use curl professionally, +consider help funding this! See +[https://opencollective.com/curl](https://opencollective.com/curl) for +details. + +# What are the reward amounts? + +The curl projects offer monetary compensation for reported and published +security vulnerabilities. The amount of money that is rewarded depends on how +serious the flaw is determined to be. + +We offer reward money *up to* a certain amount per severity. The curl security +team determines the severity of each reported flaw on a case by case basis and +the exact amount rewarded to the reporter is then decided. + +Check out the current award amounts at [https://hackerone.com/curl](https://hackerone.com/curl) + +# Who is eligible for a reward? + +Everyone and anyone who reports a security problem in a released curl version +that hasn't already been reported can ask for a bounty. + +Vulnerabilities in features that are off by default and documented as +experimental are not eligible for a reward. + +The vulnerability has to be fixed and publicly announced (by the curl project) +before a bug bounty will be considered. + +Bounties need to be requested within twelve months from the publication of the +vulnerability. + +The vulnerabilities must not have been made public before February 1st, 2019. +We do not retroactively pay for old, already known, or published security +problems. + +# Product vulnerabilities only + +This bug bounty only concerns the curl and libcurl products and thus their +respective source codes - when running on existing hardware. It does not +include documentation, websites, or other infrastructure. + +The curl security team will be the sole arbiter if a reported flaw can be +subject to a bounty or not. + +# How are vulnerabilities graded? + +The grading of each reported vulnerability that makes a reward claim will be +performed by the curl security team. The grading will be based on the CVSS +(Common Vulnerability Scoring System) 3.0. + +# How are reward amounts determined? + +The curl security team first gives the vulnerability a score, as mentioned +above, and based on that level we set an amount depending on the specifics of +the individual case. Other sponsors of the program might also get involved and +can raise the amounts depending on the particular issue. + +# What happens if the bounty fund is drained? + +The bounty fund depends on sponsors. If we pay out more bounties than we add, +the fund will eventually drain. If that end up happening, we will simply not +be able to pay out as high bounties as we would like and hope that we can +convince new sponsors to help us top up the fund again. + +# Regarding taxes, etc. on the bounties + +In the event that the individual receiving a curl bug bounty needs to pay +taxes on the reward money, the responsibility lies with the receiver. The +curl project or its security team never actually receive any of this money, +hold the money, or pay out the money. + +## Bonus levels + +In cooperation with [Dropbox](https://www.dropbox.com) the curl bug bounty can +offer the highest levels of rewards if the issue covers one of the interest +areas of theirs - and only if the bug is graded *high* or *critical*. A +non-exhaustive list of vulnerabilities Dropbox is interested in are: + + - RCE + - URL parsing vulnerabilities with demonstrable security impact + +Dropbox would generally hand out rewards for critical vulnerabilities ranging +from 12k-32k USD where RCE is on the upper end of the spectrum. + +URL parsing vulnerabilities with demonstrable security impact might include +incorrectly determining the authority of a URL when a special character is +inserted into the path of the URL (as a hypothetical). This type of +vulnerability would likely yield 6k-12k unless further impact could be +demonstrated. diff --git a/extern/curl/docs/BUGS b/extern/curl/docs/BUGS new file mode 100644 index 0000000000..480e0caecd --- /dev/null +++ b/extern/curl/docs/BUGS @@ -0,0 +1,302 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +BUGS + + 1. Bugs + 1.1 There are still bugs + 1.2 Where to report + 1.3 Security bugs + 1.4 What to report + 1.5 libcurl problems + 1.6 Who will fix the problems + 1.7 How to get a stack trace + 1.8 Bugs in libcurl bindings + 1.9 Bugs in old versions + + 2. Bug fixing procedure + 2.1 What happens on first filing + 2.2 First response + 2.3 Not reproducible + 2.4 Unresponsive + 2.5 Lack of time/interest + 2.6 KNOWN_BUGS + 2.7 TODO + 2.8 Closing off stalled bugs + +============================================================================== + +1.1 There are still bugs + + Curl and libcurl keep being developed. Adding features and changing code + means that bugs will sneak in, no matter how hard we try not to. + + Of course there are lots of bugs left. And lots of misfeatures. + + To help us make curl the stable and solid product we want it to be, we need + bug reports and bug fixes. + +1.2 Where to report + + If you can't fix a bug yourself and submit a fix for it, try to report an as + detailed report as possible to a curl mailing list to allow one of us to + have a go at a solution. You can optionally also post your bug/problem at + curl's bug tracking system over at + + https://github.com/curl/curl/issues + + Please read the rest of this document below first before doing that! + + If you feel you need to ask around first, find a suitable mailing list and + post there. The lists are available on https://curl.haxx.se/mail/ + +1.3 Security bugs + + If you find a bug or problem in curl or libcurl that you think has a + security impact, for example a bug that can put users in danger or make them + vulnerable if the bug becomes public knowledge, then please report that bug + using our security development process. + + Security related bugs or bugs that are suspected to have a security impact, + should be reported on the curl security tracker at HackerOne: + + https://hackerone.com/curl + + This ensures that the report reaches the curl security team so that they + first can be deal with the report away from the public to minimize the harm + and impact it will have on existing users out there who might be using the + vulnerable versions. + + The curl project's process for handling security related issues is + documented here: + + https://curl.haxx.se/dev/secprocess.html + +1.4 What to report + + When reporting a bug, you should include all information that will help us + understand what's wrong, what you expected to happen and how to repeat the + bad behavior. You therefore need to tell us: + + - your operating system's name and version number + + - what version of curl you're using (curl -V is fine) + + - versions of the used libraries that libcurl is built to use + + - what URL you were working with (if possible), at least which protocol + + and anything and everything else you think matters. Tell us what you + expected to happen, tell use what did happen, tell us how you could make it + work another way. Dig around, try out, test. Then include all the tiny bits + and pieces in your report. You will benefit from this yourself, as it will + enable us to help you quicker and more accurately. + + Since curl deals with networks, it often helps us if you include a protocol + debug dump with your bug report. The output you get by using the -v or + --trace options. + + If curl crashed, causing a core dump (in unix), there is hardly any use to + send that huge file to anyone of us. Unless we have an exact same system + setup as you, we can't do much with it. Instead we ask you to get a stack + trace and send that (much smaller) output to us instead! + + The address and how to subscribe to the mailing lists are detailed in the + MANUAL file. + +1.5 libcurl problems + + When you've written your own application with libcurl to perform transfers, + it is even more important to be specific and detailed when reporting bugs. + + Tell us the libcurl version and your operating system. Tell us the name and + version of all relevant sub-components like for example the SSL library + you're using and what name resolving your libcurl uses. If you use SFTP or + SCP, the libssh2 version is relevant etc. + + Showing us a real source code example repeating your problem is the best way + to get our attention and it will greatly increase our chances to understand + your problem and to work on a fix (if we agree it truly is a problem). + + Lots of problems that appear to be libcurl problems are actually just abuses + of the libcurl API or other malfunctions in your applications. It is advised + that you run your problematic program using a memory debug tool like + valgrind or similar before you post memory-related or "crashing" problems to + us. + +1.6 Who will fix the problems + + If the problems or bugs you describe are considered to be bugs, we want to + have the problems fixed. + + There are no developers in the curl project that are paid to work on bugs. + All developers that take on reported bugs do this on a voluntary basis. We + do it out of an ambition to keep curl and libcurl excellent products and out + of pride. + + But please do not assume that you can just lump over something to us and it + will then magically be fixed after some given time. Most often we need + feedback and help to understand what you've experienced and how to repeat a + problem. Then we may only be able to assist YOU to debug the problem and to + track down the proper fix. + + We get reports from many people every month and each report can take a + considerable amount of time to really go to the bottom with. + +1.7 How to get a stack trace + + First, you must make sure that you compile all sources with -g and that you + don't 'strip' the final executable. Try to avoid optimizing the code as + well, remove -O, -O2 etc from the compiler options. + + Run the program until it cores. + + Run your debugger on the core file, like ' curl core'. + should be replaced with the name of your debugger, in most cases that will + be 'gdb', but 'dbx' and others also occur. + + When the debugger has finished loading the core file and presents you a + prompt, enter 'where' (without the quotes) and press return. + + The list that is presented is the stack trace. If everything worked, it is + supposed to contain the chain of functions that were called when curl + crashed. Include the stack trace with your detailed bug report. It'll help a + lot. + +1.8 Bugs in libcurl bindings + + There will of course pop up bugs in libcurl bindings. You should then + primarily approach the team that works on that particular binding and see + what you can do to help them fix the problem. + + If you suspect that the problem exists in the underlying libcurl, then + please convert your program over to plain C and follow the steps outlined + above. + +1.9 Bugs in old versions + + The curl project typically releases new versions every other month, and we + fix several hundred bugs per year. For a huge table of releases, number of + bug fixes and more, see: https://curl.haxx.se/docs/releases.html + + The developers in the curl project do not have bandwidth or energy enough to + maintain several branches or to spend much time on hunting down problems in + old versions when chances are we already fixed them or at least that they've + changed nature and appearance in later versions. + + When you experience a problem and want to report it, you really SHOULD + include the version number of the curl you're using when you experience the + issue. If that version number shows us that you're using an out-of-date + curl, you should also try out a modern curl version to see if the problem + persists or how/if it has changed in appearance. + + Even if you cannot immediately upgrade your application/system to run the + latest curl version, you can most often at least run a test version or + experimental build or similar, to get this confirmed or not. + + At times people insist that they cannot upgrade to a modern curl version, + but instead they "just want the bug fixed". That's fine, just don't count on + us spending many cycles on trying to identify which single commit, if that's + even possible, that at some point in the past fixed the problem you're now + experiencing. + + Security wise, it is almost always a bad idea to lag behind the current curl + versions by a lot. We keeping discovering and reporting security problems + over time see you can see in this table: + https://curl.haxx.se/docs/vulnerabilities.html + +2. Bug fixing procedure + +2.1 What happens on first filing + + When a new issue is posted in the issue tracker or on the mailing list, the + team of developers first need to see the report. Maybe they took the day + off, maybe they're off in the woods hunting. Have patience. Allow at least a + few days before expecting someone to have responded. + + In the issue tracker you can expect that some labels will be set on the + issue to help categorize it. + +2.2 First response + + If your issue/bug report wasn't perfect at once (and few are), chances are + that someone will ask follow-up questions. Which version did you use? Which + options did you use? How often does the problem occur? How can we reproduce + this problem? Which protocols does it involve? Or perhaps much more specific + and deep diving questions. It all depends on your specific issue. + + You should then respond to these follow-up questions and provide more info + about the problem, so that we can help you figure it out. Or maybe you can + help us figure it out. An active back-and-forth communication is important + and the key for finding a cure and landing a fix. + +2.3 Not reproducible + + For problems that we can't reproduce and can't understand even after having + gotten all the info we need and having studied the source code over again, + are really hard to solve so then we may require further work from you who + actually see or experience the problem. + +2.4 Unresponsive + + If the problem haven't been understood or reproduced, and there's nobody + responding to follow-up questions or questions asking for clarifications or + for discussing possible ways to move forward with the task, we take that as + a strong suggestion that the bug is not important. + + Unimportant issues will be closed as inactive sooner or later as they can't + be fixed. The inactivity period (waiting for responses) should not be + shorter than two weeks but may extend months. + +2.5 Lack of time/interest + + Bugs that are filed and are understood can unfortunately end up in the + "nobody cares enough about it to work on it" category. Such bugs are + perfectly valid problems that *should* get fixed but apparently aren't. We + try to mark such bugs as "KNOWN_BUGS material" after a time of inactivity + and if no activity is noticed after yet some time those bugs are added to + KNOWN_BUGS and are closed in the issue tracker. + +2.6 KNOWN_BUGS + + This is a list of known bugs. Bugs we know exist and that have been pointed + out but that haven't yet been fixed. The reasons for why they haven't been + fixed can involve anything really, but the primary reason is that nobody has + considered these problems to be important enough to spend the necessary time + and effort to have them fixed. + + The KNOWN_BUGS are always up for grabs and we will always love the ones who + bring one of them back to live and offers solutions to them. + + The KNOWN_BUGS document has a sibling document known as TODO. + +2.7 TODO + + Issues that are filed or reported that aren't really bugs but more missing + features or ideas for future improvements and so on are marked as + 'enhancement' or 'feature-request' and will be added to the TODO document + instead and the issue is closed. We don't keep TODO items in the issue + tracker. + + The TODO document is full of ideas and suggestions of what we can add or fix + one day. You're always encouraged and free to grab one of those items and + take up a discussion with the curl development team on how that could be + implemented or provided in the project so that you can work on ticking it + odd that document. + + If the issue is rather a bug and not a missing feature or functionality, it + is listed in KNOWN_BUGS instead. + +2.8 Closing off stalled bugs + + The issue and pull request trackers on https://github.com/curl/curl will + only hold "active" entries (using a non-precise definition of what active + actually is, but they're at least not completely dead). Those that are + abandoned or in other ways dormant will be closed and sometimes added to + TODO and KNOWN_BUGS instead. + + This way, we only have "active" issues open on github. Irrelevant issues and + pull requests will not distract developers or casual visitors. diff --git a/extern/curl/docs/CHECKSRC.md b/extern/curl/docs/CHECKSRC.md new file mode 100644 index 0000000000..10e2f4d737 --- /dev/null +++ b/extern/curl/docs/CHECKSRC.md @@ -0,0 +1,162 @@ +# checksrc + +This is the tool we use within the curl project to scan C source code and +check that it adheres to our [Source Code Style guide](CODE_STYLE.md). + +## Usage + + checksrc.pl [options] [file1] [file2] ... + +## Command line options + +`-W[file]` whitelists that file and excludes it from being checked. Helpful +when, for example, one of the files is generated. + +`-D[dir]` directory name to prepend to file names when accessing them. + +`-h` shows the help output, that also lists all recognized warnings + +## What does checksrc warn for? + +checksrc does not check and verify the code against the entire style guide, +but the script is instead an effort to detect the most common mistakes and +syntax mistakes that contributors make before they get accustomed to our code +style. Heck, many of us regulars do the mistakes too and this script helps us +keep the code in shape. + + checksrc.pl -h + +Lists how to use the script and it lists all existing warnings it has and +problems it detects. At the time of this writing, the existing checksrc +warnings are: + +- `ASSIGNWITHINCONDITION`: Assignment within a conditional expression. The + code style mandates the assignment to be done outside of it. + +- `ASTERISKNOSPACE`: A pointer was declared like `char* name` instead of the more + appropriate `char *name` style. The asterisk should sit next to the name. + +- `ASTERISKSPACE`: A pointer was declared like `char * name` instead of the + more appropriate `char *name` style. The asterisk should sit right next to + the name without a space in between. + +- `BADCOMMAND`: There's a bad !checksrc! instruction in the code. See the + **Ignore certain warnings** section below for details. + +- `BANNEDFUNC`: A banned function was used. The functions sprintf, vsprintf, + strcat, strncat, gets are **never** allowed in curl source code. + +- `BRACEELSE`: '} else' on the same line. The else is supposed to be on the + following line. + +- `BRACEPOS`: wrong position for an open brace (`{`). + +- `COMMANOSPACE`: a comma without following space + +- `COPYRIGHT`: the file is missing a copyright statement! + +- `CPPCOMMENTS`: `//` comment detected, that's not C89 compliant + +- `FOPENMODE`: `fopen()` needs a macro for the mode string, use it + +- `INDENTATION`: detected a wrong start column for code. Note that this + warning only checks some specific places and will certainly miss many bad + indentations. + +- `LONGLINE`: A line is longer than 79 columns. + +- `MULTISPACE`: Multiple spaces were found where only one should be used. + +- `NOSPACEEQUALS`: An equals sign was found without preceding space. We prefer + `a = 2` and *not* `a=2`. + +- `OPENCOMMENT`: File ended with a comment (`/*`) still "open". + +- `PARENBRACE`: `){` was used without sufficient space in between. + +- `RETURNNOSPACE`: `return` was used without space between the keyword and the + following value. + +- `SEMINOSPACE`: There was no space (or newline) following a semicolon. + +- `SIZEOFNOPAREN`: Found use of sizeof without parentheses. We prefer + `sizeof(int)` style. + +- `SNPRINTF` - Found use of `snprintf()`. Since we use an internal replacement + with a different return code etc, we prefer `msnprintf()`. + +- `SPACEAFTERPAREN`: there was a space after open parenthesis, `( text`. + +- `SPACEBEFORECLOSE`: there was a space before a close parenthesis, `text )`. + +- `SPACEBEFORECOMMA`: there was a space before a comma, `one , two`. + +- `SPACEBEFOREPAREN`: there was a space before an open parenthesis, `if (`, + where one was not expected + +- `SPACESEMICOLON`: there was a space before semicolon, ` ;`. + +- `TABS`: TAB characters are not allowed! + +- `TRAILINGSPACE`: Trailing white space on the line + +- `UNUSEDIGNORE`: a checksrc inlined warning ignore was asked for but not used, + that's an ignore that should be removed or changed to get used. + +### Extended warnings + +Some warnings are quite computationally expensive to perform, so they are +turned off by default. To enable these warnings, place a `.checksrc` file in +the directory where they should be activated with commands to enable the +warnings you are interested in. The format of the file is to enable one +warning per line like so: `enable ` + +Currently there is one extended warning which can be enabled: + +- `COPYRIGHTYEAR`: the current changeset hasn't updated the copyright year in + the source file + +## Ignore certain warnings + +Due to the nature of the source code and the flaws of the checksrc tool, there +is sometimes a need to ignore specific warnings. checksrc allows a few +different ways to do this. + +### Inline ignore + +You can control what to ignore within a specific source file by providing +instructions to checksrc in the source code itself. You need a magic marker +that is `!checksrc!` followed by the instruction. The instruction can ask to +ignore a specific warning N number of times or you ignore all of them until +you mark the end of the ignored section. + +Inline ignores are only done for that single specific source code file. + +Example + + /* !checksrc! disable LONGLINE all */ + +This will ignore the warning for overly long lines until it is re-enabled with: + + /* !checksrc! enable LONGLINE */ + +If the enabling isn't performed before the end of the file, it will be enabled +automatically for the next file. + +You can also opt to ignore just N violations so that if you have a single long +line you just can't shorten and is agreed to be fine anyway: + + /* !checksrc! disable LONGLINE 1 */ + +... and the warning for long lines will be enabled again automatically after +it has ignored that single warning. The number `1` can of course be changed to +any other integer number. It can be used to make sure only the exact intended +instances are ignored and nothing extra. + +### Directory wide ignore patterns + +This is a method we've transitioned away from. Use inline ignores as far as +possible. + +Make a `checksrc.whitelist` file in the directory of the source code with the +false positive, and include the full offending line into this file. diff --git a/extern/curl/docs/CIPHERS.md b/extern/curl/docs/CIPHERS.md new file mode 100644 index 0000000000..19aedf36fc --- /dev/null +++ b/extern/curl/docs/CIPHERS.md @@ -0,0 +1,516 @@ +# Ciphers + +With curl's options +[`CURLOPT_SSL_CIPHER_LIST`](https://curl.haxx.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html) +and +[`--ciphers`](https://curl.haxx.se/docs/manpage.html#--ciphers) +users can control which ciphers to consider when negotiating TLS connections. + +TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+ with options +[`CURLOPT_TLS13_CIPHERS`](https://curl.haxx.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html) +and +[`--tls13-ciphers`](https://curl.haxx.se/docs/manpage.html#--tls13-ciphers) +. If you are using a different SSL backend you can try setting TLS 1.3 cipher +suites by using the respective regular cipher option. + +The names of the known ciphers differ depending on which TLS backend that +libcurl was built to use. This is an attempt to list known cipher names. + +## OpenSSL + +(based on [OpenSSL docs](https://www.openssl.org/docs/man1.1.0/apps/ciphers.html)) + +When specifying multiple cipher names, separate them with colon (`:`). + +### SSL3 cipher suites + +`NULL-MD5` +`NULL-SHA` +`RC4-MD5` +`RC4-SHA` +`IDEA-CBC-SHA` +`DES-CBC3-SHA` +`DH-DSS-DES-CBC3-SHA` +`DH-RSA-DES-CBC3-SHA` +`DHE-DSS-DES-CBC3-SHA` +`DHE-RSA-DES-CBC3-SHA` +`ADH-RC4-MD5` +`ADH-DES-CBC3-SHA` + +### TLS v1.0 cipher suites + +`NULL-MD5` +`NULL-SHA` +`RC4-MD5` +`RC4-SHA` +`IDEA-CBC-SHA` +`DES-CBC3-SHA` +`DHE-DSS-DES-CBC3-SHA` +`DHE-RSA-DES-CBC3-SHA` +`ADH-RC4-MD5` +`ADH-DES-CBC3-SHA` + +### AES ciphersuites from RFC3268, extending TLS v1.0 + +`AES128-SHA` +`AES256-SHA` +`DH-DSS-AES128-SHA` +`DH-DSS-AES256-SHA` +`DH-RSA-AES128-SHA` +`DH-RSA-AES256-SHA` +`DHE-DSS-AES128-SHA` +`DHE-DSS-AES256-SHA` +`DHE-RSA-AES128-SHA` +`DHE-RSA-AES256-SHA` +`ADH-AES128-SHA` +`ADH-AES256-SHA` + +### SEED ciphersuites from RFC4162, extending TLS v1.0 + +`SEED-SHA` +`DH-DSS-SEED-SHA` +`DH-RSA-SEED-SHA` +`DHE-DSS-SEED-SHA` +`DHE-RSA-SEED-SHA` +`ADH-SEED-SHA` + +### GOST ciphersuites, extending TLS v1.0 + +`GOST94-GOST89-GOST89` +`GOST2001-GOST89-GOST89` +`GOST94-NULL-GOST94` +`GOST2001-NULL-GOST94` + +### Elliptic curve cipher suites + +`ECDHE-RSA-NULL-SHA` +`ECDHE-RSA-RC4-SHA` +`ECDHE-RSA-DES-CBC3-SHA` +`ECDHE-RSA-AES128-SHA` +`ECDHE-RSA-AES256-SHA` +`ECDHE-ECDSA-NULL-SHA` +`ECDHE-ECDSA-RC4-SHA` +`ECDHE-ECDSA-DES-CBC3-SHA` +`ECDHE-ECDSA-AES128-SHA` +`ECDHE-ECDSA-AES256-SHA` +`AECDH-NULL-SHA` +`AECDH-RC4-SHA` +`AECDH-DES-CBC3-SHA` +`AECDH-AES128-SHA` +`AECDH-AES256-SHA` + +### TLS v1.2 cipher suites + +`NULL-SHA256` +`AES128-SHA256` +`AES256-SHA256` +`AES128-GCM-SHA256` +`AES256-GCM-SHA384` +`DH-RSA-AES128-SHA256` +`DH-RSA-AES256-SHA256` +`DH-RSA-AES128-GCM-SHA256` +`DH-RSA-AES256-GCM-SHA384` +`DH-DSS-AES128-SHA256` +`DH-DSS-AES256-SHA256` +`DH-DSS-AES128-GCM-SHA256` +`DH-DSS-AES256-GCM-SHA384` +`DHE-RSA-AES128-SHA256` +`DHE-RSA-AES256-SHA256` +`DHE-RSA-AES128-GCM-SHA256` +`DHE-RSA-AES256-GCM-SHA384` +`DHE-DSS-AES128-SHA256` +`DHE-DSS-AES256-SHA256` +`DHE-DSS-AES128-GCM-SHA256` +`DHE-DSS-AES256-GCM-SHA384` +`ECDHE-RSA-AES128-SHA256` +`ECDHE-RSA-AES256-SHA384` +`ECDHE-RSA-AES128-GCM-SHA256` +`ECDHE-RSA-AES256-GCM-SHA384` +`ECDHE-ECDSA-AES128-SHA256` +`ECDHE-ECDSA-AES256-SHA384` +`ECDHE-ECDSA-AES128-GCM-SHA256` +`ECDHE-ECDSA-AES256-GCM-SHA384` +`ADH-AES128-SHA256` +`ADH-AES256-SHA256` +`ADH-AES128-GCM-SHA256` +`ADH-AES256-GCM-SHA384` +`AES128-CCM` +`AES256-CCM` +`DHE-RSA-AES128-CCM` +`DHE-RSA-AES256-CCM` +`AES128-CCM8` +`AES256-CCM8` +`DHE-RSA-AES128-CCM8` +`DHE-RSA-AES256-CCM8` +`ECDHE-ECDSA-AES128-CCM` +`ECDHE-ECDSA-AES256-CCM` +`ECDHE-ECDSA-AES128-CCM8` +`ECDHE-ECDSA-AES256-CCM8` + +### Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2 + +`ECDHE-ECDSA-CAMELLIA128-SHA256` +`ECDHE-ECDSA-CAMELLIA256-SHA384` +`ECDHE-RSA-CAMELLIA128-SHA256` +`ECDHE-RSA-CAMELLIA256-SHA384` + +### TLS 1.3 cipher suites + +(Note these ciphers are set with `CURLOPT_TLS13_CIPHERS` and `--tls13-ciphers`) + +`TLS_AES_256_GCM_SHA384` +`TLS_CHACHA20_POLY1305_SHA256` +`TLS_AES_128_GCM_SHA256` +`TLS_AES_128_CCM_8_SHA256` +`TLS_AES_128_CCM_SHA256` + +## NSS + +### Totally insecure + +`rc4` +`rc4-md5` +`rc4export` +`rc2` +`rc2export` +`des` +`desede3` + +### SSL3/TLS cipher suites + +`rsa_rc4_128_md5` +`rsa_rc4_128_sha` +`rsa_3des_sha` +`rsa_des_sha` +`rsa_rc4_40_md5` +`rsa_rc2_40_md5` +`rsa_null_md5` +`rsa_null_sha` +`fips_3des_sha` +`fips_des_sha` +`fortezza` +`fortezza_rc4_128_sha` +`fortezza_null` + +### TLS 1.0 Exportable 56-bit Cipher Suites + +`rsa_des_56_sha` +`rsa_rc4_56_sha` + +### AES ciphers + +`dhe_dss_aes_128_cbc_sha` +`dhe_dss_aes_256_cbc_sha` +`dhe_rsa_aes_128_cbc_sha` +`dhe_rsa_aes_256_cbc_sha` +`rsa_aes_128_sha` +`rsa_aes_256_sha` + +### ECC ciphers + +`ecdh_ecdsa_null_sha` +`ecdh_ecdsa_rc4_128_sha` +`ecdh_ecdsa_3des_sha` +`ecdh_ecdsa_aes_128_sha` +`ecdh_ecdsa_aes_256_sha` +`ecdhe_ecdsa_null_sha` +`ecdhe_ecdsa_rc4_128_sha` +`ecdhe_ecdsa_3des_sha` +`ecdhe_ecdsa_aes_128_sha` +`ecdhe_ecdsa_aes_256_sha` +`ecdh_rsa_null_sha` +`ecdh_rsa_128_sha` +`ecdh_rsa_3des_sha` +`ecdh_rsa_aes_128_sha` +`ecdh_rsa_aes_256_sha` +`ecdhe_rsa_null` +`ecdhe_rsa_rc4_128_sha` +`ecdhe_rsa_3des_sha` +`ecdhe_rsa_aes_128_sha` +`ecdhe_rsa_aes_256_sha` +`ecdh_anon_null_sha` +`ecdh_anon_rc4_128sha` +`ecdh_anon_3des_sha` +`ecdh_anon_aes_128_sha` +`ecdh_anon_aes_256_sha` + +### HMAC-SHA256 cipher suites + +`rsa_null_sha_256` +`rsa_aes_128_cbc_sha_256` +`rsa_aes_256_cbc_sha_256` +`dhe_rsa_aes_128_cbc_sha_256` +`dhe_rsa_aes_256_cbc_sha_256` +`ecdhe_ecdsa_aes_128_cbc_sha_256` +`ecdhe_rsa_aes_128_cbc_sha_256` + +### AES GCM cipher suites in RFC 5288 and RFC 5289 + +`rsa_aes_128_gcm_sha_256` +`dhe_rsa_aes_128_gcm_sha_256` +`dhe_dss_aes_128_gcm_sha_256` +`ecdhe_ecdsa_aes_128_gcm_sha_256` +`ecdh_ecdsa_aes_128_gcm_sha_256` +`ecdhe_rsa_aes_128_gcm_sha_256` +`ecdh_rsa_aes_128_gcm_sha_256` + +### cipher suites using SHA384 + +`rsa_aes_256_gcm_sha_384` +`dhe_rsa_aes_256_gcm_sha_384` +`dhe_dss_aes_256_gcm_sha_384` +`ecdhe_ecdsa_aes_256_sha_384` +`ecdhe_rsa_aes_256_sha_384` +`ecdhe_ecdsa_aes_256_gcm_sha_384` +`ecdhe_rsa_aes_256_gcm_sha_384` + +### chacha20-poly1305 cipher suites + +`ecdhe_rsa_chacha20_poly1305_sha_256` +`ecdhe_ecdsa_chacha20_poly1305_sha_256` +`dhe_rsa_chacha20_poly1305_sha_256` + +### TLS 1.3 cipher suites + +`aes_128_gcm_sha_256` +`aes_256_gcm_sha_384` +`chacha20_poly1305_sha_256` + +## GSKit + +Ciphers are internally defined as +[numeric codes](https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/apis/gsk_attribute_set_buffer.htm), +but libcurl maps them to the following case-insensitive names. + +### SSL2 cipher suites (insecure: disabled by default) + +`rc2-md5` +`rc4-md5` +`exp-rc2-md5` +`exp-rc4-md5` +`des-cbc-md5` +`des-cbc3-md5` + +### SSL3 cipher suites + +`null-md5` +`null-sha` +`rc4-md5` +`rc4-sha` +`exp-rc2-cbc-md5` +`exp-rc4-md5` +`exp-des-cbc-sha` +`des-cbc3-sha` + +### TLS v1.0 cipher suites + +`null-md5` +`null-sha` +`rc4-md5` +`rc4-sha` +`exp-rc2-cbc-md5` +`exp-rc4-md5` +`exp-des-cbc-sha` +`des-cbc3-sha` +`aes128-sha` +`aes256-sha` + +### TLS v1.1 cipher suites + +`null-md5` +`null-sha` +`rc4-md5` +`rc4-sha` +`exp-des-cbc-sha` +`des-cbc3-sha` +`aes128-sha` +`aes256-sha` + +### TLS v1.2 cipher suites + +`null-md5` +`null-sha` +`null-sha256` +`rc4-md5` +`rc4-sha` +`des-cbc3-sha` +`aes128-sha` +`aes256-sha` +`aes128-sha256` +`aes256-sha256` +`aes128-gcm-sha256` +`aes256-gcm-sha384` + +## WolfSSL + +`RC4-SHA`, +`RC4-MD5`, +`DES-CBC3-SHA`, +`AES128-SHA`, +`AES256-SHA`, +`NULL-SHA`, +`NULL-SHA256`, +`DHE-RSA-AES128-SHA`, +`DHE-RSA-AES256-SHA`, +`DHE-PSK-AES256-GCM-SHA384`, +`DHE-PSK-AES128-GCM-SHA256`, +`PSK-AES256-GCM-SHA384`, +`PSK-AES128-GCM-SHA256`, +`DHE-PSK-AES256-CBC-SHA384`, +`DHE-PSK-AES128-CBC-SHA256`, +`PSK-AES256-CBC-SHA384`, +`PSK-AES128-CBC-SHA256`, +`PSK-AES128-CBC-SHA`, +`PSK-AES256-CBC-SHA`, +`DHE-PSK-AES128-CCM`, +`DHE-PSK-AES256-CCM`, +`PSK-AES128-CCM`, +`PSK-AES256-CCM`, +`PSK-AES128-CCM-8`, +`PSK-AES256-CCM-8`, +`DHE-PSK-NULL-SHA384`, +`DHE-PSK-NULL-SHA256`, +`PSK-NULL-SHA384`, +`PSK-NULL-SHA256`, +`PSK-NULL-SHA`, +`HC128-MD5`, +`HC128-SHA`, +`HC128-B2B256`, +`AES128-B2B256`, +`AES256-B2B256`, +`RABBIT-SHA`, +`NTRU-RC4-SHA`, +`NTRU-DES-CBC3-SHA`, +`NTRU-AES128-SHA`, +`NTRU-AES256-SHA`, +`AES128-CCM-8`, +`AES256-CCM-8`, +`ECDHE-ECDSA-AES128-CCM`, +`ECDHE-ECDSA-AES128-CCM-8`, +`ECDHE-ECDSA-AES256-CCM-8`, +`ECDHE-RSA-AES128-SHA`, +`ECDHE-RSA-AES256-SHA`, +`ECDHE-ECDSA-AES128-SHA`, +`ECDHE-ECDSA-AES256-SHA`, +`ECDHE-RSA-RC4-SHA`, +`ECDHE-RSA-DES-CBC3-SHA`, +`ECDHE-ECDSA-RC4-SHA`, +`ECDHE-ECDSA-DES-CBC3-SHA`, +`AES128-SHA256`, +`AES256-SHA256`, +`DHE-RSA-AES128-SHA256`, +`DHE-RSA-AES256-SHA256`, +`ECDH-RSA-AES128-SHA`, +`ECDH-RSA-AES256-SHA`, +`ECDH-ECDSA-AES128-SHA`, +`ECDH-ECDSA-AES256-SHA`, +`ECDH-RSA-RC4-SHA`, +`ECDH-RSA-DES-CBC3-SHA`, +`ECDH-ECDSA-RC4-SHA`, +`ECDH-ECDSA-DES-CBC3-SHA`, +`AES128-GCM-SHA256`, +`AES256-GCM-SHA384`, +`DHE-RSA-AES128-GCM-SHA256`, +`DHE-RSA-AES256-GCM-SHA384`, +`ECDHE-RSA-AES128-GCM-SHA256`, +`ECDHE-RSA-AES256-GCM-SHA384`, +`ECDHE-ECDSA-AES128-GCM-SHA256`, +`ECDHE-ECDSA-AES256-GCM-SHA384`, +`ECDH-RSA-AES128-GCM-SHA256`, +`ECDH-RSA-AES256-GCM-SHA384`, +`ECDH-ECDSA-AES128-GCM-SHA256`, +`ECDH-ECDSA-AES256-GCM-SHA384`, +`CAMELLIA128-SHA`, +`DHE-RSA-CAMELLIA128-SHA`, +`CAMELLIA256-SHA`, +`DHE-RSA-CAMELLIA256-SHA`, +`CAMELLIA128-SHA256`, +`DHE-RSA-CAMELLIA128-SHA256`, +`CAMELLIA256-SHA256`, +`DHE-RSA-CAMELLIA256-SHA256`, +`ECDHE-RSA-AES128-SHA256`, +`ECDHE-ECDSA-AES128-SHA256`, +`ECDH-RSA-AES128-SHA256`, +`ECDH-ECDSA-AES128-SHA256`, +`ECDHE-RSA-AES256-SHA384`, +`ECDHE-ECDSA-AES256-SHA384`, +`ECDH-RSA-AES256-SHA384`, +`ECDH-ECDSA-AES256-SHA384`, +`ECDHE-RSA-CHACHA20-POLY1305`, +`ECDHE-ECDSA-CHACHA20-POLY1305`, +`DHE-RSA-CHACHA20-POLY1305`, +`ECDHE-RSA-CHACHA20-POLY1305-OLD`, +`ECDHE-ECDSA-CHACHA20-POLY1305-OLD`, +`DHE-RSA-CHACHA20-POLY1305-OLD`, +`ADH-AES128-SHA`, +`QSH`, +`RENEGOTIATION-INFO`, +`IDEA-CBC-SHA`, +`ECDHE-ECDSA-NULL-SHA`, +`ECDHE-PSK-NULL-SHA256`, +`ECDHE-PSK-AES128-CBC-SHA256`, +`PSK-CHACHA20-POLY1305`, +`ECDHE-PSK-CHACHA20-POLY1305`, +`DHE-PSK-CHACHA20-POLY1305`, +`EDH-RSA-DES-CBC3-SHA`, + +## Schannel + +Schannel allows the enabling and disabling of encryption algorithms, but not +specific ciphersuites. They are +[defined](https://docs.microsoft.com/windows/desktop/SecCrypto/alg-id) by +Microsoft. + +There is also the case that the selected algorithm is not supported by the +protocol or does not match the ciphers offered by the server during the SSL +negotiation. In this case curl will return error +`CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH` +and the request will fail. + +`CALG_MD2`, +`CALG_MD4`, +`CALG_MD5`, +`CALG_SHA`, +`CALG_SHA1`, +`CALG_MAC`, +`CALG_RSA_SIGN`, +`CALG_DSS_SIGN`, +`CALG_NO_SIGN`, +`CALG_RSA_KEYX`, +`CALG_DES`, +`CALG_3DES_112`, +`CALG_3DES`, +`CALG_DESX`, +`CALG_RC2`, +`CALG_RC4`, +`CALG_SEAL`, +`CALG_DH_SF`, +`CALG_DH_EPHEM`, +`CALG_AGREEDKEY_ANY`, +`CALG_HUGHES_MD5`, +`CALG_SKIPJACK`, +`CALG_TEK`, +`CALG_CYLINK_MEK`, +`CALG_SSL3_SHAMD5`, +`CALG_SSL3_MASTER`, +`CALG_SCHANNEL_MASTER_HASH`, +`CALG_SCHANNEL_MAC_KEY`, +`CALG_SCHANNEL_ENC_KEY`, +`CALG_PCT1_MASTER`, +`CALG_SSL2_MASTER`, +`CALG_TLS1_MASTER`, +`CALG_RC5`, +`CALG_HMAC`, +`CALG_TLS1PRF`, +`CALG_HASH_REPLACE_OWF`, +`CALG_AES_128`, +`CALG_AES_192`, +`CALG_AES_256`, +`CALG_AES`, +`CALG_SHA_256`, +`CALG_SHA_384`, +`CALG_SHA_512`, +`CALG_ECDH`, +`CALG_ECMQV`, +`CALG_ECDSA`, +`CALG_ECDH_EPHEM`, diff --git a/extern/curl/docs/CMakeLists.txt b/extern/curl/docs/CMakeLists.txt new file mode 100644 index 0000000000..694861725b --- /dev/null +++ b/extern/curl/docs/CMakeLists.txt @@ -0,0 +1,3 @@ +#add_subdirectory(examples) +add_subdirectory(libcurl) +add_subdirectory(cmdline-opts) diff --git a/extern/curl/docs/CODE_OF_CONDUCT.md b/extern/curl/docs/CODE_OF_CONDUCT.md new file mode 100644 index 0000000000..1f71c387bd --- /dev/null +++ b/extern/curl/docs/CODE_OF_CONDUCT.md @@ -0,0 +1,32 @@ +Contributor Code of Conduct +=========================== + +As contributors and maintainers of this project, we pledge to respect all +people who contribute through reporting issues, posting feature requests, +updating documentation, submitting pull requests or patches, and other +activities. + +We are committed to making participation in this project a harassment-free +experience for everyone, regardless of level of experience, gender, gender +identity and expression, sexual orientation, disability, personal appearance, +body size, race, ethnicity, age, or religion. + +Examples of unacceptable behavior by participants include the use of sexual +language or imagery, derogatory comments or personal attacks, trolling, public +or private harassment, insults, or other unprofessional conduct. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct. Project maintainers who do not +follow the Code of Conduct may be removed from the project team. + +This code of conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by opening an issue or contacting one or more of the project +maintainers. + +This Code of Conduct is adapted from the [Contributor +Covenant](https://contributor-covenant.org/), version 1.1.0, available at +[https://contributor-covenant.org/version/1/1/0/](https://contributor-covenant.org/version/1/1/0/) diff --git a/extern/curl/docs/CODE_STYLE.md b/extern/curl/docs/CODE_STYLE.md new file mode 100644 index 0000000000..0ceb5b9ad6 --- /dev/null +++ b/extern/curl/docs/CODE_STYLE.md @@ -0,0 +1,246 @@ +# curl C code style + +Source code that has a common style is easier to read than code that uses +different styles in different places. It helps making the code feel like one +single code base. Easy-to-read is a very important property of code and helps +making it easier to review when new things are added and it helps debugging +code when developers are trying to figure out why things go wrong. A unified +style is more important than individual contributors having their own personal +tastes satisfied. + +Our C code has a few style rules. Most of them are verified and upheld by the +`lib/checksrc.pl` script. Invoked with `make checksrc` or even by default by +the build system when built after `./configure --enable-debug` has been used. + +It is normally not a problem for anyone to follow the guidelines, as you just +need to copy the style already used in the source code and there are no +particularly unusual rules in our set of rules. + +We also work hard on writing code that are warning-free on all the major +platforms and in general on as many platforms as possible. Code that obviously +will cause warnings will not be accepted as-is. + +## Naming + +Try using a non-confusing naming scheme for your new functions and variable +names. It doesn't necessarily have to mean that you should use the same as in +other places of the code, just that the names should be logical, +understandable and be named according to what they're used for. File-local +functions should be made static. We like lower case names. + +See the [INTERNALS](INTERNALS.md) document on how we name non-exported +library-global symbols. + +## Indenting + +We use only spaces for indentation, never TABs. We use two spaces for each new +open brace. + + if(something_is_true) { + while(second_statement == fine) { + moo(); + } + } + +## Comments + +Since we write C89 code, **//** comments are not allowed. They weren't +introduced in the C standard until C99. We use only **/* comments */**. + + /* this is a comment */ + +## Long lines + +Source code in curl may never be wider than 79 columns and there are two +reasons for maintaining this even in the modern era of very large and high +resolution screens: + +1. Narrower columns are easier to read than very wide ones. There's a reason + newspapers have used columns for decades or centuries. + +2. Narrower columns allow developers to easier show multiple pieces of code + next to each other in different windows. I often have two or three source + code windows next to each other on the same screen - as well as multiple + terminal and debugging windows. + +## Braces + +In if/while/do/for expressions, we write the open brace on the same line as +the keyword and we then set the closing brace on the same indentation level as +the initial keyword. Like this: + + if(age < 40) { + /* clearly a youngster */ + } + +You may omit the braces if they would contain only a one-line statement: + + if(!x) + continue; + +For functions the opening brace should be on a separate line: + + int main(int argc, char **argv) + { + return 1; + } + +## 'else' on the following line + +When adding an **else** clause to a conditional expression using braces, we +add it on a new line after the closing brace. Like this: + + if(age < 40) { + /* clearly a youngster */ + } + else { + /* probably grumpy */ + } + +## No space before parentheses + +When writing expressions using if/while/do/for, there shall be no space +between the keyword and the open parenthesis. Like this: + + while(1) { + /* loop forever */ + } + +## Use boolean conditions + +Rather than test a conditional value such as a bool against TRUE or FALSE, a +pointer against NULL or != NULL and an int against zero or not zero in +if/while conditions we prefer: + + result = do_something(); + if(!result) { + /* something went wrong */ + return result; + } + +## No assignments in conditions + +To increase readability and reduce complexity of conditionals, we avoid +assigning variables within if/while conditions. We frown upon this style: + + if((ptr = malloc(100)) == NULL) + return NULL; + +and instead we encourage the above version to be spelled out more clearly: + + ptr = malloc(100); + if(!ptr) + return NULL; + +## New block on a new line + +We never write multiple statements on the same source line, even for very +short if() conditions. + + if(a) + return TRUE; + else if(b) + return FALSE; + +and NEVER: + + if(a) return TRUE; + else if(b) return FALSE; + +## Space around operators + +Please use spaces on both sides of operators in C expressions. Postfix **(), +[], ->, ., ++, --** and Unary **+, - !, ~, &** operators excluded they should +have no space. + +Examples: + + bla = func(); + who = name[0]; + age += 1; + true = !false; + size += -2 + 3 * (a + b); + ptr->member = a++; + struct.field = b--; + ptr = &address; + contents = *pointer; + complement = ~bits; + empty = (!*string) ? TRUE : FALSE; + +## No parentheses for return values + +We use the 'return' statement without extra parentheses around the value: + + int works(void) + { + return TRUE; + } + +## Parentheses for sizeof arguments + +When using the sizeof operator in code, we prefer it to be written with +parentheses around its argument: + + int size = sizeof(int); + +## Column alignment + +Some statements cannot be completed on a single line because the line would be +too long, the statement too hard to read, or due to other style guidelines +above. In such a case the statement will span multiple lines. + +If a continuation line is part of an expression or sub-expression then you +should align on the appropriate column so that it's easy to tell what part of +the statement it is. Operators should not start continuation lines. In other +cases follow the 2-space indent guideline. Here are some examples from +libcurl: + + if(Curl_pipeline_wanted(handle->multi, CURLPIPE_HTTP1) && + (handle->set.httpversion != CURL_HTTP_VERSION_1_0) && + (handle->set.httpreq == HTTPREQ_GET || + handle->set.httpreq == HTTPREQ_HEAD)) + /* didn't ask for HTTP/1.0 and a GET or HEAD */ + return TRUE; + +If no parenthesis, use the default indent: + + data->set.http_disable_hostname_check_before_authentication = + (0 != va_arg(param, long)) ? TRUE : FALSE; + +Function invoke with an open parenthesis: + + if(option) { + result = parse_login_details(option, strlen(option), + (userp ? &user : NULL), + (passwdp ? &passwd : NULL), + NULL); + } + +Align with the "current open" parenthesis: + + DEBUGF(infof(data, "Curl_pp_readresp_ %d bytes of trailing " + "server response left\n", + (int)clipamount)); + +## Platform dependent code + +Use **#ifdef HAVE_FEATURE** to do conditional code. We avoid checking for +particular operating systems or hardware in the #ifdef lines. The HAVE_FEATURE +shall be generated by the configure script for unix-like systems and they are +hard-coded in the `config-[system].h` files for the others. + +We also encourage use of macros/functions that possibly are empty or defined +to constants when libcurl is built without that feature, to make the code +seamless. Like this example where the **magic()** function works differently +depending on a build-time conditional: + + #ifdef HAVE_MAGIC + void magic(int a) + { + return a + 2; + } + #else + #define magic(x) 1 + #endif + + int content = magic(3); diff --git a/extern/curl/docs/CONTRIBUTE.md b/extern/curl/docs/CONTRIBUTE.md new file mode 100644 index 0000000000..978b87d27d --- /dev/null +++ b/extern/curl/docs/CONTRIBUTE.md @@ -0,0 +1,267 @@ +# Contributing to the curl project + +This document is intended to offer guidelines on how to best contribute to the +curl project. This concerns new features as well as corrections to existing +flaws or bugs. + +## Learning curl + +### Join the Community + +Skip over to [https://curl.haxx.se/mail/](https://curl.haxx.se/mail/) and join +the appropriate mailing list(s). Read up on details before you post +questions. Read this file before you start sending patches! We prefer +questions sent to and discussions being held on the mailing list(s), not sent +to individuals. + +Before posting to one of the curl mailing lists, please read up on the +[mailing list etiquette](https://curl.haxx.se/mail/etiquette.html). + +We also hang out on IRC in #curl on irc.freenode.net + +If you're at all interested in the code side of things, consider clicking +'watch' on the [curl repo on github](https://github.com/curl/curl) to be +notified of pull requests and new issues posted there. + +### License and copyright + +When contributing with code, you agree to put your changes and new code under +the same license curl and libcurl is already using unless stated and agreed +otherwise. + +If you add a larger piece of code, you can opt to make that file or set of +files to use a different license as long as they don't enforce any changes to +the rest of the package and they make sense. Such "separate parts" can not be +GPL licensed (as we don't want copyleft to affect users of libcurl) but they +must use "GPL compatible" licenses (as we want to allow users to use libcurl +properly in GPL licensed environments). + +When changing existing source code, you do not alter the copyright of the +original file(s). The copyright will still be owned by the original creator(s) +or those who have been assigned copyright by the original author(s). + +By submitting a patch to the curl project, you are assumed to have the right +to the code and to be allowed by your employer or whatever to hand over that +patch/code to us. We will credit you for your changes as far as possible, to +give credit but also to keep a trace back to who made what changes. Please +always provide us with your full real name when contributing! + +### What To Read + +Source code, the man pages, the [INTERNALS +document](https://curl.haxx.se/dev/internals.html), +[TODO](https://curl.haxx.se/docs/todo.html), +[KNOWN_BUGS](https://curl.haxx.se/docs/knownbugs.html) and the [most recent +changes](https://curl.haxx.se/dev/sourceactivity.html) in git. Just lurking on +the [curl-library mailing +list](https://curl.haxx.se/mail/list.cgi?list=curl-library) will give you a +lot of insights on what's going on right now. Asking there is a good idea too. + +## Write a good patch + +### Follow code style + +When writing C code, follow the +[CODE_STYLE](https://curl.haxx.se/dev/code-style.html) already established in +the project. Consistent style makes code easier to read and mistakes less +likely to happen. Run `make checksrc` before you submit anything, to make sure +you follow the basic style. That script doesn't verify everything, but if it +complains you know you have work to do. + +### Non-clobbering All Over + +When you write new functionality or fix bugs, it is important that you don't +fiddle all over the source files and functions. Remember that it is likely +that other people have done changes in the same source files as you have and +possibly even in the same functions. If you bring completely new +functionality, try writing it in a new source file. If you fix bugs, try to +fix one bug at a time and send them as separate patches. + +### Write Separate Changes + +It is annoying when you get a huge patch from someone that is said to fix 511 +odd problems, but discussions and opinions don't agree with 510 of them - or +509 of them were already fixed in a different way. Then the person merging +this change needs to extract the single interesting patch from somewhere +within the huge pile of source, and that creates a lot of extra work. + +Preferably, each fix that corrects a problem should be in its own patch/commit +with its own description/commit message stating exactly what they correct so +that all changes can be selectively applied by the maintainer or other +interested parties. + +Also, separate changes enable bisecting much better for tracking problems +and regression in the future. + +### Patch Against Recent Sources + +Please try to get the latest available sources to make your patches against. +It makes the lives of the developers so much easier. The very best is if you +get the most up-to-date sources from the git repository, but the latest +release archive is quite OK as well! + +### Documentation + +Writing docs is dead boring and one of the big problems with many open source +projects. But someone's gotta do it! It makes things a lot easier if you +submit a small description of your fix or your new features with every +contribution so that it can be swiftly added to the package documentation. + +The documentation is always made in man pages (nroff formatted) or plain +ASCII files. All HTML files on the web site and in the release archives are +generated from the nroff/ASCII versions. + +### Test Cases + +Since the introduction of the test suite, we can quickly verify that the main +features are working as they're supposed to. To maintain this situation and +improve it, all new features and functions that are added need to be tested +in the test suite. Every feature that is added should get at least one valid +test case that verifies that it works as documented. If every submitter also +posts a few test cases, it won't end up as a heavy burden on a single person! + +If you don't have test cases or perhaps you have done something that is very +hard to write tests for, do explain exactly how you have otherwise tested and +verified your changes. + +## Sharing Your Changes + +### How to get your changes into the main sources + +Ideally you file a [pull request on +github](https://github.com/curl/curl/pulls), but you can also send your plain +patch to [the curl-library mailing +list](https://curl.haxx.se/mail/list.cgi?list=curl-library). + +Either way, your change will be reviewed and discussed there and you will be +expected to correct flaws pointed out and update accordingly, or the change +risks stalling and eventually just getting deleted without action. As a +submitter of a change, you are the owner of that change until it has been merged. + +Respond on the list or on github about the change and answer questions and/or +fix nits/flaws. This is very important. We will take lack of replies as a +sign that you're not very anxious to get your patch accepted and we tend to +simply drop such changes. + +### About pull requests + +With github it is easy to send a [pull +request](https://github.com/curl/curl/pulls) to the curl project to have +changes merged. + +We strongly prefer pull requests to mailed patches, as it makes it a proper +git commit that is easy to merge and they are easy to track and not that easy +to loose in the flood of many emails, like they sometimes do on the mailing +lists. + +Every pull request submitted will automatically be tested in several different +ways. Every pull request is verified for each of the following: + + - ... it still builds, warning-free, on Linux and macOS, with both + clang and gcc + - ... it still builds fine on Windows with several MSVC versions + - ... it still builds with cmake on Linux, with gcc and clang + - ... it follows rudimentary code style rules + - ... the test suite still runs 100% fine + - ... the release tarball (the "dist") still works + - ... it builds fine in-tree as well as out-of-tree + - ... code coverage doesn't shrink drastically + +If the pull-request fails one of these tests, it will show up as a red X and +you are expected to fix the problem. If you don't understand when the issue is +or have other problems to fix the complaint, just ask and other project +members will likely be able to help out. + +When you adjust your pull requests after review, consider squashing the +commits so that we can review the full updated version more easily. + +### Making quality patches + +Make the patch against as recent source versions as possible. + +If you've followed the tips in this document and your patch still hasn't been +incorporated or responded to after some weeks, consider resubmitting it to the +list or better yet: change it to a pull request. + +### Write good commit messages + +A short guide to how to write commit messages in the curl project. + + ---- start ---- + [area]: [short line describing the main effect] + -- empty line -- + [full description, no wider than 72 columns that describe as much as + possible as to why this change is made, and possibly what things + it fixes and everything else that is related] + -- empty line -- + [Closes/Fixes #1234 - if this closes or fixes a github issue] + [Bug: URL to source of the report or more related discussion] + [Reported-by: John Doe - credit the reporter] + [whatever-else-by: credit all helpers, finders, doers] + ---- stop ---- + +Don't forget to use commit --author="" if you commit someone else's work, and +make sure that you have your own user and email setup correctly in git before +you commit + +### Write Access to git Repository + +If you are a very frequent contributor, you may be given push access to the +git repository and then you'll be able to push your changes straight into the +git repo instead of sending changes as pull requests or by mail as patches. + +Just ask if this is what you'd want. You will be required to have posted +several high quality patches first, before you can be granted push access. + +### How To Make a Patch with git + +You need to first checkout the repository: + + git clone https://github.com/curl/curl.git + +You then proceed and edit all the files you like and you commit them to your +local repository: + + git commit [file] + +As usual, group your commits so that you commit all changes at once that +constitute a logical change. + +Once you have done all your commits and you're happy with what you see, you +can make patches out of your changes that are suitable for mailing: + + git format-patch remotes/origin/master + +This creates files in your local directory named NNNN-[name].patch for each +commit. + +Now send those patches off to the curl-library list. You can of course opt to +do that with the 'git send-email' command. + +### How To Make a Patch without git + +Keep a copy of the unmodified curl sources. Make your changes in a separate +source tree. When you think you have something that you want to offer the +curl community, use GNU diff to generate patches. + +If you have modified a single file, try something like: + + diff -u unmodified-file.c my-changed-one.c > my-fixes.diff + +If you have modified several files, possibly in different directories, you +can use diff recursively: + + diff -ur curl-original-dir curl-modified-sources-dir > my-fixes.diff + +The GNU diff and GNU patch tools exist for virtually all platforms, including +all kinds of Unixes and Windows: + +For unix-like operating systems: + + - [https://savannah.gnu.org/projects/patch/](https://savannah.gnu.org/projects/patch/) + - [https://www.gnu.org/software/diffutils/](https://www.gnu.org/software/diffutils/) + +For Windows: + + - [https://gnuwin32.sourceforge.io/packages/patch.htm](https://gnuwin32.sourceforge.io/packages/patch.htm) + - [https://gnuwin32.sourceforge.io/packages/diffutils.htm](https://gnuwin32.sourceforge.io/packages/diffutils.htm) diff --git a/extern/curl/docs/CURL-DISABLE.md b/extern/curl/docs/CURL-DISABLE.md new file mode 100644 index 0000000000..83436b473d --- /dev/null +++ b/extern/curl/docs/CURL-DISABLE.md @@ -0,0 +1,110 @@ +# Code defines to disable features and protocols + +## CURL_DISABLE_COOKIES + +Disable support for HTTP cookies. + +## CURL_DISABLE_CRYPTO_AUTH + +Disable support for authentication methods using crypto. + +## CURL_DISABLE_DICT + +Disable the DICT protocol + +## CURL_DISABLE_DOH + +Disable DNS-over-HTTPS + +## CURL_DISABLE_FILE + +Disable the FILE protocol + +## CURL_DISABLE_FTP + +Disable the FTP (and FTPS) protocol + +## CURL_DISABLE_GOPHER + +Disable the GOPHER protocol. + +## CURL_DISABLE_HTTP + +Disable the HTTP(S) protocols. Note that this then also disable HTTP proxy +support. + +## CURL_DISABLE_HTTP_AUTH + +Disable support for all HTTP authentication methods. + +## CURL_DISABLE_IMAP + +Disable the IMAP(S) protocols. + +## CURL_DISABLE_LDAP + +Disable the LDAP(S) protocols. + +## CURL_DISABLE_LDAPS + +Disable the LDAPS protocol. + +## CURL_DISABLE_LIBCURL_OPTION + +Disable the --libcurl option from the curl tool. + +## CURL_DISABLE_MIME + +Disable MIME support. + +## CURL_DISABLE_NETRC + +Disable the netrc parser. + +## CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG + +Disable the auto load config support in the OpenSSL backend. + +## CURL_DISABLE_PARSEDATE + +Disable date parsing + +## CURL_DISABLE_POP + +Disable the POP(S) protocols + +## CURL_DISABLE_PROGRESS_METER + +Disable the built-in progress meter + +## CURL_DISABLE_PROXY + +Disable support for proxies + +## CURL_DISABLE_RTSP + +Disable the RTSP protocol. + +## CURL_DISABLE_SHUFFLE_DNS + +Disable the shuffle DNS feature + +## CURL_DISABLE_SMB + +Disable the SMB(S) protocols + +## CURL_DISABLE_SMTP + +Disable the SMTP(S) protocols + +## CURL_DISABLE_TELNET + +Disable the TELNET protocol + +## CURL_DISABLE_TFTP + +Disable the TFTP protocol + +## CURL_DISABLE_VERBOSE_STRINGS + +Disable verbose strings and error messages. diff --git a/extern/curl/docs/DEPRECATE.md b/extern/curl/docs/DEPRECATE.md new file mode 100644 index 0000000000..26877c48aa --- /dev/null +++ b/extern/curl/docs/DEPRECATE.md @@ -0,0 +1,12 @@ +# Items to be removed from future curl releases + +If any of these deprecated features is a cause for concern for you, please +email the curl-library mailing list as soon as possible and explain to us why +this is a problem for you and how your use case can't be satisfied properly +using a work around. + +## Past removals + + - Pipelining + - axTLS + - PolarSSL diff --git a/extern/curl/docs/ESNI.md b/extern/curl/docs/ESNI.md new file mode 100644 index 0000000000..7feaa75ad2 --- /dev/null +++ b/extern/curl/docs/ESNI.md @@ -0,0 +1,139 @@ +# TLS: ESNI support in curl and libcurl + +## Summary + +**ESNI** means **Encrypted Server Name Indication**, a TLS 1.3 +extension which is currently the subject of an +[IETF Draft][tlsesni]. + +This file is intended to show the latest current state of ESNI support +in **curl** and **libcurl**. + +At end of August 2019, an [experimental fork of curl][niallorcurl], +built using an [experimental fork of OpenSSL][sftcdopenssl], which in +turn provided an implementation of ESNI, was demonstrated +interoperating with a server belonging to the [DEfO +Project][defoproj]. + +Further sections here describe + +- resources needed for building and demonstrating **curl** support + for ESNI, + +- progress to date, + +- TODO items, and + +- additional details of specific stages of the progress. + +## Resources needed + +To build and demonstrate ESNI support in **curl** and/or **libcurl**, +you will need + +- a TLS library, supported by **libcurl**, which implements ESNI; + +- an edition of **curl** and/or **libcurl** which supports the ESNI + implementation of the chosen TLS library; + +- an environment for building and running **curl**, and at least + building **OpenSSL**; + +- a server, supporting ESNI, against which to run a demonstration + and perhaps a specific target URL; + +- some instructions. + +The following set of resources is currently known to be available. + +| Set | Component | Location | Remarks | +|:-----|:-------------|:------------------------------|:-------------------------------------------| +| DEfO | TLS library | [sftcd/openssl][sftcdopenssl] | Tag *esni-2019-08-30* avoids bleeding edge | +| | curl fork | [niallor/curl][niallorcurl] | Tag *esni-2019-08-30* likewise | +| | instructions | [ESNI-README][niallorreadme] | | + +## Progress + +### PR 4011 (Jun 2019) expected in curl release 7.67.0 (Oct 2019) + +- Details [below](#pr4011); + +- New **curl** feature: `CURL_VERSION_ESNI`; + +- New configuration option: `--enable-esni`; + +- Build-time check for availability of resources needed for ESNI + support; + +- Pre-processor symbol `USE_ESNI` for conditional compilation of + ESNI support code, subject to configuration option and + availability of needed resources. + +## TODO + +- (next PR) Add libcurl options to set ESNI parameters. + +- (next PR) Add curl tool command line options to set ESNI parameters. + +- (WIP) Extend DoH functions so that published ESNI parameters can be + retrieved from DNS instead of being required as options. + +- (WIP) Work with OpenSSL community to finalize ESNI API. + +- Track OpenSSL ESNI API in libcurl + +- Identify and implement any changes needed for CMake. + +- Optimize build-time checking of available resources. + +- Encourage ESNI support work on other TLS/SSL backends. + +## Additional detail + +### PR 4011 + +**TLS: Provide ESNI support framework for curl and libcurl** + +The proposed change provides a framework to facilitate work to +implement ESNI support in curl and libcurl. It is not intended +either to provide ESNI functionality or to favour any particular +TLS-providing backend. Specifically, the change reserves a +feature bit for ESNI support (symbol `CURL_VERSION_ESNI`), +implements setting and reporting of this bit, includes dummy +book-keeping for the symbol, adds a build-time configuration +option (`--enable-esni`), provides an extensible check for +resources available to provide ESNI support, and defines a +compiler pre-processor symbol (`USE_ESNI`) accordingly. + +Proposed-by: @niallor (Niall O'Reilly)\ +Encouraged-by: @sftcd (Stephen Farrell)\ +See-also: [this message](https://curl.haxx.se/mail/lib-2019-05/0108.html) + +Limitations: +- Book-keeping (symbols-in-versions) needs real release number, not 'DUMMY'. + +- Framework is incomplete, as it covers autoconf, but not CMake. + +- Check for available resources, although extensible, refers only to + specific work in progress ([described + here](https://github.com/sftcd/openssl/tree/master/esnistuff)) to + implement ESNI for OpenSSL, as this is the immediate motivation + for the proposed change. + +## References + +Cloudflare blog: [Encrypting SNI: Fixing One of the Core Internet Bugs][corebug] + +Cloudflare blog: [Encrypt it or lose it: how encrypted SNI works][esniworks] + +IETF Draft: [Encrypted Server Name Indication for TLS 1.3][tlsesni] + +--- + +[tlsesni]: https://datatracker.ietf.org/doc/draft-ietf-tls-esni/ +[esniworks]: https://blog.cloudflare.com/encrypted-sni/ +[corebug]: https://blog.cloudflare.com/esni/ +[defoproj]: https://defo.ie/ +[sftcdopenssl]: https://github.com/sftcd/openssl/ +[niallorcurl]: https://github.com/niallor/curl/ +[niallorreadme]: https://github.com/niallor/curl/blob/master/ESNI-README.md diff --git a/extern/curl/docs/EXPERIMENTAL.md b/extern/curl/docs/EXPERIMENTAL.md new file mode 100644 index 0000000000..6c33bcf53c --- /dev/null +++ b/extern/curl/docs/EXPERIMENTAL.md @@ -0,0 +1,22 @@ +# Experimental + +Some features and functionality in curl and libcurl are considered +**EXPERIMENTAL**. + +Experimental support in curl means: + +1. Experimental features are provided to allow users to try them out and + provide feedback on functionality and API etc before they ship and get + "carved in stone". +2. You must enable the feature when invoking configure as otherwise curl will + not be built with the feature present. +3. We strongly advice against using this feature in production. +4. **We reserve the right to change behavior** of the feature without sticking + to our API/ABI rules as we do for regular features, as long as it is marked + experimental. +5. Experimental features are clearly marked so in documentation. Beware. + +## Experimental features right now + + - HTTP/3 support and options + - alt-svc support and options diff --git a/extern/curl/docs/FAQ b/extern/curl/docs/FAQ new file mode 100644 index 0000000000..53f1c9e7a5 --- /dev/null +++ b/extern/curl/docs/FAQ @@ -0,0 +1,1558 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +FAQ + + 1. Philosophy + 1.1 What is cURL? + 1.2 What is libcurl? + 1.3 What is curl not? + 1.4 When will you make curl do XXXX ? + 1.5 Who makes curl? + 1.6 What do you get for making curl? + 1.7 What about CURL from curl.com? + 1.8 I have a problem who do I mail? + 1.9 Where do I buy commercial support for curl? + 1.10 How many are using curl? + 1.11 Why don't you update ca-bundle.crt + 1.12 I have a problem who can I chat with? + 1.13 curl's ECCN number? + 1.14 How do I submit my patch? + 1.15 How do I port libcurl to my OS? + + 2. Install Related Problems + 2.1 configure doesn't find OpenSSL even when it is installed + 2.1.1 native linker doesn't find OpenSSL + 2.1.2 only the libssl lib is missing + 2.2 Does curl work/build with other SSL libraries? + 2.3 Where can I find a copy of LIBEAY32.DLL? + 2.4 Does curl support SOCKS (RFC 1928) ? + + 3. Usage Problems + 3.1 curl: (1) SSL is disabled, https: not supported + 3.2 How do I tell curl to resume a transfer? + 3.3 Why doesn't my posting using -F work? + 3.4 How do I tell curl to run custom FTP commands? + 3.5 How can I disable the Accept: */* header? + 3.6 Does curl support ASP, XML, XHTML or HTML version Y? + 3.7 Can I use curl to delete/rename a file through FTP? + 3.8 How do I tell curl to follow HTTP redirects? + 3.9 How do I use curl in my favorite programming language? + 3.10 What about SOAP, WebDAV, XML-RPC or similar protocols over HTTP? + 3.11 How do I POST with a different Content-Type? + 3.12 Why do FTP-specific features over HTTP proxy fail? + 3.13 Why do my single/double quotes fail? + 3.14 Does curl support Javascript or PAC (automated proxy config)? + 3.15 Can I do recursive fetches with curl? + 3.16 What certificates do I need when I use SSL? + 3.17 How do I list the root dir of an FTP server? + 3.18 Can I use curl to send a POST/PUT and not wait for a response? + 3.19 How do I get HTTP from a host using a specific IP address? + 3.20 How to SFTP from my user's home directory? + 3.21 Protocol xxx not supported or disabled in libcurl + 3.22 curl -X gives me HTTP problems + + 4. Running Problems + 4.1 Problems connecting to SSL servers. + 4.2 Why do I get problems when I use & or % in the URL? + 4.3 How can I use {, }, [ or ] to specify multiple URLs? + 4.4 Why do I get downloaded data even though the web page doesn't exist? + 4.5 Why do I get return code XXX from a HTTP server? + 4.5.1 "400 Bad Request" + 4.5.2 "401 Unauthorized" + 4.5.3 "403 Forbidden" + 4.5.4 "404 Not Found" + 4.5.5 "405 Method Not Allowed" + 4.5.6 "301 Moved Permanently" + 4.6 Can you tell me what error code 142 means? + 4.7 How do I keep user names and passwords secret in Curl command lines? + 4.8 I found a bug! + 4.9 Curl can't authenticate to the server that requires NTLM? + 4.10 My HTTP request using HEAD, PUT or DELETE doesn't work! + 4.11 Why do my HTTP range requests return the full document? + 4.12 Why do I get "certificate verify failed" ? + 4.13 Why is curl -R on Windows one hour off? + 4.14 Redirects work in browser but not with curl! + 4.15 FTPS doesn't work + 4.16 My HTTP POST or PUT requests are slow! + 4.17 Non-functional connect timeouts on Windows + 4.18 file:// URLs containing drive letters (Windows, NetWare) + 4.19 Why doesn't curl return an error when the network cable is unplugged? + 4.20 curl doesn't return error for HTTP non-200 responses! + 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? + + 5. libcurl Issues + 5.1 Is libcurl thread-safe? + 5.2 How can I receive all data into a large memory chunk? + 5.3 How do I fetch multiple files with libcurl? + 5.4 Does libcurl do Winsock initing on win32 systems? + 5.5 Does CURLOPT_WRITEDATA and CURLOPT_READDATA work on win32 ? + 5.6 What about Keep-Alive or persistent connections? + 5.7 Link errors when building libcurl on Windows! + 5.8 libcurl.so.X: open failed: No such file or directory + 5.9 How does libcurl resolve host names? + 5.10 How do I prevent libcurl from writing the response to stdout? + 5.11 How do I make libcurl not receive the whole HTTP response? + 5.12 Can I make libcurl fake or hide my real IP address? + 5.13 How do I stop an ongoing transfer? + 5.14 Using C++ non-static functions for callbacks? + 5.15 How do I get an FTP directory listing? + 5.16 I want a different time-out! + 5.17 Can I write a server with libcurl? + 5.18 Does libcurl use threads? + + 6. License Issues + 6.1 I have a GPL program, can I use the libcurl library? + 6.2 I have a closed-source program, can I use the libcurl library? + 6.3 I have a BSD licensed program, can I use the libcurl library? + 6.4 I have a program that uses LGPL libraries, can I use libcurl? + 6.5 Can I modify curl/libcurl for my program and keep the changes secret? + 6.6 Can you please change the curl/libcurl license to XXXX? + 6.7 What are my obligations when using libcurl in my commercial apps? + + 7. PHP/CURL Issues + 7.1 What is PHP/CURL? + 7.2 Who wrote PHP/CURL? + 7.3 Can I perform multiple requests using the same handle? + 7.4 Does PHP/CURL have dependencies? + +============================================================================== + +1. Philosophy + + 1.1 What is cURL? + + cURL is the name of the project. The name is a play on 'Client for URLs', + originally with URL spelled in uppercase to make it obvious it deals with + URLs. The fact it can also be pronounced 'see URL' also helped, it works as + an abbreviation for "Client URL Request Library" or why not the recursive + version: "Curl URL Request Library". + + The cURL project produces two products: + + libcurl + + A free and easy-to-use client-side URL transfer library, supporting DICT, + FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, + POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. + + libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, + Kerberos, SPNEGO, HTTP form based upload, proxies, cookies, user+password + authentication, file transfer resume, http proxy tunneling and more! + + libcurl is highly portable, it builds and works identically on numerous + platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HP-UX, + IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac + OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF, + Android, Minix, IBM TPF and more... + + libcurl is free, thread-safe, IPv6 compatible, feature rich, well + supported and fast. + + curl + + A command line tool for getting or sending files using URL syntax. + + Since curl uses libcurl, curl supports the same wide range of common + Internet protocols that libcurl does. + + We pronounce curl with an initial k sound. It rhymes with words like girl + and earl. This is a short WAV file to help you: + + https://media.merriam-webster.com/soundc11/c/curl0001.wav + + There are numerous sub-projects and related projects that also use the word + curl in the project names in various combinations, but you should take + notice that this FAQ is directed at the command-line tool named curl (and + libcurl the library), and may therefore not be valid for other curl-related + projects. (There is however a small section for the PHP/CURL in this FAQ.) + + 1.2 What is libcurl? + + libcurl is a reliable and portable library which provides you with an easy + interface to a range of common Internet protocols. + + You can use libcurl for free in your application, be it open source, + commercial or closed-source. + + libcurl is most probably the most portable, most powerful and most often + used C-based multi-platform file transfer library on this planet - be it + open source or commercial. + + 1.3 What is curl not? + + Curl is not a wget clone. That is a common misconception. Never, during + curl's development, have we intended curl to replace wget or compete on its + market. Curl is targeted at single-shot file transfers. + + Curl is not a web site mirroring program. If you want to use curl to mirror + something: fine, go ahead and write a script that wraps around curl to make + it reality (like curlmirror.pl does). + + Curl is not an FTP site mirroring program. Sure, get and send FTP with curl + but if you want systematic and sequential behavior you should write a + script (or write a new program that interfaces libcurl) and do it. + + Curl is not a PHP tool, even though it works perfectly well when used from + or with PHP (when using the PHP/CURL module). + + Curl is not a program for a single operating system. Curl exists, compiles, + builds and runs under a wide range of operating systems, including all + modern Unixes (and a bunch of older ones too), Windows, Amiga, BeOS, OS/2, + OS X, QNX etc. + + 1.4 When will you make curl do XXXX ? + + We love suggestions of what to change in order to make curl and libcurl + better. We do however believe in a few rules when it comes to the future of + curl: + + Curl -- the command line tool -- is to remain a non-graphical command line + tool. If you want GUIs or fancy scripting capabilities, you should look for + another tool that uses libcurl. + + We do not add things to curl that other small and available tools already do + very well at the side. Curl's output can be piped into another program or + redirected to another file for the next program to interpret. + + We focus on protocol related issues and improvements. If you want to do more + magic with the supported protocols than curl currently does, chances are good + we will agree. If you want to add more protocols, we may very well agree. + + If you want someone else to do all the work while you wait for us to + implement it for you, that is not a very friendly attitude. We spend a + considerable time already on maintaining and developing curl. In order to + get more out of us, you should consider trading in some of your time and + effort in return. Simply go to the GitHub repo which resides at + https://github.com/curl/curl, fork the project, and create pull requests + with your proposed changes. + + If you write the code, chances are better that it will get into curl faster. + + 1.5 Who makes curl? + + curl and libcurl are not made by any single individual. Daniel Stenberg is + project leader and main developer, but other persons' submissions are + important and crucial. Anyone can contribute and post their changes and + improvements and have them inserted in the main sources (of course on the + condition that developers agree that the fixes are good). + + The full list of all contributors is found in the docs/THANKS file. + + curl is developed by a community, with Daniel at the wheel. + + 1.6 What do you get for making curl? + + Project cURL is entirely free and open. No person gets paid for developing + curl full time. We do this voluntarily, mostly in our spare time. + Occasionally companies pay individual developers to work on curl, but that's + up to each company and developer. This is not controlled by nor supervised in + any way by the project. + + We still get help from companies. Haxx provides web site, bandwidth, mailing + lists etc, GitHub hosts the primary git repository and other services like + the bug tracker at https://github.com/curl/curl. Also again, some companies + have sponsored certain parts of the development in the past and I hope some + will continue to do so in the future. + + If you want to support our project, consider a donation or a banner-program + or even better: by helping us with coding, documenting or testing etc. + + 1.7 What about CURL from curl.com? + + During the summer of 2001, curl.com was busy advertising their client-side + programming language for the web, named CURL. + + We are in no way associated with curl.com or their CURL programming + language. + + Our project name curl has been in effective use since 1998. We were not the + first computer related project to use the name "curl" and do not claim any + rights to the name. + + We recognize that we will be living in parallel with curl.com and wish them + every success. + + 1.8 I have a problem whom do I mail? + + Please do not mail any single individual unless you really need to. Keep + curl-related questions on a suitable mailing list. All available mailing + lists are listed in the MANUAL document and online at + https://curl.haxx.se/mail/ + + Keeping curl-related questions and discussions on mailing lists allows + others to join in and help, to share their ideas, to contribute their + suggestions and to spread their wisdom. Keeping discussions on public mailing + lists also allows for others to learn from this (both current and future + users thanks to the web based archives of the mailing lists), thus saving us + from having to repeat ourselves even more. Thanks for respecting this. + + If you have found or simply suspect a security problem in curl or libcurl, + mail curl-security at haxx.se (closed list of receivers, mails are not + disclosed) and tell. Then we can produce a fix in a timely manner before the + flaw is announced to the world, thus lessen the impact the problem will have + on existing users. + + 1.9 Where do I buy commercial support for curl? + + curl is fully open source. It means you can hire any skilled engineer to fix + your curl-related problems. + + We list available alternatives on the curl web site: + https://curl.haxx.se/support.html + + 1.10 How many are using curl? + + It is impossible to tell. + + We don't know how many users that knowingly have installed and use curl. + + We don't know how many users that use curl without knowing that they are in + fact using it. + + We don't know how many users that downloaded or installed curl and then + never use it. + + In May 2012 Daniel did a counting game and came up with a number that may + be completely wrong or somewhat accurate. Over 500 million! + + See https://daniel.haxx.se/blog/2012/05/16/300m-users/ + + 1.11 Why don't you update ca-bundle.crt + + The ca cert bundle that used to be shipped with curl was very outdated and + must be replaced with an up-to-date version by anyone who wants to verify + peers. It is no longer provided by curl. The last curl release that ever + shipped a ca cert bundle was curl 7.18.0. + + In the cURL project we've decided not to attempt to keep this file updated + (or even present anymore) since deciding what to add to a ca cert bundle is + an undertaking we've not been ready to accept, and the one we can get from + Mozilla is perfectly fine so there's no need to duplicate that work. + + Today, with many services performed over HTTPS, every operating system + should come with a default ca cert bundle that can be deemed somewhat + trustworthy and that collection (if reasonably updated) should be deemed to + be a lot better than a private curl version. + + If you want the most recent collection of ca certs that Mozilla Firefox + uses, we recommend that you extract the collection yourself from Mozilla + Firefox (by running 'make ca-bundle), or by using our online service setup + for this purpose: https://curl.haxx.se/docs/caextract.html + + 1.12 I have a problem who can I chat with? + + There's a bunch of friendly people hanging out in the #curl channel on the + IRC network irc.freenode.net. If you're polite and nice, chances are good + that you can get -- or provide -- help instantly. + + 1.13 curl's ECCN number? + + The US government restricts exports of software that contains or uses + cryptography. When doing so, the Export Control Classification Number (ECCN) + is used to identify the level of export control etc. + + Apache Software Foundation gives a good explanation of ECCNs at + https://www.apache.org/dev/crypto.html + + We believe curl's number might be ECCN 5D002, another possibility is + 5D992. It seems necessary to write them (the authority that administers ECCN + numbers), asking to confirm. + + Comprehensible explanations of the meaning of such numbers and how to obtain + them (resp.) are here + + https://www.bis.doc.gov/licensing/exportingbasics.htm + https://www.bis.doc.gov/licensing/do_i_needaneccn.html + + An incomprehensible description of the two numbers above is here + https://www.bis.doc.gov/index.php/documents/new-encryption/1653-ccl5-pt2-3 + + 1.14 How do I submit my patch? + + When you have made a patch or a change of whatever sort, and want to submit + that to the project, there are a few different ways we prefer: + + o send a patch to the curl-library mailing list. We're many subscribers + there and there are lots of people who can review patches, comment on them + and "receive" them properly. + + o if your patch changes or fixes a bug, you can also opt to submit a bug + report in the bug tracker and attach your patch there. There are less + people involved there. + + Lots of more details are found in the CONTRIBUTE and INTERNALS docs. + + 1.15 How do I port libcurl to my OS? + + Here's a rough step-by-step: + + 1. copy a suitable lib/config-*.h file as a start to lib/config-[youros].h + + 2. edit lib/config-[youros].h to match your OS and setup + + 3. edit lib/curl_setup.h to include config-[youros].h when your OS is + detected by the preprocessor, in the style others already exist + + 4. compile lib/*.c and make them into a library + + +2. Install Related Problems + + 2.1 configure doesn't find OpenSSL even when it is installed + + This may be because of several reasons. + + 2.1.1 native linker doesn't find openssl + + Affected platforms: + Solaris (native cc compiler) + HPUX (native cc compiler) + SGI IRIX (native cc compiler) + SCO UNIX (native cc compiler) + + When configuring curl, I specify --with-ssl. OpenSSL is installed in + /usr/local/ssl Configure reports SSL in /usr/local/ssl, but fails to find + CRYPTO_lock in -lcrypto + + Cause: The cc for this test places the -L/usr/local/ssl/lib AFTER + -lcrypto, so ld can't find the library. This is due to a bug in the GNU + autoconf tool. + + Workaround: Specifying "LDFLAGS=-L/usr/local/ssl/lib" in front of + ./configure places the -L/usr/local/ssl/lib early enough in the command + line to make things work + + 2.1.2 only the libssl lib is missing + + If all include files and the libcrypto lib is present, with only the + libssl being missing according to configure, this is most likely because + a few functions are left out from the libssl. + + If the function names missing include RSA or RSAREF you can be certain + that this is because libssl requires the RSA and RSAREF libs to build. + + See the INSTALL file section that explains how to add those libs to + configure. Make sure that you remove the config.cache file before you + rerun configure with the new flags. + + 2.2 Does curl work/build with other SSL libraries? + + Curl has been written to use a generic SSL function layer internally, and + that SSL functionality can then be provided by one out of many different SSL + backends. + + curl can be built to use one of the following SSL alternatives: OpenSSL, + libressl, BoringSSL, GnuTLS, wolfSSL, NSS, mbedTLS, MesaLink, Secure + Transport (native iOS/OS X), Schannel (native Windows), GSKit (native IBM + i), or BearSSL. They all have their pros and cons, and we try to maintain a + comparison of them here: https://curl.haxx.se/docs/ssl-compared.html + + 2.3 Where can I find a copy of LIBEAY32.DLL? + + That is an OpenSSL binary built for Windows. + + Curl can be built with OpenSSL to do the SSL stuff. The LIBEAY32.DLL is then + what curl needs on a windows machine to do https:// etc. Check out the curl + web site to find accurate and up-to-date pointers to recent OpenSSL DLLs and + other binary packages. + + 2.4 Does curl support SOCKS (RFC 1928) ? + + Yes, SOCKS 4 and 5 are supported. + + +3. Usage problems + + 3.1 curl: (1) SSL is disabled, https: not supported + + If you get this output when trying to get anything from a https:// server, + it means that the instance of curl/libcurl that you're using was built + without support for this protocol. + + This could've happened if the configure script that was run at build time + couldn't find all libs and include files curl requires for SSL to work. If + the configure script fails to find them, curl is simply built without SSL + support. + + To get the https:// support into a curl that was previously built but that + reports that https:// is not supported, you should dig through the document + and logs and check out why the configure script doesn't find the SSL libs + and/or include files. + + Also, check out the other paragraph in this FAQ labeled "configure doesn't + find OpenSSL even when it is installed". + + 3.2 How do I tell curl to resume a transfer? + + Curl supports resumed transfers both ways on both FTP and HTTP. + Try the -C option. + + 3.3 Why doesn't my posting using -F work? + + You can't arbitrarily use -F or -d, the choice between -F or -d depends on the + HTTP operation you need curl to do and what the web server that will receive + your post expects. + + If the form you're trying to submit uses the type 'multipart/form-data', then + and only then you must use the -F type. In all the most common cases, you + should use -d which then causes a posting with the type + 'application/x-www-form-urlencoded'. + + This is described in some detail in the MANUAL and TheArtOfHttpScripting + documents, and if you don't understand it the first time, read it again + before you post questions about this to the mailing list. Also, try reading + through the mailing list archives for old postings and questions regarding + this. + + 3.4 How do I tell curl to run custom FTP commands? + + You can tell curl to perform optional commands both before and/or after a + file transfer. Study the -Q/--quote option. + + Since curl is used for file transfers, you don't normally use curl to + perform FTP commands without transferring anything. Therefore you must + always specify a URL to transfer to/from even when doing custom FTP + commands, or use -I which implies the "no body" option sent to libcurl. + + 3.5 How can I disable the Accept: */* header? + + You can change all internally generated headers by adding a replacement with + the -H/--header option. By adding a header with empty contents you safely + disable that one. Use -H "Accept:" to disable that specific header. + + 3.6 Does curl support ASP, XML, XHTML or HTML version Y? + + To curl, all contents are alike. It doesn't matter how the page was + generated. It may be ASP, PHP, Perl, shell-script, SSI or plain HTML + files. There's no difference to curl and it doesn't even know what kind of + language that generated the page. + + See also item 3.14 regarding javascript. + + 3.7 Can I use curl to delete/rename a file through FTP? + + Yes. You specify custom FTP commands with -Q/--quote. + + One example would be to delete a file after you have downloaded it: + + curl -O ftp://download.com/coolfile -Q '-DELE coolfile' + + or rename a file after upload: + + curl -T infile ftp://upload.com/dir/ -Q "-RNFR infile" -Q "-RNTO newname" + + 3.8 How do I tell curl to follow HTTP redirects? + + Curl does not follow so-called redirects by default. The Location: header + that informs the client about this is only interpreted if you're using the + -L/--location option. As in: + + curl -L http://redirector.com + + Not all redirects are HTTP ones, see 4.14 + + 3.9 How do I use curl in my favorite programming language? + + Many programming languages have interfaces/bindings that allow you to use + curl without having to use the command line tool. If you are fluent in such + a language, you may prefer to use one of these interfaces instead. + + Find out more about which languages that support curl directly, and how to + install and use them, in the libcurl section of the curl web site: + https://curl.haxx.se/libcurl/ + + All the various bindings to libcurl are made by other projects and people, + outside of the cURL project. The cURL project itself only produces libcurl + with its plain C API. If you don't find anywhere else to ask you can ask + about bindings on the curl-library list too, but be prepared that people on + that list may not know anything about bindings. + + In February 2019, there were interfaces available for the following + languages: Ada95, Basic, C, C++, Ch, Cocoa, D, Delphi, Dylan, Eiffel, + Euphoria, Falcon, Ferite, Gambas, glib/GTK+, Go, Guile, Harbour, Haskell, + Java, Julia, Lisp, Lua, Mono, .NET, node.js, Object-Pascal, OCaml, Pascal, + Perl, PHP, PostgreSQL, Python, R, Rexx, Ring, RPG, Ruby, Rust, Scheme, + Scilab, S-Lang, Smalltalk, SP-Forth, SPL, Tcl, Visual Basic, Visual FoxPro, + Q, wxwidgets, XBLite and Xoho. By the time you read this, additional ones + may have appeared! + + 3.10 What about SOAP, WebDAV, XML-RPC or similar protocols over HTTP? + + Curl adheres to the HTTP spec, which basically means you can play with *any* + protocol that is built on top of HTTP. Protocols such as SOAP, WEBDAV and + XML-RPC are all such ones. You can use -X to set custom requests and -H to + set custom headers (or replace internally generated ones). + + Using libcurl is of course just as good and you'd just use the proper + library options to do the same. + + 3.11 How do I POST with a different Content-Type? + + You can always replace the internally generated headers with -H/--header. + To make a simple HTTP POST with text/xml as content-type, do something like: + + curl -d "datatopost" -H "Content-Type: text/xml" [URL] + + 3.12 Why do FTP-specific features over HTTP proxy fail? + + Because when you use a HTTP proxy, the protocol spoken on the network will + be HTTP, even if you specify a FTP URL. This effectively means that you + normally can't use FTP-specific features such as FTP upload and FTP quote + etc. + + There is one exception to this rule, and that is if you can "tunnel through" + the given HTTP proxy. Proxy tunneling is enabled with a special option (-p) + and is generally not available as proxy admins usually disable tunneling to + ports other than 443 (which is used for HTTPS access through proxies). + + 3.13 Why do my single/double quotes fail? + + To specify a command line option that includes spaces, you might need to + put the entire option within quotes. Like in: + + curl -d " with spaces " url.com + + or perhaps + + curl -d ' with spaces ' url.com + + Exactly what kind of quotes and how to do this is entirely up to the shell + or command line interpreter that you are using. For most unix shells, you + can more or less pick either single (') or double (") quotes. For + Windows/DOS prompts I believe you're forced to use double (") quotes. + + Please study the documentation for your particular environment. Examples in + the curl docs will use a mix of both of these as shown above. You must + adjust them to work in your environment. + + Remember that curl works and runs on more operating systems than most single + individuals have ever tried. + + 3.14 Does curl support Javascript or PAC (automated proxy config)? + + Many web pages do magic stuff using embedded Javascript. Curl and libcurl + have no built-in support for that, so it will be treated just like any other + contents. + + .pac files are a netscape invention and are sometimes used by organizations + to allow them to differentiate which proxies to use. The .pac contents is + just a Javascript program that gets invoked by the browser and that returns + the name of the proxy to connect to. Since curl doesn't support Javascript, + it can't support .pac proxy configuration either. + + Some workarounds usually suggested to overcome this Javascript dependency: + + Depending on the Javascript complexity, write up a script that translates it + to another language and execute that. + + Read the Javascript code and rewrite the same logic in another language. + + Implement a Javascript interpreter, people have successfully used the + Mozilla Javascript engine in the past. + + Ask your admins to stop this, for a static proxy setup or similar. + + 3.15 Can I do recursive fetches with curl? + + No. curl itself has no code that performs recursive operations, such as + those performed by wget and similar tools. + + There exists wrapper scripts with that functionality (for example the + curlmirror perl script), and you can write programs based on libcurl to do + it, but the command line tool curl itself cannot. + + 3.16 What certificates do I need when I use SSL? + + There are three different kinds of "certificates" to keep track of when we + talk about using SSL-based protocols (HTTPS or FTPS) using curl or libcurl. + + CLIENT CERTIFICATE + + The server you communicate with may require that you can provide this in + order to prove that you actually are who you claim to be. If the server + doesn't require this, you don't need a client certificate. + + A client certificate is always used together with a private key, and the + private key has a pass phrase that protects it. + + SERVER CERTIFICATE + + The server you communicate with has a server certificate. You can and should + verify this certificate to make sure that you are truly talking to the real + server and not a server impersonating it. + + CERTIFICATE AUTHORITY CERTIFICATE ("CA cert") + + You often have several CA certs in a CA cert bundle that can be used to + verify a server certificate that was signed by one of the authorities in the + bundle. curl does not come with a CA cert bundle but most curl installs + provide one. You can also override the default. + + The server certificate verification process is made by using a Certificate + Authority certificate ("CA cert") that was used to sign the server + certificate. Server certificate verification is enabled by default in curl + and libcurl and is often the reason for problems as explained in FAQ entry + 4.12 and the SSLCERTS document + (https://curl.haxx.se/docs/sslcerts.html). Server certificates that are + "self-signed" or otherwise signed by a CA that you do not have a CA cert + for, cannot be verified. If the verification during a connect fails, you are + refused access. You then need to explicitly disable the verification to + connect to the server. + + 3.17 How do I list the root dir of an FTP server? + + There are two ways. The way defined in the RFC is to use an encoded slash + in the first path part. List the "/tmp" dir like this: + + curl ftp://ftp.sunet.se/%2ftmp/ + + or the not-quite-kosher-but-more-readable way, by simply starting the path + section of the URL with a slash: + + curl ftp://ftp.sunet.se//tmp/ + + 3.18 Can I use curl to send a POST/PUT and not wait for a response? + + No. + + But you could easily write your own program using libcurl to do such stunts. + + 3.19 How do I get HTTP from a host using a specific IP address? + + For example, you may be trying out a web site installation that isn't yet in + the DNS. Or you have a site using multiple IP addresses for a given host + name and you want to address a specific one out of the set. + + Set a custom Host: header that identifies the server name you want to reach + but use the target IP address in the URL: + + curl --header "Host: www.example.com" http://127.0.0.1/ + + You can also opt to add faked host name entries to curl with the --resolve + option. That has the added benefit that things like redirects will also work + properly. The above operation would instead be done as: + + curl --resolve www.example.com:80:127.0.0.1 http://www.example.com/ + + 3.20 How to SFTP from my user's home directory? + + Contrary to how FTP works, SFTP and SCP URLs specify the exact directory to + work with. It means that if you don't specify that you want the user's home + directory, you get the actual root directory. + + To specify a file in your user's home directory, you need to use the correct + URL syntax which for SFTP might look similar to: + + curl -O -u user:password sftp://example.com/~/file.txt + + and for SCP it is just a different protocol prefix: + + curl -O -u user:password scp://example.com/~/file.txt + + 3.21 Protocol xxx not supported or disabled in libcurl + + When passing on a URL to curl to use, it may respond that the particular + protocol is not supported or disabled. The particular way this error message + is phrased is because curl doesn't make a distinction internally of whether + a particular protocol is not supported (i.e. never got any code added that + knows how to speak that protocol) or if it was explicitly disabled. curl can + be built to only support a given set of protocols, and the rest would then + be disabled or not supported. + + Note that this error will also occur if you pass a wrongly spelled protocol + part as in "htpt://example.com" or as in the less evident case if you prefix + the protocol part with a space as in " http://example.com/". + + 3.22 curl -X gives me HTTP problems + + In normal circumstances, -X should hardly ever be used. + + By default you use curl without explicitly saying which request method to + use when the URL identifies a HTTP transfer. If you just pass in a URL like + "curl http://example.com" it will use GET. If you use -d or -F curl will use + POST, -I will cause a HEAD and -T will make it a PUT. + + If for whatever reason you're not happy with these default choices that curl + does for you, you can override those request methods by specifying -X + [WHATEVER]. This way you can for example send a DELETE by doing "curl -X + DELETE [URL]". + + It is thus pointless to do "curl -XGET [URL]" as GET would be used + anyway. In the same vein it is pointless to do "curl -X POST -d data + [URL]"... But you can make a fun and somewhat rare request that sends a + request-body in a GET request with something like "curl -X GET -d data + [URL]" + + Note that -X doesn't actually change curl's behavior as it only modifies the + actual string sent in the request, but that may of course trigger a + different set of events. + + Accordingly, by using -XPOST on a command line that for example would follow + a 303 redirect, you will effectively prevent curl from behaving + correctly. Be aware. + + +4. Running Problems + + 4.1 Problems connecting to SSL servers. + + It took a very long time before we could sort out why curl had problems to + connect to certain SSL servers when using SSLeay or OpenSSL v0.9+. The + error sometimes showed up similar to: + + 16570:error:1407D071:SSL routines:SSL2_READ:bad mac decode:s2_pkt.c:233: + + It turned out to be because many older SSL servers don't deal with SSLv3 + requests properly. To correct this problem, tell curl to select SSLv2 from + the command line (-2/--sslv2). + + There have also been examples where the remote server didn't like the SSLv2 + request and instead you had to force curl to use SSLv3 with -3/--sslv3. + + 4.2 Why do I get problems when I use & or % in the URL? + + In general unix shells, the & symbol is treated specially and when used, it + runs the specified command in the background. To safely send the & as a part + of a URL, you should quote the entire URL by using single (') or double (") + quotes around it. Similar problems can also occur on some shells with other + characters, including ?*!$~(){}<>\|;`. When in doubt, quote the URL. + + An example that would invoke a remote CGI that uses &-symbols could be: + + curl 'http://www.altavista.com/cgi-bin/query?text=yes&q=curl' + + In Windows, the standard DOS shell treats the percent sign specially and you + need to use TWO percent signs for each single one you want to use in the + URL. + + If you want a literal percent sign to be part of the data you pass in a POST + using -d/--data you must encode it as '%25' (which then also needs the + percent sign doubled on Windows machines). + + 4.3 How can I use {, }, [ or ] to specify multiple URLs? + + Because those letters have a special meaning to the shell, to be used in + a URL specified to curl you must quote them. + + An example that downloads two URLs (sequentially) would be: + + curl '{curl,www}.haxx.se' + + To be able to use those characters as actual parts of the URL (without using + them for the curl URL "globbing" system), use the -g/--globoff option: + + curl -g 'www.site.com/weirdname[].html' + + 4.4 Why do I get downloaded data even though the web page doesn't exist? + + Curl asks remote servers for the page you specify. If the page doesn't exist + at the server, the HTTP protocol defines how the server should respond and + that means that headers and a "page" will be returned. That's simply how + HTTP works. + + By using the --fail option you can tell curl explicitly to not get any data + if the HTTP return code doesn't say success. + + 4.5 Why do I get return code XXX from a HTTP server? + + RFC2616 clearly explains the return codes. This is a short transcript. Go + read the RFC for exact details: + + 4.5.1 "400 Bad Request" + + The request could not be understood by the server due to malformed + syntax. The client SHOULD NOT repeat the request without modifications. + + 4.5.2 "401 Unauthorized" + + The request requires user authentication. + + 4.5.3 "403 Forbidden" + + The server understood the request, but is refusing to fulfill it. + Authorization will not help and the request SHOULD NOT be repeated. + + 4.5.4 "404 Not Found" + + The server has not found anything matching the Request-URI. No indication + is given of whether the condition is temporary or permanent. + + 4.5.5 "405 Method Not Allowed" + + The method specified in the Request-Line is not allowed for the resource + identified by the Request-URI. The response MUST include an Allow header + containing a list of valid methods for the requested resource. + + 4.5.6 "301 Moved Permanently" + + If you get this return code and an HTML output similar to this: + +

Moved Permanently

The document has moved here. + + it might be because you requested a directory URL but without the trailing + slash. Try the same operation again _with_ the trailing URL, or use the + -L/--location option to follow the redirection. + + 4.6 Can you tell me what error code 142 means? + + All curl error codes are described at the end of the man page, in the + section called "EXIT CODES". + + Error codes that are larger than the highest documented error code means + that curl has exited due to a crash. This is a serious error, and we + appreciate a detailed bug report from you that describes how we could go + ahead and repeat this! + + 4.7 How do I keep user names and passwords secret in Curl command lines? + + This problem has two sides: + + The first part is to avoid having clear-text passwords in the command line + so that they don't appear in 'ps' outputs and similar. That is easily + avoided by using the "-K" option to tell curl to read parameters from a file + or stdin to which you can pass the secret info. curl itself will also + attempt to "hide" the given password by blanking out the option - this + doesn't work on all platforms. + + To keep the passwords in your account secret from the rest of the world is + not a task that curl addresses. You could of course encrypt them somehow to + at least hide them from being read by human eyes, but that is not what + anyone would call security. + + Also note that regular HTTP (using Basic authentication) and FTP passwords + are sent as cleartext across the network. All it takes for anyone to fetch + them is to listen on the network. Eavesdropping is very easy. Use more secure + authentication methods (like Digest, Negotiate or even NTLM) or consider the + SSL-based alternatives HTTPS and FTPS. + + 4.8 I found a bug! + + It is not a bug if the behavior is documented. Read the docs first. + Especially check out the KNOWN_BUGS file, it may be a documented bug! + + If it is a problem with a binary you've downloaded or a package for your + particular platform, try contacting the person who built the package/archive + you have. + + If there is a bug, read the BUGS document first. Then report it as described + in there. + + 4.9 Curl can't authenticate to the server that requires NTLM? + + NTLM support requires OpenSSL, GnuTLS, mbedTLS, NSS, Secure Transport, or + Microsoft Windows libraries at build-time to provide this functionality. + + NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You + should not use such ones. + + 4.10 My HTTP request using HEAD, PUT or DELETE doesn't work! + + Many web servers allow or demand that the administrator configures the + server properly for these requests to work on the web server. + + Some servers seem to support HEAD only on certain kinds of URLs. + + To fully grasp this, try the documentation for the particular server + software you're trying to interact with. This is not anything curl can do + anything about. + + 4.11 Why do my HTTP range requests return the full document? + + Because the range may not be supported by the server, or the server may + choose to ignore it and return the full document anyway. + + 4.12 Why do I get "certificate verify failed" ? + + You invoke curl 7.10 or later to communicate on a https:// URL and get an + error back looking something similar to this: + + curl: (35) SSL: error:14090086:SSL routines: + SSL3_GET_SERVER_CERTIFICATE:certificate verify failed + + Then it means that curl couldn't verify that the server's certificate was + good. Curl verifies the certificate using the CA cert bundle that comes with + the curl installation. + + To disable the verification (which makes it act like curl did before 7.10), + use -k. This does however enable man-in-the-middle attacks. + + If you get this failure but are having a CA cert bundle installed and used, + the server's certificate is not signed by one of the CA's in the bundle. It + might for example be self-signed. You then correct this problem by obtaining + a valid CA cert for the server. Or again, decrease the security by disabling + this check. + + Details are also in the SSLCERTS file in the release archives, found online + here: https://curl.haxx.se/docs/sslcerts.html + + 4.13 Why is curl -R on Windows one hour off? + + Since curl 7.53.0 this issue should be fixed as long as curl was built with + any modern compiler that allows for a 64-bit curl_off_t type. For older + compilers or prior curl versions it may set a time that appears one hour off. + This happens due to a flaw in how Windows stores and uses file modification + times and it is not easily worked around. For more details read this: + https://www.codeproject.com/Articles/1144/Beating-the-Daylight-Savings-Time-bug-and-getting + + 4.14 Redirects work in browser but not with curl! + + curl supports HTTP redirects well (see item 3.8). Browsers generally support + at least two other ways to perform redirects that curl does not: + + Meta tags. You can write a HTML tag that will cause the browser to redirect + to another given URL after a certain time. + + Javascript. You can write a Javascript program embedded in a HTML page that + redirects the browser to another given URL. + + There is no way to make curl follow these redirects. You must either + manually figure out what the page is set to do, or write a script that parses + the results and fetches the new URL. + + 4.15 FTPS doesn't work + + curl supports FTPS (sometimes known as FTP-SSL) both implicit and explicit + mode. + + When a URL is used that starts with FTPS://, curl assumes implicit SSL on + the control connection and will therefore immediately connect and try to + speak SSL. FTPS:// connections default to port 990. + + To use explicit FTPS, you use a FTP:// URL and the --ftp-ssl option (or one + of its related flavors). This is the most common method, and the one + mandated by RFC4217. This kind of connection will then of course use the + standard FTP port 21 by default. + + 4.16 My HTTP POST or PUT requests are slow! + + libcurl makes all POST and PUT requests (except for POST requests with a + very tiny request body) use the "Expect: 100-continue" header. This header + allows the server to deny the operation early so that libcurl can bail out + before having to send any data. This is useful in authentication + cases and others. + + However, many servers don't implement the Expect: stuff properly and if the + server doesn't respond (positively) within 1 second libcurl will continue + and send off the data anyway. + + You can disable libcurl's use of the Expect: header the same way you disable + any header, using -H / CURLOPT_HTTPHEADER, or by forcing it to use HTTP 1.0. + + 4.17 Non-functional connect timeouts + + In most Windows setups having a timeout longer than 21 seconds make no + difference, as it will only send 3 TCP SYN packets and no more. The second + packet sent three seconds after the first and the third six seconds after + the second. No more than three packets are sent, no matter how long the + timeout is set. + + See option TcpMaxConnectRetransmissions on this page: + https://support.microsoft.com/en-us/kb/175523/en-us + + Also, even on non-Windows systems there may run a firewall or anti-virus + software or similar that accepts the connection but does not actually do + anything else. This will make (lib)curl to consider the connection connected + and thus the connect timeout won't trigger. + + 4.18 file:// URLs containing drive letters (Windows, NetWare) + + When using curl to try to download a local file, one might use a URL + in this format: + + file://D:/blah.txt + + You'll find that even if D:\blah.txt does exist, curl returns a 'file + not found' error. + + According to RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt), + file:// URLs must contain a host component, but it is ignored by + most implementations. In the above example, 'D:' is treated as the + host component, and is taken away. Thus, curl tries to open '/blah.txt'. + If your system is installed to drive C:, that will resolve to 'C:\blah.txt', + and if that doesn't exist you will get the not found error. + + To fix this problem, use file:// URLs with *three* leading slashes: + + file:///D:/blah.txt + + Alternatively, if it makes more sense, specify 'localhost' as the host + component: + + file://localhost/D:/blah.txt + + In either case, curl should now be looking for the correct file. + + 4.19 Why doesn't curl return an error when the network cable is unplugged? + + Unplugging a cable is not an error situation. The TCP/IP protocol stack + was designed to be fault tolerant, so even though there may be a physical + break somewhere the connection shouldn't be affected, just possibly + delayed. Eventually, the physical break will be fixed or the data will be + re-routed around the physical problem through another path. + + In such cases, the TCP/IP stack is responsible for detecting when the + network connection is irrevocably lost. Since with some protocols it is + perfectly legal for the client to wait indefinitely for data, the stack may + never report a problem, and even when it does, it can take up to 20 minutes + for it to detect an issue. The curl option --keepalive-time enables + keep-alive support in the TCP/IP stack which makes it periodically probe the + connection to make sure it is still available to send data. That should + reliably detect any TCP/IP network failure. + + But even that won't detect the network going down before the TCP/IP + connection is established (e.g. during a DNS lookup) or using protocols that + don't use TCP. To handle those situations, curl offers a number of timeouts + on its own. --speed-limit/--speed-time will abort if the data transfer rate + falls too low, and --connect-timeout and --max-time can be used to put an + overall timeout on the connection phase or the entire transfer. + + A libcurl-using application running in a known physical environment (e.g. + an embedded device with only a single network connection) may want to act + immediately if its lone network connection goes down. That can be achieved + by having the application monitor the network connection on its own using an + OS-specific mechanism, then signaling libcurl to abort (see also item 5.13). + + 4.20 curl doesn't return error for HTTP non-200 responses! + + Correct. Unless you use -f (--fail). + + When doing HTTP transfers, curl will perform exactly what you're asking it + to do and if successful it will not return an error. You can use curl to + test your web server's "file not found" page (that gets 404 back), you can + use it to check your authentication protected web pages (that gets a 401 + back) and so on. + + The specific HTTP response code does not constitute a problem or error for + curl. It simply sends and delivers HTTP as you asked and if that worked, + everything is fine and dandy. The response code is generally providing more + higher level error information that curl doesn't care about. The error was + not in the HTTP transfer. + + If you want your command line to treat error codes in the 400 and up range + as errors and thus return a non-zero value and possibly show an error + message, curl has a dedicated option for that: -f (CURLOPT_FAILONERROR in + libcurl speak). + + You can also use the -w option and the variable %{response_code} to extract + the exact response code that was returned in the response. + + 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? + + If you use verbose to see the HTTP request when you send off a HTTP/2 + request, it will still say 1.1. + + The reason for this is that we first generate the request to send using the + old 1.1 style and show that request in the verbose output, and then we + convert it over to the binary header-compressed HTTP/2 style. The actual + "1.1" part from that request is then not actually used in the transfer. + The binary HTTP/2 headers are not human readable. + +5. libcurl Issues + + 5.1 Is libcurl thread-safe? + + Yes. + + We have written the libcurl code specifically adjusted for multi-threaded + programs. libcurl will use thread-safe functions instead of non-safe ones if + your system has such. Note that you must never share the same handle in + multiple threads. + + There may be some exceptions to thread safety depending on how libcurl was + built. Please review the guidelines for thread safety to learn more: + https://curl.haxx.se/libcurl/c/threadsafe.html + + 5.2 How can I receive all data into a large memory chunk? + + [ See also the examples/getinmemory.c source ] + + You are in full control of the callback function that gets called every time + there is data received from the remote server. You can make that callback do + whatever you want. You do not have to write the received data to a file. + + One solution to this problem could be to have a pointer to a struct that you + pass to the callback function. You set the pointer using the + CURLOPT_WRITEDATA option. Then that pointer will be passed to the callback + instead of a FILE * to a file: + + /* imaginary struct */ + struct MemoryStruct { + char *memory; + size_t size; + }; + + /* imaginary callback function */ + size_t + WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data) + { + size_t realsize = size * nmemb; + struct MemoryStruct *mem = (struct MemoryStruct *)data; + + mem->memory = (char *)realloc(mem->memory, mem->size + realsize + 1); + if (mem->memory) { + memcpy(&(mem->memory[mem->size]), ptr, realsize); + mem->size += realsize; + mem->memory[mem->size] = 0; + } + return realsize; + } + + 5.3 How do I fetch multiple files with libcurl? + + libcurl has excellent support for transferring multiple files. You should + just repeatedly set new URLs with curl_easy_setopt() and then transfer it + with curl_easy_perform(). The handle you get from curl_easy_init() is not + only reusable, but you're even encouraged to reuse it if you can, as that + will enable libcurl to use persistent connections. + + 5.4 Does libcurl do Winsock initialization on win32 systems? + + Yes, if told to in the curl_global_init() call. + + 5.5 Does CURLOPT_WRITEDATA and CURLOPT_READDATA work on win32 ? + + Yes, but you cannot open a FILE * and pass the pointer to a DLL and have + that DLL use the FILE * (as the DLL and the client application cannot access + each others' variable memory areas). If you set CURLOPT_WRITEDATA you must + also use CURLOPT_WRITEFUNCTION as well to set a function that writes the + file, even if that simply writes the data to the specified FILE *. + Similarly, if you use CURLOPT_READDATA you must also specify + CURLOPT_READFUNCTION. + + 5.6 What about Keep-Alive or persistent connections? + + curl and libcurl have excellent support for persistent connections when + transferring several files from the same server. Curl will attempt to reuse + connections for all URLs specified on the same command line/config file, and + libcurl will reuse connections for all transfers that are made using the + same libcurl handle. + + When you use the easy interface the connection cache is kept within the easy + handle. If you instead use the multi interface, the connection cache will be + kept within the multi handle and will be shared among all the easy handles + that are used within the same multi handle. + + 5.7 Link errors when building libcurl on Windows! + + You need to make sure that your project, and all the libraries (both static + and dynamic) that it links against, are compiled/linked against the same run + time library. + + This is determined by the /MD, /ML, /MT (and their corresponding /M?d) + options to the command line compiler. /MD (linking against MSVCRT dll) seems + to be the most commonly used option. + + When building an application that uses the static libcurl library, you must + add -DCURL_STATICLIB to your CFLAGS. Otherwise the linker will look for + dynamic import symbols. If you're using Visual Studio, you need to instead + add CURL_STATICLIB in the "Preprocessor Definitions" section. + + If you get linker error like "unknown symbol __imp__curl_easy_init ..." you + have linked against the wrong (static) library. If you want to use the + libcurl.dll and import lib, you don't need any extra CFLAGS, but use one of + the import libraries below. These are the libraries produced by the various + lib/Makefile.* files: + + Target: static lib. import lib for libcurl*.dll. + ----------------------------------------------------------- + MingW: libcurl.a libcurldll.a + MSVC (release): libcurl.lib libcurl_imp.lib + MSVC (debug): libcurld.lib libcurld_imp.lib + Borland: libcurl.lib libcurl_imp.lib + + 5.8 libcurl.so.X: open failed: No such file or directory + + This is an error message you might get when you try to run a program linked + with a shared version of libcurl and your run-time linker (ld.so) couldn't + find the shared library named libcurl.so.X. (Where X is the number of the + current libcurl ABI, typically 3 or 4). + + You need to make sure that ld.so finds libcurl.so.X. You can do that + multiple ways, and it differs somewhat between different operating systems, + but they are usually: + + * Add an option to the linker command line that specify the hard-coded path + the run-time linker should check for the lib (usually -R) + + * Set an environment variable (LD_LIBRARY_PATH for example) where ld.so + should check for libs + + * Adjust the system's config to check for libs in the directory where you've + put the dir (like Linux's /etc/ld.so.conf) + + 'man ld.so' and 'man ld' will tell you more details + + 5.9 How does libcurl resolve host names? + + libcurl supports a large a number of different name resolve functions. One + of them is picked at build-time and will be used unconditionally. Thus, if + you want to change name resolver function you must rebuild libcurl and tell + it to use a different function. + + - The non-IPv6 resolver that can use one of four different host name resolve + calls (depending on what your system supports): + + A - gethostbyname() + B - gethostbyname_r() with 3 arguments + C - gethostbyname_r() with 5 arguments + D - gethostbyname_r() with 6 arguments + + - The IPv6-resolver that uses getaddrinfo() + + - The c-ares based name resolver that uses the c-ares library for resolves. + Using this offers asynchronous name resolves. + + - The threaded resolver (default option on Windows). It uses: + + A - gethostbyname() on plain IPv4 hosts + B - getaddrinfo() on IPv6 enabled hosts + + Also note that libcurl never resolves or reverse-lookups addresses given as + pure numbers, such as 127.0.0.1 or ::1. + + 5.10 How do I prevent libcurl from writing the response to stdout? + + libcurl provides a default built-in write function that writes received data + to stdout. Set the CURLOPT_WRITEFUNCTION to receive the data, or possibly + set CURLOPT_WRITEDATA to a different FILE * handle. + + 5.11 How do I make libcurl not receive the whole HTTP response? + + You make the write callback (or progress callback) return an error and + libcurl will then abort the transfer. + + 5.12 Can I make libcurl fake or hide my real IP address? + + No. libcurl operates on a higher level. Besides, faking IP address would + imply sending IP packets with a made-up source address, and then you normally + get a problem with receiving the packet sent back as they would then not be + routed to you! + + If you use a proxy to access remote sites, the sites will not see your local + IP address but instead the address of the proxy. + + Also note that on many networks NATs or other IP-munging techniques are used + that makes you see and use a different IP address locally than what the + remote server will see you coming from. You may also consider using + https://www.torproject.org/ . + + 5.13 How do I stop an ongoing transfer? + + With the easy interface you make sure to return the correct error code from + one of the callbacks, but none of them are instant. There is no function you + can call from another thread or similar that will stop it immediately. + Instead, you need to make sure that one of the callbacks you use returns an + appropriate value that will stop the transfer. Suitable callbacks that you + can do this with include the progress callback, the read callback and the + write callback. + + If you're using the multi interface, you can also stop a transfer by + removing the particular easy handle from the multi stack at any moment you + think the transfer is done or when you wish to abort the transfer. + + 5.14 Using C++ non-static functions for callbacks? + + libcurl is a C library, it doesn't know anything about C++ member functions. + + You can overcome this "limitation" with relative ease using a static + member function that is passed a pointer to the class: + + // f is the pointer to your object. + static size_t YourClass::func(void *buffer, size_t sz, size_t n, void *f) + { + // Call non-static member function. + static_cast(f)->nonStaticFunction(); + } + + // This is how you pass pointer to the static function: + curl_easy_setopt(hcurl, CURLOPT_WRITEFUNCTION, YourClass::func); + curl_easy_setopt(hcurl, CURLOPT_WRITEDATA, this); + + 5.15 How do I get an FTP directory listing? + + If you end the FTP URL you request with a slash, libcurl will provide you + with a directory listing of that given directory. You can also set + CURLOPT_CUSTOMREQUEST to alter what exact listing command libcurl would use + to list the files. + + The follow-up question tends to be how is a program supposed to parse the + directory listing. How does it know what's a file and what's a dir and what's + a symlink etc. If the FTP server supports the MLSD command then it will + return data in a machine-readable format that can be parsed for type. The + types are specified by RFC3659 section 7.5.1. If MLSD is not supported then + you have to work with what you're given. The LIST output format is entirely + at the server's own liking and the NLST output doesn't reveal any types and + in many cases doesn't even include all the directory entries. Also, both LIST + and NLST tend to hide unix-style hidden files (those that start with a dot) + by default so you need to do "LIST -a" or similar to see them. + + Example - List only directories. + ftp.funet.fi supports MLSD and ftp.kernel.org does not: + + curl -s ftp.funet.fi/pub/ -X MLSD | \ + perl -lne 'print if s/(?:^|;)type=dir;[^ ]+ (.+)$/$1/' + + curl -s ftp.kernel.org/pub/linux/kernel/ | \ + perl -lne 'print if s/^d[-rwx]{9}(?: +[^ ]+){7} (.+)$/$1/' + + If you need to parse LIST output in libcurl one such existing + list parser is available at https://cr.yp.to/ftpparse.html Versions of + libcurl since 7.21.0 also provide the ability to specify a wildcard to + download multiple files from one FTP directory. + + 5.16 I want a different time-out! + + Time and time again users realize that CURLOPT_TIMEOUT and + CURLOPT_CONNECTIMEOUT are not sufficiently advanced or flexible to cover all + the various use cases and scenarios applications end up with. + + libcurl offers many more ways to time-out operations. A common alternative + is to use the CURLOPT_LOW_SPEED_LIMIT and CURLOPT_LOW_SPEED_TIME options to + specify the lowest possible speed to accept before to consider the transfer + timed out. + + The most flexible way is by writing your own time-out logic and using + CURLOPT_XFERINFOFUNCTION (perhaps in combination with other callbacks) and + use that to figure out exactly when the right condition is met when the + transfer should get stopped. + + 5.17 Can I write a server with libcurl? + + No. libcurl offers no functions or building blocks to build any kind of + internet protocol server. libcurl is only a client-side library. For server + libraries, you need to continue your search elsewhere but there exist many + good open source ones out there for most protocols you could possibly want a + server for. And there are really good stand-alone ones that have been tested + and proven for many years. There's no need for you to reinvent them! + + 5.18 Does libcurl use threads? + + Put simply: no, libcurl will execute in the same thread you call it in. All + callbacks will be called in the same thread as the one you call libcurl in. + + If you want to avoid your thread to be blocked by the libcurl call, you make + sure you use the non-blocking API which will do transfers asynchronously - + but still in the same single thread. + + libcurl will potentially internally use threads for name resolving, if it + was built to work like that, but in those cases it'll create the child + threads by itself and they will only be used and then killed internally by + libcurl and never exposed to the outside. + +6. License Issues + + Curl and libcurl are released under a MIT/X derivate license. The license is + very liberal and should not impose a problem for your project. This section + is just a brief summary for the cases we get the most questions. (Parts of + this section was much enhanced by Bjorn Reese.) + + We are not lawyers and this is not legal advice. You should probably consult + one if you want true and accurate legal insights without our prejudice. Note + especially that this section concerns the libcurl license only; compiling in + features of libcurl that depend on other libraries (e.g. OpenSSL) may affect + the licensing obligations of your application. + + 6.1 I have a GPL program, can I use the libcurl library? + + Yes! + + Since libcurl may be distributed under the MIT/X derivate license, it can be + used together with GPL in any software. + + 6.2 I have a closed-source program, can I use the libcurl library? + + Yes! + + libcurl does not put any restrictions on the program that uses the library. + + 6.3 I have a BSD licensed program, can I use the libcurl library? + + Yes! + + libcurl does not put any restrictions on the program that uses the library. + + 6.4 I have a program that uses LGPL libraries, can I use libcurl? + + Yes! + + The LGPL license doesn't clash with other licenses. + + 6.5 Can I modify curl/libcurl for my program and keep the changes secret? + + Yes! + + The MIT/X derivate license practically allows you to do almost anything with + the sources, on the condition that the copyright texts in the sources are + left intact. + + 6.6 Can you please change the curl/libcurl license to XXXX? + + No. + + We have carefully picked this license after years of development and + discussions and a large amount of people have contributed with source code + knowing that this is the license we use. This license puts the restrictions + we want on curl/libcurl and it does not spread to other programs or + libraries that use it. It should be possible for everyone to use libcurl or + curl in their projects, no matter what license they already have in use. + + 6.7 What are my obligations when using libcurl in my commercial apps? + + Next to none. All you need to adhere to is the MIT-style license (stated in + the COPYING file) which basically says you have to include the copyright + notice in "all copies" and that you may not use the copyright holder's name + when promoting your software. + + You do not have to release any of your source code. + + You do not have to reveal or make public any changes to the libcurl source + code. + + You do not have to broadcast to the world that you are using libcurl within + your app. + + All we ask is that you disclose "the copyright notice and this permission + notice" somewhere. Most probably like in the documentation or in the section + where other third party dependencies already are mentioned and acknowledged. + + As can be seen here: https://curl.haxx.se/docs/companies.html and elsewhere, + more and more companies are discovering the power of libcurl and take + advantage of it even in commercial environments. + + +7. PHP/CURL Issues + + 7.1 What is PHP/CURL? + + The module for PHP that makes it possible for PHP programs to access curl- + functions from within PHP. + + In the cURL project we call this module PHP/CURL to differentiate it from + curl the command line tool and libcurl the library. The PHP team however + does not refer to it like this (for unknown reasons). They call it plain + CURL (often using all caps) or sometimes ext/curl, but both cause much + confusion to users which in turn gives us a higher question load. + + 7.2 Who wrote PHP/CURL? + + PHP/CURL was initially written by Sterling Hughes. + + 7.3 Can I perform multiple requests using the same handle? + + Yes - at least in PHP version 4.3.8 and later (this has been known to not + work in earlier versions, but the exact version when it started to work is + unknown to me). + + After a transfer, you just set new options in the handle and make another + transfer. This will make libcurl re-use the same connection if it can. + + 7.4 Does PHP/CURL have dependencies? + + PHP/CURL is a module that comes with the regular PHP package. It depends on + and uses libcurl, so you need to have libcurl installed properly before + PHP/CURL can be used. diff --git a/extern/curl/docs/FEATURES b/extern/curl/docs/FEATURES new file mode 100644 index 0000000000..68d38fc27f --- /dev/null +++ b/extern/curl/docs/FEATURES @@ -0,0 +1,204 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +FEATURES + +curl tool + - config file support + - multiple URLs in a single command line + - range "globbing" support: [0-13], {one,two,three} + - multiple file upload on a single command line + - custom maximum transfer rate + - redirectable stderr + - metalink support (*13) + +libcurl + - full URL syntax with no length limit + - custom maximum download time + - custom least download speed acceptable + - custom output result after completion + - guesses protocol from host name unless specified + - uses .netrc + - progress bar with time statistics while downloading + - "standard" proxy environment variables support + - compiles on win32 (reported builds on 40+ operating systems) + - selectable network interface for outgoing traffic + - IPv6 support on unix and Windows + - persistent connections + - socks 4 + 5 support, with or without local name resolving + - supports user name and password in proxy environment variables + - operations through proxy "tunnel" (using CONNECT) + - support for large files (>2GB and >4GB) during upload and download + - replaceable memory functions (malloc, free, realloc, etc) + - asynchronous name resolving (*6) + - both a push and a pull style interface + - international domain names (*11) + +HTTP + - HTTP/1.1 compliant (optionally uses 1.0) + - GET + - PUT + - HEAD + - POST + - Pipelining + - multipart formpost (RFC1867-style) + - authentication: Basic, Digest, NTLM (*9) and Negotiate (SPNEGO) (*3) + to server and proxy + - resume (both GET and PUT) + - follow redirects + - maximum amount of redirects to follow + - custom HTTP request + - cookie get/send fully parsed + - reads/writes the netscape cookie file format + - custom headers (replace/remove internally generated headers) + - custom user-agent string + - custom referrer string + - range + - proxy authentication + - time conditions + - via http-proxy + - retrieve file modification date + - Content-Encoding support for deflate and gzip + - "Transfer-Encoding: chunked" support in uploads + - data compression (*12) + - HTTP/2 (*5) + +HTTPS (*1) + - (all the HTTP features) + - using client certificates + - verify server certificate + - via http-proxy + - select desired encryption + - force usage of a specific SSL version (SSLv2 (*7), SSLv3 (*10) or TLSv1) + +FTP + - download + - authentication + - Kerberos 5 (*14) + - active/passive using PORT, EPRT, PASV or EPSV + - single file size information (compare to HTTP HEAD) + - 'type=' URL support + - dir listing + - dir listing names-only + - upload + - upload append + - upload via http-proxy as HTTP PUT + - download resume + - upload resume + - custom ftp commands (before and/or after the transfer) + - simple "range" support + - via http-proxy + - all operations can be tunneled through a http-proxy + - customizable to retrieve file modification date + - no dir depth limit + +FTPS (*1) + - implicit ftps:// support that use SSL on both connections + - explicit "AUTH TLS" and "AUTH SSL" usage to "upgrade" plain ftp:// + connection to use SSL for both or one of the connections + +SCP (*8) + - both password and public key auth + +SFTP (*8) + - both password and public key auth + - with custom commands sent before/after the transfer + +TFTP + - download + - upload + +TELNET + - connection negotiation + - custom telnet options + - stdin/stdout I/O + +LDAP (*2) + - full LDAP URL support + +DICT + - extended DICT URL support + +FILE + - URL support + - upload + - resume + +SMB + - SMBv1 over TCP and SSL + - download + - upload + - authentication with NTLMv1 + +SMTP + - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), Kerberos 5 + (*4) and External. + - send e-mails + - mail from support + - mail size support + - mail auth support for trusted server-to-server relaying + - multiple recipients + - via http-proxy + +SMTPS (*1) + - implicit smtps:// support + - explicit "STARTTLS" usage to "upgrade" plain smtp:// connections to use SSL + - via http-proxy + +POP3 + - authentication: Clear Text, APOP and SASL + - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), + Kerberos 5 (*4) and External. + - list e-mails + - retrieve e-mails + - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via + custom requests + - via http-proxy + +POP3S (*1) + - implicit pop3s:// support + - explicit "STLS" usage to "upgrade" plain pop3:// connections to use SSL + - via http-proxy + +IMAP + - authentication: Clear Text and SASL + - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), + Kerberos 5 (*4) and External. + - list the folders of a mailbox + - select a mailbox with support for verifying the UIDVALIDITY + - fetch e-mails with support for specifying the UID and SECTION + - upload e-mails via the append command + - enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS, + STORE, COPY and UID via custom requests + - via http-proxy + +IMAPS (*1) + - implicit imaps:// support + - explicit "STARTTLS" usage to "upgrade" plain imap:// connections to use SSL + - via http-proxy + +FOOTNOTES +========= + + *1 = requires a TLS library + *2 = requires OpenLDAP or WinLDAP + *3 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or + SSPI (native Windows) + *4 = requires a GSS-API implementation, however, only Windows SSPI is + currently supported + *5 = requires nghttp2 and possibly a recent TLS library + *6 = requires c-ares + *7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for + example, only supports SSLv3 and TLSv1 + *8 = requires libssh2 + *9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI + (native Windows) + *10 = requires an SSL library that supports SSLv3 + *11 = requires libidn or Windows + *12 = requires libz + *13 = requires libmetalink, and either an Apple or Microsoft operating + system, or OpenSSL, or GnuTLS, or NSS + *14 = requires a GSS-API implementation (such as Heimdal or MIT Kerberos) diff --git a/extern/curl/docs/GOVERNANCE.md b/extern/curl/docs/GOVERNANCE.md new file mode 100644 index 0000000000..81747179b9 --- /dev/null +++ b/extern/curl/docs/GOVERNANCE.md @@ -0,0 +1,167 @@ +# Decision making in the curl project + +A rough guide to how we make decisions and who does what. + +## BDFL + +This project was started by and has to some extent been pushed forward over +the years with Daniel Stenberg as the driving force. It matches a standard +BDFL (Benevolent Dictator For Life) style project. + +This setup has been used due to convenience and the fact that is has worked +fine this far. It is not because someone thinks of it as a superior project +leadership model. It will also only continue working as long as Daniel manages +to listen in to what the project and the general user population wants and +expects from us. + +## Legal entity + +There is no legal entity. The curl project is just a bunch of people scattered +around the globe with the common goal to produce source code that creates +great products. We are not part of any umbrella organization and we are not +located in any specific country. We are totally independent. + +The copyrights in the project are owned by the individuals and organizations +that wrote those parts of the code. + +## Decisions + +The curl project is not a democracy, but everyone is entitled to state their +opinion and may argue for their sake within the community. + +All and any changes that have been done or will be done are eligible to bring +up for discussion, to object to or to praise. Ideally, we find consensus for +the appropriate way forward in any given situation or challenge. + +If there is no obvious consensus, a maintainer who's knowledgeable in the +specific area will take an "executive" decision that they think is the right +for the project. + +## Donations + +Donating plain money to curl is best done to curl's [Open Collective +fund](https://opencollective.com/curl). Open Collective is a US based +non-profit organization that holds on to funds for us. This fund is then used +for paying the curl security bug bounties, to reimburse project related +expenses etc. + +Donations to the project can also come in form of server hosting, providing +services and paying for people to work on curl related code etc. Usually, such +donations are services paid for directly by the sponsors. + +We grade sponsors in a few different levels and if they meet the criterias, +they can be mentioned on the Sponsors page on the curl web site. + +## Commercial Support + +The curl project does not do or offer commercial support. It only hosts +mailing lists, runs bug trackers etc to facilitate communication and work. + +However, Daniel works for wolfSSL and we offer commercial curl support there. + +## Key roles + +### Maintainers + +A maintainer in the curl project is an individual who has been given +permissions to push commits to one of the git repositories. + +Maintainers are free to push commits to the repositories at their own will. +Maintainers are however expected to listen to feedback from users and any +change that is non-trivial in size or nature *should* be brought to the +project as a PR to allow others to comment/object before merge. + +### Former maintainers + +A maintainer who stops being active in the project will at some point get +their push permissions removed. We do this for security reasons but also to +make sure that we always have the list of maintainers as "the team that push +stuff to curl". + +Getting push permissions removed is not a punishment. Everyone who ever worked +on maintaining curl is considered a hero, for all time hereafter. + +### Security team members + +We have a security team. That's the team of people who are subscribed to the +curl-security mailing list; the receivers of security reports from users and +developers. This list of people will vary over time but should be skilled +developers familiar with the curl project. + +The security team works best when it consists of a small set of active +persons. We invite new members when the team seems to need it, and we also +expect to retire security team members as they "drift off" from the project or +just find themselves unable to perform their duties there. + +### Server admins + +We run a web server, a mailing list and more on the curl project's primary +server. That physical machine is owned and run by Haxx. Daniel is the primary +admin of all things curl related server stuff, but Björn Stenberg and Linus +Feltzing serve as backup admins for when Daniel is gone or unable. + +The primary server is paid for by Haxx. The machine is physically located in a +server bunker in Stockholm Sweden, operated by the company Portlane. + +The web site contents are served to the web via Fastly and Daniel is the +primary curl contact with Fastly. + +### BDFL + +That's Daniel. + +# Maintainers + +A curl maintainer is a project volunteer who has the authority and rights to +merge changes into a git repository in the curl project. + +Anyone can aspire to become a curl maintainer. + +### Duties + +There are no mandatory duties. We hope and wish that maintainers consider +reviewing patches and help merging them, especially when the changes are +within the area of personal expertise and experience. + +### Requirements + +- only merge code that meets our quality and style guide requirements. +- *never* merge code without doing a PR first, unless the change is "trivial" +- if in doubt, ask for input/feedback from others + +### Recommendations + +- we require two-factor authentication enabled on your github account to + reduce risk of malicious source code tampering +- consider enabling signed git commits for additional verification of changes + +### Merge advice + +When you're merging patches/PRs... + +- make sure the commit messages follow our template +- squash patch sets into a few logical commits even if the PR didn't, if + necessary +- avoid the "merge" button on github, do it "manually" instead to get full + control and full audit trail (github leaves out you as "Committer:") +- remember to credit the reporter and the helpers! + +## Who are maintainers? + +The [list of maintainers](https://github.com/orgs/curl/people). Be aware that +the level of presence and activity in the project vary greatly between +different individuals and over time. + +### Become a maintainer? + +If you think you can help making the project better by shouldering some +maintaining responsibilities, then please get in touch. + +You will be expected to be familiar with the curl project and its ways of +working. You need to have gotten a few quality patches merged as a proof of +this. + +### Stop being a maintainer + +If you (appear to) not be active in the project anymore, you may be removed as +a maintainer. Thank you for your service! diff --git a/extern/curl/docs/HELP-US.md b/extern/curl/docs/HELP-US.md new file mode 100644 index 0000000000..aae2b9f599 --- /dev/null +++ b/extern/curl/docs/HELP-US.md @@ -0,0 +1,70 @@ +# How to get started helping out in the curl project + +We are always in need of more help. If you are new to the project and are +looking for ways to contribute and help out, this document aims to give a few +good starting points. + +A good idea is to start by subscribing to the [curl-library mailing +list](https://cool.haxx.se/mailman/listinfo/curl-library) to keep track of the +current discussion topics. + +## Scratch your own itch + +One of the best ways is to start working on any problems or issues you have +found yourself or perhaps got annoyed at in the past. It can be a spelling +error in an error text or a weirdly phrased section in a man page. Hunt it +down and report the bug. Or make your first pull request with a fix for that. + +## Help wanted + +In the issue tracker we occasionally mark bugs with [help +wanted](https://github.com/curl/curl/labels/help%20wanted), as a sign that the +bug is acknowledged to exist and that there's nobody known to work on this +issue for the moment. Those are bugs that are fine to "grab" and provide a +pull request for. The complexity level of these will of course vary, so pick +one that piques your interest. + +## Work on known bugs + +Some bugs are known and haven't yet received attention and work enough to get +fixed. We collect such known existing flaws in the +[KNOWN_BUGS](https://curl.haxx.se/docs/knownbugs.html) page. Many of them link +to the original bug report with some additional details, but some may also +have aged a bit and may require some verification that the bug still exists in +the same way and that what was said about it in the past is still valid. + +## Fix autobuild problems + +On the [autobuilds page](https://curl.haxx.se/dev/builds.html) we show a +collection of test results from the automatic curl build and tests that are +performed by volunteers. Fixing compiler warnings and errors shown there is +something we value greatly. Also, if you own or run systems or architectures +that aren't already tested in the autobuilds, we also appreciate more +volunteers running builds automatically to help us keep curl portable. + +## TODO items + +Ideas for features and functions that we have considered worthwhile to +implement and provide are kept in the +[TODO](https://curl.haxx.se/docs/todo.html) file. Some of the ideas are +rough. Some are well thought out. Some probably aren't really suitable +anymore. + +Before you invest a lot of time on a TODO item, do bring it up for discussion +on the mailing list. For discussion on applicability but also for ideas and +brainstorming on specific ways to do the implementation etc. + +## You decide + +You can also come up with a completely new thing you think we should do. Or +not do. Or fix. Or add to the project. You then either bring it to the mailing +list first to see if people will shoot down the idea at once, or you bring a +first draft of the idea as a pull request and take the discussion there around +the specific implementation. Either way is fine. + +## CONTRIBUTE + +We offer [guidelines](https://curl.haxx.se/dev/contribute.html) that are +suitable to be familiar with before you decide to contribute to curl. If +you're used to open source development, you'll probably not find many +surprises in there. diff --git a/extern/curl/docs/HISTORY.md b/extern/curl/docs/HISTORY.md new file mode 100644 index 0000000000..a628d05098 --- /dev/null +++ b/extern/curl/docs/HISTORY.md @@ -0,0 +1,359 @@ +How curl Became Like This +========================= + +Towards the end of 1996, Daniel Stenberg was spending time writing an IRC bot +for an Amiga related channel on EFnet. He then came up with the idea to make +currency-exchange calculations available to Internet Relay Chat (IRC) +users. All the necessary data were published on the Web; he just needed to +automate their retrieval. + +Daniel simply adopted an existing command-line open-source tool, httpget, that +Brazilian Rafael Sagula had written and recently released version 0.1 of. After +a few minor adjustments, it did just what he needed. + +1997 +---- + +HttpGet 1.0 was released on April 8th 1997 with brand new HTTP proxy support. + +We soon found and fixed support for getting currencies over GOPHER. Once FTP +download support was added, the name of the project was changed and urlget 2.0 +was released in August 1997. The http-only days were already passed. + +1998 +---- + +The project slowly grew bigger. When upload capabilities were added and the +name once again was misleading, a second name change was made and on March 20, +1998 curl 4 was released. (The version numbering from the previous names was +kept.) + +(Unrelated to this project a company called Curl Corporation registered a US +trademark on the name "CURL" on May 18 1998. That company had then already +registered the curl.com domain back in November of the previous year. All this +was revealed to us much later.) + +SSL support was added, powered by the SSLeay library. + +August: first announcement of curl on freshmeat.net. + +October: with the curl 4.9 release and the introduction of cookie support, +curl was no longer released under the GPL license. Now we're at 4000 lines of +code, we switched over to the MPL license to restrict the effects of +"copyleft". + +November: configure script and reported successful compiles on several +major operating systems. The never-quite-understood -F option was added and +curl could now simulate quite a lot of a browser. TELNET support was added. + +Curl 5 was released in December 1998 and introduced the first ever curl man +page. People started making Linux RPM packages out of it. + +1999 +---- + +January: DICT support added. + +OpenSSL took over and SSLeay was abandoned. + +May: first Debian package. + +August: LDAP:// and FILE:// support added. The curl web site gets 1300 visits +weekly. Moved site to curl.haxx.nu. + +September: Released curl 6.0. 15000 lines of code. + +December 28: added the project on Sourceforge and started using its services +for managing the project. + +2000 +---- + +Spring: major internal overhaul to provide a suitable library interface. +The first non-beta release was named 7.1 and arrived in August. This offered +the easy interface and turned out to be the beginning of actually getting +other software and programs to be based on and powered by libcurl. Almost +20000 lines of code. + +June: the curl site moves to "curl.haxx.se" + +August, the curl web site gets 4000 visits weekly. + +The PHP guys adopted libcurl already the same month, when the first ever third +party libcurl binding showed up. CURL has been a supported module in PHP since +the release of PHP 4.0.2. This would soon get followers. More than 16 +different bindings exist at the time of this writing. + +September: kerberos4 support was added. + +November: started the work on a test suite for curl. It was later re-written +from scratch again. The libcurl major SONAME number was set to 1. + +2001 +---- + +January: Daniel released curl 7.5.2 under a new license again: MIT (or +MPL). The MIT license is extremely liberal and can be combined with GPL +in other projects. This would finally put an end to the "complaints" from +people involved in GPLed projects that previously were prohibited from using +libcurl while it was released under MPL only. (Due to the fact that MPL is +deemed "GPL incompatible".) + +March 22: curl supports HTTP 1.1 starting with the release of 7.7. This +also introduced libcurl's ability to do persistent connections. 24000 lines of +code. The libcurl major SONAME number was bumped to 2 due to this overhaul. +The first experimental ftps:// support was added. + +August: curl is bundled in Mac OS X, 10.1. It was already becoming more and +more of a standard utility of Linux distributions and a regular in the BSD +ports collections. The curl web site gets 8000 visits weekly. Curl Corporation +contacted Daniel to discuss "the name issue". After Daniel's reply, they have +never since got back in touch again. + +September: libcurl 7.9 introduces cookie jar and curl_formadd(). During the +forthcoming 7.9.x releases, we introduced the multi interface slowly and +without many whistles. + +2002 +---- + +June: the curl web site gets 13000 visits weekly. curl and libcurl is +35000 lines of code. Reported successful compiles on more than 40 combinations +of CPUs and operating systems. + +To estimate number of users of the curl tool or libcurl library is next to +impossible. Around 5000 downloaded packages each week from the main site gives +a hint, but the packages are mirrored extensively, bundled with numerous OS +distributions and otherwise retrieved as part of other software. + +September: with the release of curl 7.10 it is released under the MIT license +only. + +2003 +---- + +January: Started working on the distributed curl tests. The autobuilds. + +February: the curl site averages at 20000 visits weekly. At any given moment, +there's an average of 3 people browsing the curl.haxx.se site. + +Multiple new authentication schemes are supported: Digest (May), NTLM (June) +and Negotiate (June). + +November: curl 7.10.8 is released. 45000 lines of code. ~55000 unique visitors +to the curl.haxx.se site. Five official web mirrors. + +December: full-fledged SSL for FTP is supported. + +2004 +---- + +January: curl 7.11.0 introduced large file support. + +June: curl 7.12.0 introduced IDN support. 10 official web mirrors. + +This release bumped the major SONAME to 3 due to the removal of the +curl_formparse() function + +August: Curl and libcurl 7.12.1 + + Public curl release number: 82 + Releases counted from the very beginning: 109 + Available command line options: 96 + Available curl_easy_setopt() options: 120 + Number of public functions in libcurl: 36 + Amount of public web site mirrors: 12 + Number of known libcurl bindings: 26 + +2005 +---- + +April: GnuTLS can now optionally be used for the secure layer when curl is +built. + +April: Added the multi_socket() API + +September: TFTP support was added. + +More than 100,000 unique visitors of the curl web site. 25 mirrors. + +December: security vulnerability: libcurl URL Buffer Overflow + +2006 +---- + +January: We dropped support for Gopher. We found bugs in the implementation +that turned out to have been introduced years ago, so with the conclusion that +nobody had found out in all this time we removed it instead of fixing it. + +March: security vulnerability: libcurl TFTP Packet Buffer Overflow + +September: The major SONAME number for libcurl was bumped to 4 due to the +removal of ftp third party transfer support. + +November: Added SCP and SFTP support + +2007 +---- + +February: Added support for the Mozilla NSS library to do the SSL/TLS stuff + +July: security vulnerability: libcurl GnuTLS insufficient cert verification + +2008 +---- + +November: + + Command line options: 128 + curl_easy_setopt() options: 158 + Public functions in libcurl: 58 + Known libcurl bindings: 37 + Contributors: 683 + + 145,000 unique visitors. >100 GB downloaded. + +2009 +---- + +March: security vulnerability: libcurl Arbitrary File Access + +April: added CMake support + +August: security vulnerability: libcurl embedded zero in cert name + +December: Added support for IMAP, POP3 and SMTP + +2010 +---- + +January: Added support for RTSP + +February: security vulnerability: libcurl data callback excessive length + +March: The project switched over to use git (hosted by github) instead of CVS +for source code control + +May: Added support for RTMP + +Added support for PolarSSL to do the SSL/TLS stuff + +August: + + Public curl releases: 117 + Command line options: 138 + curl_easy_setopt() options: 180 + Public functions in libcurl: 58 + Known libcurl bindings: 39 + Contributors: 808 + + Gopher support added (re-added actually, see January 2006) + +2011 +---- + +February: added support for the axTLS backend + +April: added the cyassl backend (later renamed to WolfSSL) + +2012 +---- + + July: Added support for Schannel (native Windows TLS backend) and Darwin SSL + (Native Mac OS X and iOS TLS backend). + + Supports metalink + + October: SSH-agent support. + +2013 +---- + + February: Cleaned up internals to always uses the "multi" non-blocking + approach internally and only expose the blocking API with a wrapper. + + September: First small steps on supporting HTTP/2 with nghttp2. + + October: Removed krb4 support. + + December: Happy eyeballs. + +2014 +---- + + March: first real release supporting HTTP/2 + + September: Web site had 245,000 unique visitors and served 236GB data + + SMB and SMBS support + +2015 +---- + + June: support for multiplexing with HTTP/2 + + August: support for HTTP/2 server push + + December: Public Suffix List + +2016 +---- + + January: the curl tool defaults to HTTP/2 for HTTPS URLs + + December: curl 7.52.0 introduced support for HTTPS-proxy! + + First TLS 1.3 support + +2017 +---- + + July: OSS-Fuzz started fuzzing libcurl + + September: Added Multi-SSL support + + The web site serves 3100 GB/month + + Public curl releases: 169 + Command line options: 211 + curl_easy_setopt() options: 249 + Public functions in libcurl: 74 + Contributors: 1609 + + October: SSLKEYLOGFILE support, new MIME API + + November: brotli + +2018 +---- + + January: new SSH backend powered by libssh + + March: starting with the 1803 release of Windows 10, curl is shipped bundled + with Microsoft's operating system. + + July: curl shows headers using bold type face + + October: added DNS-over-HTTPS (DoH) and the URL API + + MesaLink is a new supported TLS backend + + libcurl now does HTTP/2 (and multiplexing) by default on HTTPS URLs + + curl and libcurl are installed in an estimated 5 *billion* instances + world-wide. + + October 31: Curl and libcurl 7.62.0 + + Public curl releases: 177 + Command line options: 219 + curl_easy_setopt() options: 261 + Public functions in libcurl: 80 + Contributors: 1808 + +2019 +---- + + August: the first HTTP/3 requests with curl. + + September: 7.66.0 is released and the tool offers parallel downloads diff --git a/extern/curl/docs/HTTP-COOKIES.md b/extern/curl/docs/HTTP-COOKIES.md new file mode 100644 index 0000000000..31af9f6d9b --- /dev/null +++ b/extern/curl/docs/HTTP-COOKIES.md @@ -0,0 +1,134 @@ +# HTTP Cookies + +## Cookie overview + + Cookies are `name=contents` pairs that a HTTP server tells the client to + hold and then the client sends back those to the server on subsequent + requests to the same domains and paths for which the cookies were set. + + Cookies are either "session cookies" which typically are forgotten when the + session is over which is often translated to equal when browser quits, or + the cookies aren't session cookies they have expiration dates after which + the client will throw them away. + + Cookies are set to the client with the Set-Cookie: header and are sent to + servers with the Cookie: header. + + For a very long time, the only spec explaining how to use cookies was the + original [Netscape spec from 1994](https://curl.haxx.se/rfc/cookie_spec.html). + + In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally + published and details how cookies work within HTTP. In 2016, an update which + added support for prefixes was + [proposed](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00), + and in 2017, another update was + [drafted](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01) + to deprecate modification of 'secure' cookies from non-secure origins. Both + of these drafts have been incorporated into a proposal to + [replace](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02) + RFC6265. Cookie prefixes and secure cookie modification protection has been + implemented by curl. + +## Cookies saved to disk + + Netscape once created a file format for storing cookies on disk so that they + would survive browser restarts. curl adopted that file format to allow + sharing the cookies with browsers, only to see browsers move away from that + format. Modern browsers no longer use it, while curl still does. + + The netscape cookie file format stores one cookie per physical line in the + file with a bunch of associated meta data, each field separated with + TAB. That file is called the cookiejar in curl terminology. + + When libcurl saves a cookiejar, it creates a file header of its own in which + there is a URL mention that will link to the web version of this document. + +## Cookie file format + + The cookie file format is text based and stores one cookie per line. Lines + that start with `#` are treated as comments. + + Each line that each specifies a single cookie consists of seven text fields + separated with TAB characters. A valid line must end with a newline + character. + +### Fields in the file + + Field number, what type and example data and the meaning of it: + + 0. string `example.com` - the domain name + 1. boolean `FALSE` - include subdomains + 2. string `/foobar/` - path + 3. boolean `TRUE` - send/receive over HTTPS only + 4. number `1462299217` - expires at - seconds since Jan 1st 1970, or 0 + 5. string `person` - name of the cookie + 6. string `daniel` - value of the cookie + +## Cookies with curl the command line tool + + curl has a full cookie "engine" built in. If you just activate it, you can + have curl receive and send cookies exactly as mandated in the specs. + + Command line options: + + `-b, --cookie` + + tell curl a file to read cookies from and start the cookie engine, or if it + isn't a file it will pass on the given string. -b name=var works and so does + -b cookiefile. + + `-j, --junk-session-cookies` + + when used in combination with -b, it will skip all "session cookies" on load + so as to appear to start a new cookie session. + + `-c, --cookie-jar` + + tell curl to start the cookie engine and write cookies to the given file + after the request(s) + +## Cookies with libcurl + + libcurl offers several ways to enable and interface the cookie engine. These + options are the ones provided by the native API. libcurl bindings may offer + access to them using other means. + + `CURLOPT_COOKIE` + + Is used when you want to specify the exact contents of a cookie header to + send to the server. + + `CURLOPT_COOKIEFILE` + + Tell libcurl to activate the cookie engine, and to read the initial set of + cookies from the given file. Read-only. + + `CURLOPT_COOKIEJAR` + + Tell libcurl to activate the cookie engine, and when the easy handle is + closed save all known cookies to the given cookiejar file. Write-only. + + `CURLOPT_COOKIELIST` + + Provide detailed information about a single cookie to add to the internal + storage of cookies. Pass in the cookie as a HTTP header with all the details + set, or pass in a line from a netscape cookie file. This option can also be + used to flush the cookies etc. + + `CURLINFO_COOKIELIST` + + Extract cookie information from the internal cookie storage as a linked + list. + +## Cookies with javascript + + These days a lot of the web is built up by javascript. The webbrowser loads + complete programs that render the page you see. These javascript programs + can also set and access cookies. + + Since curl and libcurl are plain HTTP clients without any knowledge of or + capability to handle javascript, such cookies will not be detected or used. + + Often, if you want to mimic what a browser does on such web sites, you can + record web browser HTTP traffic when using such a site and then repeat the + cookie operations using curl or libcurl. diff --git a/extern/curl/docs/HTTP2.md b/extern/curl/docs/HTTP2.md new file mode 100644 index 0000000000..5b4435f888 --- /dev/null +++ b/extern/curl/docs/HTTP2.md @@ -0,0 +1,127 @@ +HTTP/2 with curl +================ + +[HTTP/2 Spec](https://www.rfc-editor.org/rfc/rfc7540.txt) +[http2 explained](https://daniel.haxx.se/http2/) + +Build prerequisites +------------------- + - nghttp2 + - OpenSSL, libressl, BoringSSL, NSS, GnutTLS, mbedTLS, wolfSSL or Schannel + with a new enough version. + +[nghttp2](https://nghttp2.org/) +------------------------------- + +libcurl uses this 3rd party library for the low level protocol handling +parts. The reason for this is that HTTP/2 is much more complex at that layer +than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already +existing and well functional library. + +We require at least version 1.0.0. + +Over an http:// URL +------------------- + +If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will +include an upgrade header in the initial request to the host to allow +upgrading to HTTP/2. + +Possibly we can later introduce an option that will cause libcurl to fail if +not possible to upgrade. Possibly we introduce an option that makes libcurl +use HTTP/2 at once over http:// + +Over an https:// URL +-------------------- + +If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use +ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce +an option that will cause libcurl to fail if not possible to use HTTP/2. + +`CURL_HTTP_VERSION_2TLS` was added in 7.47.0 as a way to ask libcurl to prefer +HTTP/2 for HTTPS but stick to 1.1 by default for plain old HTTP connections. + +ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is +for a similar purpose, was made prior to ALPN and is used for SPDY so early +HTTP/2 servers are implemented using NPN before ALPN support is widespread. + +`CURLOPT_SSL_ENABLE_ALPN` and `CURLOPT_SSL_ENABLE_NPN` are offered to allow +applications to explicitly disable ALPN or NPN. + +SSL libs +-------- + +The challenge is the ALPN and NPN support and all our different SSL +backends. You may need a fairly updated SSL library version for it to provide +the necessary TLS features. Right now we support: + + - OpenSSL: ALPN and NPN + - libressl: ALPN and NPN + - BoringSSL: ALPN and NPN + - NSS: ALPN and NPN + - GnuTLS: ALPN + - mbedTLS: ALPN + - Schannel: ALPN + - wolfSSL: ALPN + - Secure Transport: ALPN + +Multiplexing +------------ + +Starting in 7.43.0, libcurl fully supports HTTP/2 multiplexing, which is the +term for doing multiple independent transfers over the same physical TCP +connection. + +To take advantage of multiplexing, you need to use the multi interface and set +`CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will +attempt to re-use existing HTTP/2 connections and just add a new stream over +that when doing subsequent parallel requests. + +While libcurl sets up a connection to a HTTP server there is a period during +which it doesn't know if it can pipeline or do multiplexing and if you add new +transfers in that period, libcurl will default to start new connections for +those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you +can ask that a transfer should rather wait and see in case there's a +connection for the same host in progress that might end up being possible to +multiplex on. It favours keeping the number of connections low to the cost of +slightly longer time to first byte transferred. + +Applications +------------ + +We hide HTTP/2's binary nature and convert received HTTP/2 traffic to headers +in HTTP 1.1 style. This allows applications to work unmodified. + +curl tool +--------- + +curl offers the `--http2` command line option to enable use of HTTP/2. + +curl offers the `--http2-prior-knowledge` command line option to enable use of +HTTP/2 without HTTP/1.1 Upgrade. + +Since 7.47.0, the curl tool enables HTTP/2 by default for HTTPS connections. + +curl tool limitations +--------------------- + +The command line tool won't do any HTTP/2 multiplexing even though libcurl +supports it, simply because the curl tool is not written to take advantage of +the libcurl API that's necessary for this (the multi interface). We have an +outstanding TODO item for this and **you** can help us make it happen. + +The command line tool also doesn't support HTTP/2 server push for the same +reason it doesn't do multiplexing: it needs to use the multi interface for +that so that multiplexing is supported. + +HTTP Alternative Services +------------------------- + +Alt-Svc is an extension with a corresponding frame (ALTSVC) in HTTP/2 that +tells the client about an alternative "route" to the same content for the same +origin server that you get the response from. A browser or long-living client +can use that hint to create a new connection asynchronously. For libcurl, we +may introduce a way to bring such clues to the application and/or let a +subsequent request use the alternate route automatically. + +[Detailed in RFC 7838](https://tools.ietf.org/html/rfc7838) diff --git a/extern/curl/docs/HTTP3.md b/extern/curl/docs/HTTP3.md new file mode 100644 index 0000000000..55bdd02637 --- /dev/null +++ b/extern/curl/docs/HTTP3.md @@ -0,0 +1,115 @@ +# HTTP3 (and QUIC) + +## Resources + +[HTTP/3 Explained](https://daniel.haxx.se/http3-explained/) - the online free +book describing the protocols involved. + +[QUIC implementation](https://github.com/curl/curl/wiki/QUIC-implementation) - +the wiki page describing the plan for how to support QUIC and HTTP/3 in curl +and libcurl. + +[quicwg.org](https://quicwg.org/) - home of the official protocol drafts + +## QUIC libraries + +QUIC libraries we're experimenting with: + +[ngtcp2](https://github.com/ngtcp2/ngtcp2) + +[quiche](https://github.com/cloudflare/quiche) + +## Experimental! + +HTTP/3 and QUIC support in curl is considered **EXPERIMENTAL** until further +notice. It needs to be enabled at build-time. + +Further development and tweaking of the HTTP/3 support in curl will happen in +in the master branch using pull-requests, just like ordinary changes. + +# ngtcp2 version + +## Build + +Build (patched) OpenSSL + + % git clone --depth 1 -b OpenSSL_1_1_1d-quic-draft-27 https://github.com/tatsuhiro-t/openssl + % cd openssl + % ./config enable-tls1_3 --prefix= + % make + % make install_sw + +Build nghttp3 + + % cd .. + % git clone https://github.com/ngtcp2/nghttp3 + % cd nghttp3 + % autoreconf -i + % ./configure --prefix= --enable-lib-only + % make + % make install + +Build ngtcp2 + + % cd .. + % git clone https://github.com/ngtcp2/ngtcp2 + % cd ngtcp2 + % autoreconf -i + % ./configure PKG_CONFIG_PATH=/lib/pkgconfig:/lib/pkgconfig LDFLAGS="-Wl,-rpath,/lib" --prefix= + % make + % make install + +Build curl + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % ./buildconf + % LDFLAGS="-Wl,-rpath,/lib" ./configure --with-ssl= --with-nghttp3= --with-ngtcp2= --enable-alt-svc + % make + +# quiche version + +## build + +Clone quiche and BoringSSL: + + % git clone --recursive https://github.com/cloudflare/quiche + +Build BoringSSL (it needs to be built manually so it can be reused with curl): + + % cd quiche/deps/boringssl + % mkdir build + % cd build + % cmake -DCMAKE_POSITION_INDEPENDENT_CODE=on .. + % make + % cd .. + % mkdir -p .openssl/lib + % cp build/crypto/libcrypto.a build/ssl/libssl.a .openssl/lib + % ln -s $PWD/include .openssl + +Build quiche: + + % cd ../.. + % QUICHE_BSSL_PATH=$PWD/deps/boringssl cargo build --release --features pkg-config-meta + +Build curl: + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % ./buildconf + % ./configure LDFLAGS="-Wl,-rpath,$PWD/../quiche/target/release" --with-ssl=$PWD/../quiche/deps/boringssl/.openssl --with-quiche=$PWD/../quiche/target/release --enable-alt-svc + % make + +## Run + +Use HTTP/3 directly: + + curl --http3 https://nghttp2.org:8443/ + +Upgrade via Alt-Svc: + + curl --alt-svc altsvc.cache https://quic.aiortc.org/ + +See this [list of public HTTP/3 servers](https://bagder.github.io/HTTP3-test/) diff --git a/extern/curl/docs/INSTALL b/extern/curl/docs/INSTALL new file mode 100644 index 0000000000..ff260b1b14 --- /dev/null +++ b/extern/curl/docs/INSTALL @@ -0,0 +1,9 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + How To Compile + +see INSTALL.md diff --git a/extern/curl/docs/INSTALL.cmake b/extern/curl/docs/INSTALL.cmake new file mode 100644 index 0000000000..03328cbcd9 --- /dev/null +++ b/extern/curl/docs/INSTALL.cmake @@ -0,0 +1,90 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + How To Compile with CMake + +Building with CMake +========================== + This document describes how to compile, build and install curl and libcurl + from source code using the CMake build tool. To build with CMake, you will + of course have to first install CMake. The minimum required version of + CMake is specified in the file CMakeLists.txt found in the top of the curl + source tree. Once the correct version of CMake is installed you can follow + the instructions below for the platform you are building on. + + CMake builds can be configured either from the command line, or from one + of CMake's GUI's. + +Current flaws in the curl CMake build +===================================== + + Missing features in the cmake build: + + - Builds libcurl without large file support + - Does not support all SSL libraries (only OpenSSL, WinSSL, DarwinSSL, and + mbed TLS) + - Doesn't build with SCP and SFTP support (libssh2) (see issue #1155) + - Doesn't allow different resolver backends (no c-ares build support) + - No RTMP support built + - Doesn't allow build curl and libcurl debug enabled + - Doesn't allow a custom CA bundle path + - Doesn't allow you to disable specific protocols from the build + - Doesn't find or use krb4 or GSS + - Rebuilds test files too eagerly, but still can't run the tests + - Doesn't detect the correct strerror_r flavor when cross-compiling (issue #1123) + + +Command Line CMake +================== + A CMake build of curl is similar to the autotools build of curl. It + consists of the following steps after you have unpacked the source. + + 1. Create an out of source build tree parallel to the curl source + tree and change into that directory + + $ mkdir curl-build + $ cd curl-build + + 2. Run CMake from the build tree, giving it the path to the top of + the curl source tree. CMake will pick a compiler for you. If you + want to specify the compile, you can set the CC environment + variable prior to running CMake. + + $ cmake ../curl + $ make + + 3. Install to default location: + + $ make install + + (The test suite does not work with the cmake build) + +ccmake +========= + CMake comes with a curses based interface called ccmake. To run ccmake on + a curl use the instructions for the command line cmake, but substitute + ccmake ../curl for cmake ../curl. This will bring up a curses interface + with instructions on the bottom of the screen. You can press the "c" key + to configure the project, and the "g" key to generate the project. After + the project is generated, you can run make. + +cmake-gui +========= + CMake also comes with a Qt based GUI called cmake-gui. To configure with + cmake-gui, you run cmake-gui and follow these steps: + 1. Fill in the "Where is the source code" combo box with the path to + the curl source tree. + 2. Fill in the "Where to build the binaries" combo box with the path + to the directory for your build tree, ideally this should not be the + same as the source tree, but a parallel directory called curl-build or + something similar. + 3. Once the source and binary directories are specified, press the + "Configure" button. + 4. Select the native build tool that you want to use. + 5. At this point you can change any of the options presented in the + GUI. Once you have selected all the options you want, click the + "Generate" button. + 6. Run the native build tool that you used CMake to generate. diff --git a/extern/curl/docs/INSTALL.md b/extern/curl/docs/INSTALL.md new file mode 100644 index 0000000000..63d41421bf --- /dev/null +++ b/extern/curl/docs/INSTALL.md @@ -0,0 +1,509 @@ +# how to install curl and libcurl + +## Installing Binary Packages + +Lots of people download binary distributions of curl and libcurl. This +document does not describe how to install curl or libcurl using such a binary +package. This document describes how to compile, build and install curl and +libcurl from source code. + +## Building using vcpkg + +You can download and install curl and libcurl using the [vcpkg](https://github.com/Microsoft/vcpkg/) dependency manager: + + git clone https://github.com/Microsoft/vcpkg.git + cd vcpkg + ./bootstrap-vcpkg.sh + ./vcpkg integrate install + vcpkg install curl[tool] + +The curl port in vcpkg is kept up to date by Microsoft team members and community contributors. If the version is out of date, please [create an issue or pull request](https://github.com/Microsoft/vcpkg) on the vcpkg repository. + +## Building from git + +If you get your code off a git repository instead of a release tarball, see +the `GIT-INFO` file in the root directory for specific instructions on how to +proceed. + +# Unix + +A normal Unix installation is made in three or four steps (after you've +unpacked the source archive): + + ./configure + make + make test (optional) + make install + +You probably need to be root when doing the last command. + +Get a full listing of all available configure options by invoking it like: + + ./configure --help + +If you want to install curl in a different file hierarchy than `/usr/local`, +specify that when running configure: + + ./configure --prefix=/path/to/curl/tree + +If you have write permission in that directory, you can do 'make install' +without being root. An example of this would be to make a local install in +your own home directory: + + ./configure --prefix=$HOME + make + make install + +The configure script always tries to find a working SSL library unless +explicitly told not to. If you have OpenSSL installed in the default search +path for your compiler/linker, you don't need to do anything special. If you +have OpenSSL installed in `/usr/local/ssl`, you can run configure like: + + ./configure --with-ssl + +If you have OpenSSL installed somewhere else (for example, `/opt/OpenSSL`) and +you have pkg-config installed, set the pkg-config path first, like this: + + env PKG_CONFIG_PATH=/opt/OpenSSL/lib/pkgconfig ./configure --with-ssl + +Without pkg-config installed, use this: + + ./configure --with-ssl=/opt/OpenSSL + +If you insist on forcing a build without SSL support, even though you may +have OpenSSL installed in your system, you can run configure like this: + + ./configure --without-ssl + +If you have OpenSSL installed, but with the libraries in one place and the +header files somewhere else, you have to set the `LDFLAGS` and `CPPFLAGS` +environment variables prior to running configure. Something like this should +work: + + CPPFLAGS="-I/path/to/ssl/include" LDFLAGS="-L/path/to/ssl/lib" ./configure + +If you have shared SSL libs installed in a directory where your run-time +linker doesn't find them (which usually causes configure failures), you can +provide this option to gcc to set a hard-coded path to the run-time linker: + + LDFLAGS=-Wl,-R/usr/local/ssl/lib ./configure --with-ssl + +## More Options + +To force a static library compile, disable the shared library creation by +running configure like: + + ./configure --disable-shared + +To tell the configure script to skip searching for thread-safe functions, add +an option like: + + ./configure --disable-thread + +If you're a curl developer and use gcc, you might want to enable more debug +options with the `--enable-debug` option. + +curl can be built to use a whole range of libraries to provide various useful +services, and configure will try to auto-detect a decent default. But if you +want to alter it, you can select how to deal with each individual library. + +## Select TLS backend + +The default OpenSSL configure check will also detect and use BoringSSL or +libressl. + + - GnuTLS: `--without-ssl --with-gnutls`. + - wolfSSL: `--without-ssl --with-wolfssl` + - NSS: `--without-ssl --with-nss` + - mbedTLS: `--without-ssl --with-mbedtls` + - schannel: `--without-ssl --with-schannel` + - secure transport: `--without-ssl --with-secure-transport` + - MesaLink: `--without-ssl --with-mesalink` + - BearSSL: `--without-ssl --with-bearssl` + +# Windows + +## Building Windows DLLs and C run-time (CRT) linkage issues + + As a general rule, building a DLL with static CRT linkage is highly + discouraged, and intermixing CRTs in the same app is something to avoid at + any cost. + + Reading and comprehending Microsoft Knowledge Base articles KB94248 and + KB140584 is a must for any Windows developer. Especially important is full + understanding if you are not going to follow the advice given above. + + - [How To Use the C Run-Time](https://support.microsoft.com/help/94248/how-to-use-the-c-run-time) + - [Run-Time Library Compiler Options](https://docs.microsoft.com/cpp/build/reference/md-mt-ld-use-run-time-library) + - [Potential Errors Passing CRT Objects Across DLL Boundaries](https://docs.microsoft.com/cpp/c-runtime-library/potential-errors-passing-crt-objects-across-dll-boundaries) + +If your app is misbehaving in some strange way, or it is suffering from +memory corruption, before asking for further help, please try first to +rebuild every single library your app uses as well as your app using the +debug multithreaded dynamic C runtime. + + If you get linkage errors read section 5.7 of the FAQ document. + +## MingW32 + +Make sure that MinGW32's bin dir is in the search path, for example: + + set PATH=c:\mingw32\bin;%PATH% + +then run `mingw32-make mingw32` in the root dir. There are other +make targets available to build libcurl with more features, use: + + - `mingw32-make mingw32-zlib` to build with Zlib support; + - `mingw32-make mingw32-ssl-zlib` to build with SSL and Zlib enabled; + - `mingw32-make mingw32-ssh2-ssl-zlib` to build with SSH2, SSL, Zlib; + - `mingw32-make mingw32-ssh2-ssl-sspi-zlib` to build with SSH2, SSL, Zlib + and SSPI support. + +If you have any problems linking libraries or finding header files, be sure +to verify that the provided `Makefile.m32` files use the proper paths, and +adjust as necessary. It is also possible to override these paths with +environment variables, for example: + + set ZLIB_PATH=c:\zlib-1.2.8 + set OPENSSL_PATH=c:\openssl-1.0.2c + set LIBSSH2_PATH=c:\libssh2-1.6.0 + +It is also possible to build with other LDAP SDKs than MS LDAP; currently +it is possible to build with native Win32 OpenLDAP, or with the Novell CLDAP +SDK. If you want to use these you need to set these vars: + + set LDAP_SDK=c:\openldap + set USE_LDAP_OPENLDAP=1 + +or for using the Novell SDK: + + set USE_LDAP_NOVELL=1 + +If you want to enable LDAPS support then set LDAPS=1. + +## Cygwin + +Almost identical to the unix installation. Run the configure script in the +curl source tree root with `sh configure`. Make sure you have the `sh` +executable in `/bin/` or you'll see the configure fail toward the end. + +Run `make` + +## Disabling Specific Protocols in Windows builds + +The configure utility, unfortunately, is not available for the Windows +environment, therefore, you cannot use the various disable-protocol options of +the configure utility on this platform. + +You can use specific defines to disable specific protocols and features. See +[CURL-DISABLE.md](CURL-DISABLE-md) for the full list. + +If you want to set any of these defines you have the following options: + + - Modify `lib/config-win32.h` + - Modify `lib/curl_setup.h` + - Modify `winbuild/Makefile.vc` + - Modify the "Preprocessor Definitions" in the libcurl project + +Note: The pre-processor settings can be found using the Visual Studio IDE +under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> +Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later +versions. + +## Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds + +In order to compile libcurl and curl using BSD-style lwIP TCP/IP stack it is +necessary to make definition of preprocessor symbol `USE_LWIPSOCK` visible to +libcurl and curl compilation processes. To set this definition you have the +following alternatives: + + - Modify `lib/config-win32.h` and `src/config-win32.h` + - Modify `winbuild/Makefile.vc` + - Modify the "Preprocessor Definitions" in the libcurl project + +Note: The pre-processor settings can be found using the Visual Studio IDE +under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> +Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later +versions. + +Once that libcurl has been built with BSD-style lwIP TCP/IP stack support, in +order to use it with your program it is mandatory that your program includes +lwIP header file `` (or another lwIP header that includes this) +before including any libcurl header. Your program does not need the +`USE_LWIPSOCK` preprocessor definition which is for libcurl internals only. + +Compilation has been verified with [lwIP +1.4.0](https://download.savannah.gnu.org/releases/lwip/lwip-1.4.0.zip) and +[contrib-1.4.0](https://download.savannah.gnu.org/releases/lwip/contrib-1.4.0.zip). + +This BSD-style lwIP TCP/IP stack support must be considered experimental given +that it has been verified that lwIP 1.4.0 still needs some polish, and libcurl +might yet need some additional adjustment, caveat emptor. + +## Important static libcurl usage note + +When building an application that uses the static libcurl library on Windows, +you must add `-DCURL_STATICLIB` to your `CFLAGS`. Otherwise the linker will +look for dynamic import symbols. + +## Legacy Windows and SSL + +Schannel (from Windows SSPI), is the native SSL library in Windows. However, +Schannel in Windows <= XP is unable to connect to servers that +no longer support the legacy handshakes and algorithms used by those +versions. If you will be using curl in one of those earlier versions of +Windows you should choose another SSL backend such as OpenSSL. + +# Apple iOS and macOS + +On modern Apple operating systems, curl can be built to use Apple's SSL/TLS +implementation, Secure Transport, instead of OpenSSL. To build with Secure +Transport for SSL/TLS, use the configure option `--with-darwinssl`. (It is not +necessary to use the option `--without-ssl`.) This feature requires iOS 5.0 or +later, or OS X 10.5 ("Leopard") or later. + +When Secure Transport is in use, the curl options `--cacert` and `--capath` +and their libcurl equivalents, will be ignored, because Secure Transport uses +the certificates stored in the Keychain to evaluate whether or not to trust +the server. This, of course, includes the root certificates that ship with the +OS. The `--cert` and `--engine` options, and their libcurl equivalents, are +currently unimplemented in curl with Secure Transport. + +For macOS users: In OS X 10.8 ("Mountain Lion"), Apple made a major overhaul +to the Secure Transport API that, among other things, added support for the +newer TLS 1.1 and 1.2 protocols. To get curl to support TLS 1.1 and 1.2, you +must build curl on Mountain Lion or later, or by using the equivalent SDK. If +you set the `MACOSX_DEPLOYMENT_TARGET` environmental variable to an earlier +version of macOS prior to building curl, then curl will use the new Secure +Transport API on Mountain Lion and later, and fall back on the older API when +the same curl binary is executed on older cats. For example, running these +commands in curl's directory in the shell will build the code such that it +will run on cats as old as OS X 10.6 ("Snow Leopard") (using bash): + + export MACOSX_DEPLOYMENT_TARGET="10.6" + ./configure --with-darwinssl + make + +# Android + +When building curl for Android it's recommended to use a Linux environment +since using curl's `configure` script is the easiest way to build curl +for Android. Before you can build curl for Android, you need to install the +Android NDK first. This can be done using the SDK Manager that is part of +Android Studio. Once you have installed the Android NDK, you need to figure out +where it has been installed and then set up some environment variables before +launching `configure`. On macOS, those variables could look like this to compile +for `aarch64` and API level 29: + + export NDK=~/Library/Android/sdk/ndk/20.1.5948944 + export HOST_TAG=darwin-x86_64 + export TOOLCHAIN=$NDK/toolchains/llvm/prebuilt/$HOST_TAG + export AR=$TOOLCHAIN/bin/aarch64-linux-android-ar + export AS=$TOOLCHAIN/bin/aarch64-linux-android-as + export CC=$TOOLCHAIN/bin/aarch64-linux-android29-clang + export CXX=$TOOLCHAIN/bin/aarch64-linux-android29-clang++ + export LD=$TOOLCHAIN/bin/aarch64-linux-android-ld + export RANLIB=$TOOLCHAIN/bin/aarch64-linux-android-ranlib + export STRIP=$TOOLCHAIN/bin/aarch64-linux-android-strip + +When building on Linux or targeting other API levels or architectures, you need +to adjust those variables accordingly. After that you can build curl like this: + + ./configure --host aarch64-linux-android --with-pic --disable-shared + +Note that this won't give you SSL/TLS support. If you need SSL/TLS, you have +to build curl against a SSL/TLS layer, e.g. OpenSSL, because it's impossible for +curl to access Android's native SSL/TLS layer. To build curl for Android using +OpenSSL, follow the OpenSSL build instructions and then install `libssl.a` and +`libcrypto.a` to `$TOOLCHAIN/sysroot/usr/lib` and copy `include/openssl` to +`$TOOLCHAIN/sysroot/usr/include`. Now you can build curl for Android using +OpenSSL like this: + + ./configure --host aarch64-linux-android --with-pic --disable-shared --with-ssl="$TOOLCHAIN/sysroot/usr" + +Note, however, that you must target at least Android M (API level 23) or `configure` +won't be able to detect OpenSSL since `stderr` (and the like) weren't defined +before Android M. + +# Cross compile + +Download and unpack the curl package. + +`cd` to the new directory. (e.g. `cd curl-7.12.3`) + +Set environment variables to point to the cross-compile toolchain and call +configure with any options you need. Be sure and specify the `--host` and +`--build` parameters at configuration time. The following script is an +example of cross-compiling for the IBM 405GP PowerPC processor using the +toolchain from MonteVista for Hardhat Linux. + + #! /bin/sh + + export PATH=$PATH:/opt/hardhat/devkit/ppc/405/bin + export CPPFLAGS="-I/opt/hardhat/devkit/ppc/405/target/usr/include" + export AR=ppc_405-ar + export AS=ppc_405-as + export LD=ppc_405-ld + export RANLIB=ppc_405-ranlib + export CC=ppc_405-gcc + export NM=ppc_405-nm + + ./configure --target=powerpc-hardhat-linux + --host=powerpc-hardhat-linux + --build=i586-pc-linux-gnu + --prefix=/opt/hardhat/devkit/ppc/405/target/usr/local + --exec-prefix=/usr/local + +You may also need to provide a parameter like `--with-random=/dev/urandom` to +configure as it cannot detect the presence of a random number generating +device for a target system. The `--prefix` parameter specifies where curl +will be installed. If `configure` completes successfully, do `make` and `make +install` as usual. + +In some cases, you may be able to simplify the above commands to as little as: + + ./configure --host=ARCH-OS + +# REDUCING SIZE + +There are a number of configure options that can be used to reduce the size of +libcurl for embedded applications where binary size is an important factor. +First, be sure to set the `CFLAGS` variable when configuring with any relevant +compiler optimization flags to reduce the size of the binary. For gcc, this +would mean at minimum the -Os option, and potentially the `-march=X`, +`-mdynamic-no-pic` and `-flto` options as well, e.g. + + ./configure CFLAGS='-Os' LDFLAGS='-Wl,-Bsymbolic'... + +Note that newer compilers often produce smaller code than older versions +due to improved optimization. + +Be sure to specify as many `--disable-` and `--without-` flags on the +configure command-line as you can to disable all the libcurl features that you +know your application is not going to need. Besides specifying the +`--disable-PROTOCOL` flags for all the types of URLs your application will not +use, here are some other flags that can reduce the size of the library: + + - `--disable-ares` (disables support for the C-ARES DNS library) + - `--disable-cookies` (disables support for HTTP cookies) + - `--disable-crypto-auth` (disables HTTP cryptographic authentication) + - `--disable-ipv6` (disables support for IPv6) + - `--disable-manual` (disables support for the built-in documentation) + - `--disable-proxy` (disables support for HTTP and SOCKS proxies) + - `--disable-unix-sockets` (disables support for UNIX sockets) + - `--disable-verbose` (eliminates debugging strings and error code strings) + - `--disable-versioned-symbols` (disables support for versioned symbols) + - `--enable-hidden-symbols` (eliminates unneeded symbols in the shared library) + - `--without-libidn` (disables support for the libidn DNS library) + - `--without-librtmp` (disables support for RTMP) + - `--without-ssl` (disables support for SSL/TLS) + - `--without-zlib` (disables support for on-the-fly decompression) + +The GNU compiler and linker have a number of options that can reduce the +size of the libcurl dynamic libraries on some platforms even further. +Specify them by providing appropriate `CFLAGS` and `LDFLAGS` variables on +the configure command-line, e.g. + + CFLAGS="-Os -ffunction-sections -fdata-sections + -fno-unwind-tables -fno-asynchronous-unwind-tables -flto" + LDFLAGS="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections" + +Be sure also to strip debugging symbols from your binaries after compiling +using 'strip' (or the appropriate variant if cross-compiling). If space is +really tight, you may be able to remove some unneeded sections of the shared +library using the -R option to objcopy (e.g. the .comment section). + +Using these techniques it is possible to create a basic HTTP-only shared +libcurl library for i386 Linux platforms that is only 113 KiB in size, and an +FTP-only library that is 113 KiB in size (as of libcurl version 7.50.3, using +gcc 5.4.0). + +You may find that statically linking libcurl to your application will result +in a lower total size than dynamically linking. + +Note that the curl test harness can detect the use of some, but not all, of +the `--disable` statements suggested above. Use will cause tests relying on +those features to fail. The test harness can be manually forced to skip the +relevant tests by specifying certain key words on the `runtests.pl` command +line. Following is a list of appropriate key words: + + - `--disable-cookies` !cookies + - `--disable-manual` !--manual + - `--disable-proxy` !HTTP\ proxy !proxytunnel !SOCKS4 !SOCKS5 + +# PORTS + +This is a probably incomplete list of known hardware and operating systems +that curl has been compiled for. If you know a system curl compiles and +runs on, that isn't listed, please let us know! + + - Alpha DEC OSF 4 + - Alpha Digital UNIX v3.2 + - Alpha FreeBSD 4.1, 4.5 + - Alpha Linux 2.2, 2.4 + - Alpha NetBSD 1.5.2 + - Alpha OpenBSD 3.0 + - Alpha OpenVMS V7.1-1H2 + - Alpha Tru64 v5.0 5.1 + - AVR32 Linux + - ARM Android 1.5, 2.1, 2.3, 3.2, 4.x + - ARM INTEGRITY + - ARM iOS + - Cell Linux + - Cell Cell OS + - HP-PA HP-UX 9.X 10.X 11.X + - HP-PA Linux + - HP3000 MPE/iX + - MicroBlaze uClinux + - MIPS IRIX 6.2, 6.5 + - MIPS Linux + - OS/400 + - Pocket PC/Win CE 3.0 + - Power AIX 3.2.5, 4.2, 4.3.1, 4.3.2, 5.1, 5.2 + - PowerPC Darwin 1.0 + - PowerPC INTEGRITY + - PowerPC Linux + - PowerPC Mac OS 9 + - PowerPC Mac OS X + - SH4 Linux 2.6.X + - SH4 OS21 + - SINIX-Z v5 + - Sparc Linux + - Sparc Solaris 2.4, 2.5, 2.5.1, 2.6, 7, 8, 9, 10 + - Sparc SunOS 4.1.X + - StrongARM (and other ARM) RISC OS 3.1, 4.02 + - StrongARM/ARM7/ARM9 Linux 2.4, 2.6 + - StrongARM NetBSD 1.4.1 + - Symbian OS (P.I.P.S.) 9.x + - TPF + - Ultrix 4.3a + - UNICOS 9.0 + - i386 BeOS + - i386 DOS + - i386 eCos 1.3.1 + - i386 Esix 4.1 + - i386 FreeBSD + - i386 HURD + - i386 Haiku OS + - i386 Linux 1.3, 2.0, 2.2, 2.3, 2.4, 2.6 + - i386 Mac OS X + - i386 MINIX 3.1 + - i386 NetBSD + - i386 Novell NetWare + - i386 OS/2 + - i386 OpenBSD + - i386 QNX 6 + - i386 SCO unix + - i386 Solaris 2.7 + - i386 Windows 95, 98, ME, NT, 2000, XP, 2003 + - i486 ncr-sysv4.3.03 (NCR MP-RAS) + - ia64 Linux 2.3.99 + - m68k AmigaOS 3 + - m68k Linux + - m68k uClinux + - m68k OpenBSD + - m88k dg-dgux5.4R3.00 + - s390 Linux + - x86_64 Linux + - XScale/PXA250 Linux 2.4 + - Nios II uClinux diff --git a/extern/curl/docs/INTERNALS.md b/extern/curl/docs/INTERNALS.md new file mode 100644 index 0000000000..add8b417f3 --- /dev/null +++ b/extern/curl/docs/INTERNALS.md @@ -0,0 +1,1099 @@ +curl internals +============== + + - [Intro](#intro) + - [git](#git) + - [Portability](#Portability) + - [Windows vs Unix](#winvsunix) + - [Library](#Library) + - [`Curl_connect`](#Curl_connect) + - [`multi_do`](#multi_do) + - [`Curl_readwrite`](#Curl_readwrite) + - [`multi_done`](#multi_done) + - [`Curl_disconnect`](#Curl_disconnect) + - [HTTP(S)](#http) + - [FTP](#ftp) + - [Kerberos](#kerberos) + - [TELNET](#telnet) + - [FILE](#file) + - [SMB](#smb) + - [LDAP](#ldap) + - [E-mail](#email) + - [General](#general) + - [Persistent Connections](#persistent) + - [multi interface/non-blocking](#multi) + - [SSL libraries](#ssl) + - [Library Symbols](#symbols) + - [Return Codes and Informationals](#returncodes) + - [AP/ABI](#abi) + - [Client](#client) + - [Memory Debugging](#memorydebug) + - [Test Suite](#test) + - [Asynchronous name resolves](#asyncdns) + - [c-ares](#cares) + - [`curl_off_t`](#curl_off_t) + - [curlx](#curlx) + - [Content Encoding](#contentencoding) + - [`hostip.c` explained](#hostip) + - [Track Down Memory Leaks](#memoryleak) + - [`multi_socket`](#multi_socket) + - [Structs in libcurl](#structs) + - [Curl_easy](#Curl_easy) + - [connectdata](#connectdata) + - [Curl_multi](#Curl_multi) + - [Curl_handler](#Curl_handler) + - [conncache](#conncache) + - [Curl_share](#Curl_share) + - [CookieInfo](#CookieInfo) + + +Intro +===== + + This project is split in two. The library and the client. The client part + uses the library, but the library is designed to allow other applications to + use it. + + The largest amount of code and complexity is in the library part. + + + +git +=== + + All changes to the sources are committed to the git repository as soon as + they're somewhat verified to work. Changes shall be committed as independently + as possible so that individual changes can be easily spotted and tracked + afterwards. + + Tagging shall be used extensively, and by the time we release new archives we + should tag the sources with a name similar to the released version number. + + +Portability +=========== + + We write curl and libcurl to compile with C89 compilers. On 32-bit and up + machines. Most of libcurl assumes more or less POSIX compliance but that's + not a requirement. + + We write libcurl to build and work with lots of third party tools, and we + want it to remain functional and buildable with these and later versions + (older versions may still work but is not what we work hard to maintain): + +Dependencies +------------ + + - OpenSSL 0.9.7 + - GnuTLS 2.11.3 + - zlib 1.1.4 + - libssh2 0.16 + - c-ares 1.6.0 + - libidn2 2.0.0 + - wolfSSL 2.0.0 + - openldap 2.0 + - MIT Kerberos 1.2.4 + - GSKit V5R3M0 + - NSS 3.14.x + - Heimdal ? + - nghttp2 1.12.0 + +Operating Systems +----------------- + + On systems where configure runs, we aim at working on them all - if they have + a suitable C compiler. On systems that don't run configure, we strive to keep + curl running correctly on: + + - Windows 98 + - AS/400 V5R3M0 + - Symbian 9.1 + - Windows CE ? + - TPF ? + +Build tools +----------- + + When writing code (mostly for generating stuff included in release tarballs) + we use a few "build tools" and we make sure that we remain functional with + these versions: + + - GNU Libtool 1.4.2 + - GNU Autoconf 2.57 + - GNU Automake 1.7 + - GNU M4 1.4 + - perl 5.004 + - roffit 0.5 + - groff ? (any version that supports `groff -Tps -man [in] [out]`) + - ps2pdf (gs) ? + + +Windows vs Unix +=============== + + There are a few differences in how to program curl the Unix way compared to + the Windows way. Perhaps the four most notable details are: + + 1. Different function names for socket operations. + + In curl, this is solved with defines and macros, so that the source looks + the same in all places except for the header file that defines them. The + macros in use are `sclose()`, `sread()` and `swrite()`. + + 2. Windows requires a couple of init calls for the socket stuff. + + That's taken care of by the `curl_global_init()` call, but if other libs + also do it etc there might be reasons for applications to alter that + behaviour. + + 3. The file descriptors for network communication and file operations are + not as easily interchangeable as in Unix. + + We avoid this by not trying any funny tricks on file descriptors. + + 4. When writing data to stdout, Windows makes end-of-lines the DOS way, thus + destroying binary data, although you do want that conversion if it is + text coming through... (sigh) + + We set stdout to binary under windows + + Inside the source code, We make an effort to avoid `#ifdef [Your OS]`. All + conditionals that deal with features *should* instead be in the format + `#ifdef HAVE_THAT_WEIRD_FUNCTION`. Since Windows can't run configure scripts, + we maintain a `curl_config-win32.h` file in lib directory that is supposed to + look exactly like a `curl_config.h` file would have looked like on a Windows + machine! + + Generally speaking: always remember that this will be compiled on dozens of + operating systems. Don't walk on the edge! + + +Library +======= + + (See [Structs in libcurl](#structs) for the separate section describing all + major internal structs and their purposes.) + + There are plenty of entry points to the library, namely each publicly defined + function that libcurl offers to applications. All of those functions are + rather small and easy-to-follow. All the ones prefixed with `curl_easy` are + put in the `lib/easy.c` file. + + `curl_global_init()` and `curl_global_cleanup()` should be called by the + application to initialize and clean up global stuff in the library. As of + today, it can handle the global SSL initing if SSL is enabled and it can init + the socket layer on windows machines. libcurl itself has no "global" scope. + + All printf()-style functions use the supplied clones in `lib/mprintf.c`. This + makes sure we stay absolutely platform independent. + + [ `curl_easy_init()`][2] allocates an internal struct and makes some + initializations. The returned handle does not reveal internals. This is the + `Curl_easy` struct which works as an "anchor" struct for all `curl_easy` + functions. All connections performed will get connect-specific data allocated + that should be used for things related to particular connections/requests. + + [`curl_easy_setopt()`][1] takes three arguments, where the option stuff must + be passed in pairs: the parameter-ID and the parameter-value. The list of + options is documented in the man page. This function mainly sets things in + the `Curl_easy` struct. + + `curl_easy_perform()` is just a wrapper function that makes use of the multi + API. It basically calls `curl_multi_init()`, `curl_multi_add_handle()`, + `curl_multi_wait()`, and `curl_multi_perform()` until the transfer is done + and then returns. + + Some of the most important key functions in `url.c` are called from + `multi.c` when certain key steps are to be made in the transfer operation. + + +Curl_connect() +-------------- + + Analyzes the URL, it separates the different components and connects to the + remote host. This may involve using a proxy and/or using SSL. The + `Curl_resolv()` function in `lib/hostip.c` is used for looking up host + names (it does then use the proper underlying method, which may vary + between platforms and builds). + + When `Curl_connect` is done, we are connected to the remote site. Then it + is time to tell the server to get a document/file. `Curl_do()` arranges + this. + + This function makes sure there's an allocated and initiated `connectdata` + struct that is used for this particular connection only (although there may + be several requests performed on the same connect). A bunch of things are + inited/inherited from the `Curl_easy` struct. + + +multi_do() +--------- + + `multi_do()` makes sure the proper protocol-specific function is called. + The functions are named after the protocols they handle. + + The protocol-specific functions of course deal with protocol-specific + negotiations and setup. They have access to the `Curl_sendf()` (from + `lib/sendf.c`) function to send printf-style formatted data to the remote + host and when they're ready to make the actual file transfer they call the + `Curl_setup_transfer()` function (in `lib/transfer.c`) to setup the + transfer and returns. + + If this DO function fails and the connection is being re-used, libcurl will + then close this connection, setup a new connection and re-issue the DO + request on that. This is because there is no way to be perfectly sure that + we have discovered a dead connection before the DO function and thus we + might wrongly be re-using a connection that was closed by the remote peer. + + +Curl_readwrite() +---------------- + + Called during the transfer of the actual protocol payload. + + During transfer, the progress functions in `lib/progress.c` are called at + frequent intervals (or at the user's choice, a specified callback might get + called). The speedcheck functions in `lib/speedcheck.c` are also used to + verify that the transfer is as fast as required. + + +multi_done() +----------- + + Called after a transfer is done. This function takes care of everything + that has to be done after a transfer. This function attempts to leave + matters in a state so that `multi_do()` should be possible to call again on + the same connection (in a persistent connection case). It might also soon + be closed with `Curl_disconnect()`. + + +Curl_disconnect() +----------------- + + When doing normal connections and transfers, no one ever tries to close any + connections so this is not normally called when `curl_easy_perform()` is + used. This function is only used when we are certain that no more transfers + are going to be made on the connection. It can be also closed by force, or + it can be called to make sure that libcurl doesn't keep too many + connections alive at the same time. + + This function cleans up all resources that are associated with a single + connection. + + +HTTP(S) +======= + + HTTP offers a lot and is the protocol in curl that uses the most lines of + code. There is a special file `lib/formdata.c` that offers all the + multipart post functions. + + base64-functions for user+password stuff (and more) is in `lib/base64.c` + and all functions for parsing and sending cookies are found in + `lib/cookie.c`. + + HTTPS uses in almost every case the same procedure as HTTP, with only two + exceptions: the connect procedure is different and the function used to read + or write from the socket is different, although the latter fact is hidden in + the source by the use of `Curl_read()` for reading and `Curl_write()` for + writing data to the remote server. + + `http_chunks.c` contains functions that understands HTTP 1.1 chunked transfer + encoding. + + An interesting detail with the HTTP(S) request, is the `Curl_add_buffer()` + series of functions we use. They append data to one single buffer, and when + the building is finished the entire request is sent off in one single write. + This is done this way to overcome problems with flawed firewalls and lame + servers. + + +FTP +=== + + The `Curl_if2ip()` function can be used for getting the IP number of a + specified network interface, and it resides in `lib/if2ip.c`. + + `Curl_ftpsendf()` is used for sending FTP commands to the remote server. It + was made a separate function to prevent us programmers from forgetting that + they must be CRLF terminated. They must also be sent in one single `write()` + to make firewalls and similar happy. + + +Kerberos +======== + + Kerberos support is mainly in `lib/krb5.c` and `lib/security.c` but also + `curl_sasl_sspi.c` and `curl_sasl_gssapi.c` for the email protocols and + `socks_gssapi.c` and `socks_sspi.c` for SOCKS5 proxy specifics. + + +TELNET +====== + + Telnet is implemented in `lib/telnet.c`. + + +FILE +==== + + The `file://` protocol is dealt with in `lib/file.c`. + + +SMB +=== + + The `smb://` protocol is dealt with in `lib/smb.c`. + + +LDAP +==== + + Everything LDAP is in `lib/ldap.c` and `lib/openldap.c`. + + +E-mail +====== + + The e-mail related source code is in `lib/imap.c`, `lib/pop3.c` and + `lib/smtp.c`. + + +General +======= + + URL encoding and decoding, called escaping and unescaping in the source code, + is found in `lib/escape.c`. + + While transferring data in `Transfer()` a few functions might get used. + `curl_getdate()` in `lib/parsedate.c` is for HTTP date comparisons (and + more). + + `lib/getenv.c` offers `curl_getenv()` which is for reading environment + variables in a neat platform independent way. That's used in the client, but + also in `lib/url.c` when checking the proxy environment variables. Note that + contrary to the normal unix `getenv()`, this returns an allocated buffer that + must be `free()`ed after use. + + `lib/netrc.c` holds the `.netrc` parser. + + `lib/timeval.c` features replacement functions for systems that don't have + `gettimeofday()` and a few support functions for timeval conversions. + + A function named `curl_version()` that returns the full curl version string + is found in `lib/version.c`. + + +Persistent Connections +====================== + + The persistent connection support in libcurl requires some considerations on + how to do things inside of the library. + + - The `Curl_easy` struct returned in the [`curl_easy_init()`][2] call + must never hold connection-oriented data. It is meant to hold the root data + as well as all the options etc that the library-user may choose. + + - The `Curl_easy` struct holds the "connection cache" (an array of + pointers to `connectdata` structs). + + - This enables the 'curl handle' to be reused on subsequent transfers. + + - When libcurl is told to perform a transfer, it first checks for an already + existing connection in the cache that we can use. Otherwise it creates a + new one and adds that to the cache. If the cache is full already when a new + connection is added, it will first close the oldest unused one. + + - When the transfer operation is complete, the connection is left + open. Particular options may tell libcurl not to, and protocols may signal + closure on connections and then they won't be kept open, of course. + + - When `curl_easy_cleanup()` is called, we close all still opened connections, + unless of course the multi interface "owns" the connections. + + The curl handle must be re-used in order for the persistent connections to + work. + + +multi interface/non-blocking +============================ + + The multi interface is a non-blocking interface to the library. To make that + interface work as well as possible, no low-level functions within libcurl + must be written to work in a blocking manner. (There are still a few spots + violating this rule.) + + One of the primary reasons we introduced c-ares support was to allow the name + resolve phase to be perfectly non-blocking as well. + + The FTP and the SFTP/SCP protocols are examples of how we adapt and adjust + the code to allow non-blocking operations even on multi-stage command- + response protocols. They are built around state machines that return when + they would otherwise block waiting for data. The DICT, LDAP and TELNET + protocols are crappy examples and they are subject for rewrite in the future + to better fit the libcurl protocol family. + + +SSL libraries +============= + + Originally libcurl supported SSLeay for SSL/TLS transports, but that was then + extended to its successor OpenSSL but has since also been extended to several + other SSL/TLS libraries and we expect and hope to further extend the support + in future libcurl versions. + + To deal with this internally in the best way possible, we have a generic SSL + function API as provided by the `vtls/vtls.[ch]` system, and they are the only + SSL functions we must use from within libcurl. vtls is then crafted to use + the appropriate lower-level function calls to whatever SSL library that is in + use. For example `vtls/openssl.[ch]` for the OpenSSL library. + + +Library Symbols +=============== + + All symbols used internally in libcurl must use a `Curl_` prefix if they're + used in more than a single file. Single-file symbols must be made static. + Public ("exported") symbols must use a `curl_` prefix. (There are exceptions, + but they are to be changed to follow this pattern in future versions.) Public + API functions are marked with `CURL_EXTERN` in the public header files so + that all others can be hidden on platforms where this is possible. + + +Return Codes and Informationals +=============================== + + I've made things simple. Almost every function in libcurl returns a CURLcode, + that must be `CURLE_OK` if everything is OK or otherwise a suitable error + code as the `curl/curl.h` include file defines. The very spot that detects an + error must use the `Curl_failf()` function to set the human-readable error + description. + + In aiding the user to understand what's happening and to debug curl usage, we + must supply a fair number of informational messages by using the + `Curl_infof()` function. Those messages are only displayed when the user + explicitly asks for them. They are best used when revealing information that + isn't otherwise obvious. + + +API/ABI +======= + + We make an effort to not export or show internals or how internals work, as + that makes it easier to keep a solid API/ABI over time. See docs/libcurl/ABI + for our promise to users. + + +Client +====== + + `main()` resides in `src/tool_main.c`. + + `src/tool_hugehelp.c` is automatically generated by the `mkhelp.pl` perl + script to display the complete "manual" and the `src/tool_urlglob.c` file + holds the functions used for the URL-"globbing" support. Globbing in the + sense that the `{}` and `[]` expansion stuff is there. + + The client mostly sets up its `config` struct properly, then + it calls the `curl_easy_*()` functions of the library and when it gets back + control after the `curl_easy_perform()` it cleans up the library, checks + status and exits. + + When the operation is done, the `ourWriteOut()` function in `src/writeout.c` + may be called to report about the operation. That function is using the + `curl_easy_getinfo()` function to extract useful information from the curl + session. + + It may loop and do all this several times if many URLs were specified on the + command line or config file. + + +Memory Debugging +================ + + The file `lib/memdebug.c` contains debug-versions of a few functions. + Functions such as `malloc()`, `free()`, `fopen()`, `fclose()`, etc that + somehow deal with resources that might give us problems if we "leak" them. + The functions in the memdebug system do nothing fancy, they do their normal + function and then log information about what they just did. The logged data + can then be analyzed after a complete session, + + `memanalyze.pl` is the perl script present in `tests/` that analyzes a log + file generated by the memory tracking system. It detects if resources are + allocated but never freed and other kinds of errors related to resource + management. + + Internally, definition of preprocessor symbol `DEBUGBUILD` restricts code + which is only compiled for debug enabled builds. And symbol `CURLDEBUG` is + used to differentiate code which is _only_ used for memory + tracking/debugging. + + Use `-DCURLDEBUG` when compiling to enable memory debugging, this is also + switched on by running configure with `--enable-curldebug`. Use + `-DDEBUGBUILD` when compiling to enable a debug build or run configure with + `--enable-debug`. + + `curl --version` will list 'Debug' feature for debug enabled builds, and + will list 'TrackMemory' feature for curl debug memory tracking capable + builds. These features are independent and can be controlled when running + the configure script. When `--enable-debug` is given both features will be + enabled, unless some restriction prevents memory tracking from being used. + + +Test Suite +========== + + The test suite is placed in its own subdirectory directly off the root in the + curl archive tree, and it contains a bunch of scripts and a lot of test case + data. + + The main test script is `runtests.pl` that will invoke test servers like + `httpserver.pl` and `ftpserver.pl` before all the test cases are performed. + The test suite currently only runs on Unix-like platforms. + + You'll find a description of the test suite in the `tests/README` file, and + the test case data files in the `tests/FILEFORMAT` file. + + The test suite automatically detects if curl was built with the memory + debugging enabled, and if it was, it will detect memory leaks, too. + + +Asynchronous name resolves +========================== + + libcurl can be built to do name resolves asynchronously, using either the + normal resolver in a threaded manner or by using c-ares. + + +[c-ares][3] +------ + +### Build libcurl to use a c-ares + +1. ./configure --enable-ares=/path/to/ares/install +2. make + +### c-ares on win32 + + First I compiled c-ares. I changed the default C runtime library to be the + single-threaded rather than the multi-threaded (this seems to be required to + prevent linking errors later on). Then I simply build the areslib project + (the other projects adig/ahost seem to fail under MSVC). + + Next was libcurl. I opened `lib/config-win32.h` and I added a: + `#define USE_ARES 1` + + Next thing I did was I added the path for the ares includes to the include + path, and the libares.lib to the libraries. + + Lastly, I also changed libcurl to be single-threaded rather than + multi-threaded, again this was to prevent some duplicate symbol errors. I'm + not sure why I needed to change everything to single-threaded, but when I + didn't I got redefinition errors for several CRT functions (`malloc()`, + `stricmp()`, etc.) + + +`curl_off_t` +========== + + `curl_off_t` is a data type provided by the external libcurl include + headers. It is the type meant to be used for the [`curl_easy_setopt()`][1] + options that end with LARGE. The type is 64-bit large on most modern + platforms. + + +curlx +===== + + The libcurl source code offers a few functions by source only. They are not + part of the official libcurl API, but the source files might be useful for + others so apps can optionally compile/build with these sources to gain + additional functions. + + We provide them through a single header file for easy access for apps: + `curlx.h` + +`curlx_strtoofft()` +------------------- + A macro that converts a string containing a number to a `curl_off_t` number. + This might use the `curlx_strtoll()` function which is provided as source + code in strtoofft.c. Note that the function is only provided if no + `strtoll()` (or equivalent) function exist on your platform. If `curl_off_t` + is only a 32-bit number on your platform, this macro uses `strtol()`. + +Future +------ + + Several functions will be removed from the public `curl_` name space in a + future libcurl release. They will then only become available as `curlx_` + functions instead. To make the transition easier, we already today provide + these functions with the `curlx_` prefix to allow sources to be built + properly with the new function names. The concerned functions are: + + - `curlx_getenv` + - `curlx_strequal` + - `curlx_strnequal` + - `curlx_mvsnprintf` + - `curlx_msnprintf` + - `curlx_maprintf` + - `curlx_mvaprintf` + - `curlx_msprintf` + - `curlx_mprintf` + - `curlx_mfprintf` + - `curlx_mvsprintf` + - `curlx_mvprintf` + - `curlx_mvfprintf` + + +Content Encoding +================ + +## About content encodings + + [HTTP/1.1][4] specifies that a client may request that a server encode its + response. This is usually used to compress a response using one (or more) + encodings from a set of commonly available compression techniques. These + schemes include `deflate` (the zlib algorithm), `gzip`, `br` (brotli) and + `compress`. A client requests that the server perform an encoding by including + an `Accept-Encoding` header in the request document. The value of the header + should be one of the recognized tokens `deflate`, ... (there's a way to + register new schemes/tokens, see sec 3.5 of the spec). A server MAY honor + the client's encoding request. When a response is encoded, the server + includes a `Content-Encoding` header in the response. The value of the + `Content-Encoding` header indicates which encodings were used to encode the + data, in the order in which they were applied. + + It's also possible for a client to attach priorities to different schemes so + that the server knows which it prefers. See sec 14.3 of RFC 2616 for more + information on the `Accept-Encoding` header. See sec + [3.1.2.2 of RFC 7231][15] for more information on the `Content-Encoding` + header. + +## Supported content encodings + + The `deflate`, `gzip` and `br` content encodings are supported by libcurl. + Both regular and chunked transfers work fine. The zlib library is required + for the `deflate` and `gzip` encodings, while the brotli decoding library is + for the `br` encoding. + +## The libcurl interface + + To cause libcurl to request a content encoding use: + + [`curl_easy_setopt`][1](curl, [`CURLOPT_ACCEPT_ENCODING`][5], string) + + where string is the intended value of the `Accept-Encoding` header. + + Currently, libcurl does support multiple encodings but only + understands how to process responses that use the `deflate`, `gzip` and/or + `br` content encodings, so the only values for [`CURLOPT_ACCEPT_ENCODING`][5] + that will work (besides `identity`, which does nothing) are `deflate`, + `gzip` and `br`. If a response is encoded using the `compress` or methods, + libcurl will return an error indicating that the response could + not be decoded. If `` is NULL no `Accept-Encoding` header is + generated. If `` is a zero-length string, then an `Accept-Encoding` + header containing all supported encodings will be generated. + + The [`CURLOPT_ACCEPT_ENCODING`][5] must be set to any non-NULL value for + content to be automatically decoded. If it is not set and the server still + sends encoded content (despite not having been asked), the data is returned + in its raw form and the `Content-Encoding` type is not checked. + +## The curl interface + + Use the [`--compressed`][6] option with curl to cause it to ask servers to + compress responses using any format supported by curl. + + +`hostip.c` explained +==================== + + The main compile-time defines to keep in mind when reading the `host*.c` + source file are these: + +## `CURLRES_IPV6` + + this host has `getaddrinfo()` and family, and thus we use that. The host may + not be able to resolve IPv6, but we don't really have to take that into + account. Hosts that aren't IPv6-enabled have `CURLRES_IPV4` defined. + +## `CURLRES_ARES` + + is defined if libcurl is built to use c-ares for asynchronous name + resolves. This can be Windows or \*nix. + +## `CURLRES_THREADED` + + is defined if libcurl is built to use threading for asynchronous name + resolves. The name resolve will be done in a new thread, and the supported + asynch API will be the same as for ares-builds. This is the default under + (native) Windows. + + If any of the two previous are defined, `CURLRES_ASYNCH` is defined too. If + libcurl is not built to use an asynchronous resolver, `CURLRES_SYNCH` is + defined. + +## `host*.c` sources + + The `host*.c` sources files are split up like this: + + - `hostip.c` - method-independent resolver functions and utility functions + - `hostasyn.c` - functions for asynchronous name resolves + - `hostsyn.c` - functions for synchronous name resolves + - `asyn-ares.c` - functions for asynchronous name resolves using c-ares + - `asyn-thread.c` - functions for asynchronous name resolves using threads + - `hostip4.c` - IPv4 specific functions + - `hostip6.c` - IPv6 specific functions + + The `hostip.h` is the single united header file for all this. It defines the + `CURLRES_*` defines based on the `config*.h` and `curl_setup.h` defines. + + +Track Down Memory Leaks +======================= + +## Single-threaded + + Please note that this memory leak system is not adjusted to work in more + than one thread. If you want/need to use it in a multi-threaded app. Please + adjust accordingly. + +## Build + + Rebuild libcurl with `-DCURLDEBUG` (usually, rerunning configure with + `--enable-debug` fixes this). `make clean` first, then `make` so that all + files are actually rebuilt properly. It will also make sense to build + libcurl with the debug option (usually `-g` to the compiler) so that + debugging it will be easier if you actually do find a leak in the library. + + This will create a library that has memory debugging enabled. + +## Modify Your Application + + Add a line in your application code: + + `curl_dbg_memdebug("dump");` + + This will make the malloc debug system output a full trace of all resource + using functions to the given file name. Make sure you rebuild your program + and that you link with the same libcurl you built for this purpose as + described above. + +## Run Your Application + + Run your program as usual. Watch the specified memory trace file grow. + + Make your program exit and use the proper libcurl cleanup functions etc. So + that all non-leaks are returned/freed properly. + +## Analyze the Flow + + Use the `tests/memanalyze.pl` perl script to analyze the dump file: + + tests/memanalyze.pl dump + + This now outputs a report on what resources that were allocated but never + freed etc. This report is very fine for posting to the list! + + If this doesn't produce any output, no leak was detected in libcurl. Then + the leak is mostly likely to be in your code. + + +`multi_socket` +============== + + Implementation of the `curl_multi_socket` API + + The main ideas of this API are simply: + + 1. The application can use whatever event system it likes as it gets info + from libcurl about what file descriptors libcurl waits for what action + on. (The previous API returns `fd_sets` which is very + `select()`-centric). + + 2. When the application discovers action on a single socket, it calls + libcurl and informs that there was action on this particular socket and + libcurl can then act on that socket/transfer only and not care about + any other transfers. (The previous API always had to scan through all + the existing transfers.) + + The idea is that [`curl_multi_socket_action()`][7] calls a given callback + with information about what socket to wait for what action on, and the + callback only gets called if the status of that socket has changed. + + We also added a timer callback that makes libcurl call the application when + the timeout value changes, and you set that with [`curl_multi_setopt()`][9] + and the [`CURLMOPT_TIMERFUNCTION`][10] option. To get this to work, + Internally, there's an added struct to each easy handle in which we store + an "expire time" (if any). The structs are then "splay sorted" so that we + can add and remove times from the linked list and yet somewhat swiftly + figure out both how long there is until the next nearest timer expires + and which timer (handle) we should take care of now. Of course, the upside + of all this is that we get a [`curl_multi_timeout()`][8] that should also + work with old-style applications that use [`curl_multi_perform()`][11]. + + We created an internal "socket to easy handles" hash table that given + a socket (file descriptor) returns the easy handle that waits for action on + that socket. This hash is made using the already existing hash code + (previously only used for the DNS cache). + + To make libcurl able to report plain sockets in the socket callback, we had + to re-organize the internals of the [`curl_multi_fdset()`][12] etc so that + the conversion from sockets to `fd_sets` for that function is only done in + the last step before the data is returned. I also had to extend c-ares to + get a function that can return plain sockets, as that library too returned + only `fd_sets` and that is no longer good enough. The changes done to c-ares + are available in c-ares 1.3.1 and later. + + +Structs in libcurl +================== + +This section should cover 7.32.0 pretty accurately, but will make sense even +for older and later versions as things don't change drastically that often. + + +## Curl_easy + + The `Curl_easy` struct is the one returned to the outside in the external API + as a `CURL *`. This is usually known as an easy handle in API documentations + and examples. + + Information and state that is related to the actual connection is in the + `connectdata` struct. When a transfer is about to be made, libcurl will + either create a new connection or re-use an existing one. The particular + connectdata that is used by this handle is pointed out by + `Curl_easy->easy_conn`. + + Data and information that regard this particular single transfer is put in + the `SingleRequest` sub-struct. + + When the `Curl_easy` struct is added to a multi handle, as it must be in + order to do any transfer, the `->multi` member will point to the `Curl_multi` + struct it belongs to. The `->prev` and `->next` members will then be used by + the multi code to keep a linked list of `Curl_easy` structs that are added to + that same multi handle. libcurl always uses multi so `->multi` *will* point + to a `Curl_multi` when a transfer is in progress. + + `->mstate` is the multi state of this particular `Curl_easy`. When + `multi_runsingle()` is called, it will act on this handle according to which + state it is in. The mstate is also what tells which sockets to return for a + specific `Curl_easy` when [`curl_multi_fdset()`][12] is called etc. + + The libcurl source code generally use the name `data` for the variable that + points to the `Curl_easy`. + + When doing multiplexed HTTP/2 transfers, each `Curl_easy` is associated with + an individual stream, sharing the same connectdata struct. Multiplexing + makes it even more important to keep things associated with the right thing! + + +## connectdata + + A general idea in libcurl is to keep connections around in a connection + "cache" after they have been used in case they will be used again and then + re-use an existing one instead of creating a new as it creates a significant + performance boost. + + Each `connectdata` identifies a single physical connection to a server. If + the connection can't be kept alive, the connection will be closed after use + and then this struct can be removed from the cache and freed. + + Thus, the same `Curl_easy` can be used multiple times and each time select + another `connectdata` struct to use for the connection. Keep this in mind, + as it is then important to consider if options or choices are based on the + connection or the `Curl_easy`. + + Functions in libcurl will assume that `connectdata->data` points to the + `Curl_easy` that uses this connection (for the moment). + + As a special complexity, some protocols supported by libcurl require a + special disconnect procedure that is more than just shutting down the + socket. It can involve sending one or more commands to the server before + doing so. Since connections are kept in the connection cache after use, the + original `Curl_easy` may no longer be around when the time comes to shut down + a particular connection. For this purpose, libcurl holds a special dummy + `closure_handle` `Curl_easy` in the `Curl_multi` struct to use when needed. + + FTP uses two TCP connections for a typical transfer but it keeps both in + this single struct and thus can be considered a single connection for most + internal concerns. + + The libcurl source code generally use the name `conn` for the variable that + points to the connectdata. + + +## Curl_multi + + Internally, the easy interface is implemented as a wrapper around multi + interface functions. This makes everything multi interface. + + `Curl_multi` is the multi handle struct exposed as `CURLM *` in external + APIs. + + This struct holds a list of `Curl_easy` structs that have been added to this + handle with [`curl_multi_add_handle()`][13]. The start of the list is + `->easyp` and `->num_easy` is a counter of added `Curl_easy`s. + + `->msglist` is a linked list of messages to send back when + [`curl_multi_info_read()`][14] is called. Basically a node is added to that + list when an individual `Curl_easy`'s transfer has completed. + + `->hostcache` points to the name cache. It is a hash table for looking up + name to IP. The nodes have a limited life time in there and this cache is + meant to reduce the time for when the same name is wanted within a short + period of time. + + `->timetree` points to a tree of `Curl_easy`s, sorted by the remaining time + until it should be checked - normally some sort of timeout. Each `Curl_easy` + has one node in the tree. + + `->sockhash` is a hash table to allow fast lookups of socket descriptor for + which `Curl_easy` uses that descriptor. This is necessary for the + `multi_socket` API. + + `->conn_cache` points to the connection cache. It keeps track of all + connections that are kept after use. The cache has a maximum size. + + `->closure_handle` is described in the `connectdata` section. + + The libcurl source code generally use the name `multi` for the variable that + points to the `Curl_multi` struct. + + +## Curl_handler + + Each unique protocol that is supported by libcurl needs to provide at least + one `Curl_handler` struct. It defines what the protocol is called and what + functions the main code should call to deal with protocol specific issues. + In general, there's a source file named `[protocol].c` in which there's a + `struct Curl_handler Curl_handler_[protocol]` declared. In `url.c` there's + then the main array with all individual `Curl_handler` structs pointed to + from a single array which is scanned through when a URL is given to libcurl + to work with. + + `->scheme` is the URL scheme name, usually spelled out in uppercase. That's + "HTTP" or "FTP" etc. SSL versions of the protocol need their own + `Curl_handler` setup so HTTPS separate from HTTP. + + `->setup_connection` is called to allow the protocol code to allocate + protocol specific data that then gets associated with that `Curl_easy` for + the rest of this transfer. It gets freed again at the end of the transfer. + It will be called before the `connectdata` for the transfer has been + selected/created. Most protocols will allocate its private + `struct [PROTOCOL]` here and assign `Curl_easy->req.protop` to point to it. + + `->connect_it` allows a protocol to do some specific actions after the TCP + connect is done, that can still be considered part of the connection phase. + + Some protocols will alter the `connectdata->recv[]` and + `connectdata->send[]` function pointers in this function. + + `->connecting` is similarly a function that keeps getting called as long as + the protocol considers itself still in the connecting phase. + + `->do_it` is the function called to issue the transfer request. What we call + the DO action internally. If the DO is not enough and things need to be kept + getting done for the entire DO sequence to complete, `->doing` is then + usually also provided. Each protocol that needs to do multiple commands or + similar for do/doing need to implement their own state machines (see SCP, + SFTP, FTP). Some protocols (only FTP and only due to historical reasons) has + a separate piece of the DO state called `DO_MORE`. + + `->doing` keeps getting called while issuing the transfer request command(s) + + `->done` gets called when the transfer is complete and DONE. That's after the + main data has been transferred. + + `->do_more` gets called during the `DO_MORE` state. The FTP protocol uses + this state when setting up the second connection. + + `->proto_getsock` + `->doing_getsock` + `->domore_getsock` + `->perform_getsock` + Functions that return socket information. Which socket(s) to wait for which + action(s) during the particular multi state. + + `->disconnect` is called immediately before the TCP connection is shutdown. + + `->readwrite` gets called during transfer to allow the protocol to do extra + reads/writes + + `->defport` is the default report TCP or UDP port this protocol uses + + `->protocol` is one or more bits in the `CURLPROTO_*` set. The SSL versions + have their "base" protocol set and then the SSL variation. Like + "HTTP|HTTPS". + + `->flags` is a bitmask with additional information about the protocol that will + make it get treated differently by the generic engine: + + - `PROTOPT_SSL` - will make it connect and negotiate SSL + + - `PROTOPT_DUAL` - this protocol uses two connections + + - `PROTOPT_CLOSEACTION` - this protocol has actions to do before closing the + connection. This flag is no longer used by code, yet still set for a bunch + of protocol handlers. + + - `PROTOPT_DIRLOCK` - "direction lock". The SSH protocols set this bit to + limit which "direction" of socket actions that the main engine will + concern itself with. + + - `PROTOPT_NONETWORK` - a protocol that doesn't use network (read `file:`) + + - `PROTOPT_NEEDSPWD` - this protocol needs a password and will use a default + one unless one is provided + + - `PROTOPT_NOURLQUERY` - this protocol can't handle a query part on the URL + (?foo=bar) + + +## conncache + + Is a hash table with connections for later re-use. Each `Curl_easy` has a + pointer to its connection cache. Each multi handle sets up a connection + cache that all added `Curl_easy`s share by default. + + +## Curl_share + + The libcurl share API allocates a `Curl_share` struct, exposed to the + external API as `CURLSH *`. + + The idea is that the struct can have a set of its own versions of caches and + pools and then by providing this struct in the `CURLOPT_SHARE` option, those + specific `Curl_easy`s will use the caches/pools that this share handle + holds. + + Then individual `Curl_easy` structs can be made to share specific things + that they otherwise wouldn't, such as cookies. + + The `Curl_share` struct can currently hold cookies, DNS cache and the SSL + session cache. + + +## CookieInfo + + This is the main cookie struct. It holds all known cookies and related + information. Each `Curl_easy` has its own private `CookieInfo` even when + they are added to a multi handle. They can be made to share cookies by using + the share API. + + +[1]: https://curl.haxx.se/libcurl/c/curl_easy_setopt.html +[2]: https://curl.haxx.se/libcurl/c/curl_easy_init.html +[3]: https://c-ares.haxx.se/ +[4]: https://tools.ietf.org/html/rfc7230 "RFC 7230" +[5]: https://curl.haxx.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html +[6]: https://curl.haxx.se/docs/manpage.html#--compressed +[7]: https://curl.haxx.se/libcurl/c/curl_multi_socket_action.html +[8]: https://curl.haxx.se/libcurl/c/curl_multi_timeout.html +[9]: https://curl.haxx.se/libcurl/c/curl_multi_setopt.html +[10]: https://curl.haxx.se/libcurl/c/CURLMOPT_TIMERFUNCTION.html +[11]: https://curl.haxx.se/libcurl/c/curl_multi_perform.html +[12]: https://curl.haxx.se/libcurl/c/curl_multi_fdset.html +[13]: https://curl.haxx.se/libcurl/c/curl_multi_add_handle.html +[14]: https://curl.haxx.se/libcurl/c/curl_multi_info_read.html +[15]: https://tools.ietf.org/html/rfc7231#section-3.1.2.2 diff --git a/extern/curl/docs/KNOWN_BUGS b/extern/curl/docs/KNOWN_BUGS new file mode 100644 index 0000000000..26f21dc676 --- /dev/null +++ b/extern/curl/docs/KNOWN_BUGS @@ -0,0 +1,758 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + Known Bugs + +These are problems and bugs known to exist at the time of this release. Feel +free to join in and help us correct one or more of these! Also be sure to +check the changelog of the current development status, as one or more of these +problems may have been fixed or changed somewhat since this was written! + + 1. HTTP + 1.2 Multiple methods in a single WWW-Authenticate: header + 1.3 STARTTRANSFER time is wrong for HTTP POSTs + 1.4 multipart formposts file name encoding + 1.5 Expect-100 meets 417 + 1.6 Unnecessary close when 401 received waiting for 100 + 1.7 Deflate error after all content was received + 1.8 DoH isn't used for all name resolves when enabled + 1.9 HTTP/2 frames while in the connection pool kill reuse + 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM + + 2. TLS + 2.1 CURLINFO_SSL_VERIFYRESULT has limited support + 2.2 DER in keychain + 2.3 GnuTLS backend skips really long certificate fields + 2.4 DarwinSSL won't import PKCS#12 client certificates without a password + 2.5 Client cert handling with Issuer DN differs between backends + 2.6 CURL_GLOBAL_SSL + 2.7 Client cert (MTLS) issues with Schannel + 2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname + 2.9 TLS session cache doesn't work with TFO + + 3. Email protocols + 3.1 IMAP SEARCH ALL truncated response + 3.2 No disconnect command + 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses + 3.4 AUTH PLAIN for SMTP is not working on all servers + + 4. Command line + 4.1 -J and -O with %-encoded file names + 4.2 -J with -C - fails + 4.3 --retry and transfer timeouts + 4.4 --upload-file . hang if delay in STDIN + 4.5 Improve --data-urlencode space encoding + + 5. Build and portability issues + 5.1 USE_UNIX_SOCKETS on Windows + 5.2 curl-config --libs contains private details + 5.3 curl compiled on OSX 10.13 failed to run on OSX 10.10 + 5.4 Cannot compile against a static build of OpenLDAP + 5.5 can't handle Unicode arguments in Windows + 5.6 cmake support gaps + 5.7 Visual Studio project gaps + 5.8 configure finding libs in wrong directory + 5.9 Utilize Requires.private directives in libcurl.pc + 5.10 IDN tests failing on Windows / MSYS2 + 5.11 configure --with-gssapi with Heimdal is ignored on macOS + + 6. Authentication + 6.1 NTLM authentication and unicode + 6.2 MIT Kerberos for Windows build + 6.3 NTLM in system context uses wrong name + 6.4 Negotiate and Kerberos V5 need a fake user name + 6.5 NTLM doesn't support password with § character + 6.6 libcurl can fail to try alternatives with --proxy-any + 6.7 Don't clear digest for single realm + + 7. FTP + 7.1 FTP without or slow 220 response + 7.2 FTP with CONNECT and slow server + 7.3 FTP with NOBODY and FAILONERROR + 7.4 FTP with ACCT + 7.5 ASCII FTP + 7.6 FTP with NULs in URL parts + 7.7 FTP and empty path parts in the URL + 7.8 Premature transfer end but healthy control channel + 7.9 Passive transfer tries only one IP address + 7.10 Stick to same family over SOCKS proxy + + 8. TELNET + 8.1 TELNET and time limitations don't work + 8.2 Microsoft telnet server + + 9. SFTP and SCP + 9.1 SFTP doesn't do CURLOPT_POSTQUOTE correct + + 10. SOCKS + 10.3 FTPS over SOCKS + 10.4 active FTP over a SOCKS + + 11. Internals + 11.1 Curl leaks .onion hostnames in DNS + 11.2 error buffer not set if connection to multiple addresses fails + 11.3 c-ares deviates from stock resolver on http://1346569778 + 11.4 HTTP test server 'connection-monitor' problems + 11.5 Connection information when using TCP Fast Open + 11.6 slow connect to localhost on Windows + 11.7 signal-based resolver timeouts + + 12. LDAP and OpenLDAP + 12.1 OpenLDAP hangs after returning results + 12.2 LDAP on Windows does authentication wrong? + 12.3 LDAP on Windows doesn't work + + 13. TCP/IP + 13.1 --interface for ipv6 binds to unusable IP address + + 14 DICT + 14.1 DICT responses show the underlying protocol + +============================================================================== + +1. HTTP + +1.2 Multiple methods in a single WWW-Authenticate: header + + The HTTP responses headers WWW-Authenticate: can provide information about + multiple authentication methods as multiple headers or as several methods + within a single header. The latter way, several methods in the same physical + line, is not supported by libcurl's parser. (For no good reason.) + +1.3 STARTTRANSFER time is wrong for HTTP POSTs + + Wrong STARTTRANSFER timer accounting for POST requests Timer works fine with + GET requests, but while using POST the time for CURLINFO_STARTTRANSFER_TIME + is wrong. While using POST CURLINFO_STARTTRANSFER_TIME minus + CURLINFO_PRETRANSFER_TIME is near to zero every time. + + https://github.com/curl/curl/issues/218 + https://curl.haxx.se/bug/view.cgi?id=1213 + +1.4 multipart formposts file name encoding + + When creating multipart formposts. The file name part can be encoded with + something beyond ascii but currently libcurl will only pass in the verbatim + string the app provides. There are several browsers that already do this + encoding. The key seems to be the updated draft to RFC2231: + https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 + +1.5 Expect-100 meets 417 + + If an upload using Expect: 100-continue receives an HTTP 417 response, it + ought to be automatically resent without the Expect:. A workaround is for + the client application to redo the transfer after disabling Expect:. + https://curl.haxx.se/mail/archive-2008-02/0043.html + +1.6 Unnecessary close when 401 received waiting for 100 + + libcurl closes the connection if an HTTP 401 reply is received while it is + waiting for the 100-continue response. + https://curl.haxx.se/mail/lib-2008-08/0462.html + +1.7 Deflate error after all content was received + + There's a situation where we can get an error in a HTTP response that is + compressed, when that error is detected after all the actual body contents + have been received and delivered to the application. This is tricky, but is + ultimately a broken server. + + See https://github.com/curl/curl/issues/2719 + +1.8 DoH isn't used for all name resolves when enabled + + Even if DoH is specified to be used, there are some name resolves that are + done without it. This should be fixed. When the internal function + `Curl_resolver_wait_resolv()` is called, it doesn't use DoH to complete the + resolve as it otherwise should. + + See https://github.com/curl/curl/pull/3857 and + https://github.com/curl/curl/pull/3850 + +1.9 HTTP/2 frames while in the connection pool kill reuse + + If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to + curl while the connection is held in curl's connection pool, the socket will + be found readable when considered for reuse and that makes curl think it is + dead and then it will be closed and a new connection gets created instead. + + This is *best* fixed by adding monitoring to connections while they are kept + in the pool so that pings can be responded to appropriately. + +1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM + + I'm using libcurl to POST form data using a FILE* with the CURLFORM_STREAM + option of curl_formadd(). I've noticed that if the connection drops at just + the right time, the POST is reattempted without the data from the file. It + seems like the file stream position isn't getting reset to the beginning of + the file. I found the CURLOPT_SEEKFUNCTION option and set that with a + function that performs an fseek() on the FILE*. However, setting that didn't + seem to fix the issue or even get called. See + https://github.com/curl/curl/issues/768 + + +2. TLS + +2.1 CURLINFO_SSL_VERIFYRESULT has limited support + + CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS + backends, so relying on this information in a generic app is flaky. + +2.2 DER in keychain + + Curl doesn't recognize certificates in DER format in keychain, but it works + with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 + +2.3 GnuTLS backend skips really long certificate fields + + libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the + field is too long in the cert, it'll just return an error and the field will + be displayed blank. + +2.4 DarwinSSL won't import PKCS#12 client certificates without a password + + libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that + function rejects certificates that do not have a password. + https://github.com/curl/curl/issues/1308 + +2.5 Client cert handling with Issuer DN differs between backends + + When the specified client certificate doesn't match any of the + server-specified DNs, the OpenSSL and GnuTLS backends behave differently. + The github discussion may contain a solution. + + See https://github.com/curl/curl/issues/1411 + +2.6 CURL_GLOBAL_SSL + + Since libcurl 7.57.0, the flag CURL_GLOBAL_SSL is a no-op. The change was + merged in https://github.com/curl/curl/commit/d661b0afb571a + + It was removed since it was + + A) never clear for applications on how to deal with init in the light of + different SSL backends (the option was added back in the days when life + was simpler) + + B) multissl introduced dynamic switching between SSL backends which + emphasized (A) even more + + C) libcurl uses some TLS backend functionality even for non-TLS functions (to + get "good" random) so applications trying to avoid the init for + performance reasons would do wrong anyway + + D) never very carefully documented so all this mostly just happened to work + for some users + + However, in spite of the problems with the feature, there were some users who + apparently depended on this feature and who now claim libcurl is broken for + them. The fix for this situation is not obvious as a downright revert of the + patch is totally ruled out due to those reasons above. + + https://github.com/curl/curl/issues/2276 + +2.7 Client cert (MTLS) issues with Schannel + + See https://github.com/curl/curl/issues/3145 + +2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname + + This seems to be a limitation in the underlying Schannel API. + + https://github.com/curl/curl/issues/3284 + +2.9 TLS session cache doesn't work with TFO + + See https://github.com/curl/curl/issues/4301 + +3. Email protocols + +3.1 IMAP SEARCH ALL truncated response + + IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the + code reveals that pingpong.c contains some truncation code, at line 408, when + it deems the server response to be too large truncating it to 40 characters" + https://curl.haxx.se/bug/view.cgi?id=1366 + +3.2 No disconnect command + + The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and + SMTP if a failure occurs during the authentication phase of a connection. + +3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses + + You have to tell libcurl not to expect a body, when dealing with one line + response commands. Please see the POP3 examples and test cases which show + this for the NOOP and DELE commands. https://curl.haxx.se/bug/?i=740 + +3.4 AUTH PLAIN for SMTP is not working on all servers + + Specifying "--login-options AUTH=PLAIN" on the command line doesn't seem to + work correctly. + + See https://github.com/curl/curl/issues/4080 + +4. Command line + +4.1 -J and -O with %-encoded file names + + -J/--remote-header-name doesn't decode %-encoded file names. RFC6266 details + how it should be done. The can of worm is basically that we have no charset + handling in curl and ascii >=128 is a challenge for us. Not to mention that + decoding also means that we need to check for nastiness that is attempted, + like "../" sequences and the like. Probably everything to the left of any + embedded slashes should be cut off. + https://curl.haxx.se/bug/view.cgi?id=1294 + + -O also doesn't decode %-encoded names, and while it has even less + information about the charset involved the process is similar to the -J case. + + Note that we won't add decoding to -O without the user asking for it with + some other means as well, since -O has always been documented to use the name + exactly as specified in the URL. + +4.2 -J with -C - fails + + When using -J (with -O), automatically resumed downloading together with "-C + -" fails. Without -J the same command line works! This happens because the + resume logic is worked out before the target file name (and thus its + pre-transfer size) has been figured out! + https://curl.haxx.se/bug/view.cgi?id=1169 + +4.3 --retry and transfer timeouts + + If using --retry and the transfer timeouts (possibly due to using -m or + -y/-Y) the next attempt doesn't resume the transfer properly from what was + downloaded in the previous attempt but will truncate and restart at the + original position where it was at before the previous failed attempt. See + https://curl.haxx.se/mail/lib-2008-01/0080.html and Mandriva bug report + https://qa.mandriva.com/show_bug.cgi?id=22565 + +4.4 --upload-file . hangs if delay in STDIN + + "(echo start; sleep 1; echo end) | curl --upload-file . http://mywebsite -vv" + + ... causes a hang when it shouldn't. + + See https://github.com/curl/curl/issues/2051 + +4.5 Improve --data-urlencode space encoding + + ASCII space characters in --data-urlencode are currently encoded as %20 + rather than +, which RFC 1866 says should be used. + + See https://github.com/curl/curl/issues/3229 + +5. Build and portability issues + +5.1 USE_UNIX_SOCKETS on Windows + + Due to incorrect CMake checks for the presence of the feature, it will never + be enabled for windows in a cmake build. + + See https://github.com/curl/curl/issues/4040 + +5.2 curl-config --libs contains private details + + "curl-config --libs" will include details set in LDFLAGS when configure is + run that might be needed only for building libcurl. Further, curl-config + --cflags suffers from the same effects with CFLAGS/CPPFLAGS. + +5.3 curl compiled on OSX 10.13 failed to run on OSX 10.10 + + See https://github.com/curl/curl/issues/2905 + +5.4 Cannot compile against a static build of OpenLDAP + + See https://github.com/curl/curl/issues/2367 + +5.5 can't handle Unicode arguments in Windows + + If a URL or filename can't be encoded using the user's current codepage then + it can only be encoded properly in the Unicode character set. Windows uses + UTF-16 encoding for Unicode and stores it in wide characters, however curl + and libcurl are not equipped for that at the moment. And, except for Cygwin, + Windows can't use UTF-8 as a locale. + + https://curl.haxx.se/bug/?i=345 + https://curl.haxx.se/bug/?i=731 + +5.6 cmake support gaps + + The cmake build setup lacks several features that the autoconf build + offers. This includes: + + - use of correct soname for the shared library build + + - support for several TLS backends are missing + + - the unit tests cause link failures in regular non-static builds + + - no nghttp2 check + + - unusable tool_hugehelp.c with MinGW, see + https://github.com/curl/curl/issues/3125 + +5.7 Visual Studio project gaps + + The Visual Studio projects lack some features that the autoconf and nmake + builds offer, such as the following: + + - support for zlib and nghttp2 + - use of static runtime libraries + - add the test suite components + + In addition to this the following could be implemented: + + - support for other development IDEs + - add PATH environment variables for third-party DLLs + +5.8 configure finding libs in wrong directory + + When the configure script checks for third-party libraries, it adds those + directories to the LDFLAGS variable and then tries linking to see if it + works. When successful, the found directory is kept in the LDFLAGS variable + when the script continues to execute and do more tests and possibly check for + more libraries. + + This can make subsequent checks for libraries wrongly detect another + installation in a directory that was previously added to LDFLAGS by another + library check! + + A possibly better way to do these checks would be to keep the pristine LDFLAGS + even after successful checks and instead add those verified paths to a + separate variable that only after all library checks have been performed gets + appended to LDFLAGS. + +5.9 Utilize Requires.private directives in libcurl.pc + + https://github.com/curl/curl/issues/864 + +5.10 IDN tests failing on Windows / MSYS2 + + It seems like MSYS2 does some UTF-8-to-something-else conversion for Windows + compatibility. + + https://github.com/curl/curl/issues/3747 + +5.11 configure --with-gssapi with Heimdal is ignored on macOS + + ... unless you also pass --with-gssapi-libs + + https://github.com/curl/curl/issues/3841 + +6. Authentication + +6.1 NTLM authentication and unicode + + NTLM authentication involving unicode user name or password only works + properly if built with UNICODE defined together with the WinSSL/Schannel + backend. The original problem was mentioned in: + https://curl.haxx.se/mail/lib-2009-10/0024.html + https://curl.haxx.se/bug/view.cgi?id=896 + + The WinSSL/Schannel version verified to work as mentioned in + https://curl.haxx.se/mail/lib-2012-07/0073.html + +6.2 MIT Kerberos for Windows build + + libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's + library header files exporting symbols/macros that should be kept private to + the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/ + +6.3 NTLM in system context uses wrong name + + NTLM authentication using SSPI (on Windows) when (lib)curl is running in + "system context" will make it use wrong(?) user name - at least when compared + to what winhttp does. See https://curl.haxx.se/bug/view.cgi?id=535 + +6.4 Negotiate and Kerberos V5 need a fake user name + + In order to get Negotiate (SPNEGO) authentication to work in HTTP or Kerberos + V5 in the e-mail protocols, you need to provide a (fake) user name (this + concerns both curl and the lib) because the code wrongly only considers + authentication if there's a user name provided by setting + conn->bits.user_passwd in url.c https://curl.haxx.se/bug/view.cgi?id=440 How? + https://curl.haxx.se/mail/lib-2004-08/0182.html A possible solution is to + either modify this variable to be set or introduce a variable such as + new conn->bits.want_authentication which is set when any of the authentication + options are set. + +6.5 NTLM doesn't support password with § character + + https://github.com/curl/curl/issues/2120 + +6.6 libcurl can fail to try alternatives with --proxy-any + + When connecting via a proxy using --proxy-any, a failure to establish an + authentication will cause libcurl to abort trying other options if the + failed method has a higher preference than the alternatives. As an example, + --proxy-any against a proxy which advertise Negotiate and NTLM, but which + fails to set up Kerberos authentication won't proceed to try authentication + using NTLM. + + https://github.com/curl/curl/issues/876 + +6.7 Don't clear digest for single realm + + https://github.com/curl/curl/issues/3267 + +7. FTP + +7.1 FTP without or slow 220 response + + If a connection is made to a FTP server but the server then just never sends + the 220 response or otherwise is dead slow, libcurl will not acknowledge the + connection timeout during that phase but only the "real" timeout - which may + surprise users as it is probably considered to be the connect phase to most + people. Brought up (and is being misunderstood) in: + https://curl.haxx.se/bug/view.cgi?id=856 + +7.2 FTP with CONNECT and slow server + + When doing FTP over a socks proxy or CONNECT through HTTP proxy and the multi + interface is used, libcurl will fail if the (passive) TCP connection for the + data transfer isn't more or less instant as the code does not properly wait + for the connect to be confirmed. See test case 564 for a first shot at a test + case. + +7.3 FTP with NOBODY and FAILONERROR + + It seems sensible to be able to use CURLOPT_NOBODY and CURLOPT_FAILONERROR + with FTP to detect if a file exists or not, but it is not working: + https://curl.haxx.se/mail/lib-2008-07/0295.html + +7.4 FTP with ACCT + + When doing an operation over FTP that requires the ACCT command (but not when + logging in), the operation will fail since libcurl doesn't detect this and + thus fails to issue the correct command: + https://curl.haxx.se/bug/view.cgi?id=635 + +7.5 ASCII FTP + + FTP ASCII transfers do not follow RFC959. They don't convert the data + accordingly (not for sending nor for receiving). RFC 959 section 3.1.1.1 + clearly describes how this should be done: + + The sender converts the data from an internal character representation to + the standard 8-bit NVT-ASCII representation (see the Telnet + specification). The receiver will convert the data from the standard + form to his own internal form. + + Since 7.15.4 at least line endings are converted. + +7.6 FTP with NULs in URL parts + + FTP URLs passed to curl may contain NUL (0x00) in the RFC 1738 , + , and components, encoded as "%00". The problem is that + curl_unescape does not detect this, but instead returns a shortened C string. + From a strict FTP protocol standpoint, NUL is a valid character within RFC + 959 , so the way to handle this correctly in curl would be to use a + data structure other than a plain C string, one that can handle embedded NUL + characters. From a practical standpoint, most FTP servers would not + meaningfully support NUL characters within RFC 959 , anyway (e.g., + Unix pathnames may not contain NUL). + +7.7 FTP and empty path parts in the URL + + libcurl ignores empty path parts in FTP URLs, whereas RFC1738 states that + such parts should be sent to the server as 'CWD ' (without an argument). The + only exception to this rule, is that we knowingly break this if the empty + part is first in the path, as then we use the double slashes to indicate that + the user wants to reach the root dir (this exception SHALL remain even when + this bug is fixed). + +7.8 Premature transfer end but healthy control channel + + When 'multi_done' is called before the transfer has been completed the normal + way, it is considered a "premature" transfer end. In this situation, libcurl + closes the connection assuming it doesn't know the state of the connection so + it can't be reused for subsequent requests. + + With FTP however, this isn't necessarily true but there are a bunch of + situations (listed in the ftp_done code) where it *could* keep the connection + alive even in this situation - but the current code doesn't. Fixing this would + allow libcurl to reuse FTP connections better. + +7.9 Passive transfer tries only one IP address + + When doing FTP operations through a proxy at localhost, the reported spotted + that curl only tried to connect once to the proxy, while it had multiple + addresses and a failed connect on one address should make it try the next. + + After switching to passive mode (EPSV), curl should try all IP addresses for + "localhost". Currently it tries ::1, but it should also try 127.0.0.1. + + See https://github.com/curl/curl/issues/1508 + +7.10 Stick to same family over SOCKS proxy + + When asked to do FTP over a SOCKS proxy, it might connect to the proxy (and + then subsequently to the remote server) using for example IPv4. When doing + the second connection, curl should make sure that the second connection is + using the same IP protocol version as the first connection did and not try + others, since the remote server will only accept the same. + + See https://curl.haxx.se/mail/archive-2018-07/0000.html + +8. TELNET + +8.1 TELNET and time limitations don't work + + When using telnet, the time limitation options don't work. + https://curl.haxx.se/bug/view.cgi?id=846 + +8.2 Microsoft telnet server + + There seems to be a problem when connecting to the Microsoft telnet server. + https://curl.haxx.se/bug/view.cgi?id=649 + + +9. SFTP and SCP + +9.1 SFTP doesn't do CURLOPT_POSTQUOTE correct + + When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server + using the multi interface, the commands are not being sent correctly and + instead the connection is "cancelled" (the operation is considered done) + prematurely. There is a half-baked (busy-looping) patch provided in the bug + report but it cannot be accepted as-is. See + https://curl.haxx.se/bug/view.cgi?id=748 + + +10. SOCKS + +10.3 FTPS over SOCKS + + libcurl doesn't support FTPS over a SOCKS proxy. + +10.4 active FTP over a SOCKS + + libcurl doesn't support active FTP over a SOCKS proxy + + +11. Internals + +11.1 Curl leaks .onion hostnames in DNS + + Curl sends DNS requests for hostnames with a .onion TLD. This leaks + information about what the user is attempting to access, and violates this + requirement of RFC7686: https://tools.ietf.org/html/rfc7686 + + Issue: https://github.com/curl/curl/issues/543 + +11.2 error buffer not set if connection to multiple addresses fails + + If you ask libcurl to resolve a hostname like example.com to IPv6 addresses + only. But you only have IPv4 connectivity. libcurl will correctly fail with + CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER + remains empty. Issue: https://github.com/curl/curl/issues/544 + +11.3 c-ares deviates from stock resolver on http://1346569778 + + When using the socket resolvers, that URL becomes: + + * Rebuilt URL to: http://1346569778/ + * Trying 80.67.6.50... + + but with c-ares it instead says "Could not resolve: 1346569778 (Domain name + not found)" + + See https://github.com/curl/curl/issues/893 + +11.4 HTTP test server 'connection-monitor' problems + + The 'connection-monitor' feature of the sws HTTP test server doesn't work + properly if some tests are run in unexpected order. Like 1509 and then 1525. + + See https://github.com/curl/curl/issues/868 + +11.5 Connection information when using TCP Fast Open + + CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is + enabled. + + See https://github.com/curl/curl/issues/1332 and + https://github.com/curl/curl/issues/4296 + +11.6 slow connect to localhost on Windows + + When connecting to "localhost" on Windows, curl will resolve the name for + both ipv4 and ipv6 and try to connect to both happy eyeballs-style. Something + in there does however make it take 200 milliseconds to succeed - which is the + HAPPY_EYEBALLS_TIMEOUT define exactly. Lowering that define speeds up the + connection, suggesting a problem in the HE handling. + + If we can *know* that we're talking to a local host, we should lower the + happy eyeballs delay timeout for IPv6 (related: hardcode the "localhost" + addresses, mentioned in TODO). Possibly we should reduce that delay for all. + + https://github.com/curl/curl/issues/2281 + +11.7 signal-based resolver timeouts + + libcurl built without an asynchronous resolver library uses alarm() to time + out DNS lookups. When a timeout occurs, this causes libcurl to jump from the + signal handler back into the library with a sigsetjmp, which effectively + causes libcurl to continue running within the signal handler. This is + non-portable and could cause problems on some platforms. A discussion on the + problem is available at https://curl.haxx.se/mail/lib-2008-09/0197.html + + Also, alarm() provides timeout resolution only to the nearest second. alarm + ought to be replaced by setitimer on systems that support it. + + +12. LDAP and OpenLDAP + +12.1 OpenLDAP hangs after returning results + + By configuration defaults, openldap automatically chase referrals on + secondary socket descriptors. The OpenLDAP backend is asynchronous and thus + should monitor all socket descriptors involved. Currently, these secondary + descriptors are not monitored, causing openldap library to never receive + data from them. + + As a temporary workaround, disable referrals chasing by configuration. + + The fix is not easy: proper automatic referrals chasing requires a + synchronous bind callback and monitoring an arbitrary number of socket + descriptors for a single easy handle (currently limited to 5). + + Generic LDAP is synchronous: OK. + + See https://github.com/curl/curl/issues/622 and + https://curl.haxx.se/mail/lib-2016-01/0101.html + +12.2 LDAP on Windows does authentication wrong? + + https://github.com/curl/curl/issues/3116 + +12.3 LDAP on Windows doesn't work + + A simple curl command line getting "ldap://ldap.forumsys.com" returns an + error that says "no memory" ! + + https://github.com/curl/curl/issues/4261 + +13. TCP/IP + +13.1 --interface for ipv6 binds to unusable IP address + + Since IPv6 provides a lot of addresses with different scope, binding to an + IPv6 address needs to take the proper care so that it doesn't bind to a + locally scoped address as that is bound to fail. + + https://github.com/curl/curl/issues/686 + +14. DICT + +14.1 DICT responses show the underlying protocol + + When getting a DICT response, the protocol parts of DICT aren't stripped off + from the output. + + https://github.com/curl/curl/issues/1809 diff --git a/extern/curl/docs/LICENSE-MIXING.md b/extern/curl/docs/LICENSE-MIXING.md new file mode 100644 index 0000000000..1083a2dcd0 --- /dev/null +++ b/extern/curl/docs/LICENSE-MIXING.md @@ -0,0 +1,128 @@ +License Mixing +============== + +libcurl can be built to use a fair amount of various third party libraries, +libraries that are written and provided by other parties that are distributed +using their own licenses. Even libcurl itself contains code that may cause +problems to some. This document attempts to describe what licenses libcurl and +the other libraries use and what possible dilemmas linking and mixing them all +can lead to for end users. + +I am not a lawyer and this is not legal advice! + +One common dilemma is that [GPL](https://www.gnu.org/licenses/gpl.html) +licensed code is not allowed to be linked with code licensed under the +[Original BSD license](https://spdx.org/licenses/BSD-4-Clause.html) (with the +announcement clause). You may still build your own copies that use them all, +but distributing them as binaries would be to violate the GPL license - unless +you accompany your license with an +[exception](https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs). This +particular problem was addressed when the [Modified BSD +license](https://opensource.org/licenses/BSD-3-Clause) was created, which does +not have the announcement clause that collides with GPL. + +## libcurl + + Uses an [MIT style license](https://curl.haxx.se/docs/copyright.html) that is + very liberal. + +## OpenSSL + + (May be used for SSL/TLS support) Uses an Original BSD-style license with an + announcement clause that makes it "incompatible" with GPL. You are not + allowed to ship binaries that link with OpenSSL that includes GPL code + (unless that specific GPL code includes an exception for OpenSSL - a habit + that is growing more and more common). If OpenSSL's licensing is a problem + for you, consider using another TLS library. + +## GnuTLS + + (May be used for SSL/TLS support) Uses the + [LGPL](https://www.gnu.org/licenses/lgpl.html) license. If this is a problem + for you, consider using another TLS library. Also note that GnuTLS itself + depends on and uses other libs (libgcrypt and libgpg-error) and they too are + LGPL- or GPL-licensed. + +## WolfSSL + + (May be used for SSL/TLS support) Uses the GPL license or a proprietary + license. If this is a problem for you, consider using another TLS library. + +## NSS + + (May be used for SSL/TLS support) Is covered by the + [MPL](https://www.mozilla.org/MPL/) license, the GPL license and the LGPL + license. You may choose to license the code under MPL terms, GPL terms, or + LGPL terms. These licenses grant you different permissions and impose + different obligations. You should select the license that best meets your + needs. + +## mbedTLS + + (May be used for SSL/TLS support) Uses the [Apache 2.0 + license](https://opensource.org/licenses/Apache-2.0) or the GPL license. + You may choose to license the code under Apache 2.0 terms or GPL terms. + These licenses grant you different permissions and impose different + obligations. You should select the license that best meets your needs. + +## BoringSSL + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + +## libressl + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + +## BearSSL + + (May be used for SSL/TLS support) Uses an MIT license that is very liberal + and imposes no restrictions on any other library or part you may link with. + +## c-ares + + (Used for asynchronous name resolves) Uses an MIT license that is very + liberal and imposes no restrictions on any other library or part you may link + with. + +## zlib + + (Used for compressed Transfer-Encoding support) Uses an MIT-style license + that shouldn't collide with any other library. + +## MIT Kerberos + + (May be used for GSS support) MIT licensed, that shouldn't collide with any + other parts. + +## Heimdal + + (May be used for GSS support) Heimdal is Original BSD licensed with the + announcement clause. + +## GNU GSS + + (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not + distribute binary curl packages that uses this if you build curl to also link + and use any Original BSD licensed libraries! + +## libidn + + (Used for IDNA support) Uses the GNU Lesser General Public License [3]. LGPL + is a variation of GPL with slightly less aggressive "copyleft". This license + requires more requirements to be met when distributing binaries, see the + license for details. Also note that if you distribute a binary that includes + this library, you must also include the full LGPL license text. Please + properly point out what parts of the distributed package that the license + addresses. + +## OpenLDAP + + (Used for LDAP support) Uses a Modified BSD-style license. Since libcurl uses + OpenLDAP as a shared library only, I have not heard of anyone that ships + OpenLDAP linked with libcurl in an app. + +## libssh2 + + (Used for scp and sftp support) libssh2 uses a Modified BSD-style license. diff --git a/extern/curl/docs/MAIL-ETIQUETTE b/extern/curl/docs/MAIL-ETIQUETTE new file mode 100644 index 0000000000..07660a001d --- /dev/null +++ b/extern/curl/docs/MAIL-ETIQUETTE @@ -0,0 +1,285 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +MAIL ETIQUETTE + + 1. About the lists + 1.1 Mailing Lists + 1.2 Netiquette + 1.3 Do Not Mail a Single Individual + 1.4 Subscription Required + 1.5 Moderation of new posters + 1.6 Handling trolls and spam + 1.7 How to unsubscribe + 1.8 I posted, now what? + 1.9 Your emails are public + + 2. Sending mail + 2.1 Reply or New Mail + 2.2 Reply to the List + 2.3 Use a Sensible Subject + 2.4 Do Not Top-Post + 2.5 HTML is not for mails + 2.6 Quoting + 2.7 Digest + 2.8 Please Tell Us How You Solved The Problem! + +============================================================================== + +1. About the lists + + 1.1 Mailing Lists + + The mailing lists we have are all listed and described at + https://curl.haxx.se/mail/ + + Each mailing list is targeted to a specific set of users and subjects, + please use the one or the ones that suit you the most. + + Each mailing list has hundreds up to thousands of readers, meaning that + each mail sent will be received and read by a very large number of people. + People from various cultures, regions, religions and continents. + + 1.2 Netiquette + + Netiquette is a common term for how to behave on the internet. Of course, in + each particular group and subculture there will be differences in what is + acceptable and what is considered good manners. + + This document outlines what we in the curl project consider to be good + etiquette, and primarily this focus on how to behave on and how to use our + mailing lists. + + 1.3 Do Not Mail a Single Individual + + Many people send one question to one person. One person gets many mails, and + there is only one person who can give you a reply. The question may be + something that other people would also like to ask. These other people have + no way to read the reply, but to ask the one person the question. The one + person consequently gets overloaded with mail. + + If you really want to contact an individual and perhaps pay for his or her + services, by all means go ahead, but if it's just another curl question, + take it to a suitable list instead. + + 1.4 Subscription Required + + All curl mailing lists require that you are subscribed to allow a mail to go + through to all the subscribers. + + If you post without being subscribed (or from a different mail address than + the one you are subscribed with), your mail will simply be silently + discarded. You have to subscribe first, then post. + + The reason for this unfortunate and strict subscription policy is of course + to stop spam from pestering the lists. + + 1.5 Moderation of new posters + + Several of the curl mailing lists automatically make all posts from new + subscribers be moderated. This means that after you've subscribed and + sent your first mail to a list, that mail will not be let through to the + list until a mailing list administrator has verified that it is OK and + permits it to get posted. + + Once a first post has been made that proves the sender is actually talking + about curl-related subjects, the moderation "flag" will be switched off and + future posts will go through without being moderated. + + The reason for this moderation policy is that we do suffer from spammers who + actually subscribe and send spam to our lists. + + 1.6 Handling trolls and spam + + Despite our good intentions and hard work to keep spam off the lists and to + maintain a friendly and positive atmosphere, there will be times when spam + and or trolls get through. + + Troll - "someone who posts inflammatory, extraneous, or off-topic messages + in an online community" + + Spam - "use of electronic messaging systems to send unsolicited bulk + messages" + + No matter what, we NEVER EVER respond to trolls or spammers on the list. If + you believe the list admin should do something in particular, contact him/her + off-list. The subject will be taken care of as much as possible to prevent + repeated offenses, but responding on the list to such messages never leads to + anything good and only puts the light even more on the offender: which was + the entire purpose of it getting sent to the list in the first place. + + Don't feed the trolls! + + 1.7 How to unsubscribe + + You can unsubscribe the same way you subscribed in the first place. You go + to the page for the particular mailing list you're subscribed to and you enter + your email address and password and press the unsubscribe button. + + Also, the instructions to unsubscribe are included in the headers of every + mail that is sent out to all curl related mailing lists and there's a footer + in each mail that links to the "admin" page on which you can unsubscribe and + change other options. + + You NEVER EVER email the mailing list requesting someone else to take you off + the list. + + 1.8 I posted, now what? + + If you aren't subscribed with the exact same email address that you used to + send the email, your post will just be silently discarded. + + If you posted for the first time to the mailing list, you first need to wait + for an administrator to allow your email to go through (moderated). This normally + happens very quickly but in case we're asleep, you may have to wait a few + hours. + + Once your email goes through it is sent out to several hundred or even + thousands of recipients. Your email may cover an area that not that many people + know about or are interested in. Or possibly the person who knows about it + is on vacation or under a very heavy work load right now. You may have to wait + for a response and you should not expect to get a response at all, but + hopefully you get an answer within a couple of days. + + You do yourself and all of us a service when you include as many details as + possible already in your first email. Mention your operating system and + environment. Tell us which curl version you're using and tell us what you + did, what happened and what you expected would happen. Preferably, show us + what you did with details enough to allow others to help point out the problem + or repeat the same steps in their locations. + + Failing to include details will only delay responses and make people respond + and ask for more details and you will have to send a follow-up email that + includes them. + + Expect the responses to primarily help YOU debug the issue, or ask YOU + questions that can lead you or others towards a solution or explanation to + whatever you experience. + + If you are a repeat offender to the guidelines outlined in this document, + chances are that people will ignore you at will and your chances to get + responses in the future will greatly diminish. + + 1.9 Your emails are public + + Your email, its contents and all its headers and the details in those + headers will be received by every subscriber of the mailing list that you + send your email to. + + Your email as sent to a curl mailing list will end up in mail archives, on + the curl web site and elsewhere, for others to see and read. Today and in + the future. In addition to the archives, the mail is sent out to thousands + of individuals. There is no way to undo a sent email. + + When sending emails to a curl mailing list, do not include sensitive + information such as user names and passwords; use fake ones, temporary ones + or just remove them completely from the mail. Note that this includes base64 + encoded HTTP Basic auth headers. + + This public nature of the curl mailing lists makes automatically inserted mail + footers about mails being "private" or "only meant for the recipient" or + similar even more silly than usual. Because they are absolutely not private + when sent to a public mailing list. + + +2. Sending mail + + 2.1 Reply or New Mail + + Please do not reply to an existing message as a short-cut to post a message + to the lists. + + Many mail programs and web archivers use information within mails to keep + them together as "threads", as collections of posts that discuss a certain + subject. If you don't intend to reply on the same or similar subject, don't + just hit reply on an existing mail and change subject, create a new mail. + + 2.2 Reply to the List + + When replying to a message from the list, make sure that you do "group + reply" or "reply to all", and not just reply to the author of the single + mail you reply to. + + We're actively discouraging replying back to the single person by setting + the Reply-To: field in outgoing mails back to the mailing list address, + making it harder for people to mail the author directly, if only by mistake. + + 2.3 Use a Sensible Subject + + Please use a subject of the mail that makes sense and that is related to the + contents of your mail. It makes it a lot easier to find your mail afterwards + and it makes it easier to track mail threads and topics. + + 2.4 Do Not Top-Post + + If you reply to a message, don't use top-posting. Top-posting is when you + write the new text at the top of a mail and you insert the previous quoted + mail conversation below. It forces users to read the mail in a backwards + order to properly understand it. + + This is why top posting is so bad (in top posting order): + + A: Because it messes up the order in which people normally read text. + Q: Why is top-posting such a bad thing? + A: Top-posting. + Q: What is the most annoying thing in e-mail? + + Apart from the screwed up read order (especially when mixed together in a + thread when someone responds using the mandated bottom-posting style), it + also makes it impossible to quote only parts of the original mail. + + When you reply to a mail. You let the mail client insert the previous mail + quoted. Then you put the cursor on the first line of the mail and you move + down through the mail, deleting all parts of the quotes that don't add + context for your comments. When you want to add a comment you do so, inline, + right after the quotes that relate to your comment. Then you continue + downwards again. + + When most of the quotes have been removed and you've added your own words, + you're done! + + 2.5 HTML is not for mails + + Please switch off those HTML encoded messages. You can mail all those funny + mails to your friends. We speak plain text mails. + + 2.6 Quoting + + Quote as little as possible. Just enough to provide the context you cannot + leave out. A lengthy description can be found here: + + https://www.netmeister.org/news/learn2quote.html + + 2.7 Digest + + We allow subscribers to subscribe to the "digest" version of the mailing + lists. A digest is a collection of mails lumped together in one single mail. + + Should you decide to reply to a mail sent out as a digest, there are two + things you MUST consider if you really really cannot subscribe normally + instead: + + Cut off all mails and chatter that is not related to the mail you want to + reply to. + + Change the subject name to something sensible and related to the subject, + preferably even the actual subject of the single mail you wanted to reply to + + 2.8 Please Tell Us How You Solved The Problem! + + Many people mail questions to the list, people spend some of their time and + make an effort in providing good answers to these questions. + + If you are the one who asks, please consider responding once more in case + one of the hints was what solved your problems. The guys who write answers + feel good to know that they provided a good answer and that you fixed the + problem. Far too often, the person who asked the question is never heard from + again, and we never get to know if he/she is gone because the problem was + solved or perhaps because the problem was unsolvable! + + Getting the solution posted also helps other users that experience the same + problem(s). They get to see (possibly in the web archives) that the + suggested fixes actually has helped at least one person. diff --git a/extern/curl/docs/MANUAL.md b/extern/curl/docs/MANUAL.md new file mode 100644 index 0000000000..7063dbc8b1 --- /dev/null +++ b/extern/curl/docs/MANUAL.md @@ -0,0 +1,1011 @@ +# curl tutorial + +## Simple Usage + +Get the main page from Netscape's web-server: + + curl http://www.netscape.com/ + +Get the README file the user's home directory at funet's ftp-server: + + curl ftp://ftp.funet.fi/README + +Get a web page from a server using port 8000: + + curl http://www.weirdserver.com:8000/ + +Get a directory listing of an FTP site: + + curl ftp://cool.haxx.se/ + +Get the definition of curl from a dictionary: + + curl dict://dict.org/m:curl + +Fetch two documents at once: + + curl ftp://cool.haxx.se/ http://www.weirdserver.com:8000/ + +Get a file off an FTPS server: + + curl ftps://files.are.secure.com/secrets.txt + +or use the more appropriate FTPS way to get the same file: + + curl --ftp-ssl ftp://files.are.secure.com/secrets.txt + +Get a file from an SSH server using SFTP: + + curl -u username sftp://example.com/etc/issue + +Get a file from an SSH server using SCP using a private key (not +password-protected) to authenticate: + + curl -u username: --key ~/.ssh/id_rsa scp://example.com/~/file.txt + +Get a file from an SSH server using SCP using a private key +(password-protected) to authenticate: + + curl -u username: --key ~/.ssh/id_rsa --pass private_key_password + scp://example.com/~/file.txt + +Get the main page from an IPv6 web server: + + curl "http://[2001:1890:1112:1::20]/" + +Get a file from an SMB server: + + curl -u "domain\username:passwd" smb://server.example.com/share/file.txt + +## Download to a File + +Get a web page and store in a local file with a specific name: + + curl -o thatpage.html http://www.netscape.com/ + +Get a web page and store in a local file, make the local file get the name of +the remote document (if no file name part is specified in the URL, this will +fail): + + curl -O http://www.netscape.com/index.html + +Fetch two files and store them with their remote names: + + curl -O www.haxx.se/index.html -O curl.haxx.se/download.html + +## Using Passwords + +### FTP + +To ftp files using name+passwd, include them in the URL like: + + curl ftp://name:passwd@machine.domain:port/full/path/to/file + +or specify them with the -u flag like + + curl -u name:passwd ftp://machine.domain:port/full/path/to/file + +### FTPS + +It is just like for FTP, but you may also want to specify and use SSL-specific +options for certificates etc. + +Note that using `FTPS://` as prefix is the "implicit" way as described in the +standards while the recommended "explicit" way is done by using FTP:// and the +`--ftp-ssl` option. + +### SFTP / SCP + +This is similar to FTP, but you can use the `--key` option to specify a +private key to use instead of a password. Note that the private key may itself +be protected by a password that is unrelated to the login password of the +remote system; this password is specified using the `--pass` option. +Typically, curl will automatically extract the public key from the private key +file, but in cases where curl does not have the proper library support, a +matching public key file must be specified using the `--pubkey` option. + +### HTTP + +Curl also supports user and password in HTTP URLs, thus you can pick a file +like: + + curl http://name:passwd@machine.domain/full/path/to/file + +or specify user and password separately like in + + curl -u name:passwd http://machine.domain/full/path/to/file + +HTTP offers many different methods of authentication and curl supports +several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which +method to use, curl defaults to Basic. You can also ask curl to pick the most +secure ones out of the ones that the server accepts for the given URL, by +using `--anyauth`. + +**Note**! According to the URL specification, HTTP URLs can not contain a user +and password, so that style will not work when using curl via a proxy, even +though curl allows it at other times. When using a proxy, you _must_ use the +`-u` style for user and password. + +### HTTPS + +Probably most commonly used with private certificates, as explained below. + +## Proxy + +curl supports both HTTP and SOCKS proxy servers, with optional authentication. +It does not have special support for FTP proxy servers since there are no +standards for those, but it can still be made to work with many of them. You +can also use both HTTP and SOCKS proxies to transfer files to and from FTP +servers. + +Get an ftp file using an HTTP proxy named my-proxy that uses port 888: + + curl -x my-proxy:888 ftp://ftp.leachsite.com/README + +Get a file from an HTTP server that requires user and password, using the +same proxy as above: + + curl -u user:passwd -x my-proxy:888 http://www.get.this/ + +Some proxies require special authentication. Specify by using -U as above: + + curl -U user:passwd -x my-proxy:888 http://www.get.this/ + +A comma-separated list of hosts and domains which do not use the proxy can be +specified as: + + curl --noproxy localhost,get.this -x my-proxy:888 http://www.get.this/ + +If the proxy is specified with `--proxy1.0` instead of `--proxy` or `-x`, then +curl will use HTTP/1.0 instead of HTTP/1.1 for any `CONNECT` attempts. + +curl also supports SOCKS4 and SOCKS5 proxies with `--socks4` and `--socks5`. + +See also the environment variables Curl supports that offer further proxy +control. + +Most FTP proxy servers are set up to appear as a normal FTP server from the +client's perspective, with special commands to select the remote FTP server. +curl supports the `-u`, `-Q` and `--ftp-account` options that can be used to +set up transfers through many FTP proxies. For example, a file can be uploaded +to a remote FTP server using a Blue Coat FTP proxy with the options: + + curl -u "username@ftp.server Proxy-Username:Remote-Pass" + --ftp-account Proxy-Password --upload-file local-file + ftp://my-ftp.proxy.server:21/remote/upload/path/ + +See the manual for your FTP proxy to determine the form it expects to set up +transfers, and curl's `-v` option to see exactly what curl is sending. + +## Ranges + +HTTP 1.1 introduced byte-ranges. Using this, a client can request to get only +one or more subparts of a specified document. Curl supports this with the `-r` +flag. + +Get the first 100 bytes of a document: + + curl -r 0-99 http://www.get.this/ + +Get the last 500 bytes of a document: + + curl -r -500 http://www.get.this/ + +Curl also supports simple ranges for FTP files as well. Then you can only +specify start and stop position. + +Get the first 100 bytes of a document using FTP: + + curl -r 0-99 ftp://www.get.this/README + +## Uploading + +### FTP / FTPS / SFTP / SCP + +Upload all data on stdin to a specified server: + + curl -T - ftp://ftp.upload.com/myfile + +Upload data from a specified file, login with user and password: + + curl -T uploadfile -u user:passwd ftp://ftp.upload.com/myfile + +Upload a local file to the remote site, and use the local file name at the +remote site too: + + curl -T uploadfile -u user:passwd ftp://ftp.upload.com/ + +Upload a local file to get appended to the remote file: + + curl -T localfile -a ftp://ftp.upload.com/remotefile + +Curl also supports ftp upload through a proxy, but only if the proxy is +configured to allow that kind of tunneling. If it does, you can run curl in a +fashion similar to: + + curl --proxytunnel -x proxy:port -T localfile ftp.upload.com + +### SMB / SMBS + + curl -T file.txt -u "domain\username:passwd" + smb://server.example.com/share/ + +### HTTP + +Upload all data on stdin to a specified HTTP site: + + curl -T - http://www.upload.com/myfile + +Note that the HTTP server must have been configured to accept PUT before this +can be done successfully. + +For other ways to do HTTP data upload, see the POST section below. + +## Verbose / Debug + +If curl fails where it isn't supposed to, if the servers don't let you in, if +you can't understand the responses: use the `-v` flag to get verbose +fetching. Curl will output lots of info and what it sends and receives in +order to let the user see all client-server interaction (but it won't show you +the actual data). + + curl -v ftp://ftp.upload.com/ + +To get even more details and information on what curl does, try using the +`--trace` or `--trace-ascii` options with a given file name to log to, like +this: + + curl --trace trace.txt www.haxx.se + + +## Detailed Information + +Different protocols provide different ways of getting detailed information +about specific files/documents. To get curl to show detailed information about +a single file, you should use `-I`/`--head` option. It displays all available +info on a single file for HTTP and FTP. The HTTP information is a lot more +extensive. + +For HTTP, you can get the header information (the same as `-I` would show) +shown before the data by using `-i`/`--include`. Curl understands the +`-D`/`--dump-header` option when getting files from both FTP and HTTP, and it +will then store the headers in the specified file. + +Store the HTTP headers in a separate file (headers.txt in the example): + + curl --dump-header headers.txt curl.haxx.se + +Note that headers stored in a separate file can be very useful at a later time +if you want curl to use cookies sent by the server. More about that in the +cookies section. + +## POST (HTTP) + +It's easy to post data using curl. This is done using the `-d ` option. +The post data must be urlencoded. + +Post a simple "name" and "phone" guestbook. + + curl -d "name=Rafael%20Sagula&phone=3320780" http://www.where.com/guest.cgi + +How to post a form with curl, lesson #1: + +Dig out all the `` tags in the form that you want to fill in. + +If there's a "normal" post, you use `-d` to post. `-d` takes a full "post +string", which is in the format + + =&=&... + +The 'variable' names are the names set with `"name="` in the `` tags, +and the data is the contents you want to fill in for the inputs. The data +*must* be properly URL encoded. That means you replace space with + and that +you replace weird letters with %XX where XX is the hexadecimal representation +of the letter's ASCII code. + +Example: + +(page located at `http://www.formpost.com/getthis/`) + +
+ + + + +
+ +We want to enter user 'foobar' with password '12345'. + +To post to this, you enter a curl command line like: + + curl -d "user=foobar&pass=12345&id=blablabla&ding=submit" + http://www.formpost.com/getthis/post.cgi + +While `-d` uses the application/x-www-form-urlencoded mime-type, generally +understood by CGI's and similar, curl also supports the more capable +multipart/form-data type. This latter type supports things like file upload. + +`-F` accepts parameters like `-F "name=contents"`. If you want the contents to +be read from a file, use `@filename` as contents. When specifying a file, you +can also specify the file content type by appending `;type=` to the +file name. You can also post the contents of several files in one field. For +example, the field name 'coolfiles' is used to send three files, with +different content types using the following syntax: + + curl -F "coolfiles=@fil1.gif;type=image/gif,fil2.txt,fil3.html" + http://www.post.com/postit.cgi + +If the content-type is not specified, curl will try to guess from the file +extension (it only knows a few), or use the previously specified type (from an +earlier file if several files are specified in a list) or else it will use the +default type 'application/octet-stream'. + +Emulate a fill-in form with `-F`. Let's say you fill in three fields in a +form. One field is a file name which to post, one field is your name and one +field is a file description. We want to post the file we have written named +"cooltext.txt". To let curl do the posting of this data instead of your +favourite browser, you have to read the HTML source of the form page and find +the names of the input fields. In our example, the input field names are +'file', 'yourname' and 'filedescription'. + + curl -F "file=@cooltext.txt" -F "yourname=Daniel" + -F "filedescription=Cool text file with cool text inside" + http://www.post.com/postit.cgi + +To send two files in one post you can do it in two ways: + +Send multiple files in a single "field" with a single field name: + + curl -F "pictures=@dog.gif,cat.gif" $URL + +Send two fields with two field names + + curl -F "docpicture=@dog.gif" -F "catpicture=@cat.gif" $URL + +To send a field value literally without interpreting a leading `@` or `<`, or +an embedded `;type=`, use `--form-string` instead of `-F`. This is recommended +when the value is obtained from a user or some other unpredictable +source. Under these circumstances, using `-F` instead of `--form-string` could +allow a user to trick curl into uploading a file. + +## Referrer + +An HTTP request has the option to include information about which address +referred it to the actual page. Curl allows you to specify the referrer to be +used on the command line. It is especially useful to fool or trick stupid +servers or CGI scripts that rely on that information being available or +contain certain data. + + curl -e www.coolsite.com http://www.showme.com/ + +## User Agent + +An HTTP request has the option to include information about the browser that +generated the request. Curl allows it to be specified on the command line. It +is especially useful to fool or trick stupid servers or CGI scripts that only +accept certain browsers. + +Example: + + curl -A 'Mozilla/3.0 (Win95; I)' http://www.nationsbank.com/ + +Other common strings: + +- `Mozilla/3.0 (Win95; I)` - Netscape Version 3 for Windows 95 +- `Mozilla/3.04 (Win95; U)` - Netscape Version 3 for Windows 95 +- `Mozilla/2.02 (OS/2; U)` - Netscape Version 2 for OS/2 +- `Mozilla/4.04 [en] (X11; U; AIX 4.2; Nav)` - Netscape for AIX +- `Mozilla/4.05 [en] (X11; U; Linux 2.0.32 i586)` - Netscape for Linux + +Note that Internet Explorer tries hard to be compatible in every way: + +- `Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)` - MSIE for W95 + +Mozilla is not the only possible User-Agent name: + +- `Konqueror/1.0` - KDE File Manager desktop client +- `Lynx/2.7.1 libwww-FM/2.14` - Lynx command line browser + +## Cookies + +Cookies are generally used by web servers to keep state information at the +client's side. The server sets cookies by sending a response line in the +headers that looks like `Set-Cookie: ` where the data part then +typically contains a set of `NAME=VALUE` pairs (separated by semicolons `;` +like `NAME1=VALUE1; NAME2=VALUE2;`). The server can also specify for what path +the "cookie" should be used for (by specifying `path=value`), when the cookie +should expire (`expire=DATE`), for what domain to use it (`domain=NAME`) and +if it should be used on secure connections only (`secure`). + +If you've received a page from a server that contains a header like: + + Set-Cookie: sessionid=boo123; path="/foo"; + +it means the server wants that first pair passed on when we get anything in a +path beginning with "/foo". + +Example, get a page that wants my name passed in a cookie: + + curl -b "name=Daniel" www.sillypage.com + +Curl also has the ability to use previously received cookies in following +sessions. If you get cookies from a server and store them in a file in a +manner similar to: + + curl --dump-header headers www.example.com + +... you can then in a second connect to that (or another) site, use the +cookies from the 'headers' file like: + + curl -b headers www.example.com + +While saving headers to a file is a working way to store cookies, it is +however error-prone and not the preferred way to do this. Instead, make curl +save the incoming cookies using the well-known netscape cookie format like +this: + + curl -c cookies.txt www.example.com + +Note that by specifying `-b` you enable the "cookie awareness" and with `-L` +you can make curl follow a location: (which often is used in combination with +cookies). So that if a site sends cookies and a location, you can use a +non-existing file to trigger the cookie awareness like: + + curl -L -b empty.txt www.example.com + +The file to read cookies from must be formatted using plain HTTP headers OR as +netscape's cookie file. Curl will determine what kind it is based on the file +contents. In the above command, curl will parse the header and store the +cookies received from www.example.com. curl will send to the server the +stored cookies which match the request as it follows the location. The file +"empty.txt" may be a nonexistent file. + +To read and write cookies from a netscape cookie file, you can set both `-b` +and `-c` to use the same file: + + curl -b cookies.txt -c cookies.txt www.example.com + +## Progress Meter + +The progress meter exists to show a user that something actually is +happening. The different fields in the output have the following meaning: + + % Total % Received % Xferd Average Speed Time Curr. + Dload Upload Total Current Left Speed + 0 151M 0 38608 0 0 9406 0 4:41:43 0:00:04 4:41:39 9287 + +From left-to-right: + + - % - percentage completed of the whole transfer + - Total - total size of the whole expected transfer + - % - percentage completed of the download + - Received - currently downloaded amount of bytes + - % - percentage completed of the upload + - Xferd - currently uploaded amount of bytes + - Average Speed Dload - the average transfer speed of the download + - Average Speed Upload - the average transfer speed of the upload + - Time Total - expected time to complete the operation + - Time Current - time passed since the invoke + - Time Left - expected time left to completion + - Curr.Speed - the average transfer speed the last 5 seconds (the first + 5 seconds of a transfer is based on less time of course.) + +The `-#` option will display a totally different progress bar that doesn't +need much explanation! + +## Speed Limit + +Curl allows the user to set the transfer speed conditions that must be met to +let the transfer keep going. By using the switch `-y` and `-Y` you can make +curl abort transfers if the transfer speed is below the specified lowest limit +for a specified time. + +To have curl abort the download if the speed is slower than 3000 bytes per +second for 1 minute, run: + + curl -Y 3000 -y 60 www.far-away-site.com + +This can very well be used in combination with the overall time limit, so +that the above operation must be completed in whole within 30 minutes: + + curl -m 1800 -Y 3000 -y 60 www.far-away-site.com + +Forcing curl not to transfer data faster than a given rate is also possible, +which might be useful if you're using a limited bandwidth connection and you +don't want your transfer to use all of it (sometimes referred to as +"bandwidth throttle"). + +Make curl transfer data no faster than 10 kilobytes per second: + + curl --limit-rate 10K www.far-away-site.com + +or + + curl --limit-rate 10240 www.far-away-site.com + +Or prevent curl from uploading data faster than 1 megabyte per second: + + curl -T upload --limit-rate 1M ftp://uploadshereplease.com + +When using the `--limit-rate` option, the transfer rate is regulated on a +per-second basis, which will cause the total transfer speed to become lower +than the given number. Sometimes of course substantially lower, if your +transfer stalls during periods. + +## Config File + +Curl automatically tries to read the `.curlrc` file (or `_curlrc` file on +Microsoft Windows systems) from the user's home dir on startup. + +The config file could be made up with normal command line switches, but you +can also specify the long options without the dashes to make it more +readable. You can separate the options and the parameter with spaces, or with +`=` or `:`. Comments can be used within the file. If the first letter on a +line is a `#`-symbol the rest of the line is treated as a comment. + +If you want the parameter to contain spaces, you must enclose the entire +parameter within double quotes (`"`). Within those quotes, you specify a quote +as `\"`. + +NOTE: You must specify options and their arguments on the same line. + +Example, set default time out and proxy in a config file: + + # We want a 30 minute timeout: + -m 1800 + # ... and we use a proxy for all accesses: + proxy = proxy.our.domain.com:8080 + +White spaces ARE significant at the end of lines, but all white spaces leading +up to the first characters of each line are ignored. + +Prevent curl from reading the default file by using -q as the first command +line parameter, like: + + curl -q www.thatsite.com + +Force curl to get and display a local help page in case it is invoked without +URL by making a config file similar to: + + # default url to get + url = "http://help.with.curl.com/curlhelp.html" + +You can specify another config file to be read by using the `-K`/`--config` +flag. If you set config file name to `-` it'll read the config from stdin, +which can be handy if you want to hide options from being visible in process +tables etc: + + echo "user = user:passwd" | curl -K - http://that.secret.site.com + +## Extra Headers + +When using curl in your own very special programs, you may end up needing +to pass on your own custom headers when getting a web page. You can do +this by using the `-H` flag. + +Example, send the header `X-you-and-me: yes` to the server when getting a +page: + + curl -H "X-you-and-me: yes" www.love.com + +This can also be useful in case you want curl to send a different text in a +header than it normally does. The `-H` header you specify then replaces the +header curl would normally send. If you replace an internal header with an +empty one, you prevent that header from being sent. To prevent the `Host:` +header from being used: + + curl -H "Host:" www.server.com + +## FTP and Path Names + +Do note that when getting files with a `ftp://` URL, the given path is +relative the directory you enter. To get the file `README` from your home +directory at your ftp site, do: + + curl ftp://user:passwd@my.site.com/README + +But if you want the README file from the root directory of that very same +site, you need to specify the absolute file name: + + curl ftp://user:passwd@my.site.com//README + +(I.e with an extra slash in front of the file name.) + +## SFTP and SCP and Path Names + +With sftp: and scp: URLs, the path name given is the absolute name on the +server. To access a file relative to the remote user's home directory, prefix +the file with `/~/` , such as: + + curl -u $USER sftp://home.example.com/~/.bashrc + +## FTP and Firewalls + +The FTP protocol requires one of the involved parties to open a second +connection as soon as data is about to get transferred. There are two ways to +do this. + +The default way for curl is to issue the PASV command which causes the server +to open another port and await another connection performed by the +client. This is good if the client is behind a firewall that doesn't allow +incoming connections. + + curl ftp.download.com + +If the server, for example, is behind a firewall that doesn't allow +connections on ports other than 21 (or if it just doesn't support the `PASV` +command), the other way to do it is to use the `PORT` command and instruct the +server to connect to the client on the given IP number and port (as parameters +to the PORT command). + +The `-P` flag to curl supports a few different options. Your machine may have +several IP-addresses and/or network interfaces and curl allows you to select +which of them to use. Default address can also be used: + + curl -P - ftp.download.com + +Download with `PORT` but use the IP address of our `le0` interface (this does +not work on windows): + + curl -P le0 ftp.download.com + +Download with `PORT` but use 192.168.0.10 as our IP address to use: + + curl -P 192.168.0.10 ftp.download.com + +## Network Interface + +Get a web page from a server using a specified port for the interface: + + curl --interface eth0:1 http://www.netscape.com/ + +or + + curl --interface 192.168.1.10 http://www.netscape.com/ + +## HTTPS + +Secure HTTP requires a TLS library to be installed and used when curl is +built. If that is done, curl is capable of retrieving and posting documents +using the HTTPS protocol. + +Example: + + curl https://www.secure-site.com + +curl is also capable of using client certificates to get/post files from sites +that require valid certificates. The only drawback is that the certificate +needs to be in PEM-format. PEM is a standard and open format to store +certificates with, but it is not used by the most commonly used browsers. If +you want curl to use the certificates you use with your (favourite) browser, +you may need to download/compile a converter that can convert your browser's +formatted certificates to PEM formatted ones. + +Example on how to automatically retrieve a document using a certificate with a +personal password: + + curl -E /path/to/cert.pem:password https://secure.site.com/ + +If you neglect to specify the password on the command line, you will be +prompted for the correct password before any data can be received. + +Many older HTTPS servers have problems with specific SSL or TLS versions, +which newer versions of OpenSSL etc use, therefore it is sometimes useful to +specify what SSL-version curl should use. Use -3, -2 or -1 to specify that +exact SSL version to use (for SSLv3, SSLv2 or TLSv1 respectively): + + curl -2 https://secure.site.com/ + +Otherwise, curl will attempt to use a sensible TLS default version. + +## Resuming File Transfers + +To continue a file transfer where it was previously aborted, curl supports +resume on HTTP(S) downloads as well as FTP uploads and downloads. + +Continue downloading a document: + + curl -C - -o file ftp://ftp.server.com/path/file + +Continue uploading a document: + + curl -C - -T file ftp://ftp.server.com/path/file + +Continue downloading a document from a web server + + curl -C - -o file http://www.server.com/ + +## Time Conditions + +HTTP allows a client to specify a time condition for the document it requests. +It is `If-Modified-Since` or `If-Unmodified-Since`. curl allows you to specify +them with the `-z`/`--time-cond` flag. + +For example, you can easily make a download that only gets performed if the +remote file is newer than a local copy. It would be made like: + + curl -z local.html http://remote.server.com/remote.html + +Or you can download a file only if the local file is newer than the remote +one. Do this by prepending the date string with a `-`, as in: + + curl -z -local.html http://remote.server.com/remote.html + +You can specify a "free text" date as condition. Tell curl to only download +the file if it was updated since January 12, 2012: + + curl -z "Jan 12 2012" http://remote.server.com/remote.html + +Curl will then accept a wide range of date formats. You always make the date +check the other way around by prepending it with a dash (`-`). + +## DICT + +For fun try + + curl dict://dict.org/m:curl + curl dict://dict.org/d:heisenbug:jargon + curl dict://dict.org/d:daniel:gcide + +Aliases for 'm' are 'match' and 'find', and aliases for 'd' are 'define' and +'lookup'. For example, + + curl dict://dict.org/find:curl + +Commands that break the URL description of the RFC (but not the DICT +protocol) are + + curl dict://dict.org/show:db + curl dict://dict.org/show:strat + +Authentication support is still missing + +## LDAP + +If you have installed the OpenLDAP library, curl can take advantage of it and +offer `ldap://` support. On Windows, curl will use WinLDAP from Platform SDK +by default. + +Default protocol version used by curl is LDAPv3. LDAPv2 will be used as +fallback mechanism in case if LDAPv3 will fail to connect. + +LDAP is a complex thing and writing an LDAP query is not an easy task. I do +advise you to dig up the syntax description for that elsewhere. One such place +might be: [RFC 2255, The LDAP URL +Format](https://curl.haxx.se/rfc/rfc2255.txt) + +To show you an example, this is how I can get all people from my local LDAP +server that has a certain sub-domain in their email address: + + curl -B "ldap://ldap.frontec.se/o=frontec??sub?mail=*sth.frontec.se" + +If I want the same info in HTML format, I can get it by not using the `-B` +(enforce ASCII) flag. + +You also can use authentication when accessing LDAP catalog: + + curl -u user:passwd "ldap://ldap.frontec.se/o=frontec??sub?mail=*" + curl "ldap://user:passwd@ldap.frontec.se/o=frontec??sub?mail=*" + +By default, if user and password provided, OpenLDAP/WinLDAP will use basic +authentication. On Windows you can control this behavior by providing one of +`--basic`, `--ntlm` or `--digest` option in curl command line + + curl --ntlm "ldap://user:passwd@ldap.frontec.se/o=frontec??sub?mail=*" + +On Windows, if no user/password specified, auto-negotiation mechanism will be +used with current logon credentials (SSPI/SPNEGO). + +## Environment Variables + +Curl reads and understands the following environment variables: + + http_proxy, HTTPS_PROXY, FTP_PROXY + +They should be set for protocol-specific proxies. General proxy should be set +with + + ALL_PROXY + +A comma-separated list of host names that shouldn't go through any proxy is +set in (only an asterisk, `*` matches all hosts) + + NO_PROXY + +If the host name matches one of these strings, or the host is within the +domain of one of these strings, transactions with that node will not be +proxied. When a domain is used, it needs to start with a period. A user can +specify that both www.example.com and foo.example.com should not use a proxy +by setting `NO_PROXY` to `.example.com`. By including the full name you can +exclude specific host names, so to make `www.example.com` not use a proxy but +still have `foo.example.com` do it, set `NO_PROXY` to `www.example.com`. + +The usage of the `-x`/`--proxy` flag overrides the environment variables. + +## Netrc + +Unix introduced the `.netrc` concept a long time ago. It is a way for a user +to specify name and password for commonly visited FTP sites in a file so that +you don't have to type them in each time you visit those sites. You realize +this is a big security risk if someone else gets hold of your passwords, so +therefore most unix programs won't read this file unless it is only readable +by yourself (curl doesn't care though). + +Curl supports `.netrc` files if told to (using the `-n`/`--netrc` and +`--netrc-optional` options). This is not restricted to just FTP, so curl can +use it for all protocols where authentication is used. + +A very simple `.netrc` file could look something like: + + machine curl.haxx.se login iamdaniel password mysecret + +## Custom Output + +To better allow script programmers to get to know about the progress of curl, +the `-w`/`--write-out` option was introduced. Using this, you can specify what +information from the previous transfer you want to extract. + +To display the amount of bytes downloaded together with some text and an +ending newline: + + curl -w 'We downloaded %{size_download} bytes\n' www.download.com + +## Kerberos FTP Transfer + +Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need the +kerberos package installed and used at curl build time for it to be available. + +First, get the krb-ticket the normal way, like with the kinit/kauth tool. +Then use curl in way similar to: + + curl --krb private ftp://krb4site.com -u username:fakepwd + +There's no use for a password on the `-u` switch, but a blank one will make +curl ask for one and you already entered the real password to kinit/kauth. + +## TELNET + +The curl telnet support is basic and very easy to use. Curl passes all data +passed to it on stdin to the remote server. Connect to a remote telnet server +using a command line similar to: + + curl telnet://remote.server.com + +And enter the data to pass to the server on stdin. The result will be sent to +stdout or to the file you specify with `-o`. + +You might want the `-N`/`--no-buffer` option to switch off the buffered output +for slow connections or similar. + +Pass options to the telnet protocol negotiation, by using the `-t` option. To +tell the server we use a vt100 terminal, try something like: + + curl -tTTYPE=vt100 telnet://remote.server.com + +Other interesting options for it `-t` include: + + - `XDISPLOC=` Sets the X display location. + - `NEW_ENV=` Sets an environment variable. + +NOTE: The telnet protocol does not specify any way to login with a specified +user and password so curl can't do that automatically. To do that, you need to +track when the login prompt is received and send the username and password +accordingly. + +## Persistent Connections + +Specifying multiple files on a single command line will make curl transfer all +of them, one after the other in the specified order. + +libcurl will attempt to use persistent connections for the transfers so that +the second transfer to the same host can use the same connection that was +already initiated and was left open in the previous transfer. This greatly +decreases connection time for all but the first transfer and it makes a far +better use of the network. + +Note that curl cannot use persistent connections for transfers that are used +in subsequence curl invokes. Try to stuff as many URLs as possible on the same +command line if they are using the same host, as that'll make the transfers +faster. If you use an HTTP proxy for file transfers, practically all transfers +will be persistent. + +## Multiple Transfers With A Single Command Line + +As is mentioned above, you can download multiple files with one command line +by simply adding more URLs. If you want those to get saved to a local file +instead of just printed to stdout, you need to add one save option for each +URL you specify. Note that this also goes for the `-O` option (but not +`--remote-name-all`). + +For example: get two files and use `-O` for the first and a custom file +name for the second: + + curl -O http://url.com/file.txt ftp://ftp.com/moo.exe -o moo.jpg + +You can also upload multiple files in a similar fashion: + + curl -T local1 ftp://ftp.com/moo.exe -T local2 ftp://ftp.com/moo2.txt + +## IPv6 + +curl will connect to a server with IPv6 when a host lookup returns an IPv6 +address and fall back to IPv4 if the connection fails. The `--ipv4` and +`--ipv6` options can specify which address to use when both are +available. IPv6 addresses can also be specified directly in URLs using the +syntax: + + http://[2001:1890:1112:1::20]/overview.html + +When this style is used, the `-g` option must be given to stop curl from +interpreting the square brackets as special globbing characters. Link local +and site local addresses including a scope identifier, such as `fe80::1234%1`, +may also be used, but the scope portion must be numeric or match an existing +network interface on Linux and the percent character must be URL escaped. The +previous example in an SFTP URL might look like: + + sftp://[fe80::1234%251]/ + +IPv6 addresses provided other than in URLs (e.g. to the `--proxy`, +`--interface` or `--ftp-port` options) should not be URL encoded. + +## Metalink + +Curl supports Metalink (both version 3 and 4 (RFC 5854) are supported), a way +to list multiple URIs and hashes for a file. Curl will make use of the mirrors +listed within for failover if there are errors (such as the file or server not +being available). It will also verify the hash of the file after the download +completes. The Metalink file itself is downloaded and processed in memory and +not stored in the local file system. + +Example to use a remote Metalink file: + + curl --metalink http://www.example.com/example.metalink + +To use a Metalink file in the local file system, use FILE protocol +(`file://`): + + curl --metalink file://example.metalink + +Please note that if FILE protocol is disabled, there is no way to use a local +Metalink file at the time of this writing. Also note that if `--metalink` and +`--include` are used together, `--include` will be ignored. This is because +including headers in the response will break Metalink parser and if the +headers are included in the file described in Metalink file, hash check will +fail. + +## Mailing Lists + +For your convenience, we have several open mailing lists to discuss curl, its +development and things relevant to this. Get all info at +https://curl.haxx.se/mail/. + +Please direct curl questions, feature requests and trouble reports to one of +these mailing lists instead of mailing any individual. + +Available lists include: + +### curl-users + +Users of the command line tool. How to use it, what doesn't work, new +features, related tools, questions, news, installations, compilations, +running, porting etc. + +### curl-library + +Developers using or developing libcurl. Bugs, extensions, improvements. + +### curl-announce + +Low-traffic. Only receives announcements of new public versions. At worst, +that makes something like one or two mails per month, but usually only one +mail every second month. + +### curl-and-php + +Using the curl functions in PHP. Everything curl with a PHP angle. Or PHP with +a curl angle. + +### curl-and-python + +Python hackers using curl with or without the python binding pycurl. + diff --git a/extern/curl/docs/Makefile.am b/extern/curl/docs/Makefile.am new file mode 100644 index 0000000000..5ce0d83975 --- /dev/null +++ b/extern/curl/docs/Makefile.am @@ -0,0 +1,124 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### + +AUTOMAKE_OPTIONS = foreign no-dependencies + +# EXTRA_DIST breaks with $(abs_builddir) so build it using this variable +# but distribute it (using the relative file name) in the next variable +man_MANS = $(abs_builddir)/curl.1 +noinst_man_MANS = curl.1 mk-ca-bundle.1 +dist_man_MANS = curl-config.1 +GENHTMLPAGES = curl.html curl-config.html mk-ca-bundle.html +PDFPAGES = curl.pdf curl-config.pdf mk-ca-bundle.pdf +MANDISTPAGES = curl.1.dist curl-config.1.dist + +HTMLPAGES = $(GENHTMLPAGES) index.html + +# Build targets in this file (.) before cmdline-opts to ensure that +# the curl.1 rule below runs first +SUBDIRS = . cmdline-opts +DIST_SUBDIRS = $(SUBDIRS) examples libcurl + +CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES) $(MANDISTPAGES) curl.1 + +EXTRA_DIST = \ + $(noinst_man_MANS) \ + ALTSVC.md \ + BINDINGS.md \ + BUG-BOUNTY.md \ + BUGS \ + CHECKSRC.md \ + CIPHERS.md \ + CMakeLists.txt \ + CODE_OF_CONDUCT.md \ + CODE_STYLE.md \ + CONTRIBUTE.md \ + CURL-DISABLE.md \ + DEPRECATE.md \ + ESNI.md \ + EXPERIMENTAL.md \ + FAQ \ + FEATURES \ + GOVERNANCE.md \ + HELP-US.md \ + HISTORY.md \ + HTTP-COOKIES.md \ + HTTP2.md \ + HTTP3.md \ + INSTALL \ + INSTALL.cmake \ + INSTALL.md \ + INTERNALS.md \ + KNOWN_BUGS \ + LICENSE-MIXING.md \ + MAIL-ETIQUETTE \ + PARALLEL-TRANSFERS.md \ + README.cmake \ + README.md \ + README.netware \ + README.win32 \ + RELEASE-PROCEDURE.md \ + RESOURCES \ + ROADMAP.md \ + SECURITY-PROCESS.md \ + SSL-PROBLEMS.md \ + SSLCERTS.md \ + THANKS \ + TODO \ + TheArtOfHttpScripting \ + VERSIONS + +MAN2HTML= roffit $< >$@ + +SUFFIXES = .1 .html .pdf + +# $(abs_builddir) is to disable VPATH when searching for this file, which +# would otherwise find the copy in $(srcdir) which breaks the $(HUGE) +# rule in src/Makefile.am in out-of-tree builds that references the file in the +# build directory. +# +# First, seed the used copy of curl.1 with the prebuilt copy (in an out-of-tree +# build), then run make recursively to rebuild it only if its dependencies +# have changed. +$(abs_builddir)/curl.1: + if test "$(top_builddir)x" != "$(top_srcdir)x" -a -e "$(srcdir)/curl.1"; then \ + $(INSTALL_DATA) "$(srcdir)/curl.1" $@; fi + cd cmdline-opts && $(MAKE) + +html: $(HTMLPAGES) + cd libcurl && $(MAKE) html + +pdf: $(PDFPAGES) + cd libcurl && $(MAKE) pdf + +.1.html: + $(MAN2HTML) + +.1.pdf: + @(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \ + groff -Tps -man $< >$$foo.ps; \ + ps2pdf $$foo.ps $@; \ + rm $$foo.ps; \ + echo "converted $< to $@") + +distclean: + rm -f $(CLEANFILES) diff --git a/extern/curl/docs/PARALLEL-TRANSFERS.md b/extern/curl/docs/PARALLEL-TRANSFERS.md new file mode 100644 index 0000000000..da688ea050 --- /dev/null +++ b/extern/curl/docs/PARALLEL-TRANSFERS.md @@ -0,0 +1,58 @@ +# Parallel transfers + +curl 7.66.0 introduces support for doing multiple transfers simultaneously; in +parallel. + +## -Z, --parallel + +When this command line option is used, curl will perform the transfers given +to it at the same time. It will do up to `--parallel-max` concurrent +transfers, with a default value of 50. + +## Progress meter + +The progress meter that is displayed when doing parallel transfers is +completely different than the regular one used for each single transfer. + + It shows: + + o percent download (if known, which means *all* transfers need to have a + known size) + o percent upload (if known, with the same caveat as for download) + o total amount of downloaded data + o total amount of uploaded data + o number of transfers to perform + o number of concurrent transfers being transferred right now + o number of transfers queued up waiting to start + o total time all transfers are expected to take (if sizes are known) + o current time the transfers have spent so far + o estimated time left (if sizes are known) + o current transfer speed (the faster of UL/DL speeds measured over the last + few seconds) + +Example: + + DL% UL% Dled Uled Xfers Live Qd Total Current Left Speed + 72 -- 37.9G 0 101 30 23 0:00:55 0:00:34 0:00:22 2752M + +## Behavior differences + +Connections are shared fine between different easy handles, but the +"authentication contexts" are not. So for example doing HTTP Digest auth with +one handle for a particular transfer and then continue on with another handle +that reuses the same connection, the second handle can't send the necessary +Authorization header at once since the context is only kept in the original +easy handle. + +To fix this, the authorization state could be made possible to share with the +share API as well, as a context per origin + path (realm?) basically. + +Visible in test 153, 1412 and more. + +## Feedback! + +This is early days for parallel transfer support. Keep your eyes open for +unintended side effects or downright bugs. + +Tell us what you think and how you think we could improve this feature! + diff --git a/extern/curl/docs/README.cmake b/extern/curl/docs/README.cmake new file mode 100644 index 0000000000..084c1de6d5 --- /dev/null +++ b/extern/curl/docs/README.cmake @@ -0,0 +1,16 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +README.cmake + Read the README file first. + + Curl contains CMake build files that provide a way to build Curl with the + CMake build tool (www.cmake.org). CMake is a cross platform meta build tool + that generates native makefiles and IDE project files. The CMake build + system can be used to build Curl on any of its supported platforms. + + Read the INSTALL.cmake file for instructions on how to compile curl with + CMake. diff --git a/extern/curl/docs/README.md b/extern/curl/docs/README.md new file mode 100644 index 0000000000..6ee42aad33 --- /dev/null +++ b/extern/curl/docs/README.md @@ -0,0 +1,12 @@ +![curl logo](https://curl.haxx.se/logo/curl-logo.svg) + +# Documentation + +You'll find a mix of various documentation in this directory and +subdirectories, using several different formats. Some of them are not ideal +for reading directly in your browser. + +If you'd rather see the rendered version of the documentation, check out the +curl web site's [documentation section](https://curl.haxx.se/docs/) for +general curl stuff or the [libcurl section](https://curl.haxx.se/libcurl/) for +libcurl related documentation. diff --git a/extern/curl/docs/README.netware b/extern/curl/docs/README.netware new file mode 100644 index 0000000000..e6e1e0002e --- /dev/null +++ b/extern/curl/docs/README.netware @@ -0,0 +1,24 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +README.netware + + Read the README file first. + + Curl has been successfully compiled with gcc / nlmconv on different flavours + of Linux as well as with the official Metrowerks CodeWarrior compiler. + While not being the main development target, a continuously growing share of + curl users are NetWare-based, especially also consuming the lib from PHP. + + The unix-style man pages are tricky to read on windows, so therefore all + those pages are also provided as web pages on the curl web site. + + The main curl.1 man page is also "built-in" in the command line tool. Use a + command line similar to this in order to extract a separate text file: + + curl -M >manual.txt + + Read the INSTALL file for instructions on how to compile curl self. diff --git a/extern/curl/docs/README.win32 b/extern/curl/docs/README.win32 new file mode 100644 index 0000000000..ca34dd1625 --- /dev/null +++ b/extern/curl/docs/README.win32 @@ -0,0 +1,23 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +README.win32 + + Read the README file first. + + Curl has been compiled, built and run on all sorts of Windows and win32 + systems. While not being the main develop target, a fair share of curl users + are win32-based. + + The unix-style man pages are tricky to read on windows, so therefore all + those pages are also provided as web pages on the curl web site. + + The main curl.1 man page is also "built-in" in the command line tool. Use a + command line similar to this in order to extract a separate text file: + + curl -M >manual.txt + + Read the INSTALL file for instructions on how to compile curl self. diff --git a/extern/curl/docs/RELEASE-PROCEDURE.md b/extern/curl/docs/RELEASE-PROCEDURE.md new file mode 100644 index 0000000000..f2b4343bdd --- /dev/null +++ b/extern/curl/docs/RELEASE-PROCEDURE.md @@ -0,0 +1,106 @@ +curl release procedure - how to do a release +============================================ + +in the source code repo +----------------------- + +- edit `RELEASE-NOTES` to be accurate + +- update `docs/THANKS` + +- make sure all relevant changes are committed on the master branch + +- tag the git repo in this style: `git tag -a curl-7_34_0`. -a annotates the + tag and we use underscores instead of dots in the version number. Make sure + the tag is GPG signed (using -s). + +- run "./maketgz 7.34.0" to build the release tarballs. It is important that + you run this on a machine with the correct set of autotools etc installed + as this is what then will be shipped and used by most users on \*nix like + systems. + +- push the git commits and the new tag + +- gpg sign the 4 tarballs as maketgz suggests + +- upload the 8 resulting files to the primary download directory + +in the curl-www repo +-------------------- + +- edit `Makefile` (version number and date), + +- edit `_newslog.html` (announce the new release) and + +- edit `_changes.html` (insert changes+bugfixes from RELEASE-NOTES) + +- commit all local changes + +- tag the repo with the same name as used for the source repo. + +- make sure all relevant changes are committed and pushed on the master branch + + (the web site then updates its contents automatically) + +on github +--------- + +- edit the newly made release tag so that it is listed as the latest release + +inform +------ + +- send an email to curl-users, curl-announce and curl-library. Insert the + RELEASE-NOTES into the mail. + +celebrate +--------- + +- suitable beverage intake is encouraged for the festivities + +curl release scheduling +======================= + +Release Cycle +------------- + +We do releases every 8 weeks on Wednesdays. If critical problems arise, we can +insert releases outside of the schedule or we can move the release date - but +this is rare. + +Each 8 week release cycle is split in two 4-week periods. + +- During the first 4 weeks after a release, we allow new features and changes + to curl and libcurl. If we accept any such changes, we bump the minor number + used for the next release. + +- During the second 4-week period we do not merge any features or changes, we + then only focus on fixing bugs and polishing things to make a solid coming + release. + +- After a regular procedure-following release (made on Wednesdays), the + feature window remains closed until the following Monday in case of special + actions or patch releases etc. + +If a future release date happens to end up on a "bad date", like in the middle +of common public holidays or when the lead release manager is away traveling, +the release date can be moved forwards or backwards a full week. This is then +advertised well in advance. + +Coming dates +------------ + +Based on the description above, here are some planned release dates (at the +time of this writing): + +- March 4, 2020 (7.69.0) +- April 29, 2020 +- June 24, 2020 +- August 19, 2020 +- October 14, 2020 +- December 9, 2020 +- February 3, 2021 + +The above (and more) curl-related dates are published in +[iCalendar format](https://calendar.google.com/calendar/ical/c9u5d64odop9js55oltfarjk6g%40group.calendar.google.com/public/basic.ics) +as well. diff --git a/extern/curl/docs/RESOURCES b/extern/curl/docs/RESOURCES new file mode 100644 index 0000000000..55f75df770 --- /dev/null +++ b/extern/curl/docs/RESOURCES @@ -0,0 +1,85 @@ + _ _ ____ _ + Project ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + +This document lists documents and standards used by curl. + + RFC 959 - FTP Protocol + + RFC 1635 - How to Use Anonymous FTP + + RFC 1738 - Uniform Resource Locators + + RFC 1777 - Lightweight Directory Access Protocol (LDAP) + + RFC 1808 - Relative Uniform Resource Locators + + RFC 1867 - Form-based File Upload in HTML + + RFC 1950 - ZLIB Compressed Data Format Specification + + RFC 1951 - DEFLATE Compressed Data Format Specification + + RFC 1952 - GZIP File Format Specification + + RFC 1959 - LDAP URL Syntax + + RFC 2045-2049 - Everything you need to know about MIME! (needed for form + based upload) + + RFC 2068 - HTTP 1.1 (obsoleted by RFC 2616) + + RFC 2104 - Keyed-Hashing for Message Authentication + + RFC 2109 - HTTP State Management Mechanism (cookie stuff) + - Also, read Netscape's specification at + https://curl.haxx.se/rfc/cookie_spec.html + + RFC 2183 - The Content-Disposition Header Field + + RFC 2195 - CRAM-MD5 Authentication + + RFC 2229 - A Dictionary Server Protocol + + RFC 2255 - Newer LDAP URL Format + + RFC 2231 - MIME Parameter Value and Encoded Word Extensions: + Character Sets, Languages, and Continuations + + RFC 2388 - "Returning Values from Forms: multipart/form-data" + Use this as an addition to the RFC1867 + + RFC 2396 - "Uniform Resource Identifiers: Generic Syntax and Semantics" This + one obsoletes RFC 1738, but since RFC 1738 is often mentioned + I've left it in this list. + + RFC 2428 - FTP Extensions for IPv6 and NATs + + RFC 2577 - FTP Security Considerations + + RFC 2616 - HTTP 1.1, the latest + + RFC 2617 - HTTP Authentication + + RFC 2718 - Guidelines for new URL Schemes + + RFC 2732 - Format for Literal IPv6 Addresses in URL's + + RFC 2818 - HTTP Over TLS (TLS is the successor to SSL) + + RFC 2821 - Simple Mail Transfer Protocol (SMTP) + + RFC 2964 - Use of HTTP State Management + + RFC 2965 - HTTP State Management Mechanism. Cookies. Obsoletes RFC2109 + + RFC 3207 - SMTP Over TLS + + RFC 4616 - PLAIN Authentication + + RFC 4954 - SMTP Authentication + + RFC 7932 - Brotli Compressed Data Format diff --git a/extern/curl/docs/ROADMAP.md b/extern/curl/docs/ROADMAP.md new file mode 100644 index 0000000000..7bd07196ff --- /dev/null +++ b/extern/curl/docs/ROADMAP.md @@ -0,0 +1,63 @@ +curl the next few years - perhaps +================================= + +Roadmap of things Daniel Stenberg wants to work on next. It is intended to +serve as a guideline for others for information, feedback and possible +participation. + +HSTS +---- + + Complete and merge [the existing PR](https://github.com/curl/curl/pull/2682). + + Loading a huge preload file is probably not too interesting to most people, + but using a custom file and reacting to HSTS response header probably are + good features. + +DNS-over-TLS +------------ + + Similar to DNS-over-HTTPS. Could share quite a lot of generic code. + +ESNI (Encrypted SNI) +-------------------- + + See Daniel's post on [Support of Encrypted + SNI](https://curl.haxx.se/mail/lib-2019-03/0000.html) on the mailing list. + + Initial work exists in https://github.com/curl/curl/pull/4011 + +thread-safe `curl_global_init()` +-------------------------------- + + Fix the libcurl specific parts of the function to be thread-safe. Make sure + it can be thread-safe if built with thread-safe 3rd party libraries. + (probably can't include `curl_global_init_mem()` for obvious reasons) + +tiny-curl +--------- + + There's no immediate action for this but users seem keen on being able to + building custom minimized versions of libcurl for their products. Make sure + new features that are "niche" can still be disabled at build-time. + +MQTT +---- + + Support receiving and sending MQTT messages. Initial work exists in + https://github.com/curl/curl/pull/3514 + +Hardcode “localhost” +-------------------- + + No need to resolve it. Avoid a risk where this is resolved over the network + and actually responds with something else than a local address. Some + operating systems already do this. Also: + https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02 + +"menu config"-style build feature selection +------------------------------------------- + + Allow easier building of custom libcurl versions with only a selected feature + where the available features are easily browsable and toggle-able ON/OFF or + similar. diff --git a/extern/curl/docs/SECURITY-PROCESS.md b/extern/curl/docs/SECURITY-PROCESS.md new file mode 100644 index 0000000000..e844a9a90f --- /dev/null +++ b/extern/curl/docs/SECURITY-PROCESS.md @@ -0,0 +1,132 @@ +curl security process +===================== + +This document describes how security vulnerabilities should be handled in the +curl project. + +Publishing Information +---------------------- + +All known and public curl or libcurl related vulnerabilities are listed on +[the curl web site security page](https://curl.haxx.se/docs/security.html). + +Security vulnerabilities **should not** be entered in the project's public bug +tracker. + +Vulnerability Handling +---------------------- + +The typical process for handling a new security vulnerability is as follows. + +No information should be made public about a vulnerability until it is +formally announced at the end of this process. That means, for example that a +bug tracker entry must NOT be created to track the issue since that will make +the issue public and it should not be discussed on any of the project's public +mailing lists. Also messages associated with any commits should not make any +reference to the security nature of the commit if done prior to the public +announcement. + +- The person discovering the issue, the reporter, reports the vulnerability on + [https://hackerone.com/curl](https://hackerone.com/curl). Issues filed there + reach a handful of selected and trusted people. + +- Messages that do not relate to the reporting or managing of an undisclosed + security vulnerability in curl or libcurl are ignored and no further action + is required. + +- A person in the security team responds to the original report to acknowledge + that a human has seen the report. + +- The security team investigates the report and either rejects it or accepts + it. + +- If the report is rejected, the team writes to the reporter to explain why. + +- If the report is accepted, the team writes to the reporter to let him/her + know it is accepted and that they are working on a fix. + +- The security team discusses the problem, works out a fix, considers the + impact of the problem and suggests a release schedule. This discussion + should involve the reporter as much as possible. + +- The release of the information should be "as soon as possible" and is most + often synchronized with an upcoming release that contains the fix. If the + reporter, or anyone else involved, thinks the next planned release is too + far away, then a separate earlier release should be considered. + +- Write a security advisory draft about the problem that explains what the + problem is, its impact, which versions it affects, solutions or workarounds, + when the release is out and make sure to credit all contributors properly. + Figure out the CWE (Common Weakness Enumeration) number for the flaw. + +- Request a CVE number from + [HackerOne](https://docs.hackerone.com/programs/cve-requests.html) + +- Consider informing + [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros) + to prepare them about the upcoming public security vulnerability + announcement - attach the advisory draft for information. Note that + 'distros' won't accept an embargo longer than 14 days and they do not care + for Windows-specific flaws. + +- Update the "security advisory" with the CVE number. + +- The security team commits the fix in a private branch. The commit message + should ideally contain the CVE number. This fix is usually also distributed + to the 'distros' mailing list to allow them to use the fix prior to the + public announcement. + +- No more than 48 hours before the release, the private branch is merged into + the master branch and pushed. Once pushed, the information is accessible to + the public and the actual release should follow suit immediately afterwards. + The time between the push and the release is used for final tests and + reviews. + +- The project team creates a release that includes the fix. + +- The project team announces the release and the vulnerability to the world in + the same manner we always announce releases. It gets sent to the + curl-announce, curl-library and curl-users mailing lists. + +- The security web page on the web site should get the new vulnerability + mentioned. + +curl-security (at haxx dot se) +------------------------------ + +This is a private mailing list for discussions on and about curl security +issues. + +Who is on this list? There are a couple of criteria you must meet, and then we +might ask you to join the list or you can ask to join it. It really isn't very +formal. We basically only require that you have a long-term presence in the +curl project and you have shown an understanding for the project and its way +of working. You must've been around for a good while and you should have no +plans in vanishing in the near future. + +We do not make the list of participants public mostly because it tends to vary +somewhat over time and a list somewhere will only risk getting outdated. + +Publishing Security Advisories +------------------------------ + +1. Write up the security advisory, using markdown syntax. Use the same + subtitles as last time to maintain consistency. + +2. Name the advisory file after the allocated CVE id. + +3. Add a line on the top of the array in `curl-www/docs/vuln.pm'. + +4. Put the new advisory markdown file in the curl-www/docs/ directory. Add it + to the git repo. + +5. Run `make` in your local web checkout and verify that things look fine. + +6. On security advisory release day, push the changes on the curl-www + repository's remote master branch. + +Bug Bounty +---------- + +See [BUG-BOUNTY](https://curl.haxx.se/docs/bugbounty.html) for details on the +bug bounty program. diff --git a/extern/curl/docs/SSL-PROBLEMS.md b/extern/curl/docs/SSL-PROBLEMS.md new file mode 100644 index 0000000000..aaf7bdb594 --- /dev/null +++ b/extern/curl/docs/SSL-PROBLEMS.md @@ -0,0 +1,87 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +# SSL problems + + First, let's establish that we often refer to TLS and SSL interchangeably as + SSL here. The current protocol is called TLS, it was called SSL a long time + ago. + + There are several known reasons why a connection that involves SSL might + fail. This is a document that attempts to details the most common ones and + how to mitigate them. + +## CA certs + + CA certs are used to digitally verify the server's certificate. You need a + "ca bundle" for this. See lots of more details on this in the SSLCERTS + document. + +## CA bundle missing intermediate certificates + + When using said CA bundle to verify a server cert, you will experience + problems if your CA cert does not have the certificates for the + intermediates in the whole trust chain. + +## Protocol version + + Some broken servers fail to support the protocol negotiation properly that + SSL servers are supposed to handle. This may cause the connection to fail + completely. Sometimes you may need to explicitly select a SSL version to use + when connecting to make the connection succeed. + + An additional complication can be that modern SSL libraries sometimes are + built with support for older SSL and TLS versions disabled! + + All versions of SSL are considered insecure and should be avoided. Use TLS. + +## Ciphers + + Clients give servers a list of ciphers to select from. If the list doesn't + include any ciphers the server wants/can use, the connection handshake + fails. + + curl has recently disabled the user of a whole bunch of seriously insecure + ciphers from its default set (slightly depending on SSL backend in use). + + You may have to explicitly provide an alternative list of ciphers for curl + to use to allow the server to use a WEAK cipher for you. + + Note that these weak ciphers are identified as flawed. For example, this + includes symmetric ciphers with less than 128 bit keys and RC4. + + Schannel in Windows XP is not able to connect to servers that no longer + support the legacy handshakes and algorithms used by those versions, so we + advice against building curl to use Schannel on really old Windows versions. + + References: + + https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 + +## Allow BEAST + + BEAST is the name of a TLS 1.0 attack that surfaced 2011. When adding means + to mitigate this attack, it turned out that some broken servers out there in + the wild didn't work properly with the BEAST mitigation in place. + + To make such broken servers work, the --ssl-allow-beast option was + introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability + but on the other hand it allows curl to connect to that kind of strange + servers. + +## Disabling certificate revocation checks + + Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) + depending on the OS or build configuration. The --ssl-no-revoke option was + introduced in 7.44.0 to disable revocation checking but currently is only + supported for Schannel (the native Windows SSL library), with an exception + in the case of Windows' Untrusted Publishers blacklist which it seems can't + be bypassed. This option may have broader support to accommodate other SSL + backends in the future. + + References: + + https://curl.haxx.se/docs/ssl-compared.html diff --git a/extern/curl/docs/SSLCERTS.md b/extern/curl/docs/SSLCERTS.md new file mode 100644 index 0000000000..2c5be68e6a --- /dev/null +++ b/extern/curl/docs/SSLCERTS.md @@ -0,0 +1,173 @@ +SSL Certificate Verification +============================ + +SSL is TLS +---------- + +SSL is the old name. It is called TLS these days. + + +Native SSL +---------- + +If libcurl was built with Schannel or Secure Transport support (the native SSL +libraries included in Windows and Mac OS X), then this does not apply to +you. Scroll down for details on how the OS-native engines handle SSL +certificates. If you're not sure, then run "curl -V" and read the results. If +the version string says "WinSSL" in it, then it was built with Schannel +support. + +It is about trust +----------------- + +This system is about trust. In your local CA certificate store you have certs +from *trusted* Certificate Authorities that you then can use to verify that the +server certificates you see are valid. They're signed by one of the CAs you +trust. + +Which CAs do you trust? You can decide to trust the same set of companies your +operating system trusts, or the set one of the known browsers trust. That's +basically trust via someone else you trust. You should just be aware that +modern operating systems and browsers are setup to trust *hundreds* of +companies and recent years several such CAs have been found untrustworthy. + +Certificate Verification +------------------------ + +libcurl performs peer SSL certificate verification by default. This is done +by using a CA certificate store that the SSL library can use to make sure the +peer's server certificate is valid. + +If you communicate with HTTPS, FTPS or other TLS-using servers using +certificates that are signed by CAs present in the store, you can be sure +that the remote server really is the one it claims to be. + +If the remote server uses a self-signed certificate, if you don't install a CA +cert store, if the server uses a certificate signed by a CA that isn't +included in the store you use or if the remote host is an impostor +impersonating your favorite site, and you want to transfer files from this +server, do one of the following: + + 1. Tell libcurl to *not* verify the peer. With libcurl you disable this with + `curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);` + + With the curl command line tool, you disable this with -k/--insecure. + + 2. Get a CA certificate that can verify the remote server and use the proper + option to point out this CA cert for verification when connecting. For + libcurl hackers: `curl_easy_setopt(curl, CURLOPT_CAPATH, capath);` + + With the curl command line tool: --cacert [file] + + 3. Add the CA cert for your server to the existing default CA certificate + store. The default CA certificate store can changed at compile time with the + following configure options: + + --with-ca-bundle=FILE: use the specified file as CA certificate store. CA + certificates need to be concatenated in PEM format into this file. + + --with-ca-path=PATH: use the specified path as CA certificate store. CA + certificates need to be stored as individual PEM files in this directory. + You may need to run c_rehash after adding files there. + + If neither of the two options is specified, configure will try to auto-detect + a setting. It's also possible to explicitly not hardcode any default store + but rely on the built in default the crypto library may provide instead. + You can achieve that by passing both --without-ca-bundle and + --without-ca-path to the configure script. + + If you use Internet Explorer, this is one way to get extract the CA cert + for a particular server: + + - View the certificate by double-clicking the padlock + - Find out where the CA certificate is kept (Certificate> + Authority Information Access>URL) + - Get a copy of the crt file using curl + - Convert it from crt to PEM using the openssl tool: + openssl x509 -inform DES -in yourdownloaded.crt \ + -out outcert.pem -text + - Add the 'outcert.pem' to the CA certificate store or use it stand-alone + as described below. + + If you use the 'openssl' tool, this is one way to get extract the CA cert + for a particular server: + + - `openssl s_client -showcerts -servername server -connect server:443 > cacert.pem` + - type "quit", followed by the "ENTER" key + - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE" + markers. + - If you want to see the data in the certificate, you can do: "openssl + x509 -inform PEM -in certfile -text -out certdata" where certfile is + the cert you extracted from logfile. Look in certdata. + - If you want to trust the certificate, you can add it to your CA + certificate store or use it stand-alone as described. Just remember that + the security is no better than the way you obtained the certificate. + + 4. If you're using the curl command line tool, you can specify your own CA + cert path by setting the environment variable `CURL_CA_BUNDLE` to the path + of your choice. + + If you're using the curl command line tool on Windows, curl will search + for a CA cert file named "curl-ca-bundle.crt" in these directories and in + this order: + 1. application's directory + 2. current working directory + 3. Windows System directory (e.g. C:\windows\system32) + 4. Windows Directory (e.g. C:\windows) + 5. all directories along %PATH% + + 5. Get a better/different/newer CA cert bundle! One option is to extract the + one a recent Firefox browser uses by running 'make ca-bundle' in the curl + build tree root, or possibly download a version that was generated this + way for you: [CA Extract](https://curl.haxx.se/docs/caextract.html) + +Neglecting to use one of the above methods when dealing with a server using a +certificate that isn't signed by one of the certificates in the installed CA +certificate store, will cause SSL to report an error ("certificate verify +failed") during the handshake and SSL will then refuse further communication +with that server. + +Certificate Verification with NSS +--------------------------------- + +If libcurl was built with NSS support, then depending on the OS distribution, +it is probably required to take some additional steps to use the system-wide +CA cert db. RedHat ships with an additional module, libnsspem.so, which +enables NSS to read the OpenSSL PEM CA bundle. On openSUSE you can install +p11-kit-nss-trust which makes NSS use the system wide CA certificate store. NSS +also has a new [database format](https://wiki.mozilla.org/NSS_Shared_DB). + +Starting with version 7.19.7, libcurl automatically adds the 'sql:' prefix to +the certdb directory (either the hardcoded default /etc/pki/nssdb or the +directory configured with SSL_DIR environment variable). To check which certdb +format your distribution provides, examine the default certdb location: +/etc/pki/nssdb; the new certdb format can be identified by the filenames +cert9.db, key4.db, pkcs11.txt; filenames of older versions are cert8.db, +key3.db, secmod.db. + +Certificate Verification with Schannel and Secure Transport +----------------------------------------------------------- + +If libcurl was built with Schannel (Microsoft's native TLS engine) or Secure +Transport (Apple's native TLS engine) support, then libcurl will still perform +peer certificate verification, but instead of using a CA cert bundle, it will +use the certificates that are built into the OS. These are the same +certificates that appear in the Internet Options control panel (under Windows) +or Keychain Access application (under OS X). Any custom security rules for +certificates will be honored. + +Schannel will run CRL checks on certificates unless peer verification is +disabled. Secure Transport on iOS will run OCSP checks on certificates unless +peer verification is disabled. Secure Transport on OS X will run either OCSP +or CRL checks on certificates if those features are enabled, and this behavior +can be adjusted in the preferences of Keychain Access. + +HTTPS proxy +----------- + +Since version 7.52.0, curl can do HTTPS to the proxy separately from the +connection to the server. This TLS connection is handled separately from the +server connection so instead of `--insecure` and `--cacert` to control the +certificate verification, you use `--proxy-insecure` and `--proxy-cacert`. +With these options, you make sure that the TLS connection and the trust of the +proxy can be kept totally separate from the TLS connection to the server. diff --git a/extern/curl/docs/THANKS b/extern/curl/docs/THANKS new file mode 100644 index 0000000000..53735cb6f5 --- /dev/null +++ b/extern/curl/docs/THANKS @@ -0,0 +1,2139 @@ + This project has been alive for many years. Countless people have provided + feedback that have improved curl. Here follows a list of people that have + contributed (a-z order). + + If you have contributed but are missing here, please let us know! + +1ocalhost on github +3dyd on github +Aaro Koskinen +Aaron Oneal +Aaron Orenstein +Aaron Scarisbrick +aasivov on github +Abram Pousada +accountantM on github +AceCrow on Github +Adam Barclay +Adam Brown +Adam Coyne +Adam D. Moss +Adam Langley +Adam Light +Adam Marcionek +Adam Piggott +Adam Sampson +Adam Tkac +adnn on github +Adrian Burcea +Adrian Peniak +Adrian Schuur +Adriano Meirelles +afrind on github +ahodesuka on github +Ajit Dhumale +Akhil Kedia +Aki Koskinen +Akos Pasztory +Akshay Vernekar +Alain Danteny +Alan Jenkins +Alan Pinstein +Albert Chin-A-Young +Albert Choy +Alejandro Alvarez Ayllon +Alejandro R. Sedeño +Aleksandar Milivojevic +Aleksey Tulinov +Ales Mlakar +Ales Novak +Alessandro Ghedini +Alessandro Vesely +Alex aka WindEagle +Alex Baines +Alex Bligh +Alex Chan +Alex Fishman +Alex Grebenschikov +Alex Gruz +Alex Konev +Alex Malinovich +Alex Mayorga +Alex McLellan +Alex Neblett +Alex Nichols +Alex Potapenko +Alex Rousskov +Alex Samorukov +Alex Suykov +Alex Vinnik +Alexander Beedie +Alexander Dyagilev +Alexander Elgert +Alexander Klauer +Alexander Kourakos +Alexander Krasnostavsky +Alexander Lazic +Alexander Pepper +Alexander Peslyak +Alexander Sinditskiy +Alexander Traud +Alexander Zhuravlev +Alexey Borzov +Alexey Eremikhin +Alexey Melnichuk +Alexey Pesternikov +Alexey Simak +Alexey Zakhlestin +Alexis Carvalho +Alexis La Goutte +Alfonso Martone +Alfred Gebert +Allen Pulsifer +Alona Rossen +amishmm on github +Amit Katyal +Amol Pattekar +Amr Shahin +Anatol Belski +Anatoli Tubman +Anders Bakken +Anders Berg +Anders Gustafsson +Anders Havn +Anders Roxell +Anderson Sasaki +Anderson Toshiyuki Sasaki +Andi Jahja +Andre Guibert de Bruet +Andre Heinecke +Andreas Damm +Andreas Falkenhahn +Andreas Farber +Andreas Kostyrka +Andreas Malzahn +Andreas Ntaflos +Andreas Olsson +Andreas Rieke +Andreas Roth +Andreas Schneider +Andreas Schuldei +Andreas Streichardt +Andreas Wurf +Andrei Benea +Andrei Cipu +Andrei Karas +Andrei Kurushin +Andrei Neculau +Andrei Sedoi +Andrei Valeriu BICA +Andrei Virtosu +Andrej E Baranov +Andrew Benham +Andrew Biggs +Andrew Bushnell +Andrew de los Reyes +Andrew Francis +Andrew Fuller +Andrew Ishchuk +Andrew Krieger +Andrew Kurushin +Andrew Lambert +Andrew Moise +Andrew Potter +Andrew Robbins +Andrew Wansink +Andrey Labunets +Andrii Moiseiev +Andrius Merkys +Andrés García +Andy Cedilnik +Andy Fiddaman +Andy Serpa +Andy Tsouladze +Angus Mackay +anshnd on github +Anthon Pang +Anthony Avina +Anthony Bryan +Anthony G. Basile +Antoine Aubert +Antoine Calando +Anton Bychkov +Anton Gerasimov +Anton Kalmykov +Anton Malov +Anton Yabchinskiy +Antoni Villalonga +Antonio Larrosa +Antony74 on github +Antti Hätälä +arainchik on github +Archangel_SDY on github +Arkadiusz Miskiewicz +Armel Asselin +Arnaud Compan +Arnaud Ebalard +Arnaud Rebillout +Aron Bergman +Aron Rotteveel +Artak Galoyan +Arthur Murray +Arve Knudsen +Arvid Norberg +asavah on github +Ashish Shukla +Ask Bjørn Hansen +Askar Safin +Ates Goral +Augustus Saunders +Austin Green +Avery Fay +Axel Tillequin +Ayoub Boudhar +Balaji Parasuram +Balaji S Rao +Balaji Salunke +Balazs Kovacsics +Balint Szilakszi +Barry Abrahamson +Barry Pollard +Bart Whiteley +Bas Mevissen +Bas van Schaik +Bastien Bouclet +Basuke Suzuki +baumanj on github +bdry on github +Ben Boeckel +Ben Darnell +Ben Greear +Ben Kohler +Ben Madsen +Ben Noordhuis +Ben Van Hof +Ben Voris +Ben Winslow +Benbuck Nason +Benjamin Gerard +Benjamin Gilbert +Benjamin Johnson +Benjamin Kircher +Benjamin Ritcey +Benjamin Sergeant +Benoit Neil +Benoit Sigoure +Bernard Leak +Bernard Spil +Bernd Mueller +Bernhard Iselborn +Bernhard M. Wiedemann +Bernhard Reutner-Fischer +Bernhard Walle +Bert Huijben +Bertrand Demiddelaer +Bertrand Simonnet +Bill Doyle +Bill Egert +Bill Hoffman +Bill Middlecamp +Bill Nagel +Bill Pyne +Bjarni Ingi Gislason +Bjoern Franke +Bjoern Sikora +Bjorn Augustsson +Bjorn Reese +Björn Stenberg +Blaise Potard +bnfp on github +Bob Relyea +Bob Richmond +Bob Schader +bobmitchell1956 on github +Bogdan Nicula +Brad Burdick +Brad Fitzpatrick +Brad Harder +Brad Hards +Brad King +Brad Spencer +Bradford Bruce +bramus on github +Brandon Casey +Brandon Dong +Brandon Wang +Brendan Jurd +Brent Beardsley +Brian Akins +Brian Carpenter +Brian Chaplin +Brian Childs +Brian Chrisman +Brian Dessent +Brian E. Gallew +Brian J. Murrell +Brian Prodoehl +Brian R Duffy +Brian Ulm +Brock Noland +Bru Rom +Bruce Mitchener +Bruce Stephens +Bruno de Carvalho +Bruno Grasselli +Bruno Thomsen +Bryan Henderson +Bryan Kemp +bsammon on github +buzo-ffm on github +bxac on github +Bylon2 on github +Byrial Jensen +Caleb Raitto +Cameron Kaiser +Cameron MacMinn +Camille Moncelier +Caolan McNamara +Captain Basil +Carie Pointer +Carlo Cannas +Carlo Marcelo Arenas Belón +Carlo Teubner +Carlo Wood +Carlos ORyan +Carsten Lange +Casey O'Donnell +Catalin Patulea +cbartl on github +cclauss on github +Chad Monroe +Chandrakant Bagul +Charles Kerr +Charles Romestant +Chen Prog +Chester Liu +Chih-Chung Chang +Chih-Hsuan Yen +Chris "Bob Bob" +Chris Araman +Chris Carlmar +Chris Combes +Chris Conlon +Chris Deidun +Chris Faherty +Chris Flerackers +Chris Gaukroger +Chris Maltby +Chris Mumford +Chris Smowton +Chris Young +Christian Fillion +Christian Grothoff +Christian Heimes +Christian Hägele +Christian Krause +Christian Kurz +Christian Robottom Reis +Christian Schmitz +Christian Stewart +Christian Vogt +Christian Weisgerber +Christoph M. Becker +Christophe Demory +Christophe Dervieux +Christophe Legry +Christopher Conroy +Christopher Head +Christopher Palow +Christopher R. Palmer +Christopher Reid +Christopher Stone +Chungtsun Li +Ciprian Badescu +Claes Jakobsson +Clarence Gardner +Claudio Neves +clbr on github +Clemens Gruber +Cliff Crosland +Clifford Wolf +Clint Clayton +Clément Notin +cmfrolick on github +codesniffer13 on github +Cody Jones +Cody Mack +Colby Ranger +Colin Blair +Colin Hogben +Colin Watson +Colm Buckley +Constantine Sapuntzakis +Cory Benfield +Cory Nelson +Costya Shulyupin +Craig A West +Craig Andrews +Craig Davison +Craig de Stigter +Craig Markwardt +crazydef on github +Cris Bailiff +Cristian Greco +Cristian Rodríguez +Curt Bogmine +Cynthia Coan +Cyril B +Cyrill Osterwalder +Cédric Connes +Cédric Deltheil +D. Flinkmann +d912e3 on github +Da-Yoon Chung +daboul on github +Dag Ekengren +Dagobert Michelsen +Dair Grant +Dambaev Alexander +Damian Dixon +Damien Adant +Damien Vielpeau +Dan Becker +Dan Cristian +Dan Donahue +Dan Fandrich +Dan Jacobson +Dan Johnson +Dan Locks +Dan McNulty +Dan Nelson +Dan Petitt +Dan Torop +Dan Zitter +Daniel at touchtunes +Daniel Bankhead +Daniel Black +Daniel Cater +Daniel Egger +Daniel Gustafsson +Daniel Hwang +Daniel Jeliński +Daniel Johnson +Daniel Kahn Gillmor +Daniel Krügler +Daniel Lee Hwang +Daniel Lublin +Daniel Marjamäki +Daniel Melani +Daniel Mentz +Daniel Romero +Daniel Schauenberg +Daniel Seither +Daniel Shahaf +Daniel Silverstone +Daniel Steinberg +Daniel Stenberg +Daniel Theron +Daphne Luong +Dario Nieuwenhuis +Dario Weißer +Darryl House +Darshan Mody +Darío Hereñú +dasimx on github +Dave Dribin +Dave Halbakken +Dave Hamilton +Dave May +Dave Reisner +Dave Thompson +Dave Vasilevsky +Davey Shafik +David Bau +David Benjamin +David Binderman +David Blaikie +David Byron +David Cohen +David E. Narváez +David Eriksson +David Garske +David Houlder +David Hull +David J Meyer +David James +David Kalnischkies +David Kierznowski +David Kimdon +David L. +David Lang +David LeBlanc +David Lopes +David Lord +David McCreedy +David Odin +David Phillips +David Rosenstrauch +David Ryskalczyk +David Sanderson +David Schweikert +David Shaw +David Strauss +David Tarendash +David Thiel +David Walser +David Woodhouse +David Wright +David Yan +dbrowndan on github +Dengminwen +Denis Chaplygin +Denis Feklushkin +Denis Ollier +Dennis Clarke +Derek Higgins +Desmond O. Chang +destman on github +Detlef Schmier +Dheeraj Sangamkar +Didier Brisebourg +Diego Bes +Diego Casorran +Dilyan Palauzov +Dima Barsky +Dima Pasechnik +Dima Tisnek +Dimitar Boevski +Dimitre Dimitrov +Dimitrios Apostolou +Dimitrios Siganos +Dimitris Sarris +Dinar +Dirk Eddelbuettel +Dirk Feytons +Dirk Manske +dkjjr89 on github +dkwolfe4 on github +Dmitri Shubin +Dmitri Tikhonov +Dmitriy Sergeyev +dmitrmax on github +Dmitry Bartsevich +Dmitry Eremin-Solenikov +Dmitry Falko +Dmitry Kostjuchenko +Dmitry Kurochkin +Dmitry Mikhirev +Dmitry Popov +Dmitry Rechkin +Dmitry S. Baikov +dnivras on github +Dolbneff A.V +Domenico Andreoli +Dominick Meglio +Dominik Hölzl +Dominique Leuenberger +Don J Olmstead +Dongliang Mu +Doron Behar +Doug Kaufman +Doug Porter +Douglas Creager +Douglas E. Wegscheid +Douglas Kilpatrick +Douglas Mencken +Douglas R. Horner +Douglas Steinwand +Dov Murik +dpull on github +Drake Arconis +dtmsecurity on github +Duane Cathey +Duncan Mac-Vicar Prett +Dustin Boswell +Dusty Mabe +Duy Phan Thanh +Dwarakanath Yadavalli +Dylan Ellicott +Dylan Salisbury +Dániel Bakai +Early Ehlinger +Earnestly on github +Eason-Yu on github +Ebenezer Ikonne +Ed Morley +Edgaras Janušauskas +Edin Kadribasic +Edmond Yu +Eduard Bloch +Edward Kimmel +Edward Rudd +Edward Sheldrake +Edward Thomson +Eelco Dolstra +Eetu Ojanen +Egon Eckert +Eldar Zaitov +elelel on github +elephoenix on github +Eli Schwartz +Elia Tufarolo +Elliot Saba +Ellis Pritchard +Elmira A Semenova +elsamuko on github +Emanuele Bovisio +Emil Engler +Emil Lerner +Emil Romanus +Emiliano Ida +Emmanuel Tychon +Enrico Scholz +Enrik Berkhan +Eramoto Masaya +Eric Cooper +Eric Curtin +Eric Gallager +Eric Hu +Eric Landes +Eric Lavigne +Eric Lubin +Eric Melville +Eric Mertens +Eric Rautman +Eric Rescorla +Eric Ridge +Eric Rosenquist +Eric S. Raymond +Eric Thelin +Eric Vergnaud +Eric Wong +Eric Wu +Eric Young +Erick Nuwendam +Erik Jacobsen +Erik Janssen +Erik Johansson +Erik Minekus +Ernest Beinrohr +Ernst Sjöstrand +Erwan Legrand +Erwin Authried +Ethan Glasser Camp +Etienne Simard +Eugene Kotlyarov +Evan Jordan +Even Rouault +Evert Pot +Evgeny Grin +Evgeny Turnaev +eXeC64 on github +Eygene Ryabinkin +Fabian Frank +Fabian Hiernaux +Fabian Keil +Fabian Ruff +Fabrice Fontaine +Fabrizio Ammollo +Fahim Chandurwala +Faizur Rahman +fds242 on github +Federico Bianchi +Fedor Karpelevitch +Fedor Korotkov +Feist Josselin +Felipe Gasper +Felix Hädicke +Felix Kaiser +Felix von Leitner +Felix Yan +Feng Tu +Fernando Muñoz +Flavio Medeiros +Florian Pritz +Florian Schoppmann +Florian Weimer +Florin Petriuc +Forrest Cahoon +Francisco Moraes +Francisco Sedano +Francois Petitjean +Francois Rivard +Frank Denis +Frank Gevaerts +Frank Hempel +Frank Keeney +Frank McGeough +Frank Meier +Frank Ticheler +Frank Van Uffelen +František Kučera +François Charlier +Fred Machado +Fred New +Fred Noz +Fred Stluka +Frederic Lepied +Frederik B +Fredrik Thulin +Gabriel Kuri +Gabriel Sjoberg +Garrett Holmstrom +Gary Maxwell +Gaurav Malhotra +Gautam Kachroo +Gautam Mani +Gavrie Philipson +Gaz Iqbal +Gaël Portay +Geeknik Labs +Geoff Beier +Georg Horn +Georg Huettenegger +Georg Lippitsch +Georg Wicherski +George Liu +Gerd v. Egidy +Gergely Nagy +Gerhard Herre +Gerrit Bruchhäuser +Ghennadi Procopciuc +Giancarlo Formicuccia +Giaslas Georgios +Gil Weber +Gilad +Gilbert Ramirez Jr. +Gilles Blanc +Gilles Vollant +Giorgos Oikonomou +Gisle Vanem +GitYuanQu on github +Giuseppe Attardi +Giuseppe D'Ambrosio +Giuseppe Persico +Glen A Johnson Jr. +Glen Nakamura +Glen Scott +Glenn Sheridan +Google Inc. +Gordon Marler +Gorilla Maguila +Gou Lingfeng +Grant Erickson +Grant Pannell +Greg Hewgill +Greg Morse +Greg Onufer +Greg Pratt +Greg Rowe +Greg Zavertnik +Gregory Nicholls +Gregory Szorc +Griffin Downs +Grigory Entin +Guenole Bescon +Guido Berhoerster +Guillaume Arluison +guitared on github +Gunter Knauf +Gustaf Hui +Gustavo Grieco +Guy Poizat +GwanYeong Kim +Gwenole Beauchesne +Gökhan Şengün +Götz Babin-Ebell +Hagai Auro +Haibo Huang +Hamish Mackenzie +hamstergene on github +Han Han +Han Qiao +Hang Kin Lau +Hang Su +Hannes Magnusson +Hanno Böck +Hanno Kranzhoff +Hans Steegers +Hans-Jurgen May +Hardeep Singh +Haris Okanovic +Harold Stuart +Harry Sintonen +Harshal Pradhan +Hauke Duden +He Qin +Heikki Korpela +Heinrich Ko +Heinrich Schaefer +Helge Klein +Helmut K. C. Tessarek +Helwing Lutz +Hendrik Visage +Henri Gomez +Henrik Gaßmann +Henrik Storner +Henry Ludemann +Henry Roeland +Herve Amblard +Hidemoto Nakada +Ho-chi Chen +Hoi-Ho Chan +Hongli Lai +Howard Blaise +Howard Chu +hsiao yi +Hubert Kario +Huzaifa Sidhpurwala +Hzhijun +Ian D Allen +Ian Fette +Ian Ford +Ian Gulliver +Ian Lynagh +Ian Turner +Ian Wilkes +Ignacio Vazquez-Abrams +Igor Franchuk +Igor Khristophorov +Igor Makarov +Igor Novoseltsev +Igor Polyakov +Ihor Karpenko +Iida Yosiaki +Ilguiz Latypov +Ilja van Sprundel +Ilya Kosarev +imilli on github +Immanuel Gregoire +Inca R +infinnovation-dev on github +Ingmar Runge +Ingo Ralf Blum +Ingo Wilken +Irfan Adilovic +Ironbars13 on github +Irving Wolfe +Isaac Boukris +Isaiah Norton +Ishan SinghLevett +Ithubg on github +Ivan Avdeev +IvanoG on github +Ivo Bellin Salarin +iz8mbw on github +Jack Zhang +Jackarain on github +Jacky Lam +Jacob Barthelmeh +Jacob Meuser +Jacob Moshenko +Jactry Zeng +Jad Chamcham +Jaime Fullaondo +jakirkham on github +Jakub Wilk +Jakub Zakrzewski +James Atwill +James Brown +James Bursa +James Cheng +James Clancy +James Cone +James Dury +James Fuller +James Gallagher +James Griffiths +James Housley +James Knight +James MacMillan +James Slaughter +Jamie Lokier +Jamie Newton +Jamie Wilkinson +Jan Alexander Steffens +Jan Chren +Jan Ehrhardt +Jan Koen Annot +Jan Kunder +Jan Schaumann +Jan Schmidt +Jan Van Boghout +JanB on github +Janne Johansson +Jared Jennings +Jared Lundell +Jari Aalto +Jari Sundell +jasal82 on github +Jason Baietto +Jason Glasgow +Jason Juang +Jason Lee +Jason Liu +Jason McDonald +Jason S. Priebe +Javier Barroso +Javier Blazquez +Javier G. Sogo +Javier Sixto +Jay Austin +Jayesh A Shah +Jaz Fresh +Jean Fabrice +Jean Gressmann +Jean Jacques Drouin +Jean-Claude Chauve +Jean-Francois Bertrand +Jean-Francois Durand +Jean-Louis Lemaire +Jean-Marc Ranger +Jean-Noël Rouvignac +Jean-Philippe Barrette-LaPierre +Jeff Connelly +Jeff Hodges +Jeff Johnson +Jeff King +Jeff Lawson +Jeff Mears +Jeff Phillips +Jeff Pohlmeyer +Jeff Weber +Jeffrey Walton +Jens Finkhaeuser +Jens Rantil +Jens Schleusener +Jeremie Rapin +Jeremy Friesner +Jeremy Huddleston +Jeremy Lainé +Jeremy Lin +Jeremy Pearson +Jeremy Tan +Jeroen Koekkoek +Jeroen Ooms +Jerome Muffat-Meridol +Jerome Robert +Jerome Vouillon +Jerry Krinock +Jerry Wu +Jes Badwal +Jesper Jensen +Jesse Chisholm +Jesse Noller +Jesse Tan +jethrogb on github +Jie He +Jim Drash +Jim Freeman +Jim Fuller +Jim Hollinger +Jim Meyering +Jimmy Gaussen +Jiri Dvorak +Jiri Hruska +Jiri Jaburek +Jiří Malák +jnbr on github +Jocelyn Jaubert +Joe Halpin +Joe Malicki +Joe Mason +Joel Chen +Joel Depooter +Jofell Gallardo +Johan Anderson +Johan Lantz +Johan Nilsson +Johan van Selst +Johannes Bauer +Johannes Ernst +Johannes G. Kristinsson +Johannes Schindelin +John A. Bristor +John Bradshaw +John Butterfield +John Coffey +John Crow +John David Anglin +John DeHelian +John Dennis +John Dunn +John E. Malmberg +John Gardiner Myers +John Hascall +John Janssen +John Joseph Bachir +John Kelly +John Kohl +John Lask +John Levon +John Lightsey +John Marino +John Marshall +John McGowan +John P. McCaskey +John Schroeder +John Starks +John Suprock +John V. Chow +John Wanghui +John Weismiller +John Wilkinson +John-Mark Bell +Johnny Luong +Jojojov on github +Jon DeVree +Jon Grubbs +Jon Nelson +Jon Rumsey +Jon Sargeant +Jon Seymour +Jon Spencer +Jon Torrey +Jon Travis +Jon Turner +Jonas Forsman +Jonas Minnberg +Jonas Schnelli +Jonas Vautherin +Jonatan Lander +Jonatan Vela +Jonathan Cardoso Machado +Jonathan Hseu +Jonathan Moerman +Jonathan Nieder +Jongki Suwandi +jonrumsey on github +Joombalaya on github +Joonas Kuorilehto +Jose Alf +Jose Kahan +Josef Wolf +Josh Bialkowski +Josh Kapell +joshhe on github +Joshua Kwan +Joshua Swink +Josie Huddleston +Josue Andrade Gomes +Jozef Kralik +Juan Barreto +Juan F. Codagnone +Juan Ignacio Hervás +Juan RP +Judson Bishop +Juergen Hoetzel +Juergen Wilke +Jukka Pihl +Julian Noble +Julian Ospald +Julian Romero Nieto +Julian Taylor +Julian Z +Julien Chaffraix +Julien Nabet +Julien Royer +Jun-ichiro itojun Hagino +jungle-boogie on github +Junho Choi +Jurij Smakov +Juro Bystricky +Justin Clift +Justin Ehlert +Justin Fletcher +Justin Karneges +Justin Maggard +jveazey on github +jzinn on github +János Fekete +Jérémy Rocher +Jörg Mueller-Tolk +Jörn Hartroth +K. R. Walker +ka7 on github +Kai Engert +Kai Noda +Kai Sommerfeld +Kai-Uwe Rommel +Kalle Vahlman +Kamil Dudka +Kang Lin +Kang-Jin Lee +Karl Moerder +Karol Pietrzak +Kartik Mahajan +Kaspar Brand +Katie Wang +Katsuhiko YOSHIDA +Kazuho Oku +Kees Cook +Kees Dekker +Keith MacDonald +Keith McGuigan +Keith Mok +Ken Hirsch +Ken Rastatter +Kenny To +Kent Boortz +Keshav Krity +Kevin Baughman +Kevin Fisk +Kevin Ji +Kevin Lussier +Kevin R. Bulgrien +Kevin Reed +Kevin Roth +Kevin Smith +Kim Minjoong +Kim Rinnewitz +Kim Vandry +Kimmo Kinnunen +Kirill Marchuk +Kjell Ericson +Kjetil Jacobsen +Klaus Stein +Klevtsov Vadim +Kobi Gurkan +Koen Dergent +Konstantin Isakov +Konstantin Kushnir +kouzhudong on github +kreshano on github +Kris Kennaway +Krishnendu Majumdar +Krister Johansen +Kristian Gunstone +Kristian Köhntopp +Kristian Mide +Kristiyan Tsaklev +Kristoffer Gleditsch +Kunal Ekawde +Kurt Fankhauser +Kyle Abramowitz +Kyle Edwards +Kyle J. McKay +Kyle L. Huff +Kyle Sallee +Kyohei Kadota +Kyselgov E.N +l00p3r on Hackerone +Lachlan O'Dea +Ladar Levison +Lance Ware +Larry Campbell +Larry Fahnoe +Larry Lin +Larry Stefani +Larry Stone +Lars Buitinck +Lars Gustafsson +Lars J. Aas +Lars Johannesen +Lars Nilsson +Lars Torben Wilson +Laurent Bonnans +Laurent Rabret +Lauri Kasanen +Laurie Clark-Michalek +Lawrence Matthews +Lawrence Wagerfield +Legoff Vincent +Lehel Bernadt +Leif W +Leigh Purdie +Leith Bade +Len Krause +Len Marinaccio +Lenaic Lefever +Lenny Rachitsky +Leo Neat +Leon Breedt +Leon Winter +Leonardo Rosati +Leonardo Taccari +Liam Healy +lijian996 on github +Lijo Antony +Linas Vepstas +Lindley French +Ling Thio +Linos Giannopoulos +Linus Lewandowski +Linus Nielsen Feltzing +Linus Nordberg +Lior Kaplan +Lisa Xu +Liviu Chircu +Liza Alenchery +Lloyd Fournier +Lluís Batlle i Rossell +Loganaden Velvindron +Loic Dachary +Loren Kirkby +Luan Cestari +Luca Altea +Luca Boccassi +Lucas Adamski +Lucas Pardue +Lucas Severo +Ludek Finstrle +Ludovico Cavedon +Ludwig Nussel +Lukas Ruzicka +Lukasz Czekierda +lukaszgn on github +Luke Amery +Luke Call +Luke Dashjr +Luo Jinghua +Luong Dinh Dung +Luz Paz +Luật Nguyễn +Lyman Epp +Lyndon Hill +Maciej Karpiuk +Maciej Puzio +Maciej W. Rozycki +madblobfish on github +Mahmoud Samir Fayed +Maks Naumov +Maksim Kuzevanov +Maksim Stsepanenka +Mamoru Tasaka +Mamta Upadhyay +Mandy Wu +Manfred Schwarb +MAntoniak on github +Manuel Massing +Marc Aldorasi +Marc Boucher +Marc Deslauriers +Marc Doughty +Marc Hesse +Marc Hörsken +Marc Kleine-Budde +Marc Renault +Marc Schlatter +Marc-Antoine Perennou +marc-groundctl on github +Marcel Hernandez +Marcel Raad +Marcel Roelofs +Marcelo Echeverria +Marcelo Juchem +Marcin Adamski +Marcin Gryszkalis +Marcin Konicki +Marco Deckel +Marco G. Salvagno +Marco Maggi +Marcos Diazr +Marcus Hoffmann +Marcus Klein +Marcus Sundberg +Marcus Webster +Marian Klymov +Mario Schroeder +Mark Brand +Mark Butler +Mark Davies +Mark Hamilton +Mark Incley +Mark Karpeles +Mark Lentczner +Mark Nottingham +Mark Salisbury +Mark Snelling +Mark Tully +Mark W. Eichin +Mark Wotton +Markus Duft +Markus Elfring +Markus Koetter +Markus Moeller +Markus Oberhumer +Markus Westerlind +Maros Priputen +Marquis de Muesli +Martijn Koster +Martin Ankerl +Martin C. Martin +Martin Drasar +Martin Dreher +Martin Frodl +Martin Galvan +Martin Gartner +Martin Hager +Martin Hedenfalk +Martin Jansen +Martin Kammerhofer +Martin Kepplinger +Martin Lemke +Martin Skinner +Martin Staael +Martin Storsjö +Martin Vejnár +Marty Kuhrt +Maruko +masbug on github +Massimiliano Fantuzzi +Massimiliano Ziccardi +Massimo Callegari +Mateusz Loskot +Mathias Axelsson +Mathieu Legare +Mats Lidell +Matt Arsenault +Matt Ford +Matt Kraai +Matt McClure +Matt Veenstra +Matt Witherspoon +Matt Wixson +Matteo Bignotti +Matteo Bignottignotti +Matteo Rocco +Matthew Blain +Matthew Clarke +Matthew Hall +Matthew Kerwin +Matthew Whitehead +Matthias Bolte +Mattias Fornander +Matus Uzak +Maurice Barnum +Mauro Iorio +Mauro Rappa +Max Dymond +Max Katsev +Max Kellermann +Max Khon +Max Savenkov +Maxim Ivanov +Maxim Perenesenko +Maxim Prohorov +Maxime Larocque +Maxime Legros +mbeifuss on github +mccormickt12 on github +Mehmet Bozkurt +Mekonikum +Melissa Mears +Mert Yazıcıoğlu +Mettgut Jamalla +Michael Anti +Michael Benedict +Michael Brehm +Michael Calmer +Michael Cronenworth +Michael Curtis +Michael Day +Michael Felt +Michael Forney +Michael Gmelin +Michael Goffioul +Michael Jahn +Michael Jerris +Michael Kalinin +Michael Kaufmann +Michael Kilburn +Michael Kujawa +Michael König +Michael Lee +Michael Maltese +Michael Mealling +Michael Mueller +Michael Osipov +Michael Schmid +Michael Smith +Michael Stapelberg +Michael Steuer +Michael Stillwell +Michael Vittiglio +Michael Wallner +Michal Bonino +Michal Marek +Michal Trybus +Michal Čaplygin +Michał Antoniak +Michał Fita +Michał Górny +Michał Janiszewski +Michał Kowalczyk +Michał Piechowski +Michel Promonet +Michele Bini +Miguel Angel +Miguel Diaz +migueljcrum on github +Mihai Ionescu +Mikael Johansson +Mikael Sennerholm +Mikalai Ananenka +Mike Bytnar +Mike Crowe +Mike Dobbs +Mike Dowell +Mike Frysinger +Mike Giancola +Mike Hasselberg +Mike Henshaw +Mike Hommey +Mike Mio +Mike Norton +Mike Power +Mike Protts +Mike Revi +Miklos Nemeth +Miloš Ljumović +Mingliang Zhu +Miroslav Franc +Miroslav Spousta +Mischa Salle +Mitz Wark +mkzero on github +Mohamed Lrhazi +Mohammad AlSaleh +Mohammad Hasbini +Mohun Biswas +momala454 on github +moohoorama on github +Mostyn Bramley-Moore +Moti Avrahami +MrdUkk on github +MrSorcus on github +Muz Dima +Myk Taylor +Nach M. S. +Nagai H +naost3rn on github +Nate Prewitt +Nathan Coulter +Nathan O'Sullivan +Nathanael Nerode +Nathaniel J. Smith +Nathaniel Waisbrot +Naveen Chandran +Naveen Noel +Neal Poole +nedres on github +neex on github +Nehal J Wani +neheb on github +Neil Bowers +Neil Dunbar +Neil Kolban +Neil Spring +nevv on HackerOne/curl +Niall O'Reilly +niallor on github +nianxuejie on github +Nic Roets +Nicholas Maniscalco +Nick Draffen +Nick Gimbrone +Nick Humfrey +Nick Miyake +Nick Zitzmann +Nicklas Avén +Nico Baggus +nico-abram on github +Nicolas Berloquin +Nicolas Croiset +Nicolas François +Nicolas Grekas +Nicolas Guillier +Nicolas Morey-Chaisemartin +Niels van Tongeren +Nikita Schmidt +Nikitinskit Dmitriy +Niklas Angebrand +Niklas Hambüchen +Nikolai Kondrashov +Nikos Mavrogiannopoulos +Nikos Tsipinakis +niner on github +Ning Dong +Nir Soffer +Nis Jorgensen +nk +Nobuhiro Ban +Nodak Sodak +nopjmp on github +Norbert Frese +Norbert Kett +Norbert Novotny +NTMan on Github +Octavio Schroeder +Ofer +Okhin Vasilij +Ola Mork +Olaf Flebbe +Olaf Stüben +Oleg Pudeyev +Olen Andoni +olesteban on github +Oli Kingshott +Oliver Gondža +Oliver Graute +Oliver Kuckertz +Oliver Schindler +Olivier Berger +Olivier Brunel +Omar Ramadan +omau on github +Orange Tsai +Oren Souroujon +Oren Tirosh +Orgad Shaneh +Ori Avtalion +osabc on github +Oscar Koeroo +Oscar Norlander +Oskar Liljeblad +Oumph on github +ovidiu-benea on github +P R Schaffner +Palo Markovic +Paolo Mossino +Paolo Piacentini +Paras Sethia +Pascal Gaudette +Pascal Terjan +Pasha Kuznetsov +Pasi Karkkainen +Pat Ray +patelvivekv1993 on github +patnyb on github +Patrice Guerin +Patricia Muscalu +Patrick Bihan-Faou +Patrick Dawson +Patrick McManus +Patrick Monnerat +Patrick Rapin +Patrick Schlangen +Patrick Scott +Patrick Smith +Patrick Watson +Patrik Thunstrom +Pau Garcia i Quiles +Paul B. Omta +Paul Donohue +Paul Dreik +Paul Groke +Paul Harrington +Paul Harris +Paul Hoffman +Paul Howarth +Paul Joyce +Paul Marks +Paul Marquis +Paul Moore +Paul Nolan +Paul Oliver +Paul Querna +Paul Saab +Paulo Roberto Tomasi +Pavel Cenek +Pavel Gushchin +Pavel Löbl +Pavel Orehov +Pavel Pavlov +Pavel Raiskup +Pavel Rochnyak +Pavel Volgarev +Pavol Markovic +Pawel A. Gajda +Pawel Kierski +Pedro Larroy +Pedro Monreal +Pedro Neves +pendrek at hackerone +Peng Li +Per Lundberg +Per Malmberg +Pete Lomax +Peter Bray +Peter Forret +Peter Frühberger +Peter Gal +Peter Heuchert +Peter Hjalmarsson +Peter Korsgaard +Peter Lamare +Peter Lamberg +Peter Laser +Peter O'Gorman +Peter Pentchev +Peter Piekarski +Peter Silva +Peter Simonyi +Peter Su +Peter Sumatra +Peter Sylvester +Peter Todd +Peter Varga +Peter Verhas +Peter Wang +Peter Wu +Peter Wullinger +Peteris Krumins +Petr Bahula +Petr Novak +Petr Pisar +Petr Voytsik +Phil Blundell +Phil Crump +Phil Karn +Phil Lisiecki +Phil Pellouchoud +Philip Craig +Philip Gladstone +Philip Langdale +Philip Prindeville +Philipp Waehnert +Philippe Hameau +Philippe Marguinaud +Philippe Raoult +Philippe Vaucher +Pierre +Pierre Brico +Pierre Chapuis +Pierre Joye +Pierre Ynard +Pierre-Yves Bigourdan +Piotr Dobrogost +Piotr Komborski +Po-Chuan Hsieh +Pooyan McSporran +Poul T Lomholt +Pramod Sharma +Prash Dush +Praveen Pvs +Priyanka Shah +Przemysław Tomaszewski +pszemus on github +Puneet Pawaia +Quagmire +Quanah Gibson-Mount +Quinn Slack +R. Dennis Steed +Radu Simionescu +Rafa Muyo +Rafael Antonio +Rafael Sagula +Rafayel Mkrtchyan +Rafaël Carré +Rainer Canavan +Rainer Jung +Rainer Koenig +Rainer Müller +Rajesh Naganathan +Rajkumar Mandal +Ralf S. Engelschall +Ralph Beckmann +Ralph Mitchell +Ram Krushna Mishra +Ran Mozes +Randall S. Becker +Randy Armstrong +Randy McMurchy +Raphael Gozzo +Ravi Pratap +Ray Dassen +Ray Pekowski +Ray Satiro +Razvan Cojocaru +Reed Loden +Reinhard Max +Reinout van Schouwen +Remco van Hooff +Remi Gacogne +Remo E +Renato Botelho +Renaud Allard +Renaud Chaillat +Renaud Duhaut +Renaud Guillard +Renaud Lehoux +Rene Bernhardt +Rene Rebe +Reuven Wachtfogel +Reza Arbab +Ricardo Cadime +Ricardo Gomes +Rich Burridge +Rich Gray +Rich Mirch +Rich Rauenzahn +Rich Turner +Richard Adams +Richard Alcock +Richard Archer +Richard Atterer +Richard Bowker +Richard Bramante +Richard Clayton +Richard Cooper +Richard Gorton +Richard Gray +Richard Hosking +Richard Hsu +Richard Michael +Richard Moore +Richard Prescott +Richard Silverman +Richard van den Berg +Richy Kim +Rick Deist +Rick Jones +Rick Richardson +Rick Welykochy +Rickard Hallerbäck +Ricki Hirner +Ricky Leverence +Ricky-Tigg on github +Rider Linden +Rikard Falkeborn +Rob Cotrone +Rob Crittenden +Rob Davies +Rob Jones +Rob Sanders +Rob Stanzel +Rob Ward +Robert A. Monat +Robert B. Harris +Robert D. Young +Robert Dunaj +Robert Foreman +Robert Iakobashvili +Robert Kolcun +Robert Linden +Robert Olson +Robert Prag +Robert Schumann +Robert Weaver +Robert Wruck +Robin Cornelius +Robin Johnson +Robin Kay +Robson Braga Araujo +Rod Widdowson +Rodger Combs +Rodney Simmons +Rodric Glaser +Rodrigo Silva +Roger Leigh +Roland Blom +Roland Hieber +Roland Krikava +Roland Zimmermann +Rolf Eike Beer +Rolland Dudemaine +Romain Coltel +Romain Fliedel +Romain Geissler +Roman Koifman +Roman Mamedov +Romulo A. Ceccon +Ron Eldor +Ron Parker +Ron Zapp +Ronnie Mose +Rosimildo da Silva +Roy Bellingan +Roy Shan +Rune Kleveland +Ruslan Baratov +Ruslan Gazizov +Rutger Hofman +Ruurd Beerstra +RuurdBeerstra on github +Ryan Braud +Ryan Chan +Ryan Nelson +Ryan Schmidt +Ryan Scott +Ryan Winograd +Ryuichi KAWAMATA +Rémy Léone +S. Moonesamy +Salah-Eddin Shaban +Salvador Dávila +Salvatore Sorrentino +Sam Deane +Sam Hurst +Sam Roth +Sam Schanken +Sampo Kellomaki +Samuel Díaz García +Samuel Listopad +Samuel Surtees +Samuel Thibault +Sander Gates +Sandor Feldi +Santhana Todatry +Santino Keupp +Saqib Ali +Sara Golemon +Saran Neti +Sascha Swiercy +Saul good +Saurav Babu +sayrer on github +SBKarr on github +Scott Bailey +Scott Barrett +Scott Cantor +Scott Davis +Scott McCreary +Sean Boudreau +Sean Burford +Sean MacLennan +Sean Miller +Sebastiaan van Erk +Sebastian Haglund +Sebastian Mundry +Sebastian Pohlschmidt +Sebastian Rasmussen +Senthil Raja Velu +Sergei Kuzmin +Sergei Nikulov +Sergey Ogryzkov +Sergey Tatarincev +Sergii Kavunenko +Sergii Pylypenko +Sergio Ballestrero +Sergio Barresi +Sergio Borghese +Serj Kalichev +Seshubabu Pasam +Seth Mos +Sevan Janiyan +Sh Diao +Shachaf Ben-Kiki +Shailesh Kapse +Shankar Jadhavar +Shao Shuchao +Sharad Gupta +Shard +Shaun Jackman +Shawn Landden +Shawn Poulson +Shine Fan +Shiraz Kanga +Shlomi Fish +Shmulik Regev +Siddhartha Prakash Jain +Sidney San Martín +Siegfried Gyuricsko +silveja1 on github +Simon Dick +Simon H. +Simon Josefsson +Simon Legner +Simon Liu +Simon Warta +SLDiggie on github +smuellerDD on github +Somnath Kundu +Song Ma +Sonia Subramanian +Spacen Jasset +Spezifant on github +Spiridonoff A.V +Spoon Man +Spork Schivago +sstruchtrup on github +Stadler Stephan +Stan van de Burgt +Stanislav Ivochkin +Stanislav Zidek +steelman on github +Stefan Agner +Stefan Bühler +Stefan Eissing +Stefan Esser +Stefan Grether +Stefan Kanthak +Stefan Krause +Stefan Neis +Stefan Teleman +Stefan Tomanek +Stefan Ulrich +Stefano Simonelli +Steinar H. Gunderson +steini2000 on github +Stepan Broz +Stephan Bergmann +Stephan Lagerholm +Stephan Mühlstrasser +Stephan Szabo +Stephen Brokenshire +Stephen Collyer +Stephen Kick +Stephen More +Stephen Toub +Sterling Hughes +Steve Green +Steve H Truong +Steve Havelka +Steve Holme +Steve Lhomme +Steve Little +Steve Marx +Steve Oliphant +Steve Roskowski +Steve Walch +Steven Bazyl +Steven G. Johnson +Steven Gu +Steven M. Schweda +Steven Parkes +Stian Soiland-Reyes +Stoned Elipot +stootill on github +Stuart Henderson +SumatraPeter on github +Sune Ahlgren +Sunny Bean +Sunny Purushe +Sven Anders +Sven Blumenstein +Sven Neuhaus +Sven Wegener +Svyatoslav Mishyn +swalkaus at yahoo.com +Sylvestre Ledru +Symeon Paraschoudis +Sébastien Willemijns +T. Bharath +T. Yamada +Tae Hyoung Ahn +Tae Wong +Taiyu Len +Taneli Vähäkangas +Tanguy Fautre +tarek112 on github +Tatsuhiro Tsujikawa +Teemu Yli-Elsila +Temprimus +Terri Oda +Terry Wu +The Infinnovation team +TheAssassin on github +Theodore Dubois +tholin on github +Thomas Braun +Thomas Gamper +Thomas Glanzmann +Thomas J. Moore +Thomas Klausner +Thomas L. Shinnick +Thomas Lopatic +Thomas Petazzoni +Thomas Ruecker +Thomas Schwinge +Thomas Tonino +Thomas van Hesteren +Thomas Vegas +Thorsten Schöning +Tiit Pikma +Till Maas +Tim Ansell +Tim Baker +Tim Bartley +Tim Chen +Tim Costello +Tim Harder +Tim Heckman +Tim Mcdonough +Tim Newsome +Tim Rühsen +Tim Sneddon +Tim Stack +Tim Starling +Tim Tassonis +Tim Verhoeven +Timo Sirainen +Timotej Lazar +Timothe Litt +Timothy Polich +Tinus van den Berg +TJ Saunders +Tobias Blomberg +Tobias Hieta +Tobias Hintze +Tobias Lindgren +Tobias Markus +Tobias Rundström +Tobias Stoeckmann +Toby Peterson +Todd A Ouska +Todd Kaufmann +Todd Kulesza +Todd Short +Todd Vierling +Tom Benoist +Tom Donovan +Tom Grace +Tom Greenslade +Tom Lee +Tom Mattison +Tom Moers +Tom Mueller +Tom Regner +Tom Seddon +Tom Sparrow +Tom van der Woerdt +Tom Wright +Tom Zerucha +Tomas Hoger +Tomas Jakobsson +Tomas Mlcoch +Tomas Mraz +Tomas Pospisek +Tomas Szepe +Tomas Tomecek +Tomasz Kojm +Tomasz Lacki +Tommie Gannert +tommink[at]post.pl +Tommy Tam +Ton Voon +Toni Moreno +Tony Kelman +tonystz on Github +Toon Verwaest +Tor Arntsen +Torben Dannhauer +Torsten Foertsch +Toshio Kuratomi +Toshiyuki Maezawa +tpaukrt on github +Traian Nicolescu +Travis Burtrum +Travis Obenhaus +Trivikram Kamat +Troels Walsted Hansen +Troy Engel +Tseng Jun +Tuomo Rinne +Tupone Alfredo +Tyler Hall +Török Edwin +Ulf Härnhammar +Ulf Samuelsson +Ulrich Doehner +Ulrich Telle +Ulrich Zadow +Valentin David +Valerii Zapodovnikov +vanillajonathan on github +Vasiliy Faronov +Vasily Lobaskin +Vasy Okhin +Venkat Akella +Venkataramana Mokkapati +Vicente Garcia +Victor Magierski +Victor Snezhko +Vijay Panghal +Vikram Saxena +Viktor Szakats +Vilhelm Prytz +Ville Skyttä +Vilmos Nebehaj +Vincas Razma +Vincent Bronner +Vincent Le Normand +Vincent Penquerc'h +Vincent Sanders +Vincent Torri +vitaha85 on github +Vlad Grachov +Vlad Ureche +Vladimir Grishchenko +Vladimir Kotal +Vladimir Lazarenko +Vlastimil Ovčáčík +Vojtech Janota +Vojtech Minarik +Vojtěch Král +Volker Schmid +Vsevolod Novikov +vshmuk on hackerone +W. Mark Kubacki +Waldek Kozba +Walter J. Mack +Ward Willats +Warren Menzer +Wayne Haigh +Wenchao Li +Wenxiang Qian +Werner Koch +wesinator on github +Wesley Laxton +Wesley Miaw +Wez Furlong +Wham Bang +Wilfredo Sanchez +Will Dietz +Willem Sparreboom +William A. Rowe Jr +William Ahern +wmsch on github +wncboy on github +Wojciech Zwiefka +Wouter Van Rooy +Wu Yongzheng +Wyatt O'Day +Xavier Bouchoux +XhstormR on github +Xiang Xiao +Xiangbin Li +Xiaoyin Liu +XmiliaH on github +Yaakov Selkowitz +Yang Tse +Yarram Sunil +Yasuharu Yamada +Yasuhiro Matsumoto +Yechiel Kalmenson +Yehezkel Horowitz +Yehoshua Hershberg +ygthien on github +Yi Huang +Yiming Jing +Yingwei Liu +Yonggang Luo +youngchopin on github +Yousuke Kimoto +Yu Xin +Yukihiro Kawada +Yun SangHo +Yuriy Sosov +Yves Arrouye +Yves Lejeune +Zachary Seguin +Zdenek Pavlas +Zekun Ni +zelinchen on github +Zenju on github +Zero King +Zhao Yisha +Zhaoyang Wu +Zhibiao Wu +Zhouyihai Ding +Zmey Petroff +Zvi Har'El +zzq1015 on github +İsmail Dönmez +Łukasz Domeradzki +Štefan Kremeň +Никита Дорохин +加藤郁之 diff --git a/extern/curl/docs/THANKS-filter b/extern/curl/docs/THANKS-filter new file mode 100644 index 0000000000..cabc939335 --- /dev/null +++ b/extern/curl/docs/THANKS-filter @@ -0,0 +1,101 @@ +# This is a list of names we have recorded that already are thanked +# appropriately in THANKS. This list contains variations of their names and +# their "canonical" name. This file is used for scripting purposes to avoid +# duplicate entries and will not be included in release tarballs. +# When removing dupes that aren't identical names from THANKS, add a line +# here! +# +# Used-by: contributor.sh +s/Andres Garcia/Andrés García/ +s/Chris Conroy/Christopher Conroy/ +s/Francois Charlier/François Charlier/ +s/Gokhan Sengun/Gökhan Şengün/ +s/John Malmberg/John E. Malmberg/ +s/Luca Alteas/Luca Altea/ +s/Michal Gorny/Michał Górny/ +s/Michal Górny/Michał Górny/ +s/^Moonesamy$/S. Moonesamy/ +s/Pete Su$/Peter Su/ +s/Sam Listopad/Samuel Listopad/ +s/Sebastien Willemijns/Sébastien Willemijns/ +s/YAMADA Yasuharu/Yasuharu Yamada/ +s/Karl M$/Karl Moerder/ +s/Bjorn Stenberg/Björn Stenberg/ +s/upstream tests 305 and 404// +s/Gaël PORTAY/Gaël Portay/ +s/Romulo Ceccon/Romulo A. Ceccon/ +s/Nach M. S$/Nach M. S./ +s/Ja[yt] Satiro/Ray Satiro/ +s/Richard J. Moore/Richard Moore/ +s/Sergey Nikulov/Sergei Nikulov/ +s/Petr Písař/Petr Pisar/ +s/Nick Zitzmann (originally)/Nick Zitzmann/ +s/product-security at Apple// +s/IT DOES NOT WORK// +s/Albert Chin$/Albert Chin-A-Young/ +s/Paras S\z/Paras Sethia/ +s/Paras Sethiaethia/Paras Sethia/ +s/Дмитрий Фалько/Dmitry Falko/ +s/byte_bucket in the #curl IRC channel// +s/Michal Górny and Anthony G. Basile// +s/Alejandro Alvarez$/Alejandro Alvarez Ayllon/ +s/Ant Bryan/Anthony Bryan/ +s/Cédric Deltheil/Cédric Deltheil/ +s/Christian Hagele/Christian Hägele/ +s/douglas steinwand/Douglas Steinwand/ +s/Frank Van Uffelen and Fabian Hiernaux// +s/Rodrigo Silva (MestreLion)/Rodrigo Silva/ +s/tetetest tetetest// +s/Jiří Hruška/Jiri Hruska/ +s/Viktor Szakáts/Viktor Szakats/ +s/Jonathan Cardoso$/Jonathan Cardoso Machado/ +s/Linus Nielsen$/Linus Nielsen Feltzing/ +s/Todd Ouska$/Todd A Ouska/ +s/Tim Ruehsen/Tim Rühsen/ +s/Michael Koenig/Michael König/ +s/moparisthebest/Travis Burtrum/ +s/Jan-E/Jan Ehrhardt/ +s/Paras S$/Paras Sethia/ +s/Cristian Rodr\xEDguez$/Cristian Rodríguez/ +s/Sidney San Mart\xEDn$/Sidney San Martín/ +s/Sidney San Martin$/Sidney San Martín/ +s/Taneli V\xE4h\xE4kangas$/Taneli Vähäkangas/ +s/Taneli Vahakangas$/Taneli Vähäkangas/ +s/Никита Дорохин./Никита Дорохин/ +s/upstream tests 305// +s/ (edited)// +s/Jean-Philippe Barette-LaPierre$/Jean-Philippe Barrette-LaPierre/ +s/Joern Hartroth$/Jörn Hartroth/ +s/Hongli Lai (Phusion)$/Hongli Lai/ +s/github user 'kreshano'$/kreshano on github/ +s/Marc Hoersken$/Marc Hörsken/ +s/Martin Storsjo$/Martin Storsjö/ +s/Jiri Malak$/Jiří Malák/ +s/JDepooter$/Joel Depooter/ +s/ERAMOTO Masaya$/Eramoto Masaya/ +s/shachaf on github$/Shachaf Ben-Kiki/ +s/CarloCannas on github$/Carlo Cannas/ +s/Henrik S. Gaßmann$/Henrik Gaßmann/ +s/moteus on github/Alexey Melnichuk/ +s/Rich Moore/Richard Moore/ +s/kdekker/Kees Dekker/ +s/Daniel Jelinski/Daniel Jeliński/ +s/Dario Weisser/Dario Weißer/ +s/Github user @jakirkham/jakirkham on github/ +s/Guenter Knauf/Gunter Knauf/ +s/Matteo B.$/Matteo Bignotti/ +s/Dan C$/Dan Cristian/ +s/Mark Eichin/Mark W. Eichin/ +s/Andreas Faerber/Andreas Farber/ +s/paulharris on github/Paul Harris/ +s/Warp Kawada/Yukihiro Kawada/ +s/Lau Hang Kin/Hang Kin Lau/ +s/Jonathan Cardoso Machado Machado/Jonathan Cardoso Machado/ +s/David Meyer/David J Meyer/ +s/Ramana Mokkapati/Venkataramana Mokkapati/ +s/wyattoday on github/Wyatt O'Day/ +s/Jason Priebe/Jason S. Priebe/ +s/Ale Vesely/Alessandro Vesely/ +s/Yamada Yasuharu/Yasuharu Yamada/ +s/Jim Gallagher/James Gallagher/ +s/Steve Brokenshire/Stephen Brokenshire/ diff --git a/extern/curl/docs/TODO b/extern/curl/docs/TODO new file mode 100644 index 0000000000..b288e4dbb4 --- /dev/null +++ b/extern/curl/docs/TODO @@ -0,0 +1,1186 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + Things that could be nice to do in the future + + Things to do in project curl. Please tell us what you think, contribute and + send us patches that improve things! + + Be aware that these are things that we could do, or have once been considered + things we could do. If you want to work on any of these areas, please + consider bringing it up for discussions first on the mailing list so that we + all agree it is still a good idea for the project! + + All bugs documented in the KNOWN_BUGS document are subject for fixing! + + 1. libcurl + 1.1 TFO support on Windows + 1.2 Consult %APPDATA% also for .netrc + 1.3 struct lifreq + 1.4 alt-svc sharing + 1.5 get rid of PATH_MAX + 1.7 Support HTTP/2 for HTTP(S) proxies + 1.8 CURLOPT_RESOLVE for any port number + 1.9 Cache negative name resolves + 1.10 auto-detect proxy + 1.11 minimize dependencies with dynamically loaded modules + 1.12 updated DNS server while running + 1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION + 1.14 Typesafe curl_easy_setopt() + 1.15 Monitor connections in the connection pool + 1.16 Try to URL encode given URL + 1.17 Add support for IRIs + 1.18 try next proxy if one doesn't work + 1.20 SRV and URI DNS records + 1.22 CURLINFO_PAUSE_STATE + 1.23 Offer API to flush the connection pool + 1.24 TCP Fast Open for windows + 1.25 Expose tried IP addresses that failed + 1.27 hardcode the "localhost" addresses + 1.28 FD_CLOEXEC + 1.29 Upgrade to websockets + 1.30 config file parsing + + 2. libcurl - multi interface + 2.1 More non-blocking + 2.2 Better support for same name resolves + 2.3 Non-blocking curl_multi_remove_handle() + 2.4 Split connect and authentication process + 2.5 Edge-triggered sockets should work + 2.6 multi upkeep + + 3. Documentation + 3.2 Provide cmake config-file + + 4. FTP + 4.1 HOST + 4.2 Alter passive/active on failure and retry + 4.3 Earlier bad letter detection + 4.5 ASCII support + 4.6 GSSAPI via Windows SSPI + 4.7 STAT for LIST without data connection + 4.8 Option to ignore private IP addresses in PASV response + + 5. HTTP + 5.1 Better persistency for HTTP 1.0 + 5.3 Rearrange request header order + 5.4 Allow SAN names in HTTP/2 server push + 5.5 auth= in URLs + + 6. TELNET + 6.1 ditch stdin + 6.2 ditch telnet-specific select + 6.3 feature negotiation debug data + + 7. SMTP + 7.2 Enhanced capability support + 7.3 Add CURLOPT_MAIL_CLIENT option + + 8. POP3 + 8.2 Enhanced capability support + + 9. IMAP + 9.1 Enhanced capability support + + 10. LDAP + 10.1 SASL based authentication mechanisms + 10.2 CURLOPT_SSL_CTX_FUNCTION for LDAPS + 10.3 Paged searches on LDAP server + + 11. SMB + 11.1 File listing support + 11.2 Honor file timestamps + 11.3 Use NTLMv2 + 11.4 Create remote directories + + 12. New protocols + + 13. SSL + 13.2 Provide mutex locking API + 13.3 Support in-memory certs/ca certs/keys + 13.4 Cache/share OpenSSL contexts + 13.5 Export session ids + 13.6 Provide callback for cert verification + 13.7 improve configure --with-ssl + 13.8 Support DANE + 13.10 Support Authority Information Access certificate extension (AIA) + 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY + 13.12 Support HSTS + 13.14 Support the clienthello extension + + 14. GnuTLS + 14.2 check connection + + 15. WinSSL/SChannel + 15.1 Add support for client certificate authentication + 15.3 Add support for the --ciphers option + 15.4 Add option to disable client certificate auto-send + + 16. SASL + 16.1 Other authentication mechanisms + 16.2 Add QOP support to GSSAPI authentication + 16.3 Support binary messages (i.e.: non-base64) + + 17. SSH protocols + 17.1 Multiplexing + 17.2 Handle growing SFTP files + 17.3 Support better than MD5 hostkey hash + 17.4 Support CURLOPT_PREQUOTE + + 18. Command line tool + 18.1 sync + 18.2 glob posts + 18.3 prevent file overwriting + 18.4 --proxycommand + 18.5 UTF-8 filenames in Content-Disposition + 18.7 at least N milliseconds between requests + 18.9 Choose the name of file in braces for complex URLs + 18.10 improve how curl works in a windows console window + 18.11 Windows: set attribute 'archive' for completed downloads + 18.12 keep running, read instructions from pipe/socket + 18.15 --retry should resume + 18.16 send only part of --data + 18.17 consider file name from the redirected URL with -O ? + 18.18 retry on network is unreachable + 18.19 expand ~/ in config files + 18.20 host name sections in config files + + 19. Build + 19.1 roffit + 19.2 Enable PIE and RELRO by default + 19.3 cmake test suite improvements + + 20. Test suite + 20.1 SSL tunnel + 20.2 nicer lacking perl message + 20.3 more protocols supported + 20.4 more platforms supported + 20.5 Add support for concurrent connections + 20.6 Use the RFC6265 test suite + 20.7 Support LD_PRELOAD on macOS + 20.8 Run web-platform-tests url tests + + 21. Next SONAME bump + 21.1 http-style HEAD output for FTP + 21.2 combine error codes + 21.3 extend CURLOPT_SOCKOPTFUNCTION prototype + + 22. Next major release + 22.1 cleanup return codes + 22.2 remove obsolete defines + 22.3 size_t + 22.4 remove several functions + 22.5 remove CURLOPT_FAILONERROR + 22.7 remove progress meter from libcurl + 22.8 remove 'curl_httppost' from public + +============================================================================== + +1. libcurl + +1.1 TFO support on Windows + + TCP Fast Open is supported on several platforms but not on Windows. Work on + this was once started but never finished. + + See https://github.com/curl/curl/pull/3378 + +1.2 Consult %APPDATA% also for .netrc + + %APPDATA%\.netrc is not considered when running on Windows. Shouldn't it? + + See https://github.com/curl/curl/issues/4016 + +1.3 struct lifreq + + Use 'struct lifreq' and SIOCGLIFADDR instead of 'struct ifreq' and + SIOCGIFADDR on newer Solaris versions as they claim the latter is obsolete. + To support IPv6 interface addresses for network interfaces properly. + +1.4 alt-svc sharing + + The share interface could benefit from allowing the alt-svc cache to be + possible to share between easy handles. + + See https://github.com/curl/curl/issues/4476 + +1.5 get rid of PATH_MAX + + Having code use and rely on PATH_MAX is not nice: + https://insanecoding.blogspot.com/2007/11/pathmax-simply-isnt.html + + Currently the libssh2 SSH based code uses it, but to remove PATH_MAX from + there we need libssh2 to properly tell us when we pass in a too small buffer + and its current API (as of libssh2 1.2.7) doesn't. + +1.7 Support HTTP/2 for HTTP(S) proxies + + Support for doing HTTP/2 to HTTP and HTTPS proxies is still missing. + + See https://github.com/curl/curl/issues/3570 + +1.8 CURLOPT_RESOLVE for any port number + + This option allows applications to set a replacement IP address for a given + host + port pair. Consider making support for providing a replacement address + for the host name on all port numbers. + + See https://github.com/curl/curl/issues/1264 + +1.9 Cache negative name resolves + + A name resolve that has failed is likely to fail when made again within a + short period of time. Currently we only cache positive responses. + +1.10 auto-detect proxy + + libcurl could be made to detect the system proxy setup automatically and use + that. On Windows, macOS and Linux desktops for example. + + The pull-request to use libproxy for this was deferred due to doubts on the + reliability of the dependency and how to use it: + https://github.com/curl/curl/pull/977 + + libdetectproxy is a (C++) library for detecting the proxy on Windows + https://github.com/paulharris/libdetectproxy + +1.11 minimize dependencies with dynamically loaded modules + + We can create a system with loadable modules/plug-ins, where these modules + would be the ones that link to 3rd party libs. That would allow us to avoid + having to load ALL dependencies since only the necessary ones for this + app/invoke/used protocols would be necessary to load. See + https://github.com/curl/curl/issues/349 + +1.12 updated DNS server while running + + If /etc/resolv.conf gets updated while a program using libcurl is running, it + is may cause name resolves to fail unless res_init() is called. We should + consider calling res_init() + retry once unconditionally on all name resolve + failures to mitigate against this. Firefox works like that. Note that Windows + doesn't have res_init() or an alternative. + + https://github.com/curl/curl/issues/2251 + +1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION + + curl will create most sockets via the CURLOPT_OPENSOCKETFUNCTION callback and + close them with the CURLOPT_CLOSESOCKETFUNCTION callback. However, c-ares + does not use those functions and instead opens and closes the sockets + itself. This means that when curl passes the c-ares socket to the + CURLMOPT_SOCKETFUNCTION it isn't owned by the application like other sockets. + + See https://github.com/curl/curl/issues/2734 + +1.14 Typesafe curl_easy_setopt() + + One of the most common problems in libcurl using applications is the lack of + type checks for curl_easy_setopt() which happens because it accepts varargs + and thus can take any type. + + One possible solution to this is to introduce a few different versions of the + setopt version for the different kinds of data you can set. + + curl_easy_set_num() - sets a long value + + curl_easy_set_large() - sets a curl_off_t value + + curl_easy_set_ptr() - sets a pointer + + curl_easy_set_cb() - sets a callback PLUS its callback data + +1.15 Monitor connections in the connection pool + + libcurl's connection cache or pool holds a number of open connections for the + purpose of possible subsequent connection reuse. It may contain a few up to a + significant amount of connections. Currently, libcurl leaves all connections + as they are and first when a connection is iterated over for matching or + reuse purpose it is verified that it is still alive. + + Those connections may get closed by the server side for idleness or they may + get a HTTP/2 ping from the peer to verify that they're still alive. By adding + monitoring of the connections while in the pool, libcurl can detect dead + connections (and close them) better and earlier, and it can handle HTTP/2 + pings to keep such ones alive even when not actively doing transfers on them. + +1.16 Try to URL encode given URL + + Given a URL that for example contains spaces, libcurl could have an option + that would try somewhat harder than it does now and convert spaces to %20 and + perhaps URL encoded byte values over 128 etc (basically do what the redirect + following code already does). + + https://github.com/curl/curl/issues/514 + +1.17 Add support for IRIs + + IRIs (RFC 3987) allow localized, non-ascii, names in the URL. To properly + support this, curl/libcurl would need to translate/encode the given input + from the input string encoding into percent encoded output "over the wire". + + To make that work smoothly for curl users even on Windows, curl would + probably need to be able to convert from several input encodings. + +1.18 try next proxy if one doesn't work + + Allow an application to specify a list of proxies to try, and failing to + connect to the first go on and try the next instead until the list is + exhausted. Browsers support this feature at least when they specify proxies + using PACs. + + https://github.com/curl/curl/issues/896 + +1.20 SRV and URI DNS records + + Offer support for resolving SRV and URI DNS records for libcurl to know which + server to connect to for various protocols (including HTTP!). + +1.22 CURLINFO_PAUSE_STATE + + Return information about the transfer's current pause state, in both + directions. https://github.com/curl/curl/issues/2588 + +1.23 Offer API to flush the connection pool + + Sometimes applications want to flush all the existing connections kept alive. + An API could allow a forced flush or just a forced loop that would properly + close all connections that have been closed by the server already. + +1.24 TCP Fast Open for windows + + libcurl supports the CURLOPT_TCP_FASTOPEN option since 7.49.0 for Linux and + Mac OS. Windows supports TCP Fast Open starting with Windows 10, version 1607 + and we should add support for it. + +1.25 Expose tried IP addresses that failed + + When libcurl fails to connect to a host, it should be able to offer the + application the list of IP addresses that were used in the attempt. + + https://github.com/curl/curl/issues/2126 + +1.27 hardcode the "localhost" addresses + + There's this new spec getting adopted that says "localhost" should always and + unconditionally be a local address and not get resolved by a DNS server. A + fine way for curl to fix this would be to simply hard-code the response to + 127.0.0.1 and/or ::1 (depending on what IP versions that are requested). This + is what the browsers probably will do with this hostname. + + https://bugzilla.mozilla.org/show_bug.cgi?id=1220810 + + https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02 + +1.28 FD_CLOEXEC + + It sets the close-on-exec flag for the file descriptor, which causes the file + descriptor to be automatically (and atomically) closed when any of the + exec-family functions succeed. Should probably be set by default? + + https://github.com/curl/curl/issues/2252 + +1.29 Upgrade to websockets + + libcurl could offer a smoother path to get to a websocket connection. + See https://github.com/curl/curl/issues/3523 + + Michael Kaufmann suggestion here: + https://curl.haxx.se/video/curlup-2017/2017-03-19_05_Michael_Kaufmann_Websocket_support_for_curl.mp4 + +1.30 config file parsing + + Consider providing an API, possibly in a separate companion library, for + parsing a config file like curl's -K/--config option to allow applications to + get the same ability to read curl options from files. + + See https://github.com/curl/curl/issues/3698 + +2. libcurl - multi interface + +2.1 More non-blocking + + Make sure we don't ever loop because of non-blocking sockets returning + EWOULDBLOCK or similar. Blocking cases include: + + - Name resolves on non-windows unless c-ares or the threaded resolver is used + - file:// transfers + - TELNET transfers + - The "DONE" operation (post transfer protocol-specific actions) for the + protocols SFTP, SMTP, FTP. Fixing Curl_done() for this is a worthy task. + +2.2 Better support for same name resolves + + If a name resolve has been initiated for name NN and a second easy handle + wants to resolve that name as well, make it wait for the first resolve to end + up in the cache instead of doing a second separate resolve. This is + especially needed when adding many simultaneous handles using the same host + name when the DNS resolver can get flooded. + +2.3 Non-blocking curl_multi_remove_handle() + + The multi interface has a few API calls that assume a blocking behavior, like + add_handle() and remove_handle() which limits what we can do internally. The + multi API need to be moved even more into a single function that "drives" + everything in a non-blocking manner and signals when something is done. A + remove or add would then only ask for the action to get started and then + multi_perform() etc still be called until the add/remove is completed. + +2.4 Split connect and authentication process + + The multi interface treats the authentication process as part of the connect + phase. As such any failures during authentication won't trigger the relevant + QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP. + +2.5 Edge-triggered sockets should work + + The multi_socket API should work with edge-triggered socket events. One of + the internal actions that need to be improved for this to work perfectly is + the 'maxloops' handling in transfer.c:readwrite_data(). + +2.6 multi upkeep + + In libcurl 7.62.0 we introduced curl_easy_upkeep. It unfortunately only works + on easy handles. We should introduces a version of that for the multi handle, + and also consider doing "upkeep" automatically on connections in the + connection pool when the multi handle is in used. + + See https://github.com/curl/curl/issues/3199 + +3. Documentation + +3.2 Provide cmake config-file + + A config-file package is a set of files provided by us to allow applications + to write cmake scripts to find and use libcurl easier. See + https://github.com/curl/curl/issues/885 + +4. FTP + +4.1 HOST + + HOST is a command for a client to tell which host name to use, to offer FTP + servers named-based virtual hosting: + + https://tools.ietf.org/html/rfc7151 + +4.2 Alter passive/active on failure and retry + + When trying to connect passively to a server which only supports active + connections, libcurl returns CURLE_FTP_WEIRD_PASV_REPLY and closes the + connection. There could be a way to fallback to an active connection (and + vice versa). https://curl.haxx.se/bug/feature.cgi?id=1754793 + +4.3 Earlier bad letter detection + + Make the detection of (bad) %0d and %0a codes in FTP URL parts earlier in the + process to avoid doing a resolve and connect in vain. + +4.5 ASCII support + + FTP ASCII transfers do not follow RFC959. They don't convert the data + accordingly. + +4.6 GSSAPI via Windows SSPI + + In addition to currently supporting the SASL GSSAPI mechanism (Kerberos V5) + via third-party GSS-API libraries, such as Heimdal or MIT Kerberos, also add + support for GSSAPI authentication via Windows SSPI. + +4.7 STAT for LIST without data connection + + Some FTP servers allow STAT for listing directories instead of using LIST, + and the response is then sent over the control connection instead of as the + otherwise usedw data connection: https://www.nsftools.com/tips/RawFTP.htm#STAT + + This is not detailed in any FTP specification. + +4.8 Option to ignore private IP addresses in PASV response + + Some servers respond with and some other FTP client implementations can + ignore private (RFC 1918 style) IP addresses when received in PASV responses. + To consider for libcurl as well. See https://github.com/curl/curl/issues/1455 + +5. HTTP + +5.1 Better persistency for HTTP 1.0 + + "Better" support for persistent connections over HTTP 1.0 + https://curl.haxx.se/bug/feature.cgi?id=1089001 + +5.3 Rearrange request header order + + Server implementors often make an effort to detect browser and to reject + clients it can detect to not match. One of the last details we cannot yet + control in libcurl's HTTP requests, which also can be exploited to detect + that libcurl is in fact used even when it tries to impersonate a browser, is + the order of the request headers. I propose that we introduce a new option in + which you give headers a value, and then when the HTTP request is built it + sorts the headers based on that number. We could then have internally created + headers use a default value so only headers that need to be moved have to be + specified. + +5.4 Allow SAN names in HTTP/2 server push + + curl only allows HTTP/2 push promise if the provided :authority header value + exactly matches the host name given in the URL. It could be extended to allow + any name that would match the Subject Alternative Names in the server's TLS + certificate. + + See https://github.com/curl/curl/pull/3581 + +5.5 auth= in URLs + + Add the ability to specify the preferred authentication mechanism to use by + using ;auth= in the login part of the URL. + + For example: + + http://test:pass;auth=NTLM@example.com would be equivalent to specifying + --user test:pass;auth=NTLM or --user test:pass --ntlm from the command line. + + Additionally this should be implemented for proxy base URLs as well. + + +6. TELNET + +6.1 ditch stdin + + Reading input (to send to the remote server) on stdin is a crappy solution + for library purposes. We need to invent a good way for the application to be + able to provide the data to send. + +6.2 ditch telnet-specific select + + Move the telnet support's network select() loop go away and merge the code + into the main transfer loop. Until this is done, the multi interface won't + work for telnet. + +6.3 feature negotiation debug data + + Add telnet feature negotiation data to the debug callback as header data. + + +7. SMTP + +7.2 Enhanced capability support + + Add the ability, for an application that uses libcurl, to obtain the list of + capabilities returned from the EHLO command. + +7.3 Add CURLOPT_MAIL_CLIENT option + + Rather than use the URL to specify the mail client string to present in the + HELO and EHLO commands, libcurl should support a new CURLOPT specifically for + specifying this data as the URL is non-standard and to be honest a bit of a + hack ;-) + + Please see the following thread for more information: + https://curl.haxx.se/mail/lib-2012-05/0178.html + + +8. POP3 + +8.2 Enhanced capability support + + Add the ability, for an application that uses libcurl, to obtain the list of + capabilities returned from the CAPA command. + +9. IMAP + +9.1 Enhanced capability support + + Add the ability, for an application that uses libcurl, to obtain the list of + capabilities returned from the CAPABILITY command. + +10. LDAP + +10.1 SASL based authentication mechanisms + + Currently the LDAP module only supports ldap_simple_bind_s() in order to bind + to an LDAP server. However, this function sends username and password details + using the simple authentication mechanism (as clear text). However, it should + be possible to use ldap_bind_s() instead specifying the security context + information ourselves. + +10.2 CURLOPT_SSL_CTX_FUNCTION for LDAPS + + CURLOPT_SSL_CTX_FUNCTION works perfectly for HTTPS and email protocols, but + it has no effect for LDAPS connections. + + https://github.com/curl/curl/issues/4108 + +10.3 Paged searches on LDAP server + + https://github.com/curl/curl/issues/4452 + +11. SMB + +11.1 File listing support + +Add support for listing the contents of a SMB share. The output should probably +be the same as/similar to FTP. + +11.2 Honor file timestamps + +The timestamp of the transferred file should reflect that of the original file. + +11.3 Use NTLMv2 + +Currently the SMB authentication uses NTLMv1. + +11.4 Create remote directories + +Support for creating remote directories when uploading a file to a directory +that doesn't exist on the server, just like --ftp-create-dirs. + +12. New protocols + +13. SSL + +13.2 Provide mutex locking API + + Provide a libcurl API for setting mutex callbacks in the underlying SSL + library, so that the same application code can use mutex-locking + independently of OpenSSL or GnutTLS being used. + +13.3 Support in-memory certs/ca certs/keys + + You can specify the private and public keys for SSH/SSL as file paths. Some + programs want to avoid using files and instead just pass them as in-memory + data blobs. There's probably a challenge to make this work across the + plethory of different TLS and SSH backends that curl supports. + https://github.com/curl/curl/issues/2310 + +13.4 Cache/share OpenSSL contexts + + "Look at SSL cafile - quick traces look to me like these are done on every + request as well, when they should only be necessary once per SSL context (or + once per handle)". The major improvement we can rather easily do is to make + sure we don't create and kill a new SSL "context" for every request, but + instead make one for every connection and re-use that SSL context in the same + style connections are re-used. It will make us use slightly more memory but + it will libcurl do less creations and deletions of SSL contexts. + + Technically, the "caching" is probably best implemented by getting added to + the share interface so that easy handles who want to and can reuse the + context specify that by sharing with the right properties set. + + https://github.com/curl/curl/issues/1110 + +13.5 Export session ids + + Add an interface to libcurl that enables "session IDs" to get + exported/imported. Cris Bailiff said: "OpenSSL has functions which can + serialise the current SSL state to a buffer of your choice, and recover/reset + the state from such a buffer at a later date - this is used by mod_ssl for + apache to implement and SSL session ID cache". + +13.6 Provide callback for cert verification + + OpenSSL supports a callback for customised verification of the peer + certificate, but this doesn't seem to be exposed in the libcurl APIs. Could + it be? There's so much that could be done if it were! + +13.7 improve configure --with-ssl + + make the configure --with-ssl option first check for OpenSSL, then GnuTLS, + then NSS... + +13.8 Support DANE + + DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL + keys and certs over DNS using DNSSEC as an alternative to the CA model. + https://www.rfc-editor.org/rfc/rfc6698.txt + + An initial patch was posted by Suresh Krishnaswamy on March 7th 2013 + (https://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple + approach. See Daniel's comments: + https://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the + correct library to base this development on. + + Björn Stenberg wrote a separate initial take on DANE that was never + completed. + +13.10 Support Authority Information Access certificate extension (AIA) + + AIA can provide various things like CRLs but more importantly information + about intermediate CA certificates that can allow validation path to be + fulfilled when the HTTPS server doesn't itself provide them. + + Since AIA is about downloading certs on demand to complete a TLS handshake, + it is probably a bit tricky to get done right. + + See https://github.com/curl/curl/issues/2793 + +13.11 Support intermediate & root pinning for PINNEDPUBLICKEY + + CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root + certificates when comparing the pinned keys. Therefore it is not compatible + with "HTTP Public Key Pinning" as there also intermediate and root certificates + can be pinned. This is very useful as it prevents webadmins from "locking + themself out of their servers". + + Adding this feature would make curls pinning 100% compatible to HPKP and allow + more flexible pinning. + +13.12 Support HSTS + + "HTTP Strict Transport Security" is TOFU (trust on first use), time-based + features indicated by a HTTP header send by the webserver. It is widely used + in browsers and it's purpose is to prevent insecure HTTP connections after + a previous HTTPS connection. It protects against SSLStripping attacks. + + Doc: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security + RFC 6797: https://tools.ietf.org/html/rfc6797 + +13.14 Support the clienthello extension + + Certain stupid networks and middle boxes have a problem with SSL handshake + pakets that are within a certain size range because how that sets some bits + that previously (in older TLS version) were not set. The clienthello + extension adds padding to avoid that size range. + + https://tools.ietf.org/html/rfc7685 + https://github.com/curl/curl/issues/2299 + +14. GnuTLS + +14.2 check connection + + Add a way to check if the connection seems to be alive, to correspond to the + SSL_peak() way we use with OpenSSL. + +15. WinSSL/SChannel + +15.1 Add support for client certificate authentication + + WinSSL/SChannel currently makes use of the OS-level system and user + certificate and private key stores. This does not allow the application + or the user to supply a custom client certificate using curl or libcurl. + + Therefore support for the existing -E/--cert and --key options should be + implemented by supplying a custom certificate to the SChannel APIs, see: + - Getting a Certificate for Schannel + https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx + +15.3 Add support for the --ciphers option + + The cipher suites used by WinSSL/SChannel are configured on an OS-level + instead of an application-level. This does not allow the application or + the user to customize the configured cipher suites using curl or libcurl. + + Therefore support for the existing --ciphers option should be implemented + by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see + - Specifying Schannel Ciphers and Cipher Strengths + https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx + +15.4 Add option to disable client certificate auto-send + + Microsoft says "By default, Schannel will, with no notification to the client, + attempt to locate a client certificate and send it to the server." That could + be considered a privacy violation and unexpected. + + Some Windows users have come to expect that default behavior and to change the + default to make it consistent with other SSL backends would be a breaking + change. An option should be added that can be used to disable the default + Schannel auto-send behavior. + + https://github.com/curl/curl/issues/2262 + +16. SASL + +16.1 Other authentication mechanisms + + Add support for other authentication mechanisms such as OLP, + GSS-SPNEGO and others. + +16.2 Add QOP support to GSSAPI authentication + + Currently the GSSAPI authentication only supports the default QOP of auth + (Authentication), whilst Kerberos V5 supports both auth-int (Authentication + with integrity protection) and auth-conf (Authentication with integrity and + privacy protection). + +16.3 Support binary messages (i.e.: non-base64) + + Mandatory to support LDAP SASL authentication. + + +17. SSH protocols + +17.1 Multiplexing + + SSH is a perfectly fine multiplexed protocols which would allow libcurl to do + multiple parallel transfers from the same host using the same connection, + much in the same spirit as HTTP/2 does. libcurl however does not take + advantage of that ability but will instead always create a new connection for + new transfers even if an existing connection already exists to the host. + + To fix this, libcurl would have to detect an existing connection and "attach" + the new transfer to the existing one. + +17.2 Handle growing SFTP files + + The SFTP code in libcurl checks the file size *before* a transfer starts and + then proceeds to transfer exactly that amount of data. If the remote file + grows while the transfer is in progress libcurl won't notice and will not + adapt. The OpenSSH SFTP command line tool does and libcurl could also just + attempt to download more to see if there is more to get... + + https://github.com/curl/curl/issues/4344 + +17.3 Support better than MD5 hostkey hash + + libcurl offers the CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 option for verifying the + server's key. MD5 is generally being deprecated so we should implement + support for stronger hashing algorithms. libssh2 itself is what provides this + underlying functionality and it supports at least SHA-1 as an alternative. + SHA-1 is also being deprecated these days so we should consider working with + libssh2 to instead offer support for SHA-256 or similar. + +17.4 Support CURLOPT_PREQUOTE + + The two other QUOTE options are supported for SFTP, but this was left out for + unknown reasons! + +18. Command line tool + +18.1 sync + + "curl --sync http://example.com/feed[1-100].rss" or + "curl --sync http://example.net/{index,calendar,history}.html" + + Downloads a range or set of URLs using the remote name, but only if the + remote file is newer than the local file. A Last-Modified HTTP date header + should also be used to set the mod date on the downloaded file. + +18.2 glob posts + + Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. + This is easily scripted though. + +18.3 prevent file overwriting + + Add an option that prevents curl from overwriting existing local files. When + used, and there already is an existing file with the target file name + (either -O or -o), a number should be appended (and increased if already + existing). So that index.html becomes first index.html.1 and then + index.html.2 etc. + +18.4 --proxycommand + + Allow the user to make curl run a command and use its stdio to make requests + and not do any network connection by itself. Example: + + curl --proxycommand 'ssh pi@raspberrypi.local -W 10.1.1.75 80' \ + http://some/otherwise/unavailable/service.php + + See https://github.com/curl/curl/issues/4941 + +18.5 UTF-8 filenames in Content-Disposition + + RFC 6266 documents how UTF-8 names can be passed to a client in the + Content-Disposition header, and curl does not support this. + + https://github.com/curl/curl/issues/1888 + +18.7 at least N milliseconds between requests + + Allow curl command lines issue a lot of request against services that limit + users to no more than N requests/second or similar. Could be implemented with + an option asking that at least a certain time has elapsed since the previous + request before the next one will be performed. Example: + + $ curl "https://example.com/api?input=[1-1000]" -d yadayada --after 500 + + See https://github.com/curl/curl/issues/3920 + +18.9 Choose the name of file in braces for complex URLs + + When using braces to download a list of URLs and you use complicated names + in the list of alternatives, it could be handy to allow curl to use other + names when saving. + + Consider a way to offer that. Possibly like + {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the + colon is the output name. + + See https://github.com/curl/curl/issues/221 + +18.10 improve how curl works in a windows console window + + If you pull the scrollbar when transferring with curl in a Windows console + window, the transfer is interrupted and can get disconnected. This can + probably be improved. See https://github.com/curl/curl/issues/322 + +18.11 Windows: set attribute 'archive' for completed downloads + + The archive bit (FILE_ATTRIBUTE_ARCHIVE, 0x20) separates files that shall be + backed up from those that are either not ready or have not changed. + + Downloads in progress are neither ready to be backed up, nor should they be + opened by a different process. Only after a download has been completed it's + sensible to include it in any integer snapshot or backup of the system. + + See https://github.com/curl/curl/issues/3354 + +18.12 keep running, read instructions from pipe/socket + + Provide an option that makes curl not exit after the last URL (or even work + without a given URL), and then make it read instructions passed on a pipe or + over a socket to make further instructions so that a second subsequent curl + invoke can talk to the still running instance and ask for transfers to get + done, and thus maintain its connection pool, DNS cache and more. + +18.15 --retry should resume + + When --retry is used and curl actually retries transfer, it should use the + already transferred data and do a resumed transfer for the rest (when + possible) so that it doesn't have to transfer the same data again that was + already transferred before the retry. + + See https://github.com/curl/curl/issues/1084 + +18.16 send only part of --data + + When the user only wants to send a small piece of the data provided with + --data or --data-binary, like when that data is a huge file, consider a way + to specify that curl should only send a piece of that. One suggested syntax + would be: "--data-binary @largefile.zip!1073741823-2147483647". + + See https://github.com/curl/curl/issues/1200 + +18.17 consider file name from the redirected URL with -O ? + + When a user gives a URL and uses -O, and curl follows a redirect to a new + URL, the file name is not extracted and used from the newly redirected-to URL + even if the new URL may have a much more sensible file name. + + This is clearly documented and helps for security since there's no surprise + to users which file name that might get overwritten. But maybe a new option + could allow for this or maybe -J should imply such a treatment as well as -J + already allows for the server to decide what file name to use so it already + provides the "may overwrite any file" risk. + + This is extra tricky if the original URL has no file name part at all since + then the current code path will error out with an error message, and we can't + *know* already at that point if curl will be redirected to a URL that has a + file name... + + See https://github.com/curl/curl/issues/1241 + +18.18 retry on network is unreachable + + The --retry option retries transfers on "transient failures". We later added + --retry-connrefused to also retry for "connection refused" errors. + + Suggestions have been brought to also allow retry on "network is unreachable" + errors and while totally reasonable, maybe we should consider a way to make + this more configurable than to add a new option for every new error people + want to retry for? + + https://github.com/curl/curl/issues/1603 + +18.19 expand ~/ in config files + + For example .curlrc could benefit from being able to do this. + + See https://github.com/curl/curl/issues/2317 + +18.20 host name sections in config files + + config files would be more powerful if they could set different + configurations depending on used URLs, host name or possibly origin. Then a + default .curlrc could a specific user-agent only when doing requests against + a certain site. + + +19. Build + +19.1 roffit + + Consider extending 'roffit' to produce decent ASCII output, and use that + instead of (g)nroff when building src/tool_hugehelp.c + +19.2 Enable PIE and RELRO by default + + Especially when having programs that execute curl via the command line, PIE + renders the exploitation of memory corruption vulnerabilities a lot more + difficult. This can be attributed to the additional information leaks being + required to conduct a successful attack. RELRO, on the other hand, masks + different binary sections like the GOT as read-only and thus kills a handful + of techniques that come in handy when attackers are able to arbitrarily + overwrite memory. A few tests showed that enabling these features had close + to no impact, neither on the performance nor on the general functionality of + curl. + +19.3 cmake test suite improvements + + The cmake build doesn't support 'make show' so it doesn't know which tests + are in the makefile or not (making appveyor builds do many false warnings + about it) nor does it support running the test suite if building out-of-tree. + + See https://github.com/curl/curl/issues/3109 + +20. Test suite + +20.1 SSL tunnel + + Make our own version of stunnel for simple port forwarding to enable HTTPS + and FTP-SSL tests without the stunnel dependency, and it could allow us to + provide test tools built with either OpenSSL or GnuTLS + +20.2 nicer lacking perl message + + If perl wasn't found by the configure script, don't attempt to run the tests + but explain something nice why it doesn't. + +20.3 more protocols supported + + Extend the test suite to include more protocols. The telnet could just do FTP + or http operations (for which we have test servers). + +20.4 more platforms supported + + Make the test suite work on more platforms. OpenBSD and Mac OS. Remove + fork()s and it should become even more portable. + +20.5 Add support for concurrent connections + + Tests 836, 882 and 938 were designed to verify that separate connections + aren't used when using different login credentials in protocols that + shouldn't re-use a connection under such circumstances. + + Unfortunately, ftpserver.pl doesn't appear to support multiple concurrent + connections. The read while() loop seems to loop until it receives a + disconnect from the client, where it then enters the waiting for connections + loop. When the client opens a second connection to the server, the first + connection hasn't been dropped (unless it has been forced - which we + shouldn't do in these tests) and thus the wait for connections loop is never + entered to receive the second connection. + +20.6 Use the RFC6265 test suite + + A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at + https://github.com/abarth/http-state/tree/master/tests + + It'd be really awesome if someone would write a script/setup that would run + curl with that test suite and detect deviances. Ideally, that would even be + incorporated into our regular test suite. + +20.7 Support LD_PRELOAD on macOS + + LD_RELOAD doesn't work on macOS, but there are tests which require it to run + properly. Look into making the preload support in runtests.pl portable such + that it uses DYLD_INSERT_LIBRARIES on macOS. + +20.8 Run web-platform-tests url tests + + Run web-platform-tests url tests and compare results with browsers on wpt.fyi + + It would help us find issues to fix and help us document where our parser + differs from the WHATWG URL spec parsers. + + See https://github.com/curl/curl/issues/4477 + +21. Next SONAME bump + +21.1 http-style HEAD output for FTP + + #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers + from being output in NOBODY requests over FTP + +21.2 combine error codes + + Combine some of the error codes to remove duplicates. The original + numbering should not be changed, and the old identifiers would be + macroed to the new ones in an CURL_NO_OLDIES section to help with + backward compatibility. + + Candidates for removal and their replacements: + + CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND + + CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND + + CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR + + CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT + + CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT + + CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL + + CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND + + CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED + +21.3 extend CURLOPT_SOCKOPTFUNCTION prototype + + The current prototype only provides 'purpose' that tells what the + connection/socket is for, but not any protocol or similar. It makes it hard + for applications to differentiate on TCP vs UDP and even HTTP vs FTP and + similar. + +22. Next major release + +22.1 cleanup return codes + + curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a + CURLMcode. These should be changed to be the same. + +22.2 remove obsolete defines + + remove obsolete defines from curl/curl.h + +22.3 size_t + + make several functions use size_t instead of int in their APIs + +22.4 remove several functions + + remove the following functions from the public API: + + curl_getenv + + curl_mprintf (and variations) + + curl_strequal + + curl_strnequal + + They will instead become curlx_ - alternatives. That makes the curl app + still capable of using them, by building with them from source. + + These functions have no purpose anymore: + + curl_multi_socket + + curl_multi_socket_all + +22.5 remove CURLOPT_FAILONERROR + + Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird + internally. Let the app judge success or not for itself. + +22.7 remove progress meter from libcurl + + The internally provided progress meter output doesn't belong in the library. + Basically no application wants it (apart from curl) but instead applications + can and should do their own progress meters using the progress callback. + + The progress callback should then be bumped as well to get proper 64bit + variable types passed to it instead of doubles so that big files work + correctly. + +22.8 remove 'curl_httppost' from public + + curl_formadd() was made to fill in a public struct, but the fact that the + struct is public is never really used by application for their own advantage + but instead often restricts how the form functions can or can't be modified. + + Changing them to return a private handle will benefit the implementation and + allow us much greater freedoms while still maintaining a solid API and ABI. diff --git a/extern/curl/docs/TheArtOfHttpScripting b/extern/curl/docs/TheArtOfHttpScripting new file mode 100644 index 0000000000..c5b67ca1b5 --- /dev/null +++ b/extern/curl/docs/TheArtOfHttpScripting @@ -0,0 +1,758 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + + +The Art Of Scripting HTTP Requests Using Curl + + 1. HTTP Scripting + 1.1 Background + 1.2 The HTTP Protocol + 1.3 See the Protocol + 1.4 See the Timing + 1.5 See the Response + 2. URL + 2.1 Spec + 2.2 Host + 2.3 Port number + 2.4 User name and password + 2.5 Path part + 3. Fetch a page + 3.1 GET + 3.2 HEAD + 3.3 Multiple URLs in a single command line + 3.4 Multiple HTTP methods in a single command line + 4. HTML forms + 4.1 Forms explained + 4.2 GET + 4.3 POST + 4.4 File Upload POST + 4.5 Hidden Fields + 4.6 Figure Out What A POST Looks Like + 5. HTTP upload + 5.1 PUT + 6. HTTP Authentication + 6.1 Basic Authentication + 6.2 Other Authentication + 6.3 Proxy Authentication + 6.4 Hiding credentials + 7. More HTTP Headers + 7.1 Referer + 7.2 User Agent + 8. Redirects + 8.1 Location header + 8.2 Other redirects + 9. Cookies + 9.1 Cookie Basics + 9.2 Cookie options + 10. HTTPS + 10.1 HTTPS is HTTP secure + 10.2 Certificates + 11. Custom Request Elements + 11.1 Modify method and headers + 11.2 More on changed methods + 12. Web Login + 12.1 Some login tricks + 13. Debug + 13.1 Some debug tricks + 14. References + 14.1 Standards + 14.2 Sites + +============================================================================== + +1. HTTP Scripting + + 1.1 Background + + This document assumes that you're familiar with HTML and general networking. + + The increasing amount of applications moving to the web has made "HTTP + Scripting" more frequently requested and wanted. To be able to automatically + extract information from the web, to fake users, to post or upload data to + web servers are all important tasks today. + + Curl is a command line tool for doing all sorts of URL manipulations and + transfers, but this particular document will focus on how to use it when + doing HTTP requests for fun and profit. I'll assume that you know how to + invoke 'curl --help' or 'curl --manual' to get basic information about it. + + Curl is not written to do everything for you. It makes the requests, it gets + the data, it sends data and it retrieves the information. You probably need + to glue everything together using some kind of script language or repeated + manual invokes. + + 1.2 The HTTP Protocol + + HTTP is the protocol used to fetch data from web servers. It is a very simple + protocol that is built upon TCP/IP. The protocol also allows information to + get sent to the server from the client using a few different methods, as will + be shown here. + + HTTP is plain ASCII text lines being sent by the client to a server to + request a particular action, and then the server replies a few text lines + before the actual requested content is sent to the client. + + The client, curl, sends a HTTP request. The request contains a method (like + GET, POST, HEAD etc), a number of request headers and sometimes a request + body. The HTTP server responds with a status line (indicating if things went + well), response headers and most often also a response body. The "body" part + is the plain data you requested, like the actual HTML or the image etc. + + 1.3 See the Protocol + + Using curl's option --verbose (-v as a short option) will display what kind + of commands curl sends to the server, as well as a few other informational + texts. + + --verbose is the single most useful option when it comes to debug or even + understand the curl<->server interaction. + + Sometimes even --verbose is not enough. Then --trace and --trace-ascii offer + even more details as they show EVERYTHING curl sends and receives. Use it + like this: + + curl --trace-ascii debugdump.txt http://www.example.com/ + + 1.4 See the Timing + + Many times you may wonder what exactly is taking all the time, or you just + want to know the amount of milliseconds between two points in a + transfer. For those, and other similar situations, the --trace-time option + is what you need. It'll prepend the time to each trace output line: + + curl --trace-ascii d.txt --trace-time http://example.com/ + + 1.5 See the Response + + By default curl sends the response to stdout. You need to redirect it + somewhere to avoid that, most often that is done with -o or -O. + +2. URL + + 2.1 Spec + + The Uniform Resource Locator format is how you specify the address of a + particular resource on the Internet. You know these, you've seen URLs like + https://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the + canonical spec. And yeah, the formal name is not URL, it is URI. + + 2.2 Host + + The host name is usually resolved using DNS or your /etc/hosts file to an IP + address and that's what curl will communicate with. Alternatively you specify + the IP address directly in the URL instead of a name. + + For development and other trying out situations, you can point to a different + IP address for a host name than what would otherwise be used, by using curl's + --resolve option: + + curl --resolve www.example.org:80:127.0.0.1 http://www.example.org/ + + 2.3 Port number + + Each protocol curl supports operates on a default port number, be it over TCP + or in some cases UDP. Normally you don't have to take that into + consideration, but at times you run test servers on other ports or + similar. Then you can specify the port number in the URL with a colon and a + number immediately following the host name. Like when doing HTTP to port + 1234: + + curl http://www.example.org:1234/ + + The port number you specify in the URL is the number that the server uses to + offer its services. Sometimes you may use a local proxy, and then you may + need to specify that proxy's port number separately for what curl needs to + connect to locally. Like when using a HTTP proxy on port 4321: + + curl --proxy http://proxy.example.org:4321 http://remote.example.org/ + + 2.4 User name and password + + Some services are setup to require HTTP authentication and then you need to + provide name and password which is then transferred to the remote site in + various ways depending on the exact authentication protocol used. + + You can opt to either insert the user and password in the URL or you can + provide them separately: + + curl http://user:password@example.org/ + + or + + curl -u user:password http://example.org/ + + You need to pay attention that this kind of HTTP authentication is not what + is usually done and requested by user-oriented web sites these days. They + tend to use forms and cookies instead. + + 2.5 Path part + + The path part is just sent off to the server to request that it sends back + the associated response. The path is what is to the right side of the slash + that follows the host name and possibly port number. + +3. Fetch a page + + 3.1 GET + + The simplest and most common request/operation made using HTTP is to GET a + URL. The URL could itself refer to a web page, an image or a file. The client + issues a GET request to the server and receives the document it asked for. + If you issue the command line + + curl https://curl.haxx.se + + you get a web page returned in your terminal window. The entire HTML document + that that URL holds. + + All HTTP replies contain a set of response headers that are normally hidden, + use curl's --include (-i) option to display them as well as the rest of the + document. + + 3.2 HEAD + + You can ask the remote server for ONLY the headers by using the --head (-I) + option which will make curl issue a HEAD request. In some special cases + servers deny the HEAD method while others still work, which is a particular + kind of annoyance. + + The HEAD method is defined and made so that the server returns the headers + exactly the way it would do for a GET, but without a body. It means that you + may see a Content-Length: in the response headers, but there must not be an + actual body in the HEAD response. + + 3.3 Multiple URLs in a single command line + + A single curl command line may involve one or many URLs. The most common case + is probably to just use one, but you can specify any amount of URLs. Yes + any. No limits. You'll then get requests repeated over and over for all the + given URLs. + + Example, send two GETs: + + curl http://url1.example.com http://url2.example.com + + If you use --data to POST to the URL, using multiple URLs means that you send + that same POST to all the given URLs. + + Example, send two POSTs: + + curl --data name=curl http://url1.example.com http://url2.example.com + + + 3.4 Multiple HTTP methods in a single command line + + Sometimes you need to operate on several URLs in a single command line and do + different HTTP methods on each. For this, you'll enjoy the --next option. It + is basically a separator that separates a bunch of options from the next. All + the URLs before --next will get the same method and will get all the POST + data merged into one. + + When curl reaches the --next on the command line, it'll sort of reset the + method and the POST data and allow a new set. + + Perhaps this is best shown with a few examples. To send first a HEAD and then + a GET: + + curl -I http://example.com --next http://example.com + + To first send a POST and then a GET: + + curl -d score=10 http://example.com/post.cgi --next http://example.com/results.html + + +4. HTML forms + + 4.1 Forms explained + + Forms are the general way a web site can present a HTML page with fields for + the user to enter data in, and then press some kind of 'OK' or 'Submit' + button to get that data sent to the server. The server then typically uses + the posted data to decide how to act. Like using the entered words to search + in a database, or to add the info in a bug tracking system, display the entered + address on a map or using the info as a login-prompt verifying that the user + is allowed to see what it is about to see. + + Of course there has to be some kind of program on the server end to receive + the data you send. You cannot just invent something out of the air. + + 4.2 GET + + A GET-form uses the method GET, as specified in HTML like: + +
+ + +
+ + In your favorite browser, this form will appear with a text box to fill in + and a press-button labeled "OK". If you fill in '1905' and press the OK + button, your browser will then create a new URL to get for you. The URL will + get "junk.cgi?birthyear=1905&press=OK" appended to the path part of the + previous URL. + + If the original form was seen on the page "www.hotmail.com/when/birth.html", + the second page you'll get will become + "www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK". + + Most search engines work this way. + + To make curl do the GET form post for you, just enter the expected created + URL: + + curl "http://www.hotmail.com/when/junk.cgi?birthyear=1905&press=OK" + + 4.3 POST + + The GET method makes all input field names get displayed in the URL field of + your browser. That's generally a good thing when you want to be able to + bookmark that page with your given data, but it is an obvious disadvantage + if you entered secret information in one of the fields or if there are a + large amount of fields creating a very long and unreadable URL. + + The HTTP protocol then offers the POST method. This way the client sends the + data separated from the URL and thus you won't see any of it in the URL + address field. + + The form would look very similar to the previous one: + +
+ + +
+ + And to use curl to post this form with the same data filled in as before, we + could do it like: + + curl --data "birthyear=1905&press=%20OK%20" \ + http://www.example.com/when.cgi + + This kind of POST will use the Content-Type + application/x-www-form-urlencoded and is the most widely used POST kind. + + The data you send to the server MUST already be properly encoded, curl will + not do that for you. For example, if you want the data to contain a space, + you need to replace that space with %20 etc. Failing to comply with this + will most likely cause your data to be received wrongly and messed up. + + Recent curl versions can in fact url-encode POST data for you, like this: + + curl --data-urlencode "name=I am Daniel" http://www.example.com + + If you repeat --data several times on the command line, curl will + concatenate all the given data pieces - and put a '&' symbol between each + data segment. + + 4.4 File Upload POST + + Back in late 1995 they defined an additional way to post data over HTTP. It + is documented in the RFC 1867, why this method sometimes is referred to as + RFC1867-posting. + + This method is mainly designed to better support file uploads. A form that + allows a user to upload a file could be written like this in HTML: + +
+ + +
+ + This clearly shows that the Content-Type about to be sent is + multipart/form-data. + + To post to a form like this with curl, you enter a command line like: + + curl --form upload=@localfilename --form press=OK [URL] + + 4.5 Hidden Fields + + A very common way for HTML based applications to pass state information + between pages is to add hidden fields to the forms. Hidden fields are + already filled in, they aren't displayed to the user and they get passed + along just as all the other fields. + + A similar example form with one visible field, one hidden field and one + submit button could look like: + +
+ + + +
+ + To POST this with curl, you won't have to think about if the fields are + hidden or not. To curl they're all the same: + + curl --data "birthyear=1905&press=OK&person=daniel" [URL] + + 4.6 Figure Out What A POST Looks Like + + When you're about fill in a form and send to a server by using curl instead + of a browser, you're of course very interested in sending a POST exactly the + way your browser does. + + An easy way to get to see this, is to save the HTML page with the form on + your local disk, modify the 'method' to a GET, and press the submit button + (you could also change the action URL if you want to). + + You will then clearly see the data get appended to the URL, separated with a + '?'-letter as GET forms are supposed to. + +5. HTTP upload + + 5.1 PUT + + Perhaps the best way to upload data to a HTTP server is to use PUT. Then + again, this of course requires that someone put a program or script on the + server end that knows how to receive a HTTP PUT stream. + + Put a file to a HTTP server with curl: + + curl --upload-file uploadfile http://www.example.com/receive.cgi + +6. HTTP Authentication + + 6.1 Basic Authentication + + HTTP Authentication is the ability to tell the server your username and + password so that it can verify that you're allowed to do the request you're + doing. The Basic authentication used in HTTP (which is the type curl uses by + default) is *plain* *text* based, which means it sends username and password + only slightly obfuscated, but still fully readable by anyone that sniffs on + the network between you and the remote server. + + To tell curl to use a user and password for authentication: + + curl --user name:password http://www.example.com + + 6.2 Other Authentication + + The site might require a different authentication method (check the headers + returned by the server), and then --ntlm, --digest, --negotiate or even + --anyauth might be options that suit you. + + 6.3 Proxy Authentication + + Sometimes your HTTP access is only available through the use of a HTTP + proxy. This seems to be especially common at various companies. A HTTP proxy + may require its own user and password to allow the client to get through to + the Internet. To specify those with curl, run something like: + + curl --proxy-user proxyuser:proxypassword curl.haxx.se + + If your proxy requires the authentication to be done using the NTLM method, + use --proxy-ntlm, if it requires Digest use --proxy-digest. + + If you use any one of these user+password options but leave out the password + part, curl will prompt for the password interactively. + + 6.4 Hiding credentials + + Do note that when a program is run, its parameters might be possible to see + when listing the running processes of the system. Thus, other users may be + able to watch your passwords if you pass them as plain command line + options. There are ways to circumvent this. + + It is worth noting that while this is how HTTP Authentication works, very + many web sites will not use this concept when they provide logins etc. See + the Web Login chapter further below for more details on that. + +7. More HTTP Headers + + 7.1 Referer + + A HTTP request may include a 'referer' field (yes it is misspelled), which + can be used to tell from which URL the client got to this particular + resource. Some programs/scripts check the referer field of requests to verify + that this wasn't arriving from an external site or an unknown page. While + this is a stupid way to check something so easily forged, many scripts still + do it. Using curl, you can put anything you want in the referer-field and + thus more easily be able to fool the server into serving your request. + + Use curl to set the referer field with: + + curl --referer http://www.example.come http://www.example.com + + 7.2 User Agent + + Very similar to the referer field, all HTTP requests may set the User-Agent + field. It names what user agent (client) that is being used. Many + applications use this information to decide how to display pages. Silly web + programmers try to make different pages for users of different browsers to + make them look the best possible for their particular browsers. They usually + also do different kinds of javascript, vbscript etc. + + At times, you will see that getting a page with curl will not return the same + page that you see when getting the page with your browser. Then you know it + is time to set the User Agent field to fool the server into thinking you're + one of those browsers. + + To make curl look like Internet Explorer 5 on a Windows 2000 box: + + curl --user-agent "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)" [URL] + + Or why not look like you're using Netscape 4.73 on an old Linux box: + + curl --user-agent "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" [URL] + +8. Redirects + + 8.1 Location header + + When a resource is requested from a server, the reply from the server may + include a hint about where the browser should go next to find this page, or a + new page keeping newly generated output. The header that tells the browser + to redirect is Location:. + + Curl does not follow Location: headers by default, but will simply display + such pages in the same manner it displays all HTTP replies. It does however + feature an option that will make it attempt to follow the Location: pointers. + + To tell curl to follow a Location: + + curl --location http://www.example.com + + If you use curl to POST to a site that immediately redirects you to another + page, you can safely use --location (-L) and --data/--form together. Curl will + only use POST in the first request, and then revert to GET in the following + operations. + + 8.2 Other redirects + + Browser typically support at least two other ways of redirects that curl + doesn't: first the html may contain a meta refresh tag that asks the browser + to load a specific URL after a set number of seconds, or it may use + javascript to do it. + +9. Cookies + + 9.1 Cookie Basics + + The way the web browsers do "client side state control" is by using + cookies. Cookies are just names with associated contents. The cookies are + sent to the client by the server. The server tells the client for what path + and host name it wants the cookie sent back, and it also sends an expiration + date and a few more properties. + + When a client communicates with a server with a name and path as previously + specified in a received cookie, the client sends back the cookies and their + contents to the server, unless of course they are expired. + + Many applications and servers use this method to connect a series of requests + into a single logical session. To be able to use curl in such occasions, we + must be able to record and send back cookies the way the web application + expects them. The same way browsers deal with them. + + 9.2 Cookie options + + The simplest way to send a few cookies to the server when getting a page with + curl is to add them on the command line like: + + curl --cookie "name=Daniel" http://www.example.com + + Cookies are sent as common HTTP headers. This is practical as it allows curl + to record cookies simply by recording headers. Record cookies with curl by + using the --dump-header (-D) option like: + + curl --dump-header headers_and_cookies http://www.example.com + + (Take note that the --cookie-jar option described below is a better way to + store cookies.) + + Curl has a full blown cookie parsing engine built-in that comes in use if you + want to reconnect to a server and use cookies that were stored from a + previous connection (or hand-crafted manually to fool the server into + believing you had a previous connection). To use previously stored cookies, + you run curl like: + + curl --cookie stored_cookies_in_file http://www.example.com + + Curl's "cookie engine" gets enabled when you use the --cookie option. If you + only want curl to understand received cookies, use --cookie with a file that + doesn't exist. Example, if you want to let curl understand cookies from a + page and follow a location (and thus possibly send back cookies it received), + you can invoke it like: + + curl --cookie nada --location http://www.example.com + + Curl has the ability to read and write cookie files that use the same file + format that Netscape and Mozilla once used. It is a convenient way to share + cookies between scripts or invokes. The --cookie (-b) switch automatically + detects if a given file is such a cookie file and parses it, and by using the + --cookie-jar (-c) option you'll make curl write a new cookie file at the end + of an operation: + + curl --cookie cookies.txt --cookie-jar newcookies.txt \ + http://www.example.com + +10. HTTPS + + 10.1 HTTPS is HTTP secure + + There are a few ways to do secure HTTP transfers. By far the most common + protocol for doing this is what is generally known as HTTPS, HTTP over + SSL. SSL encrypts all the data that is sent and received over the network and + thus makes it harder for attackers to spy on sensitive information. + + SSL (or TLS as the latest version of the standard is called) offers a + truckload of advanced features to allow all those encryptions and key + infrastructure mechanisms encrypted HTTP requires. + + Curl supports encrypted fetches when built to use a TLS library and it can be + built to use one out of a fairly large set of libraries - "curl -V" will show + which one your curl was built to use (if any!). To get a page from a HTTPS + server, simply run curl like: + + curl https://secure.example.com + + 10.2 Certificates + + In the HTTPS world, you use certificates to validate that you are the one + you claim to be, as an addition to normal passwords. Curl supports client- + side certificates. All certificates are locked with a pass phrase, which you + need to enter before the certificate can be used by curl. The pass phrase + can be specified on the command line or if not, entered interactively when + curl queries for it. Use a certificate with curl on a HTTPS server like: + + curl --cert mycert.pem https://secure.example.com + + curl also tries to verify that the server is who it claims to be, by + verifying the server's certificate against a locally stored CA cert + bundle. Failing the verification will cause curl to deny the connection. You + must then use --insecure (-k) in case you want to tell curl to ignore that + the server can't be verified. + + More about server certificate verification and ca cert bundles can be read + in the SSLCERTS document, available online here: + + https://curl.haxx.se/docs/sslcerts.html + + At times you may end up with your own CA cert store and then you can tell + curl to use that to verify the server's certificate: + + curl --cacert ca-bundle.pem https://example.com/ + + +11. Custom Request Elements + +11.1 Modify method and headers + + Doing fancy stuff, you may need to add or change elements of a single curl + request. + + For example, you can change the POST request to a PROPFIND and send the data + as "Content-Type: text/xml" (instead of the default Content-Type) like this: + + curl --data "" --header "Content-Type: text/xml" \ + --request PROPFIND url.com + + You can delete a default header by providing one without content. Like you + can ruin the request by chopping off the Host: header: + + curl --header "Host:" http://www.example.com + + You can add headers the same way. Your server may want a "Destination:" + header, and you can add it: + + curl --header "Destination: http://nowhere" http://example.com + + 11.2 More on changed methods + + It should be noted that curl selects which methods to use on its own + depending on what action to ask for. -d will do POST, -I will do HEAD and so + on. If you use the --request / -X option you can change the method keyword + curl selects, but you will not modify curl's behavior. This means that if you + for example use -d "data" to do a POST, you can modify the method to a + PROPFIND with -X and curl will still think it sends a POST. You can change + the normal GET to a POST method by simply adding -X POST in a command line + like: + + curl -X POST http://example.org/ + + ... but curl will still think and act as if it sent a GET so it won't send any + request body etc. + + +12. Web Login + + 12.1 Some login tricks + + While not strictly just HTTP related, it still causes a lot of people problems + so here's the executive run-down of how the vast majority of all login forms + work and how to login to them using curl. + + It can also be noted that to do this properly in an automated fashion, you + will most certainly need to script things and do multiple curl invokes etc. + + First, servers mostly use cookies to track the logged-in status of the + client, so you will need to capture the cookies you receive in the + responses. Then, many sites also set a special cookie on the login page (to + make sure you got there through their login page) so you should make a habit + of first getting the login-form page to capture the cookies set there. + + Some web-based login systems feature various amounts of javascript, and + sometimes they use such code to set or modify cookie contents. Possibly they + do that to prevent programmed logins, like this manual describes how to... + Anyway, if reading the code isn't enough to let you repeat the behavior + manually, capturing the HTTP requests done by your browsers and analyzing the + sent cookies is usually a working method to work out how to shortcut the + javascript need. + + In the actual
tag for the login, lots of sites fill-in random/session + or otherwise secretly generated hidden tags and you may need to first capture + the HTML code for the login form and extract all the hidden fields to be able + to do a proper login POST. Remember that the contents need to be URL encoded + when sent in a normal POST. + +13. Debug + + 13.1 Some debug tricks + + Many times when you run curl on a site, you'll notice that the site doesn't + seem to respond the same way to your curl requests as it does to your + browser's. + + Then you need to start making your curl requests more similar to your + browser's requests: + + * Use the --trace-ascii option to store fully detailed logs of the requests + for easier analyzing and better understanding + + * Make sure you check for and use cookies when needed (both reading with + --cookie and writing with --cookie-jar) + + * Set user-agent to one like a recent popular browser does + + * Set referer like it is set by the browser + + * If you use POST, make sure you send all the fields and in the same order as + the browser does it. + + A very good helper to make sure you do this right, is the LiveHTTPHeader tool + that lets you view all headers you send and receive with Mozilla/Firefox + (even when using HTTPS). Chrome features similar functionality out of the box + among the developer's tools. + + A more raw approach is to capture the HTTP traffic on the network with tools + such as ethereal or tcpdump and check what headers that were sent and + received by the browser. (HTTPS makes this technique inefficient.) + +14. References + + 14.1 Standards + + RFC 7230 is a must to read if you want in-depth understanding of the HTTP + protocol + + RFC 3986 explains the URL syntax + + RFC 1867 defines the HTTP post upload format + + RFC 6525 defines how HTTP cookies work + + 14.2 Sites + + https://curl.haxx.se is the home of the curl project diff --git a/extern/curl/docs/VERSIONS b/extern/curl/docs/VERSIONS new file mode 100644 index 0000000000..72a45474de --- /dev/null +++ b/extern/curl/docs/VERSIONS @@ -0,0 +1,56 @@ +Version Numbers and Releases +============================ + + Curl is not only curl. Curl is also libcurl. They're actually individually + versioned, but they mostly follow each other rather closely. + + The version numbering is always built up using the same system: + + X.Y.Z + + - X is main version number + - Y is release number + - Z is patch number + +## Bumping numbers + + One of these numbers will get bumped in each new release. The numbers to the + right of a bumped number will be reset to zero. If Z is zero, it may not be + included in the version number. + + The main version number will get bumped when *really* big, world colliding + changes are made. The release number is bumped when changes are performed or + things/features are added. The patch number is bumped when the changes are + mere bugfixes. + + It means that after release 1.2.3, we can release 2.0 if something really big + has been made, 1.3 if not that big changes were made or 1.2.4 if mostly bugs + were fixed. + + Bumping, as in increasing the number with 1, is unconditionally only + affecting one of the numbers (except the ones to the right of it, that may be + set to zero). 1 becomes 2, 3 becomes 4, 9 becomes 10, 88 becomes 89 and 99 + becomes 100. So, after 1.2.9 comes 1.2.10. After 3.99.3, 3.100 might come. + + All original curl source release archives are named according to the libcurl + version (not according to the curl client version that, as said before, might + differ). + + As a service to any application that might want to support new libcurl + features while still being able to build with older versions, all releases + have the libcurl version stored in the curl/curlver.h file using a static + numbering scheme that can be used for comparison. The version number is + defined as: + + #define LIBCURL_VERSION_NUM 0xXXYYZZ + + Where XX, YY and ZZ are the main version, release and patch numbers in + hexadecimal. All three number fields are always represented using two digits + (eight bits each). 1.2 would appear as "0x010200" while version 9.11.7 + appears as "0x090b07". + + This 6-digit hexadecimal number is always a greater number in a more recent + release. It makes comparisons with greater than and less than work. + + This number is also available as three separate defines: + `LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`. diff --git a/extern/curl/docs/cmdline-opts/CMakeLists.txt b/extern/curl/docs/cmdline-opts/CMakeLists.txt new file mode 100644 index 0000000000..3c020d418d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/CMakeLists.txt @@ -0,0 +1,12 @@ +set(MANPAGE "${CURL_BINARY_DIR}/docs/curl.1") + +# Load DPAGES and OTHERPAGES from shared file +transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") +include("${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") + +add_custom_command(OUTPUT "${MANPAGE}" + COMMAND "${PERL_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/gen.pl" mainpage "${CMAKE_CURRENT_SOURCE_DIR}" > "${MANPAGE}" + DEPENDS ${DPAGES} ${OTHERPAGES} + VERBATIM +) +add_custom_target(generate-curl.1 DEPENDS "${MANPAGE}") diff --git a/extern/curl/docs/cmdline-opts/MANPAGE.md b/extern/curl/docs/cmdline-opts/MANPAGE.md new file mode 100644 index 0000000000..3a8270b03e --- /dev/null +++ b/extern/curl/docs/cmdline-opts/MANPAGE.md @@ -0,0 +1,52 @@ +# curl man page generator + +This is the curl man page generator. It generates a single nroff man page +output from the set of sources files in this directory. + +There is one source file for each supported command line option. The format is +described below. + +## Option files + +Each command line option is described in a file named `.d`, where +option name is written without any prefixing dashes. Like the file name for +the -v, --verbose option is named `verbose.d`. + +Each file has a set of meta-data and a body of text. + +### Meta-data + + Short: (single letter, without dash) + Long: (long form name, without dashes) + Arg: (the argument the option takes) + Magic: (description of "magic" options) + Tags: (space separated list) + Protocols: (space separated list for which protocols this option works) + Added: (version number in which this was added) + Mutexed: (space separated list of options this overrides, no dashes) + Requires: (space separated list of features this requires, no dashes) + See-also: (space separated list of related options, no dashes) + Help: (short text for the --help output for this option) + --- (end of meta-data) + +### Body + +The body of the description. Only refer to options with their long form option +version, like --verbose. The output generator will replace such with the +correct markup that shows both short and long version. + +## Header + +`page-header` is the nroff formatted file that will be output before the +generated options output for the master man page. + +## Generate + +`./gen.pl mainpage` + +This command outputs a single huge nroff file, meant to become `curl.1`. The +full curl man page. + +`./gen.pl listhelp` + +Generates a full `curl --help` output for all known command line options. diff --git a/extern/curl/docs/cmdline-opts/Makefile.am b/extern/curl/docs/cmdline-opts/Makefile.am new file mode 100644 index 0000000000..e6ecf7a6b0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/Makefile.am @@ -0,0 +1,34 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### + +AUTOMAKE_OPTIONS = foreign no-dependencies + +MANPAGE = $(top_builddir)/docs/curl.1 + +include Makefile.inc + +EXTRA_DIST = $(DPAGES) MANPAGE.md gen.pl $(OTHERPAGES) CMakeLists.txt + +all: $(MANPAGE) + +$(MANPAGE): $(DPAGES) $(OTHERPAGES) Makefile.inc + @PERL@ $(srcdir)/gen.pl mainpage $(srcdir) > $(MANPAGE) diff --git a/extern/curl/docs/cmdline-opts/Makefile.inc b/extern/curl/docs/cmdline-opts/Makefile.inc new file mode 100644 index 0000000000..829551ff62 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/Makefile.inc @@ -0,0 +1,215 @@ +# Shared between Makefile.am and CMakeLists.txt + +DPAGES = \ + abstract-unix-socket.d \ + alt-svc.d \ + anyauth.d \ + append.d basic.d \ + cacert.d capath.d \ + cert-status.d \ + cert-type.d \ + cert.d \ + ciphers.d \ + compressed-ssh.d \ + compressed.d \ + config.d \ + connect-timeout.d \ + connect-to.d \ + continue-at.d \ + cookie-jar.d \ + cookie.d \ + create-dirs.d \ + crlf.d crlfile.d \ + data-ascii.d \ + data-binary.d \ + data-urlencode.d \ + data.d data-raw.d \ + delegation.d \ + digest.d \ + disable-eprt.d \ + disable-epsv.d \ + disable.d \ + disallow-username-in-url.d \ + dns-interface.d \ + dns-ipv4-addr.d \ + dns-ipv6-addr.d \ + dns-servers.d \ + doh-url.d \ + dump-header.d \ + egd-file.d \ + engine.d \ + etag-save.d \ + etag-compare.d \ + expect100-timeout.d \ + fail-early.d \ + fail.d \ + false-start.d \ + form-string.d \ + form.d \ + ftp-account.d \ + ftp-alternative-to-user.d \ + ftp-create-dirs.d \ + ftp-method.d \ + ftp-pasv.d \ + ftp-port.d \ + ftp-pret.d \ + ftp-skip-pasv-ip.d \ + ftp-ssl-ccc-mode.d \ + ftp-ssl-ccc.d \ + ftp-ssl-control.d \ + get.d globoff.d \ + happy-eyeballs-timeout-ms.d \ + haproxy-protocol.d \ + head.d header.d \ + help.d \ + hostpubmd5.d \ + http0.9.d \ + http1.0.d \ + http1.1.d http2.d \ + http2-prior-knowledge.d \ + http3.d \ + ignore-content-length.d \ + include.d \ + insecure.d \ + interface.d \ + ipv4.d ipv6.d \ + junk-session-cookies.d \ + keepalive-time.d \ + key.d key-type.d \ + krb.d libcurl.d \ + limit-rate.d \ + list-only.d \ + local-port.d \ + location-trusted.d \ + location.d \ + login-options.d \ + mail-auth.d \ + mail-from.d \ + mail-rcpt.d \ + manual.d \ + max-filesize.d \ + max-redirs.d \ + max-time.d \ + metalink.d \ + negotiate.d \ + netrc-file.d \ + netrc-optional.d \ + netrc.d \ + next.d no-alpn.d \ + no-buffer.d \ + no-keepalive.d \ + no-npn.d \ + no-progress-meter.d \ + no-sessionid.d \ + noproxy.d \ + ntlm.d ntlm-wb.d \ + oauth2-bearer.d \ + output.d \ + parallel-immediate.d \ + parallel-max.d \ + parallel.d \ + pass.d \ + path-as-is.d \ + pinnedpubkey.d \ + post301.d \ + post302.d \ + post303.d \ + preproxy.d \ + progress-bar.d \ + proto-default.d \ + proto-redir.d \ + proto.d \ + proxy-anyauth.d \ + proxy-basic.d \ + proxy-cacert.d \ + proxy-capath.d \ + proxy-cert-type.d \ + proxy-cert.d \ + proxy-ciphers.d \ + proxy-crlfile.d \ + proxy-digest.d \ + proxy-header.d \ + proxy-insecure.d \ + proxy-key-type.d \ + proxy-key.d \ + proxy-negotiate.d \ + proxy-ntlm.d \ + proxy-pass.d \ + proxy-pinnedpubkey.d \ + proxy-service-name.d \ + proxy-ssl-allow-beast.d \ + proxy-tls13-ciphers.d \ + proxy-tlsauthtype.d \ + proxy-tlspassword.d \ + proxy-tlsuser.d \ + proxy-tlsv1.d \ + proxy-user.d \ + proxy.d \ + proxy1.0.d \ + proxytunnel.d \ + pubkey.d quote.d \ + random-file.d \ + range.d raw.d \ + referer.d \ + remote-header-name.d \ + remote-name-all.d \ + remote-name.d \ + remote-time.d \ + request-target.d \ + request.d \ + resolve.d \ + retry-connrefused.d \ + retry-delay.d \ + retry-max-time.d \ + retry.d \ + sasl-authzid.d \ + sasl-ir.d \ + service-name.d \ + show-error.d \ + silent.d \ + socks4.d socks5.d \ + socks4a.d \ + socks5-basic.d \ + socks5-gssapi-nec.d \ + socks5-gssapi-service.d \ + socks5-gssapi.d \ + socks5-hostname.d \ + speed-limit.d \ + speed-time.d \ + ssl-allow-beast.d \ + ssl-no-revoke.d \ + ssl-reqd.d \ + ssl.d \ + sslv2.d sslv3.d \ + stderr.d \ + styled-output.d \ + suppress-connect-headers.d \ + tcp-fastopen.d \ + tcp-nodelay.d \ + telnet-option.d \ + tftp-blksize.d \ + tftp-no-options.d \ + time-cond.d \ + tls-max.d \ + tls13-ciphers.d \ + tlsauthtype.d \ + tlspassword.d \ + tlsuser.d \ + tlsv1.0.d \ + tlsv1.1.d \ + tlsv1.2.d \ + tlsv1.3.d tlsv1.d \ + tr-encoding.d \ + trace-ascii.d \ + trace-time.d \ + trace.d \ + unix-socket.d \ + upload-file.d \ + url.d use-ascii.d \ + user-agent.d \ + user.d verbose.d \ + version.d \ + write-out.d \ + xattr.d + +OTHERPAGES = page-footer page-header diff --git a/extern/curl/docs/cmdline-opts/abstract-unix-socket.d b/extern/curl/docs/cmdline-opts/abstract-unix-socket.d new file mode 100644 index 0000000000..1fda4e5df3 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/abstract-unix-socket.d @@ -0,0 +1,9 @@ +Long: abstract-unix-socket +Arg: +Help: Connect via abstract Unix domain socket +Added: 7.53.0 +Protocols: HTTP +--- +Connect through an abstract Unix domain socket, instead of using the network. +Note: netstat shows the path of an abstract socket prefixed with '@', however +the argument should not have this leading character. diff --git a/extern/curl/docs/cmdline-opts/alt-svc.d b/extern/curl/docs/cmdline-opts/alt-svc.d new file mode 100644 index 0000000000..15877a2fee --- /dev/null +++ b/extern/curl/docs/cmdline-opts/alt-svc.d @@ -0,0 +1,17 @@ +Long: alt-svc +Arg: +Protocols: HTTPS +Help: Enable alt-svc with this cache file +Added: 7.64.1 +--- +WARNING: this option is experimental. Do not use in production. + +This option enables the alt-svc parser in curl. If the file name points to an +existing alt-svc cache file, that will be used. After a completed transfer, +the cache will be saved to the file name again if it has been modified. + +Specify a "" file name (zero length) to avoid loading/saving and make curl +just handle the cache in memory. + +If this option is used several times, curl will load contents from all the +files but the last one will be used for saving. diff --git a/extern/curl/docs/cmdline-opts/anyauth.d b/extern/curl/docs/cmdline-opts/anyauth.d new file mode 100644 index 0000000000..c32d1ed5ef --- /dev/null +++ b/extern/curl/docs/cmdline-opts/anyauth.d @@ -0,0 +1,17 @@ +Long: anyauth +Help: Pick any authentication method +Protocols: HTTP +See-also: proxy-anyauth basic digest +--- +Tells curl to figure out authentication method by itself, and use the most +secure one the remote site claims to support. This is done by first doing a +request and checking the response-headers, thus possibly inducing an extra +network round-trip. This is used instead of setting a specific authentication +method, which you can do with --basic, --digest, --ntlm, and --negotiate. + +Using --anyauth is not recommended if you do uploads from stdin, since it may +require data to be sent twice and then the client must be able to rewind. If +the need should arise when uploading from stdin, the upload operation will +fail. + +Used together with --user. diff --git a/extern/curl/docs/cmdline-opts/append.d b/extern/curl/docs/cmdline-opts/append.d new file mode 100644 index 0000000000..f001b1239d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/append.d @@ -0,0 +1,8 @@ +Short: a +Long: append +Help: Append to target file when uploading +Protocols: FTP SFTP +--- +When used in an upload, this makes curl append to the target file instead of +overwriting it. If the remote file doesn't exist, it will be created. Note +that this flag is ignored by some SFTP servers (including OpenSSH). diff --git a/extern/curl/docs/cmdline-opts/basic.d b/extern/curl/docs/cmdline-opts/basic.d new file mode 100644 index 0000000000..09d42af9d4 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/basic.d @@ -0,0 +1,11 @@ +Long: basic +Help: Use HTTP Basic Authentication +See-also: proxy-basic +Protocols: HTTP +--- +Tells curl to use HTTP Basic authentication with the remote host. This is the +default and this option is usually pointless, unless you use it to override a +previously set option that sets a different authentication method (such as +--ntlm, --digest, or --negotiate). + +Used together with --user. diff --git a/extern/curl/docs/cmdline-opts/cacert.d b/extern/curl/docs/cmdline-opts/cacert.d new file mode 100644 index 0000000000..6a56787522 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/cacert.d @@ -0,0 +1,33 @@ +Long: cacert +Arg: +Help: CA certificate to verify peer against +Protocols: TLS +--- +Tells curl to use the specified certificate file to verify the peer. The file +may contain multiple CA certificates. The certificate(s) must be in PEM +format. Normally curl is built to use a default file for this, so this option +is typically used to alter that default file. + +curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is +set, and uses the given path as a path to a CA cert bundle. This option +overrides that variable. + +The windows version of curl will automatically look for a CA certs file named +\'curl-ca-bundle.crt\', either in the same directory as curl.exe, or in the +Current Working Directory, or in any folder along your PATH. + +If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module +(libnsspem.so) needs to be available for this option to work properly. + +(iOS and macOS only) If curl is built against Secure Transport, then this +option is supported for backward compatibility with other SSL engines, but it +should not be set. If the option is not set, then curl will use the +certificates in the system and user Keychain to verify the peer, which is the +preferred method of verifying the peer's certificate chain. + +(Schannel only) This option is supported for Schannel in Windows 7 or later with +libcurl 7.60 or later. This option is supported for backward compatibility +with other SSL engines; instead it is recommended to use Windows' store of +root certificates (the default for Schannel). + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/capath.d b/extern/curl/docs/cmdline-opts/capath.d new file mode 100644 index 0000000000..0763f7a0d4 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/capath.d @@ -0,0 +1,15 @@ +Long: capath +Arg: +Help: CA directory to verify peer against +Protocols: TLS +--- +Tells curl to use the specified certificate directory to verify the +peer. Multiple paths can be provided by separating them with ":" (e.g. +\&"path1:path2:path3"). The certificates must be in PEM format, and if curl is +built against OpenSSL, the directory must have been processed using the +c_rehash utility supplied with OpenSSL. Using --capath can allow +OpenSSL-powered curl to make SSL-connections much more efficiently than using +--cacert if the --cacert file contains many CA certificates. + +If this option is set, the default capath value will be ignored, and if it is +used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/cert-status.d b/extern/curl/docs/cmdline-opts/cert-status.d new file mode 100644 index 0000000000..f1aaa21744 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/cert-status.d @@ -0,0 +1,13 @@ +Long: cert-status +Protocols: TLS +Added: 7.41.0 +Help: Verify the status of the server certificate +--- +Tells curl to verify the status of the server certificate by using the +Certificate Status Request (aka. OCSP stapling) TLS extension. + +If this option is enabled and the server sends an invalid (e.g. expired) +response, if the response suggests that the server certificate has been revoked, +or no response at all is received, the verification fails. + +This is currently only implemented in the OpenSSL, GnuTLS and NSS backends. diff --git a/extern/curl/docs/cmdline-opts/cert-type.d b/extern/curl/docs/cmdline-opts/cert-type.d new file mode 100644 index 0000000000..55d8033b45 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/cert-type.d @@ -0,0 +1,10 @@ +Long: cert-type +Protocols: TLS +Arg: +Help: Certificate file type +See-also: cert key key-type +--- +Tells curl what type the provided client certificate is using. PEM, DER, ENG +and P12 are recognized types. If not specified, PEM is assumed. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/cert.d b/extern/curl/docs/cmdline-opts/cert.d new file mode 100644 index 0000000000..de6b42060f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/cert.d @@ -0,0 +1,50 @@ +Short: E +Long: cert +Arg: +Help: Client certificate file and password +Protocols: TLS +See-also: cert-type key key-type +--- +Tells curl to use the specified client certificate file when getting a file +with HTTPS, FTPS or another SSL-based protocol. The certificate must be in +PKCS#12 format if using Secure Transport, or PEM format if using any other +engine. If the optional password isn't specified, it will be queried for on +the terminal. Note that this option assumes a \&"certificate" file that is the +private key and the client certificate concatenated! See --cert and --key to +specify them independently. + +If curl is built against the NSS SSL library then this option can tell +curl the nickname of the certificate to use within the NSS database defined +by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the +NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be +loaded. If you want to use a file from the current directory, please precede +it with "./" prefix, in order to avoid confusion with a nickname. If the +nickname contains ":", it needs to be preceded by "\\" so that it is not +recognized as password delimiter. If the nickname contains "\\", it needs to +be escaped as "\\\\" so that it is not recognized as an escape character. + +If curl is built against OpenSSL library, and the engine pkcs11 is available, +then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in +a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a +PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set +as "pkcs11" if none was provided and the --cert-type option will be set as +"ENG" if none was provided. + +(iOS and macOS only) If curl is built against Secure Transport, then the +certificate string can either be the name of a certificate/private key in the +system or user keychain, or the path to a PKCS#12-encoded certificate and +private key. If you want to use a file from the current directory, please +precede it with "./" prefix, in order to avoid confusion with a nickname. + +(Schannel only) Client certificates must be specified by a path +expression to a certificate store. (Loading PFX is not supported; you can +import it to a store first). You can use +"\\\\" to refer to a certificate +in the system certificates store, for example, +"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is +usually a SHA-1 hex string which you can see in certificate details. Following +store locations are supported: CurrentUser, LocalMachine, CurrentService, +Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, +LocalMachineEnterprise. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/ciphers.d b/extern/curl/docs/cmdline-opts/ciphers.d new file mode 100644 index 0000000000..69e85525a5 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ciphers.d @@ -0,0 +1,11 @@ +Long: ciphers +Arg: +Help: SSL ciphers to use +Protocols: TLS +--- +Specifies which ciphers to use in the connection. The list of ciphers must +specify valid ciphers. Read up on SSL cipher list details on this URL: + + https://curl.haxx.se/docs/ssl-ciphers.html + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/compressed-ssh.d b/extern/curl/docs/cmdline-opts/compressed-ssh.d new file mode 100644 index 0000000000..583452ae47 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/compressed-ssh.d @@ -0,0 +1,7 @@ +Long: compressed-ssh +Help: Enable SSH compression +Protocols: SCP SFTP +Added: 7.56.0 +--- +Enables built-in SSH compression. +This is a request, not an order; the server may or may not do it. diff --git a/extern/curl/docs/cmdline-opts/compressed.d b/extern/curl/docs/cmdline-opts/compressed.d new file mode 100644 index 0000000000..dc130c1f02 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/compressed.d @@ -0,0 +1,7 @@ +Long: compressed +Help: Request compressed response +Protocols: HTTP +--- +Request a compressed response using one of the algorithms curl supports, and +save the uncompressed document. If this option is used and the server sends +an unsupported encoding, curl will report an error. diff --git a/extern/curl/docs/cmdline-opts/config.d b/extern/curl/docs/cmdline-opts/config.d new file mode 100644 index 0000000000..df3d39220a --- /dev/null +++ b/extern/curl/docs/cmdline-opts/config.d @@ -0,0 +1,61 @@ +Long: config +Arg: +Help: Read config from a file +Short: K +--- + +Specify a text file to read curl arguments from. The command line arguments +found in the text file will be used as if they were provided on the command +line. + +Options and their parameters must be specified on the same line in the file, +separated by whitespace, colon, or the equals sign. Long option names can +optionally be given in the config file without the initial double dashes and +if so, the colon or equals characters can be used as separators. If the option +is specified with one or two dashes, there can be no colon or equals character +between the option and its parameter. + +If the parameter contains whitespace (or starts with : or =), the parameter +must be enclosed within quotes. Within double quotes, the following escape +sequences are available: \\\\, \\", \\t, \\n, \\r and \\v. A backslash +preceding any other letter is ignored. If the first column of a config line is +a '#' character, the rest of the line will be treated as a comment. Only write +one option per physical line in the config file. + +Specify the filename to --config as '-' to make curl read the file from stdin. + +Note that to be able to specify a URL in the config file, you need to specify +it using the --url option, and not by simply writing the URL on its own +line. So, it could look similar to this: + +url = "https://curl.haxx.se/docs/" + +When curl is invoked, it (unless --disable is used) checks for a default +config file and uses it if found. The default config file is checked for in +the following places in this order: + +1) curl tries to find the "home dir": It first checks for the CURL_HOME and +then the HOME environment variables. Failing that, it uses getpwuid() on +Unix-like systems (which returns the home dir given the current user in your +system). On Windows, it then checks for the APPDATA variable, or as a last +resort the '%USERPROFILE%\\Application Data'. + +2) On windows, if there is no .curlrc file in the home dir, it checks for one +in the same dir the curl executable is placed. On Unix-like systems, it will +simply try to load .curlrc from the determined home dir. + +.nf +# --- Example file --- +# this is a comment +url = "example.com" +output = "curlhere.html" +user-agent = "superagent/1.0" + +# and fetch another URL too +url = "example.com/docs/manpage.html" +-O +referer = "http://nowhereatall.example.com/" +# --- End of example file --- +.fi + +This option can be used multiple times to load multiple config files. diff --git a/extern/curl/docs/cmdline-opts/connect-timeout.d b/extern/curl/docs/cmdline-opts/connect-timeout.d new file mode 100644 index 0000000000..3a32d86853 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/connect-timeout.d @@ -0,0 +1,11 @@ +Long: connect-timeout +Arg: +Help: Maximum time allowed for connection +See-also: max-time +--- +Maximum time in seconds that you allow curl's connection to take. This only +limits the connection phase, so if curl connects within the given period it +will continue - if not it will exit. Since version 7.32.0, this option +accepts decimal values. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/connect-to.d b/extern/curl/docs/cmdline-opts/connect-to.d new file mode 100644 index 0000000000..458bfe855f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/connect-to.d @@ -0,0 +1,21 @@ +Long: connect-to +Arg: +Help: Connect to host +Added: 7.49.0 +See-also: resolve header +--- + +For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. +This option is suitable to direct requests at a specific server, e.g. at a +specific cluster node in a cluster of servers. This option is only used to +establish the network connection. It does NOT affect the hostname/port that is +used for TLS/SSL (e.g. SNI, certificate verification) or for the application +protocols. "HOST1" and "PORT1" may be the empty string, meaning "any +host/port". "HOST2" and "PORT2" may also be the empty string, meaning "use the +request's original host/port". + +A "host" specified to this option is compared as a string, so it needs to +match the name used in request URL. It can be either numerical such as +"127.0.0.1" or the full host name such as "example.org". + +This option can be used many times to add many connect rules. diff --git a/extern/curl/docs/cmdline-opts/continue-at.d b/extern/curl/docs/cmdline-opts/continue-at.d new file mode 100644 index 0000000000..733f4941ea --- /dev/null +++ b/extern/curl/docs/cmdline-opts/continue-at.d @@ -0,0 +1,15 @@ +Short: C +Long: continue-at +Arg: +Help: Resumed transfer offset +See-also: range +--- +Continue/Resume a previous file transfer at the given offset. The given offset +is the exact number of bytes that will be skipped, counting from the beginning +of the source file before it is transferred to the destination. If used with +uploads, the FTP server command SIZE will not be used by curl. + +Use "-C -" to tell curl to automatically find out where/how to resume the +transfer. It then uses the given output/input files to figure that out. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/cookie-jar.d b/extern/curl/docs/cmdline-opts/cookie-jar.d new file mode 100644 index 0000000000..da79777eb6 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/cookie-jar.d @@ -0,0 +1,24 @@ +Short: c +Long: cookie-jar +Arg: +Protocols: HTTP +Help: Write cookies to after operation +--- +Specify to which file you want curl to write all cookies after a completed +operation. Curl writes all cookies from its in-memory cookie storage to the +given file at the end of operations. If no cookies are known, no data will be +written. The file will be written using the Netscape cookie file format. If +you set the file name to a single dash, "-", the cookies will be written to +stdout. + +This command line option will activate the cookie engine that makes curl +record and use cookies. Another way to activate it is to use the --cookie +option. + +If the cookie jar can't be created or written to, the whole curl operation +won't fail or even report an error clearly. Using --verbose will get a warning +displayed, but that is the only visible feedback you get about this possibly +lethal situation. + +If this option is used several times, the last specified file name will be +used. diff --git a/extern/curl/docs/cmdline-opts/cookie.d b/extern/curl/docs/cmdline-opts/cookie.d new file mode 100644 index 0000000000..1e9906977e --- /dev/null +++ b/extern/curl/docs/cmdline-opts/cookie.d @@ -0,0 +1,37 @@ +Short: b +Long: cookie +Arg: +Protocols: HTTP +Help: Send cookies from string/file +--- +Pass the data to the HTTP server in the Cookie header. It is supposedly +the data previously received from the server in a "Set-Cookie:" line. The +data should be in the format "NAME1=VALUE1; NAME2=VALUE2". + +If no '=' symbol is used in the argument, it is instead treated as a filename +to read previously stored cookie from. This option also activates the cookie +engine which will make curl record incoming cookies, which may be handy if +you're using this in combination with the --location option or do multiple URL +transfers on the same invoke. If the file name is exactly a minus ("-"), curl +will instead the contents from stdin. + +The file format of the file to read cookies from should be plain HTTP headers +(Set-Cookie style) or the Netscape/Mozilla cookie file format. + +The file specified with --cookie is only used as input. No cookies will be +written to the file. To store cookies, use the --cookie-jar option. + +Exercise caution if you are using this option and multiple transfers may +occur. If you use the NAME1=VALUE1; format, or in a file use the Set-Cookie +format and don't specify a domain, then the cookie is sent for any domain +(even after redirects are followed) and cannot be modified by a server-set +cookie. If the cookie engine is enabled and a server sets a cookie of the same +name then both will be sent on a future transfer to that server, likely not +what you intended. To address these issues set a domain in Set-Cookie (doing +that will include sub domains) or use the Netscape format. + +If this option is used several times, the last one will be used. + +Users very often want to both read cookies from a file and write updated +cookies back to a file, so using both --cookie and --cookie-jar in the same +command line is common. diff --git a/extern/curl/docs/cmdline-opts/create-dirs.d b/extern/curl/docs/cmdline-opts/create-dirs.d new file mode 100644 index 0000000000..b09d96ca7f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/create-dirs.d @@ -0,0 +1,11 @@ +Long: create-dirs +Help: Create necessary local directory hierarchy +--- +When used in conjunction with the --output option, curl will create the +necessary local directory hierarchy as needed. This option creates the dirs +mentioned with the --output option, nothing else. If the --output file name +uses no dir or if the dirs it mentions already exist, no dir will be created. + +Created dirs are made with mode 0750 on unix style file systems. + +To create remote directories when using FTP or SFTP, try --ftp-create-dirs. diff --git a/extern/curl/docs/cmdline-opts/crlf.d b/extern/curl/docs/cmdline-opts/crlf.d new file mode 100644 index 0000000000..f6694b654d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/crlf.d @@ -0,0 +1,7 @@ +Long: crlf +Help: Convert LF to CRLF in upload +Protocols: FTP SMTP +--- +Convert LF to CRLF in upload. Useful for MVS (OS/390). + +(SMTP added in 7.40.0) diff --git a/extern/curl/docs/cmdline-opts/crlfile.d b/extern/curl/docs/cmdline-opts/crlfile.d new file mode 100644 index 0000000000..0fcc63c85d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/crlfile.d @@ -0,0 +1,10 @@ +Long: crlfile +Arg: +Protocols: TLS +Help: Get a CRL list in PEM format from the given file +Added: 7.19.7 +--- +Provide a file using PEM format with a Certificate Revocation List that may +specify peer certificates that are to be considered revoked. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/data-ascii.d b/extern/curl/docs/cmdline-opts/data-ascii.d new file mode 100644 index 0000000000..bda4abc3d1 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/data-ascii.d @@ -0,0 +1,6 @@ +Long: data-ascii +Arg: +Help: HTTP POST ASCII data +Protocols: HTTP +--- +This is just an alias for --data. diff --git a/extern/curl/docs/cmdline-opts/data-binary.d b/extern/curl/docs/cmdline-opts/data-binary.d new file mode 100644 index 0000000000..3f6ff2dbd0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/data-binary.d @@ -0,0 +1,18 @@ +Long: data-binary +Arg: +Help: HTTP POST binary data +Protocols: HTTP +--- +This posts data exactly as specified with no extra processing whatsoever. + +If you start the data with the letter @, the rest should be a filename. Data +is posted in a similar manner as --data does, except that newlines and +carriage returns are preserved and conversions are never done. + +Like --data the default content-type sent to the server is +application/x-www-form-urlencoded. If you want the data to be treated as +arbitrary binary data by the server then set the content-type to octet-stream: +-H "Content-Type: application/octet-stream". + +If this option is used several times, the ones following the first will append +data as described in --data. diff --git a/extern/curl/docs/cmdline-opts/data-raw.d b/extern/curl/docs/cmdline-opts/data-raw.d new file mode 100644 index 0000000000..7669b4abfa --- /dev/null +++ b/extern/curl/docs/cmdline-opts/data-raw.d @@ -0,0 +1,9 @@ +Long: data-raw +Arg: +Protocols: HTTP +Help: HTTP POST data, '@' allowed +Added: 7.43.0 +See-also: data +--- +This posts data similarly to --data but without the special +interpretation of the @ character. diff --git a/extern/curl/docs/cmdline-opts/data-urlencode.d b/extern/curl/docs/cmdline-opts/data-urlencode.d new file mode 100644 index 0000000000..9873f3356e --- /dev/null +++ b/extern/curl/docs/cmdline-opts/data-urlencode.d @@ -0,0 +1,33 @@ +Long: data-urlencode +Arg: +Help: HTTP POST data url encoded +Protocols: HTTP +See-also: data data-raw +Added: 7.18.0 +--- +This posts data, similar to the other --data options with the exception +that this performs URL-encoding. + +To be CGI-compliant, the part should begin with a \fIname\fP followed +by a separator and a content specification. The part can be passed to +curl using one of the following syntaxes: +.RS +.IP "content" +This will make curl URL-encode the content and pass that on. Just be careful +so that the content doesn't contain any = or @ symbols, as that will then make +the syntax match one of the other cases below! +.IP "=content" +This will make curl URL-encode the content and pass that on. The preceding = +symbol is not included in the data. +.IP "name=content" +This will make curl URL-encode the content part and pass that on. Note that +the name part is expected to be URL-encoded already. +.IP "@filename" +This will make curl load data from the given file (including any newlines), +URL-encode that data and pass it on in the POST. +.IP "name@filename" +This will make curl load data from the given file (including any newlines), +URL-encode that data and pass it on in the POST. The name part gets an equal +sign appended, resulting in \fIname=urlencoded-file-content\fP. Note that the +name is expected to be URL-encoded already. +.RE diff --git a/extern/curl/docs/cmdline-opts/data.d b/extern/curl/docs/cmdline-opts/data.d new file mode 100644 index 0000000000..8b5200d34a --- /dev/null +++ b/extern/curl/docs/cmdline-opts/data.d @@ -0,0 +1,29 @@ +Long: data +Short: d +Arg: +Help: HTTP POST data +Protocols: HTTP +See-also: data-binary data-urlencode data-raw +Mutexed: form head upload-file +--- +Sends the specified data in a POST request to the HTTP server, in the same way +that a browser does when a user has filled in an HTML form and presses the +submit button. This will cause curl to pass the data to the server using the +content-type application/x-www-form-urlencoded. Compare to --form. + +--data-raw is almost the same but does not have a special interpretation of +the @ character. To post data purely binary, you should instead use the +--data-binary option. To URL-encode the value of a form field you may use +--data-urlencode. + +If any of these options is used more than once on the same command line, the +data pieces specified will be merged together with a separating +&-symbol. Thus, using '-d name=daniel -d skill=lousy' would generate a post +chunk that looks like \&'name=daniel&skill=lousy'. + +If you start the data with the letter @, the rest should be a file name to +read the data from, or - if you want curl to read the data from stdin. Posting +data from a file named \&'foobar' would thus be done with --data @foobar. When +--data is told to read from a file like that, carriage returns and newlines +will be stripped out. If you don't want the @ character to have a special +interpretation use --data-raw instead. diff --git a/extern/curl/docs/cmdline-opts/delegation.d b/extern/curl/docs/cmdline-opts/delegation.d new file mode 100644 index 0000000000..138d82333e --- /dev/null +++ b/extern/curl/docs/cmdline-opts/delegation.d @@ -0,0 +1,16 @@ +Long: delegation +Arg: +Help: GSS-API delegation permission +Protocols: GSS/kerberos +--- +Set LEVEL to tell the server what it is allowed to delegate when it +comes to user credentials. +.RS +.IP "none" +Don't allow any delegation. +.IP "policy" +Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos +service ticket, which is a matter of realm policy. +.IP "always" +Unconditionally allow the server to delegate. +.RE diff --git a/extern/curl/docs/cmdline-opts/digest.d b/extern/curl/docs/cmdline-opts/digest.d new file mode 100644 index 0000000000..5cdd9258a0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/digest.d @@ -0,0 +1,11 @@ +Long: digest +Help: Use HTTP Digest Authentication +Protocols: HTTP +Mutexed: basic ntlm negotiate +See-also: user proxy-digest anyauth +--- +Enables HTTP Digest authentication. This is an authentication scheme that +prevents the password from being sent over the wire in clear text. Use this in +combination with the normal --user option to set user name and password. + +If this option is used several times, only the first one is used. diff --git a/extern/curl/docs/cmdline-opts/disable-eprt.d b/extern/curl/docs/cmdline-opts/disable-eprt.d new file mode 100644 index 0000000000..a1e53c0bd1 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/disable-eprt.d @@ -0,0 +1,19 @@ +Long: disable-eprt +Help: Inhibit using EPRT or LPRT +Protocols: FTP +--- +Tell curl to disable the use of the EPRT and LPRT commands when doing active +FTP transfers. Curl will normally always first attempt to use EPRT, then LPRT +before using PORT, but with this option, it will use PORT right away. EPRT and +LPRT are extensions to the original FTP protocol, and may not work on all +servers, but they enable more functionality in a better way than the +traditional PORT command. + +--eprt can be used to explicitly enable EPRT again and --no-eprt is an alias +for --disable-eprt. + +If the server is accessed using IPv6, this option will have no effect as EPRT +is necessary then. + +Disabling EPRT only changes the active behavior. If you want to switch to +passive mode you need to not use --ftp-port or force it with --ftp-pasv. diff --git a/extern/curl/docs/cmdline-opts/disable-epsv.d b/extern/curl/docs/cmdline-opts/disable-epsv.d new file mode 100644 index 0000000000..6d2cb70898 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/disable-epsv.d @@ -0,0 +1,16 @@ +Long: disable-epsv +Help: Inhibit using EPSV +Protocols: FTP +--- +(FTP) Tell curl to disable the use of the EPSV command when doing passive FTP +transfers. Curl will normally always first attempt to use EPSV before PASV, +but with this option, it will not try using EPSV. + +--epsv can be used to explicitly enable EPSV again and --no-epsv is an alias +for --disable-epsv. + +If the server is an IPv6 host, this option will have no effect as EPSV is +necessary then. + +Disabling EPSV only changes the passive behavior. If you want to switch to +active mode you need to use --ftp-port. diff --git a/extern/curl/docs/cmdline-opts/disable.d b/extern/curl/docs/cmdline-opts/disable.d new file mode 100644 index 0000000000..20b27b4c52 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/disable.d @@ -0,0 +1,7 @@ +Long: disable +Short: q +Help: Disable .curlrc +--- +If used as the first parameter on the command line, the \fIcurlrc\fP config +file will not be read and used. See the --config for details on the default +config file search path. diff --git a/extern/curl/docs/cmdline-opts/disallow-username-in-url.d b/extern/curl/docs/cmdline-opts/disallow-username-in-url.d new file mode 100644 index 0000000000..a7f46ea15c --- /dev/null +++ b/extern/curl/docs/cmdline-opts/disallow-username-in-url.d @@ -0,0 +1,7 @@ +Long: disallow-username-in-url +Help: Disallow username in url +Protocols: HTTP +Added: 7.61.0 +See-also: proto +--- +This tells curl to exit if passed a url containing a username. diff --git a/extern/curl/docs/cmdline-opts/dns-interface.d b/extern/curl/docs/cmdline-opts/dns-interface.d new file mode 100644 index 0000000000..45e5af263e --- /dev/null +++ b/extern/curl/docs/cmdline-opts/dns-interface.d @@ -0,0 +1,11 @@ +Long: dns-interface +Arg: +Help: Interface to use for DNS requests +Protocols: DNS +See-also: dns-ipv4-addr dns-ipv6-addr +Added: 7.33.0 +Requires: c-ares +--- +Tell curl to send outgoing DNS requests through . This option is a +counterpart to --interface (which does not affect DNS). The supplied string +must be an interface name (not an address). diff --git a/extern/curl/docs/cmdline-opts/dns-ipv4-addr.d b/extern/curl/docs/cmdline-opts/dns-ipv4-addr.d new file mode 100644 index 0000000000..597b858845 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/dns-ipv4-addr.d @@ -0,0 +1,11 @@ +Long: dns-ipv4-addr +Arg:
+Help: IPv4 address to use for DNS requests +Protocols: DNS +See-also: dns-interface dns-ipv6-addr +Added: 7.33.0 +Requires: c-ares +--- +Tell curl to bind to when making IPv4 DNS requests, so that +the DNS requests originate from this address. The argument should be a +single IPv4 address. diff --git a/extern/curl/docs/cmdline-opts/dns-ipv6-addr.d b/extern/curl/docs/cmdline-opts/dns-ipv6-addr.d new file mode 100644 index 0000000000..581f019537 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/dns-ipv6-addr.d @@ -0,0 +1,11 @@ +Long: dns-ipv6-addr +Arg:
+Help: IPv6 address to use for DNS requests +Protocols: DNS +See-also: dns-interface dns-ipv4-addr +Added: 7.33.0 +Requires: c-ares +--- +Tell curl to bind to when making IPv6 DNS requests, so that +the DNS requests originate from this address. The argument should be a +single IPv6 address. diff --git a/extern/curl/docs/cmdline-opts/dns-servers.d b/extern/curl/docs/cmdline-opts/dns-servers.d new file mode 100644 index 0000000000..a98fd07d89 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/dns-servers.d @@ -0,0 +1,10 @@ +Long: dns-servers +Arg: +Help: DNS server addrs to use +Requires: c-ares +Added: 7.33.0 +--- +Set the list of DNS servers to be used instead of the system default. +The list of IP addresses should be separated with commas. Port numbers +may also optionally be given as \fI:\fP after each IP +address. diff --git a/extern/curl/docs/cmdline-opts/doh-url.d b/extern/curl/docs/cmdline-opts/doh-url.d new file mode 100644 index 0000000000..c871c4d221 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/doh-url.d @@ -0,0 +1,10 @@ +Long: doh-url +Arg: +Help: Resolve host names over DOH +Protocols: all +Added: 7.62.0 +--- +Specifies which DNS-over-HTTPS (DOH) server to use to resolve hostnames, +instead of using the default name resolver mechanism. The URL must be HTTPS. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/dump-header.d b/extern/curl/docs/cmdline-opts/dump-header.d new file mode 100644 index 0000000000..33c6674e80 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/dump-header.d @@ -0,0 +1,20 @@ +Long: dump-header +Short: D +Arg: +Help: Write the received headers to +Protocols: HTTP FTP +See-also: output +--- +Write the received protocol headers to the specified file. + +This option is handy to use when you want to store the headers that an HTTP +site sends to you. Cookies from the headers could then be read in a second +curl invocation by using the --cookie option! The --cookie-jar option is a +better way to store cookies. + +If no headers are received, the use of this option will create an empty file. + +When used in FTP, the FTP server response lines are considered being "headers" +and thus are saved there. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/egd-file.d b/extern/curl/docs/cmdline-opts/egd-file.d new file mode 100644 index 0000000000..c22790f6ae --- /dev/null +++ b/extern/curl/docs/cmdline-opts/egd-file.d @@ -0,0 +1,8 @@ +Long: egd-file +Arg: +Help: EGD socket path for random data +Protocols: TLS +See-also: random-file +--- +Specify the path name to the Entropy Gathering Daemon socket. The socket is +used to seed the random engine for SSL connections. diff --git a/extern/curl/docs/cmdline-opts/engine.d b/extern/curl/docs/cmdline-opts/engine.d new file mode 100644 index 0000000000..cde1a47735 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/engine.d @@ -0,0 +1,8 @@ +Long: engine +Arg: +Help: Crypto engine to use +Protocols: TLS +--- +Select the OpenSSL crypto engine to use for cipher operations. Use --engine +list to print a list of build-time supported engines. Note that not all (or +none) of the engines may be available at run-time. diff --git a/extern/curl/docs/cmdline-opts/etag-compare.d b/extern/curl/docs/cmdline-opts/etag-compare.d new file mode 100644 index 0000000000..1a698a8ffe --- /dev/null +++ b/extern/curl/docs/cmdline-opts/etag-compare.d @@ -0,0 +1,18 @@ +Long: etag-compare +Arg: +Help: Pass an ETag from a file as a custom header +Protocols: HTTP +Added: 7.68.0 +--- +This option makes a conditional HTTP request for the specific +ETag read from the given file by sending a custom If-None-Match +header using the extracted ETag. + +For correct results, make sure that specified file contains only a single +line with a desired ETag. An empty file is parsed as an empty ETag. + +Use the option --etag-save to first save the ETag from a response, and +then use this option to compare using the saved ETag in a subsequent request. + +\fCOMPARISON\fP: There are 2 types of comparison or ETags, Weak and Strong. +This option expects, and uses a strong comparison. diff --git a/extern/curl/docs/cmdline-opts/etag-save.d b/extern/curl/docs/cmdline-opts/etag-save.d new file mode 100644 index 0000000000..214723ff51 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/etag-save.d @@ -0,0 +1,16 @@ +Long: etag-save +Arg: +Help: Parse ETag from a request and save it to a file +Protocols: HTTP +Added: 7.68.0 +--- +This option saves an HTTP ETag to the specified file. Etag is +usually part of headers returned by a request. When server sends an +ETag, it must be enveloped by a double quote. This option extracts the +ETag without the double quotes and saves it into the . + +A server can send a week ETag which is prefixed by "W/". This identifier +is not considered, and only relevant ETag between quotation marks is parsed. + +It an ETag wasn't send by the server or it cannot be parsed, and empty +file is created. diff --git a/extern/curl/docs/cmdline-opts/expect100-timeout.d b/extern/curl/docs/cmdline-opts/expect100-timeout.d new file mode 100644 index 0000000000..c88f0b84fd --- /dev/null +++ b/extern/curl/docs/cmdline-opts/expect100-timeout.d @@ -0,0 +1,11 @@ +Long: expect100-timeout +Arg: +Help: How long to wait for 100-continue +Protocols: HTTP +Added: 7.47.0 +See-also: connect-timeout +--- +Maximum time in seconds that you allow curl to wait for a 100-continue +response when curl emits an Expects: 100-continue header in its request. By +default curl will wait one second. This option accepts decimal values! When +curl stops waiting, it will continue as if the response has been received. diff --git a/extern/curl/docs/cmdline-opts/fail-early.d b/extern/curl/docs/cmdline-opts/fail-early.d new file mode 100644 index 0000000000..375d4c9195 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/fail-early.d @@ -0,0 +1,21 @@ +Long: fail-early +Help: Fail on first transfer error, do not continue +Added: 7.52.0 +--- +Fail and exit on the first detected transfer error. + +When curl is used to do multiple transfers on the command line, it will +attempt to operate on each given URL, one by one. By default, it will ignore +errors if there are more URLs given and the last URL's success will determine +the error code curl returns. So early failures will be "hidden" by subsequent +successful transfers. + +Using this option, curl will instead return an error on the first transfer +that fails, independent of the amount of URLs that are given on the command +line. This way, no transfer failures go undetected by scripts and similar. + +This option is global and does not need to be specified for each use of --next. + +This option does not imply --fail, which causes transfers to fail due to the +server's HTTP status code. You can combine the two options, however note --fail +is not global and is therefore contained by --next. diff --git a/extern/curl/docs/cmdline-opts/fail.d b/extern/curl/docs/cmdline-opts/fail.d new file mode 100644 index 0000000000..c46c571bfe --- /dev/null +++ b/extern/curl/docs/cmdline-opts/fail.d @@ -0,0 +1,14 @@ +Long: fail +Short: f +Protocols: HTTP +Help: Fail silently (no output at all) on HTTP errors +--- +Fail silently (no output at all) on server errors. This is mostly done to +better enable scripts etc to better deal with failed attempts. In normal cases +when an HTTP server fails to deliver a document, it returns an HTML document +stating so (which often also describes why and more). This flag will prevent +curl from outputting that and return error 22. + +This method is not fail-safe and there are occasions where non-successful +response codes will slip through, especially when authentication is involved +(response codes 401 and 407). diff --git a/extern/curl/docs/cmdline-opts/false-start.d b/extern/curl/docs/cmdline-opts/false-start.d new file mode 100644 index 0000000000..65a8afb8f3 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/false-start.d @@ -0,0 +1,12 @@ +Long: false-start +Help: Enable TLS False Start +Protocols: TLS +Added: 7.42.0 +--- +Tells curl to use false start during the TLS handshake. False start is a mode +where a TLS client will start sending application data before verifying the +server's Finished message, thus saving a round trip when performing a full +handshake. + +This is currently only implemented in the NSS and Secure Transport (on iOS 7.0 +or later, or OS X 10.9 or later) backends. diff --git a/extern/curl/docs/cmdline-opts/form-string.d b/extern/curl/docs/cmdline-opts/form-string.d new file mode 100644 index 0000000000..49d0d44ef8 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/form-string.d @@ -0,0 +1,11 @@ +Long: form-string +Help: Specify multipart MIME data +Protocols: HTTP SMTP IMAP +Arg: +See-also: form +--- +Similar to --form except that the value string for the named parameter is used +literally. Leading \&'@' and \&'<' characters, and the \&';type=' string in +the value have no special meaning. Use this in preference to --form if +there's any possibility that the string value may accidentally trigger the +\&'@' or \&'<' features of --form. diff --git a/extern/curl/docs/cmdline-opts/form.d b/extern/curl/docs/cmdline-opts/form.d new file mode 100644 index 0000000000..7f1aa31c3b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/form.d @@ -0,0 +1,138 @@ +Long: form +Short: F +Arg: +Help: Specify multipart MIME data +Protocols: HTTP SMTP IMAP +Mutexed: data head upload-file +--- +For HTTP protocol family, this lets curl emulate a filled-in form in which a +user has pressed the submit button. This causes curl to POST data using the +Content-Type multipart/form-data according to RFC 2388. + +For SMTP and IMAP protocols, this is the mean to compose a multipart mail +message to transmit. + +This enables uploading of binary files etc. To force the 'content' part to be +a file, prefix the file name with an @ sign. To just get the content part from +a file, prefix the file name with the symbol <. The difference between @ and < +is then that @ makes a file get attached in the post as a file upload, while +the < makes a text field and just get the contents for that text field from a +file. + +Tell curl to read content from stdin instead of a file by using - as +filename. This goes for both @ and < constructs. When stdin is used, the +contents is buffered in memory first by curl to determine its size and allow a +possible resend. Defining a part's data from a named non-regular file (such +as a named pipe or similar) is unfortunately not subject to buffering and will +be effectively read at transmission time; since the full size is unknown +before the transfer starts, such data is sent as chunks by HTTP and rejected +by IMAP. + +Example: send an image to an HTTP server, where \&'profile' is the name of the +form-field to which the file portrait.jpg will be the input: + + curl -F profile=@portrait.jpg https://example.com/upload.cgi + +Example: send your name and shoe size in two text fields to the server: + + curl -F name=John -F shoesize=11 https://example.com/ + +Example: send your essay in a text field to the server. Send it as a plain +text field, but get the contents for it from a local file: + + curl -F "story=HTML message;type=text/html' \\ +.br + -F '=)' -F '=@textfile.txt' ... smtp://example.com + +Data can be encoded for transfer using encoder=. Available encodings are +\fIbinary\fP and \fI8bit\fP that do nothing else than adding the corresponding +Content-Transfer-Encoding header, \fI7bit\fP that only rejects 8-bit characters +with a transfer error, \fIquoted-printable\fP and \fIbase64\fP that encodes +data according to the corresponding schemes, limiting lines length to +76 characters. + +Example: send multipart mail with a quoted-printable text message and a +base64 attached file: + + curl -F '=text message;encoder=quoted-printable' \\ +.br + -F '=@localfile;encoder=base64' ... smtp://example.com + +See further examples and details in the MANUAL. + +This option can be used multiple times. diff --git a/extern/curl/docs/cmdline-opts/ftp-account.d b/extern/curl/docs/cmdline-opts/ftp-account.d new file mode 100644 index 0000000000..013c4f37b2 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-account.d @@ -0,0 +1,10 @@ +Long: ftp-account +Arg: +Help: Account data string +Protocols: FTP +Added: 7.13.0 +--- +When an FTP server asks for "account data" after user name and password has +been provided, this data is sent off using the ACCT command. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/ftp-alternative-to-user.d b/extern/curl/docs/cmdline-opts/ftp-alternative-to-user.d new file mode 100644 index 0000000000..8982ba8b85 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-alternative-to-user.d @@ -0,0 +1,10 @@ +Long: ftp-alternative-to-user +Arg: +Help: String to replace USER [name] +Protocols: FTP +Added: 7.15.5 +--- +If authenticating with the USER and PASS commands fails, send this command. +When connecting to Tumbleweed's Secure Transport server over FTPS using a +client certificate, using "SITE AUTH" will tell the server to retrieve the +username from the certificate. diff --git a/extern/curl/docs/cmdline-opts/ftp-create-dirs.d b/extern/curl/docs/cmdline-opts/ftp-create-dirs.d new file mode 100644 index 0000000000..ede57100d1 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-create-dirs.d @@ -0,0 +1,8 @@ +Long: ftp-create-dirs +Protocols: FTP SFTP +Help: Create the remote dirs if not present +See-also: create-dirs +--- +When an FTP or SFTP URL/operation uses a path that doesn't currently exist on +the server, the standard behavior of curl is to fail. Using this option, curl +will instead attempt to create missing directories. diff --git a/extern/curl/docs/cmdline-opts/ftp-method.d b/extern/curl/docs/cmdline-opts/ftp-method.d new file mode 100644 index 0000000000..95aa522e82 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-method.d @@ -0,0 +1,21 @@ +Long: ftp-method +Arg: +Help: Control CWD usage +Protocols: FTP +Added: 7.15.1 +--- +Control what method curl should use to reach a file on an FTP(S) +server. The method argument should be one of the following alternatives: +.RS +.IP multicwd +curl does a single CWD operation for each path part in the given URL. For deep +hierarchies this means very many commands. This is how RFC 1738 says it should +be done. This is the default but the slowest behavior. +.IP nocwd +curl does no CWD at all. curl will do SIZE, RETR, STOR etc and give a full +path to the server for all these commands. This is the fastest behavior. +.IP singlecwd +curl does one CWD with the full target directory and then operates on the file +\&"normally" (like in the multicwd case). This is somewhat more standards +compliant than 'nocwd' but without the full penalty of 'multicwd'. +.RE diff --git a/extern/curl/docs/cmdline-opts/ftp-pasv.d b/extern/curl/docs/cmdline-opts/ftp-pasv.d new file mode 100644 index 0000000000..44103e21a3 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-pasv.d @@ -0,0 +1,16 @@ +Long: ftp-pasv +Help: Use PASV/EPSV instead of PORT +Protocols: FTP +Added: 7.11.0 +See-also: disable-epsv +--- +Use passive mode for the data connection. Passive is the internal default +behavior, but using this option can be used to override a previous --ftp-port +option. + +If this option is used several times, only the first one is used. Undoing an +enforced passive really isn't doable but you must then instead enforce the +correct --ftp-port again. + +Passive mode means that curl will try the EPSV command first and then PASV, +unless --disable-epsv is used. diff --git a/extern/curl/docs/cmdline-opts/ftp-port.d b/extern/curl/docs/cmdline-opts/ftp-port.d new file mode 100644 index 0000000000..e4b1456082 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-port.d @@ -0,0 +1,32 @@ +Long: ftp-port +Arg:
+Help: Use PORT instead of PASV +Short: P +Protocols: FTP +See-also: ftp-pasv disable-eprt +--- +Reverses the default initiator/listener roles when connecting with FTP. This +option makes curl use active mode. curl then tells the server to connect back +to the client's specified address and port, while passive mode asks the server +to setup an IP address and port for it to connect to.
should be one +of: +.RS +.IP interface +e.g. "eth0" to specify which interface's IP address you want to use (Unix only) +.IP "IP address" +e.g. "192.168.10.1" to specify the exact IP address +.IP "host name" +e.g. "my.host.domain" to specify the machine +.IP "-" +make curl pick the same IP address that is already used for the control +connection +.RE + +If this option is used several times, the last one will be used. Disable the +use of PORT with --ftp-pasv. Disable the attempt to use the EPRT command +instead of PORT by using --disable-eprt. EPRT is really PORT++. + +Since 7.19.5, you can append \&":[start]-[end]\&" to the right of the address, +to tell curl what TCP port range to use. That means you specify a port range, +from a lower to a higher number. A single number works as well, but do note +that it increases the risk of failure since the port may not be available. diff --git a/extern/curl/docs/cmdline-opts/ftp-pret.d b/extern/curl/docs/cmdline-opts/ftp-pret.d new file mode 100644 index 0000000000..dac4c35319 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-pret.d @@ -0,0 +1,8 @@ +Long: ftp-pret +Help: Send PRET before PASV +Protocols: FTP +Added: 7.20.0 +--- +Tell curl to send a PRET command before PASV (and EPSV). Certain FTP servers, +mainly drftpd, require this non-standard command for directory listings as +well as up and downloads in PASV mode. diff --git a/extern/curl/docs/cmdline-opts/ftp-skip-pasv-ip.d b/extern/curl/docs/cmdline-opts/ftp-skip-pasv-ip.d new file mode 100644 index 0000000000..da6ab11fc7 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-skip-pasv-ip.d @@ -0,0 +1,12 @@ +Long: ftp-skip-pasv-ip +Help: Skip the IP address for PASV +Protocols: FTP +Added: 7.14.2 +See-also: ftp-pasv +--- +Tell curl to not use the IP address the server suggests in its response +to curl's PASV command when curl connects the data connection. Instead curl +will re-use the same IP address it already uses for the control +connection. + +This option has no effect if PORT, EPRT or EPSV is used instead of PASV. diff --git a/extern/curl/docs/cmdline-opts/ftp-ssl-ccc-mode.d b/extern/curl/docs/cmdline-opts/ftp-ssl-ccc-mode.d new file mode 100644 index 0000000000..be10294985 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-ssl-ccc-mode.d @@ -0,0 +1,11 @@ +Long: ftp-ssl-ccc-mode +Arg: +Help: Set CCC mode +Protocols: FTP +Added: 7.16.2 +See-also: ftp-ssl-ccc +--- +Sets the CCC mode. The passive mode will not initiate the shutdown, but +instead wait for the server to do it, and will not reply to the shutdown from +the server. The active mode initiates the shutdown and waits for a reply from +the server. diff --git a/extern/curl/docs/cmdline-opts/ftp-ssl-ccc.d b/extern/curl/docs/cmdline-opts/ftp-ssl-ccc.d new file mode 100644 index 0000000000..c6edc5b395 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-ssl-ccc.d @@ -0,0 +1,10 @@ +Long: ftp-ssl-ccc +Help: Send CCC after authenticating +Protocols: FTP +See-also: ssl ftp-ssl-ccc-mode +Added: 7.16.1 +--- +Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after +authenticating. The rest of the control channel communication will be +unencrypted. This allows NAT routers to follow the FTP transaction. The +default mode is passive. diff --git a/extern/curl/docs/cmdline-opts/ftp-ssl-control.d b/extern/curl/docs/cmdline-opts/ftp-ssl-control.d new file mode 100644 index 0000000000..87a822531d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ftp-ssl-control.d @@ -0,0 +1,8 @@ +Long: ftp-ssl-control +Help: Require SSL/TLS for FTP login, clear for transfer +Protocols: FTP +Added: 7.16.0 +--- +Require SSL/TLS for the FTP login, clear for transfer. Allows secure +authentication, but non-encrypted data transfers for efficiency. Fails the +transfer if the server doesn't support SSL/TLS. diff --git a/extern/curl/docs/cmdline-opts/gen.pl b/extern/curl/docs/cmdline-opts/gen.pl new file mode 100755 index 0000000000..a921298a64 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/gen.pl @@ -0,0 +1,390 @@ +#!/usr/bin/env perl + +=begin comment + +This script generates the manpage. + +Example: gen.pl mainpage > curl.1 + +Dev notes: + +We open *input* files in :crlf translation (a no-op on many platforms) in +case we have CRLF line endings in Windows but a perl that defaults to LF. +Unfortunately it seems some perls like msysgit can't handle a global input-only +:crlf so it has to be specified on each file open for text input. + +=end comment +=cut + +my $some_dir=$ARGV[1] || "."; + +opendir(my $dh, $some_dir) || die "Can't opendir $some_dir: $!"; +my @s = grep { /\.d$/ && -f "$some_dir/$_" } readdir($dh); +closedir $dh; + +my %optshort; +my %optlong; +my %helplong; +my %arglong; +my %redirlong; +my %protolong; + +# get the long name version, return the man page string +sub manpageify { + my ($k)=@_; + my $l; + if($optlong{$k} ne "") { + # both short + long + $l = "\\fI-".$optlong{$k}.", --$k\\fP"; + } + else { + # only long + $l = "\\fI--$k\\fP"; + } + return $l; +} + +sub printdesc { + my @desc = @_; + for my $d (@desc) { + # skip lines starting with space (examples) + if($d =~ /^[^ ]/) { + for my $k (keys %optlong) { + my $l = manpageify($k); + $d =~ s/--$k([^a-z0-9_-])/$l$1/; + } + } + print $d; + } +} + +sub seealso { + my($standalone, $data)=@_; + if($standalone) { + return sprintf + ".SH \"SEE ALSO\"\n$data\n"; + } + else { + return "See also $data. "; + } +} + +sub overrides { + my ($standalone, $data)=@_; + if($standalone) { + return ".SH \"OVERRIDES\"\n$data\n"; + } + else { + return $data; + } +} + +sub protocols { + my ($standalone, $data)=@_; + if($standalone) { + return ".SH \"PROTOCOLS\"\n$data\n"; + } + else { + return "($data) "; + } +} + +sub added { + my ($standalone, $data)=@_; + if($standalone) { + return ".SH \"ADDED\"\nAdded in curl version $data\n"; + } + else { + return "Added in $data. "; + } +} + +sub single { + my ($f, $standalone)=@_; + open(F, "<:crlf", "$some_dir/$f") || + return 1; + my $short; + my $long; + my $tags; + my $added; + my $protocols; + my $arg; + my $mutexed; + my $requires; + my $seealso; + my $magic; # cmdline special option + while() { + if(/^Short: *(.)/i) { + $short=$1; + } + elsif(/^Long: *(.*)/i) { + $long=$1; + } + elsif(/^Added: *(.*)/i) { + $added=$1; + } + elsif(/^Tags: *(.*)/i) { + $tags=$1; + } + elsif(/^Arg: *(.*)/i) { + $arg=$1; + } + elsif(/^Magic: *(.*)/i) { + $magic=$1; + } + elsif(/^Mutexed: *(.*)/i) { + $mutexed=$1; + } + elsif(/^Protocols: *(.*)/i) { + $protocols=$1; + } + elsif(/^See-also: *(.*)/i) { + $seealso=$1; + } + elsif(/^Requires: *(.*)/i) { + $requires=$1; + } + elsif(/^Help: *(.*)/i) { + ; + } + elsif(/^---/) { + if(!$long) { + print STDERR "WARN: no 'Long:' in $f\n"; + } + last; + } + else { + chomp; + print STDERR "WARN: unrecognized line in $f, ignoring:\n:'$_';" + } + } + my @desc; + while() { + push @desc, $_; + } + close(F); + my $opt; + if(defined($short) && $long) { + $opt = "-$short, --$long"; + } + elsif($short && !$long) { + $opt = "-$short"; + } + elsif($long && !$short) { + $opt = "--$long"; + } + + if($arg) { + $opt .= " $arg"; + } + + if($standalone) { + print ".TH curl 1 \"30 Nov 2016\" \"curl 7.52.0\" \"curl manual\"\n"; + print ".SH OPTION\n"; + print "curl $opt\n"; + } + else { + print ".IP \"$opt\"\n"; + } + if($protocols) { + print protocols($standalone, $protocols); + } + + if($standalone) { + print ".SH DESCRIPTION\n"; + } + + printdesc(@desc); + undef @desc; + + my @foot; + if($seealso) { + my @m=split(/ /, $seealso); + my $mstr; + for my $k (@m) { + if(!$helplong{$k}) { + print STDERR "WARN: $f see-alsos a non-existing option: $k\n"; + } + my $l = manpageify($k); + $mstr .= sprintf "%s$l", $mstr?" and ":""; + } + push @foot, seealso($standalone, $mstr); + } + if($requires) { + my $l = manpageify($long); + push @foot, "$l requires that the underlying libcurl". + " was built to support $requires. "; + } + if($mutexed) { + my @m=split(/ /, $mutexed); + my $mstr; + for my $k (@m) { + if(!$helplong{$k}) { + print STDERR "WARN: $f mutexes a non-existing option: $k\n"; + } + my $l = manpageify($k); + $mstr .= sprintf "%s$l", $mstr?" and ":""; + } + push @foot, overrides($standalone, "This option overrides $mstr. "); + } + if($added) { + push @foot, added($standalone, $added); + } + if($foot[0]) { + print "\n"; + my $f = join("", @foot); + $f =~ s/ +\z//; # remove trailing space + print "$f\n"; + } + return 0; +} + +sub getshortlong { + my ($f)=@_; + open(F, "<:crlf", "$some_dir/$f"); + my $short; + my $long; + my $help; + my $arg; + my $protocols; + while() { + if(/^Short: (.)/i) { + $short=$1; + } + elsif(/^Long: (.*)/i) { + $long=$1; + } + elsif(/^Help: (.*)/i) { + $help=$1; + } + elsif(/^Arg: (.*)/i) { + $arg=$1; + } + elsif(/^Protocols: (.*)/i) { + $protocols=$1; + } + elsif(/^---/) { + last; + } + } + close(F); + if($short) { + $optshort{$short}=$long; + } + if($long) { + $optlong{$long}=$short; + $helplong{$long}=$help; + $arglong{$long}=$arg; + $protolong{$long}=$protocols; + } +} + +sub indexoptions { + foreach my $f (@s) { + getshortlong($f); + } +} + +sub header { + my ($f)=@_; + open(F, "<:crlf", "$some_dir/$f"); + my @d; + while() { + push @d, $_; + } + close(F); + printdesc(@d); +} + +sub listhelp { + foreach my $f (sort keys %helplong) { + my $long = $f; + my $short = $optlong{$long}; + my $opt; + + if(defined($short) && $long) { + $opt = "-$short, --$long"; + } + elsif($long && !$short) { + $opt = " --$long"; + } + + my $arg = $arglong{$long}; + if($arg) { + $opt .= " $arg"; + } + my $desc = $helplong{$f}; + $desc =~ s/\"/\\\"/g; # escape double quotes + + my $line = sprintf " {\"%s\",\n \"%s\"},\n", $opt, $desc; + + if(length($opt) + length($desc) > 78) { + print STDERR "WARN: the --$long line is too long\n"; + } + print $line; + } +} + +sub mainpage { + # show the page header + header("page-header"); + + # output docs for all options + foreach my $f (sort @s) { + single($f, 0); + } + + header("page-footer"); +} + +sub showonly { + my ($f) = @_; + if(single($f, 1)) { + print STDERR "$f: failed\n"; + } +} + +sub showprotocols { + my %prots; + foreach my $f (keys %optlong) { + my @p = split(/ /, $protolong{$f}); + for my $p (@p) { + $prots{$p}++; + } + } + for(sort keys %prots) { + printf "$_ (%d options)\n", $prots{$_}; + } +} + +sub getargs { + my $f; + do { + $f = shift @ARGV; + if($f eq "mainpage") { + mainpage(); + return; + } + elsif($f eq "listhelp") { + listhelp(); + return; + } + elsif($f eq "single") { + showonly(shift @ARGV); + return; + } + elsif($f eq "protos") { + showprotocols(); + return; + } + } while($f); + + print "Usage: gen.pl [srcdir]\n"; +} + +#------------------------------------------------------------------------ + +# learn all existing options +indexoptions(); + +getargs(); diff --git a/extern/curl/docs/cmdline-opts/get.d b/extern/curl/docs/cmdline-opts/get.d new file mode 100644 index 0000000000..be7cb25f0c --- /dev/null +++ b/extern/curl/docs/cmdline-opts/get.d @@ -0,0 +1,15 @@ +Long: get +Short: G +Help: Put the post data in the URL and use GET +--- +When used, this option will make all data specified with --data, --data-binary +or --data-urlencode to be used in an HTTP GET request instead of the POST +request that otherwise would be used. The data will be appended to the URL +with a '?' separator. + +If used in combination with --head, the POST data will instead be appended to +the URL with a HEAD request. + +If this option is used several times, only the first one is used. This is +because undoing a GET doesn't make sense, but you should then instead enforce +the alternative method you prefer. diff --git a/extern/curl/docs/cmdline-opts/globoff.d b/extern/curl/docs/cmdline-opts/globoff.d new file mode 100644 index 0000000000..fff6516b6d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/globoff.d @@ -0,0 +1,8 @@ +Long: globoff +Short: g +Help: Disable URL sequences and ranges using {} and [] +--- +This option switches off the "URL globbing parser". When you set this option, +you can specify URLs that contain the letters {}[] without having them being +interpreted by curl itself. Note that these letters are not normal legal URL +contents but they should be encoded according to the URI standard. diff --git a/extern/curl/docs/cmdline-opts/happy-eyeballs-timeout-ms.d b/extern/curl/docs/cmdline-opts/happy-eyeballs-timeout-ms.d new file mode 100644 index 0000000000..ec9a8c228f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/happy-eyeballs-timeout-ms.d @@ -0,0 +1,17 @@ +Long: happy-eyeballs-timeout-ms +Arg: +Help: How long to wait in milliseconds for IPv6 before trying IPv4 +Added: 7.59.0 +--- +Happy eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6 +addresses for dual-stack hosts, preferring IPv6 first for the number of +milliseconds. If the IPv6 address cannot be connected to within that time then +a connection attempt is made to the IPv4 address in parallel. The first +connection to be established is the one that is used. + +The range of suggested useful values is limited. Happy Eyeballs RFC 6555 says +"It is RECOMMENDED that connection attempts be paced 150-250 ms apart to +balance human factors against network load." libcurl currently defaults to +200 ms. Firefox and Chrome currently default to 300 ms. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/haproxy-protocol.d b/extern/curl/docs/cmdline-opts/haproxy-protocol.d new file mode 100644 index 0000000000..cc41c9c447 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/haproxy-protocol.d @@ -0,0 +1,11 @@ +Long: haproxy-protocol +Help: Send HAProxy PROXY protocol v1 header +Protocols: HTTP +Added: 7.60.0 +--- +Send a HAProxy PROXY protocol v1 header at the beginning of the connection. This +is used by some load balancers and reverse proxies to indicate the client's +true IP address and port. + +This option is primarily useful when sending test requests to a service that +expects this header. diff --git a/extern/curl/docs/cmdline-opts/head.d b/extern/curl/docs/cmdline-opts/head.d new file mode 100644 index 0000000000..350a100f65 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/head.d @@ -0,0 +1,8 @@ +Long: head +Short: I +Help: Show document info only +Protocols: HTTP FTP FILE +--- +Fetch the headers only! HTTP-servers feature the command HEAD which this uses +to get nothing but the header of a document. When used on an FTP or FILE file, +curl displays the file size and last modification time only. diff --git a/extern/curl/docs/cmdline-opts/header.d b/extern/curl/docs/cmdline-opts/header.d new file mode 100644 index 0000000000..d8292ed775 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/header.d @@ -0,0 +1,41 @@ +Long: header +Short: H +Arg:
+Help: Pass custom header(s) to server +Protocols: HTTP +--- +Extra header to include in the request when sending HTTP to a server. You may +specify any number of extra headers. Note that if you should add a custom +header that has the same name as one of the internal ones curl would use, your +externally set header will be used instead of the internal one. This allows +you to make even trickier stuff than curl would normally do. You should not +replace internally set headers without knowing perfectly well what you're +doing. Remove an internal header by giving a replacement without content on +the right side of the colon, as in: -H \&"Host:". If you send the custom +header with no-value then its header must be terminated with a semicolon, such +as \-H \&"X-Custom-Header;" to send "X-Custom-Header:". + +curl will make sure that each header you add/replace is sent with the proper +end-of-line marker, you should thus \fBnot\fP add that as a part of the header +content: do not add newlines or carriage returns, they will only mess things up +for you. + +Starting in 7.55.0, this option can take an argument in @filename style, which +then adds a header for each line in the input file. Using @- will make curl +read the header file from stdin. + +See also the --user-agent and --referer options. + +Starting in 7.37.0, you need --proxy-header to send custom headers intended +for a proxy. + +Example: + + curl -H "X-First-Name: Joe" http://example.com/ + +\fBWARNING\fP: headers set with this option will be set in all requests - even +after redirects are followed, like when told with --location. This can lead to +the header being sent to other hosts than the original host, so sensitive +headers should be used with caution combined with following redirects. + +This option can be used multiple times to add/replace/remove multiple headers. diff --git a/extern/curl/docs/cmdline-opts/help.d b/extern/curl/docs/cmdline-opts/help.d new file mode 100644 index 0000000000..64aa696d47 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/help.d @@ -0,0 +1,6 @@ +Long: help +Short: h +Help: This help text +--- +Usage help. This lists all current command line options with a short +description. diff --git a/extern/curl/docs/cmdline-opts/hostpubmd5.d b/extern/curl/docs/cmdline-opts/hostpubmd5.d new file mode 100644 index 0000000000..a851158031 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/hostpubmd5.d @@ -0,0 +1,9 @@ +Long: hostpubmd5 +Arg: +Help: Acceptable MD5 hash of the host public key +Protocols: SFTP SCP +Added: 7.17.1 +--- +Pass a string containing 32 hexadecimal digits. The string should +be the 128 bit MD5 checksum of the remote host's public key, curl will refuse +the connection with the host unless the md5sums match. diff --git a/extern/curl/docs/cmdline-opts/http0.9.d b/extern/curl/docs/cmdline-opts/http0.9.d new file mode 100644 index 0000000000..7e783f696b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/http0.9.d @@ -0,0 +1,13 @@ +Long: http0.9 +Tags: Versions +Protocols: HTTP +Added: +Help: Allow HTTP 0.9 responses +--- +Tells curl to be fine with HTTP version 0.9 response. + +HTTP/0.9 is a completely headerless response and therefore you can also +connect with this to non-HTTP servers and still get a response since curl will +simply transparently downgrade - if allowed. + +Since curl 7.66.0, HTTP/0.9 is disabled by default. diff --git a/extern/curl/docs/cmdline-opts/http1.0.d b/extern/curl/docs/cmdline-opts/http1.0.d new file mode 100644 index 0000000000..d9bbd76f0f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/http1.0.d @@ -0,0 +1,10 @@ +Short: 0 +Long: http1.0 +Tags: Versions +Protocols: HTTP +Added: +Mutexed: http1.1 http2 +Help: Use HTTP 1.0 +--- +Tells curl to use HTTP version 1.0 instead of using its internally preferred +HTTP version. diff --git a/extern/curl/docs/cmdline-opts/http1.1.d b/extern/curl/docs/cmdline-opts/http1.1.d new file mode 100644 index 0000000000..f1e6b5c3bc --- /dev/null +++ b/extern/curl/docs/cmdline-opts/http1.1.d @@ -0,0 +1,8 @@ +Long: http1.1 +Tags: Versions +Protocols: HTTP +Added: 7.33.0 +Mutexed: http1.0 http2 +Help: Use HTTP 1.1 +--- +Tells curl to use HTTP version 1.1. diff --git a/extern/curl/docs/cmdline-opts/http2-prior-knowledge.d b/extern/curl/docs/cmdline-opts/http2-prior-knowledge.d new file mode 100644 index 0000000000..f793f775dd --- /dev/null +++ b/extern/curl/docs/cmdline-opts/http2-prior-knowledge.d @@ -0,0 +1,12 @@ +Long: http2-prior-knowledge +Tags: Versions +Protocols: HTTP +Added: 7.49.0 +Mutexed: http1.1 http1.0 http2 +Requires: HTTP/2 +Help: Use HTTP 2 without HTTP/1.1 Upgrade +--- +Tells curl to issue its non-TLS HTTP requests using HTTP/2 without HTTP/1.1 +Upgrade. It requires prior knowledge that the server supports HTTP/2 straight +away. HTTPS requests will still do HTTP/2 the standard way with negotiated +protocol version in the TLS handshake. diff --git a/extern/curl/docs/cmdline-opts/http2.d b/extern/curl/docs/cmdline-opts/http2.d new file mode 100644 index 0000000000..cf8f2988e6 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/http2.d @@ -0,0 +1,11 @@ +Long: http2 +Tags: Versions +Protocols: HTTP +Added: 7.33.0 +Mutexed: http1.1 http1.0 http2-prior-knowledge +Requires: HTTP/2 +See-also: no-alpn +Help: Use HTTP 2 +See-also: http1.1 http3 +--- +Tells curl to use HTTP version 2. diff --git a/extern/curl/docs/cmdline-opts/http3.d b/extern/curl/docs/cmdline-opts/http3.d new file mode 100644 index 0000000000..8265937a3d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/http3.d @@ -0,0 +1,19 @@ +Long: http3 +Tags: Versions +Protocols: HTTP +Added: 7.66.0 +Mutexed: http1.1 http1.0 http2 http2-prior-knowledge +Requires: HTTP/3 +Help: Use HTTP v3 +See-also: http1.1 http2 +--- + +WARNING: this option is experimental. Do not use in production. + +Tells curl to use HTTP version 3 directly to the host and port number used in +the URL. A normal HTTP/3 transaction will be done to a host and then get +redirected via Alt-SVc, but this option allows a user to circumvent that when +you know that the target speaks HTTP/3 on the given host and port. + +This option will make curl fail if a QUIC connection cannot be established, it +cannot fall back to a lower HTTP version on its own. diff --git a/extern/curl/docs/cmdline-opts/ignore-content-length.d b/extern/curl/docs/cmdline-opts/ignore-content-length.d new file mode 100644 index 0000000000..53524f5184 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ignore-content-length.d @@ -0,0 +1,10 @@ +Long: ignore-content-length +Help: Ignore the size of the remote resource +Protocols: FTP HTTP +--- +For HTTP, Ignore the Content-Length header. This is particularly useful for +servers running Apache 1.x, which will report incorrect Content-Length for +files larger than 2 gigabytes. + +For FTP (since 7.46.0), skip the RETR command to figure out the size before +downloading a file. diff --git a/extern/curl/docs/cmdline-opts/include.d b/extern/curl/docs/cmdline-opts/include.d new file mode 100644 index 0000000000..9d282dd162 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/include.d @@ -0,0 +1,10 @@ +Long: include +Short: i +Help: Include protocol response headers in the output +See-also: verbose +--- +Include the HTTP response headers in the output. The HTTP response headers can +include things like server name, cookies, date of the document, HTTP version +and more... + +To view the request headers, consider the --verbose option. diff --git a/extern/curl/docs/cmdline-opts/insecure.d b/extern/curl/docs/cmdline-opts/insecure.d new file mode 100644 index 0000000000..49b0a43228 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/insecure.d @@ -0,0 +1,16 @@ +Long: insecure +Short: k +Help: Allow insecure server connections when using SSL +Protocols: TLS +See-also: proxy-insecure cacert +--- + +By default, every SSL connection curl makes is verified to be secure. This +option allows curl to proceed and operate even for server connections +otherwise considered insecure. + +The server connection is verified by making sure the server's certificate +contains the right name and verifies successfully using the cert store. + +See this online resource for further details: + https://curl.haxx.se/docs/sslcerts.html diff --git a/extern/curl/docs/cmdline-opts/interface.d b/extern/curl/docs/cmdline-opts/interface.d new file mode 100644 index 0000000000..65827fb8be --- /dev/null +++ b/extern/curl/docs/cmdline-opts/interface.d @@ -0,0 +1,16 @@ +Long: interface +Arg: +Help: Use network INTERFACE (or address) +See-also: dns-interface +--- + +Perform an operation using a specified interface. You can enter interface +name, IP address or host name. An example could look like: + + curl --interface eth0:1 https://www.example.com/ + +If this option is used several times, the last one will be used. + +On Linux it can be used to specify a VRF, but the binary needs to either +have CAP_NET_RAW or to be run as root. More information about Linux VRF: +https://www.kernel.org/doc/Documentation/networking/vrf.txt diff --git a/extern/curl/docs/cmdline-opts/ipv4.d b/extern/curl/docs/cmdline-opts/ipv4.d new file mode 100644 index 0000000000..9c40c8c3ee --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ipv4.d @@ -0,0 +1,12 @@ +Short: 4 +Long: ipv4 +Tags: Versions +Protocols: +Added: +Mutexed: ipv6 +Requires: +See-also: http1.1 http2 +Help: Resolve names to IPv4 addresses +--- +This option tells curl to resolve names to IPv4 addresses only, and not for +example try IPv6. diff --git a/extern/curl/docs/cmdline-opts/ipv6.d b/extern/curl/docs/cmdline-opts/ipv6.d new file mode 100644 index 0000000000..6eef6dd03b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ipv6.d @@ -0,0 +1,12 @@ +Short: 6 +Long: ipv6 +Tags: Versions +Protocols: +Added: +Mutexed: ipv4 +Requires: +See-also: http1.1 http2 +Help: Resolve names to IPv6 addresses +--- +This option tells curl to resolve names to IPv6 addresses only, and not for +example try IPv4. diff --git a/extern/curl/docs/cmdline-opts/junk-session-cookies.d b/extern/curl/docs/cmdline-opts/junk-session-cookies.d new file mode 100644 index 0000000000..40ccd9c2df --- /dev/null +++ b/extern/curl/docs/cmdline-opts/junk-session-cookies.d @@ -0,0 +1,10 @@ +Long: junk-session-cookies +Short: j +Help: Ignore session cookies read from file +Protocols: HTTP +See-also: cookie cookie-jar +--- +When curl is told to read cookies from a given file, this option will make it +discard all "session cookies". This will basically have the same effect as if +a new session is started. Typical browsers always discard session cookies when +they're closed down. diff --git a/extern/curl/docs/cmdline-opts/keepalive-time.d b/extern/curl/docs/cmdline-opts/keepalive-time.d new file mode 100644 index 0000000000..c816e13ff0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/keepalive-time.d @@ -0,0 +1,13 @@ +Long: keepalive-time +Arg: +Help: Interval time for keepalive probes +Added: 7.18.0 +--- +This option sets the time a connection needs to remain idle before sending +keepalive probes and the time between individual keepalive probes. It is +currently effective on operating systems offering the TCP_KEEPIDLE and +TCP_KEEPINTVL socket options (meaning Linux, recent AIX, HP-UX and more). This +option has no effect if --no-keepalive is used. + +If this option is used several times, the last one will be used. If +unspecified, the option defaults to 60 seconds. diff --git a/extern/curl/docs/cmdline-opts/key-type.d b/extern/curl/docs/cmdline-opts/key-type.d new file mode 100644 index 0000000000..bf39bcd357 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/key-type.d @@ -0,0 +1,9 @@ +Long: key-type +Arg: +Help: Private key file type (DER/PEM/ENG) +Protocols: TLS +--- +Private key file type. Specify which type your --key provided private key +is. DER, PEM, and ENG are supported. If not specified, PEM is assumed. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/key.d b/extern/curl/docs/cmdline-opts/key.d new file mode 100644 index 0000000000..855e2f7b6b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/key.d @@ -0,0 +1,17 @@ +Long: key +Arg: +Protocols: TLS SSH +Help: Private key file name +--- +Private key file name. Allows you to provide your private key in this separate +file. For SSH, if not specified, curl tries the following candidates in order: +\&'~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'. + +If curl is built against OpenSSL library, and the engine pkcs11 is available, +then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in a +PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a +PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set +as "pkcs11" if none was provided and the --key-type option will be set as +"ENG" if none was provided. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/krb.d b/extern/curl/docs/cmdline-opts/krb.d new file mode 100644 index 0000000000..19547af080 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/krb.d @@ -0,0 +1,11 @@ +Long: krb +Arg: +Help: Enable Kerberos with security +Protocols: FTP +Requires: Kerberos +--- +Enable Kerberos authentication and use. The level must be entered and should +be one of 'clear', 'safe', 'confidential', or 'private'. Should you use a +level that is not one of these, 'private' will instead be used. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/libcurl.d b/extern/curl/docs/cmdline-opts/libcurl.d new file mode 100644 index 0000000000..ef132fe745 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/libcurl.d @@ -0,0 +1,11 @@ +Long: libcurl +Arg: +Help: Dump libcurl equivalent code of this command line +Added: 7.16.1 +--- +Append this option to any ordinary curl command line, and you will get a +libcurl-using C source code written to the file that does the equivalent +of what your command-line operation does! + +If this option is used several times, the last given file name will be +used. diff --git a/extern/curl/docs/cmdline-opts/limit-rate.d b/extern/curl/docs/cmdline-opts/limit-rate.d new file mode 100644 index 0000000000..06c456e3e7 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/limit-rate.d @@ -0,0 +1,18 @@ +Long: limit-rate +Arg: +Help: Limit transfer speed to RATE +--- +Specify the maximum transfer rate you want curl to use - for both downloads +and uploads. This feature is useful if you have a limited pipe and you'd like +your transfer not to use your entire bandwidth. To make it slower than it +otherwise would be. + +The given speed is measured in bytes/second, unless a suffix is appended. +Appending 'k' or 'K' will count the number as kilobytes, 'm' or 'M' makes it +megabytes, while 'g' or 'G' makes it gigabytes. Examples: 200K, 3m and 1G. + +If you also use the --speed-limit option, that option will take precedence and +might cripple the rate-limiting slightly, to help keeping the speed-limit +logic working. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/list-only.d b/extern/curl/docs/cmdline-opts/list-only.d new file mode 100644 index 0000000000..4c56304a0d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/list-only.d @@ -0,0 +1,24 @@ +Long: list-only +Short: l +Protocols: FTP POP3 +Help: List only mode +Added: 7.21.5 +--- +(FTP) +When listing an FTP directory, this switch forces a name-only view. This is +especially useful if the user wants to machine-parse the contents of an FTP +directory since the normal directory view doesn't use a standard look or +format. When used like this, the option causes a NLST command to be sent to +the server instead of LIST. + +Note: Some FTP servers list only files in their response to NLST; they do not +include sub-directories and symbolic links. + +(POP3) +When retrieving a specific email from POP3, this switch forces a LIST command +to be performed instead of RETR. This is particularly useful if the user wants +to see if a specific message id exists on the server and what size it is. + +Note: When combined with --request, this option can be used to send an UIDL +command instead, so the user may use the email's unique identifier rather than +it's message id to make the request. diff --git a/extern/curl/docs/cmdline-opts/local-port.d b/extern/curl/docs/cmdline-opts/local-port.d new file mode 100644 index 0000000000..d96b46eb89 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/local-port.d @@ -0,0 +1,9 @@ +Long: local-port +Arg: +Help: Force use of RANGE for local port numbers +Added: 7.15.2 +--- +Set a preferred single number or range (FROM-TO) of local port numbers to use +for the connection(s). Note that port numbers by nature are a scarce resource +that will be busy at times so setting this range to something too narrow might +cause unnecessary connection setup failures. diff --git a/extern/curl/docs/cmdline-opts/location-trusted.d b/extern/curl/docs/cmdline-opts/location-trusted.d new file mode 100644 index 0000000000..995a8718aa --- /dev/null +++ b/extern/curl/docs/cmdline-opts/location-trusted.d @@ -0,0 +1,9 @@ +Long: location-trusted +Help: Like --location, and send auth to other hosts +Protocols: HTTP +See-also: user +--- +Like --location, but will allow sending the name + password to all hosts that +the site may redirect to. This may or may not introduce a security breach if +the site redirects you to a site to which you'll send your authentication info +(which is plaintext in the case of HTTP Basic authentication). diff --git a/extern/curl/docs/cmdline-opts/location.d b/extern/curl/docs/cmdline-opts/location.d new file mode 100644 index 0000000000..b5ba1f4faa --- /dev/null +++ b/extern/curl/docs/cmdline-opts/location.d @@ -0,0 +1,25 @@ +Long: location +Short: L +Help: Follow redirects +Protocols: HTTP +--- +If the server reports that the requested page has moved to a different +location (indicated with a Location: header and a 3XX response code), this +option will make curl redo the request on the new place. If used together with +--include or --head, headers from all requested pages will be shown. When +authentication is used, curl only sends its credentials to the initial +host. If a redirect takes curl to a different host, it won't be able to +intercept the user+password. See also --location-trusted on how to change +this. You can limit the amount of redirects to follow by using the +--max-redirs option. + +When curl follows a redirect and if the request is a POST, it will do the +following request with a GET if the HTTP response was 301, 302, or 303. If the +response code was any other 3xx code, curl will re-send the following request +using the same unmodified method. + +You can tell curl to not change POST requests to GET after a 30x response by +using the dedicated options for that: --post301, --post302 and --post303. + +The method set with --request overrides the method curl would otherwise select +to use. diff --git a/extern/curl/docs/cmdline-opts/login-options.d b/extern/curl/docs/cmdline-opts/login-options.d new file mode 100644 index 0000000000..8bad0511d4 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/login-options.d @@ -0,0 +1,14 @@ +Long: login-options +Arg: +Protocols: IMAP POP3 SMTP +Help: Server login options +Added: 7.34.0 +--- +Specify the login options to use during server authentication. + +You can use the login options to specify protocol specific options that may +be used during authentication. At present only IMAP, POP3 and SMTP support +login options. For more information about the login options please see +RFC 2384, RFC 5092 and IETF draft draft-earhart-url-smtp-00.txt + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/mail-auth.d b/extern/curl/docs/cmdline-opts/mail-auth.d new file mode 100644 index 0000000000..70cf0eda46 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/mail-auth.d @@ -0,0 +1,10 @@ +Long: mail-auth +Arg:
+Protocols: SMTP +Help: Originator address of the original email +Added: 7.25.0 +See-also: mail-rcpt mail-from +--- +Specify a single address. This will be used to specify the authentication +address (identity) of a submitted message that is being relayed to another +server. diff --git a/extern/curl/docs/cmdline-opts/mail-from.d b/extern/curl/docs/cmdline-opts/mail-from.d new file mode 100644 index 0000000000..1d932344cf --- /dev/null +++ b/extern/curl/docs/cmdline-opts/mail-from.d @@ -0,0 +1,8 @@ +Long: mail-from +Arg:
+Help: Mail from this address +Protocols: SMTP +Added: 7.20.0 +See-also: mail-rcpt mail-auth +--- +Specify a single address that the given mail should get sent from. diff --git a/extern/curl/docs/cmdline-opts/mail-rcpt-allowfails.d b/extern/curl/docs/cmdline-opts/mail-rcpt-allowfails.d new file mode 100644 index 0000000000..b5723df346 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/mail-rcpt-allowfails.d @@ -0,0 +1,15 @@ +Long: mail-rcpt-allowfails +Help: Allow RCPT TO command to fail for some recipients +Protocols: SMTP +Added: 7.69.0 +--- +When sending data to multiple recipients, by default curl will abort SMTP +conversation if at least one of the recipients causes RCPT TO command to +return an error. + +The default behavior can be changed by passing --mail-rcpt-allowfails +command-line option which will make curl ignore errors and proceed with the +remaining valid recipients. + +In case when all recipients cause RCPT TO command to fail, curl will abort SMTP +conversation and return the error received from to the last RCPT TO command. \ No newline at end of file diff --git a/extern/curl/docs/cmdline-opts/mail-rcpt.d b/extern/curl/docs/cmdline-opts/mail-rcpt.d new file mode 100644 index 0000000000..0a2859b688 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/mail-rcpt.d @@ -0,0 +1,19 @@ +Long: mail-rcpt +Arg:
+Help: Mail to this address +Protocols: SMTP +Added: 7.20.0 +--- +Specify a single address, user name or mailing list name. Repeat this +option several times to send to multiple recipients. + +When performing a mail transfer, the recipient should specify a valid email +address to send the mail to. + +When performing an address verification (VRFY command), the recipient should be +specified as the user name or user name and domain (as per Section 3.5 of +RFC5321). (Added in 7.34.0) + +When performing a mailing list expand (EXPN command), the recipient should be +specified using the mailing list name, such as "Friends" or "London-Office". +(Added in 7.34.0) diff --git a/extern/curl/docs/cmdline-opts/manual.d b/extern/curl/docs/cmdline-opts/manual.d new file mode 100644 index 0000000000..a9dbb0c78a --- /dev/null +++ b/extern/curl/docs/cmdline-opts/manual.d @@ -0,0 +1,5 @@ +Long: manual +Short: M +Help: Display the full manual +--- +Manual. Display the huge help text. diff --git a/extern/curl/docs/cmdline-opts/max-filesize.d b/extern/curl/docs/cmdline-opts/max-filesize.d new file mode 100644 index 0000000000..50d5266e1b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/max-filesize.d @@ -0,0 +1,16 @@ +Long: max-filesize +Arg: +Help: Maximum file size to download +See-also: limit-rate +--- +Specify the maximum size (in bytes) of a file to download. If the file +requested is larger than this value, the transfer will not start and curl will +return with exit code 63. + +A size modifier may be used. For example, Appending 'k' or 'K' will count the +number as kilobytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it +gigabytes. Examples: 200K, 3m and 1G. (Added in 7.58.0) + +\fBNOTE:\fP The file size is not always known prior to download, and for such +files this option has no effect even if the file transfer ends up being larger +than this given limit. This concerns both FTP and HTTP transfers. diff --git a/extern/curl/docs/cmdline-opts/max-redirs.d b/extern/curl/docs/cmdline-opts/max-redirs.d new file mode 100644 index 0000000000..a97860a8bd --- /dev/null +++ b/extern/curl/docs/cmdline-opts/max-redirs.d @@ -0,0 +1,10 @@ +Long: max-redirs +Arg: +Help: Maximum number of redirects allowed +Protocols: HTTP +--- +Set maximum number of redirection-followings allowed. When --location is used, +is used to prevent curl from following redirections too much. By default, the +limit is set to 50 redirections. Set this option to -1 to make it unlimited. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/max-time.d b/extern/curl/docs/cmdline-opts/max-time.d new file mode 100644 index 0000000000..0057f9d047 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/max-time.d @@ -0,0 +1,13 @@ +Long: max-time +Short: m +Arg: +Help: Maximum time allowed for the transfer +See-also: connect-timeout +--- +Maximum time in seconds that you allow the whole operation to take. This is +useful for preventing your batch jobs from hanging for hours due to slow +networks or links going down. Since 7.32.0, this option accepts decimal +values, but the actual timeout will decrease in accuracy as the specified +timeout increases in decimal precision. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/metalink.d b/extern/curl/docs/cmdline-opts/metalink.d new file mode 100644 index 0000000000..81fc8bc78c --- /dev/null +++ b/extern/curl/docs/cmdline-opts/metalink.d @@ -0,0 +1,26 @@ +Long: metalink +Help: Process given URLs as metalink XML file +Added: 7.27.0 +Requires: metalink +--- +This option can tell curl to parse and process a given URI as Metalink file +(both version 3 and 4 (RFC 5854) are supported) and make use of the mirrors +listed within for failover if there are errors (such as the file or server not +being available). It will also verify the hash of the file after the download +completes. The Metalink file itself is downloaded and processed in memory and +not stored in the local file system. + +Example to use a remote Metalink file: + + curl --metalink http://www.example.com/example.metalink + +To use a Metalink file in the local file system, use FILE protocol (file://): + + curl --metalink file://example.metalink + +Please note that if FILE protocol is disabled, there is no way to use a local +Metalink file at the time of this writing. Also note that if --metalink and +--include are used together, --include will be ignored. This is because +including headers in the response will break Metalink parser and if the +headers are included in the file described in Metalink file, hash check will +fail. diff --git a/extern/curl/docs/cmdline-opts/negotiate.d b/extern/curl/docs/cmdline-opts/negotiate.d new file mode 100644 index 0000000000..69a6b91709 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/negotiate.d @@ -0,0 +1,15 @@ +Long: negotiate +Help: Use HTTP Negotiate (SPNEGO) authentication +Protocols: HTTP +See-also: basic ntlm anyauth proxy-negotiate +--- +Enables Negotiate (SPNEGO) authentication. + +This option requires a library built with GSS-API or SSPI support. Use +--version to see if your curl supports GSS-API/SSPI or SPNEGO. + +When using this option, you must also provide a fake --user option to activate +the authentication code properly. Sending a '-u :' is enough as the user name +and password from the --user option aren't actually used. + +If this option is used several times, only the first one is used. diff --git a/extern/curl/docs/cmdline-opts/netrc-file.d b/extern/curl/docs/cmdline-opts/netrc-file.d new file mode 100644 index 0000000000..50126d2554 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/netrc-file.d @@ -0,0 +1,12 @@ +Long: netrc-file +Help: Specify FILE for netrc +Arg: +Added: 7.21.5 +Mutexed: netrc +--- +This option is similar to --netrc, except that you provide the path (absolute +or relative) to the netrc file that curl should use. You can only specify one +netrc file per invocation. If several --netrc-file options are provided, +the last one will be used. + +It will abide by --netrc-optional if specified. diff --git a/extern/curl/docs/cmdline-opts/netrc-optional.d b/extern/curl/docs/cmdline-opts/netrc-optional.d new file mode 100644 index 0000000000..c285403094 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/netrc-optional.d @@ -0,0 +1,7 @@ +Long: netrc-optional +Help: Use either .netrc or URL +Mutexed: netrc +See-also: netrc-file +--- +Very similar to --netrc, but this option makes the .netrc usage \fBoptional\fP +and not mandatory as the --netrc option does. diff --git a/extern/curl/docs/cmdline-opts/netrc.d b/extern/curl/docs/cmdline-opts/netrc.d new file mode 100644 index 0000000000..2df26782cc --- /dev/null +++ b/extern/curl/docs/cmdline-opts/netrc.d @@ -0,0 +1,17 @@ +Long: netrc +Short: n +Help: Must read .netrc for user name and password +--- +Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's +home directory for login name and password. This is typically used for FTP on +Unix. If used with HTTP, curl will enable user authentication. See +\fInetrc(5)\fP \fIftp(1)\fP for details on the file format. Curl will not +complain if that file doesn't have the right permissions (it should not be +either world- or group-readable). The environment variable "HOME" is used to +find the home directory. + +A quick and very simple example of how to setup a \fI.netrc\fP to allow curl +to FTP to the machine host.domain.com with user name \&'myself' and password +\&'secret' should look similar to: + +.B "machine host.domain.com login myself password secret" diff --git a/extern/curl/docs/cmdline-opts/next.d b/extern/curl/docs/cmdline-opts/next.d new file mode 100644 index 0000000000..1d1e70a35c --- /dev/null +++ b/extern/curl/docs/cmdline-opts/next.d @@ -0,0 +1,20 @@ +Short: : +Long: next +Tags: +Protocols: +Added: 7.36.0 +Magic: divider +Help: Make next URL use its separate set of options +--- +Tells curl to use a separate operation for the following URL and associated +options. This allows you to send several URL requests, each with their own +specific options, for example, such as different user names or custom requests +for each. + +--next will reset all local options and only global ones will have their +values survive over to the operation following the --next instruction. Global +options include --verbose, --trace, --trace-ascii and --fail-early. + +For example, you can do both a GET and a POST in a single command line: + + curl www1.example.com --next -d postthis www2.example.com diff --git a/extern/curl/docs/cmdline-opts/no-alpn.d b/extern/curl/docs/cmdline-opts/no-alpn.d new file mode 100644 index 0000000000..88abb83682 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/no-alpn.d @@ -0,0 +1,11 @@ +Long: no-alpn +Tags: HTTP/2 +Protocols: HTTPS +Added: 7.36.0 +See-also: no-npn http2 +Requires: TLS +Help: Disable the ALPN TLS extension +--- +Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built +with an SSL library that supports ALPN. ALPN is used by a libcurl that supports +HTTP/2 to negotiate HTTP/2 support with the server during https sessions. diff --git a/extern/curl/docs/cmdline-opts/no-buffer.d b/extern/curl/docs/cmdline-opts/no-buffer.d new file mode 100644 index 0000000000..65a6282f64 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/no-buffer.d @@ -0,0 +1,11 @@ +Long: no-buffer +Short: N +Help: Disable buffering of the output stream +--- +Disables the buffering of the output stream. In normal work situations, curl +will use a standard buffered output stream that will have the effect that it +will output the data in chunks, not necessarily exactly when the data arrives. +Using this option will disable that buffering. + +Note that this is the negated option name documented. You can thus use +--buffer to enforce the buffering. diff --git a/extern/curl/docs/cmdline-opts/no-keepalive.d b/extern/curl/docs/cmdline-opts/no-keepalive.d new file mode 100644 index 0000000000..8fb28a0365 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/no-keepalive.d @@ -0,0 +1,8 @@ +Long: no-keepalive +Help: Disable TCP keepalive on the connection +--- +Disables the use of keepalive messages on the TCP connection. curl otherwise +enables them by default. + +Note that this is the negated option name documented. You can thus use +--keepalive to enforce keepalive. diff --git a/extern/curl/docs/cmdline-opts/no-npn.d b/extern/curl/docs/cmdline-opts/no-npn.d new file mode 100644 index 0000000000..ab0f6de2e0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/no-npn.d @@ -0,0 +1,12 @@ +Long: no-npn +Tags: Versions HTTP/2 +Protocols: HTTPS +Added: 7.36.0 +Mutexed: +See-also: no-alpn http2 +Requires: TLS +Help: Disable the NPN TLS extension +--- +Disable the NPN TLS extension. NPN is enabled by default if libcurl was built +with an SSL library that supports NPN. NPN is used by a libcurl that supports +HTTP/2 to negotiate HTTP/2 support with the server during https sessions. diff --git a/extern/curl/docs/cmdline-opts/no-progress-meter.d b/extern/curl/docs/cmdline-opts/no-progress-meter.d new file mode 100644 index 0000000000..aff0717d37 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/no-progress-meter.d @@ -0,0 +1,10 @@ +Long: no-progress-meter +Help: Do not show the progress meter +See-also: verbose silent +Added: 7.67.0 +--- +Option to switch off the progress meter output without muting or otherwise +affecting warning and informational messages like --silent does. + +Note that this is the negated option name documented. You can thus use +--progress-meter to enable the progress meter again. diff --git a/extern/curl/docs/cmdline-opts/no-sessionid.d b/extern/curl/docs/cmdline-opts/no-sessionid.d new file mode 100644 index 0000000000..397a158697 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/no-sessionid.d @@ -0,0 +1,13 @@ +Long: no-sessionid +Help: Disable SSL session-ID reusing +Protocols: TLS +Added: 7.16.0 +--- +Disable curl's use of SSL session-ID caching. By default all transfers are +done using the cache. Note that while nothing should ever get hurt by +attempting to reuse SSL session-IDs, there seem to be broken SSL +implementations in the wild that may require you to disable this in order for +you to succeed. + +Note that this is the negated option name documented. You can thus use +--sessionid to enforce session-ID caching. diff --git a/extern/curl/docs/cmdline-opts/noproxy.d b/extern/curl/docs/cmdline-opts/noproxy.d new file mode 100644 index 0000000000..a216e75f49 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/noproxy.d @@ -0,0 +1,15 @@ +Long: noproxy +Arg: +Help: List of hosts which do not use proxy +Added: 7.19.4 +--- +Comma-separated list of hosts which do not use a proxy, if one is specified. +The only wildcard is a single * character, which matches all hosts, and +effectively disables the proxy. Each name in this list is matched as either +a domain which contains the hostname, or the hostname itself. For example, +local.com would match local.com, local.com:80, and www.local.com, but not +www.notlocal.com. + +Since 7.53.0, This option overrides the environment variables that disable the +proxy. If there's an environment variable disabling a proxy, you can set +noproxy list to \&"" to override it. diff --git a/extern/curl/docs/cmdline-opts/ntlm-wb.d b/extern/curl/docs/cmdline-opts/ntlm-wb.d new file mode 100644 index 0000000000..7b93384085 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ntlm-wb.d @@ -0,0 +1,7 @@ +Long: ntlm-wb +Help: Use HTTP NTLM authentication with winbind +Protocols: HTTP +See-also: ntlm proxy-ntlm +--- +Enables NTLM much in the style --ntlm does, but hand over the authentication +to the separate binary ntlmauth application that is executed when needed. diff --git a/extern/curl/docs/cmdline-opts/ntlm.d b/extern/curl/docs/cmdline-opts/ntlm.d new file mode 100644 index 0000000000..baaa1d534d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ntlm.d @@ -0,0 +1,18 @@ +Long: ntlm +Help: Use HTTP NTLM authentication +Mutexed: basic negotiate digest anyauth +See-also: proxy-ntlm +Protocols: HTTP +Requires: TLS +--- +Enables NTLM authentication. The NTLM authentication method was designed by +Microsoft and is used by IIS web servers. It is a proprietary protocol, +reverse-engineered by clever people and implemented in curl based on their +efforts. This kind of behavior should not be endorsed, you should encourage +everyone who uses NTLM to switch to a public and documented authentication +method instead, such as Digest. + +If you want to enable NTLM for your proxy authentication, then use +--proxy-ntlm. + +If this option is used several times, only the first one is used. diff --git a/extern/curl/docs/cmdline-opts/oauth2-bearer.d b/extern/curl/docs/cmdline-opts/oauth2-bearer.d new file mode 100644 index 0000000000..30466e579d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/oauth2-bearer.d @@ -0,0 +1,12 @@ +Long: oauth2-bearer +Help: OAuth 2 Bearer Token +Arg: +Protocols: IMAP POP3 SMTP HTTP +--- +Specify the Bearer Token for OAUTH 2.0 server authentication. The Bearer Token +is used in conjunction with the user name which can be specified as part of +the --url or --user options. + +The Bearer Token and user name are formatted according to RFC 6750. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/output.d b/extern/curl/docs/cmdline-opts/output.d new file mode 100644 index 0000000000..35f52a2130 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/output.d @@ -0,0 +1,32 @@ +Long: output +Arg: +Short: o +Help: Write to file instead of stdout +See-also: remote-name remote-name-all remote-header-name +--- +Write output to instead of stdout. If you are using {} or [] to fetch +multiple documents, you can use '#' followed by a number in the +specifier. That variable will be replaced with the current string for the URL +being fetched. Like in: + + curl http://{one,two}.example.com -o "file_#1.txt" + +or use several variables like: + + curl http://{site,host}.host[1-5].com -o "#1_#2" + +You may use this option as many times as the number of URLs you have. For +example, if you specify two URLs on the same command line, you can use it like +this: + + curl -o aa example.com -o bb example.net + +and the order of the -o options and the URLs doesn't matter, just that the +first -o is for the first URL and so on, so the above command line can also be +written as + + curl example.com example.net -o aa -o bb + +See also the --create-dirs option to create the local directories +dynamically. Specifying the output as '-' (a single dash) will force the +output to be done to stdout. diff --git a/extern/curl/docs/cmdline-opts/page-footer b/extern/curl/docs/cmdline-opts/page-footer new file mode 100644 index 0000000000..defe7e8b28 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/page-footer @@ -0,0 +1,256 @@ +.SH FILES +.I ~/.curlrc +.RS +Default config file, see --config for details. +.SH ENVIRONMENT +The environment variables can be specified in lower case or upper case. The +lower case version has precedence. http_proxy is an exception as it is only +available in lower case. + +Using an environment variable to set the proxy has the same effect as using +the --proxy option. + +.IP "http_proxy [protocol://][:port]" +Sets the proxy server to use for HTTP. +.IP "HTTPS_PROXY [protocol://][:port]" +Sets the proxy server to use for HTTPS. +.IP "[url-protocol]_PROXY [protocol://][:port]" +Sets the proxy server to use for [url-protocol], where the protocol is a +protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP, +SMTP, LDAP etc. +.IP "ALL_PROXY [protocol://][:port]" +Sets the proxy server to use if no protocol-specific proxy is set. +.IP "NO_PROXY " +list of host names that shouldn't go through any proxy. If set to an asterisk +\&'*' only, it matches all hosts. Each name in this list is matched as either +a domain name which contains the hostname, or the hostname itself. + +This environment variable disables use of the proxy even when specified with +the --proxy option. That is +.B NO_PROXY=direct.example.com curl -x http://proxy.example.com +.B http://direct.example.com +accesses the target URL directly, and +.B NO_PROXY=direct.example.com curl -x http://proxy.example.com +.B http://somewhere.example.com +accesses the target URL through the proxy. + +The list of host names can also be include numerical IP addresses, and IPv6 +versions should then be given without enclosing brackets. + +.SH "PROXY PROTOCOL PREFIXES" +Since curl version 7.21.7, the proxy string may be specified with a +protocol:// prefix to specify alternative proxy protocols. + +If no protocol is specified in the proxy string or if the string doesn't match +a supported one, the proxy will be treated as an HTTP proxy. + +The supported proxy protocol prefixes are as follows: +.IP "http://" +Makes it use it as an HTTP proxy. The default if no scheme prefix is used. +.IP "https://" +Makes it treated as an \fBHTTPS\fP proxy. +.IP "socks4://" +Makes it the equivalent of --socks4 +.IP "socks4a://" +Makes it the equivalent of --socks4a +.IP "socks5://" +Makes it the equivalent of --socks5 +.IP "socks5h://" +Makes it the equivalent of --socks5-hostname +.SH EXIT CODES +There are a bunch of different error codes and their corresponding error +messages that may appear during bad conditions. At the time of this writing, +the exit codes are: +.IP 1 +Unsupported protocol. This build of curl has no support for this protocol. +.IP 2 +Failed to initialize. +.IP 3 +URL malformed. The syntax was not correct. +.IP 4 +A feature or option that was needed to perform the desired request was not +enabled or was explicitly disabled at build-time. To make curl able to do +this, you probably need another build of libcurl! +.IP 5 +Couldn't resolve proxy. The given proxy host could not be resolved. +.IP 6 +Couldn't resolve host. The given remote host was not resolved. +.IP 7 +Failed to connect to host. +.IP 8 +Weird server reply. The server sent data curl couldn't parse. +.IP 9 +FTP access denied. The server denied login or denied access to the particular +resource or directory you wanted to reach. Most often you tried to change to a +directory that doesn't exist on the server. +.IP 10 +FTP accept failed. While waiting for the server to connect back when an active +FTP session is used, an error code was sent over the control connection or +similar. +.IP 11 +FTP weird PASS reply. Curl couldn't parse the reply sent to the PASS request. +.IP 12 +During an active FTP session while waiting for the server to connect back to +curl, the timeout expired. +.IP 13 +FTP weird PASV reply, Curl couldn't parse the reply sent to the PASV request. +.IP 14 +FTP weird 227 format. Curl couldn't parse the 227-line the server sent. +.IP 15 +FTP can't get host. Couldn't resolve the host IP we got in the 227-line. +.IP 16 +HTTP/2 error. A problem was detected in the HTTP2 framing layer. This is +somewhat generic and can be one out of several problems, see the error message +for details. +.IP 17 +FTP couldn't set binary. Couldn't change transfer method to binary. +.IP 18 +Partial file. Only a part of the file was transferred. +.IP 19 +FTP couldn't download/access the given file, the RETR (or similar) command +failed. +.IP 21 +FTP quote error. A quote command returned error from the server. +.IP 22 +HTTP page not retrieved. The requested url was not found or returned another +error with the HTTP error code being 400 or above. This return code only +appears if --fail is used. +.IP 23 +Write error. Curl couldn't write data to a local filesystem or similar. +.IP 25 +FTP couldn't STOR file. The server denied the STOR operation, used for FTP +uploading. +.IP 26 +Read error. Various reading problems. +.IP 27 +Out of memory. A memory allocation request failed. +.IP 28 +Operation timeout. The specified time-out period was reached according to the +conditions. +.IP 30 +FTP PORT failed. The PORT command failed. Not all FTP servers support the PORT +command, try doing a transfer using PASV instead! +.IP 31 +FTP couldn't use REST. The REST command failed. This command is used for +resumed FTP transfers. +.IP 33 +HTTP range error. The range "command" didn't work. +.IP 34 +HTTP post error. Internal post-request generation error. +.IP 35 +SSL connect error. The SSL handshaking failed. +.IP 36 +Bad download resume. Couldn't continue an earlier aborted download. +.IP 37 +FILE couldn't read file. Failed to open the file. Permissions? +.IP 38 +LDAP cannot bind. LDAP bind operation failed. +.IP 39 +LDAP search failed. +.IP 41 +Function not found. A required LDAP function was not found. +.IP 42 +Aborted by callback. An application told curl to abort the operation. +.IP 43 +Internal error. A function was called with a bad parameter. +.IP 45 +Interface error. A specified outgoing interface could not be used. +.IP 47 +Too many redirects. When following redirects, curl hit the maximum amount. +.IP 48 +Unknown option specified to libcurl. This indicates that you passed a weird +option to curl that was passed on to libcurl and rejected. Read up in the +manual! +.IP 49 +Malformed telnet option. +.IP 51 +The peer's SSL certificate or SSH MD5 fingerprint was not OK. +.IP 52 +The server didn't reply anything, which here is considered an error. +.IP 53 +SSL crypto engine not found. +.IP 54 +Cannot set SSL crypto engine as default. +.IP 55 +Failed sending network data. +.IP 56 +Failure in receiving network data. +.IP 58 +Problem with the local certificate. +.IP 59 +Couldn't use specified SSL cipher. +.IP 60 +Peer certificate cannot be authenticated with known CA certificates. +.IP 61 +Unrecognized transfer encoding. +.IP 62 +Invalid LDAP URL. +.IP 63 +Maximum file size exceeded. +.IP 64 +Requested FTP SSL level failed. +.IP 65 +Sending the data requires a rewind that failed. +.IP 66 +Failed to initialise SSL Engine. +.IP 67 +The user name, password, or similar was not accepted and curl failed to log in. +.IP 68 +File not found on TFTP server. +.IP 69 +Permission problem on TFTP server. +.IP 70 +Out of disk space on TFTP server. +.IP 71 +Illegal TFTP operation. +.IP 72 +Unknown TFTP transfer ID. +.IP 73 +File already exists (TFTP). +.IP 74 +No such user (TFTP). +.IP 75 +Character conversion failed. +.IP 76 +Character conversion functions required. +.IP 77 +Problem with reading the SSL CA cert (path? access rights?). +.IP 78 +The resource referenced in the URL does not exist. +.IP 79 +An unspecified error occurred during the SSH session. +.IP 80 +Failed to shut down the SSL connection. +.IP 82 +Could not load CRL file, missing or wrong format (added in 7.19.0). +.IP 83 +Issuer check failed (added in 7.19.0). +.IP 84 +The FTP PRET command failed +.IP 85 +RTSP: mismatch of CSeq numbers +.IP 86 +RTSP: mismatch of Session Identifiers +.IP 87 +unable to parse FTP file list +.IP 88 +FTP chunk callback reported error +.IP 89 +No connection available, the session will be queued +.IP 90 +SSL public key does not matched pinned public key +.IP 91 +Invalid SSL certificate status. +.IP 92 +Stream error in HTTP/2 framing layer. +.IP XX +More error codes will appear here in future releases. The existing ones +are meant to never change. +.SH AUTHORS / CONTRIBUTORS +Daniel Stenberg is the main author, but the whole list of contributors is +found in the separate THANKS file. +.SH WWW +https://curl.haxx.se +.SH "SEE ALSO" +.BR ftp (1), +.BR wget (1) diff --git a/extern/curl/docs/cmdline-opts/page-header b/extern/curl/docs/cmdline-opts/page-header new file mode 100644 index 0000000000..51f45edadf --- /dev/null +++ b/extern/curl/docs/cmdline-opts/page-header @@ -0,0 +1,141 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at https://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.\" DO NOT EDIT. Generated by the curl project gen.pl man page generator. +.\" +.TH curl 1 "16 Dec 2016" "Curl 7.52.0" "Curl Manual" +.SH NAME +curl \- transfer a URL +.SH SYNOPSIS +.B curl [options / URLs] +.SH DESCRIPTION +.B curl +is a tool to transfer data from or to a server, using one of the supported +protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, +LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET +and TFTP). The command is designed to work without user interaction. + +curl offers a busload of useful tricks like proxy support, user +authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer +resume, Metalink, and more. As you will see below, the number of features will +make your head spin! + +curl is powered by libcurl for all transfer-related features. See +\fIlibcurl(3)\fP for details. +.SH URL +The URL syntax is protocol-dependent. You'll find a detailed description in +RFC 3986. + +You can specify multiple URLs or parts of URLs by writing part sets within +braces as in: + + http://site.{one,two,three}.com + +or you can get sequences of alphanumeric series by using [] as in: + + ftp://ftp.example.com/file[1-100].txt + + ftp://ftp.example.com/file[001-100].txt (with leading zeros) + + ftp://ftp.example.com/file[a-z].txt + +Nested sequences are not supported, but you can use several ones next to each +other: + + http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html + +You can specify any amount of URLs on the command line. They will be fetched +in a sequential manner in the specified order. You can specify command line +options and URLs mixed and in any order on the command line. + +You can specify a step counter for the ranges to get every Nth number or +letter: + + http://example.com/file[1-100:10].txt + + http://example.com/file[a-z:2].txt + +When using [] or {} sequences when invoked from a command line prompt, you +probably have to put the full URL within double quotes to avoid the shell from +interfering with it. This also goes for other characters treated special, like +for example '&', '?' and '*'. + +Provide the IPv6 zone index in the URL with an escaped percentage sign and the +interface name. Like in + + http://[fe80::3%25eth0]/ + +If you specify URL without protocol:// prefix, curl will attempt to guess what +protocol you might want. It will then default to HTTP but try other protocols +based on often-used host name prefixes. For example, for host names starting +with "ftp." curl will assume you want to speak FTP. + +curl will do its best to use what you pass to it as a URL. It is not trying to +validate it as a syntactically correct URL by any means but is instead +\fBvery\fP liberal with what it accepts. + +curl will attempt to re-use connections for multiple file transfers, so that +getting many files from the same server will not do multiple connects / +handshakes. This improves speed. Of course this is only done on files +specified on a single command line and cannot be used between separate curl +invokes. +.SH "PROGRESS METER" +curl normally displays a progress meter during operations, indicating the +amount of transferred data, transfer speeds and estimated time left, etc. The +progress meter displays number of bytes and the speeds are in bytes per +second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is 1024 +bytes. 1M is 1048576 bytes. + +curl displays this data to the terminal by default, so if you invoke curl to +do an operation and it is about to write data to the terminal, it +\fIdisables\fP the progress meter as otherwise it would mess up the output +mixing progress meter and response data. + +If you want a progress meter for HTTP POST or PUT requests, you need to +redirect the response output to a file, using shell redirect (>), --output or +similar. + +It is not the same case for FTP upload as that operation does not spit out +any response data to the terminal. + +If you prefer a progress "bar" instead of the regular meter, --progress-bar is +your friend. You can also disable the progress meter completely with the +--silent option. +.SH OPTIONS +Options start with one or two dashes. Many of the options require an +additional value next to them. + +The short "single-dash" form of the options, -d for example, may be used with +or without a space between it and its value, although a space is a recommended +separator. The long "double-dash" form, --data for example, requires a space +between it and its value. + +Short version options that don't need any additional values can be used +immediately next to each other, like for example you can specify all the +options -O, -L and -v at once as -OLv. + +In general, all boolean options are enabled with --\fBoption\fP and yet again +disabled with --\fBno-\fPoption. That is, you use the exact same option name +but prefix it with "no-". However, in this list we mostly only list and show +the --option version of them. (This concept with --no options was added in +7.19.0. Previously most options were toggled on/off on repeated use of the +same command line option.) diff --git a/extern/curl/docs/cmdline-opts/parallel-immediate.d b/extern/curl/docs/cmdline-opts/parallel-immediate.d new file mode 100644 index 0000000000..343931085b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/parallel-immediate.d @@ -0,0 +1,9 @@ +Long: parallel-immediate +Help: Do not wait for multiplexing (with --parallel) +Added: 7.68.0 +See-also: parallel parallel-max +--- +When doing parallel transfers, this option will instruct curl that it should +rather prefer opening up more connections in parallel at once rather than +waiting to see if new transfers can be added as multiplexed streams on another +connection. diff --git a/extern/curl/docs/cmdline-opts/parallel-max.d b/extern/curl/docs/cmdline-opts/parallel-max.d new file mode 100644 index 0000000000..a8c79c7433 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/parallel-max.d @@ -0,0 +1,9 @@ +Long: parallel-max +Help: Maximum concurrency for parallel transfers +Added: 7.66.0 +See-also: parallel +--- +When asked to do parallel transfers, using --parallel, this option controls +the maximum amount of transfers to do simultaneously. + +The default is 50. diff --git a/extern/curl/docs/cmdline-opts/parallel.d b/extern/curl/docs/cmdline-opts/parallel.d new file mode 100644 index 0000000000..fac84e6243 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/parallel.d @@ -0,0 +1,7 @@ +Short: Z +Long: parallel +Help: Perform transfers in parallel +Added: 7.66.0 +--- +Makes curl perform its transfers in parallel as compared to the regular serial +manner. diff --git a/extern/curl/docs/cmdline-opts/pass.d b/extern/curl/docs/cmdline-opts/pass.d new file mode 100644 index 0000000000..2639cb9d06 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/pass.d @@ -0,0 +1,8 @@ +Long: pass +Arg: +Help: Pass phrase for the private key +Protocols: SSH TLS +--- +Passphrase for the private key + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/path-as-is.d b/extern/curl/docs/cmdline-opts/path-as-is.d new file mode 100644 index 0000000000..946e2f07a2 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/path-as-is.d @@ -0,0 +1,7 @@ +Long: path-as-is +Help: Do not squash .. sequences in URL path +Added: 7.42.0 +--- +Tell curl to not handle sequences of /../ or /./ in the given URL +path. Normally curl will squash or merge them according to standards but with +this option set you tell it not to do that. diff --git a/extern/curl/docs/cmdline-opts/pinnedpubkey.d b/extern/curl/docs/cmdline-opts/pinnedpubkey.d new file mode 100644 index 0000000000..cd21911f85 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/pinnedpubkey.d @@ -0,0 +1,25 @@ +Long: pinnedpubkey +Arg: +Help: FILE/HASHES Public key to verify peer against +Protocols: TLS +--- +Tells curl to use the specified public key file (or hashes) to verify the +peer. This can be a path to a file which contains a single public key in PEM +or DER format, or any number of base64 encoded sha256 hashes preceded by +\'sha256//\' and separated by \';\' + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl will +abort the connection before sending or receiving any data. + +PEM/DER support: + 7.39.0: OpenSSL, GnuTLS and GSKit + 7.43.0: NSS and wolfSSL + 7.47.0: mbedtls +sha256 support: + 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL + 7.47.0: mbedtls +Other SSL backends not supported. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/post301.d b/extern/curl/docs/cmdline-opts/post301.d new file mode 100644 index 0000000000..87a9fe7edc --- /dev/null +++ b/extern/curl/docs/cmdline-opts/post301.d @@ -0,0 +1,11 @@ +Long: post301 +Help: Do not switch to GET after following a 301 +Protocols: HTTP +See-also: post302 post303 location +Added: 7.17.1 +--- +Tells curl to respect RFC 7231/6.4.2 and not convert POST requests into GET +requests when following a 301 redirection. The non-RFC behaviour is ubiquitous +in web browsers, so curl does the conversion by default to maintain +consistency. However, a server may require a POST to remain a POST after such +a redirection. This option is meaningful only when using --location. diff --git a/extern/curl/docs/cmdline-opts/post302.d b/extern/curl/docs/cmdline-opts/post302.d new file mode 100644 index 0000000000..caf0d87f18 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/post302.d @@ -0,0 +1,11 @@ +Long: post302 +Help: Do not switch to GET after following a 302 +Protocols: HTTP +See-also: post301 post303 location +Added: 7.19.1 +--- +Tells curl to respect RFC 7231/6.4.3 and not convert POST requests into GET +requests when following a 302 redirection. The non-RFC behaviour is ubiquitous +in web browsers, so curl does the conversion by default to maintain +consistency. However, a server may require a POST to remain a POST after such +a redirection. This option is meaningful only when using --location. diff --git a/extern/curl/docs/cmdline-opts/post303.d b/extern/curl/docs/cmdline-opts/post303.d new file mode 100644 index 0000000000..44f39e6104 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/post303.d @@ -0,0 +1,10 @@ +Long: post303 +Help: Do not switch to GET after following a 303 +Protocols: HTTP +See-also: post302 post301 location +Added: 7.26.0 +--- +Tells curl to violate RFC 7231/6.4.4 and not convert POST requests into GET +requests when following 303 redirections. A server may require a POST to +remain a POST after a 303 redirection. This option is meaningful only when +using --location. diff --git a/extern/curl/docs/cmdline-opts/preproxy.d b/extern/curl/docs/cmdline-opts/preproxy.d new file mode 100644 index 0000000000..b8eb77fa4f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/preproxy.d @@ -0,0 +1,22 @@ +Long: preproxy +Arg: [protocol://]host[:port] +Help: Use this proxy first +Added: 7.52.0 +--- +Use the specified SOCKS proxy before connecting to an HTTP or HTTPS --proxy. In +such a case curl first connects to the SOCKS proxy and then connects (through +SOCKS) to the HTTP or HTTPS proxy. Hence pre proxy. + +The pre proxy string should be specified with a protocol:// prefix to specify +alternative proxy protocols. Use socks4://, socks4a://, socks5:// or +socks5h:// to request the specific SOCKS version to be used. No protocol +specified will make curl default to SOCKS4. + +If the port number is not specified in the proxy string, it is assumed to be +1080. + +User and password that might be provided in the proxy string are URL decoded +by curl. This allows you to pass in special characters such as @ by using %40 +or pass in a colon with %3a. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/progress-bar.d b/extern/curl/docs/cmdline-opts/progress-bar.d new file mode 100644 index 0000000000..f27de2d930 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/progress-bar.d @@ -0,0 +1,12 @@ +Short: # +Long: progress-bar +Help: Display transfer progress as a bar +--- +Make curl display transfer progress as a simple progress bar instead of the +standard, more informational, meter. + +This progress bar draws a single line of '#' characters across the screen and +shows a percentage if the transfer size is known. For transfers without a +known size, there will be space ship (-=o=-) that moves back and forth but +only while data is being transferred, with a set of flying hash sign symbols on +top. diff --git a/extern/curl/docs/cmdline-opts/proto-default.d b/extern/curl/docs/cmdline-opts/proto-default.d new file mode 100644 index 0000000000..ccc3b85f38 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proto-default.d @@ -0,0 +1,18 @@ +Long: proto-default +Help: Use PROTOCOL for any URL missing a scheme +Arg: +Added: 7.45.0 +--- +Tells curl to use \fIprotocol\fP for any URL missing a scheme name. + +Example: + + curl --proto-default https ftp.mozilla.org + +An unknown or unsupported protocol causes error +\fICURLE_UNSUPPORTED_PROTOCOL\fP (1). + +This option does not change the default proxy protocol (http). + +Without this option curl would make a guess based on the host, see --url for +details. diff --git a/extern/curl/docs/cmdline-opts/proto-redir.d b/extern/curl/docs/cmdline-opts/proto-redir.d new file mode 100644 index 0000000000..a1205dd036 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proto-redir.d @@ -0,0 +1,18 @@ +Long: proto-redir +Arg: +Help: Enable/disable PROTOCOLS on redirect +Added: 7.20.2 +--- +Tells curl to limit what protocols it may use on redirect. Protocols denied by +--proto are not overridden by this option. See --proto for how protocols are +represented. + +Example, allow only HTTP and HTTPS on redirect: + + curl --proto-redir -all,http,https http://example.com + +By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2). +Older versions of curl allowed all protocols on redirect except several +disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and +since 7.40.0 SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP +enables all protocols on redirect, including those disabled for security. diff --git a/extern/curl/docs/cmdline-opts/proto.d b/extern/curl/docs/cmdline-opts/proto.d new file mode 100644 index 0000000000..e1ece1788f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proto.d @@ -0,0 +1,43 @@ +Long: proto +Arg: +Help: Enable/disable PROTOCOLS +See-also: proto-redir proto-default +Added: 7.20.2 +--- +Tells curl to limit what protocols it may use in the transfer. Protocols are +evaluated left to right, are comma separated, and are each a protocol name or +\&'all', optionally prefixed by zero or more modifiers. Available modifiers are: +.RS +.TP 3 +.B + +Permit this protocol in addition to protocols already permitted (this is +the default if no modifier is used). +.TP +.B - +Deny this protocol, removing it from the list of protocols already permitted. +.TP +.B = +Permit only this protocol (ignoring the list already permitted), though +subject to later modification by subsequent entries in the comma separated +list. +.RE +.IP +For example: +.RS +.TP 15 +.B --proto -ftps +uses the default protocols, but disables ftps +.TP +.B --proto -all,https,+http +only enables http and https +.TP +.B --proto =http,https +also only enables http and https +.RE + +Unknown protocols produce a warning. This allows scripts to safely rely on +being able to disable potentially dangerous protocols, without relying upon +support for that protocol being built into curl to avoid an error. + +This option can be used multiple times, in which case the effect is the same +as concatenating the protocols into one instance of the option. diff --git a/extern/curl/docs/cmdline-opts/proxy-anyauth.d b/extern/curl/docs/cmdline-opts/proxy-anyauth.d new file mode 100644 index 0000000000..b60d0a05e6 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-anyauth.d @@ -0,0 +1,7 @@ +Long: proxy-anyauth +Help: Pick any proxy authentication method +Added: 7.13.2 +See-also: proxy proxy-basic proxy-digest +--- +Tells curl to pick a suitable authentication method when communicating with +the given HTTP proxy. This might cause an extra request/response round-trip. diff --git a/extern/curl/docs/cmdline-opts/proxy-basic.d b/extern/curl/docs/cmdline-opts/proxy-basic.d new file mode 100644 index 0000000000..566f890a97 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-basic.d @@ -0,0 +1,7 @@ +Long: proxy-basic +Help: Use Basic authentication on the proxy +See-also: proxy proxy-anyauth proxy-digest +--- +Tells curl to use HTTP Basic authentication when communicating with the given +proxy. Use --basic for enabling HTTP Basic with a remote host. Basic is the +default authentication method curl uses with proxies. diff --git a/extern/curl/docs/cmdline-opts/proxy-cacert.d b/extern/curl/docs/cmdline-opts/proxy-cacert.d new file mode 100644 index 0000000000..2713dd2a4c --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-cacert.d @@ -0,0 +1,7 @@ +Long: proxy-cacert +Help: CA certificate to verify peer against for proxy +Arg: +Added: 7.52.0 +See-also: proxy-capath cacert capath proxy +--- +Same as --cacert but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-capath.d b/extern/curl/docs/cmdline-opts/proxy-capath.d new file mode 100644 index 0000000000..177246aabc --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-capath.d @@ -0,0 +1,7 @@ +Long: proxy-capath +Help: CA directory to verify peer against for proxy +Arg: +Added: 7.52.0 +See-also: proxy-cacert proxy capath +--- +Same as --capath but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-cert-type.d b/extern/curl/docs/cmdline-opts/proxy-cert-type.d new file mode 100644 index 0000000000..906d2a1153 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-cert-type.d @@ -0,0 +1,6 @@ +Long: proxy-cert-type +Arg: +Added: 7.52.0 +Help: Client certificate type for HTTPS proxy +--- +Same as --cert-type but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-cert.d b/extern/curl/docs/cmdline-opts/proxy-cert.d new file mode 100644 index 0000000000..43acd39509 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-cert.d @@ -0,0 +1,6 @@ +Long: proxy-cert +Arg: +Help: Set client certificate for proxy +Added: 7.52.0 +--- +Same as --cert but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-ciphers.d b/extern/curl/docs/cmdline-opts/proxy-ciphers.d new file mode 100644 index 0000000000..dcac812845 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-ciphers.d @@ -0,0 +1,6 @@ +Long: proxy-ciphers +Arg: +Help: SSL ciphers to use for proxy +Added: 7.52.0 +--- +Same as --ciphers but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-crlfile.d b/extern/curl/docs/cmdline-opts/proxy-crlfile.d new file mode 100644 index 0000000000..1d6247f479 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-crlfile.d @@ -0,0 +1,6 @@ +Long: proxy-crlfile +Arg: +Help: Set a CRL list for proxy +Added: 7.52.0 +--- +Same as --crlfile but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-digest.d b/extern/curl/docs/cmdline-opts/proxy-digest.d new file mode 100644 index 0000000000..ccf46636c2 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-digest.d @@ -0,0 +1,6 @@ +Long: proxy-digest +Help: Use Digest authentication on the proxy +See-also: proxy proxy-anyauth proxy-basic +--- +Tells curl to use HTTP Digest authentication when communicating with the given +proxy. Use --digest for enabling HTTP Digest with a remote host. diff --git a/extern/curl/docs/cmdline-opts/proxy-header.d b/extern/curl/docs/cmdline-opts/proxy-header.d new file mode 100644 index 0000000000..c1b0bb7c44 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-header.d @@ -0,0 +1,24 @@ +Long: proxy-header +Arg:
+Help: Pass custom header(s) to proxy +Protocols: HTTP +Added: 7.37.0 +--- +Extra header to include in the request when sending HTTP to a proxy. You may +specify any number of extra headers. This is the equivalent option to --header +but is for proxy communication only like in CONNECT requests when you want a +separate header sent to the proxy to what is sent to the actual remote host. + +curl will make sure that each header you add/replace is sent with the proper +end-of-line marker, you should thus \fBnot\fP add that as a part of the header +content: do not add newlines or carriage returns, they will only mess things +up for you. + +Headers specified with this option will not be included in requests that curl +knows will not be sent to a proxy. + +Starting in 7.55.0, this option can take an argument in @filename style, which +then adds a header for each line in the input file. Using @- will make curl +read the header file from stdin. + +This option can be used multiple times to add/replace/remove multiple headers. diff --git a/extern/curl/docs/cmdline-opts/proxy-insecure.d b/extern/curl/docs/cmdline-opts/proxy-insecure.d new file mode 100644 index 0000000000..762828f43f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-insecure.d @@ -0,0 +1,5 @@ +Long: proxy-insecure +Help: Do HTTPS proxy connections without verifying the proxy +Added: 7.52.0 +--- +Same as --insecure but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-key-type.d b/extern/curl/docs/cmdline-opts/proxy-key-type.d new file mode 100644 index 0000000000..ce7482ae94 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-key-type.d @@ -0,0 +1,6 @@ +Long: proxy-key-type +Arg: +Help: Private key file type for proxy +Added: 7.52.0 +--- +Same as --key-type but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-key.d b/extern/curl/docs/cmdline-opts/proxy-key.d new file mode 100644 index 0000000000..e61eb18a99 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-key.d @@ -0,0 +1,5 @@ +Long: proxy-key +Help: Private key for HTTPS proxy +Arg: +--- +Same as --key but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-negotiate.d b/extern/curl/docs/cmdline-opts/proxy-negotiate.d new file mode 100644 index 0000000000..775f62a9a3 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-negotiate.d @@ -0,0 +1,8 @@ +Long: proxy-negotiate +Help: Use HTTP Negotiate (SPNEGO) authentication on the proxy +Added: 7.17.1 +See-also: proxy-anyauth proxy-basic +--- +Tells curl to use HTTP Negotiate (SPNEGO) authentication when communicating +with the given proxy. Use --negotiate for enabling HTTP Negotiate (SPNEGO) +with a remote host. diff --git a/extern/curl/docs/cmdline-opts/proxy-ntlm.d b/extern/curl/docs/cmdline-opts/proxy-ntlm.d new file mode 100644 index 0000000000..c30db53b9b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-ntlm.d @@ -0,0 +1,6 @@ +Long: proxy-ntlm +Help: Use NTLM authentication on the proxy +See-also: proxy-negotiate proxy-anyauth +--- +Tells curl to use HTTP NTLM authentication when communicating with the given +proxy. Use --ntlm for enabling NTLM with a remote host. diff --git a/extern/curl/docs/cmdline-opts/proxy-pass.d b/extern/curl/docs/cmdline-opts/proxy-pass.d new file mode 100644 index 0000000000..3371714ba0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-pass.d @@ -0,0 +1,6 @@ +Long: proxy-pass +Arg: +Help: Pass phrase for the private key for HTTPS proxy +Added: 7.52.0 +--- +Same as --pass but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-pinnedpubkey.d b/extern/curl/docs/cmdline-opts/proxy-pinnedpubkey.d new file mode 100644 index 0000000000..abd6dc4aaf --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-pinnedpubkey.d @@ -0,0 +1,16 @@ +Long: proxy-pinnedpubkey +Arg: +Help: FILE/HASHES public key to verify proxy with +Protocols: TLS +--- +Tells curl to use the specified public key file (or hashes) to verify the +proxy. This can be a path to a file which contains a single public key in PEM +or DER format, or any number of base64 encoded sha256 hashes preceded by +\'sha256//\' and separated by \';\' + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl will +abort the connection before sending or receiving any data. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/proxy-service-name.d b/extern/curl/docs/cmdline-opts/proxy-service-name.d new file mode 100644 index 0000000000..9a73f2be62 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-service-name.d @@ -0,0 +1,6 @@ +Long: proxy-service-name +Arg: +Help: SPNEGO proxy service name +Added: 7.43.0 +--- +This option allows you to change the service name for proxy negotiation. diff --git a/extern/curl/docs/cmdline-opts/proxy-ssl-allow-beast.d b/extern/curl/docs/cmdline-opts/proxy-ssl-allow-beast.d new file mode 100644 index 0000000000..de96b8436d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-ssl-allow-beast.d @@ -0,0 +1,5 @@ +Long: proxy-ssl-allow-beast +Help: Allow security flaw for interop for HTTPS proxy +Added: 7.52.0 +--- +Same as --ssl-allow-beast but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-tls13-ciphers.d b/extern/curl/docs/cmdline-opts/proxy-tls13-ciphers.d new file mode 100644 index 0000000000..08961b72e4 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-tls13-ciphers.d @@ -0,0 +1,16 @@ +Long: proxy-tls13-ciphers +Arg: +help: TLS 1.3 proxy cipher suites +Protocols: TLS +--- +Specifies which cipher suites to use in the connection to your HTTPS proxy +when it negotiates TLS 1.3. The list of ciphers suites must specify valid +ciphers. Read up on TLS 1.3 cipher suite details on this URL: + + https://curl.haxx.se/docs/ssl-ciphers.html + +This option is currently used only when curl is built to use OpenSSL 1.1.1 or +later. If you are using a different SSL backend you can try setting TLS 1.3 +cipher suites by using the --proxy-ciphers option. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/proxy-tlsauthtype.d b/extern/curl/docs/cmdline-opts/proxy-tlsauthtype.d new file mode 100644 index 0000000000..7d0ce8e1a7 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-tlsauthtype.d @@ -0,0 +1,6 @@ +Long: proxy-tlsauthtype +Arg: +Help: TLS authentication type for HTTPS proxy +Added: 7.52.0 +--- +Same as --tlsauthtype but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-tlspassword.d b/extern/curl/docs/cmdline-opts/proxy-tlspassword.d new file mode 100644 index 0000000000..cf003844e0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-tlspassword.d @@ -0,0 +1,6 @@ +Long: proxy-tlspassword +Arg: +Help: TLS password for HTTPS proxy +Added: 7.52.0 +--- +Same as --tlspassword but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-tlsuser.d b/extern/curl/docs/cmdline-opts/proxy-tlsuser.d new file mode 100644 index 0000000000..758a7c953a --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-tlsuser.d @@ -0,0 +1,6 @@ +Long: proxy-tlsuser +Arg: +Help: TLS username for HTTPS proxy +Added: 7.52.0 +--- +Same as --tlsuser but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-tlsv1.d b/extern/curl/docs/cmdline-opts/proxy-tlsv1.d new file mode 100644 index 0000000000..d024eeac36 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-tlsv1.d @@ -0,0 +1,5 @@ +Long: proxy-tlsv1 +Help: Use TLSv1 for HTTPS proxy +Added: 7.52.0 +--- +Same as --tlsv1 but used in HTTPS proxy context. diff --git a/extern/curl/docs/cmdline-opts/proxy-user.d b/extern/curl/docs/cmdline-opts/proxy-user.d new file mode 100644 index 0000000000..152466daaa --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy-user.d @@ -0,0 +1,18 @@ +Long: proxy-user +Short: U +Arg: +Help: Proxy user and password +--- +Specify the user name and password to use for proxy authentication. + +If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM +authentication then you can tell curl to select the user name and password +from your environment by specifying a single colon with this option: "-U :". + +On systems where it works, curl will hide the given option argument from +process listings. This is not enough to protect credentials from possibly +getting seen by other users on the same system as they will still be visible +for a brief moment before cleared. Such sensitive data should be retrieved +from a file instead or similar and never used in clear text in a command line. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/proxy.d b/extern/curl/docs/cmdline-opts/proxy.d new file mode 100644 index 0000000000..6506692be8 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy.d @@ -0,0 +1,39 @@ +Long: proxy +Short: x +Arg: [protocol://]host[:port] +Help: Use this proxy +--- +Use the specified proxy. + +The proxy string can be specified with a protocol:// prefix. No protocol +specified or http:// will be treated as HTTP proxy. Use socks4://, socks4a://, +socks5:// or socks5h:// to request a specific SOCKS version to be used. +(The protocol support was added in curl 7.21.7) + +HTTPS proxy support via https:// protocol prefix was added in 7.52.0 for +OpenSSL, GnuTLS and NSS. + +Unrecognized and unsupported proxy protocols cause an error since 7.52.0. +Prior versions may ignore the protocol and use http:// instead. + +If the port number is not specified in the proxy string, it is assumed to be +1080. + +This option overrides existing environment variables that set the proxy to +use. If there's an environment variable setting a proxy, you can set proxy to +\&"" to override it. + +All operations that are performed over an HTTP proxy will transparently be +converted to HTTP. It means that certain protocol specific operations might +not be available. This is not the case if you can tunnel through the proxy, as +one with the --proxytunnel option. + +User and password that might be provided in the proxy string are URL decoded +by curl. This allows you to pass in special characters such as @ by using %40 +or pass in a colon with %3a. + +The proxy host can be specified the exact same way as the proxy environment +variables, including the protocol prefix (http://) and the embedded user + +password. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/proxy1.0.d b/extern/curl/docs/cmdline-opts/proxy1.0.d new file mode 100644 index 0000000000..4a931bd15b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxy1.0.d @@ -0,0 +1,10 @@ +Long: proxy1.0 +Arg: +Help: Use HTTP/1.0 proxy on given port +--- +Use the specified HTTP 1.0 proxy. If the port number is not specified, it is +assumed at port 1080. + +The only difference between this and the HTTP proxy option --proxy, is that +attempts to use CONNECT through the proxy will specify an HTTP 1.0 protocol +instead of the default HTTP 1.1. diff --git a/extern/curl/docs/cmdline-opts/proxytunnel.d b/extern/curl/docs/cmdline-opts/proxytunnel.d new file mode 100644 index 0000000000..1f587f1209 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/proxytunnel.d @@ -0,0 +1,12 @@ +Long: proxytunnel +Short: p +Help: Operate through an HTTP proxy tunnel (using CONNECT) +See-also: proxy +--- +When an HTTP proxy is used --proxy, this option will make curl tunnel through +the proxy. The tunnel approach is made with the HTTP proxy CONNECT request and +requires that the proxy allows direct connect to the remote port number curl +wants to tunnel through to. + +To suppress proxy CONNECT response headers when curl is set to output headers +use --suppress-connect-headers. diff --git a/extern/curl/docs/cmdline-opts/pubkey.d b/extern/curl/docs/cmdline-opts/pubkey.d new file mode 100644 index 0000000000..b2e11c024b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/pubkey.d @@ -0,0 +1,14 @@ +Long: pubkey +Arg: +Protocols: SFTP SCP +Help: SSH Public key file name +--- +Public key file name. Allows you to provide your public key in this separate +file. + +If this option is used several times, the last one will be used. + +(As of 7.39.0, curl attempts to automatically extract the public key from the +private key file, so passing this option is generally not required. Note that +this public key extraction requires libcurl to be linked against a copy of +libssh2 1.2.8 or higher that is itself linked against OpenSSL.) diff --git a/extern/curl/docs/cmdline-opts/quote.d b/extern/curl/docs/cmdline-opts/quote.d new file mode 100644 index 0000000000..59a98eafbc --- /dev/null +++ b/extern/curl/docs/cmdline-opts/quote.d @@ -0,0 +1,57 @@ +Long: quote +Short: Q +Help: Send command(s) to server before transfer +Protocols: FTP SFTP +--- + +Send an arbitrary command to the remote FTP or SFTP server. Quote commands are +sent BEFORE the transfer takes place (just after the initial PWD command in an +FTP transfer, to be exact). To make commands take place after a successful +transfer, prefix them with a dash '-'. To make commands be sent after curl +has changed the working directory, just before the transfer command(s), prefix +the command with a '+' (this is only supported for FTP). You may specify any +number of commands. + +If the server returns failure for one of the commands, the entire operation +will be aborted. You must send syntactically correct FTP commands as RFC 959 +defines to FTP servers, or one of the commands listed below to SFTP servers. + +Prefix the command with an asterisk (*) to make curl continue even if the +command fails as by default curl will stop at first failure. + +This option can be used multiple times. + +SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP quote commands +itself before sending them to the server. File names may be quoted +shell-style to embed spaces or special characters. Following is the list of +all supported SFTP quote commands: +.RS +.IP "chgrp group file" +The chgrp command sets the group ID of the file named by the file operand to +the group ID specified by the group operand. The group operand is a decimal +integer group ID. +.IP "chmod mode file" +The chmod command modifies the file mode bits of the specified file. The +mode operand is an octal integer mode number. +.IP "chown user file" +The chown command sets the owner of the file named by the file operand to the +user ID specified by the user operand. The user operand is a decimal +integer user ID. +.IP "ln source_file target_file" +The ln and symlink commands create a symbolic link at the target_file location +pointing to the source_file location. +.IP "mkdir directory_name" +The mkdir command creates the directory named by the directory_name operand. +.IP "pwd" +The pwd command returns the absolute pathname of the current working directory. +.IP "rename source target" +The rename command renames the file or directory named by the source +operand to the destination path named by the target operand. +.IP "rm file" +The rm command removes the file specified by the file operand. +.IP "rmdir directory" +The rmdir command removes the directory entry specified by the directory +operand, provided it is empty. +.IP "symlink source_file target_file" +See ln. +.RE diff --git a/extern/curl/docs/cmdline-opts/random-file.d b/extern/curl/docs/cmdline-opts/random-file.d new file mode 100644 index 0000000000..51626f88dc --- /dev/null +++ b/extern/curl/docs/cmdline-opts/random-file.d @@ -0,0 +1,7 @@ +Long: random-file +Arg: +Help: File for reading random data from +--- +Specify the path name to file containing what will be considered as random +data. The data may be used to seed the random engine for SSL connections. See +also the --egd-file option. diff --git a/extern/curl/docs/cmdline-opts/range.d b/extern/curl/docs/cmdline-opts/range.d new file mode 100644 index 0000000000..b888dd1814 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/range.d @@ -0,0 +1,46 @@ +Long: range +Short: r +Help: Retrieve only the bytes within RANGE +Arg: +Protocols: HTTP FTP SFTP FILE +--- +Retrieve a byte range (i.e. a partial document) from an HTTP/1.1, FTP or SFTP +server or a local FILE. Ranges can be specified in a number of ways. +.RS +.TP 10 +.B 0-499 +specifies the first 500 bytes +.TP +.B 500-999 +specifies the second 500 bytes +.TP +.B -500 +specifies the last 500 bytes +.TP +.B 9500- +specifies the bytes from offset 9500 and forward +.TP +.B 0-0,-1 +specifies the first and last byte only(*)(HTTP) +.TP +.B 100-199,500-599 +specifies two separate 100-byte ranges(*) (HTTP) +.RE +.IP +(*) = NOTE that this will cause the server to reply with a multipart +response! + +Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the +\&'start-stop' range syntax. If a non-digit character is given in the range, +the server's response will be unspecified, depending on the server's +configuration. + +You should also be aware that many HTTP/1.1 servers do not have this feature +enabled, so that when you attempt to get a range, you'll instead get the whole +document. + +FTP and SFTP range downloads only support the simple 'start-stop' syntax +(optionally with one of the numbers omitted). FTP use depends on the extended +FTP command SIZE. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/raw.d b/extern/curl/docs/cmdline-opts/raw.d new file mode 100644 index 0000000000..c3328e69a1 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/raw.d @@ -0,0 +1,7 @@ +Long: raw +Help: Do HTTP "raw"; no transfer decoding +Added: 7.16.2 +Protocols: HTTP +--- +When used, it disables all internal HTTP decoding of content or transfer +encodings and instead makes them passed on unaltered, raw. diff --git a/extern/curl/docs/cmdline-opts/referer.d b/extern/curl/docs/cmdline-opts/referer.d new file mode 100644 index 0000000000..cd84e9d5a0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/referer.d @@ -0,0 +1,14 @@ +Long: referer +Short: e +Arg: +Protocols: HTTP +Help: Referrer URL +See-also: user-agent header +--- +Sends the "Referrer Page" information to the HTTP server. This can also be set +with the --header flag of course. When used with --location you can append +";auto" to the --referer URL to make curl automatically set the previous URL +when it follows a Location: header. The \&";auto" string can be used alone, +even if you don't set an initial --referer. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/remote-header-name.d b/extern/curl/docs/cmdline-opts/remote-header-name.d new file mode 100644 index 0000000000..771b6d4699 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/remote-header-name.d @@ -0,0 +1,19 @@ +Long: remote-header-name +Short: J +Protocols: HTTP +Help: Use the header-provided filename +--- +This option tells the --remote-name option to use the server-specified +Content-Disposition filename instead of extracting a filename from the URL. + +If the server specifies a file name and a file with that name already exists +in the current working directory it will not be overwritten and an error will +occur. If the server doesn't specify a file name then this option has no +effect. + +There's no attempt to decode %-sequences (yet) in the provided file name, so +this option may provide you with rather unexpected file names. + +\fBWARNING\fP: Exercise judicious use of this option, especially on Windows. A +rogue server could send you the name of a DLL or other file that could possibly +be loaded automatically by Windows or some third party software. diff --git a/extern/curl/docs/cmdline-opts/remote-name-all.d b/extern/curl/docs/cmdline-opts/remote-name-all.d new file mode 100644 index 0000000000..f7a1996793 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/remote-name-all.d @@ -0,0 +1,8 @@ +Long: remote-name-all +Help: Use the remote file name for all URLs +Added: 7.19.0 +--- +This option changes the default action for all given URLs to be dealt with as +if --remote-name were used for each one. So if you want to disable that for a +specific URL after --remote-name-all has been used, you must use "-o -" or +--no-remote-name. diff --git a/extern/curl/docs/cmdline-opts/remote-name.d b/extern/curl/docs/cmdline-opts/remote-name.d new file mode 100644 index 0000000000..9fed64bf4f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/remote-name.d @@ -0,0 +1,21 @@ +Long: remote-name +Short: O +Help: Write output to a file named as the remote file +--- +Write output to a local file named like the remote file we get. (Only the file +part of the remote file is used, the path is cut off.) + +The file will be saved in the current working directory. If you want the file +saved in a different directory, make sure you change the current working +directory before invoking curl with this option. + +The remote file name to use for saving is extracted from the given URL, +nothing else, and if it already exists it will be overwritten. If you want the +server to be able to choose the file name refer to --remote-header-name which +can be used in addition to this option. If the server chooses a file name and +that name already exists it will not be overwritten. + +There is no URL decoding done on the file name. If it has %20 or other URL +encoded parts of the name, they will end up as-is as file name. + +You may use this option as many times as the number of URLs you have. diff --git a/extern/curl/docs/cmdline-opts/remote-time.d b/extern/curl/docs/cmdline-opts/remote-time.d new file mode 100644 index 0000000000..7f6809dc35 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/remote-time.d @@ -0,0 +1,7 @@ +Long: remote-time +Short: R +Help: Set the remote file's time on the local output +--- +When used, this will make curl attempt to figure out the timestamp of the +remote file, and if that is available make the local file get that same +timestamp. diff --git a/extern/curl/docs/cmdline-opts/request-target.d b/extern/curl/docs/cmdline-opts/request-target.d new file mode 100644 index 0000000000..b46b4af02e --- /dev/null +++ b/extern/curl/docs/cmdline-opts/request-target.d @@ -0,0 +1,9 @@ +Long: request-target +Help: Specify the target for this request +Protocols: HTTP +Added: 7.55.0 +--- +Tells curl to use an alternative "target" (path) instead of using the path as +provided in the URL. Particularly useful when wanting to issue HTTP requests +without leading slash or other data that doesn't follow the regular URL +pattern, like "OPTIONS *". diff --git a/extern/curl/docs/cmdline-opts/request.d b/extern/curl/docs/cmdline-opts/request.d new file mode 100644 index 0000000000..3919d426a5 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/request.d @@ -0,0 +1,39 @@ +Long: request +Short: X +Arg: +Help: Specify request command to use +--- +(HTTP) Specifies a custom request method to use when communicating with the +HTTP server. The specified request method will be used instead of the method +otherwise used (which defaults to GET). Read the HTTP 1.1 specification for +details and explanations. Common additional HTTP requests include PUT and +DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and +more. + +Normally you don't need this option. All sorts of GET, HEAD, POST and PUT +requests are rather invoked by using dedicated command line options. + +This option only changes the actual word used in the HTTP request, it does not +alter the way curl behaves. So for example if you want to make a proper HEAD +request, using -X HEAD will not suffice. You need to use the --head option. + +The method string you set with --request will be used for all requests, which +if you for example use --location may cause unintended side-effects when curl +doesn't change request method according to the HTTP 30x response codes - and +similar. + +(FTP) +Specifies a custom FTP command to use instead of LIST when doing file lists +with FTP. + +(POP3) +Specifies a custom POP3 command to use instead of LIST or RETR. (Added in +7.26.0) + +(IMAP) +Specifies a custom IMAP command to use instead of LIST. (Added in 7.30.0) + +(SMTP) +Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0) + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/resolve.d b/extern/curl/docs/cmdline-opts/resolve.d new file mode 100644 index 0000000000..9c37525bd9 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/resolve.d @@ -0,0 +1,27 @@ +Long: resolve +Arg: +Help: Resolve the host+port to this address +Added: 7.21.3 +--- +Provide a custom address for a specific host and port pair. Using this, you +can make the curl requests(s) use a specified address and prevent the +otherwise normally resolved address to be used. Consider it a sort of +/etc/hosts alternative provided on the command line. The port number should be +the number used for the specific protocol the host will be used for. It means +you need several entries if you want to provide address for the same host but +different ports. + +By specifying '*' as host you can tell curl to resolve any host and specific +port pair to the specified address. Wildcard is resolved last so any --resolve +with a specific host and port will be used first. + +The provided address set by this option will be used even if --ipv4 or --ipv6 +is set to make curl use another IP version. + +Support for providing the IP address within [brackets] was added in 7.57.0. + +Support for providing multiple IP addresses per entry was added in 7.59.0. + +Support for resolving with wildcard was added in 7.64.0. + +This option can be used many times to add many host names to resolve. diff --git a/extern/curl/docs/cmdline-opts/retry-connrefused.d b/extern/curl/docs/cmdline-opts/retry-connrefused.d new file mode 100644 index 0000000000..6a78e1fdaa --- /dev/null +++ b/extern/curl/docs/cmdline-opts/retry-connrefused.d @@ -0,0 +1,6 @@ +Long: retry-connrefused +Help: Retry on connection refused (use with --retry) +Added: 7.52.0 +--- +In addition to the other conditions, consider ECONNREFUSED as a transient +error too for --retry. This option is used together with --retry. diff --git a/extern/curl/docs/cmdline-opts/retry-delay.d b/extern/curl/docs/cmdline-opts/retry-delay.d new file mode 100644 index 0000000000..1691356d4c --- /dev/null +++ b/extern/curl/docs/cmdline-opts/retry-delay.d @@ -0,0 +1,11 @@ +Long: retry-delay +Arg: +Help: Wait time between retries +Added: 7.12.3 +--- +Make curl sleep this amount of time before each retry when a transfer has +failed with a transient error (it changes the default backoff time algorithm +between retries). This option is only interesting if --retry is also +used. Setting this delay to zero will make curl use the default backoff time. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/retry-max-time.d b/extern/curl/docs/cmdline-opts/retry-max-time.d new file mode 100644 index 0000000000..0920c92446 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/retry-max-time.d @@ -0,0 +1,13 @@ +Long: retry-max-time +Arg: +Help: Retry only within this period +Added: 7.12.3 +--- +The retry timer is reset before the first transfer attempt. Retries will be +done as usual (see --retry) as long as the timer hasn't reached this given +limit. Notice that if the timer hasn't reached the limit, the request will be +made and while performing, it may take longer than this given time period. To +limit a single request\'s maximum time, use --max-time. Set this option to +zero to not timeout retries. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/retry.d b/extern/curl/docs/cmdline-opts/retry.d new file mode 100644 index 0000000000..3db89b71c0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/retry.d @@ -0,0 +1,20 @@ +Long: retry +Arg: +Added: 7.12.3 +Help: Retry request if transient problems occur +--- +If a transient error is returned when curl tries to perform a transfer, it +will retry this number of times before giving up. Setting the number to 0 +makes curl do no retries (which is the default). Transient error means either: +a timeout, an FTP 4xx response code or an HTTP 408 or 5xx response code. + +When curl is about to retry a transfer, it will first wait one second and then +for all forthcoming retries it will double the waiting time until it reaches +10 minutes which then will be the delay between the rest of the retries. By +using --retry-delay you disable this exponential backoff algorithm. See also +--retry-max-time to limit the total time allowed for retries. + +Since curl 7.66.0, curl will comply with the Retry-After: response header if +one was present to know when to issue the next retry. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/sasl-authzid.d b/extern/curl/docs/cmdline-opts/sasl-authzid.d new file mode 100644 index 0000000000..b34db97fc0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/sasl-authzid.d @@ -0,0 +1,11 @@ +Long: sasl-authzid +Help: Use this identity to act as during SASL PLAIN authentication +Added: 7.66.0 +--- +Use this authorisation identity (authzid), during SASL PLAIN authentication, +in addition to the authentication identity (authcid) as specified by --user. + +If the option isn't specified, the server will derive the authzid from the +authcid, but if specified, and depending on the server implementation, it may +be used to access another user's inbox, that the user has been granted access +to, or a shared mailbox for example. diff --git a/extern/curl/docs/cmdline-opts/sasl-ir.d b/extern/curl/docs/cmdline-opts/sasl-ir.d new file mode 100644 index 0000000000..c0dab94635 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/sasl-ir.d @@ -0,0 +1,5 @@ +Long: sasl-ir +Help: Enable initial response in SASL authentication +Added: 7.31.0 +--- +Enable initial response in SASL authentication. diff --git a/extern/curl/docs/cmdline-opts/service-name.d b/extern/curl/docs/cmdline-opts/service-name.d new file mode 100644 index 0000000000..4dfeb27d65 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/service-name.d @@ -0,0 +1,8 @@ +Long: service-name +Help: SPNEGO service name +Arg: +Added: 7.43.0 +--- +This option allows you to change the service name for SPNEGO. + +Examples: --negotiate --service-name sockd would use sockd/server-name. diff --git a/extern/curl/docs/cmdline-opts/show-error.d b/extern/curl/docs/cmdline-opts/show-error.d new file mode 100644 index 0000000000..b9667a4ca5 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/show-error.d @@ -0,0 +1,5 @@ +Long: show-error +Short: S +Help: Show error even when -s is used +--- +When used with --silent, it makes curl show an error message if it fails. diff --git a/extern/curl/docs/cmdline-opts/silent.d b/extern/curl/docs/cmdline-opts/silent.d new file mode 100644 index 0000000000..b0b4425b3d --- /dev/null +++ b/extern/curl/docs/cmdline-opts/silent.d @@ -0,0 +1,11 @@ +Long: silent +Short: s +Help: Silent mode +See-also: verbose stderr +--- +Silent or quiet mode. Don't show progress meter or error messages. Makes Curl +mute. It will still output the data you ask for, potentially even to the +terminal/stdout unless you redirect it. + +Use --show-error in addition to this option to disable progress meter but +still show error messages. diff --git a/extern/curl/docs/cmdline-opts/socks4.d b/extern/curl/docs/cmdline-opts/socks4.d new file mode 100644 index 0000000000..11f6ae033e --- /dev/null +++ b/extern/curl/docs/cmdline-opts/socks4.d @@ -0,0 +1,19 @@ +Long: socks4 +Arg: +Help: SOCKS4 proxy on given host + port +Added: 7.15.2 +--- +Use the specified SOCKS4 proxy. If the port number is not specified, it is +assumed at port 1080. + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +Since 7.21.7, this option is superfluous since you can specify a socks4 proxy +with --proxy using a socks4:// protocol prefix. + +Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time +--proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to +the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/socks4a.d b/extern/curl/docs/cmdline-opts/socks4a.d new file mode 100644 index 0000000000..ae254ae0e8 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/socks4a.d @@ -0,0 +1,19 @@ +Long: socks4a +Arg: +Help: SOCKS4a proxy on given host + port +Added: 7.18.0 +--- +Use the specified SOCKS4a proxy. If the port number is not specified, it is +assumed at port 1080. + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +Since 7.21.7, this option is superfluous since you can specify a socks4a proxy +with --proxy using a socks4a:// protocol prefix. + +Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time +--proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to +the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/socks5-basic.d b/extern/curl/docs/cmdline-opts/socks5-basic.d new file mode 100644 index 0000000000..67d16b3a66 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/socks5-basic.d @@ -0,0 +1,7 @@ +Long: socks5-basic +Help: Enable username/password auth for SOCKS5 proxies +Added: 7.55.0 +--- +Tells curl to use username/password authentication when connecting to a SOCKS5 +proxy. The username/password authentication is enabled by default. Use +--socks5-gssapi to force GSS-API authentication to SOCKS5 proxies. diff --git a/extern/curl/docs/cmdline-opts/socks5-gssapi-nec.d b/extern/curl/docs/cmdline-opts/socks5-gssapi-nec.d new file mode 100644 index 0000000000..477e218e39 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/socks5-gssapi-nec.d @@ -0,0 +1,8 @@ +Long: socks5-gssapi-nec +Help: Compatibility with NEC SOCKS5 server +Added: 7.19.4 +--- +As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961 +says in section 4.3/4.4 it should be protected, but the NEC reference +implementation does not. The option --socks5-gssapi-nec allows the +unprotected exchange of the protection mode negotiation. diff --git a/extern/curl/docs/cmdline-opts/socks5-gssapi-service.d b/extern/curl/docs/cmdline-opts/socks5-gssapi-service.d new file mode 100644 index 0000000000..eb3b2407b3 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/socks5-gssapi-service.d @@ -0,0 +1,12 @@ +Long: socks5-gssapi-service +Arg: +Help: SOCKS5 proxy service name for GSS-API +Added: 7.19.4 +--- +The default service name for a socks server is rcmd/server-fqdn. This option +allows you to change it. + +Examples: --socks5 proxy-name --socks5-gssapi-service sockd would use +sockd/proxy-name --socks5 proxy-name --socks5-gssapi-service sockd/real-name +would use sockd/real-name for cases where the proxy-name does not match the +principal name. diff --git a/extern/curl/docs/cmdline-opts/socks5-gssapi.d b/extern/curl/docs/cmdline-opts/socks5-gssapi.d new file mode 100644 index 0000000000..0070f37eb2 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/socks5-gssapi.d @@ -0,0 +1,8 @@ +Long: socks5-gssapi +Help: Enable GSS-API auth for SOCKS5 proxies +Added: 7.55.0 +--- +Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy. +The GSS-API authentication is enabled by default (if curl is compiled with +GSS-API support). Use --socks5-basic to force username/password authentication +to SOCKS5 proxies. diff --git a/extern/curl/docs/cmdline-opts/socks5-hostname.d b/extern/curl/docs/cmdline-opts/socks5-hostname.d new file mode 100644 index 0000000000..9d9d946e57 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/socks5-hostname.d @@ -0,0 +1,19 @@ +Long: socks5-hostname +Arg: +Help: SOCKS5 proxy, pass host name to proxy +Added: 7.18.0 +--- +Use the specified SOCKS5 proxy (and let the proxy resolve the host name). If +the port number is not specified, it is assumed at port 1080. + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +Since 7.21.7, this option is superfluous since you can specify a socks5 +hostname proxy with --proxy using a socks5h:// protocol prefix. + +Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time +--proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to +the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/socks5.d b/extern/curl/docs/cmdline-opts/socks5.d new file mode 100644 index 0000000000..22fae76295 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/socks5.d @@ -0,0 +1,21 @@ +Long: socks5 +Arg: +Help: SOCKS5 proxy on given host + port +Added: 7.18.0 +--- +Use the specified SOCKS5 proxy - but resolve the host name locally. If the +port number is not specified, it is assumed at port 1080. + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +Since 7.21.7, this option is superfluous since you can specify a socks5 proxy +with --proxy using a socks5:// protocol prefix. + +Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time +--proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to +the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. + +If this option is used several times, the last one will be used. + +This option (as well as --socks4) does not work with IPV6, FTPS or LDAP. diff --git a/extern/curl/docs/cmdline-opts/speed-limit.d b/extern/curl/docs/cmdline-opts/speed-limit.d new file mode 100644 index 0000000000..e2b81c79a3 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/speed-limit.d @@ -0,0 +1,10 @@ +Long: speed-limit +Short: Y +Arg: +Help: Stop transfers slower than this +--- +If a download is slower than this given speed (in bytes per second) for +speed-time seconds it gets aborted. speed-time is set with --speed-time and is +30 if not set. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/speed-time.d b/extern/curl/docs/cmdline-opts/speed-time.d new file mode 100644 index 0000000000..98d6ae13c5 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/speed-time.d @@ -0,0 +1,13 @@ +Long: speed-time +Short: y +Arg: +Help: Trigger 'speed-limit' abort after this time +--- +If a download is slower than speed-limit bytes per second during a speed-time +period, the download gets aborted. If speed-time is used, the default +speed-limit will be 1 unless set with --speed-limit. + +This option controls transfers and thus will not affect slow connects etc. If +this is a concern for you, try the --connect-timeout option. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/ssl-allow-beast.d b/extern/curl/docs/cmdline-opts/ssl-allow-beast.d new file mode 100644 index 0000000000..973fcd4518 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ssl-allow-beast.d @@ -0,0 +1,9 @@ +Long: ssl-allow-beast +Help: Allow security flaw to improve interop +Added: 7.25.0 +--- +This option tells curl to not work around a security flaw in the SSL3 and +TLS1.0 protocols known as BEAST. If this option isn't used, the SSL layer may +use workarounds known to cause interoperability problems with some older SSL +implementations. WARNING: this option loosens the SSL security, and by using +this flag you ask for exactly that. diff --git a/extern/curl/docs/cmdline-opts/ssl-no-revoke.d b/extern/curl/docs/cmdline-opts/ssl-no-revoke.d new file mode 100644 index 0000000000..f94b111436 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ssl-no-revoke.d @@ -0,0 +1,7 @@ +Long: ssl-no-revoke +Help: Disable cert revocation checks (Schannel) +Added: 7.44.0 +--- +(Schannel) This option tells curl to disable certificate revocation checks. +WARNING: this option loosens the SSL security, and by using this flag you ask +for exactly that. diff --git a/extern/curl/docs/cmdline-opts/ssl-reqd.d b/extern/curl/docs/cmdline-opts/ssl-reqd.d new file mode 100644 index 0000000000..3c6f8a257b --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ssl-reqd.d @@ -0,0 +1,9 @@ +Long: ssl-reqd +Help: Require SSL/TLS +Protocols: FTP IMAP POP3 SMTP +Added: 7.20.0 +--- +Require SSL/TLS for the connection. Terminates the connection if the server +doesn't support SSL/TLS. + +This option was formerly known as --ftp-ssl-reqd. diff --git a/extern/curl/docs/cmdline-opts/ssl.d b/extern/curl/docs/cmdline-opts/ssl.d new file mode 100644 index 0000000000..dabd83761f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/ssl.d @@ -0,0 +1,12 @@ +Long: ssl +Help: Try SSL/TLS +Protocols: FTP IMAP POP3 SMTP +Added: 7.20.0 +--- + +Try to use SSL/TLS for the connection. Reverts to a non-secure connection if +the server doesn't support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd +for different levels of encryption required. + +This option was formerly known as --ftp-ssl (Added in 7.11.0). That option +name can still be used but will be removed in a future version. diff --git a/extern/curl/docs/cmdline-opts/sslv2.d b/extern/curl/docs/cmdline-opts/sslv2.d new file mode 100644 index 0000000000..67d2b85065 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/sslv2.d @@ -0,0 +1,13 @@ +Short: 2 +Long: sslv2 +Tags: Versions +Protocols: SSL +Added: +Mutexed: sslv3 tlsv1 tlsv1.1 tlsv1.2 +Requires: TLS +See-also: http1.1 http2 +Help: Use SSLv2 +--- +Forces curl to use SSL version 2 when negotiating with a remote SSL +server. Sometimes curl is built without SSLv2 support. SSLv2 is widely +considered insecure (see RFC 6176). diff --git a/extern/curl/docs/cmdline-opts/sslv3.d b/extern/curl/docs/cmdline-opts/sslv3.d new file mode 100644 index 0000000000..101ad10047 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/sslv3.d @@ -0,0 +1,13 @@ +Short: 3 +Long: sslv3 +Tags: Versions +Protocols: SSL +Added: +Mutexed: sslv2 tlsv1 tlsv1.1 tlsv1.2 +Requires: TLS +See-also: http1.1 http2 +Help: Use SSLv3 +--- +Forces curl to use SSL version 3 when negotiating with a remote SSL +server. Sometimes curl is built without SSLv3 support. SSLv3 is widely +considered insecure (see RFC 7568). diff --git a/extern/curl/docs/cmdline-opts/stderr.d b/extern/curl/docs/cmdline-opts/stderr.d new file mode 100644 index 0000000000..e8cf7ba68f --- /dev/null +++ b/extern/curl/docs/cmdline-opts/stderr.d @@ -0,0 +1,8 @@ +Long: stderr +Help: Where to redirect stderr +See-also: verbose silent +--- +Redirect all writes to stderr to the specified file instead. If the file name +is a plain '-', it is instead written to stdout. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/styled-output.d b/extern/curl/docs/cmdline-opts/styled-output.d new file mode 100644 index 0000000000..e4751aecb1 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/styled-output.d @@ -0,0 +1,6 @@ +Long: styled-output +Help: Enable styled output for HTTP headers +Added: 7.61.0 +--- +Enables the automatic use of bold font styles when writing HTTP headers to the +terminal. Use --no-styled-output to switch them off. diff --git a/extern/curl/docs/cmdline-opts/suppress-connect-headers.d b/extern/curl/docs/cmdline-opts/suppress-connect-headers.d new file mode 100644 index 0000000000..d208b89177 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/suppress-connect-headers.d @@ -0,0 +1,8 @@ +Long: suppress-connect-headers +Help: Suppress proxy CONNECT response headers +See-also: dump-header include proxytunnel +--- +When --proxytunnel is used and a CONNECT request is made don't output proxy +CONNECT response headers. This option is meant to be used with --dump-header or +--include which are used to show protocol headers in the output. It has no +effect on debug options such as --verbose or --trace, or any statistics. diff --git a/extern/curl/docs/cmdline-opts/tcp-fastopen.d b/extern/curl/docs/cmdline-opts/tcp-fastopen.d new file mode 100644 index 0000000000..08e141df78 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/tcp-fastopen.d @@ -0,0 +1,5 @@ +Long: tcp-fastopen +Added: 7.49.0 +Help: Use TCP Fast Open +--- +Enable use of TCP Fast Open (RFC7413). diff --git a/extern/curl/docs/cmdline-opts/tcp-nodelay.d b/extern/curl/docs/cmdline-opts/tcp-nodelay.d new file mode 100644 index 0000000000..f047a7c6fa --- /dev/null +++ b/extern/curl/docs/cmdline-opts/tcp-nodelay.d @@ -0,0 +1,9 @@ +Long: tcp-nodelay +Help: Use the TCP_NODELAY option +Added: 7.11.2 +--- +Turn on the TCP_NODELAY option. See the \fIcurl_easy_setopt(3)\fP man page for +details about this option. + +Since 7.50.2, curl sets this option by default and you need to explicitly +switch it off if you don't want it on. diff --git a/extern/curl/docs/cmdline-opts/telnet-option.d b/extern/curl/docs/cmdline-opts/telnet-option.d new file mode 100644 index 0000000000..a67cb627b8 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/telnet-option.d @@ -0,0 +1,12 @@ +Long: telnet-option +Short: t +Arg: +Help: Set telnet option +--- +Pass options to the telnet protocol. Supported options are: + +TTYPE= Sets the terminal type. + +XDISPLOC= Sets the X display location. + +NEW_ENV= Sets an environment variable. diff --git a/extern/curl/docs/cmdline-opts/tftp-blksize.d b/extern/curl/docs/cmdline-opts/tftp-blksize.d new file mode 100644 index 0000000000..c184328de0 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/tftp-blksize.d @@ -0,0 +1,11 @@ +Long: tftp-blksize +Arg: +Help: Set TFTP BLKSIZE option +Protocols: TFTP +Added: 7.20.0 +--- +Set TFTP BLKSIZE option (must be >512). This is the block size that curl will +try to use when transferring data to or from a TFTP server. By default 512 +bytes will be used. + +If this option is used several times, the last one will be used. diff --git a/extern/curl/docs/cmdline-opts/tftp-no-options.d b/extern/curl/docs/cmdline-opts/tftp-no-options.d new file mode 100644 index 0000000000..e2a4dacd52 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/tftp-no-options.d @@ -0,0 +1,10 @@ +Long: tftp-no-options +Help: Do not send any TFTP options +Protocols: TFTP +Added: 7.48.0 +--- +Tells curl not to send TFTP options requests. + +This option improves interop with some legacy servers that do not acknowledge +or properly implement TFTP options. When this option is used --tftp-blksize is +ignored. diff --git a/extern/curl/docs/cmdline-opts/time-cond.d b/extern/curl/docs/cmdline-opts/time-cond.d new file mode 100644 index 0000000000..830b4e1a24 --- /dev/null +++ b/extern/curl/docs/cmdline-opts/time-cond.d @@ -0,0 +1,17 @@ +Long: time-cond +Short: z +Arg: