diff --git a/driver/connect.c b/driver/connect.c index 874d606d..f40e3906 100644 --- a/driver/connect.c +++ b/driver/connect.c @@ -23,7 +23,9 @@ #ifndef CURL_STATICLIB #error "dynamically linked cURL library is not supported" #else -#include "../lib/curl_base64.h" +/* "../lib/curl_base64.h" redefines the function(s) since 8.3.0 */ +extern CURLcode Curl_base64_decode(const char *src, + unsigned char **outptr, size_t *outlen); #endif /*! CURL_STATICLIB*/ /* HTTP headers default for every request */ diff --git a/libs/curl/.azure-pipelines.yml b/libs/curl/.azure-pipelines.yml index 6f194c33..96c36933 100644 --- a/libs/curl/.azure-pipelines.yml +++ b/libs/curl/.azure-pipelines.yml @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,189 +18,230 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -# Starter pipeline -# Start with a minimal pipeline that you can customize to build and deploy your code. -# Add steps that build, run tests, deploy, and more: +# https://dev.azure.com/daniel0244/curl/_build?view=runs +# +# Azure Pipelines configuration: # https://aka.ms/yaml trigger: branches: include: - - 'master' - - '*/ci' + - 'master' + - '*/ci' + paths: + exclude: + - '.circleci/*' + - '.github/*' + - '.github/workflows/*' + - 'appveyor.*' + - 'packages/*' + - 'plan9/*' pr: branches: include: - - 'master' + - 'master' + paths: + exclude: + - '.circleci/*' + - '.github/*' + - '.github/workflows/*' + - 'appveyor.*' + - 'packages/*' + - 'plan9/*' + +variables: + MAKEFLAGS: '-j 2' stages: -########################################## -### Linux jobs first -########################################## + ########################################## + ### Linux jobs first + ########################################## -- stage: linux - dependsOn: [] - jobs: - - job: ubuntu - # define defaults to make sure variables are always expanded/replaced - variables: - install: '' - configure: '' - tests: '!433' - timeoutInMinutes: 60 - pool: - vmImage: 'ubuntu-latest' - strategy: - matrix: - default: - name: default - install: jsonlint - configure: --enable-debug --with-openssl - disable_ipv6: - name: w/o IPv6 - configure: --disable-ipv6 --with-openssl - disable_http_smtp_imap: - name: w/o HTTP/SMTP/IMAP - configure: --disable-http --disable-smtp --disable-imap --without-ssl - disable_thredres: - name: sync resolver - configure: --disable-threaded-resolver --with-openssl - https_only: - name: HTTPS only - configure: --disable-dict --disable-file --disable-ftp --disable-gopher --disable-imap --disable-ldap --disable-pop3 --disable-rtmp --disable-rtsp --disable-scp --disable-sftp --disable-smb --disable-smtp --disable-telnet --disable-tftp --with-openssl - torture: - name: torture - install: libnghttp2-dev - configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl - tests: -n -t --shallow=40 !FTP - steps: - - script: sudo apt-get update && sudo apt-get install -y stunnel4 python3-impacket libzstd-dev libbrotli-dev $(install) - displayName: 'apt install' - - - script: ./buildconf && ./configure --enable-warnings --enable-werror $(configure) - displayName: 'configure $(name)' - - - script: make V=1 && make V=1 examples && cd tests && make V=1 - displayName: 'compile' - env: - MAKEFLAGS: "-j 2" - - - script: make V=1 test-ci - displayName: 'test' - env: - AZURE_ACCESS_TOKEN: "$(System.AccessToken)" - TFLAGS: "-r $(tests)" - -########################################## -### Windows jobs below -########################################## - -- stage: windows - dependsOn: [] - variables: - agent.preferPowerShellOnContainers: true - jobs: - - job: windows - # define defaults to make sure variables are always expanded/replaced + - stage: linux + dependsOn: [] + jobs: + - job: ubuntu + # define defaults to make sure variables are always expanded/replaced + variables: + install: '' + configure: '' + tests: '!433' + timeoutInMinutes: 60 + pool: + vmImage: 'ubuntu-latest' + strategy: + matrix: + default: + name: default + install: + configure: --enable-debug --with-openssl + disable_ipv6: + name: w/o IPv6 + configure: --disable-ipv6 --with-openssl + disable_http_smtp_imap: + name: w/o HTTP/SMTP/IMAP + configure: --disable-http --disable-smtp --disable-imap --without-ssl + disable_threadres: + name: sync resolver + configure: --disable-threaded-resolver --with-openssl + https_only: + name: HTTPS only + configure: --disable-dict --disable-file --disable-ftp --disable-gopher --disable-imap --disable-ldap --disable-pop3 --disable-rtmp --disable-rtsp --disable-scp --disable-sftp --disable-smb --disable-smtp --disable-telnet --disable-tftp --with-openssl + torture: + name: torture + install: libnghttp2-dev + configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl + tests: -n -t --shallow=25 !FTP + steps: + - script: sudo apt-get update && sudo apt-get install -y stunnel4 python3-impacket libzstd-dev libbrotli-dev libpsl-dev $(install) + displayName: 'apt install' + retryCountOnTaskFailure: 3 + + - script: autoreconf -fi && ./configure --disable-dependency-tracking --enable-warnings --enable-werror $(configure) + displayName: 'configure $(name)' + + - script: make V=1 && make V=1 examples && cd tests && make V=1 + displayName: 'compile' + + - script: make V=1 test-ci + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + TFLAGS: "-ac /usr/bin/curl -r $(tests)" + + - stage: scanbuild + dependsOn: [] + jobs: + - job: ubuntu + timeoutInMinutes: 30 + pool: + vmImage: 'ubuntu-latest' + steps: + - script: sudo apt-get update && sudo apt-get install -y clang-tools clang libssl-dev libssh2-1-dev libpsl-dev libbrotli-dev libzstd-dev + displayName: 'apt install' + retryCountOnTaskFailure: 3 + + - script: autoreconf -fi + displayName: 'autoreconf' + + - script: scan-build ./configure --disable-dependency-tracking --enable-debug --enable-werror --with-openssl --with-libssh2 + displayName: 'configure' + env: + CC: "clang" + CCX: "clang++" + + - script: scan-build --status-bugs make + displayName: 'make' + + - script: scan-build --status-bugs make examples + displayName: 'make examples' + + ########################################## + ### Windows jobs below + ########################################## + + - stage: windows + dependsOn: [] variables: - container_img: '' - container_cmd: '' - configure: '' - tests: '' - timeoutInMinutes: 120 - pool: - vmImage: 'windows-2019' - strategy: - matrix: - msys2_mingw32_debug_openssl: - name: 32-bit OpenSSL/libssh2 - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --with-libssh2 --with-openssl - tests: "~571" - msys2_mingw64_debug_openssl: - name: 64-bit OpenSSL/libssh2 - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --with-libssh2 --with-openssl - tests: "~571" - msys1_mingw_debug: - name: 32-bit (legacy) - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --without-ssl - tests: "!203 !1143" - msys1_mingw32_debug: - name: 32-bit w/o zlib - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw32:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --without-zlib --without-ssl - tests: "!203 !1143" - msys1_mingw64_debug: - name: 64-bit w/o zlib - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw64:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --without-zlib --without-ssl - tests: "!203 !1143" - msys2_mingw32_debug_schannel: - name: 32-bit Schannel/SSPI/WinIDN/libssh2 - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: "~571" - msys2_mingw64_debug_schannel: - name: 64-bit Schannel/SSPI/WinIDN/libssh2 - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: "~571" - msys1_mingw_debug_schannel: - name: 32-bit Schannel/SSPI/WinIDN (legacy) - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=i686-pc-mingw32 --build=i686-pc-mingw32 --prefix=/mingw --enable-debug --enable-sspi --with-schannel --with-winidn - tests: "!203 !305 !311 !312 !313 !404 !1143 !2033 !2035 !2038 !2041 !2042 !2048 !2070 !2079 !2087 !3023 !3024" - msys1_mingw32_debug_schannel: - name: 32-bit Schannel/SSPI/WinIDN w/o zlib - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw32:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --without-zlib - tests: "!203 !1143" - msys1_mingw64_debug_schannel: - name: 64-bit Schannel/SSPI/WinIDN w/o zlib - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys1-mingw64:ltsc2019 - container_cmd: C:\MinGW\msys\1.0\bin\sh - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --without-zlib - tests: "!203 !1143" - container: - image: $(container_img) - env: - MSYS2_PATH_TYPE: inherit - steps: - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && $(prepare)" - displayName: 'prepare' - condition: variables.prepare - - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && ./buildconf && ./configure $(configure)" - displayName: 'configure $(name)' - - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && make V=1 && make V=1 examples && cd tests && make V=1" - displayName: 'compile' - env: - MAKEFLAGS: "-j 2" - - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && make V=1 install && PATH=/usr/bin:/bin find . -type f -path '*/.libs/*.exe' -print -execdir mv -t .. {} \;" - displayName: 'install' - - - script: $(container_cmd) -l -c "cd $(echo '%cd%') && make V=1 test-ci" - displayName: 'test' - env: - AZURE_ACCESS_TOKEN: "$(System.AccessToken)" - TFLAGS: "!IDN !SCP ~612 ~1056 $(tests)" + agent.preferPowerShellOnContainers: true + jobs: + - job: msys2 + # define defaults to make sure variables are always expanded/replaced + variables: + container_img: '' + container_cmd: '' + configure: '' + tests: '' + timeoutInMinutes: 120 + pool: + vmImage: 'windows-2019' + strategy: + matrix: + mingw32_openssl: + name: 32-bit OpenSSL/libssh2 + container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 + container_cmd: C:\msys64\usr\bin\sh + prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 + configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --with-libssh2 --with-openssl --without-libpsl + tests: "~571" + mingw64_openssl: + name: 64-bit OpenSSL/libssh2 + container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 + container_cmd: C:\msys64\usr\bin\sh + prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 + configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --with-libssh2 --with-openssl --without-libpsl + tests: "~571" + mingw64_libssh: + name: 64-bit OpenSSL/libssh + container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 + container_cmd: C:\msys64\usr\bin\sh + prepare: pacman -S --needed --noconfirm --noprogressbar libssh-devel mingw-w64-x86_64-libssh + configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --with-libssh --with-openssl --without-libpsl + tests: "~571 ~614" + mingw32: + name: 32-bit w/o zlib + container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 + container_cmd: C:\msys64\usr\bin\sh + configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --without-zlib --without-ssl --without-libpsl + tests: "!203 !1143" + mingw64: + name: 64-bit w/o zlib + container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 + container_cmd: C:\msys64\usr\bin\sh + configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --without-zlib --without-ssl --without-libpsl + tests: "!203 !1143" + mingw32_schannel: + name: 32-bit Schannel/SSPI/WinIDN/libssh2 + container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 + container_cmd: C:\msys64\usr\bin\sh + prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 + configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --without-libpsl + tests: "~571" + mingw64_schannel: + name: 64-bit Schannel/SSPI/WinIDN/libssh2 + container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 + container_cmd: C:\msys64\usr\bin\sh + prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 + configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --without-libpsl + tests: "~571" + mingw32_schannel_nozlib: + name: 32-bit Schannel/SSPI/WinIDN w/o zlib + container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 + container_cmd: C:\msys64\usr\bin\sh + configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --without-zlib --without-libpsl + tests: "!203 !1143" + mingw64_schannel_nozlib: + name: 64-bit Schannel/SSPI/WinIDN w/o zlib + container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 + container_cmd: C:\msys64\usr\bin\sh + configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-debug --enable-werror --enable-sspi --with-schannel --with-winidn --without-zlib --without-libpsl + tests: "!203 !1143" + container: + image: $(container_img) + env: + MSYS2_PATH_TYPE: inherit + steps: + - script: $(container_cmd) -l -c "cd $(echo '%cd%') && $(prepare)" + displayName: 'prepare' + condition: variables.prepare + retryCountOnTaskFailure: 3 + + - script: $(container_cmd) -l -c "cd $(echo '%cd%') && autoreconf -fi && ./configure --disable-dependency-tracking $(configure)" + displayName: 'configure $(name)' + + - script: $(container_cmd) -l -c "cd $(echo '%cd%') && make V=1 && make V=1 examples && cd tests && make V=1" + displayName: 'compile' + + - script: $(container_cmd) -l -c "cd $(echo '%cd%') && make V=1 install && PATH=/usr/bin:/bin find . -type f -path '*/.libs/*.exe' -print -execdir mv -t .. {} \;" + displayName: 'install' + + - script: $(container_cmd) -l -c "cd $(echo '%cd%') && make V=1 test-ci" + displayName: 'test' + env: + AZURE_ACCESS_TOKEN: "$(System.AccessToken)" + TFLAGS: "-ac /usr/bin/curl.exe !IDN !SCP ~612 $(tests)" diff --git a/libs/curl/.circleci/config.yml b/libs/curl/.circleci/config.yml index fd0ef0fb..12661cbc 100644 --- a/libs/curl/.circleci/config.yml +++ b/libs/curl/.circleci/config.yml @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,11 +18,13 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### # View these jobs in the browser: https://app.circleci.com/pipelines/github/curl/curl -# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/2.0/configuration-reference +# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/configuration-reference/ version: 2.1 commands: @@ -30,47 +32,226 @@ commands: steps: - run: command: | - ./buildconf - ./configure --enable-warnings --enable-werror --with-openssl + autoreconf -fi + ./configure --enable-warnings --enable-werror --with-openssl \ + || { tail -1000 config.log; false; } + + configure-openssl-no-verbose: + steps: + - run: + command: | + autoreconf -fi + ./configure --disable-verbose --enable-werror --with-openssl \ + || { tail -1000 config.log; false; } + + configure-no-proxy: + steps: + - run: + command: | + autoreconf -fi + ./configure --disable-proxy --enable-werror --with-openssl \ + || { tail -1000 config.log; false; } + + install-cares: + steps: + - run: + command: | + sudo apt-get update && sudo apt-get install -y libc-ares-dev + + install-libssh: + steps: + - run: + command: | + sudo apt-get update && sudo apt-get install -y libssh-dev + + install-deps: + steps: + - run: + command: | + sudo apt-get update && sudo apt-get install -y libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev python3-pip libpsl-dev + sudo python3 -m pip install impacket + + configure-libssh: + steps: + - run: + command: | + autoreconf -fi + ./configure --enable-warnings --enable-werror --with-openssl --with-libssh \ + || { tail -1000 config.log; false; } + + install-wolfssl: + steps: + - run: + command: | + source .github/scripts/VERSIONS + echo "Installing wolfSSL $WOLFSSL_VER" + curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssl/archive/v$WOLFSSL_VER-stable.tar.gz + tar -xzf v$WOLFSSL_VER-stable.tar.gz + cd wolfssl-$WOLFSSL_VER-stable + ./autogen.sh + ./configure --enable-tls13 --enable-all --enable-harden --prefix=$HOME/wssl + make install + + install-wolfssh: + steps: + - run: + command: | + source .github/scripts/VERSIONS + echo "Installing wolfSSH $WOLFSSH_VER" + curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssh/archive/v$WOLFSSH_VER-stable.tar.gz + tar -xzf v$WOLFSSH_VER-stable.tar.gz + cd wolfssh-$WOLFSSH_VER-stable + ./autogen.sh + ./configure --with-wolfssl=$HOME/wssl --prefix=$HOME/wssh --enable-scp --enable-sftp --disable-examples + make install + + configure-cares: + steps: + - run: + command: | + autoreconf -fi + ./configure --enable-warnings --enable-werror --with-openssl --enable-ares \ + || { tail -1000 config.log; false; } + + configure-wolfssh: + steps: + - run: + command: | + autoreconf -fi + LDFLAGS="-Wl,-rpath,$HOME/wssh/lib" ./configure --enable-warnings --enable-werror --with-wolfssl=$HOME/wssl --with-wolfssh=$HOME/wssh \ + || { tail -1000 config.log; false; } + + configure-cares-debug: + steps: + - run: + command: | + autoreconf -fi + ./configure --enable-debug --enable-werror --with-openssl --enable-ares \ + || { tail -1000 config.log; false; } build: steps: - - run: make V=1 - - run: make V=1 examples + - run: make -j3 V=1 + - run: make -j3 V=1 examples test: steps: - - run: make V=1 test-ci + - run: make -j3 V=1 test-ci TFLAGS='-j14' executors: ubuntu: machine: - image: ubuntu-2004:202010-01 + image: ubuntu-2004:2024.01.1 jobs: basic: executor: ubuntu steps: - checkout + - install-deps - configure - build - test + no-verbose: + executor: ubuntu + steps: + - checkout + - install-deps + - configure-openssl-no-verbose + - build + + wolfssh: + executor: ubuntu + steps: + - checkout + - install-deps + - install-wolfssl + - install-wolfssh + - configure-wolfssh + - build + + no-proxy: + executor: ubuntu + steps: + - checkout + - install-deps + - configure-no-proxy + - build + - test + + cares: + executor: ubuntu + steps: + - checkout + - install-deps + - install-cares + - configure-cares + - build + - test + + libssh: + executor: ubuntu + steps: + - checkout + - install-deps + - install-libssh + - configure-libssh + - build + - test + arm: machine: - image: ubuntu-2004:202101-01 + image: ubuntu-2004:2024.01.1 resource_class: arm.medium steps: - checkout + - install-deps - configure - build - test + arm-cares: + machine: + image: ubuntu-2004:2024.01.1 + resource_class: arm.medium + steps: + - checkout + - install-deps + - install-cares + - configure-cares-debug + - build + - test + workflows: x86-openssl: jobs: - basic + openssl-c-ares: + jobs: + - cares + + openssl-libssh: + jobs: + - libssh + + openssl-no-proxy: + jobs: + - no-proxy + + openssl-no-verbose: + jobs: + - no-verbose + + wolfssl-wolfssh: + jobs: + - wolfssh + arm-openssl: jobs: - arm + + arm-openssl-c-ares: + jobs: + - arm-cares diff --git a/libs/curl/.cirrus.yml b/libs/curl/.cirrus.yml deleted file mode 100644 index c1d7fdae..00000000 --- a/libs/curl/.cirrus.yml +++ /dev/null @@ -1,129 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -# Cirrus CI configuration -# https://cirrus-ci.com/github/curl/curl - -freebsd_task: - name: FreeBSD - - matrix: - - name: FreeBSD 13.0 - freebsd_instance: - image_family: freebsd-13-0 - - name: FreeBSD 12.2 - freebsd_instance: - image_family: freebsd-12-2 - - env: - CIRRUS_CLONE_DEPTH: 10 - CRYPTOGRAPHY_DONT_BUILD_RUST: 1 - MAKE_FLAGS: -j 2 - - pkginstall_script: - - pkg update -f - - pkg install -y autoconf automake libtool pkgconf brotli openldap24-client heimdal libpsl libssh2 openssh-portable libidn2 librtmp libnghttp2 nghttp2 stunnel - - pkg delete -y curl - - easy_install "cryptography<3.2" - - easy_install "pyOpenSSL<20.0" - - easy_install "impacket" - configure_script: - - ./buildconf - # Building with the address sanitizer is causing unexplainable test issues due to timeouts - #- case `uname -r` in - # 12.2*) - # export CC=clang; - # export CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g"; - # export CXXFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g"; - # export LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer" ;; - # esac - - ./configure --prefix="${HOME}"/install --enable-debug --with-openssl --with-libssh2 --with-brotli --with-gssapi --with-libidn2 --enable-manual --enable-ldap --enable-ldaps --with-librtmp --with-libpsl --with-nghttp2 || { tail -300 config.log; false; } - compile_script: - - make V=1 && make V=1 examples && cd tests && make V=1 - test_script: - # blackhole? - - sysctl net.inet.tcp.blackhole - # make sure we don't run blackhole != 0 - - sudo sysctl net.inet.tcp.blackhole=0 - # Some tests won't run if run as root so run them as another user. - # Make directories world writable so the test step can write wherever it needs. - - find . -type d -exec chmod 777 {} \; - # The OpenSSH server instance for the testsuite cannot be started on FreeBSD, - # therefore the SFTP and SCP tests are disabled right away from the beginning. - - sudo -u nobody make V=1 TFLAGS="-n !SFTP !SCP" test-ci - install_script: - - make V=1 install - -windows_task: - name: Windows - timeout_in: 90m - windows_container: - image: ${container_img} - - matrix: - - name: Windows 32-bit shared/release Schannel/SSPI/WinIDN/libssh2 - env: - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: "~571" - - name: Windows 32-bit static/release Schannel/SSPI/WinIDN/libssh2 - env: - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw32:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-i686-libssh2 - configure: --host=i686-w64-mingw32 --build=i686-w64-mingw32 --prefix=/mingw32 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --disable-shared --enable-static - tests: "~571" - curl_LDFLAGS: -all-static - PKG_CONFIG: pkg-config --static - - name: Windows 64-bit shared/release Schannel/SSPI/WinIDN/libssh2 - env: - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 - tests: "~571" - - name: Windows 64-bit static/release Schannel/SSPI/WinIDN/libssh2 - env: - container_img: ghcr.io/mback2k/curl-docker-winbuildenv/msys2-mingw64:ltsc2019 - container_cmd: C:\msys64\usr\bin\sh - prepare: pacman -S --needed --noconfirm --noprogressbar libssh2-devel mingw-w64-x86_64-libssh2 - configure: --host=x86_64-w64-mingw32 --build=x86_64-w64-mingw32 --prefix=/mingw64 --enable-werror --enable-sspi --with-schannel --with-winidn --with-libssh2 --disable-shared --enable-static - tests: "~571" - curl_LDFLAGS: -all-static - PKG_CONFIG: pkg-config --static - - env: - CIRRUS_CLONE_DEPTH: 10 - MSYS2_PATH_TYPE: inherit - MAKEFLAGS: -j 2 - - prepare_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && %prepare%" - configure_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && ./buildconf && ./configure %configure%" - compile_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && make V=1 && make V=1 examples && cd tests && make V=1" - install_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && make V=1 install && PATH=/usr/bin:/bin find . -type f -path '*/.libs/*.exe' -print -execdir mv -t .. {} \;" - test_script: | - %container_cmd% -l -c "cd $(echo '%cd%') && make V=1 TFLAGS='!IDN !SCP ~612 ~1056 %tests%' test-ci" diff --git a/libs/curl/.dcignore b/libs/curl/.dcignore index 73b1e716..e33af3ec 100644 --- a/libs/curl/.dcignore +++ b/libs/curl/.dcignore @@ -1,3 +1,7 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + tests/** docs/** docs/examples/** diff --git a/libs/curl/.dir-locals.el b/libs/curl/.dir-locals.el index 06dc613f..f6248c2e 100644 --- a/libs/curl/.dir-locals.el +++ b/libs/curl/.dir-locals.el @@ -5,7 +5,7 @@ ;;; | (__| |_| | _ <| |___ ;;; \___|\___/|_| \_\_____| ;;; -;;; Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +;;; Copyright (C) Daniel Stenberg, , et al. ;;; ;;; This software is licensed as described in the file COPYING, which ;;; you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ ;;; This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY ;;; KIND, either express or implied. ;;; +;;; SPDX-License-Identifier: curl +;;; ;;;*************************************************************************** ;;; Directory Local Variables ;;; See Info node `(emacs) Directory Variables' for more information. diff --git a/libs/curl/.git-blame-ignore-revs b/libs/curl/.git-blame-ignore-revs new file mode 100644 index 00000000..c627bfd6 --- /dev/null +++ b/libs/curl/.git-blame-ignore-revs @@ -0,0 +1,6 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +# Make repository REUSE compliant +ad9bc5976d6661cd5b03ebc379313bf657701c14 diff --git a/libs/curl/.gitattributes b/libs/curl/.gitattributes index 691da622..41a5aff8 100644 --- a/libs/curl/.gitattributes +++ b/libs/curl/.gitattributes @@ -1,4 +1,7 @@ -*.dsw -crlf +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + buildconf eol=lf configure.ac eol=lf *.m4 eol=lf @@ -7,8 +10,6 @@ configure.ac eol=lf *.sh eol=lf *.[ch] whitespace=tab-in-indent -# Batch files (bat,btm,cmd) must be run with CRLF line endings. +# Batch files must be run with CRLF line endings. # Refer to https://github.com/curl/curl/pull/6442 *.bat text eol=crlf -*.btm text eol=crlf -*.cmd text eol=crlf diff --git a/libs/curl/.github/CODEOWNERS b/libs/curl/.github/CODEOWNERS new file mode 100644 index 00000000..7e1eea50 --- /dev/null +++ b/libs/curl/.github/CODEOWNERS @@ -0,0 +1,3 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl diff --git a/libs/curl/.github/CONTRIBUTING.md b/libs/curl/.github/CONTRIBUTING.md index 48c2ba0a..18be9ed2 100644 --- a/libs/curl/.github/CONTRIBUTING.md +++ b/libs/curl/.github/CONTRIBUTING.md @@ -1,3 +1,9 @@ + + How to contribute to curl ========================= diff --git a/libs/curl/.github/FUNDING.yml b/libs/curl/.github/FUNDING.yml index cbcc2747..f02b2d3f 100644 --- a/libs/curl/.github/FUNDING.yml +++ b/libs/curl/.github/FUNDING.yml @@ -1,2 +1,6 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + github: curl open_collective: curl diff --git a/libs/curl/.github/ISSUE_TEMPLATE/bug_report.md b/libs/curl/.github/ISSUE_TEMPLATE/bug_report.md deleted file mode 100644 index 2c1baec8..00000000 --- a/libs/curl/.github/ISSUE_TEMPLATE/bug_report.md +++ /dev/null @@ -1,28 +0,0 @@ ---- -name: Bug report -about: Create a report to help us improve -title: '' -labels: '' -assignees: '' - ---- - - - -### I did this - -### I expected the following - -### curl/libcurl version - -[curl -V output] - -### operating system - - diff --git a/libs/curl/.github/ISSUE_TEMPLATE/bug_report.yml b/libs/curl/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 00000000..a857700f --- /dev/null +++ b/libs/curl/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,55 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Bug Report on code +description: Tell us about your problem with curl or libcurl + +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Only file bugs here! Ask questions on the mailing lists https://curl.se/mail/ + + **SECURITY RELATED?** Post it here: https://hackerone.com/curl + + There are collections of known issues to be aware of: + + - https://curl.se/docs/knownbugs.html + - https://curl.se/docs/todo.html + + - type: textarea + id: reproducer + attributes: + label: I did this + validations: + required: false + + - type: textarea + id: expected-behaviour + attributes: + label: I expected the following + validations: + required: false + + - type: textarea + id: version + attributes: + label: curl/libcurl version + description: | + Please paste the output of `curl -V` here. + placeholder: 'curl 8.2.0' + validations: + required: true + + - type: textarea + id: os + attributes: + label: operating system + description: | + On Unix please post the output of `uname -a` here. + placeholder: 'Fedora Linux 38' + validations: + required: true diff --git a/libs/curl/.github/ISSUE_TEMPLATE/config.yml b/libs/curl/.github/ISSUE_TEMPLATE/config.yml index b16554c6..bce618da 100644 --- a/libs/curl/.github/ISSUE_TEMPLATE/config.yml +++ b/libs/curl/.github/ISSUE_TEMPLATE/config.yml @@ -1,11 +1,18 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + blank_issues_enabled: false contact_links: - - name: Feature request - url: https://curl.se/mail/ - about: To propose new features or enhancements, please bring that discussion to a suitable curl mailing list. - - name: Question + - name: Ask a question (without email) + url: https://github.com/curl/curl/discussions + about: Use the Discussion forum here on GitHub + - name: Ask a question (using email) url: https://curl.se/mail/ - about: Questions should go to the mailing list + about: Send question to the suitable mailing list - name: Commercial support url: https://curl.se/support.html - about: Several companies are offering paid support for curl/libcurl + about: Pay for fast quality support for and help with curl/libcurl + - name: Feature request + url: https://curl.se/mail/ + about: To propose new features or enhancements, please bring that discussion to a suitable curl mailing list. diff --git a/libs/curl/.github/ISSUE_TEMPLATE/docs.yml b/libs/curl/.github/ISSUE_TEMPLATE/docs.yml new file mode 100644 index 00000000..1b60a597 --- /dev/null +++ b/libs/curl/.github/ISSUE_TEMPLATE/docs.yml @@ -0,0 +1,32 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Bug Report on documentation +description: Problems, errors, mistakes or typos in documentation. +labels: documentation + +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this bug report! + + Only file documentation bugs here! Ask questions on the mailing lists https://curl.se/mail/ + + - type: textarea + id: source + attributes: + label: Specify which documentation you found a problem with + description: | + Include function name, URL, tarball version and all other relevant + details that identify the documentation source. + validations: + required: true + + - type: textarea + id: problem + attributes: + label: The problem + validations: + required: true diff --git a/libs/curl/.github/dependabot.yml b/libs/curl/.github/dependabot.yml new file mode 100644 index 00000000..792d0f0b --- /dev/null +++ b/libs/curl/.github/dependabot.yml @@ -0,0 +1,10 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/libs/curl/.github/labeler.yml b/libs/curl/.github/labeler.yml new file mode 100644 index 00000000..43d42808 --- /dev/null +++ b/libs/curl/.github/labeler.yml @@ -0,0 +1,257 @@ +# Copyright (C) Daniel Fandrich, , et al. +# +# SPDX-License-Identifier: curl + +# The workflow configures the .github/workflows/label.yml action +# to add labels to pull requests. This is not (yet?) a replacement for human +# triaging, but is intended to add labels to the easy cases. If the matching +# language becomes more powerful, more cases should be able to be handled. +# +# Labels are added in two ways: the any-glob-to-all-files ones are added if all +# the files fit into the category, and the any-glob-to-any-file ones are added +# as long as any file matches. The first ones are for "major" categories (the +# PR is all about that one topic, like HTTP/3), while the second ones are +# "addendums" that give useful information about a PR that's really mostly +# something else (e.g. CI if the PR also touches CI jobs). +# +# N.B. any-glob-to-all-files is misnamed; it acts like one-glob-to-all-files. +# Therefore, to get any-glob-to-all-files semantics, there must be a single glob +# with all matching patterns within braces. +# +# See https://github.com/actions/labeler/ for documentation on this file. + +appleOS: + - all: + - changed-files: + - any-glob-to-all-files: + - '{.github/workflows/macos.yml,lib/config-mac.h,lib/macos*,lib/vtls/sectransp*,m4/curl-sectransp.m4}' + +authentication: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/mk-ca-bundle.1,docs/libcurl/opts/CURLINFO_HTTPAUTH*,docs/libcurl/opts/CURLINFO_PROXYAUTH*,docs/libcurl/opts/CURLOPT_KRB*,docs/libcurl/opts/CURLOPT_SASL*,docs/libcurl/opts/CURLOPT_SERVICE_NAME*,docs/libcurl/opts/CURLOPT_USERNAME*,docs/libcurl/opts/CURLOPT_USERPWD*,docs/libcurl/opts/CURLOPT_XOAUTH*,lib/*gssapi*,lib/*krb5*,lib/*ntlm*,lib/curl_sasl.*,lib/http_aws*,lib/http_digest.*,lib/http_negotiate.*,lib/vauth/**,tests/server/fake_ntlm.c}' + +build: + - all: + - changed-files: + - any-glob-to-all-files: + - '{**/CMakeLists.txt,**/Makefile.am,**/Makefile.inc,**/Makefile.mk,**/*.m4,**/*.mk,*.m4,docs/INSTALL.cmake,lib/curl_config.h.cmake,lib/libcurl*.in,CMake/**,CMakeLists.txt,configure.ac,m4/**,Makefile.*,packages/**,plan9/**,projects/**,winbuild/**,libcurl.def}' + +CI: + - all: + - changed-files: + - any-glob-to-any-file: + - '.azure-pipelines.yml' + - '.circleci/**' + - '.github/**' + - 'appveyor.*' + - 'scripts/ci*' + - 'tests/azure.pm' + - 'tests/appveyor.pm' + - 'tests/CI.md' + +cmake: + - all: + - changed-files: + - any-glob-to-all-files: + - '{**/CMakeLists.txt,CMake/**,docs/INSTALL.cmake,lib/curl_config.h.cmake}' + +cmdline tool: + - all: + - changed-files: + - any-glob-to-any-file: + - 'docs/cmdline-opts/**' + - 'src/**' + +connecting & proxies: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/CONNECTION-FILTERS.md,docs/examples/ipv6.c,docs/libcurl/opts/CURLINFO_CONNECT*,docs/libcurl/opts/CURLINFO_PROXY*,docs/libcurl/opts/CURLOPT_ADDRESS*,docs/libcurl/opts/CURLOPT_CONNECT*,docs/libcurl/opts/CURLOPT_HAPROXY*,docs/libcurl/opts/CURLOPT_OPENSOCKET*,docs/libcurl/opts/CURLOPT_PRE_PROXY*,docs/libcurl/opts/CURLOPT_PROXY*,docs/libcurl/opts/CURLOPT_SOCKOPT*,docs/libcurl/opts/CURLOPT_SOCKS*,docs/libcurl/opts/CURLOPT_TCP*,docs/libcurl/opts/CURLOPT_TIMEOUT*,lib/cf-*proxy.*,lib/cf-socket.*,lib/cfilters.*,lib/conncache.*,lib/connect.*,lib/http_proxy.*,lib/if2ip.*,lib/noproxy.*,lib/socks.*,tests/server/socksd.c}' + +cookies: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/HTTP-COOKIES.md,docs/cmdline-opts/cookie*,docs/cmdline-opts/junk-session-cookies.md,docs/libcurl/opts/CURLINFO_COOKIE*,docs/libcurl/opts/CURLOPT_COOKIE*,docs/examples/cookie_interface.c,lib/cookie.*,lib/psl.*}' + +cryptography: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/CIPHERS.md,docs/RUSTLS.md,docs/libcurl/opts/CURLOPT_EGDSOCKET*,lib/*sha256*,lib/*sha512*,lib/curl_des.*,lib/curl_hmac.*,lib/curl_md?.*,lib/md?.*,lib/rand.*}' + +DICT: + - all: + - changed-files: + - any-glob-to-all-files: + - '{lib/dict.*,tests/dictserver.py}' + +documentation: + - all: + - changed-files: + - any-glob-to-all-files: + - '{.github/workflows/badwords.yml,.github/workflows/man-examples.yml,.github/workflows/synopsis.yml,.github/scripts/badwords.*,.github/scripts/cd2cd,.github/scripts/cd2nroff,.github/scripts/cdall.pl,.github/scripts/nroff2cd,.github/scripts/verify-examples.pl,.github/scripts/verify-synopsis.pl,**/*.md,**/*.txt,**/*.1,CHANGES,docs/**,LICENSES/**,README,RELEASE-NOTES,scripts/cd*}' + - all-globs-to-all-files: + # negative matches + - '!**/CMakeLists.txt' + - '!**/Makefile.am' + +FTP: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/libcurl/opts/CURLINFO_FTP*,docs/libcurl/opts/CURLOPT_FTP*,docs/libcurl/opts/CURLOPT_WILDCARDMATCH*,docs/examples/ftp*,lib/curl_fnmatch.*,lib/curl_range.*,lib/ftp*,tests/ftp*' + +GOPHER: + - all: + - changed-files: + - any-glob-to-all-files: + - 'lib/gopher*' + +HTTP: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/examples/hsts*,docs/examples/http-*,docs/examples/httpput*,docs/examples/https*,docs/examples/*post*,docs/HSTS.md,docs/HTTP-COOKIES.md,docs/libcurl/opts/CURLINFO_COOKIE*,docs/libcurl/opts/CURLOPT_COOKIE*,docs/libcurl/opts/CURLINFO_HTTP_**,docs/libcurl/opts/CURLINFO_REDIRECT*,docs/libcurl/opts/CURLINFO_REFER*,docs/libcurl/opts/CURLOPT_FOLLOWLOCATION*,docs/libcurl/opts/CURLOPT_HSTS*,docs/libcurl/opts/CURLOPT_HTTP*,docs/libcurl/opts/CURLOPT_POST.*,docs/libcurl/opts/CURLOPT_POSTFIELD*,docs/libcurl/opts/CURLOPT_POSTREDIR*,docs/libcurl/opts/CURLOPT_REDIR*,docs/libcurl/opts/CURLOPT_REFER*,docs/libcurl/opts/CURLOPT_TRAILER*,docs/libcurl/opts/CURLOPT_TRANSFER_ENCODING*,lib/cf-https*,lib/cf-h1*,lib/cf-h2*,lib/cookie.*,lib/hsts.*,lib/http*,tests/http*,tests/http-server.pl,tests/http/*,tests/nghttp*}' + +HTTP/2: + - all: + - changed-files: + - any-glob-to-all-files: + - '{CMake/FindNGHTTP2.cmake,CMake/FindQUICHE.cmake,docs/HTTP2.md,docs/libcurl/opts/CURLOPT_STREAM*,docs/examples/http2*,lib/http2*,tests/http2-server.pl}' + +HTTP/3: + - all: + - changed-files: + - any-glob-to-all-files: + - '{.github/workflows/ngtcp2*,.github/workflows/quiche*,.github/workflows/osslq*,CMake/FindMSH3.cmake,CMake/FindNGHTTP3.cmake,CMake/FindNGTCP2.cmake,docs/HTTP3.md,docs/examples/http3*,lib/vquic/**,tests/http3-server.pl,tests/nghttpx.conf}' + +Hyper: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/HYPER.md,lib/c-hyper.*}' + +IMAP: + - all: + - changed-files: + - any-glob-to-all-files: + - '{lib/imap*,docs/examples/imap*}' + +LDAP: + - all: + - changed-files: + - any-glob-to-all-files: + - 'lib/*ldap*' + +libcurl API: + - all: + - changed-files: + - any-glob-to-any-file: + - 'docs/libcurl/ABI.md' + - 'docs/libcurl/curl_*.md' + - 'include/curl/**' + +logging: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/cmdline-opts/trace*,docs/libcurl/curl_global_trace*,lib/curl_trc*,tests/http/test_15_tracing.py}' + +MIME: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/libcurl/curl_form*,docs/libcurl/curl_mime_*,docs/libcurl/opts/CURLOPT_MIME*,docs/libcurl/opts/CURLOPT_HTTPPOST*,lib/formdata*,lib/mime*,src/tool_formparse.*}' + +MQTT: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/MQTT.md,lib/mqtt*,tests/server/mqttd.c}' + +name lookup: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/examples/resolve.c,docs/libcurl/opts/CURLINFO_NAMELOOKUP*,docs/libcurl/opts/CURLOPT_DNS*,docs/libcurl/opts/CURLOPT_DOH*,docs/libcurl/opts/CURLOPT_RESOLVE*,lib/asyn*,lib/curl_gethostname.*,lib/doh*,lib/host*,lib/idn*,lib/inet_pton.*,lib/socketpair*,tests/server/resolve.c}' + +POP3: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/examples/pop3*,lib/pop3.*}' + +RTMP: + - all: + - changed-files: + - any-glob-to-all-files: + - 'lib/curl_rtmp.*' + +RTSP: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/libcurl/opts/CURLINFO_RTSP*,docs/libcurl/opts/CURLOPT_RTSP*,lib/rtsp.*,tests/rtspserver.pl,tests/server/rtspd.c}' + +SCP/SFTP: + - all: + - changed-files: + - any-glob-to-all-files: + - '{CMake/FindLibSSH2.cmake,docs/libcurl/opts/CURLOPT_SSH*,docs/examples/sftp*,lib/vssh/**,tests/sshhelp.pm,tests/sshserver.pl}' + +script: + - all: + - changed-files: + - any-glob-to-all-files: + - '{**/*.pl,**/*.sh,curl-config.in,docs/curl-config.1,docs/mk-ca-bundle.1,docs/THANKS-filter,scripts/**}' + +SMB: + - all: + - changed-files: + - any-glob-to-all-files: + - '{lib/smb.*,tests/smbserver.py}' + +SMTP: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/examples/smtp-*,docs/libcurl/opts/CURLOPT_MAIL*,lib/smtp.*}' + +tests: + - all: + - changed-files: + - any-glob-to-any-file: + - 'tests/**' + +TFTP: + - all: + - changed-files: + - any-glob-to-all-files: + - '{lib/tftp.*,tests/tftpserver.pl,tests/server/tftp*}' + +TLS: + - all: + - changed-files: + - any-glob-to-all-files: + - '{CMake/FindBearSSL.cmake,CMake/FindMbedTLS.cmake,CMake/FindWolfSSL.cmake,docs/examples/ssl*,docs/examples/*ssl.*,docs/examples/*tls.*,docs/SSL*,docs/libcurl/curl_global_sslset*,docs/libcurl/opts/CURLINFO_CA*,docs/libcurl/opts/CURLINFO_CERT*,docs/libcurl/opts/CURLINFO_SSL*,docs/libcurl/opts/CURLINFO_TLS*,docs/libcurl/opts/CURLOPT_CA*,docs/libcurl/opts/CURLOPT_CERT*,docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY*,docs/libcurl/opts/CURLOPT_SSL*,docs/libcurl/opts/CURLOPT_TLS*,docs/libcurl/opts/CURLOPT_USE_SSL*,lib/vtls/**,m4/curl-bearssl.m4,m4/curl-gnutls.m4,m4/curl-mbedtls.m4,m4/curl-openssl.m4,m4/curl-rustls.m4,m4/curl-schannel.m4,m4/curl-sectransp.m4,m4/curl-wolfssl.m4}' + +URL: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/libcurl/curl_url*,docs/URL-SYNTAX.md,docs/examples/parseurl*,include/curl/urlapi.h,lib/urlapi*}' + +WebSocket: + - all: + - changed-files: + - any-glob-to-all-files: + - '{docs/WEBSOCKET.md*,docs/examples/websocket*,docs/libcurl/curl_ws_*,docs/libcurl/libcurl-ws*,docs/libcurl/opts/CURLOPT_WS_*,include/curl/websockets.h,lib/ws.*,tests/http/clients/ws*,tests/http/test_20_websockets.py,tests/http/testenv/ws*}' + +Windows: + - all: + - changed-files: + - any-glob-to-all-files: + - '{appveyor.*,.github/workflows/windows.yml,CMake/Platforms/WindowsCache.cmake,lib/*win32*,lib/curl_multibyte.*,lib/rename.*,lib/vtls/schannel*,m4/curl-schannel.m4,projects/**,src/tool_doswin.c,winbuild/**,libcurl.def}' diff --git a/libs/curl/.github/lock.yml b/libs/curl/.github/lock.yml index 66e79128..ab30d2a8 100644 --- a/libs/curl/.github/lock.yml +++ b/libs/curl/.github/lock.yml @@ -1,3 +1,7 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + # Configuration for lock-threads - https://github.com/dessant/lock-threads # Number of days of inactivity before a closed issue or pull request is locked diff --git a/libs/curl/.github/scripts/VERSIONS b/libs/curl/.github/scripts/VERSIONS new file mode 100644 index 00000000..8e9c7289 --- /dev/null +++ b/libs/curl/.github/scripts/VERSIONS @@ -0,0 +1,9 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +# renovate: datasource=github-tags depName=wolfSSL/wolfssl versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com +WOLFSSL_VER=5.7.2 + +# renovate: datasource=github-tags depName=wolfSSL/wolfssh versioning=semver extractVersion=^v?(?.+)-stable$ registryUrl=https://github.com +WOLFSSH_VER=1.4.17 diff --git a/libs/curl/.github/scripts/badwords.pl b/libs/curl/.github/scripts/badwords.pl new file mode 100755 index 00000000..3b215e43 --- /dev/null +++ b/libs/curl/.github/scripts/badwords.pl @@ -0,0 +1,67 @@ +#!/usr/bin/env perl +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# bad[:=]correct +# +# If separator is '=', the string will be compared case sensitively. +# If separator is ':', the check is done case insensitively. +# +my $w; +while() { + chomp; + if($_ =~ /^#/) { + next; + } + if($_ =~ /^([^:=]*)([:=])(.*)/) { + my ($bad, $sep, $better)=($1, $2, $3); + push @w, $bad; + $alt{$bad} = $better; + if($sep eq "=") { + $exactcase{$bad} = 1; + } + } +} + +my $errors; + +sub file { + my ($f) = @_; + my $l = 0; + open(F, "<$f"); + while() { + my $in = $_; + $l++; + chomp $in; + if($in =~ /^ /) { + next; + } + # remove the link part + $in =~ s/(\[.*\])\(.*\)/$1/g; + # remove backticked texts + $in =~ s/\`.*\`//g; + foreach my $w (@w) { + my $case = $exactcase{$w}; + if(($in =~ /^(.*)$w/i && !$case) || + ($in =~ /^(.*)$w/ && $case) ) { + my $p = $1; + my $c = length($p)+1; + print STDERR "$f:$l:$c: error: found bad word \"$w\"\n"; + printf STDERR " %4d | $in\n", $l; + printf STDERR " | %*s^%s\n", length($p), " ", + "~" x (length($w)-1); + printf STDERR " maybe use \"%s\" instead?\n", $alt{$w}; + $errors++; + } + } + } + close(F); +} + +my @files = @ARGV; + +foreach my $each (@files) { + file($each); +} +exit $errors; diff --git a/libs/curl/.github/scripts/badwords.txt b/libs/curl/.github/scripts/badwords.txt new file mode 100644 index 00000000..5b65736c --- /dev/null +++ b/libs/curl/.github/scripts/badwords.txt @@ -0,0 +1,67 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +back-end:backend +e-mail:email +run-time:runtime +set-up:setup +tool chain:toolchain +tool-chain:toolchain +wild-card:wildcard +wild card:wildcard +i'm:I am +you've:You have +we've:we have +we're:we are +we'll:we will +we'd:we would +they've:They have +they're:They are +they'll:They will +they'd:They would +you've:you have +you'd:you would +you'll:you will +you're:you are +should've:should have +don't=do not +could've:could have +doesn't:does not +isn't:is not +aren't:are not + a html: an html + a http: an http + a ftp: an ftp + url =URL +internet\b=Internet +isation:ization +it's:it is +it'd:it would +there's:there is +[^.]\. And: Rewrite it somehow? +^(And|So|But) = Rewrite it somehow? +\. But: Rewrite it somehow? +\. So : Rewrite without "so" ? + dir :directory +can't:cannot +that's:that is +web page:webpage +host name\b:hostname +host names\b:hostnames +file name\b:filename +file names\b:filenames +\buser name\b:username +\buser names\b:usernames +\bpass phrase:passphrase +didn't:did not +doesn't:does not +won't:will not +couldn't:could not +\bwill\b:rewrite to present tense +\b32bit=32-bit +\b64bit=64-bit +32 bit\b=32-bit +64 bit\b=64-bit +64-bits:64 bits or 64-bit +32-bits:32 bits or 32-bit diff --git a/libs/curl/.github/scripts/cleancmd.pl b/libs/curl/.github/scripts/cleancmd.pl new file mode 100755 index 00000000..e9366de7 --- /dev/null +++ b/libs/curl/.github/scripts/cleancmd.pl @@ -0,0 +1,54 @@ +#!/usr/bin/env perl +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# Input: a cmdline docs markdown, it gets modified *in place* +# +# The main purpose is to strip off the leading meta-data part, but also to +# clean up whatever else the spell checker might have a problem with that we +# still deem is fine. + +my $header = 1; +while(1) { + # set this if the markdown has no meta-data header to skip + if($ARGV[0] eq "--no-header") { + shift @ARGV; + $header = 0; + } + else { + last; + } +} + +my $f = $ARGV[0]; + +open(F, "<$f") or die; + +my $ignore = $header; +my $sepcount = 0; +my @out; +while() { + if(/^---/ && $header) { + if(++$sepcount == 2) { + $ignore = 0; + } + next; + } + next if($ignore); + + # strip out all long command line options + $_ =~ s/--[a-z0-9-]+//g; + + # strip out https URLs, we don't want them spellchecked + $_ =~ s!https://[a-z0-9\#_/.-]+!!gi; + + push @out, $_; +} +close(F); + +if(!$ignore) { + open(O, ">$f") or die; + print O @out; + close(O); +} diff --git a/libs/curl/.github/scripts/cleanspell.pl b/libs/curl/.github/scripts/cleanspell.pl new file mode 100755 index 00000000..bfa07dc0 --- /dev/null +++ b/libs/curl/.github/scripts/cleanspell.pl @@ -0,0 +1,86 @@ +#!/usr/bin/env perl +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# Given: a libcurl curldown man page +# Outputs: the same file, minus the SYNOPSIS and the EXAMPLE sections +# + +my $f = $ARGV[0]; + +open(F, "<$f") or die; + +my @out; +my $ignore = 0; +while() { + if($_ =~ /^# (SYNOPSIS|EXAMPLE)/) { + $ignore = 1; + } + elsif($ignore && ($_ =~ /^# [A-Z]/)) { + $ignore = 0; + } + elsif(!$ignore) { + # **bold** + $_ =~ s/\*\*(\S.*?)\*\*//g; + # *italics* + $_ =~ s/\*(\S.*?)\*//g; + + $_ =~ s/CURL(M|SH|U|H)code//g; + $_ =~ s/CURL_[A-Z0-9_]*//g; + $_ =~ s/CURLALTSVC_[A-Z0-9_]*//g; + $_ =~ s/CURLAUTH_[A-Z0-9_]*//g; + $_ =~ s/CURLE_[A-Z0-9_]*//g; + $_ =~ s/CURLFORM_[A-Z0-9_]*//g; + $_ =~ s/CURLFTP_[A-Z0-9_]*//g; + $_ =~ s/CURLFTPAUTH_[A-Z0-9_]*//g; + $_ =~ s/CURLFTPMETHOD_[A-Z0-9_]*//g; + $_ =~ s/CURLFTPSSL_[A-Z0-9_]*//g; + $_ =~ s/CURLGSSAPI_[A-Z0-9_]*//g; + $_ =~ s/CURLHEADER_[A-Z0-9_]*//g; + $_ =~ s/CURLINFO_[A-Z0-9_]*//g; + $_ =~ s/CURLM_[A-Z0-9_]*//g; + $_ =~ s/CURLMIMEOPT_[A-Z0-9_]*//g; + $_ =~ s/CURLMOPT_[A-Z0-9_]*//g; + $_ =~ s/CURLOPT_[A-Z0-9_]*//g; + $_ =~ s/CURLPIPE_[A-Z0-9_]*//g; + $_ =~ s/CURLPROTO_[A-Z0-9_]*//g; + $_ =~ s/CURLPROXY_[A-Z0-9_]*//g; + $_ =~ s/CURLPX_[A-Z0-9_]*//g; + $_ =~ s/CURLSHE_[A-Z0-9_]*//g; + $_ =~ s/CURLSHOPT_[A-Z0-9_]*//g; + $_ =~ s/CURLSSLOPT_[A-Z0-9_]*//g; + $_ =~ s/CURLSSH_[A-Z0-9_]*//g; + $_ =~ s/CURLSSLBACKEND_[A-Z0-9_]*//g; + $_ =~ s/CURLU_[A-Z0-9_]*//g; + $_ =~ s/CURLUPART_[A-Z0-9_]*//g; + #$_ =~ s/\bCURLU\b//g; # stand-alone CURLU + $_ =~ s/CURLUE_[A-Z0-9_]*//g; + $_ =~ s/CURLHE_[A-Z0-9_]*//g; + $_ =~ s/CURLWS_[A-Z0-9_]*//g; + $_ =~ s/CURLKH[A-Z0-9_]*//g; + $_ =~ s/CURLUPART_[A-Z0-9_]*//g; + $_ =~ s/CURLUSESSL_[A-Z0-9_]*//g; + $_ =~ s/CURLPAUSE_[A-Z0-9_]*//g; + $_ =~ s/CURLHSTS_[A-Z0-9_]*//g; + $_ =~ s/curl_global_([a-z_]*)//g; + $_ =~ s/curl_(strequal|strnequal|formadd|waitfd|formget|getdate|formfree)//g; + $_ =~ s/curl_easy_([a-z]*)//g; + $_ =~ s/curl_multi_([a-z_]*)//g; + $_ =~ s/curl_mime_(subparts|addpart|filedata|data_cb)//g; + $_ =~ s/curl_ws_(send|recv|meta)//g; + $_ =~ s/curl_url_(dup)//g; + $_ =~ s/curl_pushheader_by(name|num)//g; + $_ =~ s/libcurl-(env|ws)//g; + $_ =~ s/libcurl\\-(env|ws)//g; + $_ =~ s/(^|\W)((tftp|https|http|ftp):\/\/[a-z0-9\-._~%:\/?\#\[\]\@!\$&'()*+,;=\\]+)//gi; + push @out, $_; + } +} +close(F); + +open(O, ">$f") or die; +for my $l (@out) { + print O $l; +} +close(O); diff --git a/libs/curl/.github/scripts/codespell-ignore.txt b/libs/curl/.github/scripts/codespell-ignore.txt new file mode 100644 index 00000000..a239d9ef --- /dev/null +++ b/libs/curl/.github/scripts/codespell-ignore.txt @@ -0,0 +1,16 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +clen +te +wont +statics +nome +wast +numer +anull +inout +msdos +ba +fo +ede diff --git a/libs/curl/.github/scripts/shellcheck.sh b/libs/curl/.github/scripts/shellcheck.sh new file mode 100755 index 00000000..b4a07c58 --- /dev/null +++ b/libs/curl/.github/scripts/shellcheck.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +shellcheck --version +# shellcheck disable=SC2046 +shellcheck --exclude=1091 \ + --enable=avoid-nullary-conditions,deprecate-which \ + $(grep -l -E '^#!(/usr/bin/env bash|/bin/sh|/bin/bash)' $(git ls-files)) diff --git a/libs/curl/.github/scripts/spacecheck.pl b/libs/curl/.github/scripts/spacecheck.pl new file mode 100755 index 00000000..b2473b15 --- /dev/null +++ b/libs/curl/.github/scripts/spacecheck.pl @@ -0,0 +1,153 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Viktor Szakats +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +use strict; +use warnings; + +my @tabs = ( + "^m4/zz40-xc-ovr.m4", + "Makefile\\.[a-z]+\$", + "/mkfile", + "\\.(bat|sln|vc)\$", + "^tests/certs/.+\\.der\$", + "^tests/data/test", +); + +my @mixed_eol = ( + "^tests/certs/.+\\.(crt|der)\$", + "^tests/certs/Server-localhost0h-sv.pem", + "^tests/data/test", +); + +my @need_crlf = ( + "\\.(bat|sln)\$", + "^winbuild/.+\\.md\$", +); + +my @space_at_eol = ( + "^tests/.+\\.(cacert|crt|pem)\$", + "^tests/data/test", +); + +my @eol_at_eof = ( + "^tests/certs/.+\\.der\$", +); + +sub fn_match { + my ($filename, @masklist) = @_; + + foreach my $mask (@masklist) { + if ($filename =~ $mask) { + return 1; + } + } + return 0; +} + +sub eol_detect { + my ($content) = @_; + + my $cr = () = $content =~ /\r/g; + my $lf = () = $content =~ /\n/g; + + if ($cr > 0 && $lf == 0) { + return "cr" + } + elsif ($cr == 0 && $lf > 0) { + return "lf" + } + elsif ($cr == 0 && $lf == 0) { + return "bin" + } + elsif ($cr == $lf) { + return "crlf" + } + + return "" +} + +my $issues = 0; + +open my $git_ls_files, '-|', 'git ls-files' or die "Failed running git ls-files: $!"; +while (my $filename = <$git_ls_files>) { + chomp $filename; + + open my $fh, '<', $filename or die "Cannot open '$filename': $!"; + my $content = do { local $/; <$fh> }; + close $fh; + + my @err = (); + + if (!fn_match($filename, @tabs) && + $content =~ /\t/) { + push @err, "content: has tab"; + } + + my $eol = eol_detect($content); + + if ($eol eq "" && + !fn_match($filename, @mixed_eol)) { + push @err, "content: has mixed EOL types"; + } + + if ($eol ne "crlf" && + fn_match($filename, @need_crlf)) { + push @err, "content: must use CRLF EOL for this file type"; + } + + if ($eol ne "lf" && $content ne "" && + !fn_match($filename, @need_crlf) && + !fn_match($filename, @mixed_eol)) { + push @err, "content: must use LF EOL for this file type"; + } + + if (!fn_match($filename, @space_at_eol) && + $content =~ /[ \t]\n/) { + push @err, "content: has line-ending whitespace"; + } + + if ($content ne "" && + !fn_match($filename, @eol_at_eof) && + $content !~ /\n\z/) { + push @err, "content: has no EOL at EOF"; + } + + if ($content =~ /\n\n\z/ || + $content =~ /\r\n\r\n\z/) { + push @err, "content: has multiple EOL at EOF"; + } + + if (@err) { + $issues++; + foreach my $err (@err) { + print "$filename: $err\n"; + } + } +} +close $git_ls_files; + +if ($issues) { + exit 1; +} diff --git a/libs/curl/.github/scripts/spellcheck.words b/libs/curl/.github/scripts/spellcheck.words new file mode 100644 index 00000000..be12d3c9 --- /dev/null +++ b/libs/curl/.github/scripts/spellcheck.words @@ -0,0 +1,969 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +AAAA +ABI +accessor +ACK +AES +AIA +AIX +al +Alessandro +aliasMode +allocator +alnum +ALPN +Altera +AltSvc +ALTSVC +amiga +AmigaOS +AmiSSL +anyauth +anycast +apache +Apache +API +APIs +APOP +AppVeyor +archivers +Archos +Arntsen +Aros +ascii +asynch +AsynchDNS +atime +auth +autobuild +autobuilds +Autoconf +autoconf +Automake +automake +Autotools +autotools +AVR +AWS +AWS-LC +axTLS +backend +backends +backoff +backticks +balancers +Baratov +basename +bashrc +BDFL +BearSSL +Benoit +BeOS +bitmask +bitwise +Björn +Bjørn +bool +boolean +BoringSSL +Boukris +Broadcom +brotli +bufq +bufref +bugfix +bugfixes +buildable +buildbot +buildconf +Caddy +calloc +CAPA +capath +CCC +CDN +CentOS +CFLAGS +cflags +CGI's +CHACHA +chacha +Chaffraix +changelog +changeset +CharConv +charset +charsets +checksrc +checksums +chgrp +chmod +chown +ChromeOS +CI's +CIDR +CIFS +CLA +CLAs +cleartext +CLI +ClientHello +clientp +cliget +closesocket +CMake +cmake +CMake's +cmake's +CMakeLists +CNA +CNAME +CNAMEs +CodeQL +codeql +CODESET +codeset +Comcast +Config +config +conncache +connectdata +CookieInfo +Coverity +CPUs +CR +CRL +CRLF +crt +crypto +cryptographic +cryptographically +CSEQ +CSeq +csh +cshrc +CTRL +cURL +CURLcode +curldown +CURLE +CURLECH +CURLH +curlimages +CURLINFO +curlrc +curltest +customizable +CVE +CVSS +CWD +CWE +cyassl +Cygwin +daniel +datatracker +dbg +Debian +DEBUGBUILD +decrypt +decrypting +deepcode +DELE +DER +dereference +dereferences +deselectable +deserialization +Deserialized +destructor +detections +dev +devcpp +DevOps +devtools +DHCP +dir +distro +distro's +distros +DJGPP +dlist +DLL +dll +DLLs +DNS +dns +dnsop +DoH +DoT +doxygen +drftpd +dsa +Dudka +Dymond +dynbuf +EAGAIN +EBCDIC +ECC +ECDHE +ECH +ECHConfig +ECHConfigList +ecl +ECONNREFUSED +eCOS +ECT +EF +EFnet +EGD +EHLO +EINTR +else's +encodings +enctype +endianness +Engler +enum +epoll +EPRT +EPSV +ERRNO +errno +ESNI +et +etag +ETag +ETags +exe +executables +EXPN +extensibility +failsafe +Falkeborn +Fandrich +Fastly +fcpp +Fedora +Feltzing +ffi +filesize +filesystem +FLOSS +fnmatch +formpost +formposts +Fortnite +FOSS +FPL +fread +FreeBSD +FreeDOS +FreeRTOS +freshmeat +Frexx +FS +fseek +FTPing +fuzzer +fwrite +Garmin +gcc +GCM +gdb +Genode +Gentoo +Gergely +getaddrinfo +getenv +gethostbyname +gethostname +Getinfo +getinfo +GETing +getpwuid +ggcov +Ghedini +Gisle +Glesys +globbed +globbing +gmail +GnuTLS +Golemon +GOST +GPG +GPL +GPLed +GREASE +GREASEing +Greear +groff +gsasl +GSKit +gskit +GSS +GSSAPI +GTFO +Guenter +GUIs +Gunderson +Gustafsson +gzip +Gzipped +gzipped +HackerOne +HackerOne's +HAProxy +HardenedBSD +Hards +Haxx +haxx +Heimdal +HelloRetryRequest +HELO +HH +HMAC +Hoersken +Holme +homebrew +hostname +hostnames +Housley +HRR +Hruska +HSTS +hsts +HTC +html +http +HTTPAUTH +httpd +HTTPD +httpget +HttpGet +HTTPS +https +hyper's +Högskolan +IANA +Icecast +ICONV +iconv +IDN +IDNA +IETF +ietf +ifdef +ifdefed +Ifdefs +ifdefs +ifhost +IIS +ILE +Illumos +IMAP +imap +IMAPS +imaps +impacket +init +initializer +inlined +interop +interoperable +interoperates +IoT +ipadOS +IPCXN +IPFS +ipld +IPNS +IPv +IPv4 +IPv4/6 +IPv6 +IRIs +IRIX +Itanium +iX +Jakub +Jiri +jo +jpeg +jq +JSON +json +Julien +Kamil +Kaufmann +kB +KDE +keepalive +Keil +kerberos +Keychain +keychain +KiB +kickstart +Kirei +Knauf +kqueue +Krb +krb +Kubernetes +Kuhrt +Kungliga +Largefile +LDAP +ldap +LDAPS +ldaps +LF +LGTM +libbrotlidec +libc +libcurl +libcurl's +libcurls +libera +libev +libevent +libgsasl +libidn +libnssckbi +libnsspem +libpsl +Libre +libre +LibreSSL +librtmp +libs +libssh +libssh2 +Libtool +libtool +libuv +libWebSocket +libz +libzstd +LineageOS +linux +ln +localhost +LOGDIR +logfile +lookups +loopback +LOWCOST +LOWDELAY +LPRT +LSB +lseek +Lua +lwIP +macdef +macOS +macos +Makefile +makefiles +malloc +mallocs +manpage +manpages +maprintf +Marek +Mavrogiannopoulos +Mbed +mbedTLS +md +Meglio +memdebug +MesaLink +mesalink +Metalink +mfprintf +Michal +Micrium +MicroBlaze +MicroOS +middlebox +MINCOST +mingw +MinGW +MINIX +misconfigured +Mishyn +mitigations +MITM +mk +mkdir +mktime +Monnerat +monospace +MorphOS +MPE +MPL +mprintf +MPTCP +MQTT +mqtt +mqtts +MSB +MSGSENT +msh +MSIE +msnprintf +msprintf +msquic +mstate +MSVC +MSYS +msys +mtime +mTLS +MUA +multicwd +multiparts +multipath +MultiSSL +mumbo +musedev +mutex +mvaprintf +mvfprintf +mvprintf +mvsnprintf +mvsprintf +MX +Nagel +Nagle +NAMELOOKUP +Natively +NATs +nc +NCR +NDK +NEC +Necko +NetBSD +netrc +netstat +Netware +NFS +nghttp +nghttpx +ngtcp +Nikos +Nios +nitems +NixOS +NLST +nmake +nmemb +nocwd +NODELAY +NonStop +NOOP +Novell +NPN +nroff +nslookup +NSS +nss +NTLM +NTLMUSER +NTLMv +NUM +NuttX +OAuth +objcopy +OCSP +Ok +OpenBSD +OpenLDAP +OpenRISC +OpenSSF +OpenSSF's +OpenSSH +OpenSSL +OpenStep +openSUSE +openwall +Orbis +ORing +Osipov +OSS +pac +pacman +parser's +parsers +PASE +PASV +PEM +pem +perl +permafailing +PINGs +pipelining +PKCS +pkcs +PKGBUILD +PKI +pluggable +pn +PolarSSL +Polhem +pollset +POSIX +Postfix +POSTing +POSTs +PowerShell +pre +prebuilt +precompiled +prepend +prepended +prepending +prepends +preprocess +preprocessed +Preprocessing +preprocessor +Prereq +PRET +pretransfer +printf +printf's +PSL +pthreads +PTR +ptr +punycode +PWD +pwd +py +pycurl +pytest +Pytest +qname +QNX +QoS +Qubes +QUIC +quictls +quicwg +Raad +radix +RAS +RBS +ReactOS +README +realloc +Realtime +rebase +RECV +recv +Redhat +redirections +redirs +redistributable +Redox +reentrant +Referer +referer +reinitializes +Relatedly +repo +reprioritized +resending +resends +RETR +retransmit +retrigger +RHEL +RICS +Rikard +rmdir +ROADMAP +Roadmap +Rockbox +roffit +RPG +RR +RRs +RRtype +RSA +RTMP +rtmp +RTMPE +RTMPS +RTMPT +RTMPTE +RTMPTS +RTOS +RTP +RTSP +rtsp +RTT +runtests +runtime +Ruslan +rustc +rustls +Sagula +SanDisk +SAS +SASL +Satiro +Schannel +Schindelin +SCO +SCP +scp +SDK +se +SEB +SEK +selectable +Serv +setopt +setsockopt +setuid +SFTP +sftp +sha +SHOUTcast +SIGALRM +SIGCHLD +SIGPIPE +singlecwd +SINIX +Sintonen +sizeof +SLE +slist +sln +SMB +smb +SMBS +smbs +SMBv +SMTP +smtp +smtps +SMTPS +SNI +socketopen +socketpair +sockopt +SOCKOPT +SOCKSv +Solaris +SONAME +Soref +SPARC +SPDX +SPNEGO +Spotify +sprintf +src +SRP +SRWLOCK +SSL +ssl +SSLeay +SSLKEYLOGFILE +sslv +SSLv +SSLVERSION +SSPI +stackoverflow +STARTTLS +STARTTRANSFER +stateful +statvfs +stderr +stdin +stdout +Steinar +Stenberg +STLS +STOR +strcat +strcpy +strdup +strerror +strlen +strncat +struct +structs +Structs +stunnel +subdirectories +subdirectory +submitters +substring +substrings +SunOS +SunSSH +superset +svc +svcb +SVCB +Svyatoslav +Swisscom +sws +Symbian +symlink +symlinks +syntaxes +Szakats +TABs +Tatsuhiro +TBD +TCP +tcpdump +Tekniska +testability +TFTP +tftp +threadsafe +Tizen +TLS +tlsv +TLSv +TODO +Tomtom +toolchain +toolchains +toolset +toplevel +TOS +TPF +TrackMemory +transcode +Tru +trustless +Tse +Tsujikawa +TTL +tvOS +txt +typedef +typedefed +Ubuntu +ucLinux +UDP +UI +UID +UIDL +Ultrix +Unary +unassign +UNC +uncompress +unencoded +unencrypted +unescape +Unglobbed +Unicode +UNICOS +unix +UnixSockets +UnixWare +unlink +unpause +unpaused +unpauses +unpausing +unsanitized +Unshare +unsharing +untrusted +UPN +upstreaming +URI +URIs +url +URL's +urlencoded +urlget +USD +userdata +Userinfo +userinfo +USERPROFILE +UTF +UX +valgrind +Vanem +vararg +VC +vcpkg +vexxhost +Viktor +VLAN +VM +VMS +VMware +vnd +VRF +VRFY +VSE +vsftpd +vsprintf +vt +vtls +vxWorks +wakeup +Warta +watchOS +WAV +WB +web page +WebDAV +WebOS +webpage +WebSocket +WEBSOCKET +WHATWG +whitespace +Whitespaces +winbind +WinBind +winbuild +winidn +WinIDN +WinLDAP +WinSock +winsock +WinSSL +winssl +Wireshark +wolfSSH +wolfSSL +ws +WS +WSS +www +Xbox +XDG +xdigit +Xilinx +XP +Xtensa +XYZ +Youtube +YYYY +YYYYMMDD +Zakrzewski +Zitzmann +zlib +zsh +zstd +Zuul +zuul diff --git a/libs/curl/.github/scripts/spellcheck.yaml b/libs/curl/.github/scripts/spellcheck.yaml new file mode 100644 index 00000000..97d5d330 --- /dev/null +++ b/libs/curl/.github/scripts/spellcheck.yaml @@ -0,0 +1,32 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl +# +# Docs: https://github.com/UnicornGlobal/spellcheck-github-actions +matrix: + - name: Markdown + expect_match: false + apsell: + mode: en + dictionary: + wordlists: + - wordlist.txt + output: wordlist.dic + encoding: utf-8 + pipeline: + - pyspelling.filters.markdown: + markdown_extensions: + - markdown.extensions.extra: + - pyspelling.filters.html: + comments: true + attributes: + - title + - alt + ignores: + - ':matches(code, pre)' + - 'code' + - 'pre' + - 'strong' + - 'em' + sources: + - '**/*.md|!docs/BINDINGS.md|!docs/DISTROS.md' diff --git a/libs/curl/.github/scripts/verify-examples.pl b/libs/curl/.github/scripts/verify-examples.pl new file mode 100755 index 00000000..28d24595 --- /dev/null +++ b/libs/curl/.github/scripts/verify-examples.pl @@ -0,0 +1,110 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +my @files = @ARGV; +my $cfile = "test.c"; +my $check = "./scripts/checksrc.pl"; +my $error; + +if($files[0] eq "-h") { + print "Usage: verify-synopsis [man pages]\n"; + exit; +} + +sub testcompile { + my $rc = system("gcc -c test.c -DCURL_DISABLE_TYPECHECK -DCURL_ALLOW_OLD_MULTI_SOCKET -DCURL_DISABLE_DEPRECATION -Wunused -Werror -Wno-unused-but-set-variable -I include") >> 8; + return $rc; +} + +sub checksrc { + my $rc = system("$check test.c") >> 8; + return $rc; +} + +sub extract { + my($f) = @_; + my $syn = 0; + my $l = 0; + my $iline = 0; + my $fail = 0; + open(F, "<$f") or die "failed opening input file $f : $!"; + open(O, ">$cfile") or die "failed opening output file $cfile : $!"; + print O "#include \n"; + while() { + $iline++; + if(/^.SH EXAMPLE/) { + $syn = 1 + } + elsif($syn == 1) { + if(/^.nf/) { + $syn++; + print O "/* !checksrc! disable UNUSEDIGNORE all */\n"; + print O "/* !checksrc! disable COPYRIGHT all */\n"; + print O "/* !checksrc! disable FOPENMODE all */\n"; + printf O "#line %d \"$f\"\n", $iline+1; + } + } + elsif($syn == 2) { + if(/^.fi/) { + last; + } + if(/(?, et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +my @files = @ARGV; +my $cfile = "test.c"; + +if($files[0] eq "-h") { + print "Usage: verify-synopsis [man pages]\n"; + exit; +} + +sub testcompile { + my $rc = system("gcc -c test.c -DCURL_DISABLE_TYPECHECK -DCURL_ALLOW_OLD_MULTI_SOCKET -I include") >> 8; + return $rc; +} + + +sub extract { + my($f) = @_; + my $syn = 0; + my $l = 0; + my $iline = 0; + open(F, "<$f"); + open(O, ">$cfile"); + while() { + $iline++; + if(/^# SYNOPSIS/) { + $syn = 1 + } + elsif($syn == 1) { + if(/^\~\~\~/) { + $syn++; + print O "#line $iline \"$f\"\n"; + } + } + elsif($syn == 2) { + if(/^\~\~\~/) { + last; + } + # turn the vararg argument into vararg + $_ =~ s/, parameter\)\;/, ...);/; + print O $_; + $l++; + } + } + close(F); + close(O); + + if($syn < 2) { + print STDERR "Found no synopsis in $f\n"; + return 1; + } + + return 0; +} + +my $error; +for my $m (@files) { + $error |= extract($m); + $error |= testcompile($m); +} +exit $error; diff --git a/libs/curl/.github/stale.yml b/libs/curl/.github/stale.yml index 9bcd4eb1..dc239b56 100644 --- a/libs/curl/.github/stale.yml +++ b/libs/curl/.github/stale.yml @@ -1,3 +1,7 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + # Number of days of inactivity before an issue becomes stale daysUntilStale: 180 # Number of days of inactivity before a stale issue is closed diff --git a/libs/curl/.github/workflows/appveyor-status.yml b/libs/curl/.github/workflows/appveyor-status.yml new file mode 100644 index 00000000..df54422f --- /dev/null +++ b/libs/curl/.github/workflows/appveyor-status.yml @@ -0,0 +1,41 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: AppVeyor Status Report + +on: + status + +concurrency: + group: ${{ github.workflow }}-${{ github.event.sha }}-${{ github.event.target_url }} + cancel-in-progress: true + +permissions: {} + +jobs: + split: + runs-on: ubuntu-latest + if: ${{ github.event.sender.login == 'appveyor[bot]' }} + permissions: + statuses: write + steps: + - name: Create individual AppVeyor build statuses + if: ${{ github.event.sha && github.event.target_url }} + env: + APPVEYOR_COMMIT_SHA: ${{ github.event.sha }} + APPVEYOR_TARGET_URL: ${{ github.event.target_url }} + APPVEYOR_REPOSITORY: ${{ github.event.repository.full_name }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo ${APPVEYOR_TARGET_URL} | sed 's/\/project\//\/api\/projects\//' | xargs -t -n1 curl -s | \ + jq -c '.build.jobs[] | {target_url: ($target_url + "/job/" + .jobId), + context: (.name | sub("^(Environment: )?"; "AppVeyor / ")), + state: (.status | sub("queued"; "pending") + | sub("starting"; "pending") + | sub("running"; "pending") + | sub("failed"; "failure") + | sub("cancelled"; "error")), + description: .status}' \ + --arg target_url ${APPVEYOR_TARGET_URL} | tee /dev/stderr | parallel --pipe -j 1 -N 1 \ + gh api --silent --input - repos/${APPVEYOR_REPOSITORY}/statuses/${APPVEYOR_COMMIT_SHA} diff --git a/libs/curl/.github/workflows/awslc.yml b/libs/curl/.github/workflows/awslc.yml new file mode 100644 index 00000000..a45ef7d6 --- /dev/null +++ b/libs/curl/.github/workflows/awslc.yml @@ -0,0 +1,153 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Linux AWS-LC + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + # Hardcoded workflow filename as workflow name above is just Linux again + group: awslc-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 5 + + # renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com + awslc-version: 1.31.0 + +jobs: + autoconf: + name: awslc (autoconf) + runs-on: 'ubuntu-latest' + timeout-minutes: 30 + + steps: + - run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get update + sudo apt-get install --yes libtool autoconf automake pkg-config stunnel4 libpsl-dev + # ensure we don't pick up openssl in this build + sudo apt remove --yes libssl-dev + sudo python3 -m pip install impacket + name: 'install prereqs and impacket' + + - name: cache awslc + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-awslc + env: + cache-name: cache-awslc + with: + path: /home/runner/awslc + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.awslc-version }} + + - name: build awslc + if: steps.cache-awslc.outputs.cache-hit != 'true' + run: | + curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \ + https://github.com/awslabs/aws-lc/archive/refs/tags/v${{ env.awslc-version }}.tar.gz + tar xzf v${{ env.awslc-version }}.tar.gz + mkdir aws-lc-${{ env.awslc-version }}-build + cd aws-lc-${{ env.awslc-version }}-build + cmake -DCMAKE_INSTALL_PREFIX=$HOME/awslc ../aws-lc-${{ env.awslc-version }} + cmake --build . --parallel + cmake --install . + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - run: autoreconf -fi + name: 'autoreconf' + + - run: | + mkdir build + cd build + ../configure --disable-dependency-tracking --enable-warnings --enable-werror --with-openssl=$HOME/awslc + cd .. + name: 'configure out-of-tree' + + - run: make -C build V=1 + name: 'make' + + - run: make -C build V=1 examples + name: 'make examples' + + - run: make -C build V=1 -C tests + name: 'make tests' + + - run: make -C build V=1 test-ci + name: 'run tests' + + cmake: + name: awslc (cmake) + runs-on: 'ubuntu-latest' + timeout-minutes: 15 + + steps: + - run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get update + sudo apt-get install cmake stunnel4 + # ensure we don't pick up openssl in this build + sudo apt remove --yes libssl-dev + sudo python3 -m pip install impacket + name: 'install prereqs and impacket' + + - name: cache awslc + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-awslc + env: + cache-name: cache-awslc + with: + path: /home/runner/awslc + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.awslc-version }} + + - name: build awslc + if: steps.cache-awslc.outputs.cache-hit != 'true' + run: | + curl -LOsSf --retry 6 --retry-connrefused --max-time 999 \ + https://github.com/awslabs/aws-lc/archive/refs/tags/v${{ env.awslc-version }}.tar.gz + tar xzf v${{ env.awslc-version }}.tar.gz + mkdir aws-lc-${{ env.awslc-version }}-build + cd aws-lc-${{ env.awslc-version }}-build + cmake -DCMAKE_INSTALL_PREFIX=$HOME/awslc ../aws-lc-${{ env.awslc-version }} + cmake --build . --parallel + cmake --install . + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - run: cmake -Bbuild -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON -DOPENSSL_ROOT_DIR=$HOME/awslc -DBUILD_SHARED_LIBS=ON . + name: 'cmake generate out-of-tree' + + - run: cmake --build build --parallel + name: 'cmake build' + + - run: cmake --install build --prefix $HOME/curl --strip + name: 'cmake install' diff --git a/libs/curl/.github/workflows/badwords.yml b/libs/curl/.github/workflows/badwords.yml new file mode 100644 index 00000000..e863afab --- /dev/null +++ b/libs/curl/.github/workflows/badwords.yml @@ -0,0 +1,42 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: badwords + +on: + # Trigger the workflow on push or pull requests, but only for the + # master branch + push: + branches: + - master + - '*/ci' + pull_request: + branches: + - master + +permissions: {} + +jobs: + docs: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: check + run: ./.github/scripts/badwords.pl < .github/scripts/badwords.txt docs/*.md docs/libcurl/*.md docs/libcurl/opts/*.md docs/cmdline-opts/*.md docs/TODO docs/KNOWN_BUGS + + source: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + # we allow some extra in source code + - name: trim wordlist + run: grep -Ev '(\\bwill| url | dir )' .github/scripts/badwords.txt > .github/scripts/source.txt + + - name: check + run: ./.github/scripts/badwords.pl < .github/scripts/source.txt `git ls-files -- src lib include` diff --git a/libs/curl/.github/workflows/codeql-analysis.yml b/libs/curl/.github/workflows/codeql-analysis.yml index 5f8b86f2..d70ff352 100644 --- a/libs/curl/.github/workflows/codeql-analysis.yml +++ b/libs/curl/.github/workflows/codeql-analysis.yml @@ -1,50 +1,78 @@ -name: codeql +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: CodeQL on: - # Trigger the workflow on push or pull requests, but only for the - # master branch push: branches: - master - '*/ci' + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'docs/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'tests/data/**' + - 'winbuild/**' pull_request: branches: - master + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'docs/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'tests/data/**' + - 'winbuild/**' schedule: - cron: '0 0 * * 4' -permissions: - security-events: write +concurrency: + group: ${{ github.workflow }} + +permissions: {} jobs: codeql: runs-on: ubuntu-latest + permissions: + security-events: write steps: - - name: Checkout repository - uses: actions/checkout@v2 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: cpp - queries: security-extended - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v1 - - # â„¹ï¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # âœï¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + - name: Checkout repository + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + with: + languages: cpp + queries: security-extended + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 + + # â„¹ï¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # âœï¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + # - run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3 diff --git a/libs/curl/.github/workflows/codespell.yml b/libs/curl/.github/workflows/codespell.yml new file mode 100644 index 00000000..4aa8cda8 --- /dev/null +++ b/libs/curl/.github/workflows/codespell.yml @@ -0,0 +1,39 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Codespell + +on: + push: + branches: + - master + - '*/ci' + paths: + - 'lib/**' + - 'src/**' + - 'include/**' + pull_request: + branches: + - master + - 'lib/**' + - 'src/**' + - 'include/**' + +permissions: {} + +jobs: + codespell: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: install + run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get update + sudo apt-get install codespell + + - name: spellcheck + run: codespell --skip src/tool_hugehelp.c -I .github/scripts/codespell-ignore.txt include src lib diff --git a/libs/curl/.github/workflows/configure-vs-cmake.yml b/libs/curl/.github/workflows/configure-vs-cmake.yml new file mode 100644 index 00000000..231e7691 --- /dev/null +++ b/libs/curl/.github/workflows/configure-vs-cmake.yml @@ -0,0 +1,45 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: configure-vs-cmake +on: + push: + branches: + - master + paths: + - '*.ac' + - '**/*.m4' + - '**/CMakeLists.txt' + - 'lib/curl_config.h.cmake' + - 'scripts/cmp-config.pl' + + pull_request: + branches: + - master + paths: + - '*.ac' + - '**/*.m4' + - '**/CMakeLists.txt' + - 'lib/curl_config.h.cmake' + - 'scripts/cmp-config.pl' + +permissions: {} + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: run configure --with-openssl + run: | + autoreconf -fi + ./configure --with-openssl --without-libpsl + + - name: run cmake + run: | + mkdir build && cd build && cmake .. + + - name: compare generated curl_config.h files + run: ./scripts/cmp-config.pl lib/curl_config.h build/lib/curl_config.h diff --git a/libs/curl/.github/workflows/curl-for-win.yml b/libs/curl/.github/workflows/curl-for-win.yml new file mode 100644 index 00000000..87927278 --- /dev/null +++ b/libs/curl/.github/workflows/curl-for-win.yml @@ -0,0 +1,111 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl +--- +name: curl-for-win + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + CW_NOGET: 'curl trurl' + CW_MAP: '0' + CW_JOBS: '5' + CW_NOPKG: '1' + DOCKER_CONTENT_TRUST: '1' + +jobs: + linux-musl-llvm: + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + with: + path: 'curl' + fetch-depth: 8 + - name: 'build' + run: | + git clone --depth 1 https://github.com/curl/curl-for-win + mv curl-for-win/* . + export CW_CONFIG='-main-werror-linux-musl-x64' + export CW_REVISION='${{ github.sha }}' + . ./_versions.sh + docker trust inspect --pretty "${DOCKER_IMAGE}" + time docker pull "${DOCKER_IMAGE}" + docker images --digests + time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \ + --env-file <(env | grep -a -E \ + '^(CW_|GITHUB_)') \ + "${DOCKER_IMAGE}" \ + sh -c ./_ci-linux-debian.sh + + mac-clang: + runs-on: macos-latest + timeout-minutes: 30 + env: + CW_JOBS: '4' + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + with: + path: 'curl' + fetch-depth: 8 + - name: 'build' + run: | + git clone --depth 1 https://github.com/curl/curl-for-win + mv curl-for-win/* . + export CW_CONFIG='-main-werror-mac-x64' + export CW_REVISION='${{ github.sha }}' + sh -c ./_ci-mac-homebrew.sh + + win-llvm: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + with: + path: 'curl' + fetch-depth: 8 + - name: 'build' + run: | + git clone --depth 1 https://github.com/curl/curl-for-win + mv curl-for-win/* . + export CW_CONFIG='-main-werror-win-x64' + export CW_REVISION='${{ github.sha }}' + . ./_versions.sh + docker trust inspect --pretty "${DOCKER_IMAGE}" + time docker pull "${DOCKER_IMAGE}" + docker images --digests + time docker run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \ + --env-file <(env | grep -a -E \ + '^(CW_|GITHUB_)') \ + "${DOCKER_IMAGE}" \ + sh -c ./_ci-linux-debian.sh diff --git a/libs/curl/.github/workflows/distcheck.yml b/libs/curl/.github/workflows/distcheck.yml new file mode 100644 index 00000000..aa047c2c --- /dev/null +++ b/libs/curl/.github/workflows/distcheck.yml @@ -0,0 +1,131 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: dist + +on: + push: + branches: + - master + - '*/ci' + pull_request: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + maketgz-and-verify-in-tree: + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - run: sudo apt-get purge -y curl libcurl4 libcurl4-doc + name: 'remove preinstalled curl libcurl4{-doc}' + + - run: autoreconf -fi + name: 'autoreconf' + + - run: ./configure --without-ssl --without-libpsl + name: 'configure' + + - run: make V=1 && make V=1 clean + name: 'make and clean' + + - name: 'maketgz' + run: | + SOURCE_DATE_EPOCH=1711526400 ./maketgz 99.98.97 + + - name: 'maketgz reproducibility test' + run: | + mkdir run1; mv ./curl-99.98.97.* run1/ + make V=1 && make V=1 clean + SOURCE_DATE_EPOCH=1711526400 ./maketgz 99.98.97 + mkdir run2; cp -p ./curl-99.98.97.* run2/ + diff run1 run2 + + - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4 + with: + name: 'release-tgz' + path: 'curl-99.98.97.tar.gz' + + - run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + pushd curl-99.98.97 + ./configure --prefix=$HOME/temp --without-ssl --without-libpsl + make -j5 + make -j5 test-ci + make -j5 install + popd + # basic check of the installed files + bash scripts/installcheck.sh $HOME/temp + rm -rf curl-99.98.97 + name: 'verify in-tree configure build including install' + + verify-out-of-tree-docs: + runs-on: ubuntu-latest + timeout-minutes: 30 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + with: + name: 'release-tgz' + + - run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + touch curl-99.98.97/docs/{cmdline-opts,libcurl}/Makefile.inc + mkdir build + pushd build + ../curl-99.98.97/configure --without-ssl --without-libpsl + make -j5 + make -j5 test-ci + popd + rm -rf build + rm -rf curl-99.98.97 + name: 'verify out-of-tree configure build including docs' + + verify-out-of-tree-autotools-debug: + runs-on: ubuntu-latest + timeout-minutes: 30 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + with: + name: 'release-tgz' + + - run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + pushd curl-99.98.97 + mkdir build + pushd build + ../configure --without-ssl --enable-debug "--prefix=${PWD}/pkg" --without-libpsl + make -j5 + make -j5 test-ci + make -j5 install + name: 'verify out-of-tree autotools debug build' + + verify-out-of-tree-cmake: + runs-on: ubuntu-latest + timeout-minutes: 30 + needs: maketgz-and-verify-in-tree + steps: + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4 + with: + name: 'release-tgz' + + - run: | + echo "::stop-commands::$(uuidgen)" + tar xvf curl-99.98.97.tar.gz + pushd curl-99.98.97 + cmake -B build -DCURL_WERROR=ON + make -C build -j5 + name: 'verify out-of-tree cmake build' diff --git a/libs/curl/.github/workflows/fuzz.yml b/libs/curl/.github/workflows/fuzz.yml index fe5dd075..20774292 100644 --- a/libs/curl/.github/workflows/fuzz.yml +++ b/libs/curl/.github/workflows/fuzz.yml @@ -1,36 +1,48 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + name: Fuzzer on: - # Trigger the workflow on push or pull requests, but only for the - # master branch push: branches: - master - '*/ci' + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'tests/data/**' + - 'winbuild/**' pull_request: branches: - master + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'tests/data/**' + - 'winbuild/**' -jobs: - fuzzing: - runs-on: ubuntu-latest - steps: - - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - with: - oss-fuzz-project-name: 'curl' - dry-run: false +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true - - name: Run Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'curl' - fuzz-seconds: 2400 - dry-run: false +permissions: {} - - name: Upload Crash - uses: actions/upload-artifact@v1 - if: failure() - with: - name: artifacts - path: ./out/artifacts +jobs: + Fuzzing: + uses: curl/curl-fuzzer/.github/workflows/ci.yml@master diff --git a/libs/curl/.github/workflows/hacktoberfest-accepted.yml b/libs/curl/.github/workflows/hacktoberfest-accepted.yml index 22b69e42..02afb53d 100644 --- a/libs/curl/.github/workflows/hacktoberfest-accepted.yml +++ b/libs/curl/.github/workflows/hacktoberfest-accepted.yml @@ -1,30 +1,39 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + name: Hacktoberfest on: - # run for all pushes to master branch + # this must not ever run on any other branch than master push: branches: - master -permissions: - # requires issues AND pull-requests write permissions to edit labels on PRs! - issues: write - pull-requests: write +concurrency: + # this should not run in parallel, so just run one at a time + group: ${{ github.workflow }} + +permissions: {} jobs: # add hacktoberfest-accepted label to PRs opened starting from September 30th # till November 1st which are closed via commit reference from master branch. merged: runs-on: ubuntu-latest + permissions: + # requires issues AND pull-requests write permissions to edit labels on PRs! + issues: write + pull-requests: write steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 with: fetch-depth: 100 - - name: Check wether repo participates in Hacktoberfest + - name: Check whether repo participates in Hacktoberfest run: | - gh config set prompt disabled && echo "::set-output name=label::$( - gh repo view --json repositoryTopics --jq '.repositoryTopics[].name' | grep '^hacktoberfest$')" + gh config set prompt disabled && echo "label=$( + gh repo view --json repositoryTopics --jq '.repositoryTopics[].name' | grep '^hacktoberfest$')" >> $GITHUB_OUTPUT id: check env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -32,15 +41,15 @@ jobs: - name: Search relevant commit message lines starting with Closes/Merges run: | git log --format=email ${{ github.event.before }}..${{ github.event.after }} | \ - egrep -i "^Close[sd]? " | sort | uniq | tee log + grep -Ei "^Close[sd]? " | sort | uniq | tee log if: steps.check.outputs.label == 'hacktoberfest' - name: Search for Number-based PR references run: | - egrep -o "#([0-9]+)" log | cut -d# -f2 | sort | uniq | xargs -t -n1 -I{} \ + grep -Eo "#([0-9]+)" log | cut -d# -f2 | sort | uniq | xargs -t -n1 -I{} \ gh pr view {} --json number,createdAt \ --jq '{number, opened: .createdAt} | [.number, .opened] | join(":")' | tee /dev/stderr | \ - egrep -o '^([0-9]+):[0-9]{4}-(09-30T|10-|11-01T)' | cut -d: -f1 | sort | uniq | xargs -t -n1 -I {} \ + grep -Eo '^([0-9]+):[0-9]{4}-(09-30T|10-|11-01T)' | cut -d: -f1 | sort | uniq | xargs -t -n1 -I {} \ gh pr edit {} --add-label 'hacktoberfest-accepted' if: steps.check.outputs.label == 'hacktoberfest' env: @@ -48,10 +57,10 @@ jobs: - name: Search for URL-based PR references run: | - egrep -o "github.com/(.+)/(.+)/pull/([0-9]+)" log | sort | uniq | xargs -t -n1 -I{} \ + grep -Eo "github.com/(.+)/(.+)/pull/([0-9]+)" log | sort | uniq | xargs -t -n1 -I{} \ gh pr view "https://{}" --json number,createdAt \ --jq '{number, opened: .createdAt} | [.number, .opened] | join(":")' | tee /dev/stderr | \ - egrep -o '^([0-9]+):[0-9]{4}-(09-30T|10-|11-01T)' | cut -d: -f1 | sort | uniq | xargs -t -n1 -I {} \ + grep -Eo '^([0-9]+):[0-9]{4}-(09-30T|10-|11-01T)' | cut -d: -f1 | sort | uniq | xargs -t -n1 -I {} \ gh pr edit {} --add-label 'hacktoberfest-accepted' if: steps.check.outputs.label == 'hacktoberfest' env: diff --git a/libs/curl/.github/workflows/http3-linux.yml b/libs/curl/.github/workflows/http3-linux.yml new file mode 100644 index 00000000..618f3769 --- /dev/null +++ b/libs/curl/.github/workflows/http3-linux.yml @@ -0,0 +1,477 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: http3-linux + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + # Hardcoded workflow filename as workflow name above is just Linux again + group: http3-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 5 + # handled in renovate.json + openssl3-version: openssl-3.3.0 + # unhandled + quictls-version: 3.1.4+quic + # renovate: datasource=github-tags depName=gnutls/gnutls versioning=semver registryUrl=https://github.com + gnutls-version: 3.8.6 + wolfssl-version: master + # renovate: datasource=github-tags depName=ngtcp2/nghttp3 versioning=semver registryUrl=https://github.com + nghttp3-version: 1.4.0 + # renovate: datasource=github-tags depName=ngtcp2/ngtcp2 versioning=semver registryUrl=https://github.com + ngtcp2-version: 1.6.0 + # renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com + nghttp2-version: 1.62.1 + # renovate: datasource=github-tags depName=cloudflare/quiche versioning=semver registryUrl=https://github.com + quiche-version: 0.22.0 + # renovate: datasource=github-tags depName=icing/mod_h2 versioning=semver registryUrl=https://github.com + mod_h2-version: 2.0.29 + +jobs: + setup: + runs-on: ubuntu-latest + outputs: + wolfssl-version: ${{ steps.wolfssl-version.outputs.result }} + + steps: + - id: wolfssl-version + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 + with: + result-encoding: string + script: | + let version = '${{ env.wolfssl-version }}' + + if (version != 'master') { + return version + } + + let { data: commits } = await github.rest.repos.listCommits({ + owner: 'wolfSSL', + repo: 'wolfssl', + }) + + return commits[0].sha + + build-cache: + needs: + - setup + runs-on: ubuntu-latest + + steps: + - name: cache quictls + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-quictls-no-deprecated + env: + cache-name: cache-quictls-no-deprecated + with: + path: /home/runner/quictls/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }} + + - name: cache gnutls + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-gnutls + env: + cache-name: cache-gnutls + with: + path: /home/runner/gnutls/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }} + + - name: cache wolfssl + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-wolfssl + env: + cache-name: cache-wolfssl + wolfssl-version: ${{ needs.setup.outputs.wolfssl-version }} + with: + path: /home/runner/wolfssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }} + + - name: cache nghttp3 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-nghttp3 + env: + cache-name: cache-nghttp3 + with: + path: /home/runner/nghttp3/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }} + + - name: cache ngtcp2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-ngtcp2 + env: + cache-name: cache-ngtcp2 + with: + path: /home/runner/ngtcp2/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }} + + - name: cache nghttp2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-nghttp2 + env: + cache-name: cache-nghttp2 + with: + path: /home/runner/nghttp2/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }} + + - id: settings + if: | + steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' || + steps.cache-gnutls.outputs.cache-hit != 'true' || + steps.cache-wolfssl.outputs.cache-hit != 'true' || + steps.cache-nghttp3.outputs.cache-hit != 'true' || + steps.cache-ngtcp2.outputs.cache-hit != 'true' || + steps.cache-nghttp2.outputs.cache-hit != 'true' + run: | + echo 'needs-build=true' >> $GITHUB_OUTPUT + + - name: install build prerequisites + if: steps.settings.outputs.needs-build == 'true' + run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get update + sudo apt-get install libtool autoconf automake pkg-config stunnel4 \ + libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev \ + nettle-dev libp11-kit-dev libtspi-dev libunistring-dev guile-2.2-dev libtasn1-bin \ + libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \ + texinfo texlive texlive-extra-utils autopoint libev-dev \ + apache2 apache2-dev libnghttp2-dev + echo 'CC=gcc-12' >> $GITHUB_ENV + echo 'CXX=g++-12' >> $GITHUB_ENV + + - if: steps.cache-quictls-no-deprecated.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }} https://github.com/quictls/openssl quictls + cd quictls + ./config no-deprecated --prefix=$PWD/build --libdir=lib + make + make -j1 install_sw + name: 'build quictls' + + - if: steps.cache-gnutls.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b ${{ env.gnutls-version }} https://github.com/gnutls/gnutls.git + cd gnutls + ./bootstrap + ./configure --disable-dependency-tracking --prefix=$PWD/build \ + LDFLAGS="-Wl,-rpath,$PWD/build/lib -L$PWD/build/lib" \ + --with-included-libtasn1 --with-included-unistring \ + --disable-guile --disable-doc --disable-tests --disable-tools + make + make install + name: 'build gnutls' + + - if: steps.cache-wolfssl.outputs.cache-hit != 'true' + env: + wolfssl-version: ${{ needs.setup.outputs.wolfssl-version }} + run: | + cd $HOME + mkdir wolfssl + cd wolfssl + git init + git remote add origin https://github.com/wolfSSL/wolfssl.git + git fetch origin --depth=1 ${{ env.wolfssl-version }} + git checkout ${{ env.wolfssl-version }} + ./autogen.sh + ./configure --disable-dependency-tracking --enable-all --enable-quic --prefix=$PWD/build + make + make install + name: 'build wolfssl' + + - if: steps.cache-nghttp3.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b v${{ env.nghttp3-version }} https://github.com/ngtcp2/nghttp3 + cd nghttp3 + git submodule update --init + autoreconf -fi + ./configure --disable-dependency-tracking --prefix=$PWD/build PKG_CONFIG_PATH="$PWD/build/lib/pkgconfig" --enable-lib-only + make + make install + name: 'build nghttp3' + + - if: steps.cache-ngtcp2.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b v${{ env.ngtcp2-version }} https://github.com/ngtcp2/ngtcp2 + cd ngtcp2 + autoreconf -fi + ./configure --disable-dependency-tracking --prefix=$PWD/build \ + PKG_CONFIG_PATH="$PWD/build/lib/pkgconfig:$HOME/quictls/build/lib/pkgconfig:$HOME/gnutls/build/lib/pkgconfig:$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig" \ + --enable-lib-only --with-openssl --with-gnutls --with-wolfssl + make install + name: 'build ngtcp2' + + - if: steps.cache-nghttp2.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b v${{ env.nghttp2-version }} https://github.com/nghttp2/nghttp2 + cd nghttp2 + autoreconf -fi + ./configure --disable-dependency-tracking --prefix=$PWD/build \ + PKG_CONFIG_PATH="$HOME/build/lib/pkgconfig:$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig" \ + LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib" \ + --enable-http3 + make install + name: 'build nghttp2' + + autotools: + name: ${{ matrix.build.name }} + needs: + - setup + - build-cache + runs-on: 'ubuntu-latest' + timeout-minutes: 60 + strategy: + fail-fast: false + matrix: + build: + - name: quictls + configure: >- + PKG_CONFIG_PATH="$HOME/quictls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig" LDFLAGS="-Wl,-rpath,$HOME/quictls/build/lib" + --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug --disable-ntlm + --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" + --with-openssl=$HOME/quictls/build + - name: gnutls + configure: >- + PKG_CONFIG_PATH="$HOME/gnutls/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig" LDFLAGS="-Wl,-rpath,$HOME/gnutls/build/lib" + --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug + --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" + --with-gnutls=$HOME/gnutls/build + - name: wolfssl + configure: >- + PKG_CONFIG_PATH="$HOME/wolfssl/build/lib/pkgconfig:$HOME/nghttp3/build/lib/pkgconfig:$HOME/ngtcp2/build/lib/pkgconfig:$HOME/nghttp2/build/lib/pkgconfig" LDFLAGS="-Wl,-rpath,$HOME/wolfssl/build/lib" + --with-ngtcp2=$HOME/ngtcp2/build --enable-warnings --enable-werror --enable-debug + --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" + --with-wolfssl=$HOME/wolfssl/build + - name: openssl-quic + configure: >- + PKG_CONFIG_PATH="$HOME/openssl3/build/lib64/pkgconfig" LDFLAGS="-Wl,-rpath,$HOME/openssl3/build/lib64" + --enable-warnings --enable-werror --enable-debug --disable-ntlm + --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" + --with-openssl=$HOME/openssl3/build --with-openssl-quic + --with-nghttp3=$HOME/nghttp3/build + - name: quiche + configure: >- + LDFLAGS="-Wl,-rpath,/home/runner/quiche/target/release" + --with-openssl=/home/runner/quiche/quiche/deps/boringssl/src + --enable-warnings --enable-werror --enable-debug + --with-quiche=/home/runner/quiche/target/release + --with-test-nghttpx="$HOME/nghttp2/build/bin/nghttpx" + --with-ca-fallback + + steps: + - run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get update + sudo apt-get install libtool autoconf automake pkg-config stunnel4 \ + libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libev-dev libc-ares-dev \ + nettle-dev libp11-kit-dev libtspi-dev libunistring-dev guile-2.2-dev libtasn1-bin \ + libtasn1-6-dev libidn2-0-dev gawk gperf libtss2-dev dns-root-data bison gtk-doc-tools \ + texinfo texlive texlive-extra-utils autopoint libev-dev \ + apache2 apache2-dev libnghttp2-dev vsftpd + echo 'CC=gcc-12' >> $GITHUB_ENV + echo 'CXX=g++-12' >> $GITHUB_ENV + name: 'install prereqs and impacket, pytest, crypto, apache2' + + - name: cache quictls + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-quictls-no-deprecated + env: + cache-name: cache-quictls-no-deprecated + with: + path: /home/runner/quictls/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.quictls-version }} + fail-on-cache-miss: true + + - name: cache gnutls + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-gnutls + env: + cache-name: cache-gnutls + with: + path: /home/runner/gnutls/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.gnutls-version }} + fail-on-cache-miss: true + + - name: cache wolfssl + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-wolfssl + env: + cache-name: cache-wolfssl + wolfssl-version: ${{ needs.setup.outputs.wolfssl-version }} + with: + path: /home/runner/wolfssl/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.wolfssl-version }} + fail-on-cache-miss: true + + - name: cache nghttp3 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-nghttp3 + env: + cache-name: cache-nghttp3 + with: + path: /home/runner/nghttp3/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp3-version }} + fail-on-cache-miss: true + + - name: cache ngtcp2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-ngtcp2 + env: + cache-name: cache-ngtcp2 + with: + path: /home/runner/ngtcp2/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.ngtcp2-version }} + fail-on-cache-miss: true + + - name: cache nghttp2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-nghttp2 + env: + cache-name: cache-nghttp2 + with: + path: /home/runner/nghttp2/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.nghttp2-version }} + fail-on-cache-miss: true + + - name: cache openssl3 + if: matrix.build.name == 'openssl-quic' + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-openssl3 + env: + cache-name: cache-openssl3 + with: + path: /home/runner/openssl3/build + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.openssl3-version }} + + - name: 'install openssl3' + if: matrix.build.name == 'openssl-quic' && steps.cache-openssl3.outputs.cache-hit != 'true' + run: | + git clone --quiet --depth=1 -b ${{ env.openssl3-version }} https://github.com/openssl/openssl + cd openssl + ./config --prefix=$HOME/openssl3/build + make -j1 install_sw + cat exporters/openssl.pc + + - name: cache quiche + if: matrix.build.name == 'quiche' + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-quiche + env: + cache-name: cache-quiche + with: + path: /home/runner/quiche + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-quiche-${{ env.quiche-version }} + + - if: matrix.build.name == 'quiche' && steps.cache-quiche.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b ${{ env.quiche-version }} --recursive https://github.com/cloudflare/quiche.git + cd quiche + #### Work-around https://github.com/curl/curl/issues/7927 ####### + #### See https://github.com/alexcrichton/cmake-rs/issues/131 #### + sed -i -e 's/cmake = "0.1"/cmake = "=0.1.45"/' quiche/Cargo.toml + + cargo build -v --package quiche --release --features ffi,pkg-config-meta,qlog --verbose + ln -s libquiche.so target/release/libquiche.so.0 + mkdir -v quiche/deps/boringssl/src/lib + ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/ + + # include dir + # /home/runner/quiche/quiche/deps/boringssl/src/include + # lib dir + # /home/runner/quiche/quiche/deps/boringssl/src/lib + name: 'build quiche and boringssl' + + - name: cache mod_h2 + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-mod_h2 + env: + cache-name: cache-mod_h2 + with: + path: /home/runner/mod_h2 + key: ${{ runner.os }}-http3-build-${{ env.cache-name }}-${{ env.mod_h2-version }} + + - if: steps.cache-mod_h2.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b v${{ env.mod_h2-version }} https://github.com/icing/mod_h2 + cd mod_h2 + autoreconf -fi + ./configure + make + name: 'build mod_h2' + + - run: | + cd $HOME/mod_h2 + sudo make install + name: 'install mod_h2' + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - run: | + sudo python3 -m pip install -r tests/requirements.txt -r tests/http/requirements.txt + name: 'install python test prereqs' + + - run: autoreconf -fi + name: 'autoreconf' + + - run: ./configure --disable-dependency-tracking ${{ matrix.build.configure }} + name: 'configure' + + - run: make V=1 + name: 'make' + + - run: make V=1 examples + name: 'make examples' + + - run: make V=1 -C tests + name: 'make tests' + + - run: make V=1 test-ci + name: 'run tests' + env: + TFLAGS: "${{ matrix.build.tflags }}" + + - run: pytest -v tests + name: 'run pytest' + env: + TFLAGS: "${{ matrix.build.tflags }}" + CURL_CI: github diff --git a/libs/curl/.github/workflows/label.yml b/libs/curl/.github/workflows/label.yml new file mode 100644 index 00000000..de93ae26 --- /dev/null +++ b/libs/curl/.github/workflows/label.yml @@ -0,0 +1,26 @@ +# Copyright (C) Daniel Fandrich, , et al. +# +# SPDX-License-Identifier: curl + +# This workflow will triage pull requests and apply a label based on the +# paths that are modified in the pull request. +# +# To use this workflow, you will need to set up a .github/labeler.yml +# file with configuration. For more information, see: +# https://github.com/actions/labeler + +name: Labeler +on: [pull_request_target] + +jobs: + label: + + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + + steps: + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/libs/curl/.github/workflows/linkcheck.yml b/libs/curl/.github/workflows/linkcheck.yml index b37cd810..fff8515d 100644 --- a/libs/curl/.github/workflows/linkcheck.yml +++ b/libs/curl/.github/workflows/linkcheck.yml @@ -1,23 +1,41 @@ -# Docs: https://github.com/marketplace/actions/markdown-link-check +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl name: Markdown links on: - # Trigger the workflow on push or pull requests, but only for the - # master branch push: branches: - - master - - '*/ci' + - master + - '*/ci' + paths: + - '.github/workflows/linkcheck.yml' + - '**.md' pull_request: branches: - - master + - master + paths: + - '.github/workflows/linkcheck.yml' + - '**.md' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} jobs: + # Docs: https://github.com/marketplace/actions/markdown-link-check check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@master - - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - use-quiet-mode: 'yes' + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + name: checkout + + - name: trim the cmdline docs markdown files + run: find docs/cmdline-opts -name "*.md" ! -name "_*" ! -name MANPAGE.md | xargs -n1 ./.github/scripts/cleancmd.pl + + - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 + with: + use-quiet-mode: 'yes' diff --git a/libs/curl/.github/workflows/linux-hyper.yml b/libs/curl/.github/workflows/linux-hyper.yml deleted file mode 100644 index 4a02753b..00000000 --- a/libs/curl/.github/workflows/linux-hyper.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Linux - -on: - # Trigger the workflow on push or pull requests, but only for the - # master branch - push: - branches: - - master - - '*/ci' - pull_request: - branches: - - master - -jobs: - autotools: - name: ${{ matrix.build.name }} - runs-on: 'ubuntu-latest' - timeout-minutes: 90 - strategy: - fail-fast: false - matrix: - build: - - name: hyper - install: - configure: --with-openssl --with-hyper=$HOME/hyper - - steps: - - run: sudo apt-get install libtool autoconf automake pkg-config - name: install prereqs - - - run: (cd $HOME; - git clone --depth=1 https://github.com/hyperium/hyper.git; - curl https://sh.rustup.rs -sSf | sh -s -- -y; - source $HOME/.cargo/env; - cd $HOME/hyper; - RUSTFLAGS="--cfg hyper_unstable_ffi" cargo build --features client,http1,http2,ffi) - name: 'install hyper' - - - uses: actions/checkout@v2 - - - run: ./buildconf && LDFLAGS="-Wl,-rpath,$HOME/hyper/target/debug" ./configure --enable-warnings --enable-werror ${{ matrix.build.configure }} && make V=1 - name: 'configure and build' - - - run: make V=1 test-ci - name: 'test' - env: - LD_LIBRARY_PATH: $HOME/hyper/target/debug:/usr/local/lib - TFLAGS: "${{ matrix.build.tflags }}" diff --git a/libs/curl/.github/workflows/linux-old.yml b/libs/curl/.github/workflows/linux-old.yml new file mode 100644 index 00000000..0aec2168 --- /dev/null +++ b/libs/curl/.github/workflows/linux-old.yml @@ -0,0 +1,103 @@ +# Copyright (C) Daniel Fandrich, , et al. +# +# SPDX-License-Identifier: curl +# +# Compile on an old version of Linux that has barely the minimal build +# requirements for CMake. This tests that curl is still usable on really +# outdated systems. +# +# Debian stretch is chosen as it closely matches some of the oldest major +# versions we support (especially cmake); see docs/INTERNALS.md and it +# is still supported (as of this writing). +# stretch has ELTS support from Freexian until 2027-06-30 +# For ELTS info see https://www.freexian.com/lts/extended/docs/how-to-use-extended-lts/ +# The Debian key will expire 2025-05-20, after which package signature +# verification may need to be disabled. +# httrack is one of the smallest downloaders, needed to bootstrap ELTS, +# and won't conflict with the curl we're building. + +name: Old Linux + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +permissions: {} + +env: + MAKEFLAGS: -j 5 + DEBIAN_FRONTEND: noninteractive + +jobs: + cmake: + name: linux (cmake) + runs-on: 'ubuntu-latest' + container: 'debian:stretch' + + steps: + - name: 'install prereqs' + # Remember, this shell is dash, not bash + run: | + sed -E -i -e s@[a-z]+\.debian\.org/@archive.debian.org/debian-archive/@ -e '/ stretch-updates /d' /etc/apt/sources.list + apt-get update + # See comment above if this fails after 2025-05-20 + apt-get install -y --no-install-suggests --no-install-recommends httrack + httrack --get https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb + dpkg -i freexian-archive-keyring_2022.06.08_all.deb + echo 'deb http://deb.freexian.com/extended-lts stretch-lts main contrib non-free' | tee /etc/apt/sources.list.d/extended-lts.list + apt-get update + apt-get install -y --no-install-suggests --no-install-recommends cmake make gcc pkg-config libpsl-dev libzstd-dev zlib1g-dev libssl1.0-dev libssh-dev libssh2-1-dev libc-ares-dev heimdal-dev libldap2-dev stunnel4 groff + # GitHub's actions/checkout needs a newer glibc. This one is the + # latest available for buster, the next stable release after stretch. + httrack --get https://security.debian.org/debian-security/pool/updates/main/g/glibc/libc6_2.28-10+deb10u4_amd64.deb + dpkg -i libc6_*_amd64.deb + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: 'cmake build-only (out-of-tree, libssh2)' + run: | + mkdir bld-1 + cd bld-1 + cmake .. -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON -DBUILD_SHARED_LIBS=ON -DENABLE_ARES=OFF -DCURL_ZSTD=OFF -DCURL_USE_GSSAPI=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_LIBSSH=OFF + make install + src/curl --disable --version + + - name: 'cmake generate (out-of-tree, c-ares, libssh, zstd, gssapi)' + run: | + mkdir bld-cares + cd bld-cares + cmake .. -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON -DBUILD_SHARED_LIBS=ON -DENABLE_ARES=ON -DCURL_ZSTD=ON -DCURL_USE_GSSAPI=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON + + - name: 'build' + run: | + make -C bld-cares + bld-cares/src/curl --disable --version + + - name: 'install' + run: make -C bld-cares install + + - name: 'tests' + run: make -C bld-cares test-ci diff --git a/libs/curl/.github/workflows/linux.yml b/libs/curl/.github/workflows/linux.yml new file mode 100644 index 00000000..bde8fb60 --- /dev/null +++ b/libs/curl/.github/workflows/linux.yml @@ -0,0 +1,450 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Linux + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 5 + # unhandled + bearssl-version: 0.6 + # renovate: datasource=github-tags depName=libressl-portable/portable versioning=semver registryUrl=https://github.com + libressl-version: 3.9.2 + # renovate: datasource=github-tags depName=ARMmbed/mbedtls versioning=semver registryUrl=https://github.com + mbedtls-version: 3.6.0 + # renovate: datasource=github-tags depName=icing/mod_h2 versioning=semver registryUrl=https://github.com + mod_h2-version: 2.0.29 + # renovate: datasource=github-tags depName=nibanks/msh3 versioning=semver registryUrl=https://github.com + msh3-version: 0.6.0 + # handled in renovate.json + openssl3-version: openssl-3.1.3 + # unhandled + quictls-version: 3.1.4+quic + # renovate: datasource=github-tags depName=rustls/rustls-ffi versioning=semver registryUrl=https://github.com + rustls-version: 0.13.0 + +jobs: + autotools: + name: ${{ matrix.build.name }} + runs-on: 'ubuntu-latest' + container: ${{ matrix.build.container }} + timeout-minutes: 90 + strategy: + fail-fast: false + matrix: + build: + - name: bearssl + install_packages: zlib1g-dev valgrind + install_steps: bearssl pytest + configure: LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug + singleuse: --unit + + - name: bearssl-clang + install_packages: zlib1g-dev clang + install_steps: bearssl + configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/bearssl/lib" --with-bearssl=$HOME/bearssl --enable-debug + singleuse: --unit + + - name: libressl + install_packages: zlib1g-dev valgrind + install_steps: libressl pytest + configure: LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug + singleuse: --unit + + - name: libressl-clang + install_packages: zlib1g-dev clang + install_steps: libressl + configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/libressl/lib" --with-openssl=$HOME/libressl --enable-debug + singleuse: --unit + + - name: mbedtls + install_packages: libnghttp2-dev valgrind + install_steps: mbedtls pytest + configure: LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug + singleuse: --unit + + - name: mbedtls-clang + install_packages: libnghttp2-dev clang + install_steps: mbedtls + configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/mbedtls/lib" --with-mbedtls=$HOME/mbedtls --enable-debug + singleuse: --unit + + - name: msh3 + install_packages: zlib1g-dev valgrind + install_steps: quictls msh3 + configure: LDFLAGS="-Wl,-rpath,$HOME/msh3/lib -Wl,-rpath,$HOME/quictls/lib" --with-msh3=$HOME/msh3 --with-openssl=$HOME/quictls --enable-debug + singleuse: --unit + + - name: openssl3 + install_packages: zlib1g-dev valgrind + install_steps: gcc-11 openssl3 pytest + configure: CFLAGS=-std=gnu89 LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets + singleuse: --unit + + - name: openssl3-O3 + install_packages: zlib1g-dev valgrind + install_steps: gcc-11 openssl3 + configure: CPPFLAGS=-DCURL_WARN_SIGN_CONVERSION CFLAGS=-O3 LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets + singleuse: --unit + + - name: openssl3-clang + install_packages: zlib1g-dev clang + install_steps: openssl3 + configure: CC=clang LDFLAGS="-Wl,-rpath,$HOME/openssl3/lib" --with-openssl=$HOME/openssl3 --enable-debug --enable-websockets + singleuse: --unit + + - name: address-sanitizer + install_packages: zlib1g-dev libssh2-1-dev clang libssl-dev libubsan1 libasan8 libtsan2 + install_steps: pytest + configure: > + CC=clang + CFLAGS="-fsanitize=address,undefined,signed-integer-overflow -fno-sanitize-recover=undefined,integer -Wformat -Werror=format-security -Werror=array-bounds -g" + LDFLAGS="-fsanitize=address,undefined -fno-sanitize-recover=undefined,integer" + LIBS="-ldl -lubsan" + --with-openssl --enable-debug --enable-websockets + singleuse: --unit + + - name: memory-sanitizer + install_packages: clang + install_steps: + configure: > + CC=clang + CFLAGS="-fsanitize=memory -Wformat -Werror=format-security -Werror=array-bounds -g" + LDFLAGS="-fsanitize=memory" + LIBS="-ldl" + --without-ssl --without-zlib --without-brotli --without-zstd --without-libpsl --without-nghttp2 --enable-debug --enable-websockets + singleuse: --unit + + - name: event-based + install_packages: libssh-dev valgrind + configure: --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl + tflags: -n -e '!TLS-SRP' + singleuse: --unit + + - name: hyper + install_steps: rust hyper valgrind + configure: LDFLAGS="-Wl,-rpath,$HOME/hyper/target/debug" --with-openssl --with-hyper=$HOME/hyper --enable-debug --enable-websockets + singleuse: --unit + + - name: rustls + install_steps: rust rustls pytest valgrind libpsl-dev + configure: --with-rustls=$HOME/rustls --enable-debug + singleuse: --unit + + - name: Intel compiler - without SSL + install_packages: zlib1g-dev valgrind + install_steps: intel + configure: CC=icc --enable-debug --without-ssl + singleuse: --unit + + - name: Intel compiler - OpenSSL + install_packages: zlib1g-dev libssl-dev valgrind + install_steps: intel + configure: CC=icc --enable-debug --with-openssl + singleuse: --unit + + - name: Slackware-openssl-with-gssapi-gcc + # These are essentially the same flags used to build the curl Slackware package + # https://ftpmirror.infania.net/slackware/slackware64-current/source/n/curl/curl.SlackBuild + configure: --with-openssl --with-libssh2 --with-gssapi --enable-ares --enable-static=no --without-ca-bundle --with-ca-path=/etc/ssl/certs + # Docker Hub image that `container-job` executes in + container: 'andy5995/slackware-build-essential:15.0' + + - name: Alpine MUSL + configure: --enable-debug --enable-websockets --with-ssl --with-libssh2 --with-libidn2 --with-gssapi --enable-ldap --with-libpsl + container: 'alpine:3.18' + singleuse: --unit + + steps: + - if: matrix.build.container == null + run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get update + sudo apt-get install libtool autoconf automake pkg-config stunnel4 libpsl-dev libbrotli-dev libzstd-dev ${{ matrix.build.install_packages }} + sudo python3 -m pip install impacket + name: 'install prereqs and impacket' + + - if: startsWith(matrix.build.container, 'alpine') + run: | + apk add --no-cache build-base autoconf automake libtool perl openssl-dev libssh2-dev zlib-dev brotli-dev zstd-dev libidn2-dev openldap-dev heimdal-dev libpsl-dev py3-impacket py3-asn1 py3-six py3-pycryptodomex perl-time-hires openssh stunnel sudo git + name: 'install dependencies' + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: Fix kernel mmap rnd bits + # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with + # high-entropy ASLR in much newer kernels that GitHub runners are + # using leading to random crashes: https://reviews.llvm.org/D148280 + # See https://github.com/actions/runner-images/issues/9491 + continue-on-error: true + run: sudo sysctl vm.mmap_rnd_bits=28 + + - if: contains(matrix.build.install_steps, 'gcc-11') + run: | + sudo add-apt-repository ppa:ubuntu-toolchain-r/ppa + sudo apt-get update + sudo apt-get install gcc-11 + sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 100 + sudo update-alternatives --set gcc /usr/bin/gcc-11 + gcc --version + name: 'install gcc-11' + + - name: cache bearssl + if: contains(matrix.build.install_steps, 'bearssl') + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-bearssl + env: + cache-name: cache-bearssl + with: + path: /home/runner/bearssl + key: ${{ runner.os }}-build-${{ env.cache-name }}-bearssl-${{ env.bearssl-version }} + + - name: 'build bearssl' + if: contains(matrix.build.install_steps, 'bearssl') && steps.cache-bearssl.outputs.cache-hit != 'true' + run: | + curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://bearssl.org/bearssl-${{ env.bearssl-version }}.tar.gz + tar -xzf bearssl-${{ env.bearssl-version }}.tar.gz + cd bearssl-${{ env.bearssl-version }} + make + mkdir -p $HOME/bearssl/lib $HOME/bearssl/include + cp inc/*.h $HOME/bearssl/include + cp build/libbearssl.* $HOME/bearssl/lib + + - name: cache libressl + if: contains(matrix.build.install_steps, 'libressl') + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-libressl + env: + cache-name: cache-libressl + with: + path: /home/runner/libressl + key: ${{ runner.os }}-build-${{ env.cache-name }}-libressl-${{ env.libressl-version }} + + - name: 'build libressl' + if: contains(matrix.build.install_steps, 'libressl') && steps.cache-libressl.outputs.cache-hit != 'true' + run: | + git clone --quiet --depth=1 -b v${{ env.libressl-version }} https://github.com/libressl-portable/portable.git libressl-git + cd libressl-git + ./autogen.sh + ./configure --disable-dependency-tracking --prefix=$HOME/libressl + make install + + - name: cache mbedtls + if: contains(matrix.build.install_steps, 'mbedtls') + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-mbedtls + env: + cache-name: cache-mbedtls + with: + path: /home/runner/mbedtls + key: ${{ runner.os }}-build-${{ env.cache-name }}-mbedtls-${{ env.mbedtls-version }} + + - name: 'build mbedtls' + if: contains(matrix.build.install_steps, 'mbedtls') && steps.cache-mbedtls.outputs.cache-hit != 'true' + run: | + git clone --quiet --depth=1 -b v${{ env.mbedtls-version }} https://github.com/ARMmbed/mbedtls + cd mbedtls + git submodule update --init + make DESTDIR=$HOME/mbedtls install + + - name: cache openssl3 + if: contains(matrix.build.install_steps, 'openssl3') + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-openssl3 + env: + cache-name: cache-openssl3 + with: + path: /home/runner/openssl3 + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.openssl3-version }} + + - name: 'install openssl3' + if: contains(matrix.build.install_steps, 'openssl3') && steps.cache-openssl3.outputs.cache-hit != 'true' + run: | + git clone --quiet --depth=1 -b ${{ env.openssl3-version }} https://github.com/openssl/openssl + cd openssl + ./config --prefix=$HOME/openssl3 --libdir=lib + make -j1 install_sw + + - name: cache quictls + if: contains(matrix.build.install_steps, 'quictls') + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-quictls + env: + cache-name: cache-quictls + with: + path: /home/runner/quictls + key: ${{ runner.os }}-build-${{ env.cache-name }}-quictls-${{ env.quictls-version }} + + - name: 'build quictls' + if: contains(matrix.build.install_steps, 'quictls') && steps.cache-quictls.outputs.cache-hit != 'true' + run: | + git clone --quiet --depth=1 -b openssl-${{ env.quictls-version }} https://github.com/quictls/openssl + cd openssl + ./config --prefix=$HOME/quictls --libdir=lib + make -j1 install_sw + + - name: cache msh3 + if: contains(matrix.build.install_steps, 'msh3') + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-msh3 + env: + cache-name: cache-msh3 + with: + path: /home/runner/msh3 + key: ${{ runner.os }}-build-${{ env.cache-name }}-msh3-${{ env.msh3-version }} + + - name: 'build msh3' + if: contains(matrix.build.install_steps, 'msh3') && steps.cache-msh3.outputs.cache-hit != 'true' + run: | + git clone --quiet -b v${{ env.msh3-version }} --depth=1 --recursive https://github.com/nibanks/msh3 + cd msh3 && mkdir build && cd build + cmake -G 'Unix Makefiles' -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_INSTALL_PREFIX=$HOME/msh3 .. + cmake --build . + cmake --install . + + - if: contains(matrix.build.install_steps, 'rust') + run: | + cd $HOME + curl -sSf --compressed https://sh.rustup.rs/ | sh -s -- -y + source $HOME/.cargo/env + rustup toolchain install nightly + name: 'install rust' + + - name: cache rustls + if: contains(matrix.build.install_steps, 'rustls') + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-rustls + env: + cache-name: cache-rustls + with: + path: /home/runner/rustls + key: ${{ runner.os }}-build-${{ env.cache-name }}-rustls-${{ env.rustls-version }} + + - name: 'build rustls' + if: contains(matrix.build.install_steps, 'rustls') && steps.cache-rustls.outputs.cache-hit != 'true' + run: | + git clone --quiet --depth=1 -b v${{ env.rustls-version }} --recursive https://github.com/rustls/rustls-ffi.git + cd rustls-ffi + make DESTDIR=$HOME/rustls install + + - if: contains(matrix.build.install_steps, 'hyper') + run: | + cd $HOME + git clone --quiet --depth=1 https://github.com/hyperium/hyper.git + cd $HOME/hyper + RUSTFLAGS="--cfg hyper_unstable_ffi" cargo +nightly rustc --features client,http1,http2,ffi -Z unstable-options --crate-type cdylib + echo "LD_LIBRARY_PATH=$HOME/hyper/target/debug:/usr/local/lib" >> $GITHUB_ENV + name: 'install hyper' + + - if: contains(matrix.build.install_steps, 'intel') + run: | + cd /tmp + curl -sSf --compressed https://apt.repos.intel.com/intel-gpg-keys/GPG-PUB-KEY-INTEL-SW-PRODUCTS.PUB | sudo apt-key add - + sudo add-apt-repository "deb https://apt.repos.intel.com/oneapi all main" + sudo apt install --no-install-recommends intel-oneapi-compiler-dpcpp-cpp-and-cpp-classic + source /opt/intel/oneapi/setvars.sh + printenv >> $GITHUB_ENV + name: 'install Intel compilers' + + - if: contains(matrix.build.install_steps, 'pytest') + run: | + sudo apt-get install apache2 apache2-dev libnghttp2-dev vsftpd + sudo python3 -m pip install -r tests/http/requirements.txt + name: 'install pytest and apach2-dev' + + - name: cache mod_h2 + if: contains(matrix.build.install_steps, 'pytest') + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-mod_h2 + env: + cache-name: cache-mod_h2 + with: + path: /home/runner/mod_h2 + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.mod_h2-version }} + + - name: 'build mod_h2' + if: contains(matrix.build.install_steps, 'pytest') && steps.cache-mod_h2.outputs.cache-hit != 'true' + run: | + cd $HOME + git clone --quiet --depth=1 -b v${{ env.mod_h2-version }} https://github.com/icing/mod_h2 + cd mod_h2 + autoreconf -fi + ./configure + make + + - name: 'install mod_h2' + if: contains(matrix.build.install_steps, 'pytest') + run: | + cd $HOME/mod_h2 + sudo make install + + - run: autoreconf -fi + name: 'autoreconf' + + - run: ./configure --disable-dependency-tracking --enable-warnings --enable-werror ${{ matrix.build.configure }} + name: 'configure' + + - run: make V=1 + name: 'make' + + - run: | + git config --global --add safe.directory "*" + ./scripts/singleuse.pl ${{ matrix.build.singleuse }} lib/.libs/libcurl.a + name: single-use function check + + - run: ./src/curl -V + name: 'check curl -V output' + + - run: make V=1 examples + name: 'make examples' + + - run: make V=1 -C tests + name: 'make tests' + + - run: make V=1 test-ci + name: 'run tests' + env: + TFLAGS: "${{ matrix.build.tflags }}" + + - if: contains(matrix.build.install_steps, 'pytest') + # run for `tests` directory, so pytest does not pick up any other + # packages we might have built here + run: + pytest -v tests + name: 'run pytest' + env: + TFLAGS: "${{ matrix.build.tflags }}" + CURL_CI: github diff --git a/libs/curl/.github/workflows/linux32.yml b/libs/curl/.github/workflows/linux32.yml new file mode 100644 index 00000000..eb7cb8ac --- /dev/null +++ b/libs/curl/.github/workflows/linux32.yml @@ -0,0 +1,92 @@ +# Copyright (C) Dan Fandrich +# +# SPDX-License-Identifier: curl + +name: Linux 32-bit + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 5 + +jobs: + linux-i686: + name: ${{ matrix.build.name }} + runs-on: 'ubuntu-22.04' + timeout-minutes: 90 + strategy: + fail-fast: false + matrix: + build: + - name: Linux i686 + install_packages: gcc-11-i686-linux-gnu libssl-dev:i386 zlib1g-dev:i386 libpsl-dev:i386 libbrotli-dev:i386 libzstd-dev:i386 + configure: --enable-debug --enable-websockets --with-openssl --host=i686-linux-gnu CC=i686-linux-gnu-gcc-11 PKG_CONFIG_PATH=/usr/lib/i386-linux-gnu/pkgconfig CPPFLAGS=-I/usr/include/i386-linux-gnu LDFLAGS=-L/usr/lib/i386-linux-gnu + + steps: + - run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo dpkg --add-architecture i386 + sudo apt-get update -y + sudo apt-get install -y --no-install-suggests --no-install-recommends libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install_packages }} + sudo python3 -m pip install impacket + name: 'install prereqs' + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - run: autoreconf -fi + name: 'autoreconf' + + - run: ./configure --disable-dependency-tracking --enable-warnings --enable-werror ${{ matrix.build.configure }} + name: 'configure' + + - run: make V=1 + name: 'make' + + - run: ./src/curl -V + name: 'check curl -V output' + + - run: make V=1 examples + name: 'make examples' + + - run: make V=1 -C tests + name: 'make tests' + + - run: make V=1 test-ci + name: 'run tests' + env: + TFLAGS: "${{ matrix.build.tflags }}" diff --git a/libs/curl/.github/workflows/macos.yml b/libs/curl/.github/workflows/macos.yml index d0094bc0..c5e8e453 100644 --- a/libs/curl/.github/workflows/macos.yml +++ b/libs/curl/.github/workflows/macos.yml @@ -1,132 +1,617 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + name: macOS on: - # Trigger the workflow on push or pull requests, but only for the - # master branch push: branches: - - master - - '*/ci' + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' pull_request: branches: - - master + - master + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +# Deprecated Apple APIs and the macos-version-min value required to avoid +# deprecation warnings with llvm/clang: +# +# - 10.7 Lion (2011) - GSS +# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl SecureTransport code) +# - 10.9 Maverick (2013) - LDAP +# - 10.14 Mojave (2018) - SecureTransport +# +# For SecureTransport, curl implements features that require a target +# newer than the 10.8 required by `CFURLCreateDataAndPropertiesFromResource`. +# In this case `-Wno-deprecated-declarations` still comes handy to pacify +# deprecation warnings, though the real solution would be to avoid calling +# that function. + +env: + LDFLAGS: -w # suppress 'object file was built for newer macOS version than being linked' warnings + MAKEFLAGS: -j 4 jobs: autotools: - name: ${{ matrix.build.name }} + name: 'AM ${{ matrix.compiler }} ${{ matrix.name }}' runs-on: 'macos-latest' - timeout-minutes: 90 + timeout-minutes: 60 + env: + DEVELOPER_DIR: "/Applications/Xcode${{ matrix.xcode && format('_{0}', matrix.xcode) || '' }}.app/Contents/Developer" + CC: ${{ matrix.compiler }} + CFLAGS: '-mmacosx-version-min=${{ matrix.macos-version-min }}' strategy: fail-fast: false matrix: - build: - - name: normal - install: nghttp2 - configure: --without-ssl - macosx-version-min: 10.9 - - name: debug - install: nghttp2 - configure: --enable-debug --without-ssl - macosx-version-min: 10.9 - - name: libssh2 - install: nghttp2 libssh2 - configure: --enable-debug --with-libssh2 --without-ssl - macosx-version-min: 10.9 - - name: c-ares - install: nghttp2 - configure: --enable-debug --enable-ares --without-ssl - macosx-version-min: 10.9 - - name: HTTP only - install: nghttp2 - configure: --enable-debug --enable-maintainer-mode --disable-dict --disable-file --disable-ftp --disable-gopher --disable-imap --disable-ldap --disable-pop3 --disable-rtmp --disable-rtsp --disable-scp --disable-sftp --disable-smb --disable-smtp --disable-telnet --disable-tftp --disable-unix-sockets --disable-shared --without-brotli --without-gssapi --without-libidn2 --without-libpsl --without-librtmp --without-libssh2 --without-nghttp2 --without-ntlm-auth --without-ssl --without-zlib - macosx-version-min: 10.15 - - name: SecureTransport http2 - install: nghttp2 - configure: --enable-debug --with-secure-transport - macosx-version-min: 10.8 - - name: OpenSSL http2 - install: nghttp2 openssl - configure: --enable-debug --with-openssl=/usr/local/opt/openssl - macosx-version-min: 10.9 - - name: LibreSSL http2 - install: nghttp2 libressl - configure: --enable-debug --with-openssl=/usr/local/opt/libressl - macosx-version-min: 10.9 - - name: torture - install: nghttp2 openssl - configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=/usr/local/opt/openssl - tflags: -n -t --shallow=25 !FTP - macosx-version-min: 10.9 - - name: torture-ftp - install: nghttp2 openssl - configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=/usr/local/opt/openssl - tflags: -n -t --shallow=20 FTP - macosx-version-min: 10.9 - - name: macOS 10.15 - install: nghttp2 libssh2 openssl - configure: --enable-debug --disable-ldap --with-openssl=/usr/local/opt/openssl - macosx-version-min: 10.15 + include: + - name: '!ssl !debug' + compiler: clang + configure: --without-ssl --enable-websockets + macos-version-min: '10.9' + - name: '!ssl !debug' + compiler: gcc-12 + configure: --without-ssl --enable-websockets + macos-version-min: '10.9' + - name: '!ssl' + compiler: clang + configure: --enable-debug --without-ssl --enable-websockets + macos-version-min: '10.9' + - name: '!ssl libssh2' + compiler: clang + configure: --enable-debug --with-libssh2=$(brew --prefix libssh2) --without-ssl --enable-websockets + macos-version-min: '10.9' + - name: 'OpenSSL libssh c-ares' + compiler: clang + install: libssh + configure: --enable-debug --with-libssh --with-openssl=$(brew --prefix openssl) --enable-ares --enable-websockets + macos-version-min: '10.9' + - name: 'OpenSSL libssh' + compiler: llvm@15 + install: libssh + configure: --enable-debug --with-libssh --with-openssl=$(brew --prefix openssl) --enable-websockets + macos-version-min: '10.9' + - name: '!ssl c-ares' + compiler: clang + configure: --enable-debug --enable-ares --without-ssl --enable-websockets + macos-version-min: '10.9' + - name: '!ssl HTTP-only' + compiler: clang + configure: | + --enable-debug \ + --disable-alt-svc --disable-dict --disable-file --disable-ftp --disable-gopher --disable-imap \ + --disable-ldap --disable-pop3 --disable-rtmp --disable-rtsp --disable-scp --disable-sftp \ + --disable-shared --disable-smb --disable-smtp --disable-telnet --disable-tftp --disable-unix-sockets \ + --without-brotli --without-gssapi --without-libidn2 --without-libpsl --without-librtmp --without-libssh2 \ + --without-nghttp2 --without-ntlm-auth --without-ssl --without-zlib --without-zstd + + macos-version-min: '10.15' # Catalina (2019) + - name: 'SecureTransport libssh2' + compiler: clang + configure: --enable-debug --with-secure-transport --enable-websockets --with-libssh2=$(brew --prefix libssh2) + macos-version-min: '10.8' + - name: 'SecureTransport libssh2 10.12' + compiler: clang + configure: --enable-debug --with-secure-transport --enable-websockets --with-libssh2=$(brew --prefix libssh2) + macos-version-min: '10.12' # for monotonic timers + cflags: '-Wno-deprecated-declarations' + - name: 'SecureTransport libssh2' + compiler: gcc-12 + configure: --enable-debug --with-secure-transport --enable-websockets --with-libssh2=$(brew --prefix libssh2) + macos-version-min: '10.8' + - name: 'LibreSSL' + compiler: clang + install: libressl + configure: --enable-debug --with-openssl=$(brew --prefix libressl) --enable-websockets + macos-version-min: '10.9' + - name: 'OpenSSL' + compiler: clang + configure: --enable-debug --with-openssl=$(brew --prefix openssl) --enable-websockets + macos-version-min: '10.9' + - name: 'OpenSSL torture !FTP' + compiler: clang + configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=$(brew --prefix openssl) --enable-websockets + tflags: -n -t --shallow=25 !FTP + macos-version-min: '10.9' + - name: 'OpenSSL torture FTP' + compiler: clang + configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=$(brew --prefix openssl) --enable-websockets + tflags: -n -t --shallow=20 FTP + macos-version-min: '10.9' + - name: 'OpenSSL libssh2 !ldap 10.15' + compiler: clang + configure: --enable-debug --disable-ldap --with-openssl=$(brew --prefix openssl) --enable-websockets + macos-version-min: '10.15' steps: - - run: echo libtool autoconf automake pkg-config ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile - name: 'brew bundle' + - name: 'brew install' + # Run this command with retries because of spurious failures seen + # while running the tests, for example + # https://github.com/curl/curl/runs/4095721123?check_suite_focus=true + run: | + echo libtool autoconf automake pkg-config libpsl libssh2 nghttp2 openssl ${{ matrix.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile + while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done + + - name: 'brew unlink openssl' + run: | + case "${{ matrix.install }}" in + *openssl*) + ( + cd $(brew --prefix openssl)/lib/pkgconfig/ + for i in libssl.pc libcrypto.pc; do + sudo cp $i $i.orig + sudo sed s,libdir=$(brew --prefix)'/Cellar/openssl@3/3.3.0$',libdir=$(brew --prefix)/Cellar/openssl@3/3.3.0/lib,g < $i.orig > /tmp/$i + sudo cp /tmp/$i $i + cat $i + done + ) + ;; + *) + if test -d $(brew --prefix)/include/openssl; then + brew unlink openssl + fi;; + esac + + - name: 'pip3 install' + run: | + python3 -m venv $HOME/venv + source $HOME/venv/bin/activate + python3 -m pip install impacket - # Run this command with retries because of spurious failures seen - # while running the tests, for example - # https://github.com/curl/curl/runs/4095721123?check_suite_focus=true - - run: brew update && for i in 1 2 3; do brew bundle install --no-lock --file /tmp/Brewfile && break || sleep 1; done - name: 'brew install' + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - - uses: actions/checkout@v2 + - name: 'toolchain versions' + run: | + [[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" + [[ '${{ matrix.compiler }}' = 'gcc'* ]] && \ + grep -h -r -E -o '.+[0-9.]+\.sdk/' "$(dirname "$("${CC}" -print-libgcc-file-name)")/include-fixed" | sed -E 's/^\t+//g' | tr -d '"' | sort -u || true + which "${CC}"; "${CC}" --version || true + xcodebuild -version || true + xcrun -sdk macosx --show-sdk-path 2>/dev/null || true + echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::' + echo '::group::brew packages preinstalled'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::' - - run: ./buildconf && ./configure --enable-warnings --enable-werror ${{ matrix.build.configure }} - name: 'configure' - env: - # -Wvla is caused by brotli - CFLAGS: "-Wno-vla -mmacosx-version-min=${{ matrix.build.macosx-version-min }}" + - name: 'autoreconf' + run: autoreconf -fi - - run: make V=1 - name: 'make' + - name: 'configure' + run: | + [[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" + CFLAGS+=' ${{ matrix.cflags }}' + if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then + libgccdir="$(dirname "$("${CC}" -print-libgcc-file-name)")" + echo '::group::gcc include-fixed details'; find "${libgccdir}/include-fixed" | sort; echo '::endgroup::' + for f in dispatch os AvailabilityInternal.h stdio.h; do + if [ -r "${libgccdir}/include-fixed/${f}" ]; then + echo "Zap gcc hack: '${libgccdir}/include-fixed/${f}'" + mv "${libgccdir}/include-fixed/${f}" "${libgccdir}/include-fixed/${f}-BAK" + fi + done + fi + if [[ '${{ matrix.compiler }}' = 'llvm'* ]]; then + options+=" --target=$(uname -m)-apple-darwin" + CC+=" --target=$(uname -m)-apple-darwin" + fi + if [ '${{ matrix.compiler }}' != 'clang' ]; then + options+=" --with-sysroot=$(xcrun -sdk macosx --show-sdk-path 2>/dev/null)" + CFLAGS+=" --sysroot=$(xcrun -sdk macosx --show-sdk-path 2>/dev/null)" + fi + mkdir bld && cd bld && ../configure --enable-warnings --enable-werror \ + --disable-dependency-tracking \ + --with-libpsl=$(brew --prefix libpsl) \ + ${{ matrix.configure }} ${options} - - run: make V=1 test-ci - name: 'test' - env: - TFLAGS: "${{ matrix.build.tflags }} ~1452" + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + cat bld/lib/curl_config.h | grep -F '#define' | sort || true + + - name: 'make' + run: make -C bld V=1 + + - name: 'curl version' + run: bld/src/curl --disable --version + + - name: 'make examples' + run: make -C bld V=1 examples + + - name: 'make tests' + run: make -C bld V=1 -C tests + + - name: 'run tests' + run: | + export TFLAGS='${{ matrix.tflags }} -j10' + if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then + TFLAGS+=' ~RTSP' # 567 568 569 570 571 572 577 689 3100 + TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length + if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then + TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059 + TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2 + else + TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2 + fi + fi + rm -f $HOME/.curlrc + make -C bld V=1 test-ci cmake: - name: cmake ${{ matrix.compiler.CC }} ${{ matrix.build.name }} + name: 'CM ${{ matrix.compiler }} ${{ matrix.build.name }}' runs-on: 'macos-latest' - env: ${{ matrix.compiler }} + timeout-minutes: 10 + env: + DEVELOPER_DIR: "/Applications/Xcode${{ matrix.xcode && format('_{0}', matrix.xcode) || '' }}.app/Contents/Developer" + CC: ${{ matrix.compiler }} strategy: fail-fast: false matrix: - compiler: - - CC: clang - CXX: clang++ - CFLAGS: "-mmacosx-version-min=10.15 -Wno-deprecated-declarations" - - CC: gcc-9 - CXX: g++-9 - CFLAGS: "-mmacosx-version-min=10.15 -Wno-error=undef -Wno-error=conversion" + compiler: [clang, llvm@15, gcc-12] build: - - name: OpenSSL - install: nghttp2 openssl - generate: -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON - - name: LibreSSL - install: nghttp2 libressl - generate: -DOPENSSL_ROOT_DIR=/usr/local/opt/libressl -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON - - name: libssh2 - install: nghttp2 openssl libssh2 - generate: -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl -DCURL_USE_LIBSSH2=ON + - name: 'OpenSSL ws gsasl AppleIDN' + install: gsasl + generate: -DOPENSSL_ROOT_DIR=$(brew --prefix openssl) -DCURL_USE_GSASL=ON -DUSE_APPLE_IDN=ON -DENABLE_WEBSOCKETS=ON + macos-version-min: '10.9' + tflags: '~1034 ~1035' # AppleIDN issues: https://github.com/curl/curl/issues/14176 + - name: 'OpenSSL +static' + generate: -DOPENSSL_ROOT_DIR=$(brew --prefix openssl) -DBUILD_STATIC_LIBS=ON + macos-version-min: '10.9' + - name: 'SecureTransport ws debug+' + generate: -DCURL_USE_SECTRANSP=ON -DENABLE_WEBSOCKETS=ON -DENABLE_DEBUG=ON -DENABLE_CURLDEBUG=ON + macos-version-min: '10.8' + - name: 'LibreSSL !ldap' + install: libressl + generate: -DOPENSSL_ROOT_DIR=$(brew --prefix libressl) -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON -DBUILD_EXAMPLES=ON + macos-version-min: '10.15' + - name: 'wolfSSL !ldap' + install: wolfssl + generate: -DCURL_USE_WOLFSSL=ON -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON + macos-version-min: '10.15' + - name: 'GnuTLS !ldap' + install: gnutls nettle + generate: -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON + macos-version-min: '10.15' + exclude: + - { compiler: llvm@15, build: { macos-version-min: '10.15' } } + - { compiler: llvm@15, build: { macos-version-min: '10.9' } } + steps: + - name: 'brew install' + run: | + echo libtool autoconf automake pkg-config libpsl libssh2 nghttp2 openssl ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile + while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done + + - name: 'brew unlink openssl' + run: | + case "${{ matrix.build.install }}" in + *openssl*) + ;; + *) + if test -d $(brew --prefix)/include/openssl; then + brew unlink openssl + fi;; + esac + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: 'toolchain versions' + run: | + [[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" + [[ '${{ matrix.compiler }}' = 'gcc'* ]] && \ + grep -h -r -E -o '.+[0-9.]+\.sdk/' "$(dirname "$("${CC}" -print-libgcc-file-name)")/include-fixed" | sed -E 's/^\t+//g' | tr -d '"' | sort -u || true + which "${CC}"; "${CC}" --version || true + xcodebuild -version || true + xcrun -sdk macosx --show-sdk-path 2>/dev/null || true + echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::' + echo '::group::brew packages preinstalled'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::' + + - name: 'cmake configure' + run: | + [[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" + if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then + libgccdir="$(dirname "$("${CC}" -print-libgcc-file-name)")" + echo '::group::gcc include-fixed details'; find "${libgccdir}/include-fixed" | sort; echo '::endgroup::' + for f in dispatch os AvailabilityInternal.h stdio.h; do + if [ -r "${libgccdir}/include-fixed/${f}" ]; then + echo "Zap gcc hack: '${libgccdir}/include-fixed/${f}'" + mv "${libgccdir}/include-fixed/${f}" "${libgccdir}/include-fixed/${f}-BAK" + fi + done + fi + cmake -B bld -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON \ + -DCMAKE_OSX_DEPLOYMENT_TARGET=${{ matrix.build.macos-version-min }} \ + "-DCMAKE_C_COMPILER_TARGET=$(uname -m | sed 's/arm64/aarch64/')-apple-darwin$(uname -r)" \ + -DUSE_NGHTTP2=ON \ + ${{ matrix.build.generate }} + + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + cat bld/lib/curl_config.h | grep -F '#define' | sort || true + + - name: 'cmake build' + run: make -C bld VERBOSE=1 + + - name: 'curl version' + run: bld/src/curl --disable --version + + - name: 'cmake build tests' + run: make -C bld testdeps + + - name: 'cmake run tests' + run: | + export TFLAGS='${{ matrix.build.tflags }} -j10' + if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then + TFLAGS+=' ~RTSP' # 567 568 569 570 571 572 577 689 3100 + TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length + if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then + TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059 + TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2 + else + TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2 + fi + fi + rm -f $HOME/.curlrc + make -C bld test-ci + + combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, SecureTransport/not, built tool, combinations + if: true # Set to `true` to enable this test matrix. It runs quickly. + name: "${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }} ${{ matrix.image }} ${{ matrix.xcode }} ${{ matrix.config }}" + runs-on: ${{ matrix.image }} + timeout-minutes: 30 + env: + DEVELOPER_DIR: "/Applications/Xcode${{ matrix.xcode && format('_{0}', matrix.xcode) || '' }}.app/Contents/Developer" + CC: ${{ matrix.compiler }} + strategy: + fail-fast: false + matrix: + config: [SecureTransport] # also: OpenSSL + compiler: [gcc-11, gcc-12, gcc-13, gcc-14, llvm@15, clang] + # Xcode support matrix as of 2024-07, with default macOS SDK versions and OS names, years: + # * = default Xcode on the runner. + # macos-12: 13.1, 13.2.1, 13.3.1, 13.4.1, 14.0.1, 14.1,*14.2 + # macos-13: 14.1, 14.2, 14.3.1,*15.0.1, 15.1, 15.2 + # macos-14: 14.3.1, 15.0.1, 15.1, 15.2, 15.3,*15.4, 16.0 + # macOSSDK: 12.0, 12.1, 12.3, 12.3, 12.3, 13.0, 13.1, 13.3, 14.0, 14.2, 14.2, 14.4, 14.5, 15.0 + # Monterey (2021) Ventura (2022) Sonoma (2023) Sequoia (2024) + # https://github.com/actions/runner-images/tree/main/images/macos + # https://en.wikipedia.org/wiki/MacOS_version_history + image: [macos-12, macos-13, macos-14] + # Can skip these to reduce jobs: + # 13.1, 13.2.1 are fairly old. + # 13.3.1, 14.0.1 have the same default macOS SDK as 13.4.1 and identical test results. + # 15.1 has the same default macOS SDK as 15.2 and identical test result. + # 14.1, 15.4 not revealing new fallouts. + #xcode: ['13.1', '13.2.1', '13.3.1', '13.4.1', '14.0.1', '14.1', '14.2', '14.3.1', '15.0.1', '15.1', '15.2', '15.3', '15.4', '16.0'] # all Xcode + #xcode: ['13.1', '13.2.1', '13.4.1', '14.1', '14.2', '14.3.1', '15.0.1', '15.2', '15.3', '15.4', '16.0'] # all SDK + #xcode: ['13.4.1', '14.2', '14.3.1', '15.0.1', '15.2', '15.3', '16.0'] # coverage + xcode: [''] # default Xcodes + macos-version-min: ['10.8'] + build: [autotools, cmake] + exclude: + # Combinations uncovered by runner images: + - { image: macos-12, xcode: '14.3.1' } + - { image: macos-12, xcode: '15.0.1' } + - { image: macos-12, xcode: '15.1' } + - { image: macos-12, xcode: '15.2' } + - { image: macos-12, xcode: '15.3' } + - { image: macos-12, xcode: '15.4' } + - { image: macos-12, xcode: '16.0' } + - { image: macos-13, xcode: '13.1' } + - { image: macos-13, xcode: '13.2.1' } + - { image: macos-13, xcode: '13.3.1' } + - { image: macos-13, xcode: '13.4.1' } + - { image: macos-13, xcode: '14.0.1' } + - { image: macos-13, xcode: '15.3' } + - { image: macos-13, xcode: '15.4' } + - { image: macos-13, xcode: '16.0' } + - { image: macos-14, xcode: '13.1' } + - { image: macos-14, xcode: '13.2.1' } + - { image: macos-14, xcode: '13.3.1' } + - { image: macos-14, xcode: '13.4.1' } + - { image: macos-14, xcode: '14.0.1' } + - { image: macos-14, xcode: '14.1' } + - { image: macos-14, xcode: '14.2' } + # Reduce build combinations, by dropping less interesting ones + - { compiler: gcc-11, build: autotools } + - { compiler: gcc-11, image: macos-14 } + - { compiler: gcc-12, config: SecureTransport } + - { compiler: gcc-13, build: cmake } + - { compiler: gcc-13, image: macos-13 } + - { compiler: gcc-14, config: SecureTransport } steps: - - run: echo libtool autoconf automake pkg-config ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile - name: 'brew bundle' + - name: 'install autotools' + if: ${{ matrix.build == 'autotools' }} + run: | + echo autoconf automake libtool openssl | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile + while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: 'toolchain versions' + run: | + [[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" + [[ '${{ matrix.compiler }}' = 'gcc'* ]] && \ + grep -h -r -E -o '.+[0-9.]+\.sdk/' "$(dirname "$("${CC}" -print-libgcc-file-name)")/include-fixed" | sed -E 's/^\t+//g' | tr -d '"' | sort -u || true + which "${CC}"; "${CC}" --version || true + xcodebuild -version || true + xcrun -sdk macosx --show-sdk-path 2>/dev/null || true + echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::' + echo '::group::brew packages preinstalled'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::' + + - name: 'autoreconf' + if: ${{ matrix.build == 'autotools' }} + run: autoreconf -fi + + - name: 'configure / ${{ matrix.build }}' + run: | + [[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang" + + # gcc ships with an `include-fixed` header set, which overrides SDK + # headers with the intent of making them compatible with gcc. The + # source for these headers is: + # https://github.com/gcc-mirror/gcc/tree/master/fixincludes + # with extra Apple-specific patches applied from here for Homebrew: + # https://github.com/iains/gcc-12-branch + # + # They pass through a generator phase at build-time which seems to + # pick the SDK installed on the build machine (maintained by the + # Homebrew project in our case) and patches it according to a set + # of rules in `inclhack.def`. + # + # Homebrew builds and ships different binaries for different macOS + # versions and CPUs, built on machines using the same OS version as + # the target one. Each of these machines have a particular version + # of Apple CommandLineTools with a default SDK version installed with + # them. + # + # Then this binary gets installed onto the end-user machine, + # matching the OS version at the time of installation. + # + # The problem with this approach is that the SDK version picked up + # at gcc build-time has a high chance of being or becoming out of + # sync with actual SDK installed on the end-user machine. This + # can happen after upgrading the OS, Xcode, selecting an SDK version + # manually, or other reasons. + # + # When the SDK versions do not match, the gcc hacks, instead of + # improving compatibility the SDK, are actively _breaking_ + # compatibility, in an unexpected, hard to diagnose way. + # + # The SDK version used for gcc-hacks is not advertised. We can + # extract the major SDK version from the generated gcc-hack header + # files, assuming someone knows what to look for and where. + # + # Basically it also means that the same `gcc-N` Homebrew package + # behaves differently depending on the OS it was built on. Causing + # an explosion of build combination. It may also mean that a minor + # gcc version bump is built against a different SDK version, and due + # to the extra patch for the hack applied by Homebrew, there may + # be extra changes as well. + # + # For GHA runners, it means that the default Xcode + OS combo is + # broken in 8 out of 12 combinations (66%) have an SDK mismatch, + # and 9 fail to build (75%). These are the 3 lucky default + # combinations that worked to build curl: + # macos-14 + Xcode 15.0.1 + gcc-11, gcc-12, gcc-14 + # + # Of all possible valid GHA runner, gcc, manually selected Xcode + # combinations, 40% are broken. + # + # Compared to mainline llvm: llvm ships the same binaries regardless + # of build-OS or environent, it contains no SDK-version-specific + # hacks, and has no 3rd party patches. This still leaves some + # occasional issues, but works much closer to expectations. + # + # Some of these hacks are helpful, in particular for fixing this + # issue via math.h: + # /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/math.h:53:5: error: #error "Unsupported value of + # 53 | # error "Unsupported value of __FLT_EVAL_METHOD__." + # + # Errors seen in available CI combinations: + # error: two or more data types in declaration specifiers # fatal error: AvailabilityInternalLegacy.h: No such file or directory + # gcc-11, gcc-13 + macos-14 + Xcode 14.3.1 + # error: two or more data types in declaration specifiers + # gcc-13 + macos-12 + Xcode 14.1, 14.2 + # gcc-13 + Xcode 15.0.1, 15.1, 5.2 + # error: expected ';' before 'extern' + # gcc-11, gcc-12, gcc-14 + macos-12 + Xcode 14.1, 14.2 + # error: unknown type name 'dispatch_queue_t' + # gcc-11, gcc-12 + macos-13 + Xcode 15.0.1, 15.1, 15.2 + # error: type defaults to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplicit-int] + # gcc-14 macos-13 Xcode 15.0.1, 15.1, 15.2 + # error: unknown type name 'FILE' + # Xcode 16.0 + # + # Unbreak Homebrew gcc builds by moving problematic SDK header overlay + # directories/files out of the way: + if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then + # E.g.: + # $(brew --prefix)/Cellar/gcc@11/11.4.0/lib/gcc/11/gcc/aarch64-apple-darwin23/11/include-fixed + # $(brew --prefix)/Cellar/gcc@11/11.4.0/lib/gcc/11/gcc/x86_64-apple-darwin21/11/include-fixed + # $(brew --prefix)/Cellar/gcc/14.1.0_1/lib/gcc/14/gcc/x86_64-apple-darwin21/14/include-fixed + libgccdir="$(dirname "$("${CC}" -print-libgcc-file-name)")" + echo '::group::gcc include-fixed details'; find "${libgccdir}/include-fixed" | sort; echo '::endgroup::' + patch_out='dispatch os AvailabilityInternal.h' + patch_out+=' stdio.h' # for Xcode 16 error: unknown type name 'FILE' + for f in ${patch_out}; do + if [ -r "${libgccdir}/include-fixed/${f}" ]; then + echo "Zap gcc hack: '${libgccdir}/include-fixed/${f}'" + mv "${libgccdir}/include-fixed/${f}" "${libgccdir}/include-fixed/${f}-BAK" + fi + done + fi + + if [ '${{ matrix.build }}' = 'autotools' ]; then + export CFLAGS + if [[ '${{ matrix.compiler }}' = 'llvm'* ]]; then + options+=" --target=$(uname -m)-apple-darwin" + CC+=" --target=$(uname -m)-apple-darwin" + fi + if [ '${{ matrix.compiler }}' != 'clang' ]; then + options+=" --with-sysroot=$(xcrun -sdk macosx --show-sdk-path 2>/dev/null)" + CFLAGS+=" --sysroot=$(xcrun -sdk macosx --show-sdk-path 2>/dev/null)" + fi + [ '${{ matrix.config }}' = 'OpenSSL' ] && options+=" --with-openssl=$(brew --prefix openssl)" + [ '${{ matrix.config }}' = 'SecureTransport' ] && options+=' --with-secure-transport' + CFLAGS+=' -mmacosx-version-min=${{ matrix.macos-version-min }}' + # would pick up nghttp2, libidn2, but libssh2 is disabled by default + mkdir bld && cd bld && ../configure --enable-warnings --enable-werror \ + --disable-dependency-tracking \ + --disable-docs --disable-manual \ + --without-nghttp2 --without-libidn2 \ + ${options} + else + [ '${{ matrix.config }}' = 'OpenSSL' ] && options+=' -DCURL_USE_OPENSSL=ON' + [ '${{ matrix.config }}' = 'SecureTransport' ] && options+=' -DCURL_USE_SECTRANSP=ON' + # would pick up nghttp2, libidn2, and libssh2 + cmake -B bld -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON \ + -DCMAKE_OSX_DEPLOYMENT_TARGET=${{ matrix.macos-version-min }} \ + "-DCMAKE_IGNORE_PREFIX_PATH=$(brew --prefix)" \ + "-DCMAKE_C_COMPILER_TARGET=$(uname -m | sed 's/arm64/aarch64/')-apple-darwin$(uname -r)" \ + -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF \ + -DUSE_APPLE_IDN=OFF \ + ${options} + fi - - run: brew update && brew bundle install --no-lock --file /tmp/Brewfile - name: 'brew install' + - name: 'configure log' + if: ${{ !cancelled() }} + run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true - - uses: actions/checkout@v2 + - name: 'curl_config.h' + run: | + echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::' + cat bld/lib/curl_config.h | grep -F '#define' | sort || true - - run: cmake -H. -Bbuild -DCURL_WERROR=ON -DPICKY_COMPILER=ON ${{ matrix.build.generate }} - name: 'cmake generate' + - name: 'build / ${{ matrix.build }}' + run: make -C bld V=1 VERBOSE=1 - - run: cmake --build build - name: 'cmake build' + - name: 'curl version' + run: bld/src/curl --disable --version diff --git a/libs/curl/.github/workflows/man-examples.yml b/libs/curl/.github/workflows/man-examples.yml new file mode 100644 index 00000000..502d590b --- /dev/null +++ b/libs/curl/.github/workflows/man-examples.yml @@ -0,0 +1,37 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: manpage examples + +on: + push: + branches: + - master + - '*/ci' + paths: + - 'docs/libcurl/curl_*.3' + - 'docs/libcurl/opts/*.3' + - '.github/scripts/verify-examples.pl' + pull_request: + branches: + - master + paths: + - 'docs/libcurl/curl_*.3' + - 'docs/libcurl/opts/*.3' + - '.github/scripts/verify-examples.pl' + +permissions: {} + +jobs: + verify: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: render nroff versions + run: autoreconf -fi && ./configure --without-ssl --without-libpsl && make -C docs + + - name: verify examples + run: ./.github/scripts/verify-examples.pl docs/libcurl/curl*.3 docs/libcurl/opts/*.3 diff --git a/libs/curl/.github/workflows/mbedtls.yml b/libs/curl/.github/workflows/mbedtls.yml deleted file mode 100644 index 07e0acd2..00000000 --- a/libs/curl/.github/workflows/mbedtls.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Linux - -on: - # Trigger the workflow on push or pull requests, but only for the - # master branch - push: - branches: - - master - - '*/ci' - pull_request: - branches: - - master - -jobs: - autotools: - name: ${{ matrix.build.name }} - runs-on: 'ubuntu-latest' - timeout-minutes: 60 - strategy: - fail-fast: false - matrix: - build: - - name: mbedtls - install: - configure: --with-mbedtls=$HOME/mbed --enable-debug --enable-werror - - name: clang-mbedtls - install: - configure: CC=clang --with-mbedtls=$HOME/mbed --enable-debug --enable-werror - - steps: - - run: sudo apt-get install libtool autoconf automake pkg-config clang - name: install prereqs - - - run: | - git clone --depth=1 -b v3.1.0 https://github.com/ARMmbed/mbedtls - cd mbedtls - make - make DESTDIR=$HOME/mbed install - - name: 'install mbedtls' - - - uses: actions/checkout@v2 - - - run: ./buildconf && LDFLAGS="-Wl,-rpath,$HOME/mbed/lib" ./configure --enable-warnings --enable-werror ${{ matrix.build.configure }} && make V=1 - name: 'configure and build' - - - run: make V=1 test-ci - name: 'test' - env: - TFLAGS: "${{ matrix.build.tflags }}" diff --git a/libs/curl/.github/workflows/non-native.yml b/libs/curl/.github/workflows/non-native.yml new file mode 100644 index 00000000..e7a158cf --- /dev/null +++ b/libs/curl/.github/workflows/non-native.yml @@ -0,0 +1,205 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +name: non-native + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + netbsd: + name: 'NetBSD (cmake, openssl, clang)' + runs-on: ubuntu-latest + timeout-minutes: 30 + strategy: + matrix: + arch: ['x86_64'] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: 'cmake' + uses: cross-platform-actions/action@cdc9ee69ef84a5f2e59c9058335d9c57bcb4ac86 # v0.25.0 + with: + operating_system: 'netbsd' + version: '10.0' + architecture: ${{ matrix.arch }} + run: | + # https://pkgsrc.se/ + sudo pkgin -y install cmake pkg-config perl brotli heimdal openldap-client libssh2 libidn2 libpsl nghttp2 # python311 py311-impacket + cmake -B bld \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG= \ + -DBUILD_EXAMPLES=ON \ + -DENABLE_WEBSOCKETS=ON \ + -DCURL_USE_OPENSSL=ON \ + -DCURL_BROTLI=ON -DUSE_NGHTTP2=ON -DCURL_USE_GSSAPI=ON \ + || { cat bld/CMakeFiles/CMake*.yaml; false; } + cmake --build bld --config Debug --parallel 3 + bld/src/curl --disable --version + if [ '${{ matrix.arch }}' = 'x86_64' ]; then # Slow on emulated CPU + cmake --build bld --config Debug --parallel 3 --target testdeps + export TFLAGS='-j0' # flakies: ~389 ~392 ~TFTP and more + cmake --build bld --config Debug --target test-ci + fi + + openbsd: + name: 'OpenBSD (cmake, libressl, clang)' + runs-on: ubuntu-latest + timeout-minutes: 30 + strategy: + matrix: + arch: ['x86_64'] + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: 'cmake' + uses: cross-platform-actions/action@cdc9ee69ef84a5f2e59c9058335d9c57bcb4ac86 # v0.25.0 + with: + operating_system: 'openbsd' + version: '7.5' + architecture: ${{ matrix.arch }} + run: | + # https://openbsd.app/ + sudo pkg_add cmake perl brotli openldap-client libssh2 libidn2 libpsl nghttp2 python3 py3-impacket + cmake -B bld \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG= \ + -DBUILD_EXAMPLES=ON \ + -DENABLE_WEBSOCKETS=ON \ + -DCURL_USE_OPENSSL=ON \ + -DCURL_BROTLI=ON -DUSE_NGHTTP2=ON \ + || { cat bld/CMakeFiles/CMake*.yaml; false; } + cmake --build bld --config Debug --parallel 3 + bld/src/curl --disable --version + if [ '${{ matrix.arch }}' = 'x86_64' ]; then # Slow on emulated CPU + cmake --build bld --config Debug --parallel 3 --target testdeps + export TFLAGS='-j8 ~3017 ~TFTP' # FIXME: TFTP requests executed twice? Related: `curl: (69) TFTP: Access Violation`? + cmake --build bld --config Debug --target test-ci + fi + + freebsd: + name: 'FreeBSD (${{ matrix.build }}, openssl, ${{ matrix.compiler }}, ${{ matrix.arch }})' + runs-on: ubuntu-latest + timeout-minutes: 60 + strategy: + matrix: + include: + - { build: 'autotools', arch: 'x86_64', compiler: 'clang' } + - { build: 'autotools', arch: 'arm64', compiler: 'clang' } + - { build: 'cmake' , arch: 'arm64', compiler: 'clang' } + fail-fast: false + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: 'autotools' + if: ${{ matrix.build == 'autotools' }} + uses: cross-platform-actions/action@cdc9ee69ef84a5f2e59c9058335d9c57bcb4ac86 # v0.25.0 + with: + operating_system: 'freebsd' + version: '14.1' + architecture: ${{ matrix.arch }} + run: | + # https://ports.freebsd.org/ + sudo pkg install -y autoconf automake libtool pkgconf brotli openldap26-client libidn2 libnghttp2 nghttp2 stunnel py311-openssl py311-impacket py311-cryptography + autoreconf -fi + export CC='${{ matrix.compiler }}' + mkdir bld && cd bld && ../configure --enable-debug --enable-warnings --enable-werror \ + --prefix="${HOME}"/install \ + --enable-websockets \ + --with-openssl \ + --with-brotli --enable-ldap --enable-ldaps --with-libidn2 --with-libssh2 --with-nghttp2 --with-gssapi \ + --disable-dependency-tracking || { tail -n 1000 config.log; false; } + make -j3 install + src/curl --disable --version + make -j3 examples + if [ '${{ matrix.arch }}' = 'x86_64' ]; then # Slow on emulated CPU + make -j3 -C tests + # The OpenSSH server instance for the testsuite cannot be started on FreeBSD, + # therefore the SFTP and SCP tests are disabled right away from the beginning. + make test-ci V=1 TFLAGS='-j12 !SFTP !SCP' + fi + + - name: 'cmake' + if: ${{ matrix.build == 'cmake' }} + uses: cross-platform-actions/action@cdc9ee69ef84a5f2e59c9058335d9c57bcb4ac86 # v0.25.0 + with: + operating_system: 'freebsd' + version: '14.1' + architecture: ${{ matrix.arch }} + run: | + # https://ports.freebsd.org/ + sudo pkg install -y cmake pkgconf brotli openldap26-client libidn2 libnghttp2 nghttp2 stunnel py311-openssl py311-impacket py311-cryptography + cmake -B bld \ + '-DCMAKE_C_COMPILER=${{ matrix.compiler }}' \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DENABLE_DEBUG=ON -DCMAKE_BUILD_TYPE=Debug -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG= \ + -DBUILD_EXAMPLES=ON \ + -DENABLE_WEBSOCKETS=ON \ + -DCURL_USE_OPENSSL=ON \ + -DCURL_BROTLI=ON -DUSE_NGHTTP2=ON -DCURL_USE_GSSAPI=ON \ + || { cat bld/CMakeFiles/CMake*.yaml; false; } + cmake --build bld --config Debug --parallel 3 + bld/src/curl --disable --version + if [ '${{ matrix.arch }}' = 'x86_64' ]; then # Slow on emulated CPU + cmake --build bld --config Debug --parallel 3 --target testdeps + # The OpenSSH server instance for the testsuite cannot be started on FreeBSD, + # therefore the SFTP and SCP tests are disabled right away from the beginning. + make test-ci V=1 TFLAGS='-j12 !SFTP !SCP' + fi + + omnios: + name: 'OmniOS (autotools, openssl, gcc, amd64)' + runs-on: ubuntu-latest + timeout-minutes: 30 + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: 'autotools' + uses: vmactions/omnios-vm@a61ca1ebafdcb14a9d986928d070c9834ee66fd3 # v1 + with: + usesh: true + # https://pkg.omnios.org/r151050/core/en/index.shtml + prepare: pkg install build-essential libtool + run: | + ln -s /usr/bin/gcpp /usr/bin/cpp # Some tests expect `cpp`, which is named `gcpp` in this env. + autoreconf -fi + mkdir bld && cd bld && ../configure --enable-debug --enable-warnings --enable-werror \ + --prefix="${HOME}"/install \ + --enable-websockets \ + --with-openssl \ + --disable-dependency-tracking || { tail -n 1000 config.log; false; } + gmake -j3 install + src/curl --disable --version + gmake -j3 examples + gmake -j3 -C tests + gmake test-ci V=1 TFLAGS='-j12 ~MQTT ~FTP' diff --git a/libs/curl/.github/workflows/proselint.yml b/libs/curl/.github/workflows/proselint.yml new file mode 100644 index 00000000..177f247b --- /dev/null +++ b/libs/curl/.github/workflows/proselint.yml @@ -0,0 +1,71 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: proselint + +on: + push: + branches: + - master + - '*/ci' + paths: + - '.github/workflows/proselint.yml' + - '**.md' + pull_request: + branches: + - master + paths: + - '.github/workflows/proselint.yml' + - '**.md' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: install prereqs + run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get install python3-proselint + + # config file help: https://github.com/amperser/proselint/ + - name: create proselint config + run: | + cat < $HOME/.proselintrc + { + "checks": { + "typography.diacritical_marks": false, + "typography.symbols": false, + "annotations.misc": false, + "security.password": false + } + } + JSON + + - name: check prose + run: git ls-files '*.md' | grep -Ev 'CHECKSRC.md|DISTROS.md|CURLOPT_INTERFACE.md' | xargs proselint README + + # This is for CHECKSRC and files with aggressive exclamation mark needs + - name: create second proselint config + run: | + cat < $HOME/.proselintrc + { + "checks": { + "typography.diacritical_marks": false, + "typography.symbols": false, + "typography.exclamation": false, + "annotations.misc": false + } + } + JSON + + - name: check special prose + run: proselint docs/CHECKSRC.md docs/libcurl/opts/CURLOPT_INTERFACE.md diff --git a/libs/curl/.github/workflows/reuse.yml b/libs/curl/.github/workflows/reuse.yml new file mode 100644 index 00000000..fc2371fc --- /dev/null +++ b/libs/curl/.github/workflows/reuse.yml @@ -0,0 +1,29 @@ +# Copyright (C) Daniel Stenberg, , et al. +# SPDX-FileCopyrightText: 2022 Free Software Foundation Europe e.V. +# +# SPDX-License-Identifier: curl + +name: REUSE compliance + +on: + push: + branches: + - master + - '*/ci' + pull_request: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: REUSE Compliance Check + uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4 diff --git a/libs/curl/.github/workflows/shellcheck.yml b/libs/curl/.github/workflows/shellcheck.yml new file mode 100644 index 00000000..524a8284 --- /dev/null +++ b/libs/curl/.github/workflows/shellcheck.yml @@ -0,0 +1,28 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +name: shellcheck + +on: + push: + branches: + - master + pull_request: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + shellcheck: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: 'shellcheck' + run: .github/scripts/shellcheck.sh diff --git a/libs/curl/.github/workflows/spacecheck.yml b/libs/curl/.github/workflows/spacecheck.yml new file mode 100644 index 00000000..1a68185f --- /dev/null +++ b/libs/curl/.github/workflows/spacecheck.yml @@ -0,0 +1,28 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +name: spacecheck + +on: + push: + branches: + - master + pull_request: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + spacecheck: + runs-on: ubuntu-latest + timeout-minutes: 2 + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: 'spacecheck' + run: .github/scripts/spacecheck.pl diff --git a/libs/curl/.github/workflows/spellcheck.yml b/libs/curl/.github/workflows/spellcheck.yml new file mode 100644 index 00000000..12f82a07 --- /dev/null +++ b/libs/curl/.github/workflows/spellcheck.yml @@ -0,0 +1,50 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: spell +on: + push: + branches: + - master + paths: + - '**.md' + - '**/spellcheck.yml' + - '**/spellcheck.yaml' + - '.github/scripts/*' + pull_request: + branches: + - master + paths: + - '**.md' + - '**/spellcheck.yml' + - '**/spellcheck.yaml' + - '.github/scripts/*' + +permissions: {} + +jobs: + check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: trim all man page *.md files + run: find docs -name "*.md" ! -name "_*" | xargs -n1 ./.github/scripts/cleancmd.pl + + - name: trim libcurl man page *.md files + run: find docs/libcurl -name "curl_*.md" -o -name "libcurl*.md" | xargs -n1 ./.github/scripts/cleanspell.pl + + - name: trim libcurl option man page *.md files + run: find docs/libcurl/opts -name "CURL*.md" | xargs -n1 ./.github/scripts/cleanspell.pl + + - name: trim cmdline docs markdown _*.md files + run: find docs/cmdline-opts -name "_*.md" | xargs -n1 ./.github/scripts/cleancmd.pl --no-header + + - name: setup the custom wordlist + run: grep -v '^#' .github/scripts/spellcheck.words > wordlist.txt + + - name: Check Spelling + uses: rojopolis/spellcheck-github-actions@d354a4dc525c8067555c7481b60416cedb0060ff # v0 + with: + config_path: .github/scripts/spellcheck.yaml diff --git a/libs/curl/.github/workflows/synopsis.yml b/libs/curl/.github/workflows/synopsis.yml new file mode 100644 index 00000000..10e7949b --- /dev/null +++ b/libs/curl/.github/workflows/synopsis.yml @@ -0,0 +1,34 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: SYNOPSIS + +on: + push: + branches: + - master + - '*/ci' + paths: + - 'docs/libcurl/curl_*.md' + - 'scripts/*.pl' + - '.github/workflows/*.yml' + pull_request: + branches: + - master + paths: + - 'docs/libcurl/curl_*.md' + - 'scripts/*.pl' + - '.github/workflows/*.yml' + +permissions: {} + +jobs: + verify: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: verify-synopsis + run: ./.github/scripts/verify-synopsis.pl docs/libcurl/curl*.md diff --git a/libs/curl/.github/workflows/torture.yml b/libs/curl/.github/workflows/torture.yml new file mode 100644 index 00000000..10bd34ce --- /dev/null +++ b/libs/curl/.github/workflows/torture.yml @@ -0,0 +1,91 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Linux torture + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + # Hardcoded workflow filename as workflow name above is just Linux again + group: torture-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 5 + +jobs: + autotools: + name: ${{ matrix.build.name }} + runs-on: 'ubuntu-latest' + timeout-minutes: 90 + strategy: + fail-fast: false + matrix: + build: + - name: torture + install: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libnghttp2-dev libssh2-1-dev libc-ares-dev + configure: --with-openssl --enable-debug --enable-ares --enable-websockets + tflags: -n -t --shallow=25 !FTP + - name: torture-ftp + install: libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev libnghttp2-dev libssh2-1-dev libc-ares-dev + configure: --with-openssl --enable-debug --enable-ares + tflags: -n -t --shallow=20 FTP + + steps: + - run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get update + sudo apt-get install libtool autoconf automake pkg-config stunnel4 ${{ matrix.build.install }} + sudo python3 -m pip install impacket + name: 'install prereqs and impacket' + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - run: autoreconf -fi + name: 'autoreconf' + + - run: ./configure --disable-dependency-tracking --enable-warnings --enable-werror ${{ matrix.build.configure }} + name: 'configure' + + - run: make V=1 + name: 'make' + + - run: make V=1 -C tests + name: 'make tests' + + - run: make V=1 test-torture + name: 'run tests' + env: + TFLAGS: "${{ matrix.build.tflags }}" diff --git a/libs/curl/.github/workflows/windows.yml b/libs/curl/.github/workflows/windows.yml new file mode 100644 index 00000000..148f148a --- /dev/null +++ b/libs/curl/.github/workflows/windows.yml @@ -0,0 +1,633 @@ +# Copyright (C) Viktor Szakats +# +# SPDX-License-Identifier: curl + +name: windows + +on: + push: + branches: + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + pull_request: + branches: + - master + paths-ignore: + - '**/*.md' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +jobs: + cygwin: + name: "cygwin, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.platform }} ${{ matrix.name }}" + runs-on: windows-latest + timeout-minutes: 45 + defaults: + run: + shell: C:\cygwin\bin\bash.exe '{0}' + env: + SHELLOPTS: 'igncr' + strategy: + matrix: + include: + - { build: 'automake', platform: 'x86_64', tflags: '' , config: '--enable-debug --disable-threaded-resolver', name: 'openssl' } + - { build: 'cmake' , platform: 'x86_64', tflags: 'skipall', config: '-DCURL_USE_OPENSSL=ON', name: 'openssl R' } + fail-fast: false + steps: + - run: git config --global core.autocrlf input + shell: pwsh + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: cygwin/cygwin-install-action@006ad0b0946ca6d0a3ea2d4437677fa767392401 # v4 + with: + platform: ${{ matrix.platform }} + # https://cygwin.com/cgi-bin2/package-grep.cgi + packages: autoconf libtool ${{ matrix.build }} gcc-core gcc-g++ binutils make libssl-devel zlib-devel libbrotli-devel libnghttp2-devel libpsl-devel libssh2-devel + site: https://mirrors.kernel.org/sourceware/cygwin/ + + - name: 'autotools autoreconf' + if: ${{ matrix.build == 'automake' }} + timeout-minutes: 2 + run: autoreconf -fi + + - name: 'autotools configure' + if: ${{ matrix.build == 'automake' }} + timeout-minutes: 5 + run: | + PATH="/usr/bin:$(cygpath "${SYSTEMROOT}")/System32" + mkdir bld && cd bld && ../configure --enable-warnings --enable-werror \ + --prefix="${HOME}"/install \ + --enable-websockets \ + --with-openssl \ + --with-libssh2 \ + --disable-dependency-tracking \ + ${{ matrix.config }} + + - name: 'autotools configure log' + if: ${{ matrix.build == 'automake' && !cancelled() }} + run: cat bld/config.log 2>/dev/null || true + + - name: 'curl_config.h' + if: ${{ matrix.build == 'automake' }} + run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true + + - name: 'curl_config.h (full)' + if: ${{ matrix.build == 'automake' }} + run: cat bld/lib/curl_config.h || true + + - name: 'autotools build' + if: ${{ matrix.build == 'automake' }} + timeout-minutes: 10 + run: make -C bld -j5 V=1 install + + - name: 'curl version' + if: ${{ matrix.build == 'automake' }} + timeout-minutes: 1 + run: | + find . -name '*.exe' -o -name '*.dll' + bld/src/curl.exe --disable --version + + - name: 'autotools build examples' + if: ${{ matrix.build == 'automake' }} + timeout-minutes: 5 + run: make -C bld -j5 V=1 examples + + - name: 'autotools build tests' + if: ${{ matrix.build == 'automake' && matrix.tflags != 'skipall' }} + timeout-minutes: 15 + run: make -C bld -j5 V=1 -C tests + + - name: 'autotools run tests' + if: ${{ matrix.build == 'automake' && matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 40 + run: | + export TFLAGS='-j8 ${{ matrix.tflags }}' + if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" + fi + make -C bld -j5 V=1 test-ci + + - name: 'cmake configure' + if: ${{ matrix.build == 'cmake' }} + timeout-minutes: 5 + run: | + PATH="/usr/bin:$(cygpath "${SYSTEMROOT}")/System32" + cmake -B bld ${options} \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DBUILD_EXAMPLES=ON \ + -DENABLE_WEBSOCKETS=ON \ + -DCURL_BROTLI=ON -DUSE_NGHTTP2=ON \ + ${{ matrix.config }} + + - name: 'cmake configure log' + if: ${{ matrix.build == 'cmake' && !cancelled() }} + run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + if: ${{ matrix.build == 'cmake' }} + run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true + + - name: 'curl_config.h (full)' + if: ${{ matrix.build == 'cmake' }} + run: cat bld/lib/curl_config.h || true + + - name: 'cmake build' + if: ${{ matrix.build == 'cmake' }} + timeout-minutes: 10 + run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 + + - name: 'curl version' + if: ${{ matrix.build == 'cmake' }} + timeout-minutes: 1 + run: | + find . -name '*.exe' -o -name '*.dll' | grep -v '/examples/' + PATH="$PWD/bld/lib:$PATH" + bld/src/curl.exe --disable --version + + - name: 'cmake build tests' + if: ${{ matrix.build == 'cmake' && matrix.tflags != 'skipall' }} + timeout-minutes: 15 + run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target testdeps + + - name: 'cmake run tests' + if: ${{ matrix.build == 'cmake' && matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 40 + run: | + export TFLAGS='-j8 ${{ matrix.tflags }}' + if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" + fi + PATH="$PWD/bld/lib:$PATH" + cmake --build bld --config '${{ matrix.type }}' --target test-ci + + msys2: # both msys and mingw-w64 + name: "${{ matrix.sys == 'msys' && 'msys2' || 'mingw' }}, ${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.env }} ${{ matrix.name }} ${{ matrix.test }}" + runs-on: windows-latest + timeout-minutes: 45 + defaults: + run: + shell: msys2 {0} + strategy: + matrix: + include: + - { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '!19 !1233', config: '--enable-debug --disable-threaded-resolver --disable-proxy', name: '!proxy' } + - { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '!19 !504 !704 !705 !1233', config: '--enable-debug --disable-threaded-resolver', name: 'default' } + - { build: 'cmake' , sys: 'msys' , env: 'x86_64' , tflags: 'skipall' , config: '-DENABLE_DEBUG=ON -DENABLE_THREADED_RESOLVER=OFF', name: 'default' } + - { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '!19 !504 !704 !705 !1233', config: '', name: 'default R' } + - { build: 'autotools', sys: 'mingw64', env: 'x86_64' , tflags: 'skiprun' , config: '--enable-debug --disable-threaded-resolver --disable-curldebug --enable-static=no', name: 'default' } + # FIXME: WebSockets test results ignored due to frequent failures on native Windows: + - { build: 'cmake' , sys: 'mingw64', env: 'x86_64' , tflags: '~2301 ~2302' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON', type: 'Debug', name: 'schannel U' } + - { build: 'cmake' , sys: 'ucrt64' , env: 'ucrt-x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_CURLDEBUG=ON', type: 'Release', name: 'schannel R TrackMemory' } + - { build: 'cmake' , sys: 'clang64', env: 'clang-x86_64', tflags: 'skiprun' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_OPENSSL=ON -DENABLE_UNICODE=OFF', type: 'Release', name: 'openssl' } + - { build: 'cmake' , sys: 'mingw64', env: 'x86_64' , tflags: 'skiprun' , config: '-DENABLE_DEBUG=OFF -DBUILD_SHARED_LIBS=ON -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DBUILD_EXAMPLES=OFF', type: 'Release', test: 'uwp', name: 'schannel R' } + fail-fast: false + steps: + - run: git config --global core.autocrlf input + shell: pwsh + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - uses: msys2/setup-msys2@5df0ca6cbf14efcd08f8d5bd5e049a3cc8e07fd2 # v2 + if: ${{ matrix.sys == 'msys' }} + with: + msystem: ${{ matrix.sys }} + # https://packages.msys2.org/search + install: gcc ${{ matrix.build }} make openssl-devel zlib-devel brotli-devel libnghttp2-devel libpsl-devel libssh2-devel + - uses: msys2/setup-msys2@5df0ca6cbf14efcd08f8d5bd5e049a3cc8e07fd2 # v2 + if: ${{ matrix.sys != 'msys' }} + with: + msystem: ${{ matrix.sys }} + install: >- + mingw-w64-${{ matrix.env }}-cc + mingw-w64-${{ matrix.env }}-${{ matrix.build }} make + mingw-w64-${{ matrix.env }}-openssl + mingw-w64-${{ matrix.env }}-libssh2 + + - name: 'autotools autoreconf' + if: ${{ matrix.build == 'autotools' }} + timeout-minutes: 2 + run: autoreconf -fi + + - name: 'autotools configure' + if: ${{ matrix.build == 'autotools' }} + timeout-minutes: 5 + run: | + mkdir bld && cd bld && ../configure --enable-warnings --enable-werror \ + --prefix="${HOME}"/install \ + --enable-websockets \ + --with-openssl \ + --with-libssh2 \ + --disable-dependency-tracking \ + ${{ matrix.config }} + + - name: 'autotools configure log' + if: ${{ matrix.build == 'autotools' && !cancelled() }} + run: cat bld/config.log 2>/dev/null || true + + - name: 'curl_config.h' + if: ${{ matrix.build == 'autotools' }} + run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true + + - name: 'curl_config.h (full)' + if: ${{ matrix.build == 'autotools' }} + run: cat bld/lib/curl_config.h || true + + - name: 'autotools build' + if: ${{ matrix.build == 'autotools' }} + timeout-minutes: 10 + run: make -C bld -j5 V=1 install + + - name: 'curl version' + if: ${{ matrix.build == 'autotools' }} + timeout-minutes: 11 + run: | + find . -name '*.exe' -o -name '*.dll' + bld/src/curl.exe --disable --version + + - name: 'autotools build examples' + if: ${{ matrix.build == 'autotools' }} + timeout-minutes: 5 + run: make -C bld -j5 V=1 examples + + - name: 'autotools build tests' + if: ${{ matrix.build == 'autotools' && matrix.tflags != 'skipall' }} + timeout-minutes: 10 + run: make -C bld -j5 V=1 -C tests + + - name: 'autotools run tests' + if: ${{ matrix.build == 'autotools' && matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 30 + run: | + export TFLAGS='-j14 ${{ matrix.tflags }}' + if [ '${{ matrix.sys }}' != 'msys' ]; then + TFLAGS+=' !TFTP !MQTT !WebSockets !SMTP ~FTP' + fi + if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" + fi + make -C bld -j5 V=1 test-ci + + - name: 'cmake configure' + if: ${{ matrix.build == 'cmake' }} + timeout-minutes: 5 + run: | + if [[ '${{ matrix.env }}' = 'clang'* ]]; then + options='-DCMAKE_C_COMPILER=clang' + else + options='-DCMAKE_C_COMPILER=gcc' + fi + if [ '${{ matrix.test }}' = 'uwp' ]; then + options+=' -DCMAKE_SYSTEM_NAME=WindowsStore -DCMAKE_SYSTEM_VERSION=10.0' + pacman --noconfirm --ask 20 --noprogressbar --sync --needed 'mingw-w64-${{ matrix.env }}-winstorecompat-git' + specs="$(realpath gcc-specs-uwp)" + gcc -dumpspecs | sed -e 's/-lmingwex/-lwindowsapp -lmingwex -lwindowsapp -lwindowsappcompat/' -e 's/-lmsvcrt/-lmsvcr120_app/' > "${specs}" + cflags="-specs=$(cygpath -w "${specs}") -DWINSTORECOMPAT -DWINAPI_FAMILY=WINAPI_FAMILY_APP" + # CMake (as of v3.26.4) gets confused and applies the MSVC rc.exe command-line + # template to windres. Reset it to the windres template manually: + rcopts=' -O coff ' + else + rcopts='' + fi + [ '${{ matrix.type }}' = 'Debug' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG=' + [ '${{ matrix.type }}' = 'Release' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE=' + cmake -B bld ${options} \ + "-DCMAKE_C_FLAGS=${cflags}" \ + "-DCMAKE_RC_COMPILE_OBJECT=${rcopts}" \ + '-DCMAKE_BUILD_TYPE=${{ matrix.type }}' \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DBUILD_EXAMPLES=ON \ + -DENABLE_WEBSOCKETS=ON \ + -DCURL_BROTLI=ON -DUSE_NGHTTP2=ON \ + ${{ matrix.config }} + + - name: 'cmake configure log' + if: ${{ matrix.build == 'cmake' && !cancelled() }} + run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + if: ${{ matrix.build == 'cmake' }} + run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true + + - name: 'curl_config.h (full)' + if: ${{ matrix.build == 'cmake' }} + run: cat bld/lib/curl_config.h || true + + - name: 'cmake build' + if: ${{ matrix.build == 'cmake' }} + timeout-minutes: 10 + run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 + + - name: 'curl version' + if: ${{ matrix.build == 'cmake' }} + timeout-minutes: 1 + run: | + find . -name '*.exe' -o -name '*.dll' | grep -v '/examples/' + if [ '${{ matrix.test }}' != 'uwp' ]; then # UWP missing 'msvcr120_app.dll', fails with exit code 0xc0000135 + PATH="$PWD/bld/lib:$PATH" + bld/src/curl.exe --disable --version + fi + + - name: 'cmake build tests' + if: ${{ matrix.build == 'cmake' && matrix.tflags != 'skipall' }} + timeout-minutes: 10 + run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target testdeps + + - name: 'cmake run tests' + if: ${{ matrix.build == 'cmake' && matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 40 + run: | + export TFLAGS='-j14 ${{ matrix.tflags }}' + if [ '${{ matrix.sys }}' != 'msys' ]; then + TFLAGS+=' !TFTP !MQTT !WebSockets !SMTP ~FTP' + fi + if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" + fi + PATH="$PWD/bld/lib:$PATH" + cmake --build bld --config '${{ matrix.type }}' --target test-ci + + old-mingw-w64: + name: 'old-mingw, CM ${{ matrix.env }} ${{ matrix.name }}' + runs-on: windows-latest + timeout-minutes: 45 + defaults: + run: + shell: C:\msys64\usr\bin\bash.exe {0} + strategy: + matrix: + include: + - name: 'schannel' + env: '9.5.0-x86_64' + dir: 'mingw64' + url: 'https://github.com/brechtsanders/winlibs_mingw/releases/download/9.5.0-10.0.0-msvcrt-r1/winlibs-x86_64-posix-seh-gcc-9.5.0-mingw-w64msvcrt-10.0.0-r1.7z' + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF' + type: 'Release' + tflags: '~2301 ~2302 ~3027' + - name: 'schannel U' + env: '7.3.0-x86_64' + dir: 'mingw64' + url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win64/Personal%20Builds/mingw-builds/7.3.0/threads-win32/seh/x86_64-7.3.0-release-win32-seh-rt_v5-rev0.7z' + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON' + type: 'Release' + tflags: '~2301 ~2302 ~3027' + - name: 'schannel !unity' + env: '6.4.0-i686' + dir: 'mingw32' + url: 'https://downloads.sourceforge.net/mingw-w64/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/6.4.0/threads-win32/dwarf/i686-6.4.0-release-win32-dwarf-rt_v5-rev0.7z' + config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=OFF -DCMAKE_UNITY_BUILD=OFF' + type: 'Debug' + tflags: 'skiprun' + fail-fast: false + steps: + - name: 'cache compiler (gcc ${{ matrix.env }})' + uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + id: cache-compiler + with: + path: ~\my-cache + key: ${{ runner.os }}-mingw-w64-${{ matrix.env }} + + - name: 'install compiler (gcc ${{ matrix.env }})' + if: ${{ steps.cache-compiler.outputs.cache-hit != 'true' }} + timeout-minutes: 5 + run: | + cd "${USERPROFILE}" || exit 1 + mkdir my-cache + cd my-cache || exit 1 + curl --fail --silent --show-error --retry 3 --retry-connrefused --output pack.bin --location --proto-redir =https '${{ matrix.url }}' + pwd + 7z x -y pack.bin >/dev/null + rm -r -f pack.bin + ls -l + + - run: git config --global core.autocrlf input + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: 'cmake configure' + timeout-minutes: 5 + run: | + PATH="$(cygpath "${USERPROFILE}")/my-cache/${{ matrix.dir }}/bin:/c/msys64/usr/bin:$PATH" + [ '${{ matrix.type }}' = 'Debug' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG=' + [ '${{ matrix.type }}' = 'Release' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE=' + cmake -B bld ${options} \ + '-GMSYS Makefiles' \ + -DCMAKE_C_COMPILER=gcc \ + '-DCMAKE_BUILD_TYPE=${{ matrix.type }}' \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DBUILD_EXAMPLES=ON \ + -DENABLE_WEBSOCKETS=ON \ + ${{ matrix.config }} + + - name: 'cmake configure log' + if: ${{ !cancelled() }} + run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true + + - name: 'curl_config.h (full)' + run: cat bld/lib/curl_config.h || true + + - name: 'cmake build' + timeout-minutes: 10 + run: | + PATH="$(cygpath "${USERPROFILE}")/my-cache/${{ matrix.dir }}/bin:/c/msys64/usr/bin:$PATH" + cmake --build bld --config '${{ matrix.type }}' --parallel 5 + + - name: 'curl version' + timeout-minutes: 1 + run: | + find . -name '*.exe' -o -name '*.dll' | grep -v '/examples/' + PATH="$PWD/bld/lib:$PATH" + bld/src/curl.exe --disable --version + + - name: 'cmake build tests' + if: ${{ matrix.tflags != 'skipall' }} + timeout-minutes: 10 + run: | + PATH="$(cygpath "${USERPROFILE}")/my-cache/${{ matrix.dir }}/bin:/c/msys64/usr/bin:$PATH" + cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target testdeps + + - name: 'cmake run tests' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 40 + run: | + PATH="$(cygpath "${USERPROFILE}")/my-cache/${{ matrix.dir }}/bin:/c/msys64/usr/bin:$PATH" + export TFLAGS='-j14 !TFTP !MQTT !WebSockets ~FTP ${{ matrix.tflags }}' + if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" + fi + PATH="$PWD/bld/lib:$PATH" + cmake --build bld --config '${{ matrix.type }}' --target test-ci + + msvc: + name: 'msvc, CM ${{ matrix.arch }}-${{ matrix.plat }} ${{ matrix.name }}' + runs-on: windows-latest + timeout-minutes: 55 + defaults: + run: + shell: bash + env: + VCPKG_BINARY_SOURCES: 'clear;x-gha,readwrite' + VCPKG_DISABLE_METRICS: '1' + strategy: + matrix: + include: + - name: 'schannel U' + install: 'brotli zlib zstd libpsl nghttp2 libssh2[core,zlib] pkgconf gsasl' + arch: 'x64' + plat: 'windows' + type: 'Debug' + tflags: '~1516 ~2301 ~2302 ~2303 ~2307' + config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=ON -DCURL_USE_SCHANNEL=ON -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DUSE_NGHTTP2=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DUSE_WIN32_IDN=ON -DCURL_USE_GSASL=ON' + - name: 'openssl' + install: 'brotli zlib zstd libpsl nghttp2 nghttp3 openssl libssh2 pkgconf gsasl' + arch: 'x64' + plat: 'windows' + type: 'Debug' + tflags: '~1516 ~2301 ~2302 ~2303 ~2307' + config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DUSE_NGHTTP2=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON -DUSE_OPENSSL_QUIC=ON -DCURL_USE_GSASL=ON' + - name: 'openssl' + install: 'brotli zlib zstd nghttp2 nghttp3 openssl libssh2' + arch: 'x64' + plat: 'uwp' + type: 'Debug' + tflags: 'skipall' + config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DUSE_NGHTTP2=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON -DUSE_OPENSSL_QUIC=ON' + - name: 'libressl' + install: 'brotli zlib zstd libpsl nghttp2 libressl libssh2[core,zlib]' + arch: 'x64' + plat: 'windows' + type: 'Debug' + tflags: '~1516 ~2301 ~2302 ~2303 ~2307' + config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DUSE_NGHTTP2=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON' + - name: 'boringssl-ECH' + install: 'brotli zlib zstd libpsl nghttp2 boringssl libssh2[core,zlib]' + arch: 'x64' + plat: 'windows' + type: 'Debug' + tflags: '~1516 ~2301 ~2302 ~2303 ~2307' + config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DUSE_NGHTTP2=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON -DUSE_HTTPSRR=ON -DUSE_ECH=ON' + - name: '!ssl' + install: 'brotli zlib zstd libpsl pkgconf libidn2 libssh' + arch: 'x64' + plat: 'windows' + type: 'Debug' + tflags: '~1516 ~2301 ~2302 ~2303 ~2307' + # WARNING: libssh uses hard-coded world-writable paths (/etc/..., ~/.ssh/) to + # read its configuration from, making it vulnerable to attacks on + # Windows. Do not use this component till there is a fix for these. + # https://github.com/curl/curl-for-win/blob/3951808deb04df9489ee17430f236ed54436f81a/libssh.sh#L6-L8 + config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DHTTP_ONLY=ON -DUSE_LIBIDN2=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON' + - name: 'wolfssl' + install: 'brotli zlib zstd libpsl nghttp2 wolfssl libssh2 pkgconf gsasl' + arch: 'x64' + plat: 'windows' + type: 'Debug' + tflags: '~1516' + config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DUSE_NGHTTP2=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_WOLFSSL=ON -DCURL_USE_GSASL=ON' + fail-fast: false + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - name: 'vcpkg cache setup' + uses: actions/github-script@v7 + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); + + - name: 'vcpkg versions' + timeout-minutes: 1 + run: | + git -C "$VCPKG_INSTALLATION_ROOT" show --no-patch --format='%H %ai' + vcpkg version + + - name: 'vcpkg build' + timeout-minutes: 35 + run: vcpkg x-set-installed ${{ matrix.install }} '--triplet=${{ matrix.arch }}-${{ matrix.plat }}' + + - name: 'cmake configure' + timeout-minutes: 5 + run: | + if [[ '${{ matrix.install }}' = *'libressl'* ]]; then + # without this, CMake gets confused about the non-vcpkg OpenSSL + # installed on the runner and fails when linking. + options+=" -DOPENSSL_ROOT_DIR=$VCPKG_INSTALLATION_ROOT/installed/${{ matrix.arch }}-${{ matrix.plat }}" + fi + cmake -B bld ${options} \ + "-DCMAKE_TOOLCHAIN_FILE=$VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake" \ + "-DVCPKG_INSTALLED_DIR=$VCPKG_INSTALLATION_ROOT/installed" \ + '-DVCPKG_TARGET_TRIPLET=${{ matrix.arch }}-${{ matrix.plat }}' \ + -DCMAKE_VS_GLOBALS=TrackFileAccess=false \ + '-DCMAKE_BUILD_TYPE=${{ matrix.type }}' \ + -DCMAKE_UNITY_BUILD=ON \ + -DCURL_WERROR=ON \ + -DBUILD_EXAMPLES=ON \ + -DENABLE_WEBSOCKETS=ON \ + -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG= \ + -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE= \ + ${{ matrix.config }} + + - name: 'cmake configure log' + if: ${{ !cancelled() }} + run: cat bld/CMakeFiles/CMake*.yaml 2>/dev/null || true + + - name: 'curl_config.h' + run: cat bld/lib/curl_config.h | grep -F '#define' | sort || true + + - name: 'curl_config.h (full)' + run: cat bld/lib/curl_config.h || true + + - name: 'cmake build' + timeout-minutes: 5 + run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 + + - name: 'curl version' + timeout-minutes: 5 + run: | + find . -name '*.exe' -o -name '*.dll' | grep -v '/examples/' + if [ '${{ matrix.plat }}' != 'uwp' ]; then + PATH="$PWD/bld/lib:$VCPKG_INSTALLATION_ROOT/installed/${{ matrix.arch }}-${{ matrix.plat }}/bin:$PATH" + bld/src/curl.exe --disable --version + fi + + - name: 'cmake build tests' + if: ${{ matrix.tflags != 'skipall' }} + timeout-minutes: 10 + run: cmake --build bld --config '${{ matrix.type }}' --parallel 5 --target testdeps + + - name: 'cmake run tests' + if: ${{ matrix.tflags != 'skipall' && matrix.tflags != 'skiprun' }} + timeout-minutes: 30 + run: | + export TFLAGS='-j14 !TFTP !MQTT !WebSockets !SMTP ~FTP ${{ matrix.tflags }}' + if [[ '${{ matrix.config }}' = *'-DUSE_WIN32_IDN=ON'* ]]; then + TFLAGS+=' ~165' + if [[ '${{ matrix.config }}' != *'-DENABLE_UNICODE=ON'* ]]; then + TFLAGS+=' ~1448 ~2046 ~2047' + fi + elif [[ '${{ matrix.config }}' = *'-DUSE_LIBIDN2=ON'* ]]; then + TFLAGS+=' ~165 ~1448 ~2046 ~2047' + fi + PATH="$PWD/bld/lib:$VCPKG_INSTALLATION_ROOT/installed/${{ matrix.arch }}-${{ matrix.plat }}/bin:$PATH" + cmake --build bld --config '${{ matrix.type }}' --target test-ci diff --git a/libs/curl/.github/workflows/wolfssl.yml b/libs/curl/.github/workflows/wolfssl.yml index 35372690..c4156497 100644 --- a/libs/curl/.github/workflows/wolfssl.yml +++ b/libs/curl/.github/workflows/wolfssl.yml @@ -1,15 +1,49 @@ -name: Linux +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +name: Linux wolfSSL on: - # Trigger the workflow on push or pull requests, but only for the - # master branch push: branches: - - master - - '*/ci' + - master + - '*/ci' + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' pull_request: branches: - - master + - master + paths-ignore: + - '**/*.md' + - '**/CMakeLists.txt' + - '.azure-pipelines.yml' + - '.circleci/**' + - 'appveyor.*' + - 'CMake/**' + - 'packages/**' + - 'plan9/**' + - 'projects/**' + - 'winbuild/**' + +concurrency: + # Hardcoded workflow filename as workflow name above is just Linux again + group: wolfssl-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +permissions: {} + +env: + MAKEFLAGS: -j 5 jobs: autotools: @@ -20,30 +54,51 @@ jobs: fail-fast: false matrix: build: - - name: wolfssl - install: - configure: --with-wolfssl=$HOME/wssl --enable-debug --enable-werror + - name: wolfssl (configured with --enable-all) + install: + configure: LDFLAGS="-Wl,-rpath,$HOME/wssl/lib" --with-wolfssl=$HOME/wssl --enable-debug + wolfssl-configure: --enable-all + - name: wolfssl (configured with --enable-opensslextra) + install: valgrind + configure: LDFLAGS="-Wl,-rpath,$HOME/wssl/lib" --with-wolfssl=$HOME/wssl --enable-debug + wolfssl-configure: --enable-opensslextra steps: - - run: sudo apt-get install libtool autoconf automake pkg-config - name: install prereqs + - run: | + sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list + sudo apt-get update + sudo apt-get install libtool autoconf automake pkg-config stunnel4 libpsl-dev ${{ matrix.build.install }} + sudo python3 -m pip install impacket + name: 'install prereqs and impacket' + + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + + - run: | + source .github/scripts/VERSIONS + curl -LOsSf --retry 6 --retry-connrefused --max-time 999 https://github.com/wolfSSL/wolfssl/archive/v$WOLFSSL_VER-stable.tar.gz + tar -xzf v$WOLFSSL_VER-stable.tar.gz + cd wolfssl-$WOLFSSL_VER-stable + ./autogen.sh + ./configure --disable-dependency-tracking --enable-tls13 ${{ matrix.build.wolfssl-configure }} --enable-harden --prefix=$HOME/wssl + make install + name: 'install wolfssl' + + - run: autoreconf -fi + name: 'autoreconf' - - run: | - curl -LO https://github.com/wolfSSL/wolfssl/archive/v5.0.0-stable.tar.gz - tar -xzf v5.0.0-stable.tar.gz - cd wolfssl-5.0.0-stable - ./autogen.sh - ./configure --enable-tls13 --enable-all --enable-harden --prefix=$HOME/wssl - make && make install + - run: ./configure --disable-dependency-tracking --enable-warnings --enable-werror ${{ matrix.build.configure }} + name: 'configure' - name: 'install wolfssl' + - run: make V=1 + name: 'make' - - uses: actions/checkout@v2 + - run: make V=1 examples + name: 'make examples' - - run: ./buildconf && LDFLAGS="-Wl,-rpath,$HOME/wssl/lib" ./configure --enable-warnings --enable-werror ${{ matrix.build.configure }} && make V=1 - name: 'configure and build' + - run: make V=1 -C tests + name: 'make tests' - - run: make V=1 test-ci - name: 'test' - env: - TFLAGS: "${{ matrix.build.tflags }}" + - run: make V=1 test-ci + name: 'run tests' + env: + TFLAGS: "${{ matrix.build.tflags }}" diff --git a/libs/curl/.gitignore b/libs/curl/.gitignore index e3574714..6d1e69ed 100644 --- a/libs/curl/.gitignore +++ b/libs/curl/.gitignore @@ -1,3 +1,7 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + *.asc *.dll *.exe @@ -18,6 +22,7 @@ .project .settings /.vs +/bld/ /build/ /builds/ /stats/ @@ -58,3 +63,6 @@ scripts/curl.fish curl_fuzzer curl_fuzzer_seed_corpus.zip libstandaloneengine.a +tests/string +tests/config +tests/ech-log/ diff --git a/libs/curl/.lgtm.yml b/libs/curl/.lgtm.yml deleted file mode 100644 index 932e9c0b..00000000 --- a/libs/curl/.lgtm.yml +++ /dev/null @@ -1,31 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -extraction: - cpp: - prepare: - packages: # to avoid confusion with libopenafs-dev which also provides a des.h - - libssl-dev - after_prepare: # make sure lgtm.com doesn't use CMake (which generates and runs tests) - - rm -f CMakeLists.txt - - ./buildconf - configure: # enable as many optional features as possible - command: ./configure --enable-ares --with-libssh2 --with-gssapi --with-librtmp --with-openssl diff --git a/libs/curl/.lift/config.toml b/libs/curl/.lift/config.toml deleted file mode 100644 index f5436795..00000000 --- a/libs/curl/.lift/config.toml +++ /dev/null @@ -1,3 +0,0 @@ -ignoreRules = [ "DEAD_STORE" ] -build = "make" -setup = ".lift/setup.sh" diff --git a/libs/curl/.lift/setup.sh b/libs/curl/.lift/setup.sh deleted file mode 100755 index a9bc873b..00000000 --- a/libs/curl/.lift/setup.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/env bash -./buildconf -./configure --with-openssl -echo "Ran the setup script for Lift including autoconf and executing ./configure --with-openssl" diff --git a/libs/curl/.mailmap b/libs/curl/.mailmap index 430fce05..f8792514 100644 --- a/libs/curl/.mailmap +++ b/libs/curl/.mailmap @@ -1,6 +1,6 @@ Guenter Knauf -Gisle Vanem -Gisle Vanem +Gisle Vanem +Gisle Vanem Alessandro Ghedini Alessandro Ghedini Björn Stenberg @@ -48,7 +48,8 @@ Max Savenkov Daniel Jelinski <30433125+djelinski@users.noreply.github.com> Amit Katyal Giorgos Oikonomou -Evgeny Grin +Evgeny Grin (Karlson2k) +Evgeny Grin (Karlson2k) Peter Pih Anton Malov Marquis de Muesli @@ -83,3 +84,28 @@ Max Dymond Abhinav Singh Malik Idrees Hasan Khan <77000356+MalikIdreesHasanKhan@users.noreply.github.com> Yongkang Huang +Xiaoke Wang +Philip H <47042125+pheiduck@users.noreply.github.com> +neutric on github <5984479+neutric@users.noreply.github.com> +Jan-Piet Mens +Henrik Holst +Christian Schmitz +Max Mehl +rzrymiak on github <106121613+rzrymiak@users.noreply.github.com> +Oliver Roberts +opensignature on github +Cering on github +a1346054 on github <36859588+a1346054@users.noreply.github.com> +zhanghu on xiaomi +Philip Heiduck <47042125+pheiduck@users.noreply.github.com> +bsergean on github +Stefan Eissing +Michael Musset +Andy Alt +Thomas1664 on github <46387399+Thomas1664@users.noreply.github.com> +dengjfzh on github +Brad Harder +Derzsi Dániel +Michael Osipov <1983-01-06@gmx.net> +Michael Osipov +Christian Weisgerber diff --git a/libs/curl/CMake/CMakeConfigurableFile.in b/libs/curl/CMake/CMakeConfigurableFile.in index 8ccd016a..a3d2bc4a 100644 --- a/libs/curl/CMake/CMakeConfigurableFile.in +++ b/libs/curl/CMake/CMakeConfigurableFile.in @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,5 +18,7 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### @CMAKE_CONFIGURABLE_FILE_CONTENT@ diff --git a/libs/curl/CMake/CurlSymbolHiding.cmake b/libs/curl/CMake/CurlSymbolHiding.cmake index e99ea6f6..07f4fc0b 100644 --- a/libs/curl/CMake/CurlSymbolHiding.cmake +++ b/libs/curl/CMake/CurlSymbolHiding.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,12 +18,21 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### include(CheckCSourceCompiles) option(CURL_HIDDEN_SYMBOLS "Set to ON to hide libcurl internal symbols (=hide all symbols that aren't officially external)." ON) mark_as_advanced(CURL_HIDDEN_SYMBOLS) +if(WIN32 AND (ENABLE_DEBUG OR ENABLE_CURLDEBUG)) + # We need to export internal debug functions, + # e.g. curl_easy_perform_ev() or curl_dbg_*(), + # so disable symbol hiding for debug builds and for memory tracking. + set(CURL_HIDDEN_SYMBOLS OFF) +endif() + if(CURL_HIDDEN_SYMBOLS) set(SUPPORTS_SYMBOL_HIDING FALSE) diff --git a/libs/curl/CMake/CurlTests.c b/libs/curl/CMake/CurlTests.c index 8666da0d..f04abd79 100644 --- a/libs/curl/CMake/CurlTests.c +++ b/libs/curl/CMake/CurlTests.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. + * Copyright (C) Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -18,27 +18,11 @@ * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY * KIND, either express or implied. * + * SPDX-License-Identifier: curl + * ***************************************************************************/ -#ifdef TIME_WITH_SYS_TIME -/* Time with sys/time test */ - -#include -#include -#include - -int -main () -{ -if ((struct tm *) 0) -return 0; - ; - return 0; -} - -#endif #ifdef HAVE_FCNTL_O_NONBLOCK - /* headers for FCNTL_O_NONBLOCK test */ #include #include @@ -56,18 +40,17 @@ return 0; # define PLATFORM_AIX_V3 #endif /* */ -#if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) || defined(__BEOS__) +#if defined(PLATFORM_SUNOS4) || defined(PLATFORM_AIX_V3) #error "O_NONBLOCK does not work on this platform" #endif -int -main () +int main(void) { - /* O_NONBLOCK source test */ - int flags = 0; - if(0 != fcntl(0, F_SETFL, flags | O_NONBLOCK)) - return 1; - return 0; + /* O_NONBLOCK source test */ + int flags = 0; + if(0 != fcntl(0, F_SETFL, flags | O_NONBLOCK)) + return 1; + return 0; } #endif @@ -123,36 +106,16 @@ int main(void) } #endif -#ifdef HAVE_SOCKLEN_T -#ifdef _WIN32 -#include -#else -#include -#include -#endif -int -main () -{ -if ((socklen_t *) 0) - return 0; -if (sizeof (socklen_t)) - return 0; - ; - return 0; -} -#endif #ifdef HAVE_IN_ADDR_T #include #include #include - -int -main () +int main(void) { -if ((in_addr_t *) 0) - return 0; -if (sizeof (in_addr_t)) - return 0; + if((in_addr_t *) 0) + return 0; + if(sizeof(in_addr_t)) + return 0; ; return 0; } @@ -165,11 +128,10 @@ if (sizeof (in_addr_t)) #ifdef HAVE_STDBOOL_H #include #endif -int -main () +int main(void) { -if (sizeof (bool *) ) - return 0; + if(sizeof(bool *)) + return 0; ; return 0; } @@ -180,30 +142,9 @@ if (sizeof (bool *) ) #include #include #include -int main() { return 0; } +int main(void) { return 0; } #endif -#ifdef HAVE_GETADDRINFO -#include -#include -#include -int main(void) { - struct addrinfo hints, *ai; - int error; - - memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_UNSPEC; - hints.ai_socktype = SOCK_STREAM; -#ifndef getaddrinfo - (void)getaddrinfo; -#endif - error = getaddrinfo("127.0.0.1", "8080", &hints, &ai); - if (error) { - return 1; - } - return 0; -} -#endif #ifdef HAVE_FILE_OFFSET_BITS #ifdef _FILE_OFFSET_BITS #undef _FILE_OFFSET_BITS @@ -218,104 +159,83 @@ int main(void) { int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; -int main () { ; return 0; } +int main(void) { ; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif - -int -main () +int main(void) { - -/* ioctlsocket source code */ - int socket; - unsigned long flags = ioctlsocket(socket, FIONBIO, &flags); - + /* ioctlsocket source code */ + int socket; + unsigned long flags = ioctlsocket(socket, FIONBIO, &flags); ; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET_CAMEL /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif - -int -main () +int main(void) { - -/* IoctlSocket source code */ - if(0 != IoctlSocket(0, 0, 0)) - return 1; + /* IoctlSocket source code */ + if(0 != IoctlSocket(0, 0, 0)) + return 1; ; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET_CAMEL_FIONBIO /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif - -int -main () +int main(void) { - -/* IoctlSocket source code */ - long flags = 0; - if(0 != IoctlSocket(0, FIONBIO, &flags)) - return 1; + /* IoctlSocket source code */ + long flags = 0; + if(0 != IoctlSocket(0, FIONBIO, &flags)) + return 1; ; return 0; } #endif + #ifdef HAVE_IOCTLSOCKET_FIONBIO /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif - -int -main () +int main(void) { - - int flags = 0; - if(0 != ioctlsocket(0, FIONBIO, &flags)) - return 1; - + unsigned long flags = 0; + if(0 != ioctlsocket(0, FIONBIO, &flags)) + return 1; ; return 0; } #endif + #ifdef HAVE_IOCTL_FIONBIO /* headers for FIONBIO test */ /* includes start */ @@ -334,19 +254,16 @@ main () #ifdef HAVE_STROPTS_H # include #endif - -int -main () +int main(void) { - - int flags = 0; - if(0 != ioctl(0, FIONBIO, &flags)) - return 1; - + int flags = 0; + if(0 != ioctl(0, FIONBIO, &flags)) + return 1; ; return 0; } #endif + #ifdef HAVE_IOCTL_SIOCGIFADDR /* headers for FIONBIO test */ /* includes start */ @@ -366,28 +283,23 @@ main () # include #endif #include - -int -main () +int main(void) { - struct ifreq ifr; - if(0 != ioctl(0, SIOCGIFADDR, &ifr)) - return 1; - + struct ifreq ifr; + if(0 != ioctl(0, SIOCGIFADDR, &ifr)) + return 1; ; return 0; } #endif + #ifdef HAVE_SETSOCKOPT_SO_NONBLOCK /* includes start */ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 # ifndef WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN # endif -# include -# ifdef HAVE_WINSOCK2_H -# include -# endif +# include #endif /* includes start */ #ifdef HAVE_SYS_TYPES_H @@ -397,30 +309,30 @@ main () # include #endif /* includes end */ - -int -main () +int main(void) { - if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0)) - return 1; + if(0 != setsockopt(0, SOL_SOCKET, SO_NONBLOCK, 0, 0)) + return 1; ; return 0; } #endif + #ifdef HAVE_GLIBC_STRERROR_R #include #include void check(char c) {} -int -main () { +int main(void) +{ char buffer[1024]; /* This will not compile if strerror_r does not return a char* */ check(strerror_r(EACCES, buffer, sizeof(buffer))[0]); return 0; } #endif + #ifdef HAVE_POSIX_STRERROR_R #include #include @@ -428,89 +340,91 @@ main () { /* float, because a pointer can't be implicitly cast to float */ void check(float f) {} -int -main () { +int main(void) +{ char buffer[1024]; /* This will not compile if strerror_r does not return an int */ check(strerror_r(EACCES, buffer, sizeof(buffer))); return 0; } #endif + #ifdef HAVE_FSETXATTR_6 #include /* header from libc, not from libattr */ -int -main() { +int main(void) +{ fsetxattr(0, 0, 0, 0, 0, 0); return 0; } #endif + #ifdef HAVE_FSETXATTR_5 #include /* header from libc, not from libattr */ -int -main() { +int main(void) +{ fsetxattr(0, 0, 0, 0, 0); return 0; } #endif + #ifdef HAVE_CLOCK_GETTIME_MONOTONIC #include -int -main() { +int main(void) +{ struct timespec ts = {0, 0}; clock_gettime(CLOCK_MONOTONIC, &ts); return 0; } #endif + #ifdef HAVE_BUILTIN_AVAILABLE -int -main() { - if(__builtin_available(macOS 10.12, *)) {} +int main(void) +{ + if(__builtin_available(macOS 10.12, iOS 5.0, *)) {} return 0; } #endif -#ifdef HAVE_VARIADIC_MACROS_C99 -#define c99_vmacro3(first, ...) fun3(first, __VA_ARGS__) -#define c99_vmacro2(first, ...) fun2(first, __VA_ARGS__) -int fun3(int arg1, int arg2, int arg3); -int fun2(int arg1, int arg2); - -int fun3(int arg1, int arg2, int arg3) { - return arg1 + arg2 + arg3; -} -int fun2(int arg1, int arg2) { - return arg1 + arg2; -} +#ifdef HAVE_ATOMIC +/* includes start */ +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif +#ifdef HAVE_STDATOMIC_H +# include +#endif +/* includes end */ -int -main() { - int res3 = c99_vmacro3(1, 2, 3); - int res2 = c99_vmacro2(1, 2); - (void)res3; - (void)res2; - return 0; +int main(void) +{ + _Atomic int i = 1; + i = 0; /* Force an atomic-write operation. */ + return i; } #endif -#ifdef HAVE_VARIADIC_MACROS_GCC -#define gcc_vmacro3(first, args...) fun3(first, args) -#define gcc_vmacro2(first, args...) fun2(first, args) -int fun3(int arg1, int arg2, int arg3); -int fun2(int arg1, int arg2); +#ifdef HAVE_WIN32_WINNT +/* includes start */ +#ifdef _WIN32 +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif +# ifndef NOGDI +# define NOGDI +# endif +# include +#endif +/* includes end */ -int fun3(int arg1, int arg2, int arg3) { - return arg1 + arg2 + arg3; -} -int fun2(int arg1, int arg2) { - return arg1 + arg2; -} +#define enquote(x) #x +#define expand(x) enquote(x) +#pragma message("_WIN32_WINNT=" expand(_WIN32_WINNT)) -int -main() { - int res3 = gcc_vmacro3(1, 2, 3); - int res2 = gcc_vmacro2(1, 2); - (void)res3; - (void)res2; +int main(void) +{ return 0; } #endif diff --git a/libs/curl/CMake/FindBearSSL.cmake b/libs/curl/CMake/FindBearSSL.cmake index 9455f4ba..653ca9dd 100644 --- a/libs/curl/CMake/FindBearSSL.cmake +++ b/libs/curl/CMake/FindBearSSL.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### find_path(BEARSSL_INCLUDE_DIRS bearssl.h) @@ -25,6 +27,6 @@ find_library(BEARSSL_LIBRARY bearssl) include(FindPackageHandleStandardArgs) find_package_handle_standard_args(BEARSSL DEFAULT_MSG - BEARSSL_INCLUDE_DIRS BEARSSL_LIBRARY) + BEARSSL_INCLUDE_DIRS BEARSSL_LIBRARY) mark_as_advanced(BEARSSL_INCLUDE_DIRS BEARSSL_LIBRARY) diff --git a/libs/curl/CMake/FindBrotli.cmake b/libs/curl/CMake/FindBrotli.cmake index 0ed08550..7f316aaa 100644 --- a/libs/curl/CMake/FindBrotli.cmake +++ b/libs/curl/CMake/FindBrotli.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### include(FindPackageHandleStandardArgs) @@ -26,16 +28,16 @@ find_path(BROTLI_INCLUDE_DIR "brotli/decode.h") find_library(BROTLICOMMON_LIBRARY NAMES brotlicommon) find_library(BROTLIDEC_LIBRARY NAMES brotlidec) -find_package_handle_standard_args(BROTLI - FOUND_VAR - BROTLI_FOUND - REQUIRED_VARS - BROTLIDEC_LIBRARY - BROTLICOMMON_LIBRARY - BROTLI_INCLUDE_DIR - FAIL_MESSAGE - "Could NOT find BROTLI" +find_package_handle_standard_args(Brotli + FOUND_VAR + BROTLI_FOUND + REQUIRED_VARS + BROTLIDEC_LIBRARY + BROTLICOMMON_LIBRARY + BROTLI_INCLUDE_DIR + FAIL_MESSAGE + "Could NOT find Brotli" ) set(BROTLI_INCLUDE_DIRS ${BROTLI_INCLUDE_DIR}) -set(BROTLI_LIBRARIES ${BROTLICOMMON_LIBRARY} ${BROTLIDEC_LIBRARY}) +set(BROTLI_LIBRARIES ${BROTLIDEC_LIBRARY} ${BROTLICOMMON_LIBRARY}) diff --git a/libs/curl/CMake/FindCARES.cmake b/libs/curl/CMake/FindCARES.cmake index 71806823..e82b1de4 100644 --- a/libs/curl/CMake/FindCARES.cmake +++ b/libs/curl/CMake/FindCARES.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### # - Find c-ares # Find the c-ares includes and library @@ -37,7 +39,7 @@ find_library(CARES_LIBRARY include(FindPackageHandleStandardArgs) find_package_handle_standard_args(CARES - REQUIRED_VARS CARES_LIBRARY CARES_INCLUDE_DIR) + REQUIRED_VARS CARES_LIBRARY CARES_INCLUDE_DIR) mark_as_advanced( CARES_LIBRARY diff --git a/libs/curl/CMake/FindGSS.cmake b/libs/curl/CMake/FindGSS.cmake index 4e4747d6..9061e6c8 100644 --- a/libs/curl/CMake/FindGSS.cmake +++ b/libs/curl/CMake/FindGSS.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### # - Try to find the GSS Kerberos library # Once done this will define @@ -43,8 +45,8 @@ include(CheckIncludeFiles) include(CheckTypeSize) set(_GSS_ROOT_HINTS - "${GSS_ROOT_DIR}" - "$ENV{GSS_ROOT_DIR}" + "${GSS_ROOT_DIR}" + "$ENV{GSS_ROOT_DIR}" ) # try to find library using system pkg-config if user didn't specify root dir @@ -60,30 +62,30 @@ endif() if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approach. find_file(_GSS_CONFIGURE_SCRIPT - NAMES - "krb5-config" - HINTS - ${_GSS_ROOT_HINTS} - PATH_SUFFIXES - bin - NO_CMAKE_PATH - NO_CMAKE_ENVIRONMENT_PATH + NAMES + "krb5-config" + HINTS + ${_GSS_ROOT_HINTS} + PATH_SUFFIXES + bin + NO_CMAKE_PATH + NO_CMAKE_ENVIRONMENT_PATH ) # if not found in user-supplied directories, maybe system knows better find_file(_GSS_CONFIGURE_SCRIPT - NAMES - "krb5-config" - PATH_SUFFIXES - bin + NAMES + "krb5-config" + PATH_SUFFIXES + bin ) if(_GSS_CONFIGURE_SCRIPT) execute_process( - COMMAND ${_GSS_CONFIGURE_SCRIPT} "--cflags" "gssapi" - OUTPUT_VARIABLE _GSS_CFLAGS - RESULT_VARIABLE _GSS_CONFIGURE_FAILED - OUTPUT_STRIP_TRAILING_WHITESPACE + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--cflags" "gssapi" + OUTPUT_VARIABLE _GSS_CFLAGS + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + OUTPUT_STRIP_TRAILING_WHITESPACE ) message(STATUS "CFLAGS: ${_GSS_CFLAGS}") if(NOT _GSS_CONFIGURE_FAILED) # 0 means success @@ -103,10 +105,10 @@ if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approac endif() execute_process( - COMMAND ${_GSS_CONFIGURE_SCRIPT} "--libs" "gssapi" - OUTPUT_VARIABLE _GSS_LIB_FLAGS - RESULT_VARIABLE _GSS_CONFIGURE_FAILED - OUTPUT_STRIP_TRAILING_WHITESPACE + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--libs" "gssapi" + OUTPUT_VARIABLE _GSS_LIB_FLAGS + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + OUTPUT_STRIP_TRAILING_WHITESPACE ) message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}") @@ -130,10 +132,10 @@ if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approac endif() execute_process( - COMMAND ${_GSS_CONFIGURE_SCRIPT} "--version" - OUTPUT_VARIABLE _GSS_VERSION - RESULT_VARIABLE _GSS_CONFIGURE_FAILED - OUTPUT_STRIP_TRAILING_WHITESPACE + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--version" + OUTPUT_VARIABLE _GSS_VERSION + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + OUTPUT_STRIP_TRAILING_WHITESPACE ) # older versions may not have the "--version" parameter. In this case we just don't care. @@ -142,10 +144,10 @@ if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approac endif() execute_process( - COMMAND ${_GSS_CONFIGURE_SCRIPT} "--vendor" - OUTPUT_VARIABLE _GSS_VENDOR - RESULT_VARIABLE _GSS_CONFIGURE_FAILED - OUTPUT_STRIP_TRAILING_WHITESPACE + COMMAND ${_GSS_CONFIGURE_SCRIPT} "--vendor" + OUTPUT_VARIABLE _GSS_VENDOR + RESULT_VARIABLE _GSS_CONFIGURE_FAILED + OUTPUT_STRIP_TRAILING_WHITESPACE ) # older versions may not have the "--vendor" parameter. In this case we just don't care. @@ -162,13 +164,13 @@ if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approac else() # either there is no config script or we are on a platform that doesn't provide one (Windows?) find_path(_GSS_INCLUDE_DIR - NAMES - "gssapi/gssapi.h" - HINTS - ${_GSS_ROOT_HINTS} - PATH_SUFFIXES - include - inc + NAMES + "gssapi/gssapi.h" + HINTS + ${_GSS_ROOT_HINTS} + PATH_SUFFIXES + include + inc ) if(_GSS_INCLUDE_DIR) #jay, we've found something @@ -179,25 +181,25 @@ if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approac set(GSS_FLAVOUR "MIT") else() # prevent compiling the header - just check if we can include it - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D__ROKEN_H__") + list(APPEND CMAKE_REQUIRED_DEFINITIONS -D__ROKEN_H__) check_include_file( "roken.h" _GSS_HAVE_ROKEN_H) check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H) if(_GSS_HAVE_ROKEN_H OR _GSS_HAVE_HEIMDAL_ROKEN_H) set(GSS_FLAVOUR "Heimdal") endif() - set(CMAKE_REQUIRED_DEFINITIONS "") + list(REMOVE_ITEM CMAKE_REQUIRED_DEFINITIONS -D__ROKEN_H__) endif() else() # I'm not convinced if this is the right way but this is what autotools do at the moment find_path(_GSS_INCLUDE_DIR - NAMES - "gssapi.h" - HINTS - ${_GSS_ROOT_HINTS} - PATH_SUFFIXES - include - inc + NAMES + "gssapi.h" + HINTS + ${_GSS_ROOT_HINTS} + PATH_SUFFIXES + include + inc ) if(_GSS_INCLUDE_DIR) @@ -238,12 +240,12 @@ if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approac endif() find_library(_GSS_LIBRARIES - NAMES - ${_GSS_LIBNAME} - HINTS - ${_GSS_LIBDIR_HINTS} - PATH_SUFFIXES - ${_GSS_LIBDIR_SUFFIXES} + NAMES + ${_GSS_LIBNAME} + HINTS + ${_GSS_LIBDIR_HINTS} + PATH_SUFFIXES + ${_GSS_LIBDIR_SUFFIXES} ) endif() @@ -299,12 +301,12 @@ include(FindPackageHandleStandardArgs) set(_GSS_REQUIRED_VARS GSS_LIBRARIES GSS_FLAVOUR) find_package_handle_standard_args(GSS - REQUIRED_VARS - ${_GSS_REQUIRED_VARS} - VERSION_VAR - GSS_VERSION - FAIL_MESSAGE - "Could NOT find GSS, try to set the path to GSS root folder in the system variable GSS_ROOT_DIR" + REQUIRED_VARS + ${_GSS_REQUIRED_VARS} + VERSION_VAR + GSS_VERSION + FAIL_MESSAGE + "Could NOT find GSS, try to set the path to GSS root folder in the system variable GSS_ROOT_DIR" ) mark_as_advanced(GSS_INCLUDE_DIR GSS_LIBRARIES) diff --git a/libs/curl/CMake/FindLibPSL.cmake b/libs/curl/CMake/FindLibPSL.cmake new file mode 100644 index 00000000..9ad4bc63 --- /dev/null +++ b/libs/curl/CMake/FindLibPSL.cmake @@ -0,0 +1,45 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# - Try to find the libpsl library +# Once done this will define +# +# LIBPSL_FOUND - system has the libpsl library +# LIBPSL_INCLUDE_DIR - the libpsl include directory +# LIBPSL_LIBRARY - the libpsl library name + +find_path(LIBPSL_INCLUDE_DIR libpsl.h) + +find_library(LIBPSL_LIBRARY NAMES psl libpsl) + +if(LIBPSL_INCLUDE_DIR) + file(STRINGS "${LIBPSL_INCLUDE_DIR}/libpsl.h" libpsl_version_str REGEX "^#define[\t ]+PSL_VERSION[\t ]+\"(.*)\"") + string(REGEX REPLACE "^.*\"([^\"]+)\"" "\\1" LIBPSL_VERSION "${libpsl_version_str}") +endif() + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(LibPSL + REQUIRED_VARS LIBPSL_LIBRARY LIBPSL_INCLUDE_DIR + VERSION_VAR LIBPSL_VERSION) + +mark_as_advanced(LIBPSL_INCLUDE_DIR LIBPSL_LIBRARY) diff --git a/libs/curl/CMake/FindLibSSH2.cmake b/libs/curl/CMake/FindLibSSH2.cmake index ce46a408..3466b6bf 100644 --- a/libs/curl/CMake/FindLibSSH2.cmake +++ b/libs/curl/CMake/FindLibSSH2.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### # - Try to find the libssh2 library # Once done this will define @@ -37,7 +39,7 @@ endif() include(FindPackageHandleStandardArgs) find_package_handle_standard_args(LibSSH2 - REQUIRED_VARS LIBSSH2_LIBRARY LIBSSH2_INCLUDE_DIR - VERSION_VAR LIBSSH2_VERSION) + REQUIRED_VARS LIBSSH2_LIBRARY LIBSSH2_INCLUDE_DIR + VERSION_VAR LIBSSH2_VERSION) mark_as_advanced(LIBSSH2_INCLUDE_DIR LIBSSH2_LIBRARY) diff --git a/libs/curl/CMake/FindMSH3.cmake b/libs/curl/CMake/FindMSH3.cmake new file mode 100644 index 00000000..7d9c6b65 --- /dev/null +++ b/libs/curl/CMake/FindMSH3.cmake @@ -0,0 +1,70 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +#[=======================================================================[.rst: +FindMSH3 +---------- + +Find the msh3 library + +Result Variables +^^^^^^^^^^^^^^^^ + +``MSH3_FOUND`` + System has msh3 +``MSH3_INCLUDE_DIRS`` + The msh3 include directories. +``MSH3_LIBRARIES`` + The libraries needed to use msh3 +#]=======================================================================] +if(UNIX) + find_package(PkgConfig QUIET) + pkg_search_module(PC_MSH3 libmsh3) +endif() + +find_path(MSH3_INCLUDE_DIR msh3.h + HINTS + ${PC_MSH3_INCLUDEDIR} + ${PC_MSH3_INCLUDE_DIRS} +) + +find_library(MSH3_LIBRARY NAMES msh3 + HINTS + ${PC_MSH3_LIBDIR} + ${PC_MSH3_LIBRARY_DIRS} +) + +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args(MSH3 + REQUIRED_VARS + MSH3_LIBRARY + MSH3_INCLUDE_DIR +) + +if(MSH3_FOUND) + set(MSH3_LIBRARIES ${MSH3_LIBRARY}) + set(MSH3_INCLUDE_DIRS ${MSH3_INCLUDE_DIR}) +endif() + +mark_as_advanced(MSH3_INCLUDE_DIRS MSH3_LIBRARIES) diff --git a/libs/curl/CMake/FindMbedTLS.cmake b/libs/curl/CMake/FindMbedTLS.cmake index 7bdb1976..7692a258 100644 --- a/libs/curl/CMake/FindMbedTLS.cmake +++ b/libs/curl/CMake/FindMbedTLS.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2022, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### find_path(MBEDTLS_INCLUDE_DIRS mbedtls/ssl.h) @@ -29,6 +31,6 @@ set(MBEDTLS_LIBRARIES "${MBEDTLS_LIBRARY}" "${MBEDX509_LIBRARY}" "${MBEDCRYPTO_L include(FindPackageHandleStandardArgs) find_package_handle_standard_args(MbedTLS DEFAULT_MSG - MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) + MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) mark_as_advanced(MBEDTLS_INCLUDE_DIRS MBEDTLS_LIBRARY MBEDX509_LIBRARY MBEDCRYPTO_LIBRARY) diff --git a/libs/curl/CMake/FindNGHTTP2.cmake b/libs/curl/CMake/FindNGHTTP2.cmake index 8614492b..88ac0374 100644 --- a/libs/curl/CMake/FindNGHTTP2.cmake +++ b/libs/curl/CMake/FindNGHTTP2.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,19 +18,21 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### include(FindPackageHandleStandardArgs) find_path(NGHTTP2_INCLUDE_DIR "nghttp2/nghttp2.h") -find_library(NGHTTP2_LIBRARY NAMES nghttp2) +find_library(NGHTTP2_LIBRARY NAMES nghttp2 nghttp2_static) find_package_handle_standard_args(NGHTTP2 - FOUND_VAR - NGHTTP2_FOUND - REQUIRED_VARS - NGHTTP2_LIBRARY - NGHTTP2_INCLUDE_DIR + FOUND_VAR + NGHTTP2_FOUND + REQUIRED_VARS + NGHTTP2_LIBRARY + NGHTTP2_INCLUDE_DIR ) set(NGHTTP2_INCLUDE_DIRS ${NGHTTP2_INCLUDE_DIR}) diff --git a/libs/curl/CMake/FindNGHTTP3.cmake b/libs/curl/CMake/FindNGHTTP3.cmake index 643b6009..9b13e6c6 100644 --- a/libs/curl/CMake/FindNGHTTP3.cmake +++ b/libs/curl/CMake/FindNGHTTP3.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### #[=======================================================================[.rst: diff --git a/libs/curl/CMake/FindNGTCP2.cmake b/libs/curl/CMake/FindNGTCP2.cmake index 5757009a..7ea46658 100644 --- a/libs/curl/CMake/FindNGTCP2.cmake +++ b/libs/curl/CMake/FindNGTCP2.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### #[=======================================================================[.rst: @@ -29,8 +31,10 @@ Find the ngtcp2 library This module accepts optional COMPONENTS to control the crypto library (these are mutually exclusive):: - OpenSSL: Use libngtcp2_crypto_openssl - GnuTLS: Use libngtcp2_crypto_gnutls + quictls, LibreSSL: Use libngtcp2_crypto_quictls + BoringSSL, AWS-LC: Use libngtcp2_crypto_boringssl + wolfSSL: Use libngtcp2_crypto_wolfssl + GnuTLS: Use libngtcp2_crypto_gnutls Result Variables ^^^^^^^^^^^^^^^^ @@ -69,7 +73,7 @@ endif() if(NGTCP2_FIND_COMPONENTS) set(NGTCP2_CRYPTO_BACKEND "") foreach(component IN LISTS NGTCP2_FIND_COMPONENTS) - if(component MATCHES "^(OpenSSL|GnuTLS)") + if(component MATCHES "^(BoringSSL|quictls|wolfSSL|GnuTLS)") if(NGTCP2_CRYPTO_BACKEND) message(FATAL_ERROR "NGTCP2: Only one crypto library can be selected") endif() diff --git a/libs/curl/CMake/FindNSS.cmake b/libs/curl/CMake/FindNSS.cmake deleted file mode 100644 index 899c6b07..00000000 --- a/libs/curl/CMake/FindNSS.cmake +++ /dev/null @@ -1,38 +0,0 @@ -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -if(UNIX) - find_package(PkgConfig QUIET) - pkg_search_module(PC_NSS nss) -endif() -if(NOT PC_NSS_FOUND) - return() -endif() - -set(NSS_LIBRARIES ${PC_NSS_LINK_LIBRARIES}) -set(NSS_INCLUDE_DIRS ${PC_NSS_INCLUDE_DIRS}) - -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args(NSS - REQUIRED_VARS NSS_LIBRARIES NSS_INCLUDE_DIRS - VERSION_VAR PC_NSS_VERSION) - -mark_as_advanced(NSS_INCLUDE_DIRS NSS_LIBRARIES) diff --git a/libs/curl/CMake/FindNettle.cmake b/libs/curl/CMake/FindNettle.cmake new file mode 100644 index 00000000..96d7d6f6 --- /dev/null +++ b/libs/curl/CMake/FindNettle.cmake @@ -0,0 +1,75 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +# - Try to find the nettle library +# Once done this will define +# +# NETTLE_FOUND - system has nettle +# NETTLE_INCLUDE_DIRS - nettle include directories +# NETTLE_LIBRARIES - nettle library names + +if(UNIX) + find_package(PkgConfig QUIET) + pkg_check_modules(NETTLE "nettle") +endif() + +if(NETTLE_FOUND) + set(NETTLE_LIBRARIES ${NETTLE_LINK_LIBRARIES}) +else() + find_path(NETTLE_INCLUDE_DIR NAMES "nettle/sha2.h") + find_library(NETTLE_LIBRARY NAMES "nettle") + + if(NETTLE_INCLUDE_DIR) + if(EXISTS "${NETTLE_INCLUDE_DIR}/nettle/version.h") + set(_version_regex_major "^#define[ \t]+NETTLE_VERSION_MAJOR[ \t]+([0-9]+).*") + set(_version_regex_minor "^#define[ \t]+NETTLE_VERSION_MINOR[ \t]+([0-9]+).*") + file(STRINGS "${NETTLE_INCLUDE_DIR}/nettle/version.h" + _version_major REGEX "${_version_regex_major}") + file(STRINGS "${NETTLE_INCLUDE_DIR}/nettle/version.h" + _version_minor REGEX "${_version_regex_minor}") + string(REGEX REPLACE "${_version_regex_major}" "\\1" _version_major "${_version_major}") + string(REGEX REPLACE "${_version_regex_minor}" "\\1" _version_minor "${_version_minor}") + unset(_version_regex_major) + unset(_version_regex_minor) + set(NETTLE_VERSION "${_version_major}.${_version_minor}") + unset(_version_major) + unset(_version_minor) + else() + set(NETTLE_VERSION "0.0") + endif() + endif() + + include(FindPackageHandleStandardArgs) + find_package_handle_standard_args("nettle" + REQUIRED_VARS + NETTLE_INCLUDE_DIR + NETTLE_LIBRARY + VERSION_VAR NETTLE_VERSION) + + if(NETTLE_FOUND) + set(NETTLE_INCLUDE_DIRS ${NETTLE_INCLUDE_DIR}) + set(NETTLE_LIBRARIES ${NETTLE_LIBRARY}) + endif() + + mark_as_advanced(NETTLE_INCLUDE_DIR NETTLE_LIBRARY) +endif() diff --git a/libs/curl/CMake/FindQUICHE.cmake b/libs/curl/CMake/FindQUICHE.cmake index 0247364d..0488463d 100644 --- a/libs/curl/CMake/FindQUICHE.cmake +++ b/libs/curl/CMake/FindQUICHE.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### #[=======================================================================[.rst: diff --git a/libs/curl/CMake/FindWolfSSL.cmake b/libs/curl/CMake/FindWolfSSL.cmake index 42256b3c..7336c8f4 100644 --- a/libs/curl/CMake/FindWolfSSL.cmake +++ b/libs/curl/CMake/FindWolfSSL.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,17 +18,43 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -find_path(WolfSSL_INCLUDE_DIR NAMES wolfssl/ssl.h) -find_library(WolfSSL_LIBRARY NAMES wolfssl) -mark_as_advanced(WolfSSL_INCLUDE_DIR WolfSSL_LIBRARY) + +find_package(PkgConfig QUIET) +pkg_check_modules(PC_WOLFSSL QUIET "wolfssl") + +find_path(WolfSSL_INCLUDE_DIR + NAMES "wolfssl/ssl.h" + HINTS ${PC_WOLFSSL_INCLUDE_DIRS} +) + +find_library(WolfSSL_LIBRARY + NAMES "wolfssl" + HINTS ${PC_WOLFSSL_LIBRARY_DIRS} +) + +if(WolfSSL_INCLUDE_DIR) + set(_version_regex "^#define[ \t]+LIBWOLFSSL_VERSION_STRING[ \t]+\"([^\"]+)\".*") + file(STRINGS "${WolfSSL_INCLUDE_DIR}/wolfssl/version.h" + WolfSSL_VERSION REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" + WolfSSL_VERSION "${WolfSSL_VERSION}") + unset(_version_regex) +endif() include(FindPackageHandleStandardArgs) find_package_handle_standard_args(WolfSSL - REQUIRED_VARS WolfSSL_INCLUDE_DIR WolfSSL_LIBRARY - ) + REQUIRED_VARS + WolfSSL_INCLUDE_DIR + WolfSSL_LIBRARY + VERSION_VAR WolfSSL_VERSION +) if(WolfSSL_FOUND) set(WolfSSL_INCLUDE_DIRS ${WolfSSL_INCLUDE_DIR}) - set(WolfSSL_LIBRARIES ${WolfSSL_LIBRARY}) + set(WolfSSL_LIBRARIES ${WolfSSL_LIBRARY}) endif() + +mark_as_advanced(WolfSSL_INCLUDE_DIR WolfSSL_LIBRARY) diff --git a/libs/curl/CMake/FindZstd.cmake b/libs/curl/CMake/FindZstd.cmake index eaba3974..0ea9e0c8 100644 --- a/libs/curl/CMake/FindZstd.cmake +++ b/libs/curl/CMake/FindZstd.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### #[=======================================================================[.rst: @@ -54,11 +56,18 @@ find_library(Zstd_LIBRARY NAMES zstd ${PC_Zstd_LIBRARY_DIRS} ) +if(Zstd_INCLUDE_DIR) + file(READ "${Zstd_INCLUDE_DIR}/zstd.h" _zstd_header) + string(REGEX MATCH ".*define ZSTD_VERSION_MAJOR *([0-9]+).*define ZSTD_VERSION_MINOR *([0-9]+).*define ZSTD_VERSION_RELEASE *([0-9]+)" _zstd_ver "${_zstd_header}") + set(Zstd_VERSION "${CMAKE_MATCH_1}.${CMAKE_MATCH_2}.${CMAKE_MATCH_3}") +endif() + include(FindPackageHandleStandardArgs) find_package_handle_standard_args(Zstd REQUIRED_VARS Zstd_LIBRARY Zstd_INCLUDE_DIR + VERSION_VAR Zstd_VERSION ) if(Zstd_FOUND) diff --git a/libs/curl/CMake/Macros.cmake b/libs/curl/CMake/Macros.cmake index d57dd6ad..d5439fcc 100644 --- a/libs/curl/CMake/Macros.cmake +++ b/libs/curl/CMake/Macros.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,22 +18,11 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### #File defines convenience macros for available feature testing -# This macro checks if the symbol exists in the library and if it -# does, it prepends library to the list. It is intended to be called -# multiple times with a sequence of possibly dependent libraries in -# order of least-to-most-dependent. Some libraries depend on others -# to link correctly. -macro(check_library_exists_concat LIBRARY SYMBOL VARIABLE) - check_library_exists("${LIBRARY};${CURL_LIBS}" ${SYMBOL} "${CMAKE_LIBRARY_PATH}" - ${VARIABLE}) - if(${VARIABLE}) - set(CURL_LIBS ${LIBRARY} ${CURL_LIBS}) - endif() -endmacro() - # Check if header file exists and add it to the list. # This macro is intended to be called multiple times with a sequence of # possibly dependent header files. Some headers depend on others to be @@ -56,7 +45,7 @@ macro(curl_internal_test CURL_TEST) "-DLINK_LIBRARIES:STRING=${CMAKE_REQUIRED_LIBRARIES}") endif() - message(STATUS "Performing Curl Test ${CURL_TEST}") + message(STATUS "Performing Test ${CURL_TEST}") try_compile(${CURL_TEST} ${CMAKE_BINARY_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/CMake/CurlTests.c @@ -65,49 +54,20 @@ macro(curl_internal_test CURL_TEST) OUTPUT_VARIABLE OUTPUT) if(${CURL_TEST}) set(${CURL_TEST} 1 CACHE INTERNAL "Curl test ${FUNCTION}") - message(STATUS "Performing Curl Test ${CURL_TEST} - Success") + message(STATUS "Performing Test ${CURL_TEST} - Success") file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeOutput.log - "Performing Curl Test ${CURL_TEST} passed with the following output:\n" + "Performing Test ${CURL_TEST} passed with the following output:\n" "${OUTPUT}\n") else() - message(STATUS "Performing Curl Test ${CURL_TEST} - Failed") + message(STATUS "Performing Test ${CURL_TEST} - Failed") set(${CURL_TEST} "" CACHE INTERNAL "Curl test ${FUNCTION}") file(APPEND ${CMAKE_BINARY_DIR}${CMAKE_FILES_DIRECTORY}/CMakeError.log - "Performing Curl Test ${CURL_TEST} failed with the following output:\n" + "Performing Test ${CURL_TEST} failed with the following output:\n" "${OUTPUT}\n") endif() endif() endmacro() -macro(curl_nroff_check) - find_program(NROFF NAMES gnroff nroff) - if(NROFF) - # Need a way to write to stdin, this will do - file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" "test") - # Tests for a valid nroff option to generate a manpage - foreach(_MANOPT "-man" "-mandoc") - execute_process(COMMAND "${NROFF}" ${_MANOPT} - OUTPUT_VARIABLE NROFF_MANOPT_OUTPUT - INPUT_FILE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt" - ERROR_QUIET) - # Save the option if it was valid - if(NROFF_MANOPT_OUTPUT) - message("Found *nroff option: -- ${_MANOPT}") - set(NROFF_MANOPT ${_MANOPT}) - set(NROFF_USEFUL ON) - break() - endif() - endforeach() - # No need for the temporary file - file(REMOVE "${CMAKE_CURRENT_BINARY_DIR}/nroff-input.txt") - if(NOT NROFF_USEFUL) - message(WARNING "Found no *nroff option to get plaintext from man pages") - endif() - else() - message(WARNING "Found no *nroff program") - endif() -endmacro() - macro(optional_dependency DEPENDENCY) set(CURL_${DEPENDENCY} AUTO CACHE STRING "Build curl with ${DEPENDENCY} support (AUTO, ON or OFF)") set_property(CACHE CURL_${DEPENDENCY} PROPERTY STRINGS AUTO ON OFF) diff --git a/libs/curl/CMake/OtherTests.cmake b/libs/curl/CMake/OtherTests.cmake index 73c813fe..2fddb867 100644 --- a/libs/curl/CMake/OtherTests.cmake +++ b/libs/curl/CMake/OtherTests.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,269 +18,167 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### include(CheckCSourceCompiles) -# The begin of the sources (macros and includes) -set(_source_epilogue "#undef inline") +include(CheckCSourceRuns) +include(CheckTypeSize) macro(add_header_include check header) if(${check}) - set(_source_epilogue "${_source_epilogue}\n#include <${header}>") + set(_source_epilogue "${_source_epilogue} + #include <${header}>") endif() endmacro() -set(signature_call_conv) -if(HAVE_WINDOWS_H) - add_header_include(HAVE_WINSOCK2_H "winsock2.h") - add_header_include(HAVE_WINDOWS_H "windows.h") - set(_source_epilogue - "${_source_epilogue}\n#ifndef WIN32_LEAN_AND_MEAN\n#define WIN32_LEAN_AND_MEAN\n#endif") - set(signature_call_conv "PASCAL") - if(HAVE_LIBWS2_32) - set(CMAKE_REQUIRED_LIBRARIES ws2_32) - endif() -else() - add_header_include(HAVE_SYS_TYPES_H "sys/types.h") - add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h") -endif() - set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) -function(curl_cv_func_recv_run_test recv_retv recv_arg1 recv_arg2 recv_arg3 recv_arg4) - unset(curl_cv_func_recv_test CACHE) - check_c_source_compiles(" - ${_source_epilogue} - #ifdef WINSOCK_API_LINKAGE - WINSOCK_API_LINKAGE - #endif - extern ${recv_retv} ${signature_call_conv} - recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4}); - int main(void) { - ${recv_arg1} s=0; - ${recv_arg2} buf=0; - ${recv_arg3} len=0; - ${recv_arg4} flags=0; - ${recv_retv} res = recv(s, buf, len, flags); - (void) res; - return 0; - }" - curl_cv_func_recv_test) - message(STATUS - "Tested: ${recv_retv} recv(${recv_arg1}, ${recv_arg2}, ${recv_arg3}, ${recv_arg4})") - if(curl_cv_func_recv_test) - set(curl_cv_func_recv_args - "${recv_arg1},${recv_arg2},${recv_arg3},${recv_arg4},${recv_retv}" PARENT_SCOPE) - set(RECV_TYPE_ARG1 "${recv_arg1}" PARENT_SCOPE) - set(RECV_TYPE_ARG2 "${recv_arg2}" PARENT_SCOPE) - set(RECV_TYPE_ARG3 "${recv_arg3}" PARENT_SCOPE) - set(RECV_TYPE_ARG4 "${recv_arg4}" PARENT_SCOPE) - set(RECV_TYPE_RETV "${recv_retv}" PARENT_SCOPE) - set(HAVE_RECV 1 PARENT_SCOPE) - set(curl_cv_func_recv_done 1 PARENT_SCOPE) - endif() -endfunction() - -check_c_source_compiles("${_source_epilogue} -int main(void) { - recv(0, 0, 0, 0); - return 0; -}" curl_cv_recv) -if(curl_cv_recv) - if(NOT DEFINED curl_cv_func_recv_args OR curl_cv_func_recv_args STREQUAL "unknown") - if(APPLE) - curl_cv_func_recv_run_test("ssize_t" "int" "void *" "size_t" "int") - endif() - foreach(recv_retv "int" "ssize_t" ) - foreach(recv_arg1 "SOCKET" "int" ) - foreach(recv_arg2 "char *" "void *" ) - foreach(recv_arg3 "int" "size_t" "socklen_t" "unsigned int") - foreach(recv_arg4 "int" "unsigned int") - if(NOT curl_cv_func_recv_done) - curl_cv_func_recv_run_test(${recv_retv} ${recv_arg1} ${recv_arg2} ${recv_arg3} ${recv_arg4}) - endif() - endforeach() - endforeach() - endforeach() - endforeach() - endforeach() - else() - string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG1 "${curl_cv_func_recv_args}") - string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG2 "${curl_cv_func_recv_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" RECV_TYPE_ARG3 "${curl_cv_func_recv_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" RECV_TYPE_ARG4 "${curl_cv_func_recv_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" RECV_TYPE_RETV "${curl_cv_func_recv_args}") - endif() - - if(curl_cv_func_recv_args STREQUAL "unknown") - message(FATAL_ERROR "Cannot find proper types to use for recv args") +if(NOT DEFINED HAVE_STRUCT_SOCKADDR_STORAGE) + set(CMAKE_EXTRA_INCLUDE_FILES) + if(WIN32) + set(CMAKE_EXTRA_INCLUDE_FILES "winsock2.h") + set(CMAKE_REQUIRED_DEFINITIONS "-DWIN32_LEAN_AND_MEAN") + set(CMAKE_REQUIRED_LIBRARIES "ws2_32") + elseif(HAVE_SYS_SOCKET_H) + set(CMAKE_EXTRA_INCLUDE_FILES "sys/socket.h") endif() -else() - message(FATAL_ERROR "Unable to link function recv") + check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE) + set(HAVE_STRUCT_SOCKADDR_STORAGE ${HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE}) endif() -set(curl_cv_func_recv_args "${curl_cv_func_recv_args}" CACHE INTERNAL "Arguments for recv") -set(HAVE_RECV 1) -function(curl_cv_func_send_run_test send_retv send_arg1 send_arg2 send_arg3 send_arg4) - unset(curl_cv_func_send_test CACHE) - check_c_source_compiles(" - ${_source_epilogue} - #ifdef WINSOCK_API_LINKAGE - WINSOCK_API_LINKAGE - #endif - extern ${send_retv} ${signature_call_conv} - send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4}); - int main(void) { - ${send_arg1} s=0; - ${send_arg2} buf=0; - ${send_arg3} len=0; - ${send_arg4} flags=0; - ${send_retv} res = send(s, buf, len, flags); - (void) res; +if(NOT WIN32) + set(_source_epilogue "#undef inline") + add_header_include(HAVE_SYS_TYPES_H "sys/types.h") + add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h") + check_c_source_compiles("${_source_epilogue} + int main(void) + { + int flag = MSG_NOSIGNAL; + (void)flag; return 0; - }" - curl_cv_func_send_test) - message(STATUS - "Tested: ${send_retv} send(${send_arg1}, ${send_arg2}, ${send_arg3}, ${send_arg4})") - if(curl_cv_func_send_test) - string(REGEX REPLACE "(const) .*" "\\1" send_qual_arg2 "${send_arg2}") - string(REGEX REPLACE "const (.*)" "\\1" send_arg2 "${send_arg2}") - set(curl_cv_func_send_args - "${send_arg1},${send_arg2},${send_arg3},${send_arg4},${send_retv},${send_qual_arg2}" PARENT_SCOPE) - set(SEND_TYPE_ARG1 "${send_arg1}" PARENT_SCOPE) - set(SEND_TYPE_ARG2 "${send_arg2}" PARENT_SCOPE) - set(SEND_TYPE_ARG3 "${send_arg3}" PARENT_SCOPE) - set(SEND_TYPE_ARG4 "${send_arg4}" PARENT_SCOPE) - set(SEND_TYPE_RETV "${send_retv}" PARENT_SCOPE) - set(HAVE_SEND 1 PARENT_SCOPE) - set(curl_cv_func_send_done 1 PARENT_SCOPE) - endif() -endfunction() - -check_c_source_compiles("${_source_epilogue} -int main(void) { - send(0, 0, 0, 0); - return 0; -}" curl_cv_send) -if(curl_cv_send) - if(NOT DEFINED curl_cv_func_send_args OR "${curl_cv_func_send_args}" STREQUAL "unknown") - if(APPLE) - curl_cv_func_send_run_test("ssize_t" "int" "const void *" "size_t" "int") - endif() - foreach(send_retv "int" "ssize_t" ) - foreach(send_arg1 "SOCKET" "int" "ssize_t" ) - foreach(send_arg2 "const char *" "const void *" "void *" "char *") - foreach(send_arg3 "int" "size_t" "socklen_t" "unsigned int") - foreach(send_arg4 "int" "unsigned int") - if(NOT curl_cv_func_send_done) - curl_cv_func_send_run_test("${send_retv}" "${send_arg1}" "${send_arg2}" "${send_arg3}" "${send_arg4}") - endif() - endforeach() - endforeach() - endforeach() - endforeach() - endforeach() - else() - string(REGEX REPLACE "^([^,]*),[^,]*,[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG1 "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,([^,]*),[^,]*,[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG2 "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,([^,]*),[^,]*,[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG3 "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,([^,]*),[^,]*,[^,]*$" "\\1" SEND_TYPE_ARG4 "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,([^,]*),[^,]*$" "\\1" SEND_TYPE_RETV "${curl_cv_func_send_args}") - string(REGEX REPLACE "^[^,]*,[^,]*,[^,]*,[^,]*,[^,]*,([^,]*)$" "\\1" SEND_QUAL_ARG2 "${curl_cv_func_send_args}") - endif() - - if("${curl_cv_func_send_args}" STREQUAL "unknown") - message(FATAL_ERROR "Cannot find proper types to use for send args") - endif() - set(SEND_QUAL_ARG2 "const") -else() - message(FATAL_ERROR "Unable to link function send") + }" HAVE_MSG_NOSIGNAL) endif() -set(curl_cv_func_send_args "${curl_cv_func_send_args}" CACHE INTERNAL "Arguments for send") -set(HAVE_SEND 1) +set(_source_epilogue "#undef inline") +add_header_include(HAVE_SYS_TIME_H "sys/time.h") check_c_source_compiles("${_source_epilogue} - int main(void) { - int flag = MSG_NOSIGNAL; - (void)flag; + #include + int main(void) + { + struct timeval ts; + ts.tv_sec = 0; + ts.tv_usec = 0; + (void)ts; return 0; - }" HAVE_MSG_NOSIGNAL) - -if(NOT HAVE_WINDOWS_H) - add_header_include(HAVE_SYS_TIME_H "sys/time.h") - add_header_include(TIME_WITH_SYS_TIME "time.h") - add_header_include(HAVE_TIME_H "time.h") -endif() -check_c_source_compiles("${_source_epilogue} -int main(void) { - struct timeval ts; - ts.tv_sec = 0; - ts.tv_usec = 0; - (void)ts; - return 0; -}" HAVE_STRUCT_TIMEVAL) - -if(HAVE_WINDOWS_H) - set(CMAKE_EXTRA_INCLUDE_FILES winsock2.h) -else() - set(CMAKE_EXTRA_INCLUDE_FILES) - if(HAVE_SYS_SOCKET_H) - set(CMAKE_EXTRA_INCLUDE_FILES sys/socket.h) - endif() -endif() - -check_type_size("struct sockaddr_storage" SIZEOF_STRUCT_SOCKADDR_STORAGE) -if(HAVE_SIZEOF_STRUCT_SOCKADDR_STORAGE) - set(HAVE_STRUCT_SOCKADDR_STORAGE 1) -endif() + }" HAVE_STRUCT_TIMEVAL) unset(CMAKE_TRY_COMPILE_TARGET_TYPE) -if(NOT DEFINED CMAKE_TOOLCHAIN_FILE) - if(NOT ${CMAKE_SYSTEM_NAME} MATCHES "Darwin") - # only try this on non-macOS - - # if not cross-compilation... - include(CheckCSourceRuns) - set(CMAKE_REQUIRED_FLAGS "") - if(HAVE_SYS_POLL_H) - set(CMAKE_REQUIRED_FLAGS "-DHAVE_SYS_POLL_H") - elseif(HAVE_POLL_H) - set(CMAKE_REQUIRED_FLAGS "-DHAVE_POLL_H") - endif() - check_c_source_runs(" +if(NOT CMAKE_CROSSCOMPILING AND NOT APPLE) + set(_source_epilogue "#undef inline") + add_header_include(HAVE_SYS_POLL_H "sys/poll.h") + add_header_include(HAVE_POLL_H "poll.h") + check_c_source_runs("${_source_epilogue} #include #include - - #ifdef HAVE_SYS_POLL_H - # include - #elif HAVE_POLL_H - # include - #endif - int main(void) { - if(0 != poll(0, 0, 10)) { - return 1; /* fail */ + if(0 != poll(0, 0, 10)) { + return 1; /* fail */ + } + else { + /* detect the 10.12 poll() breakage */ + struct timeval before, after; + int rc; + size_t us; + + gettimeofday(&before, NULL); + rc = poll(NULL, 0, 500); + gettimeofday(&after, NULL); + + us = (after.tv_sec - before.tv_sec) * 1000000 + + (after.tv_usec - before.tv_usec); + + if(us < 400000) { + return 1; } - else { - /* detect the 10.12 poll() breakage */ - struct timeval before, after; - int rc; - size_t us; + } + return 0; + }" HAVE_POLL_FINE) +endif() - gettimeofday(&before, NULL); - rc = poll(NULL, 0, 500); - gettimeofday(&after, NULL); +# Detect HAVE_GETADDRINFO_THREADSAFE + +if(WIN32) + set(HAVE_GETADDRINFO_THREADSAFE ${HAVE_GETADDRINFO}) +elseif(NOT HAVE_GETADDRINFO) + set(HAVE_GETADDRINFO_THREADSAFE FALSE) +elseif(APPLE OR + CMAKE_SYSTEM_NAME STREQUAL "AIX" OR + CMAKE_SYSTEM_NAME STREQUAL "FreeBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "HP-UX" OR + CMAKE_SYSTEM_NAME STREQUAL "MidnightBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "NetBSD" OR + CMAKE_SYSTEM_NAME STREQUAL "SunOS") + set(HAVE_GETADDRINFO_THREADSAFE TRUE) +elseif(CMAKE_SYSTEM_NAME MATCHES "BSD") + set(HAVE_GETADDRINFO_THREADSAFE FALSE) +endif() - us = (after.tv_sec - before.tv_sec) * 1000000 + - (after.tv_usec - before.tv_usec); +if(NOT DEFINED HAVE_GETADDRINFO_THREADSAFE) + set(_source_epilogue "#undef inline") + add_header_include(HAVE_SYS_SOCKET_H "sys/socket.h") + add_header_include(HAVE_SYS_TIME_H "sys/time.h") + add_header_include(HAVE_NETDB_H "netdb.h") + check_c_source_compiles("${_source_epilogue} + int main(void) + { + #ifdef h_errno + return 0; + #else + #error force compilation error + #endif + }" HAVE_H_ERRNO) + + if(NOT HAVE_H_ERRNO) + check_c_source_compiles("${_source_epilogue} + int main(void) + { + h_errno = 2; + return h_errno != 0 ? 1 : 0; + }" HAVE_H_ERRNO_ASSIGNABLE) + + if(NOT HAVE_H_ERRNO_ASSIGNABLE) + check_c_source_compiles("${_source_epilogue} + int main(void) + { + #if defined(_POSIX_C_SOURCE) && (_POSIX_C_SOURCE >= 200809L) + return 0; + #elif defined(_XOPEN_SOURCE) && (_XOPEN_SOURCE >= 700) + return 0; + #else + #error force compilation error + #endif + }" HAVE_H_ERRNO_SBS_ISSUE_7) + endif() + endif() - if(us < 400000) { - return 1; - } - } - return 0; - }" HAVE_POLL_FINE) + if(HAVE_H_ERRNO OR HAVE_H_ERRNO_ASSIGNABLE OR HAVE_H_ERRNO_SBS_ISSUE_7) + set(HAVE_GETADDRINFO_THREADSAFE TRUE) endif() endif() +if(NOT WIN32 AND NOT DEFINED HAVE_CLOCK_GETTIME_MONOTONIC_RAW) + set(_source_epilogue "#undef inline") + add_header_include(HAVE_SYS_TYPES_H "sys/types.h") + add_header_include(HAVE_SYS_TIME_H "sys/time.h") + check_c_source_compiles("${_source_epilogue} + #include + int main(void) + { + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC_RAW, &ts); + return 0; + }" HAVE_CLOCK_GETTIME_MONOTONIC_RAW) +endif() diff --git a/libs/curl/CMake/PickyWarnings.cmake b/libs/curl/CMake/PickyWarnings.cmake new file mode 100644 index 00000000..96e45f0e --- /dev/null +++ b/libs/curl/CMake/PickyWarnings.cmake @@ -0,0 +1,246 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +include(CheckCCompilerFlag) + +unset(WPICKY) + +if(CURL_WERROR AND + ((CMAKE_COMPILER_IS_GNUCC AND + NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 5.0 AND + NOT CMAKE_VERSION VERSION_LESS 3.23.0) OR # check_symbol_exists() incompatible with GCC -pedantic-errors in earlier CMake versions + CMAKE_C_COMPILER_ID MATCHES "Clang")) + set(WPICKY "${WPICKY} -pedantic-errors") +endif() + +if(APPLE AND + (CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.6) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 6.3)) + set(WPICKY "${WPICKY} -Werror=partial-availability") # clang 3.6 appleclang 6.3 +endif() + +if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang") + set(WPICKY "${WPICKY} -Werror-implicit-function-declaration") # clang 1.0 gcc 2.95 +endif() + +if(PICKY_COMPILER) + if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang") + + # https://clang.llvm.org/docs/DiagnosticsReference.html + # https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html + + # WPICKY_ENABLE = Options we want to enable as-is. + # WPICKY_DETECT = Options we want to test first and enable if available. + + # Prefer the -Wextra alias with clang. + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + set(WPICKY_ENABLE "-Wextra") + else() + set(WPICKY_ENABLE "-W") + endif() + + list(APPEND WPICKY_ENABLE + -Wall -pedantic + ) + + # ---------------------------------- + # Add new options here, if in doubt: + # ---------------------------------- + set(WPICKY_DETECT + ) + + # Assume these options always exist with both clang and gcc. + # Require clang 3.0 / gcc 2.95 or later. + list(APPEND WPICKY_ENABLE + -Wbad-function-cast # clang 2.7 gcc 2.95 + -Wconversion # clang 2.7 gcc 2.95 + -Winline # clang 1.0 gcc 1.0 + -Wmissing-declarations # clang 1.0 gcc 2.7 + -Wmissing-prototypes # clang 1.0 gcc 1.0 + -Wnested-externs # clang 1.0 gcc 2.7 + -Wno-long-long # clang 1.0 gcc 2.95 + -Wno-multichar # clang 1.0 gcc 2.95 + -Wpointer-arith # clang 1.0 gcc 1.4 + -Wshadow # clang 1.0 gcc 2.95 + -Wsign-compare # clang 1.0 gcc 2.95 + -Wundef # clang 1.0 gcc 2.95 + -Wunused # clang 1.1 gcc 2.95 + -Wwrite-strings # clang 1.0 gcc 1.4 + ) + + # Always enable with clang, version dependent with gcc + set(WPICKY_COMMON_OLD + -Waddress # clang 2.7 gcc 4.3 + -Wattributes # clang 2.7 gcc 4.1 + -Wcast-align # clang 1.0 gcc 4.2 + -Wdeclaration-after-statement # clang 1.0 gcc 3.4 + -Wdiv-by-zero # clang 2.7 gcc 4.1 + -Wempty-body # clang 2.7 gcc 4.3 + -Wendif-labels # clang 1.0 gcc 3.3 + -Wfloat-equal # clang 1.0 gcc 2.96 (3.0) + -Wformat-security # clang 2.7 gcc 4.1 + -Wignored-qualifiers # clang 2.8 gcc 4.3 + -Wmissing-field-initializers # clang 2.7 gcc 4.1 + -Wmissing-noreturn # clang 2.7 gcc 4.1 + -Wno-format-nonliteral # clang 1.0 gcc 2.96 (3.0) + -Wno-system-headers # clang 1.0 gcc 3.0 + # -Wpadded # clang 2.9 gcc 4.1 # Not used because we cannot change public structs + -Wold-style-definition # clang 2.7 gcc 3.4 + -Wredundant-decls # clang 2.7 gcc 4.1 + -Wsign-conversion # clang 2.9 gcc 4.3 + -Wno-error=sign-conversion # FIXME + -Wstrict-prototypes # clang 1.0 gcc 3.3 + # -Wswitch-enum # clang 2.7 gcc 4.1 # Not used because this basically disallows default case + -Wtype-limits # clang 2.7 gcc 4.3 + -Wunreachable-code # clang 2.7 gcc 4.1 + # -Wunused-macros # clang 2.7 gcc 4.1 # Not practical + -Wunused-parameter # clang 2.7 gcc 4.1 + -Wvla # clang 2.8 gcc 4.3 + ) + + set(WPICKY_COMMON + -Wdouble-promotion # clang 3.6 gcc 4.6 appleclang 6.3 + -Wenum-conversion # clang 3.2 gcc 10.0 appleclang 4.6 g++ 11.0 + -Wpragmas # clang 3.5 gcc 4.1 appleclang 6.0 + -Wunused-const-variable # clang 3.4 gcc 6.0 appleclang 5.1 + ) + + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON_OLD} + -Wshift-sign-overflow # clang 2.9 + -Wshorten-64-to-32 # clang 1.0 + -Wlanguage-extension-token # clang 3.0 + -Wformat=2 # clang 3.0 gcc 4.8 + ) + # Enable based on compiler version + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.6) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 6.3)) + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON} + -Wunreachable-code-break # clang 3.5 appleclang 6.0 + -Wheader-guard # clang 3.4 appleclang 5.1 + -Wsometimes-uninitialized # clang 3.2 appleclang 4.6 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.9) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 8.3)) + list(APPEND WPICKY_ENABLE + -Wcomma # clang 3.9 appleclang 8.3 + -Wmissing-variable-declarations # clang 3.2 appleclang 4.6 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 7.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 10.3)) + list(APPEND WPICKY_ENABLE + -Wassign-enum # clang 7.0 appleclang 10.3 + -Wextra-semi-stmt # clang 7.0 appleclang 10.3 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 10.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 12.4)) + list(APPEND WPICKY_ENABLE + -Wimplicit-fallthrough # clang 4.0 gcc 7.0 appleclang 12.4 # we have silencing markup for clang 10.0 and above only + ) + endif() + else() # gcc + list(APPEND WPICKY_DETECT + ${WPICKY_COMMON} + ) + # Enable based on compiler version + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.3) + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON_OLD} + -Wclobbered # gcc 4.3 + -Wmissing-parameter-type # gcc 4.3 + -Wold-style-declaration # gcc 4.3 + -Wstrict-aliasing=3 # gcc 4.0 + -Wtrampolines # gcc 4.3 + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.5 AND MINGW) + list(APPEND WPICKY_ENABLE + -Wno-pedantic-ms-format # gcc 4.5 (mingw-only) + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.8) + list(APPEND WPICKY_ENABLE + -Wformat=2 # clang 3.0 gcc 4.8 + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 5.0) + list(APPEND WPICKY_ENABLE + -Warray-bounds=2 -ftree-vrp # clang 3.0 gcc 5.0 (clang default: -Warray-bounds) + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 6.0) + list(APPEND WPICKY_ENABLE + -Wduplicated-cond # gcc 6.0 + -Wnull-dereference # clang 3.0 gcc 6.0 (clang default) + -fdelete-null-pointer-checks + -Wshift-negative-value # clang 3.7 gcc 6.0 (clang default) + -Wshift-overflow=2 # clang 3.0 gcc 6.0 (clang default: -Wshift-overflow) + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 7.0) + list(APPEND WPICKY_ENABLE + -Walloc-zero # gcc 7.0 + -Wduplicated-branches # gcc 7.0 + -Wformat-overflow=2 # gcc 7.0 + -Wformat-truncation=2 # gcc 7.0 + -Wimplicit-fallthrough # clang 4.0 gcc 7.0 + -Wrestrict # gcc 7.0 + ) + endif() + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 10.0) + list(APPEND WPICKY_ENABLE + -Warith-conversion # gcc 10.0 + ) + endif() + endif() + + # + + foreach(_CCOPT IN LISTS WPICKY_ENABLE) + set(WPICKY "${WPICKY} ${_CCOPT}") + endforeach() + + foreach(_CCOPT IN LISTS WPICKY_DETECT) + # surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each new + # test result in. + string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) + # GCC only warns about unknown -Wno- options if there are also other diagnostic messages, + # so test for the positive form instead + string(REPLACE "-Wno-" "-W" _CCOPT_ON "${_CCOPT}") + check_c_compiler_flag(${_CCOPT_ON} ${_optvarname}) + if(${_optvarname}) + set(WPICKY "${WPICKY} ${_CCOPT}") + endif() + endforeach() + endif() +endif() + +if(WPICKY) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${WPICKY}") + message(STATUS "Picky compiler options:${WPICKY}") +endif() diff --git a/libs/curl/CMake/Platforms/WindowsCache.cmake b/libs/curl/CMake/Platforms/WindowsCache.cmake index fb803f8a..5346f595 100644 --- a/libs/curl/CMake/Platforms/WindowsCache.cmake +++ b/libs/curl/CMake/Platforms/WindowsCache.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,110 +18,175 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -if(NOT UNIX) - if(WIN32) - set(HAVE_LIBDL 0) - set(HAVE_LIBUCB 0) - set(HAVE_LIBSOCKET 0) - set(NOT_NEED_LIBNSL 0) - set(HAVE_LIBNSL 0) - set(HAVE_GETHOSTNAME 1) - set(HAVE_LIBZ 0) +if(NOT WIN32) + message(FATAL_ERROR "This file should be included on Windows platform only") +endif() - set(HAVE_DLOPEN 0) +set(HAVE_LOCALE_H 1) - set(HAVE_ALLOCA_H 0) - set(HAVE_ARPA_INET_H 0) - set(HAVE_DLFCN_H 0) - set(HAVE_FCNTL_H 1) - set(HAVE_INTTYPES_H 0) - set(HAVE_IO_H 1) - set(HAVE_MALLOC_H 1) - set(HAVE_MEMORY_H 1) - set(HAVE_NETDB_H 0) - set(HAVE_NETINET_IF_ETHER_H 0) - set(HAVE_NETINET_IN_H 0) - set(HAVE_NET_IF_H 0) - set(HAVE_PROCESS_H 1) - set(HAVE_PWD_H 0) - set(HAVE_SETJMP_H 1) - set(HAVE_SIGNAL_H 1) - set(HAVE_SOCKIO_H 0) - set(HAVE_STDINT_H 0) - set(HAVE_STDLIB_H 1) - set(HAVE_STRINGS_H 0) - set(HAVE_STRING_H 1) - set(HAVE_SYS_PARAM_H 0) - set(HAVE_SYS_POLL_H 0) - set(HAVE_SYS_SELECT_H 0) - set(HAVE_SYS_SOCKET_H 0) - set(HAVE_SYS_SOCKIO_H 0) - set(HAVE_SYS_STAT_H 1) - set(HAVE_SYS_TIME_H 0) - set(HAVE_SYS_TYPES_H 1) - set(HAVE_SYS_UTIME_H 1) - set(HAVE_TERMIOS_H 0) - set(HAVE_TERMIO_H 0) - set(HAVE_TIME_H 1) +if(MINGW) + set(HAVE_SNPRINTF 1) + set(HAVE_UNISTD_H 1) + set(HAVE_LIBGEN_H 1) + set(HAVE_STDDEF_H 1) # detected by CMake internally in check_type_size() + set(HAVE_STDBOOL_H 1) + set(HAVE_BOOL_T "${HAVE_STDBOOL_H}") + set(HAVE_STRTOLL 1) + set(HAVE_BASENAME 1) + set(HAVE_STRCASECMP 1) + set(HAVE_FTRUNCATE 1) + set(HAVE_SYS_PARAM_H 1) + set(HAVE_SYS_TIME_H 1) + set(HAVE_GETTIMEOFDAY 1) +else() + set(HAVE_LIBGEN_H 0) + set(HAVE_STRCASECMP 0) + set(HAVE_FTRUNCATE 0) + set(HAVE_SYS_PARAM_H 0) + set(HAVE_SYS_TIME_H 0) + set(HAVE_GETTIMEOFDAY 0) + if(MSVC) set(HAVE_UNISTD_H 0) - set(HAVE_UTIME_H 0) - set(HAVE_X509_H 0) - set(HAVE_ZLIB_H 0) + set(HAVE_LOCALE_H 1) + set(HAVE_STDDEF_H 1) # detected by CMake internally in check_type_size() + set(HAVE_STDATOMIC_H 0) + if(NOT MSVC_VERSION LESS 1800) + set(HAVE_STDBOOL_H 1) + set(HAVE_STRTOLL 1) + else() + set(HAVE_STDBOOL_H 0) + set(HAVE_STRTOLL 0) + endif() + set(HAVE_BOOL_T "${HAVE_STDBOOL_H}") + if(NOT MSVC_VERSION LESS 1900) + set(HAVE_SNPRINTF 1) + else() + set(HAVE_SNPRINTF 0) + endif() + set(HAVE_BASENAME 0) + set(HAVE_STRTOK_R 0) + set(HAVE_FILE_OFFSET_BITS 0) + set(HAVE_ATOMIC 0) + endif() +endif() - set(HAVE_SIZEOF_LONG_DOUBLE 1) - set(SIZEOF_LONG_DOUBLE 8) +# Available in Windows XP and newer +set(HAVE_GETADDRINFO 1) +set(HAVE_FREEADDRINFO 1) - set(HAVE_SOCKET 1) - set(HAVE_POLL 0) - set(HAVE_SELECT 1) - set(HAVE_STRDUP 1) - set(HAVE_STRSTR 1) - set(HAVE_STRTOK_R 0) - set(HAVE_STRFTIME 1) - set(HAVE_UNAME 0) - set(HAVE_STRCASECMP 0) - set(HAVE_STRICMP 1) - set(HAVE_STRCMPI 1) - set(HAVE_GETTIMEOFDAY 0) - set(HAVE_INET_ADDR 1) - set(HAVE_CLOSESOCKET 1) - set(HAVE_SETVBUF 0) - set(HAVE_SIGSETJMP 0) - set(HAVE_GETPASS_R 0) - set(HAVE_STRLCAT 0) - set(HAVE_GETPWUID 0) - set(HAVE_GETEUID 0) - set(HAVE_UTIME 1) - set(HAVE_RAND_EGD 0) - set(HAVE_RAND_SCREEN 0) - set(HAVE_RAND_STATUS 0) - set(HAVE_GMTIME_R 0) - set(HAVE_LOCALTIME_R 0) - set(HAVE_GETHOSTBYNAME_R 0) - set(HAVE_SIGNAL_FUNC 1) - set(HAVE_SIGNAL_MACRO 0) +set(HAVE_FCHMOD 0) +set(HAVE_SOCKETPAIR 0) +set(HAVE_SENDMSG 0) +set(HAVE_ALARM 0) +set(HAVE_FCNTL 0) +set(HAVE_GETPPID 0) +set(HAVE_UTIMES 0) +set(HAVE_GETPWUID_R 0) +set(HAVE_STRERROR_R 0) +set(HAVE_SIGINTERRUPT 0) +set(HAVE_PIPE 0) +set(HAVE_EVENTFD 0) +set(HAVE_IF_NAMETOINDEX 0) +set(HAVE_GETRLIMIT 0) +set(HAVE_SETRLIMIT 0) +set(HAVE_FSETXATTR 0) +set(HAVE_LIBSOCKET 0) +set(HAVE_SETLOCALE 1) +set(HAVE_SETMODE 1) +set(HAVE_GETPEERNAME 1) +set(HAVE_GETSOCKNAME 1) +set(HAVE_GETHOSTNAME 1) +set(HAVE_LIBZ 0) - set(HAVE_GETHOSTBYNAME_R_3 0) - set(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0) - set(HAVE_GETHOSTBYNAME_R_5 0) - set(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0) - set(HAVE_GETHOSTBYNAME_R_6 0) - set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0) +set(HAVE_RECV 1) +set(HAVE_SEND 1) +set(HAVE_STROPTS_H 0) +set(HAVE_SYS_XATTR_H 0) +set(HAVE_ARC4RANDOM 0) +set(HAVE_FNMATCH 0) +set(HAVE_SCHED_YIELD 0) +set(HAVE_ARPA_INET_H 0) +set(HAVE_FCNTL_H 1) +set(HAVE_IFADDRS_H 0) +set(HAVE_IO_H 1) +set(HAVE_NETDB_H 0) +set(HAVE_NETINET_IN_H 0) +set(HAVE_NETINET_TCP_H 0) +set(HAVE_NETINET_UDP_H 0) +set(HAVE_NET_IF_H 0) +set(HAVE_IOCTL_SIOCGIFADDR 0) +set(HAVE_POLL_H 0) +set(HAVE_POLL_FINE 0) +set(HAVE_PWD_H 0) +set(HAVE_STRINGS_H 0) # mingw-w64 has it (wrapper to string.h) +set(HAVE_SYS_EVENTFD_H 0) +set(HAVE_SYS_FILIO_H 0) +set(HAVE_SYS_WAIT_H 0) +set(HAVE_SYS_IOCTL_H 0) +set(HAVE_SYS_POLL_H 0) +set(HAVE_SYS_RESOURCE_H 0) +set(HAVE_SYS_SELECT_H 0) +set(HAVE_SYS_SOCKET_H 0) +set(HAVE_SYS_SOCKIO_H 0) +set(HAVE_SYS_STAT_H 1) +set(HAVE_SYS_TYPES_H 1) +set(HAVE_SYS_UN_H 0) +set(HAVE_SYS_UTIME_H 1) +set(HAVE_TERMIOS_H 0) +set(HAVE_TERMIO_H 0) +set(HAVE_UTIME_H 0) # mingw-w64 has it (wrapper to sys/utime.h) - set(TIME_WITH_SYS_TIME 0) - set(HAVE_O_NONBLOCK 0) - set(HAVE_IN_ADDR_T 0) - if(ENABLE_IPV6) - set(HAVE_GETADDRINFO 1) - else() - set(HAVE_GETADDRINFO 0) - endif() - set(STDC_HEADERS 1) +set(HAVE_DIRENT_H 0) +set(HAVE_OPENDIR 0) - set(HAVE_SIGACTION 0) - set(HAVE_MACRO_SIGSETJMP 0) - else() - message("This file should be included on Windows platform only") - endif() -endif() +set(HAVE_FSEEKO 0) +set(HAVE__FSEEKI64 1) +set(HAVE_SOCKET 1) +set(HAVE_SELECT 1) +set(HAVE_STRDUP 1) +set(HAVE_STRICMP 1) +set(HAVE_STRCMPI 1) +set(HAVE_MEMRCHR 0) +set(HAVE_CLOSESOCKET 1) +set(HAVE_SIGSETJMP 0) +set(HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1) +set(HAVE_GETPASS_R 0) +set(HAVE_GETPWUID 0) +set(HAVE_GETEUID 0) +set(HAVE_UTIME 1) +set(HAVE_GMTIME_R 0) +set(HAVE_GETHOSTBYNAME_R 0) +set(HAVE_SIGNAL 1) +set(HAVE_SIGACTION 0) +set(HAVE_LINUX_TCP_H 0) +set(HAVE_GLIBC_STRERROR_R 0) +set(HAVE_MACH_ABSOLUTE_TIME 0) +set(HAVE_GETIFADDRS 0) +set(HAVE_FCNTL_O_NONBLOCK 0) +set(HAVE_IOCTLSOCKET 1) +set(HAVE_IOCTLSOCKET_CAMEL 0) +set(HAVE_IOCTLSOCKET_CAMEL_FIONBIO 0) +set(HAVE_IOCTLSOCKET_FIONBIO 1) +set(HAVE_IOCTL_FIONBIO 0) +set(HAVE_SETSOCKOPT_SO_NONBLOCK 0) +set(HAVE_POSIX_STRERROR_R 0) +set(HAVE_MSG_NOSIGNAL 0) +set(HAVE_STRUCT_TIMEVAL 1) +set(HAVE_STRUCT_SOCKADDR_STORAGE 1) + +set(HAVE_GETHOSTBYNAME_R_3 0) +set(HAVE_GETHOSTBYNAME_R_3_REENTRANT 0) +set(HAVE_GETHOSTBYNAME_R_5 0) +set(HAVE_GETHOSTBYNAME_R_5_REENTRANT 0) +set(HAVE_GETHOSTBYNAME_R_6 0) +set(HAVE_GETHOSTBYNAME_R_6_REENTRANT 0) + +set(HAVE_O_NONBLOCK 0) +set(HAVE_IN_ADDR_T 0) +set(STDC_HEADERS 1) + +set(HAVE_SIZEOF_SUSECONDS_T 0) +set(HAVE_SIZEOF_SA_FAMILY_T 0) diff --git a/libs/curl/CMake/Utilities.cmake b/libs/curl/CMake/Utilities.cmake index 8f9b861b..84a40f4e 100644 --- a/libs/curl/CMake/Utilities.cmake +++ b/libs/curl/CMake/Utilities.cmake @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,10 +18,12 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### # File containing various utilities -# Returns a list of arguments that evaluate to true +# Returns number of arguments that evaluate to true function(count_true output_count_var) set(lst_len 0) foreach(option_var IN LISTS ARGN) diff --git a/libs/curl/CMake/cmake_uninstall.cmake.in b/libs/curl/CMake/cmake_uninstall.cmake.in index e96c1432..47aec8d4 100644 --- a/libs/curl/CMake/cmake_uninstall.cmake.in +++ b/libs/curl/CMake/cmake_uninstall.cmake.in @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") diff --git a/libs/curl/CMake/curl-config.cmake.in b/libs/curl/CMake/curl-config.cmake.in index 957148ec..2ce8625e 100644 --- a/libs/curl/CMake/curl-config.cmake.in +++ b/libs/curl/CMake/curl-config.cmake.in @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### @PACKAGE_INIT@ @@ -31,3 +33,12 @@ endif() include("${CMAKE_CURRENT_LIST_DIR}/@TARGETS_EXPORT_NAME@.cmake") check_required_components("@PROJECT_NAME@") + +# Alias for either shared or static library +if(NOT TARGET @PROJECT_NAME@::libcurl) + add_library(@PROJECT_NAME@::libcurl ALIAS @PROJECT_NAME@::@LIB_SELECTED@) +endif() + +# For compatibility with CMake's FindCURL.cmake +set(CURL_LIBRARIES @PROJECT_NAME@::libcurl) +set_and_check(CURL_INCLUDE_DIRS "@PACKAGE_CMAKE_INSTALL_INCLUDEDIR@") diff --git a/libs/curl/CMakeLists.txt b/libs/curl/CMakeLists.txt index 125b0a02..580cc435 100644 --- a/libs/curl/CMakeLists.txt +++ b/libs/curl/CMakeLists.txt @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,26 +18,33 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -# curl/libcurl CMake script # by Tetetest and Sukender (Benoit Neil) -# TODO: -# The output .so file lacks the soname number which we currently have within the lib/Makefile.am file -# Add full (4 or 5 libs) SSL support -# Add INSTALL target (EXTRA_DIST variables in Makefile.am may be moved to Makefile.inc so that CMake/CPack is aware of what's to include). -# Check on all possible platforms -# Test with as many configurations possible (With or without any option) -# Create scripts that help keeping the CMake build system up to date (to reduce maintenance). According to Tetetest: -# - lists of headers that 'configure' checks for; -# - curl-specific tests (the ones that are in m4/curl-*.m4 files); -# - (most obvious thing:) curl version numbers. -# Add documentation subproject +# Note: By default this CMake build script detects the version of some +# dependencies using `check_symbol_exists`. Those checks do not work +# in the case that both CURL and its dependency are included as +# sub-projects in a larger build using `FetchContent`. To support +# that case, additional variables may be defined by the parent +# project, ideally in the "extra" find package redirect file: +# https://cmake.org/cmake/help/latest/module/FetchContent.html#integrating-with-find-package +# +# The following variables are available: +# HAVE_SSL_SET0_WBIO: `SSL_set0_wbio` present in OpenSSL/wolfSSL +# HAVE_OPENSSL_SRP: `SSL_CTX_set_srp_username` present in OpenSSL/wolfSSL +# HAVE_GNUTLS_SRP: `gnutls_srp_verifier` present in GnuTLS +# HAVE_SSL_CTX_SET_QUIC_METHOD: `SSL_CTX_set_quic_method` present in OpenSSL/wolfSSL +# HAVE_QUICHE_CONN_SET_QLOG_FD: `quiche_conn_set_qlog_fd` present in QUICHE +# HAVE_ECH: ECH API checks for OpenSSL, BoringSSL or wolfSSL # -# To check: -# (From Daniel Stenberg) The cmake build selected to run gcc with -fPIC on my box while the plain configure script did not. -# (From Daniel Stenberg) The gcc command line use neither -g nor any -O options. As a developer, I also treasure our configure scripts's --enable-debug option that sets a long range of "picky" compiler options. -cmake_minimum_required(VERSION 3.2...3.16 FATAL_ERROR) +# For each of the above variables, if the variable is DEFINED (either +# to ON or OFF), the symbol detection will be skipped. If the +# variable is NOT DEFINED, the symbol detection will be performed. + +cmake_minimum_required(VERSION 3.7...3.16 FATAL_ERROR) +message(STATUS "Using CMake version ${CMAKE_VERSION}") set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}") include(Utilities) @@ -57,39 +64,41 @@ string(REGEX REPLACE "[^0]+0x" "" CURL_VERSION_NUM ${CURL_VERSION_NUM}) # Setup package meta-data -# SET(PACKAGE "curl") +# set(PACKAGE "curl") message(STATUS "curl version=[${CURL_VERSION}]") -# SET(PACKAGE_TARNAME "curl") -# SET(PACKAGE_NAME "curl") -# SET(PACKAGE_VERSION "-") -# SET(PACKAGE_STRING "curl-") -# SET(PACKAGE_BUGREPORT "a suitable curl mailing list => https://curl.se/mail/") +# set(PACKAGE_TARNAME "curl") +# set(PACKAGE_NAME "curl") +# set(PACKAGE_VERSION "-") +# set(PACKAGE_STRING "curl-") +# set(PACKAGE_BUGREPORT "a suitable curl mailing list => https://curl.se/mail/") set(OPERATING_SYSTEM "${CMAKE_SYSTEM_NAME}") -set(OS "\"${CMAKE_SYSTEM_NAME}\"") +if(CMAKE_C_COMPILER_TARGET) + set(OS "\"${CMAKE_C_COMPILER_TARGET}\"") +else() + set(OS "\"${CMAKE_SYSTEM_NAME}\"") +endif() include_directories(${CURL_SOURCE_DIR}/include) +set(CMAKE_UNITY_BUILD_BATCH_SIZE 0) + option(CURL_WERROR "Turn compiler warnings into errors" OFF) option(PICKY_COMPILER "Enable picky compiler options" ON) option(BUILD_CURL_EXE "Set to ON to build curl executable." ON) option(BUILD_SHARED_LIBS "Build shared libraries" ON) +option(BUILD_STATIC_LIBS "Build static libraries" OFF) +option(BUILD_STATIC_CURL "Build curl executable with static libcurl" OFF) option(ENABLE_ARES "Set to ON to enable c-ares support" OFF) +option(CURL_DISABLE_INSTALL "Set to ON to disable installation targets" OFF) + if(WIN32) option(CURL_STATIC_CRT "Set to ON to build libcurl with static CRT on Windows (/MT)." OFF) - option(ENABLE_INET_PTON "Set to OFF to prevent usage of inet_pton when building against modern SDKs while still requiring compatibility with older Windows versions, such as Windows XP, Windows Server 2003 etc." ON) option(ENABLE_UNICODE "Set to ON to use the Unicode version of the Windows API functions" OFF) set(CURL_TARGET_WINDOWS_VERSION "" CACHE STRING "Minimum target Windows version as hex string") if(CURL_TARGET_WINDOWS_VERSION) add_definitions(-D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}") - elseif(ENABLE_INET_PTON) - # _WIN32_WINNT_VISTA (0x0600) - add_definitions(-D_WIN32_WINNT=0x0600) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WIN32_WINNT=0x0600") - else() - # _WIN32_WINNT_WINXP (0x0501) - add_definitions(-D_WIN32_WINNT=0x0501) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WIN32_WINNT=0x0501") + list(APPEND CMAKE_REQUIRED_DEFINITIONS -D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}) + set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -D_WIN32_WINNT=${CURL_TARGET_WINDOWS_VERSION}") endif() if(ENABLE_UNICODE) add_definitions(-DUNICODE -D_UNICODE) @@ -101,39 +110,16 @@ endif() option(CURL_LTO "Turn on compiler Link Time Optimizations" OFF) cmake_dependent_option(ENABLE_THREADED_RESOLVER "Set to ON to enable threaded DNS lookup" - ON "NOT ENABLE_ARES" - OFF) + ON "NOT ENABLE_ARES" + OFF) + +include(PickyWarnings) option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF) -option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF) - -if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) - if(PICKY_COMPILER) - foreach(_CCOPT -pedantic -Wall -W -Wpointer-arith -Wwrite-strings -Wunused -Wshadow -Winline -Wnested-externs -Wmissing-declarations -Wmissing-prototypes -Wfloat-equal -Wsign-compare -Wundef -Wendif-labels -Wstrict-prototypes -Wdeclaration-after-statement -Wstrict-aliasing=3 -Wcast-align -Wtype-limits -Wold-style-declaration -Wmissing-parameter-type -Wempty-body -Wclobbered -Wignored-qualifiers -Wconversion -Wvla -Wdouble-promotion) - # surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each new - # test result in. - string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) - check_c_compiler_flag(${_CCOPT} ${_optvarname}) - if(${_optvarname}) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_CCOPT}") - endif() - endforeach() - foreach(_CCOPT long-long multichar format-nonliteral sign-conversion system-headers pedantic-ms-format) - # GCC only warns about unknown -Wno- options if there are also other diagnostic messages, - # so test for the positive form instead - string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) - check_c_compiler_flag("-W${_CCOPT}" ${_optvarname}) - if(${_optvarname}) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-${_CCOPT}") - endif() - endforeach() - endif() -endif() +option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" ${ENABLE_DEBUG}) if(ENABLE_DEBUG) - # DEBUGBUILD will be defined only for Debug builds - set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$:DEBUGBUILD>) - set(ENABLE_CURLDEBUG ON) + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS DEBUGBUILD) endif() if(ENABLE_CURLDEBUG) @@ -145,13 +131,41 @@ if(NOT DEFINED CMAKE_DEBUG_POSTFIX) set(CMAKE_DEBUG_POSTFIX "-d") endif() +set(LIB_STATIC "libcurl_static") +set(LIB_SHARED "libcurl_shared") + +if(NOT BUILD_SHARED_LIBS AND NOT BUILD_STATIC_LIBS) + set(BUILD_STATIC_LIBS ON) +endif() +if(NOT BUILD_STATIC_CURL AND NOT BUILD_SHARED_LIBS) + set(BUILD_STATIC_CURL ON) +elseif(BUILD_STATIC_CURL AND NOT BUILD_STATIC_LIBS) + set(BUILD_STATIC_CURL OFF) +endif() + +# lib flavour selected for curl tool +if(BUILD_STATIC_CURL) + set(LIB_SELECTED_FOR_EXE ${LIB_STATIC}) +else() + set(LIB_SELECTED_FOR_EXE ${LIB_SHARED}) +endif() + +# lib flavour selected for example and test programs. +if(BUILD_SHARED_LIBS) + set(LIB_SELECTED ${LIB_SHARED}) +else() + set(LIB_SELECTED ${LIB_STATIC}) +endif() + # initialize CURL_LIBS set(CURL_LIBS "") +set(LIBCURL_PC_REQUIRES_PRIVATE "") if(ENABLE_ARES) set(USE_ARES 1) find_package(CARES REQUIRED) list(APPEND CURL_LIBS ${CARES_LIBRARY}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libcares") endif() include(CurlSymbolHiding) @@ -161,22 +175,39 @@ mark_as_advanced(CURL_ENABLE_EXPORT_TARGET) option(CURL_DISABLE_ALTSVC "disables alt-svc support" OFF) mark_as_advanced(CURL_DISABLE_ALTSVC) +option(CURL_DISABLE_SRP "disables TLS-SRP support" OFF) +mark_as_advanced(CURL_DISABLE_SRP) option(CURL_DISABLE_COOKIES "disables cookies support" OFF) mark_as_advanced(CURL_DISABLE_COOKIES) -option(CURL_DISABLE_CRYPTO_AUTH "disables cryptographic authentication" OFF) -mark_as_advanced(CURL_DISABLE_CRYPTO_AUTH) +option(CURL_DISABLE_BASIC_AUTH "disables Basic authentication" OFF) +mark_as_advanced(CURL_DISABLE_BASIC_AUTH) +option(CURL_DISABLE_BEARER_AUTH "disables Bearer authentication" OFF) +mark_as_advanced(CURL_DISABLE_BEARER_AUTH) +option(CURL_DISABLE_DIGEST_AUTH "disables Digest authentication" OFF) +mark_as_advanced(CURL_DISABLE_DIGEST_AUTH) +option(CURL_DISABLE_KERBEROS_AUTH "disables Kerberos authentication" OFF) +mark_as_advanced(CURL_DISABLE_KERBEROS_AUTH) +option(CURL_DISABLE_NEGOTIATE_AUTH "disables negotiate authentication" OFF) +mark_as_advanced(CURL_DISABLE_NEGOTIATE_AUTH) +option(CURL_DISABLE_AWS "disables AWS-SIG4" OFF) +mark_as_advanced(CURL_DISABLE_AWS) option(CURL_DISABLE_DICT "disables DICT" OFF) mark_as_advanced(CURL_DISABLE_DICT) option(CURL_DISABLE_DOH "disables DNS-over-HTTPS" OFF) mark_as_advanced(CURL_DISABLE_DOH) option(CURL_DISABLE_FILE "disables FILE" OFF) mark_as_advanced(CURL_DISABLE_FILE) +cmake_dependent_option(CURL_DISABLE_FORM_API "disables form api" OFF + "NOT CURL_DISABLE_MIME" ON) +mark_as_advanced(CURL_DISABLE_FORM_API) option(CURL_DISABLE_FTP "disables FTP" OFF) mark_as_advanced(CURL_DISABLE_FTP) option(CURL_DISABLE_GETOPTIONS "disables curl_easy_options API for existing options to curl_easy_setopt" OFF) mark_as_advanced(CURL_DISABLE_GETOPTIONS) option(CURL_DISABLE_GOPHER "disables Gopher" OFF) mark_as_advanced(CURL_DISABLE_GOPHER) +option(CURL_DISABLE_HEADERS_API "disables headers-api support" OFF) +mark_as_advanced(CURL_DISABLE_HEADERS_API) option(CURL_DISABLE_HSTS "disables HSTS support" OFF) mark_as_advanced(CURL_DISABLE_HSTS) option(CURL_DISABLE_HTTP "disables HTTP" OFF) @@ -194,6 +225,8 @@ mark_as_advanced(CURL_DISABLE_LIBCURL_OPTION) option(CURL_DISABLE_MIME "disables MIME support" OFF) mark_as_advanced(CURL_DISABLE_MIME) option(CURL_DISABLE_MQTT "disables MQTT" OFF) +mark_as_advanced(CURL_DISABLE_BINDLOCAL) +option(CURL_DISABLE_BINDLOCAL "disables local binding support" OFF) mark_as_advanced(CURL_DISABLE_MQTT) option(CURL_DISABLE_NETRC "disables netrc parser" OFF) mark_as_advanced(CURL_DISABLE_NETRC) @@ -245,6 +278,10 @@ if(HTTP_ONLY) set(CURL_DISABLE_TFTP ON) endif() +if(WINDOWS_STORE) + set(CURL_DISABLE_TELNET ON) # telnet code needs fixing to compile for UWP. +endif() + option(ENABLE_IPV6 "Define if you want to enable IPv6 support" ON) mark_as_advanced(ENABLE_IPV6) if(ENABLE_IPV6 AND NOT WIN32) @@ -260,8 +297,8 @@ if(ENABLE_IPV6 AND NOT WIN32) CACHE BOOL "Define if you want to enable IPv6 support" FORCE) endif() - if(CMAKE_SYSTEM_NAME STREQUAL "Darwin" AND NOT ENABLE_ARES) - set(use_core_foundation ON) + if(APPLE AND NOT ENABLE_ARES) + set(use_core_foundation_and_core_services ON) find_library(SYSTEMCONFIGURATION_FRAMEWORK "SystemConfiguration") if(NOT SYSTEMCONFIGURATION_FRAMEWORK) @@ -271,19 +308,23 @@ if(ENABLE_IPV6 AND NOT WIN32) list(APPEND CURL_LIBS "-framework SystemConfiguration") endif() endif() - -if(USE_MANUAL) - #nroff is currently only used when USE_MANUAL is set, so we can prevent the warning of no *NROFF if USE_MANUAL is OFF (or not defined), by not even looking for NROFF.. - curl_nroff_check() +if(ENABLE_IPV6) + set(USE_IPV6 ON) endif() + find_package(Perl) -cmake_dependent_option(ENABLE_MANUAL "to provide the built-in manual" - ON "NROFF_USEFUL;PERL_FOUND" - OFF) +option(BUILD_LIBCURL_DOCS "to build libcurl man pages" ON) +option(BUILD_MISC_DOCS "to build misc man pages (e.g. curl-config and mk-ca-bundle)" ON) +option(ENABLE_CURL_MANUAL "to build the man page for curl and enable its -M/--manual option" ON) -if(ENABLE_MANUAL) - set(USE_MANUAL ON) +if(ENABLE_CURL_MANUAL OR BUILD_LIBCURL_DOCS) + if(PERL_FOUND) + set(HAVE_MANUAL_TOOLS ON) + endif() + if(NOT HAVE_MANUAL_TOOLS) + message(WARNING "Perl not found. Will not build manuals.") + endif() endif() if(CURL_STATIC_CRT) @@ -302,6 +343,11 @@ if(${CMAKE_SYSTEM_NAME} MATCHES AIX) set(_ALL_SOURCE 1) endif() +# If we are on Haiku, make sure that the network library is brought in. +if(${CMAKE_SYSTEM_NAME} MATCHES Haiku) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -lnetwork") +endif() + # Include all the necessary files for macros include(CMakePushCheckState) include(CheckFunctionExists) @@ -314,84 +360,56 @@ include(CheckCSourceCompiles) # On windows preload settings if(WIN32) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_=") include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake) endif() if(ENABLE_THREADED_RESOLVER) - find_package(Threads REQUIRED) if(WIN32) set(USE_THREADS_WIN32 ON) else() + find_package(Threads REQUIRED) set(USE_THREADS_POSIX ${CMAKE_USE_PTHREADS_INIT}) set(HAVE_PTHREAD_H ${CMAKE_USE_PTHREADS_INIT}) + set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT}) endif() - set(CURL_LIBS ${CURL_LIBS} ${CMAKE_THREAD_LIBS_INIT}) endif() # Check for all needed libraries -check_library_exists_concat("${CMAKE_DL_LIBS}" dlopen HAVE_LIBDL) -check_library_exists_concat("socket" connect HAVE_LIBSOCKET) -check_library_exists("c" gethostbyname "" NOT_NEED_LIBNSL) - -# Yellowtab Zeta needs different libraries than BeOS 5. -if(BEOS) - set(NOT_NEED_LIBNSL 1) - check_library_exists_concat("bind" gethostbyname HAVE_LIBBIND) - check_library_exists_concat("bnetapi" closesocket HAVE_LIBBNETAPI) -endif() - -if(NOT NOT_NEED_LIBNSL) - check_library_exists_concat("nsl" gethostbyname HAVE_LIBNSL) +check_library_exists("socket" "connect" "" HAVE_LIBSOCKET) +if(HAVE_LIBSOCKET) + set(CURL_LIBS "socket;${CURL_LIBS}") endif() check_function_exists(gethostname HAVE_GETHOSTNAME) if(WIN32) - check_library_exists_concat("ws2_32" getch HAVE_LIBWS2_32) - check_library_exists_concat("winmm" getch HAVE_LIBWINMM) -endif() - -# This check below for use of deprecated symbols is only temporary and is to -# be removed again after a year's service. Remove after November 25, 2022. -set(CURL_RECONFIG_REQUIRED 0) -foreach(_LIB GSSAPI OPENLDAP LIBSSH LIBSSH2 BEARSSL MBEDTLS NSS OPENSSL - SCHANNEL SECTRANSP WOLFSSL) - if(CMAKE_USE_${_LIB}) - set(CURL_RECONFIG_REQUIRED 1) - message(SEND_ERROR "The option CMAKE_USE_${_LIB} was renamed to CURL_USE_${_LIB}.") - endif() -endforeach() -if(CMAKE_USE_WINSSL) - set(CURL_RECONFIG_REQUIRED 1) - message(SEND_ERROR "The option CMAKE_USE_WINSSL was renamed to CURL_USE_SCHANNEL.") -endif() -if(CURL_RECONFIG_REQUIRED) - message(FATAL_ERROR "Reconfig required") + list(APPEND CURL_LIBS "ws2_32" "bcrypt") endif() # check SSL libraries -# TODO support GnuTLS option(CURL_ENABLE_SSL "Enable SSL support" ON) +if(CURL_DEFAULT_SSL_BACKEND) + set(valid_default_ssl_backend FALSE) +endif() + if(APPLE) - cmake_dependent_option(CURL_USE_SECTRANSP "enable Apple OS native SSL/TLS" OFF CURL_ENABLE_SSL OFF) + cmake_dependent_option(CURL_USE_SECTRANSP "Enable Apple OS native SSL/TLS" OFF CURL_ENABLE_SSL OFF) endif() if(WIN32) - cmake_dependent_option(CURL_USE_SCHANNEL "enable Windows native SSL/TLS" OFF CURL_ENABLE_SSL OFF) - cmake_dependent_option(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON - CURL_USE_SCHANNEL OFF) + cmake_dependent_option(CURL_USE_SCHANNEL "Enable Windows native SSL/TLS" OFF CURL_ENABLE_SSL OFF) + option(CURL_WINDOWS_SSPI "Enable SSPI on Windows" ${CURL_USE_SCHANNEL}) endif() cmake_dependent_option(CURL_USE_MBEDTLS "Enable mbedTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF) cmake_dependent_option(CURL_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF CURL_ENABLE_SSL OFF) -cmake_dependent_option(CURL_USE_NSS "Enable NSS for SSL/TLS" OFF CURL_ENABLE_SSL OFF) -cmake_dependent_option(CURL_USE_WOLFSSL "enable wolfSSL for SSL/TLS" OFF CURL_ENABLE_SSL OFF) +cmake_dependent_option(CURL_USE_WOLFSSL "Enable wolfSSL for SSL/TLS" OFF CURL_ENABLE_SSL OFF) +cmake_dependent_option(CURL_USE_GNUTLS "Enable GnuTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF) set(openssl_default ON) -if(WIN32 OR CURL_USE_SECTRANSP OR CURL_USE_SCHANNEL OR CURL_USE_MBEDTLS OR CURL_USE_NSS OR CURL_USE_WOLFSSL) +if(WIN32 OR CURL_USE_SECTRANSP OR CURL_USE_SCHANNEL OR CURL_USE_MBEDTLS OR CURL_USE_WOLFSSL) set(openssl_default OFF) endif() -cmake_dependent_option(CURL_USE_OPENSSL "Use OpenSSL code. Experimental" ${openssl_default} CURL_ENABLE_SSL OFF) +cmake_dependent_option(CURL_USE_OPENSSL "Enable OpenSSL for SSL/TLS" ${openssl_default} CURL_ENABLE_SSL OFF) option(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG "Disable automatic loading of OpenSSL configuration" OFF) count_true(enabled_ssl_options_count @@ -400,7 +418,6 @@ count_true(enabled_ssl_options_count CURL_USE_OPENSSL CURL_USE_MBEDTLS CURL_USE_BEARSSL - CURL_USE_NSS CURL_USE_WOLFSSL ) if(enabled_ssl_options_count GREATER "1") @@ -409,34 +426,46 @@ endif() if(CURL_USE_SCHANNEL) set(SSL_ENABLED ON) - set(USE_SCHANNEL ON) # Windows native SSL/TLS support - set(USE_WINDOWS_SSPI ON) # CURL_USE_SCHANNEL implies CURL_WINDOWS_SSPI + set(USE_SCHANNEL ON) # Windows native SSL/TLS support + set(USE_WINDOWS_SSPI ON) # CURL_USE_SCHANNEL implies CURL_WINDOWS_SSPI + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "schannel") + set(valid_default_ssl_backend TRUE) + endif() endif() if(CURL_WINDOWS_SSPI) set(USE_WINDOWS_SSPI ON) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DSECURITY_WIN32") endif() if(CURL_USE_SECTRANSP) - set(use_core_foundation ON) + set(use_core_foundation_and_core_services ON) find_library(SECURITY_FRAMEWORK "Security") if(NOT SECURITY_FRAMEWORK) - message(FATAL_ERROR "Security framework not found") + message(FATAL_ERROR "Security framework not found") endif() set(SSL_ENABLED ON) set(USE_SECTRANSP ON) list(APPEND CURL_LIBS "-framework Security") + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "secure-transport") + set(valid_default_ssl_backend TRUE) + endif() endif() -if(use_core_foundation) +if(use_core_foundation_and_core_services) find_library(COREFOUNDATION_FRAMEWORK "CoreFoundation") + find_library(CORESERVICES_FRAMEWORK "CoreServices") + if(NOT COREFOUNDATION_FRAMEWORK) - message(FATAL_ERROR "CoreFoundation framework not found") + message(FATAL_ERROR "CoreFoundation framework not found") + endif() + if(NOT CORESERVICES_FRAMEWORK) + message(FATAL_ERROR "CoreServices framework not found") endif() - list(APPEND CURL_LIBS "-framework CoreFoundation") + list(APPEND CURL_LIBS "-framework CoreFoundation" "-framework CoreServices") endif() if(CURL_USE_OPENSSL) @@ -445,7 +474,7 @@ if(CURL_USE_OPENSSL) set(USE_OPENSSL ON) # Depend on OpenSSL via imported targets if supported by the running - # version of CMake. This allows our dependents to get our dependencies + # version of CMake. This allows our dependents to get our dependencies # transitively. if(NOT CMAKE_VERSION VERSION_LESS 3.4) list(APPEND CURL_LIBS OpenSSL::SSL OpenSSL::Crypto) @@ -453,20 +482,20 @@ if(CURL_USE_OPENSSL) list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES}) include_directories(${OPENSSL_INCLUDE_DIR}) endif() + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "openssl") - set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) - check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H) - check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H) - check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H) - check_include_file("openssl/ssl.h" HAVE_OPENSSL_SSL_H) - check_include_file("openssl/x509.h" HAVE_OPENSSL_X509_H) - check_include_file("openssl/rand.h" HAVE_OPENSSL_RAND_H) - check_symbol_exists(RAND_status "${CURL_INCLUDES}" HAVE_RAND_STATUS) - check_symbol_exists(RAND_screen "${CURL_INCLUDES}" HAVE_RAND_SCREEN) - check_symbol_exists(RAND_egd "${CURL_INCLUDES}" HAVE_RAND_EGD) + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "openssl") + set(valid_default_ssl_backend TRUE) + endif() + set(curl_ca_bundle_supported TRUE) - add_definitions(-DOPENSSL_SUPPRESS_DEPRECATED) + set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) + if(NOT DEFINED HAVE_BORINGSSL) + check_symbol_exists(OPENSSL_IS_BORINGSSL "openssl/base.h" HAVE_BORINGSSL) + endif() + if(NOT DEFINED HAVE_AWSLC) + check_symbol_exists(OPENSSL_IS_AWSLC "openssl/base.h" HAVE_AWSLC) + endif() endif() if(CURL_USE_MBEDTLS) @@ -474,7 +503,13 @@ if(CURL_USE_MBEDTLS) set(SSL_ENABLED ON) set(USE_MBEDTLS ON) list(APPEND CURL_LIBS ${MBEDTLS_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "mbedtls") include_directories(${MBEDTLS_INCLUDE_DIRS}) + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "mbedtls") + set(valid_default_ssl_backend TRUE) + endif() + set(curl_ca_bundle_supported TRUE) endif() if(CURL_USE_BEARSSL) @@ -483,6 +518,11 @@ if(CURL_USE_BEARSSL) set(USE_BEARSSL ON) list(APPEND CURL_LIBS ${BEARSSL_LIBRARY}) include_directories(${BEARSSL_INCLUDE_DIRS}) + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "bearssl") + set(valid_default_ssl_backend TRUE) + endif() + set(curl_ca_bundle_supported TRUE) endif() if(CURL_USE_WOLFSSL) @@ -490,60 +530,214 @@ if(CURL_USE_WOLFSSL) set(SSL_ENABLED ON) set(USE_WOLFSSL ON) list(APPEND CURL_LIBS ${WolfSSL_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "wolfssl") include_directories(${WolfSSL_INCLUDE_DIRS}) + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "wolfssl") + set(valid_default_ssl_backend TRUE) + endif() + set(curl_ca_bundle_supported TRUE) endif() -if(CURL_USE_NSS) - find_package(NSS REQUIRED) - include_directories(${NSS_INCLUDE_DIRS}) - list(APPEND CURL_LIBS ${NSS_LIBRARIES}) +if(CURL_USE_GNUTLS) + find_package(GnuTLS REQUIRED) + find_package(nettle REQUIRED) set(SSL_ENABLED ON) - set(USE_NSS ON) + set(USE_GNUTLS ON) + list(APPEND CURL_LIBS ${GNUTLS_LIBRARIES} ${NETTLE_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "gnutls" "nettle") + include_directories(${GNUTLS_INCLUDE_DIRS} ${NETTLE_INCLUDE_DIRS}) + + if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "gnutls") + set(valid_default_ssl_backend TRUE) + endif() + set(curl_ca_bundle_supported TRUE) + + if(NOT DEFINED HAVE_GNUTLS_SRP AND NOT CURL_DISABLE_SRP) + cmake_push_check_state() + set(CMAKE_REQUIRED_INCLUDES ${GNUTLS_INCLUDE_DIRS}) + set(CMAKE_REQUIRED_LIBRARIES ${GNUTLS_LIBRARIES}) + check_symbol_exists(gnutls_srp_verifier "gnutls/gnutls.h" HAVE_GNUTLS_SRP) + cmake_pop_check_state() + endif() +endif() + +if(CURL_DEFAULT_SSL_BACKEND AND NOT valid_default_ssl_backend) + message(FATAL_ERROR "CURL_DEFAULT_SSL_BACKEND '${CURL_DEFAULT_SSL_BACKEND}' not enabled.") +endif() + +# Keep ZLIB detection after TLS detection, +# and before calling openssl_check_symbol_exists(). + +set(HAVE_LIBZ OFF) +set(USE_ZLIB OFF) +optional_dependency(ZLIB) +if(ZLIB_FOUND) + set(HAVE_LIBZ ON) + set(USE_ZLIB ON) + + # Depend on ZLIB via imported targets if supported by the running + # version of CMake. This allows our dependents to get our dependencies + # transitively. + if(NOT CMAKE_VERSION VERSION_LESS 3.4) + list(APPEND CURL_LIBS ZLIB::ZLIB) + else() + list(APPEND CURL_LIBS ${ZLIB_LIBRARIES}) + include_directories(${ZLIB_INCLUDE_DIRS}) + endif() + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "zlib") + list(APPEND CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIRS}) +endif() + +option(CURL_BROTLI "Set to ON to enable building curl with brotli support." OFF) +set(HAVE_BROTLI OFF) +if(CURL_BROTLI) + find_package(Brotli REQUIRED) + if(BROTLI_FOUND) + set(HAVE_BROTLI ON) + list(APPEND CURL_LIBS ${BROTLI_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libbrotlidec") + include_directories(${BROTLI_INCLUDE_DIRS}) + list(APPEND CMAKE_REQUIRED_INCLUDES ${BROTLI_INCLUDE_DIRS}) + endif() +endif() + +option(CURL_ZSTD "Set to ON to enable building curl with zstd support." OFF) +set(HAVE_ZSTD OFF) +if(CURL_ZSTD) + find_package(Zstd REQUIRED) + if(Zstd_FOUND AND NOT Zstd_VERSION VERSION_LESS "1.0.0") + set(HAVE_ZSTD ON) + list(APPEND CURL_LIBS ${Zstd_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libzstd") + include_directories(${Zstd_INCLUDE_DIRS}) + else() + message(WARNING "zstd v1.0.0 or newer is required, disabling zstd support.") + endif() +endif() + +# Check symbol in an OpenSSL-like TLS backend, or in EXTRA_LIBS depending on it. +macro(openssl_check_symbol_exists SYMBOL FILES VARIABLE EXTRA_LIBS) cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES ${NSS_INCLUDE_DIRS}) - set(CMAKE_REQUIRED_LIBRARIES ${NSS_LIBRARIES}) - check_symbol_exists(PK11_CreateManagedGenericObject "pk11pub.h" HAVE_PK11_CREATEMANAGEDGENERICOBJECT) + if(USE_OPENSSL) + set(CMAKE_REQUIRED_INCLUDES "${OPENSSL_INCLUDE_DIR}") + set(CMAKE_REQUIRED_LIBRARIES "${OPENSSL_LIBRARIES}") + if(HAVE_LIBZ) + list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}") + endif() + if(WIN32) + list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32") + list(APPEND CMAKE_REQUIRED_LIBRARIES "bcrypt") # for OpenSSL/LibreSSL + endif() + elseif(USE_WOLFSSL) + set(CMAKE_REQUIRED_INCLUDES "${WolfSSL_INCLUDE_DIRS}") + set(CMAKE_REQUIRED_LIBRARIES "${WolfSSL_LIBRARIES}") + if(HAVE_LIBZ) + list(APPEND CMAKE_REQUIRED_INCLUDES "${ZLIB_INCLUDE_DIRS}") # Public wolfSSL headers require zlib headers + list(APPEND CMAKE_REQUIRED_LIBRARIES "${ZLIB_LIBRARIES}") + endif() + if(WIN32) + list(APPEND CMAKE_REQUIRED_LIBRARIES "ws2_32" "crypt32") + endif() + list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_UINTPTR_T) # to pull in stdint.h (as of wolfSSL v5.5.4) + endif() + if(NOT "${EXTRA_LIBS}" STREQUAL "") + list(APPEND CMAKE_REQUIRED_LIBRARIES "${EXTRA_LIBS}") + endif() + check_symbol_exists("${SYMBOL}" "${FILES}" "${VARIABLE}") cmake_pop_check_state() +endmacro() + +# Ensure that the OpenSSL fork actually supports QUIC. +macro(openssl_check_quic) + if(NOT DEFINED HAVE_SSL_CTX_SET_QUIC_METHOD) + if(USE_OPENSSL) + openssl_check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD "") + elseif(USE_WOLFSSL) + openssl_check_symbol_exists(wolfSSL_set_quic_method "wolfssl/options.h;wolfssl/openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD "") + endif() + endif() + if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD) + message(FATAL_ERROR "QUIC support is missing in OpenSSL fork. Try setting -DOPENSSL_ROOT_DIR") + endif() +endmacro() + +if(USE_WOLFSSL) + openssl_check_symbol_exists(wolfSSL_DES_ecb_encrypt "wolfssl/openssl/des.h" HAVE_WOLFSSL_DES_ECB_ENCRYPT "") + openssl_check_symbol_exists(wolfSSL_BIO_set_shutdown "wolfssl/ssl.h" HAVE_WOLFSSL_FULL_BIO "") +endif() + +if(USE_OPENSSL OR USE_WOLFSSL) + if(NOT DEFINED HAVE_SSL_SET0_WBIO) + openssl_check_symbol_exists(SSL_set0_wbio "openssl/ssl.h" HAVE_SSL_SET0_WBIO "") + endif() + if(NOT DEFINED HAVE_OPENSSL_SRP AND NOT CURL_DISABLE_SRP) + openssl_check_symbol_exists(SSL_CTX_set_srp_username "openssl/ssl.h" HAVE_OPENSSL_SRP "") + endif() +endif() + +option(USE_HTTPSRR "Enable HTTPS RR support for ECH (experimental)" OFF) +option(USE_ECH "Enable ECH support" OFF) +if(USE_ECH) + if(USE_OPENSSL OR USE_WOLFSSL) + # Be sure that the TLS library actually supports ECH. + if(NOT DEFINED HAVE_ECH) + if(USE_OPENSSL AND HAVE_BORINGSSL) + openssl_check_symbol_exists(SSL_set1_ech_config_list "openssl/ssl.h" HAVE_ECH "") + elseif(USE_OPENSSL) + openssl_check_symbol_exists(SSL_ech_set1_echconfig "openssl/ech.h" HAVE_ECH "") + elseif(USE_WOLFSSL) + openssl_check_symbol_exists(wolfSSL_CTX_GenerateEchConfig "wolfssl/options.h;wolfssl/ssl.h" HAVE_ECH "") + endif() + endif() + if(NOT HAVE_ECH) + message(FATAL_ERROR "ECH support missing in OpenSSL/BoringSSL/wolfSSL") + else() + message(STATUS "ECH enabled.") + endif() + else() + message(FATAL_ERROR "ECH requires ECH-enablded OpenSSL, BoringSSL or wolfSSL") + endif() endif() -option(USE_NGHTTP2 "Use Nghttp2 library" OFF) +option(USE_NGHTTP2 "Use nghttp2 library" OFF) if(USE_NGHTTP2) find_package(NGHTTP2 REQUIRED) include_directories(${NGHTTP2_INCLUDE_DIRS}) list(APPEND CURL_LIBS ${NGHTTP2_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libnghttp2") endif() -function(CheckQuicSupportInOpenSSL) - # Be sure that the OpenSSL library actually supports QUIC. - cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES "${OPENSSL_INCLUDE_DIR}") - set(CMAKE_REQUIRED_LIBRARIES "${OPENSSL_LIBRARIES}") - check_symbol_exists(SSL_CTX_set_quic_method "openssl/ssl.h" HAVE_SSL_CTX_SET_QUIC_METHOD) - if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD) - message(FATAL_ERROR "QUIC support is missing in OpenSSL/boringssl. Try setting -DOPENSSL_ROOT_DIR") - endif() - cmake_pop_check_state() -endfunction() - option(USE_NGTCP2 "Use ngtcp2 and nghttp3 libraries for HTTP/3 support" OFF) if(USE_NGTCP2) - if(USE_OPENSSL) - find_package(NGTCP2 REQUIRED OpenSSL) - CheckQuicSupportInOpenSSL() + if(USE_OPENSSL OR USE_WOLFSSL) + if(USE_WOLFSSL) + find_package(NGTCP2 REQUIRED wolfSSL) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libngtcp2_crypto_wolfssl") + elseif(HAVE_BORINGSSL OR HAVE_AWSLC) + find_package(NGTCP2 REQUIRED BoringSSL) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libngtcp2_crypto_boringssl") + else() + find_package(NGTCP2 REQUIRED quictls) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libngtcp2_crypto_quictls") + endif() + openssl_check_quic() elseif(USE_GNUTLS) - # TODO add GnuTLS support as vtls library. find_package(NGTCP2 REQUIRED GnuTLS) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libngtcp2_crypto_gnutls") else() - message(FATAL_ERROR "ngtcp2 requires OpenSSL or GnuTLS") + message(FATAL_ERROR "ngtcp2 requires OpenSSL, wolfSSL or GnuTLS") endif() set(USE_NGTCP2 ON) include_directories(${NGTCP2_INCLUDE_DIRS}) list(APPEND CURL_LIBS ${NGTCP2_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libngtcp2") find_package(NGHTTP3 REQUIRED) set(USE_NGHTTP3 ON) include_directories(${NGHTTP3_INCLUDE_DIRS}) list(APPEND CURL_LIBS ${NGHTTP3_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libnghttp3") endif() option(USE_QUICHE "Use quiche library for HTTP/3 support" OFF) @@ -552,46 +746,86 @@ if(USE_QUICHE) message(FATAL_ERROR "Only one HTTP/3 backend can be selected!") endif() find_package(QUICHE REQUIRED) - CheckQuicSupportInOpenSSL() + if(NOT HAVE_BORINGSSL) + message(FATAL_ERROR "quiche requires BoringSSL") + endif() + openssl_check_quic() set(USE_QUICHE ON) include_directories(${QUICHE_INCLUDE_DIRS}) list(APPEND CURL_LIBS ${QUICHE_LIBRARIES}) - cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES "${QUICHE_INCLUDE_DIRS}") - set(CMAKE_REQUIRED_LIBRARIES "${QUICHE_LIBRARIES}") - check_symbol_exists(quiche_conn_set_qlog_fd "quiche.h" HAVE_QUICHE_CONN_SET_QLOG_FD) - cmake_pop_check_state() + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "quiche") + if(NOT DEFINED HAVE_QUICHE_CONN_SET_QLOG_FD) + cmake_push_check_state() + set(CMAKE_REQUIRED_INCLUDES "${QUICHE_INCLUDE_DIRS}") + set(CMAKE_REQUIRED_LIBRARIES "${QUICHE_LIBRARIES}") + check_symbol_exists(quiche_conn_set_qlog_fd "quiche.h" HAVE_QUICHE_CONN_SET_QLOG_FD) + cmake_pop_check_state() + endif() +endif() + +option(USE_MSH3 "Use msquic library for HTTP/3 support" OFF) +if(USE_MSH3) + if(USE_NGTCP2 OR USE_QUICHE) + message(FATAL_ERROR "Only one HTTP/3 backend can be selected!") + endif() + set(USE_MSH3 ON) + include_directories(${MSH3_INCLUDE_DIRS}) + list(APPEND CURL_LIBS ${MSH3_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libmsh3") +endif() + +option(USE_OPENSSL_QUIC "Use openssl and nghttp3 libraries for HTTP/3 support" OFF) +if(USE_OPENSSL_QUIC) + if(USE_NGTCP2 OR USE_QUICHE OR USE_MSH3) + message(FATAL_ERROR "Only one HTTP/3 backend can be selected!") + endif() + find_package(OpenSSL 3.3.0 REQUIRED) + + find_package(NGHTTP3 REQUIRED) + set(USE_NGHTTP3 ON) + include_directories(${NGHTTP3_INCLUDE_DIRS}) + list(APPEND CURL_LIBS ${NGHTTP3_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libnghttp3") +endif() + +if(USE_MBEDTLS OR + USE_BEARSSL OR + USE_SECTRANSP) + message(WARNING "A selected TLS library does not support TLS 1.3.") +endif() + +if(CURL_WITH_MULTI_SSL AND (USE_NGTCP2 OR USE_QUICHE OR USE_MSH3 OR USE_OPENSSL_QUIC)) + message(FATAL_ERROR "MultiSSL cannot be enabled with HTTP/3 and vice versa.") +endif() + +if(NOT CURL_DISABLE_SRP AND (HAVE_GNUTLS_SRP OR HAVE_OPENSSL_SRP)) + set(USE_TLS_SRP 1) endif() if(NOT CURL_DISABLE_LDAP) - if(WIN32) + if(WIN32 AND NOT WINDOWS_STORE) option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON) if(USE_WIN32_LDAP) - check_library_exists_concat("wldap32" cldap_open HAVE_WLDAP32) - if(NOT HAVE_WLDAP32) - set(USE_WIN32_LDAP OFF) + list(APPEND CURL_LIBS "wldap32") + if(NOT CURL_DISABLE_LDAPS) + set(HAVE_LDAP_SSL ON) endif() endif() endif() - option(CURL_USE_OPENLDAP "Use OpenLDAP code." OFF) - mark_as_advanced(CURL_USE_OPENLDAP) set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library") set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library") - if(CURL_USE_OPENLDAP AND USE_WIN32_LDAP) - message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CURL_USE_OPENLDAP at the same time") - endif() - # Now that we know, we're not using windows LDAP... - if(USE_WIN32_LDAP) - check_include_file_concat("winldap.h" HAVE_WINLDAP_H) - check_include_file_concat("winber.h" HAVE_WINBER_H) - else() + if(NOT USE_WIN32_LDAP) # Check for LDAP set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) - check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP) - check_library_exists_concat(${CMAKE_LBER_LIB} ber_init HAVE_LIBLBER) + check_library_exists("${CMAKE_LDAP_LIB}" "ldap_init" "" HAVE_LIBLDAP) + if(HAVE_LIBLDAP) + check_library_exists("${CMAKE_LDAP_LIB};${CMAKE_LBER_LIB}" "ber_init" "" HAVE_LIBLBER) + else() + check_library_exists("${CMAKE_LBER_LIB}" "ber_init" "" HAVE_LIBLBER) + endif() set(CMAKE_REQUIRED_INCLUDES_BAK ${CMAKE_REQUIRED_INCLUDES}) set(CMAKE_LDAP_INCLUDE_DIR "" CACHE STRING "Path to LDAP include directory") @@ -610,15 +844,12 @@ if(NOT CURL_DISABLE_LDAP) set(CURL_DISABLE_LDAP ON CACHE BOOL "" FORCE) set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES_BAK}) #LDAP includes won't be used else() - if(CURL_USE_OPENLDAP) - set(USE_OPENLDAP ON) - endif() if(CMAKE_LDAP_INCLUDE_DIR) include_directories(${CMAKE_LDAP_INCLUDE_DIR}) endif() set(NEED_LBER_H ON) set(_HEADER_LIST) - if(HAVE_WINDOWS_H) + if(WIN32) list(APPEND _HEADER_LIST "windows.h") endif() if(HAVE_SYS_TYPES_H) @@ -626,13 +857,20 @@ if(NOT CURL_DISABLE_LDAP) endif() list(APPEND _HEADER_LIST "ldap.h") - set(_SRC_STRING "") + set(_INCLUDE_STRING "") foreach(_HEADER ${_HEADER_LIST}) set(_INCLUDE_STRING "${_INCLUDE_STRING}#include <${_HEADER}>\n") endforeach() - set(_SRC_STRING - " + list(APPEND CMAKE_REQUIRED_DEFINITIONS -DLDAP_DEPRECATED=1) + list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) + set(CURL_LIBS "${CMAKE_LDAP_LIB};${CURL_LIBS}") + if(HAVE_LIBLBER) + list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) + set(CURL_LIBS "${CMAKE_LBER_LIB};${CURL_LIBS}") + endif() + + check_c_source_compiles(" ${_INCLUDE_STRING} int main(int argc, char ** argv) { @@ -640,21 +878,27 @@ if(NOT CURL_DISABLE_LDAP) BerElement *bep = ber_init(bvp); ber_free(bep, 1); return 0; - }" - ) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1") - list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) - if(HAVE_LIBLBER) - list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) - endif() - check_c_source_compiles("${_SRC_STRING}" NOT_NEED_LBER_H) - unset(CMAKE_REQUIRED_LIBRARIES) - + }" NOT_NEED_LBER_H) if(NOT_NEED_LBER_H) set(NEED_LBER_H OFF) else() set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DNEED_LBER_H") endif() + + check_function_exists(ldap_url_parse HAVE_LDAP_URL_PARSE) + check_function_exists(ldap_init_fd HAVE_LDAP_INIT_FD) + + unset(CMAKE_REQUIRED_LIBRARIES) + + check_include_file("ldap_ssl.h" HAVE_LDAP_SSL_H) + + if(HAVE_LDAP_INIT_FD) + set(USE_OPENLDAP ON) + add_definitions("-DLDAP_DEPRECATED=1") + endif() + if(NOT CURL_DISABLE_LDAPS) + set(HAVE_LDAP_SSL ON) + endif() endif() endif() endif() @@ -667,117 +911,118 @@ if(CURL_DISABLE_LDAP) endif() endif() -if(NOT CURL_DISABLE_LDAPS) - check_include_file_concat("ldap_ssl.h" HAVE_LDAP_SSL_H) - check_include_file_concat("ldapssl.h" HAVE_LDAPSSL_H) -endif() - -# Check for idn +# Check for idn2 option(USE_LIBIDN2 "Use libidn2 for IDN support" ON) -set(HAVE_LIBIDN2 OFF) if(USE_LIBIDN2) - check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2) + check_library_exists("idn2" "idn2_lookup_ul" "" HAVE_LIBIDN2) + if(HAVE_LIBIDN2) + set(LIBIDN2_LINK_LIBRARIES "idn2") + check_include_file_concat("idn2.h" HAVE_IDN2_H) + endif() + if(NOT HAVE_LIBIDN2 OR NOT HAVE_IDN2_H) + find_package(PkgConfig QUIET) + pkg_check_modules(LIBIDN2 "libidn2") + if(LIBIDN2_FOUND) + include_directories(${LIBIDN2_INCLUDE_DIRS}) + set(HAVE_LIBIDN2 ON) + set(HAVE_IDN2_H ON) + endif() + endif() + if(HAVE_LIBIDN2 AND HAVE_IDN2_H) + set(CURL_LIBS "${LIBIDN2_LINK_LIBRARIES};${CURL_LIBS}") + set(LIBCURL_PC_REQUIRES_PRIVATE "libidn2;${LIBCURL_PC_REQUIRES_PRIVATE}") + endif() +else() + set(HAVE_LIBIDN2 OFF) endif() if(WIN32) option(USE_WIN32_IDN "Use WinIDN for IDN support" OFF) if(USE_WIN32_IDN) - list(APPEND CURL_LIBS "Normaliz") - set(WANT_IDN_PROTOTYPES ON) + list(APPEND CURL_LIBS "normaliz") endif() endif() -# Check for symbol dlopen (same as HAVE_LIBDL) -check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN) - -set(HAVE_LIBZ OFF) -set(HAVE_ZLIB_H OFF) -set(USE_ZLIB OFF) -optional_dependency(ZLIB) -if(ZLIB_FOUND) - set(HAVE_ZLIB_H ON) - set(HAVE_LIBZ ON) - set(USE_ZLIB ON) - - # Depend on ZLIB via imported targets if supported by the running - # version of CMake. This allows our dependents to get our dependencies - # transitively. - if(NOT CMAKE_VERSION VERSION_LESS 3.4) - list(APPEND CURL_LIBS ZLIB::ZLIB) - else() - list(APPEND CURL_LIBS ${ZLIB_LIBRARIES}) - include_directories(${ZLIB_INCLUDE_DIRS}) +if(APPLE) + option(USE_APPLE_IDN "Use Apple built-in IDN support" OFF) + if(USE_APPLE_IDN) + cmake_push_check_state() + set(CMAKE_REQUIRED_LIBRARIES "icucore") + check_symbol_exists("uidna_openUTS46" "unicode/uidna.h" HAVE_APPLE_IDN) + cmake_pop_check_state() + if(HAVE_APPLE_IDN) + list(APPEND CURL_LIBS "icucore") + else() + set(USE_APPLE_IDN OFF) + endif() endif() - list(APPEND CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIRS}) endif() -option(CURL_BROTLI "Set to ON to enable building curl with brotli support." OFF) -set(HAVE_BROTLI OFF) -if(CURL_BROTLI) - find_package(Brotli QUIET) - if(BROTLI_FOUND) - set(HAVE_BROTLI ON) - list(APPEND CURL_LIBS ${BROTLI_LIBRARIES}) - include_directories(${BROTLI_INCLUDE_DIRS}) - list(APPEND CMAKE_REQUIRED_INCLUDES ${BROTLI_INCLUDE_DIRS}) - endif() -endif() +# libpsl +option(CURL_USE_LIBPSL "Use libpsl" ON) +mark_as_advanced(CURL_USE_LIBPSL) +set(USE_LIBPSL OFF) -option(CURL_ZSTD "Set to ON to enable building curl with zstd support." OFF) -set(HAVE_ZSTD OFF) -if(CURL_ZSTD) - find_package(Zstd REQUIRED) - cmake_push_check_state() - set(CMAKE_REQUIRED_INCLUDES ${Zstd_INCLUDE_DIRS}) - set(CMAKE_REQUIRED_LIBRARIES ${Zstd_LIBRARIES}) - check_symbol_exists(ZSTD_createDStream "zstd.h" HAVE_ZSTD_CREATEDSTREAM) - cmake_pop_check_state() - if(Zstd_FOUND AND HAVE_ZSTD_CREATEDSTREAM) - set(HAVE_ZSTD ON) - list(APPEND CURL_LIBS ${Zstd_LIBRARIES}) - include_directories(${Zstd_INCLUDE_DIRS}) +if(CURL_USE_LIBPSL) + find_package(LibPSL) + if(LIBPSL_FOUND) + list(APPEND CURL_LIBS ${LIBPSL_LIBRARY}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libpsl") + list(APPEND CMAKE_REQUIRED_INCLUDES "${LIBPSL_INCLUDE_DIR}") + include_directories("${LIBPSL_INCLUDE_DIR}") + set(USE_LIBPSL ON) endif() endif() -#libSSH2 -option(CURL_USE_LIBSSH2 "Use libSSH2" ON) +# libssh2 +option(CURL_USE_LIBSSH2 "Use libssh2" ON) mark_as_advanced(CURL_USE_LIBSSH2) set(USE_LIBSSH2 OFF) -set(HAVE_LIBSSH2 OFF) -set(HAVE_LIBSSH2_H OFF) if(CURL_USE_LIBSSH2) find_package(LibSSH2) if(LIBSSH2_FOUND) list(APPEND CURL_LIBS ${LIBSSH2_LIBRARY}) - set(CMAKE_REQUIRED_LIBRARIES ${LIBSSH2_LIBRARY}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libssh2") list(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSH2_INCLUDE_DIR}") include_directories("${LIBSSH2_INCLUDE_DIR}") - set(HAVE_LIBSSH2 ON) set(USE_LIBSSH2 ON) - - # find_package has already found the headers - set(HAVE_LIBSSH2_H ON) - set(CURL_INCLUDES ${CURL_INCLUDES} "${LIBSSH2_INCLUDE_DIR}/libssh2.h") - set(CURL_TEST_DEFINES "${CURL_TEST_DEFINES} -DHAVE_LIBSSH2_H") - unset(CMAKE_REQUIRED_LIBRARIES) endif() endif() # libssh -option(CURL_USE_LIBSSH "Use libSSH" OFF) +option(CURL_USE_LIBSSH "Use libssh" OFF) mark_as_advanced(CURL_USE_LIBSSH) -if(NOT HAVE_LIBSSH2 AND CURL_USE_LIBSSH) - find_package(libssh CONFIG) +if(NOT USE_LIBSSH2 AND CURL_USE_LIBSSH) + find_package(libssh CONFIG QUIET) if(libssh_FOUND) message(STATUS "Found libssh ${libssh_VERSION}") - # Use imported target for include and library paths. - list(APPEND CURL_LIBS ssh) + else() + find_package(PkgConfig QUIET) + pkg_check_modules(LIBSSH "libssh") + if(LIBSSH_FOUND) + include_directories(${LIBSSH_INCLUDE_DIRS}) + endif() + endif() + if(libssh_FOUND OR LIBSSH_FOUND) + if(NOT DEFINED LIBSSH_LINK_LIBRARIES) + set(LIBSSH_LINK_LIBRARIES "ssh") # for find_package() with broken pkg-config (e.g. linux-old CI workflow) + endif() + list(APPEND CURL_LIBS ${LIBSSH_LINK_LIBRARIES}) + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "libssh") set(USE_LIBSSH ON) - set(HAVE_LIBSSH_LIBSSH_H 1) endif() endif() +option(CURL_USE_GSASL "Use GSASL implementation" OFF) +mark_as_advanced(CURL_USE_GSASL) +if(CURL_USE_GSASL) + find_package(PkgConfig REQUIRED) + pkg_check_modules(GSASL REQUIRED libgsasl) + list(APPEND CURL_LIBS ${GSASL_LINK_LIBRARIES}) + set(USE_GSASL ON) +endif() + option(CURL_USE_GSSAPI "Use GSSAPI implementation (right now only Heimdal is supported with CMake build)" OFF) mark_as_advanced(CURL_USE_GSSAPI) @@ -794,10 +1039,8 @@ if(CURL_USE_GSSAPI) check_include_file_concat("gssapi/gssapi_generic.h" HAVE_GSSAPI_GSSAPI_GENERIC_H) check_include_file_concat("gssapi/gssapi_krb5.h" HAVE_GSSAPI_GSSAPI_KRB5_H) - if(GSS_FLAVOUR STREQUAL "Heimdal") - set(HAVE_GSSHEIMDAL ON) - else() # MIT - set(HAVE_GSSMIT ON) + if(NOT GSS_FLAVOUR STREQUAL "Heimdal") + # MIT set(_INCLUDE_LIST "") if(HAVE_GSSAPI_GSSAPI_H) list(APPEND _INCLUDE_LIST "gssapi/gssapi.h") @@ -816,29 +1059,53 @@ if(CURL_USE_GSSAPI) set(_LINKER_FLAGS_STR "${_LINKER_FLAGS_STR} -L\"${_dir}\"") endforeach() - set(CMAKE_REQUIRED_FLAGS "${_COMPILER_FLAGS_STR} ${_LINKER_FLAGS_STR}") - set(CMAKE_REQUIRED_LIBRARIES ${GSS_LIBRARIES}) - check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" ${_INCLUDE_LIST} HAVE_GSS_C_NT_HOSTBASED_SERVICE) + if(NOT DEFINED HAVE_GSS_C_NT_HOSTBASED_SERVICE) + set(CMAKE_REQUIRED_FLAGS "${_COMPILER_FLAGS_STR} ${_LINKER_FLAGS_STR}") + set(CMAKE_REQUIRED_LIBRARIES ${GSS_LIBRARIES}) + check_symbol_exists("GSS_C_NT_HOSTBASED_SERVICE" ${_INCLUDE_LIST} HAVE_GSS_C_NT_HOSTBASED_SERVICE) + unset(CMAKE_REQUIRED_LIBRARIES) + endif() if(NOT HAVE_GSS_C_NT_HOSTBASED_SERVICE) set(HAVE_OLD_GSSMIT ON) endif() - unset(CMAKE_REQUIRED_LIBRARIES) - endif() include_directories(${GSS_INCLUDE_DIR}) link_directories(${GSS_LINK_DIRECTORIES}) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${GSS_COMPILER_FLAGS}") + string(REPLACE ";" " " GSS_LINKER_FLAGS "${GSS_LINKER_FLAGS}") set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") - set(CMAKE_STATIC_LINKER_FLAGS "${CMAKE_STATIC_LINKER_FLAGS} ${GSS_LINKER_FLAGS}") list(APPEND CURL_LIBS ${GSS_LIBRARIES}) - + if(GSS_FLAVOUR STREQUAL "MIT") + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "mit-krb5-gssapi") + endif() else() message(WARNING "GSSAPI support has been requested but no supporting libraries found. Skipping.") endif() endif() +option(USE_LIBRTMP "Enable librtmp from rtmpdump" OFF) +if(USE_LIBRTMP) + cmake_push_check_state() + set(_extra_libs "rtmp") + if(WIN32) + list(APPEND _extra_libs "winmm") + endif() + openssl_check_symbol_exists("RTMP_Init" "librtmp/rtmp.h" HAVE_LIBRTMP "${_extra_libs}") + cmake_pop_check_state() + if(HAVE_LIBRTMP) + list(APPEND CURL_LIBS "rtmp") + list(APPEND LIBCURL_PC_REQUIRES_PRIVATE "librtmp") + if(WIN32) + list(APPEND CURL_LIBS "winmm") + endif() + else() + message(WARNING "librtmp requested, but not found or missing OpenSSL. Skipping.") + set(USE_LIBRTMP OFF) + endif() +endif() + option(ENABLE_UNIX_SOCKETS "Define if you want Unix domain sockets support" ON) if(ENABLE_UNIX_SOCKETS) include(CheckStructHasMember) @@ -851,93 +1118,125 @@ else() unset(USE_UNIX_SOCKETS CACHE) endif() - # # CA handling # -set(CURL_CA_BUNDLE "auto" CACHE STRING - "Path to the CA bundle. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") -set(CURL_CA_FALLBACK OFF CACHE BOOL - "Set ON to use built-in CA store of TLS backend. Defaults to OFF") -set(CURL_CA_PATH "auto" CACHE STRING - "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") - -if("${CURL_CA_BUNDLE}" STREQUAL "") - message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or file path.") -elseif("${CURL_CA_BUNDLE}" STREQUAL "none") - unset(CURL_CA_BUNDLE CACHE) -elseif("${CURL_CA_BUNDLE}" STREQUAL "auto") - unset(CURL_CA_BUNDLE CACHE) - set(CURL_CA_BUNDLE_AUTODETECT TRUE) -else() - set(CURL_CA_BUNDLE_SET TRUE) -endif() - -if("${CURL_CA_PATH}" STREQUAL "") - message(FATAL_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or directory path.") -elseif("${CURL_CA_PATH}" STREQUAL "none") - unset(CURL_CA_PATH CACHE) -elseif("${CURL_CA_PATH}" STREQUAL "auto") - unset(CURL_CA_PATH CACHE) - if(NOT USE_NSS) - set(CURL_CA_PATH_AUTODETECT TRUE) +if(curl_ca_bundle_supported) + set(CURL_CA_BUNDLE "auto" CACHE STRING + "Path to the CA bundle. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") + set(CURL_CA_FALLBACK OFF CACHE BOOL + "Set ON to use built-in CA store of TLS backend. Defaults to OFF") + set(CURL_CA_PATH "auto" CACHE STRING + "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") + + if(CURL_CA_BUNDLE STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_BUNDLE. Use 'none', 'auto' or file path.") + elseif(CURL_CA_BUNDLE STREQUAL "none") + unset(CURL_CA_BUNDLE CACHE) + elseif(CURL_CA_BUNDLE STREQUAL "auto") + unset(CURL_CA_BUNDLE CACHE) + if(NOT CMAKE_CROSSCOMPILING AND NOT WIN32) + set(CURL_CA_BUNDLE_AUTODETECT TRUE) + endif() + else() + set(CURL_CA_BUNDLE_SET TRUE) endif() -else() - set(CURL_CA_PATH_SET TRUE) -endif() - -if(CURL_CA_BUNDLE_SET AND CURL_CA_PATH_AUTODETECT) - # Skip autodetection of unset CA path because CA bundle is set explicitly -elseif(CURL_CA_PATH_SET AND CURL_CA_BUNDLE_AUTODETECT) - # Skip autodetection of unset CA bundle because CA path is set explicitly -elseif(CURL_CA_PATH_AUTODETECT OR CURL_CA_BUNDLE_AUTODETECT) - # first try autodetecting a CA bundle, then a CA path - - if(CURL_CA_BUNDLE_AUTODETECT) - set(SEARCH_CA_BUNDLE_PATHS - /etc/ssl/certs/ca-certificates.crt - /etc/pki/tls/certs/ca-bundle.crt - /usr/share/ssl/certs/ca-bundle.crt - /usr/local/share/certs/ca-root-nss.crt - /etc/ssl/cert.pem) - - foreach(SEARCH_CA_BUNDLE_PATH ${SEARCH_CA_BUNDLE_PATHS}) - if(EXISTS "${SEARCH_CA_BUNDLE_PATH}") - message(STATUS "Found CA bundle: ${SEARCH_CA_BUNDLE_PATH}") - set(CURL_CA_BUNDLE "${SEARCH_CA_BUNDLE_PATH}" CACHE STRING - "Path to the CA bundle. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") - set(CURL_CA_BUNDLE_SET TRUE CACHE BOOL "Path to the CA bundle has been set") - break() - endif() - endforeach() + + if(CURL_CA_PATH STREQUAL "") + message(FATAL_ERROR "Invalid value of CURL_CA_PATH. Use 'none', 'auto' or directory path.") + elseif(CURL_CA_PATH STREQUAL "none") + unset(CURL_CA_PATH CACHE) + elseif(CURL_CA_PATH STREQUAL "auto") + unset(CURL_CA_PATH CACHE) + if(NOT CMAKE_CROSSCOMPILING AND NOT WIN32) + set(CURL_CA_PATH_AUTODETECT TRUE) + endif() + else() + set(CURL_CA_PATH_SET TRUE) endif() - if(CURL_CA_PATH_AUTODETECT AND (NOT CURL_CA_PATH_SET)) - if(EXISTS "/etc/ssl/certs") - set(CURL_CA_PATH "/etc/ssl/certs" CACHE STRING - "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") - set(CURL_CA_PATH_SET TRUE CACHE BOOL "Path to the CA bundle has been set") + if(CURL_CA_BUNDLE_SET AND CURL_CA_PATH_AUTODETECT) + # Skip auto-detection of unset CA path because CA bundle is set explicitly + elseif(CURL_CA_PATH_SET AND CURL_CA_BUNDLE_AUTODETECT) + # Skip auto-detection of unset CA bundle because CA path is set explicitly + elseif(CURL_CA_BUNDLE_AUTODETECT OR CURL_CA_PATH_AUTODETECT) + # First try auto-detecting a CA bundle, then a CA path + + if(CURL_CA_BUNDLE_AUTODETECT) + foreach(SEARCH_CA_BUNDLE_PATH IN ITEMS + "/etc/ssl/certs/ca-certificates.crt" + "/etc/pki/tls/certs/ca-bundle.crt" + "/usr/share/ssl/certs/ca-bundle.crt" + "/usr/local/share/certs/ca-root-nss.crt" + "/etc/ssl/cert.pem") + if(EXISTS "${SEARCH_CA_BUNDLE_PATH}") + message(STATUS "Found CA bundle: ${SEARCH_CA_BUNDLE_PATH}") + set(CURL_CA_BUNDLE "${SEARCH_CA_BUNDLE_PATH}" CACHE STRING + "Path to the CA bundle. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") + set(CURL_CA_BUNDLE_SET TRUE CACHE BOOL "Path to the CA bundle has been set") + break() + endif() + endforeach() + endif() + + if(CURL_CA_PATH_AUTODETECT AND NOT CURL_CA_PATH_SET) + set(SEARCH_CA_PATH "/etc/ssl/certs") + file(GLOB curl_ca_files_found "${SEARCH_CA_PATH}/[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f].0") + if(curl_ca_files_found) + unset(curl_ca_files_found) + message(STATUS "Found CA path: ${SEARCH_CA_PATH}") + set(CURL_CA_PATH "${SEARCH_CA_PATH}" CACHE STRING + "Location of default CA path. Set 'none' to disable or 'auto' for auto-detection. Defaults to 'auto'.") + set(CURL_CA_PATH_SET TRUE CACHE BOOL "Path to the CA bundle has been set") + endif() endif() endif() endif() -if(CURL_CA_PATH_SET AND NOT USE_OPENSSL AND NOT USE_MBEDTLS) - message(STATUS - "CA path only supported by OpenSSL, GnuTLS or mbed TLS. " - "Set CURL_CA_PATH=none or enable one of those TLS backends.") +# Check for header files +if(WIN32) + set(CURL_INCLUDES ${CURL_INCLUDES} "winsock2.h") + set(CURL_INCLUDES ${CURL_INCLUDES} "ws2tcpip.h") + set(CURL_INCLUDES ${CURL_INCLUDES} "windows.h") endif() -# Check for header files -if(NOT UNIX) - check_include_file_concat("windows.h" HAVE_WINDOWS_H) - check_include_file_concat("ws2tcpip.h" HAVE_WS2TCPIP_H) - check_include_file_concat("winsock2.h" HAVE_WINSOCK2_H) - check_include_file_concat("wincrypt.h" HAVE_WINCRYPT_H) +if(WIN32) + # detect actual value of _WIN32_WINNT and store as HAVE_WIN32_WINNT + curl_internal_test(HAVE_WIN32_WINNT) + if(HAVE_WIN32_WINNT) + string(REGEX MATCH ".*_WIN32_WINNT=0x[0-9a-fA-F]+" OUTPUT "${OUTPUT}") + string(REGEX REPLACE ".*_WIN32_WINNT=" "" OUTPUT "${OUTPUT}") + string(REGEX REPLACE "0x([0-9a-f][0-9a-f][0-9a-f])$" "0x0\\1" OUTPUT "${OUTPUT}") # pad to 4 digits + string(TOLOWER "${OUTPUT}" HAVE_WIN32_WINNT) + message(STATUS "Found _WIN32_WINNT=${HAVE_WIN32_WINNT}") + endif() + # avoid storing HAVE_WIN32_WINNT in CMake cache + unset(HAVE_WIN32_WINNT CACHE) + + if(HAVE_WIN32_WINNT) + if(HAVE_WIN32_WINNT STRLESS "0x0501") + # Windows XP is required for freeaddrinfo, getaddrinfo + message(FATAL_ERROR "Building for Windows XP or newer is required.") + endif() + + # pre-fill detection results based on target OS version + if(MINGW OR MSVC) + if(HAVE_WIN32_WINNT STRLESS "0x0600") + set(HAVE_INET_NTOP 0) + set(HAVE_INET_PTON 0) + else() # Windows Vista or newer + set(HAVE_INET_NTOP 1) + set(HAVE_INET_PTON 1) + endif() + unset(HAVE_INET_NTOP CACHE) + unset(HAVE_INET_PTON CACHE) + endif() + endif() endif() -check_include_file_concat("stdio.h" HAVE_STDIO_H) -check_include_file_concat("inttypes.h" HAVE_INTTYPES_H) +check_include_file_concat("sys/eventfd.h" HAVE_SYS_EVENTFD_H) check_include_file_concat("sys/filio.h" HAVE_SYS_FILIO_H) +check_include_file_concat("sys/wait.h" HAVE_SYS_WAIT_H) check_include_file_concat("sys/ioctl.h" HAVE_SYS_IOCTL_H) check_include_file_concat("sys/param.h" HAVE_SYS_PARAM_H) check_include_file_concat("sys/poll.h" HAVE_SYS_POLL_H) @@ -948,67 +1247,42 @@ check_include_file_concat("sys/sockio.h" HAVE_SYS_SOCKIO_H) check_include_file_concat("sys/stat.h" HAVE_SYS_STAT_H) check_include_file_concat("sys/time.h" HAVE_SYS_TIME_H) check_include_file_concat("sys/types.h" HAVE_SYS_TYPES_H) -check_include_file_concat("sys/uio.h" HAVE_SYS_UIO_H) check_include_file_concat("sys/un.h" HAVE_SYS_UN_H) check_include_file_concat("sys/utime.h" HAVE_SYS_UTIME_H) check_include_file_concat("sys/xattr.h" HAVE_SYS_XATTR_H) -check_include_file_concat("alloca.h" HAVE_ALLOCA_H) check_include_file_concat("arpa/inet.h" HAVE_ARPA_INET_H) -check_include_file_concat("arpa/tftp.h" HAVE_ARPA_TFTP_H) -check_include_file_concat("assert.h" HAVE_ASSERT_H) -check_include_file_concat("errno.h" HAVE_ERRNO_H) +check_include_file_concat("dirent.h" HAVE_DIRENT_H) check_include_file_concat("fcntl.h" HAVE_FCNTL_H) -check_include_file_concat("idn2.h" HAVE_IDN2_H) check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H) check_include_file_concat("io.h" HAVE_IO_H) -check_include_file_concat("krb.h" HAVE_KRB_H) check_include_file_concat("libgen.h" HAVE_LIBGEN_H) check_include_file_concat("locale.h" HAVE_LOCALE_H) check_include_file_concat("net/if.h" HAVE_NET_IF_H) check_include_file_concat("netdb.h" HAVE_NETDB_H) check_include_file_concat("netinet/in.h" HAVE_NETINET_IN_H) check_include_file_concat("netinet/tcp.h" HAVE_NETINET_TCP_H) +check_include_file_concat("netinet/udp.h" HAVE_NETINET_UDP_H) check_include_file("linux/tcp.h" HAVE_LINUX_TCP_H) -check_include_file_concat("pem.h" HAVE_PEM_H) check_include_file_concat("poll.h" HAVE_POLL_H) check_include_file_concat("pwd.h" HAVE_PWD_H) -check_include_file_concat("setjmp.h" HAVE_SETJMP_H) -check_include_file_concat("signal.h" HAVE_SIGNAL_H) -check_include_file_concat("ssl.h" HAVE_SSL_H) +check_include_file_concat("stdatomic.h" HAVE_STDATOMIC_H) check_include_file_concat("stdbool.h" HAVE_STDBOOL_H) -check_include_file_concat("stdint.h" HAVE_STDINT_H) -check_include_file_concat("stdio.h" HAVE_STDIO_H) -check_include_file_concat("stdlib.h" HAVE_STDLIB_H) -check_include_file_concat("string.h" HAVE_STRING_H) check_include_file_concat("strings.h" HAVE_STRINGS_H) check_include_file_concat("stropts.h" HAVE_STROPTS_H) check_include_file_concat("termio.h" HAVE_TERMIO_H) check_include_file_concat("termios.h" HAVE_TERMIOS_H) -check_include_file_concat("time.h" HAVE_TIME_H) check_include_file_concat("unistd.h" HAVE_UNISTD_H) check_include_file_concat("utime.h" HAVE_UTIME_H) -check_include_file_concat("x509.h" HAVE_X509_H) - -check_include_file_concat("process.h" HAVE_PROCESS_H) -check_include_file_concat("stddef.h" HAVE_STDDEF_H) -check_include_file_concat("dlfcn.h" HAVE_DLFCN_H) -check_include_file_concat("malloc.h" HAVE_MALLOC_H) -check_include_file_concat("memory.h" HAVE_MEMORY_H) -check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H) -check_include_file_concat("stdint.h" HAVE_STDINT_H) -check_include_file_concat("sockio.h" HAVE_SOCKIO_H) -check_include_file_concat("sys/utsname.h" HAVE_SYS_UTSNAME_H) check_type_size(size_t SIZEOF_SIZE_T) check_type_size(ssize_t SIZEOF_SSIZE_T) check_type_size("long long" SIZEOF_LONG_LONG) check_type_size("long" SIZEOF_LONG) -check_type_size("short" SIZEOF_SHORT) check_type_size("int" SIZEOF_INT) check_type_size("__int64" SIZEOF___INT64) -check_type_size("long double" SIZEOF_LONG_DOUBLE) check_type_size("time_t" SIZEOF_TIME_T) +check_type_size("suseconds_t" SIZEOF_SUSECONDS_T) if(NOT HAVE_SIZEOF_SSIZE_T) if(SIZEOF_LONG EQUAL SIZEOF_SIZE_T) set(ssize_t long) @@ -1019,72 +1293,71 @@ if(NOT HAVE_SIZEOF_SSIZE_T) endif() # off_t is sized later, after the HAVE_FILE_OFFSET_BITS test -if(HAVE_SIZEOF_LONG_LONG) +if(SIZEOF_LONG_LONG) set(HAVE_LONGLONG 1) - set(HAVE_LL 1) +endif() +if(SIZEOF_SUSECONDS_T) + set(HAVE_SUSECONDS_T 1) endif() -find_file(RANDOM_FILE urandom /dev) -mark_as_advanced(RANDOM_FILE) +if(NOT CMAKE_CROSSCOMPILING) + find_file(RANDOM_FILE urandom /dev) + mark_as_advanced(RANDOM_FILE) +endif() # Check for some functions that are used -if(HAVE_LIBWS2_32) +if(WIN32) set(CMAKE_REQUIRED_LIBRARIES ws2_32) elseif(HAVE_LIBSOCKET) set(CMAKE_REQUIRED_LIBRARIES socket) endif() -check_symbol_exists(basename "${CURL_INCLUDES}" HAVE_BASENAME) +check_symbol_exists(fnmatch "${CURL_INCLUDES};fnmatch.h" HAVE_FNMATCH) +check_symbol_exists(basename "${CURL_INCLUDES};string.h" HAVE_BASENAME) +check_symbol_exists(opendir "${CURL_INCLUDES};dirent.h" HAVE_OPENDIR) check_symbol_exists(socket "${CURL_INCLUDES}" HAVE_SOCKET) +check_symbol_exists(sched_yield "${CURL_INCLUDES};sched.h" HAVE_SCHED_YIELD) +check_symbol_exists(socketpair "${CURL_INCLUDES}" HAVE_SOCKETPAIR) +check_symbol_exists(recv "${CURL_INCLUDES}" HAVE_RECV) +check_symbol_exists(send "${CURL_INCLUDES}" HAVE_SEND) +check_symbol_exists(sendmsg "${CURL_INCLUDES}" HAVE_SENDMSG) check_symbol_exists(select "${CURL_INCLUDES}" HAVE_SELECT) -check_symbol_exists(poll "${CURL_INCLUDES}" HAVE_POLL) -check_symbol_exists(strdup "${CURL_INCLUDES}" HAVE_STRDUP) -check_symbol_exists(strstr "${CURL_INCLUDES}" HAVE_STRSTR) -check_symbol_exists(strtok_r "${CURL_INCLUDES}" HAVE_STRTOK_R) -check_symbol_exists(strftime "${CURL_INCLUDES}" HAVE_STRFTIME) -check_symbol_exists(uname "${CURL_INCLUDES}" HAVE_UNAME) -check_symbol_exists(strcasecmp "${CURL_INCLUDES}" HAVE_STRCASECMP) -check_symbol_exists(stricmp "${CURL_INCLUDES}" HAVE_STRICMP) -check_symbol_exists(strcmpi "${CURL_INCLUDES}" HAVE_STRCMPI) -check_symbol_exists(strncmpi "${CURL_INCLUDES}" HAVE_STRNCMPI) +check_symbol_exists(strdup "${CURL_INCLUDES};string.h" HAVE_STRDUP) +check_symbol_exists(strtok_r "${CURL_INCLUDES};string.h" HAVE_STRTOK_R) +check_symbol_exists(strcasecmp "${CURL_INCLUDES};string.h" HAVE_STRCASECMP) +check_symbol_exists(stricmp "${CURL_INCLUDES};string.h" HAVE_STRICMP) +check_symbol_exists(strcmpi "${CURL_INCLUDES};string.h" HAVE_STRCMPI) +check_symbol_exists(memrchr "${CURL_INCLUDES};string.h" HAVE_MEMRCHR) check_symbol_exists(alarm "${CURL_INCLUDES}" HAVE_ALARM) -if(NOT HAVE_STRNCMPI) - set(HAVE_STRCMPI) -endif() +check_symbol_exists(arc4random "${CURL_INCLUDES};stdlib.h" HAVE_ARC4RANDOM) +check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL) check_symbol_exists(getppid "${CURL_INCLUDES}" HAVE_GETPPID) check_symbol_exists(utimes "${CURL_INCLUDES}" HAVE_UTIMES) check_symbol_exists(gettimeofday "${CURL_INCLUDES}" HAVE_GETTIMEOFDAY) -check_symbol_exists(inet_addr "${CURL_INCLUDES}" HAVE_INET_ADDR) check_symbol_exists(closesocket "${CURL_INCLUDES}" HAVE_CLOSESOCKET) -check_symbol_exists(sigsetjmp "${CURL_INCLUDES}" HAVE_SIGSETJMP) +check_symbol_exists(sigsetjmp "${CURL_INCLUDES};setjmp.h" HAVE_SIGSETJMP) check_symbol_exists(getpass_r "${CURL_INCLUDES}" HAVE_GETPASS_R) check_symbol_exists(getpwuid "${CURL_INCLUDES}" HAVE_GETPWUID) check_symbol_exists(getpwuid_r "${CURL_INCLUDES}" HAVE_GETPWUID_R) check_symbol_exists(geteuid "${CURL_INCLUDES}" HAVE_GETEUID) -check_symbol_exists(usleep "${CURL_INCLUDES}" HAVE_USLEEP) check_symbol_exists(utime "${CURL_INCLUDES}" HAVE_UTIME) -check_symbol_exists(gmtime_r "${CURL_INCLUDES}" HAVE_GMTIME_R) -check_symbol_exists(localtime_r "${CURL_INCLUDES}" HAVE_LOCALTIME_R) +check_symbol_exists(gmtime_r "${CURL_INCLUDES};stdlib.h;time.h" HAVE_GMTIME_R) -check_symbol_exists(gethostbyname "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME) check_symbol_exists(gethostbyname_r "${CURL_INCLUDES}" HAVE_GETHOSTBYNAME_R) -check_symbol_exists(signal "${CURL_INCLUDES}" HAVE_SIGNAL_FUNC) -check_symbol_exists(SIGALRM "${CURL_INCLUDES}" HAVE_SIGNAL_MACRO) -if(HAVE_SIGNAL_FUNC AND HAVE_SIGNAL_MACRO) - set(HAVE_SIGNAL 1) -endif() -check_symbol_exists(uname "${CURL_INCLUDES}" HAVE_UNAME) -check_symbol_exists(strtoll "${CURL_INCLUDES}" HAVE_STRTOLL) -check_symbol_exists(_strtoi64 "${CURL_INCLUDES}" HAVE__STRTOI64) -check_symbol_exists(strerror_r "${CURL_INCLUDES}" HAVE_STRERROR_R) -check_symbol_exists(siginterrupt "${CURL_INCLUDES}" HAVE_SIGINTERRUPT) -check_symbol_exists(getaddrinfo "${CURL_INCLUDES}" HAVE_GETADDRINFO) +check_symbol_exists(signal "${CURL_INCLUDES};signal.h" HAVE_SIGNAL) +check_symbol_exists(strtoll "${CURL_INCLUDES};stdlib.h" HAVE_STRTOLL) +check_symbol_exists(strerror_r "${CURL_INCLUDES};stdlib.h;string.h" HAVE_STRERROR_R) +check_symbol_exists(sigaction "signal.h" HAVE_SIGACTION) +check_symbol_exists(siginterrupt "${CURL_INCLUDES};signal.h" HAVE_SIGINTERRUPT) +check_symbol_exists(getaddrinfo "${CURL_INCLUDES};stdlib.h;string.h" HAVE_GETADDRINFO) +check_symbol_exists(getifaddrs "${CURL_INCLUDES};stdlib.h" HAVE_GETIFADDRS) check_symbol_exists(freeaddrinfo "${CURL_INCLUDES}" HAVE_FREEADDRINFO) check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE) +check_symbol_exists(eventfd "${CURL_INCLUDES};sys/eventfd.h" HAVE_EVENTFD) check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE) -check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME) +check_symbol_exists(_fseeki64 "${CURL_INCLUDES};stdio.h" HAVE__FSEEKI64) check_symbol_exists(getpeername "${CURL_INCLUDES}" HAVE_GETPEERNAME) check_symbol_exists(getsockname "${CURL_INCLUDES}" HAVE_GETSOCKNAME) check_symbol_exists(if_nametoindex "${CURL_INCLUDES}" HAVE_IF_NAMETOINDEX) @@ -1092,11 +1365,17 @@ check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT) check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE) check_symbol_exists(setmode "${CURL_INCLUDES}" HAVE_SETMODE) check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT) -check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL) -check_symbol_exists(ioctl "${CURL_INCLUDES}" HAVE_IOCTL) -check_symbol_exists(setsockopt "${CURL_INCLUDES}" HAVE_SETSOCKOPT) + +if(NOT MSVC OR (MSVC_VERSION GREATER_EQUAL 1900)) + # earlier MSVC compilers had faulty snprintf implementations + check_symbol_exists(snprintf "stdio.h" HAVE_SNPRINTF) +endif() check_function_exists(mach_absolute_time HAVE_MACH_ABSOLUTE_TIME) -check_symbol_exists(inet_pton "${CURL_INCLUDES}" HAVE_INET_PTON) +check_symbol_exists(inet_ntop "${CURL_INCLUDES};stdlib.h;string.h" HAVE_INET_NTOP) +if(MSVC AND (MSVC_VERSION LESS_EQUAL 1600)) + set(HAVE_INET_NTOP OFF) +endif() +check_symbol_exists(inet_pton "${CURL_INCLUDES};stdlib.h;string.h" HAVE_INET_PTON) check_symbol_exists(fsetxattr "${CURL_INCLUDES}" HAVE_FSETXATTR) if(HAVE_FSETXATTR) @@ -1110,29 +1389,11 @@ check_type_size("sa_family_t" SIZEOF_SA_FAMILY_T) set(HAVE_SA_FAMILY_T ${HAVE_SIZEOF_SA_FAMILY_T}) set(CMAKE_EXTRA_INCLUDE_FILES "") -set(CMAKE_EXTRA_INCLUDE_FILES "ws2def.h") -check_type_size("ADDRESS_FAMILY" SIZEOF_ADDRESS_FAMILY) -set(HAVE_ADDRESS_FAMILY ${HAVE_SIZEOF_ADDRESS_FAMILY}) -set(CMAKE_EXTRA_INCLUDE_FILES "") - -# sigaction and sigsetjmp are special. Use special mechanism for -# detecting those, but only if previous attempt failed. -if(HAVE_SIGNAL_H) - check_symbol_exists(sigaction "signal.h" HAVE_SIGACTION) -endif() - -if(NOT HAVE_SIGSETJMP) - if(HAVE_SETJMP_H) - check_symbol_exists(sigsetjmp "setjmp.h" HAVE_MACRO_SIGSETJMP) - if(HAVE_MACRO_SIGSETJMP) - set(HAVE_SIGSETJMP 1) - endif() - endif() -endif() - -# If there is no stricmp(), do not allow LDAP to parse URLs -if(NOT HAVE_STRICMP) - set(HAVE_LDAP_URL_PARSE 1) +if(WIN32) + set(CMAKE_EXTRA_INCLUDE_FILES "winsock2.h") + check_type_size("ADDRESS_FAMILY" SIZEOF_ADDRESS_FAMILY) + set(HAVE_ADDRESS_FAMILY ${HAVE_SIZEOF_ADDRESS_FAMILY}) + set(CMAKE_EXTRA_INCLUDE_FILES "") endif() # Do curl specific tests @@ -1145,8 +1406,6 @@ foreach(CURL_TEST HAVE_IOCTL_FIONBIO HAVE_IOCTL_SIOCGIFADDR HAVE_SETSOCKOPT_SO_NONBLOCK - HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID - TIME_WITH_SYS_TIME HAVE_O_NONBLOCK HAVE_GETHOSTBYNAME_R_3 HAVE_GETHOSTBYNAME_R_5 @@ -1157,10 +1416,8 @@ foreach(CURL_TEST HAVE_IN_ADDR_T HAVE_BOOL_T STDC_HEADERS - HAVE_GETADDRINFO HAVE_FILE_OFFSET_BITS - HAVE_VARIADIC_MACROS_C99 - HAVE_VARIADIC_MACROS_GCC + HAVE_ATOMIC ) curl_internal_test(${CURL_TEST}) endforeach() @@ -1171,14 +1428,47 @@ if(HAVE_FILE_OFFSET_BITS) endif() check_type_size("off_t" SIZEOF_OFF_T) +# fseeko may not exist with _FILE_OFFSET_BITS=64 but can exist with +# _FILE_OFFSET_BITS unset or 32 (e.g. Android ARMv7 with NDK 26b and API level < 24) +# so we need to test fseeko after testing for _FILE_OFFSET_BITS +check_symbol_exists(fseeko "${CURL_INCLUDES};stdio.h" HAVE_FSEEKO) + +if(HAVE_FSEEKO) + set(HAVE_DECL_FSEEKO 1) +endif() + # include this header to get the type set(CMAKE_REQUIRED_INCLUDES "${CURL_SOURCE_DIR}/include") set(CMAKE_EXTRA_INCLUDE_FILES "curl/system.h") check_type_size("curl_off_t" SIZEOF_CURL_OFF_T) +set(CMAKE_EXTRA_INCLUDE_FILES "curl/curl.h") +check_type_size("curl_socket_t" SIZEOF_CURL_SOCKET_T) set(CMAKE_EXTRA_INCLUDE_FILES "") +if(NOT WIN32 AND NOT CMAKE_CROSSCOMPILING) + # on not-Windows and not-crosscompiling, check for writable argv[] + include(CheckCSourceRuns) + check_c_source_runs(" + int main(int argc, char **argv) + { + (void)argc; + argv[0][0] = ' '; + return (argv[0][0] == ' ')?0:1; + }" HAVE_WRITABLE_ARGV) +endif() + set(CMAKE_REQUIRED_FLAGS) +option(ENABLE_WEBSOCKETS "Set to ON to enable EXPERIMENTAL websockets" OFF) + +if(ENABLE_WEBSOCKETS) + if(${SIZEOF_CURL_OFF_T} GREATER "4") + set(USE_WEBSOCKETS ON) + else() + message(WARNING "curl_off_t is too small to enable WebSockets") + endif() +endif() + foreach(CURL_TEST HAVE_GLIBC_STRERROR_R HAVE_POSIX_STRERROR_R @@ -1210,11 +1500,15 @@ if(NEED_REENTRANT) endforeach() endif() -# Check clock_gettime(CLOCK_MONOTONIC, x) support -curl_internal_test(HAVE_CLOCK_GETTIME_MONOTONIC) +if(NOT WIN32) + # Check clock_gettime(CLOCK_MONOTONIC, x) support + curl_internal_test(HAVE_CLOCK_GETTIME_MONOTONIC) +endif() -# Check compiler support of __builtin_available() -curl_internal_test(HAVE_BUILTIN_AVAILABLE) +if(APPLE) + # Check compiler support of __builtin_available() + curl_internal_test(HAVE_BUILTIN_AVAILABLE) +endif() # Some other minor tests @@ -1222,24 +1516,12 @@ if(NOT HAVE_IN_ADDR_T) set(in_addr_t "unsigned long") endif() -# Fix libz / zlib.h - -if(NOT CURL_SPECIAL_LIBZ) - if(NOT HAVE_LIBZ) - set(HAVE_ZLIB_H 0) - endif() - - if(NOT HAVE_ZLIB_H) - set(HAVE_LIBZ 0) - endif() -endif() - # Check for nonblocking set(HAVE_DISABLED_NONBLOCKING 1) if(HAVE_FIONBIO OR - HAVE_IOCTLSOCKET OR - HAVE_IOCTLSOCKET_CASE OR - HAVE_O_NONBLOCK) + HAVE_IOCTLSOCKET OR + HAVE_IOCTLSOCKET_CASE OR + HAVE_O_NONBLOCK) set(HAVE_DISABLED_NONBLOCKING) endif() @@ -1247,7 +1529,7 @@ if(CMAKE_COMPILER_IS_GNUCC AND APPLE) include(CheckCCompilerFlag) check_c_compiler_flag(-Wno-long-double HAVE_C_FLAG_Wno_long_double) if(HAVE_C_FLAG_Wno_long_double) - # The Mac version of GCC warns about use of long double. Disable it. + # The Mac version of GCC warns about use of long double. Disable it. get_source_file_property(MPRINTF_COMPILE_FLAGS mprintf.c COMPILE_FLAGS) if(MPRINTF_COMPILE_FLAGS) set(MPRINTF_COMPILE_FLAGS "${MPRINTF_COMPILE_FLAGS} -Wno-long-double") @@ -1259,17 +1541,6 @@ if(CMAKE_COMPILER_IS_GNUCC AND APPLE) endif() endif() -# TODO test which of these headers are required -if(WIN32) - set(CURL_PULL_WS2TCPIP_H ${HAVE_WS2TCPIP_H}) -else() - set(CURL_PULL_SYS_TYPES_H ${HAVE_SYS_TYPES_H}) - set(CURL_PULL_SYS_SOCKET_H ${HAVE_SYS_SOCKET_H}) - set(CURL_PULL_SYS_POLL_H ${HAVE_SYS_POLL_H}) -endif() -set(CURL_PULL_STDINT_H ${HAVE_STDINT_H}) -set(CURL_PULL_INTTYPES_H ${HAVE_INTTYPES_H}) - include(CMake/OtherTests.cmake) add_definitions(-DHAVE_CONFIG_H) @@ -1281,11 +1552,8 @@ if(WIN32) # Use the manifest embedded in the Windows Resource set(CMAKE_RC_FLAGS "${CMAKE_RC_FLAGS} -DCURL_EMBED_MANIFEST") - # Check if crypto functions in wincrypt.h are actually available - if(HAVE_WINCRYPT_H) - check_symbol_exists(CryptAcquireContext "${CURL_INCLUDES}" USE_WINCRYPT) - endif() - if(USE_WINCRYPT) + # We use crypto functions that are not available for UWP apps + if(NOT WINDOWS_STORE) set(USE_WIN32_CRYPTO ON) endif() @@ -1338,7 +1606,8 @@ if(CURL_LTO) endif() -# Ugly (but functional) way to include "Makefile.inc" by transforming it (= regenerate it). +# Ugly (but functional) way to include "Makefile.inc" by transforming it +# (= regenerate it). function(transform_makefile_inc INPUT_FILE OUTPUT_FILE) file(READ ${INPUT_FILE} MAKEFILE_INC_TEXT) string(REPLACE "$(top_srcdir)" "\${CURL_SOURCE_DIR}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) @@ -1348,8 +1617,8 @@ function(transform_makefile_inc INPUT_FILE OUTPUT_FILE) string(REGEX REPLACE "([a-zA-Z_][a-zA-Z0-9_]*)[\t ]*=[\t ]*([^\n]*)" "SET(\\1 \\2)" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) string(REPLACE "!Ï€!α!" "\n" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) - string(REGEX REPLACE "\\$\\(([a-zA-Z_][a-zA-Z0-9_]*)\\)" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) # Replace $() with ${} - string(REGEX REPLACE "@([a-zA-Z_][a-zA-Z0-9_]*)@" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) # Replace @@ with ${}, even if that may not be read by CMake scripts. + string(REGEX REPLACE "\\$\\(([a-zA-Z_][a-zA-Z0-9_]*)\\)" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) # Replace $() with ${} + string(REGEX REPLACE "@([a-zA-Z_][a-zA-Z0-9_]*)@" "\${\\1}" MAKEFILE_INC_TEXT ${MAKEFILE_INC_TEXT}) # Replace @@ with ${}, even if that may not be read by CMake scripts. file(WRITE ${OUTPUT_FILE} ${MAKEFILE_INC_TEXT}) set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS "${INPUT_FILE}") endfunction() @@ -1362,7 +1631,11 @@ set(generated_dir "${CMAKE_CURRENT_BINARY_DIR}/generated") set(project_config "${generated_dir}/${PROJECT_NAME}Config.cmake") set(version_config "${generated_dir}/${PROJECT_NAME}ConfigVersion.cmake") -if(USE_MANUAL) +cmake_dependent_option(BUILD_TESTING "Build tests" + ON "PERL_FOUND;NOT CURL_DISABLE_TESTS" + OFF) + +if(HAVE_MANUAL_TOOLS) add_subdirectory(docs) endif() @@ -1372,243 +1645,342 @@ if(BUILD_CURL_EXE) add_subdirectory(src) endif() -cmake_dependent_option(BUILD_TESTING "Build tests" - ON "PERL_FOUND;NOT CURL_DISABLE_TESTS" - OFF) +option(BUILD_EXAMPLES "Build libcurl examples" OFF) +if(BUILD_EXAMPLES) + add_subdirectory(docs/examples) +endif() + if(BUILD_TESTING) add_subdirectory(tests) endif() -# Helper to populate a list (_items) with a label when conditions (the remaining -# args) are satisfied -macro(_add_if label) - # needs to be a macro to allow this indirection - if(${ARGN}) - set(_items ${_items} "${label}") +if(NOT CURL_DISABLE_INSTALL) + + install(FILES "${PROJECT_SOURCE_DIR}/scripts/mk-ca-bundle.pl" + DESTINATION ${CMAKE_INSTALL_BINDIR} + PERMISSIONS + OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE + WORLD_READ WORLD_EXECUTE) + + # Helper to populate a list (_items) with a label when conditions + # (the remaining args) are satisfied + macro(_add_if label) + # needs to be a macro to allow this indirection + if(${ARGN}) + set(_items ${_items} "${label}") + endif() + endmacro() + + # NTLM support requires crypto functions from various SSL libs. + # These conditions must match those in lib/curl_setup.h. + if(NOT CURL_DISABLE_NTLM AND + (USE_OPENSSL OR + USE_MBEDTLS OR + USE_GNUTLS OR + USE_SECTRANSP OR + USE_WIN32_CRYPTO OR + (USE_WOLFSSL AND HAVE_WOLFSSL_DES_ECB_ENCRYPT))) + set(use_curl_ntlm_core ON) endif() -endmacro() -# NTLM support requires crypto function adaptions from various SSL libs -# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS -if(NOT (CURL_DISABLE_CRYPTO_AUTH OR CURL_DISABLE_NTLM) AND - (USE_OPENSSL OR USE_MBEDTLS OR USE_DARWINSSL OR USE_WIN32_CRYPTO)) - set(use_curl_ntlm_core ON) -endif() - -# Clear list and try to detect available features -set(_items) -_add_if("SSL" SSL_ENABLED) -_add_if("IPv6" ENABLE_IPV6) -_add_if("unixsockets" USE_UNIX_SOCKETS) -_add_if("libz" HAVE_LIBZ) -_add_if("brotli" HAVE_BROTLI) -_add_if("zstd" HAVE_ZSTD) -_add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32) -_add_if("IDN" HAVE_LIBIDN2 OR USE_WIN32_IDN) -_add_if("Largefile" (SIZEOF_CURL_OFF_T GREATER 4) AND - ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES)) -# TODO SSP1 (Schannel) check is missing -_add_if("SSPI" USE_WINDOWS_SSPI) -_add_if("GSS-API" HAVE_GSSAPI) -_add_if("alt-svc" NOT CURL_DISABLE_ALTSVC) -_add_if("HSTS" NOT CURL_DISABLE_HSTS) -# TODO SSP1 missing for SPNEGO -_add_if("SPNEGO" NOT CURL_DISABLE_CRYPTO_AUTH AND - (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) -_add_if("Kerberos" NOT CURL_DISABLE_CRYPTO_AUTH AND - (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) -# NTLM support requires crypto function adaptions from various SSL libs -# TODO alternative SSL libs tests for SSP1, GNUTLS, NSS -_add_if("NTLM" NOT (CURL_DISABLE_CRYPTO_AUTH OR CURL_DISABLE_NTLM) AND - (use_curl_ntlm_core OR USE_WINDOWS_SSPI)) -# TODO missing option (autoconf: --enable-ntlm-wb) -_add_if("NTLM_WB" NOT (CURL_DISABLE_CRYPTO_AUTH OR CURL_DISABLE_NTLM) AND - (use_curl_ntlm_core OR USE_WINDOWS_SSPI) AND - NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED) -# TODO missing option (--enable-tls-srp), depends on GNUTLS_SRP/OPENSSL_SRP -_add_if("TLS-SRP" USE_TLS_SRP) -# TODO option --with-nghttp2 tests for nghttp2 lib and nghttp2/nghttp2.h header -_add_if("HTTP2" USE_NGHTTP2) -_add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE) -_add_if("MultiSSL" CURL_WITH_MULTI_SSL) -_add_if("HTTPS-proxy" SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS OR USE_NSS)) -_add_if("unicode" ENABLE_UNICODE) -string(REPLACE ";" " " SUPPORT_FEATURES "${_items}") -message(STATUS "Enabled features: ${SUPPORT_FEATURES}") - -# Clear list and try to detect available protocols -set(_items) -_add_if("HTTP" NOT CURL_DISABLE_HTTP) -_add_if("HTTPS" NOT CURL_DISABLE_HTTP AND SSL_ENABLED) -_add_if("FTP" NOT CURL_DISABLE_FTP) -_add_if("FTPS" NOT CURL_DISABLE_FTP AND SSL_ENABLED) -_add_if("FILE" NOT CURL_DISABLE_FILE) -_add_if("TELNET" NOT CURL_DISABLE_TELNET) -_add_if("LDAP" NOT CURL_DISABLE_LDAP) -# CURL_DISABLE_LDAP implies CURL_DISABLE_LDAPS -# TODO check HAVE_LDAP_SSL (in autoconf this is enabled with --enable-ldaps) -_add_if("LDAPS" NOT CURL_DISABLE_LDAPS AND - ((USE_OPENLDAP AND SSL_ENABLED) OR - (NOT USE_OPENLDAP AND HAVE_LDAP_SSL))) -_add_if("DICT" NOT CURL_DISABLE_DICT) -_add_if("TFTP" NOT CURL_DISABLE_TFTP) -_add_if("GOPHER" NOT CURL_DISABLE_GOPHER) -_add_if("GOPHERS" NOT CURL_DISABLE_GOPHER AND SSL_ENABLED) -_add_if("POP3" NOT CURL_DISABLE_POP3) -_add_if("POP3S" NOT CURL_DISABLE_POP3 AND SSL_ENABLED) -_add_if("IMAP" NOT CURL_DISABLE_IMAP) -_add_if("IMAPS" NOT CURL_DISABLE_IMAP AND SSL_ENABLED) -_add_if("SMB" NOT CURL_DISABLE_SMB AND - use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) -_add_if("SMBS" NOT CURL_DISABLE_SMB AND SSL_ENABLED AND - use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) -_add_if("SMTP" NOT CURL_DISABLE_SMTP) -_add_if("SMTPS" NOT CURL_DISABLE_SMTP AND SSL_ENABLED) -_add_if("SCP" USE_LIBSSH2 OR USE_LIBSSH) -_add_if("SFTP" USE_LIBSSH2 OR USE_LIBSSH) -_add_if("RTSP" NOT CURL_DISABLE_RTSP) -_add_if("RTMP" USE_LIBRTMP) -_add_if("MQTT" NOT CURL_DISABLE_MQTT) -if(_items) - list(SORT _items) -endif() -string(REPLACE ";" " " SUPPORT_PROTOCOLS "${_items}") -message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}") - -# Clear list and collect SSL backends -set(_items) -_add_if("Schannel" SSL_ENABLED AND USE_SCHANNEL) -_add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL) -_add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP) -_add_if("mbedTLS" SSL_ENABLED AND USE_MBEDTLS) -_add_if("BearSSL" SSL_ENABLED AND USE_BEARSSL) -_add_if("NSS" SSL_ENABLED AND USE_NSS) -_add_if("wolfSSL" SSL_ENABLED AND USE_WOLFSSL) -if(_items) - list(SORT _items) -endif() -string(REPLACE ";" " " SSL_BACKENDS "${_items}") -message(STATUS "Enabled SSL backends: ${SSL_BACKENDS}") - -# curl-config needs the following options to be set. -set(CC "${CMAKE_C_COMPILER}") -# TODO probably put a -D... options here? -set(CONFIGURE_OPTIONS "") -# TODO when to set "-DCURL_STATICLIB" for CPPFLAG_CURL_STATICLIB? -set(CPPFLAG_CURL_STATICLIB "") -set(CURLVERSION "${CURL_VERSION}") -set(exec_prefix "\${prefix}") -set(includedir "\${prefix}/include") -set(LDFLAGS "${CMAKE_SHARED_LINKER_FLAGS}") -set(LIBCURL_LIBS "") -set(libdir "${CMAKE_INSTALL_PREFIX}/lib") -foreach(_lib ${CMAKE_C_IMPLICIT_LINK_LIBRARIES} ${CURL_LIBS}) - if(TARGET "${_lib}") - set(_libname "${_lib}") - get_target_property(_imported "${_libname}" IMPORTED) - if(NOT _imported) - # Reading the LOCATION property on non-imported target will error out. - # Assume the user won't need this information in the .pc file. - continue() + # Clear list and try to detect available protocols + set(_items) + _add_if("HTTP" NOT CURL_DISABLE_HTTP) + _add_if("IPFS" NOT CURL_DISABLE_HTTP) + _add_if("IPNS" NOT CURL_DISABLE_HTTP) + _add_if("HTTPS" NOT CURL_DISABLE_HTTP AND SSL_ENABLED) + _add_if("FTP" NOT CURL_DISABLE_FTP) + _add_if("FTPS" NOT CURL_DISABLE_FTP AND SSL_ENABLED) + _add_if("FILE" NOT CURL_DISABLE_FILE) + _add_if("TELNET" NOT CURL_DISABLE_TELNET) + _add_if("LDAP" NOT CURL_DISABLE_LDAP) + # CURL_DISABLE_LDAP implies CURL_DISABLE_LDAPS + _add_if("LDAPS" NOT CURL_DISABLE_LDAPS AND + ((USE_OPENLDAP AND SSL_ENABLED) OR + (NOT USE_OPENLDAP AND HAVE_LDAP_SSL))) + _add_if("DICT" NOT CURL_DISABLE_DICT) + _add_if("TFTP" NOT CURL_DISABLE_TFTP) + _add_if("GOPHER" NOT CURL_DISABLE_GOPHER) + _add_if("GOPHERS" NOT CURL_DISABLE_GOPHER AND SSL_ENABLED) + _add_if("POP3" NOT CURL_DISABLE_POP3) + _add_if("POP3S" NOT CURL_DISABLE_POP3 AND SSL_ENABLED) + _add_if("IMAP" NOT CURL_DISABLE_IMAP) + _add_if("IMAPS" NOT CURL_DISABLE_IMAP AND SSL_ENABLED) + _add_if("SMB" NOT CURL_DISABLE_SMB AND + use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) + _add_if("SMBS" NOT CURL_DISABLE_SMB AND SSL_ENABLED AND + use_curl_ntlm_core AND (SIZEOF_CURL_OFF_T GREATER 4)) + _add_if("SMTP" NOT CURL_DISABLE_SMTP) + _add_if("SMTPS" NOT CURL_DISABLE_SMTP AND SSL_ENABLED) + _add_if("SCP" USE_LIBSSH2 OR USE_LIBSSH) + _add_if("SFTP" USE_LIBSSH2 OR USE_LIBSSH) + _add_if("RTSP" NOT CURL_DISABLE_RTSP) + _add_if("RTMP" USE_LIBRTMP) + _add_if("MQTT" NOT CURL_DISABLE_MQTT) + _add_if("WS" USE_WEBSOCKETS) + _add_if("WSS" USE_WEBSOCKETS AND SSL_ENABLED) + if(_items) + list(SORT _items) + endif() + string(REPLACE ";" " " SUPPORT_PROTOCOLS "${_items}") + string(TOLOWER "${SUPPORT_PROTOCOLS}" SUPPORT_PROTOCOLS_LOWER) + message(STATUS "Protocols: ${SUPPORT_PROTOCOLS_LOWER}") + + # Clear list and try to detect available features + set(_items) + _add_if("SSL" SSL_ENABLED) + _add_if("IPv6" ENABLE_IPV6) + _add_if("UnixSockets" USE_UNIX_SOCKETS) + _add_if("libz" HAVE_LIBZ) + _add_if("brotli" HAVE_BROTLI) + _add_if("gsasl" USE_GSASL) + _add_if("zstd" HAVE_ZSTD) + _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32) + _add_if("IDN" (HAVE_LIBIDN2 AND HAVE_IDN2_H) OR + USE_WIN32_IDN OR + USE_APPLE_IDN) + _add_if("Largefile" (SIZEOF_CURL_OFF_T GREATER 4) AND + ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES)) + _add_if("SSPI" USE_WINDOWS_SSPI) + _add_if("GSS-API" HAVE_GSSAPI) + _add_if("alt-svc" NOT CURL_DISABLE_ALTSVC) + _add_if("HSTS" NOT CURL_DISABLE_HSTS) + _add_if("SPNEGO" NOT CURL_DISABLE_NEGOTIATE_AUTH AND + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) + _add_if("Kerberos" NOT CURL_DISABLE_KERBEROS_AUTH AND + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) + _add_if("NTLM" NOT (CURL_DISABLE_NTLM) AND + (use_curl_ntlm_core OR USE_WINDOWS_SSPI)) + _add_if("TLS-SRP" USE_TLS_SRP) + _add_if("HTTP2" USE_NGHTTP2) + _add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE OR USE_OPENSSL_QUIC) + _add_if("MultiSSL" CURL_WITH_MULTI_SSL) + _add_if("HTTPS-proxy" SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS + OR USE_SCHANNEL OR USE_RUSTLS OR USE_BEARSSL OR + USE_MBEDTLS OR USE_SECTRANSP OR + (USE_WOLFSSL AND HAVE_WOLFSSL_FULL_BIO))) + _add_if("Unicode" ENABLE_UNICODE) + _add_if("threadsafe" HAVE_ATOMIC OR + (USE_THREADS_POSIX AND HAVE_PTHREAD_H) OR + (WIN32 AND HAVE_WIN32_WINNT GREATER_EQUAL 0x600)) + _add_if("Debug" ENABLE_DEBUG) + _add_if("TrackMemory" ENABLE_CURLDEBUG) + _add_if("ECH" SSL_ENABLED AND HAVE_ECH) + _add_if("PSL" USE_LIBPSL) + if(_items) + if(NOT CMAKE_VERSION VERSION_LESS 3.13) + list(SORT _items CASE INSENSITIVE) + else() + list(SORT _items) + endif() + endif() + string(REPLACE ";" " " SUPPORT_FEATURES "${_items}") + message(STATUS "Features: ${SUPPORT_FEATURES}") + + # Clear list and collect SSL backends + set(_items) + _add_if("Schannel" SSL_ENABLED AND USE_SCHANNEL) + _add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL) + _add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP) + _add_if("mbedTLS" SSL_ENABLED AND USE_MBEDTLS) + _add_if("BearSSL" SSL_ENABLED AND USE_BEARSSL) + _add_if("wolfSSL" SSL_ENABLED AND USE_WOLFSSL) + _add_if("GnuTLS" SSL_ENABLED AND USE_GNUTLS) + + if(_items) + if(NOT CMAKE_VERSION VERSION_LESS 3.13) + list(SORT _items CASE INSENSITIVE) + else() + list(SORT _items) + endif() + endif() + string(REPLACE ";" " " SSL_BACKENDS "${_items}") + message(STATUS "Enabled SSL backends: ${SSL_BACKENDS}") + if(CURL_DEFAULT_SSL_BACKEND) + message(STATUS "Default SSL backend: ${CURL_DEFAULT_SSL_BACKEND}") + endif() + + # curl-config needs the following options to be set. + set(CC "${CMAKE_C_COMPILER}") + # TODO probably put a -D... options here? + set(CONFIGURE_OPTIONS "") + set(CURLVERSION "${CURL_VERSION}") + set(exec_prefix "\${prefix}") + set(includedir "\${prefix}/include") + set(LDFLAGS "${CMAKE_SHARED_LINKER_FLAGS}") + set(LIBCURL_LIBS "") + set(libdir "${CMAKE_INSTALL_PREFIX}/lib") + + # For processing full path libraries into -L and -l ld options, + # the directories that go with the -L option are cached, so they + # only get added once per such directory. + set(_libcurl_libs_dirs) + # To avoid getting unnecessary -L options for known system directories, + # _libcurl_libs_dirs is seeded with them. + foreach(_libdir ${CMAKE_SYSTEM_PREFIX_PATH}) + if(_libdir MATCHES "/$") + set(_libdir "${_libdir}lib") + else() + set(_libdir "${_libdir}/lib") + endif() + if(IS_DIRECTORY "${_libdir}") + list(APPEND _libcurl_libs_dirs "${_libdir}") + endif() + if(DEFINED CMAKE_LIBRARY_ARCHITECTURE) + set(_libdir "${_libdir}/${CMAKE_LIBRARY_ARCHITECTURE}") + if(IS_DIRECTORY "${_libdir}") + list(APPEND _libcurl_libs_dirs "${_libdir}") + endif() + endif() + endforeach() + + foreach(_lib ${CMAKE_C_IMPLICIT_LINK_LIBRARIES} ${CURL_LIBS}) + if(TARGET "${_lib}") + set(_libname "${_lib}") + get_target_property(_imported "${_libname}" IMPORTED) + if(NOT _imported) + # Reading the LOCATION property on non-imported target will error out. + # Assume the user won't need this information in the .pc file. + continue() + endif() + get_target_property(_lib "${_libname}" LOCATION) + if(NOT _lib) + message(WARNING "Bad lib in library list: ${_libname}") + continue() + endif() endif() - get_target_property(_lib "${_libname}" LOCATION) - if(NOT _lib) - message(WARNING "Bad lib in library list: ${_libname}") - continue() + if(_lib MATCHES "^-") + set(LIBCURL_LIBS "${LIBCURL_LIBS} ${_lib}") + elseif(_lib MATCHES ".*/.*") + # This gets a bit more complex, because we want to specify the + # directory separately, and only once per directory + string(REGEX REPLACE "^(.*)/[^/]*$" "\\1" _libdir "${_lib}") + string(REGEX REPLACE "^.*/([^/.]*).*$" "\\1" _libname "${_lib}") + if(_libname MATCHES "^lib") + list(FIND _libcurl_libs_dirs "${_libdir}" _libdir_index) + if(_libdir_index LESS 0) + list(APPEND _libcurl_libs_dirs "${_libdir}") + set(LIBCURL_LIBS "${LIBCURL_LIBS} -L${_libdir}") + endif() + string(REGEX REPLACE "^lib" "" _libname "${_libname}") + set(LIBCURL_LIBS "${LIBCURL_LIBS} -l${_libname}") + else() + set(LIBCURL_LIBS "${LIBCURL_LIBS} ${_lib}") + endif() + else() + set(LIBCURL_LIBS "${LIBCURL_LIBS} -l${_lib}") endif() + endforeach() + + # Export a .pc file for client projects not using CMake + if(LIBCURL_PC_REQUIRES_PRIVATE) + string(REPLACE ";" "," LIBCURL_PC_REQUIRES_PRIVATE "${LIBCURL_PC_REQUIRES_PRIVATE}") endif() - if(_lib MATCHES ".*/.*" OR _lib MATCHES "^-") - set(LIBCURL_LIBS "${LIBCURL_LIBS} ${_lib}") + + # Merge pkg-config private fields into public ones when static-only + if(BUILD_SHARED_LIBS) + set(ENABLE_SHARED "yes") + set(LIBCURL_PC_REQUIRES "") + set(LIBCURL_NO_SHARED "") + set(CPPFLAG_CURL_STATICLIB "") else() - set(LIBCURL_LIBS "${LIBCURL_LIBS} -l${_lib}") + set(ENABLE_SHARED "no") + set(LIBCURL_PC_REQUIRES "${LIBCURL_PC_REQUIRES_PRIVATE}") + set(LIBCURL_NO_SHARED "${LIBCURL_LIBS}") + set(CPPFLAG_CURL_STATICLIB "-DCURL_STATICLIB") endif() -endforeach() -if(BUILD_SHARED_LIBS) - set(ENABLE_SHARED "yes") - set(ENABLE_STATIC "no") - set(LIBCURL_NO_SHARED "") -else() - set(ENABLE_SHARED "no") - set(ENABLE_STATIC "yes") - set(LIBCURL_NO_SHARED "${LIBCURL_LIBS}") -endif() -# "a" (Linux) or "lib" (Windows) -string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}") -set(prefix "${CMAKE_INSTALL_PREFIX}") -# Set this to "yes" to append all libraries on which -lcurl is dependent -set(REQUIRE_LIB_DEPS "no") -# SUPPORT_FEATURES -# SUPPORT_PROTOCOLS -set(VERSIONNUM "${CURL_VERSION_NUM}") - -# Finally generate a "curl-config" matching this config -# Use: -# * ENABLE_SHARED -# * ENABLE_STATIC -configure_file("${CURL_SOURCE_DIR}/curl-config.in" - "${CURL_BINARY_DIR}/curl-config" @ONLY) -install(FILES "${CURL_BINARY_DIR}/curl-config" - DESTINATION ${CMAKE_INSTALL_BINDIR} - PERMISSIONS - OWNER_READ OWNER_WRITE OWNER_EXECUTE - GROUP_READ GROUP_EXECUTE - WORLD_READ WORLD_EXECUTE) - -# Finally generate a pkg-config file matching this config -configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in" - "${CURL_BINARY_DIR}/libcurl.pc" @ONLY) -install(FILES "${CURL_BINARY_DIR}/libcurl.pc" - DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) - -# install headers -install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl" - DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} - FILES_MATCHING PATTERN "*.h") - -include(CMakePackageConfigHelpers) -write_basic_package_version_file( - "${version_config}" - VERSION ${CURL_VERSION} - COMPATIBILITY SameMajorVersion -) + if(BUILD_STATIC_LIBS) + set(ENABLE_STATIC "yes") + else() + set(ENABLE_STATIC "no") + endif() + # "a" (Linux) or "lib" (Windows) + string(REPLACE "." "" libext "${CMAKE_STATIC_LIBRARY_SUFFIX}") + set(prefix "${CMAKE_INSTALL_PREFIX}") + # Set this to "yes" to append all libraries on which -lcurl is dependent + set(REQUIRE_LIB_DEPS "no") + # SUPPORT_FEATURES + # SUPPORT_PROTOCOLS + set(VERSIONNUM "${CURL_VERSION_NUM}") + + # Finally generate a "curl-config" matching this config + # Use: + # * ENABLE_SHARED + # * ENABLE_STATIC + configure_file("${CURL_SOURCE_DIR}/curl-config.in" + "${CURL_BINARY_DIR}/curl-config" @ONLY) + install(FILES "${CURL_BINARY_DIR}/curl-config" + DESTINATION ${CMAKE_INSTALL_BINDIR} + PERMISSIONS + OWNER_READ OWNER_WRITE OWNER_EXECUTE + GROUP_READ GROUP_EXECUTE + WORLD_READ WORLD_EXECUTE) + + # Finally generate a pkg-config file matching this config + configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in" + "${CURL_BINARY_DIR}/libcurl.pc" @ONLY) + install(FILES "${CURL_BINARY_DIR}/libcurl.pc" + DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig) + + # install headers + install(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}/include/curl" + DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} + FILES_MATCHING PATTERN "*.h") + + include(CMakePackageConfigHelpers) + write_basic_package_version_file( + "${version_config}" + VERSION ${CURL_VERSION} + COMPATIBILITY SameMajorVersion + ) + file(READ "${version_config}" generated_version_config) + file(WRITE "${version_config}" " + if(NOT PACKAGE_FIND_VERSION_RANGE AND PACKAGE_FIND_VERSION_MAJOR STREQUAL \"7\") + # Version 8 satisfies version 7... requirements + set(PACKAGE_FIND_VERSION_MAJOR 8) + set(PACKAGE_FIND_VERSION_COUNT 1) + endif() + ${generated_version_config}" + ) -# Use: -# * TARGETS_EXPORT_NAME -# * PROJECT_NAME -configure_package_config_file(CMake/curl-config.cmake.in - "${project_config}" - INSTALL_DESTINATION ${CURL_INSTALL_CMAKE_DIR} -) + # Use: + # * TARGETS_EXPORT_NAME + # * PROJECT_NAME + configure_package_config_file(CMake/curl-config.cmake.in + "${project_config}" + INSTALL_DESTINATION ${CURL_INSTALL_CMAKE_DIR} + PATH_VARS CMAKE_INSTALL_INCLUDEDIR + ) + + if(CURL_ENABLE_EXPORT_TARGET) + install(EXPORT "${TARGETS_EXPORT_NAME}" + NAMESPACE "${PROJECT_NAME}::" + DESTINATION ${CURL_INSTALL_CMAKE_DIR} + ) + endif() -if(CURL_ENABLE_EXPORT_TARGET) - install( - EXPORT "${TARGETS_EXPORT_NAME}" - NAMESPACE "${PROJECT_NAME}::" + install(FILES ${version_config} ${project_config} DESTINATION ${CURL_INSTALL_CMAKE_DIR} ) -endif() - -install( - FILES ${version_config} ${project_config} - DESTINATION ${CURL_INSTALL_CMAKE_DIR} -) -# Workaround for MSVS10 to avoid the Dialog Hell -# FIXME: This could be removed with future version of CMake. -if(MSVC_VERSION EQUAL 1600) - set(CURL_SLN_FILENAME "${CMAKE_CURRENT_BINARY_DIR}/CURL.sln") - if(EXISTS "${CURL_SLN_FILENAME}") - file(APPEND "${CURL_SLN_FILENAME}" "\n# This should be regenerated!\n") + # Workaround for MSVS10 to avoid the Dialog Hell + # FIXME: This could be removed with future version of CMake. + if(MSVC_VERSION EQUAL 1600) + set(CURL_SLN_FILENAME "${CMAKE_CURRENT_BINARY_DIR}/CURL.sln") + if(EXISTS "${CURL_SLN_FILENAME}") + file(APPEND "${CURL_SLN_FILENAME}" "\n# This should be regenerated!\n") + endif() endif() -endif() -if(NOT TARGET uninstall) - configure_file( + if(NOT TARGET curl_uninstall) + configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/CMake/cmake_uninstall.cmake.in ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake IMMEDIATE @ONLY) - add_custom_target(uninstall + add_custom_target(curl_uninstall COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/CMake/cmake_uninstall.cmake) + endif() endif() diff --git a/libs/curl/COPYING b/libs/curl/COPYING index 48f14475..d9e7e0be 100644 --- a/libs/curl/COPYING +++ b/libs/curl/COPYING @@ -1,6 +1,6 @@ COPYRIGHT AND PERMISSION NOTICE -Copyright (c) 1996 - 2021, Daniel Stenberg, , and many +Copyright (c) 1996 - 2024, Daniel Stenberg, , and many contributors, see the THANKS file. All rights reserved. diff --git a/libs/curl/Dockerfile b/libs/curl/Dockerfile new file mode 100644 index 00000000..240dc22b --- /dev/null +++ b/libs/curl/Dockerfile @@ -0,0 +1,41 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +# Self-contained build environment to match the release environment. +# +# Build and set the timestamp for the date corresponding to the release +# +# docker build --build-arg SOURCE_DATE_EPOCH=1711526400 --build-arg UID=$(id -u) --build-arg GID=$(id -g) -t curl/curl . +# +# Then run commands from within the build environment, for example +# +# docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/usr/src -w /usr/src curl/curl autoreconf -fi +# docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/usr/src -w /usr/src curl/curl ./configure --without-ssl --without-libpsl +# docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/usr/src -w /usr/src curl/curl make +# docker run --rm -it -u $(id -u):$(id -g) -v $(pwd):/usr/src -w /usr/src curl/curl ./maketgz 8.7.1 +# +# or get into a shell in the build environment, for example +# +# docker run --rm -it -u $(id -u):$(id -g) -v (pwd):/usr/src -w /usr/src curl/curl bash +# $ autoreconf -fi +# $ ./configure --without-ssl --without-libpsl +# $ make +# $ ./maketgz 8.7.1 + +# To update, get the latest digest e.g. from https://hub.docker.com/_/debian/tags +FROM debian:bookworm-slim@sha256:39868a6f452462b70cf720a8daff250c63e7342970e749059c105bf7c1e8eeaf + +RUN apt-get update -qq && apt-get install -qq -y --no-install-recommends \ + build-essential make autoconf automake libtool git perl zip zlib1g-dev gawk && \ + rm -rf /var/lib/apt/lists/* + +ARG UID=1000 GID=1000 + +RUN groupadd --gid $UID dev && \ + useradd --uid $UID --gid dev --shell /bin/bash --create-home dev + +USER dev:dev + +ARG SOURCE_DATE_EPOCH +ENV SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH:-1} diff --git a/libs/curl/GIT-INFO b/libs/curl/GIT-INFO deleted file mode 100644 index 053369e7..00000000 --- a/libs/curl/GIT-INFO +++ /dev/null @@ -1,44 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -GIT-INFO - -This file is only present in git - never in release archives. It contains -information about other files and things that the git repository keeps in its -inner sanctum. - -To build in environments that support configure, after having extracted -everything from git, do this: - -autoreconf -fi -./configure -make - - Daniel uses a ./configure line similar to this for easier development: - - ./configure --disable-shared --enable-debug --enable-maintainer-mode - -In environments that don't support configure (i.e. Microsoft), do this: - -buildconf.bat - - -REQUIREMENTS - -For autoreconf and configure (not buildconf.bat) to work, you need the -following software installed: - - o autoconf 2.57 (or later) - o automake 1.7 (or later) - o libtool 1.4.2 (or later) - o GNU m4 (required by autoconf) - - o nroff + perl - - If you don't have nroff and perl and you for some reason don't want to - install them, you can rename the source file src/tool_hugehelp.c.cvs to - src/tool_hugehelp.c and avoid having to generate this file. This will - give you a stubbed version of the file that doesn't contain actual content. diff --git a/libs/curl/GIT-INFO.md b/libs/curl/GIT-INFO.md new file mode 100644 index 00000000..71a8b037 --- /dev/null +++ b/libs/curl/GIT-INFO.md @@ -0,0 +1,32 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +# GIT-INFO + +This file is only present in git - never in release archives. It contains +information about other files and things that the git repository keeps in its +inner sanctum. + +To build in environments that support configure, after having extracted +everything from git, do this: + + autoreconf -fi + ./configure --with-openssl + make + +Daniel uses a configure line similar to this for easier development: + + ./configure --disable-shared --enable-debug --enable-maintainer-mode + +In environments that don't support configure (i.e. Windows), do this: + + buildconf.bat + +## REQUIREMENTS + +See [docs/INTERNALS.md][0] for requirement details. + +[0]: docs/INTERNALS.md diff --git a/libs/curl/LICENSES/BSD-3-Clause.txt b/libs/curl/LICENSES/BSD-3-Clause.txt new file mode 100644 index 00000000..086d3992 --- /dev/null +++ b/libs/curl/LICENSES/BSD-3-Clause.txt @@ -0,0 +1,11 @@ +Copyright (c) . + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/libs/curl/LICENSES/BSD-4-Clause-UC.txt b/libs/curl/LICENSES/BSD-4-Clause-UC.txt new file mode 100644 index 00000000..69edbe32 --- /dev/null +++ b/libs/curl/LICENSES/BSD-4-Clause-UC.txt @@ -0,0 +1,15 @@ +BSD-4-Clause (University of California-Specific) + +Copyright [various years] The Regents of the University of California. All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software must display the following acknowledgement: This product includes software developed by the University of California, Berkeley and its contributors. + +4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/libs/curl/LICENSES/ISC.txt b/libs/curl/LICENSES/ISC.txt new file mode 100644 index 00000000..60f60bfb --- /dev/null +++ b/libs/curl/LICENSES/ISC.txt @@ -0,0 +1,12 @@ +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM +DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL +INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING +FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, +NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION +WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/libs/curl/LICENSES/curl.txt b/libs/curl/LICENSES/curl.txt new file mode 100644 index 00000000..3c1c1974 --- /dev/null +++ b/libs/curl/LICENSES/curl.txt @@ -0,0 +1,22 @@ +COPYRIGHT AND PERMISSION NOTICE + +Copyright (C) Daniel Stenberg, , and many +contributors, see the THANKS file. + +All rights reserved. + +Permission to use, copy, modify, and distribute this software for any purpose +with or without fee is hereby granted, provided that the above copyright +notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN +NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE +OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of a copyright holder shall not +be used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization of the copyright holder. diff --git a/libs/curl/MacOSX-Framework b/libs/curl/MacOSX-Framework deleted file mode 100755 index 3c845277..00000000 --- a/libs/curl/MacOSX-Framework +++ /dev/null @@ -1,158 +0,0 @@ -#!/usr/bin/env bash -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### -# This script performs all of the steps needed to build a -# universal binary libcurl.framework for Mac OS X 10.4 or greater. -# -# Hendrik Visage: -# Generalizations added since Snowleopard (10.6) do not include -# the 10.4u SDK. -# -# Also note: -# 10.5 is the *ONLY* SDK that support PPC64 :( -- 10.6 do not have ppc64 support -#If you need to have PPC64 support then change below to 1 -PPC64_NEEDED=0 -# Apple does not support building for PPC anymore in Xcode 4 and later. -# If you're using Xcode 3 or earlier and need PPC support, then change -# the setting below to 1 -PPC_NEEDED=0 - -# For me the default is to develop for the platform I am on, and if you -#desire compatibility with older versions then change USE_OLD to 1 :) -USE_OLD=0 - -VERSION=`/usr/bin/sed -ne 's/^#define LIBCURL_VERSION "\(.*\)"/\1/p' include/curl/curlver.h` -FRAMEWORK_VERSION=Versions/Release-$VERSION - -#I also wanted to "copy over" the system, and thus the reason I added the -# version to Versions/Release-7.20.1 etc. -# now a simple rsync -vaP libcurl.framework /Library/Frameworks will install it -# and setup the right paths to this version, leaving the system version -# "intact", so you can "fix" it later with the links to Versions/A/... - -DEVELOPER_PATH=`xcode-select --print-path` -# Around Xcode 4.3, SDKs were moved from the Developer folder into the -# MacOSX.platform folder -if test -d "$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs"; then - SDK_PATH="$DEVELOPER_PATH/Platforms/MacOSX.platform/Developer/SDKs" -else - SDK_PATH="$DEVELOPER_PATH/SDKs" -fi -OLD_SDK=`ls $SDK_PATH|head -1` -NEW_SDK=`ls -r $SDK_PATH|head -1` - -if test "0"$USE_OLD -gt 0 -then - SDK32=$OLD_SDK -else - SDK32=$NEW_SDK -fi - -MACVER=`echo $SDK32|sed -e s/[a-zA-Z]//g -e s/.\$//` - -SDK32_DIR=$SDK_PATH/$SDK32 -MINVER32='-mmacosx-version-min='$MACVER -if test $PPC_NEEDED -gt 0; then - ARCHES32='-arch i386 -arch ppc' -else - ARCHES32='-arch i386' -fi - -if test $PPC64_NEEDED -gt 0 -then - SDK64=10.5 - ARCHES64='-arch x86_64 -arch ppc64' - SDK64=`ls $SDK_PATH|grep 10.5|head -1` -else - ARCHES64='-arch x86_64' - #We "know" that 10.4 and earlier do not support 64bit - OLD_SDK64=`ls $SDK_PATH|egrep -v "10.[0-4]"|head -1` - NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4][^0-9]" | head -1` - if test $USE_OLD -gt 0 - then - SDK64=$OLD_SDK64 - else - SDK64=$NEW_SDK64 - fi -fi - -SDK64_DIR=$SDK_PATH/$SDK64 -MACVER64=`echo $SDK64|sed -e s/[a-zA-Z]//g -e s/.\$//` - -MINVER64='-mmacosx-version-min='$MACVER64 - -if test ! -z $SDK32; then - echo "----Configuring libcurl for 32 bit universal framework..." - make clean - ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \ - CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32" \ - LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 -Wl,-headerpad_max_install_names" \ - CC=$CC - - echo "----Building 32 bit libcurl..." - make -j `sysctl -n hw.logicalcpu_max` - - echo "----Creating 32 bit framework..." - rm -r libcurl.framework - mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources - cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl - install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl - /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist - mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl - cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl - pushd libcurl.framework - ln -fs ${FRAMEWORK_VERSION}/libcurl libcurl - ln -fs ${FRAMEWORK_VERSION}/Resources Resources - ln -fs ${FRAMEWORK_VERSION}/Headers Headers - cd Versions - ln -fs $(basename "${FRAMEWORK_VERSION}") Current - - echo Testing for SDK64 - if test -d $SDK64_DIR; then - echo entering... - popd - make clean - echo "----Configuring libcurl for 64 bit universal framework..." - ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \ - CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64" \ - LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 -Wl,-headerpad_max_install_names" \ - CC=$CC - - echo "----Building 64 bit libcurl..." - make -j `sysctl -n hw.logicalcpu_max` - - echo "----Appending 64 bit framework to 32 bit framework..." - cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 - pwd - lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl - rm libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - fi - - pwd - lipo -info libcurl.framework/${FRAMEWORK_VERSION}/libcurl - echo "libcurl.framework is built and can now be included in other projects." - echo "Copy libcurl.framework to your bundle's Contents/Frameworks folder, ~/Library/Frameworks or /Library/Frameworks." -else - echo "Building libcurl.framework requires Mac OS X 10.4 or later with the MacOSX10.4/5/6 SDK installed." -fi diff --git a/libs/curl/Makefile.am b/libs/curl/Makefile.am index 3e55230e..6d604ea8 100644 --- a/libs/curl/Makefile.am +++ b/libs/curl/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### AUTOMAKE_OPTIONS = foreign @@ -34,141 +36,33 @@ CMAKE_DIST = \ CMake/FindBrotli.cmake \ CMake/FindCARES.cmake \ CMake/FindGSS.cmake \ + CMake/FindLibPSL.cmake \ CMake/FindLibSSH2.cmake \ CMake/FindMbedTLS.cmake \ + CMake/FindMSH3.cmake \ CMake/FindNGHTTP2.cmake \ CMake/FindNGHTTP3.cmake \ CMake/FindNGTCP2.cmake \ - CMake/FindNSS.cmake \ CMake/FindQUICHE.cmake \ CMake/FindWolfSSL.cmake \ CMake/FindZstd.cmake \ CMake/Macros.cmake \ CMake/OtherTests.cmake \ + CMake/PickyWarnings.cmake \ CMake/Platforms/WindowsCache.cmake \ CMake/Utilities.cmake \ CMakeLists.txt -VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl -VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist -VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc -VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl -VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist -VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc - -VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl -VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist -VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc -VC7_SRCTMPL = projects/Windows/VC7/src/curl.tmpl -VC7_SRCVCPROJ = projects/Windows/VC7/src/curl.vcproj.dist -VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc - -VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl -VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist -VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc -VC71_SRCTMPL = projects/Windows/VC7.1/src/curl.tmpl -VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curl.vcproj.dist -VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc - -VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl -VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist -VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc -VC8_SRCTMPL = projects/Windows/VC8/src/curl.tmpl -VC8_SRCVCPROJ = projects/Windows/VC8/src/curl.vcproj.dist -VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc - -VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl -VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist -VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc -VC9_SRCTMPL = projects/Windows/VC9/src/curl.tmpl -VC9_SRCVCPROJ = projects/Windows/VC9/src/curl.vcproj.dist -VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc - -VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl -VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist -VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc -VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl -VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist -VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc - -VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl -VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist -VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc -VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl -VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist -VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc - -VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl -VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist -VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc -VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl -VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist -VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc - -VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl -VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist -VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc -VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl -VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist -VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc - -VC15_LIBTMPL = projects/Windows/VC15/lib/libcurl.tmpl -VC15_LIBVCXPROJ = projects/Windows/VC15/lib/libcurl.vcxproj.dist -VC15_LIBVCXPROJ_DEPS = $(VC15_LIBTMPL) Makefile.am lib/Makefile.inc -VC15_SRCTMPL = projects/Windows/VC15/src/curl.tmpl -VC15_SRCVCXPROJ = projects/Windows/VC15/src/curl.vcxproj.dist -VC15_SRCVCXPROJ_DEPS = $(VC15_SRCTMPL) Makefile.am src/Makefile.inc - -VC_DIST = projects/README \ - projects/build-openssl.bat \ - projects/build-wolfssl.bat \ - projects/checksrc.bat \ - projects/Windows/VC6/curl-all.dsw \ - projects/Windows/VC6/lib/libcurl.dsw \ - projects/Windows/VC6/src/curl.dsw \ - projects/Windows/VC7/curl-all.sln \ - projects/Windows/VC7/lib/libcurl.sln \ - projects/Windows/VC7/src/curl.sln \ - projects/Windows/VC7.1/curl-all.sln \ - projects/Windows/VC7.1/lib/libcurl.sln \ - projects/Windows/VC7.1/src/curl.sln \ - projects/Windows/VC8/curl-all.sln \ - projects/Windows/VC8/lib/libcurl.sln \ - projects/Windows/VC8/src/curl.sln \ - projects/Windows/VC9/curl-all.sln \ - projects/Windows/VC9/lib/libcurl.sln \ - projects/Windows/VC9/src/curl.sln \ - projects/Windows/VC10/curl-all.sln \ - projects/Windows/VC10/lib/libcurl.sln \ - projects/Windows/VC10/lib/libcurl.vcxproj.filters \ - projects/Windows/VC10/src/curl.sln \ - projects/Windows/VC10/src/curl.vcxproj.filters \ - projects/Windows/VC11/curl-all.sln \ - projects/Windows/VC11/lib/libcurl.sln \ - projects/Windows/VC11/lib/libcurl.vcxproj.filters \ - projects/Windows/VC11/src/curl.sln \ - projects/Windows/VC11/src/curl.vcxproj.filters \ - projects/Windows/VC12/curl-all.sln \ - projects/Windows/VC12/lib/libcurl.sln \ - projects/Windows/VC12/lib/libcurl.vcxproj.filters \ - projects/Windows/VC12/src/curl.sln \ - projects/Windows/VC12/src/curl.vcxproj.filters \ - projects/Windows/VC14/curl-all.sln \ - projects/Windows/VC14/lib/libcurl.sln \ - projects/Windows/VC14/lib/libcurl.vcxproj.filters \ - projects/Windows/VC14/src/curl.sln \ - projects/Windows/VC14/src/curl.vcxproj.filters \ - projects/Windows/VC15/curl-all.sln \ - projects/Windows/VC15/lib/libcurl.sln \ - projects/Windows/VC15/lib/libcurl.vcxproj.filters \ - projects/Windows/VC15/src/curl.sln \ - projects/Windows/VC15/src/curl.vcxproj.filters \ - projects/generate.bat \ - projects/wolfssl_options.h \ +VC_DIST = projects/README.md \ + projects/build-openssl.bat \ + projects/build-wolfssl.bat \ + projects/checksrc.bat \ + projects/generate.bat \ + projects/wolfssl_options.h \ projects/wolfssl_override.props WINBUILD_DIST = winbuild/README.md winbuild/gen_resp_file.bat \ - winbuild/MakefileBuild.vc winbuild/Makefile.vc + winbuild/MakefileBuild.vc winbuild/Makefile.vc winbuild/makedebug.bat PLAN9_DIST = plan9/include/mkfile \ plan9/include/mkfile \ @@ -180,21 +74,19 @@ PLAN9_DIST = plan9/include/mkfile \ plan9/src/mkfile.inc \ plan9/src/mkfile -EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ - RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework \ - scripts/updatemanpages.pl $(CMAKE_DIST) \ - $(VC_DIST) $(WINBUILD_DIST) $(PLAN9_DIST) \ - lib/libcurl.vers.in buildconf.bat scripts/coverage.sh scripts/completion.pl +EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ + RELEASE-NOTES buildconf libcurl.pc.in $(CMAKE_DIST) $(VC_DIST) \ + $(WINBUILD_DIST) $(PLAN9_DIST) lib/libcurl.vers.in buildconf.bat \ + libcurl.def Dockerfile -CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ - $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ) \ - $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) \ - $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) \ - $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) $(VC15_LIBVCXPROJ) $(VC15_SRCVCXPROJ) +CLEANFILES = $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) \ + $(VC14_10_LIBVCXPROJ) $(VC14_10_SRCVCXPROJ) \ + $(VC14_20_LIBVCXPROJ) $(VC14_20_SRCVCXPROJ) \ + $(VC14_30_LIBVCXPROJ) $(VC14_30_SRCVCXPROJ) bin_SCRIPTS = curl-config -SUBDIRS = lib src +SUBDIRS = lib docs src scripts DIST_SUBDIRS = $(SUBDIRS) tests packages scripts include docs pkgconfigdir = $(libdir)/pkgconfig @@ -213,12 +105,6 @@ dist-hook: cp -p $$file $(distdir)$$strip; \ done) -html: - cd docs && $(MAKE) html - -pdf: - cd docs && $(MAKE) pdf - check: test examples check-docs if CROSSCOMPILING @@ -307,10 +193,16 @@ cygwinbin: $(MAKE) -C packages/Win32/cygwin cygwinbin # We extend the standard install with a custom hook: +if BUILD_DOCS install-data-hook: (cd include && $(MAKE) install) (cd docs && $(MAKE) install) (cd docs/libcurl && $(MAKE) install) +else +install-data-hook: + (cd include && $(MAKE) install) + (cd docs && $(MAKE) install) +endif # We extend the standard uninstall with a custom hook: uninstall-hook: @@ -318,13 +210,13 @@ uninstall-hook: (cd docs && $(MAKE) uninstall) (cd docs/libcurl && $(MAKE) uninstall) -ca-bundle: lib/mk-ca-bundle.pl +ca-bundle: $(srcdir)/scripts/mk-ca-bundle.pl @echo "generating a fresh ca-bundle.crt" - @perl $< -b -l -u lib/ca-bundle.crt + @perl $(srcdir)/scripts/mk-ca-bundle.pl -b -l -u lib/ca-bundle.crt -ca-firefox: lib/firefox-db2pem.sh +ca-firefox: $(srcdir)/scripts/firefox-db2pem.sh @echo "generating a fresh ca-bundle.crt" - ./lib/firefox-db2pem.sh lib/ca-bundle.crt + $(srcdir)/scripts/firefox-db2pem.sh lib/ca-bundle.crt checksrc: (cd lib && $(MAKE) checksrc) @@ -334,415 +226,6 @@ checksrc: (cd docs/examples && $(MAKE) checksrc) (cd packages && $(MAKE) checksrc) -.PHONY: vc-ide - -vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ - $(VC7_SRCVCPROJ_DEPS) $(VC71_LIBVCPROJ_DEPS) $(VC71_SRCVCPROJ_DEPS) \ - $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS) \ - $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS) \ - $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS) \ - $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) \ - $(VC15_LIBVCXPROJ_DEPS) $(VC15_SRCVCXPROJ_DEPS) - @(win32_lib_srcs='$(LIB_CFILES)'; \ - win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ - win32_lib_rc='$(LIB_RCFILES)'; \ - win32_lib_vauth_srcs='$(LIB_VAUTH_CFILES)'; \ - win32_lib_vauth_hdrs='$(LIB_VAUTH_HFILES)'; \ - win32_lib_vquic_srcs='$(LIB_VQUIC_CFILES)'; \ - win32_lib_vquic_hdrs='$(LIB_VQUIC_HFILES)'; \ - win32_lib_vssh_srcs='$(LIB_VSSH_CFILES)'; \ - win32_lib_vssh_hdrs='$(LIB_VSSH_HFILES)'; \ - win32_lib_vtls_srcs='$(LIB_VTLS_CFILES)'; \ - win32_lib_vtls_hdrs='$(LIB_VTLS_HFILES)'; \ - win32_src_srcs='$(CURL_CFILES)'; \ - win32_src_hdrs='$(CURL_HFILES)'; \ - win32_src_rc='$(CURL_RCFILES)'; \ - win32_src_x_srcs='$(CURLX_CFILES)'; \ - win32_src_x_hdrs='$(CURLX_HFILES) ../lib/config-win32.h'; \ - \ - sorted_lib_srcs=`for file in $$win32_lib_srcs; do echo $$file; done | sort`; \ - sorted_lib_hdrs=`for file in $$win32_lib_hdrs; do echo $$file; done | sort`; \ - sorted_lib_vauth_srcs=`for file in $$win32_lib_vauth_srcs; do echo $$file; done | sort`; \ - sorted_lib_vauth_hdrs=`for file in $$win32_lib_vauth_hdrs; do echo $$file; done | sort`; \ - sorted_lib_vquic_srcs=`for file in $$win32_lib_vquic_srcs; do echo $$file; done | sort`; \ - sorted_lib_vquic_hdrs=`for file in $$win32_lib_vquic_hdrs; do echo $$file; done | sort`; \ - sorted_lib_vssh_srcs=`for file in $$win32_lib_vssh_srcs; do echo $$file; done | sort`; \ - sorted_lib_vssh_hdrs=`for file in $$win32_lib_vssh_hdrs; do echo $$file; done | sort`; \ - sorted_lib_vtls_srcs=`for file in $$win32_lib_vtls_srcs; do echo $$file; done | sort`; \ - sorted_lib_vtls_hdrs=`for file in $$win32_lib_vtls_hdrs; do echo $$file; done | sort`; \ - sorted_src_srcs=`for file in $$win32_src_srcs; do echo $$file; done | sort`; \ - sorted_src_hdrs=`for file in $$win32_src_hdrs; do echo $$file; done | sort`; \ - sorted_src_x_srcs=`for file in $$win32_src_x_srcs; do echo $$file; done | sort`; \ - sorted_src_x_hdrs=`for file in $$win32_src_x_hdrs; do echo $$file; done | sort`; \ - \ - awk_code='\ -function gen_element(type, dir, file)\ -{\ - sub(/vauth\//, "", file);\ - sub(/vquic\//, "", file);\ - sub(/vssh\//, "", file);\ - sub(/vtls\//, "", file);\ -\ - spaces=" ";\ - if(dir == "lib\\vauth" ||\ - dir == "lib\\vquic" ||\ - dir == "lib\\vssh" ||\ - dir == "lib\\vtls")\ - tabs=" ";\ - else\ - tabs=" ";\ -\ - if(type == "dsp") {\ - printf("# Begin Source File\r\n");\ - printf("\r\n");\ - printf("SOURCE=..\\..\\..\\..\\%s\\%s\r\n", dir, file);\ - printf("# End Source File\r\n");\ - }\ - else if(type == "vcproj1") {\ - printf("%s\r\n",\ - tabs, dir, file);\ - printf("%s\r\n", tabs);\ - }\ - else if(type == "vcproj2") {\ - printf("%s\r\n", tabs);\ - printf("%s\r\n", tabs);\ - }\ - else if(type == "vcxproj") {\ - i = index(file, ".");\ - ext = substr(file, i == 0 ? 0 : i + 1);\ -\ - if(ext == "c")\ - printf("%s\r\n",\ - spaces, dir, file);\ - else if(ext == "h")\ - printf("%s\r\n",\ - spaces, dir, file);\ - else if(ext == "rc")\ - printf("%s\r\n",\ - spaces, dir, file);\ - }\ -}\ -\ -{\ -\ - if($$0 == "CURL_LIB_C_FILES") {\ - split(lib_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_H_FILES") {\ - split(lib_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_RC_FILES") {\ - split(lib_rc, arr);\ - for(val in arr) gen_element(proj_type, "lib", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VAUTH_C_FILES") {\ - split(lib_vauth_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VAUTH_H_FILES") {\ - split(lib_vauth_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vauth", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VQUIC_C_FILES") {\ - split(lib_vquic_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vquic", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VQUIC_H_FILES") {\ - split(lib_vquic_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vquic", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VSSH_C_FILES") {\ - split(lib_vssh_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vssh", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VSSH_H_FILES") {\ - split(lib_vssh_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vssh", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VTLS_C_FILES") {\ - split(lib_vtls_srcs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\ - }\ - else if($$0 == "CURL_LIB_VTLS_H_FILES") {\ - split(lib_vtls_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "lib\\vtls", arr[val]);\ - }\ - else if($$0 == "CURL_SRC_C_FILES") {\ - split(src_srcs, arr);\ - for(val in arr) gen_element(proj_type, "src", arr[val]);\ - }\ - else if($$0 == "CURL_SRC_H_FILES") {\ - split(src_hdrs, arr);\ - for(val in arr) gen_element(proj_type, "src", arr[val]);\ - }\ - else if($$0 == "CURL_SRC_RC_FILES") {\ - split(src_rc, arr);\ - for(val in arr) gen_element(proj_type, "src", arr[val]);\ - }\ - else if($$0 == "CURL_SRC_X_C_FILES") {\ - split(src_x_srcs, arr);\ - for(val in arr) {\ - sub(/..\/lib\//, "", arr[val]);\ - gen_element(proj_type, "lib", arr[val]);\ - }\ - }\ - else if($$0 == "CURL_SRC_X_H_FILES") {\ - split(src_x_hdrs, arr);\ - for(val in arr) {\ - sub(/..\/lib\//, "", arr[val]);\ - gen_element(proj_type, "lib", arr[val]);\ - }\ - }\ - else\ - printf("%s\r\n", $$0);\ -}';\ - \ - echo "generating '$(VC6_LIBDSP)'"; \ - awk -v proj_type=dsp \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC6_LIBTMPL) > $(VC6_LIBDSP) || { exit 1; }; \ - \ - echo "generating '$(VC6_SRCDSP)'"; \ - awk -v proj_type=dsp \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC6_SRCTMPL) > $(VC6_SRCDSP) || { exit 1; }; \ - \ - echo "generating '$(VC7_LIBVCPROJ)'"; \ - awk -v proj_type=vcproj1 \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC7_LIBTMPL) > $(VC7_LIBVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC7_SRCVCPROJ)'"; \ - awk -v proj_type=vcproj1 \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC7_SRCTMPL) > $(VC7_SRCVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC71_LIBVCPROJ)'"; \ - awk -v proj_type=vcproj1 \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC71_LIBTMPL) > $(VC71_LIBVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC71_SRCVCPROJ)'"; \ - awk -v proj_type=vcproj1 \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC71_SRCTMPL) > $(VC71_SRCVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC8_LIBVCPROJ)'"; \ - awk -v proj_type=vcproj2 \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC8_LIBTMPL) > $(VC8_LIBVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC8_SRCVCPROJ)'"; \ - awk -v proj_type=vcproj2 \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC8_SRCTMPL) > $(VC8_SRCVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC9_LIBVCPROJ)'"; \ - awk -v proj_type=vcproj2 \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC9_LIBTMPL) > $(VC9_LIBVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC9_SRCVCPROJ)'"; \ - awk -v proj_type=vcproj2 \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC9_SRCTMPL) > $(VC9_SRCVCPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC10_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC10_LIBTMPL) > $(VC10_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC10_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC10_SRCTMPL) > $(VC10_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC11_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC11_LIBTMPL) > $(VC11_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC11_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC11_SRCTMPL) > $(VC11_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC12_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_LIBTMPL) > $(VC12_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC12_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC14_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC14_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC15_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vauth_srcs="$$sorted_lib_vauth_srcs" \ - -v lib_vauth_hdrs="$$sorted_lib_vauth_hdrs" \ - -v lib_vquic_srcs="$$sorted_lib_vquic_srcs" \ - -v lib_vquic_hdrs="$$sorted_lib_vquic_hdrs" \ - -v lib_vssh_srcs="$$sorted_lib_vssh_srcs" \ - -v lib_vssh_hdrs="$$sorted_lib_vssh_hdrs" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC15_LIBTMPL) > $(VC15_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC15_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC15_SRCTMPL) > $(VC15_SRCVCXPROJ) || { exit 1; };) - tidy: (cd src && $(MAKE) tidy) (cd lib && $(MAKE) tidy) diff --git a/libs/curl/Makefile.dist b/libs/curl/Makefile.dist index 1a531c15..3db331a4 100644 --- a/libs/curl/Makefile.dist +++ b/libs/curl/Makefile.dist @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### all: @@ -28,27 +30,6 @@ ssl: ./configure --with-openssl make -mingw32: - $(MAKE) -C lib -f Makefile.m32 - $(MAKE) -C src -f Makefile.m32 - -mingw32-clean: - $(MAKE) -C lib -f Makefile.m32 clean - $(MAKE) -C src -f Makefile.m32 clean - $(MAKE) -C docs/examples -f Makefile.m32 clean - -mingw32-vclean mingw32-distclean: - $(MAKE) -C lib -f Makefile.m32 vclean - $(MAKE) -C src -f Makefile.m32 vclean - $(MAKE) -C docs/examples -f Makefile.m32 vclean - -mingw32-examples%: - $(MAKE) -C docs/examples -f Makefile.m32 CFG=$@ - -mingw32%: - $(MAKE) -C lib -f Makefile.m32 CFG=$@ - $(MAKE) -C src -f Makefile.m32 CFG=$@ - vc: cd winbuild nmake /f Makefile.vc MACHINE=x86 @@ -57,9 +38,9 @@ vc-x64: cd winbuild nmake /f Makefile.vc MACHINE=x64 -djgpp: - $(MAKE) -C lib -f Makefile.dj - $(MAKE) -C src -f Makefile.dj +djgpp%: + $(MAKE) -C lib -f Makefile.mk CFG=$@ CROSSPREFIX=i586-pc-msdosdjgpp- + $(MAKE) -C src -f Makefile.mk CFG=$@ CROSSPREFIX=i586-pc-msdosdjgpp- cygwin: ./configure @@ -69,34 +50,9 @@ cygwin-ssl: ./configure --with-openssl make -amiga: - cd ./lib && make -f makefile.amiga - cd ./src && make -f makefile.amiga - -netware: - $(MAKE) -C lib -f Makefile.netware - $(MAKE) -C src -f Makefile.netware - -netware-clean: - $(MAKE) -C lib -f Makefile.netware clean - $(MAKE) -C src -f Makefile.netware clean - $(MAKE) -C docs/examples -f Makefile.netware clean - -netware-vclean netware-distclean: - $(MAKE) -C lib -f Makefile.netware vclean - $(MAKE) -C src -f Makefile.netware vclean - $(MAKE) -C docs/examples -f Makefile.netware vclean - -netware-install: - $(MAKE) -C lib -f Makefile.netware install - $(MAKE) -C src -f Makefile.netware install - -netware-examples-%: - $(MAKE) -C docs/examples -f Makefile.netware CFG=$@ - -netware-%: - $(MAKE) -C lib -f Makefile.netware CFG=$@ - $(MAKE) -C src -f Makefile.netware CFG=$@ +amiga%: + $(MAKE) -C lib -f Makefile.mk CFG=$@ CROSSPREFIX=m68k-amigaos- + $(MAKE) -C src -f Makefile.mk CFG=$@ CROSSPREFIX=m68k-amigaos- unix: all @@ -106,7 +62,7 @@ linux: all linux-ssl: ssl -ca-bundle: lib/mk-ca-bundle.pl +ca-bundle: scripts/mk-ca-bundle.pl @echo "generate a fresh ca-bundle.crt" @perl $< -b -l -u lib/ca-bundle.crt diff --git a/libs/curl/README b/libs/curl/README index 9705f419..f5efbd70 100644 --- a/libs/curl/README +++ b/libs/curl/README @@ -13,7 +13,7 @@ README libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl.3 man page to - learn how! + learn how. You find answers to the most frequent questions we get in the FAQ document. @@ -36,7 +36,7 @@ WEBSITE GIT - To download the very latest source off the GIT server do this: + To download the latest source code off the GIT server, do this: git clone https://github.com/curl/curl.git @@ -44,7 +44,7 @@ GIT SECURITY PROBLEMS - Report suspected security problems via our HackerOne page and not in public! + Report suspected security problems via our HackerOne page and not in public. https://hackerone.com/curl diff --git a/libs/curl/README.md b/libs/curl/README.md index c3615259..8e586626 100644 --- a/libs/curl/README.md +++ b/libs/curl/README.md @@ -1,14 +1,10 @@ -![curl logo](https://curl.se/logo/curl-logo.svg) - -[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/63/badge)](https://bestpractices.coreinfrastructure.org/projects/63) -[![Coverity passed](https://scan.coverity.com/projects/curl/badge.svg)](https://scan.coverity.com/projects/curl) -[![AppVeyor Build Status](https://ci.appveyor.com/api/projects/status/l1vv31029huhf4g4?svg=true)](https://ci.appveyor.com/project/curlorg/curl) -[![Azure DevOps Build Status](https://dev.azure.com/daniel0244/curl/_apis/build/status/curl.curl?branchName=master)](https://dev.azure.com/daniel0244/curl/_build/latest?definitionId=1&branchName=master) -[![Cirrus Build Status](https://api.cirrus-ci.com/github/curl/curl.svg?branch=master)](https://cirrus-ci.com/github/curl/curl) -[![Backers on Open Collective](https://opencollective.com/curl/backers/badge.svg)](#backers) -[![Sponsors on Open Collective](https://opencollective.com/curl/sponsors/badge.svg)](#sponsors) -[![Language Grade: C/C++](https://img.shields.io/lgtm/grade/cpp/g/curl/curl.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/curl/curl/context:cpp) -[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/curl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:curl) + + +# [![curl logo](https://curl.se/logo/curl-logo.svg)](https://curl.se/) Curl is a command-line tool for transferring data specified with URL syntax. Find out how to use curl by reading [the curl.1 man @@ -46,7 +42,7 @@ downloads. ## Git -To download the latest source from the Git server do this: +To download the latest source from the Git server, do this: git clone https://github.com/curl/curl.git @@ -55,7 +51,7 @@ To download the latest source from the Git server do this: ## Security problems Report suspected security problems via [our HackerOne -page](https://hackerone.com/curl) and not in public! +page](https://hackerone.com/curl) and not in public. ## Notice @@ -65,23 +61,8 @@ distribution terms. ## Backers -Thank you to all our backers! 🙠[[Become a backer](https://opencollective.com/curl#backer)] - - +Thank you to all our backers! 🙠[Become a backer](https://opencollective.com/curl#section-contribute). ## Sponsors -Support this project by becoming a sponsor. Your logo will show up here with a -link to your website. [[Become a -sponsor](https://opencollective.com/curl#sponsor)] - - - - - - - - - - - +Support this project by becoming a [sponsor](https://curl.se/sponsors.html). diff --git a/libs/curl/RELEASE-NOTES b/libs/curl/RELEASE-NOTES index 6c9553bc..81a78ccb 100644 --- a/libs/curl/RELEASE-NOTES +++ b/libs/curl/RELEASE-NOTES @@ -1,264 +1,88 @@ -curl and libcurl 7.81.0 +curl and libcurl 8.9.1 - Public curl releases: 205 - Command line options: 244 - curl_easy_setopt() options: 295 - Public functions in libcurl: 86 - Contributors: 2558 + Public curl releases: 259 + Command line options: 263 + curl_easy_setopt() options: 306 + Public functions in libcurl: 94 + Contributors: 3211 This release includes the following changes: - o mime: use percent-escaping for multipart form field and file names [1] This release includes the following bugfixes: - o asyn-ares: ares_getaddrinfo needs no happy eyeballs timer [73] - o azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper [12] - o BINDINGS: add cURL client for PostgreSQL [68] - o BINDINGS: add one from Everything curl and update a link - o checksrc: detect more kinds of NULL comparisons we avoid [105] - o CI: build examples for additional code verification [75] - o CI: bump job to use mbedtls 3.1.0 [90] - o cmake: don't set _USRDLL on a static Windows build [22] - o cmake: prevent dev warning due to mismatched arg [94] - o cmake: private identifiers use CURL_ instead of CMAKE_ prefix [40] - o config.d: update documentation to match the path search - o configure: add -lm to configure for rustls build. [13] - o configure: better diagnostics if hyper is built wrong [6] - o configure: don't enable TLS when --without-* flags are used [17] - o configure: fix runtime-lib detection on macOS [21] - o curl.1: require "see also" for every documented option [27] - o curl: improve error message for --head with -J [42] - o curl_easy_cleanup.3: remove from multi handle first [3] - o curl_easy_escape.3: call curl_easy_cleanup in example [58] - o curl_easy_unescape.3: call curl_easy_cleanup in example [57] - o curl_multi_init.3: fix EXAMPLE formatting - o curl_multi_perform/socket_action.3: clarify what errors mean [70] - o curl_share_setopt.3: split out options into their own manpages [14] - o CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL [51] - o digest: compute user:realm:pass digest w/o userhash [45] - o docs/checksrc: Add documentation for STRERROR [18] - o docs/cmdline-opts: do not say "protocols: all" [26] - o docs/examples: workaround broken -Wno-pedantic-ms-format - o docs/HTTP3: describe how to setup a h3 reverse-proxy for testing [88] - o docs/INSTALL.md: typo fix : added missing "get" verb [31] - o docs/URL-SYNTAX.md: space is not fine in a given URL - o docs: add known bugs list to HTTP3.md [83] - o docs: address proselint nits [16] - o docs: consistent manpage SYNOPSIS [47] - o docs: fix dead links, remove ECH.md - o docs: fix typo in OpenSSL 3 build instructions [80] - o docs: Update the Reducing Size section - o example/progressfunc: remove code for old libcurls [78] - o examples/multi-single.c: remove WAITMS() [98] - o FAQ: typo fix : "yout" ➤ "your" [30] - o ftp: disable warning 4706 in MSVC [85] - o gen.pl: improve example output format [29] - o github workflow: add wolfssl (removed from zuul) [103] - o github/workflows: add mbedtls and mbedtls-clang (removed from zuul) [92] - o gtls: check return code for gnutls_alpn_set_protocols [86] - o hash: lazy-alloc the table in Curl_hash_add() [54] - o http2:set_transfer_url() return early on OOM [53] - o HTTP3: update quiche build instructions [37] - o http: enable haproxy support for hyper backend [20] - o http: Fix CURLOPT_HTTP200ALIASES [89] - o http_proxy: don't close the socket (too early) [100] - o insecure.d: detail its use for SFTP and SCP as well [32] - o insecure.d: expand and clarify [28] - o libcurl-multi.3: "SOCKS proxy handshakes" are not blocking - o libcurl-security.3: mention address and URL mitigations - o libssh2: fix error message for sha256 mismatch - o libtest: avoid "assignment within conditional expression" [84] - o lift: ignore is a deprecated config option, use ignoreRules [35] - o linkcheck.yml: add CI job that checks markdown links [82] - o m4/curl-compilers: tell clang -Wno-pointer-bool-conversion [99] - o Makefile.m32: rename -winssl option to -schannel and tidy up [33] - o mbedTLS: add support for CURLOPT_CAINFO_BLOB [44] - o mbedtls: fix CURLOPT_SSLCERT_BLOB [72] - o mbedtls: fix private member designations for v3.1.0 [93] - o misc: remove unused doh flags when CURL_DISABLE_DOH is defined [71] - o misc: s/e-mail/email [74] - o multi: cleanup the socket hash when destroying it [55] - o multi: handle errors returned from socket/timer callbacks [52] - o multi: shut down CONNECT in Curl_detach_connnection [2] - o netrc.d: edit the .netrc example to look nicer [24] - o ngtcp2: verify the server cert on connect (quictls) [102] - o ngtcp2: verify the server certificate for the gnutls case [101] - o nss:set_cipher don't clobber the cipher list [38] - o openldap: implement STARTTLS [56] - o openldap: process search query response messages one by one [50] - o openldap: several minor improvements [69] - o openldap: simplify ldif generation code [77] - o openssl: check the return value of BIO_new() [43] - o openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+ - o openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable - o openssl: remove usage of deprecated `SSL_get_peer_certificate` - o openssl: use non-deprecated API to read key parameters - o page-footer: add a mention of how to report bugs to the man page - o page-footer: document more environment variables [23] - o request.d: refer to 'method' rather than 'command' [59] - o retry-all-errors.d: make the example complete - o runtests: make the SSH library a testable feature - o rustls: read of zero bytes might be okay [9] - o rustls: remove comment about checking handshaking [15] - o rustls: remove incorrect EOF check [10] - o sha256/md5: return errors when init fails [79] - o socks5: use appropriate ATYP for numerical IP address host names [91] - o test1156: enable for hyper [65] - o test1156: fixup the stdout check for Windows [60] - o test1525: tweaked for hyper [64] - o test1526: enable for hyper [63] - o test1527: enable for hyper [62] - o test1528: enable for hyper [61] - o test1554: adjust for hyper [49] - o test1556: adjust for hyper [48] - o test302[12]: run only with the libssh2 backend [8] - o test661: enable for hyper [66] - o tests/CI.md: add more information on CI environments [39] - o tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256 [76] - o tftp: mark protocol as not possible to do over CONNECT [25] - o tool_findfile: updated search for a file in the homedir [46] - o tool_operate: only set SSH related libcurl options for SSH URLs [11] - o tool_operate: warn if too many output arguments were found [87] - o url.c: fix the SIGPIPE comment for Curl_close [4] - o url: check ssl_config when re-use proxy connection [81] - o url: reduce ssl backend count for CURL_DISABLE_PROXY builds [96] - o urlapi: accept port number zero [34] - o urlapi: if possible, shorten given numerical IPv6 addresses [95] - o urlapi: provide more detailed return codes [36] - o urlapi: reject short file URLs [41] - o version_win32: Check build number and platform id - o vtls/rustls: adapt to the updated rustls_version proto [19] - o writeout: fix %{http_version} for HTTP/3 [7] - o x509asn1: return early on errors [67] - o zuul.d: update rustls-ffi to version 0.8.2 [5] - o zuul: fix quiche build pointing to wrong Cargo [104] + o cmake: detect `libssh` via `pkg-config` [10] + o cmake: detect `nettle` when building with GnuTLS [12] + o cmake: drop `if(PKG_CONFIG_FOUND)` guard for `pkg_check_modules()` [25] + o configure: limit `__builtin_available` test to Darwin [22] + o connect: fix connection shutdown for event based processing [17] + o contrithanks.sh: use -F with -v to match lines as strings + o curl: more defensive socket code for --ip-tos [21] + o CURLOPT_SSL_CTX_FUNCTION.md: mention CA caching [9] + o CURLSHOPT_SHARE.md: mention sessions/cookies as not thread-safe [20] + o example/multi-uv: remove the use of globals [3] + o ftpserver.pl: make POP3 LIST serve content from the test file [19] + o GHA/windows: increase timeout for vcpkg build step + o lib: survive some NULL input args [8] + o macos: fix Apple SDK bug workaround for non-macOS targets [13] + o misc: cleanup after removing years from copyright [26] + o os400: build cli manual. [2] + o os400: workaround an IBM ASCII run-time library bug [5] + o RELEASE-PROCEDURE.md: remove the initial build step [1] + o runtests: fold timing details with GHA, sync `-r` tflags [4] + o tests: provide FTP directory contents in the test file [18] + o tidy-up: URL updates [24] + o TODO: thread-safe sharing + o transfer: speed limiting fix for 32bit systems [6] + o vtls: avoid forward declaration in MultiSSL builds [23] + o wolfSSL: allow wolfSSL's implementation of kyber to be used [7] + o wolfssl: avoid calling get_cached_x509_store if store is uncachable [11] + o wolfssl: CA store share fix [14] + o x509asn1: unittests and fixes for gtime2str [15] This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.se/docs/knownbugs.html) +Planned upcoming removals include: + + o TLS libraries not supporting TLS 1.3 + + See https://curl.se/dev/deprecate.html for details + This release would not have looked like this without help, code, reports and advice from friends like these: - Alessandro Ghedini, Bernat Mut, Bernhard Walle, Boris Rasin, - Brad Fitzpatrick, Bruno Baguette, Damien Walsh, Dan Fandrich, - Daniel Stenberg, David Bohman, Don J Olmstead, Eric Musser, Even Rouault, - Florian Van Heghe, gclinch on github, Glenn Strauss, Jacob Hoffman-Andrews, - James Fuller, Jeff Luszcz, jeffrson on github, Jun Tseng, Kevin Burke, - Leszek Kubik, lllaffer on github, Marcelo Juchem, Marcel Raad, Marc Hörsken, - Mark Dodgson, Matt Holt, Melroy van den Berg, MichaÅ‚ Antoniak, - Nicolas Sterchele, nimaje on github, Patrick Monnerat, Paul Howarth, - Peter Piekarski, Ray Satiro, RekGRpth on github, Rikard Falkeborn, - Ryan Sleevi, Stan Hu, Stefan Eissing, Stefan Huber, Stephane Pellegrino, - Stephen M. Coakley, Tobias Nießen, Valentin Richter, Viktor Szakats, - Vincent Grande, Vladimir Panteleev, Wyatt O'Day, x2018 on github, - Yongkang Huang, - (53 contributors) + Aki Sakurai, Alex Snast, Anthony Hu, Daniel Stenberg, dependabot[bot], + Dov Murik, extrimexxx on github, Gordon Parke, Harry Sintonen, + icy17 on github, Ivan Kuchin, Mamoru Tasaka, Marcel Raad, Patrick Monnerat, + Randall S. Becker, Sergey, Stefan Eissing, Tal Regev, Viktor Szakats + (19 contributors) References to bug reports and discussions on issues: - [1] = https://curl.se/bug/?i=7789 - [2] = https://curl.se/bug/?i=7982 - [3] = https://curl.se/bug/?i=7983 - [4] = https://curl.se/bug/?i=7984 - [5] = https://curl.se/bug/?i=8013 - [6] = https://curl.se/bug/?i=8001 - [7] = https://curl.se/bug/?i=8072 - [8] = https://curl.se/bug/?i=8009 - [9] = https://curl.se/bug/?i=8003 - [10] = https://curl.se/bug/?i=8003 - [11] = https://curl.se/bug/?i=8040 - [12] = https://curl.se/bug/?i=8006 - [13] = https://curl.se/bug/?i=8002 - [14] = https://curl.se/bug/?i=7998 - [15] = https://curl.se/bug/?i=8038 - [16] = https://curl.se/bug/?i=8060 - [17] = https://curl.se/bug/?i=7994 - [18] = https://curl.se/bug/?i=7991 - [19] = https://curl.se/bug/?i=7956 - [20] = https://curl.se/bug/?i=8034 - [21] = https://curl.se/bug/?i=8028 - [22] = https://curl.se/bug/?i=8030 - [23] = https://curl.se/bug/?i=8027 - [24] = https://curl.se/bug/?i=8025 - [25] = https://curl.se/bug/?i=8018 - [26] = https://curl.se/bug/?i=8021 - [27] = https://curl.se/bug/?i=8019 - [28] = https://curl.se/bug/?i=8017 - [29] = https://curl.se/bug/?i=8016 - [30] = https://curl.se/bug/?i=8059 - [31] = https://curl.se/bug/?i=8058 - [32] = https://curl.se/bug/?i=8056 - [33] = https://curl.se/bug/?i=8053 - [34] = https://curl.se/bug/?i=8090 - [35] = https://curl.se/bug/?i=8082 - [36] = https://curl.se/bug/?i=8049 - [37] = https://curl.se/bug/?i=8076 - [38] = https://curl.se/bug/?i=8160 - [39] = https://curl.se/bug/?i=8012 - [40] = https://curl.se/bug/?i=7988 - [41] = https://curl.se/bug/?i=8042 - [42] = https://curl.se/bug/?i=7987 - [43] = https://curl.se/bug/?i=8078 - [44] = https://curl.se/bug/?i=8071 - [45] = https://curl.se/bug/?i=8066 - [46] = https://curl.se/bug/?i=8033 - [47] = https://curl.se/bug/?i=8062 - [48] = https://curl.se/bug/?i=8105 - [49] = https://curl.se/bug/?i=8104 - [50] = https://curl.se/bug/?i=8101 - [51] = https://curl.se/bug/?i=8103 - [52] = https://curl.se/bug/?i=8083 - [53] = https://curl.se/bug/?i=8100 - [54] = https://curl.se/bug/?i=8132 - [55] = https://curl.se/bug/?i=8129 - [56] = https://curl.se/bug/?i=8065 - [57] = https://curl.se/bug/?i=8097 - [58] = https://curl.se/bug/?i=8097 - [59] = https://curl.se/bug/?i=8094 - [60] = https://curl.se/bug/?i=8134 - [61] = https://curl.se/bug/?i=8128 - [62] = https://curl.se/bug/?i=8128 - [63] = https://curl.se/bug/?i=8128 - [64] = https://curl.se/bug/?i=8128 - [65] = https://curl.se/bug/?i=8127 - [66] = https://curl.se/bug/?i=8126 - [67] = https://curl.se/bug/?i=8147 - [68] = https://curl.se/bug/?i=8125 - [69] = https://curl.se/bug/?i=8140 - [70] = https://curl.se/bug/?i=8120 - [71] = https://curl.se/bug/?i=8148 - [72] = https://curl.se/bug/?i=8146 - [73] = https://curl.se/bug/?i=8142 - [74] = https://curl.se/bug/?i=8159 - [75] = https://curl.se/bug/?i=7922 - [76] = https://curl.se/bug/?i=8084 - [77] = https://curl.se/bug/?i=8136 - [78] = https://curl.se/bug/?i=8137 - [79] = https://curl.se/bug/?i=8133 - [80] = https://curl.se/bug/?i=8162 - [81] = https://curl.se/bug/?i=8141 - [82] = https://curl.se/bug/?i=8158 - [83] = https://curl.se/bug/?i=8156 - [84] = https://curl.se/bug/?i=8218 - [85] = https://curl.se/bug/?i=8218 - [86] = https://curl.se/bug/?i=8181 - [87] = https://curl.se/bug/?i=8210 - [88] = https://curl.se/bug/?i=8177 - [89] = https://curl.se/bug/?i=8171 - [90] = https://curl.se/bug/?i=8215 - [91] = https://curl.se/bug/?i=8216 - [92] = https://curl.se/bug/?i=8215 - [93] = https://curl.se/bug/?i=8214 - [94] = https://curl.se/bug/?i=8207 - [95] = https://curl.se/bug/?i=8206 - [96] = https://curl.se/bug/?i=8212 - [98] = https://curl.se/bug/?i=8200 - [99] = https://curl.se/bug/?i=8197 - [100] = https://curl.se/bug/?i=8193 - [101] = https://curl.se/bug/?i=8178 - [102] = https://curl.se/bug/?i=8178 - [103] = https://curl.se/bug/?i=8196 - [104] = https://curl.se/bug/?i=8184 - [105] = https://curl.se/bug/?i=8180 + [1] = https://curl.se/bug/?i=14267 + [2] = https://curl.se/bug/?i=14289 + [3] = https://curl.se/bug/?i=14287 + [4] = https://curl.se/bug/?i=14284 + [5] = https://curl.se/bug/?i=14281 + [6] = https://curl.se/bug/?i=14272 + [7] = https://curl.se/bug/?i=14268 + [8] = https://curl.se/bug/?i=14247 + [9] = https://curl.se/bug/?i=14302 + [10] = https://curl.se/bug/?i=14199 + [11] = https://curl.se/bug/?i=14306 + [12] = https://curl.se/bug/?i=14285 + [13] = https://curl.se/bug/?i=14269 + [14] = https://curl.se/bug/?i=14278 + [15] = https://curl.se/bug/?i=14316 + [17] = https://curl.se/bug/?i=14280 + [18] = https://curl.se/bug/?i=14295 + [19] = https://curl.se/bug/?i=14293 + [20] = https://curl.se/bug/?i=14292 + [21] = https://curl.se/bug/?i=14304 + [22] = https://curl.se/bug/?i=14196 + [23] = https://curl.se/bug/?i=14305 + [24] = https://curl.se/bug/?i=14318 + [25] = https://curl.se/bug/?i=14309 + [26] = https://curl.se/bug/?i=14312 diff --git a/libs/curl/REUSE.toml b/libs/curl/REUSE.toml new file mode 100644 index 00000000..c973868b --- /dev/null +++ b/libs/curl/REUSE.toml @@ -0,0 +1,53 @@ +# SPDX-License-Identifier: curl +# SPDX-FileCopyrightText: Daniel Stenberg, , et al. + +# This file describes the licensing and copyright situation for files that +# cannot be annotated directly, for example because of being simply +# uncommentable. Unless this is the case, a file should be annotated directly. +# +# This follows the REUSE specification: https://reuse.software/spec-3.2/#reusetoml + +version = 1 +SPDX-PackageName = "curl" +SPDX-PackageDownloadLocation = "https://curl.se/" + +[[annotations]] +path = [ + ".mailmap", + "CHANGES", + "docs/FAQ", + "docs/INSTALL", + "docs/KNOWN_BUGS", + "docs/libcurl/symbols-in-versions", + "docs/MAIL-ETIQUETTE", + "docs/options-in-versions", + "docs/THANKS", + "docs/TODO", + "GIT-INFO.md", + "lib/libcurl.vers.in", + "libcurl.def", + "packages/OS400/README.OS400", + "packages/vms/build_vms.com", + "packages/vms/curl_release_note_start.txt", + "packages/vms/curlmsg.sdl", + "packages/vms/macro32_exactcase.patch", + "packages/vms/readme", + "plan9/README", + "projects/Windows/**", "projects/wolfssl_override.props", + "README", + "RELEASE-NOTES", + "renovate.json", + "tests/certs/**", + "tests/data/test**", + "tests/stunnel.pem", + "tests/valgrind.supp", + # checksrc control files + "docs/examples/.checksrc", + "lib/.checksrc", + "src/.checksrc", + "tests/libtest/.checksrc", +] +SPDX-FileCopyrightText = "Daniel Stenberg, , et al." +SPDX-License-Identifier = "curl" +# If there is licensing/copyright information in or next to these files, prefer that +precedence = "closest" diff --git a/libs/curl/SECURITY.md b/libs/curl/SECURITY.md index 4e84fbef..dbce1b52 100644 --- a/libs/curl/SECURITY.md +++ b/libs/curl/SECURITY.md @@ -1,10 +1,16 @@ + + # Security Policy -See [docs/SECURITY-PROCESS.md](docs/SECURITY-PROCESS.md) for full details. +Read our [Vulnerability Disclosure Policy](docs/VULN-DISCLOSURE-POLICY.md). ## Reporting a Vulnerability -If you have found or just suspect a security problem somewhere in curl or libcurl, -report it on [https://hackerone.com/curl](https://hackerone.com/curl). +If you have found or just suspect a security problem somewhere in curl or +libcurl, report it on [HackerOne](https://hackerone.com/curl). We treat security issues with confidentiality until controlled and disclosed responsibly. diff --git a/libs/curl/acinclude.m4 b/libs/curl/acinclude.m4 index feb9e818..7a26eced 100644 --- a/libs/curl/acinclude.m4 +++ b/libs/curl/acinclude.m4 @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# #*************************************************************************** dnl CURL_CHECK_DEF (SYMBOL, [INCLUDES], [SILENT]) @@ -92,7 +94,7 @@ int main (void) #ifdef $1 return 0; #else - force compilation error + #error force compilation error #endif } ]]) @@ -128,7 +130,7 @@ int main (void) #elif defined(__hpux) && defined(_XOPEN_SOURCE_EXTENDED) return 0; #else - force compilation error + #error force compilation error #endif } ]]) @@ -154,7 +156,6 @@ AC_DEFUN([CURL_CHECK_AIX_ALL_SOURCE], [ #endif]) AC_BEFORE([$0], [AC_SYS_LARGEFILE])dnl AC_BEFORE([$0], [CURL_CONFIGURE_REENTRANT])dnl - AC_BEFORE([$0], [CURL_CONFIGURE_PULL_SYS_POLL])dnl AC_MSG_CHECKING([if OS is AIX (to define _ALL_SOURCE)]) AC_EGREP_CPP([yes_this_is_aix],[ #ifdef _AIX @@ -169,259 +170,28 @@ AC_DEFUN([CURL_CHECK_AIX_ALL_SOURCE], [ ]) -dnl CURL_CHECK_HEADER_WINDOWS -dnl ------------------------------------------------- -dnl Check for compilable and valid windows.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINDOWS], [ - AC_CACHE_CHECK([for windows.h], [curl_cv_header_windows_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINDOWS_H shall not be defined. -#else - int dummy=2*WINVER; -#endif - ]]) - ],[ - curl_cv_header_windows_h="yes" - ],[ - curl_cv_header_windows_h="no" - ]) - ]) - case "$curl_cv_header_windows_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINDOWS_H, 1, - [Define to 1 if you have the windows.h header file.]) - ;; - esac -]) - - dnl CURL_CHECK_NATIVE_WINDOWS dnl ------------------------------------------------- dnl Check if building a native Windows target AC_DEFUN([CURL_CHECK_NATIVE_WINDOWS], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl AC_CACHE_CHECK([whether build target is a native Windows one], [curl_cv_native_windows], [ - if test "$curl_cv_header_windows_h" = "no"; then - curl_cv_native_windows="no" - else - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - ]],[[ -#if defined(__MINGW32__) || defined(__MINGW32CE__) || \ - (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64))) - int dummy=1; -#else - Not a native Windows build target. -#endif - ]]) - ],[ - curl_cv_native_windows="yes" - ],[ - curl_cv_native_windows="no" - ]) - fi - ]) - AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$curl_cv_native_windows" = xyes) -]) - - -dnl CURL_CHECK_HEADER_WINSOCK2 -dnl ------------------------------------------------- -dnl Check for compilable and valid winsock2.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINSOCK2], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for winsock2.h], [curl_cv_header_winsock2_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WINSOCK2_H shall not be defined. +#ifdef _WIN32 + int dummy=1; #else - int dummy=2*IPPROTO_ESP; + Not a native Windows build target. #endif ]]) ],[ - curl_cv_header_winsock2_h="yes" + curl_cv_native_windows="yes" ],[ - curl_cv_header_winsock2_h="no" - ]) - ]) - case "$curl_cv_header_winsock2_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINSOCK2_H, 1, - [Define to 1 if you have the winsock2.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WS2TCPIP -dnl ------------------------------------------------- -dnl Check for compilable and valid ws2tcpip.h header - -AC_DEFUN([CURL_CHECK_HEADER_WS2TCPIP], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl - AC_CACHE_CHECK([for ws2tcpip.h], [curl_cv_header_ws2tcpip_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) || defined(__MINGW32CE__) - HAVE_WS2TCPIP_H shall not be defined. -#else - int dummy=2*IP_PKTINFO; -#endif - ]]) - ],[ - curl_cv_header_ws2tcpip_h="yes" - ],[ - curl_cv_header_ws2tcpip_h="no" - ]) - ]) - case "$curl_cv_header_ws2tcpip_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WS2TCPIP_H, 1, - [Define to 1 if you have the ws2tcpip.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WINCRYPT -dnl ------------------------------------------------- -dnl Check for compilable and valid wincrypt.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINCRYPT], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for wincrypt.h], [curl_cv_header_wincrypt_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#include - ]],[[ - int dummy=2*PROV_RSA_FULL; - ]]) - ],[ - curl_cv_header_wincrypt_h="yes" - ],[ - curl_cv_header_wincrypt_h="no" - ]) - ]) - case "$curl_cv_header_wincrypt_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINCRYPT_H, 1, - [Define to 1 if you have the wincrypt.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WINLDAP -dnl ------------------------------------------------- -dnl Check for compilable and valid winldap.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINLDAP], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl - AC_CACHE_CHECK([for winldap.h], [curl_cv_header_winldap_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#endif -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINLDAP_H shall not be defined. -#else - LDAP *ldp = ldap_init("dummy", LDAP_PORT); - ULONG res = ldap_unbind(ldp); -#endif - ]]) - ],[ - curl_cv_header_winldap_h="yes" - ],[ - curl_cv_header_winldap_h="no" - ]) - ]) - case "$curl_cv_header_winldap_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINLDAP_H, 1, - [Define to 1 if you have the winldap.h header file.]) - ;; - esac -]) - - -dnl CURL_CHECK_HEADER_WINBER -dnl ------------------------------------------------- -dnl Check for compilable and valid winber.h header - -AC_DEFUN([CURL_CHECK_HEADER_WINBER], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINLDAP])dnl - AC_CACHE_CHECK([for winber.h], [curl_cv_header_winber_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#endif -#include -#include - ]],[[ -#if defined(__CYGWIN__) || defined(__CEGCC__) - HAVE_WINBER_H shall not be defined. -#else - BERVAL *bvp = NULL; - BerElement *bep = ber_init(bvp); - ber_free(bep, 1); -#endif - ]]) - ],[ - curl_cv_header_winber_h="yes" - ],[ - curl_cv_header_winber_h="no" + curl_cv_native_windows="no" ]) ]) - case "$curl_cv_header_winber_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_WINBER_H, 1, - [Define to 1 if you have the winber.h header file.]) - ;; - esac + AM_CONDITIONAL(DOING_NATIVE_WINDOWS, test "x$curl_cv_native_windows" = xyes) ]) @@ -431,12 +201,12 @@ dnl Check for compilable and valid lber.h header, dnl and check if it is needed even with ldap.h AC_DEFUN([CURL_CHECK_HEADER_LBER], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_CACHE_CHECK([for lber.h], [curl_cv_header_lber_h], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -468,7 +238,7 @@ AC_DEFUN([CURL_CHECK_HEADER_LBER], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -516,7 +286,7 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -534,7 +304,7 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP], [ #endif #include ]],[[ - LDAP *ldp = ldap_init("dummy", LDAP_PORT); + LDAP *ldp = ldap_init("0.0.0.0", LDAP_PORT); int res = ldap_unbind(ldp); ]]) ],[ @@ -562,7 +332,7 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -583,7 +353,7 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [ #endif #include ]],[[ - LDAP *ldp = ldapssl_init("dummy", LDAPS_PORT, 1); + LDAP *ldp = ldapssl_init("0.0.0.0", LDAPS_PORT, 1); ]]) ],[ curl_cv_header_ldap_ssl_h="yes" @@ -600,58 +370,6 @@ AC_DEFUN([CURL_CHECK_HEADER_LDAP_SSL], [ ]) -dnl CURL_CHECK_HEADER_LDAPSSL -dnl ------------------------------------------------- -dnl Check for compilable and valid ldapssl.h header - -AC_DEFUN([CURL_CHECK_HEADER_LDAPSSL], [ - AC_REQUIRE([CURL_CHECK_HEADER_LDAP])dnl - AC_CACHE_CHECK([for ldapssl.h], [curl_cv_header_ldapssl_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#else -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#endif -#ifndef NULL -#define NULL (void *)0 -#endif -#ifndef LDAP_DEPRECATED -#define LDAP_DEPRECATED 1 -#endif -#ifdef NEED_LBER_H -#include -#endif -#ifdef HAVE_LDAP_H -#include -#endif -#include - ]],[[ - char *cert_label = NULL; - LDAP *ldp = ldap_ssl_init("dummy", LDAPS_PORT, cert_label); - ]]) - ],[ - curl_cv_header_ldapssl_h="yes" - ],[ - curl_cv_header_ldapssl_h="no" - ]) - ]) - case "$curl_cv_header_ldapssl_h" in - yes) - AC_DEFINE_UNQUOTED(HAVE_LDAPSSL_H, 1, - [Define to 1 if you have the ldapssl.h header file.]) - ;; - esac -]) - - dnl CURL_CHECK_LIBS_WINLDAP dnl ------------------------------------------------- dnl Check for libraries needed for WINLDAP support, @@ -699,14 +417,12 @@ AC_DEFUN([CURL_CHECK_LIBS_WINLDAP], [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif #include -#ifdef HAVE_WINLDAP_H #include -#endif #ifdef HAVE_WINBER_H #include #endif @@ -714,7 +430,7 @@ AC_DEFUN([CURL_CHECK_LIBS_WINLDAP], [ ]],[[ BERVAL *bvp = NULL; BerElement *bep = ber_init(bvp); - LDAP *ldp = ldap_init("dummy", LDAP_PORT); + LDAP *ldp = ldap_init("0.0.0.0", LDAP_PORT); ULONG res = ldap_unbind(ldp); ber_free(bep, 1); ]]) @@ -799,7 +515,7 @@ AC_DEFUN([CURL_CHECK_LIBS_LDAP], [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif @@ -824,7 +540,7 @@ AC_DEFUN([CURL_CHECK_LIBS_LDAP], [ ]],[[ BerValue *bvp = NULL; BerElement *bep = ber_init(bvp); - LDAP *ldp = ldap_init("dummy", LDAP_PORT); + LDAP *ldp = ldap_init("0.0.0.0", LDAP_PORT); int res = ldap_unbind(ldp); ber_free(bep, 1); ]]) @@ -856,108 +572,6 @@ AC_DEFUN([CURL_CHECK_LIBS_LDAP], [ ]) -dnl CURL_CHECK_HEADER_MALLOC -dnl ------------------------------------------------- -dnl Check for compilable and valid malloc.h header, -dnl and check if it is needed even with stdlib.h - -AC_DEFUN([CURL_CHECK_HEADER_MALLOC], [ - AC_CACHE_CHECK([for malloc.h], [curl_cv_header_malloc_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include - ]],[[ - void *p = malloc(10); - void *q = calloc(10,10); - free(p); - free(q); - ]]) - ],[ - curl_cv_header_malloc_h="yes" - ],[ - curl_cv_header_malloc_h="no" - ]) - ]) - if test "$curl_cv_header_malloc_h" = "yes"; then - AC_DEFINE_UNQUOTED(HAVE_MALLOC_H, 1, - [Define to 1 if you have the malloc.h header file.]) - # - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include - ]],[[ - void *p = malloc(10); - void *q = calloc(10,10); - free(p); - free(q); - ]]) - ],[ - curl_cv_need_header_malloc_h="no" - ],[ - curl_cv_need_header_malloc_h="yes" - ]) - # - case "$curl_cv_need_header_malloc_h" in - yes) - AC_DEFINE_UNQUOTED(NEED_MALLOC_H, 1, - [Define to 1 if you need the malloc.h header file even with stdlib.h]) - ;; - esac - fi -]) - - -dnl CURL_CHECK_HEADER_MEMORY -dnl ------------------------------------------------- -dnl Check for compilable and valid memory.h header, -dnl and check if it is needed even with stdlib.h for -dnl memory related functions. - -AC_DEFUN([CURL_CHECK_HEADER_MEMORY], [ - AC_CACHE_CHECK([for memory.h], [curl_cv_header_memory_h], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include - ]],[[ - void *p = malloc(10); - void *q = calloc(10,10); - free(p); - free(q); - ]]) - ],[ - curl_cv_header_memory_h="yes" - ],[ - curl_cv_header_memory_h="no" - ]) - ]) - if test "$curl_cv_header_memory_h" = "yes"; then - AC_DEFINE_UNQUOTED(HAVE_MEMORY_H, 1, - [Define to 1 if you have the memory.h header file.]) - # - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include - ]],[[ - void *p = malloc(10); - void *q = calloc(10,10); - free(p); - free(q); - ]]) - ],[ - curl_cv_need_header_memory_h="no" - ],[ - curl_cv_need_header_memory_h="yes" - ]) - # - case "$curl_cv_need_header_memory_h" in - yes) - AC_DEFINE_UNQUOTED(NEED_MEMORY_H, 1, - [Define to 1 if you need the memory.h header file even with stdlib.h]) - ;; - esac - fi -]) - dnl TYPE_SOCKADDR_STORAGE dnl ------------------------------------------------- dnl Check for struct sockaddr_storage. Most IPv6-enabled @@ -970,14 +584,11 @@ AC_DEFUN([TYPE_SOCKADDR_STORAGE], [if struct sockaddr_storage is defined]), , [ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -998,34 +609,23 @@ AC_DEFUN([TYPE_SOCKADDR_STORAGE], dnl CURL_CHECK_FUNC_RECV dnl ------------------------------------------------- dnl Test if the socket recv() function is available, -dnl and check its return type and the types of its -dnl arguments. If the function succeeds HAVE_RECV -dnl will be defined, defining the types of the arguments -dnl in RECV_TYPE_ARG1, RECV_TYPE_ARG2, RECV_TYPE_ARG3 -dnl and RECV_TYPE_ARG4, defining the type of the function -dnl return value in RECV_TYPE_RETV. AC_DEFUN([CURL_CHECK_FUNC_RECV], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl + AC_REQUIRE([CURL_INCLUDES_BSDSOCKET])dnl AC_CHECK_HEADERS(sys/types.h sys/socket.h) # AC_MSG_CHECKING([for recv]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif +$curl_includes_bsdsocket #ifdef HAVE_SYS_TYPES_H #include #endif @@ -1045,84 +645,9 @@ struct Library *SocketBase = NULL; ]) # if test "$curl_cv_recv" = "yes"; then - AC_CACHE_CHECK([types of args and return type for recv], - [curl_cv_func_recv_args], [ - curl_cv_func_recv_args="unknown" - for recv_retv in 'int' 'ssize_t'; do - for recv_arg1 in 'int' 'ssize_t' 'SOCKET'; do - for recv_arg2 in 'char *' 'void *'; do - for recv_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do - for recv_arg4 in 'int' 'unsigned int'; do - if test "$curl_cv_func_recv_args" = "unknown"; then - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#endif -#define RECVCALLCONV PASCAL -#else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#define RECVCALLCONV -#endif -#ifndef HAVE_PROTO_BSDSOCKET_H - extern $recv_retv RECVCALLCONV - recv($recv_arg1, $recv_arg2, $recv_arg3, $recv_arg4); -#endif - ]],[[ - $recv_arg1 s=0; - $recv_arg2 buf=0; - $recv_arg3 len=0; - $recv_arg4 flags=0; - $recv_retv res = recv(s, buf, len, flags); - ]]) - ],[ - curl_cv_func_recv_args="$recv_arg1,$recv_arg2,$recv_arg3,$recv_arg4,$recv_retv" - ]) - fi - done - done - done - done - done - ]) # AC-CACHE-CHECK - if test "$curl_cv_func_recv_args" = "unknown"; then - AC_MSG_ERROR([Cannot find proper types to use for recv args]) - else - recv_prev_IFS=$IFS; IFS=',' - set dummy `echo "$curl_cv_func_recv_args" | sed 's/\*/\*/g'` - IFS=$recv_prev_IFS - shift - # - AC_DEFINE_UNQUOTED(RECV_TYPE_ARG1, $[1], - [Define to the type of arg 1 for recv.]) - AC_DEFINE_UNQUOTED(RECV_TYPE_ARG2, $[2], - [Define to the type of arg 2 for recv.]) - AC_DEFINE_UNQUOTED(RECV_TYPE_ARG3, $[3], - [Define to the type of arg 3 for recv.]) - AC_DEFINE_UNQUOTED(RECV_TYPE_ARG4, $[4], - [Define to the type of arg 4 for recv.]) - AC_DEFINE_UNQUOTED(RECV_TYPE_RETV, $[5], - [Define to the function return type for recv.]) - # AC_DEFINE_UNQUOTED(HAVE_RECV, 1, [Define to 1 if you have the recv function.]) curl_cv_func_recv="yes" - fi else AC_MSG_ERROR([Unable to link function recv]) fi @@ -1132,35 +657,23 @@ struct Library *SocketBase = NULL; dnl CURL_CHECK_FUNC_SEND dnl ------------------------------------------------- dnl Test if the socket send() function is available, -dnl and check its return type and the types of its -dnl arguments. If the function succeeds HAVE_SEND -dnl will be defined, defining the types of the arguments -dnl in SEND_TYPE_ARG1, SEND_TYPE_ARG2, SEND_TYPE_ARG3 -dnl and SEND_TYPE_ARG4, defining the type of the function -dnl return value in SEND_TYPE_RETV, and also defining the -dnl type qualifier of second argument in SEND_QUAL_ARG2. AC_DEFUN([CURL_CHECK_FUNC_SEND], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl + AC_REQUIRE([CURL_INCLUDES_BSDSOCKET])dnl AC_CHECK_HEADERS(sys/types.h sys/socket.h) # AC_MSG_CHECKING([for send]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif +$curl_includes_bsdsocket #ifdef HAVE_SYS_TYPES_H #include #endif @@ -1180,117 +693,9 @@ struct Library *SocketBase = NULL; ]) # if test "$curl_cv_send" = "yes"; then - AC_CACHE_CHECK([types of args and return type for send], - [curl_cv_func_send_args], [ - curl_cv_func_send_args="unknown" - for send_retv in 'int' 'ssize_t'; do - for send_arg1 in 'int' 'ssize_t' 'SOCKET'; do - for send_arg2 in 'char *' 'void *' 'const char *' 'const void *'; do - for send_arg3 in 'size_t' 'int' 'socklen_t' 'unsigned int'; do - for send_arg4 in 'int' 'unsigned int'; do - if test "$curl_cv_func_send_args" = "unknown"; then - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#endif -#define SENDCALLCONV PASCAL -#else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#define SENDCALLCONV -#endif -#ifndef HAVE_PROTO_BSDSOCKET_H - extern $send_retv SENDCALLCONV - send($send_arg1, $send_arg2, $send_arg3, $send_arg4); -#endif - ]],[[ - $send_arg1 s=0; - $send_arg3 len=0; - $send_arg4 flags=0; - $send_retv res = send(s, 0, len, flags); - ]]) - ],[ - curl_cv_func_send_args="$send_arg1,$send_arg2,$send_arg3,$send_arg4,$send_retv" - ]) - fi - done - done - done - done - done - ]) # AC-CACHE-CHECK - if test "$curl_cv_func_send_args" = "unknown"; then - AC_MSG_ERROR([Cannot find proper types to use for send args]) - else - send_prev_IFS=$IFS; IFS=',' - set dummy `echo "$curl_cv_func_send_args" | sed 's/\*/\*/g'` - IFS=$send_prev_IFS - shift - # - send_qual_type_arg2=$[2] - # - AC_DEFINE_UNQUOTED(SEND_TYPE_ARG1, $[1], - [Define to the type of arg 1 for send.]) - AC_DEFINE_UNQUOTED(SEND_TYPE_ARG3, $[3], - [Define to the type of arg 3 for send.]) - AC_DEFINE_UNQUOTED(SEND_TYPE_ARG4, $[4], - [Define to the type of arg 4 for send.]) - AC_DEFINE_UNQUOTED(SEND_TYPE_RETV, $[5], - [Define to the function return type for send.]) - # - prev_sh_opts=$- - # - case $prev_sh_opts in - *f*) - ;; - *) - set -f - ;; - esac - # - case "$send_qual_type_arg2" in - const*) - send_qual_arg2=const - send_type_arg2=`echo $send_qual_type_arg2 | sed 's/^const //'` - ;; - *) - send_qual_arg2= - send_type_arg2=$send_qual_type_arg2 - ;; - esac - # - AC_DEFINE_UNQUOTED(SEND_QUAL_ARG2, $send_qual_arg2, - [Define to the type qualifier of arg 2 for send.]) - AC_DEFINE_UNQUOTED(SEND_TYPE_ARG2, $send_type_arg2, - [Define to the type of arg 2 for send.]) - # - case $prev_sh_opts in - *f*) - ;; - *) - set +f - ;; - esac - # - AC_DEFINE_UNQUOTED(HAVE_SEND, 1, - [Define to 1 if you have the send function.]) - curl_cv_func_send="yes" - fi + AC_DEFINE_UNQUOTED(HAVE_SEND, 1, + [Define to 1 if you have the send function.]) + curl_cv_func_send="yes" else AC_MSG_ERROR([Unable to link function send]) fi @@ -1306,19 +711,12 @@ AC_DEFUN([CURL_CHECK_MSG_NOSIGNAL], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#endif #ifdef HAVE_SYS_TYPES_H #include #endif @@ -1349,21 +747,18 @@ dnl ------------------------------------------------- dnl Check for timeval struct AC_DEFUN([CURL_CHECK_STRUCT_TIMEVAL], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINSOCK2])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_CHECK_HEADERS(sys/types.h sys/time.h sys/socket.h) AC_CACHE_CHECK([for struct timeval], [curl_cv_struct_timeval], [ AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include #endif -#endif #ifdef HAVE_SYS_TYPES_H #include #endif @@ -1410,14 +805,11 @@ AC_DEFUN([TYPE_IN_ADDR_T], [ AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -1452,14 +844,11 @@ AC_DEFUN([TYPE_IN_ADDR_T], [ esac ],[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #else #ifdef HAVE_SYS_TYPES_H #include @@ -1512,6 +901,38 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [ dnl until library linking and run-time checks for clock_gettime succeed. ]) +dnl CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC_RAW +dnl ------------------------------------------------- +dnl Check if monotonic clock_gettime is available. + +AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC_RAW], [ + AC_CHECK_HEADERS(sys/types.h sys/time.h) + AC_MSG_CHECKING([for raw monotonic clock_gettime]) + # + if test "x$dontwant_rt" = "xno" ; then + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_TIME_H +#include +#endif +#include + ]],[[ + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC_RAW, &ts); + ]]) + ],[ + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_CLOCK_GETTIME_MONOTONIC_RAW, 1, + [Define to 1 if you have the clock_gettime function and raw monotonic timer.]) + ],[ + AC_MSG_RESULT([no]) + ]) + fi +]) + dnl CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC dnl ------------------------------------------------- @@ -1583,9 +1004,7 @@ AC_DEFUN([CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC], [ AC_MSG_CHECKING([if monotonic clock_gettime works]) CURL_RUN_IFELSE([ AC_LANG_PROGRAM([[ -#ifdef HAVE_STDLIB_H #include -#endif #ifdef HAVE_SYS_TYPES_H #include #endif @@ -1640,7 +1059,7 @@ AC_DEFUN([CURL_CHECK_LIBS_CONNECT], [ AC_LANG_PROGRAM([[ $curl_includes_winsock2 $curl_includes_bsdsocket - #if !defined(HAVE_WINDOWS_H) && !defined(HAVE_PROTO_BSDSOCKET_H) + #if !defined(_WIN32) && !defined(HAVE_PROTO_BSDSOCKET_H) int connect(int, void*, int); #endif ]],[[ @@ -1689,70 +1108,26 @@ cat >>confdefs.h <<_EOF _EOF ]) -dnl CURL_CONFIGURE_PULL_SYS_POLL -dnl ------------------------------------------------- -dnl The need for the sys/poll.h inclusion arises mainly to properly -dnl interface AIX systems which define macros 'events' and 'revents'. - -AC_DEFUN([CURL_CONFIGURE_PULL_SYS_POLL], [ - AC_REQUIRE([CURL_INCLUDES_POLL])dnl - # - tst_poll_events_macro_defined="unknown" - # - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - $curl_includes_poll - ]],[[ -#if defined(events) || defined(revents) - return 0; -#else - force compilation error -#endif - ]]) - ],[ - tst_poll_events_macro_defined="yes" - ],[ - tst_poll_events_macro_defined="no" - ]) - # - if test "$tst_poll_events_macro_defined" = "yes"; then - if test "x$ac_cv_header_sys_poll_h" = "xyes"; then - CURL_DEFINE_UNQUOTED([CURL_PULL_SYS_POLL_H]) - fi - fi - # -]) - dnl CURL_CHECK_FUNC_SELECT dnl ------------------------------------------------- -dnl Test if the socket select() function is available, -dnl and check its return type and the types of its -dnl arguments. If the function succeeds HAVE_SELECT -dnl will be defined, defining the types of the -dnl arguments in SELECT_TYPE_ARG1, SELECT_TYPE_ARG234 -dnl and SELECT_TYPE_ARG5, defining the type of the -dnl function return value in SELECT_TYPE_RETV, and -dnl also defining the type qualifier of fifth argument -dnl in SELECT_QUAL_ARG5. +dnl Test if the socket select() function is available. AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ AC_REQUIRE([CURL_CHECK_STRUCT_TIMEVAL])dnl + AC_REQUIRE([CURL_INCLUDES_BSDSOCKET])dnl AC_CHECK_HEADERS(sys/select.h sys/socket.h) # AC_MSG_CHECKING([for select]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ #undef inline -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include #endif -#endif #ifdef HAVE_SYS_TYPES_H #include #endif @@ -1760,7 +1135,7 @@ AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ #include #endif #include -#ifndef HAVE_WINDOWS_H +#ifndef _WIN32 #ifdef HAVE_SYS_SELECT_H #include #elif defined(HAVE_UNISTD_H) @@ -1769,11 +1144,7 @@ AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ #ifdef HAVE_SYS_SOCKET_H #include #endif -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0) -#endif +$curl_includes_bsdsocket #endif ]],[[ select(0, 0, 0, 0, 0); @@ -1787,136 +1158,9 @@ struct Library *SocketBase = NULL; ]) # if test "$curl_cv_select" = "yes"; then - AC_CACHE_CHECK([types of args and return type for select], - [curl_cv_func_select_args], [ - curl_cv_func_select_args="unknown" - for sel_retv in 'int' 'ssize_t'; do - for sel_arg1 in 'int' 'ssize_t' 'size_t' 'unsigned long int' 'unsigned int'; do - for sel_arg234 in 'fd_set *' 'int *' 'void *'; do - for sel_arg5 in 'struct timeval *' 'const struct timeval *'; do - if test "$curl_cv_func_select_args" = "unknown"; then - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#undef inline -#ifdef HAVE_WINDOWS_H -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif -#include -#ifdef HAVE_WINSOCK2_H -#include -#endif -#define SELECTCALLCONV PASCAL -#endif -#ifdef HAVE_SYS_TYPES_H -#include -#endif -#ifdef HAVE_SYS_TIME_H -#include -#endif -#include -#ifndef HAVE_WINDOWS_H -#ifdef HAVE_SYS_SELECT_H -#include -#elif defined(HAVE_UNISTD_H) -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_PROTO_BSDSOCKET_H -#include -struct Library *SocketBase = NULL; -#define select(a,b,c,d,e) WaitSelect(a,b,c,d,e,0) -#endif -#define SELECTCALLCONV -#endif -#ifndef HAVE_STRUCT_TIMEVAL - struct timeval { - long tv_sec; - long tv_usec; - }; -#endif -#ifndef HAVE_PROTO_BSDSOCKET_H - extern $sel_retv SELECTCALLCONV - select($sel_arg1, - $sel_arg234, - $sel_arg234, - $sel_arg234, - $sel_arg5); -#endif - ]],[[ - $sel_arg1 nfds=0; - $sel_arg234 rfds=0; - $sel_arg234 wfds=0; - $sel_arg234 efds=0; - $sel_retv res = select(nfds, rfds, wfds, efds, 0); - ]]) - ],[ - curl_cv_func_select_args="$sel_arg1,$sel_arg234,$sel_arg5,$sel_retv" - ]) - fi - done - done - done - done - ]) # AC-CACHE-CHECK - if test "$curl_cv_func_select_args" = "unknown"; then - AC_MSG_WARN([Cannot find proper types to use for select args]) - AC_MSG_WARN([HAVE_SELECT will not be defined]) - else - select_prev_IFS=$IFS; IFS=',' - set dummy `echo "$curl_cv_func_select_args" | sed 's/\*/\*/g'` - IFS=$select_prev_IFS - shift - # - sel_qual_type_arg5=$[3] - # - AC_DEFINE_UNQUOTED(SELECT_TYPE_ARG1, $[1], - [Define to the type of arg 1 for select.]) - AC_DEFINE_UNQUOTED(SELECT_TYPE_ARG234, $[2], - [Define to the type of args 2, 3 and 4 for select.]) - AC_DEFINE_UNQUOTED(SELECT_TYPE_RETV, $[4], - [Define to the function return type for select.]) - # - prev_sh_opts=$- - # - case $prev_sh_opts in - *f*) - ;; - *) - set -f - ;; - esac - # - case "$sel_qual_type_arg5" in - const*) - sel_qual_arg5=const - sel_type_arg5=`echo $sel_qual_type_arg5 | sed 's/^const //'` - ;; - *) - sel_qual_arg5= - sel_type_arg5=$sel_qual_type_arg5 - ;; - esac - # - AC_DEFINE_UNQUOTED(SELECT_QUAL_ARG5, $sel_qual_arg5, - [Define to the type qualifier of arg 5 for select.]) - AC_DEFINE_UNQUOTED(SELECT_TYPE_ARG5, $sel_type_arg5, - [Define to the type of arg 5 for select.]) - # - case $prev_sh_opts in - *f*) - ;; - *) - set +f - ;; - esac - # - AC_DEFINE_UNQUOTED(HAVE_SELECT, 1, - [Define to 1 if you have the select function.]) - curl_cv_func_select="yes" - fi + AC_DEFINE_UNQUOTED(HAVE_SELECT, 1, + [Define to 1 if you have the select function.]) + curl_cv_func_select="yes" fi ]) @@ -1955,70 +1199,6 @@ int main() ]) -dnl CURL_CHECK_VARIADIC_MACROS -dnl ------------------------------------------------- -dnl Check compiler support of variadic macros - -AC_DEFUN([CURL_CHECK_VARIADIC_MACROS], [ - AC_CACHE_CHECK([for compiler support of C99 variadic macro style], - [curl_cv_variadic_macros_c99], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#define c99_vmacro3(first, ...) fun3(first, __VA_ARGS__) -#define c99_vmacro2(first, ...) fun2(first, __VA_ARGS__) - int fun3(int arg1, int arg2, int arg3); - int fun2(int arg1, int arg2); - int fun3(int arg1, int arg2, int arg3) - { return arg1 + arg2 + arg3; } - int fun2(int arg1, int arg2) - { return arg1 + arg2; } - ]],[[ - int res3 = c99_vmacro3(1, 2, 3); - int res2 = c99_vmacro2(1, 2); - ]]) - ],[ - curl_cv_variadic_macros_c99="yes" - ],[ - curl_cv_variadic_macros_c99="no" - ]) - ]) - case "$curl_cv_variadic_macros_c99" in - yes) - AC_DEFINE_UNQUOTED(HAVE_VARIADIC_MACROS_C99, 1, - [Define to 1 if compiler supports C99 variadic macro style.]) - ;; - esac - AC_CACHE_CHECK([for compiler support of old gcc variadic macro style], - [curl_cv_variadic_macros_gcc], [ - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#define gcc_vmacro3(first, args...) fun3(first, args) -#define gcc_vmacro2(first, args...) fun2(first, args) - int fun3(int arg1, int arg2, int arg3); - int fun2(int arg1, int arg2); - int fun3(int arg1, int arg2, int arg3) - { return arg1 + arg2 + arg3; } - int fun2(int arg1, int arg2) - { return arg1 + arg2; } - ]],[[ - int res3 = gcc_vmacro3(1, 2, 3); - int res2 = gcc_vmacro2(1, 2); - ]]) - ],[ - curl_cv_variadic_macros_gcc="yes" - ],[ - curl_cv_variadic_macros_gcc="no" - ]) - ]) - case "$curl_cv_variadic_macros_gcc" in - yes) - AC_DEFINE_UNQUOTED(HAVE_VARIADIC_MACROS_GCC, 1, - [Define to 1 if compiler supports old gcc variadic macro style.]) - ;; - esac -]) - - dnl CURL_CHECK_CA_BUNDLE dnl ------------------------------------------------- dnl Check if a default ca-bundle should be used @@ -2027,9 +1207,9 @@ dnl regarding the paths this will scan: dnl /etc/ssl/certs/ca-certificates.crt Debian systems dnl /etc/pki/tls/certs/ca-bundle.crt Redhat and Mandriva dnl /usr/share/ssl/certs/ca-bundle.crt old(er) Redhat -dnl /usr/local/share/certs/ca-root-nss.crt FreeBSD, MidnightBSD -dnl /etc/ssl/cert.pem OpenBSD, FreeBSD, MidnightBSD (symlink) -dnl /etc/ssl/certs/ (ca path) SUSE +dnl /usr/local/share/certs/ca-root-nss.crt MidnightBSD +dnl /etc/ssl/cert.pem OpenBSD, MidnightBSD (symlink) +dnl /etc/ssl/certs (CA path) SUSE, FreeBSD AC_DEFUN([CURL_CHECK_CA_BUNDLE], [ @@ -2050,7 +1230,7 @@ AS_HELP_STRING([--without-ca-bundle], [Don't use a default CA bundle]), AS_HELP_STRING([--with-ca-path=DIRECTORY], [Path to a directory containing CA certificates stored individually, with \ their filenames in a hash format. This option can be used with the OpenSSL, \ -GnuTLS and mbedTLS backends. Refer to OpenSSL c_rehash for details. \ +GnuTLS, mbedTLS and wolfSSL backends. Refer to OpenSSL c_rehash for details. \ (example: /etc/certificates)]) AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), [ @@ -2076,21 +1256,19 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), capath="no" elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then dnl --with-ca-path given - if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$MBEDTLS_ENABLED" != "x1"; then - AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or mbedTLS]) - fi capath="$want_capath" ca="no" else - dnl first try autodetecting a CA bundle , then a CA path - dnl both autodetections can be skipped by --without-ca-* + dnl First try auto-detecting a CA bundle, then a CA path. + dnl Both auto-detections can be skipped by --without-ca-* ca="no" capath="no" - if test "x$cross_compiling" != "xyes"; then + if test "x$cross_compiling" != "xyes" -a \ + "x$curl_cv_native_windows" != "xyes"; then dnl NOT cross-compiling and... dnl neither of the --with-ca-* options are provided if test "x$want_ca" = "xunset"; then - dnl the path we previously would have installed the curl ca bundle + dnl the path we previously would have installed the curl CA bundle dnl to, and thus we now check for an already existing cert in that dnl place in case we find no other if test "x$prefix" != xNONE; then @@ -2111,9 +1289,9 @@ AS_HELP_STRING([--without-ca-path], [Don't use a default CA path]), fi done fi - if test "x$want_capath" = "xunset" -a "x$ca" = "xno" -a \ - "x$OPENSSL_ENABLED" = "x1"; then - check_capath="/etc/ssl/certs/" + AC_MSG_NOTICE([want $want_capath ca $ca]) + if test "x$want_capath" = "xunset"; then + check_capath="/etc/ssl/certs" fi else dnl no option given and cross-compiling @@ -2184,17 +1362,15 @@ dnl ------------------------------------------------- dnl Check if curl's WIN32 large file will be used AC_DEFUN([CURL_CHECK_WIN32_LARGEFILE], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINDOWS])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_MSG_CHECKING([whether build target supports WIN32 file API]) curl_win32_file_api="no" - if test "$curl_cv_header_windows_h" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then if test x"$enable_largefile" != "xno"; then AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ ]],[[ -#if !defined(_WIN32_WCE) && \ - (defined(__MINGW32__) || \ - (defined(_MSC_VER) && (defined(_WIN32) || defined(_WIN64)))) +#if !defined(_WIN32_WCE) && (defined(__MINGW32__) || defined(_MSC_VER)) int dummy=1; #else WIN32 large file API not supported. @@ -2243,10 +1419,10 @@ dnl ------------------------------------------------- dnl Check if curl's WIN32 crypto lib can be used AC_DEFUN([CURL_CHECK_WIN32_CRYPTO], [ - AC_REQUIRE([CURL_CHECK_HEADER_WINCRYPT])dnl + AC_REQUIRE([CURL_CHECK_NATIVE_WINDOWS])dnl AC_MSG_CHECKING([whether build target supports WIN32 crypto API]) curl_win32_crypto_api="no" - if test "$curl_cv_header_wincrypt_h" = "yes"; then + if test "$curl_cv_native_windows" = "yes"; then AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #undef inline @@ -2463,9 +1639,8 @@ AC_DEFUN([CURL_SUPPORTS_BUILTIN_AVAILABLE], [ AC_MSG_CHECKING([to see if the compiler supports __builtin_available()]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#include ]],[[ - if (__builtin_available(macOS 10.8, iOS 5.0, *)) {} + if(__builtin_available(macOS 10.12, iOS 5.0, *)) {} ]]) ],[ AC_MSG_RESULT([yes]) diff --git a/libs/curl/appveyor.sh b/libs/curl/appveyor.sh new file mode 100644 index 00000000..9e5dac84 --- /dev/null +++ b/libs/curl/appveyor.sh @@ -0,0 +1,151 @@ +#!/usr/bin/env bash +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### + +# shellcheck disable=SC3040,SC2039 +set -eux; [ -n "${BASH:-}${ZSH_NAME:-}" ] && set -o pipefail + +# build + +if [ "${APPVEYOR_BUILD_WORKER_IMAGE}" = 'Visual Studio 2022' ]; then + openssl_root_win='C:/OpenSSL-v32-Win64' +else + openssl_root_win='C:/OpenSSL-v111-Win64' +fi +openssl_root="$(cygpath "${openssl_root_win}")" + +if [ "${BUILD_SYSTEM}" = 'CMake' ]; then + options='' + [[ "${TARGET:-}" = *'ARM64'* ]] && SKIP_RUN='ARM64 architecture' + [ "${OPENSSL}" = 'ON' ] && options+=" -DOPENSSL_ROOT_DIR=${openssl_root_win}" + [ -n "${CURLDEBUG:-}" ] && options+=" -DENABLE_CURLDEBUG=${CURLDEBUG}" + [ "${PRJ_CFG}" = 'Debug' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG=' + [ "${PRJ_CFG}" = 'Release' ] && options+=' -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE=' + [[ "${PRJ_GEN}" = *'Visual Studio'* ]] && options+=' -DCMAKE_VS_GLOBALS=TrackFileAccess=false' + if [ "${PRJ_GEN}" = 'Visual Studio 9 2008' ]; then + [ "${DEBUG}" = 'ON' ] && [ "${SHARED}" = 'ON' ] && SKIP_RUN='Crash on startup in ENABLE_DEBUG=ON shared builds' + # Fails to run without this due to missing MSVCR90.dll / MSVCR90D.dll + options+=' -DCURL_STATIC_CRT=ON' + fi + # shellcheck disable=SC2086 + cmake -B _bld "-G${PRJ_GEN}" ${TARGET:-} ${options} \ + "-DCURL_USE_OPENSSL=${OPENSSL}" \ + "-DCURL_USE_SCHANNEL=${SCHANNEL}" \ + "-DHTTP_ONLY=${HTTP_ONLY}" \ + "-DBUILD_SHARED_LIBS=${SHARED}" \ + "-DENABLE_WEBSOCKETS=${WEBSOCKETS:-}" \ + "-DCMAKE_UNITY_BUILD=${UNITY}" \ + '-DCURL_WERROR=ON' \ + "-DENABLE_DEBUG=${DEBUG}" \ + "-DENABLE_UNICODE=${ENABLE_UNICODE}" \ + '-DCMAKE_INSTALL_PREFIX=C:/curl' \ + "-DCMAKE_BUILD_TYPE=${PRJ_CFG}" + # shellcheck disable=SC2086 + if ! cmake --build _bld --config "${PRJ_CFG}" --parallel 2 -- ${BUILD_OPT:-}; then + if [ "${PRJ_GEN}" = 'Visual Studio 9 2008' ]; then + find . -name BuildLog.htm -exec dos2unix '{}' + + find . -name BuildLog.htm -exec cat '{}' + + fi + false + fi + if [ "${SHARED}" = 'ON' ]; then + PATH="$PWD/_bld/lib:$PATH" + fi + if [ "${OPENSSL}" = 'ON' ]; then + PATH="$PWD/_bld/lib:${openssl_root}:$PATH" + fi + curl='_bld/src/curl.exe' +elif [ "${BUILD_SYSTEM}" = 'VisualStudioSolution' ]; then + ( + cd projects + ./generate.bat "${VC_VERSION}" + msbuild.exe -maxcpucount "-property:Configuration=${PRJ_CFG}" "Windows/${VC_VERSION}/curl-all.sln" + ) + curl="build/Win32/${VC_VERSION}/${PRJ_CFG}/curld.exe" +elif [ "${BUILD_SYSTEM}" = 'winbuild_vs2015' ]; then + ./buildconf.bat + ( + cd winbuild + cat << EOF > _make.bat + call "C:/Program Files/Microsoft SDKs/Windows/v7.1/Bin/SetEnv.cmd" /x64 + call "C:/Program Files (x86)/Microsoft Visual Studio 14.0/VC/vcvarsall.bat" x86_amd64 + nmake -f Makefile.vc mode=dll VC=14 "SSL_PATH=${openssl_root_win}" WITH_SSL=dll MACHINE=x64 DEBUG=${DEBUG} ENABLE_UNICODE=${ENABLE_UNICODE} +EOF + ./_make.bat + rm _make.bat + ) + curl="builds/libcurl-vc14-x64-${PATHPART}-dll-ssl-dll-ipv6-sspi/bin/curl.exe" +elif [ "${BUILD_SYSTEM}" = 'winbuild_vs2017' ]; then + ./buildconf.bat + ( + cd winbuild + cat << EOF > _make.bat + call "C:/Program Files (x86)/Microsoft Visual Studio/2017/Community/VC/Auxiliary/Build/vcvars64.bat" + nmake -f Makefile.vc mode=dll VC=14.10 "SSL_PATH=${openssl_root_win}" WITH_SSL=dll MACHINE=x64 DEBUG=${DEBUG} ENABLE_UNICODE=${ENABLE_UNICODE} ENABLE_WEBSOCKETS=yes +EOF + ./_make.bat + rm _make.bat + ) + curl="builds/libcurl-vc14.10-x64-${PATHPART}-dll-ssl-dll-ipv6-sspi/bin/curl.exe" +fi + +find . -name '*.exe' -o -name '*.dll' +if [ -z "${SKIP_RUN:-}" ]; then + "${curl}" --disable --version +else + echo "Skip running curl.exe. Reason: ${SKIP_RUN}" +fi + +if false; then + for log in CMakeFiles/CMakeConfigureLog.yaml CMakeFiles/CMakeOutput.log CMakeFiles/CMakeError.log; do + [ -r "_bld/${log}" ] && cat "_bld/${log}" + done +fi + +# build tests + +if [[ "${TFLAGS}" != 'skipall' ]] && \ + [ "${BUILD_SYSTEM}" = 'CMake' ]; then + cmake --build _bld --config "${PRJ_CFG}" --parallel 2 --target testdeps +fi + +# run tests + +if [[ "${TFLAGS}" != 'skipall' ]] && \ + [[ "${TFLAGS}" != 'skiprun' ]]; then + if [ -x "$(cygpath "${SYSTEMROOT}/System32/curl.exe")" ]; then + TFLAGS+=" -ac $(cygpath "${SYSTEMROOT}/System32/curl.exe")" + elif [ -x "$(cygpath 'C:/msys64/usr/bin/curl.exe')" ]; then + TFLAGS+=" -ac $(cygpath 'C:/msys64/usr/bin/curl.exe')" + fi + if [ "${BUILD_SYSTEM}" = 'CMake' ]; then + cmake --build _bld --config "${PRJ_CFG}" --target test-ci + else + ( + TFLAGS="-a -p !flaky -r -rm ${TFLAGS}" + cd _bld/tests + ./runtests.pl + ) + fi +fi diff --git a/libs/curl/appveyor.yml b/libs/curl/appveyor.yml index d6a3b7cf..bc0cb4a1 100644 --- a/libs/curl/appveyor.yml +++ b/libs/curl/appveyor.yml @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,305 +18,201 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### +# https://ci.appveyor.com/project/curlorg/curl/history +# AppVeyor configuration: +# https://www.appveyor.com/docs/appveyor-yml/ +# AppVeyor worker images: +# https://www.appveyor.com/docs/windows-images-software/ + version: 7.50.0.{build} environment: - matrix: - # generated CMake-based Visual Studio Release builds - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 9 2008" - PRJ_CFG: Release - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: OFF - SHARED: ON - DISABLED_TESTS: "" - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A x64" - PRJ_CFG: Release - OPENSSL: ON - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: OFF - SHARED: ON - DISABLED_TESTS: "" - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A ARM64" - PRJ_CFG: Release - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: OFF - SHARED: OFF - DISABLED_TESTS: "" - COMPILER_PATH: "" - # generated CMake-based Visual Studio Debug builds - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 10 2010 Win64" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A x64" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: ON - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "~571 !1139 !1501 " - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A x64" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "~571 !1139 !1501" - COMPILER_PATH: "" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: CMake - PRJ_GEN: "Visual Studio 16 2019" - TARGET: "-A x64" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: ON - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "" - # generated CMake-based MSYS Makefiles builds (mingw cross-compiling) - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "MSYS Makefiles" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: ON - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "C:\\mingw-w64\\x86_64-8.1.0-posix-seh-rt_v6-rev0\\mingw64\\bin" - MSYS2_ARG_CONV_EXCL: "/*" - BUILD_OPT: -k - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: CMake - PRJ_GEN: "MSYS Makefiles" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: ON - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "C:\\mingw-w64\\x86_64-7.2.0-posix-seh-rt_v5-rev1\\mingw64\\bin" - MSYS2_ARG_CONV_EXCL: "/*" - BUILD_OPT: -k - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "MSYS Makefiles" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: ON - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "C:\\mingw-w64\\i686-6.3.0-posix-dwarf-rt_v5-rev1\\mingw32\\bin" - MSYS2_ARG_CONV_EXCL: "/*" - BUILD_OPT: -k - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: CMake - PRJ_GEN: "MSYS Makefiles" - PRJ_CFG: Debug - OPENSSL: OFF - SCHANNEL: OFF - ENABLE_UNICODE: OFF - HTTP_ONLY: OFF - TESTING: ON - SHARED: OFF - DISABLED_TESTS: "!1139 !1501" - COMPILER_PATH: "C:\\MinGW\\bin" - MSYS2_ARG_CONV_EXCL: "/*" - BUILD_OPT: -k - # winbuild-based builds - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: winbuild_vs2015 - DEBUG: yes - PATHPART: debug - TESTING: OFF - ENABLE_UNICODE: no - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: winbuild_vs2015 - DEBUG: no - PATHPART: release - TESTING: OFF - ENABLE_UNICODE: no - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: winbuild_vs2017 - DEBUG: yes - PATHPART: debug - TESTING: OFF - ENABLE_UNICODE: no - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: winbuild_vs2017 - DEBUG: no - PATHPART: release - TESTING: OFF - ENABLE_UNICODE: no - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: winbuild_vs2015 - DEBUG: yes - PATHPART: debug - TESTING: OFF - ENABLE_UNICODE: yes - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: winbuild_vs2015 - DEBUG: no - PATHPART: release - TESTING: OFF - ENABLE_UNICODE: yes - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: winbuild_vs2017 - DEBUG: yes - PATHPART: debug - TESTING: OFF - ENABLE_UNICODE: yes - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: winbuild_vs2017 - DEBUG: no - PATHPART: release - TESTING: OFF - ENABLE_UNICODE: yes - # generated VisualStudioSolution-based builds - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" - BUILD_SYSTEM: VisualStudioSolution - PRJ_CFG: "DLL Debug - DLL Windows SSPI - DLL WinIDN" - TESTING: OFF - VC_VERSION: VC15 - # autotools-based builds (NOT mingw cross-compiling, but msys2 native) - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" - BUILD_SYSTEM: autotools - TESTING: ON - DISABLED_TESTS: "!19 ~1056 !1233" - CONFIG_ARGS: "--enable-debug --enable-werror --disable-threaded-resolver --disable-proxy --with-schannel" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: autotools - TESTING: ON - DISABLED_TESTS: "!19 !504 !704 !705 ~1056 !1233" - CONFIG_ARGS: "--enable-debug --enable-werror --disable-threaded-resolver --with-schannel" - - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2019" - BUILD_SYSTEM: autotools - TESTING: ON - DISABLED_TESTS: "!19 !504 !704 !705 ~1056 !1233" - CONFIG_ARGS: "--enable-warnings --enable-werror --with-schannel" + UNITY: 'ON' + OPENSSL: 'OFF' + DEBUG: 'ON' + SHARED: 'OFF' + TFLAGS: 'skipall' + matrix: + + # generated CMake-based Visual Studio builds + + - job_name: 'CMake, VS2008, Release, x86, Schannel, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + BUILD_SYSTEM: CMake + PRJ_GEN: 'Visual Studio 9 2008' + PRJ_CFG: Release + DEBUG: 'OFF' + SCHANNEL: 'ON' + ENABLE_UNICODE: 'OFF' + HTTP_ONLY: 'OFF' + SHARED: 'ON' + - job_name: 'CMake, VS2008, Debug, x86, Schannel, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + BUILD_SYSTEM: CMake + PRJ_GEN: 'Visual Studio 9 2008' + PRJ_CFG: Debug + SCHANNEL: 'ON' + ENABLE_UNICODE: 'OFF' + HTTP_ONLY: 'OFF' + SHARED: 'ON' + - job_name: 'CMake, VS2022, Release, x64, OpenSSL 3.2, WebSockets, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + BUILD_SYSTEM: CMake + PRJ_GEN: 'Visual Studio 17 2022' + TARGET: '-A x64' + PRJ_CFG: Release + OPENSSL: 'ON' + SCHANNEL: 'OFF' + ENABLE_UNICODE: 'OFF' + HTTP_ONLY: 'OFF' + SHARED: 'ON' + WEBSOCKETS: 'ON' + - job_name: 'CMake, VS2022, Release, arm64, Schannel, Static, Build-tests' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + BUILD_SYSTEM: CMake + PRJ_GEN: 'Visual Studio 17 2022' + TARGET: '-A ARM64' + PRJ_CFG: Release + SCHANNEL: 'ON' + ENABLE_UNICODE: 'OFF' + HTTP_ONLY: 'OFF' + DEBUG: 'OFF' + CURLDEBUG: 'ON' + TFLAGS: 'skiprun' + - job_name: 'CMake, VS2010, Debug, x64, Schannel, Static, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + BUILD_SYSTEM: CMake + PRJ_GEN: 'Visual Studio 10 2010 Win64' + PRJ_CFG: Debug + SCHANNEL: 'ON' + ENABLE_UNICODE: 'OFF' + HTTP_ONLY: 'OFF' + - job_name: 'CMake, VS2022, Debug, x64, Schannel, Static, Unicode, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + BUILD_SYSTEM: CMake + PRJ_GEN: 'Visual Studio 17 2022' + TARGET: '-A x64' + PRJ_CFG: Debug + SCHANNEL: 'ON' + ENABLE_UNICODE: 'ON' + HTTP_ONLY: 'OFF' + - job_name: 'CMake, VS2022, Release, x64, Schannel, Shared, Unicode, DEBUGBULID, no-CURLDEBUG, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + BUILD_SYSTEM: CMake + PRJ_GEN: 'Visual Studio 17 2022' + TARGET: '-A x64' + PRJ_CFG: Release + SCHANNEL: 'ON' + ENABLE_UNICODE: 'ON' + HTTP_ONLY: 'OFF' + SHARED: 'ON' + CURLDEBUG: 'OFF' + - job_name: 'CMake, VS2022, Debug, x64, no SSL, Static, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + BUILD_SYSTEM: CMake + PRJ_GEN: 'Visual Studio 17 2022' + TARGET: '-A x64' + PRJ_CFG: Debug + SCHANNEL: 'OFF' + ENABLE_UNICODE: 'OFF' + HTTP_ONLY: 'OFF' + - job_name: 'CMake, VS2022, Debug, x64, no SSL, Static, HTTP only, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2022' + BUILD_SYSTEM: CMake + PRJ_GEN: 'Visual Studio 17 2022' + TARGET: '-A x64' + PRJ_CFG: Debug + SCHANNEL: 'OFF' + ENABLE_UNICODE: 'OFF' + HTTP_ONLY: 'ON' + + # winbuild-based builds + + - job_name: 'winbuild, VS2015, Debug, x64, OpenSSL 1.1.1, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + BUILD_SYSTEM: winbuild_vs2015 + DEBUG: 'yes' + PATHPART: debug + ENABLE_UNICODE: 'no' + - job_name: 'winbuild, VS2015, Release, x64, OpenSSL 1.1.1, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + BUILD_SYSTEM: winbuild_vs2015 + DEBUG: 'no' + PATHPART: release + ENABLE_UNICODE: 'no' + - job_name: 'winbuild, VS2017, Debug, x64, OpenSSL 1.1.1, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2017' + BUILD_SYSTEM: winbuild_vs2017 + DEBUG: 'yes' + PATHPART: debug + ENABLE_UNICODE: 'no' + - job_name: 'winbuild, VS2017, Release, x64, OpenSSL 1.1.1, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2017' + BUILD_SYSTEM: winbuild_vs2017 + DEBUG: 'no' + PATHPART: release + ENABLE_UNICODE: 'no' + - job_name: 'winbuild, VS2015, Debug, x64, OpenSSL 1.1.1, Unicode, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + BUILD_SYSTEM: winbuild_vs2015 + DEBUG: 'yes' + PATHPART: debug + ENABLE_UNICODE: 'yes' + - job_name: 'winbuild, VS2015, Release, x64, OpenSSL 1.1.1, Unicode, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + BUILD_SYSTEM: winbuild_vs2015 + DEBUG: 'no' + PATHPART: release + ENABLE_UNICODE: 'yes' + - job_name: 'winbuild, VS2017, Debug, x64, OpenSSL 1.1.1, Unicode, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2017' + BUILD_SYSTEM: winbuild_vs2017 + DEBUG: 'yes' + PATHPART: debug + ENABLE_UNICODE: 'yes' + - job_name: 'winbuild, VS2017, Release, x64, OpenSSL 1.1.1, Unicode, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2017' + BUILD_SYSTEM: winbuild_vs2017 + DEBUG: 'no' + PATHPART: release + ENABLE_UNICODE: 'yes' + + # generated VisualStudioSolution-based builds + + - job_name: 'VisualStudioSolution, VS2013, Debug, x86, Schannel, Build-only' + APPVEYOR_BUILD_WORKER_IMAGE: 'Visual Studio 2015' + BUILD_SYSTEM: VisualStudioSolution + PRJ_CFG: 'DLL Debug - DLL Windows SSPI - DLL WinIDN' + VC_VERSION: VC12 install: - - set "PATH=C:\msys64\usr\bin;%PATH%" - - if not "%COMPILER_PATH%"=="" ( - set "PATH=%COMPILER_PATH%;%PATH%" ) + - ps: $env:PATH = "C:/msys64/usr/bin;$env:PATH" build_script: - - if %BUILD_SYSTEM%==CMake ( - cmake . - -G"%PRJ_GEN%" - %TARGET% - -DCURL_USE_OPENSSL=%OPENSSL% - -DCURL_USE_SCHANNEL=%SCHANNEL% - -DHTTP_ONLY=%HTTP_ONLY% - -DBUILD_SHARED_LIBS=%SHARED% - -DBUILD_TESTING=%TESTING% - -DCURL_WERROR=ON - -DENABLE_DEBUG=ON - -DENABLE_UNICODE=%ENABLE_UNICODE% - -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE="" - -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG="" - -DCMAKE_INSTALL_PREFIX="C:/CURL" - -DCMAKE_BUILD_TYPE=%PRJ_CFG% && - cmake --build . --config %PRJ_CFG% --parallel 2 --clean-first -- %BUILD_OPT% - ) else ( - if %BUILD_SYSTEM%==VisualStudioSolution ( - cd projects && - .\\generate.bat %VC_VERSION% && - msbuild.exe /p:Configuration="%PRJ_CFG%" "Windows\\%VC_VERSION%\\curl-all.sln" - ) else ( - if %BUILD_SYSTEM%==winbuild_vs2015 ( - call buildconf.bat && - cd winbuild && - call "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd" /x64 && - call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86_amd64 && - nmake /f Makefile.vc mode=dll VC=14 "SSL_PATH=C:\OpenSSL-v111-Win64" WITH_SSL=dll MACHINE=x64 DEBUG=%DEBUG% ENABLE_UNICODE=%ENABLE_UNICODE% && - ..\builds\libcurl-vc14-x64-%PATHPART%-dll-ssl-dll-ipv6-sspi\bin\curl.exe -V - ) else ( - if %BUILD_SYSTEM%==winbuild_vs2017 ( - call buildconf.bat && - cd winbuild && - call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat" && - nmake /f Makefile.vc mode=dll VC=15 "SSL_PATH=C:\OpenSSL-v111-Win64" WITH_SSL=dll MACHINE=x64 DEBUG=%DEBUG% ENABLE_UNICODE=%ENABLE_UNICODE% && - ..\builds\libcurl-vc15-x64-%PATHPART%-dll-ssl-dll-ipv6-sspi\bin\curl.exe -V - ) else ( - if %BUILD_SYSTEM%==autotools ( - bash.exe -e -l -c "cd /c/projects/curl && ./buildconf && ./configure %CONFIG_ARGS% && make V=1 && make V=1 examples && cd tests && make V=1" - ))))) - - if %TESTING%==ON ( - if %BUILD_SYSTEM%==CMake ( - cmake --build . --config %PRJ_CFG% --parallel 2 --target testdeps - )) + - cmd: sh -c ./appveyor.sh -test_script: - - if %TESTING%==ON ( - if %BUILD_SYSTEM%==CMake ( - set TFLAGS=%DISABLED_TESTS% && - cmake --build . --config %PRJ_CFG% --target test-ci - ) else ( - if %BUILD_SYSTEM%==autotools ( - bash.exe -e -l -c "cd /c/projects/curl && make V=1 TFLAGS='%DISABLED_TESTS%' test-ci" - ) else ( - bash.exe -e -l -c "cd /c/projects/curl/tests && ./runtests.pl -a -p !flaky -r -rm %DISABLED_TESTS%" - )) - ) +clone_depth: 10 # select branches to avoid testing feature branches twice (as branch and as pull request) branches: - only: - - master - - /\/ci$/ + only: + - master + - /\/ci$/ + +skip_commits: + files: + - '.azure-pipelines.yml' + - '.circleci/*' + - '.github/**/*' + - 'packages/**/*' + - 'plan9/**/*' artifacts: - path: '**/curl.exe' name: curl - path: '**/*curl*.dll' - name: libcurl + name: libcurl dll diff --git a/libs/curl/buildconf b/libs/curl/buildconf index 4e4c17e9..ee6a2800 100755 --- a/libs/curl/buildconf +++ b/libs/curl/buildconf @@ -1,4 +1,8 @@ #!/bin/sh +# +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl echo "*** Do not use buildconf. Instead, just use: autoreconf -fi" >&2 exec ${AUTORECONF:-autoreconf} -fi "${@}" diff --git a/libs/curl/buildconf.bat b/libs/curl/buildconf.bat index 13ae07e1..532c9848 100644 --- a/libs/curl/buildconf.bat +++ b/libs/curl/buildconf.bat @@ -6,7 +6,7 @@ rem * / __| | | | |_) | | rem * | (__| |_| | _ <| |___ rem * \___|\___/|_| \_\_____| rem * -rem * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. +rem * Copyright (C) Daniel Stenberg, , et al. rem * rem * This software is licensed as described in the file COPYING, which rem * you should have received as part of this distribution. The terms @@ -19,6 +19,8 @@ rem * rem * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY rem * KIND, either express or implied. rem * +rem * SPDX-License-Identifier: curl +rem * rem *************************************************************************** rem NOTES @@ -36,19 +38,7 @@ rem cd /d "%~0\.." 1>NUL 2>&1 rem Check we are running from a curl git repository - if not exist GIT-INFO goto norepo - - rem Detect programs. HAVE_ - rem When not found the variable is set undefined. The undefined pattern - rem allows for statements like "if not defined HAVE_PERL (command)" - groff --version NUL 2>&1 - if errorlevel 1 (set HAVE_GROFF=) else (set HAVE_GROFF=Y) - nroff --version NUL 2>&1 - if errorlevel 1 (set HAVE_NROFF=) else (set HAVE_NROFF=Y) - perl --version NUL 2>&1 - if errorlevel 1 (set HAVE_PERL=) else (set HAVE_PERL=Y) - gzip --version NUL 2>&1 - if errorlevel 1 (set HAVE_GZIP=) else (set HAVE_GZIP=Y) + if not exist GIT-INFO.md goto norepo :parseArgs if "%~1" == "" goto start @@ -123,15 +113,6 @@ rem ) cmd /c exit 0 - rem Setup c-ares git tree - if exist ares\buildconf.bat ( - echo. - echo Configuring c-ares build environment - cd ares - call buildconf.bat - cd .. - ) - if "%BASIC_HUGEHELP%" == "1" ( if "%OS%" == "Windows_NT" endlocal exit /B 1 @@ -180,47 +161,20 @@ rem :genHugeHelp if "%OS%" == "Windows_NT" setlocal set LC_ALL=C - set ROFFCMD= set BASIC=1 - if defined HAVE_PERL ( - if defined HAVE_GROFF ( - set ROFFCMD=groff -mtty-char -Tascii -P-c -man - ) else if defined HAVE_NROFF ( - set ROFFCMD=nroff -c -Tascii -man - ) - ) - - if defined ROFFCMD ( + if exist src\tool_hugehelp.c.cvs ( + copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c 1>NUL 2>&1 + ) else ( echo #include "tool_setup.h"> src\tool_hugehelp.c echo #include "tool_hugehelp.h">> src\tool_hugehelp.c - - if defined HAVE_GZIP ( - echo #ifndef HAVE_LIBZ>> src\tool_hugehelp.c - ) - - %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl docs\MANUAL >> src\tool_hugehelp.c - if defined HAVE_GZIP ( - echo #else>> src\tool_hugehelp.c - %ROFFCMD% docs\curl.1 2>NUL | perl src\mkhelp.pl -c docs\MANUAL >> src\tool_hugehelp.c - echo #endif /^* HAVE_LIBZ ^*/>> src\tool_hugehelp.c - ) - - set BASIC=0 - ) else ( - if exist src\tool_hugehelp.c.cvs ( - copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c 1>NUL 2>&1 - ) else ( - echo #include "tool_setup.h"> src\tool_hugehelp.c - echo #include "tool_hugehelp.h">> src\tool_hugehelp.c - echo.>> src\tool_hugehelp.c - echo void hugehelp(void^)>> src\tool_hugehelp.c - echo {>> src\tool_hugehelp.c - echo #ifdef USE_MANUAL>> src\tool_hugehelp.c - echo fputs("Built-in manual not included\n", stdout^);>> src\tool_hugehelp.c - echo #endif>> src\tool_hugehelp.c - echo }>> src\tool_hugehelp.c - ) + echo.>> src\tool_hugehelp.c + echo void hugehelp(void^)>> src\tool_hugehelp.c + echo {>> src\tool_hugehelp.c + echo #ifdef USE_MANUAL>> src\tool_hugehelp.c + echo fputs("Built-in manual not included\n", stdout^);>> src\tool_hugehelp.c + echo #endif>> src\tool_hugehelp.c + echo }>> src\tool_hugehelp.c ) findstr "/C:void hugehelp(void)" src\tool_hugehelp.c 1>NUL 2>&1 @@ -242,13 +196,8 @@ rem Windows 9x as setlocal isn't available until Windows NT rem :dosCleanup set MODE= - set HAVE_GROFF= - set HAVE_NROFF= - set HAVE_PERL= - set HAVE_GZIP= set BASIC_HUGEHELP= set LC_ALL - set ROFFCMD= set BASIC= exit /B @@ -294,10 +243,9 @@ rem :warning echo. echo Warning: The curl manual could not be integrated in the source. This means when - echo you build curl the manual will not be available (curl --man^). Integration of + echo you build curl the manual will not be available (curl --manual^). Integration of echo the manual is not required and a summary of the options will still be available - echo (curl --help^). To integrate the manual your PATH is required to have - echo groff/nroff, perl and optionally gzip for compression. + echo (curl --help^). To integrate the manual build with configure or cmake. goto success :error diff --git a/libs/curl/configure.ac b/libs/curl/configure.ac index 63e32023..1e18b815 100644 --- a/libs/curl/configure.ac +++ b/libs/curl/configure.ac @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,6 +18,8 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# #*************************************************************************** dnl Process this file with autoconf to produce a configure script. @@ -31,7 +33,7 @@ XC_OVR_ZZ60 CURL_OVERRIDE_AUTOCONF dnl configure script copyright -AC_COPYRIGHT([Copyright (c) 1998 - 2021 Daniel Stenberg, +AC_COPYRIGHT([Copyright (C) Daniel Stenberg, This configure script may be copied, distributed and modified under the terms of the curl license; see COPYING for more details]) @@ -42,6 +44,7 @@ AM_MAINTAINER_MODE m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) CURL_CHECK_OPTION_DEBUG +AM_CONDITIONAL(DEBUGBUILD, test x$want_debug = xyes) CURL_CHECK_OPTION_OPTIMIZE CURL_CHECK_OPTION_WARNINGS CURL_CHECK_OPTION_WERROR @@ -49,6 +52,7 @@ CURL_CHECK_OPTION_CURLDEBUG CURL_CHECK_OPTION_SYMBOL_HIDING CURL_CHECK_OPTION_ARES CURL_CHECK_OPTION_RT +CURL_CHECK_OPTION_HTTPSRR CURL_CHECK_OPTION_ECH XC_CHECK_PATH_SEPARATOR @@ -83,21 +87,22 @@ if test -z "$GREP"; then fi AC_SUBST([GREP]) -dnl EGREP is mandatory for configure process and libtool. +dnl 'grep -E' is mandatory for configure process and libtool. dnl Set it now, allowing it to be changed later. if test -z "$EGREP"; then dnl allow it to be overridden + AC_MSG_CHECKING([that grep -E works]) if echo a | ($GREP -E '(a|b)') >/dev/null 2>&1; then - AC_MSG_CHECKING([for egrep]) EGREP="$GREP -E" - AC_MSG_RESULT([$EGREP]) + AC_MSG_RESULT([yes]) else + AC_MSG_RESULT([no]) AC_PATH_PROG([EGREP], [egrep], [not_found], [$PATH:/usr/bin:/usr/local/bin]) fi fi if test -z "$EGREP" || test "$EGREP" = "not_found"; then - AC_MSG_ERROR([egrep not found in PATH. Cannot continue without egrep.]) + AC_MSG_ERROR([grep -E is not working and egrep is not found in PATH. Cannot continue.]) fi AC_SUBST([EGREP]) @@ -118,6 +123,7 @@ AC_SUBST(libext) dnl figure out the libcurl version CURLVERSION=`$SED -ne 's/^#define LIBCURL_VERSION "\(.*\)".*/\1/p' ${srcdir}/include/curl/curlver.h` XC_CHECK_PROG_CC +CURL_ATOMIC dnl for --enable-code-coverage CURL_COVERAGE @@ -143,7 +149,7 @@ AC_SUBST(PKGADD_VENDOR) dnl dnl initialize all the info variables - curl_ssl_msg="no (--with-{openssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl,bearssl,rustls} )" + curl_ssl_msg="no (--with-{openssl,gnutls,mbedtls,wolfssl,schannel,secure-transport,amissl,bearssl,rustls} )" curl_ssh_msg="no (--with-{libssh,libssh2})" curl_zlib_msg="no (--with-zlib)" curl_brotli_msg="no (--with-brotli)" @@ -155,6 +161,7 @@ curl_tls_srp_msg="no (--enable-tls-srp)" curl_ipv6_msg="no (--enable-ipv6)" curl_unix_sockets_msg="no (--enable-unix-sockets)" curl_idn_msg="no (--with-{libidn2,winidn})" + curl_docs_msg="enabled (--disable-docs)" curl_manual_msg="no (--enable-manual)" curl_libcurl_msg="enabled (--disable-libcurl-option)" curl_verbose_msg="enabled (--disable-verbose)" @@ -165,11 +172,13 @@ curl_verbose_msg="enabled (--disable-verbose)" curl_rtmp_msg="no (--with-librtmp)" curl_psl_msg="no (--with-libpsl)" curl_altsvc_msg="enabled (--disable-alt-svc)" +curl_headers_msg="enabled (--disable-headers-api)" curl_hsts_msg="enabled (--disable-hsts)" + curl_ws_msg="no (--enable-websockets)" ssl_backends= curl_h1_msg="enabled (internal)" - curl_h2_msg="no (--with-nghttp2, --with-hyper)" - curl_h3_msg="no (--with-ngtcp2, --with-quiche)" + curl_h2_msg="no (--with-nghttp2)" + curl_h3_msg="no (--with-ngtcp2 --with-nghttp3, --with-quiche, --with-openssl-quic, --with-msh3)" enable_altsvc="yes" hsts="yes" @@ -180,6 +189,25 @@ dnl INITIAL_LDFLAGS=$LDFLAGS INITIAL_LIBS=$LIBS +dnl +dnl Generates a shell script to run the compiler with LD_LIBRARY_PATH set to +dnl the value used right now. This lets CURL_RUN_IFELSE set LD_LIBRARY_PATH to +dnl something different but only have that affect the execution of the results +dnl of the compile, not change the libraries for the compiler itself. +dnl +compilersh="run-compiler" +CURL_SAVED_CC="$CC" +export CURL_SAVED_CC +CURL_SAVED_LD_LIBRARY_PATH="$LD_LIBRARY_PATH" +export CURL_SAVED_LD_LIBRARY_PATH +cat <<\EOF > "$compilersh" +CC="$CURL_SAVED_CC" +export CC +LD_LIBRARY_PATH="$CURL_SAVED_LD_LIBRARY_PATH" +export LD_LIBRARY_PATH +exec $CC "$@" +EOF + dnl ********************************************************************** dnl See which TLS backend(s) that are requested. Just do all the dnl TLS AC_ARG_WITH() invokes here and do the checks later @@ -192,91 +220,191 @@ AS_HELP_STRING([--with-schannel],[enable Windows native SSL/TLS]), OPT_SECURETRANSPORT=no AC_ARG_WITH(secure-transport,dnl -AS_HELP_STRING([--with-secure-transport],[enable Apple OS native SSL/TLS]), +AS_HELP_STRING([--with-secure-transport],[enable Apple OS native SSL/TLS]),[ OPT_SECURETRANSPORT=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }Secure-Transport" -) + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }Secure-Transport" +]) OPT_AMISSL=no AC_ARG_WITH(amissl,dnl -AS_HELP_STRING([--with-amissl],[enable Amiga native SSL/TLS (AmiSSL)]), +AS_HELP_STRING([--with-amissl],[enable Amiga native SSL/TLS (AmiSSL)]),[ OPT_AMISSL=$withval - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }AmiSSL") + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }AmiSSL" +]) OPT_OPENSSL=no dnl Default to no CA bundle ca="no" AC_ARG_WITH(ssl,dnl AS_HELP_STRING([--with-ssl=PATH],[old version of --with-openssl]) -AS_HELP_STRING([--without-ssl], [build without any TLS library]), +AS_HELP_STRING([--without-ssl], [build without any TLS library]),[ OPT_SSL=$withval OPT_OPENSSL=$withval if test X"$withval" != Xno; then - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL") + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL" + else + SSL_DISABLED="D" fi +]) AC_ARG_WITH(openssl,dnl -AS_HELP_STRING([--with-openssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]), +AS_HELP_STRING([--with-openssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]),[ OPT_OPENSSL=$withval if test X"$withval" != Xno; then - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL") + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL" fi +]) OPT_GNUTLS=no AC_ARG_WITH(gnutls,dnl -AS_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to the installation root]), +AS_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to the installation root]),[ OPT_GNUTLS=$withval if test X"$withval" != Xno; then - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }GnuTLS") + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }GnuTLS" fi +]) OPT_MBEDTLS=no AC_ARG_WITH(mbedtls,dnl -AS_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root]), +AS_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root]),[ OPT_MBEDTLS=$withval if test X"$withval" != Xno; then - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }mbedTLS") + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }mbedTLS" fi +]) OPT_WOLFSSL=no AC_ARG_WITH(wolfssl,dnl -AS_HELP_STRING([--with-wolfssl=PATH],[where to look for WolfSSL, PATH points to the installation root (default: system lib default)]), +AS_HELP_STRING([--with-wolfssl=PATH],[where to look for wolfSSL, PATH points to the installation root (default: system lib default)]),[ OPT_WOLFSSL=$withval if test X"$withval" != Xno; then - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }wolfSSL") - fi - -OPT_MESALINK=no -AC_ARG_WITH(mesalink,dnl -AS_HELP_STRING([--with-mesalink=PATH],[where to look for MesaLink, PATH points to the installation root]), - OPT_MESALINK=$withval - if test X"$withval" != Xno; then - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }MesaLink") + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }wolfSSL" fi +]) OPT_BEARSSL=no AC_ARG_WITH(bearssl,dnl -AS_HELP_STRING([--with-bearssl=PATH],[where to look for BearSSL, PATH points to the installation root]), +AS_HELP_STRING([--with-bearssl=PATH],[where to look for BearSSL, PATH points to the installation root]),[ OPT_BEARSSL=$withval if test X"$withval" != Xno; then - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }BearSSL") + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }BearSSL" fi +]) OPT_RUSTLS=no AC_ARG_WITH(rustls,dnl -AS_HELP_STRING([--with-rustls=PATH],[where to look for rustls, PATH points to the installation root]), +AS_HELP_STRING([--with-rustls=PATH],[where to look for rustls, PATH points to the installation root]),[ OPT_RUSTLS=$withval if test X"$withval" != Xno; then - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }rustls") + TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }rustls" + experimental="$experimental rustls" fi +]) -OPT_NSS=no -AC_ARG_WITH(nss,dnl -AS_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the installation root]), - OPT_NSS=$withval - if test X"$withval" != Xno; then - test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }NSS") +TEST_NGHTTPX=nghttpx +AC_ARG_WITH(test-nghttpx,dnl +AS_HELP_STRING([--with-test-nghttpx=PATH],[where to find nghttpx for testing]), + TEST_NGHTTPX=$withval + if test X"$OPT_TEST_NGHTTPX" = "Xno" ; then + TEST_NGHTTPX="" + fi +) +AC_SUBST(TEST_NGHTTPX) + +CADDY=/usr/bin/caddy +AC_ARG_WITH(test-caddy,dnl +AS_HELP_STRING([--with-test-caddy=PATH],[where to find caddy for testing]), + CADDY=$withval + if test X"$OPT_CADDY" = "Xno" ; then + CADDY="" + fi +) +AC_SUBST(CADDY) + +VSFTPD=/usr/sbin/vsftpd +AC_ARG_WITH(test-vsftpd,dnl +AS_HELP_STRING([--with-test-vsftpd=PATH],[where to find vsftpd for testing]), + VSFTPD=$withval + if test X"$OPT_VSFTPD" = "Xno" ; then + VSFTPD="" + fi +) +AC_SUBST(VSFTPD) + +dnl we'd like a httpd+apachectl as test server +dnl +HTTPD_ENABLED="maybe" +AC_ARG_WITH(test-httpd, [AS_HELP_STRING([--with-test-httpd=PATH], + [where to find httpd/apache2 for testing])], + [request_httpd=$withval], [request_httpd=check]) +if test x"$request_httpd" = "xcheck" -o x"$request_httpd" = "xyes"; then + if test -x "/usr/sbin/apache2" -a -x "/usr/sbin/apache2ctl"; then + # common location on distros (debian/ubuntu) + HTTPD="/usr/sbin/apache2" + APACHECTL="/usr/sbin/apache2ctl" + AC_PATH_PROG([APXS], [apxs]) + if test "x$APXS" = "x"; then + AC_MSG_NOTICE([apache2-dev not installed, httpd tests disabled]) + HTTPD_ENABLED="no" + fi + else + AC_PATH_PROG([HTTPD], [httpd]) + if test "x$HTTPD" = "x"; then + AC_PATH_PROG([HTTPD], [apache2]) + fi + AC_PATH_PROG([APACHECTL], [apachectl]) + AC_PATH_PROG([APXS], [apxs]) + if test "x$HTTPD" = "x" -o "x$APACHECTL" = "x"; then + AC_MSG_NOTICE([httpd/apache2 not in PATH, http tests disabled]) + HTTPD_ENABLED="no" + fi + if test "x$APXS" = "x"; then + AC_MSG_NOTICE([apxs not in PATH, http tests disabled]) + HTTPD_ENABLED="no" + fi + fi +elif test x"$request_httpd" != "xno"; then + HTTPD="${request_httpd}/bin/httpd" + APACHECTL="${request_httpd}/bin/apachectl" + APXS="${request_httpd}/bin/apxs" + if test ! -x "${HTTPD}"; then + AC_MSG_NOTICE([httpd not found as ${HTTPD}, http tests disabled]) + HTTPD_ENABLED="no" + elif test ! -x "${APACHECTL}"; then + AC_MSG_NOTICE([apachectl not found as ${APACHECTL}, http tests disabled]) + HTTPD_ENABLED="no" + elif test ! -x "${APXS}"; then + AC_MSG_NOTICE([apxs not found as ${APXS}, http tests disabled]) + HTTPD_ENABLED="no" + else + AC_MSG_NOTICE([using HTTPD=$HTTPD for tests]) fi +fi +if test x"$HTTPD_ENABLED" = "xno"; then + HTTPD="" + APACHECTL="" + APXS="" +fi +AC_SUBST(HTTPD) +AC_SUBST(APACHECTL) +AC_SUBST(APXS) + +dnl the nghttpx we might use in httpd testing +if test "x$TEST_NGHTTPX" != "x" -a "x$TEST_NGHTTPX" != "xnghttpx"; then + HTTPD_NGHTTPX="$TEST_NGHTTPX" +else + AC_PATH_PROG([HTTPD_NGHTTPX], [nghttpx], [], + [$PATH:/usr/bin:/usr/local/bin]) +fi +AC_SUBST(HTTPD_NGHTTPX) + +dnl the Caddy server we might use in testing +if test "x$TEST_CADDY" != "x"; then + CADDY="$TEST_CADDY" +else + AC_PATH_PROG([CADDY], [caddy]) +fi +AC_SUBST(CADDY) dnl If no TLS choice has been made, check if it was explicitly disabled or dnl error out to force the user to decide. @@ -290,9 +418,7 @@ Select from these: --with-bearssl --with-gnutls --with-mbedtls - --with-mesalink - --with-nss - --with-openssl (also works for BoringSSL and libressl) + --with-openssl (also works for BoringSSL and LibreSSL) --with-rustls --with-schannel --with-secure-transport @@ -302,7 +428,7 @@ Select from these: fi AC_ARG_WITH(darwinssl,, - AC_MSG_ERROR([--with-darwin-ssl no longer works!])) + AC_MSG_ERROR([--with-darwin-ssl and --without-darwin-ssl no longer work!])) dnl dnl Detect the canonical host and target build environment @@ -327,6 +453,8 @@ AC_SYS_LARGEFILE XC_LIBTOOL +LT_LANG([Windows Resource]) + # # Automake conditionals based on libtool related checks # @@ -380,14 +508,12 @@ fi AC_SUBST(REQUIRE_LIB_DEPS) AM_CONDITIONAL(USE_EXPLICIT_LIB_DEPS, test x$REQUIRE_LIB_DEPS = xyes) -dnl check if there's a way to force code inline -AC_C_INLINE - dnl ********************************************************************** dnl platform/compiler/architecture specific checks/flags dnl ********************************************************************** CURL_CHECK_COMPILER +CURL_CHECK_NATIVE_WINDOWS CURL_SET_COMPILER_BASIC_OPTS CURL_SET_COMPILER_DEBUG_OPTS CURL_SET_COMPILER_OPTIMIZE_OPTS @@ -414,6 +540,8 @@ if test X"$want_werror" = Xyes; then if test "$compiler_num" -ge "500"; then CURL_CFLAG_EXTRAS="$CURL_CFLAG_EXTRAS -pedantic-errors" fi + elif test "$compiler_id" = "CLANG"; then + CURL_CFLAG_EXTRAS="$CURL_CFLAG_EXTRAS -pedantic-errors" fi fi AC_SUBST(CURL_CFLAG_EXTRAS) @@ -423,9 +551,6 @@ CURL_CHECK_COMPILER_ARRAY_SIZE_NEGATIVE CURL_CHECK_COMPILER_PROTOTYPE_MISMATCH CURL_CHECK_COMPILER_SYMBOL_HIDING -CURL_CHECK_CURLDEBUG -AM_CONDITIONAL(CURLDEBUG, test x$want_curldebug = xyes) - supports_unittests=yes # cross-compilation of unit tests static library/programs fails when # libcurl shared library is built. This might be due to a libtool or @@ -464,68 +589,27 @@ else fi AM_CONDITIONAL(BUILD_UNITTESTS, test x$want_unittests = xyes) -# For original MinGW (ie not MinGW-w64) define the Windows minimum supported OS -# version to Windows XP (0x501) if it hasn't already been defined by the user. -# Without this override original MinGW defaults the version to Windows NT 4.0. -# Note original MinGW sets _WIN32_WINNT if not defined to whatever WINVER is. -case $host in - *-*-mingw32*) - AC_MSG_CHECKING([if MinGW minimum supported OS should be set to XP]) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ -#include <_mingw.h> - ]],[[ -#if defined(__MINGW64_VERSION_MAJOR) || \ - defined(WINVER) || \ - defined(_WIN32_WINNT) -#error -#endif - ]]) - ],[ - CPPFLAGS="$CPPFLAGS -DWINVER=0x501" - AC_MSG_RESULT([yes]) - ],[ - AC_MSG_RESULT([no]) - ]) - ;; -esac - dnl ********************************************************************** dnl Compilation based checks should not be done before this point. dnl ********************************************************************** -dnl ********************************************************************** -dnl Make sure that our checks for headers windows.h winsock2.h -dnl and ws2tcpip.h take precedence over any other further checks which -dnl could be done later using AC_CHECK_HEADER or AC_CHECK_HEADERS for -dnl this specific header files. And do them before its results are used. -dnl ********************************************************************** - -CURL_CHECK_HEADER_WINDOWS -CURL_CHECK_NATIVE_WINDOWS -case X-"$curl_cv_native_windows" in - X-yes) - CURL_CHECK_HEADER_WINSOCK2 - CURL_CHECK_HEADER_WS2TCPIP - CURL_CHECK_HEADER_WINCRYPT - CURL_CHECK_HEADER_WINLDAP - CURL_CHECK_HEADER_WINBER - ;; - *) - curl_cv_header_winsock2_h="no" - curl_cv_header_ws2tcpip_h="no" - curl_cv_header_wincrypt_h="no" - curl_cv_header_winldap_h="no" - curl_cv_header_winber_h="no" - ;; -esac CURL_CHECK_WIN32_LARGEFILE CURL_CHECK_WIN32_CRYPTO CURL_DARWIN_CFLAGS -CURL_DARWIN_SYSTEMCONFIGURATION -CURL_SUPPORTS_BUILTIN_AVAILABLE +case $host_os in + darwin*) + CURL_SUPPORTS_BUILTIN_AVAILABLE + ;; +esac +AM_CONDITIONAL([HAVE_WINDRES], + [test "$curl_cv_native_windows" = "yes" && test -n "${RC}"]) + +if test "$curl_cv_native_windows" = "yes"; then + AM_COND_IF([HAVE_WINDRES],, + [AC_MSG_ERROR([windres not found in PATH. Windows builds require windres. Cannot continue.])]) +fi dnl ************************************************************ dnl switch off particular protocols @@ -713,16 +797,16 @@ if test X"$want_hyper" != Xno; then experimental="$experimental Hyper" AC_MSG_NOTICE([Hyper support is experimental]) curl_h1_msg="enabled (Hyper)" - curl_h2_msg=$curl_h1_msg HYPER_ENABLED=1 AC_DEFINE(USE_HYPER, 1, [if hyper is in use]) AC_SUBST(USE_HYPER, [1]) CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_HYPER" export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_HYPER to CURL_LIBRARY_PATH]), + AC_MSG_NOTICE([Added $DIR_HYPER to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE hyper" ) ], - for d in `echo $DIR_HYPER | sed -e 's/:/ /'`; do + for d in `echo $DIR_HYPER | $SED -e 's/:/ /'`; do if test -f "$d/libhyper.a"; then AC_MSG_ERROR([hyper was found in $d but was probably built with wrong flags. See docs/HYPER.md.]) fi @@ -736,13 +820,11 @@ if test X"$want_hyper" != Xno; then AC_MSG_NOTICE([Disable RTSP support with hyper]) AC_DEFINE(CURL_DISABLE_RTSP, 1, [to disable RTSP]) AC_SUBST(CURL_DISABLE_RTSP, [1]) - else - AC_MSG_CHECKING([whether to support rtsp]) AC_ARG_ENABLE(rtsp, - AS_HELP_STRING([--enable-rtsp],[Enable RTSP support]) - AS_HELP_STRING([--disable-rtsp],[Disable RTSP support]), +AS_HELP_STRING([--enable-rtsp],[Enable RTSP support]) +AS_HELP_STRING([--disable-rtsp],[Disable RTSP support]), [ case "$enableval" in no) AC_MSG_RESULT(no) @@ -950,6 +1032,31 @@ AS_HELP_STRING([--disable-manual],[Disable built-in manual]), dnl The actual use of the USE_MANUAL variable is done much later in this dnl script to allow other actions to disable it as well. +dnl ********************************************************************** +dnl Check whether to build documentation +dnl ********************************************************************** + +AC_MSG_CHECKING([whether to build documentation]) +AC_ARG_ENABLE(docs, +AS_HELP_STRING([--enable-docs],[Enable documentation]) +AS_HELP_STRING([--disable-docs],[Disable documentation]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + BUILD_DOCS=0 + dnl disable manual too because it needs built documentation + USE_MANUAL=0 + curl_docs_msg="no" + ;; + *) AC_MSG_RESULT(yes) + BUILD_DOCS=1 + ;; + esac ], + AC_MSG_RESULT(yes) + BUILD_DOCS=1 +) + + dnl ************************************************************ dnl disable C code generation support dnl @@ -1043,27 +1150,22 @@ fi if test "$HAVE_GETHOSTBYNAME" != "1" then dnl This is for winsock systems - if test "$curl_cv_header_windows_h" = "yes"; then - if test "$curl_cv_header_winsock2_h" = "yes"; then - winsock_LIB="-lws2_32" - fi + if test "$curl_cv_native_windows" = "yes"; then + winsock_LIB="-lws2_32" if test ! -z "$winsock_LIB"; then my_ac_save_LIBS=$LIBS LIBS="$winsock_LIB $LIBS" AC_MSG_CHECKING([for gethostbyname in $winsock_LIB]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ -#ifdef HAVE_WINDOWS_H +#ifdef _WIN32 #ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN #endif -#include -#ifdef HAVE_WINSOCK2_H #include -#endif #endif ]],[[ - gethostbyname("www.dummysite.com"); + gethostbyname("localhost"); ]]) ],[ AC_MSG_RESULT([yes]) @@ -1086,7 +1188,7 @@ then /* Older Minix versions may need here instead */ #include ]],[[ - gethostbyname("www.dummysite.com"); + gethostbyname("localhost"); ]]) ],[ AC_MSG_RESULT([yes]) @@ -1105,7 +1207,7 @@ then #include #include ]],[[ - gethostbyname("www.dummysite.com"); + gethostbyname("localhost"); ]]) ],[ AC_MSG_RESULT([yes]) @@ -1121,10 +1223,15 @@ then AC_MSG_CHECKING([for gethostbyname for AmigaOS bsdsocket.library]) AC_LINK_IFELSE([ AC_LANG_PROGRAM([[ + #define __USE_INLINE__ #include + #ifdef __amigaos4__ + struct SocketIFace *ISocket = NULL; + #else struct Library *SocketBase = NULL; + #endif ]],[[ - gethostbyname("www.dummysite.com"); + gethostbyname("localhost"); ]]) ],[ AC_MSG_RESULT([yes]) @@ -1146,16 +1253,6 @@ then ]) fi -if test "$HAVE_GETHOSTBYNAME" != "1" -then - dnl gethostbyname in the net lib - for BeOS - AC_CHECK_LIB(net, gethostbyname, - [HAVE_GETHOSTBYNAME="1" - LIBS="-lnet $LIBS" - ]) -fi - - if test "$HAVE_GETHOSTBYNAME" != "1"; then AC_MSG_ERROR([couldn't find libraries for gethostbyname()]) fi @@ -1170,6 +1267,9 @@ dnl check for additional required libraries. dnl ********************************************************************** CURL_CHECK_LIBS_CLOCK_GETTIME_MONOTONIC +dnl Check for even better option +CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC_RAW + dnl ********************************************************************** dnl The preceding library checks are all potentially useful for test dnl servers and libtest cases which require networking and clock_gettime @@ -1204,9 +1304,14 @@ else CURL_CHECK_PKGCONFIG(zlib) if test "$PKGCONFIG" != "no" ; then - LIBS="`$PKGCONFIG --libs-only-l zlib` $LIBS" - LDFLAGS="$LDFLAGS `$PKGCONFIG --libs-only-L zlib`" - CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags-only-I zlib`" + ZLIB_LIBS="`$PKGCONFIG --libs-only-l zlib`" + if test -n "$ZLIB_LIBS"; then + LDFLAGS="$LDFLAGS `$PKGCONFIG --libs-only-L zlib`" + else + ZLIB_LIBS="`$PKGCONFIG --libs zlib`" + fi + LIBS="$ZLIB_LIBS $LIBS" + CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags zlib`" OPT_ZLIB="" HAVE_LIBZ="1" fi @@ -1219,7 +1324,8 @@ else AC_CHECK_LIB(z, inflateEnd, dnl libz found, set the variable [HAVE_LIBZ="1" - LIBS="-lz $LIBS"], + ZLIB_LIBS="-lz" + LIBS="$ZLIB_LIBS $LIBS"], dnl if no lib found, try /usr/local [OPT_ZLIB="/usr/local"]) fi @@ -1241,7 +1347,8 @@ else [ dnl the lib was found! HAVE_LIBZ="1" - LIBS="-lz $LIBS" + ZLIB_LIBS="-lz" + LIBS="$ZLIB_LIBS $LIBS" ], [ CPPFLAGS=$clean_CPPFLAGS LDFLAGS=$clean_LDFLAGS]) @@ -1260,25 +1367,25 @@ else CPPFLAGS=$clean_CPPFLAGS LDFLAGS=$clean_LDFLAGS LIBS=$clean_LIBS + ZLIB_LIBS="" elif test "$HAVE_LIBZ" != "1" && test "$HAVE_ZLIB_H" = "1" then AC_MSG_WARN([configure found only the libz header file, not the lib!]) CPPFLAGS=$clean_CPPFLAGS LDFLAGS=$clean_LDFLAGS LIBS=$clean_LIBS + ZLIB_LIBS="" elif test "$HAVE_LIBZ" = "1" && test "$HAVE_ZLIB_H" = "1" then dnl both header and lib were found! AC_SUBST(HAVE_LIBZ) - AC_DEFINE(HAVE_ZLIB_H, 1, [if you have the zlib.h header file]) AC_DEFINE(HAVE_LIBZ, 1, [if zlib is available]) - - ZLIB_LIBS="-lz" - LIBS="-lz $clean_LIBS" + LIBS="$ZLIB_LIBS $clean_LIBS" dnl replace 'HAVE_LIBZ' in the automake makefile.ams AMFIXLIB="1" AC_MSG_NOTICE([found both libz and libz.h header]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE zlib" curl_zlib_msg="enabled" fi fi @@ -1367,6 +1474,7 @@ if test X"$OPT_BROTLI" != Xno; then AC_MSG_NOTICE([Added $DIR_BROTLI to CURL_LIBRARY_PATH]) fi fi + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libbrotlidec" else dnl no brotli, revert back to clean variables LDFLAGS=$CLEANLDFLAGS @@ -1454,6 +1562,7 @@ if test X"$OPT_ZSTD" != Xno; then AC_MSG_NOTICE([Added $DIR_ZSTD to CURL_LIBRARY_PATH]) fi fi + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libzstd" else dnl no zstd, revert back to clean variables LDFLAGS=$CLEANLDFLAGS @@ -1480,7 +1589,6 @@ if test x$CURL_DISABLE_LDAP != x1 ; then CURL_CHECK_HEADER_LBER CURL_CHECK_HEADER_LDAP - CURL_CHECK_HEADER_LDAPSSL CURL_CHECK_HEADER_LDAP_SSL if test -z "$LDAPLIBNAME" ; then @@ -1536,16 +1644,19 @@ if test x$CURL_DISABLE_LDAP != x1 ; then fi if test x$CURL_DISABLE_LDAP != x1 ; then - AC_CHECK_FUNCS([ldap_url_parse ldap_init_fd]) + AC_CHECK_FUNCS([ldap_url_parse \ + ldap_init_fd]) if test "$LDAPLIBNAME" = "wldap32"; then curl_ldap_msg="enabled (winldap)" AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation]) else - curl_ldap_msg="enabled (OpenLDAP)" if test "x$ac_cv_func_ldap_init_fd" = "xyes"; then + curl_ldap_msg="enabled (OpenLDAP)" AC_DEFINE(USE_OPENLDAP, 1, [Use OpenLDAP-specific code]) AC_SUBST(USE_OPENLDAP, [1]) + else + curl_ldap_msg="enabled (ancient OpenLDAP)" fi fi fi @@ -1575,7 +1686,7 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), AC_RUN_IFELSE([AC_LANG_SOURCE([[ /* are AF_INET6 and sockaddr_in6 available? */ #include -#ifdef HAVE_WINSOCK2_H +#ifdef _WIN32 #include #include #else @@ -1585,15 +1696,12 @@ AS_HELP_STRING([--disable-ipv6],[Disable IPv6 support]), # include #endif #endif -#include /* for exit() */ -main() + +int main(void) { struct sockaddr_in6 s; (void)s; - if (socket(AF_INET6, SOCK_STREAM, 0) < 0) - exit(1); - else - exit(0); + return socket(AF_INET6, SOCK_STREAM, 0) < 0; } ]]) ], @@ -1607,14 +1715,14 @@ main() if test "$ipv6" = yes; then curl_ipv6_msg="enabled" - AC_DEFINE(ENABLE_IPV6, 1, [Define if you want to enable IPv6 support]) + AC_DEFINE(USE_IPV6, 1, [Define if you want to enable IPv6 support]) IPV6_ENABLED=1 AC_SUBST(IPV6_ENABLED) AC_MSG_CHECKING([if struct sockaddr_in6 has sin6_scope_id member]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ #include -#ifdef HAVE_WINSOCK2_H +#ifdef _WIN32 #include #include #else @@ -1642,9 +1750,17 @@ AC_MSG_CHECKING([if argv can be written to]) CURL_RUN_IFELSE([[ int main(int argc, char **argv) { +#ifdef _WIN32 + /* on Windows, writing to the argv does not hide the argument in + process lists so it can just be skipped */ + (void)argc; + (void)argv; + return 1; +#else (void)argc; argv[0][0] = ' '; return (argv[0][0] == ' ')?0:1; +#endif } ]],[ curl_cv_writable_argv=yes @@ -1701,17 +1817,25 @@ AC_ARG_WITH(gssapi, fi ]) +: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} + save_CPPFLAGS="$CPPFLAGS" AC_MSG_CHECKING([if GSS-API support is requested]) if test x"$want_gss" = xyes; then AC_MSG_RESULT(yes) - CURL_CHECK_PKGCONFIG(mit-krb5-gssapi) + if test $GSSAPI_ROOT != "/usr"; then + CURL_CHECK_PKGCONFIG(mit-krb5-gssapi, $GSSAPI_ROOT/lib/pkgconfig) + else + CURL_CHECK_PKGCONFIG(mit-krb5-gssapi) + fi if test -z "$GSSAPI_INCS"; then if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` elif test "$PKGCONFIG" != "no" ; then GSSAPI_INCS=`$PKGCONFIG --cflags mit-krb5-gssapi` + elif test -f "$KRB5CONFIG"; then + GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` elif test "$GSSAPI_ROOT" != "yes"; then GSSAPI_INCS="-I$GSSAPI_ROOT/include" fi @@ -1741,10 +1865,7 @@ AC_INCLUDES_DEFAULT if test "x$not_mit" = "x1"; then dnl MIT not found, check for Heimdal AC_CHECK_HEADER(gssapi.h, - [ - dnl found - AC_DEFINE(HAVE_GSSHEIMDAL, 1, [if you have Heimdal]) - ], + [], [ dnl no header found, disabling GSS want_gss=no @@ -1753,7 +1874,6 @@ AC_INCLUDES_DEFAULT ) else dnl MIT found - AC_DEFINE(HAVE_GSSMIT, 1, [if you have MIT Kerberos]) dnl check if we have a really old MIT Kerberos version (<= 1.2) AC_MSG_CHECKING([if GSS-API headers declare GSS_C_NT_HOSTBASED_SERVICE]) AC_COMPILE_IFELSE([ @@ -1796,7 +1916,11 @@ if test x"$want_gss" = xyes; then LIBS="-lgssapi_krb5 -lresolv $LIBS" ;; *) - CURL_CHECK_PKGCONFIG(mit-krb5-gssapi) + if test $GSSAPI_ROOT != "/usr"; then + CURL_CHECK_PKGCONFIG(mit-krb5-gssapi, $GSSAPI_ROOT/lib/pkgconfig) + else + CURL_CHECK_PKGCONFIG(mit-krb5-gssapi) + fi if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then dnl krb5-config doesn't have --libs-only-L or similar, put everything dnl into LIBS @@ -1805,6 +1929,11 @@ if test x"$want_gss" = xyes; then elif test "$PKGCONFIG" != "no" ; then gss_libs=`$PKGCONFIG --libs mit-krb5-gssapi` LIBS="$gss_libs $LIBS" + elif test -f "$KRB5CONFIG"; then + dnl krb5-config doesn't have --libs-only-L or similar, put everything + dnl into LIBS + gss_libs=`$KRB5CONFIG --libs gssapi` + LIBS="$gss_libs $LIBS" else case $host in *-hp-hpux*) @@ -1839,6 +1968,18 @@ else CPPFLAGS="$save_CPPFLAGS" fi +if test x"$want_gss" = xyes; then + AC_MSG_CHECKING([if we can link against GSS-API library]) + AC_LINK_IFELSE([ + AC_LANG_FUNC_LINK_TRY([gss_init_sec_context]) + ],[ + AC_MSG_RESULT([yes]) + ],[ + AC_MSG_RESULT([no]) + AC_MSG_ERROR([--with-gssapi was specified, but a GSS-API library was not found.]) + ]) +fi + build_libstubgss=no if test x"$want_gss" = "xyes"; then build_libstubgss=yes @@ -1879,21 +2020,24 @@ CURL_WITH_OPENSSL CURL_WITH_GNUTLS CURL_WITH_MBEDTLS CURL_WITH_WOLFSSL -CURL_WITH_MESALINK CURL_WITH_BEARSSL CURL_WITH_RUSTLS -CURL_WITH_NSS dnl link required libraries for USE_WIN32_CRYPTO or USE_SCHANNEL if test "x$USE_WIN32_CRYPTO" = "x1" -o "x$USE_SCHANNEL" = "x1"; then LIBS="-ladvapi32 -lcrypt32 $LIBS" fi -case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED$RUSTLS_ENABLED" +dnl link bcrypt for BCryptGenRandom() (used when building for Vista or newer) +if test "x$curl_cv_native_windows" = "xyes"; then + LIBS="-lbcrypt $LIBS" +fi + +case "x$SSL_DISABLED$OPENSSL_ENABLED$GNUTLS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$BEARSSL_ENABLED$RUSTLS_ENABLED" in x) - AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) - AC_MSG_WARN([Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl, --with-bearssl or --with-rustls to address this.]) + AC_MSG_ERROR([TLS not detected, you will not be able to use HTTPS, FTPS, NTLM and more. +Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-schannel, --with-secure-transport, --with-amissl, --with-bearssl or --with-rustls to address this.]) ;; x1) # one SSL backend is enabled @@ -1901,6 +2045,14 @@ x1) SSL_ENABLED="1" AC_MSG_NOTICE([built with one SSL backend]) ;; +xD) + # explicitly built without TLS + ;; +xD*) + AC_MSG_ERROR([--without-ssl has been set together with an explicit option to use an ssl library +(e.g. --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-schannel, --with-secure-transport, --with-amissl, --with-bearssl, --with-rustls). +Since these are conflicting parameters, verify which is the desired one and drop the other.]) + ;; *) # more than one SSL backend is enabled AC_SUBST(SSL_ENABLED) @@ -1941,20 +2093,75 @@ dnl ********************************************************************** dnl Check for libpsl dnl ********************************************************************** -AC_ARG_WITH(libpsl, - AS_HELP_STRING([--without-libpsl], - [disable support for libpsl cookie checking]), - with_libpsl=$withval, - with_libpsl=yes) -if test $with_libpsl != "no"; then - AC_SEARCH_LIBS(psl_builtin, psl, - [curl_psl_msg="enabled"; - AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled]) - ], - [curl_psl_msg="no (libpsl not found)"; - AC_MSG_WARN([libpsl was not found]) - ] +dnl Default to compiler & linker defaults for LIBPSL files & libraries. +OPT_LIBPSL=off +AC_ARG_WITH(libpsl,dnl +AS_HELP_STRING([--with-libpsl=PATH],[Where to look for libpsl, PATH points to the LIBPSL installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) +AS_HELP_STRING([--without-libpsl], [disable LIBPSL]), + OPT_LIBPSL=$withval) + +if test X"$OPT_LIBPSL" != Xno; then + dnl backup the pre-libpsl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + case "$OPT_LIBPSL" in + yes) + dnl --with-libpsl (without path) used + CURL_CHECK_PKGCONFIG(libpsl) + + if test "$PKGCONFIG" != "no" ; then + LIB_PSL=`$PKGCONFIG --libs-only-l libpsl` + LD_PSL=`$PKGCONFIG --libs-only-L libpsl` + CPP_PSL=`$PKGCONFIG --cflags-only-I libpsl` + else + dnl no libpsl pkg-config found + LIB_PSL="-lpsl" + fi + + ;; + off) + dnl no --with-libpsl option given, just check default places + LIB_PSL="-lpsl" + ;; + *) + dnl use the given --with-libpsl spot + LIB_PSL="-lpsl" + PREFIX_PSL=$OPT_LIBPSL + ;; + esac + + dnl if given with a prefix, we set -L and -I based on that + if test -n "$PREFIX_PSL"; then + LD_PSL=-L${PREFIX_PSL}/lib$libsuff + CPP_PSL=-I${PREFIX_PSL}/include + fi + + LDFLAGS="$LDFLAGS $LD_PSL" + CPPFLAGS="$CPPFLAGS $CPP_PSL" + LIBS="$LIB_PSL $LIBS" + + AC_CHECK_LIB(psl, psl_builtin, + [ + AC_CHECK_HEADERS(libpsl.h, + curl_psl_msg="enabled" + LIBPSL_ENABLED=1 + AC_DEFINE(USE_LIBPSL, 1, [if libpsl is in use]) + AC_SUBST(USE_LIBPSL, [1]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libpsl" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS ) + + if test X"$OPT_LIBPSL" != Xoff && + test "$LIBPSL_ENABLED" != "1"; then + AC_MSG_ERROR([libpsl libs and/or directories were not found where specified!]) + fi fi AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "enabled"]) @@ -1981,13 +2188,13 @@ fi AM_CONDITIONAL([USE_GSASL], [test "$curl_gsasl_msg" = "enabled"]) AC_ARG_WITH(libmetalink,, - AC_MSG_ERROR([--with-libmetalink no longer works!])) + AC_MSG_ERROR([--with-libmetalink and --without-libmetalink no longer work!])) dnl ********************************************************************** -dnl Check for the presence of LIBSSH2 libraries and headers +dnl Check for the presence of libssh2 libraries and headers dnl ********************************************************************** -dnl Default to compiler & linker defaults for LIBSSH2 files & libraries. +dnl Default to compiler & linker defaults for libssh2 files & libraries. OPT_LIBSSH2=off AC_ARG_WITH(libssh2,dnl AS_HELP_STRING([--with-libssh2=PATH],[Where to look for libssh2, PATH points to the libssh2 installation; when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]) @@ -2019,7 +2226,7 @@ if test X"$OPT_LIBSSH2" != Xno; then CURL_CHECK_PKGCONFIG(libssh2) if test "$PKGCONFIG" != "no" ; then - LIB_SSH2=`$PKGCONFIG --libs libssh2` + LIB_SSH2=`$PKGCONFIG --libs-only-l libssh2` LD_SSH2=`$PKGCONFIG --libs-only-L libssh2` CPP_SSH2=`$PKGCONFIG --cflags-only-I libssh2` version=`$PKGCONFIG --modversion libssh2` @@ -2051,16 +2258,16 @@ if test X"$OPT_LIBSSH2" != Xno; then dnl check for function added in libssh2 version 1.0 AC_CHECK_LIB(ssh2, libssh2_session_block_directions) - AC_CHECK_HEADERS(libssh2.h, - curl_ssh_msg="enabled (libSSH2)" + AC_CHECK_HEADER(libssh2.h, + curl_ssh_msg="enabled (libssh2)" LIBSSH2_ENABLED=1 - AC_DEFINE(USE_LIBSSH2, 1, [if libSSH2 is in use]) + AC_DEFINE(USE_LIBSSH2, 1, [if libssh2 is in use]) AC_SUBST(USE_LIBSSH2, [1]) ) if test X"$OPT_LIBSSH2" != Xoff && test "$LIBSSH2_ENABLED" != "1"; then - AC_MSG_ERROR([libSSH2 libs and/or directories were not found where specified!]) + AC_MSG_ERROR([libssh2 libs and/or directories were not found where specified!]) fi if test "$LIBSSH2_ENABLED" = "1"; then @@ -2075,6 +2282,7 @@ if test X"$OPT_LIBSSH2" != Xno; then AC_MSG_NOTICE([Added $DIR_SSH2 to CURL_LIBRARY_PATH]) fi fi + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libssh2" else dnl no libssh2, revert back to clean variables LDFLAGS=$CLEANLDFLAGS @@ -2124,16 +2332,16 @@ elif test X"$OPT_LIBSSH" != Xno; then AC_CHECK_LIB(ssh, ssh_new) - AC_CHECK_HEADERS(libssh/libssh.h, - curl_ssh_msg="enabled (libSSH)" + AC_CHECK_HEADER(libssh/libssh.h, + curl_ssh_msg="enabled (libssh)" LIBSSH_ENABLED=1 - AC_DEFINE(USE_LIBSSH, 1, [if libSSH is in use]) + AC_DEFINE(USE_LIBSSH, 1, [if libssh is in use]) AC_SUBST(USE_LIBSSH, [1]) ) if test X"$OPT_LIBSSH" != Xoff && test "$LIBSSH_ENABLED" != "1"; then - AC_MSG_ERROR([libSSH libs and/or directories were not found where specified!]) + AC_MSG_ERROR([libssh libs and/or directories were not found where specified!]) fi if test "$LIBSSH_ENABLED" = "1"; then @@ -2148,6 +2356,7 @@ elif test X"$OPT_LIBSSH" != Xno; then AC_MSG_NOTICE([Added $DIR_SSH to CURL_LIBRARY_PATH]) fi fi + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libssh" else dnl no libssh, revert back to clean variables LDFLAGS=$CLEANLDFLAGS @@ -2242,6 +2451,7 @@ if test X"$OPT_LIBRTMP" != Xno; then LIBRTMP_ENABLED=1 AC_DEFINE(USE_LIBRTMP, 1, [if librtmp is in use]) AC_SUBST(USE_LIBRTMP, [1]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE librtmp" ) ], dnl not found, revert back to clean variables @@ -2281,8 +2491,6 @@ AS_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar versioned_symbols_flavour="OPENSSL_" elif test "x$GNUTLS_ENABLED" = "x1"; then versioned_symbols_flavour="GNUTLS_" - elif test "x$NSS_ENABLED" = "x1"; then - versioned_symbols_flavour="NSS_" elif test "x$WOLFSSL_ENABLED" = "x1"; then versioned_symbols_flavour="WOLFSSL_" elif test "x$SCHANNEL_ENABLED" = "x1"; then @@ -2395,7 +2603,6 @@ if test "$want_winidn" = "yes"; then # if test "$tst_links_winidn" = "yes"; then AC_DEFINE(USE_WIN32_IDN, 1, [Define to 1 if you have the `normaliz' (WinIDN) library (-lnormaliz).]) - AC_DEFINE(WANT_IDN_PROTOTYPES, 1, [Define to 1 to provide own prototypes.]) AC_SUBST([IDN_ENABLED], [1]) curl_idn_msg="enabled (Windows-native)" else @@ -2417,31 +2624,36 @@ AC_ARG_WITH(libidn2, AS_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage]) AS_HELP_STRING([--without-libidn2],[Disable libidn2 usage]), [OPT_IDN=$withval]) -case "$OPT_IDN" in - no) - dnl --without-libidn2 option used - want_idn="no" - AC_MSG_RESULT([no]) - ;; - default) - dnl configure option not specified - want_idn="yes" - want_idn_path="default" - AC_MSG_RESULT([(assumed) yes]) - ;; - yes) - dnl --with-libidn2 option used without path - want_idn="yes" - want_idn_path="default" - AC_MSG_RESULT([yes]) - ;; - *) - dnl --with-libidn2 option used with path - want_idn="yes" - want_idn_path="$withval" - AC_MSG_RESULT([yes ($withval)]) - ;; -esac +if test "x$tst_links_winidn" = "xyes"; then + want_idn="no" + AC_MSG_RESULT([no (using winidn instead)]) +else + case "$OPT_IDN" in + no) + dnl --without-libidn2 option used + want_idn="no" + AC_MSG_RESULT([no]) + ;; + default) + dnl configure option not specified + want_idn="yes" + want_idn_path="default" + AC_MSG_RESULT([(assumed) yes]) + ;; + yes) + dnl --with-libidn2 option used without path + want_idn="yes" + want_idn_path="default" + AC_MSG_RESULT([yes]) + ;; + *) + dnl --with-libidn2 option used with path + want_idn="yes" + want_idn_path="$withval" + AC_MSG_RESULT([yes ($withval)]) + ;; + esac +fi if test "$want_idn" = "yes"; then dnl idn library support has been requested @@ -2523,6 +2735,7 @@ if test "$want_idn" = "yes"; then export CURL_LIBRARY_PATH AC_MSG_NOTICE([Added $IDN_DIR to CURL_LIBRARY_PATH]) fi + LIBCURL_PC_REQUIRES_PRIVATE="libidn2 $LIBCURL_PC_REQUIRES_PRIVATE" else AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled]) CPPFLAGS="$clean_CPPFLAGS" @@ -2555,11 +2768,13 @@ case "$OPT_H2" in dnl --with-nghttp2 option used without path want_nghttp2="default" want_nghttp2_path="" + want_nghttp2_pkg_config_path="" ;; *) dnl --with-nghttp2 option used with path want_nghttp2="yes" - want_nghttp2_path="$withval/lib/pkgconfig" + want_nghttp2_path="$withval" + want_nghttp2_pkg_config_path="$withval/lib/pkgconfig" ;; esac @@ -2569,58 +2784,67 @@ if test X"$want_nghttp2" != Xno; then CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" - CURL_CHECK_PKGCONFIG(libnghttp2, $want_nghttp2_path) + CURL_CHECK_PKGCONFIG(libnghttp2, $want_nghttp2_pkg_config_path) if test "$PKGCONFIG" != "no" ; then - LIB_H2=`CURL_EXPORT_PCDIR([$want_nghttp2_path]) + LIB_H2=`CURL_EXPORT_PCDIR([$want_nghttp2_pkg_config_path]) $PKGCONFIG --libs-only-l libnghttp2` AC_MSG_NOTICE([-l is $LIB_H2]) - CPP_H2=`CURL_EXPORT_PCDIR([$want_nghttp2_path]) dnl + CPP_H2=`CURL_EXPORT_PCDIR([$want_nghttp2_pkg_config_path]) dnl $PKGCONFIG --cflags-only-I libnghttp2` AC_MSG_NOTICE([-I is $CPP_H2]) - LD_H2=`CURL_EXPORT_PCDIR([$want_nghttp2_path]) + LD_H2=`CURL_EXPORT_PCDIR([$want_nghttp2_pkg_config_path]) $PKGCONFIG --libs-only-L libnghttp2` AC_MSG_NOTICE([-L is $LD_H2]) - LDFLAGS="$LDFLAGS $LD_H2" - CPPFLAGS="$CPPFLAGS $CPP_H2" - LIBS="$LIB_H2 $LIBS" - - # use nghttp2_session_set_local_window_size to require nghttp2 - # >= 1.12.0 - AC_CHECK_LIB(nghttp2, nghttp2_session_set_local_window_size, - [ - AC_CHECK_HEADERS(nghttp2/nghttp2.h, - curl_h2_msg="enabled (nghttp2)" - NGHTTP2_ENABLED=1 - AC_DEFINE(USE_NGHTTP2, 1, [if nghttp2 is in use]) - AC_SUBST(USE_NGHTTP2, [1]) - ) - ], - dnl not found, revert back to clean variables - LDFLAGS=$CLEANLDFLAGS - CPPFLAGS=$CLEANCPPFLAGS - LIBS=$CLEANLIBS - ) - + DIR_H2=`echo $LD_H2 | $SED -e 's/^-L//'` + elif test x"$want_nghttp2_path" != x; then + LIB_H2="-lnghttp2" + LD_H2=-L${want_nghttp2_path}/lib$libsuff + CPP_H2=-I${want_nghttp2_path}/include + DIR_H2=${want_nghttp2_path}/lib$libsuff + elif test X"$want_nghttp2" != Xdefault; then + dnl no nghttp2 pkg-config found and no custom directory specified, + dnl deal with it + AC_MSG_ERROR([--with-nghttp2 was specified but could not find libnghttp2 pkg-config file.]) else - dnl no nghttp2 pkg-config found, deal with it - if test X"$want_nghttp2" != Xdefault; then - dnl To avoid link errors, we do not allow --with-nghttp2 without - dnl a pkgconfig file - AC_MSG_ERROR([--with-nghttp2 was specified but could not find libnghttp2 pkg-config file.]) - fi + LIB_H2="-lnghttp2" fi + LDFLAGS="$LDFLAGS $LD_H2" + CPPFLAGS="$CPPFLAGS $CPP_H2" + LIBS="$LIB_H2 $LIBS" + + # use nghttp2_session_get_stream_local_window_size to require nghttp2 + # >= 1.15.0 + AC_CHECK_LIB(nghttp2, nghttp2_session_get_stream_local_window_size, + [ + AC_CHECK_HEADERS(nghttp2/nghttp2.h, + curl_h2_msg="enabled (nghttp2)" + NGHTTP2_ENABLED=1 + AC_DEFINE(USE_NGHTTP2, 1, [if nghttp2 is in use]) + AC_SUBST(USE_NGHTTP2, [1]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libnghttp2" + ) + + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_H2" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_H2 to CURL_LIBRARY_PATH]) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) fi dnl ********************************************************************** dnl Check for ngtcp2 (QUIC) dnl ********************************************************************** -OPT_TCP2="yes" +OPT_TCP2="no" if test "x$disable_http" = "xyes"; then # without HTTP, ngtcp2 is no use @@ -2650,6 +2874,11 @@ esac curl_tcp2_msg="no (--with-ngtcp2)" if test X"$want_tcp2" != Xno; then + + if test "$QUIC_ENABLED" != "yes"; then + AC_MSG_ERROR([the detected TLS library does not support QUIC, making --with-ngtcp2 a no-no]) + fi + dnl backup the pre-ngtcp2 variables CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" @@ -2686,6 +2915,7 @@ if test X"$want_tcp2" != Xno; then CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_TCP2" export CURL_LIBRARY_PATH AC_MSG_NOTICE([Added $DIR_TCP2 to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2" ) ], dnl not found, revert back to clean variables @@ -2705,43 +2935,100 @@ if test X"$want_tcp2" != Xno; then fi -if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1"; then - dnl backup the pre-ngtcp2_crypto_openssl variables +if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1" -a "x$OPENSSL_IS_BORINGSSL" != "x1"; then + dnl backup the pre-ngtcp2_crypto_quictls variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_quictls, $want_tcp2_path) + + if test "$PKGCONFIG" != "no" ; then + LIB_NGTCP2_CRYPTO_QUICTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-l libngtcp2_crypto_quictls` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_QUICTLS]) + + CPP_NGTCP2_CRYPTO_QUICTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_quictls` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_QUICTLS]) + + LD_NGTCP2_CRYPTO_QUICTLS=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-L libngtcp2_crypto_quictls` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_QUICTLS]) + + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_QUICTLS" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_QUICTLS" + LIBS="$LIB_NGTCP2_CRYPTO_QUICTLS $LIBS" + + if test "x$cross_compiling" != "xyes"; then + DIR_NGTCP2_CRYPTO_QUICTLS=`echo $LD_NGTCP2_CRYPTO_QUICTLS | $SED -e 's/^-L//'` + fi + AC_CHECK_LIB(ngtcp2_crypto_quictls, ngtcp2_crypto_recv_client_initial_cb, + [ + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + NGTCP2_ENABLED=1 + AC_DEFINE(USE_NGTCP2_CRYPTO_QUICTLS, 1, [if ngtcp2_crypto_quictls is in use]) + AC_SUBST(USE_NGTCP2_CRYPTO_QUICTLS, [1]) + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_QUICTLS" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_QUICTLS to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_quictls" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no ngtcp2_crypto_quictls pkg-config found, deal with it + if test X"$want_tcp2" != Xdefault; then + dnl To avoid link errors, we do not allow --with-ngtcp2 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_quictls pkg-config file.]) + fi + fi +fi + +if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1" -a "x$OPENSSL_IS_BORINGSSL" = "x1"; then + dnl backup the pre-ngtcp2_crypto_boringssl variables CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" CLEANLIBS="$LIBS" - CURL_CHECK_PKGCONFIG(libngtcp2_crypto_openssl, $want_tcp2_path) + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_boringssl, $want_tcp2_path) if test "$PKGCONFIG" != "no" ; then - LIB_NGTCP2_CRYPTO_OPENSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) - $PKGCONFIG --libs-only-l libngtcp2_crypto_openssl` - AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_OPENSSL]) + LIB_NGTCP2_CRYPTO_BORINGSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-l libngtcp2_crypto_boringssl` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_BORINGSSL]) - CPP_NGTCP2_CRYPTO_OPENSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl - $PKGCONFIG --cflags-only-I libngtcp2_crypto_openssl` - AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_OPENSSL]) + CPP_NGTCP2_CRYPTO_BORINGSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_boringssl` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_BORINGSSL]) - LD_NGTCP2_CRYPTO_OPENSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) - $PKGCONFIG --libs-only-L libngtcp2_crypto_openssl` - AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_OPENSSL]) + LD_NGTCP2_CRYPTO_BORINGSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-L libngtcp2_crypto_boringssl` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_BORINGSSL]) - LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_OPENSSL" - CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_OPENSSL" - LIBS="$LIB_NGTCP2_CRYPTO_OPENSSL $LIBS" + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_BORINGSSL" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_BORINGSSL" + LIBS="$LIB_NGTCP2_CRYPTO_BORINGSSL $LIBS" if test "x$cross_compiling" != "xyes"; then - DIR_NGTCP2_CRYPTO_OPENSSL=`echo $LD_NGTCP2_CRYPTO_OPENSSL | $SED -e 's/^-L//'` + DIR_NGTCP2_CRYPTO_BORINGSSL=`echo $LD_NGTCP2_CRYPTO_BORINGSSL | $SED -e 's/^-L//'` fi - AC_CHECK_LIB(ngtcp2_crypto_openssl, ngtcp2_crypto_ctx_initial, + AC_CHECK_LIB(ngtcp2_crypto_boringssl, ngtcp2_crypto_recv_client_initial_cb, [ AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, NGTCP2_ENABLED=1 - AC_DEFINE(USE_NGTCP2_CRYPTO_OPENSSL, 1, [if ngtcp2_crypto_openssl is in use]) - AC_SUBST(USE_NGTCP2_CRYPTO_OPENSSL, [1]) - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_OPENSSL" + AC_DEFINE(USE_NGTCP2_CRYPTO_BORINGSSL, 1, [if ngtcp2_crypto_boringssl is in use]) + AC_SUBST(USE_NGTCP2_CRYPTO_BORINGSSL, [1]) + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_BORINGSSL" export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_OPENSSL to CURL_LIBRARY_PATH]) + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_BORINGSSL to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_boringssl" ) ], dnl not found, revert back to clean variables @@ -2751,11 +3038,11 @@ if test "x$NGTCP2_ENABLED" = "x1" -a "x$OPENSSL_ENABLED" = "x1"; then ) else - dnl no ngtcp2_crypto_openssl pkg-config found, deal with it + dnl no ngtcp2_crypto_boringssl pkg-config found, deal with it if test X"$want_tcp2" != Xdefault; then dnl To avoid link errors, we do not allow --with-ngtcp2 without dnl a pkgconfig file - AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_openssl pkg-config file.]) + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_boringssl pkg-config file.]) fi fi fi @@ -2788,7 +3075,7 @@ if test "x$NGTCP2_ENABLED" = "x1" -a "x$GNUTLS_ENABLED" = "x1"; then if test "x$cross_compiling" != "xyes"; then DIR_NGTCP2_CRYPTO_GNUTLS=`echo $LD_NGTCP2_CRYPTO_GNUTLS | $SED -e 's/^-L//'` fi - AC_CHECK_LIB(ngtcp2_crypto_gnutls, ngtcp2_crypto_ctx_initial, + AC_CHECK_LIB(ngtcp2_crypto_gnutls, ngtcp2_crypto_recv_client_initial_cb, [ AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, NGTCP2_ENABLED=1 @@ -2797,6 +3084,7 @@ if test "x$NGTCP2_ENABLED" = "x1" -a "x$GNUTLS_ENABLED" = "x1"; then CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_GNUTLS" export CURL_LIBRARY_PATH AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_GNUTLS to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_gnutls" ) ], dnl not found, revert back to clean variables @@ -2815,28 +3103,124 @@ if test "x$NGTCP2_ENABLED" = "x1" -a "x$GNUTLS_ENABLED" = "x1"; then fi fi -dnl ********************************************************************** -dnl Check for nghttp3 (HTTP/3 with ngtcp2) -dnl ********************************************************************** +if test "x$NGTCP2_ENABLED" = "x1" -a "x$WOLFSSL_ENABLED" = "x1"; then + dnl backup the pre-ngtcp2_crypto_wolfssl variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" -OPT_NGHTTP3="yes" + CURL_CHECK_PKGCONFIG(libngtcp2_crypto_wolfssl, $want_tcp2_path) -if test "x$NGTCP2_ENABLED" = "x"; then - # without ngtcp2, nghttp3 is of no use for us - OPT_NGHTTP3="no" -fi + if test "$PKGCONFIG" != "no" ; then + LIB_NGTCP2_CRYPTO_WOLFSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-l libngtcp2_crypto_wolfssl` + AC_MSG_NOTICE([-l is $LIB_NGTCP2_CRYPTO_WOLFSSL]) -AC_ARG_WITH(nghttp3, -AS_HELP_STRING([--with-nghttp3=PATH],[Enable nghttp3 usage]) -AS_HELP_STRING([--without-nghttp3],[Disable nghttp3 usage]), - [OPT_NGHTTP3=$withval]) -case "$OPT_NGHTTP3" in - no) - dnl --without-nghttp3 option used - want_nghttp3="no" - ;; - yes) - dnl --with-nghttp3 option used without path + CPP_NGTCP2_CRYPTO_WOLFSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) dnl + $PKGCONFIG --cflags-only-I libngtcp2_crypto_wolfssl` + AC_MSG_NOTICE([-I is $CPP_NGTCP2_CRYPTO_WOLFSSL]) + + LD_NGTCP2_CRYPTO_WOLFSSL=`CURL_EXPORT_PCDIR([$want_tcp2_path]) + $PKGCONFIG --libs-only-L libngtcp2_crypto_wolfssl` + AC_MSG_NOTICE([-L is $LD_NGTCP2_CRYPTO_WOLFSSL]) + + LDFLAGS="$LDFLAGS $LD_NGTCP2_CRYPTO_WOLFSSL" + CPPFLAGS="$CPPFLAGS $CPP_NGTCP2_CRYPTO_WOLFSSL" + LIBS="$LIB_NGTCP2_CRYPTO_WOLFSSL $LIBS" + + if test "x$cross_compiling" != "xyes"; then + DIR_NGTCP2_CRYPTO_WOLFSSL=`echo $LD_NGTCP2_CRYPTO_WOLFSSL | $SED -e 's/^-L//'` + fi + AC_CHECK_LIB(ngtcp2_crypto_wolfssl, ngtcp2_crypto_recv_client_initial_cb, + [ + AC_CHECK_HEADERS(ngtcp2/ngtcp2_crypto.h, + NGTCP2_ENABLED=1 + AC_DEFINE(USE_NGTCP2_CRYPTO_WOLFSSL, 1, [if ngtcp2_crypto_wolfssl is in use]) + AC_SUBST(USE_NGTCP2_CRYPTO_WOLFSSL, [1]) + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGTCP2_CRYPTO_WOLFSSL" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_NGTCP2_CRYPTO_WOLFSSL to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libngtcp2_crypto_wolfssl" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) + + else + dnl no ngtcp2_crypto_wolfssl pkg-config found, deal with it + if test X"$want_tcp2" != Xdefault; then + dnl To avoid link errors, we do not allow --with-ngtcp2 without + dnl a pkgconfig file + AC_MSG_ERROR([--with-ngtcp2 was specified but could not find ngtcp2_crypto_wolfssl pkg-config file.]) + fi + fi +fi + +dnl ********************************************************************** +dnl Check for OpenSSL QUIC +dnl ********************************************************************** + +OPT_OPENSSL_QUIC="no" + +if test "x$disable_http" = "xyes" -o "x$OPENSSL_ENABLED" != "x1"; then + # without HTTP or without openssl, no use + OPT_OPENSSL_QUIC="no" +fi + +AC_ARG_WITH(openssl-quic, +AS_HELP_STRING([--with-openssl-quic],[Enable OpenSSL QUIC usage]) +AS_HELP_STRING([--without-openssl-quic],[Disable OpenSSL QUIC usage]), + [OPT_OPENSSL_QUIC=$withval]) +case "$OPT_OPENSSL_QUIC" in + no) + dnl --without-openssl-quic option used + want_openssl_quic="no" + ;; + yes) + dnl --with-openssl-quic option used + want_openssl_quic="yes" + ;; +esac + +curl_openssl_quic_msg="no (--with-openssl-quic)" +if test "x$want_openssl_quic" = "xyes"; then + + if test "$NGTCP2_ENABLED" = 1; then + AC_MSG_ERROR([--with-openssl-quic and --with-ngtcp2 are mutually exclusive]) + fi + if test "$HAVE_OPENSSL_QUIC" != 1; then + AC_MSG_ERROR([--with-openssl-quic requires quic support and OpenSSL >= 3.3.0]) + fi + AC_DEFINE(USE_OPENSSL_QUIC, 1, [if openssl QUIC is in use]) + AC_SUBST(USE_OPENSSL_QUIC, [1]) +fi + +dnl ********************************************************************** +dnl Check for nghttp3 (HTTP/3 with ngtcp2) +dnl ********************************************************************** + +OPT_NGHTTP3="yes" + +if test "x$USE_NGTCP2" != "x1" -a "x$USE_OPENSSL_QUIC" != "x1"; then + # without ngtcp2 or openssl quic, nghttp3 is of no use for us + OPT_NGHTTP3="no" + want_nghttp3="no" +fi + +AC_ARG_WITH(nghttp3, +AS_HELP_STRING([--with-nghttp3=PATH],[Enable nghttp3 usage]) +AS_HELP_STRING([--without-nghttp3],[Disable nghttp3 usage]), + [OPT_NGHTTP3=$withval]) +case "$OPT_NGHTTP3" in + no) + dnl --without-nghttp3 option used + want_nghttp3="no" + ;; + yes) + dnl --with-nghttp3 option used without path want_nghttp3="default" want_nghttp3_path="" ;; @@ -2849,6 +3233,12 @@ esac curl_http3_msg="no (--with-nghttp3)" if test X"$want_nghttp3" != Xno; then + + if test "x$USE_NGTCP2" != "x1" -a "x$USE_OPENSSL_QUIC" != "x1"; then + # without ngtcp2 or openssl quic, nghttp3 is of no use for us + AC_MSG_ERROR([nghttp3 enabled without a QUIC library; enable ngtcp2 or OpenSSL-QUIC]) + fi + dnl backup the pre-nghttp3 variables CLEANLDFLAGS="$LDFLAGS" CLEANCPPFLAGS="$CPPFLAGS" @@ -2879,14 +3269,12 @@ if test X"$want_nghttp3" != Xno; then AC_CHECK_LIB(nghttp3, nghttp3_conn_client_new_versioned, [ AC_CHECK_HEADERS(nghttp3/nghttp3.h, - curl_h3_msg="enabled (ngtcp2 + nghttp3)" - NGHTTP3_ENABLED=1 AC_DEFINE(USE_NGHTTP3, 1, [if nghttp3 is in use]) AC_SUBST(USE_NGHTTP3, [1]) CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_NGHTTP3" export CURL_LIBRARY_PATH AC_MSG_NOTICE([Added $DIR_NGHTTP3 to CURL_LIBRARY_PATH]) - experimental="$experimental HTTP3" + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libnghttp3" ) ], dnl not found, revert back to clean variables @@ -2906,6 +3294,29 @@ if test X"$want_nghttp3" != Xno; then fi +dnl ********************************************************************** +dnl Check for ngtcp2 and nghttp3 (HTTP/3 with ngtcp2 + nghttp3) +dnl ********************************************************************** + +if test "x$NGTCP2_ENABLED" = "x1" -a "x$USE_NGHTTP3" = "x1"; then + AC_DEFINE(USE_NGTCP2_H3, 1, [if ngtcp2 + nghttp3 is in use]) + AC_SUBST(USE_NGTCP2_H3, [1]) + AC_MSG_NOTICE([HTTP3 support is experimental]) + curl_h3_msg="enabled (ngtcp2 + nghttp3)" +fi + +dnl ********************************************************************** +dnl Check for OpenSSL and nghttp3 (HTTP/3 with nghttp3 using OpenSSL QUIC) +dnl ********************************************************************** + +if test "x$USE_OPENSSL_QUIC" = "x1" -a "x$USE_NGHTTP3" = "x1"; then + experimental="$experimental HTTP3" + AC_DEFINE(USE_OPENSSL_H3, 1, [if openssl quic + nghttp3 is in use]) + AC_SUBST(USE_OPENSSL_H3, [1]) + AC_MSG_NOTICE([HTTP3 support is experimental]) + curl_h3_msg="enabled (openssl + nghttp3)" +fi + dnl ********************************************************************** dnl Check for quiche (QUIC) dnl ********************************************************************** @@ -2940,6 +3351,10 @@ esac if test X"$want_quiche" != Xno; then + if test "$QUIC_ENABLED" != "yes"; then + AC_MSG_ERROR([the detected TLS library does not support QUIC, making --with-quiche a no-no]) + fi + if test "$NGHTTP3_ENABLED" = 1; then AC_MSG_ERROR([--with-quiche and --with-ngtcp2 are mutually exclusive]) fi @@ -2971,7 +3386,7 @@ if test X"$want_quiche" != Xno; then if test "x$cross_compiling" != "xyes"; then DIR_QUICHE=`echo $LD_QUICHE | $SED -e 's/^-L//'` fi - AC_CHECK_LIB(quiche, quiche_connect, + AC_CHECK_LIB(quiche, quiche_conn_send_ack_eliciting, [ AC_CHECK_HEADERS(quiche.h, experimental="$experimental HTTP3" @@ -2983,7 +3398,8 @@ if test X"$want_quiche" != Xno; then AC_CHECK_FUNCS([quiche_conn_set_qlog_fd]) CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_QUICHE" export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $DIR_QUICHE to CURL_LIBRARY_PATH]), + AC_MSG_NOTICE([Added $DIR_QUICHE to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE quiche", [], [ AC_INCLUDES_DEFAULT @@ -3004,6 +3420,92 @@ AC_INCLUDES_DEFAULT fi fi +dnl ********************************************************************** +dnl Check for msh3 (QUIC) +dnl ********************************************************************** + +OPT_MSH3="no" + +if test "x$disable_http" = "xyes" -o "x$USE_NGTCP" = "x1"; then + # without HTTP or with ngtcp2, msh3 is no use + OPT_MSH3="no" +fi + +AC_ARG_WITH(msh3, +AS_HELP_STRING([--with-msh3=PATH],[Enable msh3 usage]) +AS_HELP_STRING([--without-msh3],[Disable msh3 usage]), + [OPT_MSH3=$withval]) +case "$OPT_MSH3" in + no) + dnl --without-msh3 option used + want_msh3="no" + ;; + yes) + dnl --with-msh3 option used without path + want_msh3="default" + want_msh3_path="" + ;; + *) + dnl --with-msh3 option used with path + want_msh3="yes" + want_msh3_path="$withval" + ;; +esac + +if test X"$want_msh3" != Xno; then + + dnl msh3 on non-Windows needs an OpenSSL with the QUIC API + if test "$curl_cv_native_windows" != "yes"; then + if test "$QUIC_ENABLED" != "yes"; then + AC_MSG_ERROR([the detected TLS library does not support QUIC, making --with-msh3 a no-no]) + fi + if test "$OPENSSL_ENABLED" != "1"; then + AC_MSG_ERROR([msh3 requires OpenSSL]) + fi + fi + + if test "$NGHTTP3_ENABLED" = 1; then + AC_MSG_ERROR([--with-msh3 and --with-ngtcp2 are mutually exclusive]) + fi + if test "$QUICHE_ENABLED" = 1; then + AC_MSG_ERROR([--with-msh3 and --with-quiche are mutually exclusive]) + fi + + dnl backup the pre-msh3 variables + CLEANLDFLAGS="$LDFLAGS" + CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + + if test -n "$want_msh3_path"; then + LD_MSH3="-L$want_msh3_path/lib" + CPP_MSH3="-I$want_msh3_path/include" + DIR_MSH3="$want_msh3_path/lib" + LDFLAGS="$LDFLAGS $LD_MSH3" + CPPFLAGS="$CPPFLAGS $CPP_MSH3" + fi + LIBS="-lmsh3 $LIBS" + + AC_CHECK_LIB(msh3, MsH3ApiOpen, + [ + AC_CHECK_HEADERS(msh3.h, + curl_h3_msg="enabled (msh3)" + MSH3_ENABLED=1 + AC_DEFINE(USE_MSH3, 1, [if msh3 is in use]) + AC_SUBST(USE_MSH3, [1]) + CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$DIR_MSH3" + export CURL_LIBRARY_PATH + AC_MSG_NOTICE([Added $DIR_MSH3 to CURL_LIBRARY_PATH]) + LIBCURL_PC_REQUIRES_PRIVATE="$LIBCURL_PC_REQUIRES_PRIVATE libmsh3" + experimental="$experimental HTTP3" + ) + ], + dnl not found, revert back to clean variables + LDFLAGS=$CLEANLDFLAGS + CPPFLAGS=$CLEANCPPFLAGS + LIBS=$CLEANLIBS + ) +fi + dnl ********************************************************************** dnl Check for zsh completion path dnl ********************************************************************** @@ -3014,10 +3516,10 @@ AS_HELP_STRING([--with-zsh-functions-dir=PATH],[Install zsh completions to PATH] AS_HELP_STRING([--without-zsh-functions-dir],[Do not install zsh completions]), [OPT_ZSH_FPATH=$withval]) case "$OPT_ZSH_FPATH" in - no) + default|no) dnl --without-zsh-functions-dir option used ;; - default|yes) + yes) dnl --with-zsh-functions-dir option used without path ZSH_FUNCTIONS_DIR="$datarootdir/zsh/site-functions" AC_SUBST(ZSH_FUNCTIONS_DIR) @@ -3028,6 +3530,7 @@ case "$OPT_ZSH_FPATH" in AC_SUBST(ZSH_FUNCTIONS_DIR) ;; esac +AM_CONDITIONAL(USE_ZSH_COMPLETION, test x"$ZSH_FUNCTIONS_DIR" != x) dnl ********************************************************************** dnl Check for fish completion path @@ -3039,14 +3542,14 @@ AS_HELP_STRING([--with-fish-functions-dir=PATH],[Install fish completions to PAT AS_HELP_STRING([--without-fish-functions-dir],[Do not install fish completions]), [OPT_FISH_FPATH=$withval]) case "$OPT_FISH_FPATH" in - no) + default|no) dnl --without-fish-functions-dir option used ;; - default|yes) + yes) dnl --with-fish-functions-dir option used without path CURL_CHECK_PKGCONFIG(fish) if test "$PKGCONFIG" != "no" ; then - FISH_FUNCTIONS_DIR="$($PKGCONFIG --variable completionsdir fish)" + FISH_FUNCTIONS_DIR=`$PKGCONFIG --variable completionsdir fish` else FISH_FUNCTIONS_DIR="$datarootdir/fish/vendor_completions.d" fi @@ -3058,9 +3561,7 @@ case "$OPT_FISH_FPATH" in AC_SUBST(FISH_FUNCTIONS_DIR) ;; esac - -CURL_CHECK_HEADER_MALLOC -CURL_CHECK_HEADER_MEMORY +AM_CONDITIONAL(USE_FISH_COMPLETION, test x"$FISH_FUNCTIONS_DIR" != x) dnl Now check for the very most basic headers. Then we can use these dnl ones as default-headers when checking for the rest! @@ -3070,17 +3571,16 @@ AC_CHECK_HEADERS( sys/select.h \ sys/socket.h \ sys/ioctl.h \ - sys/uio.h \ - assert.h \ unistd.h \ stdlib.h \ arpa/inet.h \ net/if.h \ netinet/in.h \ - netinet/in6.h \ + netinet/in6.h \ sys/un.h \ linux/tcp.h \ netinet/tcp.h \ + netinet/udp.h \ netdb.h \ sys/sockio.h \ sys/stat.h \ @@ -3088,7 +3588,6 @@ AC_CHECK_HEADERS( termios.h \ termio.h \ fcntl.h \ - alloca.h \ io.h \ pwd.h \ utime.h \ @@ -3099,11 +3598,10 @@ AC_CHECK_HEADERS( sys/resource.h \ libgen.h \ locale.h \ - errno.h \ stdbool.h \ - arpa/tftp.h \ sys/filio.h \ sys/wait.h \ + sys/eventfd.h \ setjmp.h, dnl to do if not found [], @@ -3140,24 +3638,25 @@ dnl default includes dnl Checks for typedefs, structures, and compiler characteristics. AC_C_CONST -CURL_CHECK_VARIADIC_MACROS AC_TYPE_SIZE_T CURL_CHECK_STRUCT_TIMEVAL CURL_VERIFY_RUNTIMELIBS -AX_COMPILE_CHECK_SIZEOF(size_t) -AX_COMPILE_CHECK_SIZEOF(long) -AX_COMPILE_CHECK_SIZEOF(int) -AX_COMPILE_CHECK_SIZEOF(short) -AX_COMPILE_CHECK_SIZEOF(time_t) -AX_COMPILE_CHECK_SIZEOF(off_t) +CURL_SIZEOF(size_t) +CURL_SIZEOF(long) +CURL_SIZEOF(int) +CURL_SIZEOF(time_t) +CURL_SIZEOF(off_t) o=$CPPFLAGS CPPFLAGS="-I$srcdir/include $CPPFLAGS" -AX_COMPILE_CHECK_SIZEOF(curl_off_t, [ +CURL_SIZEOF(curl_off_t, [ #include ]) +CURL_SIZEOF(curl_socket_t, [ +#include +]) CPPFLAGS=$o AC_CHECK_TYPE(long long, @@ -3166,22 +3665,10 @@ AC_CHECK_TYPE(long long, longlong="yes" ) -if test "xyes" = "x$longlong"; then - AC_MSG_CHECKING([if numberLL works]) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ - ]],[[ - long long val = 1000LL; - ]]) - ],[ - AC_MSG_RESULT([yes]) - AC_DEFINE(HAVE_LL, 1, [if your compiler supports LL]) - ],[ - AC_MSG_RESULT([no]) - ]) +if test ${ac_cv_sizeof_curl_off_t} -lt 8; then + AC_MSG_ERROR([64 bit curl_off_t is required]) fi - # check for ssize_t AC_CHECK_TYPE(ssize_t, , AC_DEFINE(ssize_t, int, [the signed version of size_t])) @@ -3208,6 +3695,12 @@ AC_CHECK_TYPE(sa_family_t, AC_DEFINE(CURL_SA_FAMILY_T, ADDRESS_FAMILY, [IP address type in sockaddr]), AC_DEFINE(CURL_SA_FAMILY_T, unsigned short, [IP address type in sockaddr]), [ +#ifdef _WIN32 +#ifndef WIN32_LEAN_AND_MEAN +#define WIN32_LEAN_AND_MEAN +#endif +#include +#endif #ifdef HAVE_SYS_SOCKET_H #include #endif @@ -3237,8 +3730,10 @@ CURL_RUN_IFELSE( [ #include #include - time_t t = -1; - return (t > 0); + int main(void) { + time_t t = -1; + return (t < 0); + } ],[ AC_MSG_RESULT([yes]) AC_DEFINE(HAVE_TIME_T_UNSIGNED, 1, [Define this if time_t is unsigned]) @@ -3249,8 +3744,6 @@ CURL_RUN_IFELSE( AC_MSG_RESULT([no]) ]) -CURL_CONFIGURE_PULL_SYS_POLL - TYPE_IN_ADDR_T TYPE_SOCKADDR_STORAGE @@ -3265,7 +3758,6 @@ CURL_CHECK_FUNC_ALARM CURL_CHECK_FUNC_BASENAME CURL_CHECK_FUNC_CLOSESOCKET CURL_CHECK_FUNC_CLOSESOCKET_CAMEL -CURL_CHECK_FUNC_CONNECT CURL_CHECK_FUNC_FCNTL CURL_CHECK_FUNC_FREEADDRINFO CURL_CHECK_FUNC_FSETXATTR @@ -3284,10 +3776,8 @@ CURL_CHECK_FUNC_INET_PTON CURL_CHECK_FUNC_IOCTL CURL_CHECK_FUNC_IOCTLSOCKET CURL_CHECK_FUNC_IOCTLSOCKET_CAMEL -CURL_CHECK_FUNC_LOCALTIME_R CURL_CHECK_FUNC_MEMRCHR CURL_CHECK_FUNC_POLL -CURL_CHECK_FUNC_SETSOCKOPT CURL_CHECK_FUNC_SIGACTION CURL_CHECK_FUNC_SIGINTERRUPT CURL_CHECK_FUNC_SIGNAL @@ -3299,12 +3789,8 @@ CURL_CHECK_FUNC_STRCMPI CURL_CHECK_FUNC_STRDUP CURL_CHECK_FUNC_STRERROR_R CURL_CHECK_FUNC_STRICMP -CURL_CHECK_FUNC_STRNCMPI -CURL_CHECK_FUNC_STRNICMP -CURL_CHECK_FUNC_STRSTR CURL_CHECK_FUNC_STRTOK_R CURL_CHECK_FUNC_STRTOLL -CURL_CHECK_FUNC_WRITEV case $host in *msdosdjgpp) @@ -3318,8 +3804,12 @@ AC_CHECK_DECLS([getpwuid_r], [], [AC_DEFINE(HAVE_DECL_GETPWUID_R_MISSING, 1, "Se [[#include #include ]]) - -AC_CHECK_FUNCS([fnmatch \ +AC_CHECK_FUNCS([\ + _fseeki64 \ + arc4random \ + eventfd \ + fnmatch \ + fseeko \ geteuid \ getpass_r \ getppid \ @@ -3330,77 +3820,39 @@ AC_CHECK_FUNCS([fnmatch \ if_nametoindex \ mach_absolute_time \ pipe \ + sched_yield \ + sendmsg \ setlocale \ setmode \ setrlimit \ - usleep \ + snprintf \ utime \ - utimes -],[ -],[ - func="$ac_func" - eval skipcheck=\$skipcheck_$func - if test "x$skipcheck" != "xyes"; then - AC_MSG_CHECKING([deeper for $func]) - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ - ]],[[ - $func (); - ]]) - ],[ - AC_MSG_RESULT([yes]) - eval "ac_cv_func_$func=yes" - AC_DEFINE_UNQUOTED(XC_SH_TR_CPP([HAVE_$func]), [1], - [Define to 1 if you have the $func function.]) - ],[ - AC_MSG_RESULT([but still no]) - ]) - fi + utimes \ ]) +dnl On Android, the only way to know if fseeko can be used is to see if it is +dnl declared or not (for this API level), as the symbol always exists in the +dnl lib. +AC_CHECK_DECL([fseeko], + [AC_DEFINE([HAVE_DECL_FSEEKO], [1], + [Define to 1 if you have the fseeko declaration])], + [], + [[#include ]]) + CURL_CHECK_NONBLOCKING_SOCKET -dnl ************************************************************ -dnl nroff tool stuff -dnl +if test "x$BUILD_DOCS" != "x0" -o "x$USE_MANUAL" != "x0"; then + AC_PATH_PROG( PERL, perl, , + $PATH:/usr/local/bin/perl:/usr/bin/:/usr/local/bin ) + AC_SUBST(PERL) -AC_PATH_PROG( PERL, perl, , - $PATH:/usr/local/bin/perl:/usr/bin/:/usr/local/bin ) -AC_SUBST(PERL) - -AC_PATH_PROGS( NROFF, gnroff nroff, , - $PATH:/usr/bin/:/usr/local/bin ) -AC_SUBST(NROFF) - -if test -n "$NROFF"; then - dnl only check for nroff options if an nroff command was found - - AC_MSG_CHECKING([how to use *nroff to get plain text from man pages]) - MANOPT="-man" - mancheck=`echo foo | $NROFF $MANOPT 2>/dev/null` - if test -z "$mancheck"; then - MANOPT="-mandoc" - mancheck=`echo foo | $NROFF $MANOPT 2>/dev/null` - if test -z "$mancheck"; then - MANOPT="" - AC_MSG_RESULT([failed]) - AC_MSG_WARN([found no *nroff option to get plaintext from man pages]) - else - AC_MSG_RESULT([$MANOPT]) - fi - else - AC_MSG_RESULT([$MANOPT]) + if test -z "$PERL"; then + AC_MSG_ERROR([perl was not found, needed for docs and manual]) fi - AC_SUBST(MANOPT) fi -if test -z "$MANOPT" -then - dnl if no nroff tool was found, or no option that could convert man pages - dnl was found, then disable the built-in manual stuff - AC_MSG_WARN([disabling built-in manual]) - USE_MANUAL="no"; -fi +dnl set variable for use in automakefile(s) +AM_CONDITIONAL(BUILD_DOCS, test x"$BUILD_DOCS" = x1) dnl ************************************************************************* dnl If the manual variable still is set, then we go with providing a built-in @@ -3415,7 +3867,6 @@ dnl set variable for use in automakefile(s) AM_CONDITIONAL(USE_MANUAL, test x"$USE_MANUAL" = x1) CURL_CHECK_LIB_ARES -AM_CONDITIONAL(USE_EMBEDDED_ARES, test x$embedded_ares = xyes) if test "x$curl_cv_native_windows" != "xyes" && test "x$enable_shared" = "xyes"; then @@ -3427,6 +3878,10 @@ AM_CONDITIONAL(BUILD_LIBHOSTNAME, test x$build_libhostname = xyes) if test "x$want_ares" != xyes; then CURL_CHECK_OPTION_THREADED_RESOLVER + + if test "$ipv6" = yes; then + CURL_DARWIN_SYSTEMCONFIGURATION + fi fi dnl ************************************************************ @@ -3474,7 +3929,7 @@ if test "$want_pthreads" != "no"; then AC_CHECK_HEADER(pthread.h, [ AC_DEFINE(HAVE_PTHREAD_H, 1, [if you have ]) save_CFLAGS="$CFLAGS" - dnl When statically linking against boringssl, -lpthread is added to LIBS. + dnl When statically linking against BoringSSL, -lpthread is added to LIBS. dnl Make sure to that this does not pass the check below, we really want dnl -pthread in CFLAGS as recommended for GCC. This also ensures that dnl lib1541 and lib1565 tests are built with these options. Otherwise @@ -3499,9 +3954,27 @@ if test "$want_pthreads" != "no"; then dnl if it wasn't found without lib, search for it in pthread lib if test "$USE_THREADS_POSIX" != "1" then - CFLAGS="$CFLAGS -pthread" # assign PTHREAD for pkg-config use PTHREAD=" -pthread" + + case $host in + *-ibm-aix*) + dnl Check if compiler is xlC + COMPILER_VERSION=`"$CC" -qversion 2>/dev/null` + if test x"$COMPILER_VERSION" = "x"; then + CFLAGS="$CFLAGS -pthread" + else + CFLAGS="$CFLAGS -qthreaded" + fi + ;; + powerpc-*amigaos*) + dnl No -pthread option, but link with -lpthread + PTHREAD=" -lpthread" + ;; + *) + CFLAGS="$CFLAGS -pthread" + ;; + esac AC_CHECK_LIB(pthread, pthread_create, [USE_THREADS_POSIX=1], [ CFLAGS="$save_CFLAGS"]) @@ -3530,6 +4003,12 @@ if test "$want_thres" = "yes" && test "x$USE_THREADS_POSIX" != "x1"; then fi fi +AC_CHECK_HEADER(dirent.h, + [ AC_DEFINE(HAVE_DIRENT_H, 1, [if you have ]) + AC_CHECK_FUNC(opendir, AC_DEFINE(HAVE_OPENDIR, 1, [if you have opendir]) ) + ] +) + CURL_CONVERT_INCLUDE_TO_ISYSTEM dnl ************************************************************ @@ -3588,17 +4067,113 @@ AS_HELP_STRING([--disable-sspi],[Disable SSPI]), ) dnl ************************************************************ -dnl disable cryptographic authentication +dnl disable basic authentication dnl -AC_MSG_CHECKING([whether to enable cryptographic authentication methods]) -AC_ARG_ENABLE(crypto-auth, -AS_HELP_STRING([--enable-crypto-auth],[Enable cryptographic authentication]) -AS_HELP_STRING([--disable-crypto-auth],[Disable cryptographic authentication]), +AC_MSG_CHECKING([whether to enable basic authentication method]) +AC_ARG_ENABLE(basic-auth, +AS_HELP_STRING([--enable-basic-auth],[Enable basic authentication (default)]) +AS_HELP_STRING([--disable-basic-auth],[Disable basic authentication]), [ case "$enableval" in no) AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_CRYPTO_AUTH, 1, [to disable cryptographic authentication]) - CURL_DISABLE_CRYPTO_AUTH=1 + AC_DEFINE(CURL_DISABLE_BASIC_AUTH, 1, [to disable basic authentication]) + CURL_DISABLE_BASIC_AUTH=1 + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable bearer authentication +dnl +AC_MSG_CHECKING([whether to enable bearer authentication method]) +AC_ARG_ENABLE(bearer-auth, +AS_HELP_STRING([--enable-bearer-auth],[Enable bearer authentication (default)]) +AS_HELP_STRING([--disable-bearer-auth],[Disable bearer authentication]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_BEARER_AUTH, 1, [to disable bearer authentication]) + CURL_DISABLE_BEARER_AUTH=1 + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable digest authentication +dnl +AC_MSG_CHECKING([whether to enable digest authentication method]) +AC_ARG_ENABLE(digest-auth, +AS_HELP_STRING([--enable-digest-auth],[Enable digest authentication (default)]) +AS_HELP_STRING([--disable-digest-auth],[Disable digest authentication]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_DIGEST_AUTH, 1, [to disable digest authentication]) + CURL_DISABLE_DIGEST_AUTH=1 + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable kerberos authentication +dnl +AC_MSG_CHECKING([whether to enable kerberos authentication method]) +AC_ARG_ENABLE(kerberos-auth, +AS_HELP_STRING([--enable-kerberos-auth],[Enable kerberos authentication (default)]) +AS_HELP_STRING([--disable-kerberos-auth],[Disable kerberos authentication]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_KERBEROS_AUTH, 1, [to disable kerberos authentication]) + CURL_DISABLE_KERBEROS_AUTH=1 + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable negotiate authentication +dnl +AC_MSG_CHECKING([whether to enable negotiate authentication method]) +AC_ARG_ENABLE(negotiate-auth, +AS_HELP_STRING([--enable-negotiate-auth],[Enable negotiate authentication (default)]) +AS_HELP_STRING([--disable-negotiate-auth],[Disable negotiate authentication]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_NEGOTIATE_AUTH, 1, [to disable negotiate authentication]) + CURL_DISABLE_NEGOTIATE_AUTH=1 + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + + +dnl ************************************************************ +dnl disable aws +dnl +AC_MSG_CHECKING([whether to enable aws sig methods]) +AC_ARG_ENABLE(aws, +AS_HELP_STRING([--enable-aws],[Enable AWS sig support (default)]) +AS_HELP_STRING([--disable-aws],[Disable AWS sig support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_AWS, 1, [to disable AWS sig support]) + CURL_DISABLE_AWS=1 ;; *) AC_MSG_RESULT(yes) ;; @@ -3625,10 +4200,6 @@ AS_HELP_STRING([--disable-ntlm],[Disable NTLM support]), AC_MSG_RESULT(yes) ) -CURL_CHECK_OPTION_NTLM_WB - -CURL_CHECK_NTLM_WB - dnl ************************************************************ dnl disable TLS-SRP authentication dnl @@ -3675,17 +4246,23 @@ AS_HELP_STRING([--disable-unix-sockets],[Disable Unix domain sockets]), ] ) if test "x$want_unix_sockets" != "xno"; then - AC_CHECK_MEMBER([struct sockaddr_un.sun_path], [ + if test "x$curl_cv_native_windows" = "xyes"; then + USE_UNIX_SOCKETS=1 AC_DEFINE(USE_UNIX_SOCKETS, 1, [Use Unix domain sockets]) - AC_SUBST(USE_UNIX_SOCKETS, [1]) curl_unix_sockets_msg="enabled" - ], [ - if test "x$want_unix_sockets" = "xyes"; then - AC_MSG_ERROR([--enable-unix-sockets is not available on this platform!]) - fi - ], [ - #include - ]) + else + AC_CHECK_MEMBER([struct sockaddr_un.sun_path], [ + AC_DEFINE(USE_UNIX_SOCKETS, 1, [Use Unix domain sockets]) + AC_SUBST(USE_UNIX_SOCKETS, [1]) + curl_unix_sockets_msg="enabled" + ], [ + if test "x$want_unix_sockets" = "xyes"; then + AC_MSG_ERROR([--enable-unix-sockets is not available on this platform!]) + fi + ], [ + #include + ]) + fi fi dnl ************************************************************ @@ -3778,6 +4355,50 @@ AS_HELP_STRING([--disable-mime],[Disable mime API support]), AC_MSG_RESULT(yes) ) +dnl ************************************************************ +dnl disable bindlocal +dnl +AC_MSG_CHECKING([whether to support binding connections locally]) +AC_ARG_ENABLE(bindlocal, +AS_HELP_STRING([--enable-bindlocal],[Enable local binding support]) +AS_HELP_STRING([--disable-bindlocal],[Disable local binding support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_BINDLOCAL, 1, [disable local binding support]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable form API support +dnl +AC_MSG_CHECKING([whether to support the form API]) +AC_ARG_ENABLE(form-api, +AS_HELP_STRING([--enable-form-api],[Enable form API support]) +AS_HELP_STRING([--disable-form-api],[Disable form API support]), +[ case "$enableval" in + no) AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_FORM_API, 1, [disable form API]) + ;; + *) AC_MSG_RESULT(yes) + test "$enable_mime" = no && + AC_MSG_ERROR(MIME support needs to be enabled in order to enable form API support) + ;; + esac ], +[ + if test "$enable_mime" = no; then + enable_form_api=no + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_FORM_API, 1, [disable form API]) + else + AC_MSG_RESULT(yes) + fi ] +) + dnl ************************************************************ dnl disable date parsing dnl @@ -3885,19 +4506,37 @@ AS_HELP_STRING([--disable-alt-svc],[Disable alt-svc support]), *) AC_MSG_RESULT(yes) ;; esac ], - AC_MSG_RESULT(no) + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl switch on/off headers-api +dnl +AC_MSG_CHECKING([whether to support headers-api]) +AC_ARG_ENABLE(headers-api, +AS_HELP_STRING([--enable-headers-api],[Enable headers-api support]) +AS_HELP_STRING([--disable-headers-api],[Disable headers-api support]), +[ case "$enableval" in + no) AC_MSG_RESULT(no) + curl_headers_msg="no (--enable-headers-api)" + AC_DEFINE(CURL_DISABLE_HEADERS_API, 1, [disable headers-api]) + ;; + *) + AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) ) dnl only check for HSTS if there's SSL present if test -n "$SSL_ENABLED"; then - dnl ************************************************************ dnl switch on/off hsts dnl AC_MSG_CHECKING([whether to support HSTS]) AC_ARG_ENABLE(hsts, - AS_HELP_STRING([--enable-hsts],[Enable HSTS support]) - AS_HELP_STRING([--disable-hsts],[Disable HSTS support]), +AS_HELP_STRING([--enable-hsts],[Enable HSTS support]) +AS_HELP_STRING([--disable-hsts],[Disable HSTS support]), [ case "$enableval" in no) AC_MSG_RESULT(no) @@ -3918,6 +4557,16 @@ if test "x$hsts" != "xyes"; then AC_DEFINE(CURL_DISABLE_HSTS, 1, [disable alt-svc]) fi + +dnl ************************************************************* +dnl check whether HTTPSRR support if desired +dnl +if test "x$want_httpsrr" != "xno"; then + AC_MSG_RESULT([HTTPSRR support is available]) + AC_DEFINE(USE_HTTPSRR, 1, [enable HTTPS RR support]) + experimental="$experimental HTTPSRR" +fi + dnl ************************************************************* dnl check whether ECH support, if desired, is actually available dnl @@ -3928,18 +4577,28 @@ if test "x$want_ech" != "xno"; then ECH_ENABLED=0 ECH_SUPPORT='' - dnl OpenSSL with a chosen ECH function should be enough - dnl so more exhaustive checking seems unnecessary for now + dnl check for OpenSSL if test "x$OPENSSL_ENABLED" = "x1"; then - AC_CHECK_FUNCS(SSL_get_ech_status, - ECH_SUPPORT="ECH support available (OpenSSL with SSL_get_ech_status)" + AC_CHECK_FUNCS(SSL_ech_set1_echconfig, + ECH_SUPPORT="ECH support available via OpenSSL with SSL_ech_set1_echconfig" + ECH_ENABLED=1) + fi + dnl check for BoringSSL equivalent + if test "x$OPENSSL_ENABLED" = "x1"; then + AC_CHECK_FUNCS(SSL_set1_ech_config_list, + ECH_SUPPORT="ECH support available via BoringSSL with SSL_set1_ech_config_list" + ECH_ENABLED=1) + fi + if test "x$WOLFSSL_ENABLED" = "x1"; then + AC_CHECK_FUNCS(wolfSSL_CTX_GenerateEchConfig, + ECH_SUPPORT="ECH support available via wolfSSL with wolfSSL_CTX_GenerateEchConfig" ECH_ENABLED=1) - - dnl add 'elif' chain here for additional implementations fi dnl now deal with whatever we found if test "x$ECH_ENABLED" = "x1"; then + dnl force pre-requisites for ECH + AC_DEFINE(USE_HTTPSRR, 1, [force HTTPS RR support for ECH]) AC_DEFINE(USE_ECH, 1, [if ECH support is available]) AC_MSG_RESULT($ECH_SUPPORT) experimental="$experimental ECH" @@ -3948,6 +4607,45 @@ if test "x$want_ech" != "xno"; then fi fi +dnl ************************************************************* +dnl check whether OpenSSL (lookalikes) have SSL_set0_wbio +dnl +if test "x$OPENSSL_ENABLED" = "x1"; then + AC_CHECK_FUNCS([SSL_set0_wbio]) +fi + +dnl ************************************************************* +dnl WebSockets +dnl +AC_MSG_CHECKING([whether to support WebSockets]) +AC_ARG_ENABLE(websockets, +AS_HELP_STRING([--enable-websockets],[Enable WebSockets support]) +AS_HELP_STRING([--disable-websockets],[Disable WebSockets support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + ;; + *) + if test ${ac_cv_sizeof_curl_off_t} -gt 4; then + AC_MSG_RESULT(yes) + curl_ws_msg="enabled" + AC_DEFINE_UNQUOTED(USE_WEBSOCKETS, [1], [enable websockets support]) + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS WS" + if test "x$SSL_ENABLED" = "x1"; then + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS WSS" + fi + experimental="$experimental Websockets" + else + dnl websockets requires >32 bit curl_off_t + AC_MSG_RESULT(no) + AC_MSG_WARN([Websockets disabled due to lack of >32 bit curl_off_t]) + fi + ;; + esac ], + AC_MSG_RESULT(no) +) + + dnl ************************************************************ dnl hiding of library internal symbols dnl @@ -3979,14 +4677,24 @@ dnl to let curl-config output the static libraries correctly ENABLE_STATIC="$enable_static" AC_SUBST(ENABLE_STATIC) -dnl merge the pkg-config Libs.private field into Libs when static-only +squeeze LIBCURL_PC_REQUIRES_PRIVATE +LIBCURL_PC_REQUIRES_PRIVATE=`echo $LIBCURL_PC_REQUIRES_PRIVATE | tr ' ' ','` + +AC_SUBST(LIBCURL_PC_REQUIRES_PRIVATE) + +dnl Merge pkg-config private fields into public ones when static-only if test "x$enable_shared" = "xno"; then + LIBCURL_PC_REQUIRES=$LIBCURL_PC_REQUIRES_PRIVATE LIBCURL_NO_SHARED=$LIBCURL_LIBS else + LIBCURL_PC_REQUIRES= LIBCURL_NO_SHARED= fi +AC_SUBST(LIBCURL_PC_REQUIRES) AC_SUBST(LIBCURL_NO_SHARED) +rm $compilersh + dnl dnl For keeping supported features and protocols also in pkg-config file dnl since it is more cross-compile friendly than curl-config @@ -4042,22 +4750,21 @@ if test "x$hsts" = "xyes"; then SUPPORT_FEATURES="$SUPPORT_FEATURES HSTS" fi -if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ +if test "x$CURL_DISABLE_NEGOTIATE_AUTH" != "x1" -a \ \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO" fi -if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ +if test "x$CURL_DISABLE_KERBEROS_AUTH" != "x1" -a \ \( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then SUPPORT_FEATURES="$SUPPORT_FEATURES Kerberos" fi use_curl_ntlm_core=no -if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ - "x$CURL_DISABLE_NTLM" != "x1"; then +if test "x$CURL_DISABLE_NTLM" != "x1"; then if test "x$OPENSSL_ENABLED" = "x1" -o "x$MBEDTLS_ENABLED" = "x1" \ - -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" \ -o "x$SECURETRANSPORT_ENABLED" = "x1" \ -o "x$USE_WIN32_CRYPTO" = "x1" \ -o "x$WOLFSSL_NTLM" = "x1"; then @@ -4067,11 +4774,6 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ if test "x$use_curl_ntlm_core" = "xyes" \ -o "x$USE_WINDOWS_SSPI" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" - - if test "x$CURL_DISABLE_HTTP" != "x1" -a \ - "x$NTLM_WB_ENABLED" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB" - fi fi fi @@ -4079,11 +4781,15 @@ if test "x$USE_TLS_SRP" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES TLS-SRP" fi -if test "x$USE_NGHTTP2" = "x1" -o "x$USE_HYPER" = "x1"; then +if test "x$USE_NGHTTP2" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2" fi -if test "x$USE_NGTCP2" = "x1" -o "x$USE_QUICHE" = "x1"; then +if test "x$USE_NGTCP2_H3" = "x1" -o "x$USE_QUICHE" = "x1" \ + -o "x$USE_OPENSSL_H3" = "x1" -o "x$USE_MSH3" = "x1"; then + if test "x$CURL_WITH_MULTI_SSL" = "x1"; then + AC_MSG_ERROR([MultiSSL cannot be enabled with HTTP/3 and vice versa]) + fi SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP3" fi @@ -4091,16 +4797,37 @@ if test "x$CURL_WITH_MULTI_SSL" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES MultiSSL" fi +AC_MSG_CHECKING([if this build supports HTTPS-proxy]) dnl if not explicitly turned off, HTTPS-proxy comes with some TLS backends -if test "x$https_proxy" != "xno"; then - if test "x$OPENSSL_ENABLED" = "x1" -o "x$GNUTLS_ENABLED" = "x1" \ - -o "x$NSS_ENABLED" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" +if test "x$CURL_DISABLE_HTTP" != "x1"; then + if test "x$https_proxy" != "xno"; then + if test "x$OPENSSL_ENABLED" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" \ + -o "x$SECURETRANSPORT_ENABLED" = "x1" \ + -o "x$RUSTLS_ENABLED" = "x1" \ + -o "x$BEARSSL_ENABLED" = "x1" \ + -o "x$SCHANNEL_ENABLED" = "x1" \ + -o "x$GNUTLS_ENABLED" = "x1" \ + -o "x$MBEDTLS_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" + AC_MSG_RESULT([yes]) + elif test "x$WOLFSSL_ENABLED" = "x1" -a "x$WOLFSSL_FULL_BIO" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + else + AC_MSG_RESULT([no]) fi +else + AC_MSG_RESULT([no]) fi -if test "x$ECH_ENABLED" = "x1"; then - SUPPORT_FEATURES="$SUPPORT_FEATURES ECH" +if test "x$OPENSSL_ENABLED" = "x1" -o -n "$SSL_ENABLED"; then + if test "x$ECH_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES ECH" + fi fi if test ${ac_cv_sizeof_curl_off_t} -gt 4; then @@ -4110,15 +4837,46 @@ if test ${ac_cv_sizeof_curl_off_t} -gt 4; then fi fi +if test "$tst_atomic" = "yes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" +elif test "x$USE_THREADS_POSIX" = "x1" -a \ + "x$ac_cv_header_pthread_h" = "xyes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" +else + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + #include + ]],[[ + #if (WINVER < 0x600) && (_WIN32_WINNT < 0x600) + #error + #endif + ]]) + ],[ + SUPPORT_FEATURES="$SUPPORT_FEATURES threadsafe" + ],[ + ]) +fi + +if test "x$want_debug" = "xyes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES Debug" +fi +if test "x$want_curldebug" = "xyes"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES TrackMemory" +fi + dnl replace spaces with newlines dnl sort the lines dnl replace the newlines back to spaces -SUPPORT_FEATURES=`echo $SUPPORT_FEATURES | tr ' ' '\012' | sort | tr '\012' ' '` +if sort -f /dev/null 2>&1; then + SUPPORT_FEATURES=`echo $SUPPORT_FEATURES | tr ' ' '\012' | sort -f | tr '\012' ' '` +else + SUPPORT_FEATURES=`echo $SUPPORT_FEATURES | tr ' ' '\012' | sort | tr '\012' ' '` +fi AC_SUBST(SUPPORT_FEATURES) dnl For supported protocols in pkg-config file if test "x$CURL_DISABLE_HTTP" != "x1"; then - SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTP" + SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTP IPFS IPNS" if test "x$SSL_ENABLED" = "x1"; then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS HTTPS" fi @@ -4247,12 +5005,16 @@ AC_CONFIG_FILES([Makefile \ scripts/Makefile \ lib/libcurl.vers \ tests/Makefile \ + tests/config \ tests/certs/Makefile \ tests/certs/scripts/Makefile \ tests/data/Makefile \ tests/server/Makefile \ tests/libtest/Makefile \ tests/unit/Makefile \ + tests/http/config.ini \ + tests/http/Makefile \ + tests/http/clients/Makefile \ packages/Makefile \ packages/vms/Makefile \ curl-config \ @@ -4262,7 +5024,7 @@ AC_OUTPUT CURL_GENERATE_CONFIGUREHELP_PM -XC_AMEND_DISTCLEAN([lib src tests/unit tests/server tests/libtest docs/examples]) +SUPPORT_PROTOCOLS_LOWER=`echo "$SUPPORT_PROTOCOLS" | tr A-Z a-z` AC_MSG_NOTICE([Configured to build curl/libcurl: @@ -4270,6 +5032,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl: Install prefix: ${prefix} Compiler: ${CC} CFLAGS: ${CFLAGS} + CFLAGS extras: ${CURL_CFLAG_EXTRAS} CPPFLAGS: ${CPPFLAGS} LDFLAGS: ${LDFLAGS} LIBS: ${LIBS} @@ -4287,6 +5050,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl: IPv6: ${curl_ipv6_msg} Unix sockets: ${curl_unix_sockets_msg} IDN: ${curl_idn_msg} + Build docs: ${curl_docs_msg} Build libcurl: Shared=${enable_shared}, Static=${enable_static} Built-in manual: ${curl_manual_msg} --libcurl option: ${curl_libcurl_msg} @@ -4302,16 +5066,26 @@ AC_MSG_NOTICE([Configured to build curl/libcurl: RTMP: ${curl_rtmp_msg} PSL: ${curl_psl_msg} Alt-svc: ${curl_altsvc_msg} + Headers API: ${curl_headers_msg} HSTS: ${curl_hsts_msg} HTTP1: ${curl_h1_msg} HTTP2: ${curl_h2_msg} HTTP3: ${curl_h3_msg} ECH: ${curl_ech_msg} - Protocols: ${SUPPORT_PROTOCOLS} + WebSockets: ${curl_ws_msg} + Protocols: ${SUPPORT_PROTOCOLS_LOWER} Features: ${SUPPORT_FEATURES} ]) + +non13=`echo "$TLSCHOICE" | $EGREP -io 'bearssl|secure-transport'`; +if test -n "$non13"; then + for a in $non13; do + AC_MSG_WARN([$a is enabled for TLS but it does not support TLS 1.3]) + done +fi + if test -n "$experimental"; then - cat >&2 << _EOF - WARNING: $experimental enabled but marked EXPERIMENTAL. Use with caution! -_EOF + for a in $experimental; do + AC_MSG_WARN([$a is enabled but marked EXPERIMENTAL. Use with caution!]) + done fi diff --git a/libs/curl/curl-config.in b/libs/curl/curl-config.in index 8b4a29a9..5d40bc39 100644 --- a/libs/curl/curl-config.in +++ b/libs/curl/curl-config.in @@ -1,4 +1,4 @@ -#! /bin/sh +#!/bin/sh #*************************************************************************** # _ _ ____ _ # Project ___| | | | _ \| | @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 2001 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -19,176 +19,177 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -prefix=@prefix@ +# shellcheck disable=SC2006 + +prefix="@prefix@" +# Used in @libdir@ +# shellcheck disable=SC2034 exec_prefix=@exec_prefix@ +# shellcheck disable=SC2034 includedir=@includedir@ cppflag_curl_staticlib=@CPPFLAG_CURL_STATICLIB@ usage() { - cat <&2 - exit 1 - fi - ;; - - --configure) - echo @CONFIGURE_OPTIONS@ - ;; - - *) - echo "unknown option: $1" - usage 1 - ;; - esac - shift + fi + fi + + echo "requested version $checkfor is newer than existing @CURLVERSION@" + exit 1 + ;; + + --vernum) + echo '@VERSIONNUM@' + exit 0 + ;; + + --help) + usage 0 + ;; + + --cflags) + if test "X$cppflag_curl_staticlib" = "X-DCURL_STATICLIB"; then + CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB " + else + CPPFLAG_CURL_STATICLIB="" + fi + if test "X@includedir@" = "X/usr/include"; then + echo "${CPPFLAG_CURL_STATICLIB}" + else + echo "${CPPFLAG_CURL_STATICLIB}-I@includedir@" + fi + ;; + + --libs) + if test "X@libdir@" != "X/usr/lib" -a "X@libdir@" != "X/usr/lib64"; then + CURLLIBDIR="-L@libdir@ " + else + CURLLIBDIR="" + fi + if test "X@ENABLE_SHARED@" = "Xno"; then + echo "${CURLLIBDIR}-lcurl @LIBCURL_LIBS@" + else + echo "${CURLLIBDIR}-lcurl" + fi + ;; + + --ssl-backends) + echo '@SSL_BACKENDS@' + ;; + + --static-libs) + if test "X@ENABLE_STATIC@" != "Xno" ; then + echo "@libdir@/libcurl.@libext@" @LDFLAGS@ @LIBCURL_LIBS@ + else + echo 'curl was built with static libraries disabled' >&2 + exit 1 + fi + ;; + + --configure) + echo @CONFIGURE_OPTIONS@ + ;; + + *) + echo "unknown option: $1" + usage 1 + ;; + esac + shift done exit 0 diff --git a/libs/curl/docs/.gitignore b/libs/curl/docs/.gitignore index 60f32938..31ca7656 100644 --- a/libs/curl/docs/.gitignore +++ b/libs/curl/docs/.gitignore @@ -1,4 +1,7 @@ -*.html -*.pdf -curl.1 -*.1.dist +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +*.1 +*.3 +RELEASE-TOOLS.md.dist diff --git a/libs/curl/docs/ALTSVC.md b/libs/curl/docs/ALTSVC.md index 25437d6f..4b5bcffc 100644 --- a/libs/curl/docs/ALTSVC.md +++ b/libs/curl/docs/ALTSVC.md @@ -1,3 +1,9 @@ + + # Alt-Svc curl features support for the Alt-Svc: HTTP header. @@ -10,11 +16,11 @@ curl features support for the Alt-Svc: HTTP header. ## Standard -[RFC 7838](https://tools.ietf.org/html/rfc7838) +[RFC 7838](https://datatracker.ietf.org/doc/html/rfc7838) # Alt-Svc cache file format -This a text based file with one line per entry and each line consists of nine +This is a text based file with one line per entry and each line consists of nine space separated fields. ## Example @@ -24,15 +30,18 @@ space separated fields. ## Fields 1. The ALPN id for the source origin -2. The host name for the source origin +2. The hostname for the source origin 3. The port number for the source origin 4. The ALPN id for the destination host -5. The host name for the destination host -6. The host number for the destination host +5. The hostname for the destination host +6. The port number for the destination host 7. The expiration date and time of this entry within double quotes. The date format is "YYYYMMDD HH:MM:SS" and the time zone is GMT. 8. Boolean (1 or 0) if "persist" was set for this entry 9. Integer priority value (not currently used) +If the hostname is an IPv6 numerical address, it is stored with brackets such +as `[::1]`. + # TODO - handle multiple response headers, when one of them says `clear` (should diff --git a/libs/curl/docs/BINDINGS.md b/libs/curl/docs/BINDINGS.md index 01e4de8a..970df396 100644 --- a/libs/curl/docs/BINDINGS.md +++ b/libs/curl/docs/BINDINGS.md @@ -1,3 +1,9 @@ + + libcurl bindings ================ @@ -20,7 +26,7 @@ C++: [curlpp](https://github.com/jpbarrette/curlpp/) Written by Jean-Philippe Ba [curlcpp](https://github.com/JosephP91/curlcpp) by Giuseppe Persico and [C++ Requests](https://github.com/libcpr/cpr) by Huu Nguyen -[Ch](https://chcurl.sourceforge.io/) Written by Stephen Nestinger and Jonathan Rogado +[Ch](https://chcurl.sourceforge.net/) Written by Stephen Nestinger and Jonathan Rogado Cocoa: [BBHTTP](https://github.com/biasedbit/BBHTTP) written by Bruno de Carvalho [curlhandle](https://github.com/karelia/curlhandle) Written by Dan Wood @@ -31,7 +37,7 @@ Clojure: [clj-curl](https://github.com/lsevero/clj-curl) by Lucas Severo [Delphi](https://github.com/Mercury13/curl4delphi) Written by Mikhail Merkuryev -[Dylan](https://dylanlibs.sourceforge.io/) Written by Chris Double +[Dylan](https://dylanlibs.sourceforge.net/) Written by Chris Double [Eiffel](https://iron.eiffel.com/repository/20.11/package/ABEF6975-37AC-45FD-9C67-52D10BA0669B) Written by Eiffel Software @@ -41,7 +47,9 @@ Clojure: [clj-curl](https://github.com/lsevero/clj-curl) by Lucas Severo [Ferite](https://web.archive.org/web/20150102192018/ferite.org/) Written by Paul Querna -[Gambas](https://gambas.sourceforge.io/) +[Fortran](https://github.com/interkosmos/fortran-curl) Written by Philipp Engel + +[Gambas](https://gambas.sourceforge.net/) [glib/GTK+](https://web.archive.org/web/20100526203452/atterer.net/glibcurl) Written by Richard Atterer @@ -53,7 +61,9 @@ Go: [go-curl](https://github.com/andelf/go-curl) by ShuYu Wang [Haskell](https://hackage.haskell.org/package/curl) Written by Galois, Inc -[Java](https://github.com/pjlegato/curl-java) +[Hollywood](https://www.hollywood-mal.com/download.html) hURL by Andreas Falkenhahn + +[Java](https://github.com/covers1624/curl4j) [Julia](https://github.com/JuliaWeb/LibCURL.jl) Written by Amit Murthy @@ -92,11 +102,13 @@ Bailiff and Bálint Szilakszi, [Python](http://pycurl.io/) PycURL by Kjetil Jacobsen -[Q](https://q-lang.sourceforge.io/) The libcurl module is part of the default install +[Python](https://pypi.org/project/pymcurl/) mcurl by Ganesh Viswanathan + +[Q](https://q-lang.sourceforge.net/) The libcurl module is part of the default install [R](https://cran.r-project.org/package=curl) -[Rexx](https://rexxcurl.sourceforge.io/) Written Mark Hessling +[Rexx](https://rexxcurl.sourceforge.net/) Written Mark Hessling [Ring](https://ring-lang.sourceforge.io/doc1.3/libcurl.html) RingLibCurl by Mahmoud Fayed @@ -107,7 +119,7 @@ Ruby: [curb](https://github.com/taf2/curb) written by Ross Bamford, [Rust](https://github.com/alexcrichton/curl-rust) curl-rust - by Carl Lerche -[Scheme](http://www.metapaper.net/lisovsky/web/curl/) Bigloo binding by Kirill Lisovsky +[Scheme](https://www.metapaper.net/lisovsky/web/curl/) Bigloo binding by Kirill Lisovsky [Scilab](https://help.scilab.org/docs/current/fr_FR/getURL.html) binding by Sylvestre Ledru @@ -117,15 +129,17 @@ Ruby: [curb](https://github.com/taf2/curb) written by Ross Bamford, [SP-Forth](https://sourceforge.net/p/spf/spf/ci/master/tree/devel/~ac/lib/lin/curl/) Written by Andrey Cherezov -[SPL](https://web.archive.org/web/20210203022158/http://www.clifford.at/spl/spldoc/curl.html) Written by Clifford Wolf +[SPL](https://web.archive.org/web/20210203022158/www.clifford.at/spl/spldoc/curl.html) Written by Clifford Wolf [Tcl](https://web.archive.org/web/20160826011806/mirror.yellow5.com/tclcurl/) Tclcurl by Andrés García +[Vibe](https://github.com/ttytm/vibe) HTTP requests through libcurl in V + [Visual Basic](https://sourceforge.net/projects/libcurl-vb/) libcurl-vb by Jeffrey Phillips [Visual Foxpro](https://web.archive.org/web/20130730181523/www.ctl32.com.ar/libcurl.asp) by Carlos Alloatti -[wxWidgets](https://wxcode.sourceforge.io/components/wxcurl/) Written by Casey O'Donnell +[wxWidgets](https://wxcode.sourceforge.net/components/wxcurl/) Written by Casey O'Donnell [XBLite](https://web.archive.org/web/20060426150418/perso.wanadoo.fr/xblite/libraries.html) Written by David Szafranski diff --git a/libs/curl/docs/BUFQ.md b/libs/curl/docs/BUFQ.md new file mode 100644 index 00000000..60843819 --- /dev/null +++ b/libs/curl/docs/BUFQ.md @@ -0,0 +1,177 @@ + + +# bufq + +This is an internal module for managing I/O buffers. A `bufq` can be written +to and read from. It manages read and write positions and has a maximum size. + +## read/write + +Its basic read/write functions have a similar signature and return code handling +as many internal Curl read and write ones. + + +``` +ssize_t Curl_bufq_write(struct bufq *q, const unsigned char *buf, size_t len, CURLcode *err); + +- returns the length written into `q` or -1 on error. +- writing to a full `q` returns -1 and set *err to CURLE_AGAIN + +ssize_t Curl_bufq_read(struct bufq *q, unsigned char *buf, size_t len, CURLcode *err); + +- returns the length read from `q` or -1 on error. +- reading from an empty `q` returns -1 and set *err to CURLE_AGAIN + +``` + +To pass data into a `bufq` without an extra copy, read callbacks can be used. + +``` +typedef ssize_t Curl_bufq_reader(void *reader_ctx, unsigned char *buf, size_t len, + CURLcode *err); + +ssize_t Curl_bufq_slurp(struct bufq *q, Curl_bufq_reader *reader, void *reader_ctx, + CURLcode *err); +``` + +`Curl_bufq_slurp()` invokes the given `reader` callback, passing it its own +internal buffer memory to write to. It may invoke the `reader` several times, +as long as it has space and while the `reader` always returns the length that +was requested. There are variations of `slurp` that call the `reader` at most +once or only read in a maximum amount of bytes. + +The analog mechanism for write out buffer data is: + +``` +typedef ssize_t Curl_bufq_writer(void *writer_ctx, const unsigned char *buf, size_t len, + CURLcode *err); + +ssize_t Curl_bufq_pass(struct bufq *q, Curl_bufq_writer *writer, void *writer_ctx, + CURLcode *err); +``` + +`Curl_bufq_pass()` invokes the `writer`, passing its internal memory and +remove the amount that `writer` reports. + +## peek and skip + +It is possible to get access to the memory of data stored in a `bufq` with: + +``` +bool Curl_bufq_peek(const struct bufq *q, const unsigned char **pbuf, size_t *plen); +``` + +On returning TRUE, `pbuf` points to internal memory with `plen` bytes that one +may read. This is only valid until another operation on `bufq` is performed. + +Instead of reading `bufq` data, one may simply skip it: + +``` +void Curl_bufq_skip(struct bufq *q, size_t amount); +``` + +This removes `amount` number of bytes from the `bufq`. + + +## lifetime + +`bufq` is initialized and freed similar to the `dynbuf` module. Code using +`bufq` holds a `struct bufq` somewhere. Before it uses it, it invokes: + +``` +void Curl_bufq_init(struct bufq *q, size_t chunk_size, size_t max_chunks); +``` + +The `bufq` is told how many "chunks" of data it shall hold at maximum and how +large those "chunks" should be. There are some variants of this, allowing for +more options. How "chunks" are handled in a `bufq` is presented in the section +about memory management. + +The user of the `bufq` has the responsibility to call: + +``` +void Curl_bufq_free(struct bufq *q); +``` +to free all resources held by `q`. It is possible to reset a `bufq` to empty via: + +``` +void Curl_bufq_reset(struct bufq *q); +``` + +## memory management + +Internally, a `bufq` uses allocation of fixed size, e.g. the "chunk_size", up +to a maximum number, e.g. "max_chunks". These chunks are allocated on demand, +therefore writing to a `bufq` may return `CURLE_OUT_OF_MEMORY`. Once the max +number of chunks are used, the `bufq` reports that it is "full". + +Each chunks has a `read` and `write` index. A `bufq` keeps its chunks in a +list. Reading happens always at the head chunk, writing always goes to the +tail chunk. When the head chunk becomes empty, it is removed. When the tail +chunk becomes full, another chunk is added to the end of the list, becoming +the new tail. + +Chunks that are no longer used are returned to a `spare` list by default. If +the `bufq` is created with option `BUFQ_OPT_NO_SPARES` those chunks are freed +right away. + +If a `bufq` is created with a `bufc_pool`, the no longer used chunks are +returned to the pool. Also `bufq` asks the pool for a chunk when it needs one. +More in section "pools". + +## empty, full and overflow + +One can ask about the state of a `bufq` with methods such as +`Curl_bufq_is_empty(q)`, `Curl_bufq_is_full(q)`, etc. The amount of data held +by a `bufq` is the sum of the data in all its chunks. This is what is reported +by `Curl_bufq_len(q)`. + +Note that a `bufq` length and it being "full" are only loosely related. A +simple example: + +* create a `bufq` with chunk_size=1000 and max_chunks=4. +* write 4000 bytes to it, it reports "full" +* read 1 bytes from it, it still reports "full" +* read 999 more bytes from it, and it is no longer "full" + +The reason for this is that full really means: *bufq uses max_chunks and the +last one cannot be written to*. + +When you read 1 byte from the head chunk in the example above, the head still +hold 999 unread bytes. Only when those are also read, can the head chunk be +removed and a new tail be added. + +There is another variation to this. If you initialized a `bufq` with option +`BUFQ_OPT_SOFT_LIMIT`, it allows writes **beyond** the `max_chunks`. It +reports **full**, but one can **still** write. This option is necessary, if +partial writes need to be avoided. It means that you need other checks to keep +the `bufq` from growing ever larger and larger. + + +## pools + +A `struct bufc_pool` may be used to create chunks for a `bufq` and keep spare +ones around. It is initialized and used via: + +``` +void Curl_bufcp_init(struct bufc_pool *pool, size_t chunk_size, size_t spare_max); + +void Curl_bufq_initp(struct bufq *q, struct bufc_pool *pool, size_t max_chunks, int opts); +``` + +The pool gets the size and the mount of spares to keep. The `bufq` gets the +pool and the `max_chunks`. It no longer needs to know the chunk sizes, as +those are managed by the pool. + +A pool can be shared between many `bufq`s, as long as all of them operate in +the same thread. In curl that would be true for all transfers using the same +multi handle. The advantages of a pool are: + +* when all `bufq`s are empty, only memory for `max_spare` chunks in the pool + is used. Empty `bufq`s holds no memory. +* the latest spare chunk is the first to be handed out again, no matter which + `bufq` needs it. This keeps the footprint of "recently used" memory smaller. diff --git a/libs/curl/docs/BUFREF.md b/libs/curl/docs/BUFREF.md index 2697919a..9a8b506b 100644 --- a/libs/curl/docs/BUFREF.md +++ b/libs/curl/docs/BUFREF.md @@ -1,3 +1,9 @@ + + # bufref This is an internal module for handling buffer references. A referenced @@ -6,19 +12,19 @@ when the reference is invalidated. Once referenced, a buffer cannot be reallocated. A data length is stored within the reference for binary data handling -purpose; it is not used by the bufref API. +purposes; it is not used by the bufref API. The `struct bufref` is used to hold data referencing a buffer. The members of that structure **MUST NOT** be accessed or modified without using the dedicated bufref API. -## init +## `init` ```c void Curl_bufref_init(struct bufref *br); ``` -Initialises a `bufref` structure. This function **MUST** be called before any +Initializes a `bufref` structure. This function **MUST** be called before any other operation is performed on the structure. Upon completion, the referenced buffer is `NULL` and length is zero. @@ -26,16 +32,16 @@ Upon completion, the referenced buffer is `NULL` and length is zero. This function may also be called to bypass referenced buffer destruction while invalidating the current reference. -## free +## `free` ```c void Curl_bufref_free(struct bufref *br); ``` Destroys the previously referenced buffer using its destructor and -reinitialises the structure for a possible subsequent reuse. +reinitializes the structure for a possible subsequent reuse. -## set +## `set` ```c void Curl_bufref_set(struct bufref *br, const void *buffer, size_t length, @@ -43,13 +49,12 @@ void Curl_bufref_set(struct bufref *br, const void *buffer, size_t length, ``` Releases the previously referenced buffer, then assigns the new `buffer` to -the structure, associated with its `destructor` function. The later can be -specified as `NULL`: this will be the case when the referenced buffer is -static. +the structure, associated with its `destructor` function. The latter can be +specified as `NULL`: this is the case when the referenced buffer is static. -if `buffer` is NULL, `length`must be zero. +if `buffer` is NULL, `length` must be zero. -## memdup +## `memdup` ```c CURLcode Curl_bufref_memdup(struct bufref *br, const void *data, size_t length); @@ -59,12 +64,12 @@ Releases the previously referenced buffer, then duplicates the `length`-byte `data` into a buffer allocated via `malloc()` and references the latter associated with destructor `curl_free()`. -An additional trailing byte is allocated and set to zero as a possible -string zero-terminator; it is not counted in the stored length. +An additional trailing byte is allocated and set to zero as a possible string +null-terminator; it is not counted in the stored length. Returns `CURLE_OK` if successful, else `CURLE_OUT_OF_MEMORY`. -## ptr +## `ptr` ```c const unsigned char *Curl_bufref_ptr(const struct bufref *br); @@ -72,7 +77,7 @@ const unsigned char *Curl_bufref_ptr(const struct bufref *br); Returns a `const unsigned char *` to the referenced buffer. -## len +## `len` ```c size_t Curl_bufref_len(const struct bufref *br); diff --git a/libs/curl/docs/BUG-BOUNTY.md b/libs/curl/docs/BUG-BOUNTY.md index 25159fb3..399c4cfe 100644 --- a/libs/curl/docs/BUG-BOUNTY.md +++ b/libs/curl/docs/BUG-BOUNTY.md @@ -1,83 +1,94 @@ + + # The curl bug bounty The curl project runs a bug bounty program in association with [HackerOne](https://www.hackerone.com) and the [Internet Bug Bounty](https://internetbugbounty.org). -# How does it work? +## How does it work? Start out by posting your suspected security vulnerability directly to [curl's HackerOne program](https://hackerone.com/curl). After you have reported a security issue, it has been deemed credible, and a patch and advisory has been made public, you may be eligible for a bounty from -this program. - -See all details at [https://hackerone.com/curl](https://hackerone.com/curl) - -This bounty is relying on funds from sponsors. If you use curl professionally, -consider help funding this! See -[https://opencollective.com/curl](https://opencollective.com/curl) for -details. +this program. See the [Security Process](https://curl.se/dev/secprocess.html) +document for how we work with security issues. -# What are the reward amounts? +## What are the reward amounts? The curl project offers monetary compensation for reported and published security vulnerabilities. The amount of money that is rewarded depends on how serious the flaw is determined to be. -We offer reward money *up to* a certain amount per severity. The curl security -team determines the severity of each reported flaw on a case by case basis and -the exact amount rewarded to the reporter is then decided. +Since 2021, the Bug Bounty is managed in association with the Internet Bug +Bounty and they set the reward amounts. If it would turn out that they set +amounts that are way lower than we can accept, the curl project intends to +"top up" rewards. -Check out the current award amounts at [https://hackerone.com/curl](https://hackerone.com/curl) +In 2022, typical "Medium" rated vulnerabilities have been rewarded 2,400 USD +each. -# Who is eligible for a reward? +## Who is eligible for a reward? Everyone and anyone who reports a security problem in a released curl version that has not already been reported can ask for a bounty. +Dedicated - paid for - security audits that are performed in collaboration +with curl developers are not eligible for bounties. + Vulnerabilities in features that are off by default and documented as experimental are not eligible for a reward. The vulnerability has to be fixed and publicly announced (by the curl project) -before a bug bounty will be considered. +before a bug bounty is considered. + +Once the vulnerability has been published by curl, the researcher can request +their bounty from the [Internet Bug Bounty](https://hackerone.com/ibb). Bounties need to be requested within twelve months from the publication of the vulnerability. -# Product vulnerabilities only +The curl security team reserves themselves the right to deny or allow bug +bounty payouts on its own discretion. There is no appeals process. + +## Product vulnerabilities only This bug bounty only concerns the curl and libcurl products and thus their respective source codes - when running on existing hardware. It does not -include documentation, websites, or other infrastructure. +include curl documentation, curl websites, or other curl related +infrastructure. The curl security team is the sole arbiter if a reported flaw is subject to a bounty or not. -# How are vulnerabilities graded? +## Third parties -The grading of each reported vulnerability that makes a reward claim will be -performed by the curl security team. The grading will be based on the CVSS -(Common Vulnerability Scoring System) 3.0. +The curl bug bounty does not cover flaws in third party dependencies +(libraries) used by curl or libcurl. If the bug triggers because of curl +behaving wrongly or abusing a third party dependency, the problem is rather in +curl and not in the dependency and then the bounty might cover the problem. -# How are reward amounts determined? +## How are vulnerabilities graded? -The curl security team first gives the vulnerability a score, as mentioned -above, and based on that level we set an amount depending on the specifics of -the individual case. Other sponsors of the program might also get involved and -can raise the amounts depending on the particular issue. +The grading of each reported vulnerability that makes a reward claim is +performed by the curl security team. The grading is based on the CVSS (Common +Vulnerability Scoring System) 3.0. -# What happens if the bounty fund is drained? +## How are reward amounts determined? -The bounty fund depends on sponsors. If we pay out more bounties than we add, -the fund will eventually drain. If that end up happening, we will simply not -be able to pay out as high bounties as we would like and hope that we can -convince new sponsors to help us top up the fund again. +The curl security team gives the vulnerability a score or severity level, as +mentioned above. The actual monetary reward amount is decided and paid by the +Internet Bug Bounty.. -# Regarding taxes, etc. on the bounties +## Regarding taxes, etc. on the bounties -In the event that the individual receiving a curl bug bounty needs to pay -taxes on the reward money, the responsibility lies with the receiver. The -curl project or its security team never actually receive any of this money, -hold the money, or pay out the money. +In the event that the individual receiving a bug bounty needs to pay taxes on +the reward money, the responsibility lies with the receiver. The curl project +or its security team never actually receive any of this money, hold the money, +or pay out the money. diff --git a/libs/curl/docs/BUGS.md b/libs/curl/docs/BUGS.md index 1be09342..8a3ef82e 100644 --- a/libs/curl/docs/BUGS.md +++ b/libs/curl/docs/BUGS.md @@ -1,11 +1,17 @@ + + # BUGS ## There are still bugs Curl and libcurl keep being developed. Adding features and changing code - means that bugs will sneak in, no matter how hard we try not to. + means that bugs sneak in, no matter how hard we try to keep them out. - Of course there are lots of bugs left. And lots of misfeatures. + Of course there are lots of bugs left. Not to mention misfeatures. To help us make curl the stable and solid product we want it to be, we need bug reports and bug fixes. @@ -34,17 +40,17 @@ HackerOne](https://hackerone.com/curl). This ensures that the report reaches the curl security team so that they - first can deal with the report away from the public to minimize the harm - and impact it will have on existing users out there who might be using the - vulnerable versions. + first can deal with the report away from the public to minimize the harm and + impact it has on existing users out there who might be using the vulnerable + versions. The curl project's process for handling security related issues is [documented separately](https://curl.se/dev/secprocess.html). ## What to report - When reporting a bug, you should include all information that will help us - understand what's wrong, what you expected to happen and how to repeat the + When reporting a bug, you should include all information to help us + understand what is wrong, what you expected to happen and how to repeat the bad behavior. You therefore need to tell us: - your operating system's name and version number @@ -58,14 +64,14 @@ and anything and everything else you think matters. Tell us what you expected to happen, tell use what did happen, tell us how you could make it work another way. Dig around, try out, test. Then include all the tiny bits and - pieces in your report. You will benefit from this yourself, as it will enable - us to help you quicker and more accurately. + pieces in your report. You benefit from this yourself, as it enables us to + help you quicker and more accurately. Since curl deals with networks, it often helps us if you include a protocol debug dump with your bug report. The output you get by using the `-v` or `--trace` options. - If curl crashed, causing a core dump (in unix), there is hardly any use to + If curl crashed, causing a core dump (in Unix), there is hardly any use to send that huge file to anyone of us. Unless we have the same system setup as you, we cannot do much with it. Instead, we ask you to get a stack trace and send that (much smaller) output to us instead. @@ -84,15 +90,15 @@ SCP, the libssh2 version is relevant etc. Showing us a real source code example repeating your problem is the best way - to get our attention and it will greatly increase our chances to understand - your problem and to work on a fix (if we agree it truly is a problem). + to get our attention and it greatly increases our chances to understand your + problem and to work on a fix (if we agree it truly is a problem). Lots of problems that appear to be libcurl problems are actually just abuses of the libcurl API or other malfunctions in your applications. It is advised that you run your problematic program using a memory debug tool like valgrind or similar before you post memory-related or "crashing" problems to us. -## Who will fix the problems +## Who fixes the problems If the problems or bugs you describe are considered to be bugs, we want to have the problems fixed. @@ -102,11 +108,11 @@ it out of an ambition to keep curl and libcurl excellent products and out of pride. - Please do not assume that you can just lump over something to us and it will - then magically be fixed after some given time. Most often we need feedback - and help to understand what you have experienced and how to repeat a - problem. Then we may only be able to assist YOU to debug the problem and to - track down the proper fix. + Please do not assume that you can just lump over something to us and it then + magically gets fixed after some given time. Most often we need feedback and + help to understand what you have experienced and how to repeat a problem. + Then we may only be able to assist YOU to debug the problem and to track down + the proper fix. We get reports from many people every month and each report can take a considerable amount of time to really go to the bottom with. @@ -119,23 +125,23 @@ Run the program until it cores. - Run your debugger on the core file, like ` curl - core`. `` should be replaced with the name of your debugger, in - most cases that will be `gdb`, but `dbx` and others also occur. + Run your debugger on the core file, like ` curl core`. `` + should be replaced with the name of your debugger, in most cases that is + `gdb`, but `dbx` and others also occur. When the debugger has finished loading the core file and presents you a prompt, enter `where` (without quotes) and press return. The list that is presented is the stack trace. If everything worked, it is supposed to contain the chain of functions that were called when curl - crashed. Include the stack trace with your detailed bug report. it will help a + crashed. Include the stack trace with your detailed bug report, it helps a lot. ## Bugs in libcurl bindings - There will of course pop up bugs in libcurl bindings. You should then - primarily approach the team that works on that particular binding and see - what you can do to help them fix the problem. + There are of course bugs in libcurl bindings. You should then primarily + approach the team that works on that particular binding and see what you can + do to help them fix the problem. If you suspect that the problem exists in the underlying libcurl, then please convert your program over to plain C and follow the steps outlined above. @@ -162,7 +168,7 @@ experimental build or similar, to get this confirmed or not. At times people insist that they cannot upgrade to a modern curl version, but - instead they "just want the bug fixed". That is fine, just do not count on us + instead, they "just want the bug fixed". That is fine, just do not count on us spending many cycles on trying to identify which single commit, if that is even possible, that at some point in the past fixed the problem you are now experiencing. @@ -177,17 +183,17 @@ ## What happens on first filing When a new issue is posted in the issue tracker or on the mailing list, the - team of developers first need to see the report. Maybe they took the day off, + team of developers first needs to see the report. Maybe they took the day off, maybe they are off in the woods hunting. Have patience. Allow at least a few days before expecting someone to have responded. - In the issue tracker you can expect that some labels will be set on the issue - to help categorize it. + In the issue tracker, you can expect that some labels are set on the issue to + help categorize it. ## First response If your issue/bug report was not perfect at once (and few are), chances are - that someone will ask follow-up questions. Which version did you use? Which + that someone asks follow-up questions. Which version did you use? Which options did you use? How often does the problem occur? How can we reproduce this problem? Which protocols does it involve? Or perhaps much more specific and deep diving questions. It all depends on your specific issue. @@ -199,20 +205,19 @@ ## Not reproducible - For problems that we cannot reproduce and cannot understand even after having - gotten all the info we need and having studied the source code over again, - are really hard to solve so then we may require further work from you who - actually see or experience the problem. + We may require further work from you who actually see or experience the + problem if we cannot reproduce it and cannot understand it even after having + gotten all the info we need and having studied the source code over again. ## Unresponsive - If the problem have not been understood or reproduced, and there's nobody + If the problem have not been understood or reproduced, and there is nobody responding to follow-up questions or questions asking for clarifications or for discussing possible ways to move forward with the task, we take that as a strong suggestion that the bug is unimportant. - Unimportant issues will be closed as inactive sooner or later as they cannot - be fixed. The inactivity period (waiting for responses) should not be shorter + Unimportant issues are closed as inactive sooner or later as they cannot be + fixed. The inactivity period (waiting for responses) should not be shorter than two weeks but may extend months. ## Lack of time/interest @@ -241,12 +246,11 @@ Issues that are filed or reported that are not really bugs but more missing features or ideas for future improvements and so on are marked as - 'enhancement' or 'feature-request' and will be added to the `TODO` document - and the issues are closed. We do not keep TODO items open in the issue - tracker. + *enhancement* or *feature-request* and get added to the `TODO` document and + the issues are closed. We do not keep TODO items open in the issue tracker. The `TODO` document is full of ideas and suggestions of what we can add or - fix one day. you are always encouraged and free to grab one of those items and + fix one day. You are always encouraged and free to grab one of those items and take up a discussion with the curl development team on how that could be implemented or provided in the project so that you can work on ticking it odd that document. @@ -256,11 +260,11 @@ ## Closing off stalled bugs - The [issue and pull request trackers](https://github.com/curl/curl) only - holds "active" entries open (using a non-precise definition of what active - actually is, but they are at least not completely dead). Those that are - abandoned or in other ways dormant will be closed and sometimes added to - `TODO` and `KNOWN_BUGS` instead. + The [issue and pull request trackers](https://github.com/curl/curl) only hold + "active" entries open (using a non-precise definition of what active actually + is, but they are at least not completely dead). Those that are abandoned or + in other ways dormant are closed and sometimes added to `TODO` and + `KNOWN_BUGS` instead. This way, we only have "active" issues open on GitHub. Irrelevant issues and - pull requests will not distract developers or casual visitors. + pull requests do not distract developers or casual visitors. diff --git a/libs/curl/docs/CHECKSRC.md b/libs/curl/docs/CHECKSRC.md index a9b69f9b..16eb96c7 100644 --- a/libs/curl/docs/CHECKSRC.md +++ b/libs/curl/docs/CHECKSRC.md @@ -1,3 +1,9 @@ + + # checksrc This is the tool we use within the curl project to scan C source code and @@ -9,16 +15,16 @@ check that it adheres to our [Source Code Style guide](CODE_STYLE.md). ## Command line options -`-W[file]` skip that file and excludes it from being checked. Helpful +`-W[file]` skip that file and exclude it from being checked. Helpful when, for example, one of the files is generated. -`-D[dir]` directory name to prepend to file names when accessing them. +`-D[dir]` directory name to prepend to filenames when accessing them. `-h` shows the help output, that also lists all recognized warnings -## What does checksrc warn for? +## What does `checksrc` warn for? -checksrc does not check and verify the code against the entire style guide. +`checksrc` does not check and verify the code against the entire style guide. The script is an effort to detect the most common mistakes and syntax mistakes that contributors make before they get accustomed to our code style. Heck, many of us regulars do the mistakes too and this script helps us keep the code @@ -27,7 +33,7 @@ in shape. checksrc.pl -h Lists how to use the script and it lists all existing warnings it has and -problems it detects. At the time of this writing, the existing checksrc +problems it detects. At the time of this writing, the existing `checksrc` warnings are: - `ASSIGNWITHINCONDITION`: Assignment within a conditional expression. The @@ -41,7 +47,7 @@ warnings are: more appropriate `char *name` style. The asterisk should sit right next to the name without a space in between. -- `BADCOMMAND`: There's a bad `!checksrc!` instruction in the code. See the +- `BADCOMMAND`: There is a bad `checksrc` instruction in the code. See the **Ignore certain warnings** section below for details. - `BANNEDFUNC`: A banned function was used. The functions sprintf, vsprintf, @@ -56,7 +62,7 @@ warnings are: - `COMMANOSPACE`: a comma without following space -- `COPYRIGHT`: the file is missing a copyright statement! +- `COPYRIGHT`: the file is missing a copyright statement - `CPPCOMMENTS`: `//` comment detected, that is not C89 compliant @@ -73,7 +79,7 @@ warnings are: - `FOPENMODE`: `fopen()` needs a macro for the mode string, use it - `INDENTATION`: detected a wrong start column for code. Note that this - warning only checks some specific places and will certainly miss many bad + warning only checks some specific places and can certainly miss many bad indentations. - `LONGLINE`: A line is longer than 79 columns. @@ -113,14 +119,14 @@ warnings are: - `SPACESEMICOLON`: there was a space before semicolon, ` ;`. -- `TABS`: TAB characters are not allowed! +- `TABS`: TAB characters are not allowed - `TRAILINGSPACE`: Trailing whitespace on the line - `TYPEDEFSTRUCT`: we frown upon (most) typedefed structs -- `UNUSEDIGNORE`: a checksrc inlined warning ignore was asked for but not used, - that is an ignore that should be removed or changed to get used. +- `UNUSEDIGNORE`: a `checksrc` inlined warning ignore was asked for but not + used, that is an ignore that should be removed or changed to get used. ### Extended warnings @@ -137,19 +143,20 @@ Currently these are the extended warnings which can be enabled: - `STRERROR`: use of banned function strerror() +- `STDERR`: use of banned variable `stderr` + ## Ignore certain warnings -Due to the nature of the source code and the flaws of the checksrc tool, there -is sometimes a need to ignore specific warnings. checksrc allows a few +Due to the nature of the source code and the flaws of the `checksrc` tool, +there is sometimes a need to ignore specific warnings. `checksrc` allows a few different ways to do this. ### Inline ignore You can control what to ignore within a specific source file by providing -instructions to checksrc in the source code itself. You need a magic marker -that is `!checksrc!` followed by the instruction. The instruction can ask to -ignore a specific warning N number of times or you ignore all of them until -you mark the end of the ignored section. +instructions to `checksrc` in the source code itself. See examples below. The +instruction can ask to ignore a specific warning a specific number of times or +you ignore all of them until you mark the end of the ignored section. Inline ignores are only done for that single specific source code file. @@ -157,21 +164,21 @@ Example /* !checksrc! disable LONGLINE all */ -This will ignore the warning for overly long lines until it is re-enabled with: +This ignores the warning for overly long lines until it is re-enabled with: /* !checksrc! enable LONGLINE */ -If the enabling is not performed before the end of the file, it will be enabled -automatically for the next file. +If the enabling is not performed before the end of the file, it is enabled +again automatically for the next file. You can also opt to ignore just N violations so that if you have a single long line you just cannot shorten and is agreed to be fine anyway: /* !checksrc! disable LONGLINE 1 */ -... and the warning for long lines will be enabled again automatically after -it has ignored that single warning. The number `1` can of course be changed to -any other integer number. It can be used to make sure only the exact intended +... and the warning for long lines is enabled again automatically after it has +ignored that single warning. The number `1` can of course be changed to any +other integer number. It can be used to make sure only the exact intended instances are ignored and nothing extra. ### Directory wide ignore patterns diff --git a/libs/curl/docs/CIPHERS.md b/libs/curl/docs/CIPHERS.md index 64a821fd..607810c0 100644 --- a/libs/curl/docs/CIPHERS.md +++ b/libs/curl/docs/CIPHERS.md @@ -1,3 +1,9 @@ + + # Ciphers With curl's options @@ -6,7 +12,8 @@ and [`--ciphers`](https://curl.se/docs/manpage.html#--ciphers) users can control which ciphers to consider when negotiating TLS connections. -TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+ with options +TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+, and since +curl 7.85 for Schannel with options [`CURLOPT_TLS13_CIPHERS`](https://curl.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html) and [`--tls13-ciphers`](https://curl.se/docs/manpage.html#--tls13-ciphers) @@ -18,7 +25,7 @@ libcurl was built to use. This is an attempt to list known cipher names. ## OpenSSL -(based on [OpenSSL docs](https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html)) +(based on [OpenSSL docs](https://docs.openssl.org/master/man1/openssl-ciphers/)) When specifying multiple cipher names, separate them with colon (`:`). @@ -50,7 +57,7 @@ When specifying multiple cipher names, separate them with colon (`:`). `ADH-RC4-MD5` `ADH-DES-CBC3-SHA` -### AES ciphersuites from RFC3268, extending TLS v1.0 +### AES cipher suites from RFC 3268, extending TLS v1.0 `AES128-SHA` `AES256-SHA` @@ -65,7 +72,7 @@ When specifying multiple cipher names, separate them with colon (`:`). `ADH-AES128-SHA` `ADH-AES256-SHA` -### SEED ciphersuites from RFC4162, extending TLS v1.0 +### SEED cipher suites from RFC 4162, extending TLS v1.0 `SEED-SHA` `DH-DSS-SEED-SHA` @@ -74,7 +81,7 @@ When specifying multiple cipher names, separate them with colon (`:`). `DHE-RSA-SEED-SHA` `ADH-SEED-SHA` -### GOST ciphersuites, extending TLS v1.0 +### GOST cipher suites, extending TLS v1.0 `GOST94-GOST89-GOST89` `GOST2001-GOST89-GOST89` @@ -147,7 +154,7 @@ When specifying multiple cipher names, separate them with colon (`:`). `ECDHE-ECDSA-AES128-CCM8` `ECDHE-ECDSA-AES256-CCM8` -### Camellia HMAC-Based ciphersuites from RFC6367, extending TLS v1.2 +### Camellia HMAC-Based cipher suites from RFC 6367, extending TLS v1.2 `ECDHE-ECDSA-CAMELLIA128-SHA256` `ECDHE-ECDSA-CAMELLIA256-SHA384` @@ -164,184 +171,7 @@ When specifying multiple cipher names, separate them with colon (`:`). `TLS_AES_128_CCM_8_SHA256` `TLS_AES_128_CCM_SHA256` -## NSS - -### Totally insecure - -`rc4` -`rc4-md5` -`rc4export` -`rc2` -`rc2export` -`des` -`desede3` - -### SSL3/TLS cipher suites - -`rsa_rc4_128_md5` -`rsa_rc4_128_sha` -`rsa_3des_sha` -`rsa_des_sha` -`rsa_rc4_40_md5` -`rsa_rc2_40_md5` -`rsa_null_md5` -`rsa_null_sha` -`fips_3des_sha` -`fips_des_sha` -`fortezza` -`fortezza_rc4_128_sha` -`fortezza_null` - -### TLS 1.0 Exportable 56-bit Cipher Suites - -`rsa_des_56_sha` -`rsa_rc4_56_sha` - -### AES ciphers - -`dhe_dss_aes_128_cbc_sha` -`dhe_dss_aes_256_cbc_sha` -`dhe_rsa_aes_128_cbc_sha` -`dhe_rsa_aes_256_cbc_sha` -`rsa_aes_128_sha` -`rsa_aes_256_sha` - -### ECC ciphers - -`ecdh_ecdsa_null_sha` -`ecdh_ecdsa_rc4_128_sha` -`ecdh_ecdsa_3des_sha` -`ecdh_ecdsa_aes_128_sha` -`ecdh_ecdsa_aes_256_sha` -`ecdhe_ecdsa_null_sha` -`ecdhe_ecdsa_rc4_128_sha` -`ecdhe_ecdsa_3des_sha` -`ecdhe_ecdsa_aes_128_sha` -`ecdhe_ecdsa_aes_256_sha` -`ecdh_rsa_null_sha` -`ecdh_rsa_128_sha` -`ecdh_rsa_3des_sha` -`ecdh_rsa_aes_128_sha` -`ecdh_rsa_aes_256_sha` -`ecdhe_rsa_null` -`ecdhe_rsa_rc4_128_sha` -`ecdhe_rsa_3des_sha` -`ecdhe_rsa_aes_128_sha` -`ecdhe_rsa_aes_256_sha` -`ecdh_anon_null_sha` -`ecdh_anon_rc4_128sha` -`ecdh_anon_3des_sha` -`ecdh_anon_aes_128_sha` -`ecdh_anon_aes_256_sha` - -### HMAC-SHA256 cipher suites - -`rsa_null_sha_256` -`rsa_aes_128_cbc_sha_256` -`rsa_aes_256_cbc_sha_256` -`dhe_rsa_aes_128_cbc_sha_256` -`dhe_rsa_aes_256_cbc_sha_256` -`ecdhe_ecdsa_aes_128_cbc_sha_256` -`ecdhe_rsa_aes_128_cbc_sha_256` - -### AES GCM cipher suites in RFC 5288 and RFC 5289 - -`rsa_aes_128_gcm_sha_256` -`dhe_rsa_aes_128_gcm_sha_256` -`dhe_dss_aes_128_gcm_sha_256` -`ecdhe_ecdsa_aes_128_gcm_sha_256` -`ecdh_ecdsa_aes_128_gcm_sha_256` -`ecdhe_rsa_aes_128_gcm_sha_256` -`ecdh_rsa_aes_128_gcm_sha_256` - -### cipher suites using SHA384 - -`rsa_aes_256_gcm_sha_384` -`dhe_rsa_aes_256_gcm_sha_384` -`dhe_dss_aes_256_gcm_sha_384` -`ecdhe_ecdsa_aes_256_sha_384` -`ecdhe_rsa_aes_256_sha_384` -`ecdhe_ecdsa_aes_256_gcm_sha_384` -`ecdhe_rsa_aes_256_gcm_sha_384` - -### chacha20-poly1305 cipher suites - -`ecdhe_rsa_chacha20_poly1305_sha_256` -`ecdhe_ecdsa_chacha20_poly1305_sha_256` -`dhe_rsa_chacha20_poly1305_sha_256` - -### TLS 1.3 cipher suites - -`aes_128_gcm_sha_256` -`aes_256_gcm_sha_384` -`chacha20_poly1305_sha_256` - -## GSKit - -Ciphers are internally defined as [numeric -codes](https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/apis/gsk_attribute_set_buffer.htm). libcurl -maps them to the following case-insensitive names. - -### SSL2 cipher suites (insecure: disabled by default) - -`rc2-md5` -`rc4-md5` -`exp-rc2-md5` -`exp-rc4-md5` -`des-cbc-md5` -`des-cbc3-md5` - -### SSL3 cipher suites - -`null-md5` -`null-sha` -`rc4-md5` -`rc4-sha` -`exp-rc2-cbc-md5` -`exp-rc4-md5` -`exp-des-cbc-sha` -`des-cbc3-sha` - -### TLS v1.0 cipher suites - -`null-md5` -`null-sha` -`rc4-md5` -`rc4-sha` -`exp-rc2-cbc-md5` -`exp-rc4-md5` -`exp-des-cbc-sha` -`des-cbc3-sha` -`aes128-sha` -`aes256-sha` - -### TLS v1.1 cipher suites - -`null-md5` -`null-sha` -`rc4-md5` -`rc4-sha` -`exp-des-cbc-sha` -`des-cbc3-sha` -`aes128-sha` -`aes256-sha` - -### TLS v1.2 cipher suites - -`null-md5` -`null-sha` -`null-sha256` -`rc4-md5` -`rc4-sha` -`des-cbc3-sha` -`aes128-sha` -`aes256-sha` -`aes128-sha256` -`aes256-sha256` -`aes128-gcm-sha256` -`aes256-gcm-sha384` - -## WolfSSL +## wolfSSL `RC4-SHA`, `RC4-MD5`, @@ -457,15 +287,18 @@ maps them to the following case-insensitive names. ## Schannel Schannel allows the enabling and disabling of encryption algorithms, but not -specific ciphersuites. They are +specific cipher suites, prior to TLS 1.3. The algorithms are [defined](https://docs.microsoft.com/windows/desktop/SecCrypto/alg-id) by Microsoft. +The algorithms below are for TLS 1.2 and earlier. TLS 1.3 is covered in the +next section. + There is also the case that the selected algorithm is not supported by the protocol or does not match the ciphers offered by the server during the SSL -negotiation. In this case curl will return error +negotiation. In this case curl returns error `CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH` -and the request will fail. +and the request fails. `CALG_MD2`, `CALG_MD4`, @@ -516,7 +349,85 @@ and the request will fail. `CALG_ECDH_EPHEM`, As of curl 7.77.0, you can also pass `SCH_USE_STRONG_CRYPTO` as a cipher name -to [constrain the set of available ciphers as specified in the schannel +to [constrain the set of available ciphers as specified in the Schannel documentation](https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-server-2022). -Note that the supported ciphers in this case follows the OS version, so if you +Note that the supported ciphers in this case follow the OS version, so if you are running an outdated OS you might still be supporting weak ciphers. + +### TLS 1.3 cipher suites + +You can set TLS 1.3 ciphers for Schannel by using `CURLOPT_TLS13_CIPHERS` or +`--tls13-ciphers` with the names below. + +If TLS 1.3 cipher suites are set then libcurl adds or restricts Schannel TLS +1.3 algorithms automatically. Essentially, libcurl is emulating support for +individual TLS 1.3 cipher suites since Schannel does not support it directly. + +`TLS_AES_256_GCM_SHA384` +`TLS_AES_128_GCM_SHA256` +`TLS_CHACHA20_POLY1305_SHA256` +`TLS_AES_128_CCM_8_SHA256` +`TLS_AES_128_CCM_SHA256` + +Note if you set TLS 1.3 ciphers without also setting the minimum TLS version +to 1.3 then it is possible Schannel may negotiate an earlier TLS version and +cipher suite if your libcurl and OS settings allow it. You can set the minimum +TLS version by using `CURLOPT_SSLVERSION` or `--tlsv1.3`. + +## BearSSL + +BearSSL ciphers can be specified by either the OpenSSL name (`ECDHE-RSA-AES128-GCM-SHA256`) or the IANA name (`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`). + +Since BearSSL 0.1: + +`DES-CBC3-SHA` +`AES128-SHA` +`AES256-SHA` +`AES128-SHA256` +`AES256-SHA256` +`AES128-GCM-SHA256` +`AES256-GCM-SHA384` +`ECDH-ECDSA-DES-CBC3-SHA` +`ECDH-ECDSA-AES128-SHA` +`ECDH-ECDSA-AES256-SHA` +`ECDHE-ECDSA-DES-CBC3-SHA` +`ECDHE-ECDSA-AES128-SHA` +`ECDHE-ECDSA-AES256-SHA` +`ECDH-RSA-DES-CBC3-SHA` +`ECDH-RSA-AES128-SHA` +`ECDH-RSA-AES256-SHA` +`ECDHE-RSA-DES-CBC3-SHA` +`ECDHE-RSA-AES128-SHA` +`ECDHE-RSA-AES256-SHA` +`ECDHE-ECDSA-AES128-SHA256` +`ECDHE-ECDSA-AES256-SHA384` +`ECDH-ECDSA-AES128-SHA256` +`ECDH-ECDSA-AES256-SHA384` +`ECDHE-RSA-AES128-SHA256` +`ECDHE-RSA-AES256-SHA384` +`ECDH-RSA-AES128-SHA256` +`ECDH-RSA-AES256-SHA384` +`ECDHE-ECDSA-AES128-GCM-SHA256` +`ECDHE-ECDSA-AES256-GCM-SHA384` +`ECDH-ECDSA-AES128-GCM-SHA256` +`ECDH-ECDSA-AES256-GCM-SHA384` +`ECDHE-RSA-AES128-GCM-SHA256` +`ECDHE-RSA-AES256-GCM-SHA384` +`ECDH-RSA-AES128-GCM-SHA256` +`ECDH-RSA-AES256-GCM-SHA384` + +Since BearSSL 0.2: + +`ECDHE-RSA-CHACHA20-POLY1305` +`ECDHE-ECDSA-CHACHA20-POLY1305` + +Since BearSSL 0.6: + +`AES128-CCM` +`AES256-CCM` +`AES128-CCM8` +`AES256-CCM8` +`ECDHE-ECDSA-AES128-CCM` +`ECDHE-ECDSA-AES256-CCM` +`ECDHE-ECDSA-AES128-CCM8` +`ECDHE-ECDSA-AES256-CCM8` diff --git a/libs/curl/docs/CLIENT-READERS.md b/libs/curl/docs/CLIENT-READERS.md new file mode 100644 index 00000000..07306384 --- /dev/null +++ b/libs/curl/docs/CLIENT-READERS.md @@ -0,0 +1,132 @@ + + +# curl client readers + +Client readers is a design in the internals of libcurl, not visible in its public API. They were started +in curl v8.7.0. This document describes the concepts, its high level implementation and the motivations. + +## Naming + +`libcurl` operates between clients and servers. A *client* is the application using libcurl, like the command line tool `curl` itself. Data to be uploaded to a server is **read** from the client and **sent** to the server, the servers response is **received** by `libcurl` and then **written** to the client. + +With this naming established, client readers are concerned with providing data from the application to the server. Applications register callbacks via `CURLOPT_READFUNCTION`, data via `CURLOPT_POSTFIELDS` and other options to be used by `libcurl` when the request is send. + +## Invoking + +The transfer loop that sends and receives, is using `Curl_client_read()` to get more data to send for a transfer. If no specific reader has been installed yet, the default one that uses `CURLOPT_READFUNCTION` is added. The prototype is + +``` +CURLcode Curl_client_read(struct Curl_easy *data, char *buf, size_t blen, + size_t *nread, bool *eos); +``` +The arguments are the transfer to read for, a buffer to hold the read data, its length, the actual number of bytes placed into the buffer and the `eos` (*end of stream*) flag indicating that no more data is available. The `eos` flag may be set for a read amount, if that amount was the last. That way curl can avoid to read an additional time. + +The implementation of `Curl_client_read()` uses a chain of *client reader* instances to get the data. This is similar to the design of *client writers*. The chain of readers allows processing of the data to send. + +The definition of a reader is: + +``` +struct Curl_crtype { + const char *name; /* writer name. */ + CURLcode (*do_init)(struct Curl_easy *data, struct Curl_creader *writer); + CURLcode (*do_read)(struct Curl_easy *data, struct Curl_creader *reader, + char *buf, size_t blen, size_t *nread, bool *eos); + void (*do_close)(struct Curl_easy *data, struct Curl_creader *reader); + bool (*needs_rewind)(struct Curl_easy *data, struct Curl_creader *reader); + curl_off_t (*total_length)(struct Curl_easy *data, + struct Curl_creader *reader); + CURLcode (*resume_from)(struct Curl_easy *data, + struct Curl_creader *reader, curl_off_t offset); + CURLcode (*rewind)(struct Curl_easy *data, struct Curl_creader *reader); +}; + +struct Curl_creader { + const struct Curl_crtype *crt; /* type implementation */ + struct Curl_creader *next; /* Downstream reader. */ + Curl_creader_phase phase; /* phase at which it operates */ +}; +``` + +`Curl_creader` is a reader instance with a `next` pointer to form the chain. It as a type `crt` which provides the implementation. The main callback is `do_read()` which provides the data to the caller. The others are for setup and tear down. `needs_rewind()` is explained further below. + +## Phases and Ordering + +Since client readers may transform the data being read through the chain, the order in which they are called is relevant for the outcome. When a reader is created, it gets the `phase` property in which it operates. Reader phases are defined like: + +``` +typedef enum { + CURL_CR_NET, /* data send to the network (connection filters) */ + CURL_CR_TRANSFER_ENCODE, /* add transfer-encodings */ + CURL_CR_PROTOCOL, /* before transfer, but after content decoding */ + CURL_CR_CONTENT_ENCODE, /* add content-encodings */ + CURL_CR_CLIENT /* data read from client */ +} Curl_creader_phase; +``` + +If a reader for phase `PROTOCOL` is added to the chain, it is always added *after* any `NET` or `TRANSFER_ENCODE` readers and *before* and `CONTENT_ENCODE` and `CLIENT` readers. If there is already a reader for the same phase, the new reader is added before the existing one(s). + +### Example: `chunked` reader + +In `http_chunks.c` a client reader for chunked uploads is implemented. This one operates at phase `CURL_CR_TRANSFER_ENCODE`. Any data coming from the reader "below" has the HTTP/1.1 chunk handling applied and returned to the caller. + +When this reader sees an `eos` from below, it generates the terminal chunk, adding trailers if provided by the application. When that last chunk is fully returned, it also sets `eos` to the caller. + +### Example: `lineconv` reader + +In `sendf.c` a client reader that does line-end conversions is implemented. It operates at `CURL_CR_CONTENT_ENCODE` and converts any "\n" to "\r\n". This is used for FTP ASCII uploads or when the general `crlf` options has been set. + +### Example: `null` reader + +Implemented in `sendf.c` for phase `CURL_CR_CLIENT`, this reader has the simple job of providing transfer bytes of length 0 to the caller, immediately indicating an `eos`. This reader is installed by HTTP for all GET/HEAD requests and when authentication is being negotiated. + +### Example: `buf` reader + +Implemented in `sendf.c` for phase `CURL_CR_CLIENT`, this reader get a buffer pointer and a length and provides exactly these bytes. This one is used in HTTP for sending `postfields` provided by the application. + +## Request retries + +Sometimes it is necessary to send a request with client data again. Transfer handling can inquire via `Curl_client_read_needs_rewind()` if a rewind (e.g. a reset of the client data) is necessary. This asks all installed readers if they need it and give `FALSE` of none does. + +## Upload Size + +Many protocols need to know the amount of bytes delivered by the client readers in advance. They may invoke `Curl_creader_total_length(data)` to retrieve that. However, not all reader chains know the exact value beforehand. In that case, the call returns `-1` for "unknown". + +Even if the length of the "raw" data is known, the length that is send may not. Example: with option `--crlf` the uploaded content undergoes line-end conversion. The line converting reader does not know in advance how many newlines it may encounter. Therefore it must return `-1` for any positive raw content length. + +In HTTP, once the correct client readers are installed, the protocol asks the readers for the total length. If that is known, it can set `Content-Length:` accordingly. If not, it may choose to add an HTTP "chunked" reader. + +In addition, there is `Curl_creader_client_length(data)` which gives the total length as reported by the reader in phase `CURL_CR_CLIENT` without asking other readers that may transform the raw data. This is useful in estimating the size of an upload. The HTTP protocol uses this to determine if `Expect: 100-continue` shall be done. + +## Resuming + +Uploads can start at a specific offset, if so requested. The "resume from" that offset. This applies to the reader in phase `CURL_CR_CLIENT` that delivers the "raw" content. Resumption can fail if the installed reader does not support it or if the offset is too large. + +The total length reported by the reader changes when resuming. Example: resuming an upload of 100 bytes by 25 reports a total length of 75 afterwards. + +If `resume_from()` is invoked twice, it is additive. There is currently no way to undo a resume. + +## Rewinding + +When a request is retried, installed client readers are discarded and replaced by new ones. This works only if the new readers upload the same data. For many readers, this is not an issue. The "null" reader always does the same. Also the `buf` reader, initialized with the same buffer, does this. + +Readers operating on callbacks to the application need to "rewind" the underlying content. For example, when reading from a `FILE*`, the reader needs to `fseek()` to the beginning. The following methods are used: + +1. `Curl_creader_needs_rewind(data)`: tells if a rewind is necessary, given the current state of the reader chain. If nothing really has been read so far, this returns `FALSE`. +2. `Curl_creader_will_rewind(data)`: tells if the reader chain rewinds at the start of the next request. +3. `Curl_creader_set_rewind(data, TRUE)`: marks the reader chain for rewinding at the start of the next request. +4. `Curl_client_start(data)`: tells the readers that a new request starts and they need to rewind if requested. + + +## Summary and Outlook + +By adding the client reader interface, any protocol can control how/if it wants the curl transfer to send bytes for a request. The transfer loop becomes then blissfully ignorant of the specifics. + +The protocols on the other hand no longer have to care to package data most efficiently. At any time, should more data be needed, it can be read from the client. This is used when sending HTTP requests headers to add as much request body data to the initial sending as there is room for. + +Future enhancements based on the client readers: +* `expect-100` handling: place that into a HTTP specific reader at `CURL_CR_PROTOCOL` and eliminate the checks in the generic transfer parts. +* `eos forwarding`: transfer should forward an `eos` flag to the connection filters. Filters like HTTP/2 and HTTP/3 can make use of that, terminating streams early. This would also eliminate length checks in stream handling. diff --git a/libs/curl/docs/CLIENT-WRITERS.md b/libs/curl/docs/CLIENT-WRITERS.md new file mode 100644 index 00000000..9f7197d2 --- /dev/null +++ b/libs/curl/docs/CLIENT-WRITERS.md @@ -0,0 +1,123 @@ + + +# curl client writers + +Client writers is a design in the internals of libcurl, not visible in its public API. They were started +in curl v8.5.0. This document describes the concepts, its high level implementation and the motivations. + +## Naming + +`libcurl` operates between clients and servers. A *client* is the application using libcurl, like the command line tool `curl` itself. Data to be uploaded to a server is **read** from the client and **send** to the server, the servers response is **received** by `libcurl` and then **written** to the client. + +With this naming established, client writers are concerned with writing responses from the server to the application. Applications register callbacks via `CURLOPT_WRITEFUNCTION` and `CURLOPT_HEADERFUNCTION` to be invoked by `libcurl` when the response is received. + +## Invoking + +All code in `libcurl` that handles response data is ultimately expected to forward this data via `Curl_client_write()` to the application. The exact prototype of this function is: + +``` +CURLcode Curl_client_write(struct Curl_easy *data, int type, const char *buf, size_t blen); +``` +The `type` argument specifies what the bytes in `buf` actually are. The following bits are defined: + +``` +#define CLIENTWRITE_BODY (1<<0) /* non-meta information, BODY */ +#define CLIENTWRITE_INFO (1<<1) /* meta information, not a HEADER */ +#define CLIENTWRITE_HEADER (1<<2) /* meta information, HEADER */ +#define CLIENTWRITE_STATUS (1<<3) /* a special status HEADER */ +#define CLIENTWRITE_CONNECT (1<<4) /* a CONNECT related HEADER */ +#define CLIENTWRITE_1XX (1<<5) /* a 1xx response related HEADER */ +#define CLIENTWRITE_TRAILER (1<<6) /* a trailer HEADER */ +``` + +The main types here are `CLIENTWRITE_BODY` and `CLIENTWRITE_HEADER`. They are +mutually exclusive. The other bits are enhancements to `CLIENTWRITE_HEADER` to +specify what the header is about. They are only used in HTTP and related +protocols (RTSP and WebSocket). + +The implementation of `Curl_client_write()` uses a chain of *client writer* instances to process the call and make sure that the bytes reach the proper application callbacks. This is similar to the design of connection filters: client writers can be chained to process the bytes written through them. The definition is: + +``` +struct Curl_cwtype { + const char *name; + CURLcode (*do_init)(struct Curl_easy *data, + struct Curl_cwriter *writer); + CURLcode (*do_write)(struct Curl_easy *data, + struct Curl_cwriter *writer, int type, + const char *buf, size_t nbytes); + void (*do_close)(struct Curl_easy *data, + struct Curl_cwriter *writer); +}; + +struct Curl_cwriter { + const struct Curl_cwtype *cwt; /* type implementation */ + struct Curl_cwriter *next; /* Downstream writer. */ + Curl_cwriter_phase phase; /* phase at which it operates */ +}; +``` + +`Curl_cwriter` is a writer instance with a `next` pointer to form the chain. It has a type `cwt` which provides the implementation. The main callback is `do_write()` that processes the data and calls then the `next` writer. The others are for setup and tear down. + +## Phases and Ordering + +Since client writers may transform the bytes written through them, the order in which the are called is relevant for the outcome. When a writer is created, one property it gets is the `phase` in which it operates. Writer phases are defined like: + +``` +typedef enum { + CURL_CW_RAW, /* raw data written, before any decoding */ + CURL_CW_TRANSFER_DECODE, /* remove transfer-encodings */ + CURL_CW_PROTOCOL, /* after transfer, but before content decoding */ + CURL_CW_CONTENT_DECODE, /* remove content-encodings */ + CURL_CW_CLIENT /* data written to client */ +} Curl_cwriter_phase; +``` + +If a writer for phase `PROTOCOL` is added to the chain, it is always added *after* any `RAW` or `TRANSFER_DECODE` and *before* any `CONTENT_DECODE` and `CLIENT` phase writer. If there is already a writer for the same phase present, the new writer is inserted just before that one. + +All transfers have a chain of 3 writers by default. A specific protocol handler may alter that by adding additional writers. The 3 standard writers are (name, phase): + +1. `"raw", CURL_CW_RAW `: if the transfer is verbose, it forwards the body data to the debug function. +1. `"download", CURL_CW_PROTOCOL`: checks that protocol limits are kept and updates progress counters. When a download has a known length, it checks that it is not exceeded and errors otherwise. +1. `"client", CURL_CW_CLIENT`: the main work horse. It invokes the application callbacks or writes to the configured file handles. It chops large writes into smaller parts, as documented for `CURLOPT_WRITEFUNCTION`. If also handles *pausing* of transfers when the application callback returns `CURL_WRITEFUNC_PAUSE`. + +With these writers always in place, libcurl's protocol handlers automatically have these implemented. + +## Enhanced Use + +HTTP is the protocol in curl that makes use of the client writer chain by +adding writers to it. When the `libcurl` application set +`CURLOPT_ACCEPT_ENCODING` (as `curl` does with `--compressed`), the server is +offered an `Accept-Encoding` header with the algorithms supported. The server +then may choose to send the response body compressed. For example using `gzip` +or `brotli` or even both. + +In the server's response, if there is a `Content-Encoding` header listing the +encoding applied. If supported by `libcurl` it then decompresses the content +before writing it out to the client. How does it do that? + +The HTTP protocol adds client writers in phase `CURL_CW_CONTENT_DECODE` on +seeing such a header. For each encoding listed, it adds the corresponding +writer. The response from the server is then passed through +`Curl_client_write()` to the writers that decode it. If several encodings had +been applied the writer chain decodes them in the proper order. + +When the server provides a `Content-Length` header, that value applies to the +*compressed* content. Length checks on the response bytes must happen *before* +it gets decoded. That is why this check happens in phase `CURL_CW_PROTOCOL` +which always is ordered before writers in phase `CURL_CW_CONTENT_DECODE`. + +What else? + +Well, HTTP servers may also apply a `Transfer-Encoding` to the body of a response. The most well-known one is `chunked`, but algorithms like `gzip` and friends could also be applied. The difference to content encodings is that decoding needs to happen *before* protocol checks, for example on length, are done. + +That is why transfer decoding writers are added for phase `CURL_CW_TRANSFER_DECODE`. Which makes their operation happen *before* phase `CURL_CW_PROTOCOL` where length may be checked. + +## Summary + +By adding the common behavior of all protocols into `Curl_client_write()` we make sure that they do apply everywhere. Protocol handler have less to worry about. Changes to default behavior can be done without affecting handler implementations. + +Having a writer chain as implementation allows protocol handlers with extra needs, like HTTP, to add to this for special behavior. The common way of writing the actual response data stays the same. diff --git a/libs/curl/docs/CMakeLists.txt b/libs/curl/docs/CMakeLists.txt index b3230ec5..9fd49440 100644 --- a/libs/curl/docs/CMakeLists.txt +++ b/libs/curl/docs/CMakeLists.txt @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,7 +18,29 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -#add_subdirectory(examples) -add_subdirectory(libcurl) -add_subdirectory(cmdline-opts) + +if(BUILD_LIBCURL_DOCS) + add_subdirectory(libcurl) +endif() +if(ENABLE_CURL_MANUAL AND BUILD_CURL_EXE) + add_subdirectory(cmdline-opts) +endif() + +if(BUILD_MISC_DOCS) + foreach(_man_misc IN ITEMS "curl-config" "mk-ca-bundle") + set(_man_target "${CURL_BINARY_DIR}/docs/${_man_misc}.1") + add_custom_command(OUTPUT "${_man_target}" + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + COMMAND "${PERL_EXECUTABLE}" ${PROJECT_SOURCE_DIR}/scripts/cd2nroff "${_man_misc}.md" > "${_man_target}" + DEPENDS "${_man_misc}.md" + VERBATIM + ) + add_custom_target("curl-generate-${_man_misc}.1" ALL DEPENDS "${_man_target}") + if(NOT CURL_DISABLE_INSTALL) + install(FILES "${_man_target}" DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) + endif() + endforeach() +endif() diff --git a/libs/curl/docs/CODE_OF_CONDUCT.md b/libs/curl/docs/CODE_OF_CONDUCT.md index 1f71c387..5c887818 100644 --- a/libs/curl/docs/CODE_OF_CONDUCT.md +++ b/libs/curl/docs/CODE_OF_CONDUCT.md @@ -1,3 +1,9 @@ + + Contributor Code of Conduct =========================== diff --git a/libs/curl/docs/CODE_REVIEW.md b/libs/curl/docs/CODE_REVIEW.md index 20d1be84..bee26a3f 100644 --- a/libs/curl/docs/CODE_REVIEW.md +++ b/libs/curl/docs/CODE_REVIEW.md @@ -1,3 +1,9 @@ + + # How to do code reviews for curl Anyone and everyone is encouraged and welcome to review code submissions in @@ -70,7 +76,7 @@ on final or release builds. Can the mallocs be avoided? Do not introduce mallocs in any hot paths. If there are (new) mallocs, can they be combined into fewer calls? -Are all allocations handled in errorpaths to avoid leaks and crashes? +Are all allocations handled in error paths to avoid leaks and crashes? ## Thread-safety @@ -135,13 +141,13 @@ data. Where it comes from and where it goes. `size_t` is not a fixed size. `time_t` can be signed or unsigned and have different sizes. Relying on variable sizes is a red flag. -Also remember that endianness and >= 32 bit accesses to unaligned addresses +Also remember that endianness and >= 32-bit accesses to unaligned addresses are problematic areas. ## Integer overflows -Be careful about integer overflows. Some variable types can be either 32 bit -or 64 bit. Integer overflows must be detected and acted on *before* they +Be careful about integer overflows. Some variable types can be either 32-bit +or 64-bit. Integer overflows must be detected and acted on *before* they happen. ## Dangerous use of functions @@ -151,12 +157,12 @@ Maybe use of `realloc()` should rather use the dynbuf functions? Do not allow new code that grows buffers without using dynbuf. Use of C functions that rely on a terminating zero must only be used on data -that really do have a zero terminating zero. +that really do have a null-terminating zero. ## Dangerous "data styles" Make extra precautions and verify that memory buffers that need a terminating -zero always have exactly that. Buffers *without* a zero terminator must not be +zero always have exactly that. Buffers *without* a null-terminator must not be used as input to string functions. # Commit messages @@ -164,5 +170,5 @@ used as input to string functions. Tightly coupled with a code review is making sure that the commit message is good. It is the responsibility of the person who merges the code to make sure that the commit message follows our standard (detailed in the -[CONTRIBUTE.md](CONTRIBUTE.md) document). This includes making sure the PR +[CONTRIBUTE](CONTRIBUTE.md) document). This includes making sure the PR identifies related issues and giving credit to reporters and helpers. diff --git a/libs/curl/docs/CODE_STYLE.md b/libs/curl/docs/CODE_STYLE.md index 530d4004..7b2b6025 100644 --- a/libs/curl/docs/CODE_STYLE.md +++ b/libs/curl/docs/CODE_STYLE.md @@ -1,3 +1,9 @@ + + # curl C code style Source code that has a common style is easier to read than code that uses @@ -9,8 +15,9 @@ style is more important than individual contributors having their own personal tastes satisfied. Our C code has a few style rules. Most of them are verified and upheld by the -`lib/checksrc.pl` script. Invoked with `make checksrc` or even by default by -the build system when built after `./configure --enable-debug` has been used. +`scripts/checksrc.pl` script. Invoked with `make checksrc` or even by default +by the build system when built after `./configure --enable-debug` has been +used. It is normally not a problem for anyone to follow the guidelines, as you just need to copy the style already used in the source code and there are no @@ -18,7 +25,7 @@ particularly unusual rules in our set of rules. We also work hard on writing code that are warning-free on all the major platforms and in general on as many platforms as possible. Code that obviously -will cause warnings will not be accepted as-is. +causes warnings is not accepted as-is. ## Naming @@ -59,11 +66,11 @@ Source code in curl may never be wider than 79 columns and there are two reasons for maintaining this even in the modern era of large and high resolution screens: -1. Narrower columns are easier to read than wide ones. There's a reason +1. Narrower columns are easier to read than wide ones. There is a reason newspapers have used columns for decades or centuries. 2. Narrower columns allow developers to easier show multiple pieces of code - next to each other in different windows. I often have two or three source + next to each other in different windows. It allows two or three source code windows next to each other on the same screen - as well as multiple terminal and debugging windows. @@ -217,10 +224,10 @@ int size = sizeof(int); Some statements cannot be completed on a single line because the line would be too long, the statement too hard to read, or due to other style guidelines -above. In such a case the statement will span multiple lines. +above. In such a case the statement spans multiple lines. If a continuation line is part of an expression or sub-expression then you -should align on the appropriate column so that it's easy to tell what part of +should align on the appropriate column so that it is easy to tell what part of the statement it is. Operators should not start continuation lines. In other cases follow the 2-space indent guideline. Here are some examples from libcurl: diff --git a/libs/curl/docs/CONNECTION-FILTERS.md b/libs/curl/docs/CONNECTION-FILTERS.md new file mode 100644 index 00000000..629e769b --- /dev/null +++ b/libs/curl/docs/CONNECTION-FILTERS.md @@ -0,0 +1,308 @@ + + +# curl connection filters + +Connection filters is a design in the internals of curl, not visible in its +public API. They were added in curl v7.87.0. This document describes the +concepts, its high level implementation and the motivations. + +## Filters + +A "connection filter" is a piece of code that is responsible for handling a +range of operations of curl's connections: reading, writing, waiting on +external events, connecting and closing down - to name the most important +ones. + +The most important feat of connection filters is that they can be stacked on +top of each other (or "chained" if you prefer that metaphor). In the common +scenario that you want to retrieve a `https:` URL with curl, you need 2 basic +things to send the request and get the response: a TCP connection, represented +by a `socket` and a SSL instance en- and decrypt over that socket. You write +your request to the SSL instance, which encrypts and writes that data to the +socket, which then sends the bytes over the network. + +With connection filters, curl's internal setup looks something like this (cf +for connection filter): + +``` +Curl_easy *data connectdata *conn cf-ssl cf-socket ++----------------+ +-----------------+ +-------+ +--------+ +|https://curl.se/|----> | properties |----> | keys |---> | socket |--> OS --> network ++----------------+ +-----------------+ +-------+ +--------+ + + Curl_write(data, buffer) + --> Curl_cfilter_write(data, data->conn, buffer) + ---> conn->filter->write(conn->filter, data, buffer) +``` + +While connection filters all do different things, they look the same from the +"outside". The code in `data` and `conn` does not really know **which** +filters are installed. `conn` just writes into the first filter, whatever that +is. + +Same is true for filters. Each filter has a pointer to the `next` filter. When +SSL has encrypted the data, it does not write to a socket, it writes to the +next filter. If that is indeed a socket, or a file, or an HTTP/2 connection is +of no concern to the SSL filter. + +This allows stacking, as in: + +``` +Direct: + http://localhost/ conn -> cf-socket + https://curl.se/ conn -> cf-ssl -> cf-socket +Via http proxy tunnel: + http://localhost/ conn -> cf-http-proxy -> cf-socket + https://curl.se/ conn -> cf-ssl -> cf-http-proxy -> cf-socket +Via https proxy tunnel: + http://localhost/ conn -> cf-http-proxy -> cf-ssl -> cf-socket + https://curl.se/ conn -> cf-ssl -> cf-http-proxy -> cf-ssl -> cf-socket +Via http proxy tunnel via SOCKS proxy: + http://localhost/ conn -> cf-http-proxy -> cf-socks -> cf-socket +``` + +### Connecting/Closing + +Before `Curl_easy` can send the request, the connection needs to be +established. This means that all connection filters have done, whatever they +need to do: waiting for the socket to be connected, doing the TLS handshake, +performing the HTTP tunnel request, etc. This has to be done in reverse order: +the last filter has to do its connect first, then the one above can start, +etc. + +Each filter does in principle the following: + +``` +static CURLcode +myfilter_cf_connect(struct Curl_cfilter *cf, + struct Curl_easy *data, + bool *done) +{ + CURLcode result; + + if(cf->connected) { /* we and all below are done */ + *done = TRUE; + return CURLE_OK; + } + /* Let the filters below connect */ + result = cf->next->cft->connect(cf->next, data, blocking, done); + if(result || !*done) + return result; /* below errored/not finished yet */ + + /* MYFILTER CONNECT THINGS */ /* below connected, do out thing */ + *done = cf->connected = TRUE; /* done, remember, return */ + return CURLE_OK; +} +``` + +Closing a connection then works similar. The `conn` tells the first filter to +close. Contrary to connecting, the filter does its own things first, before +telling the next filter to close. + +### Efficiency + +There are two things curl is concerned about: efficient memory use and fast +transfers. + +The memory footprint of a filter is relatively small: + +``` +struct Curl_cfilter { + const struct Curl_cftype *cft; /* the type providing implementation */ + struct Curl_cfilter *next; /* next filter in chain */ + void *ctx; /* filter type specific settings */ + struct connectdata *conn; /* the connection this filter belongs to */ + int sockindex; /* TODO: like to get rid off this */ + BIT(connected); /* != 0 iff this filter is connected */ +}; +``` + +The filter type `cft` is a singleton, one static struct for each type of +filter. The `ctx` is where a filter holds its specific data. That varies by +filter type. An http-proxy filter keeps the ongoing state of the CONNECT here, +free it after its has been established. The SSL filter keeps the `SSL*` (if +OpenSSL is used) here until the connection is closed. So, this varies. + +`conn` is a reference to the connection this filter belongs to, so nothing +extra besides the pointer itself. + +Several things, that before were kept in `struct connectdata`, now goes into +the `filter->ctx` *when needed*. So, the memory footprint for connections that +do *not* use an http proxy, or socks, or https is lower. + +As to transfer efficiency, writing and reading through a filter comes at near +zero cost *if the filter does not transform the data*. An http proxy or socks +filter, once it is connected, just passes the calls through. Those filters +implementations look like this: + +``` +ssize_t Curl_cf_def_send(struct Curl_cfilter *cf, struct Curl_easy *data, + const void *buf, size_t len, CURLcode *err) +{ + return cf->next->cft->do_send(cf->next, data, buf, len, err); +} +``` +The `recv` implementation is equivalent. + +## Filter Types + +The currently existing filter types (curl 8.5.0) are: + +* `TCP`, `UDP`, `UNIX`: filters that operate on a socket, providing raw I/O. +* `SOCKET-ACCEPT`: special TCP socket that has a socket that has been + `accept()`ed in a `listen()` +* `SSL`: filter that applies TLS en-/decryption and handshake. Manages the + underlying TLS backend implementation. +* `HTTP-PROXY`, `H1-PROXY`, `H2-PROXY`: the first manages the connection to an + HTTP proxy server and uses the other depending on which ALPN protocol has + been negotiated. +* `SOCKS-PROXY`: filter for the various SOCKS proxy protocol variations +* `HAPROXY`: filter for the protocol of the same name, providing client IP + information to a server. +* `HTTP/2`: filter for handling multiplexed transfers over an HTTP/2 + connection +* `HTTP/3`: filter for handling multiplexed transfers over an HTTP/3+QUIC + connection +* `HAPPY-EYEBALLS`: meta filter that implements IPv4/IPv6 "happy eyeballing". + It creates up to 2 sub-filters that race each other for a connection. +* `SETUP`: meta filter that manages the creation of sub-filter chains for a + specific transport (e.g. TCP or QUIC). +* `HTTPS-CONNECT`: meta filter that races a TCP+TLS and a QUIC connection + against each other to determine if HTTP/1.1, HTTP/2 or HTTP/3 shall be used + for a transfer. + +Meta filters are combining other filters for a specific purpose, mostly during +connection establishment. Other filters like `TCP`, `UDP` and `UNIX` are only +to be found at the end of filter chains. SSL filters provide encryption, of +course. Protocol filters change the bytes sent and received. + +## Filter Flags + +Filter types carry flags that inform what they do. These are (for now): + +* `CF_TYPE_IP_CONNECT`: this filter type talks directly to a server. This does + not have to be the server the transfer wants to talk to. For example when a + proxy server is used. +* `CF_TYPE_SSL`: this filter type provides encryption. +* `CF_TYPE_MULTIPLEX`: this filter type can manage multiple transfers in parallel. + +Filter types can combine these flags. For example, the HTTP/3 filter types +have `CF_TYPE_IP_CONNECT`, `CF_TYPE_SSL` and `CF_TYPE_MULTIPLEX` set. + +Flags are useful to extrapolate properties of a connection. To check if a +connection is encrypted, libcurl inspect the filter chain in place, top down, +for `CF_TYPE_SSL`. If it finds `CF_TYPE_IP_CONNECT` before any `CF_TYPE_SSL`, +the connection is not encrypted. + +For example, `conn1` is for a `http:` request using a tunnel through an HTTP/2 +`https:` proxy. `conn2` is a `https:` HTTP/2 connection to the same proxy. +`conn3` uses HTTP/3 without proxy. The filter chains would look like this +(simplified): + +``` +conn1 --> `HTTP-PROXY` --> `H2-PROXY` --> `SSL` --> `TCP` +flags: `IP_CONNECT` `SSL` `IP_CONNECT` + +conn2 --> `HTTP/2` --> `SSL` --> `HTTP-PROXY` --> `H2-PROXY` --> `SSL` --> `TCP` +flags: `SSL` `IP_CONNECT` `SSL` `IP_CONNECT` + +conn3 --> `HTTP/3` +flags: `SSL|IP_CONNECT` +``` + +Inspecting the filter chains, `conn1` is seen as unencrypted, since it +contains an `IP_CONNECT` filter before any `SSL`. `conn2` is clearly encrypted +as an `SSL` flagged filter is seen first. `conn3` is also encrypted as the +`SSL` flag is checked before the presence of `IP_CONNECT`. + +Similar checks can determine if a connection is multiplexed or not. + +## Filter Tracing + +Filters may make use of special trace macros like `CURL_TRC_CF(data, cf, msg, +...)`. With `data` being the transfer and `cf` being the filter instance. +These traces are normally not active and their execution is guarded so that +they are cheap to ignore. + +Users of `curl` may activate them by adding the name of the filter type to the +`--trace-config` argument. For example, in order to get more detailed tracing +of an HTTP/2 request, invoke curl with: + +``` +> curl -v --trace-config ids,time,http/2 https://curl.se +``` + +Which gives you trace output with time information, transfer+connection ids +and details from the `HTTP/2` filter. Filter type names in the trace config +are case insensitive. You may use `all` to enable tracing for all filter +types. When using `libcurl` you may call `curl_global_trace(config_string)` at +the start of your application to enable filter details. + +## Meta Filters + +Meta filters is a catch-all name for filter types that do not change the +transfer data in any way but provide other important services to curl. In +general, it is possible to do all sorts of silly things with them. One of the +commonly used, important things is "eyeballing". + +The `HAPPY-EYEBALLS` filter is involved in the connect phase. Its job is to +try the various IPv4 and IPv6 addresses that are known for a server. If only +one address family is known (or configured), it tries the addresses one after +the other with timeouts calculated from the amount of addresses and the +overall connect timeout. + +When more than one address family is to be tried, it splits the address list +into IPv4 and IPv6 and makes parallel attempts. The connection filter chain +looks like this: + +``` +* create connection for http://curl.se +conn[curl.se] --> SETUP[TCP] --> HAPPY-EYEBALLS --> NULL +* start connect +conn[curl.se] --> SETUP[TCP] --> HAPPY-EYEBALLS --> NULL + - ballerv4 --> TCP[151.101.1.91]:443 + - ballerv6 --> TCP[2a04:4e42:c00::347]:443 +* v6 answers, connected +conn[curl.se] --> SETUP[TCP] --> HAPPY-EYEBALLS --> TCP[2a04:4e42:c00::347]:443 +* transfer +``` + +The modular design of connection filters and that we can plug them into each other is used to control the parallel attempts. When a `TCP` filter does not connect (in time), it is torn down and another one is created for the next address. This keeps the `TCP` filter simple. + +The `HAPPY-EYEBALLS` on the other hand stays focused on its side of the problem. We can use it also to make other type of connection by just giving it another filter type to try to have happy eyeballing for QUIC: + +``` +* create connection for --http3-only https://curl.se +conn[curl.se] --> SETUP[QUIC] --> HAPPY-EYEBALLS --> NULL +* start connect +conn[curl.se] --> SETUP[QUIC] --> HAPPY-EYEBALLS --> NULL + - ballerv4 --> HTTP/3[151.101.1.91]:443 + - ballerv6 --> HTTP/3[2a04:4e42:c00::347]:443 +* v6 answers, connected +conn[curl.se] --> SETUP[QUIC] --> HAPPY-EYEBALLS --> HTTP/3[2a04:4e42:c00::347]:443 +* transfer +``` + +When we plug these two variants together, we get the `HTTPS-CONNECT` filter +type that is used for `--http3` when **both** HTTP/3 and HTTP/2 or HTTP/1.1 +shall be attempted: + +``` +* create connection for --http3 https://curl.se +conn[curl.se] --> HTTPS-CONNECT --> NULL +* start connect +conn[curl.se] --> HTTPS-CONNECT --> NULL + - SETUP[QUIC] --> HAPPY-EYEBALLS --> NULL + - ballerv4 --> HTTP/3[151.101.1.91]:443 + - ballerv6 --> HTTP/3[2a04:4e42:c00::347]:443 + - SETUP[TCP] --> HAPPY-EYEBALLS --> NULL + - ballerv4 --> TCP[151.101.1.91]:443 + - ballerv6 --> TCP[2a04:4e42:c00::347]:443 +* v4 QUIC answers, connected +conn[curl.se] --> HTTPS-CONNECT --> SETUP[QUIC] --> HAPPY-EYEBALLS --> HTTP/3[151.101.1.91]:443 +* transfer +``` diff --git a/libs/curl/docs/CONTRIBUTE.md b/libs/curl/docs/CONTRIBUTE.md index 16ea8fed..156ea0be 100644 --- a/libs/curl/docs/CONTRIBUTE.md +++ b/libs/curl/docs/CONTRIBUTE.md @@ -1,12 +1,16 @@ + + # Contributing to the curl project This document is intended to offer guidelines on how to best contribute to the curl project. This concerns new features as well as corrections to existing flaws or bugs. -## Learning curl - -### Join the Community +## Join the Community Skip over to [https://curl.se/mail/](https://curl.se/mail/) and join the appropriate mailing list(s). Read up on details before you post @@ -23,7 +27,7 @@ If you are at all interested in the code side of things, consider clicking 'watch' on the [curl repo on GitHub](https://github.com/curl/curl) to be notified of pull requests and new issues posted there. -### License and copyright +## License and copyright When contributing with code, you agree to put your changes and new code under the same license curl and libcurl is already using unless stated and agreed @@ -37,25 +41,25 @@ must use "GPL compatible" licenses (as we want to allow users to use libcurl properly in GPL licensed environments). When changing existing source code, you do not alter the copyright of the -original file(s). The copyright will still be owned by the original creator(s) -or those who have been assigned copyright by the original author(s). +original file(s). The copyright is still owned by the original creator(s) or +those who have been assigned copyright by the original author(s). By submitting a patch to the curl project, you are assumed to have the right to the code and to be allowed by your employer or whatever to hand over that -patch/code to us. We will credit you for your changes as far as possible, to -give credit but also to keep a trace back to who made what changes. Please -always provide us with your full real name when contributing, +patch/code to us. We credit you for your changes as far as possible, to give +credit but also to keep a trace back to who made what changes. Please always +provide us with your full real name when contributing, -### What To Read +## What To Read Source code, the man pages, the [INTERNALS document](https://curl.se/dev/internals.html), [TODO](https://curl.se/docs/todo.html), [KNOWN_BUGS](https://curl.se/docs/knownbugs.html) and the [most recent -changes](https://curl.se/dev/sourceactivity.html) in git. Just lurking on -the [curl-library mailing -list](https://curl.se/mail/list.cgi?list=curl-library) will give you a -lot of insights on what's going on right now. Asking there is a good idea too. +changes](https://curl.se/dev/sourceactivity.html) in git. Just lurking on the +[curl-library mailing list](https://curl.se/mail/list.cgi?list=curl-library) +gives you a lot of insights on what's going on right now. Asking there is a +good idea too. ## Write a good patch @@ -103,28 +107,29 @@ archive is quite OK as well. ### Documentation Writing docs is dead boring and one of the big problems with many open source -projects. But someone's gotta do it. It makes things a lot easier if you -submit a small description of your fix or your new features with every -contribution so that it can be swiftly added to the package documentation. +projects but someone's gotta do it. It makes things a lot easier if you submit +a small description of your fix or your new features with every contribution +so that it can be swiftly added to the package documentation. -The documentation is always made in man pages (nroff formatted) or plain -ASCII files. All HTML files on the website and in the release archives are -generated from the nroff/ASCII versions. +Documentation is mostly provided as manpages or plain ASCII files. The +manpages are rendered from their source files that are usually written using +markdown. Most HTML files on the website and in the release archives are +generated from corresponding markdown and ASCII files. ### Test Cases Since the introduction of the test suite, we can quickly verify that the main features are working as they are supposed to. To maintain this situation and -improve it, all new features and functions that are added need to be tested -in the test suite. Every feature that is added should get at least one valid -test case that verifies that it works as documented. If every submitter also -posts a few test cases, it will not end up as a heavy burden on a single person! +improve it, all new features and functions that are added need to be tested in +the test suite. Every feature that is added should get at least one valid test +case that verifies that it works as documented. If every submitter also posts +a few test cases, it does not end up a heavy burden on a single person. If you do not have test cases or perhaps you have done something that is hard to write tests for, do explain exactly how you have otherwise tested and verified your changes. -## Sharing Your Changes +## Submit Your Changes ### How to get your changes into the main sources @@ -133,19 +138,24 @@ GitHub](https://github.com/curl/curl/pulls), but you can also send your plain patch to [the curl-library mailing list](https://curl.se/mail/list.cgi?list=curl-library). -Either way, your change will be reviewed and discussed there and you will be -expected to correct flaws pointed out and update accordingly, or the change -risks stalling and eventually just getting deleted without action. As a -submitter of a change, you are the owner of that change until it has been merged. +If you opt to post a patch on the mailing list, chances are someone converts +it into a pull request for you, to have the CI jobs verify it proper before it +can be merged. Be prepared that some feedback on the proposed change might +then come on GitHub. -Respond on the list or on github about the change and answer questions and/or -fix nits/flaws. This is important. We will take lack of replies as a sign that -you are not anxious to get your patch accepted and we tend to simply drop such +Your changes be reviewed and discussed and you are expected to correct flaws +pointed out and update accordingly, or the change risks stalling and +eventually just getting deleted without action. As a submitter of a change, +you are the owner of that change until it has been merged. + +Respond on the list or on GitHub about the change and answer questions and/or +fix nits/flaws. This is important. We take lack of replies as a sign that you +are not anxious to get your patch accepted and we tend to simply drop such changes. ### About pull requests -With github it is easy to send a [pull +With GitHub it is easy to send a [pull request](https://github.com/curl/curl/pulls) to the curl project to have changes merged. @@ -154,12 +164,12 @@ git commit that is easy to merge and they are easy to track and not that easy to lose in the flood of many emails, like they sometimes do on the mailing lists. -Every pull request submitted will automatically be -tested in several different ways. [See CI.md for more +Every pull request submitted is automatically tested in several different +ways. [See the CI document for more information](https://github.com/curl/curl/blob/master/tests/CI.md). Sometimes the tests fail due to a dependency service temporarily being offline -or otherwise unavailable, eg. package downloads. In this case you can just +or otherwise unavailable, e.g. package downloads. In this case you can just try to update your pull requests to rerun the tests later as described below. You can update your pull requests by pushing new commits or force-pushing @@ -169,52 +179,86 @@ actual content changed also allows you to retrigger the tests for that commit. When you adjust your pull requests after review, consider squashing the commits so that we can review the full updated version more easily. -### Making quality patches +A pull request sent to the project might get labeled `needs-votes` by a +project maintainer. This label means that in addition to meeting all other +checks and qualifications this pull request must also receive more "votes" of +user support. More signs that people want this to happen. It could be in the +form of messages saying so, or thumbs-up reactions on GitHub. + +### Making quality changes Make the patch against as recent source versions as possible. -If you have followed the tips in this document and your patch still has not been -incorporated or responded to after some weeks, consider resubmitting it to the -list or better yet: change it to a pull request. +If you have followed the tips in this document and your patch still has not +been incorporated or responded to after some weeks, consider resubmitting it +to the list or better yet: change it to a pull request. -### Write good commit messages +### Commit messages -A short guide to how to write commit messages in the curl project. +A short guide to how to write git commit messages in the curl project. ---- start ---- [area]: [short line describing the main effect] -- empty line -- - [full description, no wider than 72 columns that describe as much as + [full description, no wider than 72 columns that describes as much as possible as to why this change is made, and possibly what things - it fixes and everything else that is related] + it fixes and everything else that is related, with unwieldy URLs replaced + with references like [0], [1], etc.] -- empty line -- - [Closes/Fixes #1234 - if this closes or fixes a github issue] - [Bug: URL to source of the report or more related discussion] - [Reported-by: John Doe - credit the reporter] - [whatever-else-by: credit all helpers, finders, doers] + [[0] URL - Reference to a URL in the description, almost like Markdown; + the last numbered reference is followed by an -- empty line -- ] + [Follow-up to {shorthash} - if this fixes or continues a previous commit; + add a Ref: that commit's PR or issue if it's not a small, obvious fix; + followed by an -- empty line -- ] + [Bug: URL to the source of the report or more related discussion; use Fixes + for GitHub issues instead when that is appropriate] + [Approved-by: John Doe - credit someone who approved the PR; if you are + committing this for someone else using --author=... you do not need this + as you are implicitly approving it by committing] + [Authored-by: John Doe - credit the original author of the code; only use + this if you cannot use "git commit --author=..."] + [Signed-off-by: John Doe - we do not use this, but do not bother removing it] + [whatever-else-by: credit all helpers, finders, doers; try to use one of + the following keywords if at all possible, for consistency: + Acked-by:, Assisted-by:, Co-authored-by:, Found-by:, Reported-by:, + Reviewed-by:, Suggested-by:, Tested-by:] + [Ref: #1234 - if this is related to a GitHub issue or PR, possibly one that + has already been closed] + [Ref: URL to more information about the commit; use Bug: instead for + a reference to a bug on another bug tracker] + [Fixes #1234 - if this closes a GitHub issue; GitHub closes the issue once + this commit is merged] + [Closes #1234 - if this closes a GitHub PR; GitHub closes the PR once this + commit is merged] ---- stop ---- The first line is a succinct description of the change: - use the imperative, present tense: "change" not "changed" nor "changes" - - do not capitalize first letter - - no dot (.) at the end + - do not capitalize the first letter + - no period (.) at the end The `[area]` in the first line can be `http2`, `cookies`, `openssl` or -similar. There's no fixed list to select from but using the same "area" as +similar. There is no fixed list to select from but using the same "area" as other related changes could make sense. -Do not forget to use commit --author="" if you commit someone else's work, and +Do not forget to use commit --author=... if you commit someone else's work, and make sure that you have your own user and email setup correctly in git before -you commit +you commit. + +Add whichever header lines as appropriate, with one line per person if more +than one person was involved. There is no need to credit yourself unless you +are using --author=... which hides your identity. Do not include people's +email addresses in headers to avoid spam, unless they are already public from +a previous commit; saying `{userid} on github` is OK. ### Write Access to git Repository If you are a frequent contributor, you may be given push access to the git -repository and then you will be able to push your changes straight into the git +repository and then you are able to push your changes straight into the git repo instead of sending changes as pull requests or by mail as patches. -Just ask if this is what you would want. You will be required to have posted +Just ask if this is what you would want. You are required to have posted several high quality patches first, before you can be granted push access. ### How To Make a Patch with git @@ -236,7 +280,7 @@ can make patches out of your changes that are suitable for mailing: git format-patch remotes/origin/master -This creates files in your local directory named NNNN-[name].patch for each +This creates files in your local directory named `NNNN-[name].patch` for each commit. Now send those patches off to the curl-library list. You can of course opt to @@ -258,17 +302,22 @@ can use diff recursively: diff -ur curl-original-dir curl-modified-sources-dir > my-fixes.diff The GNU diff and GNU patch tools exist for virtually all platforms, including -all kinds of Unixes and Windows: +all kinds of Unixes and Windows. -For unix-like operating systems: +### Useful resources + - [Webinar on getting code into cURL](https://www.youtube.com/watch?v=QmZ3W1d6LQI) - - [https://savannah.gnu.org/projects/patch/](https://savannah.gnu.org/projects/patch/) - - [https://www.gnu.org/software/diffutils/](https://www.gnu.org/software/diffutils/) +## Update copyright and license information -For Windows: +There is a CI job called **REUSE compliance / check** that runs on every pull +request and commit to verify that the *REUSE state* of all files are still +fine. - - [https://gnuwin32.sourceforge.io/packages/patch.htm](https://gnuwin32.sourceforge.io/packages/patch.htm) - - [https://gnuwin32.sourceforge.io/packages/diffutils.htm](https://gnuwin32.sourceforge.io/packages/diffutils.htm) +This means that all files need to have their license and copyright information +clearly stated. Ideally by having the standard curl source code header, with +the SPDX-License-Identifier included. If the header does not work, you can use a +smaller header or add the information for a specific file to the `REUSE.toml` +file. -### Useful resources - - [Webinar on getting code into cURL](https://www.youtube.com/watch?v=QmZ3W1d6LQI) +You can manually verify the copyright and compliance status by running the +[REUSE helper tool](https://github.com/fsfe/reuse-tool): `reuse lint` diff --git a/libs/curl/docs/CURL-DISABLE.md b/libs/curl/docs/CURL-DISABLE.md index a2e75f19..3409bec0 100644 --- a/libs/curl/docs/CURL-DISABLE.md +++ b/libs/curl/docs/CURL-DISABLE.md @@ -1,136 +1,174 @@ + + # Code defines to disable features and protocols -## CURL_DISABLE_ALTSVC +## `CURL_DISABLE_ALTSVC` Disable support for Alt-Svc: HTTP headers. -## CURL_DISABLE_COOKIES +## `CURL_DISABLE_BINDLOCAL` + +Disable support for binding the local end of connections. + +## `CURL_DISABLE_COOKIES` Disable support for HTTP cookies. -## CURL_DISABLE_CRYPTO_AUTH +## `CURL_DISABLE_BASIC_AUTH` + +Disable support for the Basic authentication methods. + +## `CURL_DISABLE_BEARER_AUTH` + +Disable support for the Bearer authentication methods. + +## `CURL_DISABLE_DIGEST_AUTH` + +Disable support for the Digest authentication methods. -Disable support for authentication methods using crypto. +## `CURL_DISABLE_KERBEROS_AUTH` -## CURL_DISABLE_DICT +Disable support for the Kerberos authentication methods. + +## `CURL_DISABLE_NEGOTIATE_AUTH` + +Disable support for the negotiate authentication methods. + +## `CURL_DISABLE_AWS` + +Disable **AWS-SIG4** support. + +## `CURL_DISABLE_DICT` Disable the DICT protocol -## CURL_DISABLE_DOH +## `CURL_DISABLE_DOH` Disable DNS-over-HTTPS -## CURL_DISABLE_FILE +## `CURL_DISABLE_FILE` Disable the FILE protocol -## CURL_DISABLE_FTP +## `CURL_DISABLE_FORM_API` + +Disable the form API + +## `CURL_DISABLE_FTP` Disable the FTP (and FTPS) protocol -## CURL_DISABLE_GETOPTIONS +## `CURL_DISABLE_GETOPTIONS` Disable the `curl_easy_options` API calls that lets users get information about existing options to `curl_easy_setopt`. -## CURL_DISABLE_GOPHER +## `CURL_DISABLE_GOPHER` Disable the GOPHER protocol. -## CURL_DISABLE_HSTS +## `CURL_DISABLE_HEADERS_API` + +Disable the HTTP header API. + +## `CURL_DISABLE_HSTS` Disable the HTTP Strict Transport Security support. -## CURL_DISABLE_HTTP +## `CURL_DISABLE_HTTP` Disable the HTTP(S) protocols. Note that this then also disable HTTP proxy support. -## CURL_DISABLE_HTTP_AUTH +## `CURL_DISABLE_HTTP_AUTH` Disable support for all HTTP authentication methods. -## CURL_DISABLE_IMAP +## `CURL_DISABLE_IMAP` Disable the IMAP(S) protocols. -## CURL_DISABLE_LDAP +## `CURL_DISABLE_LDAP` Disable the LDAP(S) protocols. -## CURL_DISABLE_LDAPS +## `CURL_DISABLE_LDAPS` Disable the LDAPS protocol. -## CURL_DISABLE_LIBCURL_OPTION +## `CURL_DISABLE_LIBCURL_OPTION` Disable the --libcurl option from the curl tool. -## CURL_DISABLE_MIME +## `CURL_DISABLE_MIME` Disable MIME support. -## CURL_DISABLE_MQTT +## `CURL_DISABLE_MQTT` Disable MQTT support. -## CURL_DISABLE_NETRC +## `CURL_DISABLE_NETRC` Disable the netrc parser. -## CURL_DISABLE_NTLM +## `CURL_DISABLE_NTLM` Disable support for NTLM. -## CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG +## `CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG` Disable the auto load config support in the OpenSSL backend. -## CURL_DISABLE_PARSEDATE +## `CURL_DISABLE_PARSEDATE` Disable date parsing -## CURL_DISABLE_POP3 +## `CURL_DISABLE_POP3` Disable the POP3 protocol -## CURL_DISABLE_PROGRESS_METER +## `CURL_DISABLE_PROGRESS_METER` Disable the built-in progress meter -## CURL_DISABLE_PROXY +## `CURL_DISABLE_PROXY` Disable support for proxies -## CURL_DISABLE_RTSP +## `CURL_DISABLE_RTSP` Disable the RTSP protocol. -## CURL_DISABLE_SHUFFLE_DNS +## `CURL_DISABLE_SHUFFLE_DNS` Disable the shuffle DNS feature -## CURL_DISABLE_SMB +## `CURL_DISABLE_SMB` Disable the SMB(S) protocols -## CURL_DISABLE_SMTP +## `CURL_DISABLE_SMTP` Disable the SMTP(S) protocols -## CURL_DISABLE_SOCKETPAIR +## `CURL_DISABLE_SOCKETPAIR` -Disable the use of socketpair internally to allow waking up and canceling -curl_multi_poll(). +Disable the use of `socketpair()` internally to allow waking up and canceling +`curl_multi_poll()`. -## CURL_DISABLE_TELNET +## `CURL_DISABLE_TELNET` Disable the TELNET protocol -## CURL_DISABLE_TFTP +## `CURL_DISABLE_TFTP` Disable the TFTP protocol -## CURL_DISABLE_VERBOSE_STRINGS +## `CURL_DISABLE_VERBOSE_STRINGS` Disable verbose strings and error messages. diff --git a/libs/curl/docs/CURLDOWN.md b/libs/curl/docs/CURLDOWN.md new file mode 100644 index 00000000..18c1cbc3 --- /dev/null +++ b/libs/curl/docs/CURLDOWN.md @@ -0,0 +1,168 @@ + + +# curldown + +A markdown-like syntax for libcurl man pages. + +## Purpose + +A text format for writing libcurl documentation in the shape of man pages. + +Make it easier for users to contribute and write documentation. A format that +is easier on the eye in its source format. + +Make it harder to do syntactical mistakes. + +Use a format that allows creating man pages that end up looking exactly like +the man pages did when we wrote them in nroff format. + +Take advantage of the fact that people these days are accustomed to markdown +by using a markdown-like syntax. + +This allows us to fix issues in the nroff format easier since now we generate +them. For example: escaping minus to prevent them from being turned into +Unicode by man. + +Generate nroff output that looks (next to) *identical* to the previous files, +so that the look, existing test cases, HTML conversions, existing +infrastructure etc remain mostly intact. + +Contains meta-data in a structured way to allow better output (for example the +see also information) and general awareness of what the file is about. + +## File extension + +Since curldown looks similar to markdown, we use `.md` extensions on the +files. + +## Conversion + +Convert **from curldown to nroff** with `cd2nroff`. Generates nroff man pages. + +Convert **from nroff to curldown** with `nroff2cd`. This is only meant to be +used for the initial conversion to curldown and should ideally never be needed +again. + +Convert, check or clean up an existing curldown to nicer, better, cleaner +curldown with **cd2cd**. + +Mass-convert all curldown files to nroff in specified directories with +`cdall`: + + cdall [dir1] [dir2] [dir3] .. + +## Known issues + +The `cd2nroff` tool does not yet handle *italics* or **bold** where the start +and the end markers are used on separate lines. + +The `nroff2cd` tool generates code style quotes for all `.fi` sections since +the nroff format does not carry a distinction. + +# Format + +Each curldown starts with a header with meta-data: + + --- + c: Copyright (C) Daniel Stenberg, , et al. + SPDX-License-Identifier: curl + Title: CURLOPT_AWS_SIGV4 + Section: 3 + Source: libcurl + Protocol: + - HTTP + See-also: + - CURLOPT_HEADEROPT (3) + - CURLOPT_HTTPAUTH (3) + TLS-backend: + - [name] + Added-in: [version or "n/a"] + --- + +All curldown files *must* have all the headers present and at least one +`See-also:` entry specified. + +If the man page is for section 3 (library related). The `Protocol` list must +contain at least one protocol, which can be `*` if the option is virtually for +everything. If `*` is used, it must be the only listed protocol. Recognized +protocols are either URL schemes (in uppercase), `TLS` or `TCP`. + +If the `Protocol` list contains `TLS`, then there must also be a `TLS-backend` +list, specifying `All` or a list of what TLS backends that work with this +option. The available TLS backends are: + +- `BearSSL` +- `GnuTLS` +- `mbedTLS` +- `OpenSSL` (also covers BoringSSL, LibreSSL, quictls, AWS-LC and AmiSSL) +- `rustls` +- `Schannel` +- `Secure Transport` +- `wolfSSL` +- `All`: all TLS backends + +Following the header in the file, is the manual page using markdown-like +syntax: + +~~~ + # NAME + a page - this is a page descriving something + + # SYNOPSIS + ~~~c + #include + + CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AWS_SIGV4, char *param); + ~~~ +~~~ + +Quoted source code should start with `~~~c` and end with `~~~` while regular +quotes can start with `~~~` or just be indented with 4 spaces. + +Headers at top-level `#` get converted to `.SH`. + +`nroff2cd` supports the `##` next level header which gets converted to `.IP`. + +Write bold words or phrases within `**` like: + + This is a **bold** word. + +Write italics like: + + This is *italics*. + +Due to how man pages do not support backticks especially formatted, such +occurrences in the source are instead just using italics in the generated +output: + + This `word` appears in italics. + +When generating the nroff output, the tooling removes superfluous newlines, +meaning they can be used freely in the source file to make the text more +readable. + +To make sure curldown documents render correctly as markdown, all literal +occurrences of `<` or `>` need to be escaped by a leading backslash. + +## Generating contents + +`# %PROTOCOLS%` - inserts a **PROTOCOLS** section based on the metadata +provided in the header. + +`# %AVAILABILITY%` - inserts an **AVAILABILITY** section based on the metadata +provided in the header. + +## Symbols + +All mentioned curl symbols that have their own man pages, like +`curl_easy_perform(3)` are automatically rendered using italics in the output +without having to enclose it with asterisks. This helps ensuring that they get +converted to links properly later in the HTML version on the website, as +converted with `roffit`. This makes the curldown text easier to read even when +mentioning many curl symbols. + +This auto-linking works for patterns matching `(lib|)curl[^ ]*(3)`. diff --git a/libs/curl/docs/DEPRECATE.md b/libs/curl/docs/DEPRECATE.md index d0d94d1a..6ad93172 100644 --- a/libs/curl/docs/DEPRECATE.md +++ b/libs/curl/docs/DEPRECATE.md @@ -1,3 +1,9 @@ + + # Items to be removed from future curl releases If any of these deprecated features is a cause for concern for you, please @@ -6,8 +12,26 @@ email the as soon as possible and explain to us why this is a problem for you and how your use case cannot be satisfied properly using a workaround. +## TLS libraries without 1.3 support + +curl drops support for TLS libraries without TLS 1.3 capability after May +2025. + +It requires that a curl build using the library should be able to negotiate +and use TLS 1.3, or else it is not good enough. + +As of May 2024, the libraries that need to get fixed to remain supported after +May 2025 are: BearSSL and Secure Transport. + ## Past removals - Pipelining - axTLS - PolarSSL + - NPN + - Support for systems without 64-bit data types + - NSS + - gskit + - mingw v1 + - NTLM_WB + - space-separated `NOPROXY` patterns diff --git a/libs/curl/docs/DISTROS.md b/libs/curl/docs/DISTROS.md new file mode 100644 index 00000000..c3ae64c8 --- /dev/null +++ b/libs/curl/docs/DISTROS.md @@ -0,0 +1,286 @@ + + +# curl distros + + + +Lots of organizations distribute curl packages to end users. This is a +collection of pointers to where to learn more about curl on and with each +distro. Those marked *Rolling Release* typically run the latest version of curl +and are therefore less likely to have back-ported patches to older versions. + +We discuss curl distro issues, patches and collaboration on the [curl-distros +mailing list](https://lists.haxx.se/listinfo/curl-distros) ([list +archives](https://curl.se/mail/list.cgi?list=curl-distros)). + +## AlmaLinux + +- curl package source and patches: https://git.almalinux.org/rpms/curl/ +- curl issues: https://bugs.almalinux.org/view_all_bug_page.php click Category and choose curl +- curl security: https://errata.almalinux.org/ search for curl + +## Alpine Linux + +- curl: https://pkgs.alpinelinux.org/package/edge/main/x86_64/curl +- curl issues: https://gitlab.alpinelinux.org/alpine/aports/-/issues +- curl security: https://security.alpinelinux.org/srcpkg/curl +- curl package source and patches: https://gitlab.alpinelinux.org/alpine/aports/-/tree/master/main/curl + +## Alt Linux + +- curl: http://www.sisyphus.ru/srpm/Sisyphus/curl +- curl patches: http://www.sisyphus.ru/ru/srpm/Sisyphus/curl/patches +- curl issues: http://www.sisyphus.ru/ru/srpm/Sisyphus/curl/bugs + +## Arch Linux + +*Rolling Release* + +- curl: https://archlinux.org/packages/core/x86_64/curl/ +- curl issues: https://gitlab.archlinux.org/archlinux/packaging/packages/curl/-/issues +- curl security: https://security.archlinux.org/package/curl +- curl wiki: https://wiki.archlinux.org/title/CURL + +## Buildroot + +*Rolling Release* + +- curl package source and patches: https://git.buildroot.net/buildroot/tree/package/libcurl +- curl issues: https://bugs.buildroot.org/buglist.cgi?quicksearch=curl + +## Chimera + +- curl package source and patches: https://github.com/chimera-linux/cports/tree/master/main/curl + +## Clear Linux + +*Rolling Release* + +- curl: https://github.com/clearlinux-pkgs/curl +- curl issues: https://github.com/clearlinux/distribution/issues + +## Conary + +- curl: https://github.com/conan-io/conan-center-index/tree/master/recipes/libcurl +- curl issues: https://github.com/conan-io/conan-center-index/issues +- curl patches: https://github.com/conan-io/conan-center-index/tree/master/recipes/libcurl (in `all/patches/*`, if any) + +## conda-forge + +- curl: https://github.com/conda-forge/curl-feedstock +- curl issues: https://github.com/conda-forge/curl-feedstock/issues + +## CRUX + +- curl: https://crux.nu/portdb/?a=search&q=curl +- curl issues: https://git.crux.nu/ports/core/issues/?type=all&state=open&q=curl + +## curl-for-win + +(this is the official curl binaries for Windows shipped by the curl project) + +*Rolling Release* + +- curl: https://curl.se/windows/ +- curl patches: https://github.com/curl/curl-for-win/blob/main/curl.patch (if any) +- build-specific issues: https://github.com/curl/curl-for-win/issues + +Issues and patches for this are managed in the main curl project. + +## Cygwin + +- curl: https://cygwin.com/cgit/cygwin-packages/curl/tree/curl.cygport +- curl patches: https://cygwin.com/cgit/cygwin-packages/curl/tree +- curl issues: https://inbox.sourceware.org/cygwin/?q=s%3Acurl + +## Cygwin (cross mingw64) + +- mingw64-x86_64-curl: https://cygwin.com/cgit/cygwin-packages/mingw64-x86_64-curl/tree/mingw64-x86_64-curl.cygport +- mingw64-x86_64-curl patches: https://cygwin.com/cgit/cygwin-packages/mingw64-x86_64-curl/tree +- mingw64-x86_64-curl issues: https://inbox.sourceware.org/cygwin/?q=s%3Amingw64-x86_64-curl + +## Debian + +- curl: https://tracker.debian.org/pkg/curl +- curl issues: https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=curl +- curl patches: https://udd.debian.org/patches.cgi?src=curl +- curl patches: https://salsa.debian.org/debian/curl (in debian/* branches, inside the folder debian/patches) + +## Fedora + +- curl: https://src.fedoraproject.org/rpms/curl +- curl issues: [bugzilla](https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&product=Fedora&product=Fedora%20EPEL&component=curl) +- curl patches: [list of patches in package git](https://src.fedoraproject.org/rpms/curl/tree/rawhide) + +## FreeBSD + +- curl: https://cgit.freebsd.org/ports/tree/ftp/curl +- curl patches: https://cgit.freebsd.org/ports/tree/ftp/curl +- curl issues: https://bugs.freebsd.org/bugzilla/buglist.cgi?bug_status=__open__&order=Importance&product=Ports%20%26%20Packages&query_format=advanced&short_desc=curl&short_desc_type=allwordssubstr + +## Gentoo Linux + +*Rolling Release* + +- curl: https://packages.gentoo.org/packages/net-misc/curl +- curl issues: https://bugs.gentoo.org/buglist.cgi?quicksearch=net-misc/curl +- curl package sources and patches: https://gitweb.gentoo.org/repo/gentoo.git/tree/net-misc/curl/ + +## GNU Guix + +*Rolling Release* + +- curl: https://git.savannah.gnu.org/gitweb/?p=guix.git;a=blob;f=gnu/packages/curl.scm;hb=HEAD +- curl issues: https://issues.guix.gnu.org/search?query=curl + +## Homebrew + +*Rolling Release* + +- curl: https://formulae.brew.sh/formula/curl + +Homebrew's policy is that all patches and issues should be submitted upstream +unless it is very specific to Homebrew's way of packaging software. + +## MacPorts + +*Rolling Release* + +- curl: https://github.com/macports/macports-ports/tree/master/net/curl +- curl issues: https://trac.macports.org/query?0_port=curl&0_port_mode=%7E&0_status=%21closed +- curl patches: https://github.com/macports/macports-ports/tree/master/net/curl/files + +## Mageia + +- curl: https://svnweb.mageia.org/packages/cauldron/curl/current/SPECS/curl.spec?view=markup +- curl issues: https://bugs.mageia.org/buglist.cgi?bug_status=NEW&bug_status=UNCONFIRMED&bug_status=NEEDINFO&bug_status=UPSTREAM&bug_status=ASSIGNED&component=RPM%20Packages&f1=cf_rpmpkg&list_id=176576&o1=casesubstring&product=Mageia&query_format=advanced&v1=curl +- curl patches: https://svnweb.mageia.org/packages/cauldron/curl/current/SOURCES/ +- curl patches in stable distro releases: https://svnweb.mageia.org/packages/updates//curl/current/SOURCES/ +- curl security: https://advisories.mageia.org/src_curl.html + +## MSYS2 + +*Rolling Release* + +- curl: https://github.com/msys2/MSYS2-packages/tree/master/curl +- curl issues: https://github.com/msys2/MSYS2-packages/issues +- curl patches: https://github.com/msys2/MSYS2-packages/tree/master/curl (`*.patch`) + +## MSYS2 (mingw-w64) + +*Rolling Release* + +- curl: https://github.com/msys2/MINGW-packages/tree/master/mingw-w64-curl +- curl issues: https://github.com/msys2/MINGW-packages/issues +- curl patches: https://github.com/msys2/MINGW-packages/tree/master/mingw-w64-curl (`*.patch`) + +## Muldersoft + +*Rolling Release* + +- curl: https://github.com/lordmulder/cURL-build-win32 +- curl issues: https://github.com/lordmulder/cURL-build-win32/issues +- curl patches: https://github.com/lordmulder/cURL-build-win32/tree/master/patch + +## NixOS + +- curl: https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/networking/curl/default.nix +- curl issues: https://github.com/NixOS/nixpkgs + +nixpkgs is the package repository used by the NixOS Linux distribution, but +can also be used on other distributions + +## OmniOS + +- curl: https://github.com/omniosorg/omnios-build/tree/master/build/curl +- curl issues: https://github.com/omniosorg/omnios-build/issues +- curl patches: https://github.com/omniosorg/omnios-build/tree/master/build/curl/patches + +## OpenIndiana + +- curl: https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components/web/curl +- curl issues: https://www.illumos.org/projects/openindiana/issues +- curl patches: https://github.com/OpenIndiana/oi-userland/tree/oi/hipster/components/web/curl/patches + +## OpenSUSE + +- curl source and patches: https://build.opensuse.org/package/show/openSUSE%3AFactory/curl + +## Oracle Solaris + +- curl: https://github.com/oracle/solaris-userland/tree/master/components/curl +- curl issues: https://support.oracle.com/ (requires support contract) +- curl patches: https://github.com/oracle/solaris-userland/tree/master/components/curl/patches + +## OpenEmbedded / Yocto Project + +*Rolling Release* + +- curl: https://layers.openembedded.org/layerindex/recipe/5765/ +- curl issues: https://bugzilla.yoctoproject.org/ +- curl patches: https://git.openembedded.org/openembedded-core/tree/meta/recipes-support/curl + +## PLD Linux + +- curl package source and patches: https://github.com/pld-linux/curl +- curl issues: https://bugs.launchpad.net/pld-linux?field.searchtext=curl&search=Search&field.status%3Alist=NEW&field.status%3Alist=INCOMPLETE_WITH_RESPONSE&field.status%3Alist=INCOMPLETE_WITHOUT_RESPONSE&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.assignee=&field.bug_reporter=&field.omit_dupes=on&field.has_patch=&field.has_no_package= + +## pkgsrc + +- curl: https://github.com/NetBSD/pkgsrc/tree/trunk/www/curl +- curl issues: https://github.com/NetBSD/pkgsrc/issues +- curl patches: https://github.com/NetBSD/pkgsrc/tree/trunk/www/curl/patches + +## Red Hat Enterprise Linux / CentOS Stream + +- curl: https://kojihub.stream.centos.org/koji/packageinfo?packageID=217 +- curl issues: https://issues.redhat.com/secure/CreateIssueDetails!init.jspa?pid=12332745&issuetype=1&components=12377466&priority=10300 +- curl patches: https://gitlab.com/redhat/centos-stream/rpms/curl + +## Rocky Linux + +- curl: https://git.rockylinux.org/staging/rpms/curl/-/blob/r9/SPECS/curl.spec +- curl issues: https://bugs.rockylinux.org +- curl patches: https://git.rockylinux.org/staging/rpms/curl/-/tree/r9/SOURCES + +## SerenityOS + +- curl: https://github.com/SerenityOS/serenity/tree/master/Ports/curl +- curl issues: https://github.com/SerenityOS/serenity/issues?q=label%3Aports +- curl patches: https://github.com/SerenityOS/serenity/tree/master/Ports/curl/patches + +## SmartOS + +- curl: https://github.com/TritonDataCenter/illumos-extra/tree/master/curl +- curl issues: https://github.com/TritonDataCenter/illumos-extra/issues +- curl patches: https://github.com/TritonDataCenter/illumos-extra/tree/master/curl/Patches + +## SPACK + +- curl package source and patches: https://github.com/spack/spack/tree/develop/var/spack/repos/builtin/packages/curl + +## vcpkg + +*Rolling Release* + +- curl: https://github.com/microsoft/vcpkg/tree/master/ports/curl +- curl issues: https://github.com/microsoft/vcpkg/issues +- curl patches: https://github.com/microsoft/vcpkg/tree/master/ports/curl (`*.patch`) + +## Void Linux + +*Rolling Release* + +- curl: https://github.com/void-linux/void-packages/tree/master/srcpkgs/curl +- curl issues: https://github.com/void-linux/void-packages/issues +- curl patches: https://github.com/void-linux/void-packages/tree/master/srcpkgs/curl/patches + +## Wolfi + +*Rolling Release* + +- curl: https://github.com/wolfi-dev/os/blob/main/curl.yaml diff --git a/libs/curl/docs/DYNBUF.md b/libs/curl/docs/DYNBUF.md index 16aca8a6..01fe332a 100644 --- a/libs/curl/docs/DYNBUF.md +++ b/libs/curl/docs/DYNBUF.md @@ -1,34 +1,41 @@ + + # dynbuf This is the internal module for creating and handling "dynamic buffers". This means buffers that can be appended to, dynamically and grow to adapt. -There will always be a terminating zero put at the end of the dynamic buffer. +There is always a terminating zero put at the end of the dynamic buffer. The `struct dynbuf` is used to hold data for each instance of a dynamic buffer. The members of that struct **MUST NOT** be accessed or modified without using the dedicated dynbuf API. -## init +## `Curl_dyn_init` ```c void Curl_dyn_init(struct dynbuf *s, size_t toobig); ``` -This inits a struct to use for dynbuf and it cannot fail. The `toobig` value -**must** be set to the maximum size we allow this buffer instance to grow to. -The functions below will return `CURLE_OUT_OF_MEMORY` when hitting this limit. +This initializes a struct to use for dynbuf and it cannot fail. The `toobig` +value **must** be set to the maximum size we allow this buffer instance to +grow to. The functions below return `CURLE_OUT_OF_MEMORY` when hitting this +limit. -## free +## `Curl_dyn_free` ```c void Curl_dyn_free(struct dynbuf *s); ``` Free the associated memory and clean up. After a free, the `dynbuf` struct can -be re-used to start appending new data to. +be reused to start appending new data to. -## addn +## `Curl_dyn_addn` ```c CURLcode Curl_dyn_addn(struct dynbuf *s, const void *mem, size_t len); @@ -36,7 +43,9 @@ CURLcode Curl_dyn_addn(struct dynbuf *s, const void *mem, size_t len); Append arbitrary data of a given length to the end of the buffer. -## add +If this function fails it calls `Curl_dyn_free` on `dynbuf`. + +## `Curl_dyn_add` ```c CURLcode Curl_dyn_add(struct dynbuf *s, const char *str); @@ -44,7 +53,9 @@ CURLcode Curl_dyn_add(struct dynbuf *s, const char *str); Append a C string to the end of the buffer. -## addf +If this function fails it calls `Curl_dyn_free` on `dynbuf`. + +## `Curl_dyn_addf` ```c CURLcode Curl_dyn_addf(struct dynbuf *s, const char *fmt, ...); @@ -52,7 +63,9 @@ CURLcode Curl_dyn_addf(struct dynbuf *s, const char *fmt, ...); Append a `printf()`-style string to the end of the buffer. -## vaddf +If this function fails it calls `Curl_dyn_free` on `dynbuf`. + +## `Curl_dyn_vaddf` ```c CURLcode Curl_dyn_vaddf(struct dynbuf *s, const char *fmt, va_list ap); @@ -60,7 +73,9 @@ CURLcode Curl_dyn_vaddf(struct dynbuf *s, const char *fmt, va_list ap); Append a `vprintf()`-style string to the end of the buffer. -## reset +If this function fails it calls `Curl_dyn_free` on `dynbuf`. + +## `Curl_dyn_reset` ```c void Curl_dyn_reset(struct dynbuf *s); @@ -68,7 +83,7 @@ void Curl_dyn_reset(struct dynbuf *s); Reset the buffer length, but leave the allocation. -## tail +## `Curl_dyn_tail` ```c CURLcode Curl_dyn_tail(struct dynbuf *s, size_t length); @@ -76,29 +91,30 @@ CURLcode Curl_dyn_tail(struct dynbuf *s, size_t length); Keep `length` bytes of the buffer tail (the last `length` bytes of the buffer). The rest of the buffer is dropped. The specified `length` must not be -larger than the buffer length. +larger than the buffer length. To instead keep the leading part, see +`Curl_dyn_setlen()`. -## ptr +## `Curl_dyn_ptr` ```c char *Curl_dyn_ptr(const struct dynbuf *s); ``` -Returns a `char *` to the buffer if it has a length, otherwise a NULL. Since -the buffer may be reallocated, this pointer should not be trusted or used -anymore after the next buffer manipulation call. +Returns a `char *` to the buffer if it has a length, otherwise may return +NULL. Since the buffer may be reallocated, this pointer should not be trusted +or used anymore after the next buffer manipulation call. -## uptr +## `Curl_dyn_uptr` ```c unsigned char *Curl_dyn_uptr(const struct dynbuf *s); ``` -Returns an `unsigned char *` to the buffer if it has a length, otherwise a -NULL. Since the buffer may be reallocated, this pointer should not be trusted -or used anymore after the next buffer manipulation call. +Returns an `unsigned char *` to the buffer if it has a length, otherwise may +return NULL. Since the buffer may be reallocated, this pointer should not be +trusted or used anymore after the next buffer manipulation call. -## len +## `Curl_dyn_len` ```c size_t Curl_dyn_len(const struct dynbuf *s); @@ -106,3 +122,13 @@ size_t Curl_dyn_len(const struct dynbuf *s); Returns the length of the buffer in bytes. Does not include the terminating zero byte. + +## `Curl_dyn_setlen` + +```c +CURLcode Curl_dyn_setlen(struct dynbuf *s, size_t len); +``` + +Sets the new shorter length of the buffer in number of bytes. Keeps the +leftmost set number of bytes, discards the rest. To instead keep the tail part +of the buffer, see `Curl_dyn_tail()`. diff --git a/libs/curl/docs/EARLY-RELEASE.md b/libs/curl/docs/EARLY-RELEASE.md new file mode 100644 index 00000000..e66dbbd4 --- /dev/null +++ b/libs/curl/docs/EARLY-RELEASE.md @@ -0,0 +1,73 @@ + + +# How to determine if an early patch release is warranted + +In the curl project we do releases every 8 weeks. Unless we break the cycle +and do an early patch release. + +We do frequent releases partly to always have the next release "not too far +away". + +## Bugfix + +During the release cycle, and especially in the beginning of a new cycle (the +so-called "cool down" period), there are times when a bug is reported and +after it has been subsequently fixed correctly, the question might be asked: +is this bug and associated fix important enough for an early patch release? + +The question can only be properly asked when a fix has been created and landed +in the git master branch. + +## Early release + +An early patch release means that we ship a new, complete and full release +called `major.minor.patch` where the `patch` part is increased by one since +the previous release. A curl release is a curl release. There is no small or +big and we never release just a patch. There is only "release". + +## Questions to ask + + - Is there a security advisory rated high or critical? + - Is there a data corruption bug? + - Did the bug cause an API/ABI breakage? + - Does the problem annoy a significant share of the user population? + +If the answer is yes to one or more of the above, an early release might be +warranted. + +More questions to ask ourselves when doing the assessment if the answers to +the three ones above are all 'no'. + + - Does the bug cause curl to prematurely terminate? + - How common is the affected buggy option/feature/protocol/platform to get + used? + - How large is the estimated impacted user base? + - Does the bug block something crucial for applications or other adoption of + curl "out there" ? + - Does the bug cause problems for curl developers or others on "the curl + team" ? + - Is the bug limited to the curl tool only? That might have a smaller impact + than a bug also present in libcurl. + - Is there a (decent) workaround? + - Is it a regression? Is the bug introduced in this release? + - Can the bug be fixed "easily" by applying a patch? + - Does the bug break the build? Most users do not build curl themselves. + - How long is it until the already scheduled next release? + - Can affected users safely rather revert to a former release until the next + scheduled release? + - Is it a performance regression with no functionality side-effects? If so it + has to be substantial. + +## If an early release is deemed necessary + +Unless done for security or similarly important reasons, an early release +should not be done within a week of the previous release. + +This, to enable us to collect and bundle more fixes into the same release to +make the release more worthwhile for everyone and to allow more time for fixes +to settle and things to get tested. Getting a release in shape and done in +style is work that should not be rushed. diff --git a/libs/curl/docs/ECH.md b/libs/curl/docs/ECH.md new file mode 100644 index 00000000..9c7cbf15 --- /dev/null +++ b/libs/curl/docs/ECH.md @@ -0,0 +1,478 @@ + + +# Building curl with HTTPS-RR and ECH support + +We have added support for ECH to curl. It can use HTTPS RRs published in the +DNS if curl uses DoH, or else can accept the relevant ECHConfigList values +from the command line. This works with OpenSSL, wolfSSL or BoringSSL as the +TLS provider. + +This feature is EXPERIMENTAL. DO NOT USE IN PRODUCTION. + +This should however provide enough of a proof-of-concept to prompt an informed +discussion about a good path forward for ECH support in curl. + +## OpenSSL Build + +To build our ECH-enabled OpenSSL fork: + +```bash + cd $HOME/code + git clone https://github.com/defo-project/openssl + cd openssl + ./config --libdir=lib --prefix=$HOME/code/openssl-local-inst + ...stuff... + make -j8 + ...stuff (maybe go for coffee)... + make install_sw + ...a little bit of stuff... +``` + +To build curl ECH-enabled, making use of the above: + +```bash + cd $HOME/code + git clone https://github.com/curl/curl + cd curl + autoreconf -fi + LDFLAGS="-Wl,-rpath,$HOME/code/openssl-local-inst/lib/" ./configure --with-ssl=$HOME/code/openssl-local-inst --enable-ech --enable-httpsrr + ...lots of output... + WARNING: ECH HTTPSRR enabled but marked EXPERIMENTAL... + make + ...lots more output... +``` + +If you do not get that WARNING at the end of the ``configure`` command, then +ECH is not enabled, so go back some steps and re-do whatever needs re-doing:-) +If you want to debug curl then you should add ``--enable-debug`` to the +``configure`` command. + +In a recent (2024-05-20) build on one machine, configure failed to find the +ECH-enabled SSL library, apparently due to the existence of +``$HOME/code/openssl-local-inst/lib/pkgconfig`` as a directory containing +various settings. Deleting that directory worked around the problem but may +not be the best solution. + +## Using ECH and DoH + +Curl supports using DoH for A/AAAA lookups so it was relatively easy to add +retrieval of HTTPS RRs in that situation. To use ECH and DoH together: + +```bash + cd $HOME/code/curl + LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl --ech true --doh-url https://one.one.one.one/dns-query https://defo.ie/ech-check.php + ... + SSL_ECH_STATUS: success good
+ ... +``` + +The output snippet above is within the HTML for the webpage, when things work. + +The above works for these test sites: + +```bash + https://defo.ie/ech-check.php + https://draft-13.esni.defo.ie:8413/stats + https://draft-13.esni.defo.ie:8414/stats + https://crypto.cloudflare.com/cdn-cgi/trace + https://tls-ech.dev +``` + +The list above has 4 different server technologies, implemented by 3 different +parties, and includes a case (the port 8414 server) where HelloRetryRequest +(HRR) is forced. + +We currently support the following new curl command line arguments/options: + +- ``--ech `` - the ``config`` value can be one of: + - ``false`` says to not attempt ECH + - ``true`` says to attempt ECH, if possible + - ``grease`` if attempting ECH is not possible, then send a GREASE ECH extension + - ``hard`` hard-fail the connection if ECH cannot be attempted + - ``ecl:`` a base64 encoded ECHConfigList, rather than one accessed from the DNS + - ``pn:`` over-ride the ``public_name`` from an ECHConfigList + +Note that in the above "attempt ECH" means the client emitting a TLS +ClientHello with a "real" ECH extension, but that does not mean that the +relevant server can succeed in decrypting, as things can fail for other +reasons. + +## Supplying an ECHConfigList on the command line + +To supply the ECHConfigList on the command line, you might need a bit of +cut-and-paste, e.g.: + +```bash + dig +short https defo.ie + 1 . ipv4hint=213.108.108.101 ech=AED+DQA8PAAgACD8WhlS7VwEt5bf3lekhHvXrQBGDrZh03n/LsNtAodbUAAEAAEAAQANY292ZXIuZGVmby5pZQAA ipv6hint=2a00:c6c0:0:116:5::10 +``` + +Then paste the base64 encoded ECHConfigList onto the curl command line: + +```bash + LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl --ech ecl:AED+DQA8PAAgACD8WhlS7VwEt5bf3lekhHvXrQBGDrZh03n/LsNtAodbUAAEAAEAAQANY292ZXIuZGVmby5pZQAA https://defo.ie/ech-check.php + ... + SSL_ECH_STATUS: success good
+ ... +``` + +The output snippet above is within the HTML for the webpage. + +If you paste in the wrong ECHConfigList (it changes hourly for ``defo.ie``) you +should get an error like this: + +```bash + LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl -vvv --ech ecl:AED+DQA8yAAgACDRMQo+qYNsNRNj+vfuQfFIkrrUFmM4vogucxKj/4nzYgAEAAEAAQANY292ZXIuZGVmby5pZQAA https://defo.ie/ech-check.php + ... + * OpenSSL/3.3.0: error:0A00054B:SSL routines::ech required + ... +``` + +There is a reason to want this command line option - for use before publishing +an ECHConfigList in the DNS as per the Internet-draft [A well-known URI for +publishing ECHConfigList values](https://datatracker.ietf.org/doc/draft-ietf-tls-wkech/). + +If you do use a wrong ECHConfigList value, then the server might return a +good value, via the ``retry_configs`` mechanism. You can see that value in +the verbose output, e.g.: + +```bash + LD_LIBRARY_PATH=$HOME/code/openssl ./src/curl -vvv --ech ecl:AED+DQA8yAAgACDRMQo+qYNsNRNj+vfuQfFIkrrUFmM4vogucxKj/4nzYgAEAAEAAQANY292ZXIuZGVmby5pZQAA https://defo.ie/ech-check.php + ... +* ECH: retry_configs AQD+DQA8DAAgACBvYqJy+Hgk33wh/ZLBzKSPgwxeop7gvojQzfASq7zeZQAEAAEAAQANY292ZXIuZGVmby5pZQAA/g0APEMAIAAgXkT5r4cYs8z19q5rdittyIX8gfQ3ENW4wj1fVoiJZBoABAABAAEADWNvdmVyLmRlZm8uaWUAAP4NADw2ACAAINXSE9EdXzEQIJZA7vpwCIQsWqsFohZARXChgPsnfI1kAAQAAQABAA1jb3Zlci5kZWZvLmllAAD+DQA8cQAgACASeiD5F+UoSnVoHvA2l1EifUVMFtbVZ76xwDqmMPraHQAEAAEAAQANY292ZXIuZGVmby5pZQAA +* ECH: retry_configs for defo.ie from cover.defo.ie, 319 + ... +``` + +At that point, you could copy the base64 encoded value above and try again. +For now, this only works for the OpenSSL and BoringSSL builds. + +## Default settings + +Curl has various ways to configure default settings, e.g. in ``$HOME/.curlrc``, +so one can set the DoH URL and enable ECH that way: + +```bash + cat ~/.curlrc + doh-url=https://one.one.one.one/dns-query + silent + ech=true +``` + +Note that when you use the system's curl command (rather than our ECH-enabled +build), it is liable to warn that ``ech`` is an unknown option. If that is an +issue (e.g. if some script re-directs stdout and stderr somewhere) then adding +the ``silent`` line above seems to be a good enough fix. (Though of +course, yet another script could depend on non-silent behavior, so you may have +to figure out what you prefer yourself.) That seems to have changed with the +latest build, previously ``silent=TRUE`` was what I used in ``~/.curlrc`` but +now that seems to cause a problem, so that the following line(s) are ignored. + +If you want to always use our OpenSSL build you can set ``LD_LIBRARY_PATH`` +in the environment: + +```bash + export LD_LIBRARY_PATH=$HOME/code/openssl +``` + +When you do the above, there can be a mismatch between OpenSSL versions +for applications that check that. A ``git push`` for example fails so you +should unset ``LD_LIBRARY_PATH`` before doing that or use a different shell. + +```bash + git push + OpenSSL version mismatch. Built against 30000080, you have 30200000 + ... +``` + +With all that setup as above the command line gets simpler: + +```bash + ./src/curl https://defo.ie/ech-check.php + ... + SSL_ECH_STATUS: success good
+ ... +``` + +The ``--ech true`` option is opportunistic, so tries to do ECH but does not fail if +the client for example cannot find any ECHConfig values. The ``--ech hard`` +option hard-fails if there is no ECHConfig found in DNS, so for now, that is not +a good option to set as a default. Once ECH has really been attempted by +the client, if decryption on the server side fails, then curl fails. + +## Code changes for ECH support when using DoH + +Code changes are ``#ifdef`` protected via ``USE_ECH`` or ``USE_HTTPSRR``: + +- ``USE_HTTPSRR`` is used for HTTPS RR retrieval code that could be generically + used should non-ECH uses for HTTPS RRs be identified, e.g. use of ALPN values +or IP address hints. + +- ``USE_ECH`` protects ECH specific code. + +There are various obvious code blocks for handling the new command line +arguments which are not described here, but should be fairly clear. + +As shown in the ``configure`` usage above, there are ``configure.ac`` changes +that allow separately dis/enabling ``USE_HTTPSRR`` and ``USE_ECH``. If ``USE_ECH`` +is enabled, then ``USE_HTTPSRR`` is forced. In both cases ``USE_DOH`` +is required. (There may be some configuration conflicts available for the +determined:-) + +The main functional change, as you would expect, is in ``lib/vtls/openssl.c`` +where an ECHConfig, if available from command line or DNS cache, is fed into +the OpenSSL library via the new APIs implemented in our OpenSSL fork for that +purpose. This code also implements the opportunistic (``--ech true``) or hard-fail +(``--ech hard``) logic. + +Other than that, the main additions are in ``lib/doh.c`` +where we re-use ``dohprobe()`` to retrieve an HTTPS RR value for the target +domain. If such a value is found, that is stored using a new ``store_https()`` +function in a new field in the ``dohentry`` structure. + +The qname for the DoH query is modified if the port number is not 443, as +defined in the SVCB specification. + +When the DoH process has worked, ``Curl_doh_is_resolved()`` now also returns +the relevant HTTPS RR value data in the ``Curl_dns_entry`` structure. +That is later accessed when the TLS session is being established, if ECH is +enabled (from ``lib/vtls/openssl.c`` as described above). + +## Limitations + +Things that need fixing, but that can probably be ignored for the +moment: + +- We could easily add code to make use of an ``alpn=`` value found in an HTTPS + RR, passing that on to OpenSSL for use as the "inner" ALPN value, but have +yet to do that. + +Current limitations (more interesting than the above): + +- Only the first HTTPS RR value retrieved is actually processed as described + above, that could be extended in future, though picking the "right" HTTPS RR +could be non-trivial if multiple RRs are published - matching IP address hints +versus A/AAAA values might be a good basis for that. Last I checked though, +browsers supporting ECH did not handle multiple HTTPS RRs well, though that +needs re-checking as it has been a while. + +- It is unclear how one should handle any IP address hints found in an HTTPS RR. + It may be that a bit of consideration of how "multi-CDN" deployments might +emerge would provide good answers there, but for now, it is not clear how best +curl might handle those values when present in the DNS. + +- The SVCB/HTTPS RR specification supports a new "CNAME at apex" indirection + ("aliasMode") - the current code takes no account of that at all. One could +envisage implementing the equivalent of following CNAMEs in such cases, but +it is not clear if that'd be a good plan. (As of now, chrome browsers do not seem +to have any support for that "aliasMode" and we have not checked Firefox for that +recently.) + +- We have not investigated what related changes or additions might be needed + for applications using libcurl, as opposed to use of curl as a command line +tool. + +- We have not yet implemented tests as part of the usual curl test harness as +doing so would seem to require re-implementing an ECH-enabled server as part +of the curl test harness. For now, we have a ``./tests/ech_test.sh`` script +that attempts ECH with various test servers and with many combinations of the +allowed command line options. While that is a useful test and has find issues, +it is not comprehensive and we are not (as yet) sure what would be the right +level of coverage. When running that script you should not have a +``$HOME/.curlrc`` file that affects ECH or some of the negative tests could +produce spurious failures. + +## Building with cmake + +To build with cmake, assuming our ECH-enabled OpenSSL is as before: + +```bash + cd $HOME/code + git clone https://github.com/curl/curl + cd curl + mkdir build + cd build + cmake -DOPENSSL_ROOT_DIR=$HOME/code/openssl -DUSE_ECH=1 -DUSE_HTTPSRR=1 .. + ... + make + ... + [100%] Built target curl +``` + +The binary produced by the cmake build does not need any ECH-specific +``LD_LIBRARY_PATH`` setting. + +## BoringSSL build + +BoringSSL is also supported by curl and also supports ECH, so to build +with that, instead of our ECH-enabled OpenSSL: + +```bash + cd $HOME/code + git clone https://boringssl.googlesource.com/boringssl + cd boringssl + cmake -DCMAKE_INSTALL_PREFIX:PATH=$HOME/code/boringssl/inst -DBUILD_SHARED_LIBS=1 + make + ... + make install +``` + +Then: + +```bash + cd $HOME/code + git clone https://github.com/curl/curl + cd curl + autoreconf -fi + LDFLAGS="-Wl,-rpath,$HOME/code/boringssl/inst/lib" ./configure --with-ssl=$HOME/code/boringssl/inst --enable-ech --enable-httpsrr + ...lots of output... + WARNING: ECH HTTPSRR enabled but marked EXPERIMENTAL. Use with caution! + make +``` + +The BoringSSL APIs are fairly similar to those in our ECH-enabled OpenSSL +fork, so code changes are also in ``lib/vtls/openssl.c``, protected +via ``#ifdef OPENSSL_IS_BORINGSSL`` and are mostly obvious API variations. + +The BoringSSL APIs however do not support the ``--ech pn:`` command line +variant as of now. + +## wolfSSL build + +wolfSSL also supports ECH and can be used by curl, so here's how: + +```bash + cd $HOME/code + git clone https://github.com/wolfSSL/wolfssl + cd wolfssl + ./autogen.sh + ./configure --prefix=$HOME/code/wolfssl/inst --enable-ech --enable-debug --enable-opensslextra + make + make install +``` + +The install prefix (``inst``) in the above causes wolfSSL to be installed there +and we seem to need that for the curl configure command to work out. The +``--enable-opensslextra`` turns out (after much faffing about;-) to be +important or else we get build problems with curl below. + +```bash + cd $HOME/code + git clone https://github.com/curl/curl + cd curl + autoreconf -fi + ./configure --with-wolfssl=$HOME/code/wolfssl/inst --enable-ech --enable-httpsrr + make +``` + +There are some known issues with the ECH implementation in wolfSSL: + +- The main issue is that the client currently handles HelloRetryRequest + incorrectly. [HRR issue](https://github.com/wolfSSL/wolfssl/issues/6802).) + The HRR issue means that the client does not work for + [this ECH test web site](https://tls-ech.dev) and any other similarly configured + sites. +- There is also an issue related to so-called middlebox compatibility mode. + [middlebox compatibility issue](https://github.com/wolfSSL/wolfssl/issues/6774) + +### Code changes to support wolfSSL + +There are what seem like oddball differences: + +- The DoH URL in``$HOME/.curlrc`` can use `1.1.1.1` for OpenSSL but has to be + `one.one.one.one` for wolfSSL. The latter works for both, so OK, we us that. +- There seems to be some difference in CA databases too - the wolfSSL version + does not like ``defo.ie``, whereas the system and OpenSSL ones do. We can + ignore that for our purposes via ``--insecure``/``-k`` but would need to fix + for a real setup. (Browsers do like those certificates though.) + +Then there are some functional code changes: + +- tweak to ``configure.ac`` to check if wolfSSL has ECH or not +- added code to ``lib/vtls/wolfssl.c`` mirroring what's done in the + OpenSSL equivalent above. +- wolfSSL does not support ``--ech false`` or the ``--ech pn:`` command line + argument. + +The lack of support for ``--ech false`` is because wolfSSL has decided to +always at least GREASE if built to support ECH. In other words, GREASE is +a compile time choice for wolfSSL, but a runtime choice for OpenSSL or +BoringSSL. (Both are reasonable.) + +## Additional notes + +### Supporting ECH without DoH + +All of the above only applies if DoH is being used. There should be a use-case +for ECH when DoH is not used by curl - if a system stub resolver supports DoT +or DoH, then, considering only ECH and the network threat model, it would make +sense for curl to support ECH without curl itself using DoH. The author for +example uses a combination of stubby+unbound as the system resolver listening +on localhost:53, so would fit this use-case. That said, it is unclear if +this is a niche that is worth trying to address. (The author is just as happy to +let curl use DoH to talk to the same public recursive that stubby might use:-) + +Assuming for the moment this is a use-case we would like to support, then if +DoH is not being used by curl, it is not clear at this time how to provide +support for ECH. One option would seem to be to extend the ``c-ares`` library +to support HTTPS RRs, but in that case it is not now clear whether such +changes would be attractive to the ``c-ares`` maintainers, nor whether the +"tag=value" extensibility inherent in the HTTPS/SVCB specification is a good +match for the ``c-ares`` approach of defining structures specific to decoded +answers for each supported RRtype. We are also not sure how many downstream +curl deployments actually make use of the ``c-ares`` library, which would +affect the utility of such changes. Another option might be to consider using +some other generic DNS library that does support HTTPS RRs, but it is unclear +if such a library could or would be used by all or almost all curl builds and +downstream releases of curl. + +Our current conclusion is that doing the above is likely best left until we +have some experience with the "using DoH" approach, so we are going to punt on +this for now. + +### Debugging + +Just a note to self as remembering this is a nuisance: + +```bash +LD_LIBRARY_PATH=$HOME/code/openssl:./lib/.libs gdb ./src/.libs/curl +``` + +### Localhost testing + +It can be useful to be able to run against a localhost OpenSSL ``s_server`` +for testing. We have published instructions for such +[localhost tests](https://github.com/defo-project/ech-dev-utils/blob/main/howtos/localhost-tests.md) +in another repository. Once you have that set up, you can start a server +and then run curl against that: + +```bash + cd $HOME/code/ech-dev-utils + ./scripts/echsvr.sh -d + ... +``` + +The ``echsvr.sh`` script supports many ECH-related options. Use ``echsvr.sh -h`` +for details. + +In another window: + +```bash + cd $HOME/code/curl/ + ./src/curl -vvv --insecure --connect-to foo.example.com:8443:localhost:8443 --ech ecl:AD7+DQA6uwAgACBix2B78sX+EQhEbxMspDOc8Z3xVS5aQpYP0Cxpc2AWPAAEAAEAAQALZXhhbXBsZS5jb20AAA== +``` + +### Automated use of ``retry_configs`` not supported so far... + +As of now we have not added support for using ``retry_config`` handling in the +application - for a command line tool, one can just use ``dig`` (or ``kdig``) +to get the HTTPS RR and pass the ECHConfigList from that on the command line, +if needed, or one can access the value from command line output in verbose more +and then re-use that in another invocation. + +Both our OpenSSL fork and BoringSSL have APIs for both controlling GREASE and +accessing and logging ``retry_configs``, it seems wolfSSL has neither. diff --git a/libs/curl/docs/EXPERIMENTAL.md b/libs/curl/docs/EXPERIMENTAL.md index ce9a1b8e..23be5a5c 100644 --- a/libs/curl/docs/EXPERIMENTAL.md +++ b/libs/curl/docs/EXPERIMENTAL.md @@ -1,3 +1,9 @@ + + # Experimental Some features and functionality in curl and libcurl are considered @@ -8,16 +14,67 @@ Experimental support in curl means: 1. Experimental features are provided to allow users to try them out and provide feedback on functionality and API etc before they ship and get "carved in stone". -2. You must enable the feature when invoking configure as otherwise curl will - not be built with the feature present. -3. We strongly advice against using this feature in production. +2. You must enable the feature when invoking configure as otherwise curl is + not built with the feature present. +3. We strongly advise against using this feature in production. 4. **We reserve the right to change behavior** of the feature without sticking to our API/ABI rules as we do for regular features, as long as it is marked experimental. 5. Experimental features are clearly marked so in documentation. Beware. +## Graduation + +1. Each experimental feature should have a set of documented requirements of + what is needed for that feature to graduate. Graduation means being removed + from the list of experiments. +2. An experiment should NOT graduate if it needs test cases to be disabled, + unless they are for minor features that are clearly documented as not + provided by the experiment and then the disabling should be managed inside + each affected test case. + ## Experimental features right now - - The Hyper HTTP backend - - HTTP/3 support and options - - CURLSSLOPT_NATIVE_CA (No configure option, feature built in when supported) +### The Hyper HTTP backend + +Graduation requirements: + +- HTTP/1 and HTTP/2 support, including multiplexing + +### HTTP/3 support (non-ngtcp2 backends) + +Graduation requirements: + +- The used libraries should be considered out-of-beta with a reasonable + expectation of a stable API going forward. + +- Using HTTP/3 with the given build should perform without risking busy-loops + +### The rustls backend + +Graduation requirements: + +- a reasonable expectation of a stable API going forward. + +### WebSocket + +Graduation requirements: + +- feedback from users saying that the API works for their specific use cases + +- unless the above happens, we consider WebSocket silently working by + September 2024 when it has been stewing as EXPERIMENTAL for two years. + +## ECH + +Use of the HTTPS resource record and Encrypted Client Hello (ECH) when using +DoH + +Graduation requirements: + +- ECH support exists in at least one widely used TLS library apart from + BoringSSL and wolfSSL. + +- feedback from users saying that ECH works for their use cases + +- it has been given time to mature, so no earlier than April 2025 (twelve + months after being added here) diff --git a/libs/curl/docs/FAQ b/libs/curl/docs/FAQ index 30c889e4..12c743bb 100644 --- a/libs/curl/docs/FAQ +++ b/libs/curl/docs/FAQ @@ -14,11 +14,11 @@ FAQ 1.5 Who makes curl? 1.6 What do you get for making curl? 1.7 What about CURL from curl.com? - 1.8 I have a problem who do I mail? + 1.8 I have a problem, who do I mail? 1.9 Where do I buy commercial support for curl? 1.10 How many are using curl? 1.11 Why do you not update ca-bundle.crt - 1.12 I have a problem who can I chat with? + 1.12 I have a problem, who can I chat with? 1.13 curl's ECCN number? 1.14 How do I submit my patch? 1.15 How do I port libcurl to my OS? @@ -26,6 +26,7 @@ FAQ 2. Install Related Problems 2.1 configure fails when using static libraries 2.2 Does curl work/build with other SSL libraries? + 2.3 How do I upgrade curl.exe in Windows? 2.4 Does curl support SOCKS (RFC 1928) ? 3. Usage Problems @@ -42,10 +43,10 @@ FAQ 3.11 How do I POST with a different Content-Type? 3.12 Why do FTP-specific features over HTTP proxy fail? 3.13 Why do my single/double quotes fail? - 3.14 Does curl support Javascript or PAC (automated proxy config)? + 3.14 Does curl support JavaScript or PAC (automated proxy config)? 3.15 Can I do recursive fetches with curl? 3.16 What certificates do I need when I use SSL? - 3.17 How do I list the root dir of an FTP server? + 3.17 How do I list the root directory of an FTP server? 3.18 Can I use curl to send a POST/PUT and not wait for a response? 3.19 How do I get HTTP from a host using a specific IP address? 3.20 How to SFTP from my user's home directory? @@ -55,8 +56,8 @@ FAQ 4. Running Problems 4.2 Why do I get problems when I use & or % in the URL? 4.3 How can I use {, }, [ or ] to specify multiple URLs? - 4.4 Why do I get downloaded data even though the web page does not exist? - 4.5 Why do I get return code XXX from a HTTP server? + 4.4 Why do I get downloaded data even though the webpage does not exist? + 4.5 Why do I get return code XXX from an HTTP server? 4.5.1 "400 Bad Request" 4.5.2 "401 Unauthorized" 4.5.3 "403 Forbidden" @@ -64,9 +65,9 @@ FAQ 4.5.5 "405 Method Not Allowed" 4.5.6 "301 Moved Permanently" 4.6 Can you tell me what error code 142 means? - 4.7 How do I keep user names and passwords secret in curl command lines? + 4.7 How do I keep usernames and passwords secret in curl command lines? 4.8 I found a bug - 4.9 curl cannot authenticate to the server that requires NTLM? + 4.9 curl cannot authenticate to a server that requires NTLM? 4.10 My HTTP request using HEAD, PUT or DELETE does not work 4.11 Why do my HTTP range requests return the full document? 4.12 Why do I get "certificate verify failed" ? @@ -88,7 +89,7 @@ FAQ 5.6 What about Keep-Alive or persistent connections? 5.7 Link errors when building libcurl on Windows 5.8 libcurl.so.X: open failed: No such file or directory - 5.9 How does libcurl resolve host names? + 5.9 How does libcurl resolve hostnames? 5.10 How do I prevent libcurl from writing the response to stdout? 5.11 How do I make libcurl not receive the whole HTTP response? 5.12 Can I make libcurl fake or hide my real IP address? @@ -136,7 +137,8 @@ FAQ A client-side URL transfer library, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, - RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. + RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS + and WSS. libcurl supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading, Kerberos, SPNEGO, HTTP form based upload, proxies, cookies, user+password @@ -144,9 +146,9 @@ FAQ libcurl is highly portable, it builds and works identically on numerous platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HP-UX, - IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac - OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF, - Android, Minix, IBM TPF and more... + IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, macOS, + Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF, Android, + Minix, IBM TPF and more... libcurl is free, thread-safe, IPv6 compatible, feature rich, well supported and fast. @@ -200,8 +202,8 @@ FAQ curl is not a program for a single operating system. curl exists, compiles, builds and runs under a wide range of operating systems, including all - modern Unixes (and a bunch of older ones too), Windows, Amiga, BeOS, OS/2, - OS X, QNX etc. + modern Unixes (and a bunch of older ones too), Windows, Amiga, OS/2, macOS, + QNX etc. 1.4 When will you make curl do XXXX ? @@ -225,7 +227,7 @@ FAQ implement it for you, that is not a friendly attitude. We spend a considerable time already on maintaining and developing curl. In order to get more out of us, you should consider trading in some of your time and - effort in return. Simply go to the GitHub repo which resides at + effort in return. Simply go to the GitHub repository which resides at https://github.com/curl/curl, fork the project, and create pull requests with your proposed changes. @@ -275,7 +277,7 @@ FAQ We recognize that we will be living in parallel with curl.com and wish them every success. - 1.8 I have a problem whom do I mail? + 1.8 I have a problem, who do I mail? Please do not mail any single individual unless you really need to. Keep curl-related questions on a suitable mailing list. All available mailing @@ -294,7 +296,7 @@ FAQ issue private while we investigate, confirm it, work and validate a fix and agree on a time schedule for publication etc. That way we produce a fix in a timely manner before the flaw is announced to the world, reducing the impact - the problem risk having on existing users. + the problem risks having on existing users. Security issues can also be taking to the curl security team by emailing security at curl.se (closed list of receivers, mails are not disclosed). @@ -327,7 +329,7 @@ FAQ In the cURL project we have decided not to attempt to keep this file updated (or even present) since deciding what to add to a ca cert bundle is an undertaking we have not been ready to accept, and the one we can get from - Mozilla is perfectly fine so there's no need to duplicate that work. + Mozilla is perfectly fine so there is no need to duplicate that work. Today, with many services performed over HTTPS, every operating system should come with a default ca cert bundle that can be deemed somewhat @@ -339,9 +341,9 @@ FAQ Firefox (by running 'make ca-bundle), or by using our online service setup for this purpose: https://curl.se/docs/caextract.html - 1.12 I have a problem who can I chat with? + 1.12 I have a problem who, can I chat with? - There's a bunch of friendly people hanging out in the #curl channel on the + There is a bunch of friendly people hanging out in the #curl channel on the IRC network libera.chat. If you are polite and nice, chances are good that you can get -- or provide -- help instantly. @@ -405,7 +407,7 @@ FAQ The reason why static libraries is much harder to deal with is that for them we do not get any help but the script itself must know or check what more libraries that are needed (with shared libraries, that dependency "chain" is - handled automatically). This is a error-prone process and one that also + handled automatically). This is an error-prone process and one that also tends to vary over time depending on the release versions of the involved components and may also differ between operating systems. @@ -421,10 +423,26 @@ FAQ backends. curl can be built to use one of the following SSL alternatives: OpenSSL, - libressl, BoringSSL, GnuTLS, wolfSSL, NSS, mbedTLS, MesaLink, Secure - Transport (native iOS/OS X), Schannel (native Windows), GSKit (native IBM - i), BearSSL, or Rustls. They all have their pros and cons, and we try to - maintain a comparison of them here: https://curl.se/docs/ssl-compared.html + LibreSSL, BoringSSL, AWS-LC, GnuTLS, wolfSSL, mbedTLS, Secure Transport + (native iOS/OS X), Schannel (native Windows), BearSSL or Rustls. They all + have their pros and cons, and we try to maintain a comparison of them here: + https://curl.se/docs/ssl-compared.html + + 2.3 How do I upgrade curl.exe in Windows? + + The curl tool that is shipped as an integrated component of Windows 10 and + Windows 11 is managed by Microsoft. If you were to delete the file or + replace it with a newer version downloaded from https://curl.se/windows, + then Windows Update will cease to work on your system. + + There is no way to independently force an upgrade of the curl.exe that is + part of Windows other than through the regular Windows update process. There + is also nothing the curl project itself can do about this, since this is + managed and controlled entirely by Microsoft as owners of the operating + system. + + You can always download and install the latest version of curl for Windows + from https://curl.se/windows into a separate location. 2.4 Does curl support SOCKS (RFC 1928) ? @@ -434,19 +452,19 @@ FAQ 3.1 curl: (1) SSL is disabled, https: not supported - If you get this output when trying to get anything from a https:// server, - it means that the instance of curl/libcurl that you are using was built - without support for this protocol. + If you get this output when trying to get anything from an HTTPS server, it + means that the instance of curl/libcurl that you are using was built without + support for this protocol. This could have happened if the configure script that was run at build time could not find all libs and include files curl requires for SSL to work. If the configure script fails to find them, curl is simply built without SSL support. - To get the https:// support into a curl that was previously built but that - reports that https:// is not supported, you should dig through the document - and logs and check out why the configure script does not find the SSL libs - and/or include files. + To get HTTPS support into a curl that was previously built but that reports + that HTTPS is not supported, you should dig through the document and logs + and check out why the configure script does not find the SSL libs and/or + include files. Also, check out the other paragraph in this FAQ labeled "configure does not find OpenSSL even when it is installed". @@ -493,10 +511,10 @@ FAQ To curl, all contents are alike. It does not matter how the page was generated. It may be ASP, PHP, Perl, shell-script, SSI or plain HTML - files. There's no difference to curl and it does not even know what kind of + files. There is no difference to curl and it does not even know what kind of language that generated the page. - See also item 3.14 regarding javascript. + See also item 3.14 regarding JavaScript. 3.7 Can I use curl to delete/rename a file through FTP? @@ -504,11 +522,11 @@ FAQ One example would be to delete a file after you have downloaded it: - curl -O ftp://download.com/coolfile -Q '-DELE coolfile' + curl -O ftp://example.com/coolfile -Q '-DELE coolfile' or rename a file after upload: - curl -T infile ftp://upload.com/dir/ -Q "-RNFR infile" -Q "-RNTO newname" + curl -T infile ftp://example.com/dir/ -Q "-RNFR infile" -Q "-RNTO newname" 3.8 How do I tell curl to follow HTTP redirects? @@ -516,7 +534,7 @@ FAQ that informs the client about this is only interpreted if you are using the -L/--location option. As in: - curl -L http://redirector.com + curl -L http://example.com Not all redirects are HTTP ones, see 4.14 @@ -564,8 +582,8 @@ FAQ 3.12 Why do FTP-specific features over HTTP proxy fail? - Because when you use a HTTP proxy, the protocol spoken on the network will - be HTTP, even if you specify a FTP URL. This effectively means that you + Because when you use an HTTP proxy, the protocol spoken on the network will + be HTTP, even if you specify an FTP URL. This effectively means that you normally cannot use FTP-specific features such as FTP upload and FTP quote etc. @@ -579,16 +597,23 @@ FAQ To specify a command line option that includes spaces, you might need to put the entire option within quotes. Like in: - curl -d " with spaces " url.com + curl -d " with spaces " example.com or perhaps - curl -d ' with spaces ' url.com + curl -d ' with spaces ' example.com Exactly what kind of quotes and how to do this is entirely up to the shell or command line interpreter that you are using. For most unix shells, you can more or less pick either single (') or double (") quotes. For - Windows/DOS prompts I believe you are forced to use double (") quotes. + Windows/DOS command prompts you must use double (") quotes, and if the + option string contains inner double quotes you can escape them with a + backslash. + + For Windows powershell the arguments are not always passed on as expected + because curl is not a powershell script. You may or may not be able to use + single quotes. To escape inner double quotes seems to require a + backslash-backtick escape sequence and the outer quotes as double quotes. Please study the documentation for your particular environment. Examples in the curl docs will use a mix of both of these as shown above. You must @@ -597,27 +622,27 @@ FAQ Remember that curl works and runs on more operating systems than most single individuals have ever tried. - 3.14 Does curl support Javascript or PAC (automated proxy config)? + 3.14 Does curl support JavaScript or PAC (automated proxy config)? - Many web pages do magic stuff using embedded Javascript. curl and libcurl + Many webpages do magic stuff using embedded JavaScript. curl and libcurl have no built-in support for that, so it will be treated just like any other contents. - .pac files are a netscape invention and are sometimes used by organizations + .pac files are a Netscape invention and are sometimes used by organizations to allow them to differentiate which proxies to use. The .pac contents is - just a Javascript program that gets invoked by the browser and that returns - the name of the proxy to connect to. Since curl does not support Javascript, + just a JavaScript program that gets invoked by the browser and that returns + the name of the proxy to connect to. Since curl does not support JavaScript, it cannot support .pac proxy configuration either. - Some workarounds usually suggested to overcome this Javascript dependency: + Some workarounds usually suggested to overcome this JavaScript dependency: - Depending on the Javascript complexity, write up a script that translates it + Depending on the JavaScript complexity, write up a script that translates it to another language and execute that. - Read the Javascript code and rewrite the same logic in another language. + Read the JavaScript code and rewrite the same logic in another language. - Implement a Javascript interpreter, people have successfully used the - Mozilla Javascript engine in the past. + Implement a JavaScript interpreter, people have successfully used the + Mozilla JavaScript engine in the past. Ask your admins to stop this, for a static proxy setup or similar. @@ -668,17 +693,17 @@ FAQ refused access. You then need to explicitly disable the verification to connect to the server. - 3.17 How do I list the root dir of an FTP server? + 3.17 How do I list the root directory of an FTP server? There are two ways. The way defined in the RFC is to use an encoded slash - in the first path part. List the "/tmp" dir like this: + in the first path part. List the "/tmp" directory like this: - curl ftp://ftp.sunet.se/%2ftmp/ + curl ftp://ftp.example.com/%2ftmp/ or the not-quite-kosher-but-more-readable way, by simply starting the path section of the URL with a slash: - curl ftp://ftp.sunet.se//tmp/ + curl ftp://ftp.example.com//tmp/ 3.18 Can I use curl to send a POST/PUT and not wait for a response? @@ -697,7 +722,7 @@ FAQ curl --header "Host: www.example.com" http://127.0.0.1/ - You can also opt to add faked host name entries to curl with the --resolve + You can also opt to add faked hostname entries to curl with the --resolve option. That has the added benefit that things like redirects will also work properly. The above operation would instead be done as: @@ -737,7 +762,7 @@ FAQ In normal circumstances, -X should hardly ever be used. By default you use curl without explicitly saying which request method to - use when the URL identifies a HTTP transfer. If you just pass in a URL like + use when the URL identifies an HTTP transfer. If you just pass in a URL like "curl http://example.com" it will use GET. If you use -d or -F curl will use POST, -I will cause a HEAD and -T will make it a PUT. @@ -746,11 +771,10 @@ FAQ [WHATEVER]. This way you can for example send a DELETE by doing "curl -X DELETE [URL]". - It is thus pointless to do "curl -XGET [URL]" as GET would be used - anyway. In the same vein it is pointless to do "curl -X POST -d data - [URL]"... But you can make a fun and somewhat rare request that sends a - request-body in a GET request with something like "curl -X GET -d data - [URL]" + It is thus pointless to do "curl -XGET [URL]" as GET would be used anyway. + In the same vein it is pointless to do "curl -X POST -d data [URL]". You can + make a fun and somewhat rare request that sends a request-body in a GET + request with something like "curl -X GET -d data [URL]" Note that -X does not actually change curl's behavior as it only modifies the actual string sent in the request, but that may of course trigger a @@ -765,7 +789,7 @@ FAQ 4.2 Why do I get problems when I use & or % in the URL? - In general unix shells, the & symbol is treated specially and when used, it + In general Unix shells, the & symbol is treated specially and when used, it runs the specified command in the background. To safely send the & as a part of a URL, you should quote the entire URL by using single (') or double (") quotes around it. Similar problems can also occur on some shells with other @@ -773,7 +797,7 @@ FAQ An example that would invoke a remote CGI that uses &-symbols could be: - curl 'http://www.altavista.com/cgi-bin/query?text=yes&q=curl' + curl 'http://www.example.com/cgi-bin/query?text=yes&q=curl' In Windows, the standard DOS shell treats the percent sign specially and you need to use TWO percent signs for each single one you want to use in the @@ -795,9 +819,9 @@ FAQ To be able to use those characters as actual parts of the URL (without using them for the curl URL "globbing" system), use the -g/--globoff option: - curl -g 'www.site.com/weirdname[].html' + curl -g 'www.example.com/weirdname[].html' - 4.4 Why do I get downloaded data even though the web page does not exist? + 4.4 Why do I get downloaded data even though the webpage does not exist? curl asks remote servers for the page you specify. If the page does not exist at the server, the HTTP protocol defines how the server should respond and @@ -807,9 +831,9 @@ FAQ By using the --fail option you can tell curl explicitly to not get any data if the HTTP return code does not say success. - 4.5 Why do I get return code XXX from a HTTP server? + 4.5 Why do I get return code XXX from an HTTP server? - RFC2616 clearly explains the return codes. This is a short transcript. Go + RFC 2616 clearly explains the return codes. This is a short transcript. Go read the RFC for exact details: 4.5.1 "400 Bad Request" @@ -829,7 +853,7 @@ FAQ 4.5.4 "404 Not Found" The server has not found anything matching the Request-URI. No indication - is given of whether the condition is temporary or permanent. + is given as to whether the condition is temporary or permanent. 4.5.5 "405 Method Not Allowed" @@ -858,7 +882,7 @@ FAQ appreciate a detailed bug report from you that describes how we could go ahead and repeat this. - 4.7 How do I keep user names and passwords secret in curl command lines? + 4.7 How do I keep usernames and passwords secret in curl command lines? This problem has two sides: @@ -892,14 +916,11 @@ FAQ If there is a bug, read the BUGS document first. Then report it as described in there. - 4.9 curl cannot authenticate to the server that requires NTLM? + 4.9 curl cannot authenticate to a server that requires NTLM? - NTLM support requires OpenSSL, GnuTLS, mbedTLS, NSS, Secure Transport, or + NTLM support requires OpenSSL, GnuTLS, mbedTLS, Secure Transport, or Microsoft Windows libraries at build-time to provide this functionality. - NTLM is a Microsoft proprietary protocol. Proprietary formats are evil. You - should not use such ones. - 4.10 My HTTP request using HEAD, PUT or DELETE does not work Many web servers allow or demand that the administrator configures the @@ -925,7 +946,7 @@ FAQ To completely disable the certificate verification, use -k. This does however enable man-in-the-middle attacks and makes the transfer INSECURE. - We strongly advice against doing this for more than experiments. + We strongly advise against doing this for more than experiments. If you get this failure with a CA cert bundle installed and used, the server's certificate might not be signed by one of the CA's in your CA @@ -959,10 +980,10 @@ FAQ curl supports HTTP redirects well (see item 3.8). Browsers generally support at least two other ways to perform redirects that curl does not: - Meta tags. You can write a HTML tag that will cause the browser to redirect + Meta tags. You can write an HTML tag that will cause the browser to redirect to another given URL after a certain time. - Javascript. You can write a Javascript program embedded in a HTML page that + JavaScript. You can write a JavaScript program embedded in an HTML page that redirects the browser to another given URL. There is no way to make curl follow these redirects. You must either @@ -978,18 +999,17 @@ FAQ the control connection and will therefore immediately connect and try to speak SSL. FTPS:// connections default to port 990. - To use explicit FTPS, you use a FTP:// URL and the --ftp-ssl option (or one + To use explicit FTPS, you use an FTP:// URL and the --ftp-ssl option (or one of its related flavors). This is the most common method, and the one - mandated by RFC4217. This kind of connection will then of course use the + mandated by RFC 4217. This kind of connection will then of course use the standard FTP port 21 by default. 4.16 My HTTP POST or PUT requests are slow - libcurl makes all POST and PUT requests (except for POST requests with a - tiny request body) use the "Expect: 100-continue" header. This header - allows the server to deny the operation early so that libcurl can bail out - before having to send any data. This is useful in authentication - cases and others. + libcurl makes all POST and PUT requests (except for requests with a small + request body) use the "Expect: 100-continue" header. This header allows the + server to deny the operation early so that libcurl can bail out before having + to send any data. This is useful in authentication cases and others. However, many servers do not implement the Expect: stuff properly and if the server does not respond (positively) within 1 second libcurl will continue @@ -1079,7 +1099,7 @@ FAQ When doing HTTP transfers, curl will perform exactly what you are asking it to do and if successful it will not return an error. You can use curl to test your web server's "file not found" page (that gets 404 back), you can - use it to check your authentication protected web pages (that gets a 401 + use it to check your authentication protected webpages (that gets a 401 back) and so on. The specific HTTP response code does not constitute a problem or error for @@ -1171,7 +1191,7 @@ FAQ 5.6 What about Keep-Alive or persistent connections? curl and libcurl have excellent support for persistent connections when - transferring several files from the same server. curl will attempt to reuse + transferring several files from the same server. curl will attempt to reuse connections for all URLs specified on the same command line/config file, and libcurl will reuse connections for all transfers that are made using the same libcurl handle. @@ -1196,7 +1216,7 @@ FAQ dynamic import symbols. If you are using Visual Studio, you need to instead add CURL_STATICLIB in the "Preprocessor Definitions" section. - If you get linker error like "unknown symbol __imp__curl_easy_init ..." you + If you get a linker error like "unknown symbol __imp__curl_easy_init ..." you have linked against the wrong (static) library. If you want to use the libcurl.dll and import lib, you do not need any extra CFLAGS, but use one of the import libraries below. These are the libraries produced by the various @@ -1204,7 +1224,7 @@ FAQ Target: static lib. import lib for libcurl*.dll. ----------------------------------------------------------- - MingW: libcurl.a libcurldll.a + MinGW: libcurl.a libcurldll.a MSVC (release): libcurl.lib libcurl_imp.lib MSVC (debug): libcurld.lib libcurld_imp.lib Borland: libcurl.lib libcurl_imp.lib @@ -1212,7 +1232,7 @@ FAQ 5.8 libcurl.so.X: open failed: No such file or directory This is an error message you might get when you try to run a program linked - with a shared version of libcurl and your run-time linker (ld.so) could not + with a shared version of libcurl and your runtime linker (ld.so) could not find the shared library named libcurl.so.X. (Where X is the number of the current libcurl ABI, typically 3 or 4). @@ -1221,24 +1241,24 @@ FAQ They are usually: * Add an option to the linker command line that specify the hard-coded path - the run-time linker should check for the lib (usually -R) + the runtime linker should check for the lib (usually -R) * Set an environment variable (LD_LIBRARY_PATH for example) where ld.so should check for libs * Adjust the system's config to check for libs in the directory where you have - put the dir (like Linux's /etc/ld.so.conf) + put the library (like Linux's /etc/ld.so.conf) 'man ld.so' and 'man ld' will tell you more details - 5.9 How does libcurl resolve host names? + 5.9 How does libcurl resolve hostnames? libcurl supports a large number of name resolve functions. One of them is picked at build-time and will be used unconditionally. Thus, if you want to change name resolver function you must rebuild libcurl and tell it to use a different function. - - The non-IPv6 resolver that can use one of four different host name resolve + - The non-IPv6 resolver that can use one of four different hostname resolve calls (depending on what your system supports): A - gethostbyname() @@ -1325,15 +1345,16 @@ FAQ to list the files. The follow-up question tends to be how is a program supposed to parse the - directory listing. How does it know what's a file and what's a dir and what's - a symlink etc. If the FTP server supports the MLSD command then it will - return data in a machine-readable format that can be parsed for type. The - types are specified by RFC3659 section 7.5.1. If MLSD is not supported then - you have to work with what you are given. The LIST output format is entirely - at the server's own liking and the NLST output does not reveal any types and - in many cases does not even include all the directory entries. Also, both LIST - and NLST tend to hide unix-style hidden files (those that start with a dot) - by default so you need to do "LIST -a" or similar to see them. + directory listing. How does it know what's a file and what's a directory and + what's a symlink etc. If the FTP server supports the MLSD command then it + will return data in a machine-readable format that can be parsed for type. + The types are specified by RFC 3659 section 7.5.1. If MLSD is not supported + then you have to work with what you are given. The LIST output format is + entirely at the server's own liking and the NLST output does not reveal any + types and in many cases does not even include all the directory entries. + Also, both LIST and NLST tend to hide unix-style hidden files (those that + start with a dot) by default so you need to do "LIST -a" or similar to see + them. Example - List only directories. ftp.funet.fi supports MLSD and ftp.kernel.org does not: @@ -1368,11 +1389,11 @@ FAQ 5.17 Can I write a server with libcurl? No. libcurl offers no functions or building blocks to build any kind of - internet protocol server. libcurl is only a client-side library. For server + Internet protocol server. libcurl is only a client-side library. For server libraries, you need to continue your search elsewhere but there exist many good open source ones out there for most protocols you could want a server for. There are also really good stand-alone servers that have been tested - and proven for many years. There's no need for you to reinvent them. + and proven for many years. There is no need for you to reinvent them. 5.18 Does libcurl use threads? @@ -1493,7 +1514,7 @@ FAQ unknown to me). After a transfer, you just set new options in the handle and make another - transfer. This will make libcurl re-use the same connection if it can. + transfer. This will make libcurl reuse the same connection if it can. 7.4 Does PHP/CURL have dependencies? @@ -1505,7 +1526,7 @@ FAQ 8.1 Why does curl use C89? - As with everything in curl, there's a history and we keep using what we have + As with everything in curl, there is a history and we keep using what we have used before until someone brings up the subject and argues for and works on changing it. @@ -1535,5 +1556,5 @@ FAQ stable, we will never risk anything by rewriting a lot of things in one go. That said, we can certainly offer more and more optional backends written in other languages, as long as those backends can be plugged in at build-time. - Back-ends can be written in any language, but should probably provide APIs + Backends can be written in any language, but should probably provide APIs usable from C to ease integration and transition. diff --git a/libs/curl/docs/FEATURES.md b/libs/curl/docs/FEATURES.md index a52d5da3..ef5fd0fc 100644 --- a/libs/curl/docs/FEATURES.md +++ b/libs/curl/docs/FEATURES.md @@ -1,3 +1,9 @@ + + # Features -- what curl can do ## curl tool @@ -6,52 +12,86 @@ - multiple URLs in a single command line - range "globbing" support: [0-13], {one,two,three} - multiple file upload on a single command line - - custom maximum transfer rate - - redirectable stderr + - redirect stderr - parallel transfers ## libcurl - - full URL syntax with no length limit + - URL RFC 3986 syntax - custom maximum download time - - custom least download speed acceptable + - custom lowest download speed acceptable - custom output result after completion - - guesses protocol from host name unless specified - - uses .netrc + - guesses protocol from hostname unless specified + - supports .netrc - progress bar with time statistics while downloading - - "standard" proxy environment variables support - - compiles on win32 (reported builds on 70+ operating systems) + - standard proxy environment variables support + - have run on 101 operating systems and 28 CPU architectures - selectable network interface for outgoing traffic - - IPv6 support on unix and Windows - - happy eyeballs dual-stack connects + - IPv6 support on Unix and Windows + - happy eyeballs dual-stack IPv4 + IPv6 connects - persistent connections - SOCKS 4 + 5 support, with or without local name resolving - - supports user name and password in proxy environment variables + - *pre-proxy* support, for *proxy chaining* + - supports username and password in proxy environment variables - operations through HTTP proxy "tunnel" (using CONNECT) - replaceable memory functions (malloc, free, realloc, etc) - - asynchronous name resolving (6) + - asynchronous name resolving - both a push and a pull style interface - - international domain names (11) + - international domain names (IDN) + - transfer late limiting + - stable API and ABI + - TCP keep alive + - TCP Fast Open + - DNS cache (that can be shared between transfers) + - non-blocking single-threaded parallel transfers + - unix domain sockets to server or proxy + - DNS-over-HTTPS + - uses non-blocking name resolves + - selectable name resolver backend + +## URL API + + - parses RFC 3986 URLs + - generates URLs from individual components + - manages "redirects" + +## Header API + + - easy access to HTTP response headers, from all contexts + - named headers + - iterate over headers + +## TLS + + - selectable TLS backend(s) + - TLS False Start + - TLS version control + - TLS session resumption + - key pinning + - mutual authentication + - Use dedicated CA cert bundle + - Use OS-provided CA store + - separate TLS options for HTTPS proxy ## HTTP - HTTP/0.9 responses are optionally accepted - HTTP/1.0 - HTTP/1.1 - - HTTP/2, including multiplexing and server push (5) + - HTTP/2, including multiplexing and server push - GET - PUT - HEAD - POST - - multipart formpost (RFC1867-style) - - authentication: Basic, Digest, NTLM (9) and Negotiate (SPNEGO) (3) + - multipart formpost (RFC 1867-style) + - authentication: Basic, Digest, NTLM (9) and Negotiate (SPNEGO) to server and proxy - - resume (both GET and PUT) + - resume transfers - follow redirects - maximum amount of redirects to follow - custom HTTP request - cookie get/send fully parsed - - reads/writes the netscape cookie file format + - reads/writes the Netscape cookie file format - custom headers (replace/remove internally generated headers) - custom user-agent string - custom referrer string @@ -59,31 +99,35 @@ - proxy authentication - time conditions - via HTTP proxy, HTTPS proxy or SOCKS proxy + - HTTP/2 or HTTP/1.1 to HTTPS proxy - retrieve file modification date - - Content-Encoding support for deflate and gzip + - Content-Encoding support for deflate, gzip, brotli and zstd - "Transfer-Encoding: chunked" support in uploads - - automatic data compression (12) + - HSTS + - alt-svc + - ETags + - HTTP/1.1 trailers, both sending and getting -## HTTPS (1) +## HTTPS - - (all the HTTP features) - - HTTP/3 experimental support + - HTTP/3 - using client certificates - verify server certificate - via HTTP proxy, HTTPS proxy or SOCKS proxy - select desired encryption - - select usage of a specific SSL version + - select usage of a specific TLS version + - ECH ## FTP - download - authentication - - Kerberos 5 (13) + - Kerberos 5 - active/passive using PORT, EPRT, PASV or EPSV - single file size information (compare to HTTP HEAD) - 'type=' URL support - - dir listing - - dir listing names-only + - directory listing + - directory listing names-only - upload - upload append - upload via http-proxy as HTTP PUT @@ -94,22 +138,26 @@ - via HTTP proxy, HTTPS proxy or SOCKS proxy - all operations can be tunneled through proxy - customizable to retrieve file modification date - - no dir depth limit + - no directory depth limit -## FTPS (1) +## FTPS - implicit `ftps://` support that use SSL on both connections - explicit "AUTH TLS" and "AUTH SSL" usage to "upgrade" plain `ftp://` connection to use SSL for both or one of the connections -## SCP (8) +## SSH (both SCP and SFTP) + - selectable SSH backend + - known hosts support + - public key fingerprinting - both password and public key auth -## SFTP (7) +## SFTP - both password and public key auth - with custom commands sent before/after the transfer + - directory listing ## TFTP @@ -122,7 +170,7 @@ - custom telnet options - stdin/stdout I/O -## LDAP (2) +## LDAP - full LDAP URL support @@ -145,8 +193,8 @@ ## SMTP - - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (9), Kerberos 5 - (4) and External. + - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM, Kerberos 5 and + External - send emails - mail from support - mail size support @@ -154,7 +202,7 @@ - multiple recipients - via http-proxy -## SMTPS (1) +## SMTPS - implicit `smtps://` support - explicit "STARTTLS" usage to "upgrade" plain `smtp://` connections to use SSL @@ -163,34 +211,34 @@ ## POP3 - authentication: Clear Text, APOP and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (9), - Kerberos 5 (4) and External. + - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM, + Kerberos 5 and External - list emails - retrieve emails - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via custom requests - via http-proxy -## POP3S (1) +## POP3S - implicit `pop3s://` support - - explicit "STLS" usage to "upgrade" plain `pop3://` connections to use SSL + - explicit `STLS` usage to "upgrade" plain `pop3://` connections to use SSL - via http-proxy ## IMAP - authentication: Clear Text and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (9), - Kerberos 5 (4) and External. + - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM, + Kerberos 5 and External - list the folders of a mailbox - - select a mailbox with support for verifying the UIDVALIDITY + - select a mailbox with support for verifying the `UIDVALIDITY` - fetch emails with support for specifying the UID and SECTION - upload emails via the append command - enhanced command support for: EXAMINE, CREATE, DELETE, RENAME, STATUS, STORE, COPY and UID via custom requests - via http-proxy -## IMAPS (1) +## IMAPS - implicit `imaps://` support - explicit "STARTTLS" usage to "upgrade" plain `imap://` connections to use SSL @@ -198,23 +246,4 @@ ## MQTT - - Subscribe to and publish topics using url scheme `mqtt://broker/topic` - -## Footnotes - - 1. requires a TLS library - 2. requires OpenLDAP or WinLDAP - 3. requires a GSS-API implementation (such as Heimdal or MIT Kerberos) or - SSPI (native Windows) - 4. requires a GSS-API implementation, however, only Windows SSPI is - currently supported - 5. requires nghttp2 - 6. requires c-ares - 7. requires libssh2, libssh or wolfSSH - 8. requires libssh2 or libssh - 9. requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI - (native Windows) - 10. - - 11. requires libidn2 or Windows - 12. requires libz, brotli and/or zstd - 13. requires a GSS-API implementation (such as Heimdal or MIT Kerberos) + - Subscribe to and publish topics using URL scheme `mqtt://broker/topic` diff --git a/libs/curl/docs/GOVERNANCE.md b/libs/curl/docs/GOVERNANCE.md index 08fe2a48..4ab52a9a 100644 --- a/libs/curl/docs/GOVERNANCE.md +++ b/libs/curl/docs/GOVERNANCE.md @@ -1,3 +1,9 @@ + + # Decision making in the curl project A rough guide to how we make decisions and who does what. @@ -8,11 +14,10 @@ This project was started by and has to some extent been pushed forward over the years with Daniel Stenberg as the driving force. It matches a standard BDFL (Benevolent Dictator For Life) style project. -This setup has been used due to convenience and the fact that is has worked +This setup has been used due to convenience and the fact that it has worked fine this far. It is not because someone thinks of it as a superior project -leadership model. It will also only continue working as long as Daniel manages -to listen in to what the project and the general user population wants and -expects from us. +leadership model. It also only works as long as Daniel manages to listen in to +what the project and the general user population wants and expects from us. ## Legal entity @@ -29,13 +34,13 @@ that wrote those parts of the code. The curl project is not a democracy, but everyone is entitled to state their opinion and may argue for their sake within the community. -All and any changes that have been done or will be done are eligible to bring -up for discussion, to object to or to praise. Ideally, we find consensus for -the appropriate way forward in any given situation or challenge. +All and any changes that have been done or are done are eligible to bring up +for discussion, to object to or to praise. Ideally, we find consensus for the +appropriate way forward in any given situation or challenge. If there is no obvious consensus, a maintainer who's knowledgeable in the -specific area will take an "executive" decision that they think is the right -for the project. +specific area takes an "executive" decision that they think is the right for +the project. ## Donations @@ -45,7 +50,7 @@ non-profit organization that holds on to funds for us. This fund is then used for paying the curl security bug bounties, to reimburse project related expenses etc. -Donations to the project can also come in form of server hosting, providing +Donations to the project can also come in the form of server hosting, providing services and paying for people to work on curl related code etc. Usually, such donations are services paid for directly by the sponsors. @@ -81,17 +86,17 @@ curl source code repository. Committers are recorded as `Author` in git. A maintainer in the curl project is an individual who has been given permissions to push commits to one of the git repositories. -Maintainers are free to push commits to the repositories at their own will. +Maintainers are free to push commits to the repositories at they see fit. Maintainers are however expected to listen to feedback from users and any change that is non-trivial in size or nature *should* be brought to the project as a Pull-Request (PR) to allow others to comment/object before merge. ## Former maintainers -A maintainer who stops being active in the project will at some point get -their push permissions removed. We do this for security reasons but also to -make sure that we always have the list of maintainers as "the team that push -stuff to curl". +A maintainer who stops being active in the project gets their push permissions +removed at some point. We do this for security reasons but also to make sure +that we always have the list of maintainers as "the team that push stuff to +curl". Getting push permissions removed is not a punishment. Everyone who ever worked on maintaining curl is considered a hero, for all time hereafter. @@ -100,7 +105,7 @@ on maintaining curl is considered a hero, for all time hereafter. We have a security team. That is the team of people who are subscribed to the curl-security mailing list; the receivers of security reports from users and -developers. This list of people will vary over time but should be skilled +developers. This list of people varies over time but they are all skilled developers familiar with the curl project. The security team works best when it consists of a small set of active @@ -108,6 +113,22 @@ persons. We invite new members when the team seems to need it, and we also expect to retire security team members as they "drift off" from the project or just find themselves unable to perform their duties there. +## Core team + +There is a curl core team. It currently has the same set of members as the +security team. It can also be reached on the security email address. + +The core team nominates and invites new members to the team when it sees fit. +There is no open member voting or formal ways to be a candidate. Active +participants in the curl project who want to join the core team can ask to +join. + +The core team is a board of advisors. It deals with project management +subjects that need confidentiality or for other reasons cannot be dealt with +and discussed in the open (for example reports of code of conduct violations). +Project matters should always as far as possible be discussed on open mailing +lists. + ## Server admins We run a web server, a mailing list and more on the curl project's primary @@ -116,7 +137,7 @@ admin of all things curl related server stuff, but Björn Stenberg and Linus Feltzing serve as backup admins for when Daniel is gone or unable. The primary server is paid for by Haxx. The machine is physically located in a -server bunker in Stockholm Sweden, operated by the company Portlane. +server bunker in Stockholm Sweden, operated by the company Glesys. The website contents are served to the web via Fastly and Daniel is the primary curl contact with Fastly. @@ -152,13 +173,13 @@ within the area of personal expertise and experience. ### Merge advice -When you are merging patches/PRs... +When you are merging patches/pull requests... - make sure the commit messages follow our template - squash patch sets into a few logical commits even if the PR did not, if necessary - avoid the "merge" button on GitHub, do it "manually" instead to get full - control and full audit trail (github leaves out you as "Committer:") + control and full audit trail (GitHub leaves out you as "Committer:") - remember to credit the reporter and the helpers. ## Who are maintainers? @@ -172,11 +193,10 @@ different individuals and over time. If you think you can help making the project better by shouldering some maintaining responsibilities, then please get in touch. -You will be expected to be familiar with the curl project and its ways of -working. You need to have gotten a few quality patches merged as a proof of -this. +You are expected to be familiar with the curl project and its ways of working. +You need to have gotten a few quality patches merged as a proof of this. ### Stop being a maintainer If you (appear to) not be active in the project anymore, you may be removed as -a maintainer. Thank you for your service! +a maintainer. Thank you for your service. diff --git a/libs/curl/docs/HELP-US.md b/libs/curl/docs/HELP-US.md index 439f7276..0619aec5 100644 --- a/libs/curl/docs/HELP-US.md +++ b/libs/curl/docs/HELP-US.md @@ -1,12 +1,20 @@ + + # How to get started helping out in the curl project We are always in need of more help. If you are new to the project and are looking for ways to contribute and help out, this document aims to give a few good starting points. -A good idea is to start by subscribing to the [curl-library mailing +You may subscribe to the [curl-library mailing list](https://lists.haxx.se/listinfo/curl-library) to keep track of the -current discussion topics. +current discussion topics; or if you are registered on GitHub, you can use the +[Discussions section](https://github.com/curl/curl/discussions) on the main +curl repository. ## Scratch your own itch @@ -36,10 +44,10 @@ even maybe not a terribly experienced developer, here's our advice: In the issue tracker we occasionally mark bugs with [help wanted](https://github.com/curl/curl/labels/help%20wanted), as a sign that the -bug is acknowledged to exist and that there's nobody known to work on this +bug is acknowledged to exist and that there is nobody known to work on this issue for the moment. Those are bugs that are fine to "grab" and provide a -pull request for. The complexity level of these will of course vary, so pick -one that piques your interest. +pull request for. The complexity level of these of course varies, so pick one +that piques your interest. ## Work on known bugs @@ -75,13 +83,12 @@ brainstorming on specific ways to do the implementation etc. You can also come up with a completely new thing you think we should do. Or not do. Or fix. Or add to the project. You then either bring it to the mailing -list first to see if people will shoot down the idea at once, or you bring a -first draft of the idea as a pull request and take the discussion there around -the specific implementation. Either way is fine. +list first to see if people shoot down the idea at once, or you bring a first +draft of the idea as a pull request and take the discussion there around the +specific implementation. Either way is fine. ## CONTRIBUTE -We offer [guidelines](https://curl.se/dev/contribute.html) that are -suitable to be familiar with before you decide to contribute to curl. If -you are used to open source development, you will probably not find many -surprises in there. +We offer [guidelines](https://curl.se/dev/contribute.html) that are suitable +to be familiar with before you decide to contribute to curl. If you are used +to open source development, you probably do not find many surprises there. diff --git a/libs/curl/docs/HISTORY.md b/libs/curl/docs/HISTORY.md index 2beaa257..96cf049d 100644 --- a/libs/curl/docs/HISTORY.md +++ b/libs/curl/docs/HISTORY.md @@ -1,3 +1,9 @@ + + How curl Became Like This ========================= @@ -24,7 +30,7 @@ new maintainer of the project. HttpGet 0.3 was released in January 1997 and now it accepted HTTP URLs on the command line. -HttpGet 1.0 was released on April 8th 1997 with brand new HTTP proxy support. +HttpGet 1.0 was released on April 8 1997 with brand new HTTP proxy support. We soon found and fixed support for getting currencies over GOPHER. Once FTP download support was added, the name of the project was changed and urlget 2.0 @@ -130,7 +136,7 @@ August: The curl website gets 8000 visits weekly. Curl Corporation contacted Daniel to discuss "the name issue". After Daniel's reply, they have never since got back in touch again. -September: libcurl 7.9 introduces cookie jar and curl_formadd(). During the +September: libcurl 7.9 introduces cookie jar and `curl_formadd()`. During the forthcoming 7.9.x releases, we introduced the multi interface slowly and without many whistles. @@ -145,7 +151,7 @@ June: the curl website gets 13000 visits weekly. curl and libcurl is 35000 lines of code. Reported successful compiles on more than 40 combinations of CPUs and operating systems. -To estimate number of users of the curl tool or libcurl library is next to +To estimate the number of users of the curl tool or libcurl library is next to impossible. Around 5000 downloaded packages each week from the main site gives a hint, but the packages are mirrored extensively, bundled with numerous OS distributions and otherwise retrieved as part of other software. @@ -161,7 +167,7 @@ Starting with 7.10, curl verifies SSL server certificates by default. January: Started working on the distributed curl tests. The autobuilds. February: the curl site averages at 20000 visits weekly. At any given moment, -there's an average of 3 people browsing the website. +there is an average of 3 people browsing the website. Multiple new authentication schemes are supported: Digest (May), NTLM (June) and Negotiate (June). @@ -179,16 +185,16 @@ January: curl 7.11.0 introduced large file support. June: curl 7.12.0 introduced IDN support. 10 official web mirrors. This release bumped the major SONAME to 3 due to the removal of the -curl_formparse() function +`curl_formparse()` function August: Curl and libcurl 7.12.1 Public curl release number: 82 - Releases counted from the very beginning: 109 + Releases counted from the beginning: 109 Available command line options: 96 Available curl_easy_setopt() options: 120 Number of public functions in libcurl: 36 - Amount of public website mirrors: 12 + Amount of public website mirrors: 12 Number of known libcurl bindings: 26 2005 @@ -280,7 +286,7 @@ August: February: added support for the axTLS backend -April: added the cyassl backend (later renamed to WolfSSL) +April: added the cyassl backend (later renamed to wolfSSL) 2012 ---- @@ -288,7 +294,7 @@ April: added the cyassl backend (later renamed to WolfSSL) July: Added support for Schannel (native Windows TLS backend) and Darwin SSL (Native Mac OS X and iOS TLS backend). - Supports metalink + Supports Metalink October: SSH-agent support. @@ -327,7 +333,7 @@ April: added the cyassl backend (later renamed to WolfSSL) January: the curl tool defaults to HTTP/2 for HTTPS URLs - December: curl 7.52.0 introduced support for HTTPS-proxy! + December: curl 7.52.0 introduced support for HTTPS-proxy First TLS 1.3 support @@ -406,9 +412,32 @@ April: added the cyassl backend (later renamed to WolfSSL) November: the website moves to curl.se. The website serves 10TB data monthly. + December: alt-svc support + 2021 ---- - February 3: curl 7.75.0 ships with support for Hyper is a HTTP backend + February 3: curl 7.75.0 ships with support for Hyper as an HTTP backend March 31: curl 7.76.0 ships with support for rustls + + July: HSTS is supported + +2022 +---- + + March: added --json, removed mesalink support + + Public curl releases: 206 + Command line options: 245 + curl_easy_setopt() options: 295 + Public functions in libcurl: 86 + Contributors: 2601 + + The curl.se website serves 16,500 GB/month over 462M requests, the + official docker image has been pulled 4,098,015,431 times. + +2023 +---- + +August: Dropped support for the NSS library diff --git a/libs/curl/docs/HSTS.md b/libs/curl/docs/HSTS.md index f63cfe32..85140ab3 100644 --- a/libs/curl/docs/HSTS.md +++ b/libs/curl/docs/HSTS.md @@ -1,3 +1,9 @@ + + # HSTS support HTTP Strict-Transport-Security. Added as experimental in curl @@ -5,24 +11,24 @@ HTTP Strict-Transport-Security. Added as experimental in curl ## Standard -[HTTP Strict Transport Security](https://tools.ietf.org/html/rfc6797) +[HTTP Strict Transport Security](https://datatracker.ietf.org/doc/html/rfc6797) ## Behavior libcurl features an in-memory cache for HSTS hosts, so that subsequent -HTTP-only requests to a host name present in the cache will get internally +HTTP-only requests to a hostname present in the cache gets internally "redirected" to the HTTPS version. ## `curl_easy_setopt()` options: - `CURLOPT_HSTS_CTRL` - enable HSTS for this easy handle - - `CURLOPT_HSTS` - specify file name where to store the HSTS cache on close + - `CURLOPT_HSTS` - specify filename where to store the HSTS cache on close (and possibly read from at startup) -## curl cmdline options +## curl command line options - `--hsts [filename]` - enable HSTS, use the file as HSTS cache. If filename - is `""` (no length) then no file will be used, only in-memory cache. + is `""` (no length) then no file is used, only in-memory cache. ## HSTS cache file format @@ -32,13 +38,11 @@ For each hsts entry: [host name] "YYYYMMDD HH:MM:SS" -The `[host name]` is dot-prefixed if it is a includeSubDomain. +The `[host name]` is dot-prefixed if it includes subdomains. The time stamp is when the entry expires. -I considered using wget's file format for the HSTS cache. However, they store the time stamp as the epoch (number of seconds since 1970) and I strongly disagree with using that format. Instead I opted to use a format similar to the curl alt-svc cache file format. - ## Possible future additions - - `CURLOPT_HSTS_PRELOAD` - provide a set of preloaded HSTS host names + - `CURLOPT_HSTS_PRELOAD` - provide a set of HSTS hostnames to load first - ability to save to something else than a file diff --git a/libs/curl/docs/HTTP-COOKIES.md b/libs/curl/docs/HTTP-COOKIES.md index c7c116b1..38432d27 100644 --- a/libs/curl/docs/HTTP-COOKIES.md +++ b/libs/curl/docs/HTTP-COOKIES.md @@ -1,15 +1,21 @@ + + # HTTP Cookies ## Cookie overview - Cookies are `name=contents` pairs that a HTTP server tells the client to + Cookies are `name=contents` pairs that an HTTP server tells the client to hold and then the client sends back those to the server on subsequent requests to the same domains and paths for which the cookies were set. Cookies are either "session cookies" which typically are forgotten when the session is over which is often translated to equal when browser quits, or the cookies are not session cookies they have expiration dates after which - the client will throw them away. + the client throws them away. Cookies are set to the client with the Set-Cookie: header and are sent to servers with the Cookie: header. @@ -17,18 +23,42 @@ For a long time, the only spec explaining how to use cookies was the original [Netscape spec from 1994](https://curl.se/rfc/cookie_spec.html). - In 2011, [RFC6265](https://www.ietf.org/rfc/rfc6265.txt) was finally + In 2011, [RFC 6265](https://www.ietf.org/rfc/rfc6265.txt) was finally published and details how cookies work within HTTP. In 2016, an update which added support for prefixes was - [proposed](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-prefixes-00), + [proposed](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-prefixes-00), and in 2017, another update was - [drafted](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01) + [drafted](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-alone-01) to deprecate modification of 'secure' cookies from non-secure origins. Both of these drafts have been incorporated into a proposal to - [replace](https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02) - RFC6265. Cookie prefixes and secure cookie modification protection has been + [replace](https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-11) + RFC 6265. Cookie prefixes and secure cookie modification protection has been implemented by curl. + curl considers `http://localhost` to be a *secure context*, meaning that it + allows and uses cookies marked with the `secure` keyword even when done over + plain HTTP for this host. curl does this to match how popular browsers work + with secure cookies. + +## Super cookies + + A single cookie can be set for a domain that matches multiple hosts. Like if + set for `example.com` it gets sent to both `aa.example.com` as well as + `bb.example.com`. + + A challenge with this concept is that there are certain domains for which + cookies should not be allowed at all, because they are *Public + Suffixes*. Similarly, a client never accepts cookies set directly for the + top-level domain like for example `.com`. Cookies set for *too broad* + domains are generally referred to as *super cookies*. + + If curl is built with PSL (**Public Suffix List**) support, it detects and + discards cookies that are specified for such suffix domains that should not + be allowed to have cookies. + + if curl is *not* built with PSL support, it has no ability to stop super + cookies. + ## Cookies saved to disk Netscape once created a file format for storing cookies on disk so that they @@ -36,17 +66,19 @@ sharing the cookies with browsers, only to see browsers move away from that format. Modern browsers no longer use it, while curl still does. - The netscape cookie file format stores one cookie per physical line in the + The Netscape cookie file format stores one cookie per physical line in the file with a bunch of associated meta data, each field separated with - TAB. That file is called the cookiejar in curl terminology. + TAB. That file is called the cookie jar in curl terminology. - When libcurl saves a cookiejar, it creates a file header of its own in which - there is a URL mention that will link to the web version of this document. + When libcurl saves a cookie jar, it creates a file header of its own in + which there is a URL mention that links to the web version of this document. ## Cookie file format The cookie file format is text based and stores one cookie per line. Lines - that start with `#` are treated as comments. + that start with `#` are treated as comments. An exception is lines that + start with `#HttpOnly_`, which is a prefix for cookies that have the + `HttpOnly` attribute set. Each line that specifies a single cookie consists of seven text fields separated with TAB characters. A valid line must end with a newline @@ -74,13 +106,13 @@ `-b, --cookie` tell curl a file to read cookies from and start the cookie engine, or if it - is not a file it will pass on the given string. -b name=var works and so does - -b cookiefile. + is not a file it passes on the given string. `-b name=var` works and so does + `-b cookiefile`. `-j, --junk-session-cookies` - when used in combination with -b, it will skip all "session cookies" on load - so as to appear to start a new cookie session. + when used in combination with -b, it skips all "session cookies" on load so + as to appear to start a new cookie session. `-c, --cookie-jar` @@ -106,28 +138,33 @@ `CURLOPT_COOKIEJAR` Tell libcurl to activate the cookie engine, and when the easy handle is - closed save all known cookies to the given cookiejar file. Write-only. + closed save all known cookies to the given cookie jar file. Write-only. `CURLOPT_COOKIELIST` Provide detailed information about a single cookie to add to the internal - storage of cookies. Pass in the cookie as a HTTP header with all the details - set, or pass in a line from a netscape cookie file. This option can also be - used to flush the cookies etc. + storage of cookies. Pass in the cookie as an HTTP header with all the + details set, or pass in a line from a Netscape cookie file. This option can + also be used to flush the cookies etc. + + `CURLOPT_COOKIESESSION` + + Tell libcurl to ignore all cookies it is about to load that are session + cookies. `CURLINFO_COOKIELIST` Extract cookie information from the internal cookie storage as a linked list. -## Cookies with javascript +## Cookies with JavaScript - These days a lot of the web is built up by javascript. The webbrowser loads - complete programs that render the page you see. These javascript programs + These days a lot of the web is built up by JavaScript. The web browser loads + complete programs that render the page you see. These JavaScript programs can also set and access cookies. Since curl and libcurl are plain HTTP clients without any knowledge of or - capability to handle javascript, such cookies will not be detected or used. + capability to handle JavaScript, such cookies are not detected or used. Often, if you want to mimic what a browser does on such websites, you can record web browser HTTP traffic when using such a site and then repeat the diff --git a/libs/curl/docs/HTTP2.md b/libs/curl/docs/HTTP2.md index 27af3129..55d3db58 100644 --- a/libs/curl/docs/HTTP2.md +++ b/libs/curl/docs/HTTP2.md @@ -1,3 +1,9 @@ + + HTTP/2 with curl ================ @@ -7,7 +13,7 @@ HTTP/2 with curl Build prerequisites ------------------- - nghttp2 - - OpenSSL, libressl, BoringSSL, NSS, GnuTLS, mbedTLS, wolfSSL or Schannel + - OpenSSL, LibreSSL, BoringSSL, GnuTLS, mbedTLS, wolfSSL or Schannel with a new enough version. [nghttp2](https://nghttp2.org/) @@ -23,47 +29,28 @@ We require at least version 1.12.0. Over an http:// URL ------------------- -If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will -include an upgrade header in the initial request to the host to allow -upgrading to HTTP/2. +If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl includes +an upgrade header in the initial request to the host to allow upgrading to +HTTP/2. -Possibly we can later introduce an option that will cause libcurl to fail if +Possibly we can later introduce an option that causes libcurl to fail if it is not possible to upgrade. Possibly we introduce an option that makes libcurl use HTTP/2 at once over http:// Over an https:// URL -------------------- -If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use -ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce -an option that will cause libcurl to fail if not possible to use HTTP/2. +If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl uses ALPN +to negotiate which protocol to continue with. Possibly introduce an option +that causes libcurl to fail if not possible to use HTTP/2. `CURL_HTTP_VERSION_2TLS` was added in 7.47.0 as a way to ask libcurl to prefer HTTP/2 for HTTPS but stick to 1.1 by default for plain old HTTP connections. -ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is -for a similar purpose, was made prior to ALPN and is used for SPDY so early -HTTP/2 servers are implemented using NPN before ALPN support is widespread. - -`CURLOPT_SSL_ENABLE_ALPN` and `CURLOPT_SSL_ENABLE_NPN` are offered to allow -applications to explicitly disable ALPN or NPN. - -SSL libs --------- - -The challenge is the ALPN and NPN support and all our different SSL -backends. You may need a fairly updated SSL library version for it to provide -the necessary TLS features. Right now we support: +ALPN is the TLS extension that HTTP/2 is expected to use. - - OpenSSL: ALPN and NPN - - libressl: ALPN and NPN - - BoringSSL: ALPN and NPN - - NSS: ALPN and NPN - - GnuTLS: ALPN - - mbedTLS: ALPN - - Schannel: ALPN - - wolfSSL: ALPN - - Secure Transport: ALPN +`CURLOPT_SSL_ENABLE_ALPN` is offered to allow applications to explicitly +disable ALPN. Multiplexing ------------ @@ -73,17 +60,17 @@ term for doing multiple independent transfers over the same physical TCP connection. To take advantage of multiplexing, you need to use the multi interface and set -`CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will -attempt to re-use existing HTTP/2 connections and just add a new stream over +`CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl +attempts to reuse existing HTTP/2 connections and just add a new stream over that when doing subsequent parallel requests. -While libcurl sets up a connection to a HTTP server there is a period during -which it does not know if it can pipeline or do multiplexing and if you add new -transfers in that period, libcurl will default to start new connections for +While libcurl sets up a connection to an HTTP server there is a period during +which it does not know if it can pipeline or do multiplexing and if you add +new transfers in that period, libcurl defaults to starting new connections for those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you -can ask that a transfer should rather wait and see in case there's a +can ask that a transfer should rather wait and see in case there is a connection for the same host in progress that might end up being possible to -multiplex on. It favours keeping the number of connections low to the cost of +multiplex on. It favors keeping the number of connections low to the cost of slightly longer time to first byte transferred. Applications @@ -118,4 +105,4 @@ can use that hint to create a new connection asynchronously. For libcurl, we may introduce a way to bring such clues to the application and/or let a subsequent request use the alternate route automatically. -[Detailed in RFC 7838](https://tools.ietf.org/html/rfc7838) +[Detailed in RFC 7838](https://datatracker.ietf.org/doc/html/rfc7838) diff --git a/libs/curl/docs/HTTP3.md b/libs/curl/docs/HTTP3.md index 3c713b04..c1c6bf24 100644 --- a/libs/curl/docs/HTTP3.md +++ b/libs/curl/docs/HTTP3.md @@ -1,3 +1,9 @@ + + # HTTP3 (and QUIC) ## Resources @@ -5,35 +11,49 @@ [HTTP/3 Explained](https://http3-explained.haxx.se/en/) - the online free book describing the protocols involved. -[QUIC implementation](https://github.com/curl/curl/wiki/QUIC-implementation) - -the wiki page describing the plan for how to support QUIC and HTTP/3 in curl -and libcurl. - [quicwg.org](https://quicwg.org/) - home of the official protocol drafts ## QUIC libraries -QUIC libraries we are experimenting with: +QUIC libraries we are using: [ngtcp2](https://github.com/ngtcp2/ngtcp2) -[quiche](https://github.com/cloudflare/quiche) +[quiche](https://github.com/cloudflare/quiche) - **EXPERIMENTAL** + +[OpenSSL 3.2+ QUIC](https://github.com/openssl/openssl) - **EXPERIMENTAL** + +[msh3](https://github.com/nibanks/msh3) (with [msquic](https://github.com/microsoft/msquic)) - **EXPERIMENTAL** ## Experimental -HTTP/3 and QUIC support in curl is considered **EXPERIMENTAL** until further -notice. It needs to be enabled at build-time. +HTTP/3 support in curl is considered **EXPERIMENTAL** until further notice +when built to use *quiche* or *msh3*. Only the *ngtcp2* backend is not +experimental. + +Further development and tweaking of the HTTP/3 support in curl happens in the +master branch using pull-requests, just like ordinary changes. -Further development and tweaking of the HTTP/3 support in curl will happen in -in the master branch using pull-requests, just like ordinary changes. +To fix before we remove the experimental label: + + - the used QUIC library needs to consider itself non-beta + - it is fine to "leave" individual backends as experimental if necessary # ngtcp2 version -## Build with OpenSSL +Building curl with ngtcp2 involves 3 components: `ngtcp2` itself, `nghttp3` and a QUIC supporting TLS library. The supported TLS libraries are covered below. + + * `ngtcp2`: v1.2.0 + * `nghttp3`: v1.1.0 -Build (patched) OpenSSL +## Build with quictls - % git clone --depth 1 -b openssl-3.0.0+quic https://github.com/quictls/openssl +OpenSSL does not offer the required APIs for building a QUIC client. You need +to use a TLS library that has such APIs and that works with *ngtcp2*. + +Build quictls + + % git clone --depth 1 -b openssl-3.1.4+quic https://github.com/quictls/openssl % cd openssl % ./config enable-tls1_3 --prefix= % make @@ -42,8 +62,9 @@ Build (patched) OpenSSL Build nghttp3 % cd .. - % git clone https://github.com/ngtcp2/nghttp3 + % git clone -b v1.1.0 https://github.com/ngtcp2/nghttp3 % cd nghttp3 + % git submodule update --init % autoreconf -fi % ./configure --prefix= --enable-lib-only % make @@ -52,7 +73,7 @@ Build nghttp3 Build ngtcp2 % cd .. - % git clone https://github.com/ngtcp2/ngtcp2 + % git clone -b v1.2.0 https://github.com/ngtcp2/ngtcp2 % cd ngtcp2 % autoreconf -fi % ./configure PKG_CONFIG_PATH=/lib/pkgconfig:/lib/pkgconfig LDFLAGS="-Wl,-rpath,/lib" --prefix= --enable-lib-only @@ -85,8 +106,9 @@ Build GnuTLS Build nghttp3 % cd .. - % git clone https://github.com/ngtcp2/nghttp3 + % git clone -b v1.1.0 https://github.com/ngtcp2/nghttp3 % cd nghttp3 + % git submodule update --init % autoreconf -fi % ./configure --prefix= --enable-lib-only % make @@ -95,7 +117,7 @@ Build nghttp3 Build ngtcp2 % cd .. - % git clone https://github.com/ngtcp2/ngtcp2 + % git clone -b v1.2.0 https://github.com/ngtcp2/ngtcp2 % cd ngtcp2 % autoreconf -fi % ./configure PKG_CONFIG_PATH=/lib/pkgconfig:/lib/pkgconfig LDFLAGS="-Wl,-rpath,/lib" --prefix= --enable-lib-only --with-gnutls @@ -108,19 +130,66 @@ Build curl % git clone https://github.com/curl/curl % cd curl % autoreconf -fi - % ./configure --without-openssl --with-gnutls= --with-nghttp3= --with-ngtcp2= + % ./configure --with-gnutls= --with-nghttp3= --with-ngtcp2= + % make + % make install + +## Build with wolfSSL + +Build wolfSSL + + % git clone https://github.com/wolfSSL/wolfssl.git + % cd wolfssl + % autoreconf -fi + % ./configure --prefix= --enable-quic --enable-session-ticket --enable-earlydata --enable-psk --enable-harden --enable-altcertchains + % make + % make install + +Build nghttp3 + + % cd .. + % git clone -b v1.1.0 https://github.com/ngtcp2/nghttp3 + % cd nghttp3 + % git submodule update --init + % autoreconf -fi + % ./configure --prefix= --enable-lib-only + % make + % make install + +Build ngtcp2 + + % cd .. + % git clone -b v1.2.0 https://github.com/ngtcp2/ngtcp2 + % cd ngtcp2 + % autoreconf -fi + % ./configure PKG_CONFIG_PATH=/lib/pkgconfig:/lib/pkgconfig LDFLAGS="-Wl,-rpath,/lib" --prefix= --enable-lib-only --with-wolfssl + % make + % make install + +Build curl + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % autoreconf -fi + % ./configure --with-wolfssl= --with-nghttp3= --with-ngtcp2= % make % make install # quiche version -## build +quiche support is **EXPERIMENTAL** + +Since the quiche build manages its dependencies, curl can be built against the latest version. You are *probably* able to build against their main branch, but in case of problems, we recommend their latest release tag. + +## Build Build quiche and BoringSSL: - % git clone --recursive https://github.com/cloudflare/quiche + % git clone --recursive -b 0.22.0 https://github.com/cloudflare/quiche % cd quiche % cargo build --package quiche --release --features ffi,pkg-config-meta,qlog + % ln -s libquiche.so target/release/libquiche.so.0 % mkdir quiche/deps/boringssl/src/lib % ln -vnf $(find target/release -name libcrypto.a -o -name libssl.a) quiche/deps/boringssl/src/lib/ @@ -134,20 +203,170 @@ Build curl: % make % make install - If `make install` results in `Permission denied` error, you will need to prepend it with `sudo`. + If `make install` results in `Permission denied` error, you need to prepend + it with `sudo`. + +# OpenSSL version + +QUIC support is **EXPERIMENTAL** + +Build OpenSSL 3.3.1 + + % cd .. + % git clone -b openssl-3.3.1 https://github.com/openssl/openssl + % cd openssl + % ./config enable-tls1_3 --prefix= --libdir=lib + % make + % make install + +Build nghttp3 + + % cd .. + % git clone -b v1.1.0 https://github.com/ngtcp2/nghttp3 + % cd nghttp3 + % git submodule update --init + % autoreconf -fi + % ./configure --prefix= --enable-lib-only + % make + % make install + +Build curl: + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % autoreconf -fi + % LDFLAGS="-Wl,-rpath,/lib" ./configure --with-openssl= --with-openssl-quic --with-nghttp3= + % make + % make install + +You can build curl with cmake: + + % cd .. + % git clone https://github.com/curl/curl + % cd curl + % cmake . -B build -DCURL_USE_OPENSSL=ON -DUSE_OPENSSL_QUIC=ON + % cmake --build build + % cmake --install build + + If `make install` results in `Permission denied` error, you need to prepend + it with `sudo`. + +# msh3 (msquic) version + +**Note**: The msquic HTTP/3 backend is immature and is not properly functional +one as of September 2023. Feel free to help us test it and improve it, but +there is no point in filing bugs about it just yet. + +msh3 support is **EXPERIMENTAL** + +## Build Linux (with quictls fork of OpenSSL) + +Build msh3: + + % git clone -b v0.6.0 --depth 1 --recursive https://github.com/nibanks/msh3 + % cd msh3 && mkdir build && cd build + % cmake -G 'Unix Makefiles' -DCMAKE_BUILD_TYPE=RelWithDebInfo .. + % cmake --build . + % cmake --install . + +Build curl: + + % git clone https://github.com/curl/curl + % cd curl + % autoreconf -fi + % ./configure LDFLAGS="-Wl,-rpath,/usr/local/lib" --with-msh3=/usr/local --with-openssl + % make + % make install + +Run from `/usr/local/bin/curl`. + +## Build Windows + +Build msh3: + + % git clone -b v0.6.0 --depth 1 --recursive https://github.com/nibanks/msh3 + % cd msh3 && mkdir build && cd build + % cmake -G 'Visual Studio 17 2022' -DCMAKE_BUILD_TYPE=RelWithDebInfo .. + % cmake --build . --config Release + % cmake --install . --config Release + +**Note** - On Windows, Schannel is used for TLS support by default. If you +with to use (the quictls fork of) OpenSSL, specify the `-DQUIC_TLS=openssl` +option to the generate command above. Also note that OpenSSL brings with it an +additional set of build dependencies not specified here. + +Build curl (in [Visual Studio Command +prompt](../winbuild/README.md#open-a-command-prompt)): + + % git clone https://github.com/curl/curl + % cd curl/winbuild + % nmake /f Makefile.vc mode=dll WITH_MSH3=dll MSH3_PATH="C:/Program Files/msh3" MACHINE=x64 + +**Note** - If you encounter a build error with `tool_hugehelp.c` being +missing, rename `tool_hugehelp.c.cvs` in the same directory to +`tool_hugehelp.c` and then run `nmake` again. + +Run in the `C:/Program Files/msh3/lib` directory, copy `curl.exe` to that +directory, or copy `msquic.dll` and `msh3.dll` from that directory to the +`curl.exe` directory. For example: + + % C:\Program Files\msh3\lib> F:\curl\builds\libcurl-vc-x64-release-dll-ipv6-sspi-schannel-msh3\bin\curl.exe --http3 https://curl.se/ # `--http3` -Use HTTP/3 directly: +Use only HTTP/3: - curl --http3 https://nghttp2.org:4433/ + curl --http3-only https://example.org:4433/ + +Use HTTP/3 with fallback to HTTP/2 or HTTP/1.1 (see "HTTPS eyeballing" below): + + curl --http3 https://example.org:4433/ Upgrade via Alt-Svc: - curl --alt-svc altsvc.cache https://quic.aiortc.org/ + curl --alt-svc altsvc.cache https://curl.se/ See this [list of public HTTP/3 servers](https://bagder.github.io/HTTP3-test/) +### HTTPS eyeballing + +With option `--http3` curl attempts earlier HTTP versions as well should the +connect attempt via HTTP/3 not succeed "fast enough". This strategy is similar +to IPv4/6 happy eyeballing where the alternate address family is used in +parallel after a short delay. + +The IPv4/6 eyeballing has a default of 200ms and you may override that via +`--happy-eyeballs-timeout-ms value`. Since HTTP/3 is still relatively new, we +decided to use this timeout also for the HTTP eyeballing - with a slight +twist. + +The `happy-eyeballs-timeout-ms` value is the **hard** timeout, meaning after +that time expired, a TLS connection is opened in addition to negotiate HTTP/2 +or HTTP/1.1. At half of that value - currently - is the **soft** timeout. The +soft timeout fires, when there has been **no data at all** seen from the +server on the HTTP/3 connection. + +So, without you specifying anything, the hard timeout is 200ms and the soft is 100ms: + + * Ideally, the whole QUIC handshake happens and curl has an HTTP/3 connection + in less than 100ms. + * When QUIC is not supported (or UDP does not work for this network path), no + reply is seen and the HTTP/2 TLS+TCP connection starts 100ms later. + * In the worst case, UDP replies start before 100ms, but drag on. This starts + the TLS+TCP connection after 200ms. + * When the QUIC handshake fails, the TLS+TCP connection is attempted right + away. For example, when the QUIC server presents the wrong certificate. + +The whole transfer only fails, when **both** QUIC and TLS+TCP fail to +handshake or time out. + +Note that all this happens in addition to IP version happy eyeballing. If the +name resolution for the server gives more than one IP address, curl tries all +those until one succeeds - just as with all other protocols. If those IP +addresses contain both IPv6 and IPv4, those attempts happen, delayed, in +parallel (the actual eyeballing). + ## Known Bugs Check out the [list of known HTTP3 bugs](https://curl.se/docs/knownbugs.html#HTTP3). @@ -157,18 +376,18 @@ Check out the [list of known HTTP3 bugs](https://curl.se/docs/knownbugs.html#HTT This is not advice on how to run anything in production. This is for development and experimenting. -## Preqreqs +## Prerequisite(s) An existing local HTTP/1.1 server that hosts files. Preferably also a few huge -ones. You can easily create huge local files like `truncate -s=8G 8GB` - they -are huge but do not occupy that much space on disk since they're just a big -hole. +ones. You can easily create huge local files like `truncate -s=8G 8GB` - they +are huge but do not occupy that much space on disk since they are just big +holes. -In my Debian setup I just installed **apache2**. It runs on port 80 and has a -document root in `/var/www/html`. I can get the 8GB file from it with `curl +In a Debian setup you can install **apache2**. It runs on port 80 and has a +document root in `/var/www/html`. Download the 8GB file from apache with `curl localhost/8GB -o dev/null` -In this description we setup and run a HTTP/3 reverse-proxy in front of the +In this description we setup and run an HTTP/3 reverse-proxy in front of the HTTP/1 server. ## Setup @@ -198,26 +417,21 @@ that exists in curl's test dir. ### Caddy -[Install caddy](https://caddyserver.com/docs/install), you can even put the -single binary in a separate directory if you prefer. +[Install Caddy](https://caddyserver.com/docs/install). For easiest use, the binary +should be either in your PATH or your current directory. -In the same directory you put caddy, create a `Caddyfile` with the following -content to run a HTTP/3 reverse-proxy on port 7443: +Create a `Caddyfile` with the following content: ~~~ -{ - auto_https disable_redirects - servers :7443 { - protocol { - experimental_http3 - } - } -} - localhost:7443 { - reverse_proxy localhost:80 + respond "Hello, world! you are using {http.request.proto}" } ~~~ -Then run caddy: +Then run Caddy: ./caddy start + +Making requests to `https://localhost:7443` should tell you which protocol is being used. + +You can change the hard-coded response to something more useful by replacing `respond` +with `reverse_proxy` or `file_server`, for example: `reverse_proxy localhost:80` diff --git a/libs/curl/docs/HYPER.md b/libs/curl/docs/HYPER.md index 0ca1ce1d..591b6fc3 100644 --- a/libs/curl/docs/HYPER.md +++ b/libs/curl/docs/HYPER.md @@ -1,3 +1,9 @@ + + # Hyper Hyper is a separate HTTP library written in Rust. curl can be told to use this @@ -8,31 +14,32 @@ library as a backend to deal with HTTP. Hyper support in curl is considered **EXPERIMENTAL** until further notice. It needs to be explicitly enabled at build-time. -Further development and tweaking of the Hyper backend support in curl will -happen in in the master branch using pull-requests, just like ordinary -changes. +Further development and tweaking of the Hyper backend support in curl happens +in the master branch using pull-requests, just like ordinary changes. ## Hyper version The C API for Hyper is brand new and is still under development. -## build curl with hyper +## Build curl with hyper -Build hyper and enable the C API: +Using Rust 1.64.0 or later, build hyper and enable its C API like this: % git clone https://github.com/hyperium/hyper % cd hyper - % RUSTFLAGS="--cfg hyper_unstable_ffi" cargo build --features client,http1,http2,ffi + % RUSTFLAGS="--cfg hyper_unstable_ffi" cargo rustc --features client,http1,http2,ffi --crate-type cdylib + +Also, `--release` can be added for a release (optimized) build. Build curl to use hyper's C API: % git clone https://github.com/curl/curl % cd curl - % ./buildconf - % ./configure --with-hyper= + % autoreconf -fi + % ./configure LDFLAGS="-Wl,-rpath,/target/debug -Wl,-rpath,/target/release" --with-openssl --with-hyper= % make -# using Hyper internally +# Using Hyper internally Hyper is a low level HTTP transport library. curl itself provides all HTTP headers and Hyper provides all received headers back to curl. @@ -51,8 +58,14 @@ The hyper backend does not support - `CURLOPT_IGNORE_CONTENT_LENGTH` - `--raw` and disabling `CURLOPT_HTTP_TRANSFER_DECODING` - RTSP -- hyper is much stricter about what HTTP header contents it allow in requests +- hyper is much stricter about what HTTP header contents it allows +- leading whitespace in first HTTP/1 response header - HTTP/0.9 +- HTTP/2 upgrade using HTTP:// URLs. Aka 'h2c' +- HTTP/2 in general. Hyper has support for HTTP/2 but the curl side + needs changes so that a `hyper_clientconn` can last for the duration + of a connection. Probably this means turning the Hyper HTTP/2 backend + into a connection filter. ## Remaining issues @@ -61,7 +74,5 @@ still need attention and verification include: - multiplexed HTTP/2 - h2 Upgrade: -- pausing transfers - receiving HTTP/1 trailers - sending HTTP/1 trailers - diff --git a/libs/curl/docs/INSTALL b/libs/curl/docs/INSTALL deleted file mode 100644 index ff260b1b..00000000 --- a/libs/curl/docs/INSTALL +++ /dev/null @@ -1,9 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - How To Compile - -see INSTALL.md diff --git a/libs/curl/docs/INSTALL-CMAKE.md b/libs/curl/docs/INSTALL-CMAKE.md new file mode 100644 index 00000000..0457efe2 --- /dev/null +++ b/libs/curl/docs/INSTALL-CMAKE.md @@ -0,0 +1,138 @@ + + +# Building with CMake + +This document describes how to configure, build and install curl and libcurl +from source code using the CMake build tool. To build with CMake, you of +course first have to install CMake. The minimum required version of CMake is +specified in the file `CMakeLists.txt` found in the top of the curl source +tree. Once the correct version of CMake is installed you can follow the +instructions below for the platform you are building on. + +CMake builds can be configured either from the command line, or from one of +CMake's GUIs. + +# Current flaws in the curl CMake build + +Missing features in the CMake build: + + - Builds libcurl without large file support + - Does not support all SSL libraries (only OpenSSL, Schannel, Secure + Transport, and mbedTLS, wolfSSL) + - Does not allow different resolver backends (no c-ares build support) + - No RTMP support built + - Does not allow build curl and libcurl debug enabled + - Does not allow a custom CA bundle path + - Does not allow you to disable specific protocols from the build + - Does not find or use krb4 or GSS + - Rebuilds test files too eagerly, but still cannot run the tests + - Does not detect the correct `strerror_r` flavor when cross-compiling + (issue #1123) + +# Configuring + +A CMake configuration of curl is similar to the autotools build of curl. +It consists of the following steps after you have unpacked the source. + +## Using `cmake` + +You can configure for in source tree builds or for a build tree +that is apart from the source tree. + + - Build in the source tree. + + $ cmake -B . + + - Build in a separate directory (parallel to the curl source tree in this + example). The build directory is created for you. + + $ cmake -B ../curl-build + +### Fallback for CMake before version 3.13 + +CMake before version 3.13 does not support the `-B` option. In that case, +you must create the build directory yourself, `cd` to it and run `cmake` +from there: + + $ mkdir ../curl-build + $ cd ../curl-build + $ cmake ../curl + +If you want to build in the source tree, it is enough to do this: + + $ cmake . + +### Build system generator selection + +You can override CMake's default by using `-G `. For example +on Windows with multiple build systems if you have MinGW-w64 then you could use +`-G "MinGW Makefiles"`. +[List of generator names](https://cmake.org/cmake/help/latest/manual/cmake-generators.7.html). + +## Using `ccmake` + +CMake comes with a curses based interface called `ccmake`. To run `ccmake` +on a curl use the instructions for the command line cmake, but substitute +`ccmake` for `cmake`. + +This brings up a curses interface with instructions on the bottom of the +screen. You can press the "c" key to configure the project, and the "g" key to +generate the project. After the project is generated, you can run make. + +## Using `cmake-gui` + +CMake also comes with a Qt based GUI called `cmake-gui`. To configure with +`cmake-gui`, you run `cmake-gui` and follow these steps: + + 1. Fill in the "Where is the source code" combo box with the path to + the curl source tree. + 2. Fill in the "Where to build the binaries" combo box with the path to + the directory for your build tree, ideally this should not be the same + as the source tree, but a parallel directory called curl-build or + something similar. + 3. Once the source and binary directories are specified, press the + "Configure" button. + 4. Select the native build tool that you want to use. + 5. At this point you can change any of the options presented in the GUI. + Once you have selected all the options you want, click the "Generate" + button. + +# Building + +Build (you have to specify the build directory). + + $ cmake --build ../curl-build + +### Fallback for CMake before version 3.13 + +CMake before version 3.13 does not support the `--build` option. In that +case, you have to `cd` to the build directory and use the building tool that +corresponds to the build files that CMake generated for you. This example +assumes that CMake generates `Makefile`: + + $ cd ../curl-build + $ make + +# Testing + +(The test suite does not yet work with the cmake build) + +# Installing + +Install to default location (you have to specify the build directory). + + $ cmake --install ../curl-build + +### Fallback for CMake before version 3.15 + +CMake before version 3.15 does not support the `--install` option. In that +case, you have to `cd` to the build directory and use the building tool that +corresponds to the build files that CMake generated for you. This example +assumes that CMake generates `Makefile`: + + $ cd ../curl-build + $ make install diff --git a/libs/curl/docs/INSTALL.cmake b/libs/curl/docs/INSTALL.cmake deleted file mode 100644 index 3f905d79..00000000 --- a/libs/curl/docs/INSTALL.cmake +++ /dev/null @@ -1,89 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - - How To Compile with CMake - -Building with CMake -========================== - This document describes how to compile, build and install curl and libcurl - from source code using the CMake build tool. To build with CMake, you will - of course have to first install CMake. The minimum required version of - CMake is specified in the file CMakeLists.txt found in the top of the curl - source tree. Once the correct version of CMake is installed you can follow - the instructions below for the platform you are building on. - - CMake builds can be configured either from the command line, or from one - of CMake's GUI's. - -Current flaws in the curl CMake build -===================================== - - Missing features in the cmake build: - - - Builds libcurl without large file support - - Does not support all SSL libraries (only OpenSSL, Schannel, - Secure Transport, and mbed TLS, NSS, WolfSSL) - - Does not allow different resolver backends (no c-ares build support) - - No RTMP support built - - Does not allow build curl and libcurl debug enabled - - Does not allow a custom CA bundle path - - Does not allow you to disable specific protocols from the build - - Does not find or use krb4 or GSS - - Rebuilds test files too eagerly, but still cannot run the tests - - Does not detect the correct strerror_r flavor when cross-compiling (issue #1123) - - -Command Line CMake -================== - A CMake build of curl is similar to the autotools build of curl. It - consists of the following steps after you have unpacked the source. - - 1. Create an out of source build tree parallel to the curl source - tree and change into that directory - - $ mkdir curl-build - $ cd curl-build - - 2. Run CMake from the build tree, giving it the path to the top of - the curl source tree. CMake will pick a compiler for you. If you - want to specify the compile, you can set the CC environment - variable prior to running CMake. - - $ cmake ../curl - $ make - - 3. Install to default location: - - $ make install - - (The test suite does not work with the cmake build) - -ccmake -========= - CMake comes with a curses based interface called ccmake. To run ccmake on - a curl use the instructions for the command line cmake, but substitute - ccmake ../curl for cmake ../curl. This will bring up a curses interface - with instructions on the bottom of the screen. You can press the "c" key - to configure the project, and the "g" key to generate the project. After - the project is generated, you can run make. - -cmake-gui -========= - CMake also comes with a Qt based GUI called cmake-gui. To configure with - cmake-gui, you run cmake-gui and follow these steps: - 1. Fill in the "Where is the source code" combo box with the path to - the curl source tree. - 2. Fill in the "Where to build the binaries" combo box with the path - to the directory for your build tree, ideally this should not be the - same as the source tree, but a parallel directory called curl-build or - something similar. - 3. Once the source and binary directories are specified, press the - "Configure" button. - 4. Select the native build tool that you want to use. - 5. At this point you can change any of the options presented in the - GUI. Once you have selected all the options you want, click the - "Generate" button. - 6. Run the native build tool that you used CMake to generate. diff --git a/libs/curl/docs/INSTALL.md b/libs/curl/docs/INSTALL.md index 6079123b..d00f22dc 100644 --- a/libs/curl/docs/INSTALL.md +++ b/libs/curl/docs/INSTALL.md @@ -1,4 +1,10 @@ -# how to install curl and libcurl + + +# How to install curl and libcurl ## Installing Binary Packages @@ -17,13 +23,15 @@ You can download and install curl and libcurl using the [vcpkg](https://github.c ./vcpkg integrate install vcpkg install curl[tool] -The curl port in vcpkg is kept up to date by Microsoft team members and community contributors. If the version is out of date, please [create an issue or pull request](https://github.com/Microsoft/vcpkg) on the vcpkg repository. +The curl port in vcpkg is kept up to date by Microsoft team members and +community contributors. If the version is out of date, please [create an issue +or pull request](https://github.com/Microsoft/vcpkg) on the vcpkg repository. ## Building from git If you get your code off a git repository instead of a release tarball, see -the `GIT-INFO` file in the root directory for specific instructions on how to -proceed. +the `GIT-INFO.md` file in the root directory for specific instructions on how +to proceed. # Unix @@ -72,8 +80,8 @@ Without pkg-config installed, use this: ./configure --with-openssl=/opt/OpenSSL -If you insist on forcing a build without SSL support, even though you may -have OpenSSL installed in your system, you can run configure like this: +If you insist on forcing a build without SSL support, you can run configure +like this: ./configure --without-ssl @@ -84,50 +92,85 @@ work: CPPFLAGS="-I/path/to/ssl/include" LDFLAGS="-L/path/to/ssl/lib" ./configure -If you have shared SSL libs installed in a directory where your run-time +If you have shared SSL libs installed in a directory where your runtime linker does not find them (which usually causes configure failures), you can -provide this option to gcc to set a hard-coded path to the run-time linker: +provide this option to gcc to set a hard-coded path to the runtime linker: LDFLAGS=-Wl,-R/usr/local/ssl/lib ./configure --with-openssl -## More Options +## Static builds To force a static library compile, disable the shared library creation by running configure like: ./configure --disable-shared -To tell the configure script to skip searching for thread-safe functions, add -an option like: +The configure script is primarily done to work with shared/dynamic third party +dependencies. When linking with shared libraries, the dependency "chain" is +handled automatically by the library loader - on all modern systems. + +If you instead link with a static library, you need to provide all the +dependency libraries already at the link command line. + +Figuring out all the dependency libraries for a given library is hard, as it +might involve figuring out the dependencies of the dependencies and they vary +between platforms and change between versions. + +When using static dependencies, the build scripts mostly assume that you, the +user, provide all the necessary additional dependency libraries as additional +arguments in the build. With configure, by setting `LIBS` or `LDFLAGS` on the +command line. - ./configure --disable-thread +Building statically is not for the faint of heart. + +## Debug If you are a curl developer and use gcc, you might want to enable more debug options with the `--enable-debug` option. curl can be built to use a whole range of libraries to provide various useful -services, and configure will try to auto-detect a decent default. But if you -want to alter it, you can select how to deal with each individual library. +services, and configure tries to auto-detect a decent default. If you want to +alter it, you can select how to deal with each individual library. ## Select TLS backend -These options are provided to select TLS backend to use. +These options are provided to select the TLS backend to use. - AmiSSL: `--with-amissl` - BearSSL: `--with-bearssl` - GnuTLS: `--with-gnutls`. - mbedTLS: `--with-mbedtls` - - MesaLink: `--with-mesalink` - - NSS: `--with-nss` - - OpenSSL: `--with-openssl` (also for BoringSSL and libressl) + - OpenSSL: `--with-openssl` (also for BoringSSL, AWS-LC, LibreSSL, and quictls) - rustls: `--with-rustls` - - schannel: `--with-schannel` - - secure transport: `--with-secure-transport` + - Schannel: `--with-schannel` + - Secure Transport: `--with-secure-transport` - wolfSSL: `--with-wolfssl` +You can build curl with *multiple* TLS backends at your choice, but some TLS +backends cannot be combined: if you build with an OpenSSL fork (or wolfSSL), +you cannot add another OpenSSL fork (or wolfSSL) simply because they have +conflicting identical symbol names. + +When you build with multiple TLS backends, you can select the active one at +runtime when curl starts up. + +## Configure finding libs in wrong directory + +When the configure script checks for third-party libraries, it adds those +directories to the `LDFLAGS` variable and then tries linking to see if it +works. When successful, the found directory is kept in the `LDFLAGS` variable +when the script continues to execute and do more tests and possibly check for +more libraries. + +This can make subsequent checks for libraries wrongly detect another +installation in a directory that was previously added to `LDFLAGS` by another +library check. + # Windows -## Building Windows DLLs and C run-time (CRT) linkage issues +Building for Windows XP is required as a minimum. + +## Building Windows DLLs and C runtime (CRT) linkage issues As a general rule, building a DLL with static CRT linkage is highly discouraged, and intermixing CRTs in the same app is something to avoid at @@ -137,69 +180,48 @@ These options are provided to select TLS backend to use. KB140584 is a must for any Windows developer. Especially important is full understanding if you are not going to follow the advice given above. - - [How To Use the C Run-Time](https://support.microsoft.com/help/94248/how-to-use-the-c-run-time) - - [Run-Time Library Compiler Options](https://docs.microsoft.com/cpp/build/reference/md-mt-ld-use-run-time-library) + - [How To Use the C Runtime](https://support.microsoft.com/help/94248/how-to-use-the-c-run-time) + - [Runtime Library Compiler Options](https://docs.microsoft.com/cpp/build/reference/md-mt-ld-use-run-time-library) - [Potential Errors Passing CRT Objects Across DLL Boundaries](https://docs.microsoft.com/cpp/c-runtime-library/potential-errors-passing-crt-objects-across-dll-boundaries) -If your app is misbehaving in some strange way, or it is suffering from -memory corruption, before asking for further help, please try first to -rebuild every single library your app uses as well as your app using the -debug multithreaded dynamic C runtime. +If your app is misbehaving in some strange way, or it is suffering from memory +corruption, before asking for further help, please try first to rebuild every +single library your app uses as well as your app using the debug +multi-threaded dynamic C runtime. If you get linkage errors read section 5.7 of the FAQ document. -## MingW32 - -Make sure that MinGW32's bin dir is in the search path, for example: - -```cmd -set PATH=c:\mingw32\bin;%PATH% -``` +## Cygwin -then run `mingw32-make mingw32` in the root dir. There are other -make targets available to build libcurl with more features, use: +Almost identical to the Unix installation. Run the configure script in the +curl source tree root with `sh configure`. Make sure you have the `sh` +executable in `/bin/` or you see the configure fail toward the end. - - `mingw32-make mingw32-zlib` to build with Zlib support; - - `mingw32-make mingw32-ssl-zlib` to build with SSL and Zlib enabled; - - `mingw32-make mingw32-ssh2-ssl-zlib` to build with SSH2, SSL, Zlib; - - `mingw32-make mingw32-ssh2-ssl-sspi-zlib` to build with SSH2, SSL, Zlib - and SSPI support. +Run `make` -If you have any problems linking libraries or finding header files, be sure -to verify that the provided `Makefile.m32` files use the proper paths, and -adjust as necessary. It is also possible to override these paths with -environment variables, for example: +## MS-DOS -```cmd -set ZLIB_PATH=c:\zlib-1.2.8 -set OPENSSL_PATH=c:\openssl-1.0.2c -set LIBSSH2_PATH=c:\libssh2-1.6.0 -``` +Requires DJGPP in the search path and pointing to the Watt-32 stack via +`WATT_PATH=c:/djgpp/net/watt`. -It is also possible to build with other LDAP SDKs than MS LDAP; currently -it is possible to build with native Win32 OpenLDAP, or with the Novell CLDAP -SDK. If you want to use these you need to set these vars: +Run `make -f Makefile.dist djgpp` in the root curl dir. -```cmd -set LDAP_SDK=c:\openldap -set USE_LDAP_OPENLDAP=1 -``` +For build configuration options, please see the mingw-w64 section. -or for using the Novell SDK: +Notes: -```cmd -set USE_LDAP_NOVELL=1 -``` + - DJGPP 2.04 beta has a `sscanf()` bug so the URL parsing is not done + properly. Use DJGPP 2.03 until they fix it. -If you want to enable LDAPS support then set LDAPS=1. + - Compile Watt-32 (and OpenSSL) with the same version of DJGPP. Otherwise + things go wrong because things like FS-extensions and `errno` values have + been changed between releases. -## Cygwin +## AmigaOS -Almost identical to the unix installation. Run the configure script in the -curl source tree root with `sh configure`. Make sure you have the `sh` -executable in `/bin/` or you will see the configure fail toward the end. +Run `make -f Makefile.dist amiga` in the root curl dir. -Run `make` +For build configuration options, please see the mingw-w64 section. ## Disabling Specific Protocols in Windows builds @@ -208,7 +230,7 @@ environment, therefore, you cannot use the various disable-protocol options of the configure utility on this platform. You can use specific defines to disable specific protocols and features. See -[CURL-DISABLE.md](CURL-DISABLE.md) for the full list. +[CURL-DISABLE](CURL-DISABLE.md) for the full list. If you want to set any of these defines you have the following options: @@ -218,25 +240,23 @@ If you want to set any of these defines you have the following options: - Modify the "Preprocessor Definitions" in the libcurl project Note: The pre-processor settings can be found using the Visual Studio IDE -under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> -Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later -versions. +under "Project -> Properties -> Configuration Properties -> C/C++ -> +Preprocessor". ## Using BSD-style lwIP instead of Winsock TCP/IP stack in Win32 builds In order to compile libcurl and curl using BSD-style lwIP TCP/IP stack it is -necessary to make definition of preprocessor symbol `USE_LWIPSOCK` visible to -libcurl and curl compilation processes. To set this definition you have the -following alternatives: +necessary to make the definition of the preprocessor symbol `USE_LWIPSOCK` +visible to libcurl and curl compilation processes. To set this definition you +have the following alternatives: - Modify `lib/config-win32.h` and `src/config-win32.h` - Modify `winbuild/Makefile.vc` - Modify the "Preprocessor Definitions" in the libcurl project Note: The pre-processor settings can be found using the Visual Studio IDE -under "Project -> Settings -> C/C++ -> General" in VC6 and "Project -> -Properties -> Configuration Properties -> C/C++ -> Preprocessor" in later -versions. +under "Project -> Properties -> Configuration Properties -> C/C++ -> +Preprocessor". Once that libcurl has been built with BSD-style lwIP TCP/IP stack support, in order to use it with your program it is mandatory that your program includes @@ -244,40 +264,37 @@ lwIP header file `` (or another lwIP header that includes this) before including any libcurl header. Your program does not need the `USE_LWIPSOCK` preprocessor definition which is for libcurl internals only. -Compilation has been verified with [lwIP -1.4.0](https://download.savannah.gnu.org/releases/lwip/lwip-1.4.0.zip) and -[contrib-1.4.0](https://download.savannah.gnu.org/releases/lwip/contrib-1.4.0.zip). +Compilation has been verified with lwIP 1.4.0. This BSD-style lwIP TCP/IP stack support must be considered experimental given that it has been verified that lwIP 1.4.0 still needs some polish, and libcurl -might yet need some additional adjustment, caveat emptor. +might yet need some additional adjustment. ## Important static libcurl usage note When building an application that uses the static libcurl library on Windows, -you must add `-DCURL_STATICLIB` to your `CFLAGS`. Otherwise the linker will -look for dynamic import symbols. +you must add `-DCURL_STATICLIB` to your `CFLAGS`. Otherwise the linker looks +for dynamic import symbols. ## Legacy Windows and SSL Schannel (from Windows SSPI), is the native SSL library in Windows. However, -Schannel in Windows <= XP is unable to connect to servers that -no longer support the legacy handshakes and algorithms used by those -versions. If you will be using curl in one of those earlier versions of -Windows you should choose another SSL backend such as OpenSSL. +Schannel in Windows <= XP is unable to connect to servers that no longer +support the legacy handshakes and algorithms used by those versions. If you +are using curl in one of those earlier versions of Windows you should choose +another SSL backend such as OpenSSL. # Apple Platforms (macOS, iOS, tvOS, watchOS, and their simulator counterparts) On modern Apple operating systems, curl can be built to use Apple's SSL/TLS implementation, Secure Transport, instead of OpenSSL. To build with Secure -Transport for SSL/TLS, use the configure option `--with-secure-transport`. (It -is not necessary to use the option `--without-openssl`.) +Transport for SSL/TLS, use the configure option `--with-secure-transport`. When Secure Transport is in use, the curl options `--cacert` and `--capath` -and their libcurl equivalents, will be ignored, because Secure Transport uses -the certificates stored in the Keychain to evaluate whether or not to trust -the server. This, of course, includes the root certificates that ship with the -OS. The `--cert` and `--engine` options, and their libcurl equivalents, are +and their libcurl equivalents, are ignored, because Secure Transport uses the +certificates stored in the Keychain to evaluate whether or not to trust the +server. This, of course, includes the root certificates that ship with the OS. +The `--cert` and `--engine` options, and their libcurl equivalents, are currently unimplemented in curl with Secure Transport. In general, a curl build for an Apple `ARCH/SDK/DEPLOYMENT_TARGET` combination @@ -296,7 +313,8 @@ make -j8 make install ``` -Above will build curl for macOS platform with `x86_64` architecture and `10.8` as deployment target. +The above command lines build curl for macOS platform with `x86_64` +architecture and `10.8` as deployment target. Here is an example for iOS device: @@ -324,30 +342,31 @@ make -j8 make install ``` -In all above, the built libraries and executables can be found in `artifacts` folder. +In all above, the built libraries and executables can be found in the +`artifacts` folder. # Android -When building curl for Android it's recommended to use a Linux environment -since using curl's `configure` script is the easiest way to build curl -for Android. Before you can build curl for Android, you need to install the -Android NDK first. This can be done using the SDK Manager that is part of -Android Studio. Once you have installed the Android NDK, you need to figure out -where it has been installed and then set up some environment variables before -launching `configure`. On macOS, those variables could look like this to compile -for `aarch64` and API level 29: +When building curl for Android it is recommended to use a Linux/macOS +environment since using curl's `configure` script is the easiest way to build +curl for Android. Before you can build curl for Android, you need to install +the Android NDK first. This can be done using the SDK Manager that is part of +Android Studio. Once you have installed the Android NDK, you need to figure +out where it has been installed and then set up some environment variables +before launching `configure`. On macOS, those variables could look like this +to compile for `aarch64` and API level 29: ```bash -export NDK=~/Library/Android/sdk/ndk/20.1.5948944 -export HOST_TAG=darwin-x86_64 -export TOOLCHAIN=$NDK/toolchains/llvm/prebuilt/$HOST_TAG -export AR=$TOOLCHAIN/bin/aarch64-linux-android-ar -export AS=$TOOLCHAIN/bin/aarch64-linux-android-as -export CC=$TOOLCHAIN/bin/aarch64-linux-android29-clang -export CXX=$TOOLCHAIN/bin/aarch64-linux-android29-clang++ -export LD=$TOOLCHAIN/bin/aarch64-linux-android-ld -export RANLIB=$TOOLCHAIN/bin/aarch64-linux-android-ranlib -export STRIP=$TOOLCHAIN/bin/aarch64-linux-android-strip +export ANDROID_NDK_HOME=~/Library/Android/sdk/ndk/25.1.8937393 # Point into your NDK. +export HOST_TAG=darwin-x86_64 # Same tag for Apple Silicon. Other OS values here: https://developer.android.com/ndk/guides/other_build_systems#overview +export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/$HOST_TAG +export AR=$TOOLCHAIN/bin/llvm-ar +export AS=$TOOLCHAIN/bin/llvm-as +export CC=$TOOLCHAIN/bin/aarch64-linux-android21-clang +export CXX=$TOOLCHAIN/bin/aarch64-linux-android21-clang++ +export LD=$TOOLCHAIN/bin/ld +export RANLIB=$TOOLCHAIN/bin/llvm-ranlib +export STRIP=$TOOLCHAIN/bin/llvm-strip ``` When building on Linux or targeting other API levels or architectures, you need @@ -355,19 +374,18 @@ to adjust those variables accordingly. After that you can build curl like this: ./configure --host aarch64-linux-android --with-pic --disable-shared -Note that this will not give you SSL/TLS support. If you need SSL/TLS, you have -to build curl against a SSL/TLS layer, e.g. OpenSSL, because it's impossible for -curl to access Android's native SSL/TLS layer. To build curl for Android using -OpenSSL, follow the OpenSSL build instructions and then install `libssl.a` and -`libcrypto.a` to `$TOOLCHAIN/sysroot/usr/lib` and copy `include/openssl` to -`$TOOLCHAIN/sysroot/usr/include`. Now you can build curl for Android using -OpenSSL like this: - - ./configure --host aarch64-linux-android --with-pic --disable-shared --with-openssl="$TOOLCHAIN/sysroot/usr" +Note that this does not give you SSL/TLS support. If you need SSL/TLS, you +have to build curl with a SSL/TLS library, e.g. OpenSSL, because it is +impossible for curl to access Android's native SSL/TLS layer. To build curl +for Android using OpenSSL, follow the OpenSSL build instructions and then +install `libssl.a` and `libcrypto.a` to `$TOOLCHAIN/sysroot/usr/lib` and copy +`include/openssl` to `$TOOLCHAIN/sysroot/usr/include`. Now you can build curl +for Android using OpenSSL like this: -Note, however, that you must target at least Android M (API level 23) or `configure` -will not be able to detect OpenSSL since `stderr` (and the like) were not defined -before Android M. +```bash +LIBS="-lssl -lcrypto -lc++" # For OpenSSL/BoringSSL. In general, you need to the SSL/TLS layer's transitive dependencies if you are linking statically. +./configure --host aarch64-linux-android --with-pic --disable-shared --with-openssl="$TOOLCHAIN/sysroot/usr" +``` # IBM i @@ -375,22 +393,22 @@ For IBM i (formerly OS/400), you can use curl in two different ways: - Natively, running in the **ILE**. The obvious use is being able to call curl from ILE C or RPG applications. - - You will need to build this from source. See `packages/OS400/README` for - the ILE specific build instructions. -- In the **PASE** environment, which runs AIX programs. curl will be built as - it would be on AIX. - - IBM provides builds of curl in their Yum repository for PASE software. - - To build from source, follow the Unix instructions. +- You need to build this from source. See `packages/OS400/README` for the ILE + specific build instructions. +- In the **PASE** environment, which runs AIX programs. curl is built as it + would be on AIX. +- IBM provides builds of curl in their Yum repository for PASE software. +- To build from source, follow the Unix instructions. There are some additional limitations and quirks with curl on this platform; they affect both environments. -## Multithreading notes +## Multi-threading notes -By default, jobs in IBM i will not start with threading enabled. (Exceptions +By default, jobs in IBM i does not start with threading enabled. (Exceptions include interactive PASE sessions started by `QP2TERM` or SSH.) If you use -curl in an environment without threading when options like async DNS were -enabled, you will get messages like: +curl in an environment without threading when options like asynchronous DNS +were enabled, you get messages like: ``` getaddrinfo() thread failed to start @@ -410,9 +428,9 @@ Download and unpack the curl package. Set environment variables to point to the cross-compile toolchain and call configure with any options you need. Be sure and specify the `--host` and -`--build` parameters at configuration time. The following script is an -example of cross-compiling for the IBM 405GP PowerPC processor using the -toolchain from MonteVista for Hardhat Linux. +`--build` parameters at configuration time. The following script is an example +of cross-compiling for the IBM 405GP PowerPC processor using the toolchain on +Linux. ```bash #! /bin/sh @@ -435,9 +453,9 @@ export NM=ppc_405-nm You may also need to provide a parameter like `--with-random=/dev/urandom` to configure as it cannot detect the presence of a random number generating -device for a target system. The `--prefix` parameter specifies where curl -will be installed. If `configure` completes successfully, do `make` and `make -install` as usual. +device for a target system. The `--prefix` parameter specifies where curl gets +installed. If `configure` completes successfully, do `make` and `make install` +as usual. In some cases, you may be able to simplify the above commands to as little as: @@ -449,10 +467,16 @@ There are a number of configure options that can be used to reduce the size of libcurl for embedded applications where binary size is an important factor. First, be sure to set the `CFLAGS` variable when configuring with any relevant compiler optimization flags to reduce the size of the binary. For gcc, this -would mean at minimum the -Os option, and potentially the `-march=X`, -`-mdynamic-no-pic` and `-flto` options as well, e.g. +would mean at minimum the `-Os` option, and others like the following that +may be relevant in some environments: `-march=X`, `-mthumb`, `-m32`, +`-mdynamic-no-pic`, `-flto`, `-fdata-sections`, `-ffunction-sections`, +`-fno-unwind-tables`, `-fno-asynchronous-unwind-tables`, +`-fno-record-gcc-switches`, `-fsection-anchors`, `-fno-plt`, +`-Wl,--gc-sections`, `-Wl,-Bsymbolic`, `-Wl,-s`, - ./configure CFLAGS='-Os' LDFLAGS='-Wl,-Bsymbolic'... +For example, this is how to combine a few of these options: + + ./configure CC=gcc CFLAGS='-Os -ffunction-sections' LDFLAGS='-Wl,--gc-sections'... Note that newer compilers often produce smaller code than older versions due to improved optimization. @@ -460,29 +484,38 @@ due to improved optimization. Be sure to specify as many `--disable-` and `--without-` flags on the configure command-line as you can to disable all the libcurl features that you know your application is not going to need. Besides specifying the -`--disable-PROTOCOL` flags for all the types of URLs your application will not +`--disable-PROTOCOL` flags for all the types of URLs your application do not use, here are some other flags that can reduce the size of the library by -disabling support for some feature: +disabling support for some feature (run `./configure --help` to see them all): - - `--disable-alt-svc` (HTTP Alt-Srv) + - `--disable-alt-svc` (HTTP Alt-Svc) - `--disable-ares` (the C-ARES DNS library) - `--disable-cookies` (HTTP cookies) - - `--disable-crypto-auth` (cryptographic authentication) + - `--disable-basic-auth` (cryptographic authentication) + - `--disable-bearer-auth` (cryptographic authentication) + - `--disable-digest-auth` (cryptographic authentication) + - `--disable-kerberos-auth` (cryptographic authentication) + - `--disable-negotiate-auth` (cryptographic authentication) + - `--disable-aws` (cryptographic authentication) - `--disable-dateparse` (date parsing for time conditionals) - `--disable-dnsshuffle` (internal server load spreading) - `--disable-doh` (DNS-over-HTTP) + - `--disable-form-api` (POST form API) - `--disable-get-easy-options` (lookup easy options at runtime) + - `--disable-headers-api` (API to access headers) - `--disable-hsts` (HTTP Strict Transport Security) - `--disable-http-auth` (all HTTP authentication) - `--disable-ipv6` (IPv6) - `--disable-libcurl-option` (--libcurl C code generation support) - - `--disable-manual` (built-in documentation) + - `--disable-manual` (--manual built-in documentation) + - `--disable-mime` (MIME API) - `--disable-netrc` (.netrc file) + - `--disable-ntlm` (NTLM authentication) - `--disable-ntlm-wb` (NTLM WinBind) - `--disable-progress-meter` (graphical progress meter in library) - `--disable-proxy` (HTTP and SOCKS proxies) - - `--disable-pthreads` (multithreading) - - `--disable-socketpair` (socketpair for async name resolving) + - `--disable-pthreads` (multi-threading) + - `--disable-socketpair` (socketpair for asynchronous name resolving) - `--disable-threaded-resolver` (threaded name resolver) - `--disable-tls-srp` (Secure Remote Password authentication for TLS) - `--disable-unix-sockets` (UNIX sockets) @@ -499,60 +532,53 @@ disabling support for some feature: - `--without-ssl` (SSL/TLS) - `--without-zlib` (on-the-fly decompression) -The GNU compiler and linker have a number of options that can reduce the -size of the libcurl dynamic libraries on some platforms even further. -Specify them by providing appropriate `CFLAGS` and `LDFLAGS` variables on -the configure command-line, e.g. - - CFLAGS="-Os -ffunction-sections -fdata-sections - -fno-unwind-tables -fno-asynchronous-unwind-tables -flto" - LDFLAGS="-Wl,-s -Wl,-Bsymbolic -Wl,--gc-sections" - Be sure also to strip debugging symbols from your binaries after compiling -using 'strip' (or the appropriate variant if cross-compiling). If space is -really tight, you may be able to remove some unneeded sections of the shared -library using the -R option to objcopy (e.g. the .comment section). +using 'strip' or an option like `-s`. If space is really tight, you may be able +to gain a few bytes by removing some unneeded sections of the shared library +using the -R option to objcopy (e.g. the .comment section). Using these techniques it is possible to create a basic HTTP-only libcurl -shared library for i386 Linux platforms that is only 133 KiB in size -(as of libcurl version 7.80.0, using gcc 11.2.0). +shared library for i386 Linux platforms that is only 130 KiB in size +(as of libcurl version 8.6.0, using gcc 13.2.0). -You may find that statically linking libcurl to your application will result -in a lower total size than dynamically linking. +You may find that statically linking libcurl to your application results in a +lower total size than dynamically linking. -Note that the curl test harness can detect the use of some, but not all, of -the `--disable` statements suggested above. Use will cause tests relying on -those features to fail. The test harness can be manually forced to skip the +The curl test harness can detect the use of some, but not all, of the +`--disable` statements suggested above. Use of these can cause tests relying +on those features to fail. The test harness can be manually forced to skip the relevant tests by specifying certain key words on the `runtests.pl` command line. Following is a list of appropriate key words for those configure options -that aren't automatically detected: +that are not automatically detected: - `--disable-cookies` !cookies - - `--disable-dateparse` !RETRY-AFTER !CURLOPT_TIMECONDITION !CURLINFO_FILETIME !If-Modified-Since !getdate !-z - - `--disable-libcurl-option` !--libcurl + - `--disable-dateparse` !RETRY-AFTER !`CURLOPT_TIMECONDITION` !`CURLINFO_FILETIME` !`If-Modified-Since` !`curl_getdate` !`-z` + - `--disable-libcurl-option` !`--libcurl` - `--disable-verbose` !verbose\ logs -# PORTS +# Ports This is a probably incomplete list of known CPU architectures and operating systems that curl has been compiled for. If you know a system curl compiles and runs on, that is not listed, please let us know! -## 85 Operating Systems - -AIX, AmigaOS, Android, Aros, BeOS, Blackberry 10, Blackberry Tablet OS, Cell -OS, ChromeOS, Cisco IOS, Cygwin, Dragonfly BSD, eCOS, FreeBSD, FreeDOS, -FreeRTOS, Fuchsia, Garmin OS, Genode, Haiku, HardenedBSD, HP-UX, Hurd, -Illumos, Integrity, iOS, ipadOS, IRIX, LineageOS, Linux, Lua RTOS, Mac OS 9, -macOS, Mbed, Micrium, MINIX, MorphOS, MPE/iX, MS-DOS, NCR MP-RAS, NetBSD, -Netware, Nintendo Switch, NonStop OS, NuttX, OpenBSD, OpenStep, Orbis OS, -OS/2, OS/400, OS21, Plan 9, PlayStation Portable, QNX, Qubes OS, ReactOS, -Redox, RICS OS, Sailfish OS, SCO Unix, Serenity, SINIX-Z, Solaris, SunOS, -Syllable OS, Symbian, Tizen, TPF, Tru64, tvOS, ucLinux, Ultrix, UNICOS, -UnixWare, VMS, vxWorks, WebOS, Wii system software, Windows, Windows CE, Xbox -System, z/OS, z/TPF, z/VM, z/VSE - -## 22 CPU Architectures - -Alpha, ARC, ARM, AVR32, Cell, HP-PA, Itanium, m68k, MicroBlaze, MIPS, Nios, -OpenRISC, POWER, PowerPC, RISC-V, s390, SH4, SPARC, VAX, x86, x86-64, Xtensa +## 101 Operating Systems + + AIX, AmigaOS, Android, ArcoOS, Aros, Atari FreeMiNT, BeOS, Blackberry 10, + Blackberry Tablet OS, Cell OS, CheriBSD, Chrome OS, Cisco IOS, DG/UX, + Dragonfly BSD, DR DOS, eCOS, FreeBSD, FreeDOS, FreeRTOS, Fuchsia, Garmin OS, + Genode, Haiku, HardenedBSD, HP-UX, Hurd, Illumos, Integrity, iOS, ipadOS, IRIX, + Linux, Lua RTOS, Mac OS 9, macOS, Mbed, Meego, Micrium, MINIX, Moblin, MorphOS, + MPE/iX, MS-DOS, NCR MP-RAS, NetBSD, Netware, NextStep, Nintendo Switch, + NonStop OS, NuttX, OpenBSD, OpenStep, Orbis OS, OS/2, OS/400, OS21, Plan 9, + PlayStation Portable, QNX, Qubes OS, ReactOS, Redox, RICS OS, ROS, RTEMS, + Sailfish OS, SCO Unix, Serenity, SINIX-Z, SkyOS, Solaris, Sortix, SunOS, + Syllable OS, Symbian, Tizen, TPF, Tru64, tvOS, ucLinux, Ultrix, UNICOS, + UnixWare, VMS, vxWorks, watchOS, Wear OS, WebOS, Wii system software, Wii U, + Windows, Windows CE, Xbox System, Xenix, Zephyr, z/OS, z/TPF, z/VM, z/VSE + +## 28 CPU Architectures + + Alpha, ARC, ARM, AVR32, C-SKY, CompactRISC, Elbrus, ETRAX, HP-PA, Itanium, + LoongArch, m68k, m88k, MicroBlaze, MIPS, Nios, OpenRISC, POWER, PowerPC, + RISC-V, s390, SH4, SPARC, Tilera, VAX, x86, Xtensa, z/arch diff --git a/libs/curl/docs/INTERNALS.md b/libs/curl/docs/INTERNALS.md index dbae5a22..ff77bac7 100644 --- a/libs/curl/docs/INTERNALS.md +++ b/libs/curl/docs/INTERNALS.md @@ -1,79 +1,18 @@ -curl internals -============== + - -Intro -===== +# curl internals - This project is split in two. The library and the client. The client part - uses the library, but the library is designed to allow other applications to - use it. +The canonical libcurl internals documentation is now in the [everything +curl](https://everything.curl.dev/internals) book. This file lists supported +versions of libs and build tools. - The largest amount of code and complexity is in the library part. +## Portability - - -git -=== - - All changes to the sources are committed to the git repository as soon as - they are somewhat verified to work. Changes shall be committed as independently - as possible so that individual changes can be easily spotted and tracked - afterwards. - - Tagging shall be used extensively, and by the time we release new archives we - should tag the sources with a name similar to the released version number. - - -Portability -=========== - - We write curl and libcurl to compile with C89 compilers. On 32-bit and up + We write curl and libcurl to compile with C89 compilers on 32-bit and up machines. Most of libcurl assumes more or less POSIX compliance but that is not a requirement. @@ -81,8 +20,9 @@ Portability want it to remain functional and buildable with these and later versions (older versions may still work but is not what we work hard to maintain): -Dependencies ------------- +## Dependencies + + We aim to support these or later versions. - OpenSSL 0.9.7 - GnuTLS 3.1.10 @@ -91,1016 +31,31 @@ Dependencies - c-ares 1.16.0 - libidn2 2.0.0 - wolfSSL 2.0.0 - - openldap 2.0 + - OpenLDAP 2.0 - MIT Kerberos 1.2.4 - - GSKit V5R3M0 - - NSS 3.14.x - Heimdal ? - - nghttp2 1.12.0 + - nghttp2 1.15.0 - WinSock 2.2 (on Windows 95+ and Windows CE .NET 4.1+) -Operating Systems ------------------ - - On systems where configure runs, we aim at working on them all - if they have - a suitable C compiler. On systems that do not run configure, we strive to keep - curl running correctly on: - - - Windows 98 - - AS/400 V5R3M0 - - Symbian 9.1 - - Windows CE ? - - TPF ? - -Build tools ------------ +## Build tools When writing code (mostly for generating stuff included in release tarballs) we use a few "build tools" and we make sure that we remain functional with these versions: - GNU Libtool 1.4.2 - - GNU Autoconf 2.57 + - GNU Autoconf 2.59 - GNU Automake 1.7 - GNU M4 1.4 - - perl 5.004 + - perl 5.8 - roffit 0.5 - - groff ? (any version that supports `groff -Tps -man [in] [out]`) - - ps2pdf (gs) ? - - -Windows vs Unix -=============== - - There are a few differences in how to program curl the Unix way compared to - the Windows way. Perhaps the four most notable details are: - - 1. Different function names for socket operations. - - In curl, this is solved with defines and macros, so that the source looks - the same in all places except for the header file that defines them. The - macros in use are `sclose()`, `sread()` and `swrite()`. - - 2. Windows requires a couple of init calls for the socket stuff. - - That is taken care of by the `curl_global_init()` call, but if other libs - also do it etc there might be reasons for applications to alter that - behavior. - - We require WinSock version 2.2 and load this version during global init. - - 3. The file descriptors for network communication and file operations are - not as easily interchangeable as in Unix. - - We avoid this by not trying any funny tricks on file descriptors. - - 4. When writing data to stdout, Windows makes end-of-lines the DOS way, thus - destroying binary data, although you do want that conversion if it is - text coming through... (sigh) - - We set stdout to binary under windows - - Inside the source code, We make an effort to avoid `#ifdef [Your OS]`. All - conditionals that deal with features *should* instead be in the format - `#ifdef HAVE_THAT_WEIRD_FUNCTION`. Since Windows cannot run configure scripts, - we maintain a `curl_config-win32.h` file in lib directory that is supposed to - look exactly like a `curl_config.h` file would have looked like on a Windows - machine. - - Generally speaking: always remember that this will be compiled on dozens of - operating systems. Do not walk on the edge. - - -Library -======= - - (See [Structs in libcurl](#structs) for the separate section describing all - major internal structs and their purposes.) - - There are plenty of entry points to the library, namely each publicly defined - function that libcurl offers to applications. All of those functions are - rather small and easy-to-follow. All the ones prefixed with `curl_easy` are - put in the `lib/easy.c` file. - - `curl_global_init()` and `curl_global_cleanup()` should be called by the - application to initialize and clean up global stuff in the library. As of - today, it can handle the global SSL initialization if SSL is enabled and it - can initialize the socket layer on Windows machines. libcurl itself has no - "global" scope. - - All printf()-style functions use the supplied clones in `lib/mprintf.c`. This - makes sure we stay absolutely platform independent. - - [ `curl_easy_init()`][2] allocates an internal struct and makes some - initializations. The returned handle does not reveal internals. This is the - `Curl_easy` struct which works as an "anchor" struct for all `curl_easy` - functions. All connections performed will get connect-specific data allocated - that should be used for things related to particular connections/requests. - - [`curl_easy_setopt()`][1] takes three arguments, where the option stuff must - be passed in pairs: the parameter-ID and the parameter-value. The list of - options is documented in the man page. This function mainly sets things in - the `Curl_easy` struct. - - `curl_easy_perform()` is just a wrapper function that makes use of the multi - API. It basically calls `curl_multi_init()`, `curl_multi_add_handle()`, - `curl_multi_wait()`, and `curl_multi_perform()` until the transfer is done - and then returns. - - Some of the most important key functions in `url.c` are called from - `multi.c` when certain key steps are to be made in the transfer operation. - - -Curl_connect() --------------- - - Analyzes the URL, it separates the different components and connects to the - remote host. This may involve using a proxy and/or using SSL. The - `Curl_resolv()` function in `lib/hostip.c` is used for looking up host - names (it does then use the proper underlying method, which may vary - between platforms and builds). - - When `Curl_connect` is done, we are connected to the remote site. Then it - is time to tell the server to get a document/file. `Curl_do()` arranges - this. - - This function makes sure there's an allocated and initiated `connectdata` - struct that is used for this particular connection only (although there may - be several requests performed on the same connect). A bunch of things are - initialized/inherited from the `Curl_easy` struct. - - -multi_do() ---------- - - `multi_do()` makes sure the proper protocol-specific function is called. - The functions are named after the protocols they handle. - - The protocol-specific functions of course deal with protocol-specific - negotiations and setup. When they are ready to start the actual file - transfer they call the `Curl_setup_transfer()` function (in - `lib/transfer.c`) to setup the transfer and returns. - - If this DO function fails and the connection is being re-used, libcurl will - then close this connection, setup a new connection and re-issue the DO - request on that. This is because there is no way to be perfectly sure that - we have discovered a dead connection before the DO function and thus we - might wrongly be re-using a connection that was closed by the remote peer. - - -Curl_readwrite() ----------------- - - Called during the transfer of the actual protocol payload. - - During transfer, the progress functions in `lib/progress.c` are called at - frequent intervals (or at the user's choice, a specified callback might get - called). The speedcheck functions in `lib/speedcheck.c` are also used to - verify that the transfer is as fast as required. - - -multi_done() ------------ - - Called after a transfer is done. This function takes care of everything - that has to be done after a transfer. This function attempts to leave - matters in a state so that `multi_do()` should be possible to call again on - the same connection (in a persistent connection case). It might also soon - be closed with `Curl_disconnect()`. - - -Curl_disconnect() ------------------ - - When doing normal connections and transfers, no one ever tries to close any - connections so this is not normally called when `curl_easy_perform()` is - used. This function is only used when we are certain that no more transfers - are going to be made on the connection. It can be also closed by force, or - it can be called to make sure that libcurl does not keep too many - connections alive at the same time. - - This function cleans up all resources that are associated with a single - connection. - - -HTTP(S) -======= - - HTTP offers a lot and is the protocol in curl that uses the most lines of - code. There is a special file `lib/formdata.c` that offers all the - multipart post functions. - - base64-functions for user+password stuff (and more) is in `lib/base64.c` - and all functions for parsing and sending cookies are found in - `lib/cookie.c`. - - HTTPS uses in almost every case the same procedure as HTTP, with only two - exceptions: the connect procedure is different and the function used to read - or write from the socket is different, although the latter fact is hidden in - the source by the use of `Curl_read()` for reading and `Curl_write()` for - writing data to the remote server. - - `http_chunks.c` contains functions that understands HTTP 1.1 chunked transfer - encoding. - - An interesting detail with the HTTP(S) request, is the `Curl_add_buffer()` - series of functions we use. They append data to one single buffer, and when - the building is finished the entire request is sent off in one single write. - This is done this way to overcome problems with flawed firewalls and lame - servers. - - -FTP -=== - - The `Curl_if2ip()` function can be used for getting the IP number of a - specified network interface, and it resides in `lib/if2ip.c`. - - `Curl_ftpsendf()` is used for sending FTP commands to the remote server. It - was made a separate function to prevent us programmers from forgetting that - they must be CRLF terminated. They must also be sent in one single `write()` - to make firewalls and similar happy. - - -Kerberos -======== - - Kerberos support is mainly in `lib/krb5.c` but also `curl_sasl_sspi.c` and - `curl_sasl_gssapi.c` for the email protocols and `socks_gssapi.c` and - `socks_sspi.c` for SOCKS5 proxy specifics. - - -TELNET -====== - - Telnet is implemented in `lib/telnet.c`. - - -FILE -==== - - The `file://` protocol is dealt with in `lib/file.c`. - - -SMB -=== + - cmake 3.7 - The `smb://` protocol is dealt with in `lib/smb.c`. - - -LDAP -==== - - Everything LDAP is in `lib/ldap.c` and `lib/openldap.c`. - - -Email -====== - - The email related source code is in `lib/imap.c`, `lib/pop3.c` and - `lib/smtp.c`. - - -General -======= - - URL encoding and decoding, called escaping and unescaping in the source code, - is found in `lib/escape.c`. - - While transferring data in `Transfer()` a few functions might get used. - `curl_getdate()` in `lib/parsedate.c` is for HTTP date comparisons (and - more). - - `lib/getenv.c` offers `curl_getenv()` which is for reading environment - variables in a neat platform independent way. That is used in the client, but - also in `lib/url.c` when checking the proxy environment variables. Note that - contrary to the normal unix `getenv()`, this returns an allocated buffer that - must be `free()`ed after use. - - `lib/netrc.c` holds the `.netrc` parser. - - `lib/timeval.c` features replacement functions for systems that do not have - `gettimeofday()` and a few support functions for timeval conversions. - - A function named `curl_version()` that returns the full curl version string - is found in `lib/version.c`. - - -Persistent Connections -====================== - - The persistent connection support in libcurl requires some considerations on - how to do things inside of the library. - - - The `Curl_easy` struct returned in the [`curl_easy_init()`][2] call - must never hold connection-oriented data. It is meant to hold the root data - as well as all the options etc that the library-user may choose. - - - The `Curl_easy` struct holds the "connection cache" (an array of - pointers to `connectdata` structs). - - - This enables the 'curl handle' to be reused on subsequent transfers. - - - When libcurl is told to perform a transfer, it first checks for an already - existing connection in the cache that we can use. Otherwise it creates a - new one and adds that to the cache. If the cache is full already when a new - connection is added, it will first close the oldest unused one. - - - When the transfer operation is complete, the connection is left - open. Particular options may tell libcurl not to, and protocols may signal - closure on connections and then they will not be kept open, of course. - - - When `curl_easy_cleanup()` is called, we close all still opened connections, - unless of course the multi interface "owns" the connections. - - The curl handle must be re-used in order for the persistent connections to - work. - - -multi interface/non-blocking -============================ - - The multi interface is a non-blocking interface to the library. To make that - interface work as well as possible, no low-level functions within libcurl - must be written to work in a blocking manner. (There are still a few spots - violating this rule.) - - One of the primary reasons we introduced c-ares support was to allow the name - resolve phase to be perfectly non-blocking as well. - - The FTP and the SFTP/SCP protocols are examples of how we adapt and adjust - the code to allow non-blocking operations even on multi-stage command- - response protocols. They are built around state machines that return when - they would otherwise block waiting for data. The DICT, LDAP and TELNET - protocols are crappy examples and they are subject for rewrite in the future - to better fit the libcurl protocol family. - - -SSL libraries -============= - - Originally libcurl supported SSLeay for SSL/TLS transports, but that was then - extended to its successor OpenSSL but has since also been extended to several - other SSL/TLS libraries and we expect and hope to further extend the support - in future libcurl versions. - - To deal with this internally in the best way possible, we have a generic SSL - function API as provided by the `vtls/vtls.[ch]` system, and they are the only - SSL functions we must use from within libcurl. vtls is then crafted to use - the appropriate lower-level function calls to whatever SSL library that is in - use. For example `vtls/openssl.[ch]` for the OpenSSL library. - - Library Symbols =============== All symbols used internally in libcurl must use a `Curl_` prefix if they are used in more than a single file. Single-file symbols must be made static. - Public ("exported") symbols must use a `curl_` prefix. (There are exceptions, - but they are to be changed to follow this pattern in future versions.) Public - API functions are marked with `CURL_EXTERN` in the public header files so - that all others can be hidden on platforms where this is possible. - - -Return Codes and Informationals -=============================== - - I have made things simple. Almost every function in libcurl returns a CURLcode, - that must be `CURLE_OK` if everything is OK or otherwise a suitable error - code as the `curl/curl.h` include file defines. The place that detects an - error must use the `Curl_failf()` function to set the human-readable error - description. - - In aiding the user to understand what's happening and to debug curl usage, we - must supply a fair number of informational messages by using the - `Curl_infof()` function. Those messages are only displayed when the user - explicitly asks for them. They are best used when revealing information that - is not otherwise obvious. - - -API/ABI -======= - - We make an effort to not export or show internals or how internals work, as - that makes it easier to keep a solid API/ABI over time. See docs/libcurl/ABI - for our promise to users. - - -Client -====== - - `main()` resides in `src/tool_main.c`. - - `src/tool_hugehelp.c` is automatically generated by the `mkhelp.pl` perl - script to display the complete "manual" and the `src/tool_urlglob.c` file - holds the functions used for the URL-"globbing" support. Globbing in the - sense that the `{}` and `[]` expansion stuff is there. - - The client mostly sets up its `config` struct properly, then - it calls the `curl_easy_*()` functions of the library and when it gets back - control after the `curl_easy_perform()` it cleans up the library, checks - status and exits. - - When the operation is done, the `ourWriteOut()` function in `src/writeout.c` - may be called to report about the operation. That function is mostly using the - `curl_easy_getinfo()` function to extract useful information from the curl - session. - - It may loop and do all this several times if many URLs were specified on the - command line or config file. - - -Memory Debugging -================ - - The file `lib/memdebug.c` contains debug-versions of a few functions. - Functions such as `malloc()`, `free()`, `fopen()`, `fclose()`, etc that - somehow deal with resources that might give us problems if we "leak" them. - The functions in the memdebug system do nothing fancy, they do their normal - function and then log information about what they just did. The logged data - can then be analyzed after a complete session, - - `memanalyze.pl` is the perl script present in `tests/` that analyzes a log - file generated by the memory tracking system. It detects if resources are - allocated but never freed and other kinds of errors related to resource - management. - - Internally, definition of preprocessor symbol `DEBUGBUILD` restricts code - which is only compiled for debug enabled builds. And symbol `CURLDEBUG` is - used to differentiate code which is _only_ used for memory - tracking/debugging. - - Use `-DCURLDEBUG` when compiling to enable memory debugging, this is also - switched on by running configure with `--enable-curldebug`. Use - `-DDEBUGBUILD` when compiling to enable a debug build or run configure with - `--enable-debug`. - - `curl --version` will list 'Debug' feature for debug enabled builds, and - will list 'TrackMemory' feature for curl debug memory tracking capable - builds. These features are independent and can be controlled when running - the configure script. When `--enable-debug` is given both features will be - enabled, unless some restriction prevents memory tracking from being used. - - -Test Suite -========== - - The test suite is placed in its own subdirectory directly off the root in the - curl archive tree, and it contains a bunch of scripts and a lot of test case - data. - - The main test script is `runtests.pl` that will invoke test servers like - `httpserver.pl` and `ftpserver.pl` before all the test cases are performed. - The test suite currently only runs on Unix-like platforms. - - you will find a description of the test suite in the `tests/README` file, and - the test case data files in the `tests/FILEFORMAT` file. - - The test suite automatically detects if curl was built with the memory - debugging enabled, and if it was, it will detect memory leaks, too. - - -Asynchronous name resolves -========================== - - libcurl can be built to do name resolves asynchronously, using either the - normal resolver in a threaded manner or by using c-ares. - - -[c-ares][3] ------- - -### Build libcurl to use a c-ares - -1. ./configure --enable-ares=/path/to/ares/install -2. make - -### c-ares on win32 - - First I compiled c-ares. I changed the default C runtime library to be the - single-threaded rather than the multi-threaded (this seems to be required to - prevent linking errors later on). Then I simply build the areslib project - (the other projects adig/ahost seem to fail under MSVC). - - Next was libcurl. I opened `lib/config-win32.h` and I added a: - `#define USE_ARES 1` - - Next thing I did was I added the path for the ares includes to the include - path, and the libares.lib to the libraries. - - Lastly, I also changed libcurl to be single-threaded rather than - multi-threaded, again this was to prevent some duplicate symbol errors. I'm - not sure why I needed to change everything to single-threaded, but when I - did not I got redefinition errors for several CRT functions (`malloc()`, - `stricmp()`, etc.) - - -`curl_off_t` -========== - - `curl_off_t` is a data type provided by the external libcurl include - headers. It is the type meant to be used for the [`curl_easy_setopt()`][1] - options that end with LARGE. The type is 64-bit large on most modern - platforms. - - -curlx -===== - - The libcurl source code offers a few functions by source only. They are not - part of the official libcurl API, but the source files might be useful for - others so apps can optionally compile/build with these sources to gain - additional functions. - - We provide them through a single header file for easy access for apps: - `curlx.h` - -`curlx_strtoofft()` -------------------- - A macro that converts a string containing a number to a `curl_off_t` number. - This might use the `curlx_strtoll()` function which is provided as source - code in strtoofft.c. Note that the function is only provided if no - `strtoll()` (or equivalent) function exist on your platform. If `curl_off_t` - is only a 32-bit number on your platform, this macro uses `strtol()`. - -Future ------- - - Several functions will be removed from the public `curl_` name space in a - future libcurl release. They will then only become available as `curlx_` - functions instead. To make the transition easier, we already today provide - these functions with the `curlx_` prefix to allow sources to be built - properly with the new function names. The concerned functions are: - - - `curlx_getenv` - - `curlx_strequal` - - `curlx_strnequal` - - `curlx_mvsnprintf` - - `curlx_msnprintf` - - `curlx_maprintf` - - `curlx_mvaprintf` - - `curlx_msprintf` - - `curlx_mprintf` - - `curlx_mfprintf` - - `curlx_mvsprintf` - - `curlx_mvprintf` - - `curlx_mvfprintf` - - -Content Encoding -================ - -## About content encodings - - [HTTP/1.1][4] specifies that a client may request that a server encode its - response. This is usually used to compress a response using one (or more) - encodings from a set of commonly available compression techniques. These - schemes include `deflate` (the zlib algorithm), `gzip`, `br` (brotli) and - `compress`. A client requests that the server perform an encoding by including - an `Accept-Encoding` header in the request document. The value of the header - should be one of the recognized tokens `deflate`, ... (there's a way to - register new schemes/tokens, see sec 3.5 of the spec). A server MAY honor - the client's encoding request. When a response is encoded, the server - includes a `Content-Encoding` header in the response. The value of the - `Content-Encoding` header indicates which encodings were used to encode the - data, in the order in which they were applied. - - It's also possible for a client to attach priorities to different schemes so - that the server knows which it prefers. See sec 14.3 of RFC 2616 for more - information on the `Accept-Encoding` header. See sec - [3.1.2.2 of RFC 7231][15] for more information on the `Content-Encoding` - header. - -## Supported content encodings - - The `deflate`, `gzip` and `br` content encodings are supported by libcurl. - Both regular and chunked transfers work fine. The zlib library is required - for the `deflate` and `gzip` encodings, while the brotli decoding library is - for the `br` encoding. - -## The libcurl interface - - To cause libcurl to request a content encoding use: - - [`curl_easy_setopt`][1](curl, [`CURLOPT_ACCEPT_ENCODING`][5], string) - - where string is the intended value of the `Accept-Encoding` header. - - Currently, libcurl does support multiple encodings but only - understands how to process responses that use the `deflate`, `gzip` and/or - `br` content encodings, so the only values for [`CURLOPT_ACCEPT_ENCODING`][5] - that will work (besides `identity`, which does nothing) are `deflate`, - `gzip` and `br`. If a response is encoded using the `compress` or methods, - libcurl will return an error indicating that the response could - not be decoded. If `` is NULL no `Accept-Encoding` header is - generated. If `` is a zero-length string, then an `Accept-Encoding` - header containing all supported encodings will be generated. - - The [`CURLOPT_ACCEPT_ENCODING`][5] must be set to any non-NULL value for - content to be automatically decoded. If it is not set and the server still - sends encoded content (despite not having been asked), the data is returned - in its raw form and the `Content-Encoding` type is not checked. - -## The curl interface - - Use the [`--compressed`][6] option with curl to cause it to ask servers to - compress responses using any format supported by curl. - - -`hostip.c` explained -==================== - - The main compile-time defines to keep in mind when reading the `host*.c` - source file are these: - -## `CURLRES_IPV6` - - this host has `getaddrinfo()` and family, and thus we use that. The host may - not be able to resolve IPv6, but we do not really have to take that into - account. Hosts that are not IPv6-enabled have `CURLRES_IPV4` defined. - -## `CURLRES_ARES` - - is defined if libcurl is built to use c-ares for asynchronous name - resolves. This can be Windows or \*nix. - -## `CURLRES_THREADED` - - is defined if libcurl is built to use threading for asynchronous name - resolves. The name resolve will be done in a new thread, and the supported - asynch API will be the same as for ares-builds. This is the default under - (native) Windows. - - If any of the two previous are defined, `CURLRES_ASYNCH` is defined too. If - libcurl is not built to use an asynchronous resolver, `CURLRES_SYNCH` is - defined. - -## `host*.c` sources - - The `host*.c` sources files are split up like this: - - - `hostip.c` - method-independent resolver functions and utility functions - - `hostasyn.c` - functions for asynchronous name resolves - - `hostsyn.c` - functions for synchronous name resolves - - `asyn-ares.c` - functions for asynchronous name resolves using c-ares - - `asyn-thread.c` - functions for asynchronous name resolves using threads - - `hostip4.c` - IPv4 specific functions - - `hostip6.c` - IPv6 specific functions - - The `hostip.h` is the single united header file for all this. It defines the - `CURLRES_*` defines based on the `config*.h` and `curl_setup.h` defines. - - -Track Down Memory Leaks -======================= - -## Single-threaded - - Please note that this memory leak system is not adjusted to work in more - than one thread. If you want/need to use it in a multi-threaded app. Please - adjust accordingly. - -## Build - - Rebuild libcurl with `-DCURLDEBUG` (usually, rerunning configure with - `--enable-debug` fixes this). `make clean` first, then `make` so that all - files are actually rebuilt properly. It will also make sense to build - libcurl with the debug option (usually `-g` to the compiler) so that - debugging it will be easier if you actually do find a leak in the library. - - This will create a library that has memory debugging enabled. - -## Modify Your Application - - Add a line in your application code: - -```c - curl_dbg_memdebug("dump"); -``` - - This will make the malloc debug system output a full trace of all resource - using functions to the given file name. Make sure you rebuild your program - and that you link with the same libcurl you built for this purpose as - described above. - -## Run Your Application - - Run your program as usual. Watch the specified memory trace file grow. - - Make your program exit and use the proper libcurl cleanup functions etc. So - that all non-leaks are returned/freed properly. - -## Analyze the Flow - - Use the `tests/memanalyze.pl` perl script to analyze the dump file: - - tests/memanalyze.pl dump - - This now outputs a report on what resources that were allocated but never - freed etc. This report is fine for posting to the list. - - If this does not produce any output, no leak was detected in libcurl. Then - the leak is mostly likely to be in your code. - - -`multi_socket` -============== - - Implementation of the `curl_multi_socket` API - - The main ideas of this API are simply: - - 1. The application can use whatever event system it likes as it gets info - from libcurl about what file descriptors libcurl waits for what action - on. (The previous API returns `fd_sets` which is `select()`-centric). - - 2. When the application discovers action on a single socket, it calls - libcurl and informs that there was action on this particular socket and - libcurl can then act on that socket/transfer only and not care about - any other transfers. (The previous API always had to scan through all - the existing transfers.) - - The idea is that [`curl_multi_socket_action()`][7] calls a given callback - with information about what socket to wait for what action on, and the - callback only gets called if the status of that socket has changed. - - We also added a timer callback that makes libcurl call the application when - the timeout value changes, and you set that with [`curl_multi_setopt()`][9] - and the [`CURLMOPT_TIMERFUNCTION`][10] option. To get this to work, - Internally, there's an added struct to each easy handle in which we store - an "expire time" (if any). The structs are then "splay sorted" so that we - can add and remove times from the linked list and yet somewhat swiftly - figure out both how long there is until the next nearest timer expires - and which timer (handle) we should take care of now. Of course, the upside - of all this is that we get a [`curl_multi_timeout()`][8] that should also - work with old-style applications that use [`curl_multi_perform()`][11]. - - We created an internal "socket to easy handles" hash table that given - a socket (file descriptor) returns the easy handle that waits for action on - that socket. This hash is made using the already existing hash code - (previously only used for the DNS cache). - - To make libcurl able to report plain sockets in the socket callback, we had - to re-organize the internals of the [`curl_multi_fdset()`][12] etc so that - the conversion from sockets to `fd_sets` for that function is only done in - the last step before the data is returned. I also had to extend c-ares to - get a function that can return plain sockets, as that library too returned - only `fd_sets` and that is no longer good enough. The changes done to c-ares - are available in c-ares 1.3.1 and later. - - -Structs in libcurl -================== - -This section should cover 7.32.0 pretty accurately, but will make sense even -for older and later versions as things do not change drastically that often. - - -## Curl_easy - - The `Curl_easy` struct is the one returned to the outside in the external API - as a `CURL *`. This is usually known as an easy handle in API documentations - and examples. - - Information and state that is related to the actual connection is in the - `connectdata` struct. When a transfer is about to be made, libcurl will - either create a new connection or re-use an existing one. The particular - connectdata that is used by this handle is pointed out by - `Curl_easy->easy_conn`. - - Data and information that regard this particular single transfer is put in - the `SingleRequest` sub-struct. - - When the `Curl_easy` struct is added to a multi handle, as it must be in - order to do any transfer, the `->multi` member will point to the `Curl_multi` - struct it belongs to. The `->prev` and `->next` members will then be used by - the multi code to keep a linked list of `Curl_easy` structs that are added to - that same multi handle. libcurl always uses multi so `->multi` *will* point - to a `Curl_multi` when a transfer is in progress. - - `->mstate` is the multi state of this particular `Curl_easy`. When - `multi_runsingle()` is called, it will act on this handle according to which - state it is in. The mstate is also what tells which sockets to return for a - specific `Curl_easy` when [`curl_multi_fdset()`][12] is called etc. - - The libcurl source code generally use the name `data` for the variable that - points to the `Curl_easy`. - - When doing multiplexed HTTP/2 transfers, each `Curl_easy` is associated with - an individual stream, sharing the same connectdata struct. Multiplexing - makes it even more important to keep things associated with the right thing! - - -## connectdata - - A general idea in libcurl is to keep connections around in a connection - "cache" after they have been used in case they will be used again and then - re-use an existing one instead of creating a new as it creates a significant - performance boost. - - Each `connectdata` identifies a single physical connection to a server. If - the connection cannot be kept alive, the connection will be closed after use - and then this struct can be removed from the cache and freed. - - Thus, the same `Curl_easy` can be used multiple times and each time select - another `connectdata` struct to use for the connection. Keep this in mind, - as it is then important to consider if options or choices are based on the - connection or the `Curl_easy`. - - Functions in libcurl will assume that `connectdata->data` points to the - `Curl_easy` that uses this connection (for the moment). - - As a special complexity, some protocols supported by libcurl require a - special disconnect procedure that is more than just shutting down the - socket. It can involve sending one or more commands to the server before - doing so. Since connections are kept in the connection cache after use, the - original `Curl_easy` may no longer be around when the time comes to shut down - a particular connection. For this purpose, libcurl holds a special dummy - `closure_handle` `Curl_easy` in the `Curl_multi` struct to use when needed. - - FTP uses two TCP connections for a typical transfer but it keeps both in - this single struct and thus can be considered a single connection for most - internal concerns. - - The libcurl source code generally use the name `conn` for the variable that - points to the connectdata. - - -## Curl_multi - - Internally, the easy interface is implemented as a wrapper around multi - interface functions. This makes everything multi interface. - - `Curl_multi` is the multi handle struct exposed as `CURLM *` in external - APIs. - - This struct holds a list of `Curl_easy` structs that have been added to this - handle with [`curl_multi_add_handle()`][13]. The start of the list is - `->easyp` and `->num_easy` is a counter of added `Curl_easy`s. - - `->msglist` is a linked list of messages to send back when - [`curl_multi_info_read()`][14] is called. Basically a node is added to that - list when an individual `Curl_easy`'s transfer has completed. - - `->hostcache` points to the name cache. It is a hash table for looking up - name to IP. The nodes have a limited life time in there and this cache is - meant to reduce the time for when the same name is wanted within a short - period of time. - - `->timetree` points to a tree of `Curl_easy`s, sorted by the remaining time - until it should be checked - normally some sort of timeout. Each `Curl_easy` - has one node in the tree. - - `->sockhash` is a hash table to allow fast lookups of socket descriptor for - which `Curl_easy` uses that descriptor. This is necessary for the - `multi_socket` API. - - `->conn_cache` points to the connection cache. It keeps track of all - connections that are kept after use. The cache has a maximum size. - - `->closure_handle` is described in the `connectdata` section. - - The libcurl source code generally use the name `multi` for the variable that - points to the `Curl_multi` struct. - - -## Curl_handler - - Each unique protocol that is supported by libcurl needs to provide at least - one `Curl_handler` struct. It defines what the protocol is called and what - functions the main code should call to deal with protocol specific issues. - In general, there's a source file named `[protocol].c` in which there's a - `struct Curl_handler Curl_handler_[protocol]` declared. In `url.c` there's - then the main array with all individual `Curl_handler` structs pointed to - from a single array which is scanned through when a URL is given to libcurl - to work with. - - The concrete function pointer prototypes can be found in `lib/urldata.h`. - - `->scheme` is the URL scheme name, usually spelled out in uppercase. That is - "HTTP" or "FTP" etc. SSL versions of the protocol need their own - `Curl_handler` setup so HTTPS separate from HTTP. - - `->setup_connection` is called to allow the protocol code to allocate - protocol specific data that then gets associated with that `Curl_easy` for - the rest of this transfer. It gets freed again at the end of the transfer. - It will be called before the `connectdata` for the transfer has been - selected/created. Most protocols will allocate its private `struct - [PROTOCOL]` here and assign `Curl_easy->req.p.[protocol]` to it. - - `->connect_it` allows a protocol to do some specific actions after the TCP - connect is done, that can still be considered part of the connection phase. - - Some protocols will alter the `connectdata->recv[]` and - `connectdata->send[]` function pointers in this function. - - `->connecting` is similarly a function that keeps getting called as long as - the protocol considers itself still in the connecting phase. - - `->do_it` is the function called to issue the transfer request. What we call - the DO action internally. If the DO is not enough and things need to be kept - getting done for the entire DO sequence to complete, `->doing` is then - usually also provided. Each protocol that needs to do multiple commands or - similar for do/doing need to implement their own state machines (see SCP, - SFTP, FTP). Some protocols (only FTP and only due to historical reasons) has - a separate piece of the DO state called `DO_MORE`. - - `->doing` keeps getting called while issuing the transfer request command(s) - - `->done` gets called when the transfer is complete and DONE. That is after the - main data has been transferred. - - `->do_more` gets called during the `DO_MORE` state. The FTP protocol uses - this state when setting up the second connection. - - `->proto_getsock` - `->doing_getsock` - `->domore_getsock` - `->perform_getsock` - Functions that return socket information. Which socket(s) to wait for which - I/O action(s) during the particular multi state. - - `->disconnect` is called immediately before the TCP connection is shutdown. - - `->readwrite` gets called during transfer to allow the protocol to do extra - reads/writes - - `->attach` attaches a transfer to the connection. - - `->defport` is the default report TCP or UDP port this protocol uses - - `->protocol` is one or more bits in the `CURLPROTO_*` set. The SSL versions - have their "base" protocol set and then the SSL variation. Like - "HTTP|HTTPS". - - `->flags` is a bitmask with additional information about the protocol that will - make it get treated differently by the generic engine: - - - `PROTOPT_SSL` - will make it connect and negotiate SSL - - - `PROTOPT_DUAL` - this protocol uses two connections - - - `PROTOPT_CLOSEACTION` - this protocol has actions to do before closing the - connection. This flag is no longer used by code, yet still set for a bunch - of protocol handlers. - - - `PROTOPT_DIRLOCK` - "direction lock". The SSH protocols set this bit to - limit which "direction" of socket actions that the main engine will - concern itself with. - - - `PROTOPT_NONETWORK` - a protocol that does not use network (read `file:`) - - - `PROTOPT_NEEDSPWD` - this protocol needs a password and will use a default - one unless one is provided - - - `PROTOPT_NOURLQUERY` - this protocol cannot handle a query part on the URL - (?foo=bar) - - -## conncache - - Is a hash table with connections for later re-use. Each `Curl_easy` has a - pointer to its connection cache. Each multi handle sets up a connection - cache that all added `Curl_easy`s share by default. - - -## Curl_share - - The libcurl share API allocates a `Curl_share` struct, exposed to the - external API as `CURLSH *`. - - The idea is that the struct can have a set of its own versions of caches and - pools and then by providing this struct in the `CURLOPT_SHARE` option, those - specific `Curl_easy`s will use the caches/pools that this share handle - holds. - - Then individual `Curl_easy` structs can be made to share specific things - that they otherwise would not, such as cookies. - - The `Curl_share` struct can currently hold cookies, DNS cache and the SSL - session cache. - - -## CookieInfo - - This is the main cookie struct. It holds all known cookies and related - information. Each `Curl_easy` has its own private `CookieInfo` even when - they are added to a multi handle. They can be made to share cookies by using - the share API. - - -[1]: https://curl.se/libcurl/c/curl_easy_setopt.html -[2]: https://curl.se/libcurl/c/curl_easy_init.html -[3]: https://c-ares.org/ -[4]: https://tools.ietf.org/html/rfc7230 "RFC 7230" -[5]: https://curl.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html -[6]: https://curl.se/docs/manpage.html#--compressed -[7]: https://curl.se/libcurl/c/curl_multi_socket_action.html -[8]: https://curl.se/libcurl/c/curl_multi_timeout.html -[9]: https://curl.se/libcurl/c/curl_multi_setopt.html -[10]: https://curl.se/libcurl/c/CURLMOPT_TIMERFUNCTION.html -[11]: https://curl.se/libcurl/c/curl_multi_perform.html -[12]: https://curl.se/libcurl/c/curl_multi_fdset.html -[13]: https://curl.se/libcurl/c/curl_multi_add_handle.html -[14]: https://curl.se/libcurl/c/curl_multi_info_read.html -[15]: https://tools.ietf.org/html/rfc7231#section-3.1.2.2 + Public ("exported") symbols must use a `curl_` prefix. Public API functions + are marked with `CURL_EXTERN` in the public header files so that all others + can be hidden on platforms where this is possible. diff --git a/libs/curl/docs/IPFS.md b/libs/curl/docs/IPFS.md new file mode 100644 index 00000000..82dae943 --- /dev/null +++ b/libs/curl/docs/IPFS.md @@ -0,0 +1,133 @@ + + +# IPFS +For an overview about IPFS, visit the [IPFS project site](https://ipfs.tech/). + +In IPFS there are two protocols. IPFS and IPNS (their workings are explained in detail [here](https://docs.ipfs.tech/concepts/)). The ideal way to access data on the IPFS network is through those protocols. For example to access the Big Buck Bunny video the ideal way to access it is like: `ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi` + +## IPFS Gateways + +IPFS Gateway acts as a bridge between traditional HTTP clients and IPFS. +IPFS Gateway specifications of HTTP semantics can be found [here](https://specs.ipfs.tech/http-gateways/). + +### Deserialized responses + +By default, a gateway acts as a bridge between traditional HTTP clients and IPFS and performs necessary hash verification and deserialization. Through such gateway, users can download files, directories, and other content-addressed data stored with IPFS or IPNS as if they were stored in a traditional web server. + +### Verifiable responses + +By explicitly requesting [application/vnd.ipld.raw](https://www.iana.org/assignments/media-types/application/vnd.ipld.raw) or [application/vnd.ipld.car](https://www.iana.org/assignments/media-types/application/vnd.ipld.car) responses, by means defined in [Trustless Gateway Specification](https://specs.ipfs.tech/http-gateways/trustless-gateway/), the user is able to fetch raw content-addressed data and [perform hash verification themselves](https://docs.ipfs.tech/reference/http/gateway/#trustless-verifiable-retrieval). + +This enables users to use untrusted, public gateways without worrying they might return invalid/malicious bytes. + +## IPFS and IPNS protocol handling + +There are various ways to access data from the IPFS network. One such way is +through the concept of public +"[gateways](https://docs.ipfs.tech/concepts/ipfs-gateway/#overview)". The +short version is that entities can offer gateway services. An example here +that is hosted by Protocol Labs (who also makes IPFS) is `dweb.link` and +`ipfs.io`. Both sites expose gateway functionality. Getting a file through +`ipfs.io` looks like this: +`https://ipfs.io/ipfs/bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi` + +If you were to be [running your own IPFS +node](https://docs.ipfs.tech/how-to/command-line-quick-start/) then you, by +default, also have a [local gateway](https://specs.ipfs.tech/http-gateways/) +running. In its default configuration the earlier example would then also work +in this link: + +`http://127.0.0.1:8080/ipfs/bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi` + +## cURL handling of the IPFS protocols + +The IPFS integration in cURL hides this gateway logic for you. Instead of +providing a full URL to a file on IPFS like this: + +``` +curl http://127.0.0.1:8080/ipfs/bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi +``` + +You can provide it with the IPFS protocol instead: +``` +curl ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi +``` + +With the IPFS protocol way of asking a file, cURL still needs to know the +gateway. curl essentially just rewrites the IPFS based URL to a gateway URL. + +### IPFS_GATEWAY environment variable + +If the `IPFS_GATEWAY` environment variable is found, its value is used as +gateway. + +### Automatic gateway detection + +When you provide no additional details to cURL then it: + +1. First looks for the `IPFS_GATEWAY` environment variable and use that if it + is set. +2. Looks for the file: `~/.ipfs/gateway`. If it can find that file then it + means that you have a local gateway running and that file contains the URL + to your local gateway. + +If cURL fails, you are presented with an error message and a link to this page +to the option most applicable to solving the issue. + +### `--ipfs-gateway` argument + +You can also provide a `--ipfs-gateway` argument to cURL. This overrules any +other gateway setting. curl does not fallback to the other options if the +provided gateway did not work. + +## Gateway redirects + +A gateway could redirect to another place. For example, `dweb.link` redirects +[path based](https://docs.ipfs.tech/how-to/address-ipfs-on-web/#path-gateway) +requests to [subdomain +based](https://docs.ipfs.tech/how-to/address-ipfs-on-web/#subdomain-gateway) +ones. A request using: + + curl ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi --ipfs-gateway https://dweb.link + +Which would be translated to: + + https://dweb.link/ipfs/bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi + +redirects to: + + https://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi.ipfs.dweb.link + +If you trust this behavior from your gateway of choice then passing the `-L` +option follows the redirect. + +## Error messages and hints + +Depending on the arguments, cURL could present the user with an error. + +### Gateway file and environment variable + +cURL tried to look for the file: `~/.ipfs/gateway` but could not find it. It +also tried to look for the `IPFS_GATEWAY` environment variable but could not +find that either. This happens when no extra arguments are passed to cURL and +letting it try to figure it out [automatically](#automatic-gateway-detection). + +Any IPFS implementation that has gateway support should expose its URL in +`~/.ipfs/gateway`. If you are already running a gateway, make sure it exposes +the file where cURL expects to find it. + +Alternatively you could set the `IPFS_GATEWAY` environment variable or pass +the `--ipfs-gateway` flag to the cURL command. + +### Malformed gateway URL + +The command executed evaluates in an invalid URL. This could be anywhere in +the URL, but a likely point is a wrong gateway URL. + +Inspect the URL set via the `IPFS_GATEWAY` environment variable or passed with +the `--ipfs-gateway` flag. Alternatively opt to go for the +[automatic](#automatic-gateway-detection) gateway detection. diff --git a/libs/curl/docs/KNOWN_BUGS b/libs/curl/docs/KNOWN_BUGS index 20f60a91..be44d16c 100644 --- a/libs/curl/docs/KNOWN_BUGS +++ b/libs/curl/docs/KNOWN_BUGS @@ -12,191 +12,126 @@ check the changelog of the current development status, as one or more of these problems may have been fixed or changed somewhat since this was written. 1. HTTP - 1.2 Multiple methods in a single WWW-Authenticate: header - 1.3 STARTTRANSFER time is wrong for HTTP POSTs - 1.4 multipart formposts file name encoding + 1.2 hyper is slow 1.5 Expect-100 meets 417 - 1.6 Unnecessary close when 401 received waiting for 100 - 1.7 Deflate error after all content was received - 1.8 DoH is not used for all name resolves when enabled - 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM 2. TLS - 2.1 CURLINFO_SSL_VERIFYRESULT has limited support - 2.2 DER in keychain + 2.1 IMAPS connection fails with rustls error 2.3 Unable to use PKCS12 certificate with Secure Transport - 2.4 Secure Transport will not import PKCS#12 client certificates without a password + 2.4 Secure Transport does not import PKCS#12 client certificates without a password 2.5 Client cert handling with Issuer DN differs between backends - 2.6 CURL_GLOBAL_SSL 2.7 Client cert (MTLS) issues with Schannel - 2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname - 2.9 TLS session cache does not work with TFO - 2.10 Store TLS context per transfer instead of per connection 2.11 Schannel TLS 1.2 handshake bug in old Windows versions - 2.12 FTPS with Schannel times out file list operation - 2.14 Secure Transport disabling hostname validation also disables SNI - 2.15 Renegotiate from server may cause hang for OpenSSL backend + 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel 3. Email protocols 3.1 IMAP SEARCH ALL truncated response 3.2 No disconnect command 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses 3.4 AUTH PLAIN for SMTP is not working on all servers + 3.5 APOP authentication fails on POP3 + 3.6 POP3 issue when reading small chunks 4. Command line - 4.1 -J and -O with %-encoded file names - 4.2 -J with -C - fails - 4.3 --retry and transfer timeouts + 4.1 -T /dev/stdin may upload with an incorrect content length + 4.2 -T - always uploads chunked 5. Build and portability issues 5.1 OS400 port requires deprecated IBM library 5.2 curl-config --libs contains private details - 5.3 curl compiled on OSX 10.13 failed to run on OSX 10.10 - 5.4 Build with statically built dependency + 5.3 building for old macOS fails with gcc 5.5 cannot handle Unicode arguments in non-Unicode builds on Windows - 5.6 make distclean loops forever - 5.7 Visual Studio project gaps - 5.8 configure finding libs in wrong directory - 5.9 Utilize Requires.private directives in libcurl.pc - 5.10 curl hangs on SMB upload over stdin + 5.6 cygwin: make install installs curl-config.1 twice 5.11 configure --with-gssapi with Heimdal is ignored on macOS - 5.12 flaky Windows CI builds + 5.12 flaky CI builds + 5.13 long paths are not fully supported on Windows + 5.14 Windows Unicode builds use homedir in current locale + 5.15 Unicode on Windows 6. Authentication 6.1 NTLM authentication and unicode 6.2 MIT Kerberos for Windows build 6.3 NTLM in system context uses wrong name - 6.4 Negotiate and Kerberos V5 need a fake user name 6.5 NTLM does not support password with § character 6.6 libcurl can fail to try alternatives with --proxy-any 6.7 Do not clear digest for single realm - 6.8 RTSP authentication breaks without redirect support 6.9 SHA-256 digest not supported in Windows SSPI builds 6.10 curl never completes Negotiate over HTTP 6.11 Negotiate on Windows fails 6.12 cannot use Secure Transport with Crypto Token Kit + 6.13 Negotiate against Hadoop HDFS 7. FTP - 7.1 FTP without or slow 220 response - 7.2 FTP with CONNECT and slow server + 7.1 FTP upload fails if remembered directory is deleted + 7.2 Implicit FTPS upload timeout 7.3 FTP with NOBODY and FAILONERROR 7.4 FTP with ACCT - 7.5 ASCII FTP - 7.6 FTP with NULs in URL parts - 7.7 FTP and empty path parts in the URL - 7.8 Premature transfer end but healthy control channel - 7.9 Passive transfer tries only one IP address - 7.10 FTPS needs session reuse - 7.11 FTPS upload data loss with TLS 1.3 - - 8. TELNET - 8.1 TELNET and time limitations do not work - 8.2 Microsoft telnet server + 7.12 FTPS directory listing hangs on Windows with Schannel 9. SFTP and SCP 9.1 SFTP does not do CURLOPT_POSTQUOTE correct 9.2 wolfssh: publickey auth does not work 9.3 Remote recursive folder creation with SFTP + 9.4 libssh blocking and infinite loop problem + 9.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!" 10. SOCKS 10.3 FTPS over SOCKS - 10.4 active FTP over a SOCKS 11. Internals - 11.1 Curl leaks .onion hostnames in DNS + 11.1 gssapi library name + version is missing in curl_version_info() 11.2 error buffer not set if connection to multiple addresses fails - 11.3 Disconnects do not do verbose + 11.3 TFTP tests fail on OpenBSD 11.4 HTTP test server 'connection-monitor' problems 11.5 Connection information when using TCP Fast Open - 11.6 slow connect to localhost on Windows - 11.7 signal-based resolver timeouts - 11.8 DoH leaks memory after followlocation - 11.9 DoH does not inherit all transfer options - 11.10 Blocking socket operations in non-blocking API - 11.11 A shared connection cache is not thread-safe - 11.12 'no_proxy' string-matches IPv6 numerical addresses - 11.13 wakeup socket disconnect causes havoc - 11.14 Multi perform hangs waiting for threaded resolver - 11.15 CURLOPT_OPENSOCKETPAIRFUNCTION is missing - 11.16 libcurl uses renames instead of locking for atomic operations + 11.6 test cases sometimes timeout 12. LDAP 12.1 OpenLDAP hangs after returning results 12.2 LDAP on Windows does authentication wrong? 12.3 LDAP on Windows does not work - 12.4 LDAPS with NSS is slow + 12.4 LDAPS requests to ActiveDirectory server hang 13. TCP/IP - 13.1 --interface for ipv6 binds to unusable IP address 13.2 Trying local ports fails on Windows - 14. DICT - 14.1 DICT responses show the underlying protocol - 15. CMake - 15.1 use correct SONAME + 15.1 cmake outputs: no version information available 15.2 support build with GnuTLS 15.3 unusable tool_hugehelp.c with MinGW - 15.4 build docs/curl.1 - 15.5 build on Linux links libcurl to libdl 15.6 uses -lpthread instead of Threads::Threads 15.7 generated .pc file contains strange entries - 15.8 libcurl.pc uses absolute library paths - 15.9 cert paths autodetected when cross-compiling - 15.10 libspsl is not supported 15.11 ExternalProject_Add does not set CURL_CA_PATH - 15.12 cannot enable LDAPS on Windows 15.13 CMake build with MIT Kerberos does not work - 16. Applications - 16.1 pulseUI VPN client + 16. aws-sigv4 + 16.1 aws-sigv4 does not sign requests with * correctly + 16.2 aws-sigv4 does not handle multipart/form-data correctly + 16.3 aws-sigv4 has problems with particular URLs + 16.6 aws-sigv4 does not behave well with AWS VPC Lattice 17. HTTP/2 - 17.1 Excessive HTTP/2 packets with TCP_NODELAY + 17.1 HTTP/2 prior knowledge over proxy 17.2 HTTP/2 frames while in the connection pool kill reuse 17.3 ENHANCE_YOUR_CALM causes infinite retries - 17.4 Connection failures with parallel HTTP/2 - 17.5 HTTP/2 connections through HTTPS proxy frequently stall + 17.4 HTTP/2 + TLS spends a lot of time in recv 18. HTTP/3 - 18.1 If the HTTP/3 server closes connection during upload curl hangs - 18.2 Uploading HTTP/3 files gets interrupted at certain file sizes - 18.3 HTTP/3 download is 5x times slower than HTTP/2 - 18.4 Downloading with HTTP/3 produces broken files - 18.5 HTTP/3 download with quiche halts after a while - 18.6 HTTP/3 multipart POST with quiche fails - 18.7 HTTP/3 quiche upload large file fails - 18.8 HTTP/3 does not support client certs - 18.9 connection migration does not work + 18.1 connection migration does not work + 18.2 quiche: QUIC connection is draining + + 19. RTSP + 19.1 Some methods do not support response bodies ============================================================================== 1. HTTP -1.2 Multiple methods in a single WWW-Authenticate: header - - The HTTP responses headers WWW-Authenticate: can provide information about - multiple authentication methods as multiple headers or as several methods - within a single header. The latter way, several methods in the same physical - line, is not supported by libcurl's parser. (For no good reason.) - -1.3 STARTTRANSFER time is wrong for HTTP POSTs - - Wrong STARTTRANSFER timer accounting for POST requests Timer works fine with - GET requests, but while using POST the time for CURLINFO_STARTTRANSFER_TIME - is wrong. While using POST CURLINFO_STARTTRANSFER_TIME minus - CURLINFO_PRETRANSFER_TIME is near to zero every time. - - https://github.com/curl/curl/issues/218 - https://curl.se/bug/view.cgi?id=1213 +1.2 hyper is slow -1.4 multipart formposts file name encoding + When curl is built to use hyper for HTTP, it is unnecessary slow. - When creating multipart formposts. The file name part can be encoded with - something beyond ascii but currently libcurl will only pass in the verbatim - string the app provides. There are several browsers that already do this - encoding. The key seems to be the updated draft to RFC2231: - https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 + https://github.com/curl/curl/issues/11203 1.5 Expect-100 meets 417 @@ -205,60 +140,17 @@ problems may have been fixed or changed somewhat since this was written. the client application to redo the transfer after disabling Expect:. https://curl.se/mail/archive-2008-02/0043.html -1.6 Unnecessary close when 401 received waiting for 100 - - libcurl closes the connection if an HTTP 401 reply is received while it is - waiting for the 100-continue response. - https://curl.se/mail/lib-2008-08/0462.html - -1.7 Deflate error after all content was received - - There's a situation where we can get an error in a HTTP response that is - compressed, when that error is detected after all the actual body contents - have been received and delivered to the application. This is tricky, but is - ultimately a broken server. - - See https://github.com/curl/curl/issues/2719 - -1.8 DoH is not used for all name resolves when enabled - - Even if DoH is specified to be used, there are some name resolves that are - done without it. This should be fixed. When the internal function - `Curl_resolver_wait_resolv()` is called, it does not use DoH to complete the - resolve as it otherwise should. - - See https://github.com/curl/curl/pull/3857 and - https://github.com/curl/curl/pull/3850 - -1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM - - I'm using libcurl to POST form data using a FILE* with the CURLFORM_STREAM - option of curl_formadd(). I have noticed that if the connection drops at just - the right time, the POST is reattempted without the data from the file. It - seems like the file stream position is not getting reset to the beginning of - the file. I found the CURLOPT_SEEKFUNCTION option and set that with a - function that performs an fseek() on the FILE*. However, setting that did not - seem to fix the issue or even get called. See - https://github.com/curl/curl/issues/768 - - 2. TLS -2.1 CURLINFO_SSL_VERIFYRESULT has limited support - - CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL, NSS and - GnuTLS backends, so relying on this information in a generic app is flaky. +2.1 IMAPS connection fails with rustls error -2.2 DER in keychain - - Curl does not recognize certificates in DER format in keychain, but it works - with PEM. https://curl.se/bug/view.cgi?id=1065 + https://github.com/curl/curl/issues/10457 2.3 Unable to use PKCS12 certificate with Secure Transport See https://github.com/curl/curl/issues/5403 -2.4 Secure Transport will not import PKCS#12 client certificates without a password +2.4 Secure Transport does not import PKCS#12 client certificates without a password libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that function rejects certificates that do not have a password. @@ -272,58 +164,10 @@ problems may have been fixed or changed somewhat since this was written. See https://github.com/curl/curl/issues/1411 -2.6 CURL_GLOBAL_SSL - - Since libcurl 7.57.0, the flag CURL_GLOBAL_SSL is a no-op. The change was - merged in https://github.com/curl/curl/commit/d661b0afb571a - - It was removed since it was - - A) never clear for applications on how to deal with init in the light of - different SSL backends (the option was added back in the days when life - was simpler) - - B) multissl introduced dynamic switching between SSL backends which - emphasized (A) even more - - C) libcurl uses some TLS backend functionality even for non-TLS functions (to - get "good" random) so applications trying to avoid the init for - performance reasons would do wrong anyway - - D) not documented carefully so all this mostly just happened to work - for some users - - However, in spite of the problems with the feature, there were some users who - apparently depended on this feature and who now claim libcurl is broken for - them. The fix for this situation is not obvious as a downright revert of the - patch is totally ruled out due to those reasons above. - - https://github.com/curl/curl/issues/2276 - 2.7 Client cert (MTLS) issues with Schannel See https://github.com/curl/curl/issues/3145 -2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname - - This seems to be a limitation in the underlying Schannel API. - - https://github.com/curl/curl/issues/3284 - -2.9 TLS session cache does not work with TFO - - See https://github.com/curl/curl/issues/4301 - -2.10 Store TLS context per transfer instead of per connection - - The GnuTLS `backend->cred` and the OpenSSL `backend->ctx` data and their - proxy versions (and possibly other TLS backends), could be better moved to be - stored in the Curl_easy handle instead of in per connection so that a single - transfer that makes multiple connections can reuse the context and reduce - memory consumption. - - https://github.com/curl/curl/issues/5102 - 2.11 Schannel TLS 1.2 handshake bug in old Windows versions In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake @@ -332,36 +176,9 @@ problems may have been fixed or changed somewhat since this was written. https://github.com/curl/curl/issues/5488 -2.12 FTPS with Schannel times out file list operation +2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel - "Instead of the command completing, it just sits there until the timeout - expires." - the same command line seems to work with other TLS backends and - other operating systems. See https://github.com/curl/curl/issues/5284. - -2.14 Secure Transport disabling hostname validation also disables SNI - - SNI is the hostname that is sent by the TLS library to the server as part of - the TLS handshake. Secure Transport does not send SNI when hostname validation - is disabled. Servers that host multiple websites may not know which - certificate to serve without SNI or which backend server to connect to. The - server may serve the certificate of a default server or abort. - - If a server aborts a handshake then curl shows error "SSL peer handshake - failed, the server most likely requires a client certificate to connect". - In this case the error may also have been caused by lack of SNI. - - https://github.com/curl/curl/issues/6347 - -2.15 Renegotiate from server may cause hang for OpenSSL backend - - A race condition has been observed when, immediately after the initial - handshake, curl has sent an HTTP request to the server and at the same time - the server has sent a TLS hello request (renegotiate) to curl. Both are - waiting for the other to respond. OpenSSL is supposed to send a handshake - response but does not. - - https://github.com/curl/curl/issues/6785 - https://github.com/openssl/openssl/issues/14722 + https://github.com/curl/curl/issues/8741 3. Email protocols @@ -390,41 +207,36 @@ problems may have been fixed or changed somewhat since this was written. See https://github.com/curl/curl/issues/4080 -4. Command line +3.5 APOP authentication fails on POP3 + + See https://github.com/curl/curl/issues/10073 + +3.6 POP3 issue when reading small chunks + + CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982 -4.1 -J and -O with %-encoded file names + See https://github.com/curl/curl/issues/12063 - -J/--remote-header-name does not decode %-encoded file names. RFC6266 details - how it should be done. The can of worm is basically that we have no charset - handling in curl and ascii >=128 is a challenge for us. Not to mention that - decoding also means that we need to check for nastiness that is attempted, - like "../" sequences and the like. Probably everything to the left of any - embedded slashes should be cut off. - https://curl.se/bug/view.cgi?id=1294 +4. Command line + +4.1 -T /dev/stdin may upload with an incorrect content length - -O also does not decode %-encoded names, and while it has even less - information about the charset involved the process is similar to the -J case. + -T stats the path to figure out its size in bytes to use it as Content-Length + if it is a regular file. - Note that we will not add decoding to -O without the user asking for it with - some other means as well, since -O has always been documented to use the name - exactly as specified in the URL. + The problem with that is that, on BSDs and some other UNIXes (not Linux), + open(path) may not give you a file descriptor with a 0 offset from the start + of the file. -4.2 -J with -C - fails + See https://github.com/curl/curl/issues/12177 - When using -J (with -O), automatically resumed downloading together with "-C - -" fails. Without -J the same command line works. This happens because the - resume logic is worked out before the target file name (and thus its - pre-transfer size) has been figured out. - https://curl.se/bug/view.cgi?id=1169 +4.2 -T - always uploads chunked -4.3 --retry and transfer timeouts + When the `<` shell operator is used. curl should realise that stdin is a + regular file in this case, and that it can do a non-chunked upload, like it + would do if you used -T file. - If using --retry and the transfer timeouts (possibly due to using -m or - -y/-Y) the next attempt does not resume the transfer properly from what was - downloaded in the previous attempt but will truncate and restart at the - original position where it was at before the previous failed attempt. See - https://curl.se/mail/lib-2008-01/0080.html and Mandriva bug report - https://qa.mandriva.com/show_bug.cgi?id=22565 + See https://github.com/curl/curl/issues/12171 5. Build and portability issues @@ -438,35 +250,16 @@ problems may have been fixed or changed somewhat since this was written. 5.2 curl-config --libs contains private details - "curl-config --libs" will include details set in LDFLAGS when configure is - run that might be needed only for building libcurl. Further, curl-config - --cflags suffers from the same effects with CFLAGS/CPPFLAGS. - -5.3 curl compiled on OSX 10.13 failed to run on OSX 10.10 - - See https://github.com/curl/curl/issues/2905 - -5.4 Build with statically built dependency - - The build scripts in curl (autotools, cmake and others) are primarily done to - work with shared/dynamic third party dependencies. When linking with shared - libraries, the dependency "chain" is handled automatically by the library - loader - on all modern systems. + "curl-config --libs" include details set in LDFLAGS when configure is run + that might be needed only for building libcurl. Further, curl-config --cflags + suffers from the same effects with CFLAGS/CPPFLAGS. - If you instead link with a static library, we need to provide all the - dependency libraries already at the link command line. +5.3 building for old macOS fails with gcc - Figuring out all the dependency libraries for a given library is hard, as it - might also involve figuring out the dependencies of the dependencies and they - may vary between platforms and even change between versions. + Building curl for certain old macOS versions fails when gcc is used. We + command using clang in those cases. - When using static dependencies, the build scripts will mostly assume that - you, the user, will provide all the necessary additional dependency libraries - as additional arguments in the build. With configure, by setting LIBS/LDFLAGS - on the command line. - - We welcome help to improve curl's ability to link with static libraries, but - it is likely a task that we can never fully support. + See https://github.com/curl/curl/issues/11441 5.5 cannot handle Unicode arguments in non-Unicode builds on Windows @@ -474,80 +267,67 @@ problems may have been fixed or changed somewhat since this was written. it can only be encoded properly in the Unicode character set. Windows uses UTF-16 encoding for Unicode and stores it in wide characters, however curl and libcurl are not equipped for that at the moment except when built with - _UNICODE and UNICODE defined. And, except for Cygwin, Windows cannot use UTF-8 - as a locale. + _UNICODE and UNICODE defined. Except for Cygwin, Windows cannot use UTF-8 as + a locale. https://curl.se/bug/?i=345 https://curl.se/bug/?i=731 https://curl.se/bug/?i=3747 -5.6 make distclean loops forever - - Due to an issue (probably) in automake, "make distclean" can end up in a - never-ending loop. +5.6 cygwin: make install installs curl-config.1 twice - See https://github.com/curl/curl/issues/7716 + https://github.com/curl/curl/issues/8839 -5.7 Visual Studio project gaps +5.11 configure --with-gssapi with Heimdal is ignored on macOS - The Visual Studio projects lack some features that the autoconf and nmake - builds offer, such as the following: + ... unless you also pass --with-gssapi-libs - - support for zlib and nghttp2 - - use of static runtime libraries - - add the test suite components + https://github.com/curl/curl/issues/3841 - In addition to this the following could be implemented: +5.12 flaky CI builds - - support for other development IDEs - - add PATH environment variables for third-party DLLs + We run many CI builds for each commit and PR on github, and especially a + number of the Windows builds are flaky. This means that we rarely get all CI + builds go green and complete without errors. This is unfortunate as it makes + us sometimes miss actual build problems and it is surprising to newcomers to + the project who (rightfully) do not expect this. -5.8 configure finding libs in wrong directory + See https://github.com/curl/curl/issues/6972 - When the configure script checks for third-party libraries, it adds those - directories to the LDFLAGS variable and then tries linking to see if it - works. When successful, the found directory is kept in the LDFLAGS variable - when the script continues to execute and do more tests and possibly check for - more libraries. +5.13 long paths are not fully supported on Windows - This can make subsequent checks for libraries wrongly detect another - installation in a directory that was previously added to LDFLAGS by another - library check. + curl on Windows cannot access long paths (paths longer than 260 characters). + However, as a workaround, the Windows path prefix \\?\ which disables all path + interpretation may work to allow curl to access the path. For example: + \\?\c:\longpath. - A possibly better way to do these checks would be to keep the pristine LDFLAGS - even after successful checks and instead add those verified paths to a - separate variable that only after all library checks have been performed gets - appended to LDFLAGS. + See https://github.com/curl/curl/issues/8361 -5.9 Utilize Requires.private directives in libcurl.pc +5.14 Windows Unicode builds use homedir in current locale - https://github.com/curl/curl/issues/864 + The Windows Unicode builds of curl use the current locale, but expect Unicode + UTF-8 encoded paths for internal use such as open, access and stat. The user's + home directory is retrieved via curl_getenv in the current locale and not as + UTF-8 encoded Unicode. -5.10 curl hangs on SMB upload over stdin + See https://github.com/curl/curl/pull/7252 and + https://github.com/curl/curl/pull/7281 - See https://github.com/curl/curl/issues/7896 +5.15 Unicode on Windows -5.11 configure --with-gssapi with Heimdal is ignored on macOS + Passing in a unicode filename with -o: - ... unless you also pass --with-gssapi-libs + https://github.com/curl/curl/issues/11461 - https://github.com/curl/curl/issues/3841 + Passing in unicode character with -d: -5.12 flaky Windows CI builds - - We run many CI builds for each commit and PR on github, and especially a - number of the Windows builds are flaky. This means that we rarely get all CI - builds go green and complete without errors. This is unfortunate as it makes - us sometimes miss actual build problems and it is surprising to newcomers to - the project who (rightfully) do not expect this. - - See https://github.com/curl/curl/issues/6972 + https://github.com/curl/curl/issues/12231 6. Authentication 6.1 NTLM authentication and unicode - NTLM authentication involving unicode user name or password only works + NTLM authentication involving unicode username or password only works properly if built with UNICODE defined together with the Schannel backend. The original problem was mentioned in: https://curl.se/mail/lib-2009-10/0024.html @@ -565,20 +345,8 @@ problems may have been fixed or changed somewhat since this was written. 6.3 NTLM in system context uses wrong name NTLM authentication using SSPI (on Windows) when (lib)curl is running in - "system context" will make it use wrong(?) user name - at least when compared - to what winhttp does. See https://curl.se/bug/view.cgi?id=535 - -6.4 Negotiate and Kerberos V5 need a fake user name - - In order to get Negotiate (SPNEGO) authentication to work in HTTP or Kerberos - V5 in the email protocols, you need to provide a (fake) user name (this - concerns both curl and the lib) because the code wrongly only considers - authentication if there's a user name provided by setting - conn->bits.user_passwd in url.c https://curl.se/bug/view.cgi?id=440 How? - https://curl.se/mail/lib-2004-08/0182.html A possible solution is to - either modify this variable to be set or introduce a variable such as - new conn->bits.want_authentication which is set when any of the authentication - options are set. + "system context" makes it use wrong(?) username - at least when compared to + what winhttp does. See https://curl.se/bug/view.cgi?id=535 6.5 NTLM does not support password with § character @@ -587,11 +355,11 @@ problems may have been fixed or changed somewhat since this was written. 6.6 libcurl can fail to try alternatives with --proxy-any When connecting via a proxy using --proxy-any, a failure to establish an - authentication will cause libcurl to abort trying other options if the - failed method has a higher preference than the alternatives. As an example, + authentication causes libcurl to abort trying other options if the failed + method has a higher preference than the alternatives. As an example, --proxy-any against a proxy which advertise Negotiate and NTLM, but which - fails to set up Kerberos authentication will not proceed to try authentication - using NTLM. + fails to set up Kerberos authentication does not proceed to try + authentication using NTLM. https://github.com/curl/curl/issues/876 @@ -599,15 +367,6 @@ problems may have been fixed or changed somewhat since this was written. https://github.com/curl/curl/issues/3267 -6.8 RTSP authentication breaks without redirect support - - RTSP authentication broke in 7.66.0. A work-around is to enable RTSP in - CURLOPT_REDIR_PROTOCOLS. Authentication should however not be considered an - actual redirect so a "proper" fix needs to be different and not require users - to allow redirects to RTSP to work. - - See https://github.com/curl/curl/pull/4750 - 6.9 SHA-256 digest not supported in Windows SSPI builds Windows builds of curl that have SSPI enabled use the native Windows API calls @@ -627,7 +386,7 @@ problems may have been fixed or changed somewhat since this was written. 6.11 Negotiate on Windows fails - When using --negotiate (or NTLM) with curl on Windows, SSL/TSL handshake + When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake fails despite having a valid kerberos ticket cached. Works without any issue in Unix/Linux. @@ -637,24 +396,23 @@ problems may have been fixed or changed somewhat since this was written. https://github.com/curl/curl/issues/7048 +6.13 Negotiate authentication against Hadoop HDFS + + https://github.com/curl/curl/issues/8264 + 7. FTP -7.1 FTP without or slow 220 response +7.1 FTP upload fails if remembered directory is deleted + + curl's FTP code assumes that the directory it entered in a previous transfer + still exists when it comes back to do a second transfer, and does not respond + well if it was indeed deleted in the mean time. - If a connection is made to a FTP server but the server then just never sends - the 220 response or otherwise is dead slow, libcurl will not acknowledge the - connection timeout during that phase but only the "real" timeout - which may - surprise users as it is probably considered to be the connect phase to most - people. Brought up (and is being misunderstood) in: - https://curl.se/bug/view.cgi?id=856 + https://github.com/curl/curl/issues/12181 -7.2 FTP with CONNECT and slow server +7.2 Implicit FTPS upload timeout - When doing FTP over a socks proxy or CONNECT through HTTP proxy and the multi - interface is used, libcurl will fail if the (passive) TCP connection for the - data transfer is not more or less instant as the code does not properly wait - for the connect to be confirmed. See test case 564 for a first shot at a test - case. + https://github.com/curl/curl/issues/11720 7.3 FTP with NOBODY and FAILONERROR @@ -665,104 +423,19 @@ problems may have been fixed or changed somewhat since this was written. 7.4 FTP with ACCT When doing an operation over FTP that requires the ACCT command (but not when - logging in), the operation will fail since libcurl does not detect this and - thus fails to issue the correct command: - https://curl.se/bug/view.cgi?id=635 - -7.5 ASCII FTP - - FTP ASCII transfers do not follow RFC959. They do not convert the data - accordingly (not for sending nor for receiving). RFC 959 section 3.1.1.1 - clearly describes how this should be done: - - The sender converts the data from an internal character representation to - the standard 8-bit NVT-ASCII representation (see the Telnet - specification). The receiver will convert the data from the standard - form to his own internal form. - - Since 7.15.4 at least line endings are converted. - -7.6 FTP with NULs in URL parts - - FTP URLs passed to curl may contain NUL (0x00) in the RFC 1738 , - , and components, encoded as "%00". The problem is that - curl_unescape does not detect this, but instead returns a shortened C string. - From a strict FTP protocol standpoint, NUL is a valid character within RFC - 959 , so the way to handle this correctly in curl would be to use a - data structure other than a plain C string, one that can handle embedded NUL - characters. From a practical standpoint, most FTP servers would not - meaningfully support NUL characters within RFC 959 , anyway (e.g., - Unix pathnames may not contain NUL). - -7.7 FTP and empty path parts in the URL - - libcurl ignores empty path parts in FTP URLs, whereas RFC1738 states that - such parts should be sent to the server as 'CWD ' (without an argument). The - only exception to this rule, is that we knowingly break this if the empty - part is first in the path, as then we use the double slashes to indicate that - the user wants to reach the root dir (this exception SHALL remain even when - this bug is fixed). - -7.8 Premature transfer end but healthy control channel - - When 'multi_done' is called before the transfer has been completed the normal - way, it is considered a "premature" transfer end. In this situation, libcurl - closes the connection assuming it does not know the state of the connection so - it cannot be reused for subsequent requests. - - With FTP however, this is not necessarily true but there are a bunch of - situations (listed in the ftp_done code) where it *could* keep the connection - alive even in this situation - but the current code does not. Fixing this would - allow libcurl to reuse FTP connections better. + logging in), the operation fails since libcurl does not detect this and thus + fails to issue the correct command: https://curl.se/bug/view.cgi?id=635 -7.9 Passive transfer tries only one IP address +7.12 FTPS server compatibility on Windows with Schannel - When doing FTP operations through a proxy at localhost, the reported spotted - that curl only tried to connect once to the proxy, while it had multiple - addresses and a failed connect on one address should make it try the next. - - After switching to passive mode (EPSV), curl should try all IP addresses for - "localhost". Currently it tries ::1, but it should also try 127.0.0.1. - - See https://github.com/curl/curl/issues/1508 - -7.10 FTPS needs session reuse - - When the control connection is reused for a subsequent transfer, some FTPS - servers complain about "missing session reuse" for the data channel for the - second transfer. - - https://github.com/curl/curl/issues/4654 - -7.11 FTPS upload data loss with TLS 1.3 - - During FTPS upload curl does not attempt to read TLS handshake messages sent - after the initial handshake. OpenSSL servers running TLS 1.3 may send such a - message. When curl closes the upload connection if unread data has been - received (such as a TLS handshake message) then the TCP protocol sends an - RST to the server, which may cause the server to discard or truncate the - upload if it has not read all sent data yet, and then return an error to curl - on the control channel connection. - - Since 7.78.0 this is mostly fixed. curl will do a single read before closing - TLS connections (which causes the TLS library to read handshake messages), - however there is still possibility of an RST if more messages need to be read - or a message arrives after the read but before close (network race condition). - - https://github.com/curl/curl/issues/6149 - -8. TELNET - -8.1 TELNET and time limitations do not work - - When using telnet, the time limitation options do not work. - https://curl.se/bug/view.cgi?id=846 - -8.2 Microsoft telnet server - - There seems to be a problem when connecting to the Microsoft telnet server. - https://curl.se/bug/view.cgi?id=649 + FTPS is not widely used with the Schannel TLS backend and so there may be + more bugs compared to other TLS backends such as OpenSSL. In the past users + have reported hanging and failed connections. It is likely some changes to + curl since then fixed the issues. None of the reported issues can be + reproduced any longer. + If you encounter an issue connecting to your server via FTPS with the latest + curl and Schannel then please search for open issues or file a new issue. 9. SFTP and SCP @@ -786,10 +459,23 @@ problems may have been fixed or changed somewhat since this was written. 9.3 Remote recursive folder creation with SFTP On this servers, the curl fails to create directories on the remote server - even when CURLOPT_FTP_CREATE_MISSING_DIRS option is set. + even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set. See https://github.com/curl/curl/issues/5204 +9.4 libssh blocking and infinite loop problem + + In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to + blocking mode. If the network is suddenly disconnected during sftp + transmission, curl is stuck, even if curl is configured with a timeout. + + https://github.com/curl/curl/issues/8632 + +9.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!" + + Running SCP and SFTP tests on cygwin makes this warning message appear. + + https://github.com/curl/curl/issues/11244 10. SOCKS @@ -797,45 +483,28 @@ problems may have been fixed or changed somewhat since this was written. libcurl does not support FTPS over a SOCKS proxy. -10.4 active FTP over a SOCKS - - libcurl does not support active FTP over a SOCKS proxy - 11. Internals -11.1 Curl leaks .onion hostnames in DNS +11.1 gssapi library name + version is missing in curl_version_info() - Curl sends DNS requests for hostnames with a .onion TLD. This leaks - information about what the user is attempting to access, and violates this - requirement of RFC7686: https://tools.ietf.org/html/rfc7686 + The struct needs to be expanded and code added to store this info. - Issue: https://github.com/curl/curl/issues/543 + See https://github.com/curl/curl/issues/13492 11.2 error buffer not set if connection to multiple addresses fails If you ask libcurl to resolve a hostname like example.com to IPv6 addresses - only. But you only have IPv4 connectivity. libcurl will correctly fail with - CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER + when you only have IPv4 connectivity. libcurl fails with + CURLE_COULDNT_CONNECT, but the error buffer set by CURLOPT_ERRORBUFFER remains empty. Issue: https://github.com/curl/curl/issues/544 -11.3 Disconnects do not do verbose +11.3 TFTP tests fail on OpenBSD - Due to how libcurl keeps connections alive in the "connection pool" after use - to potentially transcend the life-time of the initial easy handle that was - used to drive the transfer over that connection, it uses a *separate* and - internal easy handle when it shuts down the connection. That separate - connection might not have the same settings as the original easy handle, and - in particular it is often note-worthy that it does not have the same VERBOSE - and debug callbacks setup so that an application will not get the protocol - data for the disconnect phase of a transfer the same way it got all the other - data. + When adding an OpenBSD job with tests to GHA, some tests consistently fail + to run. - This is because the original easy handle might have already been freed at that - point and the application might not at all be prepared that the callback - would get called again long after the handle was freed. - - See for example https://github.com/curl/curl/issues/6995 + See https://github.com/curl/curl/issues/13623 11.4 HTTP test server 'connection-monitor' problems @@ -852,116 +521,20 @@ problems may have been fixed or changed somewhat since this was written. See https://github.com/curl/curl/issues/1332 and https://github.com/curl/curl/issues/4296 -11.6 slow connect to localhost on Windows - - When connecting to "localhost" on Windows, curl will resolve the name for - both ipv4 and ipv6 and try to connect to both happy eyeballs-style. Something - in there does however make it take 200 milliseconds to succeed - which is the - HAPPY_EYEBALLS_TIMEOUT define exactly. Lowering that define speeds up the - connection, suggesting a problem in the HE handling. - - If we can *know* that we are talking to a local host, we should lower the - happy eyeballs delay timeout for IPv6 (related: hardcode the "localhost" - addresses, mentioned in TODO). Possibly we should reduce that delay for all. - - https://github.com/curl/curl/issues/2281 - -11.7 signal-based resolver timeouts - - libcurl built without an asynchronous resolver library uses alarm() to time - out DNS lookups. When a timeout occurs, this causes libcurl to jump from the - signal handler back into the library with a sigsetjmp, which effectively - causes libcurl to continue running within the signal handler. This is - non-portable and could cause problems on some platforms. A discussion on the - problem is available at https://curl.se/mail/lib-2008-09/0197.html - - Also, alarm() provides timeout resolution only to the nearest second. alarm - ought to be replaced by setitimer on systems that support it. - -11.8 DoH leaks memory after followlocation - - https://github.com/curl/curl/issues/4592 - -11.9 DoH does not inherit all transfer options - - Some options are not inherited because they are not relevant for the DoH SSL - connections, or inheriting the option may result in unexpected behavior. For - example the user's debug function callback is not inherited because it would - be unexpected for internal handles (ie DoH handles) to be passed to that - callback. - - If an option is not inherited then it is not possible to set it separately for - DoH without a DoH-specific option. For example: CURLOPT_DOH_SSL_VERIFYHOST, - CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS. - - See https://github.com/curl/curl/issues/6605 - -11.10 Blocking socket operations in non-blocking API - - The list of blocking socket operations is in TODO section "More non-blocking". - -11.11 A shared connection cache is not thread-safe - - The share interface offers CURL_LOCK_DATA_CONNECT to have multiple easy - handle share a connection cache, but due to how connections are used they are - still not thread-safe when used shared. - - See https://github.com/curl/curl/issues/4915 and lib1541.c - -11.12 'no_proxy' string-matches IPv6 numerical addresses - - This has the downside that "::1" for example does not match "::0:1" even - though they are in fact the same address. - - See https://github.com/curl/curl/issues/5745 - -11.13 wakeup socket disconnect causes havoc - - waking an iPad breaks the wakeup socket pair, triggering a POLLIN event and - resulting in SOCKERRNO being set to ENOTCONN. - - This condition, and other possible error conditions on the wakeup socket, are - not handled, so the condition remains on the FD and curl_multi_poll will - never block again. - - See https://github.com/curl/curl/issues/6132 and - https://github.com/curl/curl/pull/6133 - -11.14 Multi perform hangs waiting for threaded resolver +11.6 test cases sometimes timeout - If a threaded resolver takes a long time to complete, libcurl can be blocked - waiting for it for a longer time than expected - and longer than the set - timeouts. + Occasionally, one of the tests timeouts. Inexplicably. - See https://github.com/curl/curl/issues/2975 and - https://github.com/curl/curl/issues/4852 - -11.15 CURLOPT_OPENSOCKETPAIRFUNCTION is missing - - When libcurl creates sockets with socketpair(), those are not "exposed" in - CURLOPT_OPENSOCKETFUNCTION and therefore might surprise and be unknown to - applications that expects and wants all sockets known beforehand. One way to - address this issue is to introduce a CURLOPT_OPENSOCKETPAIRFUNCTION callback. - - https://github.com/curl/curl/issues/5747 - -11.16 libcurl uses renames instead of locking for atomic operations - - For saving cookies, alt-svc and hsts files. This is bad when for example the - file is stored in a directory where the application has no write permission - but it has permission for the file. - - https://github.com/curl/curl/issues/6882 - https://github.com/curl/curl/pull/6884 + See https://github.com/curl/curl/issues/13350 12. LDAP 12.1 OpenLDAP hangs after returning results - By configuration defaults, openldap automatically chase referrals on + By configuration defaults, OpenLDAP automatically chase referrals on secondary socket descriptors. The OpenLDAP backend is asynchronous and thus should monitor all socket descriptors involved. Currently, these secondary - descriptors are not monitored, causing openldap library to never receive + descriptors are not monitored, causing OpenLDAP library to never receive data from them. As a temporary workaround, disable referrals chasing by configuration. @@ -986,45 +559,27 @@ problems may have been fixed or changed somewhat since this was written. https://github.com/curl/curl/issues/4261 -12.4 LDAPS with NSS is slow +12.4 LDAPS requests to ActiveDirectory server hang - See https://github.com/curl/curl/issues/5874 + https://github.com/curl/curl/issues/9580 13. TCP/IP -13.1 --interface for ipv6 binds to unusable IP address - - Since IPv6 provides a lot of addresses with different scope, binding to an - IPv6 address needs to take the proper care so that it does not bind to a - locally scoped address as that is bound to fail. - - https://github.com/curl/curl/issues/686 - 13.2 Trying local ports fails on Windows - This makes '--local-port [range]' to not work since curl can't properly - detect if a port is already in use, so it'll try the first port, use that and - then subsequently fail anyway if that was actually in use. + This makes '--local-port [range]' to not work since curl cannot properly + detect if a port is already in use, so it tries the first port, uses that and + then subsequently fails anyway if that was actually in use. https://github.com/curl/curl/issues/8112 -14. DICT - -14.1 DICT responses show the underlying protocol - - When getting a DICT response, the protocol parts of DICT are not stripped off - from the output. - - https://github.com/curl/curl/issues/1809 - 15. CMake -15.1 use correct SONAME +15.1 cmake outputs: no version information available - The autotools build sets the SONAME properly according to VERSIONINFO in - lib/Makefile.am and so should cmake to make comparable build. + Something in the SONAME generation seems to be wrong in the cmake build. - See https://github.com/curl/curl/pull/5935 + https://github.com/curl/curl/issues/11158 15.2 support build with GnuTLS @@ -1032,18 +587,6 @@ problems may have been fixed or changed somewhat since this was written. see https://github.com/curl/curl/issues/3125 -15.4 build docs/curl.1 - - The cmake build does not create the docs/curl.1 file and therefore must rely on - it being there already. This makes the --manual option not work and test - cases like 1139 cannot function. - -15.5 build on Linux links libcurl to libdl - - ... which it should not need to! - - See https://github.com/curl/curl/issues/6165 - 15.6 uses -lpthread instead of Threads::Threads See https://github.com/curl/curl/issues/6166 @@ -1055,25 +598,6 @@ problems may have been fixed or changed somewhat since this was written. See https://github.com/curl/curl/issues/6167 -15.8 libcurl.pc uses absolute library paths - - The libcurl.pc file generated by cmake contains things like Libs.private: - /usr/lib64/libssl.so /usr/lib64/libcrypto.so /usr/lib64/libz.so. The - autotools equivalent would say Libs.private: -lssl -lcrypto -lz - - See https://github.com/curl/curl/issues/6169 - -15.9 cert paths autodetected when cross-compiling - - The autotools build disables the ca_path/ca_bundle detection when - cross-compiling. The cmake build keeps doing the detection. - - See https://github.com/curl/curl/issues/6178 - -15.10 libspsl is not supported - - See https://github.com/curl/curl/issues/6214 - 15.11 ExternalProject_Add does not set CURL_CA_PATH CURL_CA_BUNDLE and CURL_CA_PATH are not set properly when cmake's @@ -1081,10 +605,6 @@ problems may have been fixed or changed somewhat since this was written. See https://github.com/curl/curl/issues/6313 -15.12 cannot enable LDAPS on Windows - - See https://github.com/curl/curl/issues/6284 - 15.13 CMake build with MIT Kerberos does not work Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2 @@ -1096,39 +616,36 @@ problems may have been fixed or changed somewhat since this was written. https://github.com/curl/curl/issues/6904 -16. Applications +16. aws-sigv4 -16.1 pulseUI VPN client +16.1 aws-sigv4 does not sign requests with * correctly - This application crashes at startup with libcurl 7.74.0 (and presumably later - versions too) after we cleaned up OpenSSL initialization. Since this is the - only known application to do this, we suspect it is related to something they - are doing in their setup that is not kosher. We have not been able to get in - contact with them nor got any technical details to help us debug this - further. + https://github.com/curl/curl/issues/7559 - See - https://community.pulsesecure.net/t5/Pulse-Desktop-Clients/Linux-Pulse-Client-does-not-work-with-curl-7-74/m-p/44378 - and https://github.com/curl/curl/issues/6306 +16.2 aws-sigv4 does not handle multipart/form-data correctly -17. HTTP/2 + https://github.com/curl/curl/issues/13351 + +16.3 aws-sigv4 has problems with particular URLs -17.1 Excessive HTTP/2 packets with TCP_NODELAY + https://github.com/curl/curl/issues/13058 - Because of how curl sets TCP_NODELAY by default, HTTP/2 requests are issued - using more separate TCP packets than it would otherwise need to use. This - means spending more bytes than it has to. Just disabling TCP_NODELAY for - HTTP/2 is also not the correct fix because that then makes the outgoing - packets to get delayed. +16.6 aws-sigv4 does not behave well with AWS VPC Lattice - See https://github.com/curl/curl/issues/6363 + https://github.com/curl/curl/issues/11007 + +17. HTTP/2 + +17.1 HTTP/2 prior knowledge over proxy + + https://github.com/curl/curl/issues/12641 17.2 HTTP/2 frames while in the connection pool kill reuse If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to - curl while the connection is held in curl's connection pool, the socket will - be found readable when considered for reuse and that makes curl think it is - dead and then it will be closed and a new connection gets created instead. + curl while the connection is held in curl's connection pool, the socket is + found readable when considered for reuse and that makes curl think it is dead + and then it is closed and a new connection gets created instead. This is *best* fixed by adding monitoring to connections while they are kept in the pool so that pings can be responded to appropriately. @@ -1140,50 +657,34 @@ problems may have been fixed or changed somewhat since this was written. See https://github.com/curl/curl/issues/5119 -17.4 Connection failures with parallel HTTP/2 - - See https://github.com/curl/curl/issues/5611 +17.4 HTTP/2 + TLS spends a lot of time in recv -17.5 HTTP/2 connections through HTTPS proxy frequently stall + It has been observered that by making the speed limit less accurate we could + improve this performance. (by reverting + https://github.com/curl/curl/commit/db5c9f4f9e0779b49624752b135281a0717b277b) + Can we find a golden middle ground? - See https://github.com/curl/curl/issues/6936 + See https://curl.se/mail/lib-2024-05/0026.html and + https://github.com/curl/curl/issues/13416 18. HTTP/3 -18.1 If the HTTP/3 server closes connection during upload curl hangs - - See https://github.com/curl/curl/issues/6606 +18.1 connection migration does not work -18.2 Uploading HTTP/3 files gets interrupted at certain file sizes - - See https://github.com/curl/curl/issues/6510 - -18.3 HTTP/3 download is 5x times slower than HTTP/2 - - See https://github.com/curl/curl/issues/6494 - -18.4 Downloading with HTTP/3 produces broken files - - See https://github.com/curl/curl/issues/7351 - -18.5 HTTP/3 download with quiche halts after a while - - See https://github.com/curl/curl/issues/7339 - -18.6 HTTP/3 multipart POST with quiche fails - - https://github.com/curl/curl/issues/7125 + https://github.com/curl/curl/issues/7695 -18.7 HTTP/3 quiche upload large file fails +18.2 quiche: QUIC connection is draining - https://github.com/curl/curl/issues/7532 + The transfer ends with error "QUIC connection is draining". -18.8 HTTP/3 does not support client certs + https://github.com/curl/curl/issues/12037 - aka "mutual authentication". +19. RTSP - https://github.com/curl/curl/issues/7625 +19.1 Some methods do not support response bodies -18.9 connection migration does not work + The RTSP implementation is written to assume that a number of RTSP methods + always get responses without bodies, even though there seems to be no + indication in the RFC that this is always the case. - https://github.com/curl/curl/issues/7695 + https://github.com/curl/curl/issues/12414 diff --git a/libs/curl/docs/MAIL-ETIQUETTE b/libs/curl/docs/MAIL-ETIQUETTE deleted file mode 100644 index eef37d33..00000000 --- a/libs/curl/docs/MAIL-ETIQUETTE +++ /dev/null @@ -1,285 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -MAIL ETIQUETTE - - 1. About the lists - 1.1 Mailing Lists - 1.2 Netiquette - 1.3 Do Not Mail a Single Individual - 1.4 Subscription Required - 1.5 Moderation of new posters - 1.6 Handling trolls and spam - 1.7 How to unsubscribe - 1.8 I posted, now what? - 1.9 Your emails are public - - 2. Sending mail - 2.1 Reply or New Mail - 2.2 Reply to the List - 2.3 Use a Sensible Subject - 2.4 Do Not Top-Post - 2.5 HTML is not for mails - 2.6 Quoting - 2.7 Digest - 2.8 Please Tell Us How You Solved The Problem - -============================================================================== - -1. About the lists - - 1.1 Mailing Lists - - The mailing lists we have are all listed and described at - https://curl.se/mail/ - - Each mailing list is targeted to a specific set of users and subjects, - please use the one or the ones that suit you the most. - - Each mailing list has hundreds up to thousands of readers, meaning that each - mail sent will be received and read by a large number of people. People - from various cultures, regions, religions and continents. - - 1.2 Netiquette - - Netiquette is a common term for how to behave on the internet. Of course, in - each particular group and subculture there will be differences in what is - acceptable and what is considered good manners. - - This document outlines what we in the curl project consider to be good - etiquette, and primarily this focus on how to behave on and how to use our - mailing lists. - - 1.3 Do Not Mail a Single Individual - - Many people send one question to one person. One person gets many mails, and - there is only one person who can give you a reply. The question may be - something that other people would also like to ask. These other people have - no way to read the reply, but to ask the one person the question. The one - person consequently gets overloaded with mail. - - If you really want to contact an individual and perhaps pay for his or her - services, by all means go ahead, but if it's just another curl question, - take it to a suitable list instead. - - 1.4 Subscription Required - - All curl mailing lists require that you are subscribed to allow a mail to go - through to all the subscribers. - - If you post without being subscribed (or from a different mail address than - the one you are subscribed with), your mail will simply be silently - discarded. You have to subscribe first, then post. - - The reason for this unfortunate and strict subscription policy is of course - to stop spam from pestering the lists. - - 1.5 Moderation of new posters - - Several of the curl mailing lists automatically make all posts from new - subscribers be moderated. This means that after you have subscribed and - sent your first mail to a list, that mail will not be let through to the - list until a mailing list administrator has verified that it is OK and - permits it to get posted. - - Once a first post has been made that proves the sender is actually talking - about curl-related subjects, the moderation "flag" will be switched off and - future posts will go through without being moderated. - - The reason for this moderation policy is that we do suffer from spammers who - actually subscribe and send spam to our lists. - - 1.6 Handling trolls and spam - - Despite our good intentions and hard work to keep spam off the lists and to - maintain a friendly and positive atmosphere, there will be times when spam - and or trolls get through. - - Troll - "someone who posts inflammatory, extraneous, or off-topic messages - in an online community" - - Spam - "use of electronic messaging systems to send unsolicited bulk - messages" - - No matter what, we NEVER EVER respond to trolls or spammers on the list. If - you believe the list admin should do something in particular, contact him/her - off-list. The subject will be taken care of as much as possible to prevent - repeated offenses, but responding on the list to such messages never leads to - anything good and only puts the light even more on the offender: which was - the entire purpose of it getting sent to the list in the first place. - - Do not feed the trolls. - - 1.7 How to unsubscribe - - You can unsubscribe the same way you subscribed in the first place. You go - to the page for the particular mailing list you are subscribed to and you enter - your email address and password and press the unsubscribe button. - - Also, the instructions to unsubscribe are included in the headers of every - mail that is sent out to all curl related mailing lists and there's a footer - in each mail that links to the "admin" page on which you can unsubscribe and - change other options. - - You NEVER EVER email the mailing list requesting someone else to take you off - the list. - - 1.8 I posted, now what? - - If you are not subscribed with the same email address that you used to send - the email, your post will just be silently discarded. - - If you posted for the first time to the mailing list, you first need to wait - for an administrator to allow your email to go through (moderated). This - normally happens quickly but in case we are asleep, you may have to wait a - few hours. - - Once your email goes through it is sent out to several hundred or even - thousands of recipients. Your email may cover an area that not that many - people know about or are interested in. Or possibly the person who knows - about it is on vacation or under a heavy work load right now. You may have - to wait for a response and you should not expect to get a response at all. - Ideally, you get an answer within a couple of days. - - You do yourself and all of us a service when you include as many details as - possible already in your first email. Mention your operating system and - environment. Tell us which curl version you are using and tell us what you - did, what happened and what you expected would happen. Preferably, show us - what you did with details enough to allow others to help point out the - problem or repeat the steps in their locations. - - Failing to include details will only delay responses and make people respond - and ask for more details and you will have to send a follow-up email that - includes them. - - Expect the responses to primarily help YOU debug the issue, or ask YOU - questions that can lead you or others towards a solution or explanation to - whatever you experience. - - If you are a repeat offender to the guidelines outlined in this document, - chances are that people will ignore you at will and your chances to get - responses in the future will greatly diminish. - - 1.9 Your emails are public - - Your email, its contents and all its headers and the details in those - headers will be received by every subscriber of the mailing list that you - send your email to. - - Your email as sent to a curl mailing list will end up in mail archives, on - the curl website and elsewhere, for others to see and read. Today and in - the future. In addition to the archives, the mail is sent out to thousands - of individuals. There is no way to undo a sent email. - - When sending emails to a curl mailing list, do not include sensitive - information such as user names and passwords; use fake ones, temporary ones - or just remove them completely from the mail. Note that this includes base64 - encoded HTTP Basic auth headers. - - This public nature of the curl mailing lists makes automatically inserted mail - footers about mails being "private" or "only meant for the recipient" or - similar even more silly than usual. Because they are absolutely not private - when sent to a public mailing list. - - -2. Sending mail - - 2.1 Reply or New Mail - - Please do not reply to an existing message as a short-cut to post a message - to the lists. - - Many mail programs and web archivers use information within mails to keep - them together as "threads", as collections of posts that discuss a certain - subject. If you do not intend to reply on the same or similar subject, do not - just hit reply on an existing mail and change subject, create a new mail. - - 2.2 Reply to the List - - When replying to a message from the list, make sure that you do "group - reply" or "reply to all", and not just reply to the author of the single - mail you reply to. - - We are actively discouraging replying back to the single person by setting - the Reply-To: field in outgoing mails back to the mailing list address, - making it harder for people to mail the author directly, if only by mistake. - - 2.3 Use a Sensible Subject - - Please use a subject of the mail that makes sense and that is related to the - contents of your mail. It makes it a lot easier to find your mail afterwards - and it makes it easier to track mail threads and topics. - - 2.4 Do Not Top-Post - - If you reply to a message, do not use top-posting. Top-posting is when you - write the new text at the top of a mail and you insert the previous quoted - mail conversation below. It forces users to read the mail in a backwards - order to properly understand it. - - This is why top posting is so bad (in top posting order): - - A: Because it messes up the order in which people normally read text. - Q: Why is top-posting such a bad thing? - A: Top-posting. - Q: What is the most annoying thing in email? - - Apart from the screwed up read order (especially when mixed together in a - thread when someone responds using the mandated bottom-posting style), it - also makes it impossible to quote only parts of the original mail. - - When you reply to a mail. You let the mail client insert the previous mail - quoted. Then you put the cursor on the first line of the mail and you move - down through the mail, deleting all parts of the quotes that do not add - context for your comments. When you want to add a comment you do so, inline, - right after the quotes that relate to your comment. Then you continue - downwards again. - - When most of the quotes have been removed and you have added your own words, - you are done. - - 2.5 HTML is not for mails - - Please switch off those HTML encoded messages. You can mail all those funny - mails to your friends. We speak plain text mails. - - 2.6 Quoting - - Quote as little as possible. Just enough to provide the context you cannot - leave out. A lengthy description can be found here: - - https://www.netmeister.org/news/learn2quote.html - - 2.7 Digest - - We allow subscribers to subscribe to the "digest" version of the mailing - lists. A digest is a collection of mails lumped together in one single mail. - - Should you decide to reply to a mail sent out as a digest, there are two - things you MUST consider if you really really cannot subscribe normally - instead: - - Cut off all mails and chatter that is not related to the mail you want to - reply to. - - Change the subject name to something sensible and related to the subject, - preferably even the actual subject of the single mail you wanted to reply to - - 2.8 Please Tell Us How You Solved The Problem - - Many people mail questions to the list, people spend some of their time and - make an effort in providing good answers to these questions. - - If you are the one who asks, please consider responding once more in case - one of the hints was what solved your problems. The guys who write answers - feel good to know that they provided a good answer and that you fixed the - problem. Far too often, the person who asked the question is never heard from - again, and we never get to know if he/she is gone because the problem was - solved or perhaps because the problem was unsolvable. - - Getting the solution posted also helps other users that experience the same - problem(s). They get to see (possibly in the web archives) that the - suggested fixes actually has helped at least one person. diff --git a/libs/curl/docs/MAIL-ETIQUETTE.md b/libs/curl/docs/MAIL-ETIQUETTE.md new file mode 100644 index 00000000..e3cf702b --- /dev/null +++ b/libs/curl/docs/MAIL-ETIQUETTE.md @@ -0,0 +1,258 @@ + + +# Mail etiquette + +## About the lists + +### Mailing Lists + +The mailing lists we have are all listed and described on the [curl +website](https://curl.se/mail/). + +Each mailing list is targeted to a specific set of users and subjects, please +use the one or the ones that suit you the most. + +Each mailing list has hundreds up to thousands of readers, meaning that each +mail sent is received and read by a large number of people. People from +various cultures, regions, religions and continents. + +### Netiquette + +Netiquette is a common term for how to behave on the Internet. Of course, in +each particular group and subculture there are differences in what is +acceptable and what is considered good manners. + +This document outlines what we in the curl project consider to be good +etiquette, and primarily this focus on how to behave on and how to use our +mailing lists. + +### Do Not Mail a Single Individual + +Many people send one question to one person. One person gets many mails, and +there is only one person who can give you a reply. The question may be +something that other people would also like to ask. These other people have no +way to read the reply, but to ask the one person the question. The one person +consequently gets overloaded with mail. + +If you really want to contact an individual and perhaps pay for his or her +services, by all means go ahead, but if it is just another curl question, take +it to a suitable list instead. + +### Subscription Required + +All curl mailing lists require that you are subscribed to allow a mail to go +through to all the subscribers. + +If you post without being subscribed (or from a different mail address than +the one you are subscribed with), your mail is simply silently discarded. You +have to subscribe first, then post. + +The reason for this unfortunate and strict subscription policy is of course to +stop spam from pestering the lists. + +### Moderation of new posters + +Several of the curl mailing lists automatically make all posts from new +subscribers be moderated. After you have subscribed and sent your first mail +to a list, that mail is not let through to the list until a mailing list +administrator has verified that it is OK and permits it to get posted. + +Once a first post has been made that proves the sender is actually talking +about curl-related subjects, the moderation "flag" is switched off and future +posts go through without being moderated. + +The reason for this moderation policy is that we do suffer from spammers who +actually subscribe and send spam to our lists. + +### Handling trolls and spam + +Despite our good intentions and hard work to keep spam off the lists and to +maintain a friendly and positive atmosphere, there are times when spam and or +trolls get through. + +Troll - "someone who posts inflammatory, extraneous, or off-topic messages in +an online community" + +Spam - "use of electronic messaging systems to send unsolicited bulk messages" + +No matter what, we NEVER EVER respond to trolls or spammers on the list. If +you believe the list admin should do something in particular, contact them +off-list. The subject is taken care of as much as possible to prevent repeated +offenses, but responding on the list to such messages never leads to anything +good and only puts the light even more on the offender: which was the entire +purpose of it getting sent to the list in the first place. + +Do not feed the trolls. + +### How to unsubscribe + +You can unsubscribe the same way you subscribed in the first place. You go to +the page for the particular mailing list you are subscribed to and you enter +your email address and password and press the unsubscribe button. + +Also, the instructions to unsubscribe are included in the headers of every +mail that is sent out to all curl related mailing lists and there is a footer +in each mail that links to the "admin" page on which you can unsubscribe and +change other options. + +You NEVER EVER email the mailing list requesting someone else to take you off +the list. + +### I posted, now what? + +If you are not subscribed with the same email address that you used to send +the email, your post is silently discarded. + +If you posted for the first time to the mailing list, you first need to wait +for an administrator to allow your email to go through (moderated). This +normally happens quickly but in case we are asleep, you may have to wait a few +hours. + +Once your email goes through it is sent out to several hundred or even +thousands of recipients. Your email may cover an area that not that many +people know about or are interested in. Or possibly the person who knows about +it is on vacation or under a heavy work load right now. You may have to wait +for a response and you should not expect to get a response at all. Ideally, +you get an answer within a couple of days. + +You do yourself and all of us a service when you include as many details as +possible already in your first email. Mention your operating system and +environment. Tell us which curl version you are using and tell us what you +did, what happened and what you expected would happen. Preferably, show us +what you did with details enough to allow others to help point out the problem +or repeat the steps in their locations. + +Failing to include details only delays responses and make people respond and +ask for more details and you have to send follow-up emails that include them. + +Expect the responses to primarily help YOU debug the issue, or ask YOU +questions that can lead you or others towards a solution or explanation to +whatever you experience. + +If you are a repeat offender to the guidelines outlined in this document, +chances are that people ignore you and your chances to get responses in the +future greatly diminish. + +### Your emails are public + +Your email, its contents and all its headers and the details in those headers +are received by every subscriber of the mailing list that you send your email +to. + +Your email as sent to a curl mailing list ends up in mail archives, on the +curl website and elsewhere, for others to see and read. Today and in the +future. In addition to the archives, the mail is sent out to thousands of +individuals. There is no way to undo a sent email. + +When sending emails to a curl mailing list, do not include sensitive +information such as usernames and passwords; use fake ones, temporary ones or +just remove them completely from the mail. Note that this includes base64 +encoded HTTP Basic auth headers. + +This public nature of the curl mailing lists makes automatically inserted mail +footers about mails being "private" or "only meant for the recipient" or +similar even more silly than usual. Because they are absolutely not private +when sent to a public mailing list. + +## Sending mail + +### Reply or New Mail + +Please do not reply to an existing message as a short-cut to post a message to +the lists. + +Many mail programs and web archivers use information within mails to keep them +together as "threads", as collections of posts that discuss a certain subject. +If you do not intend to reply on the same or similar subject, do not just hit +reply on an existing mail and change the subject, create a new mail. + +### Reply to the List + +When replying to a message from the list, make sure that you do "group reply" +or "reply to all", and not just reply to the author of the single mail you +reply to. + +We are actively discouraging replying to the single person by setting the +correct field in outgoing mails back asking for replies to get sent to the +mailing list address, making it harder for people to reply to the author only +by mistake. + +### Use a Sensible Subject + +Please use a subject of the mail that makes sense and that is related to the +contents of your mail. It makes it a lot easier to find your mail afterwards +and it makes it easier to track mail threads and topics. + +### Do Not Top-Post + +If you reply to a message, do not use top-posting. Top-posting is when you +write the new text at the top of a mail and you insert the previous quoted +mail conversation below. It forces users to read the mail in a backwards order +to properly understand it. + +This is why top posting is so bad (in top posting order): + + A: Because it messes up the order in which people normally read text. + Q: Why is top-posting such a bad thing? + A: Top-posting. + Q: What is the most annoying thing in email? + +Apart from the screwed up read order (especially when mixed together in a +thread when someone responds using the mandated bottom-posting style), it also +makes it impossible to quote only parts of the original mail. + +When you reply to a mail. You let the mail client insert the previous mail +quoted. Then you put the cursor on the first line of the mail and you move +down through the mail, deleting all parts of the quotes that do not add +context for your comments. When you want to add a comment you do so, inline, +right after the quotes that relate to your comment. Then you continue +downwards again. + +When most of the quotes have been removed and you have added your own words, +you are done. + +### HTML is not for mails + +Please switch off those HTML encoded messages. You can mail all those funny +mails to your friends. We speak plain text mails. + +### Quoting + +Quote as little as possible. Just enough to provide the context you cannot +eave out. A lengthy description can be found +[here](https://www.netmeister.org/news/learn2quote.html). + +### Digest + +We allow subscribers to subscribe to the "digest" version of the mailing +lists. A digest is a collection of mails lumped together in one single mail. + +Should you decide to reply to a mail sent out as a digest, there are two +things you MUST consider if you really really cannot subscribe normally +instead: + +Cut off all mails and chatter that is not related to the mail you want to +reply to. + +Change the subject name to something sensible and related to the subject, +preferably even the actual subject of the single mail you wanted to reply to + +### Please Tell Us How You Solved The Problem + +Many people mail questions to the list, people spend some of their time and +make an effort in providing good answers to these questions. + +If you are the one who asks, please consider responding once more in case one +of the hints was what solved your problems. The guys who write answers feel +good to know that they provided a good answer and that you fixed the problem. +Far too often, the person who asked the question is never heard from again, +and we never get to know if they are gone because the problem was solved or +perhaps because the problem was unsolvable. + +Getting the solution posted also helps other users that experience the same +problem(s). They get to see (possibly in the web archives) that the suggested +fixes actually have helped at least one person. diff --git a/libs/curl/docs/MANUAL.md b/libs/curl/docs/MANUAL.md index 155bcf15..33596663 100644 --- a/libs/curl/docs/MANUAL.md +++ b/libs/curl/docs/MANUAL.md @@ -1,3 +1,9 @@ + + # curl tutorial ## Simple Usage @@ -6,33 +12,37 @@ Get the main page from a web-server: curl https://www.example.com/ -Get the README file the user's home directory at funet's ftp-server: +Get a README file from an FTP server: - curl ftp://ftp.funet.fi/README + curl ftp://ftp.example.com/README -Get a web page from a server using port 8000: +Get a webpage from a server using port 8000: - curl http://www.weirdserver.com:8000/ + curl http://www.example.com:8000/ Get a directory listing of an FTP site: - curl ftp://ftp.funet.fi + curl ftp://ftp.example.com/ + +Get the all terms matching curl from a dictionary: + + curl dict://dict.example.com/m:curl Get the definition of curl from a dictionary: - curl dict://dict.org/m:curl + curl dict://dict.example.com/d:curl Fetch two documents at once: - curl ftp://ftp.funet.fi/ http://www.weirdserver.com:8000/ + curl ftp://ftp.example.com/ http://www.example.com:8000/ Get a file off an FTPS server: - curl ftps://files.are.secure.com/secrets.txt + curl ftps://files.are.example.com/secrets.txt or use the more appropriate FTPS way to get the same file: - curl --ftp-ssl ftp://files.are.secure.com/secrets.txt + curl --ftp-ssl ftp://files.are.example.com/secrets.txt Get a file from an SSH server using SFTP: @@ -59,13 +69,12 @@ Get a file from an SMB server: ## Download to a File -Get a web page and store in a local file with a specific name: +Get a webpage and store in a local file with a specific name: curl -o thatpage.html http://www.example.com/ -Get a web page and store in a local file, make the local file get the name of -the remote document (if no file name part is specified in the URL, this will -fail): +Get a webpage and store in a local file, make the local file get the name of +the remote document (if no filename part is specified in the URL, this fails): curl -O http://www.example.com/index.html @@ -77,22 +86,22 @@ Fetch two files and store them with their remote names: ### FTP -To ftp files using name+passwd, include them in the URL like: +To ftp files using name and password, include them in the URL like: - curl ftp://name:passwd@machine.domain:port/full/path/to/file + curl ftp://name:passwd@ftp.server.example:port/full/path/to/file -or specify them with the -u flag like +or specify them with the `-u` flag like - curl -u name:passwd ftp://machine.domain:port/full/path/to/file + curl -u name:passwd ftp://ftp.server.example:port/full/path/to/file ### FTPS It is just like for FTP, but you may also want to specify and use SSL-specific options for certificates etc. -Note that using `FTPS://` as prefix is the "implicit" way as described in the -standards while the recommended "explicit" way is done by using FTP:// and the -`--ftp-ssl` option. +Note that using `FTPS://` as prefix is the *implicit* way as described in the +standards while the recommended *explicit* way is done by using `FTP://` and +the `--ssl-reqd` option. ### SFTP / SCP @@ -100,7 +109,7 @@ This is similar to FTP, but you can use the `--key` option to specify a private key to use instead of a password. Note that the private key may itself be protected by a password that is unrelated to the login password of the remote system; this password is specified using the `--pass` option. -Typically, curl will automatically extract the public key from the private key +Typically, curl automatically extracts the public key from the private key file, but in cases where curl does not have the proper library support, a matching public key file must be specified using the `--pubkey` option. @@ -109,11 +118,11 @@ matching public key file must be specified using the `--pubkey` option. Curl also supports user and password in HTTP URLs, thus you can pick a file like: - curl http://name:passwd@machine.domain/full/path/to/file + curl http://name:passwd@http.server.example/full/path/to/file or specify user and password separately like in - curl -u name:passwd http://machine.domain/full/path/to/file + curl -u name:passwd http://http.server.example/full/path/to/file HTTP offers many different methods of authentication and curl supports several: Basic, Digest, NTLM and Negotiate (SPNEGO). Without telling which @@ -122,7 +131,7 @@ secure ones out of the ones that the server accepts for the given URL, by using `--anyauth`. **Note**! According to the URL specification, HTTP URLs can not contain a user -and password, so that style will not work when using curl via a proxy, even +and password, so that style does not work when using curl via a proxy, even though curl allows it at other times. When using a proxy, you _must_ use the `-u` style for user and password. @@ -140,24 +149,24 @@ servers. Get an ftp file using an HTTP proxy named my-proxy that uses port 888: - curl -x my-proxy:888 ftp://ftp.leachsite.com/README + curl -x my-proxy:888 ftp://ftp.example.com/README Get a file from an HTTP server that requires user and password, using the same proxy as above: - curl -u user:passwd -x my-proxy:888 http://www.get.this/ + curl -u user:passwd -x my-proxy:888 http://www.example.com/ Some proxies require special authentication. Specify by using -U as above: - curl -U user:passwd -x my-proxy:888 http://www.get.this/ + curl -U user:passwd -x my-proxy:888 http://www.example.com/ A comma-separated list of hosts and domains which do not use the proxy can be specified as: - curl --noproxy localhost,get.this -x my-proxy:888 http://www.get.this/ + curl --noproxy example.com -x my-proxy:888 http://www.example.com/ If the proxy is specified with `--proxy1.0` instead of `--proxy` or `-x`, then -curl will use HTTP/1.0 instead of HTTP/1.1 for any `CONNECT` attempts. +curl uses HTTP/1.0 instead of HTTP/1.1 for any `CONNECT` attempts. curl also supports SOCKS4 and SOCKS5 proxies with `--socks4` and `--socks5`. @@ -170,33 +179,43 @@ curl supports the `-u`, `-Q` and `--ftp-account` options that can be used to set up transfers through many FTP proxies. For example, a file can be uploaded to a remote FTP server using a Blue Coat FTP proxy with the options: - curl -u "username@ftp.server Proxy-Username:Remote-Pass" + curl -u "username@ftp.server.example Proxy-Username:Remote-Pass" --ftp-account Proxy-Password --upload-file local-file - ftp://my-ftp.proxy.server:21/remote/upload/path/ + ftp://my-ftp.proxy.example:21/remote/upload/path/ See the manual for your FTP proxy to determine the form it expects to set up transfers, and curl's `-v` option to see exactly what curl is sending. +## Piping + +Get a key file and add it with `apt-key` (when on a system that uses `apt` for +package management): + + curl -L https://apt.example.org/llvm-snapshot.gpg.key | sudo apt-key add - + +The '|' pipes the output to STDIN. `-` tells `apt-key` that the key file +should be read from STDIN. + ## Ranges HTTP 1.1 introduced byte-ranges. Using this, a client can request to get only -one or more subparts of a specified document. Curl supports this with the `-r` -flag. +one or more sub-parts of a specified document. Curl supports this with the +`-r` flag. Get the first 100 bytes of a document: - curl -r 0-99 http://www.get.this/ + curl -r 0-99 http://www.example.com/ Get the last 500 bytes of a document: - curl -r -500 http://www.get.this/ + curl -r -500 http://www.example.com/ Curl also supports simple ranges for FTP files as well. Then you can only specify start and stop position. Get the first 100 bytes of a document using FTP: - curl -r 0-99 ftp://www.get.this/README + curl -r 0-99 ftp://www.example.com/README ## Uploading @@ -204,26 +223,26 @@ Get the first 100 bytes of a document using FTP: Upload all data on stdin to a specified server: - curl -T - ftp://ftp.upload.com/myfile + curl -T - ftp://ftp.example.com/myfile Upload data from a specified file, login with user and password: - curl -T uploadfile -u user:passwd ftp://ftp.upload.com/myfile + curl -T uploadfile -u user:passwd ftp://ftp.example.com/myfile -Upload a local file to the remote site, and use the local file name at the +Upload a local file to the remote site, and use the local filename at the remote site too: - curl -T uploadfile -u user:passwd ftp://ftp.upload.com/ + curl -T uploadfile -u user:passwd ftp://ftp.example.com/ Upload a local file to get appended to the remote file: - curl -T localfile -a ftp://ftp.upload.com/remotefile + curl -T localfile -a ftp://ftp.example.com/remotefile Curl also supports ftp upload through a proxy, but only if the proxy is configured to allow that kind of tunneling. If it does, you can run curl in a fashion similar to: - curl --proxytunnel -x proxy:port -T localfile ftp.upload.com + curl --proxytunnel -x proxy:port -T localfile ftp.example.com ### SMB / SMBS @@ -234,7 +253,7 @@ fashion similar to: Upload all data on stdin to a specified HTTP site: - curl -T - http://www.upload.com/myfile + curl -T - http://www.example.com/myfile Note that the HTTP server must have been configured to accept PUT before this can be done successfully. @@ -243,16 +262,16 @@ For other ways to do HTTP data upload, see the POST section below. ## Verbose / Debug -If curl fails where it is not supposed to, if the servers do not let you in, if -you cannot understand the responses: use the `-v` flag to get verbose -fetching. Curl will output lots of info and what it sends and receives in -order to let the user see all client-server interaction (but it will not show you -the actual data). +If curl fails where it is not supposed to, if the servers do not let you in, +if you cannot understand the responses: use the `-v` flag to get verbose +fetching. Curl outputs lots of info and what it sends and receives in order to +let the user see all client-server interaction (but it does not show you the +actual data). - curl -v ftp://ftp.upload.com/ + curl -v ftp://ftp.example.com/ To get even more details and information on what curl does, try using the -`--trace` or `--trace-ascii` options with a given file name to log to, like +`--trace` or `--trace-ascii` options with a given filename to log to, like this: curl --trace trace.txt www.haxx.se @@ -269,7 +288,7 @@ extensive. For HTTP, you can get the header information (the same as `-I` would show) shown before the data by using `-i`/`--include`. Curl understands the `-D`/`--dump-header` option when getting files from both FTP and HTTP, and it -will then store the headers in the specified file. +then stores the headers in the specified file. Store the HTTP headers in a separate file (headers.txt in the example): @@ -281,47 +300,52 @@ cookies section. ## POST (HTTP) -It's easy to post data using curl. This is done using the `-d ` option. +It is easy to post data using curl. This is done using the `-d ` option. The post data must be urlencoded. -Post a simple "name" and "phone" guestbook. +Post a simple `name` and `phone` guestbook. + + curl -d "name=Rafael%20Sagula&phone=3320780" http://www.example.com/guest.cgi - curl -d "name=Rafael%20Sagula&phone=3320780" http://www.where.com/guest.cgi +Or automatically [URL encode the data](https://everything.curl.dev/http/post/url-encode). + + curl --data-urlencode "name=Rafael Sagula&phone=3320780" + http://www.example.com/guest.cgi How to post a form with curl, lesson #1: Dig out all the `` tags in the form that you want to fill in. -If there's a "normal" post, you use `-d` to post. `-d` takes a full "post -string", which is in the format +If there is a normal post, you use `-d` to post. `-d` takes a full post +string, which is in the format =&=&... -The 'variable' names are the names set with `"name="` in the `` tags, -and the data is the contents you want to fill in for the inputs. The data -*must* be properly URL encoded. That means you replace space with + and that -you replace weird letters with %XX where XX is the hexadecimal representation +The variable names are the names set with `"name="` in the `` tags, and +the data is the contents you want to fill in for the inputs. The data *must* +be properly URL encoded. That means you replace space with + and that you +replace weird letters with `%XX` where `XX` is the hexadecimal representation of the letter's ASCII code. Example: -(page located at `http://www.formpost.com/getthis/`) +(say if `http://example.com` had the following html) ```html
- - - - + + + +
``` -We want to enter user 'foobar' with password '12345'. +We want to enter user `foobar` with password `12345`. -To post to this, you enter a curl command line like: +To post to this, you would enter a curl command line like: curl -d "user=foobar&pass=12345&id=blablabla&ding=submit" - http://www.formpost.com/getthis/post.cgi + http://example.com/post.cgi While `-d` uses the application/x-www-form-urlencoded mime-type, generally understood by CGI's and similar, curl also supports the more capable @@ -330,33 +354,33 @@ multipart/form-data type. This latter type supports things like file upload. `-F` accepts parameters like `-F "name=contents"`. If you want the contents to be read from a file, use `@filename` as contents. When specifying a file, you can also specify the file content type by appending `;type=` to the -file name. You can also post the contents of several files in one field. For -example, the field name 'coolfiles' is used to send three files, with +filename. You can also post the contents of several files in one field. For +example, the field name `coolfiles` is used to send three files, with different content types using the following syntax: curl -F "coolfiles=@fil1.gif;type=image/gif,fil2.txt,fil3.html" - http://www.post.com/postit.cgi + http://www.example.com/postit.cgi -If the content-type is not specified, curl will try to guess from the file +If the content-type is not specified, curl tries to guess from the file extension (it only knows a few), or use the previously specified type (from an -earlier file if several files are specified in a list) or else it will use the -default type 'application/octet-stream'. +earlier file if several files are specified in a list) or else it uses the +default type `application/octet-stream`. Emulate a fill-in form with `-F`. Let's say you fill in three fields in a -form. One field is a file name which to post, one field is your name and one +form. One field is a filename which to post, one field is your name and one field is a file description. We want to post the file we have written named -"cooltext.txt". To let curl do the posting of this data instead of your -favourite browser, you have to read the HTML source of the form page and find +`cooltext.txt`. To let curl do the posting of this data instead of your +favorite browser, you have to read the HTML source of the form page and find the names of the input fields. In our example, the input field names are -'file', 'yourname' and 'filedescription'. +`file`, `yourname` and `filedescription`. curl -F "file=@cooltext.txt" -F "yourname=Daniel" -F "filedescription=Cool text file with cool text inside" - http://www.post.com/postit.cgi + http://www.example.com/postit.cgi To send two files in one post you can do it in two ways: -Send multiple files in a single "field" with a single field name: +Send multiple files in a single field with a single field name: curl -F "pictures=@dog.gif,cat.gif" $URL @@ -378,7 +402,7 @@ used on the command line. It is especially useful to fool or trick stupid servers or CGI scripts that rely on that information being available or contain certain data. - curl -e www.coolsite.com http://www.showme.com/ + curl -e www.example.org http://www.example.com/ ## User Agent @@ -389,7 +413,7 @@ accept certain browsers. Example: - curl -A 'Mozilla/3.0 (Win95; I)' http://www.nationsbank.com/ + curl -A 'Mozilla/3.0 (Win95; I)' http://www.bank.example.com/ Other common strings: @@ -415,7 +439,7 @@ client's side. The server sets cookies by sending a response line in the headers that looks like `Set-Cookie: ` where the data part then typically contains a set of `NAME=VALUE` pairs (separated by semicolons `;` like `NAME1=VALUE1; NAME2=VALUE2;`). The server can also specify for what path -the "cookie" should be used for (by specifying `path=value`), when the cookie +the cookie should be used for (by specifying `path=value`), when the cookie should expire (`expire=DATE`), for what domain to use it (`domain=NAME`) and if it should be used on secure connections only (`secure`). @@ -426,11 +450,11 @@ Set-Cookie: sessionid=boo123; path="/foo"; ``` it means the server wants that first pair passed on when we get anything in a -path beginning with "/foo". +path beginning with `/foo`. Example, get a page that wants my name passed in a cookie: - curl -b "name=Daniel" www.sillypage.com + curl -b "name=Daniel" www.example.com Curl also has the ability to use previously received cookies in following sessions. If you get cookies from a server and store them in a file in a @@ -439,32 +463,32 @@ manner similar to: curl --dump-header headers www.example.com ... you can then in a second connect to that (or another) site, use the -cookies from the 'headers' file like: +cookies from the `headers.txt` file like: - curl -b headers www.example.com + curl -b headers.txt www.example.com While saving headers to a file is a working way to store cookies, it is however error-prone and not the preferred way to do this. Instead, make curl -save the incoming cookies using the well-known netscape cookie format like +save the incoming cookies using the well-known Netscape cookie format like this: curl -c cookies.txt www.example.com -Note that by specifying `-b` you enable the "cookie awareness" and with `-L` -you can make curl follow a location: (which often is used in combination with -cookies). So that if a site sends cookies and a location, you can use a +Note that by specifying `-b` you enable the cookie engine and with `-L` you +can make curl follow a `location:` (which often is used in combination with +cookies). If a site sends cookies and a location field, you can use a non-existing file to trigger the cookie awareness like: curl -L -b empty.txt www.example.com The file to read cookies from must be formatted using plain HTTP headers OR as -netscape's cookie file. Curl will determine what kind it is based on the file -contents. In the above command, curl will parse the header and store the -cookies received from www.example.com. curl will send to the server the -stored cookies which match the request as it follows the location. The file -"empty.txt" may be a nonexistent file. +Netscape's cookie file. Curl determines what kind it is based on the file +contents. In the above command, curl parses the header and store the cookies +received from www.example.com. curl sends the stored cookies which match the +request to the server as it follows the location. The file `empty.txt` may be +a nonexistent file. -To read and write cookies from a netscape cookie file, you can set both `-b` +To read and write cookies from a Netscape cookie file, you can set both `-b` and `-c` to use the same file: curl -b cookies.txt -c cookies.txt www.example.com @@ -480,22 +504,22 @@ happening. The different fields in the output have the following meaning: From left-to-right: - - % - percentage completed of the whole transfer - - Total - total size of the whole expected transfer - - % - percentage completed of the download - - Received - currently downloaded amount of bytes - - % - percentage completed of the upload - - Xferd - currently uploaded amount of bytes - - Average Speed Dload - the average transfer speed of the download - - Average Speed Upload - the average transfer speed of the upload - - Time Total - expected time to complete the operation - - Time Current - time passed since the invoke - - Time Left - expected time left to completion - - Curr.Speed - the average transfer speed the last 5 seconds (the first + - `%` - percentage completed of the whole transfer + - `Total` - total size of the whole expected transfer + - `%` - percentage completed of the download + - `Received` - currently downloaded amount of bytes + - `%` - percentage completed of the upload + - `Xferd` - currently uploaded amount of bytes + - `Average Speed Dload` - the average transfer speed of the download + - `Average Speed Upload` - the average transfer speed of the upload + - `Time Total` - expected time to complete the operation + - `Time Current` - time passed since the invoke + - `Time Left` - expected time left to completion + - `Curr.Speed` - the average transfer speed the last 5 seconds (the first 5 seconds of a transfer is based on less time of course.) -The `-#` option will display a totally different progress bar that does not -need much explanation! +The `-#` option displays a totally different progress bar that does not need +much explanation! ## Speed Limit @@ -507,39 +531,39 @@ for a specified time. To have curl abort the download if the speed is slower than 3000 bytes per second for 1 minute, run: - curl -Y 3000 -y 60 www.far-away-site.com + curl -Y 3000 -y 60 www.far-away.example.com This can be used in combination with the overall time limit, so that the above operation must be completed in whole within 30 minutes: - curl -m 1800 -Y 3000 -y 60 www.far-away-site.com + curl -m 1800 -Y 3000 -y 60 www.far-away.example.com Forcing curl not to transfer data faster than a given rate is also possible, which might be useful if you are using a limited bandwidth connection and you do not want your transfer to use all of it (sometimes referred to as -"bandwidth throttle"). +*bandwidth throttle*). Make curl transfer data no faster than 10 kilobytes per second: - curl --limit-rate 10K www.far-away-site.com + curl --limit-rate 10K www.far-away.example.com or - curl --limit-rate 10240 www.far-away-site.com + curl --limit-rate 10240 www.far-away.example.com Or prevent curl from uploading data faster than 1 megabyte per second: - curl -T upload --limit-rate 1M ftp://uploadshereplease.com + curl -T upload --limit-rate 1M ftp://uploads.example.com When using the `--limit-rate` option, the transfer rate is regulated on a -per-second basis, which will cause the total transfer speed to become lower -than the given number. Sometimes of course substantially lower, if your -transfer stalls during periods. +per-second basis, which causes the total transfer speed to become lower than +the given number. Sometimes of course substantially lower, if your transfer +stalls during periods. ## Config File Curl automatically tries to read the `.curlrc` file (or `_curlrc` file on -Microsoft Windows systems) from the user's home dir on startup. +Microsoft Windows systems) from the user's home directory on startup. The config file could be made up with normal command line switches, but you can also specify the long options without the dashes to make it more @@ -566,31 +590,31 @@ up to the first characters of each line are ignored. Prevent curl from reading the default file by using -q as the first command line parameter, like: - curl -q www.thatsite.com + curl -q www.example.org Force curl to get and display a local help page in case it is invoked without URL by making a config file similar to: # default url to get - url = "http://help.with.curl.com/curlhelp.html" + url = "http://help.with.curl.example.com/curlhelp.html" You can specify another config file to be read by using the `-K`/`--config` -flag. If you set config file name to `-` it will read the config from stdin, -which can be handy if you want to hide options from being visible in process -tables etc: +flag. If you set config filename to `-` it reads the config from stdin, which +can be handy if you want to hide options from being visible in process tables +etc: - echo "user = user:passwd" | curl -K - http://that.secret.site.com + echo "user = user:passwd" | curl -K - http://that.secret.example.com ## Extra Headers When using curl in your own programs, you may end up needing to pass on your -own custom headers when getting a web page. You can do this by using the `-H` +own custom headers when getting a webpage. You can do this by using the `-H` flag. Example, send the header `X-you-and-me: yes` to the server when getting a page: - curl -H "X-you-and-me: yes" www.love.com + curl -H "X-you-and-me: yes" love.example.com This can also be useful in case you want curl to send a different text in a header than it normally does. The `-H` header you specify then replaces the @@ -598,22 +622,22 @@ header curl would normally send. If you replace an internal header with an empty one, you prevent that header from being sent. To prevent the `Host:` header from being used: - curl -H "Host:" www.server.com + curl -H "Host:" server.example.com ## FTP and Path Names Do note that when getting files with a `ftp://` URL, the given path is -relative the directory you enter. To get the file `README` from your home +relative to the directory you enter. To get the file `README` from your home directory at your ftp site, do: - curl ftp://user:passwd@my.site.com/README + curl ftp://user:passwd@my.example.com/README If you want the README file from the root directory of that same site, you -need to specify the absolute file name: +need to specify the absolute filename: - curl ftp://user:passwd@my.site.com//README + curl ftp://user:passwd@my.example.com//README -(I.e with an extra slash in front of the file name.) +(I.e with an extra slash in front of the filename.) ## SFTP and SCP and Path Names @@ -634,7 +658,7 @@ to open another port and await another connection performed by the client. This is good if the client is behind a firewall that does not allow incoming connections. - curl ftp.download.com + curl ftp.example.com If the server, for example, is behind a firewall that does not allow connections on ports other than 21 (or if it just does not support the `PASV` @@ -646,20 +670,20 @@ The `-P` flag to curl supports a few different options. Your machine may have several IP-addresses and/or network interfaces and curl allows you to select which of them to use. Default address can also be used: - curl -P - ftp.download.com + curl -P - ftp.example.com Download with `PORT` but use the IP address of our `le0` interface (this does -not work on windows): +not work on Windows): - curl -P le0 ftp.download.com + curl -P le0 ftp.example.com Download with `PORT` but use 192.168.0.10 as our IP address to use: - curl -P 192.168.0.10 ftp.download.com + curl -P 192.168.0.10 ftp.example.com ## Network Interface -Get a web page from a server using a specified port for the interface: +Get a webpage from a server using a specified port for the interface: curl --interface eth0:1 http://www.example.com/ @@ -675,32 +699,31 @@ using the HTTPS protocol. Example: - curl https://www.secure-site.com + curl https://secure.example.com curl is also capable of using client certificates to get/post files from sites that require valid certificates. The only drawback is that the certificate needs to be in PEM-format. PEM is a standard and open format to store certificates with, but it is not used by the most commonly used browsers. If -you want curl to use the certificates you use with your (favourite) browser, -you may need to download/compile a converter that can convert your browser's +you want curl to use the certificates you use with your favorite browser, you +may need to download/compile a converter that can convert your browser's formatted certificates to PEM formatted ones. Example on how to automatically retrieve a document using a certificate with a personal password: - curl -E /path/to/cert.pem:password https://secure.site.com/ + curl -E /path/to/cert.pem:password https://secure.example.com/ -If you neglect to specify the password on the command line, you will be -prompted for the correct password before any data can be received. +If you neglect to specify the password on the command line, you are prompted +for the correct password before any data can be received. Many older HTTPS servers have problems with specific SSL or TLS versions, which newer versions of OpenSSL etc use, therefore it is sometimes useful to -specify what SSL-version curl should use. Use -3, -2 or -1 to specify that -exact SSL version to use (for SSLv3, SSLv2 or TLSv1 respectively): +specify what TLS version curl should use.: - curl -2 https://secure.site.com/ + curl --tlv1.0 https://secure.example.com/ -Otherwise, curl will attempt to use a sensible TLS default version. +Otherwise, curl attempts to use a sensible TLS default version. ## Resuming File Transfers @@ -709,15 +732,15 @@ resume on HTTP(S) downloads as well as FTP uploads and downloads. Continue downloading a document: - curl -C - -o file ftp://ftp.server.com/path/file + curl -C - -o file ftp://ftp.example.com/path/file Continue uploading a document: - curl -C - -T file ftp://ftp.server.com/path/file + curl -C - -T file ftp://ftp.example.com/path/file Continue downloading a document from a web server - curl -C - -o file http://www.server.com/ + curl -C - -o file http://www.example.com/ ## Time Conditions @@ -728,20 +751,20 @@ them with the `-z`/`--time-cond` flag. For example, you can easily make a download that only gets performed if the remote file is newer than a local copy. It would be made like: - curl -z local.html http://remote.server.com/remote.html + curl -z local.html http://remote.example.com/remote.html Or you can download a file only if the local file is newer than the remote one. Do this by prepending the date string with a `-`, as in: - curl -z -local.html http://remote.server.com/remote.html + curl -z -local.html http://remote.example.com/remote.html -You can specify a "free text" date as condition. Tell curl to only download -the file if it was updated since January 12, 2012: +You can specify a plain text date as condition. Tell curl to only download the +file if it was updated since January 12, 2012: - curl -z "Jan 12 2012" http://remote.server.com/remote.html + curl -z "Jan 12 2012" http://remote.example.com/remote.html -Curl will then accept a wide range of date formats. You always make the date -check the other way around by prepending it with a dash (`-`). +curl accepts a wide range of date formats. You always make the date check the +other way around by prepending it with a dash (`-`). ## DICT @@ -751,8 +774,8 @@ For fun try curl dict://dict.org/d:heisenbug:jargon curl dict://dict.org/d:daniel:gcide -Aliases for 'm' are 'match' and 'find', and aliases for 'd' are 'define' and -'lookup'. For example, +Aliases for `m` are `match` and `find`, and aliases for `d` are `define` and +`lookup`. For example, curl dict://dict.org/find:curl @@ -767,38 +790,35 @@ Authentication support is still missing ## LDAP If you have installed the OpenLDAP library, curl can take advantage of it and -offer `ldap://` support. On Windows, curl will use WinLDAP from Platform SDK -by default. +offer `ldap://` support. On Windows, curl uses WinLDAP from Platform SDK by +default. -Default protocol version used by curl is LDAPv3. LDAPv2 will be used as -fallback mechanism in case if LDAPv3 will fail to connect. +Default protocol version used by curl is LDAP version 3. Version 2 is used as +a fallback mechanism in case version 3 fails to connect. -LDAP is a complex thing and writing an LDAP query is not an easy task. I do -advise you to dig up the syntax description for that elsewhere. One such place -might be: [RFC 2255, The LDAP URL +LDAP is a complex thing and writing an LDAP query is not an easy +task. Familiarize yourself with the exact syntax description elsewhere. One +such place might be: [RFC 2255, The LDAP URL Format](https://curl.se/rfc/rfc2255.txt) -To show you an example, this is how I can get all people from my local LDAP -server that has a certain sub-domain in their email address: - - curl -B "ldap://ldap.frontec.se/o=frontec??sub?mail=*sth.frontec.se" +To show you an example, this is how to get all people from an LDAP server that +has a certain subdomain in their email address: -If I want the same info in HTML format, I can get it by not using the `-B` -(enforce ASCII) flag. + curl -B "ldap://ldap.example.com/o=frontec??sub?mail=*sth.example.com" You also can use authentication when accessing LDAP catalog: - curl -u user:passwd "ldap://ldap.frontec.se/o=frontec??sub?mail=*" - curl "ldap://user:passwd@ldap.frontec.se/o=frontec??sub?mail=*" + curl -u user:passwd "ldap://ldap.example.com/o=frontec??sub?mail=*" + curl "ldap://user:passwd@ldap.example.com/o=frontec??sub?mail=*" -By default, if user and password provided, OpenLDAP/WinLDAP will use basic +By default, if user and password are provided, OpenLDAP/WinLDAP uses basic authentication. On Windows you can control this behavior by providing one of `--basic`, `--ntlm` or `--digest` option in curl command line - curl --ntlm "ldap://user:passwd@ldap.frontec.se/o=frontec??sub?mail=*" + curl --ntlm "ldap://user:passwd@ldap.example.com/o=frontec??sub?mail=*" -On Windows, if no user/password specified, auto-negotiation mechanism will be -used with current logon credentials (SSPI/SPNEGO). +On Windows, if no user/password specified, auto-negotiation mechanism is used +with current logon credentials (SSPI/SPNEGO). ## Environment Variables @@ -811,17 +831,17 @@ with ALL_PROXY -A comma-separated list of host names that should not go through any proxy is +A comma-separated list of hostnames that should not go through any proxy is set in (only an asterisk, `*` matches all hosts) NO_PROXY -If the host name matches one of these strings, or the host is within the -domain of one of these strings, transactions with that node will not be -proxied. When a domain is used, it needs to start with a period. A user can +If the hostname matches one of these strings, or the host is within the domain +of one of these strings, transactions with that node is not done over the +proxy. When a domain is used, it needs to start with a period. A user can specify that both www.example.com and foo.example.com should not use a proxy by setting `NO_PROXY` to `.example.com`. By including the full name you can -exclude specific host names, so to make `www.example.com` not use a proxy but +exclude specific hostnames, so to make `www.example.com` not use a proxy but still have `foo.example.com` do it, set `NO_PROXY` to `www.example.com`. The usage of the `-x`/`--proxy` flag overrides the environment variables. @@ -831,8 +851,8 @@ The usage of the `-x`/`--proxy` flag overrides the environment variables. Unix introduced the `.netrc` concept a long time ago. It is a way for a user to specify name and password for commonly visited FTP sites in a file so that you do not have to type them in each time you visit those sites. You realize -this is a big security risk if someone else gets hold of your passwords, so -therefore most unix programs will not read this file unless it is only readable +this is a big security risk if someone else gets hold of your passwords, +therefore most Unix programs do not read this file unless it is only readable by yourself (curl does not care though). Curl supports `.netrc` files if told to (using the `-n`/`--netrc` and @@ -852,20 +872,20 @@ information from the previous transfer you want to extract. To display the amount of bytes downloaded together with some text and an ending newline: - curl -w 'We downloaded %{size_download} bytes\n' www.download.com + curl -w 'We downloaded %{size_download} bytes\n' www.example.com ## Kerberos FTP Transfer Curl supports kerberos4 and kerberos5/GSSAPI for FTP transfers. You need the kerberos package installed and used at curl build time for it to be available. -First, get the krb-ticket the normal way, like with the kinit/kauth tool. +First, get the krb-ticket the normal way, like with the `kinit`/`kauth` tool. Then use curl in way similar to: - curl --krb private ftp://krb4site.com -u username:fakepwd + curl --krb private ftp://krb4site.example.com -u username:fakepwd -There's no use for a password on the `-u` switch, but a blank one will make -curl ask for one and you already entered the real password to kinit/kauth. +There is no use for a password on the `-u` switch, but a blank one makes curl +ask for one and you already entered the real password to `kinit`/`kauth`. ## TELNET @@ -873,10 +893,10 @@ The curl telnet support is basic and easy to use. Curl passes all data passed to it on stdin to the remote server. Connect to a remote telnet server using a command line similar to: - curl telnet://remote.server.com + curl telnet://remote.example.com -And enter the data to pass to the server on stdin. The result will be sent to -stdout or to the file you specify with `-o`. +Enter the data to pass to the server on stdin. The result is sent to stdout or +to the file you specify with `-o`. You might want the `-N`/`--no-buffer` option to switch off the buffered output for slow connections or similar. @@ -884,7 +904,7 @@ for slow connections or similar. Pass options to the telnet protocol negotiation, by using the `-t` option. To tell the server we use a vt100 terminal, try something like: - curl -tTTYPE=vt100 telnet://remote.server.com + curl -tTTYPE=vt100 telnet://remote.example.com Other interesting options for it `-t` include: @@ -898,20 +918,20 @@ accordingly. ## Persistent Connections -Specifying multiple files on a single command line will make curl transfer all -of them, one after the other in the specified order. +Specifying multiple files on a single command line makes curl transfer all of +them, one after the other in the specified order. -libcurl will attempt to use persistent connections for the transfers so that -the second transfer to the same host can use the same connection that was -already initiated and was left open in the previous transfer. This greatly -decreases connection time for all but the first transfer and it makes a far -better use of the network. +libcurl attempts to use persistent connections for the transfers so that the +second transfer to the same host can use the same connection that was already +initiated and was left open in the previous transfer. This greatly decreases +connection time for all but the first transfer and it makes a far better use +of the network. Note that curl cannot use persistent connections for transfers that are used -in subsequence curl invokes. Try to stuff as many URLs as possible on the same -command line if they are using the same host, as that will make the transfers +in subsequent curl invokes. Try to stuff as many URLs as possible on the same +command line if they are using the same host, as that makes the transfers faster. If you use an HTTP proxy for file transfers, practically all transfers -will be persistent. +are persistent. ## Multiple Transfers With A Single Command Line @@ -924,19 +944,18 @@ URL you specify. Note that this also goes for the `-O` option (but not For example: get two files and use `-O` for the first and a custom file name for the second: - curl -O http://url.com/file.txt ftp://ftp.com/moo.exe -o moo.jpg + curl -O http://example.com/file.txt ftp://example.com/moo.exe -o moo.jpg You can also upload multiple files in a similar fashion: - curl -T local1 ftp://ftp.com/moo.exe -T local2 ftp://ftp.com/moo2.txt + curl -T local1 ftp://example.com/moo.exe -T local2 ftp://example.com/moo2.txt ## IPv6 -curl will connect to a server with IPv6 when a host lookup returns an IPv6 -address and fall back to IPv4 if the connection fails. The `--ipv4` and -`--ipv6` options can specify which address to use when both are -available. IPv6 addresses can also be specified directly in URLs using the -syntax: +curl connects to a server with IPv6 when a host lookup returns an IPv6 address +and fall back to IPv4 if the connection fails. The `--ipv4` and `--ipv6` +options can specify which address to use when both are available. IPv6 +addresses can also be specified directly in URLs using the syntax: http://[2001:1890:1112:1::20]/overview.html @@ -963,28 +982,27 @@ these mailing lists instead of mailing any individual. Available lists include: -### curl-users +### `curl-users` Users of the command line tool. How to use it, what does not work, new features, related tools, questions, news, installations, compilations, running, porting etc. -### curl-library +### `curl-library` Developers using or developing libcurl. Bugs, extensions, improvements. -### curl-announce +### `curl-announce` Low-traffic. Only receives announcements of new public versions. At worst, that makes something like one or two mails per month, but usually only one mail every second month. -### curl-and-php +### `curl-and-php` Using the curl functions in PHP. Everything curl with a PHP angle. Or PHP with a curl angle. -### curl-and-python +### `curl-and-python` Python hackers using curl with or without the python binding pycurl. - diff --git a/libs/curl/docs/MQTT.md b/libs/curl/docs/MQTT.md index 0f034f72..a1bc4b34 100644 --- a/libs/curl/docs/MQTT.md +++ b/libs/curl/docs/MQTT.md @@ -1,3 +1,9 @@ + + # MQTT in curl ## Usage @@ -7,11 +13,11 @@ Doing a "POST" publishes the post data to the topic and exits. Example subscribe: - curl mqtt://host/home/bedroom/temp + curl mqtt://host.home/bedroom/temp Example publish: - curl -d 75 mqtt://host/home/bedroom/dimmer + curl -d 75 mqtt://host.home/bedroom/dimmer ## What does curl deliver as a response to a subscribe @@ -24,4 +30,4 @@ Remaining limitations: - Only QoS level 0 is implemented for publish - No way to set retain flag for publish - No TLS (mqtts) support - - Naive EAGAIN handling will not handle split messages + - Naive EAGAIN handling does not handle split messages diff --git a/libs/curl/docs/Makefile.am b/libs/curl/docs/Makefile.am index e4725651..e9ef6284 100644 --- a/libs/curl/docs/Makefile.am +++ b/libs/curl/docs/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,32 +18,33 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### AUTOMAKE_OPTIONS = foreign no-dependencies -# EXTRA_DIST breaks with $(abs_builddir) so build it using this variable -# but distribute it (using the relative file name) in the next variable -man_MANS = $(abs_builddir)/curl.1 -noinst_man_MANS = curl.1 mk-ca-bundle.1 -dist_man_MANS = curl-config.1 -GENHTMLPAGES = curl.html curl-config.html mk-ca-bundle.html -PDFPAGES = curl.pdf curl-config.pdf mk-ca-bundle.pdf -MANDISTPAGES = curl.1.dist curl-config.1.dist +if BUILD_DOCS +# if we disable man page building, ignore these +MK_CA_DOCS = mk-ca-bundle.1 +CURLCONF_DOCS = curl-config.1 +man_MANS = curl-config.1 +endif -HTMLPAGES = $(GENHTMLPAGES) +CURLPAGES = curl-config.md mk-ca-bundle.md -# Build targets in this file (.) before cmdline-opts to ensure that -# the curl.1 rule below runs first -SUBDIRS = . cmdline-opts -DIST_SUBDIRS = $(SUBDIRS) examples libcurl +SUBDIRS = . cmdline-opts libcurl +DIST_SUBDIRS = $(SUBDIRS) examples -CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES) $(MANDISTPAGES) curl.1 +if BUILD_DOCS +CLEANFILES = mk-ca-bundle.1 curl-config.1 +endif EXTRA_DIST = \ - $(noinst_man_MANS) \ + $(CURLPAGES) \ ALTSVC.md \ BINDINGS.md \ + BUFQ.md \ BUFREF.md \ BUG-BOUNTY.md \ BUGS.md \ @@ -53,10 +54,17 @@ EXTRA_DIST = \ CODE_OF_CONDUCT.md \ CODE_REVIEW.md \ CODE_STYLE.md \ + CLIENT-READERS.md \ + CLIENT-WRITERS.md \ + CONNECTION-FILTERS.md \ CONTRIBUTE.md \ CURL-DISABLE.md \ + CURLDOWN.md \ DEPRECATE.md \ + DISTROS.md \ DYNBUF.md \ + EARLY-RELEASE.md \ + ECH.md \ EXPERIMENTAL.md \ FAQ \ FEATURES.md \ @@ -69,11 +77,13 @@ EXTRA_DIST = \ HTTP3.md \ HYPER.md \ INSTALL \ - INSTALL.cmake \ + INSTALL-CMAKE.md \ INSTALL.md \ INTERNALS.md \ + IPFS.md \ KNOWN_BUGS \ - MAIL-ETIQUETTE \ + MAIL-ETIQUETTE.md \ + MANUAL.md \ MQTT.md \ NEW-PROTOCOL.md \ options-in-versions \ @@ -82,47 +92,35 @@ EXTRA_DIST = \ RELEASE-PROCEDURE.md \ RUSTLS.md \ ROADMAP.md \ - SECURITY-PROCESS.md \ + SECURITY-ADVISORY.md \ + SPONSORS.md \ SSL-PROBLEMS.md \ SSLCERTS.md \ THANKS \ TODO \ TheArtOfHttpScripting.md \ URL-SYNTAX.md \ - VERSIONS.md + VERSIONS.md \ + VULN-DISCLOSURE-POLICY.md \ + WEBSOCKET.md -MAN2HTML= roffit $< >$@ +CD2NROFF = $(top_srcdir)/scripts/cd2nroff $< >$@ -SUFFIXES = .1 .html .pdf +CD2 = $(CD2_$(V)) +CD2_0 = @echo " RENDER " $@; +CD2_1 = +CD2_ = $(CD2_0) -# $(abs_builddir) is to disable VPATH when searching for this file, which -# would otherwise find the copy in $(srcdir) which breaks the $(HUGE) -# rule in src/Makefile.am in out-of-tree builds that references the file in the -# build directory. -# -# First, seed the used copy of curl.1 with the prebuilt copy (in an out-of-tree -# build), then run make recursively to rebuild it only if its dependencies -# have changed. -$(abs_builddir)/curl.1: - if test "$(top_builddir)x" != "$(top_srcdir)x" -a -e "$(srcdir)/curl.1"; then \ - $(INSTALL_DATA) "$(srcdir)/curl.1" $@; fi - cd cmdline-opts && $(MAKE) +SUFFIXES = .1 .md -html: $(HTMLPAGES) - cd libcurl && $(MAKE) html +all: $(MK_CA_DOCS) $(CURLCONF_DOCS) -pdf: $(PDFPAGES) - cd libcurl && $(MAKE) pdf +.md.1: + $(CD2)$(CD2NROFF) -.1.html: - $(MAN2HTML) +curl-config.1: curl-config.md -.1.pdf: - @(foo=`echo $@ | sed -e 's/\.[0-9]$$//g'`; \ - groff -Tps -man $< >$$foo.ps; \ - ps2pdf $$foo.ps $@; \ - rm $$foo.ps; \ - echo "converted $< to $@") +mk-ca-bundle.1: mk-ca-bundle.md distclean: rm -f $(CLEANFILES) diff --git a/libs/curl/docs/NEW-PROTOCOL.md b/libs/curl/docs/NEW-PROTOCOL.md index 334215d3..be7fc984 100644 --- a/libs/curl/docs/NEW-PROTOCOL.md +++ b/libs/curl/docs/NEW-PROTOCOL.md @@ -1,22 +1,28 @@ + + # Adding a new protocol? -Every once in a while someone comes up with the idea of adding support for yet +Every once in a while, someone comes up with the idea of adding support for yet another protocol to curl. After all, curl already supports 25 something protocols and it is the Internet transfer machine for the world. In the curl project we love protocols and we love supporting many protocols -and do it well. +and doing it well. -So how do you proceed to add a new protocol and what are the requirements? +How do you proceed to add a new protocol and what are the requirements? ## No fixed set of requirements This document is an attempt to describe things to consider. There is no checklist of the twenty-seven things you need to cross off. We view the entire -effort as a whole and then judge if it seems to be the right thing - for -now. The more things that look right, fit our patterns and are done in ways -that align with our thinking, the better are the chances that we will agree -that supporting this protocol is a grand idea. +effort as a whole and then judge if it seems to be the right thing - for now. +The more things that look right, fit our patterns and are done in ways that +align with our thinking, the better are the chances that we agree that +supporting this protocol is a grand idea. ## Mutual benefit is preferred @@ -93,18 +99,18 @@ protocol - but it might require a bit of an effort to make it happen. We cannot assume that users are particularly familiar with details and peculiarities of the protocol. It needs documentation. -Maybe it even needs some internal documentation so that the developers who -will try to debug something five years from now can figure out functionality a -little easier! +Maybe it even needs some internal documentation so that the developers who try +to debug something five years from now can figure out functionality a little +easier! The protocol specification itself should be freely available without requiring -any NDA or similar. +a non-disclosure agreement or similar. ## Do not compare -We are constantly raising the bar and we are constantly improving the -project. A lot of things we did in the past would not be acceptable if done -today. Therefore, you might be tempted to use shortcuts or "hacks" you can -spot other - existing - protocol implementations have used, but there is -nothing to gain from that. The bar has been raised. Former "cheats" will not be -tolerated anymore. +We are constantly raising the bar and we are constantly improving the project. +A lot of things we did in the past would not be acceptable if done today. +Therefore, you might be tempted to use shortcuts or "hacks" you can spot +other - existing - protocol implementations have used, but there is nothing to +gain from that. The bar has been raised. Former "cheats" may not tolerated +anymore. diff --git a/libs/curl/docs/PARALLEL-TRANSFERS.md b/libs/curl/docs/PARALLEL-TRANSFERS.md index 325e64f9..08aac544 100644 --- a/libs/curl/docs/PARALLEL-TRANSFERS.md +++ b/libs/curl/docs/PARALLEL-TRANSFERS.md @@ -1,13 +1,19 @@ + + # Parallel transfers -curl 7.66.0 introduces support for doing multiple transfers simultaneously; in +curl 7.66.0 introduced support for doing multiple transfers simultaneously; in parallel. ## -Z, --parallel -When this command line option is used, curl will perform the transfers given -to it at the same time. It will do up to `--parallel-max` concurrent -transfers, with a default value of 50. +When this command line option is used, curl performs the transfers given to it +at the same time. It does up to `--parallel-max` concurrent transfers, with a +default value of 50. ## Progress meter @@ -27,8 +33,8 @@ completely different than the regular one used for each single transfer. o total time all transfers are expected to take (if sizes are known) o current time the transfers have spent so far o estimated time left (if sizes are known) - o current transfer speed (the faster of UL/DL speeds measured over the last - few seconds) + o current transfer speed (the faster of upload/download speeds measured over + the last few seconds) Example: @@ -38,9 +44,9 @@ Example: ## Behavior differences Connections are shared fine between different easy handles, but the -"authentication contexts" are not. So for example doing HTTP Digest auth with -one handle for a particular transfer and then continue on with another handle -that reuses the same connection, the second handle cannot send the necessary +"authentication contexts" are not. For example doing HTTP Digest auth with one +handle for a particular transfer and then continue on with another handle that +reuses the same connection, the second handle cannot send the necessary Authorization header at once since the context is only kept in the original easy handle. @@ -48,11 +54,3 @@ To fix this, the authorization state could be made possible to share with the share API as well, as a context per origin + path (realm?) basically. Visible in test 153, 1412 and more. - -## Feedback - -This is early days for parallel transfer support. Keep your eyes open for -unintended side effects or downright bugs. - -Tell us what you think and how you think we could improve this feature! - diff --git a/libs/curl/docs/README.md b/libs/curl/docs/README.md index b72d8bc4..22d96ea9 100644 --- a/libs/curl/docs/README.md +++ b/libs/curl/docs/README.md @@ -1,10 +1,16 @@ + + ![curl logo](https://curl.se/logo/curl-logo.svg) # Documentation -you will find a mix of various documentation in this directory and -subdirectories, using several different formats. Some of them are not ideal -for reading directly in your browser. +You find a mix of various documentation in this directory and subdirectories, +using several different formats. Some of them are not ideal for reading +directly in your browser. If you would rather see the rendered version of the documentation, check out the curl website's [documentation section](https://curl.se/docs/) for diff --git a/libs/curl/docs/RELEASE-PROCEDURE.md b/libs/curl/docs/RELEASE-PROCEDURE.md index 9aa29dc0..043e3afd 100644 --- a/libs/curl/docs/RELEASE-PROCEDURE.md +++ b/libs/curl/docs/RELEASE-PROCEDURE.md @@ -1,11 +1,15 @@ + + curl release procedure - how to do a release ============================================ in the source code repo ----------------------- -- run `./scripts/copyright.pl` and correct possible omissions - - edit `RELEASE-NOTES` to be accurate - update `docs/THANKS` @@ -16,14 +20,11 @@ in the source code repo tag and we use underscores instead of dots in the version number. Make sure the tag is GPG signed (using -s). -- run "./maketgz 7.34.0" to build the release tarballs. It is important that - you run this on a machine with the correct set of autotools etc installed - as this is what then will be shipped and used by most users on \*nix like - systems. +- run `./scripts/dmaketgz 7.34.0` to build the release tarballs. - push the git commits and the new tag -- gpg sign the 4 tarballs as maketgz suggests +- GPG sign the 4 tarballs as `maketgz` suggests - upload the 8 resulting files to the primary download directory @@ -66,41 +67,52 @@ curl release scheduling Release Cycle ------------- -We do releases every 8 weeks on Wednesdays. If critical problems arise, we can -insert releases outside of the schedule or we can move the release date - but -this is rare. +We normally do releases every 8 weeks on Wednesdays. If important problems +arise, we can insert releases outside the schedule or we can move the release +date. -Each 8 week release cycle is split in two 4-week periods. +Each 8 week (56 days) release cycle is divided into three distinct periods: -- During the first 4 weeks after a release, we allow new features and changes - to curl and libcurl. If we accept any such changes, we bump the minor number - used for the next release. +- During the first 10 calendar days after a release, we are in "cool down". We + do not merge features but only bug-fixes. If a regression is reported, we + might do a follow-up patch release. -- During the second 4-week period we do not merge any features or changes, we - then only focus on fixing bugs and polishing things to make a solid coming - release. +- During the following 3 weeks (21 days) there is a feature window: we allow + new features and changes to curl and libcurl. If we accept any such changes, + we bump the minor number used for the next release. -- After a regular procedure-following release (made on Wednesdays), the - feature window remains closed until the following Monday in case of special - actions or patch releases etc. +- During the next 25 days we are in feature freeze. We do not merge any + features or changes, and we only focus on fixing bugs and polishing things + to make the pending release a solid one. If a future release date happens to end up on a "bad date", like in the middle -of common public holidays or when the lead release manager is away traveling, -the release date can be moved forwards or backwards a full week. This is then +of common public holidays or when the lead release manager is unavailable, the +release date can be moved forwards or backwards a full week. This is then advertised well in advance. +Critical problems +----------------- + +We can break the release cycle and do a patch release at any point if a +critical enough problem is reported. There is no exact definition of how to +assess such criticality, but if an issue is highly disturbing or has a +security impact on a large enough share of the user population it might +qualify. + +If you think an issue qualifies, bring it to the curl-library mailing list and +push for it. + Coming dates ------------ Based on the description above, here are some planned release dates (at the time of this writing): -- January 5, 2022 (7.81.0) -- March 2, 2022 -- April 27, 2022 -- June 22, 2022 -- August 17, 2022 -- October 12, 2022 -- December 7, 2022 -- February 1, 2023 -- March 20, 2023 (8.0.0) +- September 11, 2024 +- November 6, 2024 +- January 8, 2025 +- March 5, 2025 +- April 30, 2025 +- June 25, 2025 +- August 20, 2025 +- October 15, 2025 diff --git a/libs/curl/docs/ROADMAP.md b/libs/curl/docs/ROADMAP.md index 79e8b03a..abf306b3 100644 --- a/libs/curl/docs/ROADMAP.md +++ b/libs/curl/docs/ROADMAP.md @@ -1,24 +1,17 @@ + + # curl the next few years - perhaps Roadmap of things Daniel Stenberg wants to work on next. It is intended to serve as a guideline for others for information, feedback and possible participation. -## "Complete" the HTTP/3 support - -curl has experimental support for HTTP/3 since a good while back. There are -some functionality missing and once the final specs are published we want to -eventually remove the "experimental" label from this functionality. - -## HTTPS DNS records - -As a DNS version of alt-svc and also a pre-requisite for ECH (see below). - -See: https://tools.ietf.org/html/draft-ietf-dnsop-svcb-https-02 - -## ECH (Encrypted Client Hello - formerly known as ESNI) +## WebSocket - See Daniel's post on [Support of Encrypted - SNI](https://curl.se/mail/lib-2019-03/0000.html) on the mailing list. +Agree that it is a good enough API and remove the EXPERIMENTAL label. - Initial work exists in https://github.com/curl/curl/pull/4011 +## diff --git a/libs/curl/docs/RUSTLS.md b/libs/curl/docs/RUSTLS.md index 17faa20e..cf32afc5 100644 --- a/libs/curl/docs/RUSTLS.md +++ b/libs/curl/docs/RUSTLS.md @@ -1,9 +1,15 @@ + + # Rustls -[Rustls is a TLS backend written in Rust.](https://docs.rs/rustls/). Curl can +[Rustls is a TLS backend written in Rust](https://docs.rs/rustls/). Curl can be built to use it as an alternative to OpenSSL or other TLS backends. We use the [rustls-ffi C bindings](https://github.com/rustls/rustls-ffi/). This -version of curl depends on version v0.8.2 of rustls-ffi. +version of curl depends on version v0.13.0 of rustls-ffi. # Building with rustls @@ -11,8 +17,7 @@ First, [install Rust](https://rustup.rs/). Next, check out, build, and install the appropriate version of rustls-ffi: - % cargo install cbindgen - % git clone https://github.com/rustls/rustls-ffi -b v0.8.2 + % git clone https://github.com/rustls/rustls-ffi -b v0.13.0 % cd rustls-ffi % make % make DESTDIR=${HOME}/rustls-ffi-built/ install @@ -21,6 +26,6 @@ Now configure and build curl with rustls: % git clone https://github.com/curl/curl % cd curl - % ./buildconf + % autoreconf -fi % ./configure --with-rustls=${HOME}/rustls-ffi-built % make diff --git a/libs/curl/docs/SECURITY-ADVISORY.md b/libs/curl/docs/SECURITY-ADVISORY.md new file mode 100644 index 00000000..efb0e049 --- /dev/null +++ b/libs/curl/docs/SECURITY-ADVISORY.md @@ -0,0 +1,135 @@ + + +# Anatomy of a curl security advisory + +As described in the [Security Process](https://curl.se/dev/secprocess.html) +document, when a security vulnerability has been reported to the project and +confirmed, we author an advisory document for the issue. It should ideally +be written in cooperation with the reporter to make sure all the angles and +details of the problem are gathered and described correctly and succinctly. + +## New document + +A security advisory for curl is created in the `docs/` folder in the +[curl-www](https://github.com/curl/curl-www) repository. It should be named +`$CVEID.md` where `$CVEID` is the full CVE Id that has been registered for the +flaw. Like `CVE-2016-0755`. The `.md` extension of course means that the +document is written using markdown. + +The standard way to go about this is to first write the `VULNERABILITY` +section for the document, so that there is description of the flaw available, +then paste this description into the CVE Id request. + +### `vuln.pm` + +The new issue should be entered at the top of the list in the file `vuln.pm` +in the same directory. It holds a large array with all published curl +vulnerabilities. All fields should be filled in accordingly, separated by a +pipe character (`|`). + +The eleven fields for each CVE in `vuln.pm` are, in order: + + HTML page name, first vulnerable version, last vulnerable version, name of + the issue, CVE Id, announce date (`YYYYMMDD`), report to the project date + (`YYYYMMDD`), CWE, awarded reward amount (USD), area (single word), C-issue + (`-` if not a C issue at all, `OVERFLOW` , `OVERREAD`, `DOUBLE_FREE`, + `USE_AFTER_FREE`, `NULL_MISTAKE`, `UNINIT`) + +### `Makefile` + +The new CVE webpage filename needs to be added in the `Makefile`'s `CVELIST` +macro. + +When the markdown is in place and the `Makefile` and `vuln.pm` are updated, +all other files and metadata for all curl advisories and versions get +generated automatically using those files. + +## Document format + +The easy way is to start with a recent previously published advisory and just +blank out old texts and save it using a new name. Save the subtitles and +general layout. + +Some details and metadata are extracted from this document so it is important +to stick to the existing format. + +The first list must be the title of the issue. + +### VULNERABILITY + +The first subtitle should be `VULNERABILITY`. That should then include a +through and detailed description of the flaw. Including how it can be +triggered and maybe something about what might happen if triggered or +exploited. + +### INFO + +The next section is `INFO` which adds meta data information about the flaw. It +specifically mentions the official CVE Id for the issue and it must list the +CWE Id, starting on its own line. We write CWE identifiers in advisories with +the full (official) explanation on the right side of a colon. Like this: + +`CWE-305: Authentication Bypass by Primary Weakness` + +### AFFECTED VERSIONS + +The third section first lists what versions that are affected, then adds +clarity by stressing what versions that are *not* affected. A third line adds +information about which specific git commit that introduced the vulnerability. + +The `Introduced-in` commit should be a full URL that displays the commit, but +should work as a stand-alone commit hash if everything up to the last slash is +cut out. + +An example using the correct syntax: + +~~~ +- Affected versions: curl 7.16.1 to and including 7.88.1 +- Not affected versions: curl < 7.16.1 and curl >= 8.0.0 +- Introduced-in: https://github.com/curl/curl/commit/2147284cad +~~~ + +### THE SOLUTION + +This section describes and discusses the fix. The only mandatory information +here is the link to the git commit that fixes the problem. + +The `Fixed-in` value should be a full URL that displays the commit, but should +work as a stand-alone commit hash if everything up to the last slash is cut +out. + +Example: + +`- Fixed-in: https://github.com/curl/curl/commit/af369db4d3833272b8ed` + +### RECOMMENDATIONS + +This section lists the recommended actions for the users in a top to bottom +priority order and should ideally contain three items but no less than two. + +The top two are almost always `upgrade curl to version XXX` and `apply the +patch to your local version`. + +### TIMELINE + +Detail when this report was received in the project. When package distributors +were notified (via the distros mailing list or similar) + +When the advisory and fixed version are released. + +### CREDITS + +Mention the reporter and patch author at least, then everyone else involved +you think deserves a mention. + +If you want to mention more than one name, separate the names with comma +(`,`). + +~~~ +- Reported-by: Full Name +- Patched-by: Full Name +~~~ diff --git a/libs/curl/docs/SECURITY-PROCESS.md b/libs/curl/docs/SECURITY-PROCESS.md deleted file mode 100644 index f13d6d3a..00000000 --- a/libs/curl/docs/SECURITY-PROCESS.md +++ /dev/null @@ -1,141 +0,0 @@ -curl security process -===================== - -This document describes how security vulnerabilities should be handled in the -curl project. - -Publishing Information ----------------------- - -All known and public curl or libcurl related vulnerabilities are listed on -[the curl website security page](https://curl.se/docs/security.html). - -Security vulnerabilities **should not** be entered in the project's public bug -tracker. - -Vulnerability Handling ----------------------- - -The typical process for handling a new security vulnerability is as follows. - -No information should be made public about a vulnerability until it is -formally announced at the end of this process. That means, for example that a -bug tracker entry must NOT be created to track the issue since that will make -the issue public and it should not be discussed on any of the project's public -mailing lists. Also messages associated with any commits should not make any -reference to the security nature of the commit if done prior to the public -announcement. - -- The person discovering the issue, the reporter, reports the vulnerability on - [https://hackerone.com/curl](https://hackerone.com/curl). Issues filed there - reach a handful of selected and trusted people. - -- Messages that do not relate to the reporting or managing of an undisclosed - security vulnerability in curl or libcurl are ignored and no further action - is required. - -- A person in the security team responds to the original report to acknowledge - that a human has seen the report. - -- The security team investigates the report and either rejects it or accepts - it. - -- If the report is rejected, the team writes to the reporter to explain why. - -- If the report is accepted, the team writes to the reporter to let him/her - know it is accepted and that they are working on a fix. - -- The security team discusses the problem, works out a fix, considers the - impact of the problem and suggests a release schedule. This discussion - should involve the reporter as much as possible. - -- The release of the information should be "as soon as possible" and is most - often synchronized with an upcoming release that contains the fix. If the - reporter, or anyone else involved, thinks the next planned release is too - far away, then a separate earlier release should be considered. - -- Write a security advisory draft about the problem that explains what the - problem is, its impact, which versions it affects, solutions or workarounds, - when the release is out and make sure to credit all contributors properly. - Figure out the CWE (Common Weakness Enumeration) number for the flaw. - -- Request a CVE number from - [HackerOne](https://docs.hackerone.com/programs/cve-requests.html) - -- Update the "security advisory" with the CVE number. - -- The security team commits the fix in a private branch. The commit message - should ideally contain the CVE number. - -- The security team also decides on and delivers a monetary reward to the - reporter as per the bug-bounty polices. - -- No more than 10 days before release, inform - [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros) - to prepare them about the upcoming public security vulnerability - announcement - attach the advisory draft for information with CVE and - current patch. 'distros' does not accept an embargo longer than 14 days and - they do not care for Windows-specific flaws. - -- No more than 48 hours before the release, the private branch is merged into - the master branch and pushed. Once pushed, the information is accessible to - the public and the actual release should follow suit immediately afterwards. - The time between the push and the release is used for final tests and - reviews. - -- The project team creates a release that includes the fix. - -- The project team announces the release and the vulnerability to the world in - the same manner we always announce releases. It gets sent to the - curl-announce, curl-library and curl-users mailing lists. - -- The security web page on the website should get the new vulnerability - mentioned. - -security (at curl dot se) ------------------------------- - -This is a private mailing list for discussions on and about curl security -issues. - -Who is on this list? There are a couple of criteria you must meet, and then we -might ask you to join the list or you can ask to join it. It really is not a -formal process. We basically only require that you have a long-term presence -in the curl project and you have shown an understanding for the project and -its way of working. You must have been around for a good while and you should -have no plans in vanishing in the near future. - -We do not make the list of participants public mostly because it tends to vary -somewhat over time and a list somewhere will only risk getting outdated. - -Publishing Security Advisories ------------------------------- - -1. Write up the security advisory, using markdown syntax. Use the same - subtitles as last time to maintain consistency. - -2. Name the advisory file after the allocated CVE id. - -3. Add a line on the top of the array in `curl-www/docs/vuln.pm'. - -4. Put the new advisory markdown file in the curl-www/docs/ directory. Add it - to the git repo. - -5. Run `make` in your local web checkout and verify that things look fine. - -6. On security advisory release day, push the changes on the curl-www - repository's remote master branch. - -Hackerone ---------- - -Request the issue to be disclosed. If there are sensitive details present in -the report and discussion, those should be redacted from the disclosure. The -default policy is to disclose as much as possible as soon as the vulnerability -has been published. - -Bug Bounty ----------- - -See [BUG-BOUNTY](https://curl.se/docs/bugbounty.html) for details on the -bug bounty program. diff --git a/libs/curl/docs/SPONSORS.md b/libs/curl/docs/SPONSORS.md new file mode 100644 index 00000000..bb110976 --- /dev/null +++ b/libs/curl/docs/SPONSORS.md @@ -0,0 +1,47 @@ + + +# curl sponsors + +A sponsor is someone who donates money or resources to the curl project for no +specific service in return. + +curl accepts donations via [GitHub sponsors](https://github.com/sponsors/curl) +and [Open Collective](https://opencollective.com/curl). + +An even better way to contribute to the project might be to pay an engineer or +two to spend work hours on curl related tasks. + +We promise to use donated funds for things and activities that we believe are +beneficial for the project and its development. That includes but is not +limited to bug-bounties, developer conferences, infrastructure, development, +services and hardware. + +Recurring donations above a certain amount of money puts the sponsor at a +named sponsor level: **Silver**, **Gold**, **Platinum** or **Top**. + +Sponsors on a named level can provide their logo image and preferred URL and +get recognition on the curl website's [sponsor +page](https://curl.se/sponsors.html). + +- **Silver Sponsor** at least 100 USD/month +- **Gold Sponsor** at least 500 USD/month +- **Platinum Sponsor** at least 1000 USD/month +- **Top Sponsor** outstanding extra valuable help + +## Sponsor requirements + +A named level sponsor is entitled a logo and link on the curl website assuming +the company, brand and link are not deemed unsuitable. The curl team reserves +the right to make that decision at its own discretion. + +Sponsors may be denied a website presence for example if involved with drugs, +gambling, pornography, social media manipulation etc. + +## Past Sponsors + +Sponsors that stop paying are considered *Past Sponsors* and are not displayed +on the sponsor page anymore. We thank you for your contributions! diff --git a/libs/curl/docs/SSL-PROBLEMS.md b/libs/curl/docs/SSL-PROBLEMS.md index 3ba601aa..26deed39 100644 --- a/libs/curl/docs/SSL-PROBLEMS.md +++ b/libs/curl/docs/SSL-PROBLEMS.md @@ -1,8 +1,8 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| + # SSL problems @@ -11,25 +11,25 @@ ago. There are several known reasons why a connection that involves SSL might - fail. This is a document that attempts to details the most common ones and + fail. This is a document that attempts to detail the most common ones and how to mitigate them. ## CA certs CA certs are used to digitally verify the server's certificate. You need a - "ca bundle" for this. See lots of more details on this in the SSLCERTS + "ca bundle" for this. See lots of more details on this in the `SSLCERTS` document. ## CA bundle missing intermediate certificates - When using said CA bundle to verify a server cert, you will experience + When using said CA bundle to verify a server cert, you may experience problems if your CA store does not contain the certificates for the intermediates if the server does not provide them. The TLS protocol mandates that the intermediate certificates are sent in the handshake, but as browsers have ways to survive or work around such - omissions, missing intermediates in TLS handshakes still happen that - browser-users will not notice. + omissions, missing intermediates in TLS handshakes still happen that browser + users do not notice. Browsers work around this problem in two ways: they cache intermediate certificates from previous transfers and some implement the TLS "AIA" @@ -59,18 +59,17 @@ ciphers from its default set (slightly depending on SSL backend in use). You may have to explicitly provide an alternative list of ciphers for curl - to use to allow the server to use a WEAK cipher for you. + to use to allow the server to use a weak cipher for you. Note that these weak ciphers are identified as flawed. For example, this includes symmetric ciphers with less than 128 bit keys and RC4. Schannel in Windows XP is not able to connect to servers that no longer support the legacy handshakes and algorithms used by those versions, so we - advice against building curl to use Schannel on really old Windows versions. - - References: + advise against building curl to use Schannel on really old Windows versions. - https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 + Reference: [Prohibiting RC4 Cipher + Suites](https://datatracker.ietf.org/doc/html/draft-popov-tls-prohibiting-rc4-01) ## Allow BEAST diff --git a/libs/curl/docs/SSLCERTS.md b/libs/curl/docs/SSLCERTS.md index ad0a9813..ba349ed6 100644 --- a/libs/curl/docs/SSLCERTS.md +++ b/libs/curl/docs/SSLCERTS.md @@ -1,3 +1,9 @@ + + SSL Certificate Verification ============================ @@ -6,7 +12,6 @@ SSL is TLS SSL is the old name. It is called TLS these days. - Native SSL ---------- @@ -21,15 +26,16 @@ It is about trust ----------------- This system is about trust. In your local CA certificate store you have certs -from *trusted* Certificate Authorities that you then can use to verify that the -server certificates you see are valid. they are signed by one of the CAs you -trust. +from *trusted* Certificate Authorities that you then can use to verify that +the server certificates you see are valid. They are signed by one of the +certificate authorities you trust. -Which CAs do you trust? You can decide to trust the same set of companies your -operating system trusts, or the set one of the known browsers trust. That is -basically trust via someone else you trust. You should just be aware that -modern operating systems and browsers are setup to trust *hundreds* of -companies and recent years several such CAs have been found untrustworthy. +Which certificate authorities do you trust? You can decide to trust the same +set of companies your operating system trusts, or the set one of the known +browsers trust. That is basically trust via someone else you trust. You should +just be aware that modern operating systems and browsers are setup to trust +*hundreds* of companies and in recent years several certificate authorities +have been found untrustworthy. Certificate Verification ------------------------ @@ -39,8 +45,8 @@ by using a CA certificate store that the SSL library can use to make sure the peer's server certificate is valid. If you communicate with HTTPS, FTPS or other TLS-using servers using -certificates that are signed by CAs present in the store, you can be sure -that the remote server really is the one it claims to be. +certificates in the CA store, you can be sure that the remote server really is +the one it claims to be. If the remote server uses a self-signed certificate, if you do not install a CA cert store, if the server uses a certificate signed by a CA that is not @@ -51,30 +57,31 @@ server, do one of the following: 1. Tell libcurl to *not* verify the peer. With libcurl you disable this with `curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);` - With the curl command line tool, you disable this with -k/--insecure. + With the curl command line tool, you disable this with `-k`/`--insecure`. 2. Get a CA certificate that can verify the remote server and use the proper option to point out this CA cert for verification when connecting. For libcurl hackers: `curl_easy_setopt(curl, CURLOPT_CAINFO, cacert);` - With the curl command line tool: --cacert [file] + With the curl command line tool: `--cacert [file]` 3. Add the CA cert for your server to the existing default CA certificate store. The default CA certificate store can be changed at compile time with the following configure options: - --with-ca-bundle=FILE: use the specified file as CA certificate store. CA - certificates need to be concatenated in PEM format into this file. + `--with-ca-bundle=FILE`: use the specified file as the CA certificate + store. CA certificates need to be concatenated in PEM format into this + file. - --with-ca-path=PATH: use the specified path as CA certificate store. CA + `--with-ca-path=PATH`: use the specified path as CA certificate store. CA certificates need to be stored as individual PEM files in this directory. You may need to run c_rehash after adding files there. - If neither of the two options is specified, configure will try to auto-detect - a setting. It's also possible to explicitly not hardcode any default store - but rely on the built in default the crypto library may provide instead. - You can achieve that by passing both --without-ca-bundle and - --without-ca-path to the configure script. + If neither of the two options is specified, configure tries to auto-detect + a setting. It's also possible to explicitly not set any default store but + rely on the built in default the crypto library may provide instead. You + can achieve that by passing both `--without-ca-bundle` and + `--without-ca-path` to the configure script. If you use Internet Explorer, this is one way to get extract the CA cert for a particular server: @@ -83,84 +90,64 @@ server, do one of the following: - Find out where the CA certificate is kept (Certificate> Authority Information Access>URL) - Get a copy of the crt file using curl - - Convert it from crt to PEM using the openssl tool: - openssl x509 -inform DES -in yourdownloaded.crt \ - -out outcert.pem -text - - Add the 'outcert.pem' to the CA certificate store or use it stand-alone + - Convert it from crt to PEM using the OpenSSL tool: + `openssl x509 -inform DES -in yourdownloaded.crt -out outcert.pem -text` + - Add the `outcert.pem` to the CA certificate store or use it stand-alone as described below. - If you use the 'openssl' tool, this is one way to get extract the CA cert + If you use the `openssl` tool, this is one way to get extract the CA cert for a particular server: - `openssl s_client -showcerts -servername server -connect server:443 > cacert.pem` - type "quit", followed by the "ENTER" key - - The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE" - markers. - - If you want to see the data in the certificate, you can do: "openssl - x509 -inform PEM -in certfile -text -out certdata" where certfile is - the cert you extracted from logfile. Look in certdata. + - The certificate has `BEGIN CERTIFICATE` and `END CERTIFICATE` markers. + - If you want to see the data in the certificate, you can do: `openssl + x509 -inform PEM -in certfile -text -out certdata` where `certfile` is + the cert you extracted from logfile. Look in `certdata`. - If you want to trust the certificate, you can add it to your CA certificate store or use it stand-alone as described. Just remember that the security is no better than the way you obtained the certificate. - 4. If you are using the curl command line tool, you can specify your own CA - cert file by setting the environment variable `CURL_CA_BUNDLE` to the path - of your choice. + 4. If you are using the curl command line tool and the TLS backend is not + Schannel then you can specify your own CA cert file by setting the + environment variable `CURL_CA_BUNDLE` to the path of your choice. - If you are using the curl command line tool on Windows, curl will search - for a CA cert file named "curl-ca-bundle.crt" in these directories and in - this order: + If you are using the curl command line tool on Windows, curl searches for + a CA cert file named "curl-ca-bundle.crt" in these directories and in this + order: 1. application's directory 2. current working directory - 3. Windows System directory (e.g. C:\windows\system32) - 4. Windows Directory (e.g. C:\windows) + 3. Windows System directory (e.g. C:\Windows\System32) + 4. Windows Directory (e.g. C:\Windows) 5. all directories along %PATH% - 5. Get a better/different/newer CA cert bundle! One option is to extract the - one a recent Firefox browser uses by running 'make ca-bundle' in the curl - build tree root, or possibly download a version that was generated this - way for you: [CA Extract](https://curl.se/docs/caextract.html) + 5. Get another CA cert bundle. One option is to extract the one a recent + Firefox browser uses by running 'make ca-bundle' in the curl build tree + root, or possibly download a version that was generated this way for you: + [CA Extract](https://curl.se/docs/caextract.html) Neglecting to use one of the above methods when dealing with a server using a certificate that is not signed by one of the certificates in the installed CA -certificate store, will cause SSL to report an error ("certificate verify -failed") during the handshake and SSL will then refuse further communication -with that server. - -Certificate Verification with NSS ---------------------------------- - -If libcurl was built with NSS support, then depending on the OS distribution, -it is probably required to take some additional steps to use the system-wide -CA cert db. RedHat ships with an additional module, libnsspem.so, which -enables NSS to read the OpenSSL PEM CA bundle. On openSUSE you can install -p11-kit-nss-trust which makes NSS use the system wide CA certificate store. NSS -also has a new [database format](https://wiki.mozilla.org/NSS_Shared_DB). - -Starting with version 7.19.7, libcurl automatically adds the 'sql:' prefix to -the certdb directory (either the hardcoded default /etc/pki/nssdb or the -directory configured with SSL_DIR environment variable). To check which certdb -format your distribution provides, examine the default certdb location: -/etc/pki/nssdb; the new certdb format can be identified by the filenames -cert9.db, key4.db, pkcs11.txt; filenames of older versions are cert8.db, -key3.db, secmod.db. +certificate store, causes SSL to report an error (`certificate verify failed`) +during the handshake and SSL then refuses further communication with that +server. Certificate Verification with Schannel and Secure Transport ----------------------------------------------------------- If libcurl was built with Schannel (Microsoft's native TLS engine) or Secure -Transport (Apple's native TLS engine) support, then libcurl will still perform -peer certificate verification, but instead of using a CA cert bundle, it will -use the certificates that are built into the OS. These are the same -certificates that appear in the Internet Options control panel (under Windows) -or Keychain Access application (under OS X). Any custom security rules for -certificates will be honored. - -Schannel will run CRL checks on certificates unless peer verification is -disabled. Secure Transport on iOS will run OCSP checks on certificates unless -peer verification is disabled. Secure Transport on OS X will run either OCSP -or CRL checks on certificates if those features are enabled, and this behavior -can be adjusted in the preferences of Keychain Access. +Transport (Apple's native TLS engine) support, then libcurl still performs +peer certificate verification, but instead of using a CA cert bundle, it uses +the certificates that are built into the OS. These are the same certificates +that appear in the Internet Options control panel (under Windows) or Keychain +Access application (under OS X). Any custom security rules for certificates +are honored. + +Schannel runs CRL checks on certificates unless peer verification is disabled. +Secure Transport on iOS runs OCSP checks on certificates unless peer +verification is disabled. Secure Transport on OS X runs either OCSP or CRL +checks on certificates if those features are enabled, and this behavior can be +adjusted in the preferences of Keychain Access. HTTPS proxy ----------- diff --git a/libs/curl/docs/THANKS b/libs/curl/docs/THANKS index e29cbeed..03bd1b7a 100644 --- a/libs/curl/docs/THANKS +++ b/libs/curl/docs/THANKS @@ -6,9 +6,12 @@ 0xee on github 0xflotus on github +12932 on github +1337vt on github 1ocalhost on github 3dyd on github 3eka on github +5533asdg on github 8U61ife on github a1346054 on github Aaro Koskinen @@ -16,10 +19,13 @@ Aaron Oneal Aaron Orenstein Aaron Scarisbrick aasivov on github +Abdullah Alyan Abhinav Singh Abram Pousada accountantM on github AceCrow on Github +ad0p on github +Adam Averay Adam Barclay Adam Brown Adam Coyne @@ -28,6 +34,7 @@ Adam Langley Adam Light Adam Marcionek Adam Piggott +Adam Rosenfield Adam Sampson Adam Tkac Adnan Khan @@ -37,14 +44,19 @@ Adrian Peniak Adrian Schuur Adriano Meirelles afrind on github +Aftab Alam ahodesuka on github +ajak in #curl Ajit Dhumale Akhil Kedia +Akhilesh Nema Aki Koskinen +Aki Sakurai Akos Pasztory Akshay Vernekar Alain Danteny Alain Miniussi +Alan Coopersmith Alan Jenkins Alan Pinstein Albert Chin-A-Young @@ -57,6 +69,7 @@ Aleksandar Milivojevic Aleksander Mazur Aleksandr Krotov Aleksey Tulinov +alervd on github Ales Mlakar Ales Novak Alessandro Ghedini @@ -64,6 +77,7 @@ Alessandro Vesely Alex aka WindEagle Alex Baines Alex Bligh +Alex Bozarth Alex Chan Alex Crichton Alex Fishman @@ -71,6 +85,7 @@ Alex Gaynor Alex Grebenschikov Alex Gruz Alex Kiernan +Alex Klyubin Alex Konev Alex Malinovich Alex Mayorga @@ -80,13 +95,16 @@ Alex Nichols Alex Potapenko Alex Rousskov Alex Samorukov +Alex Snast Alex Suykov Alex Vinnik Alex Xu +Alexander Bartel Alexander Beedie Alexander Chuykov Alexander Dyagilev Alexander Elgert +Alexander Jaeger Alexander Kanavin Alexander Klauer Alexander Kourakos @@ -94,15 +112,20 @@ Alexander Krasnostavsky Alexander Lazic Alexander Pepper Alexander Peslyak +Alexander Shtuchkin Alexander Sinditskiy Alexander Traud Alexander V. Tikhonov Alexander Zhuravlev +Alexandre Bury +Alexandre Ferrieux Alexandre Pion Alexey Borzov Alexey Eremikhin +Alexey Larikov Alexey Melnichuk Alexey Pesternikov +Alexey Savchuk Alexey Simak Alexey Zakhlestin Alexis Carvalho @@ -110,11 +133,16 @@ Alexis La Goutte Alexis Vachette Alfonso Martone Alfred Gebert +Ali Khodkar +Ali Utku Selen +ALittleDruid on github Allen Pulsifer +Alois Klink Alona Rossen Amaury Denoyelle amishmm on github Amit Katyal +Ammar Faizi Amol Pattekar Amr Shahin Anatol Belski @@ -134,6 +162,8 @@ Andreas Damm Andreas Falkenhahn Andreas Farber Andreas Fischer +Andreas Huebner +Andreas Kiefer Andreas Kostyrka Andreas Malzahn Andreas Ntaflos @@ -142,6 +172,7 @@ Andreas Rieke Andreas Roth Andreas Schneider Andreas Schuldei +Andreas Sommer Andreas Streichardt Andreas Wurf Andrei Benea @@ -155,6 +186,7 @@ Andrei Sedoi Andrei Valeriu BICA Andrei Virtosu Andrej E Baranov +Andrew Andrew Barnert Andrew Barnes Andrew Benham @@ -164,6 +196,7 @@ Andrew de los Reyes Andrew Francis Andrew Fuller Andrew Ishchuk +Andrew Kaster Andrew Krieger Andrew Kurushin Andrew Lambert @@ -171,18 +204,26 @@ Andrew Moise Andrew Potter Andrew Robbins Andrew Wansink +Andrey Alifanov Andrey Gursky Andrey Labunets Andrii Moiseiev Andrius Merkys Andrés García +Andy Alt Andy Cedilnik Andy Fiddaman +Andy Pan +Andy Reitz Andy Serpa +Andy Stamp Andy Tsouladze Angus Mackay anio on github +annalee +anon00000000 on github anshnd on github +Anssi Kolehmainen Antarpreet Singh Anthon Pang Anthony Avina @@ -192,7 +233,11 @@ Anthony Hu Anthony Ramine Anthony Shaw Antoine Aubert +Antoine Bollengier Antoine Calando +Antoine du Hamel +Antoine Pietri +Antoine Pitrou Anton Bychkov Anton Gerasimov Anton Kalmykov @@ -202,14 +247,18 @@ Antoni Villalonga Antonio Larrosa Antony74 on github Antti Hätälä +Anubhav Rai +apparentorder on github April King arainchik on github Archangel_SDY on github +Arjan van de Ven Arkadiusz Miskiewicz Armel Asselin Arnaud Compan Arnaud Ebalard Arnaud Rebillout +Arne Soete Aron Bergman Aron Rotteveel Artak Galoyan @@ -223,21 +272,31 @@ Ashish Shukla Ashwin Metpalli Ask Bjørn Hansen Askar Safin +AtariDreams on github Ates Goral +atjg on github Augustus Saunders +Aurélien Pierre Austin Green +av223119 on github Avery Fay +awesomekosm on github awesomenode on github +Axel Chong Axel Morawietz Axel Tillequin +Ayesh Karunaratne Ayoub Boudhar Ayushman Singh Chauhan b9a1 on github Bachue Zhou +Baitinq on github Balaji Parasuram Balaji S Rao Balaji Salunke +Balakrishnan Balasubramanian Balazs Kovacsics +balikalina on Github Balint Szilakszi Barry Abrahamson Barry Pollard @@ -251,8 +310,10 @@ Basuke Suzuki baumanj on github bdry on github beckenc on github +Ben Ben Boeckel Ben Darnell +Ben Fritz Ben Greear Ben Kohler Ben Madsen @@ -266,10 +327,12 @@ Benjamin Gerard Benjamin Gilbert Benjamin Johnson Benjamin Kircher +Benjamin Loison Benjamin Riefenstahl Benjamin Ritcey Benjamin Sergeant Benoit Neil +Benoit Pierre Benoit Sigoure Bernard Leak Bernard Spil @@ -284,6 +347,7 @@ Bertrand Demiddelaer Bertrand Simonnet beslick5 on github Bevan Weiss +Bhanu Prakash Bill Doyle Bill Egert Bill Hoffman @@ -294,14 +358,17 @@ billionai on github Billyzou0741326 on github Bin Lan Bin Meng +Biswapriyo Nath Bjarni Ingi Gislason Bjoern Franke Bjoern Sikora Bjorn Augustsson Bjorn Reese Björn Stenberg +black-desk on github Blaise Potard Blake Burkhart +blankie bnfp on github Bo Anderson Bob Relyea @@ -310,9 +377,14 @@ Bob Schader bobmitchell1956 on github Bodo Bergmann Bogdan Nicula +boilingoden +Boris Kuschel +Boris Okunskiy Boris Rasin +Boris Verkhovskiy Brad Burdick Brad Fitzpatrick +Brad Forschinger Brad Harder Brad Hards Brad King @@ -322,18 +394,26 @@ bramus on github Brandon Casey Brandon Dong Brandon Wang +BratSinot on github Brendan Jurd +Brennan Kinney Brent Beardsley +Brett Buddin Brian Akins Brian Bergeron Brian Carpenter Brian Chaplin Brian Childs Brian Chrisman +Brian Clemens Brian Dessent Brian E. Gallew +Brian Green Brian Inglis Brian J. Murrell +Brian Lund +brian m. carlson +Brian Nixon Brian Prodoehl Brian R Duffy Brian Ulm @@ -345,47 +425,65 @@ BrumBrum on hackerone Bruno Baguette Bruno de Carvalho Bruno Grasselli +Bruno Henrique Batista Cruz da Silva Bruno Thomsen Bryan Henderson Bryan Kemp bsammon on github +bsergean on github +bubbleguuum on github Bubu on github buzo-ffm on github bxac on github Bylon2 on github Byrial Jensen +Cajus Pollmeier Caleb Raitto Calvin Buckley +calvin2021y on github +Cameron Blomquist Cameron Cawley Cameron Kaiser Cameron MacMinn +Cameron Will Camille Moncelier Cao ZhenXiang Caolan McNamara Captain Basil Carie Pointer Carl Zogheib +Carlo Alberto Carlo Cannas Carlo Marcelo Arenas Belón Carlo Teubner Carlo Wood +Carlos Henrique Lima Melara Carlos ORyan Carsten Lange +Casey Bodley Casey O'Donnell Catalin Patulea causal-agent on github cbartl on github cclauss on github +Cering on github Cesar Eduardo Barros +Ch40zz on github Chad Monroe Chandrakant Bagul +Chara White +Charles Cazabon Charles Kerr Charles Romestant +Charlie C Chen Prog +chensong1211 on github Cherish98 on github Chester Liu Chih-Chung Chang Chih-Hsuan Yen +Chilledheart on github +Chloe Kudryavtsev Chris "Bob Bob" Chris Araman Chris Carlmar @@ -399,11 +497,16 @@ Chris Maltby Chris Mumford Chris Paulson-Ellis Chris Roberts +Chris Sauer Chris Smowton +Chris Talbot +Chris Webb Chris Young Christian Fillion Christian Grothoff Christian Heimes +Christian Hesse +Christian Heusel Christian Hägele Christian Krause Christian Kurz @@ -414,27 +517,34 @@ Christian Vogt Christian Weisgerber Christoph Krey Christoph M. Becker +Christoph Reiter Christophe Demory Christophe Dervieux Christophe Legry Christopher Conroy +Christopher Degawa Christopher Head Christopher Palow Christopher R. Palmer Christopher Reid +Christopher Sauer Christopher Stone +chrysos349 on github Chungtsun Li Ciprian Badescu civodul on github Claes Jakobsson Clarence Gardner Claudio Neves +claudiusaiz on github clbr on github Clemens Gruber Cliff Crosland Clifford Wolf Clint Clayton +Cloudogu Siebels Clément Notin +CMD cmfrolick on github codesniffer13 on github Cody Jones @@ -443,11 +553,18 @@ COFFEETALES on github coinhubs on github Colby Ranger Colin Blair +Colin Cross Colin Hogben +Colin Leroy +Colin Leroy-Mira Colin O'Dell Colin Watson Colm Buckley +Colman Mbuya Constantine Sapuntzakis +consulion on github +coralw on github +correctmost on github Cory Benfield Cory Nelson Costya Shulyupin @@ -473,6 +590,7 @@ d912e3 on github Da-Yoon Chung daboul on github Dag Ekengren +Dagfinn Ilmari MannsÃ¥ker Dagobert Michelsen Daiki Ueno Dair Grant @@ -485,10 +603,10 @@ Dan Becker Dan Cristian Dan Donahue Dan Fandrich -Dan Jacobson Dan Johnson Dan Kenigsberg Dan Locks +Dan McDonald Dan McNulty Dan Nelson Dan Petitt @@ -500,16 +618,21 @@ Daniel Black Daniel Carpenter Daniel Cater Daniel Egger +Daniel Faust Daniel Gustafsson +Daniel Hallberg Daniel Hwang +Daniel J. H. Daniel JeliÅ„ski Daniel Johnson Daniel Kahn Gillmor +Daniel Katz Daniel Krügler Daniel KureÄka Daniel Lee Hwang Daniel Lublin Daniel Marjamäki +Daniel McCarney Daniel Melani Daniel Mentz Daniel Romero @@ -519,7 +642,9 @@ Daniel Shahaf Daniel Silverstone Daniel Steinberg Daniel Stenberg +Daniel Szmulewicz Daniel Theron +Daniel Valenzuela Daniel Woelfel Daphne Luong Dario Nieuwenhuis @@ -528,6 +653,8 @@ Darryl House Darshan Mody Darío Hereñú dasimx on github +DasKutti on github +Dave Cottlehuber Dave Dribin Dave Halbakken Dave Hamilton @@ -542,6 +669,7 @@ David Binderman David Blaikie David Bohman David Byron +David Carlier David Cohen David Cook David Demelier @@ -564,6 +692,7 @@ David LeBlanc David Lopes David Lord David McCreedy +David McLaughlin David Odin David Phillips David Rosenstrauch @@ -572,15 +701,21 @@ David Sanderson David Schweikert David Shaw David Strauss +David Suter David Tarendash David Thiel David Walser David Woodhouse David Wright David Yan +Davide Cassioli +Davide Masserut davidedec on github dbrowndan on github dEajL3kA on github +Deal(一线çµ) +dekerser on github +dengjfzh on github Dengminwen Denis BaruÄić Denis Chaplygin @@ -590,10 +725,14 @@ Denis Laxalde Denis Ollier Dennis Clarke Dennis Felsing +dependabot[bot] Derek Higgins +Derzsi Dániel Desmond O. Chang destman on github Detlef Schmier +Dexter Gerig +dfdity on github Dheeraj Sangamkar Didier Brisebourg Diego Bes @@ -609,19 +748,25 @@ Dimitrios Apostolou Dimitrios Siganos Dimitris Sarris Dinar +Diogo Teles Sant'Anna +Dion Williams Dirk Eddelbuettel Dirk Feytons +Dirk Hünniger Dirk Manske +Dirk Rosenkranz Dirk Wetter Dirkjan Bussink Diven Qi divinity76 on github +Divy Le Ray dkjjr89 on github dkwolfe4 on github Dmitri Shubin Dmitri Tikhonov Dmitriy Sergeyev dmitrmax on github +Dmitry Atamanov Dmitry Bartsevich Dmitry Eremin-Solenikov Dmitry Falko @@ -632,15 +777,22 @@ Dmitry Mikhirev Dmitry Popov Dmitry Rechkin Dmitry S. Baikov +Dmitry Tretyakov Dmitry Wagin dnivras on github +dogma Dolbneff A.V +Domen Kožar Domenico Andreoli Dominick Meglio Dominik Hölzl +Dominik Klemba +Dominik PiÄ…tkowski +Dominik Thalhammer Dominique Leuenberger Don J Olmstead Dongliang Mu +Dorian Craps Doron Behar Doug Kaufman Doug Porter @@ -659,12 +811,15 @@ Duane Cathey Duncan Mac-Vicar Prett Duncan Wilcox Dustin Boswell +Dustin Howett Dusty Mabe Duy Phan Thanh Dwarakanath Yadavalli +Dylan Anthony Dylan Ellicott Dylan Salisbury Dániel Bakai +eaglegai on github Early Ehlinger Earnestly on github Eason-Yu on github @@ -672,37 +827,54 @@ Ebe Janchivdorj ebejan on github Ebenezer Ikonne Ed Morley +ed0d2b2ce19451f2 Eddie Lumpkin Edgaras JanuÅ¡auskas Edin Kadribasic +edmcln on github Edmond Yu +Edoardo Lolletti Eduard Bloch +Eduard Strehlau Edward Kimmel Edward Rudd Edward Sheldrake Edward Thomson Eelco Dolstra Eetu Ojanen +eeverettrbx on github Egon Eckert +Egor Pugin Ehren Bendler Eldar Zaitov elelel on github elephoenix on github Eli Schwartz Elia Tufarolo +Elliot Killick Elliot Saba +Elliott Balsley Ellis Pritchard Elmira A Semenova +Elms +Eloy Degen elsamuko on github emanruse on github Emanuele Bovisio +Emanuele Torre Emil Engler Emil Lerner Emil Romanus +Emil Österlund Emiliano Ida +Emilio Cobos Ãlvarez +Emilio López Emmanuel Tychon +Enno Boland Enrico Scholz Enrik Berkhan +enWILLYado on github +eppesuig Eramoto Masaya Eric Cooper Eric Curtin @@ -713,6 +885,7 @@ Eric Lavigne Eric Lubin Eric Melville Eric Mertens +Eric Murphy Eric Musser Eric Rautman Eric Rescorla @@ -722,6 +895,7 @@ Eric S. Raymond Eric Sauvageau Eric Thelin Eric Vergnaud +Eric Vigeant Eric Wong Eric Wu Eric Young @@ -731,11 +905,13 @@ Erik Janssen Erik Johansson Erik Minekus Erik Olsson +Erik Schnetter Erik Stenlund Ernest Beinrohr Ernst Sjöstrand Erwan Legrand Erwin Authried +Esdras de Morais da Silva Estanislau Augé-Pujadas Ethan Glasser Camp Etienne Simard @@ -744,24 +920,35 @@ Evan Jordan Evangelos Foutras Even Rouault Evert Pot -Evgeny Grin +Evgeny Grin (Karlson2k) Evgeny Turnaev eXeC64 on github +extrimexxx on github Eygene Ryabinkin Eylem Ugurel +Fabian Fischer Fabian Frank Fabian Hiernaux Fabian Keil Fabian Ruff +Fabian Vogt +Fabian Yamaguchi Fabrice Fontaine Fabrizio Ammollo Fahim Chandurwala Faizur Rahman +Faraz Fallahi +farazrbx on github +Farzin on github +Fata Nugraha Fawad Mirza +FC Stegerman fds242 on github Federico Bianchi +Federico Pellegrin Fedor Karpelevitch Fedor Korotkov +FeignClaims on github Feist Josselin Felipe Gasper Felix Hädicke @@ -770,10 +957,13 @@ Felix von Leitner Felix Yan Feng Tu Fernando Muñoz +Filip Lundgren Filip Salomonsson +finkjsc on github Firefox OS Flameborn on github Flavio Medeiros +Florian Kohnhäuser Florian Pritz Florian Schoppmann Florian Van Heghe @@ -782,6 +972,7 @@ Florin Petriuc Forrest Cahoon Francisco Moraes Francisco Munoz +Francisco Olarte Francisco Sedano Francois Petitjean Francois Rivard @@ -795,7 +986,9 @@ Frank Ticheler Frank Van Uffelen FrantiÅ¡ek KuÄera François Charlier +François Michel François Rigault +Frazer Smith Fred Machado Fred New Fred Noz @@ -805,13 +998,21 @@ Frederik B Frederik Wedel-Heinen Fredrik Thulin FuccDucc on github +Fujii Hironori fullincome on github +fundawang on github +fuzzard +Gabe +Gabriel Corona Gabriel Kuri Gabriel Simmer Gabriel Sjoberg +Gaelan Steele Gambit Communications Ganesh Kamath +gaoxingwang on github Garrett Holmstrom +Garrett Squire Gary Maxwell Gaurav Malhotra Gautam Kachroo @@ -833,6 +1034,7 @@ George Liu Gerd v. Egidy Gergely Nagy Gerhard Herre +Gerome Fournier Gerrit Bruchhäuser Gerrit Renker Ghennadi Procopciuc @@ -857,13 +1059,19 @@ Glen Scott Glenn de boer Glenn Sheridan Glenn Strauss +godmar on github Godwin Stewart +Gonçalo Carvalho Google Inc. Gordon Marler +Gordon Parke Gorilla Maguila +Goro FUJI Gou Lingfeng +Graham Campbell Grant Erickson Grant Pannell +graywolf on github Greg Hewgill Greg Morse Greg Onufer @@ -874,18 +1082,26 @@ Gregor Jasny Gregory Jefferis Gregory Muchka Gregory Nicholls +Gregory Panakkal Gregory Szorc Griffin Downs Grigory Entin +Grisha Levit Guenole Bescon Guido Berhoerster +Guilherme Puida +Guillaume Algis Guillaume Arluison guitared on github +Gunamoi Software Gunter Knauf +guoxinvmware on github Gustaf Hui Gustavo Grieco +Gusted Guy Poizat GwanYeong Kim +Gwen Shapira Gwenole Beauchesne Gökhan Åžengün Götz Babin-Ebell @@ -893,25 +1109,33 @@ h1zzz on github H3RSKO on github Hagai Auro Haibo Huang +Hakan Sunay Halil Hamish Mackenzie +hammlee96 on github hamstergene on github Han Han Han Qiao Hang Kin Lau Hang Su +Hannah Schierling Hannes Magnusson Hanno Böck Hanno Kranzhoff Hans Steegers +Hans-Christian Egtvedt Hans-Christian Noren Egtvedt Hans-Jurgen May Hao Wu Hardeep Singh Haris Okanovic +Harmen Stoppels Harold Stuart +Harry Mallon +Harry Sarson Harry Sintonen Harshal Pradhan Hauke Duden +Haydar Alaidrus Hayden Roche He Qin Heikki Korpela @@ -921,30 +1145,43 @@ Helge Klein Helmut K. C. Tessarek Helwing Lutz Hendrik Visage +Henning Schild Henri Gomez Henrik Gaßmann +Henrik Holst Henrik Storner Henry Ludemann Henry Roeland Herve Amblard +HexTheDragon +hgdagon on github +Hide Ishikawa Hidemoto Nakada +highmtworks on github Himanshu Gupta +Hind Montassif +Hiroki Kurosawa +Hirotaka Tagawa Ho-chi Chen Hoi-Ho Chan +Hongfei Li Hongli Lai Hongyi Zhao Howard Blaise Howard Chu hsiao yi +HsiehYuho on github htasta on github Hubert Kario Hugh Macdonald Hugo van Kemenade +humbleacolyte Huzaifa Sidhpurwala huzunhao on github hydra3333 on github Hzhijun iammrtau on github +Ian Blanes Ian D Allen Ian Fette Ian Ford @@ -953,12 +1190,16 @@ Ian Lynagh Ian Spence Ian Turner Ian Wilkes +iAroc on github +iconoclasthero +icy17 on github Ignacio Vazquez-Abrams Igor Franchuk Igor Khristophorov Igor Makarov Igor Novoseltsev Igor Polyakov +Igor Todorovski Ihor Karpenko ihsinme on github Iida Yosiaki @@ -966,9 +1207,12 @@ Ikko Ashimine Ilguiz Latypov Ilja van Sprundel Illarion Taev +illusory-dream on github +Ilmari Lauhakangas Ilya Kosarev imilli on github Immanuel Gregoire +ImpatientHippo on GitHub Inca R infinnovation-dev on github Ingmar Runge @@ -983,7 +1227,11 @@ Isaac Boukris Isaiah Norton Ishan SinghLevett Ithubg on github +Ivan Ivan Avdeev +Ivan Kuchin +Ivan Tsybulin +ivanfywang IvanoG on github Ivo Bellin Salarin iz8mbw on github @@ -991,17 +1239,24 @@ J. Bromley Jack Boos Yu Jack Zhang Jackarain on github +JackBoosY on github Jacky Lam Jacob Barthelmeh Jacob Hoffman-Andrews +Jacob Mealey Jacob Meuser Jacob Moshenko +Jacob Tolar Jactry Zeng Jad Chamcham Jaime Fullaondo jakirkham on github +Jakob Hirsch +Jakub Bochenski +Jakub Jelen Jakub Wilk Jakub Zakrzewski +James Abbatiello James Atwill James Brown James Bursa @@ -1013,8 +1268,10 @@ James Fuller James Gallagher James Griffiths James Housley +James Keast James Knight James Le Cuirot +James Lucas James MacMillan James Slaughter Jamie Lokier @@ -1023,14 +1280,20 @@ Jamie Wilkinson Jan Alexander Steffens Jan Chren Jan Ehrhardt +Jan Engelhardt Jan Koen Annot Jan Kunder +Jan Macku Jan Mazur Jan Schaumann Jan Schmidt Jan Van Boghout +Jan Venekamp Jan Verbeek +Jan-Piet Mens JanB on github +janko-js on github +Janne Blomqvist Janne Johansson Jared Jennings Jared Lundell @@ -1050,8 +1313,13 @@ Javier G. Sogo Javier Navarro Javier Sixto Jay Austin +Jay Dommaschk +Jay Guerette +Jay Wu Jayesh A Shah Jaz Fresh +JazJas on github +jbgoog on github Jean Fabrice Jean Gressmann Jean Jacques Drouin @@ -1076,6 +1344,8 @@ Jeff Weber Jeffrey Tolar Jeffrey Walton jeffrson on github +Jelle van der Waa +Jenny Heino Jens Finkhaeuser Jens Rantil Jens Schleusener @@ -1094,26 +1364,37 @@ Jeroen Ooms Jerome Mao Jerome Muffat-Meridol Jerome Robert +Jerome St-Louis Jerome Vouillon Jerry Krinock Jerry Wu Jes Badwal Jesper Jensen +Jess Lowe Jesse Chisholm Jesse Noller Jesse Tan jethrogb on github +jhoyla on github +Jiang Wenjian +Jiawen Geng Jie He +Jiehong on github +Jilayne Lovejoy +Jim Beveridge Jim Drash Jim Freeman Jim Fuller Jim Hollinger +Jim King Jim Meyering Jimmy Gaussen Jiri Dvorak Jiri Hruska Jiri Jaburek Jishan Shaikh +Jiwoo Park +Jiří Bok Jiří Malák jmdavitt on github jnbr on github @@ -1132,6 +1413,7 @@ Johan Anderson Johan Lantz Johan Nilsson Johan van Selst +Johann Sebastian Schicho Johann150 on github Johannes Bauer Johannes Ernst @@ -1139,6 +1421,7 @@ Johannes G. Kristinsson Johannes Lesr Johannes Schindelin John A. Bristor +John Bampton John Bradshaw John Butterfield John Coffey @@ -1149,7 +1432,10 @@ John Dennis John Dunn John E. Malmberg John Gardiner Myers +John H. Ayad John Hascall +John Haugabook +John Hawthorn John Janssen John Joseph Bachir John Kelly @@ -1161,11 +1447,14 @@ John Marino John Marshall John McGowan John P. McCaskey +John Porter John Schroeder +John Sherrill John Simpson John Starks John Suprock John V. Chow +John Walker John Wanghui John Weismiller John Wilkinson @@ -1184,7 +1473,9 @@ Jon Torrey Jon Travis Jon Turner Jon Wilkes +Jonas Bülow Jonas Forsman +Jonas Haag Jonas Minnberg Jonas Schnelli Jonas Vautherin @@ -1192,11 +1483,14 @@ Jonatan Lander Jonatan Vela Jonathan Cardoso Machado Jonathan Hseu +Jonathan Matthews Jonathan Moerman Jonathan Nieder +Jonathan Perkin Jonathan Watt Jonathan Wernberg Jongki Suwandi +jonny112 on github Joombalaya on github Joonas Kuorilehto Jordan Brown @@ -1204,19 +1498,24 @@ Jose Alf Jose Kahan Josef Wolf Joseph Chen +Joseph Tharayil Josh Bialkowski +Josh Brobst Josh Kapell +Josh McCullough Josh Soref joshhe on github +Joshix-1 on github Joshua Kwan +Joshua Root Joshua Swink Josie Huddleston Josip Medved Josue Andrade Gomes José Joaquín Atria Jozef Kralik -JP Mens Juan Barreto +Juan Cruz Viotti Juan F. Codagnone Juan Ignacio Hervás Juan RP @@ -1233,22 +1532,31 @@ Julian Z Julien Chaffraix Julien Nabet Julien Royer +Juliusz Sosinowicz Jun Tseng Jun-ichiro itojun Hagino Jun-ya Kato jungle-boogie on github Junho Choi +junsik on github Jurij Smakov +jurisuk on github Juro Bystricky +JustAnotherArchivist on github +justchen1369 on github Justin Clift Justin Ehlert Justin Fletcher Justin Karneges Justin Maggard jveazey on github +jvreelanda on github +jvvprasad78 on github jzinn on github János Fekete +Jérémy Rabasco Jérémy Rocher +Jérôme Leclercq Jörg Mueller-Tolk Jörn Hartroth Jürgen Gmach @@ -1257,49 +1565,68 @@ ka7 on github Kael1117 on github Kai Engert Kai Noda +Kai Pastor Kai Sommerfeld Kai-Uwe Rommel +Kailun Qin Kalle Vahlman +kalvdans on github Kamil Dudka Kane York Kang Lin Kang-Jin Lee +Kantanat Wannapaka +Kareem Kari Pahula Karl Chen Karl Moerder Karol Pietrzak +kartatz +Kartatz on Github +Karthikdasari0423 +Karthikdasari0423 on github Kartik Mahajan Kaspar Brand Katie Wang Katsuhiko YOSHIDA Kazuho Oku +kchow-FTNT on github +Keerthi Timmaraju Kees Cook Kees Dekker +Keitagit-kun on github Keith MacDonald Keith McGuigan Keith Mok +Kelly Kaoudis Ken Brown Ken Hirsch Ken Rastatter Kenneth Davidson +Kenneth Myhra Kenny To Kent Boortz Kerem Kat Keshav Krity +Kev Jackson +Kevin Adler Kevin Baughman Kevin Burke +Kevin Daudt Kevin Fisk Kevin Ji Kevin Lussier Kevin R. Bulgrien Kevin Reed Kevin Roth +Kevin Ryan Kevin Smith Kevin Ushey Kim Minjoong Kim Rinnewitz Kim Vandry Kimmo Kinnunen +kirbyn17 on hackerone Kirill Efimov Kirill Marchuk Kjell Ericson @@ -1313,9 +1640,13 @@ Koichi Shiraishi kokke on github Konstantin Isakov Konstantin Kushnir +Konstantin Kuzov +Konstantin Vlasov +KotlinIsland on github kotoriã®ã­ã“ kouzhudong on github Kovalkov Dmitrii +kpcyrd on github kreshano on github Kris Kennaway Krishnendu Majumdar @@ -1328,12 +1659,16 @@ Kristoffer Gleditsch Kunal Chandarana Kunal Ekawde Kurt Fankhauser +Kushal Das +Kvarec Lezki +kwind on github Kwon-Young Choi Kyle Abramowitz Kyle Edwards Kyle J. McKay Kyle L. Huff Kyle Sallee +kyled-dell on github Kyohei Kadota Kyselgov E.N l00p3r on Hackerone @@ -1347,11 +1682,14 @@ Larry Lin Larry Stefani Larry Stone Lars Buitinck +Lars Francke Lars Gustafsson Lars J. Aas Lars Johannesen +Lars Kellogg-Stedman Lars Nilsson Lars Torben Wilson +Lau Laurent Bonnans Laurent Dufresne Laurent Rabret @@ -1360,6 +1698,11 @@ Laurie Clark-Michalek Lawrence Gripper Lawrence Matthews Lawrence Wagerfield +Leah Neukirchen +Lealem Amedie +Leandro Coutinho +Lee Li +LeeRiva Legoff Vincent Lehel Bernadt Leif W @@ -1377,9 +1720,12 @@ Leonardo Taccari Leszek Kubik Li Xinwei Liam Healy +Liam Warfield +LigH-de on github lijian996 on github Lijo Antony lilongyan-huawei on github +Lin Sun Linas Vepstas Lindley French Ling Thio @@ -1389,21 +1735,31 @@ Linus Nielsen Feltzing Linus Nordberg Lior Kaplan Lisa Xu +Litter White Liviu Chircu Liza Alenchery +lizhuang0630 on github +lkordos on github lllaffer on github Lloyd Fournier Lluís Batlle i Rossell locpyl-tidnyd on github Loganaden Velvindron Loic Dachary +LoRd_MuldeR Loren Kirkby +Lorenzo Miniero +Louis Solofrizzo +Loïc Yhuel +lRoccoon on github Luan Cestari Luca Altea Luca Boccassi +Luca Niccoli Lucas Adamski Lucas Clemente Vella Lucas Holt +Lucas Nussbaum Lucas Pardue Lucas Servén Marín Lucas Severo @@ -1412,27 +1768,38 @@ Ludek Finstrle Ludovico Cavedon Ludwig Nussel Lukas Ruzicka +Lukas Tribus Lukasz Czekierda lukaszgn on github Luke Amery Luke Call Luke Dashjr Luke Granger-Brown +Luke Hamburg +Lukáš Zaoral +luminixinc on github Luo Jinghua Luong Dinh Dung Luz Paz Luật Nguyá»…n +lwthiker on github Lyman Epp Lyndon Hill M.R.T on github +Maciej Domanski Maciej Karpiuk Maciej Puzio Maciej W. Rozycki madblobfish on github +MaeIsBad on github +magisterquis on hackerone Mahmoud Samir Fayed Maks Naumov +Maksim Arhipov Maksim Kuzevanov +Maksim Sciepanienka Maksim Stsepanenka +Maksymilian Arciemowicz Malik Idrees Hasan Khan Mamoru Tasaka Mamta Upadhyay @@ -1459,26 +1826,38 @@ Marcelo Juchem Marcin Adamski Marcin Gryszkalis Marcin Konicki +Marcin Rataj Marco Deckel Marco G. Salvagno +Marco Kamner Marco Maggi Marcos Diazr Marcus Hoffmann Marcus Klein +Marcus Müller Marcus Sundberg +Marcus T Marcus Webster +Margu Marian Klymov +Marin Hannache Mario Schroeder Mark Brand Mark Butler Mark Davies Mark Dodgson +Mark Gaiser Mark Hamilton +Mark Huang Mark Incley +Mark Itzcovitz Mark Karpeles Mark Lentczner Mark Nottingham +Mark Roszko Mark Salisbury +Mark Seuffert +Mark Sinkovics Mark Snelling Mark Swaanenburg Mark Tully @@ -1490,13 +1869,16 @@ Markus Koetter Markus Moeller Markus Oberhumer Markus Olsson +Markus Sommer Markus Westerlind Maros Priputen Marquis de Muesli +marski on github Martijn Koster Martin Ankerl Martin BaÅ¡ti Martin C. Martin +Martin D'Aloia Martin Dorey Martin Drasar Martin Dreher @@ -1511,11 +1893,17 @@ Martin Jansen Martin Kammerhofer Martin Kepplinger Martin Lemke +Martin Peck +Martin Schmatz Martin Skinner Martin Staael Martin Storsjö +Martin Strunz Martin V Martin Vejnár +Martin Waleczek +Martin Ã…gren +martinevsky Marty Kuhrt Maruko Masaya Suzuki @@ -1523,9 +1911,14 @@ masbug on github Massimiliano Fantuzzi Massimiliano Ziccardi Massimo Callegari +Master Inspire +MasterInQuestion on github Mateusz Loskot +Mathew Benson Mathias Axelsson +Mathias Fuchs Mathias Gumz +Mathieu Carbonneaux Mathieu Legare Matias N. Goldberg Mats Lidell @@ -1533,11 +1926,13 @@ Mats Lindestam Matt Arsenault Matt Ford Matt Holt +Matt Jolly Matt Kraai Matt McClure Matt Veenstra Matt Witherspoon Matt Wixson +Matteo Baccan Matteo Bignotti Matteo Bignottignotti Matteo Rocco @@ -1545,22 +1940,28 @@ Matthew Blain Matthew Clarke Matthew Hall Matthew Kerwin +Matthew Thompson Matthew Whitehead Matthias Bolte Matthias Gatto Matthias Naegler +Matthieu Baerts Mattias Fornander Matus Uzak Maurice Barnum +Mauricio Scheffer Mauro Iorio Mauro Rappa +Maurício Meneghini Fauth Max Dymond Max Katsev Max Kellermann Max Khon +Max Mehl Max Peal Max Savenkov Max Zettlmeißl +Maxim Dzhura Maxim Ivanov Maxim Perenesenko Maxim Prohorov @@ -1568,12 +1969,16 @@ Maxime Larocque Maxime Legros mbeifuss on github mccormickt12 on github +Median Median Stride +mehatzri on github Mehmet Bozkurt Mekonikum +Mel Zuser Melissa Mears Melroy van den Berg Mert YazıcıoÄŸlu Mettgut Jamalla +Micah Snyder) Michael Afanasiev Michael Anti Michael Baentsch @@ -1584,10 +1989,12 @@ Michael Calmer Michael Cronenworth Michael Curtis Michael Day +Michael Drake Michael Felt Michael Forney Michael Gmelin Michael Goffioul +Michael Heimpold Michael Hordijk Michael Jahn Michael Jerris @@ -1598,6 +2005,7 @@ Michael Kolechkin Michael Kujawa Michael König Michael Lee +Michael Litwak Michael Maltese Michael Mealling Michael Mueller @@ -1610,6 +2018,7 @@ Michael Smith Michael Stapelberg Michael Steuer Michael Stillwell +Michael Trebilcock Michael Vittiglio Michael Wallner Michal Bonino @@ -1622,6 +2031,7 @@ MichaÅ‚ Fita MichaÅ‚ Górny MichaÅ‚ Janiszewski MichaÅ‚ Kowalczyk +MichaÅ‚ Petryka MichaÅ‚ Piechowski Michel Promonet Michele Bini @@ -1636,6 +2046,7 @@ Mike Bytnar Mike Crowe Mike Dobbs Mike Dowell +Mike Duglas Mike Frysinger Mike Gelfand Mike Giancola @@ -1648,6 +2059,7 @@ Mike Power Mike Protts Mike Revi Mike Tzou +Mikhail Kuznetsov Miklos Nemeth MiloÅ¡ Ljumović Mingliang Zhu @@ -1658,30 +2070,40 @@ Mischa Salle Mitz Wark mkzero on github modbw on github +Mohamed Daahir Mohamed Lrhazi Mohamed Osama Mohammad AlSaleh Mohammad Hasbini +Mohammadreza Hendiani Mohammed Naser Mohun Biswas momala454 on github Momoka Yamamoto +MonkeybreadSoftware on github moohoorama on github +Morgan Willcock Morten Minde Neergaard Mostyn Bramley-Moore Moti Avrahami MrdUkk on github MrSorcus on github Muhammad Herdiansyah +Muhammad Hussein Ammari Muhammed Yavuz Nuzumlalı Murugan Balraj +musvaage on github Muz Dima Myk Taylor +n0name321 on github Nach M. S. Nagai H +Nao Yonashiro naost3rn on github +Natanael Copa Nate Prewitt Nathan Coulter +Nathan Moinvaziri Nathan O'Sullivan Nathanael Nerode Nathaniel J. Smith @@ -1689,6 +2111,7 @@ Nathaniel R. Lewis Nathaniel Waisbrot Naveen Chandran Naveen Noel +Neal McBurnett Neal Poole nedres on github neex on github @@ -1698,20 +2121,27 @@ Neil Bowers Neil Dunbar Neil Kolban Neil Spring +neutric on github nevv on HackerOne/curl +Niall McGee Niall O'Reilly niallor on github nian6324 on github nianxuejie on github Nic Roets Nicholas Maniscalco +Nicholas Nethercote +Nick Banks +Nick Coghlan Nick Draffen Nick Gimbrone Nick Humfrey Nick Miyake Nick Zitzmann +nick-telia on github Nicklas Avén Nico Baggus +Nico Rieck nico-abram on github Nicolas Berloquin Nicolas Croiset @@ -1719,9 +2149,13 @@ Nicolas François Nicolas Grekas Nicolas Guillier Nicolas Morey-Chaisemartin +Nicolas Noben Nicolas Sterchele +Nicolás Ojeda Bär +Niels Martignène Niels van Tongeren Nikita Schmidt +Nikita Taranov Nikitinskit Dmitriy Niklas Angebrand Niklas Hambüchen @@ -1732,10 +2166,12 @@ nimaje on github niner on github Ning Dong Nir Soffer +Niracler Li Niranjan Hasabnis Nis Jorgensen nk Noam Moshe +nobedee on github NobodyXu on github Nobuhiro Ban Nodak Sodak @@ -1743,29 +2179,42 @@ nopjmp on github Norbert Frese Norbert Kett Norbert Novotny +norbertmm on github nosajsnikta on github NTMan on Github +Nuru on github Octavio Schroeder +odek86 on github Ofer +ohyeaah on github Okhin Vasilij Ola Mork Olaf Flebbe Olaf Hering Olaf Stüben +Oleg Jukovec Oleg Pudeyev Oleguer Llopart Olen Andoni olesteban on github Oli Kingshott +Oliver Chang Oliver Gondža Oliver Graute Oliver Kuckertz +Oliver Roberts Oliver Schindler Oliver Urbann +oliverpool on github Olivier Berger +Olivier Bonaventure Olivier Brunel Omar Ramadan omau on github +OndÅ™ej KoláÄek +opensignature on github +opensslonzos-github on github +Ophir Lojkine Orange Tsai Oren Souroujon Oren Tirosh @@ -1773,13 +2222,20 @@ Orgad Shaneh Ori Avtalion orycho on github osabc on github +Osaila on github +Osama Albahrani Oscar Koeroo Oscar Norlander Oskar Liljeblad +Oskar Sigvardsson Oumph on github +Outvi V ovidiu-benea on github +Ozan Cansel P R Schaffner +Pablo Busse Palo Markovic +pandada8 on github Paolo Mossino Paolo Piacentini Paras Sethia @@ -1807,6 +2263,7 @@ Pau Garcia i Quiles Paul B. Omta Paul Donohue Paul Dreik +Paul Gilmartin Paul Groke Paul Harrington Paul Harris @@ -1821,11 +2278,16 @@ Paul Nolan Paul Oliver Paul Querna Paul Saab +Paul Seligman Paul Vixie +Paul Wise Paulo Roberto Tomasi Pavel Cenek Pavel Gushchin +Pavel Kalyugin +Pavel Kropachev Pavel Löbl +Pavel Mayorov Pavel Orehov Pavel Pavlov Pavel Raiskup @@ -1834,7 +2296,11 @@ Pavel Volgarev Pavol Markovic Pawel A. Gajda Pawel Kierski +PaweÅ‚ Kowalski PaweÅ‚ Wegner +PaweÅ‚ Witas +PBudmark on github +Pedro Henrique Pedro Larroy Pedro Monreal Pedro Neves @@ -1850,9 +2316,11 @@ Peter Bray Peter Forret Peter Frühberger Peter Gal +Peter Goodman Peter Heuchert Peter Hjalmarsson Peter Korsgaard +Peter Krefting Peter Körner Peter Lamare Peter Lamberg @@ -1876,18 +2344,24 @@ Petr Bahula Petr Novak Petr Pisar Petr Voytsik +Petr Å tetiar Phil Blundell Phil Crump Phil E. Taylor Phil Karn Phil Lisiecki Phil Pellouchoud +Philip Chan Philip Craig Philip Gladstone +Philip Heiduck Philip Langdale Philip Prindeville +Philip Sanetra +Philipp Engel Philipp Klaus Krause Philipp Waehnert +Philippe Antoine on HackerOne Philippe Hameau Philippe Marguinaud Philippe Raoult @@ -1899,28 +2373,40 @@ Pierre Joye Pierre Yager Pierre Ynard Pierre-Yves Bigourdan +Pierrick Charron Piotr Dobrogost Piotr Komborski Po-Chuan Hsieh +Pontakorn Prasertsuk Pontus Lundkvist Pooyan McSporran Poul T Lomholt Pramod Sharma Prash Dush Praveen Pvs +Prithvi MK +privetryan on github Priyanka Shah +ProceduralMan on github +promptfuzz_ on hackerone +Pronyushkin Petr PrzemysÅ‚aw Tomaszewski pszemus on github +pszlazak on github puckipedia on github Puneet Pawaia +PÄ“teris Caune qiandu2006 on github Quagmire Quanah Gibson-Mount Quentin Balland Quinn Slack +r-a-sattarov on github R. Dennis Steed +Radek Brich Radek Zajic Radoslav Georgiev +Radu Hociung Radu Simionescu Rafa Muyo Rafael Antonio @@ -1928,10 +2414,13 @@ Rafael Sagula Rafayel Mkrtchyan Rafaël Carré RafaÅ‚ Mikrut +Rahul Krishna M Rainer Canavan Rainer Jung Rainer Koenig Rainer Müller +RainRat +Raito Bezarius Rajesh Naganathan Rajkumar Mandal Ralf S. Engelschall @@ -1939,8 +2428,10 @@ Ralph Beckmann Ralph Langendam Ralph Mitchell Ram Krushna Mishra +Ramiro Garcia ramsay-jones on github Ran Mozes +RanBarLavie on github Randall S. Becker Randolf J Randy Armstrong @@ -1970,10 +2461,16 @@ Renaud Guillard Renaud Lehoux Rene Bernhardt Rene Rebe +renovate[bot] +renovate[bot] Reuven Wachtfogel +RevaliQaQ on github Reza Arbab +Rianov Viacheslav +riastradh on github Ricardo Cadime Ricardo Gomes +Ricardo M. Correia Ricardo Martins Rich Burridge Rich FitzJohn @@ -1994,12 +2491,14 @@ Richard Gorton Richard Gray Richard Hosking Richard Hsu +Richard Levitte Richard Marion Richard Michael Richard Moore Richard Prescott Richard Silverman Richard van den Berg +Richard W.M. Jones Richard Whitehouse Richy Kim Rici Lake @@ -2015,32 +2514,44 @@ Ricky-Tigg on github Rider Linden RiderALT on github Rikard Falkeborn +rilysh rl1987 on github +Rob Boeckermann Rob Cotrone Rob Crittenden Rob Davies +Rob de Wit Rob Jones Rob Sanders Rob Stanzel Rob Ward +RobBotic1 on github +Robby Simpson Robert A. Monat Robert B. Harris +Robert Brose +Robert Charles Muir Robert D. Young Robert Dunaj Robert Foreman Robert Iakobashvili Robert Kolcun Robert Linden +Robert Moreton Robert Olson Robert Prag Robert Ronto Robert Schumann +Robert Simpson +Robert Southee Robert Weaver Robert Wruck +Robin A. Meade Robin Cornelius Robin Douine Robin Johnson Robin Kay +Robin Marx Robson Braga Araujo Rod Widdowson Rodger Combs @@ -2066,22 +2577,29 @@ Romulo A. Ceccon Ron Eldor Ron Parker Ron Zapp +Ronan Pigott Ronnie Mose +Rosen Penev Rosimildo da Silva Ross Burton +roughtex on github Roy Bellingan Roy Li Roy Shan +Rudi Heitbaum Rui LIU Rui Pinheiro Rune Kleveland Ruslan Baratov Ruslan Gazizov +Rutger Broekhoff Rutger Hofman Ruurd Beerstra RuurdBeerstra on github +rwmjones on github Ryan Beck-Buysse Ryan Braud +Ryan Carsten Schmidt Ryan Chan Ryan Mast Ryan Nelson @@ -2091,19 +2609,24 @@ Ryan Sleevi Ryan Winograd ryancaicse on github Ryuichi KAWAMATA +rzrymiak on github Rémy Léone S. Moonesamy +s0urc3_ on hackerone Sai Ram Kunala Salah-Eddin Shaban Saleem Abdulrasool +SaltyMilk Salvador Dávila Salvatore Sorrentino Sam Deane Sam Hurst +Sam James Sam Roth Sam Schanken Samanta Navarro Sampo Kellomaki +Samuel Chiang Samuel Díaz García Samuel Henrique Samuel Listopad @@ -2111,23 +2634,34 @@ Samuel Marks Samuel Surtees Samuel Thibault Samuel Tranchet +SandakovMM on github Sander Gates Sandor Feldi +Sandro Jaeckel +Sanjay Pujare Santhana Todatry Santino Keupp Saqib Ali Sara Golemon Saran Neti Sascha Swiercy +Sascha Zengler +Satadru Pramanik +Satana de Sant'Ana Saul good +saurabhsingh-dev on github Saurav Babu sayrer on github SBKarr on github +Scarlett McAllister Scott Bailey Scott Barrett Scott Cantor Scott Davis Scott McCreary +Scott Mutter +Scott Talbert +sd0 on hackerone Sean Boudreau Sean Burford Sean MacLennan @@ -2135,15 +2669,25 @@ Sean McArthur Sean Miller Sean Molenaar Sebastiaan van Erk +Sebastian Andersson Sebastian Haglund Sebastian Mundry +Sebastian Neubauer Sebastian Pohlschmidt Sebastian Rasmussen +Sebastian Sterk +selmelc on hackerone +SendSonS on github Senthil Raja Velu Sergei Kuzmin Sergei Nikulov +Sergey +Sergey Alirzaev +Sergey Bronnikov +Sergey Fionov Sergey Markelov Sergey Ogryzkov +Sergey Ryabinin Sergey Tatarincev Sergii Kavunenko Sergii Pylypenko @@ -2151,13 +2695,20 @@ Sergio Ballestrero Sergio Barresi Sergio Borghese Sergio Durigan Junior +Sergio Mijatovic +Sergio-IME on github sergio-nsk on github Serj Kalichev +Sertonix +SerusDev on github Seshubabu Pasam Seth Mos Sevan Janiyan +sfan5 on github +Sgharat on github Sh Diao Shachaf Ben-Kiki +ShadowZzj on github Shailesh Kapse Shankar Jadhavar Shao Shuchao @@ -2165,38 +2716,50 @@ Sharad Gupta Shard Sharon Brizinov Shaun Jackman +Shaun Mirani Shawn Landden Shawn Poulson +Sheshadri.V Shikha Sharma Shine Fan Shiraz Kanga shithappens2016 on github Shlomi Fish Shmulik Regev +Shohei Maeda Siddhartha Prakash Jain +siddharthchhabrap on github Sidney San Martín Siegfried Gyuricsko silveja1 on github +Simon Berger Simon Chalifoux Simon Dick Simon H. Simon Josefsson +Simon K Simon Legner Simon Liu Simon Warta +simplerobot on github Siva Sivaraman SLDiggie on github +Smackd0wn +Smackd0wn on github smuellerDD on github sn on hackerone sofaboss on github +Sohom Datta Somnath Kundu Song Ma Sonia Subramanian +southernedge on github Spacen Jasset Spezifant on github Spiridonoff A.V Spoon Man Spork Schivago +ssdbest on github sspiri on github sstruchtrup on github Stadler Stephan @@ -2204,7 +2767,9 @@ Stan Hu Stan van de Burgt Stanislav Ivochkin Stanislav Zidek +Stanley Wucw Stathis Kapnidis +Stav Nir steelman on github Stefan Agner Stefan Bühler @@ -2217,6 +2782,7 @@ Stefan Karpinski Stefan Krause Stefan Neis Stefan Strogin +Stefan Talpalaru Stefan Teleman Stefan Tomanek Stefan Ulrich @@ -2227,12 +2793,15 @@ steini2000 on github Stepan Broz Stepan Efremov Stephan Bergmann +Stephan Guilloux Stephan Lagerholm Stephan Mühlstrasser Stephan Szabo Stephane Pellegrino +Stephen Boost Stephen Brokenshire Stephen Collyer +Stephen Farrell Stephen Kick Stephen M. Coakley Stephen More @@ -2241,6 +2810,7 @@ Sterling Hughes Steve Green Steve H Truong Steve Havelka +Steve Herrell Steve Holme Steve Lhomme Steve Little @@ -2248,20 +2818,24 @@ Steve Marx Steve Oliphant Steve Roskowski Steve Walch +Steven Allen Steven Bazyl Steven G. Johnson Steven Gu Steven M. Schweda Steven Parkes Steven Penny +Stewart Gebbie Stian Soiland-Reyes Stoned Elipot stootill on github Stuart Henderson +Sukanya Hanumanthu SumatraPeter on github Sune Ahlgren Sunny Bean Sunny Purushe +SuperIlu on github Sven Anders Sven Blumenstein Sven Neuhaus @@ -2271,6 +2845,7 @@ swalkaus at yahoo.com sylgal on github Sylvestre Ledru Symeon Paraschoudis +Sébastien Helleu Sébastien Willemijns T. Bharath T. Yamada @@ -2278,12 +2853,16 @@ T200proX7 on github Tadej Vengust Tae Hyoung Ahn Taiyu Len +Tal Regev Taneli Vähäkangas Tanguy Fautre +Taras Kushnir tarek112 on github +Tatsuhiko Miyagawa Tatsuhiro Tsujikawa tawmoto on github tbugfinder on github +Ted Lyngmo Teemu Yli-Elsila Temprimus Terri Oda @@ -2291,28 +2870,39 @@ Terry Wu thanhchungbtc on github The Infinnovation team TheAssassin on github +TheKnarf on github +Theo Theodore Dubois therealhirudo on github +Thiago Suchorski tholin on github Thomas Bouzerar Thomas Braun Thomas Danielsson +Thomas Ferguson Thomas Gamper Thomas Glanzmann +Thomas Guillem Thomas J. Moore Thomas Klausner Thomas L. Shinnick Thomas Lopatic Thomas M. DuBuisson Thomas Petazzoni +Thomas Pyle Thomas Ruecker Thomas Schwinge +Thomas Taylor Thomas Tonino Thomas van Hesteren Thomas Vegas +Thomas Weißschuh +Thomas1664 on github +Thorsten Klein Thorsten Schöning Tiit Pikma Till Maas +Till Wegmüller Tim Ansell Tim Baker Tim Bartley @@ -2320,6 +2910,7 @@ Tim Chen Tim Costello Tim Harder Tim Heckman +Tim Hill Tim Mcdonough Tim Newsome Tim Rühsen @@ -2329,6 +2920,7 @@ Tim Stack Tim Starling Tim Tassonis Tim Verhoeven +Timmy Schierling Timo Lange Timo Sirainen Timotej Lazar @@ -2348,8 +2940,10 @@ Tobias Hintze Tobias Lindgren Tobias Markus Tobias Nießen +Tobias Nygren Tobias Nyholm Tobias Rundström +Tobias Schaefer Tobias Stoeckmann Toby Peterson Todd A Ouska @@ -2359,6 +2953,7 @@ Todd Short Todd Vierling Tom Benoist Tom Donovan +Tom Eccles Tom G. Christensen Tom Grace Tom Greenslade @@ -2388,34 +2983,45 @@ Tommy Chiang Tommy Odom Tommy Petty Tommy Tam +tomy2105 on github Ton Voon Toni Moreno Tony Kelman tonystz on Github +Toon Claes Toon Verwaest Tor Arntsen Torben Dannhauer +Torben Dury Torsten Foertsch Toshio Kuratomi Toshiyuki Maezawa tpaukrt on github Traian Nicolescu +Trail of Bits Travis Burtrum Travis Obenhaus Trivikram Kamat Troels Walsted Hansen Troy Engel +trrui-huawei +Trumeet on github +Trzik on github Tseng Jun Tuomas Siipola Tuomo Rinne Tupone Alfredo +Turiiya Tyler Hall Török Edwin +u20221022 on github Ulf Härnhammar Ulf Samuelsson Ulrich Doehner Ulrich Telle Ulrich Zadow +UnicornZhang on Github +updatede on github UrsusArctos on github User Sg ustcqidi on github @@ -2428,6 +3034,7 @@ Valerii Zapodovnikov vanillajonathan on github Varnavas Papaioannou Vasiliy Faronov +Vasiliy Ulyanov Vasily Lobaskin Vasy Okhin Venkat Akella @@ -2436,6 +3043,7 @@ Vicente Garcia Victor Magierski Victor Snezhko Victor Vieux +VictorVG on github Vijay Panghal Vikram Saxena Viktor Szakats @@ -2449,8 +3057,10 @@ Vincent Le Normand Vincent Penquerc'h Vincent Sanders Vincent Torri +violetlige on github vitaha85 on github Vitaly Varyvdin +vl409 on github Vlad Grachov Vlad Ureche Vladimir Grishchenko @@ -2459,19 +3069,29 @@ Vladimir Lazarenko Vladimir Panteleev Vladimir Varlamov Vlastimil OvÄáÄík +vlkl-sap on github +vlubart on github Vojtech Janota Vojtech Minarik VojtÄ›ch Král Volker Schmid Vsevolod Novikov vshmuk on hackerone +vulnerabilityspotter on hackerone +vuonganh1993 on github +vvb2060 +vvb2060 on github Vyron Tsingaras +Vítor Galvão W. Mark Kubacki +w0x42 on hackerone Waldek Kozba Walter J. Mack +wangzhikun Ward Willats Warren Menzer Wayne Haigh +Wei Chong Tan Wenchao Li Wenxiang Qian Werner Koch @@ -2483,42 +3103,58 @@ Wesley Miaw Wez Furlong Wham Bang Wilfredo Sanchez +Wilhelm von Thiele Will Dietz Will Roberts +Willem Hoek Willem Sparreboom William A. Rowe Jr William Ahern William Desportes +William Tang +Winni Neessen wmsch on github wncboy on github Wojciech Zwiefka +Wolf Vollprecht Wouter Van Rooy Wu Yongzheng +Wu Zheng Wyatt O'Day Wyatt OʼDay x2018 on github Xavier Bouchoux XhmikosR on github XhstormR on github +Xi Ruoyao Xiang Xiao Xiangbin Li +xianghongai on github +Xiaoke Wang Xiaoyin Liu XmiliaH on github xnynx on github +xtonik on github xwxbug on github +Xì Gà Yaakov Selkowitz +Yadhu Krishna M +Yair Lenga Yang Tse Yaobin Wen Yarram Sunil Yasuharu Yamada Yasuhiro Matsumoto Yechiel Kalmenson +Yedaya Katsman Yehezkel Horowitz Yehoshua Hershberg ygthien on github Yi Huang +Yifei Kong Yiming Jing Yingwei Liu +yiyuaner on github Ymir1711 on github Yonggang Luo Yongkang Huang @@ -2529,30 +3165,41 @@ Yu Xin Yukihiro Kawada Yun SangHo Yuri Slobodyanyuk +Yurii Rashkovskii +Yuriy Chernyshov Yuriy Sosov +yushicheng7788 on github Yusuke Nakamura Yves Arrouye Yves Lejeune -z2-2z on github -z2_ on hackerone +YX Hao +z2_ Zachary Seguin Zdenek Pavlas Zekun Ni zelinchen on github +zengwei +zengwei2000 Zenju on github Zero King +Zespre Schmidt Zhang Xiuhua +zhanghu on xiaomi Zhao Yisha Zhaoyang Wu +zhengqwe on github Zhibiao Wu +zhihaoy on github Zhouyihai Ding ZimCodes on github zloi-user on github +zmcx16 on github Zmey Petroff Zvi Har'El zzq1015 on github Ãdler Jonas Gross Érico Nogueira +Érico Nogueira Rolim Ä°smail Dönmez Åukasz Domeradzki Å tefan Kremeň @@ -2562,3 +3209,9 @@ zzq1015 on github ウã•ã‚“ ä¸ç¡®å®š 加藤éƒä¹‹ +å—å®«é›ªçŠ +左潇峰 +æŽå›› +梦终无痕 +ç©ä¸¹å°¼ Dan Jacobson +ç½—æœè¾‰ diff --git a/libs/curl/docs/THANKS-filter b/libs/curl/docs/THANKS-filter index ff2de777..ede27dc6 100644 --- a/libs/curl/docs/THANKS-filter +++ b/libs/curl/docs/THANKS-filter @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,16 +18,18 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### # # This is a list of names we have recorded that already are thanked # appropriately in THANKS. This list contains variations of their names and # their "canonical" name. This file is used for scripting purposes to avoid # duplicate entries and will not be included in release tarballs. -# When removing dupes that aren't identical names from THANKS, add a line +# When removing dupes that are not identical names from THANKS, add a line # here! # -# Used-by: contributor.sh +# Used-by: contributors.sh s/Andres Garcia/Andrés García/ s/Chris Conroy/Christopher Conroy/ s/Francois Charlier/François Charlier/ @@ -127,3 +129,16 @@ s/William A Rowe Jr/William A. Rowe Jr/ s/jonrumsey on github/Jon Rumsey/ s/Travis Burtrum on github// s/i-ky on github/Gleb Ivanovsky/ +s/ *via curl-library *// +s/Evgeny Grin$/Evgeny Grin (Karlson2k)/ +s/Karlson2k on github/Evgeny Grin (Karlson2k)/ +s/Dan Frandrich/Dan Fandrich/ +s/Dan Fandrich\./Dan Fandrich/ +s/GitHub$// +s/pszlazak$/pszlazak on github/ +s/Randall$/Randall S. Becker/ +s/talregev on github/Tal Regev/ +s/daniel-j-h/Daniel J. H./ +s/hongfei.li/Hongfei Li/ +s/z2_ on hackerone/z2_/ +s/z2-2z on github/z2_/ diff --git a/libs/curl/docs/TODO b/libs/curl/docs/TODO index f9052c7b..914b9a31 100644 --- a/libs/curl/docs/TODO +++ b/libs/curl/docs/TODO @@ -22,15 +22,14 @@ 1.3 struct lifreq 1.4 alt-svc sharing 1.5 get rid of PATH_MAX - 1.6 native IDN support on macOS - 1.7 Support HTTP/2 for HTTP(S) proxies + 1.6 thread-safe sharing 1.8 CURLOPT_RESOLVE for any port number 1.9 Cache negative name resolves 1.10 auto-detect proxy 1.11 minimize dependencies with dynamically loaded modules 1.12 updated DNS server while running 1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION - 1.14 Typesafe curl_easy_setopt() + 1.14 connect to multiple IPs in parallel 1.15 Monitor connections in the connection pool 1.16 Try to URL encode given URL 1.17 Add support for IRIs @@ -40,14 +39,13 @@ 1.21 netrc caching and sharing 1.22 CURLINFO_PAUSE_STATE 1.23 Offer API to flush the connection pool - 1.24 TCP Fast Open for windows 1.25 Expose tried IP addresses that failed - 1.27 hardcode the "localhost" addresses 1.28 FD_CLOEXEC - 1.29 Upgrade to websockets + 1.29 WebSocket read callback 1.30 config file parsing 1.31 erase secrets from heap/stack after use 1.32 add asynch getaddrinfo support + 1.33 make DoH inherit more transfer properties 2. libcurl - multi interface 2.1 More non-blocking @@ -66,15 +64,15 @@ 4. FTP 4.1 HOST 4.2 Alter passive/active on failure and retry - 4.3 Earlier bad letter detection + 4.4 Support CURLOPT_PREQUOTE for directories listings 4.5 ASCII support 4.6 GSSAPI via Windows SSPI 4.7 STAT for LIST without data connection - 4.8 Option to ignore private IP addresses in PASV response + 4.8 Passive transfer could try other IP addresses 5. HTTP - 5.1 Better persistency for HTTP 1.0 - 5.2 Set custom client ip when using haproxy protocol + 5.1 Provide the error body from a CONNECT response + 5.2 Obey Retry-After in redirects 5.3 Rearrange request header order 5.4 Allow SAN names in HTTP/2 server push 5.5 auth= in URLs @@ -85,8 +83,10 @@ 6.1 ditch stdin 6.2 ditch telnet-specific select 6.3 feature negotiation debug data + 6.4 exit immediately upon connection if stdin is /dev/null 7. SMTP + 7.1 Passing NOTIFY option to CURLOPT_MAIL_RCPT 7.2 Enhanced capability support 7.3 Add CURLOPT_MAIL_CLIENT option @@ -100,6 +100,7 @@ 10.1 SASL based authentication mechanisms 10.2 CURLOPT_SSL_CTX_FUNCTION for LDAPS 10.3 Paged searches on LDAP server + 10.4 Certificate-Based Authentication 11. SMB 11.1 File listing support @@ -108,24 +109,24 @@ 11.4 Create remote directories 12. FILE - 12.1 Directory listing for FILE: + 12.1 Directory listing on non-POSIX 13. TLS 13.1 TLS-PSK with OpenSSL - 13.2 Provide mutex locking API + 13.2 TLS channel binding 13.3 Defeat TLS fingerprinting - 13.4 Cache/share OpenSSL contexts 13.5 Export session ids 13.6 Provide callback for cert verification + 13.7 Less memory massaging with Schannel 13.8 Support DANE 13.9 TLS record padding 13.10 Support Authority Information Access certificate extension (AIA) - 13.11 Support intermediate & root pinning for PINNEDPUBLICKEY + 13.11 Some TLS options are not offered for HTTPS proxies 13.13 Make sure we forbid TLS 1.3 post-handshake authentication 13.14 Support the clienthello extension - - 14. GnuTLS - 14.2 check connection + 13.15 Select signature algorithms + 13.16 Share the CA cache + 13.17 Add missing features to TLS backends 15. Schannel 15.1 Extend support for client certificate authentication @@ -139,56 +140,61 @@ 17. SSH protocols 17.1 Multiplexing 17.2 Handle growing SFTP files + 17.3 Read keys from ~/.ssh/id_ecdsa, id_ed25519 17.4 Support CURLOPT_PREQUOTE 17.5 SSH over HTTPS proxy with more backends + 17.6 SFTP with SCP:// 18. Command line tool 18.1 sync 18.2 glob posts - 18.3 prevent file overwriting + 18.3 -h option 18.4 --proxycommand 18.5 UTF-8 filenames in Content-Disposition 18.6 Option to make -Z merge lined based outputs on stdout - 18.7 at least N milliseconds between requests - 18.8 Consider convenience options for JSON and XML? + 18.7 specify which response codes that make -f/--fail return error 18.9 Choose the name of file in braces for complex URLs 18.10 improve how curl works in a windows console window 18.11 Windows: set attribute 'archive' for completed downloads 18.12 keep running, read instructions from pipe/socket - 18.13 Ratelimit or wait between serial requests + 18.13 Acknowledge Ratelimit headers 18.14 --dry-run 18.15 --retry should resume 18.16 send only part of --data - 18.17 consider file name from the redirected URL with -O ? + 18.17 consider filename from the redirected URL with -O ? 18.18 retry on network is unreachable 18.19 expand ~/ in config files - 18.20 host name sections in config files + 18.20 hostname sections in config files 18.21 retry on the redirected-to URL 18.23 Set the modification date on an uploaded file 18.24 Use multiple parallel transfers for a single download 18.25 Prevent terminal injection when writing to terminal 18.26 Custom progress meter update interval + 18.27 -J and -O with %-encoded filenames + 18.28 -J with -C - + 18.29 --retry and transfer timeouts 19. Build - 19.1 roffit 19.2 Enable PIE and RELRO by default 19.3 Do not use GNU libtool on OpenBSD 19.4 Package curl for Windows in a signed installer 19.5 make configure use --cache-file more and better + 19.6 build curl with Windows Unicode support 20. Test suite 20.1 SSL tunnel 20.2 nicer lacking perl message 20.3 more protocols supported 20.4 more platforms supported - 20.5 Add support for concurrent connections - 20.6 Use the RFC6265 test suite - 20.7 Support LD_PRELOAD on macOS - 20.8 Run web-platform-tests url tests - 20.9 Bring back libssh tests on Travis + 20.6 Use the RFC 6265 test suite + 20.8 Run web-platform-tests URL tests 21. MQTT 21.1 Support rate-limiting + 21.2 Support MQTTS + + 22. TFTP + 22.1 TFTP does not convert LF to CRLF for mode=netascii ============================================================================== @@ -196,6 +202,10 @@ 1.1 TFO support on Windows + libcurl supports the CURLOPT_TCP_FASTOPEN option since 7.49.0 for Linux and + Mac OS. Windows supports TCP Fast Open starting with Windows 10, version 1607 + and we should add support for it. + TCP Fast Open is supported on several platforms but not on Windows. Work on this was once started but never finished. @@ -220,6 +230,15 @@ See https://github.com/curl/curl/issues/4476 + The share interface offers CURL_LOCK_DATA_CONNECT to have multiple easy + handle share a connection cache, but due to how connections are used they are + still not thread-safe when used shared. + + See https://github.com/curl/curl/issues/4915 and lib1541.c + + The share interface offers CURL_LOCK_DATA_HSTS to have multiple easy handle + share a HSTS cache, but this is not thread-safe. + 1.5 get rid of PATH_MAX Having code use and rely on PATH_MAX is not nice: @@ -229,27 +248,18 @@ there we need libssh2 to properly tell us when we pass in a too small buffer and its current API (as of libssh2 1.2.7) does not. -1.6 native IDN support on macOS - - On recent macOS versions, the getaddrinfo() function itself has built-in IDN - support. By setting the AI_CANONNAME flag, the function will return the - encoded name in the ai_canonname struct field in the returned information. - This could be used by curl on macOS when built without a separate IDN library - and an IDN host name is used in a URL. - - See initial work in https://github.com/curl/curl/pull/5371 - -1.7 Support HTTP/2 for HTTP(S) proxies +1.6 thread-safe sharing - Support for doing HTTP/2 to HTTP and HTTPS proxies is still missing. - - See https://github.com/curl/curl/issues/3570 + Using the share interface users can share some data between easy handles but + several of the sharing options are documented as as not safe and supported to + share between multiple concurrent threads. Fixing this would enable more + users to share data in more powerful ways. 1.8 CURLOPT_RESOLVE for any port number This option allows applications to set a replacement IP address for a given host + port pair. Consider making support for providing a replacement address - for the host name on all port numbers. + for the hostname on all port numbers. See https://github.com/curl/curl/issues/1264 @@ -290,30 +300,25 @@ 1.13 c-ares and CURLOPT_OPENSOCKETFUNCTION - curl will create most sockets via the CURLOPT_OPENSOCKETFUNCTION callback and + curl creates most sockets via the CURLOPT_OPENSOCKETFUNCTION callback and close them with the CURLOPT_CLOSESOCKETFUNCTION callback. However, c-ares - does not use those functions and instead opens and closes the sockets - itself. This means that when curl passes the c-ares socket to the - CURLMOPT_SOCKETFUNCTION it is not owned by the application like other sockets. + does not use those functions and instead opens and closes the sockets itself. + This means that when curl passes the c-ares socket to the + CURLMOPT_SOCKETFUNCTION it is not owned by the application like other + sockets. See https://github.com/curl/curl/issues/2734 -1.14 Typesafe curl_easy_setopt() - - One of the most common problems in libcurl using applications is the lack of - type checks for curl_easy_setopt() which happens because it accepts varargs - and thus can take any type. - - One possible solution to this is to introduce a few different versions of the - setopt version for the different kinds of data you can set. - - curl_easy_set_num() - sets a long value - - curl_easy_set_large() - sets a curl_off_t value - - curl_easy_set_ptr() - sets a pointer +1.14 connect to multiple IPs in parallel - curl_easy_set_cb() - sets a callback PLUS its callback data + curl currently implements the happy eyeball algorithm for connecting to the + IPv4 and IPv6 alternatives for a host in parallel, sticking with the + connection that "wins". We could implement a similar algorithm per individual + IP family as well when there are multiple available addresses: start with the + first address, then start a second attempt N milliseconds after and then a + third another N milliseconds later. That way there would be less waiting when + the first IP has problems. It also improves the connection timeout value + handling for multiple address situations. 1.15 Monitor connections in the connection pool @@ -324,10 +329,11 @@ reuse purpose it is verified that it is still alive. Those connections may get closed by the server side for idleness or they may - get a HTTP/2 ping from the peer to verify that they are still alive. By adding - monitoring of the connections while in the pool, libcurl can detect dead - connections (and close them) better and earlier, and it can handle HTTP/2 - pings to keep such ones alive even when not actively doing transfers on them. + get an HTTP/2 ping from the peer to verify that they are still alive. By + adding monitoring of the connections while in the pool, libcurl can detect + dead connections (and close them) better and earlier, and it can handle + HTTP/2 pings to keep such ones alive even when not actively doing transfers + on them. 1.16 Try to URL encode given URL @@ -388,31 +394,15 @@ An API could allow a forced flush or just a forced loop that would properly close all connections that have been closed by the server already. -1.24 TCP Fast Open for windows - - libcurl supports the CURLOPT_TCP_FASTOPEN option since 7.49.0 for Linux and - Mac OS. Windows supports TCP Fast Open starting with Windows 10, version 1607 - and we should add support for it. - 1.25 Expose tried IP addresses that failed - When libcurl fails to connect to a host, it should be able to offer the - application the list of IP addresses that were used in the attempt. + When libcurl fails to connect to a host, it could offer the application the + addresses that were used in the attempt. Source + dest IP, source + dest port + and protocol (UDP or TCP) for each failure. Possibly as a callback. Perhaps + also provide "reason". https://github.com/curl/curl/issues/2126 -1.27 hardcode the "localhost" addresses - - There's this new spec getting adopted that says "localhost" should always and - unconditionally be a local address and not get resolved by a DNS server. A - fine way for curl to fix this would be to simply hard-code the response to - 127.0.0.1 and/or ::1 (depending on what IP versions that are requested). This - is what the browsers probably will do with this hostname. - - https://bugzilla.mozilla.org/show_bug.cgi?id=1220810 - - https://tools.ietf.org/html/draft-ietf-dnsop-let-localhost-be-localhost-02 - 1.28 FD_CLOEXEC It sets the close-on-exec flag for the file descriptor, which causes the file @@ -421,13 +411,12 @@ https://github.com/curl/curl/issues/2252 -1.29 Upgrade to websockets +1.29 WebSocket read callback - libcurl could offer a smoother path to get to a websocket connection. - See https://github.com/curl/curl/issues/3523 + Call the read callback once the connection is established to allow sending + the first message in the connection. - Michael Kaufmann suggestion here: - https://curl.se/video/curlup-2017/2017-03-19_05_Michael_Kaufmann_Websocket_support_for_curl.mp4 + https://github.com/curl/curl/issues/11402 1.30 config file parsing @@ -455,6 +444,21 @@ https://github.com/curl/curl/pull/6746 +1.33 make DoH inherit more transfer properties + + Some options are not inherited because they are not relevant for the DoH SSL + connections, or inheriting the option may result in unexpected behavior. For + example the user's debug function callback is not inherited because it would + be unexpected for internal handles (ie DoH handles) to be passed to that + callback. + + If an option is not inherited then it is not possible to set it separately + for DoH without a DoH-specific option. For example: + CURLOPT_DOH_SSL_VERIFYHOST, CURLOPT_DOH_SSL_VERIFYPEER and + CURLOPT_DOH_SSL_VERIFYSTATUS. + + See https://github.com/curl/curl/issues/6605 + 2. libcurl - multi interface 2.1 More non-blocking @@ -498,8 +502,8 @@ 2.4 Split connect and authentication process The multi interface treats the authentication process as part of the connect - phase. As such any failures during authentication will not trigger the relevant - QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP. + phase. As such any failures during authentication does not trigger the + relevant QUIT or LOGOFF for protocols such as IMAP, POP3 and SMTP. 2.5 Edge-triggered sockets should work @@ -549,10 +553,10 @@ 4.1 HOST - HOST is a command for a client to tell which host name to use, to offer FTP + HOST is a command for a client to tell which hostname to use, to offer FTP servers named-based virtual hosting: - https://tools.ietf.org/html/rfc7151 + https://datatracker.ietf.org/doc/html/rfc7151 4.2 Alter passive/active on failure and retry @@ -561,14 +565,16 @@ connection. There could be a way to fallback to an active connection (and vice versa). https://curl.se/bug/feature.cgi?id=1754793 -4.3 Earlier bad letter detection +4.4 Support CURLOPT_PREQUOTE for directions listings + + The lack of support is mostly an oversight and requires the FTP state machine + to get updated to get fixed. - Make the detection of (bad) %0d and %0a codes in FTP URL parts earlier in the - process to avoid doing a resolve and connect in vain. + https://github.com/curl/curl/issues/8602 4.5 ASCII support - FTP ASCII transfers do not follow RFC959. They do not convert the data + FTP ASCII transfers do not follow RFC 959. They do not convert the data accordingly. 4.6 GSSAPI via Windows SSPI @@ -585,29 +591,39 @@ This is not detailed in any FTP specification. -4.8 Option to ignore private IP addresses in PASV response +4.8 Passive transfer could try other IP addresses + + When doing FTP operations through a proxy at localhost, the reported spotted + that curl only tried to connect once to the proxy, while it had multiple + addresses and a failed connect on one address should make it try the next. - Some servers respond with and some other FTP client implementations can - ignore private (RFC 1918 style) IP addresses when received in PASV responses. - To consider for libcurl as well. See https://github.com/curl/curl/issues/1455 + After switching to passive mode (EPSV), curl could try all IP addresses for + "localhost". Currently it tries ::1, but it should also try 127.0.0.1. + + See https://github.com/curl/curl/issues/1508 5. HTTP -5.1 Better persistency for HTTP 1.0 +5.1 Provide the error body from a CONNECT response + + When curl receives a body response from a CONNECT request to a proxy, it + always just reads and ignores it. It would make some users happy if curl + instead optionally would be able to make that responsible available. Via a + new callback? Through some other means? - "Better" support for persistent connections over HTTP 1.0 - https://curl.se/bug/feature.cgi?id=1089001 + See https://github.com/curl/curl/issues/9513 -5.2 Set custom client ip when using haproxy protocol +5.2 Obey Retry-After in redirects - This would allow testing servers with different client ip addresses (without - using x-forward-for header). + The Retry-After is said to dicate "the minimum time that the user agent is + asked to wait before issuing the redirected request" and libcurl does not + obey this. - https://github.com/curl/curl/issues/5125 + See https://github.com/curl/curl/issues/11447 5.3 Rearrange request header order - Server implementors often make an effort to detect browser and to reject + Server implementers often make an effort to detect browser and to reject clients it can detect to not match. One of the last details we cannot yet control in libcurl's HTTP requests, which also can be exploited to detect that libcurl is in fact used even when it tries to impersonate a browser, is @@ -620,7 +636,7 @@ 5.4 Allow SAN names in HTTP/2 server push curl only allows HTTP/2 push promise if the provided :authority header value - exactly matches the host name given in the URL. It could be extended to allow + exactly matches the hostname given in the URL. It could be extended to allow any name that would match the Subject Alternative Names in the server's TLS certificate. @@ -665,16 +681,31 @@ 6.2 ditch telnet-specific select Move the telnet support's network select() loop go away and merge the code - into the main transfer loop. Until this is done, the multi interface will not + into the main transfer loop. Until this is done, the multi interface does not work for telnet. 6.3 feature negotiation debug data Add telnet feature negotiation data to the debug callback as header data. +6.4 exit immediately upon connection if stdin is /dev/null + + If it did, curl could be used to probe if there is an server there listening + on a specific port. That is, the following command would exit immediately + after the connection is established with exit code 0: + + curl -s --connect-timeout 2 telnet://example.com:80 NOTIFY=SUCCESS,FAILURE" ); + + https://github.com/curl/curl/issues/8232 + 7.2 Enhanced capability support Add the ability, for an application that uses libcurl, to obtain the list of @@ -726,6 +757,12 @@ https://github.com/curl/curl/issues/4452 +10.4 Certificate-Based Authentication + + LDAPS not possible with MAC and Windows with Certificate-Based Authentication + + https://github.com/curl/curl/issues/9641 + 11. SMB 11.1 File listing support @@ -750,11 +787,11 @@ 12. FILE -12.1 Directory listing for FILE: - - Add support for listing the contents of a directory accessed with FILE. The - output should probably be the same as/similar to FTP. +12.1 Directory listing on non-POSIX + Listing the contents of a directory accessed with FILE only works on + platforms with opendir. Support could be added for more systems, like + Windows. 13. TLS @@ -767,11 +804,22 @@ https://github.com/curl/curl/issues/5081 -13.2 Provide mutex locking API +13.2 TLS channel binding + + TLS 1.2 and 1.3 provide the ability to extract some secret data from the TLS + connection and use it in the client request (usually in some sort of + authentication) to ensure that the data sent is bound to the specific TLS + connection and cannot be successfully intercepted by a proxy. This + functionality can be used in a standard authentication mechanism such as + GSS-API or SCRAM, or in custom approaches like custom HTTP Authentication + headers. - Provide a libcurl API for setting mutex callbacks in the underlying SSL - library, so that the same application code can use mutex-locking - independently of OpenSSL or GnutTLS being used. + For TLS 1.2, the binding type is usually tls-unique, and for TLS 1.3 it is + tls-exporter. + + https://datatracker.ietf.org/doc/html/rfc5929 + https://datatracker.ietf.org/doc/html/rfc9266 + https://github.com/curl/curl/issues/9226 13.3 Defeat TLS fingerprinting @@ -781,22 +829,6 @@ See https://github.com/curl/curl/issues/8119 -13.4 Cache/share OpenSSL contexts - - "Look at SSL cafile - quick traces look to me like these are done on every - request as well, when they should only be necessary once per SSL context (or - once per handle)". The major improvement we can rather easily do is to make - sure we do not create and kill a new SSL "context" for every request, but - instead make one for every connection and re-use that SSL context in the same - style connections are re-used. It will make us use slightly more memory but - it will libcurl do less creations and deletions of SSL contexts. - - Technically, the "caching" is probably best implemented by getting added to - the share interface so that easy handles who want to and can reuse the - context specify that by sharing with the right properties set. - - https://github.com/curl/curl/issues/1110 - 13.5 Export session ids Add an interface to libcurl that enables "session IDs" to get @@ -809,7 +841,14 @@ OpenSSL supports a callback for customised verification of the peer certificate, but this does not seem to be exposed in the libcurl APIs. Could - it be? There's so much that could be done if it were. + it be? There is so much that could be done if it were. + +13.7 Less memory massaging with Schannel + + The Schannel backend does a lot of custom memory management we would rather + avoid: the repeated alloc + free in sends and the custom memory + realloc + system for encrypted and decrypted data. That should be avoided and reduced + for 1) efficiency and 2) safety. 13.8 Support DANE @@ -845,16 +884,15 @@ See https://github.com/curl/curl/issues/2793 -13.11 Support intermediate & root pinning for PINNEDPUBLICKEY +13.11 Some TLS options are not offered for HTTPS proxies - CURLOPT_PINNEDPUBLICKEY does not consider the hashes of intermediate & root - certificates when comparing the pinned keys. Therefore it is not compatible - with "HTTP Public Key Pinning" as there also intermediate and root - certificates can be pinned. This is useful as it prevents webadmins from - "locking themselves out of their servers". + Some TLS related options to the command line tool and libcurl are only + provided for the server and not for HTTPS proxies. --proxy-tls-max, + --proxy-tlsv1.3, --proxy-curves and a few more. + For more Documentation on this see: + https://curl.se/libcurl/c/tls-options.html - Adding this feature would make curls pinning 100% compatible to HPKP and - allow more flexible pinning. + https://github.com/curl/curl/issues/12286 13.13 Make sure we forbid TLS 1.3 post-handshake authentication @@ -870,15 +908,29 @@ that previously (in older TLS version) were not set. The clienthello extension adds padding to avoid that size range. - https://tools.ietf.org/html/rfc7685 + https://datatracker.ietf.org/doc/html/rfc7685 https://github.com/curl/curl/issues/2299 -14. GnuTLS +13.15 Select signature algorithms + + Consider adding an option or a way for users to select TLS signature + algorithm. The signature algorithms set by a client are used directly in the + supported signature algorithm in the client hello message. + + https://github.com/curl/curl/issues/12982 -14.2 check connection +13.16 Share the CA cache - Add a way to check if the connection seems to be alive, to correspond to the - SSL_peak() way we use with OpenSSL. + For TLS backends that supports CA caching, it makes sense to allow the share + object to be used to store the CA cache as well via the share API. Would + allow multiple easy handles to reuse the CA cache and save themselves from a + lot of extra processing overhead. + +13.17 Add missing features to TLS backends + + The feature matrix at https://curl.se/libcurl/c/tls-options.html shows which + features are supported by which TLS backends, and thus also where there are + feature gaps. 15. Schannel @@ -898,10 +950,10 @@ 15.4 Add option to allow abrupt server closure - libcurl w/schannel will error without a known termination point from the - server (such as length of transfer, or SSL "close notify" alert) to prevent - against a truncation attack. Really old servers may neglect to send any - termination point. An option could be added to ignore such abrupt closures. + libcurl w/schannel errors without a known termination point from the server + (such as length of transfer, or SSL "close notify" alert) to prevent against + a truncation attack. Really old servers may neglect to send any termination + point. An option could be added to ignore such abrupt closures. https://github.com/curl/curl/issues/4427 @@ -927,7 +979,7 @@ SSH is a perfectly fine multiplexed protocols which would allow libcurl to do multiple parallel transfers from the same host using the same connection, much in the same spirit as HTTP/2 does. libcurl however does not take - advantage of that ability but will instead always create a new connection for + advantage of that ability but does instead always create a new connection for new transfers even if an existing connection already exists to the host. To fix this, libcurl would have to detect an existing connection and "attach" @@ -937,12 +989,20 @@ The SFTP code in libcurl checks the file size *before* a transfer starts and then proceeds to transfer exactly that amount of data. If the remote file - grows while the transfer is in progress libcurl will not notice and will not + grows while the transfer is in progress libcurl does not notice and does not adapt. The OpenSSH SFTP command line tool does and libcurl could also just attempt to download more to see if there is more to get... https://github.com/curl/curl/issues/4344 +17.3 Read keys from ~/.ssh/id_ecdsa, id_ed25519 + + The libssh2 backend in curl is limited to only reading keys from id_rsa and + id_dsa, which makes it fail connecting to servers that use more modern key + types. + + https://github.com/curl/curl/issues/8586 + 17.4 Support CURLOPT_PREQUOTE The two other QUOTE options are supported for SFTP, but this was left out for @@ -955,6 +1015,12 @@ functionality with the libssh2 backend. Presumably, this support can/could be added for the other backends as well. +17.6 SFTP with SCP:// + + OpenSSH 9 switched their 'scp' tool to speak SFTP under the hood. Going + forward it might be worth having curl or libcurl attempt SFTP if SCP fails to + follow suite. + 18. Command line tool 18.1 sync @@ -971,13 +1037,11 @@ Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. This is easily scripted though. -18.3 prevent file overwriting +18.3 -h option - Add an option that prevents curl from overwriting existing local files. When - used, and there already is an existing file with the target file name - (either -O or -o), a number should be appended (and increased if already - existing). So that index.html becomes first index.html.1 and then - index.html.2 etc. + Support "curl -h --insecure" etc to output the manpage section for the + --insecure command line option in the terminal. Should be possible to work + with either long or short versions of command line options. 18.4 --proxycommand @@ -999,35 +1063,15 @@ 18.6 Option to make -Z merge lined based outputs on stdout When a user requests multiple lined based files using -Z and sends them to - stdout, curl will not "merge" and send complete lines fine but may send + stdout, curl does not "merge" and send complete lines fine but may send partial lines from several sources. https://github.com/curl/curl/issues/5175 -18.7 at least N milliseconds between requests - - Allow curl command lines issue a lot of request against services that limit - users to no more than N requests/second or similar. Could be implemented with - an option asking that at least a certain time has elapsed since the previous - request before the next one will be performed. Example: - - $ curl "https://example.com/api?input=[1-1000]" -d yadayada --after 500 - - See https://github.com/curl/curl/issues/3920 - -18.8 Consider convenience options for JSON and XML? - - Could we add `--xml` or `--json` to add headers needed to call rest API: +18.7 specify which response codes that make -f/--fail return error - `--xml` adds -H 'Content-Type: application/xml' -H "Accept: application/xml" and - `--json` adds -H 'Content-Type: application/json' -H "Accept: application/json" - - Setting Content-Type when doing a GET or any other method without a body - would be a bit strange I think - so maybe only add CT for requests with body? - Maybe plain `--xml` and ` --json` are a bit too brief and generic. Maybe - `--http-json` etc? - - See https://github.com/curl/curl/issues/5203 + Allows a user to better specify exacly which error code(s) that are fine + and which are errors for their specific uses cases 18.9 Choose the name of file in braces for complex URLs @@ -1053,7 +1097,7 @@ backed up from those that are either not ready or have not changed. Downloads in progress are neither ready to be backed up, nor should they be - opened by a different process. Only after a download has been completed it's + opened by a different process. Only after a download has been completed it is sensible to include it in any integer snapshot or backup of the system. See https://github.com/curl/curl/issues/3354 @@ -1066,13 +1110,11 @@ invoke can talk to the still running instance and ask for transfers to get done, and thus maintain its connection pool, DNS cache and more. -18.13 Ratelimit or wait between serial requests +18.13 Acknowledge Ratelimit headers Consider a command line option that can make curl do multiple serial requests - slow, potentially with a (random) wait between transfers. There's also a - proposed set of standard HTTP headers to let servers let the client adapt to - its rate limits: - https://www.ietf.org/id/draft-polli-ratelimit-headers-02.html + while acknowledging server specified rate limits: + https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/ See https://github.com/curl/curl/issues/5406 @@ -1101,22 +1143,22 @@ See https://github.com/curl/curl/issues/1200 -18.17 consider file name from the redirected URL with -O ? +18.17 consider filename from the redirected URL with -O ? When a user gives a URL and uses -O, and curl follows a redirect to a new - URL, the file name is not extracted and used from the newly redirected-to URL - even if the new URL may have a much more sensible file name. + URL, the filename is not extracted and used from the newly redirected-to URL + even if the new URL may have a much more sensible filename. - This is clearly documented and helps for security since there's no surprise - to users which file name that might get overwritten. But maybe a new option + This is clearly documented and helps for security since there is no surprise + to users which filename that might get overwritten, but maybe a new option could allow for this or maybe -J should imply such a treatment as well as -J - already allows for the server to decide what file name to use so it already + already allows for the server to decide what filename to use so it already provides the "may overwrite any file" risk. - This is extra tricky if the original URL has no file name part at all since - then the current code path will error out with an error message, and we cannot - *know* already at that point if curl will be redirected to a URL that has a - file name... + This is extra tricky if the original URL has no filename part at all since + then the current code path does error out with an error message, and we + cannot *know* already at that point if curl is redirected to a URL that has a + filename... See https://github.com/curl/curl/issues/1241 @@ -1138,19 +1180,19 @@ See https://github.com/curl/curl/issues/2317 -18.20 host name sections in config files +18.20 hostname sections in config files config files would be more powerful if they could set different - configurations depending on used URLs, host name or possibly origin. Then a + configurations depending on used URLs, hostname or possibly origin. Then a default .curlrc could a specific user-agent only when doing requests against a certain site. 18.21 retry on the redirected-to URL When curl is told to --retry a failed transfer and follows redirects, it - might get a HTTP 429 response from the redirected-to URL and not the original - one, which then could make curl decide to rather retry the transfer on that - URL only instead of the original operation to the original URL. + might get an HTTP 429 response from the redirected-to URL and not the + original one, which then could make curl decide to rather retry the transfer + on that URL only instead of the original operation to the original URL. Perhaps extra emphasized if the original transfer is a large POST that redirects to a separate GET, and that GET is what gets the 529 @@ -1179,7 +1221,7 @@ - If splitting up the work improves the transfer rate, it could then be done again. Then again, etc up to a limit. - This way, if transfer B fails (because Range: is not supported) it will let + This way, if transfer B fails (because Range: is not supported) it lets transfer A remain the single one. N and M could be set to some sensible defaults. @@ -1200,12 +1242,43 @@ progressing and has not stuck, but they may not appreciate the many-times-a-second frequency curl can end up doing it with now. -19. Build +18.27 -J and -O with %-encoded filenames + + -J/--remote-header-name does not decode %-encoded filenames. RFC 6266 details + how it should be done. The can of worm is basically that we have no charset + handling in curl and ascii >=128 is a challenge for us. Not to mention that + decoding also means that we need to check for nastiness that is attempted, + like "../" sequences and the like. Probably everything to the left of any + embedded slashes should be cut off. + https://curl.se/bug/view.cgi?id=1294 + + -O also does not decode %-encoded names, and while it has even less + information about the charset involved the process is similar to the -J case. + + Note that we do not decode -O without the user asking for it with some other + means, since -O has always been documented to use the name exactly as + specified in the URL. -19.1 roffit +18.28 -J with -C - - Consider extending 'roffit' to produce decent ASCII output, and use that - instead of (g)nroff when building src/tool_hugehelp.c + When using -J (with -O), automatically resumed downloading together with "-C + -" fails. Without -J the same command line works. This happens because the + resume logic is worked out before the target filename (and thus its + pre-transfer size) has been figured out. This can be improved. + + https://curl.se/bug/view.cgi?id=1169 + +18.29 --retry and transfer timeouts + + If using --retry and the transfer timeouts (possibly due to using -m or + -y/-Y) the next attempt does not resume the transfer properly from what was + downloaded in the previous attempt but truncates and restarts at the original + position where it was at before the previous failed attempt. See + https://curl.se/mail/lib-2008-01/0080.html and Mandriva bug report + https://qa.mandriva.com/show_bug.cgi?id=22565 + + +19. Build 19.2 Enable PIE and RELRO by default @@ -1220,12 +1293,13 @@ curl. 19.3 Do not use GNU libtool on OpenBSD - When compiling curl on OpenBSD with "--enable-debug" it will give linking - errors when you use GNU libtool. This can be fixed by using the libtool - provided by OpenBSD itself. However for this the user always needs to invoke - make with "LIBTOOL=/usr/bin/libtool". It would be nice if the script could - have some magic to detect if this system is an OpenBSD host and then use the - OpenBSD libtool instead. + + When compiling curl on OpenBSD with "--enable-debug" it gives linking errors + when you use GNU libtool. This can be fixed by using the libtool provided by + OpenBSD itself. However for this the user always needs to invoke make with + "LIBTOOL=/usr/bin/libtool". It would be nice if the script could have some + magic to detect if this system is an OpenBSD host and then use the OpenBSD + libtool instead. See https://github.com/curl/curl/issues/5862 @@ -1240,6 +1314,13 @@ See https://github.com/curl/curl/issues/7753 +19.6 build curl with Windows Unicode support + + The user wants an easier way to tell autotools to build curl with Windows + Unicode support, like ./configure --enable-windows-unicode + + See https://github.com/curl/curl/issues/7229 + 20. Test suite 20.1 SSL tunnel @@ -1263,54 +1344,40 @@ Make the test suite work on more platforms. OpenBSD and Mac OS. Remove fork()s and it should become even more portable. -20.5 Add support for concurrent connections - - Tests 836, 882 and 938 were designed to verify that separate connections - are not used when using different login credentials in protocols that - should not re-use a connection under such circumstances. - - Unfortunately, ftpserver.pl does not appear to support multiple concurrent - connections. The read while() loop seems to loop until it receives a - disconnect from the client, where it then enters the waiting for connections - loop. When the client opens a second connection to the server, the first - connection has not been dropped (unless it has been forced - which we - should not do in these tests) and thus the wait for connections loop is never - entered to receive the second connection. - -20.6 Use the RFC6265 test suite +20.6 Use the RFC 6265 test suite A test suite made for HTTP cookies (RFC 6265) by Adam Barth is available at https://github.com/abarth/http-state/tree/master/tests - It'd be really awesome if someone would write a script/setup that would run - curl with that test suite and detect deviances. Ideally, that would even be + It would be good if someone would write a script/setup that would run curl + with that test suite and detect deviances. Ideally, that would even be incorporated into our regular test suite. -20.7 Support LD_PRELOAD on macOS - - LD_RELOAD does not work on macOS, but there are tests which require it to run - properly. Look into making the preload support in runtests.pl portable such - that it uses DYLD_INSERT_LIBRARIES on macOS. - -20.8 Run web-platform-tests url tests +20.8 Run web-platform-tests URL tests - Run web-platform-tests url tests and compare results with browsers on wpt.fyi + Run web-platform-tests URL tests and compare results with browsers on wpt.fyi It would help us find issues to fix and help us document where our parser differs from the WHATWG URL spec parsers. See https://github.com/curl/curl/issues/4477 -20.9 Bring back libssh tests on Travis - - In https://github.com/curl/curl/pull/7012 we remove the libssh builds and - tests from Travis CI due to them not working. This should be remedied and - libssh builds be brought back. - - 21. MQTT 21.1 Support rate-limiting The rate-limiting logic is done in the PERFORMING state in multi.c but MQTT is not (yet) implemented to use that. + +21.2 Support MQTTS + +22. TFTP + +22.1 TFTP does not convert LF to CRLF for mode=netascii + + RFC 3617 defines that an TFTP transfer can be done using "netascii" + mode. curl does not support extracting that mode from the URL nor does it treat + such transfers specifically. It should probably do LF to CRLF translations + for them. + + See https://github.com/curl/curl/issues/12655 diff --git a/libs/curl/docs/TheArtOfHttpScripting.md b/libs/curl/docs/TheArtOfHttpScripting.md index 83b0905d..659fbdd1 100644 --- a/libs/curl/docs/TheArtOfHttpScripting.md +++ b/libs/curl/docs/TheArtOfHttpScripting.md @@ -1,3 +1,9 @@ + + # The Art Of Scripting HTTP Requests Using Curl ## Background @@ -10,8 +16,8 @@ web servers are all important tasks today. Curl is a command line tool for doing all sorts of URL manipulations and - transfers, but this particular document will focus on how to use it when - doing HTTP requests for fun and profit. I will assume that you know how to + transfers, but this particular document focuses on how to use it when doing + HTTP requests for fun and profit. This documents assumes that you know how to invoke `curl --help` or `curl --manual` to get basic information about it. Curl is not written to do everything for you. It makes the requests, it gets @@ -23,14 +29,14 @@ HTTP is the protocol used to fetch data from web servers. It is a simple protocol that is built upon TCP/IP. The protocol also allows information to - get sent to the server from the client using a few different methods, as will - be shown here. + get sent to the server from the client using a few different methods, as is + shown here. HTTP is plain ASCII text lines being sent by the client to a server to request a particular action, and then the server replies a few text lines before the actual requested content is sent to the client. - The client, curl, sends a HTTP request. The request contains a method (like + The client, curl, sends an HTTP request. The request contains a method (like GET, POST, HEAD etc), a number of request headers and sometimes a request body. The HTTP server responds with a status line (indicating if things went well), response headers and most often also a response body. The "body" part @@ -38,9 +44,9 @@ ## See the Protocol - Using curl's option [`--verbose`](https://curl.se/docs/manpage.html#-v) - (`-v` as a short option) will display what kind of commands curl sends to the - server, as well as a few other informational texts. + Using curl's option [`--verbose`](https://curl.se/docs/manpage.html#-v) (`-v` + as a short option) displays what kind of commands curl sends to the server, + as well as a few other informational texts. `--verbose` is the single most useful option when it comes to debug or even understand the curl<->server interaction. @@ -58,15 +64,26 @@ Many times you may wonder what exactly is taking all the time, or you just want to know the amount of milliseconds between two points in a transfer. For those, and other similar situations, the - [`--trace-time`](https://curl.se/docs/manpage.html#--trace-time) option - is what you need. it will prepend the time to each trace output line: + [`--trace-time`](https://curl.se/docs/manpage.html#--trace-time) option is + what you need. It prepends the time to each trace output line: curl --trace-ascii d.txt --trace-time http://example.com/ +## See which Transfer + + When doing parallel transfers, it is relevant to see which transfer is doing + what. When response headers are received (and logged) you need to know which + transfer these are for. + [`--trace-ids`](https://curl.se/docs/manpage.html#--trace-ids) option is what + you need. It prepends the transfer and connection identifier to each trace + output line: + + curl --trace-ascii d.txt --trace-ids http://example.com/ + ## See the Response By default curl sends the response to stdout. You need to redirect it - somewhere to avoid that, most often that is done with ` -o` or `-O`. + somewhere to avoid that, most often that is done with `-o` or `-O`. # URL @@ -74,17 +91,17 @@ The Uniform Resource Locator format is how you specify the address of a particular resource on the Internet. You know these, you have seen URLs like - https://curl.se or https://yourbank.com a million times. RFC 3986 is the - canonical spec. And yeah, the formal name is not URL, it is URI. + https://curl.se or https://example.com a million times. RFC 3986 is the + canonical spec. The formal name is not URL, it is **URI**. ## Host - The host name is usually resolved using DNS or your /etc/hosts file to an IP - address and that is what curl will communicate with. Alternatively you specify + The hostname is usually resolved using DNS or your /etc/hosts file to an IP + address and that is what curl communicates with. Alternatively you specify the IP address directly in the URL instead of a name. For development and other trying out situations, you can point to a different - IP address for a host name than what would otherwise be used, by using curl's + IP address for a hostname than what would otherwise be used, by using curl's [`--resolve`](https://curl.se/docs/manpage.html#--resolve) option: curl --resolve www.example.org:80:127.0.0.1 http://www.example.org/ @@ -95,7 +112,7 @@ or in some cases UDP. Normally you do not have to take that into consideration, but at times you run test servers on other ports or similar. Then you can specify the port number in the URL with a colon and a - number immediately following the host name. Like when doing HTTP to port + number immediately following the hostname. Like when doing HTTP to port 1234: curl http://www.example.org:1234/ @@ -103,11 +120,11 @@ The port number you specify in the URL is the number that the server uses to offer its services. Sometimes you may use a proxy, and then you may need to specify that proxy's port number separately from what curl needs to - connect to the server. Like when using a HTTP proxy on port 4321: + connect to the server. Like when using an HTTP proxy on port 4321: curl --proxy http://proxy.example.org:4321 http://remote.example.org/ -## User name and password +## Username and password Some services are setup to require HTTP authentication and then you need to provide name and password which is then transferred to the remote site in @@ -130,20 +147,20 @@ The path part is just sent off to the server to request that it sends back the associated response. The path is what is to the right side of the slash - that follows the host name and possibly port number. + that follows the hostname and possibly port number. # Fetch a page ## GET The simplest and most common request/operation made using HTTP is to GET a - URL. The URL could itself refer to a web page, an image or a file. The client + URL. The URL could itself refer to a webpage, an image or a file. The client issues a GET request to the server and receives the document it asked for. If you issue the command line curl https://curl.se - you get a web page returned in your terminal window. The entire HTML document + you get a webpage returned in your terminal window. The entire HTML document that that URL holds. All HTTP replies contain a set of response headers that are normally hidden, @@ -153,9 +170,9 @@ ## HEAD You can ask the remote server for ONLY the headers by using the - [`--head`](https://curl.se/docs/manpage.html#-I) (`-I`) option which - will make curl issue a HEAD request. In some special cases servers deny the - HEAD method while others still work, which is a particular kind of annoyance. + [`--head`](https://curl.se/docs/manpage.html#-I) (`-I`) option which makes + curl issue a HEAD request. In some special cases servers deny the HEAD method + while others still work, which is a particular kind of annoyance. The HEAD method is defined and made so that the server returns the headers exactly the way it would do for a GET, but without a body. It means that you @@ -165,11 +182,11 @@ ## Multiple URLs in a single command line A single curl command line may involve one or many URLs. The most common case - is probably to just use one, but you can specify any amount of URLs. Yes - any. No limits. you will then get requests repeated over and over for all the - given URLs. + is probably to just use one, but you can specify any amount of URLs. Yes any. + No limits. You then get requests repeated over and over for all the given + URLs. - Example, send two GETs: + Example, send two GET requests: curl http://url1.example.com http://url2.example.com @@ -185,14 +202,14 @@ ## Multiple HTTP methods in a single command line Sometimes you need to operate on several URLs in a single command line and do - different HTTP methods on each. For this, you will enjoy the - [`--next`](https://curl.se/docs/manpage.html#-:) option. It is basically - a separator that separates a bunch of options from the next. All the URLs - before `--next` will get the same method and will get all the POST data - merged into one. + different HTTP methods on each. For this, you might enjoy the + [`--next`](https://curl.se/docs/manpage.html#-:) option. It is basically a + separator that separates a bunch of options from the next. All the URLs + before `--next` get the same method and get all the POST data merged into + one. - When curl reaches the `--next` on the command line, it will sort of reset the - method and the POST data and allow a new set. + When curl reaches the `--next` on the command line, it resets the method and + the POST data and allow a new set. Perhaps this is best shown with a few examples. To send first a HEAD and then a GET: @@ -207,7 +224,7 @@ ## Forms explained - Forms are the general way a website can present a HTML page with fields for + Forms are the general way a website can present an HTML page with fields for the user to enter data in, and then press some kind of 'OK' or 'Submit' button to get that data sent to the server. The server then typically uses the posted data to decide how to act. Like using the entered words to search @@ -229,14 +246,14 @@ ``` - In your favorite browser, this form will appear with a text box to fill in - and a press-button labeled "OK". If you fill in '1905' and press the OK - button, your browser will then create a new URL to get for you. The URL will - get `junk.cgi?birthyear=1905&press=OK` appended to the path part of the - previous URL. + In your favorite browser, this form appears with a text box to fill in and a + press-button labeled "OK". If you fill in '1905' and press the OK button, + your browser then creates a new URL to get for you. The URL gets + `junk.cgi?birthyear=1905&press=OK` appended to the path part of the previous + URL. If the original form was seen on the page `www.example.com/when/birth.html`, - the second page you will get will become + the second page you get becomes `www.example.com/when/junk.cgi?birthyear=1905&press=OK`. Most search engines work this way. @@ -255,7 +272,7 @@ amount of fields creating a long and unreadable URL. The HTTP protocol then offers the POST method. This way the client sends the - data separated from the URL and thus you will not see any of it in the URL + data separated from the URL and thus you do not see any of it in the URL address field. The form would look similar to the previous one: @@ -270,39 +287,36 @@ And to use curl to post this form with the same data filled in as before, we could do it like: - curl --data "birthyear=1905&press=%20OK%20" http://www.example.com/when.cgi + curl --data "birthyear=1905&press=%20OK%20" http://www.example.com/when/junk.cgi - This kind of POST will use the Content-Type - `application/x-www-form-urlencoded` and is the most widely used POST kind. + This kind of POST uses the Content-Type `application/x-www-form-urlencoded` + and is the most widely used POST kind. - The data you send to the server MUST already be properly encoded, curl will + The data you send to the server MUST already be properly encoded, curl does not do that for you. For example, if you want the data to contain a space, - you need to replace that space with `%20`, etc. Failing to comply with this will - most likely cause your data to be received wrongly and messed up. + you need to replace that space with `%20`, etc. Failing to comply with this + most likely causes your data to be received wrongly and messed up. Recent curl versions can in fact url-encode POST data for you, like this: curl --data-urlencode "name=I am Daniel" http://www.example.com - If you repeat `--data` several times on the command line, curl will - concatenate all the given data pieces - and put a `&` symbol between each - data segment. + If you repeat `--data` several times on the command line, curl concatenates + all the given data pieces - and put a `&` symbol between each data segment. ## File Upload POST Back in late 1995 they defined an additional way to post data over HTTP. It is documented in the RFC 1867, why this method sometimes is referred to as - RFC1867-posting. + RFC 1867-posting. This method is mainly designed to better support file uploads. A form that allows a user to upload a file could be written like this in HTML: -```html -
- - -
-``` +
+ + +
This clearly shows that the Content-Type about to be sent is `multipart/form-data`. @@ -329,33 +343,33 @@ ``` - To POST this with curl, you will not have to think about if the fields are + To POST this with curl, you do not have to think about if the fields are hidden or not. To curl they are all the same: curl --data "birthyear=1905&press=OK&person=daniel" [URL] ## Figure Out What A POST Looks Like - When you are about fill in a form and send to a server by using curl instead - of a browser, you are of course interested in sending a POST exactly the way - your browser does. + When you are about to fill in a form and send it to a server by using curl + instead of a browser, you are of course interested in sending a POST exactly + the way your browser does. An easy way to get to see this, is to save the HTML page with the form on your local disk, modify the 'method' to a GET, and press the submit button (you could also change the action URL if you want to). - You will then clearly see the data get appended to the URL, separated with a + You then clearly see the data get appended to the URL, separated with a `?`-letter as GET forms are supposed to. # HTTP upload ## PUT - Perhaps the best way to upload data to a HTTP server is to use PUT. Then + Perhaps the best way to upload data to an HTTP server is to use PUT. Then again, this of course requires that someone put a program or script on the - server end that knows how to receive a HTTP PUT stream. + server end that knows how to receive an HTTP PUT stream. - Put a file to a HTTP server with curl: + Put a file to an HTTP server with curl: curl --upload-file uploadfile http://www.example.com/receive.cgi @@ -386,8 +400,8 @@ ## Proxy Authentication - Sometimes your HTTP access is only available through the use of a HTTP - proxy. This seems to be especially common at various companies. A HTTP proxy + Sometimes your HTTP access is only available through the use of an HTTP + proxy. This seems to be especially common at various companies. An HTTP proxy may require its own user and password to allow the client to get through to the Internet. To specify those with curl, run something like: @@ -399,7 +413,7 @@ [`--proxy-digest`](https://curl.se/docs/manpage.html#--proxy-digest). If you use any one of these user+password options but leave out the password - part, curl will prompt for the password interactively. + part, curl prompts for the password interactively. ## Hiding credentials @@ -409,14 +423,14 @@ options. There are ways to circumvent this. It is worth noting that while this is how HTTP Authentication works, many - websites will not use this concept when they provide logins etc. See the Web + websites do not use this concept when they provide logins etc. See the Web Login chapter further below for more details on that. # More HTTP Headers ## Referer - A HTTP request may include a 'referer' field (yes it is misspelled), which + An HTTP request may include a 'referer' field (yes it is misspelled), which can be used to tell from which URL the client got to this particular resource. Some programs/scripts check the referer field of requests to verify that this was not arriving from an external site or an unknown page. While @@ -435,12 +449,12 @@ applications use this information to decide how to display pages. Silly web programmers try to make different pages for users of different browsers to make them look the best possible for their particular browsers. They usually - also do different kinds of javascript, vbscript etc. + also do different kinds of JavaScript etc. - At times, you will see that getting a page with curl will not return the same - page that you see when getting the page with your browser. Then you know it - is time to set the User Agent field to fool the server into thinking you are - one of those browsers. + At times, you may learn that getting a page with curl does not return the + same page that you see when getting the page with your browser. Then you know + it is time to set the User Agent field to fool the server into thinking you + are one of those browsers. To make curl look like Internet Explorer 5 on a Windows 2000 box: @@ -459,27 +473,25 @@ new page keeping newly generated output. The header that tells the browser to redirect is `Location:`. - Curl does not follow `Location:` headers by default, but will simply display - such pages in the same manner it displays all HTTP replies. It does however - feature an option that will make it attempt to follow the `Location:` - pointers. + Curl does not follow `Location:` headers by default, but simply displays such + pages in the same manner it displays all HTTP replies. It does however + feature an option that makes it attempt to follow the `Location:` pointers. To tell curl to follow a Location: curl --location http://www.example.com If you use curl to POST to a site that immediately redirects you to another - page, you can safely use - [`--location`](https://curl.se/docs/manpage.html#-L) (`-L`) and - `--data`/`--form` together. curl will only use POST in the first request, and - then revert to GET in the following operations. + page, you can safely use [`--location`](https://curl.se/docs/manpage.html#-L) + (`-L`) and `--data`/`--form` together. Curl only uses POST in the first + request, and then revert to GET in the following operations. ## Other redirects - Browser typically support at least two other ways of redirects that curl + Browsers typically support at least two other ways of redirects that curl does not: first the html may contain a meta refresh tag that asks the browser to load a specific URL after a set number of seconds, or it may use - javascript to do it. + JavaScript to do it. # Cookies @@ -488,7 +500,7 @@ The way the web browsers do "client side state control" is by using cookies. Cookies are just names with associated contents. The cookies are sent to the client by the server. The server tells the client for what path - and host name it wants the cookie sent back, and it also sends an expiration + and hostname it wants the cookie sent back, and it also sends an expiration date and a few more properties. When a client communicates with a server with a name and path as previously @@ -539,11 +551,11 @@ format that Netscape and Mozilla once used. It is a convenient way to share cookies between scripts or invokes. The `--cookie` (`-b`) switch automatically detects if a given file is such a cookie file and parses it, - and by using the `--cookie-jar` (`-c`) option you will make curl write a new + and by using the `--cookie-jar` (`-c`) option you make curl write a new cookie file at the end of an operation: curl --cookie cookies.txt --cookie-jar newcookies.txt \ - http://www.example.com + http://www.example.com # HTTPS @@ -554,37 +566,35 @@ SSL. SSL encrypts all the data that is sent and received over the network and thus makes it harder for attackers to spy on sensitive information. - SSL (or TLS as the latest version of the standard is called) offers a - truckload of advanced features to allow all those encryptions and key - infrastructure mechanisms encrypted HTTP requires. + SSL (or TLS as the current version of the standard is called) offers a set of + advanced features to do secure transfers over HTTP. Curl supports encrypted fetches when built to use a TLS library and it can be - built to use one out of a fairly large set of libraries - `curl -V` will show - which one your curl was built to use (if any!). To get a page from a HTTPS + built to use one out of a fairly large set of libraries - `curl -V` shows + which one your curl was built to use (if any!). To get a page from an HTTPS server, simply run curl like: curl https://secure.example.com ## Certificates - In the HTTPS world, you use certificates to validate that you are the one - you claim to be, as an addition to normal passwords. Curl supports client- - side certificates. All certificates are locked with a pass phrase, which you - need to enter before the certificate can be used by curl. The pass phrase - can be specified on the command line or if not, entered interactively when - curl queries for it. Use a certificate with curl on a HTTPS server like: + In the HTTPS world, you use certificates to validate that you are the one you + claim to be, as an addition to normal passwords. Curl supports client- side + certificates. All certificates are locked with a passphrase, which you need + to enter before the certificate can be used by curl. The passphrase can be + specified on the command line or if not, entered interactively when curl + queries for it. Use a certificate with curl on an HTTPS server like: curl --cert mycert.pem https://secure.example.com curl also tries to verify that the server is who it claims to be, by - verifying the server's certificate against a locally stored CA cert - bundle. Failing the verification will cause curl to deny the connection. You - must then use [`--insecure`](https://curl.se/docs/manpage.html#-k) - (`-k`) in case you want to tell curl to ignore that the server cannot be - verified. + verifying the server's certificate against a locally stored CA cert bundle. + Failing the verification causes curl to deny the connection. You must then + use [`--insecure`](https://curl.se/docs/manpage.html#-k) (`-k`) in case you + want to tell curl to ignore that the server cannot be verified. More about server certificate verification and ca cert bundles can be read in - the [SSLCERTS document](https://curl.se/docs/sslcerts.html). + the [`SSLCERTS` document](https://curl.se/docs/sslcerts.html). At times you may end up with your own CA cert store and then you can tell curl to use that to verify the server's certificate: @@ -598,14 +608,15 @@ Doing fancy stuff, you may need to add or change elements of a single curl request. - For example, you can change the POST request to a PROPFIND and send the data - as `Content-Type: text/xml` (instead of the default Content-Type) like this: + For example, you can change the POST method to `PROPFIND` and send the data + as `Content-Type: text/xml` (instead of the default `Content-Type`) like + this: curl --data "" --header "Content-Type: text/xml" \ --request PROPFIND example.com You can delete a default header by providing one without content. Like you - can ruin the request by chopping off the Host: header: + can ruin the request by chopping off the `Host:` header: curl --header "Host:" http://www.example.com @@ -617,19 +628,18 @@ ## More on changed methods It should be noted that curl selects which methods to use on its own - depending on what action to ask for. `-d` will do POST, `-I` will do HEAD and - so on. If you use the - [`--request`](https://curl.se/docs/manpage.html#-X) / `-X` option you - can change the method keyword curl selects, but you will not modify curl's - behavior. This means that if you for example use -d "data" to do a POST, you - can modify the method to a `PROPFIND` with `-X` and curl will still think it - sends a POST . You can change the normal GET to a POST method by simply - adding `-X POST` in a command line like: + depending on what action to ask for. `-d` makes a POST, `-I` makes a HEAD and + so on. If you use the [`--request`](https://curl.se/docs/manpage.html#-X) / + `-X` option you can change the method keyword curl selects, but you do not + modify curl's behavior. This means that if you for example use -d "data" to + do a POST, you can modify the method to a `PROPFIND` with `-X` and curl still + thinks it sends a POST. You can change the normal GET to a POST method by + simply adding `-X POST` in a command line like: curl -X POST http://example.org/ - ... but curl will still think and act as if it sent a GET so it will not send - any request body etc. + curl however still acts as if it sent a GET so it does not send any request + body etc. # Web Login @@ -640,21 +650,21 @@ login forms work and how to login to them using curl. It can also be noted that to do this properly in an automated fashion, you - will most certainly need to script things and do multiple curl invokes etc. + most certainly need to script things and do multiple curl invokes etc. First, servers mostly use cookies to track the logged-in status of the - client, so you will need to capture the cookies you receive in the - responses. Then, many sites also set a special cookie on the login page (to - make sure you got there through their login page) so you should make a habit - of first getting the login-form page to capture the cookies set there. + client, so you need to capture the cookies you receive in the responses. + Then, many sites also set a special cookie on the login page (to make sure + you got there through their login page) so you should make a habit of first + getting the login-form page to capture the cookies set there. - Some web-based login systems feature various amounts of javascript, and + Some web-based login systems feature various amounts of JavaScript, and sometimes they use such code to set or modify cookie contents. Possibly they do that to prevent programmed logins, like this manual describes how to... Anyway, if reading the code is not enough to let you repeat the behavior manually, capturing the HTTP requests done by your browsers and analyzing the sent cookies is usually a working method to work out how to shortcut the - javascript need. + JavaScript need. In the actual `
` tag for the login, lots of sites fill-in random/session or otherwise secretly generated hidden tags and you may need @@ -666,7 +676,7 @@ ## Some debug tricks - Many times when you run curl on a site, you will notice that the site does not + Many times when you run curl on a site, you notice that the site does not seem to respond the same way to your curl requests as it does to your browser's. diff --git a/libs/curl/docs/URL-SYNTAX.md b/libs/curl/docs/URL-SYNTAX.md index 6ebf86bd..30aaea9c 100644 --- a/libs/curl/docs/URL-SYNTAX.md +++ b/libs/curl/docs/URL-SYNTAX.md @@ -1,3 +1,9 @@ + + # URL syntax and their use in curl ## Specifications @@ -5,7 +11,7 @@ The official "URL syntax" is primarily defined in these two different specifications: - - [RFC 3986](https://tools.ietf.org/html/rfc3986) (although URL is called + - [RFC 3986](https://datatracker.ietf.org/doc/html/rfc3986) (although URL is called "URI" in there) - [The WHATWG URL Specification](https://url.spec.whatwg.org/) @@ -28,10 +34,10 @@ Due to the inherent differences between URL parser implementations, it is considered a security risk to mix different implementations and assume the same behavior! -For example, if you use one parser to check if a URL uses a good host name or +For example, if you use one parser to check if a URL uses a good hostname or the correct auth field, and then pass on that same URL to a *second* parser, -there will always be a risk it treats the same URL differently. There is no -right and wrong in URL land, only differences of opinions. +there is always a risk it treats the same URL differently. There is no right +and wrong in URL land, only differences of opinions. libcurl offers a separate API to its URL parser for this reason, among others. @@ -52,16 +58,16 @@ security concerns: 3. Such a URL might use other schemes than you thought of or planned for. -## "RFC3986 plus" +## "RFC 3986 plus" curl recognizes a URL syntax that we call "RFC 3986 plus". It is grounded on -the well established RFC 3986 to make sure previously written command lines and -curl using scripts will remain working. +the well established RFC 3986 to make sure previously written command lines +and curl using scripts remain working. curl's URL parser allows a few deviations from the spec in order to inter-operate better with URLs that appear in the wild. -### spaces +### Spaces A URL provided to curl cannot contain spaces. They need to be provided URL encoded to be accepted in a URL by curl. @@ -71,12 +77,12 @@ client where a resource has been redirected to, sometimes contain spaces. This is a violation of RFC 3986 but is fine in the WHATWG spec. curl handles these by re-encoding them to `%20`. -### non-ASCII +### Non-ASCII Byte values in a provided URL that are outside of the printable ASCII range are percent-encoded by curl. -### multiple slashes +### Multiple slashes An absolute URL always starts with a "scheme" followed by a colon. For all the schemes curl supports, the colon must be followed by two slashes according to @@ -92,8 +98,7 @@ curl supports "URLs" that do not start with a scheme. This is not supported by any of the specifications. This is a shortcut to entering URLs that was supported by browsers early on and has been mimicked by curl. -Based on what the host name starts with, curl will "guess" what protocol to -use: +Based on what the hostname starts with, curl "guesses" what protocol to use: - `ftp.` means FTP - `dict.` means DICT @@ -103,7 +108,7 @@ use: - `pop3.` means POP3 - all other means HTTP -### globbing letters +### Globbing letters The curl command line tool supports "globbing" of URLs. It means that you can create ranges and lists using `[N-M]` and `{one,two,three}` sequences. The @@ -125,7 +130,7 @@ character or string. For example, this could look like: - http://user:password@www.example.com:80/index.hmtl?foo=bar#top + http://user:password@www.example.com:80/index.html?foo=bar#top ## Scheme @@ -147,13 +152,13 @@ schemes: ## Userinfo -The userinfo field can be used to set user name and password for +The userinfo field can be used to set username and password for authentication purposes in this transfer. The use of this field is discouraged since it often means passing around the password in plain text and is thus a security risk. URLs for IMAP, POP3 and SMTP also support *login options* as part of the -userinfo field. they are provided as a semicolon after the password and then +userinfo field. They are provided as a semicolon after the password and then the options. ## Hostname @@ -184,7 +189,7 @@ machine. ### IDNA If curl was built with International Domain Name (IDN) support, it can also -handle host names using non-ASCII characters. +handle hostnames using non-ASCII characters. When built with libidn2, curl uses the IDNA 2008 standard. This is equivalent to the WHATWG URL spec, but differs from certain browsers that use IDNA 2003 @@ -197,12 +202,12 @@ of Windows. ## Port number -If there's a colon after the hostname, that should be followed by the port +If there is a colon after the hostname, that should be followed by the port number to use. 1 - 65535. curl also supports a blank port number field - but only if the URL starts with a scheme. -If the port number is not specified in the URL, curl will used a default port -based on the provide scheme: +If the port number is not specified in the URL, curl uses a default port +number based on the provide scheme: DICT 2628, FTP 21, FTPS 990, GOPHER 70, GOPHERS 70, HTTP 80, HTTPS 443, IMAP 132, IMAPS 993, LDAP 369, LDAPS 636, MQTT 1883, POP3 110, POP3S 995, @@ -216,11 +221,11 @@ SMTP 25, SMTPS 465, TELNET 23, TFTP 69 The path part of an FTP request specifies the file to retrieve and from which directory. If the file part is omitted then libcurl downloads the directory listing for the directory specified. If the directory is omitted then the -directory listing for the root / home directory will be returned. +directory listing for the root / home directory is returned. FTP servers typically put the user in its "home directory" after login, which then differs between users. To explicitly specify the root directory of an FTP -server start the path with double slash `//` or `/%2f` (2F is the hexadecimal +server, start the path with double slash `//` or `/%2f` (2F is the hexadecimal value of the ascii code for the slash). ## FILE @@ -231,14 +236,14 @@ to read or write such a path. curl only allows the hostname part of a FILE URL to be one out of these three alternatives: `localhost`, `127.0.0.1` or blank ("", zero characters). -Anything else will make curl fail to parse the URL. +Anything else makes curl fail to parse the URL. ### Windows-specific FILE details curl accepts that the FILE URL's path starts with a "drive letter". That is a single letter `a` to `z` followed by a colon or a pipe character (`|`). -The Windows operating system itself will convert some file accesses to perform +The Windows operating system itself converts some file accesses to perform network accesses over SMB/CIFS, through several different file path patterns. This way, a `file://` URL passed to curl *might* be converted into a network access inadvertently and unknowingly to curl. This is a Windows feature curl @@ -259,7 +264,7 @@ A folder list on the user's inbox: imap://user:password@mail.example.com/INBOX -Select the user's inbox and fetch message with uid = 1: +Select the user's inbox and fetch message with `uid = 1`: imap://user:password@mail.example.com/INBOX/;UID=1 @@ -289,26 +294,26 @@ subject line: imap://user:password@mail.example.com/INBOX?SUBJECT%20shadows -Searching via the query part of the URL `?` is a search request for the results -to be returned as message sequence numbers (MAILINDEX). It is possible to make -a search request for results to be returned as unique ID numbers (UID) by using -a custom curl request via `-X`. UID numbers are unique per session (and -multiple sessions when UIDVALIDITY is the same). For example, if you are -searching for `"foo bar"` in header+body (TEXT) and you want the matching -MAILINDEX numbers returned then you could search via URL: +Searching via the query part of the URL `?` is a search request for the +results to be returned as message sequence numbers (`MAILINDEX`). It is +possible to make a search request for results to be returned as unique ID +numbers (`UID`) by using a custom curl request via `-X`. `UID` numbers are +unique per session (and multiple sessions when `UIDVALIDITY` is the same). For +example, if you are searching for `"foo bar"` in header+body (`TEXT`) and you +want the matching `MAILINDEX` numbers returned then you could search via URL: imap://user:password@mail.example.com/INBOX?TEXT%20%22foo%20bar%22 -.. but if you wanted matching UID numbers you would have to use a custom request: +If you want matching `UID` numbers you have to use a custom request: imap://user:password@mail.example.com/INBOX -X "UID SEARCH TEXT \"foo bar\"" For more information about IMAP commands please see RFC 9051. For more information about the individual components of an IMAP URL please see RFC 5092. -* Note old curl versions would FETCH by message sequence number when UID was -specified in the URL. That was a bug fixed in 7.62.0, which added MAILINDEX to -FETCH by mail sequence number. +* Note old curl versions would `FETCH` by message sequence number when `UID` +was specified in the URL. That was a bug fixed in 7.62.0, which added +`MAILINDEX` to `FETCH` by mail sequence number. ## LDAP @@ -317,21 +322,21 @@ Name, Attributes, Scope, Filter and Extension for a LDAP search. Each field is separated by a question mark and when that field is not required an empty string with the question mark separator should be included. -Search for the DN as `My Organisation`: +Search for the `DN` as `My Organization`: - ldap://ldap.example.com/o=My%20Organisation + ldap://ldap.example.com/o=My%20Organization -the same search but will only return postalAddress attributes: +the same search but only return `postalAddress` attributes: - ldap://ldap.example.com/o=My%20Organisation?postalAddress + ldap://ldap.example.com/o=My%20Organization?postalAddress -Search for an empty DN and request information about the +Search for an empty `DN` and request information about the `rootDomainNamingContext` attribute for an Active Directory server: ldap://ldap.example.com/?rootDomainNamingContext For more information about the individual components of a LDAP URL please -see [RFC 4516](https://tools.ietf.org/html/rfc4516). +see [RFC 4516](https://datatracker.ietf.org/doc/html/rfc4516). ## POP3 @@ -352,21 +357,24 @@ To specify a path relative to the user's home directory on the server, prepend The path part of an SFTP URL specifies the file to retrieve or upload. If the path ends with a slash (`/`) then a directory listing is returned instead of a file. If the path is omitted entirely then the directory listing for the root -/ home directory will be returned. +/ home directory is returned. ## SMB The path part of a SMB request specifies the file to retrieve and from what share and directory or the share to upload to and as such, may not be omitted. -If the user name is embedded in the URL then it must contain the domain name +If the username is embedded in the URL then it must contain the domain name and as such, the backslash must be URL encoded as %2f. +When uploading to SMB, the size of the file needs to be known ahead of time, +meaning that you can upload a file passed to curl over a pipe like stdin. + curl supports SMB version 1 (only) ## SMTP -The path part of a SMTP request specifies the host name to present during -communication with the mail server. If the path is omitted, then libcurl will -attempt to resolve the local computer's host name. However, this may not +The path part of a SMTP request specifies the hostname to present during +communication with the mail server. If the path is omitted, then libcurl +attempts to resolve the local computer's hostname. However, this may not return the fully qualified domain name that is required by some mail servers and specifying this path allows you to set an alternative name, such as your machine's fully qualified domain name, which you might have obtained from an @@ -376,13 +384,12 @@ The default smtp port is 25. Some servers use port 587 as an alternative. ## RTMP -There's no official URL spec for RTMP so libcurl uses the URL syntax supported +There is no official URL spec for RTMP so libcurl uses the URL syntax supported by the underlying librtmp library. It has a syntax where it wants a traditional URL, followed by a space and a series of space-separated `name=value` pairs. While space is not typically a "legal" letter, libcurl accepts them. When a -user wants to pass in a `#` (hash) character it will be treated as a fragment -and get cut off by libcurl if provided literally. You will instead have to -escape it by providing it as backslash and its ASCII value in hexadecimal: -`\23`. +user wants to pass in a `#` (hash) character it is treated as a fragment and +it gets cut off by libcurl if provided literally. You have to escape it by +providing it as backslash and its ASCII value in hexadecimal: `\23`. diff --git a/libs/curl/docs/VERSIONS.md b/libs/curl/docs/VERSIONS.md index de0b0d4f..a3159aa6 100644 --- a/libs/curl/docs/VERSIONS.md +++ b/libs/curl/docs/VERSIONS.md @@ -1,7 +1,13 @@ + + Version Numbers and Releases ============================ - Curl is not only curl. Curl is also libcurl. they are actually individually + Curl is not only curl. Curl is also libcurl. They are actually individually versioned, but they usually follow each other closely. The version numbering is always built up using the same system: @@ -14,11 +20,11 @@ Version Numbers and Releases ## Bumping numbers - One of these numbers will get bumped in each new release. The numbers to the - right of a bumped number will be reset to zero. + One of these numbers get bumped in each new release. The numbers to the right + of a bumped number are reset to zero. - The main version number will get bumped when *really* big, world colliding - changes are made. The release number is bumped when changes are performed or + The main version number is bumped when *really* big, world colliding changes + are made. The release number is bumped when changes are performed or things/features are added. The patch number is bumped when the changes are mere bugfixes. @@ -37,7 +43,7 @@ Version Numbers and Releases As a service to any application that might want to support new libcurl features while still being able to build with older versions, all releases - have the libcurl version stored in the curl/curlver.h file using a static + have the libcurl version stored in the `curl/curlver.h` file using a static numbering scheme that can be used for comparison. The version number is defined as: @@ -45,10 +51,10 @@ Version Numbers and Releases #define LIBCURL_VERSION_NUM 0xXXYYZZ ``` - Where XX, YY and ZZ are the main version, release and patch numbers in + Where `XX`, `YY` and `ZZ` are the main version, release and patch numbers in hexadecimal. All three number fields are always represented using two digits (eight bits each). 1.2 would appear as "0x010200" while version 9.11.7 - appears as "0x090b07". + appears as `0x090b07`. This 6-digit hexadecimal number is always a greater number in a more recent release. It makes comparisons with greater than and less than work. diff --git a/libs/curl/docs/VULN-DISCLOSURE-POLICY.md b/libs/curl/docs/VULN-DISCLOSURE-POLICY.md new file mode 100644 index 00000000..e6d6f345 --- /dev/null +++ b/libs/curl/docs/VULN-DISCLOSURE-POLICY.md @@ -0,0 +1,315 @@ + + +# curl vulnerability disclosure policy + +This document describes how security vulnerabilities are handled in the curl +project. + +## Publishing Information + +All known and public curl or libcurl related vulnerabilities are listed on +[the curl website security page](https://curl.se/docs/security.html). + +Security vulnerabilities **should not** be entered in the project's public bug +tracker. + +## Vulnerability Handling + +The typical process for handling a new security vulnerability is as follows. + +No information should be made public about a vulnerability until it is +formally announced at the end of this process. That means, for example, that a +bug tracker entry must NOT be created to track the issue since that makes the +issue public and it should not be discussed on any of the project's public +mailing lists. Messages associated with any commits should not make any +reference to the security nature of the commit if done prior to the public +announcement. + +- The person discovering the issue, the reporter, reports the vulnerability on + [HackerOne](https://hackerone.com/curl). Issues filed there reach a handful + of selected and trusted people. + +- Messages that do not relate to the reporting or managing of an undisclosed + security vulnerability in curl or libcurl are ignored and no further action + is required. + +- A person in the security team responds to the original report to acknowledge + that a human has seen the report. + +- The security team investigates the report and either rejects it or accepts + it. See below for examples of problems that are not considered + vulnerabilities. + +- If the report is rejected, the team writes to the reporter to explain why. + +- If the report is accepted, the team writes to the reporter to let them + know it is accepted and that they are working on a fix. + +- The security team discusses the problem, works out a fix, considers the + impact of the problem and suggests a release schedule. This discussion + should involve the reporter as much as possible. + +- The release of the information should be "as soon as possible" and is most + often synchronized with an upcoming release that contains the fix. If the + reporter, or anyone else involved, thinks the next planned release is too + far away, then a separate earlier release should be considered. + +- Write a security advisory draft about the problem that explains what the + problem is, its impact, which versions it affects, solutions or workarounds, + when the release is out and make sure to credit all contributors properly. + Figure out the CWE (Common Weakness Enumeration) number for the flaw. See + [SECURITY-ADVISORY](https://curl.se/dev/advisory.html) for help on creating + the advisory. + +- Request a CVE Id for the issue. curl is a CNA (CVE Numbering Authority) and + can request its own numbers. + +- Update the "security advisory" with the CVE number. + +- The security team commits the fix in a private branch. The commit message + should ideally contain the CVE number. If the severity level of the issue is + set to Low or Medium, the fix is allowed to get merged into the master + repository via a normal PR - but without mentioning it being a security + vulnerability. + +- The monetary reward part of the bug-bounty is managed by the Internet Bug + Bounty team and the reporter is asked to request the reward from them after + the issue has been completely handled and published by curl. + +- No more than 10 days before release, inform + [distros@openwall](https://oss-security.openwall.org/wiki/mailing-lists/distros) + to prepare them about the upcoming public security vulnerability + announcement - attach the advisory draft for information with CVE and + current patch. 'distros' does not accept an embargo longer than 14 days and + they do not care for Windows-specific flaws. + +- No more than 48 hours before the release, the private branch is merged into + the master branch and pushed. Once pushed, the information is accessible to + the public and the actual release should follow suit immediately afterwards. + The time between the push and the release is used for final tests and + reviews. + +- The project team creates a release that includes the fix. + +- The project team announces the release and the vulnerability to the world in + the same manner we always announce releases. It gets sent to the + curl-announce, curl-library and curl-users mailing lists. + +- The security webpage on the website should get the new vulnerability + mentioned. + +## security (at curl dot se) + +This is a private mailing list for discussions on and about curl security +issues. + +Who is on this list? There are a couple of criteria you must meet, and then we +might ask you to join the list or you can ask to join it. It really is not a +formal process. We basically only require that you have a long-term presence +in the curl project and you have shown an understanding for the project and +its way of working. You must have been around for a good while and you should +have no plans of vanishing in the near future. + +We do not make the list of participants public mostly because it tends to vary +somewhat over time and a list somewhere only risks getting outdated. + +## Publishing Security Advisories + +1. Write up the security advisory, using markdown syntax. Use the same + subtitles as last time to maintain consistency. + +2. Name the advisory file after the allocated CVE id. + +3. Add a line on the top of the array in `curl-www/docs/vuln.pm`. + +4. Put the new advisory markdown file in the `curl-www/docs/` directory. Add it + to the git repository. + +5. Run `make` in your local web checkout and verify that things look fine. + +6. On security advisory release day, push the changes on the curl-www + repository's remote master branch. + +## HackerOne + +Request the issue to be disclosed. If there are sensitive details present in +the report and discussion, those should be redacted from the disclosure. The +default policy is to disclose as much as possible as soon as the vulnerability +has been published. + +## Bug Bounty + +See [BUG-BOUNTY](https://curl.se/docs/bugbounty.html) for details on the +bug bounty program. + +# Severity levels + +The curl project's security team rates security problems using four severity +levels depending how serious we consider the problem to be. We use **Low**, +**Medium**, **High** and **Critical**. We refrain from using numerical scoring +of vulnerabilities. + +When deciding severity level on a particular issue, we take all the factors +into account: attack vector, attack complexity, required privileges, necessary +build configuration, protocols involved, platform specifics and also what +effects a possible exploit or trigger of the issue can lead do, including +confidentiality, integrity or availability problems. + +## Low + +This is a security problem that is truly hard or unlikely to exploit or +trigger. Due to timing, platform requirements or the fact that options or +protocols involved are rare etc. [Past +example](https://curl.se/docs/CVE-2022-43552.html) + +## Medium + +This is a security problem that is less hard than **Low** to exploit or +trigger. Less strict timing, wider platforms availability or involving more +widely used options or protocols. A problem that usually needs something else +to also happen to become serious. [Past +example](https://curl.se/docs/CVE-2022-32206.html) + +## High + +This issue in itself a serious problem with real world impact. Flaws that can +easily compromise the confidentiality, integrity or availability of resources. +Exploiting or triggering this problem is not hard. [Past +example](https://curl.se/docs/CVE-2019-3822.html) + +## Critical + +Easily exploitable by a remote unauthenticated attacker and lead to system +compromise (arbitrary code execution) without requiring user interaction, with +a common configuration on a popular platform. This issue has few restrictions +and requirements and can be exploited easily using most curl configurations. +[Past example](https://curl.se/docs/CVE-2000-0973.html) + +# Not security issues + +This is an incomplete list of issues that are not considered vulnerabilities. + +## Small memory leaks + +We do not consider a small memory leak a security problem; even if the amount +of allocated memory grows by a small amount every now and then. Long-living +applications and services already need to have counter-measures and deal with +growing memory usage, be it leaks or just increased use. A small memory or +resource leak is then expected to *not* cause a security problem. + +Of course there can be a discussion if a leak is small or not. A large leak +can be considered a security problem due to the DOS risk. If leaked memory +contains sensitive data it might also qualify as a security problem. + +## Never-ending transfers + +We do not consider flaws that cause a transfer to never end to be a security +problem. There are already several benign and likely reasons for transfers to +stall and never end, so applications that cannot deal with never-ending +transfers already need to have counter-measures established. + +If the problem avoids the regular counter-measures when it causes a never- +ending transfer, it might be a security problem. + +## Not practically possible + +If the flaw or vulnerability cannot practically get executed on existing +hardware it is not a security problem. + +## API misuse + +If a reported issue only triggers by an application using the API in a way +that is not documented to work or even documented to not work, it is probably +not going to be considered a security problem. We only guarantee secure and +proper functionality when the APIs are used as expected and documented. + +There can be a discussion about what the documentation actually means and how +to interpret the text, which might end up with us still agreeing that it is a +security problem. + +## Local attackers already present + +When an issue can only be attacked or misused by an attacker present on the +local system or network, the bar is raised. If a local user wrongfully has +elevated rights on your system enough to attack curl, they can probably +already do much worse harm and the problem is not really in curl. + +## Experiments + +Vulnerabilities in features which are off by default (in the build) and +documented as experimental, are not eligible for a reward and we do not +consider them security problems. + +## URL inconsistencies + +URL parser inconsistencies between browsers and curl are expected and are not +considered security vulnerabilities. The WHATWG URL Specification and RFC +3986+ (the plus meaning that it is an extended version) [are not completely +interoperable](https://github.com/bagder/docs/blob/master/URL-interop.md). + +Obvious parser bugs can still be vulnerabilities of course. + +## Visible command line arguments + +The curl command blanks the contents of a number of command line arguments to +prevent them from appearing in process listings. It does not blank all +arguments even if some of them that are not blanked might contain sensitive +data. We consider this functionality a best-effort and omissions are not +security vulnerabilities. + + - not all systems allow the arguments to be blanked in the first place + - since curl blanks the argument itself they area readable for a short moment + no matter what + - virtually every argument can contain sensitive data, depending on use + - blanking all arguments would make it impractical for users to differentiate + curl command lines in process listings + +## Busy-loops + +Busy-loops that consume 100% CPU time but eventually end (perhaps due to a set +timeout value or otherwise) are not considered security problems. Applications +are supposed to already handle situations when the transfer loop legitimately +consumes 100% CPU time, so while a prolonged such busy-loop is a nasty bug, we +do not consider it a security problem. + +## Saving files + +curl cannot protect against attacks where an attacker has write access to the +same directory where curl is directed to save files. + +## Tricking a user to run a command line + +A creative, misleading or funny looking command line is not a security +problem. The curl command line tool takes options and URLs on the command line +and if an attacker can trick the user to run a specifically crafted curl +command line, all bets are off. Such an attacker can just as well have the +user run a much worse command that can do something fatal (like +`sudo rm -rf /`). + +## Terminal output and escape sequences + +Content that is transferred from a server and gets displayed in a terminal by +curl may contain escape sequences or use other tricks to fool the user. This +is curl working as designed and is not a curl security problem. Escape +sequences, moving cursor, changing color etc, is also frequently used for +good. To reduce the risk of getting fooled, save files and browse them after +download using a display method that minimizes risks. + +## NULL dereferences and crashes + +If a malicious server can trigger a NULL dereference in curl or otherwise +cause curl to crash (and nothing worse), chances are big that we do not +consider that a security problem. + +Malicious servers can already cause considerable harm and denial of service +like scenarios without having to trigger such code paths. For example by +stalling, being terribly slow or by delivering enormous amounts of data. +Additionally, applications are expected to handle "normal" crashes without +that being the end of the world. + +There need to be more and special circumstances to treat such problems as +security issues. diff --git a/libs/curl/docs/WEBSOCKET.md b/libs/curl/docs/WEBSOCKET.md new file mode 100644 index 00000000..14caec24 --- /dev/null +++ b/libs/curl/docs/WEBSOCKET.md @@ -0,0 +1,134 @@ + + +# WebSocket in curl + +## URL + +WebSocket communication with libcurl is done by setting up a transfer to a URL +using the `ws://` or `wss://` URL schemes. The latter one being the secure +version done over HTTPS. + +When using `wss://` to do WebSocket over HTTPS, the standard TLS and HTTPS +options are acknowledged for the CA, verification of server certificate etc. + +WebSocket communication is done by upgrading a connection from either HTTP or +HTTPS. When given a WebSocket URL to work with, libcurl considers it a +transfer failure if the upgrade procedure fails. This means that a plain HTTP +200 response code is considered an error for this work. + +## API + +The WebSocket API is described in the individual man pages for the new API. + +WebSocket with libcurl can be done two ways. + +1. Get the WebSocket frames from the server sent to the write callback. You + can then respond with `curl_ws_send()` from within the callback (or outside + of it). + +2. Set `CURLOPT_CONNECT_ONLY` to 2L (new for WebSocket), which makes libcurl + do an HTTP GET + `Upgrade:` request plus response in the + `curl_easy_perform()` call before it returns and then you can use + `curl_ws_recv()` and `curl_ws_send()` to receive and send WebSocket frames + from and to the server. + +The new options to `curl_easy_setopt()`: + + `CURLOPT_WS_OPTIONS` - to control specific behavior. `CURLWS_RAW_MODE` makes + libcurl provide all WebSocket traffic raw in the callback. + +The new function calls: + + `curl_ws_recv()` - receive a WebSocket frame + + `curl_ws_send()` - send a WebSocket frame + + `curl_ws_meta()` - return WebSocket metadata within a write callback + +## Max frame size + +The current implementation only supports frame sizes up to a max (64K right +now). This is because the API delivers full frames and it then cannot manage +the full 2^63 bytes size. + +If we decide we need to support (much) larger frames than 64K, we need to +adjust the API accordingly to be able to deliver partial frames in both +directions. + +## Errors + +If the given WebSocket URL (using `ws://` or `wss://`) fails to get upgraded +via a 101 response code and instead gets another response code back from the +HTTP server - the transfer returns `CURLE_HTTP_RETURNED_ERROR` for that +transfer. Note then that even 2xx response codes are then considered error +since it failed to provide a WebSocket transfer. + +## Test suite + +I looked for an existing small WebSocket server implementation with maximum +flexibility to dissect and cram into the test suite but I ended up deciding +that extending the existing test suite server sws to deal with WebSocket +might be the better way. + +- This server is already integrated and working in the test suite + +- We want maximum control and ability to generate broken protocol and negative + tests as well. A dumber and simpler TCP server could then be easier to + massage into this than a "proper" WebSocket server. + +## Command line tool WebSocket + +The plan is to make curl do WebSocket similar to telnet/nc. That part of the +work has not been started. + +Ideas: + + - Read stdin and send off as messages. Consider newline as end of fragment. + (default to text? offer option to set binary) + - Respond to PINGs automatically + - Issue PINGs at some default interval (option to switch off/change interval?) + - Allow `-d` to specify (initial) data to send (should the format allow for + multiple separate frames?) + - Exit after N messages received, where N can be zero. + +## Future work + +- Verify the Sec-WebSocket-Accept response. It requires a sha-1 function. +- Verify Sec-WebSocket-Extensions and Sec-WebSocket-Protocol in the response +- Make WebSocket work with hyper +- Consider a `curl_ws_poll()` +- Make sure WebSocket code paths are fuzzed +- Add client-side PING interval +- Provide option to disable PING-PONG automation +- Support compression (`CURLWS_COMPRESS`) + +## Why not libWebSocket + +libWebSocket is said to be a solid, fast and efficient WebSocket library with +a vast amount of users. My plan was originally to build upon it to skip having +to implement the low level parts of WebSocket myself. + +Here are the reasons why I have decided to move forward with WebSocket in +curl **without using libWebSocket**: + +- doxygen generated docs only makes them hard to navigate. No tutorial, no + clearly written explanatory pages for specific functions. + +- seems (too) tightly integrated with a specific TLS library, while we want to + support WebSocket with whatever TLS library libcurl was already made to + work with. + +- seems (too) tightly integrated with event libraries + +- the references to threads and thread-pools in code and APIs indicate too + much logic for our purposes + +- "bloated" - it is a *huge* library that is actually more lines of code than + libcurl itself + +- WebSocket is a fairly simple protocol on the network/framing layer so + making a homegrown handling of it should be fine diff --git a/libs/curl/docs/cmdline-opts/.gitignore b/libs/curl/docs/cmdline-opts/.gitignore new file mode 100644 index 00000000..8d42e2c5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/.gitignore @@ -0,0 +1,5 @@ +# Copyright (C) Daniel Stenberg, , et al. +# +# SPDX-License-Identifier: curl + +curl.txt diff --git a/libs/curl/docs/cmdline-opts/CMakeLists.txt b/libs/curl/docs/cmdline-opts/CMakeLists.txt index ae25c5c4..d165f841 100644 --- a/libs/curl/docs/cmdline-opts/CMakeLists.txt +++ b/libs/curl/docs/cmdline-opts/CMakeLists.txt @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,16 +18,23 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### -set(MANPAGE "${CURL_BINARY_DIR}/docs/curl.1") +set(MANPAGE "${CURL_BINARY_DIR}/docs/cmdline-opts/curl.1") +set(ASCIIPAGE "${CURL_BINARY_DIR}/docs/cmdline-opts/curl.txt") # Load DPAGES and OTHERPAGES from shared file transform_makefile_inc("Makefile.inc" "${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") include("${CMAKE_CURRENT_BINARY_DIR}/Makefile.inc.cmake") add_custom_command(OUTPUT "${MANPAGE}" - COMMAND "${PERL_EXECUTABLE}" "${CMAKE_CURRENT_SOURCE_DIR}/gen.pl" mainpage "${CMAKE_CURRENT_SOURCE_DIR}" > "${MANPAGE}" - DEPENDS ${DPAGES} ${OTHERPAGES} + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + COMMAND "${PERL_EXECUTABLE}" ${PROJECT_SOURCE_DIR}/scripts/managen mainpage ${DPAGES} > "${MANPAGE}" + COMMAND "${PERL_EXECUTABLE}" ${PROJECT_SOURCE_DIR}/scripts/managen ascii ${DPAGES} > "${ASCIIPAGE}" VERBATIM ) -add_custom_target(generate-curl.1 DEPENDS "${MANPAGE}") +add_custom_target(generate-curl.1 ALL DEPENDS "${MANPAGE}") +if(NOT CURL_DISABLE_INSTALL) + install(FILES "${MANPAGE}" DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) +endif() diff --git a/libs/curl/docs/cmdline-opts/MANPAGE.md b/libs/curl/docs/cmdline-opts/MANPAGE.md index e3f5681a..3e2e7151 100644 --- a/libs/curl/docs/cmdline-opts/MANPAGE.md +++ b/libs/curl/docs/cmdline-opts/MANPAGE.md @@ -1,62 +1,118 @@ + + # curl man page generator -This is the curl man page generator. It generates a single nroff man page +`managen` is the curl man page generator. It generates a single nroff man page output from the set of sources files in this directory. -There is one source file for each supported command line option. The output -gets `page-header` prepended and `page-footer` appended. The format is -described below. +The `mainpage.idx` file lists all files that are rendered in that order to +produce the output. The magic `%options` keyword inserts all command line +options documented. + +The `%options` documentation is created with one source file for each +supported command line option. + +The documentation file format is described below. It is meant to look similar +to markdown which is why it uses `.md` file extensions. ## Option files Each command line option is described in a file named `.d`, where -option name is written without any prefixing dashes. Like the file name for -the -v, --verbose option is named `verbose.d`. +option name is written without any prefixing dashes. Like the filename for the +`-v, --verbose` option is named `verbose.d`. -Each file has a set of meta-data and a body of text. +Each file has a set of meta-data in the top of the file, followed by a body of +text. + +The documentation files that do not document options have no meta-data part. + +A line that starts with ``. ### Meta-data - Short: (single letter, without dash) - Long: (long form name, without dashes) + --- (start of meta-data) + Added: (version number in which this was added) Arg: (the argument the option takes) + c: (copyright line) + Example: + - (an example command line, without "curl" and can use `$URL`) + - (another example) + Experimental: yes (if so) + Help: (short text for the --help output for this option) + Long: (long form name, without dashes) Magic: (description of "magic" options) - Tags: (space separated list) - Protocols: (space separated list for which protocols this option works) - Added: (version number in which this was added) + Multi: single/append/boolean/mutex/custom/per-URL (if used more than once) Mutexed: (space separated list of options this overrides, no dashes) + Protocols: (space separated list for which protocols this option works) Requires: (space separated list of features this requires, no dashes) - See-also: (space separated list of related options, no dashes) - Help: (short text for the --help output for this option) - Example: (example command line, without "curl" and can use `$URL`) + Scope: global (if the option is global) + See-also: + - (a related option, no dashes) + - (another related option, no dashes) + Short: (single letter, without dash) + SPDX-License-Identifier: curl + Tags: (space separated list) --- (end of meta-data) ### Body The body of the description. Only refer to options with their long form option -version, like `--verbose`. The output generator will replace such with the +version, like `--verbose`. The output generator replaces such option with the correct markup that shows both short and long version. -Text written within `*asterisks*` will get shown using italics. Text within -two `**asterisks**` will get shown using bold. +Text written within `*asterisks*` is shown using italics. Text within two +`**asterisks**` is shown using bold. + +Text that is prefixed with a space is treated like an "example" and gets +output in monospace. + +Within the body, describe a list of items like this: + + ## item 1 + description -Text that is prefixed with a space will be treated like an "example" and will -be output in monospace. + ## item 2 + second description -## Header and footer +The list is automatically terminated at end of file, or you can do it +explicitly with an empty "header": -`page-header` is the file that will be output before the generated options -output for the master man page. + ## -`page-footer` is appended after all the individual options. +Angle brackets (`<>`) need to be escaped when used in text like `\<` and +`\>`. This, to ensure that the text renders nicely as markdown. + +### Headers + +The `#` header can be used by non-option files and it produces a +`.SH` output. + +If the `#` header is used for a command line option file, that header is +simply ignored in the generated output. It can still serve a purpose in the +source file as it helps the user identify what option the file is for. + +### Variables + +There are three different "variables" that can be used when creating the +output. They need to be written within backticks in the source file (to escape +getting spellchecked by CI jobs): `%DATE`, `%VERSION` and `%GLOBALS`. ## Generate -`./gen.pl mainpage` +`managen mainpage [list of markdown option file names]` This command outputs a single huge nroff file, meant to become `curl.1`. The full curl man page. -`./gen.pl listhelp` +`managen ascii [list of markdown option file names]` + +This command outputs a single text file, meant to become `curl.txt`. The full +curl man page in text format, used to build `tool_hugehelp.c`. + +`managen listhelp` Generates a full `curl --help` output for all known command line options. diff --git a/libs/curl/docs/cmdline-opts/Makefile.am b/libs/curl/docs/cmdline-opts/Makefile.am index f416d553..0aa8a44f 100644 --- a/libs/curl/docs/cmdline-opts/Makefile.am +++ b/libs/curl/docs/cmdline-opts/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,18 +18,43 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### AUTOMAKE_OPTIONS = foreign no-dependencies -MANPAGE = $(top_builddir)/docs/curl.1 +MANPAGE = curl.1 +ASCIIPAGE = curl.txt include Makefile.inc -EXTRA_DIST = $(DPAGES) MANPAGE.md gen.pl $(OTHERPAGES) CMakeLists.txt +EXTRA_DIST = $(DPAGES) MANPAGE.md $(SUPPORT) CMakeLists.txt mainpage.idx + +GEN = $(GN_$(V)) +GN_0 = @echo " GENERATE" $@; +GN_1 = +GN_ = $(GN_0) + +MANAGEN=$(top_srcdir)/scripts/managen +INCDIR=$(top_srcdir)/include + +if BUILD_DOCS +CLEANFILES = $(MANPAGE) $(ASCIIPAGE) +man_MANS = $(MANPAGE) + +all: $(MANPAGE) $(ASCIIPAGE) + +endif + +$(MANPAGE): $(DPAGES) $(SUPPORT) mainpage.idx Makefile.inc $(MANAGEN) + $(GEN)(rm -f $(MANPAGE) && @PERL@ $(MANAGEN) -d $(srcdir) -I $(INCDIR) mainpage $(DPAGES) > manpage.tmp.$$$$ && mv manpage.tmp.$$$$ $(MANPAGE)) + +$(ASCIIPAGE): $(DPAGES) $(SUPPORT) mainpage.idx Makefile.inc $(MANAGEN) + $(GEN)(rm -f $(ASCIIPAGE) && @PERL@ $(MANAGEN) -d $(srcdir) -I $(INCDIR) ascii $(DPAGES) > asciipage.tmp.$$$$ && mv asciipage.tmp.$$$$ $(ASCIIPAGE)) -all: $(MANPAGE) +listhelp: + $(MANAGEN) -d $(srcdir) listhelp $(DPAGES) > $(top_builddir)/src/tool_listhelp.c -$(MANPAGE): $(DPAGES) $(OTHERPAGES) Makefile.inc - @echo "generate $(MANPAGE)" - @(cd $(srcdir) && @PERL@ ./gen.pl mainpage $(DPAGES)) > $(MANPAGE) +listcats: + @$(MANAGEN) listcats $(DPAGES) diff --git a/libs/curl/docs/cmdline-opts/Makefile.inc b/libs/curl/docs/cmdline-opts/Makefile.inc index f8b57112..d69635e4 100644 --- a/libs/curl/docs/cmdline-opts/Makefile.inc +++ b/libs/curl/docs/cmdline-opts/Makefile.inc @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. +# Copyright (C) Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -18,253 +18,293 @@ # This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY # KIND, either express or implied. # +# SPDX-License-Identifier: curl +# ########################################################################### # Shared between Makefile.am and CMakeLists.txt -DPAGES = \ - abstract-unix-socket.d \ - alt-svc.d \ - anyauth.d \ - append.d \ - aws-sigv4.d \ - basic.d \ - cacert.d \ - capath.d \ - cert-status.d \ - cert-type.d \ - cert.d \ - ciphers.d \ - compressed-ssh.d \ - compressed.d \ - config.d \ - connect-timeout.d \ - connect-to.d \ - continue-at.d \ - cookie-jar.d \ - cookie.d \ - create-dirs.d \ - create-file-mode.d \ - crlf.d \ - crlfile.d \ - curves.d \ - data-ascii.d \ - data-binary.d \ - data-raw.d \ - data-urlencode.d \ - data.d \ - delegation.d \ - digest.d \ - disable-eprt.d \ - disable-epsv.d \ - disable.d \ - disallow-username-in-url.d \ - dns-interface.d \ - dns-ipv4-addr.d \ - dns-ipv6-addr.d \ - dns-servers.d \ - doh-cert-status.d \ - doh-insecure.d \ - doh-url.d \ - dump-header.d \ - egd-file.d \ - engine.d \ - etag-compare.d \ - etag-save.d \ - expect100-timeout.d \ - fail-early.d \ - fail-with-body.d \ - fail.d \ - false-start.d \ - form-escape.d \ - form-string.d \ - form.d \ - ftp-account.d \ - ftp-alternative-to-user.d \ - ftp-create-dirs.d \ - ftp-method.d \ - ftp-pasv.d \ - ftp-port.d \ - ftp-pret.d \ - ftp-skip-pasv-ip.d \ - ftp-ssl-ccc-mode.d \ - ftp-ssl-ccc.d \ - ftp-ssl-control.d \ - get.d \ - globoff.d \ - happy-eyeballs-timeout-ms.d \ - haproxy-protocol.d \ - head.d \ - header.d \ - help.d \ - hostpubmd5.d \ - hostpubsha256.d \ - hsts.d \ - http0.9.d \ - http1.0.d \ - http1.1.d \ - http2-prior-knowledge.d \ - http2.d \ - http3.d \ - ignore-content-length.d \ - include.d \ - insecure.d \ - interface.d \ - ipv4.d \ - ipv6.d \ - junk-session-cookies.d \ - keepalive-time.d \ - key-type.d \ - key.d \ - krb.d \ - libcurl.d \ - limit-rate.d \ - list-only.d \ - local-port.d \ - location-trusted.d \ - location.d \ - login-options.d \ - mail-auth.d \ - mail-from.d \ - mail-rcpt-allowfails.d \ - mail-rcpt.d \ - manual.d \ - max-filesize.d \ - max-redirs.d \ - max-time.d \ - metalink.d \ - negotiate.d \ - netrc-file.d \ - netrc-optional.d \ - netrc.d \ - next.d \ - no-alpn.d \ - no-buffer.d \ - no-keepalive.d \ - no-npn.d \ - no-progress-meter.d \ - no-sessionid.d \ - noproxy.d \ - ntlm-wb.d \ - ntlm.d \ - oauth2-bearer.d \ - output-dir.d \ - output.d \ - parallel-immediate.d \ - parallel-max.d \ - parallel.d \ - pass.d \ - path-as-is.d \ - pinnedpubkey.d \ - post301.d \ - post302.d \ - post303.d \ - preproxy.d \ - progress-bar.d \ - proto-default.d \ - proto-redir.d \ - proto.d \ - proxy-anyauth.d \ - proxy-basic.d \ - proxy-cacert.d \ - proxy-capath.d \ - proxy-cert-type.d \ - proxy-cert.d \ - proxy-ciphers.d \ - proxy-crlfile.d \ - proxy-digest.d \ - proxy-header.d \ - proxy-insecure.d \ - proxy-key-type.d \ - proxy-key.d \ - proxy-negotiate.d \ - proxy-ntlm.d \ - proxy-pass.d \ - proxy-pinnedpubkey.d \ - proxy-service-name.d \ - proxy-ssl-allow-beast.d \ - proxy-ssl-auto-client-cert.d \ - proxy-tls13-ciphers.d \ - proxy-tlsauthtype.d \ - proxy-tlspassword.d \ - proxy-tlsuser.d \ - proxy-tlsv1.d \ - proxy-user.d \ - proxy.d \ - proxy1.0.d \ - proxytunnel.d \ - pubkey.d \ - quote.d \ - random-file.d \ - range.d \ - raw.d \ - referer.d \ - remote-header-name.d \ - remote-name-all.d \ - remote-name.d \ - remote-time.d \ - request-target.d \ - request.d \ - resolve.d \ - retry-all-errors.d \ - retry-connrefused.d \ - retry-delay.d \ - retry-max-time.d \ - retry.d \ - sasl-authzid.d \ - sasl-ir.d \ - service-name.d \ - show-error.d \ - silent.d \ - socks4.d \ - socks4a.d \ - socks5-basic.d \ - socks5-gssapi-nec.d \ - socks5-gssapi-service.d \ - socks5-gssapi.d \ - socks5-hostname.d \ - socks5.d \ - speed-limit.d \ - speed-time.d \ - ssl-allow-beast.d \ - ssl-auto-client-cert.d \ - ssl-no-revoke.d \ - ssl-reqd.d \ - ssl-revoke-best-effort.d \ - ssl.d \ - sslv2.d \ - sslv3.d \ - stderr.d \ - styled-output.d \ - suppress-connect-headers.d \ - tcp-fastopen.d \ - tcp-nodelay.d \ - telnet-option.d \ - tftp-blksize.d \ - tftp-no-options.d \ - time-cond.d \ - tls-max.d \ - tls13-ciphers.d \ - tlsauthtype.d \ - tlspassword.d \ - tlsuser.d \ - tlsv1.0.d \ - tlsv1.1.d \ - tlsv1.2.d \ - tlsv1.3.d \ - tlsv1.d \ - tr-encoding.d \ - trace-ascii.d \ - trace-time.d \ - trace.d \ - unix-socket.d \ - upload-file.d \ - url.d \ - use-ascii.d \ - user-agent.d \ - user.d \ - verbose.d \ - version.d \ - write-out.d \ - xattr.d +SUPPORT = \ + _AUTHORS.md \ + _BUGS.md \ + _DESCRIPTION.md \ + _ENVIRONMENT.md \ + _EXITCODES.md \ + _FILES.md \ + _GLOBBING.md \ + _NAME.md \ + _OPTIONS.md \ + _OUTPUT.md \ + _PROGRESS.md \ + _PROTOCOLS.md \ + _PROXYPREFIX.md \ + _SEEALSO.md \ + _SYNOPSIS.md \ + _URL.md \ + _VARIABLES.md \ + _VERSION.md \ + _WWW.md -OTHERPAGES = page-footer page-header +DPAGES = \ + abstract-unix-socket.md \ + alt-svc.md \ + anyauth.md \ + append.md \ + aws-sigv4.md \ + basic.md \ + ca-native.md \ + cacert.md \ + capath.md \ + cert-status.md \ + cert-type.md \ + cert.md \ + ciphers.md \ + compressed-ssh.md \ + compressed.md \ + config.md \ + connect-timeout.md \ + connect-to.md \ + continue-at.md \ + cookie-jar.md \ + cookie.md \ + create-dirs.md \ + create-file-mode.md \ + crlf.md \ + crlfile.md \ + curves.md \ + data-ascii.md \ + data-binary.md \ + data-raw.md \ + data-urlencode.md \ + data.md \ + delegation.md \ + digest.md \ + disable-eprt.md \ + disable-epsv.md \ + disable.md \ + disallow-username-in-url.md \ + dns-interface.md \ + dns-ipv4-addr.md \ + dns-ipv6-addr.md \ + dns-servers.md \ + doh-cert-status.md \ + doh-insecure.md \ + doh-url.md \ + dump-header.md \ + ech.md \ + egd-file.md \ + engine.md \ + etag-compare.md \ + etag-save.md \ + expect100-timeout.md \ + fail-early.md \ + fail-with-body.md \ + fail.md \ + false-start.md \ + form-escape.md \ + form-string.md \ + form.md \ + ftp-account.md \ + ftp-alternative-to-user.md \ + ftp-create-dirs.md \ + ftp-method.md \ + ftp-pasv.md \ + ftp-port.md \ + ftp-pret.md \ + ftp-skip-pasv-ip.md \ + ftp-ssl-ccc-mode.md \ + ftp-ssl-ccc.md \ + ftp-ssl-control.md \ + get.md \ + globoff.md \ + happy-eyeballs-timeout-ms.md \ + haproxy-protocol.md \ + haproxy-clientip.md \ + head.md \ + header.md \ + help.md \ + hostpubmd5.md \ + hostpubsha256.md \ + hsts.md \ + http0.9.md \ + http1.0.md \ + http1.1.md \ + http2-prior-knowledge.md \ + http2.md \ + http3.md \ + http3-only.md \ + ignore-content-length.md \ + include.md \ + insecure.md \ + interface.md \ + ip-tos.md \ + ipfs-gateway.md \ + ipv4.md \ + ipv6.md \ + json.md \ + junk-session-cookies.md \ + keepalive-cnt.md \ + keepalive-time.md \ + key-type.md \ + key.md \ + krb.md \ + libcurl.md \ + limit-rate.md \ + list-only.md \ + local-port.md \ + location-trusted.md \ + location.md \ + login-options.md \ + mail-auth.md \ + mail-from.md \ + mail-rcpt-allowfails.md \ + mail-rcpt.md \ + manual.md \ + max-filesize.md \ + max-redirs.md \ + max-time.md \ + metalink.md \ + mptcp.md \ + negotiate.md \ + netrc-file.md \ + netrc-optional.md \ + netrc.md \ + next.md \ + no-alpn.md \ + no-buffer.md \ + no-clobber.md \ + no-keepalive.md \ + no-npn.md \ + no-progress-meter.md \ + no-sessionid.md \ + noproxy.md \ + ntlm-wb.md \ + ntlm.md \ + oauth2-bearer.md \ + output-dir.md \ + output.md \ + parallel-immediate.md \ + parallel-max.md \ + parallel.md \ + pass.md \ + path-as-is.md \ + pinnedpubkey.md \ + post301.md \ + post302.md \ + post303.md \ + preproxy.md \ + progress-bar.md \ + proto-default.md \ + proto-redir.md \ + proto.md \ + proxy-anyauth.md \ + proxy-basic.md \ + proxy-ca-native.md \ + proxy-cacert.md \ + proxy-capath.md \ + proxy-cert-type.md \ + proxy-cert.md \ + proxy-ciphers.md \ + proxy-crlfile.md \ + proxy-digest.md \ + proxy-header.md \ + proxy-http2.md \ + proxy-insecure.md \ + proxy-key-type.md \ + proxy-key.md \ + proxy-negotiate.md \ + proxy-ntlm.md \ + proxy-pass.md \ + proxy-pinnedpubkey.md \ + proxy-service-name.md \ + proxy-ssl-allow-beast.md \ + proxy-ssl-auto-client-cert.md \ + proxy-tls13-ciphers.md \ + proxy-tlsauthtype.md \ + proxy-tlspassword.md \ + proxy-tlsuser.md \ + proxy-tlsv1.md \ + proxy-user.md \ + proxy.md \ + proxy1.0.md \ + proxytunnel.md \ + pubkey.md \ + quote.md \ + random-file.md \ + range.md \ + rate.md \ + raw.md \ + referer.md \ + remote-header-name.md \ + remote-name-all.md \ + remote-name.md \ + remote-time.md \ + remove-on-error.md \ + request-target.md \ + request.md \ + resolve.md \ + retry-all-errors.md \ + retry-connrefused.md \ + retry-delay.md \ + retry-max-time.md \ + retry.md \ + sasl-authzid.md \ + sasl-ir.md \ + service-name.md \ + show-error.md \ + silent.md \ + socks4.md \ + socks4a.md \ + socks5-basic.md \ + socks5-gssapi-nec.md \ + socks5-gssapi-service.md \ + socks5-gssapi.md \ + socks5-hostname.md \ + socks5.md \ + speed-limit.md \ + speed-time.md \ + ssl-allow-beast.md \ + ssl-auto-client-cert.md \ + ssl-no-revoke.md \ + ssl-reqd.md \ + ssl-revoke-best-effort.md \ + ssl.md \ + sslv2.md \ + sslv3.md \ + stderr.md \ + styled-output.md \ + suppress-connect-headers.md \ + tcp-fastopen.md \ + tcp-nodelay.md \ + telnet-option.md \ + tftp-blksize.md \ + tftp-no-options.md \ + time-cond.md \ + tls-max.md \ + tls13-ciphers.md \ + tlsauthtype.md \ + tlspassword.md \ + tlsuser.md \ + tlsv1.0.md \ + tlsv1.1.md \ + tlsv1.2.md \ + tlsv1.3.md \ + tlsv1.md \ + tr-encoding.md \ + trace-ascii.md \ + trace-config.md \ + trace-ids.md \ + trace-time.md \ + trace.md \ + unix-socket.md \ + upload-file.md \ + url.md \ + url-query.md \ + use-ascii.md \ + user-agent.md \ + user.md \ + variable.md \ + verbose.md \ + version.md \ + vlan-priority.md \ + write-out.md \ + xattr.md diff --git a/libs/curl/docs/cmdline-opts/_AUTHORS.md b/libs/curl/docs/cmdline-opts/_AUTHORS.md new file mode 100644 index 00000000..0c9bfb95 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_AUTHORS.md @@ -0,0 +1,5 @@ + + +# AUTHORS +Daniel Stenberg is the main author, but the whole list of contributors is +found in the separate THANKS file. diff --git a/libs/curl/docs/cmdline-opts/_BUGS.md b/libs/curl/docs/cmdline-opts/_BUGS.md new file mode 100644 index 00000000..45630d43 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_BUGS.md @@ -0,0 +1,5 @@ + + +# BUGS +If you experience any problems with curl, submit an issue in the project's bug +tracker on GitHub: https://github.com/curl/curl/issues diff --git a/libs/curl/docs/cmdline-opts/_DESCRIPTION.md b/libs/curl/docs/cmdline-opts/_DESCRIPTION.md new file mode 100644 index 00000000..3e06c1b3 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_DESCRIPTION.md @@ -0,0 +1,11 @@ + + +# DESCRIPTION + +**curl** is a tool for transferring data from or to a server using URLs. It +supports these protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, +IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, +SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. + +curl is powered by libcurl for all transfer-related features. See +*libcurl(3)* for details. diff --git a/libs/curl/docs/cmdline-opts/_ENVIRONMENT.md b/libs/curl/docs/cmdline-opts/_ENVIRONMENT.md new file mode 100644 index 00000000..1d40b87b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_ENVIRONMENT.md @@ -0,0 +1,114 @@ + + +# ENVIRONMENT +The environment variables can be specified in lower case or upper case. The +lower case version has precedence. `http_proxy` is an exception as it is only +available in lower case. + +Using an environment variable to set the proxy has the same effect as using +the --proxy option. + +## `http_proxy` [protocol://][:port] +Sets the proxy server to use for HTTP. + +## `HTTPS_PROXY` [protocol://][:port] +Sets the proxy server to use for HTTPS. + +## `[url-protocol]_PROXY` [protocol://][:port] +Sets the proxy server to use for [url-protocol], where the protocol is a +protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP, +SMTP, LDAP, etc. + +## `ALL_PROXY` [protocol://][:port] +Sets the proxy server to use if no protocol-specific proxy is set. + +## `NO_PROXY` +list of hostnames that should not go through any proxy. If set to an asterisk +'*' only, it matches all hosts. Each name in this list is matched as either a +domain name which contains the hostname, or the hostname itself. + +This environment variable disables use of the proxy even when specified with +the --proxy option. That is + + NO_PROXY=direct.example.com curl -x http://proxy.example.com + http://direct.example.com + +accesses the target URL directly, and + + NO_PROXY=direct.example.com curl -x http://proxy.example.com + http://somewhere.example.com + +accesses the target URL through the proxy. + +The list of hostnames can also be include numerical IP addresses, and IPv6 +versions should then be given without enclosing brackets. + +IP addresses can be specified using CIDR notation: an appended slash and +number specifies the number of "network bits" out of the address to use in the +comparison (added in 7.86.0). For example "192.168.0.0/16" would match all +addresses starting with "192.168". + +## `APPDATA` +On Windows, this variable is used when trying to find the home directory. If +the primary home variable are all unset. + +## `COLUMNS` +If set, the specified number of characters is used as the terminal width when +the alternative progress-bar is shown. If not set, curl tries to figure it out +using other ways. + +## `CURL_CA_BUNDLE` +If set, it is used as the --cacert value. This environment variable is ignored +if Schannel is used as the TLS backend. + +## `CURL_HOME` +If set, is the first variable curl checks when trying to find its home +directory. If not set, it continues to check *XDG_CONFIG_HOME* + +## `CURL_SSL_BACKEND` +If curl was built with support for "MultiSSL", meaning that it has built-in +support for more than one TLS backend, this environment variable can be set to +the case insensitive name of the particular backend to use when curl is +invoked. Setting a name that is not a built-in alternative makes curl stay +with the default. + +SSL backend names (case-insensitive): **bearssl**, **gnutls**, **mbedtls**, +**openssl**, **rustls**, **schannel**, **secure-transport**, **wolfssl** + +## `HOME` +If set, this is used to find the home directory when that is needed. Like when +looking for the default .curlrc. *CURL_HOME* and *XDG_CONFIG_HOME* +have preference. + +## `QLOGDIR` +If curl was built with HTTP/3 support, setting this environment variable to a +local directory makes curl produce **qlogs** in that directory, using file +names named after the destination connection id (in hex). Do note that these +files can become rather large. Works with the ngtcp2 and quiche QUIC backends. + +## `SHELL` +Used on VMS when trying to detect if using a **DCL** or a **unix** shell. + +## `SSL_CERT_DIR` +If set, it is used as the --capath value. This environment variable is ignored +if Schannel is used as the TLS backend. + +## `SSL_CERT_FILE` +If set, it is used as the --cacert value. This environment variable is ignored +if Schannel is used as the TLS backend. + +## `SSLKEYLOGFILE` +If you set this environment variable to a filename, curl stores TLS secrets +from its connections in that file when invoked to enable you to analyze the +TLS traffic in real time using network analyzing tools such as Wireshark. This +works with the following TLS backends: OpenSSL, LibreSSL (TLS 1.2 max), +BoringSSL, GnuTLS and wolfSSL. + +## `USERPROFILE` +On Windows, this variable is used when trying to find the home directory. If +the other, primary, variable are all unset. If set, curl uses the path +**"$USERPROFILE\Application Data"**. + +## `XDG_CONFIG_HOME` +If *CURL_HOME* is not set, this variable is checked when looking for a +default .curlrc file. diff --git a/libs/curl/docs/cmdline-opts/_EXITCODES.md b/libs/curl/docs/cmdline-opts/_EXITCODES.md new file mode 100644 index 00000000..c5a928b5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_EXITCODES.md @@ -0,0 +1,203 @@ + + +# EXIT CODES +There are a bunch of different error codes and their corresponding error +messages that may appear under error conditions. At the time of this writing, +the exit codes are: +## 0 +Success. The operation completed successfully according to the instructions. +## 1 +Unsupported protocol. This build of curl has no support for this protocol. +## 2 +Failed to initialize. +## 3 +URL malformed. The syntax was not correct. +## 4 +A feature or option that was needed to perform the desired request was not +enabled or was explicitly disabled at build-time. To make curl able to do +this, you probably need another build of libcurl. +## 5 +Could not resolve proxy. The given proxy host could not be resolved. +## 6 +Could not resolve host. The given remote host could not be resolved. +## 7 +Failed to connect to host. +## 8 +Weird server reply. The server sent data curl could not parse. +## 9 +FTP access denied. The server denied login or denied access to the particular +resource or directory you wanted to reach. Most often you tried to change to a +directory that does not exist on the server. +## 10 +FTP accept failed. While waiting for the server to connect back when an active +FTP session is used, an error code was sent over the control connection or +similar. +## 11 +FTP weird PASS reply. Curl could not parse the reply sent to the PASS request. +## 12 +During an active FTP session while waiting for the server to connect back to +curl, the timeout expired. +## 13 +FTP weird PASV reply, Curl could not parse the reply sent to the PASV request. +## 14 +FTP weird 227 format. Curl could not parse the 227-line the server sent. +## 15 +FTP cannot use host. Could not resolve the host IP we got in the 227-line. +## 16 +HTTP/2 error. A problem was detected in the HTTP2 framing layer. This is +somewhat generic and can be one out of several problems, see the error message +for details. +## 17 +FTP could not set binary. Could not change transfer method to binary. +## 18 +Partial file. Only a part of the file was transferred. +## 19 +FTP could not download/access the given file, the RETR (or similar) command +failed. +## 21 +FTP quote error. A quote command returned error from the server. +## 22 +HTTP page not retrieved. The requested URL was not found or returned another +error with the HTTP error code being 400 or above. This return code only +appears if --fail is used. +## 23 +Write error. Curl could not write data to a local filesystem or similar. +## 25 +Failed starting the upload. For FTP, the server typically denied the STOR +command. +## 26 +Read error. Various reading problems. +## 27 +Out of memory. A memory allocation request failed. +## 28 +Operation timeout. The specified time-out period was reached according to the +conditions. +## 30 +FTP PORT failed. The PORT command failed. Not all FTP servers support the PORT +command, try doing a transfer using PASV instead. +## 31 +FTP could not use REST. The REST command failed. This command is used for +resumed FTP transfers. +## 33 +HTTP range error. The range "command" did not work. +## 34 +HTTP post error. Internal post-request generation error. +## 35 +SSL connect error. The SSL handshaking failed. +## 36 +Bad download resume. Could not continue an earlier aborted download. +## 37 +FILE could not read file. Failed to open the file. Permissions? +## 38 +LDAP cannot bind. LDAP bind operation failed. +## 39 +LDAP search failed. +## 41 +Function not found. A required LDAP function was not found. +## 42 +Aborted by callback. An application told curl to abort the operation. +## 43 +Internal error. A function was called with a bad parameter. +## 45 +Interface error. A specified outgoing interface could not be used. +## 47 +Too many redirects. When following redirects, curl hit the maximum amount. +## 48 +Unknown option specified to libcurl. This indicates that you passed a weird +option to curl that was passed on to libcurl and rejected. Read up in the +manual! +## 49 +Malformed telnet option. +## 52 +The server did not reply anything, which here is considered an error. +## 53 +SSL crypto engine not found. +## 54 +Cannot set SSL crypto engine as default. +## 55 +Failed sending network data. +## 56 +Failure in receiving network data. +## 58 +Problem with the local certificate. +## 59 +Could not use specified SSL cipher. +## 60 +Peer certificate cannot be authenticated with known CA certificates. +## 61 +Unrecognized transfer encoding. +## 63 +Maximum file size exceeded. +## 64 +Requested FTP SSL level failed. +## 65 +Sending the data requires a rewind that failed. +## 66 +Failed to initialize SSL Engine. +## 67 +The username, password, or similar was not accepted and curl failed to log in. +## 68 +File not found on TFTP server. +## 69 +Permission problem on TFTP server. +## 70 +Out of disk space on TFTP server. +## 71 +Illegal TFTP operation. +## 72 +Unknown TFTP transfer ID. +## 73 +File already exists (TFTP). +## 74 +No such user (TFTP). +## 77 +Problem reading the SSL CA cert (path? access rights?). +## 78 +The resource referenced in the URL does not exist. +## 79 +An unspecified error occurred during the SSH session. +## 80 +Failed to shut down the SSL connection. +## 82 +Could not load CRL file, missing or wrong format (added in 7.19.0). +## 83 +Issuer check failed (added in 7.19.0). +## 84 +The FTP PRET command failed. +## 85 +Mismatch of RTSP CSeq numbers. +## 86 +Mismatch of RTSP Session Identifiers. +## 87 +Unable to parse FTP file list. +## 88 +FTP chunk callback reported error. +## 89 +No connection available, the session is queued. +## 90 +SSL public key does not matched pinned public key. +## 91 +Invalid SSL certificate status. +## 92 +Stream error in HTTP/2 framing layer. +## 93 +An API function was called from inside a callback. +## 94 +An authentication function returned an error. +## 95 +A problem was detected in the HTTP/3 layer. This is somewhat generic and can +be one out of several problems, see the error message for details. +## 96 +QUIC connection error. This error may be caused by an SSL library error. QUIC +is the protocol used for HTTP/3 transfers. +## 97 +Proxy handshake error. +## 98 +A client-side certificate is required to complete the TLS handshake. +## 99 +Poll or select returned fatal error. +## 100 +A value or data field grew larger than allowed. +## XX +More error codes might appear here in future releases. The existing ones are +meant to never change. diff --git a/libs/curl/docs/cmdline-opts/_FILES.md b/libs/curl/docs/cmdline-opts/_FILES.md new file mode 100644 index 00000000..8c5d3faa --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_FILES.md @@ -0,0 +1,6 @@ + + +# FILES +*~/.curlrc* + +Default config file, see --config for details. diff --git a/libs/curl/docs/cmdline-opts/_GLOBBING.md b/libs/curl/docs/cmdline-opts/_GLOBBING.md new file mode 100644 index 00000000..282356c3 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_GLOBBING.md @@ -0,0 +1,40 @@ + + +# GLOBBING +You can specify multiple URLs or parts of URLs by writing lists within braces +or ranges within brackets. We call this "globbing". + +Provide a list with three different names like this: + + "http://site.{one,two,three}.com" + +Do sequences of alphanumeric series by using [] as in: + + "ftp://ftp.example.com/file[1-100].txt" + +With leading zeroes: + + "ftp://ftp.example.com/file[001-100].txt" + +With letters through the alphabet: + + "ftp://ftp.example.com/file[a-z].txt" + +Nested sequences are not supported, but you can use several ones next to each +other: + + "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html" + +You can specify a step counter for the ranges to get every Nth number or +letter: + + "http://example.com/file[1-100:10].txt" + + "http://example.com/file[a-z:2].txt" + +When using [] or {} sequences when invoked from a command line prompt, you +probably have to put the full URL within double quotes to avoid the shell from +interfering with it. This also goes for other characters treated special, like +for example '&', '?' and '*'. + +Switch off globbing with --globoff. diff --git a/libs/curl/docs/cmdline-opts/_NAME.md b/libs/curl/docs/cmdline-opts/_NAME.md new file mode 100644 index 00000000..b0d89161 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_NAME.md @@ -0,0 +1,4 @@ + + +# NAME +curl - transfer a URL diff --git a/libs/curl/docs/cmdline-opts/_OPTIONS.md b/libs/curl/docs/cmdline-opts/_OPTIONS.md new file mode 100644 index 00000000..106298e7 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_OPTIONS.md @@ -0,0 +1,26 @@ + + +# OPTIONS +Options start with one or two dashes. Many of the options require an +additional value next to them. If provided text does not start with a dash, it +is presumed to be and treated as a URL. + +The short "single-dash" form of the options, -d for example, may be used with +or without a space between it and its value, although a space is a recommended +separator. The long double-dash form, --data for example, requires a space +between it and its value. + +Short version options that do not need any additional values can be used +immediately next to each other, like for example you can specify all the +options *-O*, *-L* and *-v* at once as *-OLv*. + +In general, all boolean options are enabled with --**option** and yet again +disabled with --**no-**option. That is, you use the same option name but +prefix it with `no-`. However, in this list we mostly only list and show the +--**option** version of them. + +When --next is used, it resets the parser state and you start again with a +clean option state, except for the options that are global. Global options +retain their values and meaning even after --next. + +The following options are global: `%GLOBALS`. diff --git a/libs/curl/docs/cmdline-opts/_OUTPUT.md b/libs/curl/docs/cmdline-opts/_OUTPUT.md new file mode 100644 index 00000000..32a5457a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_OUTPUT.md @@ -0,0 +1,11 @@ + + +# OUTPUT +If not told otherwise, curl writes the received data to stdout. It can be +instructed to instead save that data into a local file, using the --output or +--remote-name options. If curl is given multiple URLs to transfer on the +command line, it similarly needs multiple options for where to save them. + +curl does not parse or otherwise "understand" the content it gets or writes as +output. It does no encoding or decoding, unless explicitly asked to with +dedicated command line options. diff --git a/libs/curl/docs/cmdline-opts/_PROGRESS.md b/libs/curl/docs/cmdline-opts/_PROGRESS.md new file mode 100644 index 00000000..4cbbd8eb --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_PROGRESS.md @@ -0,0 +1,25 @@ + + +# PROGRESS METER + +curl normally displays a progress meter during operations, indicating the +amount of transferred data, transfer speeds and estimated time left, etc. The +progress meter displays the transfer rate in bytes per second. The suffixes +(k, M, G, T, P) are 1024 based. For example 1k is 1024 bytes. 1M is 1048576 +bytes. + +curl displays this data to the terminal by default, so if you invoke curl to +do an operation and it is about to write data to the terminal, it *disables* +the progress meter as otherwise it would mess up the output mixing progress +meter and response data. + +If you want a progress meter for HTTP POST or PUT requests, you need to +redirect the response output to a file, using shell redirect (\>), --output +or similar. + +This does not apply to FTP upload as that operation does not spit out any +response data to the terminal. + +If you prefer a progress bar instead of the regular meter, --progress-bar is +your friend. You can also disable the progress meter completely with the +--silent option. diff --git a/libs/curl/docs/cmdline-opts/_PROTOCOLS.md b/libs/curl/docs/cmdline-opts/_PROTOCOLS.md new file mode 100644 index 00000000..af7019ab --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_PROTOCOLS.md @@ -0,0 +1,53 @@ + + +# PROTOCOLS +curl supports numerous protocols, or put in URL terms: schemes. Your +particular build may not support them all. +## DICT +Lets you lookup words using online dictionaries. +## FILE +Read or write local files. curl does not support accessing file:// URL +remotely, but when running on Microsoft Windows using the native UNC approach +works. +## FTP(S) +curl supports the File Transfer Protocol with a lot of tweaks and levers. With +or without using TLS. +## GOPHER(S) +Retrieve files. +## HTTP(S) +curl supports HTTP with numerous options and variations. It can speak HTTP +version 0.9, 1.0, 1.1, 2 and 3 depending on build options and the correct +command line options. +## IMAP(S) +Using the mail reading protocol, curl can download emails for you. With or +without using TLS. +## LDAP(S) +curl can do directory lookups for you, with or without TLS. +## MQTT +curl supports MQTT version 3. Downloading over MQTT equals subscribe to a +topic while uploading/posting equals publish on a topic. MQTT over TLS is not +supported (yet). +## POP3(S) +Downloading from a pop3 server means getting a mail. With or without using +TLS. +## RTMP(S) +The **Realtime Messaging Protocol** is primarily used to serve streaming media +and curl can download it. +## RTSP +curl supports RTSP 1.0 downloads. +## SCP +curl supports SSH version 2 scp transfers. +## SFTP +curl supports SFTP (draft 5) done over SSH version 2. +## SMB(S) +curl supports SMB version 1 for upload and download. +## SMTP(S) +Uploading contents to an SMTP server means sending an email. With or without +TLS. +## TELNET +Fetching a telnet URL starts an interactive session where it sends what it +reads on stdin and outputs what the server sends it. +## TFTP +curl can do TFTP downloads and uploads. +## WS(S) +WebSocket done over HTTP/1. WSS implies that it works over HTTPS. diff --git a/libs/curl/docs/cmdline-opts/_PROXYPREFIX.md b/libs/curl/docs/cmdline-opts/_PROXYPREFIX.md new file mode 100644 index 00000000..297b56c4 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_PROXYPREFIX.md @@ -0,0 +1,22 @@ + + +# PROXY PROTOCOL PREFIXES +The proxy string may be specified with a protocol:// prefix to specify +alternative proxy protocols. (Added in 7.21.7) + +If no protocol is specified in the proxy string or if the string does not +match a supported one, the proxy is treated as an HTTP proxy. + +The supported proxy protocol prefixes are as follows: +## http:// +Makes it use it as an HTTP proxy. The default if no scheme prefix is used. +## https:// +Makes it treated as an **HTTPS** proxy. +## socks4:// +Makes it the equivalent of --socks4 +## socks4a:// +Makes it the equivalent of --socks4a +## socks5:// +Makes it the equivalent of --socks5 +## socks5h:// +Makes it the equivalent of --socks5-hostname diff --git a/libs/curl/docs/cmdline-opts/_SEEALSO.md b/libs/curl/docs/cmdline-opts/_SEEALSO.md new file mode 100644 index 00000000..f4d0b55c --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_SEEALSO.md @@ -0,0 +1,5 @@ + + +# SEE ALSO + +**ftp (1)**, **wget (1)** diff --git a/libs/curl/docs/cmdline-opts/_SYNOPSIS.md b/libs/curl/docs/cmdline-opts/_SYNOPSIS.md new file mode 100644 index 00000000..38158774 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_SYNOPSIS.md @@ -0,0 +1,5 @@ + + +# SYNOPSIS + +**curl [options / URLs]** diff --git a/libs/curl/docs/cmdline-opts/_URL.md b/libs/curl/docs/cmdline-opts/_URL.md new file mode 100644 index 00000000..48ae02a5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_URL.md @@ -0,0 +1,28 @@ + + +# URL +The URL syntax is protocol-dependent. You find a detailed description in +RFC 3986. + +If you provide a URL without a leading **protocol://** scheme, curl guesses +what protocol you want. It then defaults to HTTP but assumes others based on +often-used hostname prefixes. For example, for hostnames starting with `ftp.` +curl assumes you want FTP. + +You can specify any amount of URLs on the command line. They are fetched in a +sequential manner in the specified order unless you use --parallel. You can +specify command line options and URLs mixed and in any order on the command +line. + +curl attempts to reuse connections when doing multiple transfers, so that +getting many files from the same server do not use multiple connects and setup +handshakes. This improves speed. Connection reuse can only be done for URLs +specified for a single command line invocation and cannot be performed between +separate curl runs. + +Provide an IPv6 zone id in the URL with an escaped percentage sign. Like in + + "http://[fe80::3%25eth0]/" + +Everything provided on the command line that is not a command line option or +its argument, curl assumes is a URL and treats it as such. diff --git a/libs/curl/docs/cmdline-opts/_VARIABLES.md b/libs/curl/docs/cmdline-opts/_VARIABLES.md new file mode 100644 index 00000000..aa6a8ae4 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_VARIABLES.md @@ -0,0 +1,44 @@ + + +# VARIABLES +curl supports command line variables (added in 8.3.0). Set variables with +--variable name=content or --variable name@file (where `file` can be stdin if +set to a single dash (-)). + +Variable contents can be expanded in option parameters using `{{name}}` if the +option name is prefixed with `--expand-`. This gets the contents of the +variable `name` inserted, or a blank if the name does not exist as a +variable. Insert `{{` verbatim in the string by prefixing it with a backslash, +like `\{{`. + +You an access and expand environment variables by first importing them. You +can select to either require the environment variable to be set or you can +provide a default value in case it is not already set. Plain --variable %name +imports the variable called 'name' but exits with an error if that environment +variable is not already set. To provide a default value if it is not set, use +--variable %name=content or --variable %name@content. + +Example. Get the USER environment variable into the URL, fail if USER is not +set: + + --variable '%USER' + --expand-url = "https://example.com/api/{{USER}}/method" + +When expanding variables, curl supports a set of functions that can make the +variable contents more convenient to use. It can trim leading and trailing +white space with `trim`, it can output the contents as a JSON quoted string +with `json`, URL encode the string with `url` or base64 encode it with `b64`. +To apply functions to a variable expansion, add them colon separated to the +right side of the variable. Variable content holding null bytes that are not +encoded when expanded cause error. + +Example: get the contents of a file called $HOME/.secret into a variable +called "fix". Make sure that the content is trimmed and percent-encoded when +sent as POST data: + + --variable %HOME + --expand-variable fix@{{HOME}}/.secret + --expand-data "{{fix:trim:url}}" + https://example.com/ + +Command line variables and expansions were added in 8.3.0. diff --git a/libs/curl/docs/cmdline-opts/_VERSION.md b/libs/curl/docs/cmdline-opts/_VERSION.md new file mode 100644 index 00000000..e0228fe9 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_VERSION.md @@ -0,0 +1,15 @@ + + +# VERSION + +This man page describes curl `%VERSION`. If you use a later version, chances +are this man page does not fully document it. If you use an earlier version, +this document tries to include version information about which specific +version that introduced changes. + +You can always learn which the latest curl version is by running + + curl https://curl.se/info + +The online version of this man page is always showing the latest incarnation: +https://curl.se/docs/manpage.html diff --git a/libs/curl/docs/cmdline-opts/_WWW.md b/libs/curl/docs/cmdline-opts/_WWW.md new file mode 100644 index 00000000..35d94669 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/_WWW.md @@ -0,0 +1,4 @@ + + +# WWW +https://curl.se diff --git a/libs/curl/docs/cmdline-opts/abstract-unix-socket.d b/libs/curl/docs/cmdline-opts/abstract-unix-socket.d deleted file mode 100644 index fcd2d94c..00000000 --- a/libs/curl/docs/cmdline-opts/abstract-unix-socket.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: abstract-unix-socket -Arg: -Help: Connect via abstract Unix domain socket -Added: 7.53.0 -Protocols: HTTP -Category: connection -See-also: unix-socket -Example: --abstract-unix-socket socketpath $URL ---- -Connect through an abstract Unix domain socket, instead of using the network. -Note: netstat shows the path of an abstract socket prefixed with '@', however -the argument should not have this leading character. diff --git a/libs/curl/docs/cmdline-opts/abstract-unix-socket.md b/libs/curl/docs/cmdline-opts/abstract-unix-socket.md new file mode 100644 index 00000000..7078e642 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/abstract-unix-socket.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: abstract-unix-socket +Arg: +Help: Connect via abstract Unix domain socket +Added: 7.53.0 +Protocols: HTTP +Category: connection +Multi: single +See-also: + - unix-socket +Example: + - --abstract-unix-socket socketpath $URL +--- + +# `--abstract-unix-socket` + +Connect through an abstract Unix domain socket, instead of using the network. +Note: netstat shows the path of an abstract socket prefixed with `@`, however +the \ argument should not have this leading character. diff --git a/libs/curl/docs/cmdline-opts/alt-svc.d b/libs/curl/docs/cmdline-opts/alt-svc.d deleted file mode 100644 index 3ad22304..00000000 --- a/libs/curl/docs/cmdline-opts/alt-svc.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: alt-svc -Arg: -Protocols: HTTPS -Help: Enable alt-svc with this cache file -Added: 7.64.1 -Category: http -See-also: resolve connect-to -Example: --alt-svc svc.txt $URL ---- -This option enables the alt-svc parser in curl. If the file name points to an -existing alt-svc cache file, that will be used. After a completed transfer, -the cache will be saved to the file name again if it has been modified. - -Specify a "" file name (zero length) to avoid loading/saving and make curl -just handle the cache in memory. - -If this option is used several times, curl will load contents from all the -files but the last one will be used for saving. diff --git a/libs/curl/docs/cmdline-opts/alt-svc.md b/libs/curl/docs/cmdline-opts/alt-svc.md new file mode 100644 index 00000000..257f4d5b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/alt-svc.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: alt-svc +Arg: +Protocols: HTTPS +Help: Enable alt-svc with this cache file +Added: 7.64.1 +Category: http +Multi: append +See-also: + - resolve + - connect-to +Example: + - --alt-svc svc.txt $URL +--- + +# `--alt-svc` + +Enable the alt-svc parser. If the filename points to an existing alt-svc cache +file, that gets used. After a completed transfer, the cache is saved to the +filename again if it has been modified. + +Specify a "" filename (zero length) to avoid loading/saving and make curl just +handle the cache in memory. + +If this option is used several times, curl loads contents from all the +files but the last one is used for saving. diff --git a/libs/curl/docs/cmdline-opts/anyauth.d b/libs/curl/docs/cmdline-opts/anyauth.d deleted file mode 100644 index 10923417..00000000 --- a/libs/curl/docs/cmdline-opts/anyauth.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: anyauth -Help: Pick any authentication method -Protocols: HTTP -See-also: proxy-anyauth basic digest -Category: http proxy auth -Example: --anyauth --user me:pwd $URL -Added: 7.10.6 ---- -Tells curl to figure out authentication method by itself, and use the most -secure one the remote site claims to support. This is done by first doing a -request and checking the response-headers, thus possibly inducing an extra -network round-trip. This is used instead of setting a specific authentication -method, which you can do with --basic, --digest, --ntlm, and --negotiate. - -Using --anyauth is not recommended if you do uploads from stdin, since it may -require data to be sent twice and then the client must be able to rewind. If -the need should arise when uploading from stdin, the upload operation will -fail. - -Used together with --user. diff --git a/libs/curl/docs/cmdline-opts/anyauth.md b/libs/curl/docs/cmdline-opts/anyauth.md new file mode 100644 index 00000000..31b27c4a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/anyauth.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: anyauth +Help: Pick any authentication method +Protocols: HTTP +Category: http proxy auth +Added: 7.10.6 +Multi: mutex +See-also: + - proxy-anyauth + - basic + - digest +Example: + - --anyauth --user me:pwd $URL +--- + +# `--anyauth` + +Figure out authentication method automatically, and use the most secure one +the remote site claims to support. This is done by first doing a request and +checking the response-headers, thus possibly inducing an extra network +round-trip. This option is used instead of setting a specific authentication +method, which you can do with --basic, --digest, --ntlm, and --negotiate. + +Using --anyauth is not recommended if you do uploads from stdin, since it may +require data to be sent twice and then the client must be able to rewind. If +the need should arise when uploading from stdin, the upload operation fails. + +Used together with --user. diff --git a/libs/curl/docs/cmdline-opts/append.d b/libs/curl/docs/cmdline-opts/append.d deleted file mode 100644 index 7ea02d70..00000000 --- a/libs/curl/docs/cmdline-opts/append.d +++ /dev/null @@ -1,12 +0,0 @@ -Short: a -Long: append -Help: Append to target file when uploading -Protocols: FTP SFTP -Category: ftp sftp -See-also: range continue-at -Example: --upload-file local --append ftp://example.com/ -Added: 4.8 ---- -When used in an upload, this makes curl append to the target file instead of -overwriting it. If the remote file does not exist, it will be created. Note -that this flag is ignored by some SFTP servers (including OpenSSH). diff --git a/libs/curl/docs/cmdline-opts/append.md b/libs/curl/docs/cmdline-opts/append.md new file mode 100644 index 00000000..3d0030d6 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/append.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: a +Long: append +Help: Append to target file when uploading +Protocols: FTP SFTP +Category: ftp sftp +Added: 4.8 +Multi: boolean +See-also: + - range + - continue-at +Example: + - --upload-file local --append ftp://example.com/ +--- + +# `--append` + +When used in an upload, this option makes curl append to the target file +instead of overwriting it. If the remote file does not exist, it is +created. Note that this flag is ignored by some SFTP servers (including +OpenSSH). diff --git a/libs/curl/docs/cmdline-opts/aws-sigv4.d b/libs/curl/docs/cmdline-opts/aws-sigv4.d deleted file mode 100644 index c13b8da7..00000000 --- a/libs/curl/docs/cmdline-opts/aws-sigv4.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: aws-sigv4 -Arg: -Help: Use AWS V4 signature authentication -Category: auth http -Added: 7.75.0 -See-also: basic user -Example: --aws-sigv4 "aws:amz:east-2:es" --user "key:secret" $URL ---- -Use AWS V4 signature authentication in the transfer. - -The provider argument is a string that is used by the algorithm when creating -outgoing authentication headers. - -The region argument is a string that points to a geographic area of -a resources collection (region-code) when the region name is omitted from -the endpoint. - -The service argument is a string that points to a function provided by a cloud -(service-code) when the service name is omitted from the endpoint. diff --git a/libs/curl/docs/cmdline-opts/aws-sigv4.md b/libs/curl/docs/cmdline-opts/aws-sigv4.md new file mode 100644 index 00000000..517cc1c5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/aws-sigv4.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: aws-sigv4 +Protocols: HTTP +Arg: +Help: AWS V4 signature auth +Category: auth http +Added: 7.75.0 +Multi: single +See-also: + - basic + - user +Example: + - --aws-sigv4 "aws:amz:us-east-2:es" --user "key:secret" $URL +--- + +# `--aws-sigv4` + +Use AWS V4 signature authentication in the transfer. + +The provider argument is a string that is used by the algorithm when creating +outgoing authentication headers. + +The region argument is a string that points to a geographic area of +a resources collection (region-code) when the region name is omitted from +the endpoint. + +The service argument is a string that points to a function provided by a cloud +(service-code) when the service name is omitted from the endpoint. diff --git a/libs/curl/docs/cmdline-opts/basic.d b/libs/curl/docs/cmdline-opts/basic.d deleted file mode 100644 index abab7d06..00000000 --- a/libs/curl/docs/cmdline-opts/basic.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: basic -Help: Use HTTP Basic Authentication -See-also: proxy-basic -Protocols: HTTP -Category: auth -Example: -u name:password --basic $URL -Added: 7.10.6 ---- -Tells curl to use HTTP Basic authentication with the remote host. This is the -default and this option is usually pointless, unless you use it to override a -previously set option that sets a different authentication method (such as ---ntlm, --digest, or --negotiate). - -Used together with --user. diff --git a/libs/curl/docs/cmdline-opts/basic.md b/libs/curl/docs/cmdline-opts/basic.md new file mode 100644 index 00000000..16acd4cb --- /dev/null +++ b/libs/curl/docs/cmdline-opts/basic.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: basic +Help: HTTP Basic Authentication +Protocols: HTTP +Category: auth +Added: 7.10.6 +Multi: mutex +See-also: + - proxy-basic +Example: + - -u name:password --basic $URL +--- + +# `--basic` + +Use HTTP Basic authentication with the remote host. This method is the default +and this option is usually pointless, unless you use it to override a +previously set option that sets a different authentication method (such as +--ntlm, --digest, or --negotiate). + +Used together with --user. diff --git a/libs/curl/docs/cmdline-opts/ca-native.md b/libs/curl/docs/cmdline-opts/ca-native.md new file mode 100644 index 00000000..a771a7a8 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ca-native.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ca-native +Help: Load CA certs from the OS +Protocols: TLS +Category: tls +Added: 8.2.0 +Multi: boolean +See-also: + - cacert + - capath + - insecure +Example: + - --ca-native $URL +--- + +# `--ca-native` + +Use the CA store from the native operating system to verify the peer. By +default, curl otherwise uses a CA store provided in a single file or +directory, but when using this option it interfaces the operating system's own +vault. + +This option works for curl on Windows when built to use OpenSSL, wolfSSL +(added in 8.3.0) or GnuTLS (added in 8.5.0). When curl on Windows is built to +use Schannel, this feature is implied and curl then only uses the native CA +store. diff --git a/libs/curl/docs/cmdline-opts/cacert.d b/libs/curl/docs/cmdline-opts/cacert.d deleted file mode 100644 index e066471c..00000000 --- a/libs/curl/docs/cmdline-opts/cacert.d +++ /dev/null @@ -1,37 +0,0 @@ -Long: cacert -Arg: -Help: CA certificate to verify peer against -Protocols: TLS -Category: tls -See-also: capath insecure -Example: --cacert CA-file.txt $URL -Added: 7.5 ---- -Tells curl to use the specified certificate file to verify the peer. The file -may contain multiple CA certificates. The certificate(s) must be in PEM -format. Normally curl is built to use a default file for this, so this option -is typically used to alter that default file. - -curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is -set, and uses the given path as a path to a CA cert bundle. This option -overrides that variable. - -The windows version of curl will automatically look for a CA certs file named -'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the -Current Working Directory, or in any folder along your PATH. - -If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module -(libnsspem.so) needs to be available for this option to work properly. - -(iOS and macOS only) If curl is built against Secure Transport, then this -option is supported for backward compatibility with other SSL engines, but it -should not be set. If the option is not set, then curl will use the -certificates in the system and user Keychain to verify the peer, which is the -preferred method of verifying the peer's certificate chain. - -(Schannel only) This option is supported for Schannel in Windows 7 or later -with libcurl 7.60 or later. This option is supported for backward -compatibility with other SSL engines; instead it is recommended to use -Windows' store of root certificates (the default for Schannel). - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/cacert.md b/libs/curl/docs/cmdline-opts/cacert.md new file mode 100644 index 00000000..3268f966 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/cacert.md @@ -0,0 +1,42 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: cacert +Arg: +Help: CA certificate to verify peer against +Protocols: TLS +Category: tls +Added: 7.5 +Multi: single +See-also: + - capath + - insecure +Example: + - --cacert CA-file.txt $URL +--- + +# `--cacert` + +Use the specified certificate file to verify the peer. The file may contain +multiple CA certificates. The certificate(s) must be in PEM format. Normally +curl is built to use a default file for this, so this option is typically used +to alter that default file. + +curl recognizes the environment variable named 'CURL_CA_BUNDLE' if it is set +and the TLS backend is not Schannel, and uses the given path as a path to a CA +cert bundle. This option overrides that variable. + +The windows version of curl automatically looks for a CA certs file named +'curl-ca-bundle.crt', either in the same directory as curl.exe, or in the +Current Working Directory, or in any folder along your PATH. + +(iOS and macOS only) If curl is built against Secure Transport, then this +option is supported for backward compatibility with other SSL engines, but it +should not be set. If the option is not set, then curl uses the certificates +in the system and user Keychain to verify the peer, which is the preferred +method of verifying the peer's certificate chain. + +(Schannel only) This option is supported for Schannel in Windows 7 or later +(added in 7.60.0). This option is supported for backward compatibility with +other SSL engines; instead it is recommended to use Windows' store of root +certificates (the default for Schannel). diff --git a/libs/curl/docs/cmdline-opts/capath.d b/libs/curl/docs/cmdline-opts/capath.d deleted file mode 100644 index 7f879a2a..00000000 --- a/libs/curl/docs/cmdline-opts/capath.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: capath -Arg: -Help: CA directory to verify peer against -Protocols: TLS -Category: tls -See-also: cacert insecure -Example: --capath /local/directory $URL -Added: 7.9.8 ---- -Tells curl to use the specified certificate directory to verify the -peer. Multiple paths can be provided by separating them with ":" (e.g. -\&"path1:path2:path3"). The certificates must be in PEM format, and if curl is -built against OpenSSL, the directory must have been processed using the -c_rehash utility supplied with OpenSSL. Using --capath can allow -OpenSSL-powered curl to make SSL-connections much more efficiently than using ---cacert if the --cacert file contains many CA certificates. - -If this option is set, the default capath value will be ignored, and if it is -used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/capath.md b/libs/curl/docs/cmdline-opts/capath.md new file mode 100644 index 00000000..58919dd4 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/capath.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: capath +Arg: +Help: CA directory to verify peer against +Protocols: TLS +Category: tls +Added: 7.9.8 +Multi: single +See-also: + - cacert + - insecure +Example: + - --capath /local/directory $URL +--- + +# `--capath` + +Use the specified certificate directory to verify the peer. Multiple paths can +be provided by separated with colon (`:`) (e.g. `path1:path2:path3`). The +certificates must be in PEM format, and if curl is built against OpenSSL, the +directory must have been processed using the c_rehash utility supplied with +OpenSSL. Using --capath can allow OpenSSL-powered curl to make SSL-connections +much more efficiently than using --cacert if the --cacert file contains many +CA certificates. + +If this option is set, the default capath value is ignored. diff --git a/libs/curl/docs/cmdline-opts/cert-status.d b/libs/curl/docs/cmdline-opts/cert-status.d deleted file mode 100644 index c3b9bdb3..00000000 --- a/libs/curl/docs/cmdline-opts/cert-status.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: cert-status -Protocols: TLS -Added: 7.41.0 -Help: Verify the status of the server cert via OCSP-staple -Category: tls -See-also: pinnedpubkey -Example: --cert-status $URL ---- -Tells curl to verify the status of the server certificate by using the -Certificate Status Request (aka. OCSP stapling) TLS extension. - -If this option is enabled and the server sends an invalid (e.g. expired) -response, if the response suggests that the server certificate has been revoked, -or no response at all is received, the verification fails. - -This is currently only implemented in the OpenSSL, GnuTLS and NSS backends. diff --git a/libs/curl/docs/cmdline-opts/cert-status.md b/libs/curl/docs/cmdline-opts/cert-status.md new file mode 100644 index 00000000..8b6e57b9 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/cert-status.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: cert-status +Protocols: TLS +Added: 7.41.0 +Help: Verify server cert status OCSP-staple +Category: tls +Multi: boolean +See-also: + - pinnedpubkey +Example: + - --cert-status $URL +--- + +# `--cert-status` + +Verify the status of the server certificate by using the Certificate Status +Request (aka. OCSP stapling) TLS extension. + +If this option is enabled and the server sends an invalid (e.g. expired) +response, if the response suggests that the server certificate has been +revoked, or no response at all is received, the verification fails. + +This support is currently only implemented in the OpenSSL and GnuTLS backends. diff --git a/libs/curl/docs/cmdline-opts/cert-type.d b/libs/curl/docs/cmdline-opts/cert-type.d deleted file mode 100644 index a31f40ef..00000000 --- a/libs/curl/docs/cmdline-opts/cert-type.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: cert-type -Protocols: TLS -Arg: -Help: Certificate type (DER/PEM/ENG) -See-also: cert key key-type -Category: tls -Example: --cert-type PEM --cert file $URL -Added: 7.9.3 ---- -Tells curl what type the provided client certificate is using. PEM, DER, ENG -and P12 are recognized types. If not specified, PEM is assumed. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/cert-type.md b/libs/curl/docs/cmdline-opts/cert-type.md new file mode 100644 index 00000000..d78ab8fa --- /dev/null +++ b/libs/curl/docs/cmdline-opts/cert-type.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: cert-type +Protocols: TLS +Arg: +Help: Certificate type (DER/PEM/ENG/P12) +Category: tls +Added: 7.9.3 +Multi: single +See-also: + - cert + - key + - key-type +Example: + - --cert-type PEM --cert file $URL +--- + +# `--cert-type` + +Set type of the provided client certificate. PEM, DER, ENG and P12 are +recognized types. + +The default type depends on the TLS backend and is usually PEM, however for +Secure Transport and Schannel it is P12. If --cert is a pkcs11: URI then ENG is +the default type. diff --git a/libs/curl/docs/cmdline-opts/cert.d b/libs/curl/docs/cmdline-opts/cert.d deleted file mode 100644 index 0e8776e2..00000000 --- a/libs/curl/docs/cmdline-opts/cert.d +++ /dev/null @@ -1,53 +0,0 @@ -Short: E -Long: cert -Arg: -Help: Client certificate file and password -Protocols: TLS -See-also: cert-type key key-type -Category: tls -Example: --cert certfile --key keyfile $URL -Added: 5.0 ---- -Tells curl to use the specified client certificate file when getting a file -with HTTPS, FTPS or another SSL-based protocol. The certificate must be in -PKCS#12 format if using Secure Transport, or PEM format if using any other -engine. If the optional password is not specified, it will be queried for on -the terminal. Note that this option assumes a \&"certificate" file that is the -private key and the client certificate concatenated! See --cert and --key to -specify them independently. - -If curl is built against the NSS SSL library then this option can tell -curl the nickname of the certificate to use within the NSS database defined -by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the -NSS PEM PKCS#11 module (libnsspem.so) is available then PEM files may be -loaded. If you want to use a file from the current directory, please precede -it with "./" prefix, in order to avoid confusion with a nickname. If the -nickname contains ":", it needs to be preceded by "\\" so that it is not -recognized as password delimiter. If the nickname contains "\\", it needs to -be escaped as "\\\\" so that it is not recognized as an escape character. - -If curl is built against OpenSSL library, and the engine pkcs11 is available, -then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in -a PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a -PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set -as "pkcs11" if none was provided and the --cert-type option will be set as -"ENG" if none was provided. - -(iOS and macOS only) If curl is built against Secure Transport, then the -certificate string can either be the name of a certificate/private key in the -system or user keychain, or the path to a PKCS#12-encoded certificate and -private key. If you want to use a file from the current directory, please -precede it with "./" prefix, in order to avoid confusion with a nickname. - -(Schannel only) Client certificates must be specified by a path -expression to a certificate store. (Loading PFX is not supported; you can -import it to a store first). You can use -"\\\\" to refer to a certificate -in the system certificates store, for example, -"CurrentUser\\MY\\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a". Thumbprint is -usually a SHA-1 hex string which you can see in certificate details. Following -store locations are supported: CurrentUser, LocalMachine, CurrentService, -Services, CurrentUserGroupPolicy, LocalMachineGroupPolicy, -LocalMachineEnterprise. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/cert.md b/libs/curl/docs/cmdline-opts/cert.md new file mode 100644 index 00000000..715fcb83 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/cert.md @@ -0,0 +1,56 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: E +Long: cert +Arg: +Help: Client certificate file and password +Protocols: TLS +Category: tls +Added: 5.0 +Multi: single +See-also: + - cert-type + - key + - key-type +Example: + - --cert certfile --key keyfile $URL +--- + +# `--cert` + +Use the specified client certificate file when getting a file with HTTPS, FTPS +or another SSL-based protocol. The certificate must be in PKCS#12 format if +using Secure Transport, or PEM format if using any other engine. If the +optional password is not specified, it is queried for on the terminal. Note +that this option assumes a certificate file that is the private key and the +client certificate concatenated. See --cert and --key to specify them +independently. + +In the \ portion of the argument, you must escape the character +`:` as `\:` so that it is not recognized as the password delimiter. Similarly, +you must escape the double quote character as \" so that it is not recognized +as an escape character. + +If curl is built against OpenSSL library, and the engine pkcs11 is available, +then a PKCS#11 URI (RFC 7512) can be used to specify a certificate located in +a PKCS#11 device. A string beginning with `pkcs11:` is interpreted as a +PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option is set as +`pkcs11` if none was provided and the --cert-type option is set as `ENG` if +none was provided. + +(iOS and macOS only) If curl is built against Secure Transport, then the +certificate string can either be the name of a certificate/private key in the +system or user keychain, or the path to a PKCS#12-encoded certificate and +private key. If you want to use a file from the current directory, please +precede it with `./` prefix, in order to avoid confusion with a nickname. + +(Schannel only) Client certificates must be specified by a path expression to +a certificate store. (Loading *PFX* is not supported; you can import it to a +store first). You can use "\\\\\" +to refer to a certificate in the system certificates store, for example, +*"CurrentUser\MY\934a7ac6f8a5d579285a74fa61e19f23ddfe8d7a"*. Thumbprint is +usually a SHA-1 hex string which you can see in certificate details. Following +store locations are supported: *CurrentUser*, *LocalMachine*, +*CurrentService*, *Services*, *CurrentUserGroupPolicy*, +*LocalMachineGroupPolicy* and *LocalMachineEnterprise*. diff --git a/libs/curl/docs/cmdline-opts/ciphers.d b/libs/curl/docs/cmdline-opts/ciphers.d deleted file mode 100644 index 24d3d586..00000000 --- a/libs/curl/docs/cmdline-opts/ciphers.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: ciphers -Arg: -Help: SSL ciphers to use -Protocols: TLS -Category: tls -See-also: tlsv1.3 -Example: --ciphers ECDHE-ECDSA-AES256-CCM8 $URL -Added: 7.9 ---- -Specifies which ciphers to use in the connection. The list of ciphers must -specify valid ciphers. Read up on SSL cipher list details on this URL: - - https://curl.se/docs/ssl-ciphers.html - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/ciphers.md b/libs/curl/docs/cmdline-opts/ciphers.md new file mode 100644 index 00000000..9d7e0c6f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ciphers.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ciphers +Arg: +Help: SSL ciphers to use +Protocols: TLS +Category: tls +Added: 7.9 +Multi: single +See-also: + - tlsv1.3 + - tls13-ciphers + - proxy-ciphers +Example: + - --ciphers ECDHE-ECDSA-AES256-CCM8 $URL +--- + +# `--ciphers` + +Specifies which ciphers to use in the connection. The list of ciphers must +specify valid ciphers. Read up on SSL cipher list details on this URL: + +https://curl.se/docs/ssl-ciphers.html diff --git a/libs/curl/docs/cmdline-opts/compressed-ssh.d b/libs/curl/docs/cmdline-opts/compressed-ssh.d deleted file mode 100644 index 0d198578..00000000 --- a/libs/curl/docs/cmdline-opts/compressed-ssh.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: compressed-ssh -Help: Enable SSH compression -Protocols: SCP SFTP -Added: 7.56.0 -Category: scp ssh -See-also: compressed -Example: --compressed-ssh sftp://example.com/ ---- -Enables built-in SSH compression. -This is a request, not an order; the server may or may not do it. diff --git a/libs/curl/docs/cmdline-opts/compressed-ssh.md b/libs/curl/docs/cmdline-opts/compressed-ssh.md new file mode 100644 index 00000000..b404f62d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/compressed-ssh.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: compressed-ssh +Help: Enable SSH compression +Protocols: SCP SFTP +Added: 7.56.0 +Category: scp ssh +Multi: boolean +See-also: + - compressed +Example: + - --compressed-ssh sftp://example.com/ +--- + +# `--compressed-ssh` + +Enables built-in SSH compression. This is a request, not an order; the server +may or may not do it. diff --git a/libs/curl/docs/cmdline-opts/compressed.d b/libs/curl/docs/cmdline-opts/compressed.d deleted file mode 100644 index 8e8db97c..00000000 --- a/libs/curl/docs/cmdline-opts/compressed.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: compressed -Help: Request compressed response -Protocols: HTTP -Category: http -Example: --compressed $URL -See-also: compressed-ssh -Added: 7.10 ---- -Request a compressed response using one of the algorithms curl supports, and -automatically decompress the content. Headers are not modified. - -If this option is used and the server sends an unsupported encoding, curl will -report an error. This is a request, not an order; the server may or may not -deliver data compressed. diff --git a/libs/curl/docs/cmdline-opts/compressed.md b/libs/curl/docs/cmdline-opts/compressed.md new file mode 100644 index 00000000..35bbab81 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/compressed.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: compressed +Help: Request compressed response +Protocols: HTTP +Category: http +Added: 7.10 +Multi: boolean +See-also: + - compressed-ssh +Example: + - --compressed $URL +--- + +# `--compressed` + +Request a compressed response using one of the algorithms curl supports, and +automatically decompress the content. + +Response headers are not modified when saved, so if they are "interpreted" +separately again at a later point they might appear to be saying that the +content is (still) compressed; while in fact it has already been decompressed. + +If this option is used and the server sends an unsupported encoding, curl +reports an error. This is a request, not an order; the server may or may not +deliver data compressed. diff --git a/libs/curl/docs/cmdline-opts/config.d b/libs/curl/docs/cmdline-opts/config.d deleted file mode 100644 index b24a87e1..00000000 --- a/libs/curl/docs/cmdline-opts/config.d +++ /dev/null @@ -1,72 +0,0 @@ -Long: config -Arg: -Help: Read config from a file -Short: K -Category: curl -Example: --config file.txt $URL -Added: 4.10 -See-also: disable ---- -Specify a text file to read curl arguments from. The command line arguments -found in the text file will be used as if they were provided on the command -line. - -Options and their parameters must be specified on the same line in the file, -separated by whitespace, colon, or the equals sign. Long option names can -optionally be given in the config file without the initial double dashes and -if so, the colon or equals characters can be used as separators. If the option -is specified with one or two dashes, there can be no colon or equals character -between the option and its parameter. - -If the parameter contains whitespace (or starts with : or =), the parameter -must be enclosed within quotes. Within double quotes, the following escape -sequences are available: \\\\, \\", \\t, \\n, \\r and \\v. A backslash -preceding any other letter is ignored. - -If the first column of a config line is a '#' character, the rest of the line -will be treated as a comment. - -Only write one option per physical line in the config file. - -Specify the filename to --config as '-' to make curl read the file from stdin. - -Note that to be able to specify a URL in the config file, you need to specify -it using the --url option, and not by simply writing the URL on its own -line. So, it could look similar to this: - -url = "https://curl.se/docs/" - - # --- Example file --- - # this is a comment - url = "example.com" - output = "curlhere.html" - user-agent = "superagent/1.0" - - # and fetch another URL too - url = "example.com/docs/manpage.html" - -O - referer = "http://nowhereatall.example.com/" - # --- End of example file --- - -When curl is invoked, it (unless --disable is used) checks for a default -config file and uses it if found, even when --config is used. The default -config file is checked for in the following places in this order: - -1) "$CURL_HOME/.curlrc" - -2) "$XDG_CONFIG_HOME/.curlrc" (Added in 7.73.0) - -3) "$HOME/.curlrc" - -4) Windows: "%USERPROFILE%\\.curlrc" - -5) Windows: "%APPDATA%\\.curlrc" - -6) Windows: "%USERPROFILE%\\Application Data\\.curlrc" - -7) Non-windows: use getpwuid to find the home directory - -8) On windows, if it finds no .curlrc file in the sequence described above, it -checks for one in the same dir the curl executable is placed. - -This option can be used multiple times to load multiple config files. diff --git a/libs/curl/docs/cmdline-opts/config.md b/libs/curl/docs/cmdline-opts/config.md new file mode 100644 index 00000000..1281a3d9 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/config.md @@ -0,0 +1,84 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: config +Arg: +Help: Read config from a file +Short: K +Category: curl +Added: 4.10 +Multi: append +See-also: + - disable +Example: + - --config file.txt $URL +--- + +# `--config` + +Specify a text file to read curl arguments from. The command line arguments +found in the text file are used as if they were provided on the command +line. + +Options and their parameters must be specified on the same line in the file, +separated by whitespace, colon, or the equals sign. Long option names can +optionally be given in the config file without the initial double dashes and +if so, the colon or equals characters can be used as separators. If the option +is specified with one or two dashes, there can be no colon or equals character +between the option and its parameter. + +If the parameter contains whitespace or starts with a colon (:) or equals sign +(=), it must be specified enclosed within double quotes ("like this"). Within +double quotes the following escape sequences are available: \\, \", \t, \n, \r +and \v. A backslash preceding any other letter is ignored. + +If the first non-blank column of a config line is a '#' character, that line +is treated as a comment. + +Only write one option per physical line in the config file. A single line is +required to be no more than 10 megabytes (since 8.2.0). + +Specify the filename to --config as minus "-" to make curl read the file from +stdin. + +Note that to be able to specify a URL in the config file, you need to specify +it using the --url option, and not by simply writing the URL on its own +line. So, it could look similar to this: + + url = "https://curl.se/docs/" + + # --- Example file --- + # this is a comment + url = "example.com" + output = "curlhere.html" + user-agent = "superagent/1.0" + + # and fetch another URL too + url = "example.com/docs/manpage.html" + -O + referer = "http://nowhereatall.example.com/" + # --- End of example file --- + +When curl is invoked, it (unless --disable is used) checks for a default +config file and uses it if found, even when --config is used. The default +config file is checked for in the following places in this order: + +1) **"$CURL_HOME/.curlrc"** + +2) **"$XDG_CONFIG_HOME/curlrc"** (Added in 7.73.0) + +3) **"$HOME/.curlrc"** + +4) Windows: **"%USERPROFILE%\.curlrc"** + +5) Windows: **"%APPDATA%\.curlrc"** + +6) Windows: **"%USERPROFILE%\Application Data\.curlrc"** + +7) Non-Windows: use getpwuid to find the home directory + +8) On Windows, if it finds no *.curlrc* file in the sequence described above, it +checks for one in the same directory the curl executable is placed. + +On Windows two filenames are checked per location: *.curlrc* and *_curlrc*, +preferring the former. Older versions on Windows checked for *_curlrc* only. diff --git a/libs/curl/docs/cmdline-opts/connect-timeout.d b/libs/curl/docs/cmdline-opts/connect-timeout.d deleted file mode 100644 index 89152baa..00000000 --- a/libs/curl/docs/cmdline-opts/connect-timeout.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: connect-timeout -Arg: -Help: Maximum time allowed for connection -See-also: max-time -Category: connection -Example: --connect-timeout 20 $URL -Example: --connect-timeout 3.14 $URL -Added: 7.7 ---- -Maximum time in seconds that you allow curl's connection to take. This only -limits the connection phase, so if curl connects within the given period it -will continue - if not it will exit. Since version 7.32.0, this option -accepts decimal values. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/connect-timeout.md b/libs/curl/docs/cmdline-opts/connect-timeout.md new file mode 100644 index 00000000..dc5f9270 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/connect-timeout.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: connect-timeout +Arg: +Help: Maximum time allowed to connect +Category: connection timeout +Added: 7.7 +Multi: single +See-also: + - max-time +Example: + - --connect-timeout 20 $URL + - --connect-timeout 3.14 $URL +--- + +# `--connect-timeout` + +Maximum time in seconds that you allow curl's connection to take. This only +limits the connection phase, so if curl connects within the given period it +continues - if not it exits. + +This option accepts decimal values (added in 7.32.0). The decimal value needs +to be provided using a dot (.) as decimal separator - not the local version +even if it might be using another separator. + +The connection phase is considered complete when the DNS lookup and requested +TCP, TLS or QUIC handshakes are done. diff --git a/libs/curl/docs/cmdline-opts/connect-to.d b/libs/curl/docs/cmdline-opts/connect-to.d deleted file mode 100644 index ebea9b9d..00000000 --- a/libs/curl/docs/cmdline-opts/connect-to.d +++ /dev/null @@ -1,23 +0,0 @@ -Long: connect-to -Arg: -Help: Connect to host -Added: 7.49.0 -See-also: resolve header -Category: connection -Example: --connect-to example.com:443:example.net:8443 $URL ---- - -For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. -This option is suitable to direct requests at a specific server, e.g. at a -specific cluster node in a cluster of servers. This option is only used to -establish the network connection. It does NOT affect the hostname/port that is -used for TLS/SSL (e.g. SNI, certificate verification) or for the application -protocols. "HOST1" and "PORT1" may be the empty string, meaning "any -host/port". "HOST2" and "PORT2" may also be the empty string, meaning "use the -request's original host/port". - -A "host" specified to this option is compared as a string, so it needs to -match the name used in request URL. It can be either numerical such as -"127.0.0.1" or the full host name such as "example.org". - -This option can be used many times to add many connect rules. diff --git a/libs/curl/docs/cmdline-opts/connect-to.md b/libs/curl/docs/cmdline-opts/connect-to.md new file mode 100644 index 00000000..57825616 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/connect-to.md @@ -0,0 +1,40 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: connect-to +Arg: +Help: Connect to host2 instead of host1 +Added: 7.49.0 +Category: connection dns +Multi: append +See-also: + - resolve + - header +Example: + - --connect-to example.com:443:example.net:8443 $URL +--- + +# `--connect-to` + +For a request intended for the `HOST1:PORT1` pair, connect to `HOST2:PORT2` +instead. This option is only used to establish the network connection. It does +NOT affect the hostname/port number that is used for TLS/SSL (e.g. SNI, +certificate verification) or for the application protocols. + +`HOST1` and `PORT1` may be empty strings, meaning any host or any port number. +`HOST2` and `PORT2` may also be empty strings, meaning use the request's +original hostname and port number. + +A hostname specified to this option is compared as a string, so it needs to +match the name used in request URL. It can be either numerical such as +`127.0.0.1` or the full host name such as `example.org`. + +Example: redirect connects from the example.com hostname to 127.0.0.1 +independently of port number: + + curl --connect-to example.com::127.0.0.1: https://example.com/ + +Example: redirect connects from all hostnames to 127.0.0.1 independently of +port number: + + curl --connect-to ::127.0.0.1: http://example.com/ diff --git a/libs/curl/docs/cmdline-opts/continue-at.d b/libs/curl/docs/cmdline-opts/continue-at.d deleted file mode 100644 index b66116c8..00000000 --- a/libs/curl/docs/cmdline-opts/continue-at.d +++ /dev/null @@ -1,19 +0,0 @@ -Short: C -Long: continue-at -Arg: -Help: Resumed transfer offset -See-also: range -Category: connection -Example: -C - $URL -Example: -C 400 $URL -Added: 4.8 ---- -Continue/Resume a previous file transfer at the given offset. The given offset -is the exact number of bytes that will be skipped, counting from the beginning -of the source file before it is transferred to the destination. If used with -uploads, the FTP server command SIZE will not be used by curl. - -Use "-C -" to tell curl to automatically find out where/how to resume the -transfer. It then uses the given output/input files to figure that out. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/continue-at.md b/libs/curl/docs/cmdline-opts/continue-at.md new file mode 100644 index 00000000..978cafc0 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/continue-at.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: C +Long: continue-at +Arg: +Help: Resumed transfer offset +Category: connection +Added: 4.8 +Multi: single +See-also: + - range +Example: + - -C - $URL + - -C 400 $URL +--- + +# `--continue-at` + +Resume a previous transfer from the given byte offset. The given offset is the +exact number of bytes that are skipped, counting from the beginning of the +source file before it is transferred to the destination. If used with uploads, +the FTP server command SIZE is not used by curl. + +Use "-C -" to instruct curl to automatically find out where/how to resume the +transfer. It then uses the given output/input files to figure that out. diff --git a/libs/curl/docs/cmdline-opts/cookie-jar.d b/libs/curl/docs/cmdline-opts/cookie-jar.d deleted file mode 100644 index 0a02c05b..00000000 --- a/libs/curl/docs/cmdline-opts/cookie-jar.d +++ /dev/null @@ -1,29 +0,0 @@ -Short: c -Long: cookie-jar -Arg: -Protocols: HTTP -Help: Write cookies to after operation -Category: http -Example: -c store-here.txt $URL -Example: -c store-here.txt -b read-these $URL -Added: 7.9 -See-also: cookie ---- -Specify to which file you want curl to write all cookies after a completed -operation. Curl writes all cookies from its in-memory cookie storage to the -given file at the end of operations. If no cookies are known, no data will be -written. The file will be written using the Netscape cookie file format. If -you set the file name to a single dash, "-", the cookies will be written to -stdout. - -This command line option will activate the cookie engine that makes curl -record and use cookies. Another way to activate it is to use the --cookie -option. - -If the cookie jar cannot be created or written to, the whole curl operation -will not fail or even report an error clearly. Using --verbose will get a -warning displayed, but that is the only visible feedback you get about this -possibly lethal situation. - -If this option is used several times, the last specified file name will be -used. diff --git a/libs/curl/docs/cmdline-opts/cookie-jar.md b/libs/curl/docs/cmdline-opts/cookie-jar.md new file mode 100644 index 00000000..49a9440b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/cookie-jar.md @@ -0,0 +1,39 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: c +Long: cookie-jar +Arg: +Protocols: HTTP +Help: Save cookies to after operation +Category: http +Added: 7.9 +Multi: single +See-also: + - cookie + - junk-session-cookies +Example: + - -c store-here.txt $URL + - -c store-here.txt -b read-these $URL +--- + +# `--cookie-jar` + +Specify to which file you want curl to write all cookies after a completed +operation. Curl writes all cookies from its in-memory cookie storage to the +given file at the end of operations. Even if no cookies are known, a file is +created so that it removes any formerly existing cookies from the file. The +file uses the Netscape cookie file format. If you set the filename to a single +minus, "-", the cookies are written to stdout. + +The file specified with --cookie-jar is only used for output. No cookies are +read from the file. To read cookies, use the --cookie option. Both options +can specify the same file. + +This command line option activates the cookie engine that makes curl record +and use cookies. The --cookie option also activates it. + +If the cookie jar cannot be created or written to, the whole curl operation +does not fail or even report an error clearly. Using --verbose gets a warning +displayed, but that is the only visible feedback you get about this possibly +lethal situation. diff --git a/libs/curl/docs/cmdline-opts/cookie.d b/libs/curl/docs/cmdline-opts/cookie.d deleted file mode 100644 index ab4b2793..00000000 --- a/libs/curl/docs/cmdline-opts/cookie.d +++ /dev/null @@ -1,38 +0,0 @@ -Short: b -Long: cookie -Arg: -Protocols: HTTP -Help: Send cookies from string/file -Category: http -Example: -b cookiefile $URL -Example: -b cookiefile -c cookiefile $URL -See-also: cookie-jar junk-session-cookies -Added: 4.9 ---- -Pass the data to the HTTP server in the Cookie header. It is supposedly -the data previously received from the server in a "Set-Cookie:" line. The -data should be in the format "NAME1=VALUE1; NAME2=VALUE2". - -If no '=' symbol is used in the argument, it is instead treated as a filename -to read previously stored cookie from. This option also activates the cookie -engine which will make curl record incoming cookies, which may be handy if -you are using this in combination with the --location option or do multiple URL -transfers on the same invoke. If the file name is exactly a minus ("-"), curl -will instead read the contents from stdin. - -The file format of the file to read cookies from should be plain HTTP headers -(Set-Cookie style) or the Netscape/Mozilla cookie file format. - -The file specified with --cookie is only used as input. No cookies will be -written to the file. To store cookies, use the --cookie-jar option. - -If you use the Set-Cookie file format and do not specify a domain then the -cookie is not sent since the domain will never match. To address this, set a -domain in Set-Cookie line (doing that will include sub-domains) or preferably: -use the Netscape format. - -This option can be used multiple times. - -Users often want to both read cookies from a file and write updated cookies -back to a file, so using both --cookie and --cookie-jar in the same command -line is common. diff --git a/libs/curl/docs/cmdline-opts/cookie.md b/libs/curl/docs/cmdline-opts/cookie.md new file mode 100644 index 00000000..cbc8b845 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/cookie.md @@ -0,0 +1,61 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: b +Long: cookie +Arg: +Protocols: HTTP +Help: Send cookies from string/load from file +Category: http +Added: 4.9 +Multi: append +See-also: + - cookie-jar + - junk-session-cookies +Example: + - -b "" $URL + - -b cookiefile $URL + - -b cookiefile -c cookiefile $URL + - -b name=Jane $URL +--- + +# `--cookie` + +Pass the data to the HTTP server in the Cookie header. It is supposedly the +data previously received from the server in a `Set-Cookie:` line. The data +should be in the format `NAME1=VALUE1; NAME2=VALUE2` or as a single filename. + +When given a set of specific cookies and not a filename, it makes curl use the +cookie header with this content explicitly in all outgoing request(s). If +multiple requests are done due to authentication, followed redirects or +similar, they all get this cookie header passed on. + +If no `=` symbol is used in the argument, it is instead treated as a filename +to read previously stored cookie from. This option also activates the cookie +engine which makes curl record incoming cookies, which may be handy if you are +using this in combination with the --location option or do multiple URL +transfers on the same invoke. + +If the filename is a single minus ("-"), curl reads the contents from stdin. +If the filename is an empty string ("") and is the only cookie input, curl +activates the cookie engine without any cookies. + +The file format of the file to read cookies from should be plain HTTP headers +(Set-Cookie style) or the Netscape/Mozilla cookie file format. + +The file specified with --cookie is only used as input. No cookies are written +to that file. To store cookies, use the --cookie-jar option. + +If you use the Set-Cookie file format and do not specify a domain then the +cookie is not sent since the domain never matches. To address this, set a +domain in Set-Cookie line (doing that includes subdomains) or preferably: use +the Netscape format. + +Users often want to both read cookies from a file and write updated cookies +back to a file, so using both --cookie and --cookie-jar in the same command +line is common. + +If curl is built with PSL (**Public Suffix List**) support, it detects and +discards cookies that are specified for such suffix domains that should not be +allowed to have cookies. If curl is *not* built with PSL support, it has no +ability to stop super cookies. diff --git a/libs/curl/docs/cmdline-opts/create-dirs.d b/libs/curl/docs/cmdline-opts/create-dirs.d deleted file mode 100644 index 5d206590..00000000 --- a/libs/curl/docs/cmdline-opts/create-dirs.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: create-dirs -Help: Create necessary local directory hierarchy -Category: curl -Example: --create-dirs --output local/dir/file $URL -Added: 7.10.3 -See-also: ftp-create-dirs output-dir ---- -When used in conjunction with the --output option, curl will create the -necessary local directory hierarchy as needed. This option creates the -directories mentioned with the --output option, nothing else. If the --output -file name uses no directory, or if the directories it mentions already exist, -no directories will be created. - -Created dirs are made with mode 0750 on unix style file systems. - -To create remote directories when using FTP or SFTP, try --ftp-create-dirs. diff --git a/libs/curl/docs/cmdline-opts/create-dirs.md b/libs/curl/docs/cmdline-opts/create-dirs.md new file mode 100644 index 00000000..c509efb0 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/create-dirs.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: create-dirs +Help: Create necessary local directory hierarchy +Category: output +Added: 7.10.3 +Multi: boolean +See-also: + - ftp-create-dirs + - output-dir +Example: + - --create-dirs --output local/dir/file $URL +--- + +# `--create-dirs` + +When used in conjunction with the --output option, curl creates the necessary +local directory hierarchy as needed. This option creates the directories +mentioned with the --output option combined with the path possibly set with +--output-dir. If the combined output filename uses no directory, or if the +directories it mentions already exist, no directories are created. + +Created directories are made with mode 0750 on unix style file systems. + +To create remote directories when using FTP or SFTP, try --ftp-create-dirs. diff --git a/libs/curl/docs/cmdline-opts/create-file-mode.d b/libs/curl/docs/cmdline-opts/create-file-mode.d deleted file mode 100644 index 429b5ee3..00000000 --- a/libs/curl/docs/cmdline-opts/create-file-mode.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: create-file-mode -Arg: -Help: File mode for created files -Protocols: SFTP SCP FILE -Category: sftp scp file upload -See-also: ftp-create-dirs -Added: 7.75.0 -Example: --create-file-mode 0777 -T localfile sftp://example.com/new ---- -When curl is used to create files remotely using one of the supported -protocols, this option allows the user to set which 'mode' to set on the file -at creation time, instead of the default 0644. - -This option takes an octal number as argument. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/create-file-mode.md b/libs/curl/docs/cmdline-opts/create-file-mode.md new file mode 100644 index 00000000..c6467d15 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/create-file-mode.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: create-file-mode +Arg: +Help: File mode for created files +Protocols: SFTP SCP FILE +Category: sftp scp file upload +Added: 7.75.0 +Multi: single +See-also: + - ftp-create-dirs +Example: + - --create-file-mode 0777 -T localfile sftp://example.com/new +--- + +# `--create-file-mode` + +When curl is used to create files remotely using one of the supported +protocols, this option allows the user to set which 'mode' to set on the file +at creation time, instead of the default 0644. + +This option takes an octal number as argument. diff --git a/libs/curl/docs/cmdline-opts/crlf.d b/libs/curl/docs/cmdline-opts/crlf.d deleted file mode 100644 index 3772fcf2..00000000 --- a/libs/curl/docs/cmdline-opts/crlf.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: crlf -Help: Convert LF to CRLF in upload -Protocols: FTP SMTP -Category: ftp smtp -Example: --crlf -T file ftp://example.com/ -Added: 5.7 -See-also: use-ascii ---- -Convert LF to CRLF in upload. Useful for MVS (OS/390). - -(SMTP added in 7.40.0) diff --git a/libs/curl/docs/cmdline-opts/crlf.md b/libs/curl/docs/cmdline-opts/crlf.md new file mode 100644 index 00000000..c3688411 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/crlf.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: crlf +Help: Convert LF to CRLF in upload +Protocols: FTP SMTP +Category: ftp smtp +Added: 5.7 +Multi: boolean +See-also: + - use-ascii +Example: + - --crlf -T file ftp://example.com/ +--- + +# `--crlf` + +Convert line feeds to carriage return plus line feeds in upload. Useful for +**MVS (OS/390)**. diff --git a/libs/curl/docs/cmdline-opts/crlfile.d b/libs/curl/docs/cmdline-opts/crlfile.d deleted file mode 100644 index 1fdc1257..00000000 --- a/libs/curl/docs/cmdline-opts/crlfile.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: crlfile -Arg: -Protocols: TLS -Help: Use this CRL list -Added: 7.19.7 -Category: tls -Example: --crlfile rejects.txt $URL -See-also: cacert capath ---- -Provide a file using PEM format with a Certificate Revocation List that may -specify peer certificates that are to be considered revoked. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/crlfile.md b/libs/curl/docs/cmdline-opts/crlfile.md new file mode 100644 index 00000000..a762af09 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/crlfile.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: crlfile +Arg: +Protocols: TLS +Help: Certificate Revocation list +Added: 7.19.7 +Category: tls +Multi: single +See-also: + - cacert + - capath +Example: + - --crlfile rejects.txt $URL +--- + +# `--crlfile` + +Provide a file using PEM format with a Certificate Revocation List that may +specify peer certificates that are to be considered revoked. diff --git a/libs/curl/docs/cmdline-opts/curves.d b/libs/curl/docs/cmdline-opts/curves.d deleted file mode 100644 index b4cb43f0..00000000 --- a/libs/curl/docs/cmdline-opts/curves.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: curves -Arg: -Help: (EC) TLS key exchange algorithm(s) to request -Protocols: TLS -Added: 7.73.0 -Category: tls -Example: --curves X25519 $URL -See-also: ciphers ---- -Tells curl to request specific curves to use during SSL session establishment -according to RFC 8422, 5.1. Multiple algorithms can be provided by separating -them with ":" (e.g. "X25519:P-521"). The parameter is available identically -in the "openssl s_client/s_server" utilities. - ---curves allows a OpenSSL powered curl to make SSL-connections with exactly -the (EC) curve requested by the client, avoiding nontransparent client/server -negotiations. - -If this option is set, the default curves list built into openssl will be -ignored. diff --git a/libs/curl/docs/cmdline-opts/curves.md b/libs/curl/docs/cmdline-opts/curves.md new file mode 100644 index 00000000..9473aeaa --- /dev/null +++ b/libs/curl/docs/cmdline-opts/curves.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: curves +Arg: +Help: (EC) TLS key exchange algorithms to request +Protocols: TLS +Added: 7.73.0 +Category: tls +Multi: single +See-also: + - ciphers +Example: + - --curves X25519 $URL +--- + +# `--curves` + +Set specific curves to use during SSL session establishment according to RFC +8422, 5.1. Multiple algorithms can be provided by separating them with `:` +(e.g. `X25519:P-521`). The parameter is available identically in the OpenSSL +`s_client` and `s_server` utilities. + +--curves allows a OpenSSL powered curl to make SSL-connections with exactly +the (EC) curve requested by the client, avoiding nontransparent client/server +negotiations. + +If this option is set, the default curves list built into OpenSSL are ignored. diff --git a/libs/curl/docs/cmdline-opts/data-ascii.d b/libs/curl/docs/cmdline-opts/data-ascii.d deleted file mode 100644 index 52366dc4..00000000 --- a/libs/curl/docs/cmdline-opts/data-ascii.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: data-ascii -Arg: -Help: HTTP POST ASCII data -Protocols: HTTP -Category: http post upload -Example: --data-ascii @file $URL -Added: 7.2 -See-also: data-binary data-raw data-urlencode ---- -This is just an alias for --data. diff --git a/libs/curl/docs/cmdline-opts/data-ascii.md b/libs/curl/docs/cmdline-opts/data-ascii.md new file mode 100644 index 00000000..5763d81f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/data-ascii.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data-ascii +Arg: +Help: HTTP POST ASCII data +Protocols: HTTP +Category: http post upload +Added: 7.2 +Multi: append +See-also: + - data-binary + - data-raw + - data-urlencode +Example: + - --data-ascii @file $URL +--- + +# `--data-ascii` + +This option is just an alias for --data. diff --git a/libs/curl/docs/cmdline-opts/data-binary.d b/libs/curl/docs/cmdline-opts/data-binary.d deleted file mode 100644 index 32152ee6..00000000 --- a/libs/curl/docs/cmdline-opts/data-binary.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: data-binary -Arg: -Help: HTTP POST binary data -Protocols: HTTP -Category: http post upload -Example: --data-binary @filename $URL -Added: 7.2 -See-also: data-ascii ---- -This posts data exactly as specified with no extra processing whatsoever. - -If you start the data with the letter @, the rest should be a filename. Data -is posted in a similar manner as --data does, except that newlines and -carriage returns are preserved and conversions are never done. - -Like --data the default content-type sent to the server is -application/x-www-form-urlencoded. If you want the data to be treated as -arbitrary binary data by the server then set the content-type to octet-stream: --H "Content-Type: application/octet-stream". - -If this option is used several times, the ones following the first will append -data as described in --data. diff --git a/libs/curl/docs/cmdline-opts/data-binary.md b/libs/curl/docs/cmdline-opts/data-binary.md new file mode 100644 index 00000000..1ce53b32 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/data-binary.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data-binary +Arg: +Help: HTTP POST binary data +Protocols: HTTP +Category: http post upload +Added: 7.2 +Multi: append +See-also: + - data-ascii +Example: + - --data-binary @filename $URL +--- + +# `--data-binary` + +Post data exactly as specified with no extra processing whatsoever. + +If you start the data with the letter @, the rest should be a filename. Data +is posted in a similar manner as --data does, except that newlines and +carriage returns are preserved and conversions are never done. + +Like --data the default content-type sent to the server is +application/x-www-form-urlencoded. If you want the data to be treated as +arbitrary binary data by the server then set the content-type to octet-stream: +-H "Content-Type: application/octet-stream". + +If this option is used several times, the ones following the first append +data as described in --data. diff --git a/libs/curl/docs/cmdline-opts/data-raw.d b/libs/curl/docs/cmdline-opts/data-raw.d deleted file mode 100644 index b8cd0f72..00000000 --- a/libs/curl/docs/cmdline-opts/data-raw.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: data-raw -Arg: -Protocols: HTTP -Help: HTTP POST data, '@' allowed -Added: 7.43.0 -See-also: data -Category: http post upload -Example: --data-raw "hello" $URL -Example: --data-raw "@at@at@" $URL ---- -This posts data similarly to --data but without the special -interpretation of the @ character. diff --git a/libs/curl/docs/cmdline-opts/data-raw.md b/libs/curl/docs/cmdline-opts/data-raw.md new file mode 100644 index 00000000..1033678b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/data-raw.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data-raw +Arg: +Protocols: HTTP +Help: HTTP POST data, '@' allowed +Added: 7.43.0 +Category: http post upload +Multi: append +See-also: + - data +Example: + - --data-raw "hello" $URL + - --data-raw "@at@at@" $URL +--- + +# `--data-raw` + +Post data similarly to --data but without the special interpretation of the @ +character. diff --git a/libs/curl/docs/cmdline-opts/data-urlencode.d b/libs/curl/docs/cmdline-opts/data-urlencode.d deleted file mode 100644 index c9cecec5..00000000 --- a/libs/curl/docs/cmdline-opts/data-urlencode.d +++ /dev/null @@ -1,38 +0,0 @@ -Long: data-urlencode -Arg: -Help: HTTP POST data url encoded -Protocols: HTTP -See-also: data data-raw -Added: 7.18.0 -Category: http post upload -Example: --data-urlencode name=val $URL -Example: --data-urlencode =encodethis $URL -Example: --data-urlencode name@file $URL -Example: --data-urlencode @fileonly $URL ---- -This posts data, similar to the other --data options with the exception -that this performs URL-encoding. - -To be CGI-compliant, the part should begin with a *name* followed -by a separator and a content specification. The part can be passed to -curl using one of the following syntaxes: -.RS -.IP "content" -This will make curl URL-encode the content and pass that on. Just be careful -so that the content does not contain any = or @ symbols, as that will then make -the syntax match one of the other cases below! -.IP "=content" -This will make curl URL-encode the content and pass that on. The preceding = -symbol is not included in the data. -.IP "name=content" -This will make curl URL-encode the content part and pass that on. Note that -the name part is expected to be URL-encoded already. -.IP "@filename" -This will make curl load data from the given file (including any newlines), -URL-encode that data and pass it on in the POST. -.IP "name@filename" -This will make curl load data from the given file (including any newlines), -URL-encode that data and pass it on in the POST. The name part gets an equal -sign appended, resulting in *name=urlencoded-file-content*. Note that the -name is expected to be URL-encoded already. -.RE diff --git a/libs/curl/docs/cmdline-opts/data-urlencode.md b/libs/curl/docs/cmdline-opts/data-urlencode.md new file mode 100644 index 00000000..2bd84f3f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/data-urlencode.md @@ -0,0 +1,51 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data-urlencode +Arg: +Help: HTTP POST data URL encoded +Protocols: HTTP +Added: 7.18.0 +Category: http post upload +Multi: append +See-also: + - data + - data-raw +Example: + - --data-urlencode name=val $URL + - --data-urlencode =encodethis $URL + - --data-urlencode name@file $URL + - --data-urlencode @fileonly $URL +--- + +# `--data-urlencode` + +Post data, similar to the other --data options with the exception that this +performs URL-encoding. + +To be CGI-compliant, the \ part should begin with a *name* followed by +a separator and a content specification. The \ part can be passed to +curl using one of the following syntaxes: + +## content +URL-encode the content and pass that on. Just be careful so that the content +does not contain any `=` or `@` symbols, as that makes the syntax match one of +the other cases below! + +## =content +URL-encode the content and pass that on. The preceding `=` symbol is not +included in the data. + +## name=content +URL-encode the content part and pass that on. Note that the name part is +expected to be URL-encoded already. + +## @filename +load data from the given file (including any newlines), URL-encode that data +and pass it on in the POST. + +## name@filename +load data from the given file (including any newlines), URL-encode that data +and pass it on in the POST. The name part gets an equal sign appended, +resulting in *name=urlencoded-file-content*. Note that the name is expected to +be URL-encoded already. diff --git a/libs/curl/docs/cmdline-opts/data.d b/libs/curl/docs/cmdline-opts/data.d deleted file mode 100644 index 682314c0..00000000 --- a/libs/curl/docs/cmdline-opts/data.d +++ /dev/null @@ -1,34 +0,0 @@ -Long: data -Short: d -Arg: -Help: HTTP POST data -Protocols: HTTP MQTT -See-also: data-binary data-urlencode data-raw -Mutexed: form head upload-file -Category: important http post upload -Example: -d "name=curl" $URL -Example: -d "name=curl" -d "tool=cmdline" $URL -Example: -d @filename $URL -Added: 4.0 ---- -Sends the specified data in a POST request to the HTTP server, in the same way -that a browser does when a user has filled in an HTML form and presses the -submit button. This will cause curl to pass the data to the server using the -content-type application/x-www-form-urlencoded. Compare to --form. - ---data-raw is almost the same but does not have a special interpretation of -the @ character. To post data purely binary, you should instead use the ---data-binary option. To URL-encode the value of a form field you may use ---data-urlencode. - -If any of these options is used more than once on the same command line, the -data pieces specified will be merged with a separating &-symbol. Thus, using -\&'-d name=daniel -d skill=lousy' would generate a post chunk that looks like -\&'name=daniel&skill=lousy'. - -If you start the data with the letter @, the rest should be a file name to -read the data from, or - if you want curl to read the data from stdin. Posting -data from a file named \&'foobar' would thus be done with --data @foobar. When ---data is told to read from a file like that, carriage returns and newlines -will be stripped out. If you do not want the @ character to have a special -interpretation use --data-raw instead. diff --git a/libs/curl/docs/cmdline-opts/data.md b/libs/curl/docs/cmdline-opts/data.md new file mode 100644 index 00000000..6b6e7028 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/data.md @@ -0,0 +1,49 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: data +Short: d +Arg: +Help: HTTP POST data +Protocols: HTTP MQTT +Mutexed: form head upload-file +Category: important http post upload +Added: 4.0 +Multi: append +See-also: + - data-binary + - data-urlencode + - data-raw +Example: + - -d "name=curl" $URL + - -d "name=curl" -d "tool=cmdline" $URL + - -d @filename $URL +--- + +# `--data` + +Sends the specified data in a POST request to the HTTP server, in the same way +that a browser does when a user has filled in an HTML form and presses the +submit button. This option makes curl pass the data to the server using the +content-type application/x-www-form-urlencoded. Compare to --form. + +--data-raw is almost the same but does not have a special interpretation of +the @ character. To post data purely binary, you should instead use the +--data-binary option. To URL-encode the value of a form field you may use +--data-urlencode. + +If any of these options is used more than once on the same command line, the +data pieces specified are merged with a separating &-symbol. Thus, using +'-d name=daniel -d skill=lousy' would generate a post chunk that looks like +'name=daniel&skill=lousy'. + +If you start the data with the letter @, the rest should be a filename to read +the data from, or - if you want curl to read the data from stdin. Posting data +from a file named 'foobar' would thus be done with --data @foobar. When --data +is told to read from a file like that, carriage returns, newlines and null +bytes are stripped out. If you do not want the @ character to have a special +interpretation use --data-raw instead. + +The data for this option is passed on to the server exactly as provided on the +command line. curl does not convert, change or improve it. It is up to the +user to provide the data in the correct form. diff --git a/libs/curl/docs/cmdline-opts/delegation.d b/libs/curl/docs/cmdline-opts/delegation.d deleted file mode 100644 index 858ff040..00000000 --- a/libs/curl/docs/cmdline-opts/delegation.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: delegation -Arg: -Help: GSS-API delegation permission -Protocols: GSS/kerberos -Category: auth -Example: --delegation "none" $URL -Added: 7.22.0 -See-also: insecure ssl ---- -Set LEVEL to tell the server what it is allowed to delegate when it -comes to user credentials. -.RS -.IP "none" -Do not allow any delegation. -.IP "policy" -Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos -service ticket, which is a matter of realm policy. -.IP "always" -Unconditionally allow the server to delegate. -.RE - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/delegation.md b/libs/curl/docs/cmdline-opts/delegation.md new file mode 100644 index 00000000..c874a2b5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/delegation.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: delegation +Arg: +Help: GSS-API delegation permission +Protocols: GSS/kerberos +Category: auth +Added: 7.22.0 +Multi: single +See-also: + - insecure + - ssl +Example: + - --delegation "none" $URL +--- + +# `--delegation` + +Set LEVEL what curl is allowed to delegate when it comes to user credentials. + +## none +Do not allow any delegation. + +## policy +Delegates if and only if the OK-AS-DELEGATE flag is set in the Kerberos +service ticket, which is a matter of realm policy. + +## always +Unconditionally allow the server to delegate. diff --git a/libs/curl/docs/cmdline-opts/digest.d b/libs/curl/docs/cmdline-opts/digest.d deleted file mode 100644 index 4feb8505..00000000 --- a/libs/curl/docs/cmdline-opts/digest.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: digest -Help: Use HTTP Digest Authentication -Protocols: HTTP -Mutexed: basic ntlm negotiate -See-also: user proxy-digest anyauth -Category: proxy auth http -Example: -u name:password --digest $URL -Added: 7.10.6 ---- -Enables HTTP Digest authentication. This is an authentication scheme that -prevents the password from being sent over the wire in clear text. Use this in -combination with the normal --user option to set user name and password. - -If this option is used several times, only the first one is used. diff --git a/libs/curl/docs/cmdline-opts/digest.md b/libs/curl/docs/cmdline-opts/digest.md new file mode 100644 index 00000000..04c5a79a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/digest.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: digest +Help: HTTP Digest Authentication +Protocols: HTTP +Mutexed: basic ntlm negotiate +Category: proxy auth http +Added: 7.10.6 +Multi: boolean +See-also: + - user + - proxy-digest + - anyauth +Example: + - -u name:password --digest $URL +--- + +# `--digest` + +Enables HTTP Digest authentication. This authentication scheme avoids sending +the password over the wire in clear text. Use this in combination with the +normal --user option to set username and password. diff --git a/libs/curl/docs/cmdline-opts/disable-eprt.d b/libs/curl/docs/cmdline-opts/disable-eprt.d deleted file mode 100644 index 6b82f137..00000000 --- a/libs/curl/docs/cmdline-opts/disable-eprt.d +++ /dev/null @@ -1,23 +0,0 @@ -Long: disable-eprt -Help: Inhibit using EPRT or LPRT -Protocols: FTP -Category: ftp -Example: --disable-eprt ftp://example.com/ -Added: 7.10.5 -See-also: disable-epsv ftp-port ---- -Tell curl to disable the use of the EPRT and LPRT commands when doing active -FTP transfers. Curl will normally always first attempt to use EPRT, then LPRT -before using PORT, but with this option, it will use PORT right away. EPRT and -LPRT are extensions to the original FTP protocol, and may not work on all -servers, but they enable more functionality in a better way than the -traditional PORT command. - ---eprt can be used to explicitly enable EPRT again and --no-eprt is an alias -for --disable-eprt. - -If the server is accessed using IPv6, this option will have no effect as EPRT -is necessary then. - -Disabling EPRT only changes the active behavior. If you want to switch to -passive mode you need to not use --ftp-port or force it with --ftp-pasv. diff --git a/libs/curl/docs/cmdline-opts/disable-eprt.md b/libs/curl/docs/cmdline-opts/disable-eprt.md new file mode 100644 index 00000000..b6e6c6da --- /dev/null +++ b/libs/curl/docs/cmdline-opts/disable-eprt.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: disable-eprt +Help: Inhibit using EPRT or LPRT +Protocols: FTP +Category: ftp +Added: 7.10.5 +Multi: boolean +See-also: + - disable-epsv + - ftp-port +Example: + - --disable-eprt ftp://example.com/ +--- + +# `--disable-eprt` + +Disable the use of the EPRT and LPRT commands when doing active FTP transfers. +Curl normally first attempts to use EPRT before using PORT, but with this +option, it uses PORT right away. EPRT is an extension to the original FTP +protocol, and does not work on all servers, but enables more functionality in +a better way than the traditional PORT command. + +--eprt can be used to explicitly enable EPRT again and --no-eprt is an alias +for --disable-eprt. + +If the server is accessed using IPv6, this option has no effect as EPRT is +necessary then. + +Disabling EPRT only changes the active behavior. If you want to switch to +passive mode you need to not use --ftp-port or force it with --ftp-pasv. diff --git a/libs/curl/docs/cmdline-opts/disable-epsv.d b/libs/curl/docs/cmdline-opts/disable-epsv.d deleted file mode 100644 index 46847262..00000000 --- a/libs/curl/docs/cmdline-opts/disable-epsv.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: disable-epsv -Help: Inhibit using EPSV -Protocols: FTP -Category: ftp -Example: --disable-epsv ftp://example.com/ -Added: 7.9.2 -See-also: disable-eprt ftp-port ---- -Tell curl to disable the use of the EPSV command when doing passive FTP -transfers. Curl will normally always first attempt to use EPSV before -PASV, but with this option, it will not try using EPSV. - ---epsv can be used to explicitly enable EPSV again and --no-epsv is an alias -for --disable-epsv. - -If the server is an IPv6 host, this option will have no effect as EPSV is -necessary then. - -Disabling EPSV only changes the passive behavior. If you want to switch to -active mode you need to use --ftp-port. diff --git a/libs/curl/docs/cmdline-opts/disable-epsv.md b/libs/curl/docs/cmdline-opts/disable-epsv.md new file mode 100644 index 00000000..7667c795 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/disable-epsv.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: disable-epsv +Help: Inhibit using EPSV +Protocols: FTP +Category: ftp +Added: 7.9.2 +Multi: boolean +See-also: + - disable-eprt + - ftp-port +Example: + - --disable-epsv ftp://example.com/ +--- + +# `--disable-epsv` + +Disable the use of the EPSV command when doing passive FTP transfers. Curl +normally first attempts to use EPSV before PASV, but with this option, it does +not try EPSV. + +--epsv can be used to explicitly enable EPSV again and --no-epsv is an alias +for --disable-epsv. + +If the server is an IPv6 host, this option has no effect as EPSV is necessary +then. + +Disabling EPSV only changes the passive behavior. If you want to switch to +active mode you need to use --ftp-port. diff --git a/libs/curl/docs/cmdline-opts/disable.d b/libs/curl/docs/cmdline-opts/disable.d deleted file mode 100644 index e417571f..00000000 --- a/libs/curl/docs/cmdline-opts/disable.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: disable -Short: q -Help: Disable .curlrc -Category: curl -Example: -q $URL -Added: 5.0 -See-also: config ---- -If used as the first parameter on the command line, the *curlrc* config -file will not be read and used. See the --config for details on the default -config file search path. diff --git a/libs/curl/docs/cmdline-opts/disable.md b/libs/curl/docs/cmdline-opts/disable.md new file mode 100644 index 00000000..1370b91d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/disable.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: disable +Short: q +Help: Disable .curlrc +Category: curl +Added: 5.0 +Multi: boolean +See-also: + - config +Example: + - -q $URL +--- + +# `--disable` + +If used as the **first** parameter on the command line, the *curlrc* config +file is not read or used. See the --config for details on the default config +file search path. diff --git a/libs/curl/docs/cmdline-opts/disallow-username-in-url.d b/libs/curl/docs/cmdline-opts/disallow-username-in-url.d deleted file mode 100644 index f3122aea..00000000 --- a/libs/curl/docs/cmdline-opts/disallow-username-in-url.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: disallow-username-in-url -Help: Disallow username in url -Protocols: HTTP -Added: 7.61.0 -See-also: proto -Category: curl http -Example: --disallow-username-in-url $URL ---- -This tells curl to exit if passed a url containing a username. This is probably -most useful when the URL is being provided at run-time or similar. diff --git a/libs/curl/docs/cmdline-opts/disallow-username-in-url.md b/libs/curl/docs/cmdline-opts/disallow-username-in-url.md new file mode 100644 index 00000000..012f2d0d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/disallow-username-in-url.md @@ -0,0 +1,18 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: disallow-username-in-url +Help: Disallow username in URL +Added: 7.61.0 +Category: curl +Multi: boolean +See-also: + - proto +Example: + - --disallow-username-in-url $URL +--- + +# `--disallow-username-in-url` + +Exit with error if passed a URL containing a username. Probably most useful +when the URL is being provided at runtime or similar. diff --git a/libs/curl/docs/cmdline-opts/dns-interface.d b/libs/curl/docs/cmdline-opts/dns-interface.d deleted file mode 100644 index fec7927e..00000000 --- a/libs/curl/docs/cmdline-opts/dns-interface.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: dns-interface -Arg: -Help: Interface to use for DNS requests -Protocols: DNS -See-also: dns-ipv4-addr dns-ipv6-addr -Added: 7.33.0 -Requires: c-ares -Category: dns -Example: --dns-interface eth0 $URL ---- -Tell curl to send outgoing DNS requests through . This option is a -counterpart to --interface (which does not affect DNS). The supplied string -must be an interface name (not an address). diff --git a/libs/curl/docs/cmdline-opts/dns-interface.md b/libs/curl/docs/cmdline-opts/dns-interface.md new file mode 100644 index 00000000..aee7400b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/dns-interface.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dns-interface +Arg: +Help: Interface to use for DNS requests +Protocols: DNS +Added: 7.33.0 +Requires: c-ares +Category: dns +Multi: single +See-also: + - dns-ipv4-addr + - dns-ipv6-addr +Example: + - --dns-interface eth0 $URL +--- + +# `--dns-interface` + +Send outgoing DNS requests through the given interface. This option is a +counterpart to --interface (which does not affect DNS). The supplied string +must be an interface name (not an address). diff --git a/libs/curl/docs/cmdline-opts/dns-ipv4-addr.d b/libs/curl/docs/cmdline-opts/dns-ipv4-addr.d deleted file mode 100644 index e09153ab..00000000 --- a/libs/curl/docs/cmdline-opts/dns-ipv4-addr.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: dns-ipv4-addr -Arg:
-Help: IPv4 address to use for DNS requests -Protocols: DNS -See-also: dns-interface dns-ipv6-addr -Added: 7.33.0 -Requires: c-ares -Category: dns -Example: --dns-ipv4-addr 10.1.2.3 $URL ---- -Tell curl to bind to when making IPv4 DNS requests, so that -the DNS requests originate from this address. The argument should be a -single IPv4 address. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/dns-ipv4-addr.md b/libs/curl/docs/cmdline-opts/dns-ipv4-addr.md new file mode 100644 index 00000000..4a43cb1d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/dns-ipv4-addr.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dns-ipv4-addr +Arg:
+Help: IPv4 address to use for DNS requests +Protocols: DNS +Added: 7.33.0 +Requires: c-ares +Category: dns +Multi: single +See-also: + - dns-interface + - dns-ipv6-addr +Example: + - --dns-ipv4-addr 10.1.2.3 $URL +--- + +# `--dns-ipv4-addr` + +Bind to a specific IP address when making IPv4 DNS requests, so that the DNS +requests originate from this address. The argument should be a single IPv4 +address. diff --git a/libs/curl/docs/cmdline-opts/dns-ipv6-addr.d b/libs/curl/docs/cmdline-opts/dns-ipv6-addr.d deleted file mode 100644 index 954cb98b..00000000 --- a/libs/curl/docs/cmdline-opts/dns-ipv6-addr.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: dns-ipv6-addr -Arg:
-Help: IPv6 address to use for DNS requests -Protocols: DNS -See-also: dns-interface dns-ipv4-addr -Added: 7.33.0 -Requires: c-ares -Category: dns -Example: --dns-ipv6-addr 2a04:4e42::561 $URL ---- -Tell curl to bind to when making IPv6 DNS requests, so that -the DNS requests originate from this address. The argument should be a -single IPv6 address. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/dns-ipv6-addr.md b/libs/curl/docs/cmdline-opts/dns-ipv6-addr.md new file mode 100644 index 00000000..71123117 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/dns-ipv6-addr.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dns-ipv6-addr +Arg:
+Help: IPv6 address to use for DNS requests +Protocols: DNS +Added: 7.33.0 +Requires: c-ares +Category: dns +Multi: single +See-also: + - dns-interface + - dns-ipv4-addr +Example: + - --dns-ipv6-addr 2a04:4e42::561 $URL +--- + +# `--dns-ipv6-addr` + +Bind to a specific IP address when making IPv6 DNS requests, so that the DNS +requests originate from this address. The argument should be a single IPv6 +address. diff --git a/libs/curl/docs/cmdline-opts/dns-servers.d b/libs/curl/docs/cmdline-opts/dns-servers.d deleted file mode 100644 index 8a234152..00000000 --- a/libs/curl/docs/cmdline-opts/dns-servers.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: dns-servers -Arg: -Help: DNS server addrs to use -Requires: c-ares -Added: 7.33.0 -Category: dns -Example: --dns-servers 192.168.0.1,192.168.0.2 $URL -See-also: dns-interface dns-ipv4-addr ---- -Set the list of DNS servers to be used instead of the system default. -The list of IP addresses should be separated with commas. Port numbers -may also optionally be given as *:* after each IP -address. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/dns-servers.md b/libs/curl/docs/cmdline-opts/dns-servers.md new file mode 100644 index 00000000..bf6ba3fe --- /dev/null +++ b/libs/curl/docs/cmdline-opts/dns-servers.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dns-servers +Arg: +Help: DNS server addrs to use +Protocols: DNS +Requires: c-ares +Added: 7.33.0 +Category: dns +Multi: single +See-also: + - dns-interface + - dns-ipv4-addr +Example: + - --dns-servers 192.168.0.1,192.168.0.2 $URL + - --dns-servers 10.0.0.1:53 $URL +--- + +# `--dns-servers` + +Set the list of DNS servers to be used instead of the system default. The list +of IP addresses should be separated with commas. Port numbers may also +optionally be given, appended to the IP address separated with a colon. diff --git a/libs/curl/docs/cmdline-opts/doh-cert-status.d b/libs/curl/docs/cmdline-opts/doh-cert-status.d deleted file mode 100644 index 0846ccb7..00000000 --- a/libs/curl/docs/cmdline-opts/doh-cert-status.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: doh-cert-status -Help: Verify the status of the DoH server cert via OCSP-staple -Added: 7.76.0 -Category: dns tls -Example: --doh-cert-status --doh-url https://doh.example $URL -See-also: doh-insecure ---- -Same as --cert-status but used for DoH (DNS-over-HTTPS). diff --git a/libs/curl/docs/cmdline-opts/doh-cert-status.md b/libs/curl/docs/cmdline-opts/doh-cert-status.md new file mode 100644 index 00000000..920c5b43 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/doh-cert-status.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: doh-cert-status +Help: Verify DoH server cert status OCSP-staple +Added: 7.76.0 +Category: dns tls +Multi: boolean +See-also: + - doh-insecure +Example: + - --doh-cert-status --doh-url https://doh.example $URL +--- + +# `--doh-cert-status` + +Same as --cert-status but used for DoH (DNS-over-HTTPS). + +Verifies the status of the DoH servers' certificate by using the Certificate +Status Request (aka. OCSP stapling) TLS extension. + +If this option is enabled and the DoH server sends an invalid (e.g. expired) +response, if the response suggests that the server certificate has been +revoked, or no response at all is received, the verification fails. + +This support is currently only implemented in the OpenSSL and GnuTLS backends. diff --git a/libs/curl/docs/cmdline-opts/doh-insecure.d b/libs/curl/docs/cmdline-opts/doh-insecure.d deleted file mode 100644 index 9430bd4d..00000000 --- a/libs/curl/docs/cmdline-opts/doh-insecure.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: doh-insecure -Help: Allow insecure DoH server connections -Added: 7.76.0 -Category: dns tls -Example: --doh-insecure --doh-url https://doh.example $URL -See-also: doh-url ---- -Same as --insecure but used for DoH (DNS-over-HTTPS). diff --git a/libs/curl/docs/cmdline-opts/doh-insecure.md b/libs/curl/docs/cmdline-opts/doh-insecure.md new file mode 100644 index 00000000..72f3cb77 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/doh-insecure.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: doh-insecure +Help: Allow insecure DoH server connections +Added: 7.76.0 +Category: dns tls +Multi: boolean +See-also: + - doh-url + - insecure + - proxy-insecure +Example: + - --doh-insecure --doh-url https://doh.example $URL +--- + +# `--doh-insecure` + +By default, every connection curl makes to a DoH server is verified to be +secure before the transfer takes place. This option tells curl to skip the +verification step and proceed without checking. + +**WARNING**: using this option makes the DoH transfer and name resolution +insecure. + +This option is equivalent to --insecure and --proxy-insecure but used for DoH +(DNS-over-HTTPS) only. diff --git a/libs/curl/docs/cmdline-opts/doh-url.d b/libs/curl/docs/cmdline-opts/doh-url.d deleted file mode 100644 index c64cca28..00000000 --- a/libs/curl/docs/cmdline-opts/doh-url.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: doh-url -Arg: -Help: Resolve host names over DoH -Added: 7.62.0 -Category: dns -Example: --doh-url https://doh.example $URL -See-also: doh-insecure ---- -Specifies which DNS-over-HTTPS (DoH) server to use to resolve hostnames, -instead of using the default name resolver mechanism. The URL must be HTTPS. - -Some SSL options that you set for your transfer will apply to DoH since the -name lookups take place over SSL. However, the certificate verification -settings are not inherited and can be controlled separately via ---doh-insecure and --doh-cert-status. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/doh-url.md b/libs/curl/docs/cmdline-opts/doh-url.md new file mode 100644 index 00000000..23754cac --- /dev/null +++ b/libs/curl/docs/cmdline-opts/doh-url.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: doh-url +Arg: +Help: Resolve hostnames over DoH +Added: 7.62.0 +Category: dns +Multi: single +See-also: + - doh-insecure +Example: + - --doh-url https://doh.example $URL +--- + +# `--doh-url` + +Specifies which DNS-over-HTTPS (DoH) server to use to resolve hostnames, +instead of using the default name resolver mechanism. The URL must be HTTPS. + +Some SSL options that you set for your transfer also applies to DoH since the +name lookups take place over SSL. However, the certificate verification +settings are not inherited but are controlled separately via --doh-insecure +and --doh-cert-status. + +This option is unset if an empty string "" is used as the URL. +(Added in 7.85.0) diff --git a/libs/curl/docs/cmdline-opts/dump-header.d b/libs/curl/docs/cmdline-opts/dump-header.d deleted file mode 100644 index 8c617b92..00000000 --- a/libs/curl/docs/cmdline-opts/dump-header.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: dump-header -Short: D -Arg: -Help: Write the received headers to -Protocols: HTTP FTP -See-also: output -Category: http ftp -Example: --dump-header store.txt $URL -Added: 5.7 ---- -Write the received protocol headers to the specified file. If no headers are -received, the use of this option will create an empty file. - -When used in FTP, the FTP server response lines are considered being "headers" -and thus are saved there. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/dump-header.md b/libs/curl/docs/cmdline-opts/dump-header.md new file mode 100644 index 00000000..925e6da6 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/dump-header.md @@ -0,0 +1,29 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: dump-header +Short: D +Arg: +Help: Write the received headers to +Protocols: HTTP FTP +Category: http ftp +Added: 5.7 +Multi: single +See-also: + - output +Example: + - --dump-header store.txt $URL + - --dump-header - $URL -o save +--- + +# `--dump-header` + +Write the received protocol headers to the specified file. If no headers are +received, the use of this option creates an empty file. Specify `-` as file +name (a single minus) to have it written to stdout. + +When used in FTP, the FTP server response lines are considered being "headers" +and thus are saved there. + +Having multiple transfers in one set of operations (i.e. the URLs in one +--next clause), appends them to the same file, separated by a blank line. diff --git a/libs/curl/docs/cmdline-opts/ech.md b/libs/curl/docs/cmdline-opts/ech.md new file mode 100644 index 00000000..6c2ba31c --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ech.md @@ -0,0 +1,53 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ech +Arg: +Help: Configure ECH +Added: 8.8.0 +Category: tls +Protocols: HTTPS +Multi: single +See-also: + - doh-url +Example: + - --ech true $URL +--- + +# `--ech` + +Specifies how to do ECH (Encrypted Client Hello). + +The values allowed for \ can be: + +## "false" +Do not attempt ECH + +## "grease" + +Send a GREASE ECH extension + +## "true" + +Attempt ECH if possible, but do not fail if ECH is not attempted. +(The connection fails if ECH is attempted but fails.) + +## "hard" + +Attempt ECH and fail if that is not possible. +ECH only works with TLS 1.3 and also requires using +DoH or providing an ECHConfigList on the command line. + +## "ecl:" + +A base64 encoded ECHConfigList that is used for ECH. + +## "pn:" + +A name to use to over-ride the `public_name` field of an ECHConfigList +(only available with OpenSSL TLS support) + +## Errors + +Most errors cause error +*CURLE_ECH_REQUIRED* (101). diff --git a/libs/curl/docs/cmdline-opts/egd-file.d b/libs/curl/docs/cmdline-opts/egd-file.d deleted file mode 100644 index cd3450a2..00000000 --- a/libs/curl/docs/cmdline-opts/egd-file.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: egd-file -Arg: -Help: EGD socket path for random data -Protocols: TLS -See-also: random-file -Category: tls -Example: --egd-file /random/here $URL -Added: 7.7 ---- -Specify the path name to the Entropy Gathering Daemon socket. The socket is -used to seed the random engine for SSL connections. diff --git a/libs/curl/docs/cmdline-opts/egd-file.md b/libs/curl/docs/cmdline-opts/egd-file.md new file mode 100644 index 00000000..ef16b996 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/egd-file.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: egd-file +Arg: +Help: EGD socket path for random data +Protocols: TLS +Category: deprecated +Added: 7.7 +Multi: single +See-also: + - random-file +Example: + - --egd-file /random/here $URL +--- + +# `--egd-file` + +Deprecated option (added in 7.84.0). Prior to that it only had an effect on +curl if built to use old versions of OpenSSL. + +Specify the path name to the Entropy Gathering Daemon socket. The socket is +used to seed the random engine for SSL connections. diff --git a/libs/curl/docs/cmdline-opts/engine.d b/libs/curl/docs/cmdline-opts/engine.d deleted file mode 100644 index 6382dfda..00000000 --- a/libs/curl/docs/cmdline-opts/engine.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: engine -Arg: -Help: Crypto engine to use -Protocols: TLS -Category: tls -Example: --engine flavor $URL -Added: 7.9.3 -See-also: ciphers curves ---- -Select the OpenSSL crypto engine to use for cipher operations. Use --engine -list to print a list of build-time supported engines. Note that not all (and -possibly none) of the engines may be available at run-time. diff --git a/libs/curl/docs/cmdline-opts/engine.md b/libs/curl/docs/cmdline-opts/engine.md new file mode 100644 index 00000000..51119002 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/engine.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: engine +Arg: +Help: Crypto engine to use +Protocols: TLS +Category: tls +Added: 7.9.3 +Multi: single +See-also: + - ciphers + - curves +Example: + - --engine flavor $URL +--- + +# `--engine` + +Select the OpenSSL crypto engine to use for cipher operations. Use --engine +list to print a list of build-time supported engines. Note that not all (and +possibly none) of the engines may be available at runtime. diff --git a/libs/curl/docs/cmdline-opts/etag-compare.d b/libs/curl/docs/cmdline-opts/etag-compare.d deleted file mode 100644 index 494633f5..00000000 --- a/libs/curl/docs/cmdline-opts/etag-compare.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: etag-compare -Arg: -Help: Pass an ETag from a file as a custom header -Protocols: HTTP -Added: 7.68.0 -Category: http -Example: --etag-compare etag.txt $URL -See-also: etag-save time-cond ---- -This option makes a conditional HTTP request for the specific ETag read -from the given file by sending a custom If-None-Match header using the -stored ETag. - -For correct results, make sure that the specified file contains only a -single line with the desired ETag. An empty file is parsed as an empty -ETag. - -Use the option --etag-save to first save the ETag from a response, and -then use this option to compare against the saved ETag in a subsequent -request. diff --git a/libs/curl/docs/cmdline-opts/etag-compare.md b/libs/curl/docs/cmdline-opts/etag-compare.md new file mode 100644 index 00000000..d69cbdf3 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/etag-compare.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: etag-compare +Arg: +Help: Load ETag from file +Protocols: HTTP +Added: 7.68.0 +Category: http +Multi: single +See-also: + - etag-save + - time-cond +Example: + - --etag-compare etag.txt $URL +--- + +# `--etag-compare` + +Make a conditional HTTP request for the specific ETag read from the given file +by sending a custom If-None-Match header using the stored ETag. + +For correct results, make sure that the specified file contains only a single +line with the desired ETag. An empty file is parsed as an empty ETag. + +Use the option --etag-save to first save the ETag from a response, and then +use this option to compare against the saved ETag in a subsequent request. diff --git a/libs/curl/docs/cmdline-opts/etag-save.d b/libs/curl/docs/cmdline-opts/etag-save.d deleted file mode 100644 index 5cce0ee1..00000000 --- a/libs/curl/docs/cmdline-opts/etag-save.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: etag-save -Arg: -Help: Parse ETag from a request and save it to a file -Protocols: HTTP -Added: 7.68.0 -Category: http -Example: --etag-save storetag.txt $URL -See-also: etag-compare ---- -This option saves an HTTP ETag to the specified file. An ETag is a -caching related header, usually returned in a response. - -If no ETag is sent by the server, an empty file is created. diff --git a/libs/curl/docs/cmdline-opts/etag-save.md b/libs/curl/docs/cmdline-opts/etag-save.md new file mode 100644 index 00000000..aa346ada --- /dev/null +++ b/libs/curl/docs/cmdline-opts/etag-save.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: etag-save +Arg: +Help: Parse incoming ETag and save to a file +Protocols: HTTP +Added: 7.68.0 +Category: http +Multi: single +See-also: + - etag-compare +Example: + - --etag-save storetag.txt $URL +--- + +# `--etag-save` + +Save an HTTP ETag to the specified file. An ETag is a caching related header, +usually returned in a response. + +If no ETag is sent by the server, an empty file is created. diff --git a/libs/curl/docs/cmdline-opts/expect100-timeout.d b/libs/curl/docs/cmdline-opts/expect100-timeout.d deleted file mode 100644 index 8855edd0..00000000 --- a/libs/curl/docs/cmdline-opts/expect100-timeout.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: expect100-timeout -Arg: -Help: How long to wait for 100-continue -Protocols: HTTP -Added: 7.47.0 -See-also: connect-timeout -Category: http -Example: --expect100-timeout 2.5 -T file $URL ---- -Maximum time in seconds that you allow curl to wait for a 100-continue -response when curl emits an Expects: 100-continue header in its request. By -default curl will wait one second. This option accepts decimal values! When -curl stops waiting, it will continue as if the response has been received. diff --git a/libs/curl/docs/cmdline-opts/expect100-timeout.md b/libs/curl/docs/cmdline-opts/expect100-timeout.md new file mode 100644 index 00000000..85476181 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/expect100-timeout.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: expect100-timeout +Arg: +Help: How long to wait for 100-continue +Protocols: HTTP +Added: 7.47.0 +Category: http timeout +Multi: single +See-also: + - connect-timeout +Example: + - --expect100-timeout 2.5 -T file $URL +--- + +# `--expect100-timeout` + +Maximum time in seconds that you allow curl to wait for a 100-continue +response when curl emits an Expects: 100-continue header in its request. By +default curl waits one second. This option accepts decimal values. When curl +stops waiting, it continues as if a response was received. + +The decimal value needs to provided using a dot (`.`) as decimal separator - +not the local version even if it might be using another separator. diff --git a/libs/curl/docs/cmdline-opts/fail-early.d b/libs/curl/docs/cmdline-opts/fail-early.d deleted file mode 100644 index fc3e45ae..00000000 --- a/libs/curl/docs/cmdline-opts/fail-early.d +++ /dev/null @@ -1,24 +0,0 @@ -Long: fail-early -Help: Fail on first transfer error, do not continue -Added: 7.52.0 -Category: curl -Example: --fail-early $URL https://two.example -See-also: fail fail-with-body ---- -Fail and exit on the first detected transfer error. - -When curl is used to do multiple transfers on the command line, it will -attempt to operate on each given URL, one by one. By default, it will ignore -errors if there are more URLs given and the last URL's success will determine -the error code curl returns. So early failures will be "hidden" by subsequent -successful transfers. - -Using this option, curl will instead return an error on the first transfer -that fails, independent of the amount of URLs that are given on the command -line. This way, no transfer failures go undetected by scripts and similar. - -This option is global and does not need to be specified for each use of --next. - -This option does not imply --fail, which causes transfers to fail due to the -server's HTTP status code. You can combine the two options, however note --fail -is not global and is therefore contained by --next. diff --git a/libs/curl/docs/cmdline-opts/fail-early.md b/libs/curl/docs/cmdline-opts/fail-early.md new file mode 100644 index 00000000..67edbf91 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/fail-early.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: fail-early +Help: Fail on first transfer error +Added: 7.52.0 +Category: curl global +Multi: boolean +Scope: global +See-also: + - fail + - fail-with-body +Example: + - --fail-early $URL https://two.example +--- + +# `--fail-early` + +Fail and exit on the first detected transfer error. + +When curl is used to do multiple transfers on the command line, it attempts to +operate on each given URL, one by one. By default, it ignores errors if there +are more URLs given and the last URL's success determines the error code curl +returns. Early failures are "hidden" by subsequent successful transfers. + +Using this option, curl instead returns an error on the first transfer that +fails, independent of the amount of URLs that are given on the command +line. This way, no transfer failures go undetected by scripts and similar. + +This option does not imply --fail, which causes transfers to fail due to the +server's HTTP status code. You can combine the two options, however note --fail +is not global and is therefore contained by --next. diff --git a/libs/curl/docs/cmdline-opts/fail-with-body.d b/libs/curl/docs/cmdline-opts/fail-with-body.d deleted file mode 100644 index 9b8c7db4..00000000 --- a/libs/curl/docs/cmdline-opts/fail-with-body.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: fail-with-body -Protocols: HTTP -Help: Fail on HTTP errors but save the body -Category: http output -Added: 7.76.0 -See-also: fail -Example: --fail-with-body $URL ---- -Return an error on server errors where the HTTP response code is 400 or -greater). In normal cases when an HTTP server fails to deliver a document, it -returns an HTML document stating so (which often also describes why and -more). This flag will still allow curl to output and save that content but -also to return error 22. - -This is an alternative option to --fail which makes curl fail for the same -circumstances but without saving the content. diff --git a/libs/curl/docs/cmdline-opts/fail-with-body.md b/libs/curl/docs/cmdline-opts/fail-with-body.md new file mode 100644 index 00000000..670959ba --- /dev/null +++ b/libs/curl/docs/cmdline-opts/fail-with-body.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: fail-with-body +Protocols: HTTP +Help: Fail on HTTP errors but save the body +Category: http output +Added: 7.76.0 +Mutexed: fail +Multi: boolean +See-also: + - fail + - fail-early +Example: + - --fail-with-body $URL +--- + +# `--fail-with-body` + +Return an error on server errors where the HTTP response code is 400 or +greater). In normal cases when an HTTP server fails to deliver a document, it +returns an HTML document stating so (which often also describes why and more). +This option allows curl to output and save that content but also to return +error 22. + +This is an alternative option to --fail which makes curl fail for the same +circumstances but without saving the content. diff --git a/libs/curl/docs/cmdline-opts/fail.d b/libs/curl/docs/cmdline-opts/fail.d deleted file mode 100644 index 47adafbb..00000000 --- a/libs/curl/docs/cmdline-opts/fail.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: fail -Short: f -Protocols: HTTP -Help: Fail silently (no output at all) on HTTP errors -See-also: fail-with-body -Category: important http -Example: --fail $URL -Added: 4.0 ---- -Fail silently (no output at all) on server errors. This is mostly done to -enable scripts etc to better deal with failed attempts. In normal cases -when an HTTP server fails to deliver a document, it returns an HTML document -stating so (which often also describes why and more). This flag will prevent -curl from outputting that and return error 22. - -This method is not fail-safe and there are occasions where non-successful -response codes will slip through, especially when authentication is involved -(response codes 401 and 407). diff --git a/libs/curl/docs/cmdline-opts/fail.md b/libs/curl/docs/cmdline-opts/fail.md new file mode 100644 index 00000000..0c8db136 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/fail.md @@ -0,0 +1,35 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: fail +Short: f +Protocols: HTTP +Help: Fail fast with no output on HTTP errors +Category: important http +Mutexed: fail-with-body +Added: 4.0 +Multi: boolean +See-also: + - fail-with-body + - fail-early +Example: + - --fail $URL +--- + +# `--fail` + +Fail with error code 22 and with no response body output at all for HTTP +transfers returning HTTP response codes at 400 or greater. + +In normal cases when an HTTP server fails to deliver a document, it returns a +body of text stating so (which often also describes why and more) and a 4xx +HTTP response code. This command line option prevents curl from outputting +that data and instead returns error 22 early. By default, curl does not +consider HTTP response codes to indicate failure. + +To get both the error code and also save the content, use --fail-with-body +instead. + +This method is not fail-safe and there are occasions where non-successful +response codes slip through, especially when authentication is involved +(response codes 401 and 407). diff --git a/libs/curl/docs/cmdline-opts/false-start.d b/libs/curl/docs/cmdline-opts/false-start.d deleted file mode 100644 index 4fe4eaa7..00000000 --- a/libs/curl/docs/cmdline-opts/false-start.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: false-start -Help: Enable TLS False Start -Protocols: TLS -Added: 7.42.0 -Category: tls -Example: --false-start $URL -See-also: tcp-fastopen ---- -Tells curl to use false start during the TLS handshake. False start is a mode -where a TLS client will start sending application data before verifying the -server's Finished message, thus saving a round trip when performing a full -handshake. - -This is currently only implemented in the NSS and Secure Transport (on iOS 7.0 -or later, or OS X 10.9 or later) backends. diff --git a/libs/curl/docs/cmdline-opts/false-start.md b/libs/curl/docs/cmdline-opts/false-start.md new file mode 100644 index 00000000..f25af237 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/false-start.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: false-start +Help: Enable TLS False Start +Protocols: TLS +Added: 7.42.0 +Category: tls +Multi: boolean +See-also: + - tcp-fastopen +Example: + - --false-start $URL +--- + +# `--false-start` + +Use false start during the TLS handshake. False start is a mode where a TLS +client starts sending application data before verifying the server's Finished +message, thus saving a round trip when performing a full handshake. + +This functionality is currently only implemented in the Secure Transport (on +iOS 7.0 or later, or OS X 10.9 or later) backend. diff --git a/libs/curl/docs/cmdline-opts/form-escape.d b/libs/curl/docs/cmdline-opts/form-escape.d deleted file mode 100644 index 5fcd9ac1..00000000 --- a/libs/curl/docs/cmdline-opts/form-escape.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: form-escape -Help: Escape multipart form field/file names using backslash -Protocols: HTTP -See-also: form -Added: 7.81.0 -Category: http post -Example: --form-escape --form 'field\\name=curl' 'file=@load"this' $URL ---- -Tells curl to pass on names of multipart form fields and files using -backslash-escaping instead of percent-encoding. diff --git a/libs/curl/docs/cmdline-opts/form-escape.md b/libs/curl/docs/cmdline-opts/form-escape.md new file mode 100644 index 00000000..0f93fde7 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/form-escape.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: form-escape +Help: Escape form fields using backslash +Protocols: HTTP imap smtp +Added: 7.81.0 +Category: http upload post +Multi: single +See-also: + - form +Example: + - --form-escape -F 'field\name=curl' -F 'file=@load"this' $URL +--- + +# `--form-escape` + +Pass on names of multipart form fields and files using backslash-escaping +instead of percent-encoding. diff --git a/libs/curl/docs/cmdline-opts/form-string.d b/libs/curl/docs/cmdline-opts/form-string.d deleted file mode 100644 index 4b5b0d64..00000000 --- a/libs/curl/docs/cmdline-opts/form-string.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: form-string -Help: Specify multipart MIME data -Protocols: HTTP SMTP IMAP -Arg: -See-also: form -Category: http upload -Example: --form-string "data" $URL -Added: 7.13.2 ---- -Similar to --form except that the value string for the named parameter is used -literally. Leading \&'@' and \&'<' characters, and the \&';type=' string in -the value have no special meaning. Use this in preference to --form if -there's any possibility that the string value may accidentally trigger the -\&'@' or \&'<' features of --form. diff --git a/libs/curl/docs/cmdline-opts/form-string.md b/libs/curl/docs/cmdline-opts/form-string.md new file mode 100644 index 00000000..e58ad625 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/form-string.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: form-string +Help: Specify multipart MIME data +Protocols: HTTP SMTP IMAP +Arg: +Category: http upload post smtp imap +Added: 7.13.2 +Multi: append +See-also: + - form +Example: + - --form-string "name=data" $URL +--- + +# `--form-string` + +Similar to --form except that the value string for the named parameter is used +literally. Leading @ and \< characters, and the `;type=` string in the value +have no special meaning. Use this in preference to --form if there is any +possibility that the string value may accidentally trigger the @ or \< +features of --form. diff --git a/libs/curl/docs/cmdline-opts/form.d b/libs/curl/docs/cmdline-opts/form.d deleted file mode 100644 index 12012daa..00000000 --- a/libs/curl/docs/cmdline-opts/form.d +++ /dev/null @@ -1,134 +0,0 @@ -Long: form -Short: F -Arg: -Help: Specify multipart MIME data -Protocols: HTTP SMTP IMAP -Mutexed: data head upload-file -Category: http upload -Example: --form "name=curl" --form "file=@loadthis" $URL -Added: 5.0 -See-also: data form-string form-escape ---- -For HTTP protocol family, this lets curl emulate a filled-in form in which a -user has pressed the submit button. This causes curl to POST data using the -Content-Type multipart/form-data according to RFC 2388. - -For SMTP and IMAP protocols, this is the means to compose a multipart mail -message to transmit. - -This enables uploading of binary files etc. To force the 'content' part to be -a file, prefix the file name with an @ sign. To just get the content part from -a file, prefix the file name with the symbol <. The difference between @ and < -is then that @ makes a file get attached in the post as a file upload, while -the < makes a text field and just get the contents for that text field from a -file. - -Tell curl to read content from stdin instead of a file by using - as -filename. This goes for both @ and < constructs. When stdin is used, the -contents is buffered in memory first by curl to determine its size and allow a -possible resend. Defining a part's data from a named non-regular file (such -as a named pipe or similar) is unfortunately not subject to buffering and will -be effectively read at transmission time; since the full size is unknown -before the transfer starts, such data is sent as chunks by HTTP and rejected -by IMAP. - -Example: send an image to an HTTP server, where \&'profile' is the name of the -form-field to which the file portrait.jpg will be the input: - - curl -F profile=@portrait.jpg https://example.com/upload.cgi - -Example: send your name and shoe size in two text fields to the server: - - curl -F name=John -F shoesize=11 https://example.com/ - -Example: send your essay in a text field to the server. Send it as a plain -text field, but get the contents for it from a local file: - - curl -F "story=HTML message;type=text/html' \\ - -F '=)' -F '=@textfile.txt' ... smtp://example.com - -Data can be encoded for transfer using encoder=. Available encodings are -*binary* and *8bit* that do nothing else than adding the corresponding -Content-Transfer-Encoding header, *7bit* that only rejects 8-bit characters -with a transfer error, *quoted-printable* and *base64* that encodes data -according to the corresponding schemes, limiting lines length to 76 -characters. - -Example: send multipart mail with a quoted-printable text message and a -base64 attached file: - - curl -F '=text message;encoder=quoted-printable' \\ - -F '=@localfile;encoder=base64' ... smtp://example.com - -See further examples and details in the MANUAL. - -This option can be used multiple times. diff --git a/libs/curl/docs/cmdline-opts/form.md b/libs/curl/docs/cmdline-opts/form.md new file mode 100644 index 00000000..5daa571e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/form.md @@ -0,0 +1,142 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: form +Short: F +Arg: +Help: Specify multipart MIME data +Protocols: HTTP SMTP IMAP +Mutexed: data head upload-file +Category: http upload post imap smtp +Added: 5.0 +Multi: append +See-also: + - data + - form-string + - form-escape +Example: + - --form "name=curl" --form "file=@loadthis" $URL +--- + +# `--form` + +For the HTTP protocol family, emulate a filled-in form in which a user has +pressed the submit button. This makes curl POST data using the Content-Type +multipart/form-data according to RFC 2388. + +For SMTP and IMAP protocols, this composes a multipart mail message to +transmit. + +This enables uploading of binary files etc. To force the 'content' part to be +a file, prefix the filename with an @ sign. To just get the content part from +a file, prefix the filename with the symbol \<. The difference between @ and +\< is then that @ makes a file get attached in the post as a file upload, +while the \< makes a text field and just get the contents for that text field +from a file. + +Read content from stdin instead of a file by using a single "-" as filename. +This goes for both @ and \< constructs. When stdin is used, the contents is +buffered in memory first by curl to determine its size and allow a possible +resend. Defining a part's data from a named non-regular file (such as a named +pipe or similar) is not subject to buffering and is instead read at +transmission time; since the full size is unknown before the transfer starts, +such data is sent as chunks by HTTP and rejected by IMAP. + +Example: send an image to an HTTP server, where 'profile' is the name of the +form-field to which the file **portrait.jpg** is the input: + + curl -F profile=@portrait.jpg https://example.com/upload.cgi + +Example: send your name and shoe size in two text fields to the server: + + curl -F name=John -F shoesize=11 https://example.com/ + +Example: send your essay in a text field to the server. Send it as a plain +text field, but get the contents for it from a local file: + + curl -F "story=HTML message;type=text/html' \ + -F '=)' -F '=@textfile.txt' ... smtp://example.com + +Data can be encoded for transfer using encoder=. Available encodings are +*binary* and *8bit* that do nothing else than adding the corresponding +Content-Transfer-Encoding header, *7bit* that only rejects 8-bit characters +with a transfer error, *quoted-printable* and *base64* that encodes data +according to the corresponding schemes, limiting lines length to 76 +characters. + +Example: send multipart mail with a quoted-printable text message and a +base64 attached file: + + curl -F '=text message;encoder=quoted-printable' \ + -F '=@localfile;encoder=base64' ... smtp://example.com + +See further examples and details in the MANUAL. diff --git a/libs/curl/docs/cmdline-opts/ftp-account.d b/libs/curl/docs/cmdline-opts/ftp-account.d deleted file mode 100644 index e47b44cb..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-account.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: ftp-account -Arg: -Help: Account data string -Protocols: FTP -Added: 7.13.0 -Category: ftp auth -Example: --ftp-account "mr.robot" ftp://example.com/ -See-also: user ---- -When an FTP server asks for "account data" after user name and password has -been provided, this data is sent off using the ACCT command. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/ftp-account.md b/libs/curl/docs/cmdline-opts/ftp-account.md new file mode 100644 index 00000000..e275349d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-account.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-account +Arg: +Help: Account data string +Protocols: FTP +Added: 7.13.0 +Category: ftp auth +Multi: single +See-also: + - user +Example: + - --ftp-account "mr.robot" ftp://example.com/ +--- + +# `--ftp-account` + +When an FTP server asks for "account data" after username and password has +been provided, this data is sent off using the ACCT command. diff --git a/libs/curl/docs/cmdline-opts/ftp-alternative-to-user.d b/libs/curl/docs/cmdline-opts/ftp-alternative-to-user.d deleted file mode 100644 index fdf3b417..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-alternative-to-user.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: ftp-alternative-to-user -Arg: -Help: String to replace USER [name] -Protocols: FTP -Added: 7.15.5 -Category: ftp -Example: --ftp-alternative-to-user "U53r" ftp://example.com -See-also: ftp-account user ---- -If authenticating with the USER and PASS commands fails, send this command. -When connecting to Tumbleweed's Secure Transport server over FTPS using a -client certificate, using "SITE AUTH" will tell the server to retrieve the -username from the certificate. diff --git a/libs/curl/docs/cmdline-opts/ftp-alternative-to-user.md b/libs/curl/docs/cmdline-opts/ftp-alternative-to-user.md new file mode 100644 index 00000000..9bd36860 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-alternative-to-user.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-alternative-to-user +Arg: +Help: String to replace USER [name] +Protocols: FTP +Added: 7.15.5 +Category: ftp +Multi: single +See-also: + - ftp-account + - user +Example: + - --ftp-alternative-to-user "U53r" ftp://example.com +--- + +# `--ftp-alternative-to-user` + +If authenticating with the USER and PASS commands fails, send this command. +When connecting to Tumbleweed's Secure Transport server over FTPS using a +client certificate, using "SITE AUTH" tells the server to retrieve the +username from the certificate. diff --git a/libs/curl/docs/cmdline-opts/ftp-create-dirs.d b/libs/curl/docs/cmdline-opts/ftp-create-dirs.d deleted file mode 100644 index 9b859501..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-create-dirs.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: ftp-create-dirs -Protocols: FTP SFTP -Help: Create the remote dirs if not present -See-also: create-dirs -Category: ftp sftp curl -Example: --ftp-create-dirs -T file ftp://example.com/remote/path/file -Added: 7.10.7 ---- -When an FTP or SFTP URL/operation uses a path that does not currently exist on -the server, the standard behavior of curl is to fail. Using this option, curl -will instead attempt to create missing directories. diff --git a/libs/curl/docs/cmdline-opts/ftp-create-dirs.md b/libs/curl/docs/cmdline-opts/ftp-create-dirs.md new file mode 100644 index 00000000..3e851cca --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-create-dirs.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-create-dirs +Protocols: FTP SFTP +Help: Create the remote dirs if not present +Category: ftp sftp +Added: 7.10.7 +Multi: boolean +See-also: + - create-dirs +Example: + - --ftp-create-dirs -T file ftp://example.com/remote/path/file +--- + +# `--ftp-create-dirs` + +When an FTP or SFTP URL/operation uses a path that does not currently exist on +the server, the standard behavior of curl is to fail. Using this option, curl +instead attempts to create missing directories. diff --git a/libs/curl/docs/cmdline-opts/ftp-method.d b/libs/curl/docs/cmdline-opts/ftp-method.d deleted file mode 100644 index 0d69356c..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-method.d +++ /dev/null @@ -1,26 +0,0 @@ -Long: ftp-method -Arg: -Help: Control CWD usage -Protocols: FTP -Added: 7.15.1 -Category: ftp -Example: --ftp-method multicwd ftp://example.com/dir1/dir2/file -Example: --ftp-method nocwd ftp://example.com/dir1/dir2/file -Example: --ftp-method singlecwd ftp://example.com/dir1/dir2/file -See-also: list-only ---- -Control what method curl should use to reach a file on an FTP(S) -server. The method argument should be one of the following alternatives: -.RS -.IP multicwd -curl does a single CWD operation for each path part in the given URL. For deep -hierarchies this means many commands. This is how RFC 1738 says it should -be done. This is the default but the slowest behavior. -.IP nocwd -curl does no CWD at all. curl will do SIZE, RETR, STOR etc and give a full -path to the server for all these commands. This is the fastest behavior. -.IP singlecwd -curl does one CWD with the full target directory and then operates on the file -\&"normally" (like in the multicwd case). This is somewhat more standards -compliant than 'nocwd' but without the full penalty of 'multicwd'. -.RE diff --git a/libs/curl/docs/cmdline-opts/ftp-method.md b/libs/curl/docs/cmdline-opts/ftp-method.md new file mode 100644 index 00000000..d2bff21d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-method.md @@ -0,0 +1,36 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-method +Arg: +Help: Control CWD usage +Protocols: FTP +Added: 7.15.1 +Category: ftp +Multi: single +See-also: + - list-only +Example: + - --ftp-method multicwd ftp://example.com/dir1/dir2/file + - --ftp-method nocwd ftp://example.com/dir1/dir2/file + - --ftp-method singlecwd ftp://example.com/dir1/dir2/file +--- + +# `--ftp-method` + +Control what method curl should use to reach a file on an FTP(S) +server. The method argument should be one of the following alternatives: + +## multicwd +Do a single CWD operation for each path part in the given URL. For deep +hierarchies this means many commands. This is how RFC 1738 says it should be +done. This is the default but the slowest behavior. + +## nocwd +Do no CWD at all. curl does SIZE, RETR, STOR etc and gives the full path to +the server for each of these commands. This is the fastest behavior. + +## singlecwd +Do one CWD with the full target directory and then operate on the file +"normally" (like in the multicwd case). This is somewhat more standards +compliant than `nocwd` but without the full penalty of `multicwd`. diff --git a/libs/curl/docs/cmdline-opts/ftp-pasv.d b/libs/curl/docs/cmdline-opts/ftp-pasv.d deleted file mode 100644 index 8c6c9799..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-pasv.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: ftp-pasv -Help: Use PASV/EPSV instead of PORT -Protocols: FTP -Added: 7.11.0 -See-also: disable-epsv -Category: ftp -Example: --ftp-pasv ftp://example.com/ ---- -Use passive mode for the data connection. Passive is the internal default -behavior, but using this option can be used to override a previous --ftp-port -option. - -If this option is used several times, only the first one is used. Undoing an -enforced passive really is not doable but you must then instead enforce the -correct --ftp-port again. - -Passive mode means that curl will try the EPSV command first and then PASV, -unless --disable-epsv is used. diff --git a/libs/curl/docs/cmdline-opts/ftp-pasv.md b/libs/curl/docs/cmdline-opts/ftp-pasv.md new file mode 100644 index 00000000..964f9769 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-pasv.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-pasv +Help: Send PASV/EPSV instead of PORT +Protocols: FTP +Added: 7.11.0 +Category: ftp +Multi: boolean +See-also: + - disable-epsv +Example: + - --ftp-pasv ftp://example.com/ +--- + +# `--ftp-pasv` + +Use passive mode for the data connection. Passive is the internal default +behavior, but using this option can be used to override a previous --ftp-port +option. + +Reversing an enforced passive really is not doable but you must then instead +enforce the correct --ftp-port again. + +Passive mode means that curl tries the EPSV command first and then PASV, +unless --disable-epsv is used. diff --git a/libs/curl/docs/cmdline-opts/ftp-port.d b/libs/curl/docs/cmdline-opts/ftp-port.d deleted file mode 100644 index cb6ab2a9..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-port.d +++ /dev/null @@ -1,38 +0,0 @@ -Long: ftp-port -Arg:
-Help: Use PORT instead of PASV -Short: P -Protocols: FTP -See-also: ftp-pasv disable-eprt -Category: ftp -Example: -P - ftp:/example.com -Example: -P eth0 ftp:/example.com -Example: -P 192.168.0.2 ftp:/example.com -Added: 4.0 ---- -Reverses the default initiator/listener roles when connecting with FTP. This -option makes curl use active mode. curl then tells the server to connect back -to the client's specified address and port, while passive mode asks the server -to setup an IP address and port for it to connect to.
should be one -of: -.RS -.IP interface -e.g. "eth0" to specify which interface's IP address you want to use (Unix only) -.IP "IP address" -e.g. "192.168.10.1" to specify the exact IP address -.IP "host name" -e.g. "my.host.domain" to specify the machine -.IP "-" -make curl pick the same IP address that is already used for the control -connection -.RE - -If this option is used several times, the last one will be used. Disable the -use of PORT with --ftp-pasv. Disable the attempt to use the EPRT command -instead of PORT by using --disable-eprt. EPRT is really PORT++. - -You can also append \&":[start]-[end]\&" to the right of the address, to tell -curl what TCP port range to use. That means you specify a port range, from a -lower to a higher number. A single number works as well, but do note that it -increases the risk of failure since the port may not be available. -(Added in 7.19.5) diff --git a/libs/curl/docs/cmdline-opts/ftp-port.md b/libs/curl/docs/cmdline-opts/ftp-port.md new file mode 100644 index 00000000..ff6d41c1 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-port.md @@ -0,0 +1,51 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-port +Arg:
+Help: Send PORT instead of PASV +Short: P +Protocols: FTP +Category: ftp +Added: 4.0 +Multi: single +See-also: + - ftp-pasv + - disable-eprt +Example: + - -P - ftp:/example.com + - -P eth0 ftp:/example.com + - -P 192.168.0.2 ftp:/example.com +--- + +# `--ftp-port` + +Reverses the default initiator/listener roles when connecting with FTP. This +option makes curl use active mode. curl then commands the server to connect +back to the client's specified address and port, while passive mode asks the +server to setup an IP address and port for it to connect to. \ +should be one of: + +## interface +e.g. **eth0** to specify which interface's IP address you want to use (Unix only) + +## IP address +e.g. **192.168.10.1** to specify the exact IP address + +## hostname +e.g. **my.host.domain** to specify the machine + +## - +make curl pick the same IP address that is already used for the control +connection. This is the recommended choice. + +## + +Disable the use of PORT with --ftp-pasv. Disable the attempt to use the EPRT +command instead of PORT by using --disable-eprt. EPRT is really PORT++. + +You can also append ":[start]-[end]" to the right of the address, to tell +curl what TCP port range to use. That means you specify a port range, from a +lower to a higher number. A single number works as well, but do note that it +increases the risk of failure since the port may not be available. +(Added in 7.19.5) diff --git a/libs/curl/docs/cmdline-opts/ftp-pret.d b/libs/curl/docs/cmdline-opts/ftp-pret.d deleted file mode 100644 index 8d9d7749..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-pret.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: ftp-pret -Help: Send PRET before PASV -Protocols: FTP -Added: 7.20.0 -Category: ftp -Example: --ftp-pret ftp://example.com/ -See-also: ftp-port ftp-pasv ---- -Tell curl to send a PRET command before PASV (and EPSV). Certain FTP servers, -mainly drftpd, require this non-standard command for directory listings as -well as up and downloads in PASV mode. diff --git a/libs/curl/docs/cmdline-opts/ftp-pret.md b/libs/curl/docs/cmdline-opts/ftp-pret.md new file mode 100644 index 00000000..48c48e3e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-pret.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-pret +Help: Send PRET before PASV +Protocols: FTP +Added: 7.20.0 +Category: ftp +Multi: boolean +See-also: + - ftp-port + - ftp-pasv +Example: + - --ftp-pret ftp://example.com/ +--- + +# `--ftp-pret` + +Send a PRET command before PASV (and EPSV). Certain FTP servers, mainly +drftpd, require this non-standard command for directory listings as well as up +and downloads in PASV mode. diff --git a/libs/curl/docs/cmdline-opts/ftp-skip-pasv-ip.d b/libs/curl/docs/cmdline-opts/ftp-skip-pasv-ip.d deleted file mode 100644 index 36f9e6da..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-skip-pasv-ip.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: ftp-skip-pasv-ip -Help: Skip the IP address for PASV -Protocols: FTP -Added: 7.14.2 -See-also: ftp-pasv -Category: ftp -Example: --ftp-skip-pasv-ip ftp://example.com/ ---- -Tell curl to not use the IP address the server suggests in its response -to curl's PASV command when curl connects the data connection. Instead curl -will re-use the same IP address it already uses for the control -connection. - -Since curl 7.74.0 this option is enabled by default. - -This option has no effect if PORT, EPRT or EPSV is used instead of PASV. diff --git a/libs/curl/docs/cmdline-opts/ftp-skip-pasv-ip.md b/libs/curl/docs/cmdline-opts/ftp-skip-pasv-ip.md new file mode 100644 index 00000000..dfa546d1 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-skip-pasv-ip.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-skip-pasv-ip +Help: Skip the IP address for PASV +Protocols: FTP +Added: 7.14.2 +Category: ftp +Multi: boolean +See-also: + - ftp-pasv +Example: + - --ftp-skip-pasv-ip ftp://example.com/ +--- + +# `--ftp-skip-pasv-ip` + +Do not use the IP address the server suggests in its response to curl's PASV +command when curl connects the data connection. Instead curl reuses the same +IP address it already uses for the control connection. + +This option is enabled by default (added in 7.74.0). + +This option has no effect if PORT, EPRT or EPSV is used instead of PASV. diff --git a/libs/curl/docs/cmdline-opts/ftp-ssl-ccc-mode.d b/libs/curl/docs/cmdline-opts/ftp-ssl-ccc-mode.d deleted file mode 100644 index 15ad1f54..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-ssl-ccc-mode.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: ftp-ssl-ccc-mode -Arg: -Help: Set CCC mode -Protocols: FTP -Added: 7.16.2 -See-also: ftp-ssl-ccc -Category: ftp tls -Example: --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/ ---- -Sets the CCC mode. The passive mode will not initiate the shutdown, but -instead wait for the server to do it, and will not reply to the shutdown from -the server. The active mode initiates the shutdown and waits for a reply from -the server. diff --git a/libs/curl/docs/cmdline-opts/ftp-ssl-ccc-mode.md b/libs/curl/docs/cmdline-opts/ftp-ssl-ccc-mode.md new file mode 100644 index 00000000..5f428dc0 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-ssl-ccc-mode.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-ssl-ccc-mode +Arg: +Help: Set CCC mode +Protocols: FTP +Added: 7.16.2 +Category: ftp tls +Multi: boolean +See-also: + - ftp-ssl-ccc +Example: + - --ftp-ssl-ccc-mode active --ftp-ssl-ccc ftps://example.com/ +--- + +# `--ftp-ssl-ccc-mode` + +Sets the CCC mode. The passive mode does not initiate the shutdown, but +instead waits for the server to do it, and does not reply to the shutdown from +the server. The active mode initiates the shutdown and waits for a reply from +the server. diff --git a/libs/curl/docs/cmdline-opts/ftp-ssl-ccc.d b/libs/curl/docs/cmdline-opts/ftp-ssl-ccc.d deleted file mode 100644 index bfaf431b..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-ssl-ccc.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: ftp-ssl-ccc -Help: Send CCC after authenticating -Protocols: FTP -See-also: ssl ftp-ssl-ccc-mode -Added: 7.16.1 -Category: ftp tls -Example: --ftp-ssl-ccc ftps://example.com/ ---- -Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after -authenticating. The rest of the control channel communication will be -unencrypted. This allows NAT routers to follow the FTP transaction. The -default mode is passive. diff --git a/libs/curl/docs/cmdline-opts/ftp-ssl-ccc.md b/libs/curl/docs/cmdline-opts/ftp-ssl-ccc.md new file mode 100644 index 00000000..d477606f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-ssl-ccc.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-ssl-ccc +Help: Send CCC after authenticating +Protocols: FTP +Added: 7.16.1 +Category: ftp tls +Multi: boolean +See-also: + - ssl + - ftp-ssl-ccc-mode +Example: + - --ftp-ssl-ccc ftps://example.com/ +--- + +# `--ftp-ssl-ccc` + +Use CCC (Clear Command Channel) Shuts down the SSL/TLS layer after +authenticating. The rest of the control channel communication is be +unencrypted. This allows NAT routers to follow the FTP transaction. The +default mode is passive. diff --git a/libs/curl/docs/cmdline-opts/ftp-ssl-control.d b/libs/curl/docs/cmdline-opts/ftp-ssl-control.d deleted file mode 100644 index 7221b996..00000000 --- a/libs/curl/docs/cmdline-opts/ftp-ssl-control.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: ftp-ssl-control -Help: Require SSL/TLS for FTP login, clear for transfer -Protocols: FTP -Added: 7.16.0 -Category: ftp tls -Example: --ftp-ssl-control ftp://example.com -See-also: ssl ---- -Require SSL/TLS for the FTP login, clear for transfer. Allows secure -authentication, but non-encrypted data transfers for efficiency. Fails the -transfer if the server does not support SSL/TLS. diff --git a/libs/curl/docs/cmdline-opts/ftp-ssl-control.md b/libs/curl/docs/cmdline-opts/ftp-ssl-control.md new file mode 100644 index 00000000..a68359a7 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ftp-ssl-control.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ftp-ssl-control +Help: Require TLS for login, clear for transfer +Protocols: FTP +Added: 7.16.0 +Category: ftp tls +Multi: boolean +See-also: + - ssl +Example: + - --ftp-ssl-control ftp://example.com +--- + +# `--ftp-ssl-control` + +Require SSL/TLS for the FTP login, clear for transfer. Allows secure +authentication, but non-encrypted data transfers for efficiency. Fails the +transfer if the server does not support SSL/TLS. diff --git a/libs/curl/docs/cmdline-opts/gen.pl b/libs/curl/docs/cmdline-opts/gen.pl deleted file mode 100755 index 3d15f1b5..00000000 --- a/libs/curl/docs/cmdline-opts/gen.pl +++ /dev/null @@ -1,607 +0,0 @@ -#!/usr/bin/env perl -#*************************************************************************** -# _ _ ____ _ -# Project ___| | | | _ \| | -# / __| | | | |_) | | -# | (__| |_| | _ <| |___ -# \___|\___/|_| \_\_____| -# -# Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -# -# This software is licensed as described in the file COPYING, which -# you should have received as part of this distribution. The terms -# are also available at https://curl.se/docs/copyright.html. -# -# You may opt to use, copy, modify, merge, publish, distribute and/or sell -# copies of the Software, and permit persons to whom the Software is -# furnished to do so, under the terms of the COPYING file. -# -# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -# KIND, either express or implied. -# -########################################################################### - -=begin comment - -This script generates the manpage. - -Example: gen.pl [files] > curl.1 - -Dev notes: - -We open *input* files in :crlf translation (a no-op on many platforms) in -case we have CRLF line endings in Windows but a perl that defaults to LF. -Unfortunately it seems some perls like msysgit can't handle a global input-only -:crlf so it has to be specified on each file open for text input. - -=end comment -=cut - -my %optshort; -my %optlong; -my %helplong; -my %arglong; -my %redirlong; -my %protolong; -my %catlong; - -use POSIX qw(strftime); -my $date = strftime "%B %d %Y", localtime; -my $year = strftime "%Y", localtime; -my $version = "unknown"; - -open(INC, "<../../include/curl/curlver.h"); -while() { - if($_ =~ /^#define LIBCURL_VERSION \"([0-9.]*)/) { - $version = $1; - last; - } -} -close(INC); - -# get the long name version, return the man page string -sub manpageify { - my ($k)=@_; - my $l; - if($optlong{$k} ne "") { - # both short + long - $l = "\\fI-".$optlong{$k}.", --$k\\fP"; - } - else { - # only long - $l = "\\fI--$k\\fP"; - } - return $l; -} - -sub printdesc { - my @desc = @_; - my $exam = 0; - for my $d (@desc) { - if($d =~ /\(Added in ([0-9.]+)\)/i) { - my $ver = $1; - if(too_old($ver)) { - $d =~ s/ *\(Added in $ver\)//gi; - } - } - if($d !~ /^.\\"/) { - # **bold** - $d =~ s/\*\*([^ ]*)\*\*/\\fB$1\\fP/g; - # *italics* - $d =~ s/\*([^ ]*)\*/\\fI$1\\fP/g; - } - if(!$exam && ($d =~ /^ /)) { - # start of example - $exam = 1; - print ".nf\n"; # no-fill - } - elsif($exam && ($d !~ /^ /)) { - # end of example - $exam = 0; - print ".fi\n"; # fill-in - } - # skip lines starting with space (examples) - if($d =~ /^[^ ]/) { - for my $k (keys %optlong) { - my $l = manpageify($k); - $d =~ s/--$k([^a-z0-9_-])/$l$1/; - } - } - # quote "bare" minuses in the output - $d =~ s/( |\\fI|^)--/$1\\-\\-/g; - $d =~ s/([ -]|\\fI|^)-/$1\\-/g; - # handle single quotes first on the line - $d =~ s/(\s*)\'/$1\\(aq/; - print $d; - } -} - -sub seealso { - my($standalone, $data)=@_; - if($standalone) { - return sprintf - ".SH \"SEE ALSO\"\n$data\n"; - } - else { - return "See also $data. "; - } -} - -sub overrides { - my ($standalone, $data)=@_; - if($standalone) { - return ".SH \"OVERRIDES\"\n$data\n"; - } - else { - return $data; - } -} - -sub protocols { - my ($standalone, $data)=@_; - if($standalone) { - return ".SH \"PROTOCOLS\"\n$data\n"; - } - else { - return "($data) "; - } -} - -sub too_old { - my ($version)=@_; - my $a = 999999; - if($version =~ /^(\d+)\.(\d+)\.(\d+)/) { - $a = $1 * 1000 + $2 * 10 + $3; - } - elsif($version =~ /^(\d+)\.(\d+)/) { - $a = $1 * 1000 + $2 * 10; - } - if($a < 7300) { - # we consider everything before 7.30.0 to be too old to mention - # specific changes for - return 1; - } - return 0; -} - -sub added { - my ($standalone, $data)=@_; - if(too_old($data)) { - # don't mention ancient additions - return ""; - } - if($standalone) { - return ".SH \"ADDED\"\nAdded in curl version $data\n"; - } - else { - return "Added in $data. "; - } -} - -sub single { - my ($f, $standalone)=@_; - open(F, "<:crlf", "$f") || - return 1; - my $short; - my $long; - my $tags; - my $added; - my $protocols; - my $arg; - my $mutexed; - my $requires; - my $category; - my $seealso; - my @examples; # there can be more than one - my $magic; # cmdline special option - my $line; - while() { - $line++; - if(/^Short: *(.)/i) { - $short=$1; - } - elsif(/^Long: *(.*)/i) { - $long=$1; - } - elsif(/^Added: *(.*)/i) { - $added=$1; - } - elsif(/^Tags: *(.*)/i) { - $tags=$1; - } - elsif(/^Arg: *(.*)/i) { - $arg=$1; - } - elsif(/^Magic: *(.*)/i) { - $magic=$1; - } - elsif(/^Mutexed: *(.*)/i) { - $mutexed=$1; - } - elsif(/^Protocols: *(.*)/i) { - $protocols=$1; - } - elsif(/^See-also: *(.*)/i) { - $seealso=$1; - } - elsif(/^Requires: *(.*)/i) { - $requires=$1; - } - elsif(/^Category: *(.*)/i) { - $category=$1; - } - elsif(/^Example: *(.*)/i) { - push @examples, $1; - } - elsif(/^Help: *(.*)/i) { - ; - } - elsif(/^---/) { - if(!$long) { - print STDERR "ERROR: no 'Long:' in $f\n"; - return 1; - } - if(!$category) { - print STDERR "ERROR: no 'Category:' in $f\n"; - return 2; - } - if(!$examples[0]) { - print STDERR "$f:$line:1:ERROR: no 'Example:' present\n"; - return 2; - } - if(!$added) { - print STDERR "$f:$line:1:ERROR: no 'Added:' version present\n"; - return 2; - } - if(!$seealso) { - print STDERR "$f:$line:1:ERROR: no 'See-also:' field present\n"; - return 2; - } - last; - } - else { - chomp; - print STDERR "WARN: unrecognized line in $f, ignoring:\n:'$_';" - } - } - my @desc; - while() { - push @desc, $_; - } - close(F); - my $opt; - if(defined($short) && $long) { - $opt = "-$short, --$long"; - } - elsif($short && !$long) { - $opt = "-$short"; - } - elsif($long && !$short) { - $opt = "--$long"; - } - - if($arg) { - $opt .= " $arg"; - } - - # quote "bare" minuses in opt - $opt =~ s/( |^)--/$1\\-\\-/g; - $opt =~ s/( |^)-/$1\\-/g; - if($standalone) { - print ".TH curl 1 \"30 Nov 2016\" \"curl 7.52.0\" \"curl manual\"\n"; - print ".SH OPTION\n"; - print "curl $opt\n"; - } - else { - print ".IP \"$opt\"\n"; - } - if($protocols) { - print protocols($standalone, $protocols); - } - - if($standalone) { - print ".SH DESCRIPTION\n"; - } - - printdesc(@desc); - undef @desc; - - my @foot; - if($seealso) { - my @m=split(/ /, $seealso); - my $mstr; - my $and = 0; - my $num = scalar(@m); - if($num > 2) { - # use commas up to this point - $and = $num - 1; - } - my $i = 0; - for my $k (@m) { - if(!$helplong{$k}) { - print STDERR "$f:$line:1:WARN: see-also a non-existing option: $k\n"; - } - my $l = manpageify($k); - my $sep = " and"; - if($and && ($i < $and)) { - $sep = ","; - } - $mstr .= sprintf "%s$l", $mstr?"$sep ":""; - $i++; - } - push @foot, seealso($standalone, $mstr); - } - if($requires) { - my $l = manpageify($long); - push @foot, "$l requires that the underlying libcurl". - " was built to support $requires. "; - } - if($mutexed) { - my @m=split(/ /, $mutexed); - my $mstr; - for my $k (@m) { - if(!$helplong{$k}) { - print STDERR "WARN: $f mutexes a non-existing option: $k\n"; - } - my $l = manpageify($k); - $mstr .= sprintf "%s$l", $mstr?" and ":""; - } - push @foot, overrides($standalone, "This option overrides $mstr. "); - } - if($examples[0]) { - my $s =""; - $s="s" if($examples[1]); - print "\nExample$s:\n.nf\n"; - foreach my $e (@examples) { - $e =~ s!\$URL!https://example.com!g; - print " curl $e\n"; - } - print ".fi\n"; - } - if($added) { - push @foot, added($standalone, $added); - } - if($foot[0]) { - print "\n"; - my $f = join("", @foot); - $f =~ s/ +\z//; # remove trailing space - print "$f\n"; - } - return 0; -} - -sub getshortlong { - my ($f)=@_; - open(F, "<:crlf", "$f"); - my $short; - my $long; - my $help; - my $arg; - my $protocols; - my $category; - while() { - if(/^Short: (.)/i) { - $short=$1; - } - elsif(/^Long: (.*)/i) { - $long=$1; - } - elsif(/^Help: (.*)/i) { - $help=$1; - } - elsif(/^Arg: (.*)/i) { - $arg=$1; - } - elsif(/^Protocols: (.*)/i) { - $protocols=$1; - } - elsif(/^Category: (.*)/i) { - $category=$1; - } - elsif(/^---/) { - last; - } - } - close(F); - if($short) { - $optshort{$short}=$long; - } - if($long) { - $optlong{$long}=$short; - $helplong{$long}=$help; - $arglong{$long}=$arg; - $protolong{$long}=$protocols; - $catlong{$long}=$category; - } -} - -sub indexoptions { - my (@files) = @_; - foreach my $f (@files) { - getshortlong($f); - } -} - -sub header { - my ($f)=@_; - open(F, "<:crlf", "$f"); - my @d; - while() { - s/%DATE/$date/g; - s/%VERSION/$version/g; - push @d, $_; - } - close(F); - printdesc(@d); -} - -sub listhelp { - print <, et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ -#include "tool_setup.h" -#include "tool_help.h" - -/* - * DO NOT edit tool_listhelp.c manually. - * This source file is generated with the following command: - - cd \$srcroot/docs/cmdline-opts - ./gen.pl listhelp *.d > \$srcroot/src/tool_listhelp.c - */ - -const struct helptxt helptext[] = { -HEAD - ; - foreach my $f (sort keys %helplong) { - my $long = $f; - my $short = $optlong{$long}; - my @categories = split ' ', $catlong{$long}; - my $bitmask; - my $opt; - - if(defined($short) && $long) { - $opt = "-$short, --$long"; - } - elsif($long && !$short) { - $opt = " --$long"; - } - for my $i (0 .. $#categories) { - $bitmask .= 'CURLHELP_' . uc $categories[$i]; - # If not last element, append | - if($i < $#categories) { - $bitmask .= ' | '; - } - } - my $arg = $arglong{$long}; - if($arg) { - $opt .= " $arg"; - } - my $desc = $helplong{$f}; - $desc =~ s/\"/\\\"/g; # escape double quotes - - my $line = sprintf " {\"%s\",\n \"%s\",\n %s},\n", $opt, $desc, $bitmask; - - if(length($opt) > 78) { - print STDERR "WARN: the --$long name is too long\n"; - } - elsif(length($desc) > 78) { - print STDERR "WARN: the --$long description is too long\n"; - } - print $line; - } - print < [files]\n"; -} - -#------------------------------------------------------------------------ - -my $cmd = shift @ARGV; -my @files = @ARGV; # the rest are the files - -# learn all existing options -indexoptions(@files); - -getargs($cmd, @files); diff --git a/libs/curl/docs/cmdline-opts/get.d b/libs/curl/docs/cmdline-opts/get.d deleted file mode 100644 index 3920d686..00000000 --- a/libs/curl/docs/cmdline-opts/get.d +++ /dev/null @@ -1,21 +0,0 @@ -Long: get -Short: G -Help: Put the post data in the URL and use GET -Category: http upload -Example: --get $URL -Example: --get -d "tool=curl" -d "age=old" $URL -Example: --get -I -d "tool=curl" $URL -Added: 7.8.1 -See-also: data request ---- -When used, this option will make all data specified with --data, --data-binary -or --data-urlencode to be used in an HTTP GET request instead of the POST -request that otherwise would be used. The data will be appended to the URL -with a '?' separator. - -If used in combination with --head, the POST data will instead be appended to -the URL with a HEAD request. - -If this option is used several times, only the first one is used. This is -because undoing a GET does not make sense, but you should then instead enforce -the alternative method you prefer. diff --git a/libs/curl/docs/cmdline-opts/get.md b/libs/curl/docs/cmdline-opts/get.md new file mode 100644 index 00000000..ac0560ab --- /dev/null +++ b/libs/curl/docs/cmdline-opts/get.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: get +Short: G +Help: Put the post data in the URL and use GET +Protocols: HTTP +Category: http +Added: 7.8.1 +Multi: boolean +See-also: + - data + - request +Example: + - --get $URL + - --get -d "tool=curl" -d "age=old" $URL + - --get -I -d "tool=curl" $URL +--- + +# `--get` + +When used, this option makes all data specified with --data, --data-binary or +--data-urlencode to be used in an HTTP GET request instead of the POST request +that otherwise would be used. curl appends the provided data to the URL as a +query string. + +If used in combination with --head, the POST data is instead appended to the +URL with a HEAD request. diff --git a/libs/curl/docs/cmdline-opts/globoff.d b/libs/curl/docs/cmdline-opts/globoff.d deleted file mode 100644 index 7660c8b7..00000000 --- a/libs/curl/docs/cmdline-opts/globoff.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: globoff -Short: g -Help: Disable URL sequences and ranges using {} and [] -Category: curl -Example: -g "https://example.com/{[]}}}}" -Added: 7.6 -See-also: config disable ---- -This option switches off the "URL globbing parser". When you set this option, -you can specify URLs that contain the letters {}[] without having curl itself -interpret them. Note that these letters are not normal legal URL contents but -they should be encoded according to the URI standard. diff --git a/libs/curl/docs/cmdline-opts/globoff.md b/libs/curl/docs/cmdline-opts/globoff.md new file mode 100644 index 00000000..3c8c3414 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/globoff.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: globoff +Short: g +Help: Disable URL globbing with {} and [] +Category: curl +Added: 7.6 +Multi: boolean +See-also: + - config + - disable +Example: + - -g "https://example.com/{[]}}}}" +--- + +# `--globoff` + +Switch off the URL globbing function. When you set this option, you can +specify URLs that contain the letters {}[] without having curl itself +interpret them. Note that these letters are not normal legal URL contents but +they should be encoded according to the URI standard. diff --git a/libs/curl/docs/cmdline-opts/happy-eyeballs-timeout-ms.d b/libs/curl/docs/cmdline-opts/happy-eyeballs-timeout-ms.d deleted file mode 100644 index 6897a69a..00000000 --- a/libs/curl/docs/cmdline-opts/happy-eyeballs-timeout-ms.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: happy-eyeballs-timeout-ms -Arg: -Help: Time for IPv6 before trying IPv4 -Added: 7.59.0 -Category: connection -Example: --happy-eyeballs-timeout-ms 500 $URL -See-also: max-time connect-timeout ---- -Happy Eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6 -addresses for dual-stack hosts, giving IPv6 a head-start of the specified -number of milliseconds. If the IPv6 address cannot be connected to within that -time, then a connection attempt is made to the IPv4 address in parallel. The -first connection to be established is the one that is used. - -The range of suggested useful values is limited. Happy Eyeballs RFC 6555 says -"It is RECOMMENDED that connection attempts be paced 150-250 ms apart to -balance human factors against network load." libcurl currently defaults to -200 ms. Firefox and Chrome currently default to 300 ms. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/happy-eyeballs-timeout-ms.md b/libs/curl/docs/cmdline-opts/happy-eyeballs-timeout-ms.md new file mode 100644 index 00000000..f4b492db --- /dev/null +++ b/libs/curl/docs/cmdline-opts/happy-eyeballs-timeout-ms.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: happy-eyeballs-timeout-ms +Arg: +Help: Time for IPv6 before IPv4 +Added: 7.59.0 +Category: connection timeout +Multi: single +See-also: + - max-time + - connect-timeout +Example: + - --happy-eyeballs-timeout-ms 500 $URL +--- + +# `--happy-eyeballs-timeout-ms` + +Happy Eyeballs is an algorithm that attempts to connect to both IPv4 and IPv6 +addresses for dual-stack hosts, giving IPv6 a head-start of the specified +number of milliseconds. If the IPv6 address cannot be connected to within that +time, then a connection attempt is made to the IPv4 address in parallel. The +first connection to be established is the one that is used. + +The range of suggested useful values is limited. Happy Eyeballs RFC 6555 says +"It is RECOMMENDED that connection attempts be paced 150-250 ms apart to +balance human factors against network load." libcurl currently defaults to +200 ms. Firefox and Chrome currently default to 300 ms. diff --git a/libs/curl/docs/cmdline-opts/haproxy-clientip.md b/libs/curl/docs/cmdline-opts/haproxy-clientip.md new file mode 100644 index 00000000..fde085a9 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/haproxy-clientip.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: haproxy-clientip +Arg: +Help: Set address in HAProxy PROXY +Protocols: HTTP +Added: 8.2.0 +Category: http proxy +Multi: single +See-also: + - proxy +Example: + - --haproxy-clientip $IP +--- + +# `--haproxy-clientip` + +Sets a client IP in HAProxy PROXY protocol v1 header at the beginning of the +connection. + +For valid requests, IPv4 addresses must be indicated as a series of exactly +4 integers in the range [0..255] inclusive written in decimal representation +separated by exactly one dot between each other. Heading zeroes are not +permitted in front of numbers in order to avoid any possible confusion +with octal numbers. IPv6 addresses must be indicated as series of 4 hexadecimal +digits (upper or lower case) delimited by colons between each other, with the +acceptance of one double colon sequence to replace the largest acceptable range +of consecutive zeroes. The total number of decoded bits must exactly be 128. + +Otherwise, any string can be accepted for the client IP and get sent. + +It replaces --haproxy-protocol if used, it is not necessary to specify both flags. diff --git a/libs/curl/docs/cmdline-opts/haproxy-protocol.d b/libs/curl/docs/cmdline-opts/haproxy-protocol.d deleted file mode 100644 index 792db676..00000000 --- a/libs/curl/docs/cmdline-opts/haproxy-protocol.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: haproxy-protocol -Help: Send HAProxy PROXY protocol v1 header -Protocols: HTTP -Added: 7.60.0 -Category: http proxy -Example: --haproxy-protocol $URL -See-also: proxy ---- -Send a HAProxy PROXY protocol v1 header at the beginning of the -connection. This is used by some load balancers and reverse proxies to -indicate the client's true IP address and port. - -This option is primarily useful when sending test requests to a service that -expects this header. diff --git a/libs/curl/docs/cmdline-opts/haproxy-protocol.md b/libs/curl/docs/cmdline-opts/haproxy-protocol.md new file mode 100644 index 00000000..26456c80 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/haproxy-protocol.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: haproxy-protocol +Help: Send HAProxy PROXY protocol v1 header +Protocols: HTTP +Added: 7.60.0 +Category: http proxy +Multi: boolean +See-also: + - proxy +Example: + - --haproxy-protocol $URL +--- + +# `--haproxy-protocol` + +Send a HAProxy PROXY protocol v1 header at the beginning of the connection. +This is used by some load balancers and reverse proxies to indicate the +client's true IP address and port. + +This option is primarily useful when sending test requests to a service that +expects this header. diff --git a/libs/curl/docs/cmdline-opts/head.d b/libs/curl/docs/cmdline-opts/head.d deleted file mode 100644 index c659337f..00000000 --- a/libs/curl/docs/cmdline-opts/head.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: head -Short: I -Help: Show document info only -Protocols: HTTP FTP FILE -Category: http ftp file -Example: -I $URL -Added: 4.0 -See-also: get verbose trace-ascii ---- -Fetch the headers only! HTTP-servers feature the command HEAD which this uses -to get nothing but the header of a document. When used on an FTP or FILE file, -curl displays the file size and last modification time only. diff --git a/libs/curl/docs/cmdline-opts/head.md b/libs/curl/docs/cmdline-opts/head.md new file mode 100644 index 00000000..be4dbb87 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/head.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: head +Short: I +Help: Show document info only +Protocols: HTTP FTP FILE +Category: http ftp file +Added: 4.0 +Multi: boolean +See-also: + - get + - verbose + - trace-ascii +Example: + - -I $URL +--- + +# `--head` + +Fetch the headers only! HTTP-servers feature the command HEAD which this uses +to get nothing but the header of a document. When used on an FTP or FILE file, +curl displays the file size and last modification time only. diff --git a/libs/curl/docs/cmdline-opts/header.d b/libs/curl/docs/cmdline-opts/header.d deleted file mode 100644 index 143f426c..00000000 --- a/libs/curl/docs/cmdline-opts/header.d +++ /dev/null @@ -1,44 +0,0 @@ -Long: header -Short: H -Arg:
-Help: Pass custom header(s) to server -Protocols: HTTP -Category: http -See-also: user-agent referer -Example: -H "X-First-Name: Joe" $URL -Example: -H "User-Agent: yes-please/2000" $URL -Example: -H "Host:" $URL -Added: 5.0 ---- -Extra header to include in the request when sending HTTP to a server. You may -specify any number of extra headers. Note that if you should add a custom -header that has the same name as one of the internal ones curl would use, your -externally set header will be used instead of the internal one. This allows -you to make even trickier stuff than curl would normally do. You should not -replace internally set headers without knowing perfectly well what you are -doing. Remove an internal header by giving a replacement without content on -the right side of the colon, as in: -H \&"Host:". If you send the custom -header with no-value then its header must be terminated with a semicolon, such -as \-H \&"X-Custom-Header;" to send "X-Custom-Header:". - -curl will make sure that each header you add/replace is sent with the proper -end-of-line marker, you should thus **not** add that as a part of the header -content: do not add newlines or carriage returns, they will only mess things -up for you. - -This option can take an argument in @filename style, which then adds a header -for each line in the input file. Using @- will make curl read the header file -from stdin. Added in 7.55.0. - -You need --proxy-header to send custom headers intended for a HTTP -proxy. Added in 7.37.0. - -Passing on a "Transfer-Encoding: chunked" header when doing a HTTP request -with a request body, will make curl send the data using chunked encoding. - -**WARNING**: headers set with this option will be set in all requests - even -after redirects are followed, like when told with --location. This can lead to -the header being sent to other hosts than the original host, so sensitive -headers should be used with caution combined with following redirects. - -This option can be used multiple times to add/replace/remove multiple headers. diff --git a/libs/curl/docs/cmdline-opts/header.md b/libs/curl/docs/cmdline-opts/header.md new file mode 100644 index 00000000..17219f38 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/header.md @@ -0,0 +1,64 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: header +Short: H +Arg:
+Help: Pass custom header(s) to server +Protocols: HTTP IMAP SMTP +Category: http imap smtp +Added: 5.0 +Multi: append +See-also: + - user-agent + - referer +Example: + - -H "X-First-Name: Joe" $URL + - -H "User-Agent: yes-please/2000" $URL + - -H "Host:" $URL + - -H @headers.txt $URL +--- + +# `--header` + +Extra header to include in information sent. When used within an HTTP request, +it is added to the regular request headers. + +For an IMAP or SMTP MIME uploaded mail built with --form options, it is +prepended to the resulting MIME document, effectively including it at the mail +global level. It does not affect raw uploaded mails (Added in 7.56.0). + +You may specify any number of extra headers. Note that if you should add a +custom header that has the same name as one of the internal ones curl would +use, your externally set header is used instead of the internal one. This +allows you to make even trickier stuff than curl would normally do. You should +not replace internally set headers without knowing perfectly well what you are +doing. Remove an internal header by giving a replacement without content on +the right side of the colon, as in: -H `Host:`. If you send the custom header +with no-value then its header must be terminated with a semicolon, such as -H +`X-Custom-Header;` to send `X-Custom-Header:`. + +curl makes sure that each header you add/replace is sent with the proper +end-of-line marker, you should thus **not** add that as a part of the header +content: do not add newlines or carriage returns, they only mess things up for +you. curl passes on the verbatim string you give it without any filter or +other safe guards. That includes white space and control characters. + +This option can take an argument in @filename style, which then adds a header +for each line in the input file. Using @- makes curl read the header file from +stdin. (Added in 7.55.0) + +Please note that most anti-spam utilities check the presence and value of +several MIME mail headers: these are `From:`, `To:`, `Date:` and `Subject:` +among others and should be added with this option. + +You need --proxy-header to send custom headers intended for an HTTP proxy. +(Added in 7.37.0) + +Passing on a "Transfer-Encoding: chunked" header when doing an HTTP request +with a request body, makes curl send the data using chunked encoding. + +**WARNING**: headers set with this option are set in all HTTP requests - even +after redirects are followed, like when told with --location. This can lead to +the header being sent to other hosts than the original host, so sensitive +headers should be used with caution combined with following redirects. diff --git a/libs/curl/docs/cmdline-opts/help.d b/libs/curl/docs/cmdline-opts/help.d deleted file mode 100644 index 664c040a..00000000 --- a/libs/curl/docs/cmdline-opts/help.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: help -Arg: -Short: h -Help: Get help for commands -Category: important curl -Example: --help all -Added: 4.0 -See-also: verbose ---- -Usage help. This lists all commands of the . -If no arg was provided, curl will display the most important -command line arguments. -If the argument "all" was provided, curl will display all options available. -If the argument "category" was provided, curl will display all categories and -their meanings. diff --git a/libs/curl/docs/cmdline-opts/help.md b/libs/curl/docs/cmdline-opts/help.md new file mode 100644 index 00000000..7477a1e4 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/help.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: help +Arg: +Short: h +Help: Get help for commands +Category: important curl +Added: 4.0 +Multi: custom +See-also: + - verbose +Example: + - --help all +--- + +# `--help` + +Usage help. List all curl command line options within the given **category**. + +If no argument is provided, curl displays the most important command line +arguments. + +For category **all**, curl displays help for all options. + +If **category** is specified, curl displays all available help categories. diff --git a/libs/curl/docs/cmdline-opts/hostpubmd5.d b/libs/curl/docs/cmdline-opts/hostpubmd5.d deleted file mode 100644 index d3ea6b6f..00000000 --- a/libs/curl/docs/cmdline-opts/hostpubmd5.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: hostpubmd5 -Arg: -Help: Acceptable MD5 hash of the host public key -Protocols: SFTP SCP -Added: 7.17.1 -Category: sftp scp -Example: --hostpubmd5 e5c1c49020640a5ab0f2034854c321a8 sftp://example.com/ -See-also: hostpubsha256 ---- -Pass a string containing 32 hexadecimal digits. The string should -be the 128 bit MD5 checksum of the remote host's public key, curl will refuse -the connection with the host unless the md5sums match. diff --git a/libs/curl/docs/cmdline-opts/hostpubmd5.md b/libs/curl/docs/cmdline-opts/hostpubmd5.md new file mode 100644 index 00000000..5d480a5b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/hostpubmd5.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: hostpubmd5 +Arg: +Help: Acceptable MD5 hash of host public key +Protocols: SFTP SCP +Added: 7.17.1 +Category: sftp scp ssh +Multi: single +See-also: + - hostpubsha256 +Example: + - --hostpubmd5 e5c1c49020640a5ab0f2034854c321a8 sftp://example.com/ +--- + +# `--hostpubmd5` + +Pass a string containing 32 hexadecimal digits. The string should be the 128 +bit **MD5** checksum of the remote host's public key, curl refuses the +connection with the host unless the checksums match. diff --git a/libs/curl/docs/cmdline-opts/hostpubsha256.d b/libs/curl/docs/cmdline-opts/hostpubsha256.d deleted file mode 100644 index 2330d1a3..00000000 --- a/libs/curl/docs/cmdline-opts/hostpubsha256.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: hostpubsha256 -Arg: -Help: Acceptable SHA256 hash of the host public key -Protocols: SFTP SCP -Added: 7.80.0 -Category: sftp scp -Example: --hostpubsha256 NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ= sftp://example.com/ -See-also: hostpubmd5 ---- -Pass a string containing a Base64-encoded SHA256 hash of the remote -host's public key. Curl will refuse the connection with the host -unless the hashes match. diff --git a/libs/curl/docs/cmdline-opts/hostpubsha256.md b/libs/curl/docs/cmdline-opts/hostpubsha256.md new file mode 100644 index 00000000..35aa8ff7 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/hostpubsha256.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: hostpubsha256 +Arg: +Help: Acceptable SHA256 hash of host public key +Protocols: SFTP SCP +Added: 7.80.0 +Category: sftp scp ssh +Multi: single +See-also: + - hostpubmd5 +Example: + - --hostpubsha256 NDVkMTQxMGQ1ODdmMjQ3MjczYjAyOTY5MmRkMjVmNDQ= sftp://example.com/ +--- + +# `--hostpubsha256` + +Pass a string containing a Base64-encoded SHA256 hash of the remote host's +public key. Curl refuses the connection with the host unless the hashes match. + +This feature requires libcurl to be built with libssh2 and does not work with +other SSH backends. diff --git a/libs/curl/docs/cmdline-opts/hsts.d b/libs/curl/docs/cmdline-opts/hsts.d deleted file mode 100644 index 65526f05..00000000 --- a/libs/curl/docs/cmdline-opts/hsts.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: hsts -Arg: -Protocols: HTTPS -Help: Enable HSTS with this cache file -Added: 7.74.0 -Category: http -Example: --hsts cache.txt $URL -See-also: proto ---- -This option enables HSTS for the transfer. If the file name points to an -existing HSTS cache file, that will be used. After a completed transfer, the -cache will be saved to the file name again if it has been modified. - -Specify a "" file name (zero length) to avoid loading/saving and make curl -just handle HSTS in memory. - -If this option is used several times, curl will load contents from all the -files but the last one will be used for saving. diff --git a/libs/curl/docs/cmdline-opts/hsts.md b/libs/curl/docs/cmdline-opts/hsts.md new file mode 100644 index 00000000..9cae80c2 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/hsts.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: hsts +Arg: +Protocols: HTTPS +Help: Enable HSTS with this cache file +Added: 7.74.0 +Category: http +Multi: append +See-also: + - proto +Example: + - --hsts cache.txt $URL +--- + +# `--hsts` + +Enable HSTS for the transfer. If the filename points to an existing HSTS cache +file, that is used. After a completed transfer, the cache is saved to the +filename again if it has been modified. + +If curl is told to use HTTP:// for a transfer involving a hostname that exists +in the HSTS cache, it upgrades the transfer to use HTTPS. Each HSTS cache +entry has an individual life time after which the upgrade is no longer +performed. + +Specify a "" filename (zero length) to avoid loading/saving and make curl just +handle HSTS in memory. + +If this option is used several times, curl loads contents from all the +files but the last one is used for saving. diff --git a/libs/curl/docs/cmdline-opts/http0.9.d b/libs/curl/docs/cmdline-opts/http0.9.d deleted file mode 100644 index 5797b2d7..00000000 --- a/libs/curl/docs/cmdline-opts/http0.9.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: http0.9 -Tags: Versions -Protocols: HTTP -Help: Allow HTTP 0.9 responses -Category: http -Example: --http0.9 $URL -Added: 7.64.0 -See-also: http1.1 http2 http3 ---- -Tells curl to be fine with HTTP version 0.9 response. - -HTTP/0.9 is a completely headerless response and therefore you can also -connect with this to non-HTTP servers and still get a response since curl will -simply transparently downgrade - if allowed. - -Since curl 7.66.0, HTTP/0.9 is disabled by default. diff --git a/libs/curl/docs/cmdline-opts/http0.9.md b/libs/curl/docs/cmdline-opts/http0.9.md new file mode 100644 index 00000000..54ef3231 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/http0.9.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http0.9 +Tags: Versions +Protocols: HTTP +Help: Allow HTTP 0.9 responses +Category: http +Added: 7.64.0 +Multi: boolean +See-also: + - http1.1 + - http2 + - http3 +Example: + - --http0.9 $URL +--- + +# `--http0.9` + +Accept an HTTP version 0.9 response. + +HTTP/0.9 is a response without headers and therefore you can also connect with +this to non-HTTP servers and still get a response since curl simply +transparently downgrades - if allowed. + +HTTP/0.9 is disabled by default (added in 7.66.0) diff --git a/libs/curl/docs/cmdline-opts/http1.0.d b/libs/curl/docs/cmdline-opts/http1.0.d deleted file mode 100644 index 84e39005..00000000 --- a/libs/curl/docs/cmdline-opts/http1.0.d +++ /dev/null @@ -1,13 +0,0 @@ -Short: 0 -Long: http1.0 -Tags: Versions -Protocols: HTTP -Added: 7.9.1 -Mutexed: http1.1 http2 -Help: Use HTTP 1.0 -Category: http -Example: --http1.0 $URL -See-also: http0.9 http1.1 ---- -Tells curl to use HTTP version 1.0 instead of using its internally preferred -HTTP version. diff --git a/libs/curl/docs/cmdline-opts/http1.0.md b/libs/curl/docs/cmdline-opts/http1.0.md new file mode 100644 index 00000000..b810ccf3 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/http1.0.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 0 +Long: http1.0 +Tags: Versions +Protocols: HTTP +Added: 7.9.1 +Mutexed: http1.1 http2 http2-prior-knowledge http3 +Help: Use HTTP 1.0 +Category: http +Multi: mutex +See-also: + - http0.9 + - http1.1 +Example: + - --http1.0 $URL +--- + +# `--http1.0` + +Use HTTP version 1.0 instead of using its internally preferred HTTP version. diff --git a/libs/curl/docs/cmdline-opts/http1.1.d b/libs/curl/docs/cmdline-opts/http1.1.d deleted file mode 100644 index 84b2c59d..00000000 --- a/libs/curl/docs/cmdline-opts/http1.1.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: http1.1 -Tags: Versions -Protocols: HTTP -Added: 7.33.0 -Mutexed: http1.0 http2 -Help: Use HTTP 1.1 -Category: http -Example: --http1.1 $URL -See-also: http1.1 http0.9 ---- -Tells curl to use HTTP version 1.1. diff --git a/libs/curl/docs/cmdline-opts/http1.1.md b/libs/curl/docs/cmdline-opts/http1.1.md new file mode 100644 index 00000000..a223da1f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/http1.1.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http1.1 +Tags: Versions +Protocols: HTTP +Added: 7.33.0 +Mutexed: http1.0 http2 http2-prior-knowledge http3 +Help: Use HTTP 1.1 +Category: http +Multi: mutex +See-also: + - http1.0 + - http0.9 +Example: + - --http1.1 $URL +--- + +# `--http1.1` + +Use HTTP version 1.1. This is the default with HTTP:// URLs. diff --git a/libs/curl/docs/cmdline-opts/http2-prior-knowledge.d b/libs/curl/docs/cmdline-opts/http2-prior-knowledge.d deleted file mode 100644 index 4e944672..00000000 --- a/libs/curl/docs/cmdline-opts/http2-prior-knowledge.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: http2-prior-knowledge -Tags: Versions -Protocols: HTTP -Added: 7.49.0 -Mutexed: http1.1 http1.0 http2 -Requires: HTTP/2 -Help: Use HTTP 2 without HTTP/1.1 Upgrade -Category: http -Example: --http2-prior-knowledge $URL -See-also: http2 http3 ---- -Tells curl to issue its non-TLS HTTP requests using HTTP/2 without HTTP/1.1 -Upgrade. It requires prior knowledge that the server supports HTTP/2 straight -away. HTTPS requests will still do HTTP/2 the standard way with negotiated -protocol version in the TLS handshake. diff --git a/libs/curl/docs/cmdline-opts/http2-prior-knowledge.md b/libs/curl/docs/cmdline-opts/http2-prior-knowledge.md new file mode 100644 index 00000000..72701094 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/http2-prior-knowledge.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http2-prior-knowledge +Tags: Versions +Protocols: HTTP +Added: 7.49.0 +Mutexed: http1.1 http1.0 http2 http3 +Requires: HTTP/2 +Help: Use HTTP 2 without HTTP/1.1 Upgrade +Category: http +Multi: boolean +See-also: + - http2 + - http3 +Example: + - --http2-prior-knowledge $URL +--- + +# `--http2-prior-knowledge` + +Issue a non-TLS HTTP requests using HTTP/2 directly without HTTP/1.1 Upgrade. +It requires prior knowledge that the server supports HTTP/2 straight away. +HTTPS requests still do HTTP/2 the standard way with negotiated protocol +version in the TLS handshake. diff --git a/libs/curl/docs/cmdline-opts/http2.d b/libs/curl/docs/cmdline-opts/http2.d deleted file mode 100644 index 2a85db60..00000000 --- a/libs/curl/docs/cmdline-opts/http2.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: http2 -Tags: Versions -Protocols: HTTP -Added: 7.33.0 -Mutexed: http1.1 http1.0 http2-prior-knowledge -Requires: HTTP/2 -See-also: no-alpn -Help: Use HTTP 2 -See-also: http1.1 http3 -Category: http -Example: --http2 $URL ---- -Tells curl to use HTTP version 2. - -For HTTPS, this means curl will attempt to negotiate HTTP/2 in the TLS -handshake. curl does this by default. - -For HTTP, this means curl will attempt to upgrade the request to HTTP/2 using -the Upgrade: request header. diff --git a/libs/curl/docs/cmdline-opts/http2.md b/libs/curl/docs/cmdline-opts/http2.md new file mode 100644 index 00000000..ae4d2697 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/http2.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http2 +Tags: Versions +Protocols: HTTP +Added: 7.33.0 +Mutexed: http1.1 http1.0 http2-prior-knowledge http3 +Requires: HTTP/2 +Help: Use HTTP/2 +Category: http +Multi: mutex +See-also: + - http1.1 + - http3 + - no-alpn +Example: + - --http2 $URL +--- + +# `--http2` + +Use HTTP/2. + +For HTTPS, this means curl negotiates HTTP/2 in the TLS handshake. curl does +this by default. + +For HTTP, this means curl attempts to upgrade the request to HTTP/2 using the +Upgrade: request header. + +When curl uses HTTP/2 over HTTPS, it does not itself insist on TLS 1.2 or +higher even though that is required by the specification. A user can add this +version requirement with --tlsv1.2. diff --git a/libs/curl/docs/cmdline-opts/http3-only.md b/libs/curl/docs/cmdline-opts/http3-only.md new file mode 100644 index 00000000..c565f8b9 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/http3-only.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http3-only +Tags: Versions +Protocols: HTTP +Added: 7.88.0 +Mutexed: http1.1 http1.0 http2 http2-prior-knowledge http3 +Requires: HTTP/3 +Help: Use HTTP v3 only +Category: http +Multi: mutex +See-also: + - http1.1 + - http2 + - http3 +Example: + - --http3-only $URL +--- + +# `--http3-only` + +Instructs curl to use HTTP/3 to the host in the URL, with no fallback to +earlier HTTP versions. HTTP/3 can only be used for HTTPS and not for HTTP +URLs. For HTTP, this option triggers an error. + +This option allows a user to avoid using the Alt-Svc method of upgrading to +HTTP/3 when you know that the target speaks HTTP/3 on the given host and port. + +This option makes curl fail if a QUIC connection cannot be established, it +does not attempt any other HTTP versions on its own. Use --http3 for similar +functionality *with* a fallback. diff --git a/libs/curl/docs/cmdline-opts/http3.d b/libs/curl/docs/cmdline-opts/http3.d deleted file mode 100644 index f6c92b39..00000000 --- a/libs/curl/docs/cmdline-opts/http3.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: http3 -Tags: Versions -Protocols: HTTP -Added: 7.66.0 -Mutexed: http1.1 http1.0 http2 http2-prior-knowledge -Requires: HTTP/3 -Help: Use HTTP v3 -See-also: http1.1 http2 -Category: http -Example: --http3 $URL ---- -**WARNING**: this option is experimental. Do not use in production. - -Tells curl to use HTTP version 3 directly to the host and port number used in -the URL. A normal HTTP/3 transaction will be done to a host and then get -redirected via Alt-Svc, but this option allows a user to circumvent that when -you know that the target speaks HTTP/3 on the given host and port. - -This option will make curl fail if a QUIC connection cannot be established, it -cannot fall back to a lower HTTP version on its own. diff --git a/libs/curl/docs/cmdline-opts/http3.md b/libs/curl/docs/cmdline-opts/http3.md new file mode 100644 index 00000000..a1900655 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/http3.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: http3 +Tags: Versions +Protocols: HTTP +Added: 7.66.0 +Mutexed: http1.1 http1.0 http2 http2-prior-knowledge http3-only +Requires: HTTP/3 +Help: Use HTTP v3 +Category: http +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --http3 $URL +--- + +# `--http3` + +Attempt HTTP/3 to the host in the URL, but fallback to earlier HTTP versions +if the HTTP/3 connection establishment fails. HTTP/3 is only available for +HTTPS and not for HTTP URLs. + +This option allows a user to avoid using the Alt-Svc method of upgrading to +HTTP/3 when you know that the target speaks HTTP/3 on the given host and port. + +When asked to use HTTP/3, curl issues a separate attempt to use older HTTP +versions with a slight delay, so if the HTTP/3 transfer fails or is slow, curl +still tries to proceed with an older HTTP version. + +Use --http3-only for similar functionality *without* a fallback. diff --git a/libs/curl/docs/cmdline-opts/ignore-content-length.d b/libs/curl/docs/cmdline-opts/ignore-content-length.d deleted file mode 100644 index 4844ecaf..00000000 --- a/libs/curl/docs/cmdline-opts/ignore-content-length.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: ignore-content-length -Help: Ignore the size of the remote resource -Protocols: FTP HTTP -Category: http ftp -Example: --ignore-content-length $URL -Added: 7.14.1 -See-also: ftp-skip-pasv-ip ---- -For HTTP, Ignore the Content-Length header. This is particularly useful for -servers running Apache 1.x, which will report incorrect Content-Length for -files larger than 2 gigabytes. - -For FTP (since 7.46.0), skip the RETR command to figure out the size before -downloading a file. - -This option does not work for HTTP if libcurl was built to use hyper. diff --git a/libs/curl/docs/cmdline-opts/ignore-content-length.md b/libs/curl/docs/cmdline-opts/ignore-content-length.md new file mode 100644 index 00000000..b9f7522d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ignore-content-length.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ignore-content-length +Help: Ignore the size of the remote resource +Protocols: FTP HTTP +Category: http ftp +Added: 7.14.1 +Multi: boolean +See-also: + - ftp-skip-pasv-ip +Example: + - --ignore-content-length $URL +--- + +# `--ignore-content-length` + +For HTTP, Ignore the Content-Length header. This is particularly useful for +servers running Apache 1.x, which reports incorrect Content-Length for +files larger than 2 gigabytes. + +For FTP, this makes curl skip the SIZE command to figure out the size before +downloading a file (added in 7.46.0). + +This option does not work for HTTP if libcurl was built to use hyper. diff --git a/libs/curl/docs/cmdline-opts/include.d b/libs/curl/docs/cmdline-opts/include.d deleted file mode 100644 index 85831f84..00000000 --- a/libs/curl/docs/cmdline-opts/include.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: include -Short: i -Help: Include protocol response headers in the output -See-also: verbose -Category: important verbose -Example: -i $URL -Added: 4.8 ---- -Include the HTTP response headers in the output. The HTTP response headers can -include things like server name, cookies, date of the document, HTTP version -and more... - -To view the request headers, consider the --verbose option. diff --git a/libs/curl/docs/cmdline-opts/include.md b/libs/curl/docs/cmdline-opts/include.md new file mode 100644 index 00000000..e4879912 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/include.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: include +Short: i +Help: Include response headers in output +Protocols: HTTP FTP +Category: important verbose +Added: 4.8 +Multi: boolean +See-also: + - verbose +Example: + - -i $URL +--- + +# `--include` + +Include response headers in the output. HTTP response headers can include +things like server name, cookies, date of the document, HTTP version and +more... With non-HTTP protocols, the "headers" are other server communication. + +To view the request headers, consider the --verbose option. diff --git a/libs/curl/docs/cmdline-opts/insecure.d b/libs/curl/docs/cmdline-opts/insecure.d deleted file mode 100644 index 90c1c080..00000000 --- a/libs/curl/docs/cmdline-opts/insecure.d +++ /dev/null @@ -1,25 +0,0 @@ -Long: insecure -Short: k -Help: Allow insecure server connections -Protocols: TLS SFTP SCP -See-also: proxy-insecure cacert capath -Category: tls sftp scp -Example: --insecure $URL -Added: 7.10 ---- -By default, every secure connection curl makes is verified to be secure before -the transfer takes place. This option makes curl skip the verification step -and proceed without checking. - -When this option is not used for protocols using TLS, curl verifies the -server's TLS certificate before it continues: that the certificate contains -the right name which matches the host name used in the URL and that the -certificate has been signed by a CA certificate present in the cert store. -See this online resource for further details: - https://curl.se/docs/sslcerts.html - -For SFTP and SCP, this option makes curl skip the *known_hosts* verification. -*known_hosts* is a file normally stored in the user's home directory in the -\&.ssh subdirectory, which contains host names and their public keys. - -**WARNING**: using this option makes the transfer insecure. diff --git a/libs/curl/docs/cmdline-opts/insecure.md b/libs/curl/docs/cmdline-opts/insecure.md new file mode 100644 index 00000000..6b7009f2 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/insecure.md @@ -0,0 +1,41 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: insecure +Short: k +Help: Allow insecure server connections +Protocols: TLS SFTP SCP +Category: tls sftp scp ssh +Added: 7.10 +Multi: boolean +See-also: + - proxy-insecure + - cacert + - capath +Example: + - --insecure $URL +--- + +# `--insecure` + +By default, every secure connection curl makes is verified to be secure before +the transfer takes place. This option makes curl skip the verification step +and proceed without checking. + +When this option is not used for protocols using TLS, curl verifies the +server's TLS certificate before it continues: that the certificate contains +the right name which matches the hostname used in the URL and that the +certificate has been signed by a CA certificate present in the cert store. See +this online resource for further details: +**https://curl.se/docs/sslcerts.html** + +For SFTP and SCP, this option makes curl skip the *known_hosts* verification. +*known_hosts* is a file normally stored in the user's home directory in the +".ssh" subdirectory, which contains hostnames and their public keys. + +**WARNING**: using this option makes the transfer insecure. + +When curl uses secure protocols it trusts responses and allows for example +HSTS and Alt-Svc information to be stored and used subsequently. Using +--insecure can make curl trust and use such information from malicious +servers. diff --git a/libs/curl/docs/cmdline-opts/interface.d b/libs/curl/docs/cmdline-opts/interface.d deleted file mode 100644 index fb21ea2f..00000000 --- a/libs/curl/docs/cmdline-opts/interface.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: interface -Arg: -Help: Use network INTERFACE (or address) -See-also: dns-interface -Category: connection -Example: --interface eth0 $URL -Added: 7.3 ---- -Perform an operation using a specified interface. You can enter interface -name, IP address or host name. An example could look like: - - curl --interface eth0:1 https://www.example.com/ - -If this option is used several times, the last one will be used. - -On Linux it can be used to specify a VRF, but the binary needs to either -have CAP_NET_RAW or to be run as root. More information about Linux VRF: -https://www.kernel.org/doc/Documentation/networking/vrf.txt diff --git a/libs/curl/docs/cmdline-opts/interface.md b/libs/curl/docs/cmdline-opts/interface.md new file mode 100644 index 00000000..539e3927 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/interface.md @@ -0,0 +1,51 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: interface +Arg: +Help: Use network interface +Category: connection +Added: 7.3 +Multi: single +See-also: + - dns-interface +Example: + - --interface eth0 $URL + - --interface "host!10.0.0.1" $URL + - --interface "if!enp3s0" $URL +--- + +# `--interface` + +Perform the operation using a specified interface. You can enter interface +name, IP address or hostname. If you prefer to be specific, you can use the +following special syntax: + +## if! + +Interface name. If the provided name does not match an existing interface, +curl returns with error 45. + +## host! + +IP address or hostname. + +## ifhost!! + +Interface name and IP address or hostname. This syntax requires libcurl 8.9.0 +or later. + +If the provided name does not match an existing interface, curl returns with +error 45. + +## + +curl does not support using network interface names for this option on +Windows. + +That name resolve operation if a hostname is provided does **not** use +DNS-over-HTTPS even if --doh-url is set. + +On Linux this option can be used to specify a **VRF** (Virtual Routing and +Forwarding) device, but the binary then needs to either have the +**CAP_NET_RAW** capability set or to be run as root. diff --git a/libs/curl/docs/cmdline-opts/ip-tos.md b/libs/curl/docs/cmdline-opts/ip-tos.md new file mode 100644 index 00000000..3d6473f3 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ip-tos.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ip-tos +Arg: +Help: Set IP Type of Service or Traffic Class +Added: 8.9.0 +Category: connection +Protocols: All +Multi: single +See-also: + - tcp-nodelay + - vlan-priority +Example: + - --ip-tos CS5 $URL +--- + +# `--ip-tos` + +Set Type of Service (TOS) for IPv4 or Traffic Class for IPv6. + +The values allowed for \ can be a numeric value between 1 and 255 +or one of the following: + +CS0, CS1, CS2, CS3, CS4, CS5, CS6, CS7, AF11, AF12, AF13, AF21, AF22, AF23, +AF31, AF32, AF33, AF41, AF42, AF43, EF, VOICE-ADMIT, ECT1, ECT0, CE, LE, +LOWCOST, LOWDELAY, THROUGHPUT, RELIABILITY, MINCOST diff --git a/libs/curl/docs/cmdline-opts/ipfs-gateway.md b/libs/curl/docs/cmdline-opts/ipfs-gateway.md new file mode 100644 index 00000000..70ca717a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ipfs-gateway.md @@ -0,0 +1,39 @@ +--- +c: Copyright (C) Mark Gaiser, +SPDX-License-Identifier: curl +Long: ipfs-gateway +Arg: +Help: Gateway for IPFS +Protocols: IPFS +Added: 8.4.0 +Category: curl +Multi: single +See-also: + - help + - manual +Example: + - --ipfs-gateway $URL ipfs:// +--- + +# `--ipfs-gateway` + +Specify which gateway to use for IPFS and IPNS URLs. Not specifying this +instead makes curl check if the IPFS_GATEWAY environment variable is set, or +if a `~/.ipfs/gateway` file holding the gateway URL exists. + +If you run a local IPFS node, this gateway is by default available under +`http://localhost:8080`. A full example URL would look like: + + curl --ipfs-gateway http://localhost:8080 ipfs://bafybeigagd5nmnn2iys2f3doro7ydrevyr2mzarwidgadawmamiteydbzi + +There are many public IPFS gateways. See for example: +https://ipfs.github.io/public-gateway-checker/ + +If you opt to go for a remote gateway you need to be aware that you completely +trust the gateway. This might be fine in local gateways that you host +yourself. With remote gateways there could potentially be malicious actors +returning you data that does not match the request you made, inspect or even +interfere with the request. You may not notice this when using curl. A +mitigation could be to go for a "trustless" gateway. This means you locally +verify that the data. Consult the docs page on trusted vs trustless: +https://docs.ipfs.tech/reference/http/gateway/#trusted-vs-trustless diff --git a/libs/curl/docs/cmdline-opts/ipv4.d b/libs/curl/docs/cmdline-opts/ipv4.d deleted file mode 100644 index a5cae4eb..00000000 --- a/libs/curl/docs/cmdline-opts/ipv4.d +++ /dev/null @@ -1,14 +0,0 @@ -Short: 4 -Long: ipv4 -Tags: Versions -Protocols: -Added: 7.10.8 -Mutexed: ipv6 -Requires: -See-also: http1.1 http2 -Help: Resolve names to IPv4 addresses -Category: connection dns -Example: --ipv4 $URL ---- -This option tells curl to resolve names to IPv4 addresses only, and not for -example try IPv6. diff --git a/libs/curl/docs/cmdline-opts/ipv4.md b/libs/curl/docs/cmdline-opts/ipv4.md new file mode 100644 index 00000000..b790cc65 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ipv4.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 4 +Long: ipv4 +Tags: Versions +Protocols: +Added: 7.10.8 +Mutexed: ipv6 +Requires: +Help: Resolve names to IPv4 addresses +Category: connection dns +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --ipv4 $URL +--- + +# `--ipv4` + +Use IPv4 addresses only when resolving hostnames, and not for example try +IPv6. diff --git a/libs/curl/docs/cmdline-opts/ipv6.d b/libs/curl/docs/cmdline-opts/ipv6.d deleted file mode 100644 index 869c6689..00000000 --- a/libs/curl/docs/cmdline-opts/ipv6.d +++ /dev/null @@ -1,14 +0,0 @@ -Short: 6 -Long: ipv6 -Tags: Versions -Protocols: -Added: 7.10.8 -Mutexed: ipv4 -Requires: -See-also: http1.1 http2 -Help: Resolve names to IPv6 addresses -Category: connection dns -Example: --ipv6 $URL ---- -This option tells curl to resolve names to IPv6 addresses only, and not for -example try IPv4. diff --git a/libs/curl/docs/cmdline-opts/ipv6.md b/libs/curl/docs/cmdline-opts/ipv6.md new file mode 100644 index 00000000..547f4917 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ipv6.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 6 +Long: ipv6 +Tags: Versions +Protocols: +Added: 7.10.8 +Mutexed: ipv4 +Requires: +Help: Resolve names to IPv6 addresses +Category: connection dns +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --ipv6 $URL +--- + +# `--ipv6` + +Use IPv6 addresses only when resolving hostnames, and not for example try +IPv4. + +Your resolver may respond to an IPv6-only resolve request by returning IPv6 +addresses that contain "mapped" IPv4 addresses for compatibility purposes. +macOS is known to do this. diff --git a/libs/curl/docs/cmdline-opts/json.md b/libs/curl/docs/cmdline-opts/json.md new file mode 100644 index 00000000..8056e62e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/json.md @@ -0,0 +1,42 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: json +Arg: +Help: HTTP POST JSON +Protocols: HTTP +Mutexed: form head upload-file +Category: http post upload +Added: 7.82.0 +Multi: append +See-also: + - data-binary + - data-raw +Example: + - --json '{ "drink": "coffe" }' $URL + - --json '{ "drink":' --json ' "coffe" }' $URL + - --json @prepared $URL + - --json @- $URL < json.txt +--- + +# `--json` + +Sends the specified JSON data in a POST request to the HTTP server. --json +works as a shortcut for passing on these three options: + + --data [arg] + --header "Content-Type: application/json" + --header "Accept: application/json" + +There is **no verification** that the passed in data is actual JSON or that +the syntax is correct. + +If you start the data with the letter @, the rest should be a filename to read +the data from, or a single dash (-) if you want curl to read the data from +stdin. Posting data from a file named 'foobar' would thus be done with --json +@foobar and to instead read the data from stdin, use --json @-. + +If this option is used more than once on the same command line, the additional +data pieces are concatenated to the previous before sending. + +The headers this option sets can be overridden with --header as usual. diff --git a/libs/curl/docs/cmdline-opts/junk-session-cookies.d b/libs/curl/docs/cmdline-opts/junk-session-cookies.d deleted file mode 100644 index cbc26924..00000000 --- a/libs/curl/docs/cmdline-opts/junk-session-cookies.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: junk-session-cookies -Short: j -Help: Ignore session cookies read from file -Protocols: HTTP -See-also: cookie cookie-jar -Category: http -Example: --junk-session-cookies -b cookies.txt $URL -Added: 7.9.7 ---- -When curl is told to read cookies from a given file, this option will make it -discard all "session cookies". This will basically have the same effect as if -a new session is started. Typical browsers always discard session cookies when -they are closed down. diff --git a/libs/curl/docs/cmdline-opts/junk-session-cookies.md b/libs/curl/docs/cmdline-opts/junk-session-cookies.md new file mode 100644 index 00000000..63971050 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/junk-session-cookies.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: junk-session-cookies +Short: j +Help: Ignore session cookies read from file +Protocols: HTTP +Category: http +Added: 7.9.7 +Multi: boolean +See-also: + - cookie + - cookie-jar +Example: + - --junk-session-cookies -b cookies.txt $URL +--- + +# `--junk-session-cookies` + +When curl is told to read cookies from a given file, this option makes it +discard all "session cookies". This has the same effect as if a new session is +started. Typical browsers discard session cookies when they are closed down. diff --git a/libs/curl/docs/cmdline-opts/keepalive-cnt.md b/libs/curl/docs/cmdline-opts/keepalive-cnt.md new file mode 100644 index 00000000..e56c976e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/keepalive-cnt.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: keepalive-cnt +Arg: +Help: Maximum number of keepalive probes +Added: 8.9.0 +Category: connection +Multi: single +See-also: + - keepalive-time + - no-keepalive +Example: + - --keepalive-cnt 3 $URL +--- + +# `--keepalive-cnt` + +Set the maximum number of keepalive probes TCP should send but get no response +before dropping the connection. This option is usually used in conjunction +with --keepalive-time. + +This option is supported on Linux, *BSD/macOS, Windows \>=10.0.16299, Solaris +11.4, and recent AIX, HP-UX and more. This option has no effect if +--no-keepalive is used. + +If unspecified, the option defaults to 9. diff --git a/libs/curl/docs/cmdline-opts/keepalive-time.d b/libs/curl/docs/cmdline-opts/keepalive-time.d deleted file mode 100644 index cdc150aa..00000000 --- a/libs/curl/docs/cmdline-opts/keepalive-time.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: keepalive-time -Arg: -Help: Interval time for keepalive probes -Added: 7.18.0 -Category: connection -Example: --keepalive-time 20 $URL -See-also: no-keepalive max-time ---- -This option sets the time a connection needs to remain idle before sending -keepalive probes and the time between individual keepalive probes. It is -currently effective on operating systems offering the TCP_KEEPIDLE and -TCP_KEEPINTVL socket options (meaning Linux, recent AIX, HP-UX and more). This -option has no effect if --no-keepalive is used. - -If this option is used several times, the last one will be used. If -unspecified, the option defaults to 60 seconds. diff --git a/libs/curl/docs/cmdline-opts/keepalive-time.md b/libs/curl/docs/cmdline-opts/keepalive-time.md new file mode 100644 index 00000000..4b10ff6f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/keepalive-time.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: keepalive-time +Arg: +Help: Interval time for keepalive probes +Added: 7.18.0 +Category: connection timeout +Multi: single +See-also: + - no-keepalive + - keepalive-cnt + - max-time +Example: + - --keepalive-time 20 $URL +--- + +# `--keepalive-time` + +Set the time a connection needs to remain idle before sending keepalive probes +and the time between individual keepalive probes. It is currently effective on +operating systems offering the `TCP_KEEPIDLE` and `TCP_KEEPINTVL` socket +options (meaning Linux, *BSD/macOS, Windows, Solaris, and recent AIX, HP-UX and more). +Keepalive is used by the TCP stack to detect broken networks on idle connections. +The number of missed keepalive probes before declaring the connection down is OS +dependent and is commonly 8 (*BSD/macOS/AIX), 9 (Linux/AIX) or 5/10 (Windows), and +this number can be changed by specifying the curl option `keepalive-cnt`. +Note that this option has no effect if --no-keepalive is used. + +If unspecified, the option defaults to 60 seconds. diff --git a/libs/curl/docs/cmdline-opts/key-type.d b/libs/curl/docs/cmdline-opts/key-type.d deleted file mode 100644 index 7a073a80..00000000 --- a/libs/curl/docs/cmdline-opts/key-type.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: key-type -Arg: -Help: Private key file type (DER/PEM/ENG) -Protocols: TLS -Category: tls -Example: --key-type DER --key here $URL -Added: 7.9.3 -See-also: key ---- -Private key file type. Specify which type your --key provided private key -is. DER, PEM, and ENG are supported. If not specified, PEM is assumed. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/key-type.md b/libs/curl/docs/cmdline-opts/key-type.md new file mode 100644 index 00000000..4128bfea --- /dev/null +++ b/libs/curl/docs/cmdline-opts/key-type.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: key-type +Arg: +Help: Private key file type (DER/PEM/ENG) +Protocols: TLS +Category: tls +Added: 7.9.3 +Multi: single +See-also: + - key +Example: + - --key-type DER --key here $URL +--- + +# `--key-type` + +Private key file type. Specify which type your --key provided private key +is. DER, PEM, and ENG are supported. If not specified, PEM is assumed. diff --git a/libs/curl/docs/cmdline-opts/key.d b/libs/curl/docs/cmdline-opts/key.d deleted file mode 100644 index 8d9c1136..00000000 --- a/libs/curl/docs/cmdline-opts/key.d +++ /dev/null @@ -1,21 +0,0 @@ -Long: key -Arg: -Protocols: TLS SSH -Help: Private key file name -Category: tls ssh -Example: --cert certificate --key here $URL -Added: 7.9.3 -See-also: key-type cert ---- -Private key file name. Allows you to provide your private key in this separate -file. For SSH, if not specified, curl tries the following candidates in order: -\&'~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'. - -If curl is built against OpenSSL library, and the engine pkcs11 is available, -then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in a -PKCS#11 device. A string beginning with "pkcs11:" will be interpreted as a -PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option will be set -as "pkcs11" if none was provided and the --key-type option will be set as -"ENG" if none was provided. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/key.md b/libs/curl/docs/cmdline-opts/key.md new file mode 100644 index 00000000..80540ab9 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/key.md @@ -0,0 +1,34 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: key +Arg: +Protocols: TLS SSH +Help: Private key filename +Category: tls ssh +Added: 7.9.3 +Multi: single +See-also: + - key-type + - cert +Example: + - --cert certificate --key here $URL +--- + +# `--key` + +Private key filename. Allows you to provide your private key in this separate +file. For SSH, if not specified, curl tries the following candidates in order: +`~/.ssh/id_rsa`, `~/.ssh/id_dsa`, `./id_rsa`, `./id_dsa`. + +If curl is built against OpenSSL library, and the engine pkcs11 is available, +then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in +a PKCS#11 device. A string beginning with `pkcs11:` is interpreted as a +PKCS#11 URI. If a PKCS#11 URI is provided, then the --engine option is set as +`pkcs11` if none was provided and the --key-type option is set as `ENG` if +none was provided. + +If curl is built against Secure Transport or Schannel then this option is +ignored for TLS protocols (HTTPS, etc). Those backends expect the private key +to be already present in the keychain or PKCS#12 file containing the +certificate. diff --git a/libs/curl/docs/cmdline-opts/krb.d b/libs/curl/docs/cmdline-opts/krb.d deleted file mode 100644 index ad2d8f67..00000000 --- a/libs/curl/docs/cmdline-opts/krb.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: krb -Arg: -Help: Enable Kerberos with security -Protocols: FTP -Requires: Kerberos -Category: ftp -Example: --krb clear ftp://example.com/ -Added: 7.3 -See-also: delegation ssl ---- -Enable Kerberos authentication and use. The level must be entered and should -be one of 'clear', 'safe', 'confidential', or 'private'. Should you use a -level that is not one of these, 'private' will instead be used. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/krb.md b/libs/curl/docs/cmdline-opts/krb.md new file mode 100644 index 00000000..c353a0c7 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/krb.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: krb +Arg: +Help: Enable Kerberos with security +Protocols: FTP +Requires: Kerberos +Category: ftp +Added: 7.3 +Multi: single +See-also: + - delegation + - ssl +Example: + - --krb clear ftp://example.com/ +--- + +# `--krb` + +Enable Kerberos authentication and use. The level must be entered and should +be one of 'clear', 'safe', 'confidential', or 'private'. Should you use a +level that is not one of these, 'private' is used. diff --git a/libs/curl/docs/cmdline-opts/libcurl.d b/libs/curl/docs/cmdline-opts/libcurl.d deleted file mode 100644 index 752eda31..00000000 --- a/libs/curl/docs/cmdline-opts/libcurl.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: libcurl -Arg: -Help: Dump libcurl equivalent code of this command line -Added: 7.16.1 -Category: curl -Example: --libcurl client.c $URL -See-also: verbose ---- -Append this option to any ordinary curl command line, and you will get -libcurl-using C source code written to the file that does the equivalent -of what your command-line operation does! - -This option is global and does not need to be specified for each use of ---next. - -If this option is used several times, the last given file name will be -used. diff --git a/libs/curl/docs/cmdline-opts/libcurl.md b/libs/curl/docs/cmdline-opts/libcurl.md new file mode 100644 index 00000000..60af6054 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/libcurl.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: libcurl +Arg: +Help: Generate libcurl code for this command line +Added: 7.16.1 +Category: curl global +Multi: single +Scope: global +See-also: + - verbose +Example: + - --libcurl client.c $URL +--- + +# `--libcurl` + +Append this option to any ordinary curl command line, and you get +libcurl-using C source code written to the file that does the equivalent of +what your command-line operation does! diff --git a/libs/curl/docs/cmdline-opts/limit-rate.d b/libs/curl/docs/cmdline-opts/limit-rate.d deleted file mode 100644 index 9594dfee..00000000 --- a/libs/curl/docs/cmdline-opts/limit-rate.d +++ /dev/null @@ -1,28 +0,0 @@ -Long: limit-rate -Arg: -Help: Limit transfer speed to RATE -Category: connection -Example: --limit-rate 100K $URL -Example: --limit-rate 1000 $URL -Example: --limit-rate 10M $URL -Added: 7.10 -See-also: speed-limit speed-time ---- -Specify the maximum transfer rate you want curl to use - for both downloads -and uploads. This feature is useful if you have a limited pipe and you would like -your transfer not to use your entire bandwidth. To make it slower than it -otherwise would be. - -The given speed is measured in bytes/second, unless a suffix is appended. -Appending 'k' or 'K' will count the number as kilobytes, 'm' or 'M' makes it -megabytes, while 'g' or 'G' makes it gigabytes. The suffixes (k, M, G, T, P) -are 1024 based. For example 1k is 1024. Examples: 200K, 3m and 1G. - -The rate limiting logic works on averaging the transfer speed to no more than -the set threshold over a period of multiple seconds. - -If you also use the --speed-limit option, that option will take precedence and -might cripple the rate-limiting slightly, to help keeping the speed-limit -logic working. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/limit-rate.md b/libs/curl/docs/cmdline-opts/limit-rate.md new file mode 100644 index 00000000..273a2ce5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/limit-rate.md @@ -0,0 +1,37 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: limit-rate +Arg: +Help: Limit transfer speed to RATE +Category: connection +Added: 7.10 +Multi: single +See-also: + - rate + - speed-limit + - speed-time +Example: + - --limit-rate 100K $URL + - --limit-rate 1000 $URL + - --limit-rate 10M $URL +--- + +# `--limit-rate` + +Specify the maximum transfer rate you want curl to use - for both downloads +and uploads. This feature is useful if you have a limited pipe and you would +like your transfer not to use your entire bandwidth. To make it slower than it +otherwise would be. + +The given speed is measured in bytes/second, unless a suffix is appended. +Appending 'k' or 'K' counts the number as kilobytes, 'm' or 'M' makes it +megabytes, while 'g' or 'G' makes it gigabytes. The suffixes (k, M, G, T, P) +are 1024 based. For example 1k is 1024. Examples: 200K, 3m and 1G. + +The rate limiting logic works on averaging the transfer speed to no more than +the set threshold over a period of multiple seconds. + +If you also use the --speed-limit option, that option takes precedence and +might cripple the rate-limiting slightly, to help keeping the speed-limit +logic working. diff --git a/libs/curl/docs/cmdline-opts/list-only.d b/libs/curl/docs/cmdline-opts/list-only.d deleted file mode 100644 index 4fb2f6b9..00000000 --- a/libs/curl/docs/cmdline-opts/list-only.d +++ /dev/null @@ -1,27 +0,0 @@ -Long: list-only -Short: l -Protocols: FTP POP3 -Help: List only mode -Added: 4.0 -Category: ftp pop3 -Example: --list-only ftp://example.com/dir/ -See-also: quote request ---- -(FTP) -When listing an FTP directory, this switch forces a name-only view. This is -especially useful if the user wants to machine-parse the contents of an FTP -directory since the normal directory view does not use a standard look or -format. When used like this, the option causes an NLST command to be sent to -the server instead of LIST. - -Note: Some FTP servers list only files in their response to NLST; they do not -include sub-directories and symbolic links. - -(POP3) -When retrieving a specific email from POP3, this switch forces a LIST command -to be performed instead of RETR. This is particularly useful if the user wants -to see if a specific message-id exists on the server and what size it is. - -Note: When combined with --request, this option can be used to send a UIDL -command instead, so the user may use the email's unique identifier rather than -its message-id to make the request. diff --git a/libs/curl/docs/cmdline-opts/list-only.md b/libs/curl/docs/cmdline-opts/list-only.md new file mode 100644 index 00000000..2800a8f7 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/list-only.md @@ -0,0 +1,43 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: list-only +Short: l +Protocols: FTP POP3 SFTP FILE +Help: List only mode +Added: 4.0 +Category: ftp pop3 sftp file +Multi: boolean +See-also: + - quote + - request +Example: + - --list-only ftp://example.com/dir/ +--- + +# `--list-only` + +When listing an FTP directory, force a name-only view. Maybe particularly +useful if the user wants to machine-parse the contents of an FTP directory +since the normal directory view does not use a standard look or format. When +used like this, the option causes an NLST command to be sent to the server +instead of LIST. + +Note: Some FTP servers list only files in their response to NLST; they do not +include sub-directories and symbolic links. + +When listing an SFTP directory, this switch forces a name-only view, one per +line. This is especially useful if the user wants to machine-parse the +contents of an SFTP directory since the normal directory view provides more +information than just filenames. + +When retrieving a specific email from POP3, this switch forces a LIST command +to be performed instead of RETR. This is particularly useful if the user wants +to see if a specific message-id exists on the server and what size it is. + +For FILE, this option has no effect yet as directories are always listed in +this mode. + +Note: When combined with --request, this option can be used to send a UIDL +command instead, so the user may use the email's unique identifier rather than +its message-id to make the request. diff --git a/libs/curl/docs/cmdline-opts/local-port.d b/libs/curl/docs/cmdline-opts/local-port.d deleted file mode 100644 index fd157d93..00000000 --- a/libs/curl/docs/cmdline-opts/local-port.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: local-port -Arg: -Help: Force use of RANGE for local port numbers -Added: 7.15.2 -Category: connection -Example: --local-port 1000-3000 $URL -See-also: globoff ---- -Set a preferred single number or range (FROM-TO) of local port numbers to use -for the connection(s). Note that port numbers by nature are a scarce resource -that will be busy at times so setting this range to something too narrow might -cause unnecessary connection setup failures. diff --git a/libs/curl/docs/cmdline-opts/local-port.md b/libs/curl/docs/cmdline-opts/local-port.md new file mode 100644 index 00000000..b8c0d3fd --- /dev/null +++ b/libs/curl/docs/cmdline-opts/local-port.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: local-port +Arg: +Help: Use a local port number within RANGE +Added: 7.15.2 +Category: connection +Multi: single +See-also: + - globoff +Example: + - --local-port 1000-3000 $URL +--- + +# `--local-port` + +Set a preferred single number or range (FROM-TO) of local port numbers to use +for the connection(s). Note that port numbers by nature are a scarce resource +so setting this range to something too narrow might cause unnecessary +connection setup failures. diff --git a/libs/curl/docs/cmdline-opts/location-trusted.d b/libs/curl/docs/cmdline-opts/location-trusted.d deleted file mode 100644 index 0277aa7b..00000000 --- a/libs/curl/docs/cmdline-opts/location-trusted.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: location-trusted -Help: Like --location, and send auth to other hosts -Protocols: HTTP -See-also: user -Category: http auth -Example: --location-trusted -u user:password $URL -Added: 7.10.4 ---- -Like --location, but will allow sending the name + password to all hosts that -the site may redirect to. This may or may not introduce a security breach if -the site redirects you to a site to which you will send your authentication -info (which is plaintext in the case of HTTP Basic authentication). diff --git a/libs/curl/docs/cmdline-opts/location-trusted.md b/libs/curl/docs/cmdline-opts/location-trusted.md new file mode 100644 index 00000000..edbd0b53 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/location-trusted.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: location-trusted +Help: As --location, but send auth to other hosts +Protocols: HTTP +Category: http auth +Added: 7.10.4 +Multi: boolean +See-also: + - user +Example: + - --location-trusted -u user:password $URL +--- + +# `--location-trusted` + +Like --location, but allows sending the name + password to all hosts that the +site may redirect to. This may or may not introduce a security breach if the +site redirects you to a site to which you send your authentication info (which +is clear-text in the case of HTTP Basic authentication). diff --git a/libs/curl/docs/cmdline-opts/location.d b/libs/curl/docs/cmdline-opts/location.d deleted file mode 100644 index e694dfad..00000000 --- a/libs/curl/docs/cmdline-opts/location.d +++ /dev/null @@ -1,29 +0,0 @@ -Long: location -Short: L -Help: Follow redirects -Protocols: HTTP -Category: http -Example: -L $URL -Added: 4.9 -See-also: resolve alt-svc ---- -If the server reports that the requested page has moved to a different -location (indicated with a Location: header and a 3XX response code), this -option will make curl redo the request on the new place. If used together with ---include or --head, headers from all requested pages will be shown. When -authentication is used, curl only sends its credentials to the initial -host. If a redirect takes curl to a different host, it will not be able to -intercept the user+password. See also --location-trusted on how to change -this. You can limit the amount of redirects to follow by using the ---max-redirs option. - -When curl follows a redirect and if the request is a POST, it will send the -following request with a GET if the HTTP response was 301, 302, or 303. If the -response code was any other 3xx code, curl will re-send the following request -using the same unmodified method. - -You can tell curl to not change POST requests to GET after a 30x response by -using the dedicated options for that: --post301, --post302 and --post303. - -The method set with --request overrides the method curl would otherwise select -to use. diff --git a/libs/curl/docs/cmdline-opts/location.md b/libs/curl/docs/cmdline-opts/location.md new file mode 100644 index 00000000..62e3d470 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/location.md @@ -0,0 +1,40 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: location +Short: L +Help: Follow redirects +Protocols: HTTP +Category: http +Added: 4.9 +Multi: boolean +See-also: + - resolve + - alt-svc +Example: + - -L $URL +--- + +# `--location` + +If the server reports that the requested page has moved to a different +location (indicated with a Location: header and a 3XX response code), this +option makes curl redo the request on the new place. If used together with +--include or --head, headers from all requested pages are shown. + +When authentication is used, curl only sends its credentials to the initial +host. If a redirect takes curl to a different host, it does not get the +user+password pass on. See also --location-trusted on how to change this. + +Limit the amount of redirects to follow by using the --max-redirs option. + +When curl follows a redirect and if the request is a POST, it sends the +following request with a GET if the HTTP response was 301, 302, or 303. If the +response code was any other 3xx code, curl resends the following request using +the same unmodified method. + +You can tell curl to not change POST requests to GET after a 30x response by +using the dedicated options for that: --post301, --post302 and --post303. + +The method set with --request overrides the method curl would otherwise select +to use. diff --git a/libs/curl/docs/cmdline-opts/login-options.d b/libs/curl/docs/cmdline-opts/login-options.d deleted file mode 100644 index 4c53db3f..00000000 --- a/libs/curl/docs/cmdline-opts/login-options.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: login-options -Arg: -Protocols: IMAP POP3 SMTP -Help: Server login options -Added: 7.34.0 -Category: imap pop3 smtp auth -Example: --login-options 'AUTH=*' imap://example.com -See-also: user ---- -Specify the login options to use during server authentication. - -You can use login options to specify protocol specific options that may be -used during authentication. At present only IMAP, POP3 and SMTP support -login options. For more information about login options please see RFC -2384, RFC 5092 and IETF draft draft-earhart-url-smtp-00.txt - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/login-options.md b/libs/curl/docs/cmdline-opts/login-options.md new file mode 100644 index 00000000..fc8292a2 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/login-options.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: login-options +Arg: +Protocols: IMAP LDAP POP3 SMTP +Help: Server login options +Added: 7.34.0 +Category: imap pop3 smtp auth ldap +Multi: single +See-also: + - user +Example: + - --login-options 'AUTH=*' imap://example.com +--- + +# `--login-options` + +Specify the login options to use during server authentication. + +You can use login options to specify protocol specific options that may be +used during authentication. At present only IMAP, POP3 and SMTP support login +options. For more information about login options please see RFC 2384, +RFC 5092 and the IETF draft +https://datatracker.ietf.org/doc/html/draft-earhart-url-smtp-00 + +Since 8.2.0, IMAP supports the login option `AUTH=+LOGIN`. With this option, +curl uses the plain (not SASL) `LOGIN IMAP` command even if the server +advertises SASL authentication. Care should be taken in using this option, as +it sends your password over the network in plain text. This does not work if +the IMAP server disables the plain `LOGIN` (e.g. to prevent password +snooping). diff --git a/libs/curl/docs/cmdline-opts/mail-auth.d b/libs/curl/docs/cmdline-opts/mail-auth.d deleted file mode 100644 index 49a02d5b..00000000 --- a/libs/curl/docs/cmdline-opts/mail-auth.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: mail-auth -Arg:
-Protocols: SMTP -Help: Originator address of the original email -Added: 7.25.0 -See-also: mail-rcpt mail-from -Category: smtp -Example: --mail-auth user@example.come -T mail smtp://example.com/ ---- -Specify a single address. This will be used to specify the authentication -address (identity) of a submitted message that is being relayed to another -server. diff --git a/libs/curl/docs/cmdline-opts/mail-auth.md b/libs/curl/docs/cmdline-opts/mail-auth.md new file mode 100644 index 00000000..deabb38b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/mail-auth.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: mail-auth +Arg:
+Protocols: SMTP +Help: Originator address of the original email +Added: 7.25.0 +Category: smtp +Multi: single +See-also: + - mail-rcpt + - mail-from +Example: + - --mail-auth user@example.com -T mail smtp://example.com/ +--- + +# `--mail-auth` + +Specify a single address. This is used to specify the authentication address +(identity) of a submitted message that is being relayed to another server. diff --git a/libs/curl/docs/cmdline-opts/mail-from.d b/libs/curl/docs/cmdline-opts/mail-from.d deleted file mode 100644 index be0547c9..00000000 --- a/libs/curl/docs/cmdline-opts/mail-from.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: mail-from -Arg:
-Help: Mail from this address -Protocols: SMTP -Added: 7.20.0 -See-also: mail-rcpt mail-auth -Category: smtp -Example: --mail-from user@example.com -T mail smtp://example.com/ ---- -Specify a single address that the given mail should get sent from. diff --git a/libs/curl/docs/cmdline-opts/mail-from.md b/libs/curl/docs/cmdline-opts/mail-from.md new file mode 100644 index 00000000..96b06250 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/mail-from.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: mail-from +Arg:
+Help: Mail from this address +Protocols: SMTP +Added: 7.20.0 +Category: smtp +Multi: single +See-also: + - mail-rcpt + - mail-auth +Example: + - --mail-from user@example.com -T mail smtp://example.com/ +--- + +# `--mail-from` + +Specify a single address that the given mail should get sent from. diff --git a/libs/curl/docs/cmdline-opts/mail-rcpt-allowfails.d b/libs/curl/docs/cmdline-opts/mail-rcpt-allowfails.d deleted file mode 100644 index 12296afd..00000000 --- a/libs/curl/docs/cmdline-opts/mail-rcpt-allowfails.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: mail-rcpt-allowfails -Help: Allow RCPT TO command to fail for some recipients -Protocols: SMTP -Added: 7.69.0 -Category: smtp -Example: --mail-rcpt-allowfails --mail-rcpt dest@example.com smtp://example.com -See-also: mail-rcpt ---- -When sending data to multiple recipients, by default curl will abort SMTP -conversation if at least one of the recipients causes RCPT TO command to -return an error. - -The default behavior can be changed by passing --mail-rcpt-allowfails -command-line option which will make curl ignore errors and proceed with the -remaining valid recipients. - -If all recipients trigger RCPT TO failures and this flag is specified, curl -will still abort the SMTP conversation and return the error received from to -the last RCPT TO command. diff --git a/libs/curl/docs/cmdline-opts/mail-rcpt-allowfails.md b/libs/curl/docs/cmdline-opts/mail-rcpt-allowfails.md new file mode 100644 index 00000000..a82948bb --- /dev/null +++ b/libs/curl/docs/cmdline-opts/mail-rcpt-allowfails.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: mail-rcpt-allowfails +Help: Allow RCPT TO command to fail +Protocols: SMTP +Added: 7.69.0 +Category: smtp +Multi: boolean +See-also: + - mail-rcpt +Example: + - --mail-rcpt-allowfails --mail-rcpt dest@example.com smtp://example.com +--- + +# `--mail-rcpt-allowfails` + +When sending data to multiple recipients, by default curl aborts SMTP +conversation if at least one of the recipients causes RCPT TO command to +return an error. + +The default behavior can be changed by passing --mail-rcpt-allowfails +command-line option which makes curl ignore errors and proceed with the +remaining valid recipients. + +If all recipients trigger RCPT TO failures and this flag is specified, curl +still aborts the SMTP conversation and returns the error received from to the +last RCPT TO command. diff --git a/libs/curl/docs/cmdline-opts/mail-rcpt.d b/libs/curl/docs/cmdline-opts/mail-rcpt.d deleted file mode 100644 index 8a3b43c1..00000000 --- a/libs/curl/docs/cmdline-opts/mail-rcpt.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: mail-rcpt -Arg:
-Help: Mail to this address -Protocols: SMTP -Added: 7.20.0 -Category: smtp -Example: --mail-rcpt user@example.net smtp://example.com -See-also: mail-rcpt-allowfails ---- -Specify a single email address, user name or mailing list name. Repeat this -option several times to send to multiple recipients. - -When performing an address verification (VRFY command), the recipient should be -specified as the user name or user name and domain (as per Section 3.5 of -RFC5321). (Added in 7.34.0) - -When performing a mailing list expand (EXPN command), the recipient should be -specified using the mailing list name, such as "Friends" or "London-Office". -(Added in 7.34.0) diff --git a/libs/curl/docs/cmdline-opts/mail-rcpt.md b/libs/curl/docs/cmdline-opts/mail-rcpt.md new file mode 100644 index 00000000..bd787c2f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/mail-rcpt.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: mail-rcpt +Arg:
+Help: Mail to this address +Protocols: SMTP +Added: 7.20.0 +Category: smtp +Multi: append +See-also: + - mail-rcpt-allowfails +Example: + - --mail-rcpt user@example.net smtp://example.com +--- + +# `--mail-rcpt` + +Specify a single email address, username or mailing list name. Repeat this +option several times to send to multiple recipients. + +When performing an address verification (**VRFY** command), the recipient +should be specified as the username or username and domain (as per Section 3.5 +of RFC 5321). (Added in 7.34.0) + +When performing a mailing list expand (EXPN command), the recipient should be +specified using the mailing list name, such as "Friends" or "London-Office". +(Added in 7.34.0) diff --git a/libs/curl/docs/cmdline-opts/mainpage.idx b/libs/curl/docs/cmdline-opts/mainpage.idx new file mode 100644 index 00000000..8496ee46 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/mainpage.idx @@ -0,0 +1,43 @@ +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +# SPDX-License-Identifier: curl +# +########################################################################### +_NAME.md +_SYNOPSIS.md +_DESCRIPTION.md +_URL.md +_GLOBBING.md +_VARIABLES.md +_OUTPUT.md +_PROTOCOLS.md +_PROGRESS.md +_VERSION.md +_OPTIONS.md +%options +_FILES.md +_ENVIRONMENT.md +_PROXYPREFIX.md +_EXITCODES.md +_BUGS.md +_AUTHORS.md +_WWW.md +_SEEALSO.md diff --git a/libs/curl/docs/cmdline-opts/manual.d b/libs/curl/docs/cmdline-opts/manual.d deleted file mode 100644 index 9674a465..00000000 --- a/libs/curl/docs/cmdline-opts/manual.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: manual -Short: M -Help: Display the full manual -Category: curl -Example: --manual -Added: 5.2 -See-also: verbose libcurl trace ---- -Manual. Display the huge help text. diff --git a/libs/curl/docs/cmdline-opts/manual.md b/libs/curl/docs/cmdline-opts/manual.md new file mode 100644 index 00000000..bf44f3b8 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/manual.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: manual +Short: M +Help: Display the full manual +Category: curl +Added: 5.2 +Multi: custom +See-also: + - verbose + - libcurl + - trace +Example: + - --manual +--- + +# `--manual` + +Manual. Display the huge help text. diff --git a/libs/curl/docs/cmdline-opts/max-filesize.d b/libs/curl/docs/cmdline-opts/max-filesize.d deleted file mode 100644 index 9e3abca4..00000000 --- a/libs/curl/docs/cmdline-opts/max-filesize.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: max-filesize -Arg: -Help: Maximum file size to download -Protocols: FTP HTTP MQTT -See-also: limit-rate -Category: connection -Example: --max-filesize 100K $URL -Added: 7.10.8 ---- -Specify the maximum size (in bytes) of a file to download. If the file -requested is larger than this value, the transfer will not start and curl will -return with exit code 63. - -A size modifier may be used. For example, Appending 'k' or 'K' will count the -number as kilobytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it -gigabytes. Examples: 200K, 3m and 1G. (Added in 7.58.0) - -**NOTE**: The file size is not always known prior to download, and for such -files this option has no effect even if the file transfer ends up being larger -than this given limit. \ No newline at end of file diff --git a/libs/curl/docs/cmdline-opts/max-filesize.md b/libs/curl/docs/cmdline-opts/max-filesize.md new file mode 100644 index 00000000..998359cf --- /dev/null +++ b/libs/curl/docs/cmdline-opts/max-filesize.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: max-filesize +Arg: +Help: Maximum file size to download +Protocols: FTP HTTP MQTT +Category: connection +Added: 7.10.8 +Multi: single +See-also: + - limit-rate +Example: + - --max-filesize 100K $URL +--- + +# `--max-filesize` + +Specify the maximum size (in bytes) of a file to download. If the file +requested is larger than this value, the transfer does not start and curl +returns with exit code 63. + +A size modifier may be used. For example, Appending 'k' or 'K' counts the +number as kilobytes, 'm' or 'M' makes it megabytes, while 'g' or 'G' makes it +gigabytes. Examples: 200K, 3m and 1G. (Added in 7.58.0) + +**NOTE**: before curl 8.4.0, when the file size is not known prior to +download, for such files this option has no effect even if the file transfer +ends up being larger than this given limit. + +Starting with curl 8.4.0, this option aborts the transfer if it reaches the +threshold during transfer. diff --git a/libs/curl/docs/cmdline-opts/max-redirs.d b/libs/curl/docs/cmdline-opts/max-redirs.d deleted file mode 100644 index a0b54939..00000000 --- a/libs/curl/docs/cmdline-opts/max-redirs.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: max-redirs -Arg: -Help: Maximum number of redirects allowed -Protocols: HTTP -Category: http -Example: --max-redirs 3 --location $URL -Added: 7.5 -See-also: location ---- -Set maximum number of redirections to follow. When --location is used, to -prevent curl from following too many redirects, by default, the limit is -set to 50 redirects. Set this option to -1 to make it unlimited. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/max-redirs.md b/libs/curl/docs/cmdline-opts/max-redirs.md new file mode 100644 index 00000000..52b0c572 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/max-redirs.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: max-redirs +Arg: +Help: Maximum number of redirects allowed +Protocols: HTTP +Category: http +Added: 7.5 +Multi: single +See-also: + - location +Example: + - --max-redirs 3 --location $URL +--- + +# `--max-redirs` + +Set maximum number of redirections to follow. When --location is used, to +prevent curl from following too many redirects, by default, the limit is +set to 50 redirects. Set this option to -1 to make it unlimited. diff --git a/libs/curl/docs/cmdline-opts/max-time.d b/libs/curl/docs/cmdline-opts/max-time.d deleted file mode 100644 index 7246f613..00000000 --- a/libs/curl/docs/cmdline-opts/max-time.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: max-time -Short: m -Arg: -Help: Maximum time allowed for transfer -See-also: connect-timeout -Category: connection -Example: --max-time 10 $URL -Example: --max-time 2.92 $URL -Added: 4.0 ---- -Maximum time in seconds that you allow the whole operation to take. This is -useful for preventing your batch jobs from hanging for hours due to slow -networks or links going down. Since 7.32.0, this option accepts decimal -values, but the actual timeout will decrease in accuracy as the specified -timeout increases in decimal precision. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/max-time.md b/libs/curl/docs/cmdline-opts/max-time.md new file mode 100644 index 00000000..1d19e497 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/max-time.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: max-time +Short: m +Arg: +Help: Maximum time allowed for transfer +Category: connection timeout +Added: 4.0 +Multi: single +See-also: + - connect-timeout + - retry-max-time +Example: + - --max-time 10 $URL + - --max-time 2.92 $URL +--- + +# `--max-time` + +Set maximum time in seconds that you allow each transfer to take. Prevents +your batch jobs from hanging for hours due to slow networks or links going +down. This option accepts decimal values (added in 7.32.0). + +If you enable retrying the transfer (--retry) then the maximum time counter is +reset each time the transfer is retried. You can use --retry-max-time to limit +the retry time. + +The decimal value needs to provided using a dot (.) as decimal separator - not +the local version even if it might be using another separator. diff --git a/libs/curl/docs/cmdline-opts/metalink.d b/libs/curl/docs/cmdline-opts/metalink.d deleted file mode 100644 index f1c0aeef..00000000 --- a/libs/curl/docs/cmdline-opts/metalink.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: metalink -Help: Process given URLs as metalink XML file -Added: 7.27.0 -Category: misc -Example: --metalink file $URL -See-also: parallel ---- -This option was previously used to specify a metalink resource. Metalink -support has been disabled in curl since 7.78.0 for security reasons. diff --git a/libs/curl/docs/cmdline-opts/metalink.md b/libs/curl/docs/cmdline-opts/metalink.md new file mode 100644 index 00000000..d3d3e257 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/metalink.md @@ -0,0 +1,18 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: metalink +Help: Process given URLs as metalink XML file +Added: 7.27.0 +Category: deprecated +Multi: single +See-also: + - parallel +Example: + - --metalink file $URL +--- + +# `--metalink` + +This option was previously used to specify a Metalink resource. Metalink +support is disabled in curl for security reasons (added in 7.78.0). diff --git a/libs/curl/docs/cmdline-opts/mptcp.md b/libs/curl/docs/cmdline-opts/mptcp.md new file mode 100644 index 00000000..698b6937 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/mptcp.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Dorian Craps, +SPDX-License-Identifier: curl +Long: mptcp +Added: 8.9.0 +Help: Enable Multipath TCP +Category: connection +Multi: boolean +See-also: + - tcp-fastopen +Example: + - --mptcp $URL +--- + +# `--mptcp` + +Enables the use of Multipath TCP (MPTCP) for connections. MPTCP is an extension +to the standard TCP that allows multiple TCP streams over different network +paths between the same source and destination. This can enhance bandwidth and +improve reliability by using multiple paths simultaneously. + +MPTCP is beneficial in networks where multiple paths exist between clients and +servers, such as mobile networks where a device may switch between WiFi and +cellular data or in wired networks with multiple Internet Service Providers. + +This option is currently only supported on Linux starting from kernel 5.6. Only +TCP connections are modified, hence this option does not effect HTTP/3 (QUIC) +or UDP connections. + +The server curl connects to must also support MPTCP. If not, the connection +seamlessly falls back to TCP. diff --git a/libs/curl/docs/cmdline-opts/negotiate.d b/libs/curl/docs/cmdline-opts/negotiate.d deleted file mode 100644 index 69a0e6c6..00000000 --- a/libs/curl/docs/cmdline-opts/negotiate.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: negotiate -Help: Use HTTP Negotiate (SPNEGO) authentication -Protocols: HTTP -See-also: basic ntlm anyauth proxy-negotiate -Category: auth http -Example: --negotiate -u : $URL -Added: 7.10.6 ---- -Enables Negotiate (SPNEGO) authentication. - -This option requires a library built with GSS-API or SSPI support. Use ---version to see if your curl supports GSS-API/SSPI or SPNEGO. - -When using this option, you must also provide a fake --user option to activate -the authentication code properly. Sending a '-u :' is enough as the user name -and password from the --user option are not actually used. - -If this option is used several times, only the first one is used. diff --git a/libs/curl/docs/cmdline-opts/negotiate.md b/libs/curl/docs/cmdline-opts/negotiate.md new file mode 100644 index 00000000..bba3f6a0 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/negotiate.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: negotiate +Help: Use HTTP Negotiate (SPNEGO) authentication +Protocols: HTTP +Category: auth http +Added: 7.10.6 +Multi: mutex +See-also: + - basic + - ntlm + - anyauth + - proxy-negotiate +Example: + - --negotiate -u : $URL +--- + +# `--negotiate` + +Enable Negotiate (SPNEGO) authentication. + +This option requires a library built with GSS-API or SSPI support. Use +--version to see if your curl supports GSS-API/SSPI or SPNEGO. + +When using this option, you must also provide a fake --user option to activate +the authentication code properly. Sending a '-u :' is enough as the username +and password from the --user option are not actually used. diff --git a/libs/curl/docs/cmdline-opts/netrc-file.d b/libs/curl/docs/cmdline-opts/netrc-file.d deleted file mode 100644 index 7af727fb..00000000 --- a/libs/curl/docs/cmdline-opts/netrc-file.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: netrc-file -Help: Specify FILE for netrc -Arg: -Added: 7.21.5 -Mutexed: netrc -Category: curl -Example: --netrc-file netrc $URL -See-also: netrc user config ---- -This option is similar to --netrc, except that you provide the path (absolute -or relative) to the netrc file that curl should use. You can only specify one -netrc file per invocation. If several --netrc-file options are provided, -the last one will be used. - -It will abide by --netrc-optional if specified. diff --git a/libs/curl/docs/cmdline-opts/netrc-file.md b/libs/curl/docs/cmdline-opts/netrc-file.md new file mode 100644 index 00000000..3df72ce1 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/netrc-file.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: netrc-file +Help: Specify FILE for netrc +Arg: +Added: 7.21.5 +Mutexed: netrc +Category: auth +Multi: single +See-also: + - netrc + - user + - config +Example: + - --netrc-file netrc $URL +--- + +# `--netrc-file` + +Set the netrc file to use. Similar to --netrc, except that you also provide +the path (absolute or relative). + +It abides by --netrc-optional if specified. diff --git a/libs/curl/docs/cmdline-opts/netrc-optional.d b/libs/curl/docs/cmdline-opts/netrc-optional.d deleted file mode 100644 index 5f6fea62..00000000 --- a/libs/curl/docs/cmdline-opts/netrc-optional.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: netrc-optional -Help: Use either .netrc or URL -Mutexed: netrc -See-also: netrc-file -Category: curl -Example: --netrc-optional $URL -Added: 7.9.8 ---- -Similar to --netrc, but this option makes the .netrc usage **optional** -and not mandatory as the --netrc option does. diff --git a/libs/curl/docs/cmdline-opts/netrc-optional.md b/libs/curl/docs/cmdline-opts/netrc-optional.md new file mode 100644 index 00000000..9b9c068c --- /dev/null +++ b/libs/curl/docs/cmdline-opts/netrc-optional.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: netrc-optional +Help: Use either .netrc or URL +Mutexed: netrc +Category: auth +Added: 7.9.8 +Multi: boolean +See-also: + - netrc-file +Example: + - --netrc-optional $URL +--- + +# `--netrc-optional` + +Similar to --netrc, but this option makes the .netrc usage **optional** +and not mandatory as the --netrc option does. diff --git a/libs/curl/docs/cmdline-opts/netrc.d b/libs/curl/docs/cmdline-opts/netrc.d deleted file mode 100644 index 02497f78..00000000 --- a/libs/curl/docs/cmdline-opts/netrc.d +++ /dev/null @@ -1,23 +0,0 @@ -Long: netrc -Short: n -Help: Must read .netrc for user name and password -Category: curl -Example: --netrc $URL -Added: 4.6 -See-also: netrc-file config user ---- -Makes curl scan the *.netrc* (*_netrc* on Windows) file in the user's home -directory for login name and password. This is typically used for FTP on -Unix. If used with HTTP, curl will enable user authentication. See -*netrc(5)* and *ftp(1)* for details on the file format. Curl will not -complain if that file does not have the right permissions (it should be -neither world- nor group-readable). The environment variable "HOME" is used -to find the home directory. - -A quick and simple example of how to setup a *.netrc* to allow curl to FTP to -the machine host.domain.com with user name \&'myself' and password \&'secret' -could look similar to: - - machine host.domain.com - login myself - password secret" diff --git a/libs/curl/docs/cmdline-opts/netrc.md b/libs/curl/docs/cmdline-opts/netrc.md new file mode 100644 index 00000000..26e1ccd2 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/netrc.md @@ -0,0 +1,38 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: netrc +Short: n +Help: Must read .netrc for username and password +Category: auth +Added: 4.6 +Mutexed: netrc-file netrc-optional +Multi: boolean +See-also: + - netrc-file + - config + - user +Example: + - --netrc $URL +--- + +# `--netrc` + +Make curl scan the *.netrc* file in the user's home directory for login name +and password. This is typically used for FTP on Unix. If used with HTTP, curl +enables user authentication. See *netrc(5)* and *ftp(1)* for details on the +file format. Curl does not complain if that file does not have the right +permissions (it should be neither world- nor group-readable). The environment +variable "HOME" is used to find the home directory. + +On Windows two filenames in the home directory are checked: *.netrc* and +*_netrc*, preferring the former. Older versions on Windows checked for *_netrc* +only. + +A quick and simple example of how to setup a *.netrc* to allow curl to FTP to +the machine host.domain.com with username 'myself' and password 'secret' could +look similar to: + + machine host.domain.com + login myself + password secret diff --git a/libs/curl/docs/cmdline-opts/next.d b/libs/curl/docs/cmdline-opts/next.d deleted file mode 100644 index d3da64f5..00000000 --- a/libs/curl/docs/cmdline-opts/next.d +++ /dev/null @@ -1,26 +0,0 @@ -Short: : -Long: next -Tags: -Protocols: -Added: 7.36.0 -Magic: divider -Help: Make next URL use its separate set of options -Category: curl -Example: $URL --next -d postthis www2.example.com -Example: -I $URL --next https://example.net/ -See-also: parallel config ---- -Tells curl to use a separate operation for the following URL and associated -options. This allows you to send several URL requests, each with their own -specific options, for example, such as different user names or custom requests -for each. - ---next will reset all local options and only global ones will have their -values survive over to the operation following the --next instruction. Global -options include --verbose, --trace, --trace-ascii and --fail-early. - -For example, you can do both a GET and a POST in a single command line: - -.nf - curl www1.example.com --next -d postthis www2.example.com -.fi diff --git a/libs/curl/docs/cmdline-opts/next.md b/libs/curl/docs/cmdline-opts/next.md new file mode 100644 index 00000000..cb67e907 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/next.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: : +Long: next +Tags: +Protocols: +Added: 7.36.0 +Magic: divider +Help: Make next URL use separate options +Category: curl +Multi: append +See-also: + - parallel + - config +Example: + - $URL --next -d postthis www2.example.com + - -I $URL --next https://example.net/ +--- + +# `--next` + +Use a separate operation for the following URL and associated options. This +allows you to send several URL requests, each with their own specific options, +for example, such as different usernames or custom requests for each. + +--next resets all local options and only global ones have their values survive +over to the operation following the --next instruction. Global options include +--verbose, --trace, --trace-ascii and --fail-early. + +For example, you can do both a GET and a POST in a single command line: + + curl www1.example.com --next -d postthis www2.example.com diff --git a/libs/curl/docs/cmdline-opts/no-alpn.d b/libs/curl/docs/cmdline-opts/no-alpn.d deleted file mode 100644 index bc620763..00000000 --- a/libs/curl/docs/cmdline-opts/no-alpn.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: no-alpn -Tags: HTTP/2 -Protocols: HTTPS -Added: 7.36.0 -See-also: no-npn http2 -Requires: TLS -Help: Disable the ALPN TLS extension -Category: tls http -Example: --no-alpn $URL ---- -Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built -with an SSL library that supports ALPN. ALPN is used by a libcurl that supports -HTTP/2 to negotiate HTTP/2 support with the server during https sessions. diff --git a/libs/curl/docs/cmdline-opts/no-alpn.md b/libs/curl/docs/cmdline-opts/no-alpn.md new file mode 100644 index 00000000..47529487 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/no-alpn.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-alpn +Tags: HTTP/2 +Protocols: HTTPS +Added: 7.36.0 +Requires: TLS +Help: Disable the ALPN TLS extension +Category: tls http +Multi: boolean +See-also: + - no-npn + - http2 +Example: + - --no-alpn $URL +--- + +# `--no-alpn` + +Disable the ALPN TLS extension. ALPN is enabled by default if libcurl was built +with an SSL library that supports ALPN. ALPN is used by a libcurl that supports +HTTP/2 to negotiate HTTP/2 support with the server during https sessions. + +Note that this is the negated option name documented. You can use --alpn to +enable ALPN. diff --git a/libs/curl/docs/cmdline-opts/no-buffer.d b/libs/curl/docs/cmdline-opts/no-buffer.d deleted file mode 100644 index c356eb34..00000000 --- a/libs/curl/docs/cmdline-opts/no-buffer.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: no-buffer -Short: N -Help: Disable buffering of the output stream -Category: curl -Example: --no-buffer $URL -Added: 6.5 -See-also: progress-bar ---- -Disables the buffering of the output stream. In normal work situations, curl -will use a standard buffered output stream that will have the effect that it -will output the data in chunks, not necessarily exactly when the data arrives. -Using this option will disable that buffering. - -Note that this is the negated option name documented. You can thus use ---buffer to enforce the buffering. diff --git a/libs/curl/docs/cmdline-opts/no-buffer.md b/libs/curl/docs/cmdline-opts/no-buffer.md new file mode 100644 index 00000000..e0860155 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/no-buffer.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-buffer +Short: N +Help: Disable buffering of the output stream +Category: output +Added: 6.5 +Multi: boolean +See-also: + - progress-bar +Example: + - --no-buffer $URL +--- + +# `--no-buffer` + +Disables the buffering of the output stream. In normal work situations, curl +uses a standard buffered output stream that has the effect that it outputs the +data in chunks, not necessarily exactly when the data arrives. Using this +option disables that buffering. + +Note that this is the negated option name documented. You can use --buffer to +enable buffering again. diff --git a/libs/curl/docs/cmdline-opts/no-clobber.md b/libs/curl/docs/cmdline-opts/no-clobber.md new file mode 100644 index 00000000..69090056 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/no-clobber.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-clobber +Help: Do not overwrite files that already exist +Category: output +Added: 7.83.0 +Multi: boolean +See-also: + - output + - remote-name +Example: + - --no-clobber --output local/dir/file $URL +--- + +# `--no-clobber` + +When used in conjunction with the --output, --remote-header-name, +--remote-name, or --remote-name-all options, curl avoids overwriting files +that already exist. Instead, a dot and a number gets appended to the name of +the file that would be created, up to filename.100 after which it does not +create any file. + +Note that this is the negated option name documented. You can thus use +--clobber to enforce the clobbering, even if --remote-header-name is +specified. diff --git a/libs/curl/docs/cmdline-opts/no-keepalive.d b/libs/curl/docs/cmdline-opts/no-keepalive.d deleted file mode 100644 index d65a3bd2..00000000 --- a/libs/curl/docs/cmdline-opts/no-keepalive.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: no-keepalive -Help: Disable TCP keepalive on the connection -Category: connection -Example: --no-keepalive $URL -Added: 7.18.0 -See-also: keepalive-time ---- -Disables the use of keepalive messages on the TCP connection. curl otherwise -enables them by default. - -Note that this is the negated option name documented. You can thus use ---keepalive to enforce keepalive. diff --git a/libs/curl/docs/cmdline-opts/no-keepalive.md b/libs/curl/docs/cmdline-opts/no-keepalive.md new file mode 100644 index 00000000..2c2115fe --- /dev/null +++ b/libs/curl/docs/cmdline-opts/no-keepalive.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-keepalive +Help: Disable TCP keepalive on the connection +Category: connection +Added: 7.18.0 +Multi: boolean +See-also: + - keepalive-time + - keepalive-cnt +Example: + - --no-keepalive $URL +--- + +# `--no-keepalive` + +Disables the use of keepalive messages on the TCP connection. curl otherwise +enables them by default. + +Note that this is the negated option name documented. You can thus use +--keepalive to enforce keepalive. diff --git a/libs/curl/docs/cmdline-opts/no-npn.d b/libs/curl/docs/cmdline-opts/no-npn.d deleted file mode 100644 index 7a9239d3..00000000 --- a/libs/curl/docs/cmdline-opts/no-npn.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: no-npn -Tags: Versions HTTP/2 -Protocols: HTTPS -Added: 7.36.0 -Mutexed: -See-also: no-alpn http2 -Requires: TLS -Help: Disable the NPN TLS extension -Category: tls http -Example: --no-npn $URL ---- -Disable the NPN TLS extension. NPN is enabled by default if libcurl was built -with an SSL library that supports NPN. NPN is used by a libcurl that supports -HTTP/2 to negotiate HTTP/2 support with the server during https sessions. diff --git a/libs/curl/docs/cmdline-opts/no-npn.md b/libs/curl/docs/cmdline-opts/no-npn.md new file mode 100644 index 00000000..dbb69e91 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/no-npn.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-npn +Tags: Versions HTTP/2 +Protocols: HTTPS +Added: 7.36.0 +Mutexed: +Requires: TLS +Help: Disable the NPN TLS extension +Category: deprecated +Multi: boolean +See-also: + - no-alpn + - http2 +Example: + - --no-npn $URL +--- + +# `--no-npn` + +curl never uses NPN, this option has no effect (added in 7.86.0). + +Disable the NPN TLS extension. NPN is enabled by default if libcurl was built +with an SSL library that supports NPN. NPN is used by a libcurl that supports +HTTP/2 to negotiate HTTP/2 support with the server during https sessions. diff --git a/libs/curl/docs/cmdline-opts/no-progress-meter.d b/libs/curl/docs/cmdline-opts/no-progress-meter.d deleted file mode 100644 index 9c7413ee..00000000 --- a/libs/curl/docs/cmdline-opts/no-progress-meter.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: no-progress-meter -Help: Do not show the progress meter -See-also: verbose silent -Added: 7.67.0 -Category: verbose -Example: --no-progress-meter -o store $URL ---- -Option to switch off the progress meter output without muting or otherwise -affecting warning and informational messages like --silent does. - -Note that this is the negated option name documented. You can thus use ---progress-meter to enable the progress meter again. diff --git a/libs/curl/docs/cmdline-opts/no-progress-meter.md b/libs/curl/docs/cmdline-opts/no-progress-meter.md new file mode 100644 index 00000000..72ec9937 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/no-progress-meter.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-progress-meter +Help: Do not show the progress meter +Added: 7.67.0 +Category: verbose +Multi: boolean +See-also: + - verbose + - silent +Example: + - --no-progress-meter -o store $URL +--- + +# `--no-progress-meter` + +Option to switch off the progress meter output without muting or otherwise +affecting warning and informational messages like --silent does. + +Note that this is the negated option name documented. You can thus use +--progress-meter to enable the progress meter again. diff --git a/libs/curl/docs/cmdline-opts/no-sessionid.d b/libs/curl/docs/cmdline-opts/no-sessionid.d deleted file mode 100644 index 1b771857..00000000 --- a/libs/curl/docs/cmdline-opts/no-sessionid.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: no-sessionid -Help: Disable SSL session-ID reusing -Protocols: TLS -Added: 7.16.0 -Category: tls -Example: --no-sessionid $URL -See-also: insecure ---- -Disable curl's use of SSL session-ID caching. By default all transfers are -done using the cache. Note that while nothing should ever get hurt by -attempting to reuse SSL session-IDs, there seem to be broken SSL -implementations in the wild that may require you to disable this in order for -you to succeed. - -Note that this is the negated option name documented. You can thus use ---sessionid to enforce session-ID caching. diff --git a/libs/curl/docs/cmdline-opts/no-sessionid.md b/libs/curl/docs/cmdline-opts/no-sessionid.md new file mode 100644 index 00000000..08ba990b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/no-sessionid.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: no-sessionid +Help: Disable SSL session-ID reusing +Protocols: TLS +Added: 7.16.0 +Category: tls +Multi: boolean +See-also: + - insecure +Example: + - --no-sessionid $URL +--- + +# `--no-sessionid` + +Disable curl's use of SSL session-ID caching. By default all transfers are +done using the cache. Note that while nothing should ever get hurt by +attempting to reuse SSL session-IDs, there seem to be broken SSL +implementations in the wild that may require you to disable this in order for +you to succeed. + +Note that this is the negated option name documented. You can thus use +--sessionid to enforce session-ID caching. diff --git a/libs/curl/docs/cmdline-opts/noproxy.d b/libs/curl/docs/cmdline-opts/noproxy.d deleted file mode 100644 index 0ed39077..00000000 --- a/libs/curl/docs/cmdline-opts/noproxy.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: noproxy -Arg: -Help: List of hosts which do not use proxy -Added: 7.19.4 -Category: proxy -Example: --noproxy "www.example" $URL -See-also: proxy ---- -Comma-separated list of hosts for which not to use a proxy, if one is -specified. The only wildcard is a single * character, which matches all hosts, -and effectively disables the proxy. Each name in this list is matched as -either a domain which contains the hostname, or the hostname itself. For -example, local.com would match local.com, local.com:80, and www.local.com, but -not www.notlocal.com. - -Since 7.53.0, This option overrides the environment variables that disable the -proxy ('no_proxy' and 'NO_PROXY'). If there's an environment variable -disabling a proxy, you can set the noproxy list to \&"" to override it. diff --git a/libs/curl/docs/cmdline-opts/noproxy.md b/libs/curl/docs/cmdline-opts/noproxy.md new file mode 100644 index 00000000..698549e1 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/noproxy.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: noproxy +Arg: +Help: List of hosts which do not use proxy +Added: 7.19.4 +Category: proxy +Multi: single +See-also: + - proxy +Example: + - --noproxy "www.example" $URL +--- + +# `--noproxy` + +Comma-separated list of hosts for which not to use a proxy, if one is +specified. The only wildcard is a single `*` character, which matches all +hosts, and effectively disables the proxy. Each name in this list is matched +as either a domain which contains the hostname, or the hostname itself. For +example, `local.com` would match `local.com`, `local.com:80`, and +`www.local.com`, but not `www.notlocal.com`. + +This option overrides the environment variables that disable the proxy +(`no_proxy` and `NO_PROXY`) (added in 7.53.0). If there is an environment +variable disabling a proxy, you can set the no proxy list to "" to override +it. + +IP addresses specified to this option can be provided using CIDR notation +(added in 7.86.0): an appended slash and number specifies the number of +network bits out of the address to use in the comparison. For example +`192.168.0.0/16` would match all addresses starting with `192.168`. diff --git a/libs/curl/docs/cmdline-opts/ntlm-wb.d b/libs/curl/docs/cmdline-opts/ntlm-wb.d deleted file mode 100644 index c8e72c32..00000000 --- a/libs/curl/docs/cmdline-opts/ntlm-wb.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: ntlm-wb -Help: Use HTTP NTLM authentication with winbind -Protocols: HTTP -See-also: ntlm proxy-ntlm -Category: auth http -Example: --ntlm-wb -u user:password $URL -Added: 7.22.0 ---- -Enables NTLM much in the style --ntlm does, but hand over the authentication -to the separate binary ntlmauth application that is executed when needed. diff --git a/libs/curl/docs/cmdline-opts/ntlm-wb.md b/libs/curl/docs/cmdline-opts/ntlm-wb.md new file mode 100644 index 00000000..3a1d35cb --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ntlm-wb.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ntlm-wb +Help: HTTP NTLM authentication with winbind +Protocols: HTTP +Category: deprecated +Added: 7.22.0 +Multi: mutex +See-also: + - ntlm + - proxy-ntlm +Example: + - --ntlm-wb -u user:password $URL +--- + +# `--ntlm-wb` + +Deprecated option (added in 8.8.0). + +Enabled NTLM much in the style --ntlm does, but handed over the authentication +to a separate executable that was executed when needed. diff --git a/libs/curl/docs/cmdline-opts/ntlm.d b/libs/curl/docs/cmdline-opts/ntlm.d deleted file mode 100644 index 658218a1..00000000 --- a/libs/curl/docs/cmdline-opts/ntlm.d +++ /dev/null @@ -1,21 +0,0 @@ -Long: ntlm -Help: Use HTTP NTLM authentication -Mutexed: basic negotiate digest anyauth -See-also: proxy-ntlm -Protocols: HTTP -Requires: TLS -Category: auth http -Example: --ntlm -u user:password $URL -Added: 7.10.6 ---- -Enables NTLM authentication. The NTLM authentication method was designed by -Microsoft and is used by IIS web servers. It is a proprietary protocol, -reverse-engineered by clever people and implemented in curl based on their -efforts. This kind of behavior should not be endorsed, you should encourage -everyone who uses NTLM to switch to a public and documented authentication -method instead, such as Digest. - -If you want to enable NTLM for your proxy authentication, then use ---proxy-ntlm. - -If this option is used several times, only the first one is used. diff --git a/libs/curl/docs/cmdline-opts/ntlm.md b/libs/curl/docs/cmdline-opts/ntlm.md new file mode 100644 index 00000000..b37716bc --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ntlm.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ntlm +Help: HTTP NTLM authentication +Mutexed: basic negotiate digest anyauth +Protocols: HTTP +Requires: TLS +Category: auth http +Added: 7.10.6 +Multi: mutex +See-also: + - proxy-ntlm +Example: + - --ntlm -u user:password $URL +--- + +# `--ntlm` + +Use NTLM authentication. The NTLM authentication method was designed by +Microsoft and is used by IIS web servers. It is a proprietary protocol, +reverse-engineered by clever people and implemented in curl based on their +efforts. This kind of behavior should not be endorsed, you should encourage +everyone who uses NTLM to switch to a public and documented authentication +method instead, such as Digest. + +If you want to enable NTLM for your proxy authentication, then use +--proxy-ntlm. diff --git a/libs/curl/docs/cmdline-opts/oauth2-bearer.d b/libs/curl/docs/cmdline-opts/oauth2-bearer.d deleted file mode 100644 index e5ed0e87..00000000 --- a/libs/curl/docs/cmdline-opts/oauth2-bearer.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: oauth2-bearer -Help: OAuth 2 Bearer Token -Arg: -Protocols: IMAP POP3 SMTP HTTP -Category: auth -Example: --oauth2-bearer "mF_9.B5f-4.1JqM" $URL -Added: 7.33.0 -See-also: basic ntlm digest ---- -Specify the Bearer Token for OAUTH 2.0 server authentication. The Bearer Token -is used in conjunction with the user name which can be specified as part of -the --url or --user options. - -The Bearer Token and user name are formatted according to RFC 6750. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/oauth2-bearer.md b/libs/curl/docs/cmdline-opts/oauth2-bearer.md new file mode 100644 index 00000000..b66477fc --- /dev/null +++ b/libs/curl/docs/cmdline-opts/oauth2-bearer.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: oauth2-bearer +Help: OAuth 2 Bearer Token +Arg: +Protocols: IMAP LDAP POP3 SMTP HTTP +Category: auth imap pop3 smtp ldap +Added: 7.33.0 +Multi: single +See-also: + - basic + - ntlm + - digest +Example: + - --oauth2-bearer "mF_9.B5f-4.1JqM" $URL +--- + +# `--oauth2-bearer` + +Specify the Bearer Token for OAUTH 2.0 server authentication. The Bearer Token +is used in conjunction with the username which can be specified as part of the +--url or --user options. + +The Bearer Token and username are formatted according to RFC 6750. diff --git a/libs/curl/docs/cmdline-opts/output-dir.d b/libs/curl/docs/cmdline-opts/output-dir.d deleted file mode 100644 index 230ebeea..00000000 --- a/libs/curl/docs/cmdline-opts/output-dir.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: output-dir -Arg: -Help: Directory to save files in -Added: 7.73.0 -See-also: remote-name remote-header-name -Category: curl -Example: --output-dir "tmp" -O $URL ---- - -This option specifies the directory in which files should be stored, when ---remote-name or --output are used. - -The given output directory is used for all URLs and output options on the -command line, up until the first --next. - -If the specified target directory does not exist, the operation will fail -unless --create-dirs is also used. - -If this option is used multiple times, the last specified directory will be -used. diff --git a/libs/curl/docs/cmdline-opts/output-dir.md b/libs/curl/docs/cmdline-opts/output-dir.md new file mode 100644 index 00000000..468ecc8a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/output-dir.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: output-dir +Arg: +Help: Directory to save files in +Added: 7.73.0 +Category: output +Multi: single +See-also: + - remote-name + - remote-header-name +Example: + - --output-dir "tmp" -O $URL +--- + +# `--output-dir` + +Specify the directory in which files should be stored, when --remote-name or +--output are used. + +The given output directory is used for all URLs and output options on the +command line, up until the first --next. + +If the specified target directory does not exist, the operation fails unless +--create-dirs is also used. diff --git a/libs/curl/docs/cmdline-opts/output.d b/libs/curl/docs/cmdline-opts/output.d deleted file mode 100644 index 15ddd525..00000000 --- a/libs/curl/docs/cmdline-opts/output.d +++ /dev/null @@ -1,46 +0,0 @@ -Long: output -Arg: -Short: o -Help: Write to file instead of stdout -See-also: remote-name remote-name-all remote-header-name -Category: important curl -Example: -o file $URL -Example: "http://{one,two}.example.com" -o "file_#1.txt" -Example: "http://{site,host}.host[1-5].com" -o "#1_#2" -Example: -o file $URL -o file2 https://example.net -Added: 4.0 ---- -Write output to instead of stdout. If you are using {} or [] to fetch -multiple documents, you should quote the URL and you can use '#' followed by a -number in the specifier. That variable will be replaced with the current -string for the URL being fetched. Like in: - - curl "http://{one,two}.example.com" -o "file_#1.txt" - -or use several variables like: - - curl "http://{site,host}.host[1-5].com" -o "#1_#2" - -You may use this option as many times as the number of URLs you have. For -example, if you specify two URLs on the same command line, you can use it like -this: - - curl -o aa example.com -o bb example.net - -and the order of the -o options and the URLs does not matter, just that the -first -o is for the first URL and so on, so the above command line can also be -written as - - curl example.com example.net -o aa -o bb - -See also the --create-dirs option to create the local directories -dynamically. Specifying the output as '-' (a single dash) will force the -output to be done to stdout. - -To suppress response bodies, you can redirect output to /dev/null: - - curl example.com -o /dev/null - -Or for Windows use nul: - - curl example.com -o nul diff --git a/libs/curl/docs/cmdline-opts/output.md b/libs/curl/docs/cmdline-opts/output.md new file mode 100644 index 00000000..48360a49 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/output.md @@ -0,0 +1,62 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: output +Arg: +Short: o +Help: Write to file instead of stdout +Category: important output +Added: 4.0 +Multi: per-URL +See-also: + - remote-name + - remote-name-all + - remote-header-name +Example: + - -o file $URL + - "http://{one,two}.example.com" -o "file_#1.txt" + - "http://{site,host}.host[1-5].example" -o "#1_#2" + - -o file $URL -o file2 https://example.net +--- + +# `--output` + +Write output to the given file instead of stdout. If you are using globbing to +fetch multiple documents, you should quote the URL and you can use `#` +followed by a number in the filename. That variable is then replaced with the +current string for the URL being fetched. Like in: + + curl "http://{one,two}.example.com" -o "file_#1.txt" + +or use several variables like: + + curl "http://{site,host}.host[1-5].example" -o "#1_#2" + +You may use this option as many times as the number of URLs you have. For +example, if you specify two URLs on the same command line, you can use it like +this: + + curl -o aa example.com -o bb example.net + +and the order of the -o options and the URLs does not matter, just that the +first -o is for the first URL and so on, so the above command line can also be +written as + + curl example.com example.net -o aa -o bb + +See also the --create-dirs option to create the local directories +dynamically. Specifying the output as '-' (a single dash) passes the output to +stdout. + +To suppress response bodies, you can redirect output to /dev/null: + + curl example.com -o /dev/null + +Or for Windows: + + curl example.com -o nul + +Specify the filename as single minus to force the output to stdout, to +override curl's internal binary output in terminal prevention: + + curl https://example.com/jpeg -o - diff --git a/libs/curl/docs/cmdline-opts/page-footer b/libs/curl/docs/cmdline-opts/page-footer deleted file mode 100644 index edd756f0..00000000 --- a/libs/curl/docs/cmdline-opts/page-footer +++ /dev/null @@ -1,321 +0,0 @@ -.SH FILES -.I ~/.curlrc -.RS -Default config file, see --config for details. -.SH ENVIRONMENT -The environment variables can be specified in lower case or upper case. The -lower case version has precedence. http_proxy is an exception as it is only -available in lower case. - -Using an environment variable to set the proxy has the same effect as using -the --proxy option. - -.IP "http_proxy [protocol://][:port]" -Sets the proxy server to use for HTTP. -.IP "HTTPS_PROXY [protocol://][:port]" -Sets the proxy server to use for HTTPS. -.IP "[url-protocol]_PROXY [protocol://][:port]" -Sets the proxy server to use for [url-protocol], where the protocol is a -protocol that curl supports and as specified in a URL. FTP, FTPS, POP3, IMAP, -SMTP, LDAP, etc. -.IP "ALL_PROXY [protocol://][:port]" -Sets the proxy server to use if no protocol-specific proxy is set. -.IP "NO_PROXY " -list of host names that should not go through any proxy. If set to an asterisk -\&'*' only, it matches all hosts. Each name in this list is matched as either -a domain name which contains the hostname, or the hostname itself. - -This environment variable disables use of the proxy even when specified with -the --proxy option. That is -.B NO_PROXY=direct.example.com curl -x http://proxy.example.com -.B http://direct.example.com -accesses the target URL directly, and -.B NO_PROXY=direct.example.com curl -x http://proxy.example.com -.B http://somewhere.example.com -accesses the target URL through the proxy. - -The list of host names can also be include numerical IP addresses, and IPv6 -versions should then be given without enclosing brackets. - -IPv6 numerical addresses are compared as strings, so they will only match if -the representations are the same: "::1" is the same as "::0:1" but they do not -match. -.IP "APPDATA " -On Windows, this variable is used when trying to find the home directory. If -the primary home variable are all unset. -.IP "COLUMNS " -If set, the specified number of characters will be used as the terminal width -when the alternative progress-bar is shown. If not set, curl will try to -figure it out using other ways. -.IP "CURL_CA_BUNDLE " -If set, will be used as the \fI--cacert\fP value. -.IP "CURL_HOME " -If set, is the first variable curl checks when trying to find its home -directory. If not set, it continues to check \fBXDG_CONFIG_HOME\fP. -.IP "CURL_SSL_BACKEND " -If curl was built with support for "MultiSSL", meaning that it has built-in -support for more than one TLS backend, this environment variable can be set to -the case insensitive name of the particular backend to use when curl is -invoked. Setting a name that is not a built-in alternative will make curl -stay with the default. - -SSL backend names (case-insensitive): bearssl, gnutls, gskit, mbedtls, -mesalink, nss, openssl, rustls, schannel, secure-transport, wolfssl -.IP "HOME " -If set, this is used to find the home directory when that is needed. Like when -looking for the default .curlrc. \fBCURL_HOME\fP and \fBXDG_CONFIG_HOME\fP -have preference. -.IP "QLOGDIR " -If curl was built with HTTP/3 support, setting this environment variable to a -local directory will make curl produce qlogs in that directory, using file -names named after the destination connection id (in hex). Do note that these -files can become rather large. Works with both QUIC backends. -.IP SHELL -Used on VMS when trying to detect if using a DCL or a "unix" shell. -.IP "SSL_CERT_DIR " -If set, will be used as the \fI--capath\fP value. -.IP "SSL_CERT_FILE " -If set, will be used as the \fI--cacert\fP value. -.IP "SSLKEYLOGFILE " -If you set this environment variable to a file name, curl will store TLS -secrets from its connections in that file when invoked to enable you to -analyze the TLS traffic in real time using network analyzing tools such as -Wireshark. This works with the following TLS backends: OpenSSL, libressl, -BoringSSL, GnuTLS, NSS and wolfSSL. -.IP "USERPROFILE " -On Windows, this variable is used when trying to find the home directory. If -the other, primary, variable are all unset. If set, curl will use the path -"$USERPROFILE\\Application Data". -.IP "XDG_CONFIG_HOME " -If \fBCURL_HOME\fP is not set, this variable is checked when looking for a -default .curlrc file. -.SH "PROXY PROTOCOL PREFIXES" -The proxy string may be specified with a protocol:// prefix to specify -alternative proxy protocols. (Added in 7.21.7) - -If no protocol is specified in the proxy string or if the string does not match -a supported one, the proxy will be treated as an HTTP proxy. - -The supported proxy protocol prefixes are as follows: -.IP "http://" -Makes it use it as an HTTP proxy. The default if no scheme prefix is used. -.IP "https://" -Makes it treated as an **HTTPS** proxy. -.IP "socks4://" -Makes it the equivalent of --socks4 -.IP "socks4a://" -Makes it the equivalent of --socks4a -.IP "socks5://" -Makes it the equivalent of --socks5 -.IP "socks5h://" -Makes it the equivalent of --socks5-hostname -.SH EXIT CODES -There are a bunch of different error codes and their corresponding error -messages that may appear under error conditions. At the time of this writing, -the exit codes are: -.IP 1 -Unsupported protocol. This build of curl has no support for this protocol. -.IP 2 -Failed to initialize. -.IP 3 -URL malformed. The syntax was not correct. -.IP 4 -A feature or option that was needed to perform the desired request was not -enabled or was explicitly disabled at build-time. To make curl able to do -this, you probably need another build of libcurl. -.IP 5 -Could not resolve proxy. The given proxy host could not be resolved. -.IP 6 -Could not resolve host. The given remote host could not be resolved. -.IP 7 -Failed to connect to host. -.IP 8 -Weird server reply. The server sent data curl could not parse. -.IP 9 -FTP access denied. The server denied login or denied access to the particular -resource or directory you wanted to reach. Most often you tried to change to a -directory that does not exist on the server. -.IP 10 -FTP accept failed. While waiting for the server to connect back when an active -FTP session is used, an error code was sent over the control connection or -similar. -.IP 11 -FTP weird PASS reply. Curl could not parse the reply sent to the PASS request. -.IP 12 -During an active FTP session while waiting for the server to connect back to -curl, the timeout expired. -.IP 13 -FTP weird PASV reply, Curl could not parse the reply sent to the PASV request. -.IP 14 -FTP weird 227 format. Curl could not parse the 227-line the server sent. -.IP 15 -FTP cannot use host. Could not resolve the host IP we got in the 227-line. -.IP 16 -HTTP/2 error. A problem was detected in the HTTP2 framing layer. This is -somewhat generic and can be one out of several problems, see the error message -for details. -.IP 17 -FTP could not set binary. Could not change transfer method to binary. -.IP 18 -Partial file. Only a part of the file was transferred. -.IP 19 -FTP could not download/access the given file, the RETR (or similar) command -failed. -.IP 21 -FTP quote error. A quote command returned error from the server. -.IP 22 -HTTP page not retrieved. The requested url was not found or returned another -error with the HTTP error code being 400 or above. This return code only -appears if --fail is used. -.IP 23 -Write error. Curl could not write data to a local filesystem or similar. -.IP 25 -FTP could not STOR file. The server denied the STOR operation, used for FTP -uploading. -.IP 26 -Read error. Various reading problems. -.IP 27 -Out of memory. A memory allocation request failed. -.IP 28 -Operation timeout. The specified time-out period was reached according to the -conditions. -.IP 30 -FTP PORT failed. The PORT command failed. Not all FTP servers support the PORT -command, try doing a transfer using PASV instead! -.IP 31 -FTP could not use REST. The REST command failed. This command is used for -resumed FTP transfers. -.IP 33 -HTTP range error. The range "command" did not work. -.IP 34 -HTTP post error. Internal post-request generation error. -.IP 35 -SSL connect error. The SSL handshaking failed. -.IP 36 -Bad download resume. Could not continue an earlier aborted download. -.IP 37 -FILE could not read file. Failed to open the file. Permissions? -.IP 38 -LDAP cannot bind. LDAP bind operation failed. -.IP 39 -LDAP search failed. -.IP 41 -Function not found. A required LDAP function was not found. -.IP 42 -Aborted by callback. An application told curl to abort the operation. -.IP 43 -Internal error. A function was called with a bad parameter. -.IP 45 -Interface error. A specified outgoing interface could not be used. -.IP 47 -Too many redirects. When following redirects, curl hit the maximum amount. -.IP 48 -Unknown option specified to libcurl. This indicates that you passed a weird -option to curl that was passed on to libcurl and rejected. Read up in the -manual! -.IP 49 -Malformed telnet option. -.IP 51 -The peer's SSL certificate or SSH MD5 fingerprint was not OK. -.IP 52 -The server did not reply anything, which here is considered an error. -.IP 53 -SSL crypto engine not found. -.IP 54 -Cannot set SSL crypto engine as default. -.IP 55 -Failed sending network data. -.IP 56 -Failure in receiving network data. -.IP 58 -Problem with the local certificate. -.IP 59 -Could not use specified SSL cipher. -.IP 60 -Peer certificate cannot be authenticated with known CA certificates. -.IP 61 -Unrecognized transfer encoding. -.IP 62 -Invalid LDAP URL. -.IP 63 -Maximum file size exceeded. -.IP 64 -Requested FTP SSL level failed. -.IP 65 -Sending the data requires a rewind that failed. -.IP 66 -Failed to initialise SSL Engine. -.IP 67 -The user name, password, or similar was not accepted and curl failed to log in. -.IP 68 -File not found on TFTP server. -.IP 69 -Permission problem on TFTP server. -.IP 70 -Out of disk space on TFTP server. -.IP 71 -Illegal TFTP operation. -.IP 72 -Unknown TFTP transfer ID. -.IP 73 -File already exists (TFTP). -.IP 74 -No such user (TFTP). -.IP 75 -Character conversion failed. -.IP 76 -Character conversion functions required. -.IP 77 -Problem reading the SSL CA cert (path? access rights?). -.IP 78 -The resource referenced in the URL does not exist. -.IP 79 -An unspecified error occurred during the SSH session. -.IP 80 -Failed to shut down the SSL connection. -.IP 82 -Could not load CRL file, missing or wrong format (added in 7.19.0). -.IP 83 -Issuer check failed (added in 7.19.0). -.IP 84 -The FTP PRET command failed. -.IP 85 -Mismatch of RTSP CSeq numbers. -.IP 86 -Mismatch of RTSP Session Identifiers. -.IP 87 -Unable to parse FTP file list. -.IP 88 -FTP chunk callback reported error. -.IP 89 -No connection available, the session will be queued. -.IP 90 -SSL public key does not matched pinned public key. -.IP 91 -Invalid SSL certificate status. -.IP 92 -Stream error in HTTP/2 framing layer. -.IP 93 -An API function was called from inside a callback. -.IP 94 -An authentication function returned an error. -.IP 95 -A problem was detected in the HTTP/3 layer. This is somewhat generic and can -be one out of several problems, see the error message for details. -.IP 96 -QUIC connection error. This error may be caused by an SSL library error. QUIC -is the protocol used for HTTP/3 transfers. -.IP XX -More error codes will appear here in future releases. The existing ones -are meant to never change. -.SH BUGS -If you experience any problems with curl, submit an issue in the project's bug -tracker on GitHub: https://github.com/curl/curl/issues -.SH AUTHORS / CONTRIBUTORS -Daniel Stenberg is the main author, but the whole list of contributors is -found in the separate THANKS file. -.SH WWW -https://curl.se -.SH "SEE ALSO" -.BR ftp (1), -.BR wget (1) diff --git a/libs/curl/docs/cmdline-opts/page-header b/libs/curl/docs/cmdline-opts/page-header deleted file mode 100644 index 900d21d8..00000000 --- a/libs/curl/docs/cmdline-opts/page-header +++ /dev/null @@ -1,197 +0,0 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) 1998 - 2021, Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at https://curl.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" ************************************************************************** -.\" -.\" DO NOT EDIT. Generated by the curl project gen.pl man page generator. -.\" -.TH curl 1 "%DATE" "curl %VERSION" "curl Manual" -.SH NAME -curl \- transfer a URL -.SH SYNOPSIS -.B curl [options / URLs] -.SH DESCRIPTION -**curl** is a tool for transferring data from or to a server. It supports these -protocols: DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, -LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, -SMTPS, TELNET or TFTP. The command is designed to work without user -interaction. - -curl offers a busload of useful tricks like proxy support, user -authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer -resume and more. As you will see below, the number of features will make your -head spin. - -curl is powered by libcurl for all transfer-related features. See -*libcurl(3)* for details. -.SH URL -The URL syntax is protocol-dependent. You find a detailed description in -RFC 3986. - -You can specify multiple URLs or parts of URLs by writing part sets within -braces and quoting the URL as in: - - "http://site.{one,two,three}.com" - -or you can get sequences of alphanumeric series by using [] as in: - - "ftp://ftp.example.com/file[1-100].txt" - - "ftp://ftp.example.com/file[001-100].txt" (with leading zeros) - - "ftp://ftp.example.com/file[a-z].txt" - -Nested sequences are not supported, but you can use several ones next to each -other: - - "http://example.com/archive[1996-1999]/vol[1-4]/part{a,b,c}.html" - -You can specify any amount of URLs on the command line. They will be fetched -in a sequential manner in the specified order. You can specify command line -options and URLs mixed and in any order on the command line. - -You can specify a step counter for the ranges to get every Nth number or -letter: - - "http://example.com/file[1-100:10].txt" - - "http://example.com/file[a-z:2].txt" - -When using [] or {} sequences when invoked from a command line prompt, you -probably have to put the full URL within double quotes to avoid the shell from -interfering with it. This also goes for other characters treated special, like -for example '&', '?' and '*'. - -Provide the IPv6 zone index in the URL with an escaped percentage sign and the -interface name. Like in - - "http://[fe80::3%25eth0]/" - -If you specify URL without protocol:// prefix, curl will attempt to guess what -protocol you might want. It will then default to HTTP but try other protocols -based on often-used host name prefixes. For example, for host names starting -with "ftp." curl will assume you want to speak FTP. - -curl will do its best to use what you pass to it as a URL. It is not trying to -validate it as a syntactically correct URL by any means but is fairly liberal -with what it accepts. - -curl will attempt to re-use connections for multiple file transfers, so that -getting many files from the same server will not do multiple connects / -handshakes. This improves speed. Of course this is only done on files -specified on a single command line and cannot be used between separate curl -invocations. -.SH OUTPUT -If not told otherwise, curl writes the received data to stdout. It can be -instructed to instead save that data into a local file, using the --output or ---remote-name options. If curl is given multiple URLs to transfer on the -command line, it similarly needs multiple options for where to save them. - -curl does not parse or otherwise "understand" the content it gets or writes as -output. It does no encoding or decoding, unless explicitly asked to with -dedicated command line options. -.SH PROTOCOLS -curl supports numerous protocols, or put in URL terms: schemes. Your -particular build may not support them all. -.IP DICT -Lets you lookup words using online dictionaries. -.IP FILE -Read or write local files. curl does not support accessing file:// URL -remotely, but when running on Microsoft Windows using the native UNC approach -will work. -.IP FTP(S) -curl supports the File Transfer Protocol with a lot of tweaks and levers. With -or without using TLS. -.IP GOPHER(S) -Retrieve files. -.IP HTTP(S) -curl supports HTTP with numerous options and variations. It can speak HTTP -version 0.9, 1.0, 1.1, 2 and 3 depending on build options and the correct -command line options. -.IP IMAP(S) -Using the mail reading protocol, curl can "download" emails for you. With or -without using TLS. -.IP LDAP(S) -curl can do directory lookups for you, with or without TLS. -.IP MQTT -curl supports MQTT version 3. Downloading over MQTT equals "subscribe" to a -topic while uploading/posting equals "publish" on a topic. MQTT over TLS is -not supported (yet). -.IP POP3(S) -Downloading from a pop3 server means getting a mail. With or without using -TLS. -.IP RTMP(S) -The Realtime Messaging Protocol is primarily used to server streaming media -and curl can download it. -.IP RTSP -curl supports RTSP 1.0 downloads. -.IP SCP -curl supports SSH version 2 scp transfers. -.IP SFTP -curl supports SFTP (draft 5) done over SSH version 2. -.IP SMB(S) -curl supports SMB version 1 for upload and download. -.IP SMTP(S) -Uploading contents to an SMTP server means sending an email. With or without -TLS. -.IP TELNET -Telling curl to fetch a telnet URL starts an interactive session where it -sends what it reads on stdin and outputs what the server sends it. -.IP TFTP -curl can do TFTP downloads and uploads. -.SH "PROGRESS METER" -curl normally displays a progress meter during operations, indicating the -amount of transferred data, transfer speeds and estimated time left, etc. The -progress meter displays number of bytes and the speeds are in bytes per -second. The suffixes (k, M, G, T, P) are 1024 based. For example 1k is 1024 -bytes. 1M is 1048576 bytes. - -curl displays this data to the terminal by default, so if you invoke curl to -do an operation and it is about to write data to the terminal, it -*disables* the progress meter as otherwise it would mess up the output -mixing progress meter and response data. - -If you want a progress meter for HTTP POST or PUT requests, you need to -redirect the response output to a file, using shell redirect (>), --output or -similar. - -This does not apply to FTP upload as that operation does not spit out any -response data to the terminal. - -If you prefer a progress "bar" instead of the regular meter, --progress-bar is -your friend. You can also disable the progress meter completely with the ---silent option. -.SH OPTIONS -Options start with one or two dashes. Many of the options require an -additional value next to them. - -The short "single-dash" form of the options, -d for example, may be used with -or without a space between it and its value, although a space is a recommended -separator. The long "double-dash" form, --data for example, requires a space -between it and its value. - -Short version options that do not need any additional values can be used -immediately next to each other, like for example you can specify all the -options -O, -L and -v at once as -OLv. - -In general, all boolean options are enabled with --**option** and yet again -disabled with --**no-**option. That is, you use the same option name but -prefix it with "no-". However, in this list we mostly only list and show the ---option version of them. diff --git a/libs/curl/docs/cmdline-opts/parallel-immediate.d b/libs/curl/docs/cmdline-opts/parallel-immediate.d deleted file mode 100644 index 4f7468de..00000000 --- a/libs/curl/docs/cmdline-opts/parallel-immediate.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: parallel-immediate -Help: Do not wait for multiplexing (with --parallel) -Added: 7.68.0 -See-also: parallel parallel-max -Category: connection curl -Example: --parallel-immediate -Z $URL -o file1 $URL -o file2 ---- -When doing parallel transfers, this option will instruct curl that it should -rather prefer opening up more connections in parallel at once rather than -waiting to see if new transfers can be added as multiplexed streams on another -connection. - -This option is global and does not need to be specified for each use of ---next. diff --git a/libs/curl/docs/cmdline-opts/parallel-immediate.md b/libs/curl/docs/cmdline-opts/parallel-immediate.md new file mode 100644 index 00000000..4d7a3ad5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/parallel-immediate.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: parallel-immediate +Help: Do not wait for multiplexing +Added: 7.68.0 +Category: connection curl global +Multi: boolean +Scope: global +See-also: + - parallel + - parallel-max +Example: + - --parallel-immediate -Z $URL -o file1 $URL -o file2 +--- + +# `--parallel-immediate` + +When doing parallel transfers, this option instructs curl to prefer opening up +more connections in parallel at once rather than waiting to see if new +transfers can be added as multiplexed streams on another connection. + +By default, without this option set, curl prefers to wait a little and +multiplex new transfers over existing connections. It keeps the number of +connections low at the expense of risking a slightly slower transfer startup. diff --git a/libs/curl/docs/cmdline-opts/parallel-max.d b/libs/curl/docs/cmdline-opts/parallel-max.d deleted file mode 100644 index 1f22fcb7..00000000 --- a/libs/curl/docs/cmdline-opts/parallel-max.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: parallel-max -Arg: -Help: Maximum concurrency for parallel transfers -Added: 7.66.0 -See-also: parallel -Category: connection curl -Example: --parallel-max 100 -Z $URL ftp://example.com/ ---- -When asked to do parallel transfers, using --parallel, this option controls -the maximum amount of transfers to do simultaneously. - -This option is global and does not need to be specified for each use of ---next. - -The default is 50. diff --git a/libs/curl/docs/cmdline-opts/parallel-max.md b/libs/curl/docs/cmdline-opts/parallel-max.md new file mode 100644 index 00000000..6b3684b8 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/parallel-max.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: parallel-max +Arg: +Help: Maximum concurrency for parallel transfers +Added: 7.66.0 +Category: connection curl global +Multi: single +Scope: global +See-also: + - parallel +Example: + - --parallel-max 100 -Z $URL ftp://example.com/ +--- + +# `--parallel-max` + +When asked to do parallel transfers, using --parallel, this option controls +the maximum amount of transfers to do simultaneously. + +The default is 50. 300 is the largest supported value. diff --git a/libs/curl/docs/cmdline-opts/parallel.d b/libs/curl/docs/cmdline-opts/parallel.d deleted file mode 100644 index f2ccaa78..00000000 --- a/libs/curl/docs/cmdline-opts/parallel.d +++ /dev/null @@ -1,13 +0,0 @@ -Short: Z -Long: parallel -Help: Perform transfers in parallel -Added: 7.66.0 -Category: connection curl -Example: --parallel $URL -o file1 $URL -o file2 -See-also: next verbose ---- -Makes curl perform its transfers in parallel as compared to the regular serial -manner. - -This option is global and does not need to be specified for each use of ---next. diff --git a/libs/curl/docs/cmdline-opts/parallel.md b/libs/curl/docs/cmdline-opts/parallel.md new file mode 100644 index 00000000..fb9221bc --- /dev/null +++ b/libs/curl/docs/cmdline-opts/parallel.md @@ -0,0 +1,32 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: Z +Long: parallel +Help: Perform transfers in parallel +Added: 7.66.0 +Category: connection curl global +Multi: boolean +Scope: global +See-also: + - next + - verbose + - parallel-max + - parallel-immediate +Example: + - --parallel $URL -o file1 $URL -o file2 +--- + +# `--parallel` + +Makes curl perform all transfers in parallel as compared to the regular serial +manner. Parallel transfer means that curl runs up to N concurrent transfers +simultaneously and if there are more than N transfers to handle, it starts new +ones when earlier transfers finish. + +With parallel transfers, the progress meter output is different than when +doing serial transfers, as it then displays the transfer status for multiple +transfers in a single line. + +The maximum amount of concurrent transfers is set with --parallel-max and it +defaults to 50. diff --git a/libs/curl/docs/cmdline-opts/pass.d b/libs/curl/docs/cmdline-opts/pass.d deleted file mode 100644 index 621754d6..00000000 --- a/libs/curl/docs/cmdline-opts/pass.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: pass -Arg: -Help: Pass phrase for the private key -Protocols: SSH TLS -Category: ssh tls auth -Example: --pass secret --key file $URL -Added: 7.9.3 -See-also: key user ---- -Passphrase for the private key. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/pass.md b/libs/curl/docs/cmdline-opts/pass.md new file mode 100644 index 00000000..98bc35b2 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/pass.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: pass +Arg: +Help: Passphrase for the private key +Protocols: SSH TLS +Category: ssh tls auth +Added: 7.9.3 +Multi: single +See-also: + - key + - user +Example: + - --pass secret --key file $URL +--- + +# `--pass` + +Passphrase for the private key. diff --git a/libs/curl/docs/cmdline-opts/path-as-is.d b/libs/curl/docs/cmdline-opts/path-as-is.d deleted file mode 100644 index 3a82c440..00000000 --- a/libs/curl/docs/cmdline-opts/path-as-is.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: path-as-is -Help: Do not squash .. sequences in URL path -Added: 7.42.0 -Category: curl -Example: --path-as-is https://example.com/../../etc/passwd -See-also: request-target ---- -Tell curl to not handle sequences of /../ or /./ in the given URL -path. Normally curl will squash or merge them according to standards but with -this option set you tell it not to do that. diff --git a/libs/curl/docs/cmdline-opts/path-as-is.md b/libs/curl/docs/cmdline-opts/path-as-is.md new file mode 100644 index 00000000..f3a60cff --- /dev/null +++ b/libs/curl/docs/cmdline-opts/path-as-is.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: path-as-is +Help: Do not squash .. sequences in URL path +Added: 7.42.0 +Category: curl +Multi: boolean +See-also: + - request-target +Example: + - --path-as-is https://example.com/../../etc/passwd +--- + +# `--path-as-is` + +Do not handle sequences of /../ or /./ in the given URL path. Normally curl +squashes or merges them according to standards but with this option set you +tell it not to do that. diff --git a/libs/curl/docs/cmdline-opts/pinnedpubkey.d b/libs/curl/docs/cmdline-opts/pinnedpubkey.d deleted file mode 100644 index b47c42a8..00000000 --- a/libs/curl/docs/cmdline-opts/pinnedpubkey.d +++ /dev/null @@ -1,37 +0,0 @@ -Long: pinnedpubkey -Arg: -Help: FILE/HASHES Public key to verify peer against -Protocols: TLS -Category: tls -Example: --pinnedpubkey keyfile $URL -Example: --pinnedpubkey 'sha256//ce118b51897f4452dc' $URL -Added: 7.39.0 -See-also: hostpubsha256 ---- -Tells curl to use the specified public key file (or hashes) to verify the -peer. This can be a path to a file which contains a single public key in PEM -or DER format, or any number of base64 encoded sha256 hashes preceded by -'sha256//' and separated by ';'. - -When negotiating a TLS or SSL connection, the server sends a certificate -indicating its identity. A public key is extracted from this certificate and -if it does not exactly match the public key provided to this option, curl will -abort the connection before sending or receiving any data. - -PEM/DER support: - -7.39.0: OpenSSL, GnuTLS and GSKit - -7.43.0: NSS and wolfSSL - -7.47.0: mbedtls - -sha256 support: - -7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL - -7.47.0: mbedtls - -Other SSL backends not supported. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/pinnedpubkey.md b/libs/curl/docs/cmdline-opts/pinnedpubkey.md new file mode 100644 index 00000000..d21a18f6 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/pinnedpubkey.md @@ -0,0 +1,45 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: pinnedpubkey +Arg: +Help: Public key to verify peer against +Protocols: TLS +Category: tls +Added: 7.39.0 +Multi: single +See-also: + - hostpubsha256 +Example: + - --pinnedpubkey keyfile $URL + - --pinnedpubkey 'sha256//ce118b51897f4452dc' $URL +--- + +# `--pinnedpubkey` + +Use the specified public key file (or hashes) to verify the peer. This can be +a path to a file which contains a single public key in PEM or DER format, or +any number of base64 encoded sha256 hashes preceded by 'sha256//' and +separated by ';'. + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl +aborts the connection before sending or receiving any data. + +This option is independent of option --insecure. If you use both options +together then the peer is still verified by public key. + +PEM/DER support: + +OpenSSL and GnuTLS (added in 7.39.0), wolfSSL (added in 7.43.0), mbedTLS +(added in 7.47.0), Secure Transport macOS 10.7+/iOS 10+ (added in 7.54.1), +Schannel (added in 7.58.1) + +sha256 support: + +OpenSSL, GnuTLS and wolfSSL (added in 7.44.0), mbedTLS (added in 7.47.0), +Secure Transport macOS 10.7+/iOS 10+ (added in 7.54.1), Schannel +(added in 7.58.1) + +Other SSL backends not supported. diff --git a/libs/curl/docs/cmdline-opts/post301.d b/libs/curl/docs/cmdline-opts/post301.d deleted file mode 100644 index 744ef581..00000000 --- a/libs/curl/docs/cmdline-opts/post301.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: post301 -Help: Do not switch to GET after following a 301 -Protocols: HTTP -See-also: post302 post303 location -Added: 7.17.1 -Category: http post -Example: --post301 --location -d "data" $URL ---- -Tells curl to respect RFC 7231/6.4.2 and not convert POST requests into GET -requests when following a 301 redirection. The non-RFC behavior is ubiquitous -in web browsers, so curl does the conversion by default to maintain -consistency. However, a server may require a POST to remain a POST after such -a redirection. This option is meaningful only when using --location. diff --git a/libs/curl/docs/cmdline-opts/post301.md b/libs/curl/docs/cmdline-opts/post301.md new file mode 100644 index 00000000..d9506f7d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/post301.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: post301 +Help: Do not switch to GET after a 301 redirect +Protocols: HTTP +Added: 7.17.1 +Category: http post +Multi: boolean +See-also: + - post302 + - post303 + - location +Example: + - --post301 --location -d "data" $URL +--- + +# `--post301` + +Respect RFC 7231/6.4.2 and do not convert POST requests into GET requests when +following a 301 redirect. The non-RFC behavior is ubiquitous in web browsers, +so curl does the conversion by default to maintain consistency. However, a +server may require a POST to remain a POST after such a redirection. This +option is meaningful only when using --location. diff --git a/libs/curl/docs/cmdline-opts/post302.d b/libs/curl/docs/cmdline-opts/post302.d deleted file mode 100644 index 2c6d4b61..00000000 --- a/libs/curl/docs/cmdline-opts/post302.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: post302 -Help: Do not switch to GET after following a 302 -Protocols: HTTP -See-also: post301 post303 location -Added: 7.19.1 -Category: http post -Example: --post302 --location -d "data" $URL ---- -Tells curl to respect RFC 7231/6.4.3 and not convert POST requests into GET -requests when following a 302 redirection. The non-RFC behavior is ubiquitous -in web browsers, so curl does the conversion by default to maintain -consistency. However, a server may require a POST to remain a POST after such -a redirection. This option is meaningful only when using --location. diff --git a/libs/curl/docs/cmdline-opts/post302.md b/libs/curl/docs/cmdline-opts/post302.md new file mode 100644 index 00000000..9b2c2f65 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/post302.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: post302 +Help: Do not switch to GET after a 302 redirect +Protocols: HTTP +Added: 7.19.1 +Category: http post +Multi: boolean +See-also: + - post301 + - post303 + - location +Example: + - --post302 --location -d "data" $URL +--- + +# `--post302` + +Respect RFC 7231/6.4.3 and do not convert POST requests into GET requests when +following a 302 redirect. The non-RFC behavior is ubiquitous in web browsers, +so curl does the conversion by default to maintain consistency. However, a +server may require a POST to remain a POST after such a redirection. This +option is meaningful only when using --location. diff --git a/libs/curl/docs/cmdline-opts/post303.d b/libs/curl/docs/cmdline-opts/post303.d deleted file mode 100644 index a2fec18c..00000000 --- a/libs/curl/docs/cmdline-opts/post303.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: post303 -Help: Do not switch to GET after following a 303 -Protocols: HTTP -See-also: post302 post301 location -Added: 7.26.0 -Category: http post -Example: --post303 --location -d "data" $URL ---- -Tells curl to violate RFC 7231/6.4.4 and not convert POST requests into GET -requests when following 303 redirections. A server may require a POST to -remain a POST after a 303 redirection. This option is meaningful only when -using --location. diff --git a/libs/curl/docs/cmdline-opts/post303.md b/libs/curl/docs/cmdline-opts/post303.md new file mode 100644 index 00000000..63dc0d79 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/post303.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: post303 +Help: Do not switch to GET after a 303 redirect +Protocols: HTTP +Added: 7.26.0 +Category: http post +Multi: boolean +See-also: + - post302 + - post301 + - location +Example: + - --post303 --location -d "data" $URL +--- + +# `--post303` + +Violate RFC 7231/6.4.4 and do not convert POST requests into GET requests when +following 303 redirect. A server may require a POST to remain a POST after a +303 redirection. This option is meaningful only when using --location. diff --git a/libs/curl/docs/cmdline-opts/preproxy.d b/libs/curl/docs/cmdline-opts/preproxy.d deleted file mode 100644 index e5dfb7f9..00000000 --- a/libs/curl/docs/cmdline-opts/preproxy.d +++ /dev/null @@ -1,25 +0,0 @@ -Long: preproxy -Arg: [protocol://]host[:port] -Help: Use this proxy first -Added: 7.52.0 -Category: proxy -Example: --preproxy socks5://proxy.example -x http://http.example $URL -See-also: proxy socks5 ---- -Use the specified SOCKS proxy before connecting to an HTTP or HTTPS --proxy. In -such a case curl first connects to the SOCKS proxy and then connects (through -SOCKS) to the HTTP or HTTPS proxy. Hence pre proxy. - -The pre proxy string should be specified with a protocol:// prefix to specify -alternative proxy protocols. Use socks4://, socks4a://, socks5:// or -socks5h:// to request the specific SOCKS version to be used. No protocol -specified will make curl default to SOCKS4. - -If the port number is not specified in the proxy string, it is assumed to be -1080. - -User and password that might be provided in the proxy string are URL decoded -by curl. This allows you to pass in special characters such as @ by using %40 -or pass in a colon with %3a. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/preproxy.md b/libs/curl/docs/cmdline-opts/preproxy.md new file mode 100644 index 00000000..dabccfc5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/preproxy.md @@ -0,0 +1,33 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: preproxy +Arg: [protocol://]host[:port] +Help: Use this proxy first +Added: 7.52.0 +Category: proxy +Multi: single +See-also: + - proxy + - socks5 +Example: + - --preproxy socks5://proxy.example -x http://http.example $URL +--- + +# `--preproxy` + +Use the specified SOCKS proxy before connecting to an HTTP or HTTPS --proxy. In +such a case curl first connects to the SOCKS proxy and then connects (through +SOCKS) to the HTTP or HTTPS proxy. Hence pre proxy. + +The pre proxy string should be specified with a protocol:// prefix to specify +alternative proxy protocols. Use socks4://, socks4a://, socks5:// or +socks5h:// to request the specific SOCKS version to be used. No protocol +specified makes curl default to SOCKS4. + +If the port number is not specified in the proxy string, it is assumed to be +1080. + +User and password that might be provided in the proxy string are URL decoded +by curl. This allows you to pass in special characters such as @ by using %40 +or pass in a colon with %3a. diff --git a/libs/curl/docs/cmdline-opts/progress-bar.d b/libs/curl/docs/cmdline-opts/progress-bar.d deleted file mode 100644 index 549acb9b..00000000 --- a/libs/curl/docs/cmdline-opts/progress-bar.d +++ /dev/null @@ -1,19 +0,0 @@ -Short: # -Long: progress-bar -Help: Display transfer progress as a bar -Category: verbose -Example: -# -O $URL -Added: 5.10 -See-also: styled-output ---- -Make curl display transfer progress as a simple progress bar instead of the -standard, more informational, meter. - -This progress bar draws a single line of '#' characters across the screen and -shows a percentage if the transfer size is known. For transfers without a -known size, there will be space ship (-=o=-) that moves back and forth but -only while data is being transferred, with a set of flying hash sign symbols on -top. - -This option is global and does not need to be specified for each use of ---next. diff --git a/libs/curl/docs/cmdline-opts/progress-bar.md b/libs/curl/docs/cmdline-opts/progress-bar.md new file mode 100644 index 00000000..6f08d7f7 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/progress-bar.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: # +Long: progress-bar +Help: Display transfer progress as a bar +Category: verbose global +Added: 5.10 +Multi: boolean +Scope: global +See-also: + - styled-output +Example: + - -# -O $URL +--- + +# `--progress-bar` + +Make curl display transfer progress as a simple progress bar instead of the +standard, more informational, meter. + +This progress bar draws a single line of '#' characters across the screen and +shows a percentage if the transfer size is known. For transfers without a +known size, there is a space ship (-=o=-) that moves back and forth but only +while data is being transferred, with a set of flying hash sign symbols on +top. diff --git a/libs/curl/docs/cmdline-opts/proto-default.d b/libs/curl/docs/cmdline-opts/proto-default.d deleted file mode 100644 index 86c59f5c..00000000 --- a/libs/curl/docs/cmdline-opts/proto-default.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: proto-default -Help: Use PROTOCOL for any URL missing a scheme -Arg: -Added: 7.45.0 -Category: connection curl -Example: --proto-default https ftp.example.com -See-also: proto proto-redir ---- -Tells curl to use *protocol* for any URL missing a scheme name. - -An unknown or unsupported protocol causes error -*CURLE_UNSUPPORTED_PROTOCOL* (1). - -This option does not change the default proxy protocol (http). - -Without this option set, curl guesses protocol based on the host name, see ---url for details. diff --git a/libs/curl/docs/cmdline-opts/proto-default.md b/libs/curl/docs/cmdline-opts/proto-default.md new file mode 100644 index 00000000..209e5cdc --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proto-default.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proto-default +Help: Use PROTOCOL for any URL missing a scheme +Arg: +Added: 7.45.0 +Category: connection curl +Multi: single +See-also: + - proto + - proto-redir +Example: + - --proto-default https ftp.example.com +--- + +# `--proto-default` + +Use *protocol* for any provided URL missing a scheme. + +An unknown or unsupported protocol causes error *CURLE_UNSUPPORTED_PROTOCOL*. + +This option does not change the default proxy protocol (http). + +Without this option set, curl guesses protocol based on the hostname, see +--url for details. diff --git a/libs/curl/docs/cmdline-opts/proto-redir.d b/libs/curl/docs/cmdline-opts/proto-redir.d deleted file mode 100644 index d8cd296f..00000000 --- a/libs/curl/docs/cmdline-opts/proto-redir.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: proto-redir -Arg: -Help: Enable/disable PROTOCOLS on redirect -Added: 7.20.2 -Category: connection curl -Example: --proto-redir =http,https $URL -See-also: proto ---- -Tells curl to limit what protocols it may use on redirect. Protocols denied by ---proto are not overridden by this option. See --proto for how protocols are -represented. - -Example, allow only HTTP and HTTPS on redirect: - - curl --proto-redir -all,http,https http://example.com - -By default curl will only allow HTTP, HTTPS, FTP and FTPS on redirect (since -7.65.2). Specifying *all* or *+all* enables all protocols on redirects, which -is not good for security. diff --git a/libs/curl/docs/cmdline-opts/proto-redir.md b/libs/curl/docs/cmdline-opts/proto-redir.md new file mode 100644 index 00000000..9332f3f0 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proto-redir.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proto-redir +Arg: +Help: Enable/disable PROTOCOLS on redirect +Added: 7.20.2 +Category: connection curl +Multi: single +See-also: + - proto +Example: + - --proto-redir =http,https $URL +--- + +# `--proto-redir` + +Limit what protocols to allow on redirects. Protocols denied by --proto are +not overridden by this option. See --proto for how protocols are represented. + +Example, allow only HTTP and HTTPS on redirect: + + curl --proto-redir -all,http,https http://example.com + +By default curl only allows HTTP, HTTPS, FTP and FTPS on redirects +(added in 7.65.2). Specifying *all* or *+all* enables all protocols on +redirects, which is not good for security. diff --git a/libs/curl/docs/cmdline-opts/proto.d b/libs/curl/docs/cmdline-opts/proto.d deleted file mode 100644 index 6ff52c41..00000000 --- a/libs/curl/docs/cmdline-opts/proto.d +++ /dev/null @@ -1,45 +0,0 @@ -Long: proto -Arg: -Help: Enable/disable PROTOCOLS -See-also: proto-redir proto-default -Added: 7.20.2 -Category: connection curl -Example: --proto =http,https,sftp $URL ---- -Tells curl to limit what protocols it may use for transfers. Protocols are -evaluated left to right, are comma separated, and are each a protocol name or -\&'all', optionally prefixed by zero or more modifiers. Available modifiers are: -.RS -.TP 3 -.B + -Permit this protocol in addition to protocols already permitted (this is -the default if no modifier is used). -.TP -.B - -Deny this protocol, removing it from the list of protocols already permitted. -.TP -.B = -Permit only this protocol (ignoring the list already permitted), though -subject to later modification by subsequent entries in the comma separated -list. -.RE -.IP -For example: -.RS -.TP 15 -.B --proto -ftps -uses the default protocols, but disables ftps -.TP -.B --proto -all,https,+http -only enables http and https -.TP -.B --proto =http,https -also only enables http and https -.RE -.IP -Unknown protocols produce a warning. This allows scripts to safely rely on -being able to disable potentially dangerous protocols, without relying upon -support for that protocol being built into curl to avoid an error. - -This option can be used multiple times, in which case the effect is the same -as concatenating the protocols into one instance of the option. diff --git a/libs/curl/docs/cmdline-opts/proto.md b/libs/curl/docs/cmdline-opts/proto.md new file mode 100644 index 00000000..704c6493 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proto.md @@ -0,0 +1,48 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proto +Arg: +Help: Enable/disable PROTOCOLS +Added: 7.20.2 +Category: connection curl +Multi: single +See-also: + - proto-redir + - proto-default +Example: + - --proto =http,https,sftp $URL +--- + +# `--proto` + +Limit what protocols to allow for transfers. Protocols are evaluated left to +right, are comma separated, and are each a protocol name or 'all', optionally +prefixed by zero or more modifiers. Available modifiers are: + +## + +Permit this protocol in addition to protocols already permitted (this is +the default if no modifier is used). + +## - +Deny this protocol, removing it from the list of protocols already permitted. + +## = +Permit only this protocol (ignoring the list already permitted), though +subject to later modification by subsequent entries in the comma separated +list. + +## + +For example: --proto -ftps uses the default protocols, but disables ftps + +--proto -all,https,+http only enables http and https + +--proto =http,https also only enables http and https + +Unknown and disabled protocols produce a warning. This allows scripts to +safely rely on being able to disable potentially dangerous protocols, without +relying upon support for that protocol being built into curl to avoid an error. + +This option can be used multiple times, in which case the effect is the same +as concatenating the protocols into one instance of the option. diff --git a/libs/curl/docs/cmdline-opts/proxy-anyauth.d b/libs/curl/docs/cmdline-opts/proxy-anyauth.d deleted file mode 100644 index 80f2b970..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-anyauth.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-anyauth -Help: Pick any proxy authentication method -Added: 7.13.2 -See-also: proxy proxy-basic proxy-digest -Category: proxy auth -Example: --proxy-anyauth --proxy-user user:passwd -x proxy $URL ---- -Tells curl to pick a suitable authentication method when communicating with -the given HTTP proxy. This might cause an extra request/response round-trip. diff --git a/libs/curl/docs/cmdline-opts/proxy-anyauth.md b/libs/curl/docs/cmdline-opts/proxy-anyauth.md new file mode 100644 index 00000000..78e67ee7 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-anyauth.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-anyauth +Help: Pick any proxy authentication method +Added: 7.13.2 +Category: proxy auth +Multi: mutex +See-also: + - proxy + - proxy-basic + - proxy-digest +Example: + - --proxy-anyauth --proxy-user user:passwd -x proxy $URL +--- + +# `--proxy-anyauth` + +Automatically pick a suitable authentication method when communicating with +the given HTTP proxy. This might cause an extra request/response round-trip. diff --git a/libs/curl/docs/cmdline-opts/proxy-basic.d b/libs/curl/docs/cmdline-opts/proxy-basic.d deleted file mode 100644 index c651badc..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-basic.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: proxy-basic -Help: Use Basic authentication on the proxy -See-also: proxy proxy-anyauth proxy-digest -Category: proxy auth -Example: --proxy-basic --proxy-user user:passwd -x proxy $URL -Added: 7.12.0 ---- -Tells curl to use HTTP Basic authentication when communicating with the given -proxy. Use --basic for enabling HTTP Basic with a remote host. Basic is the -default authentication method curl uses with proxies. diff --git a/libs/curl/docs/cmdline-opts/proxy-basic.md b/libs/curl/docs/cmdline-opts/proxy-basic.md new file mode 100644 index 00000000..2fae3d5b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-basic.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-basic +Help: Use Basic authentication on the proxy +Category: proxy auth +Added: 7.12.0 +Multi: mutex +See-also: + - proxy + - proxy-anyauth + - proxy-digest +Example: + - --proxy-basic --proxy-user user:passwd -x proxy $URL +--- + +# `--proxy-basic` + +Use HTTP Basic authentication when communicating with the given proxy. Use +--basic for enabling HTTP Basic with a remote host. Basic is the default +authentication method curl uses with proxies. diff --git a/libs/curl/docs/cmdline-opts/proxy-ca-native.md b/libs/curl/docs/cmdline-opts/proxy-ca-native.md new file mode 100644 index 00000000..fd78f12f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-ca-native.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ca-native +Help: Load CA certs from the OS to verify proxy +Protocols: TLS +Category: tls +Added: 8.2.0 +Multi: boolean +See-also: + - cacert + - capath + - insecure +Example: + - --proxy-ca-native $URL +--- + +# `--proxy-ca-native` + +Use the CA store from the native operating system to verify the HTTPS proxy. +By default, curl uses a CA store provided in a single file or directory, but +when using this option it interfaces the operating system's own vault. + +This option works for curl on Windows when built to use OpenSSL, wolfSSL +(added in 8.3.0) or GnuTLS (added in 8.5.0). When curl on Windows is built to +use Schannel, this feature is implied and curl then only uses the native CA +store. diff --git a/libs/curl/docs/cmdline-opts/proxy-cacert.d b/libs/curl/docs/cmdline-opts/proxy-cacert.d deleted file mode 100644 index 5c329447..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-cacert.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-cacert -Help: CA certificate to verify peer against for proxy -Arg: -Added: 7.52.0 -See-also: proxy-capath cacert capath proxy -Category: proxy tls -Example: --proxy-cacert CA-file.txt -x https://proxy $URL ---- -Same as --cacert but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-cacert.md b/libs/curl/docs/cmdline-opts/proxy-cacert.md new file mode 100644 index 00000000..189ed390 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-cacert.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-cacert +Help: CA certificates to verify proxy against +Arg: +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - proxy-capath + - cacert + - capath + - proxy +Example: + - --proxy-cacert CA-file.txt -x https://proxy $URL +--- + +# `--proxy-cacert` + +Use the specified certificate file to verify the HTTPS proxy. The file may +contain multiple CA certificates. The certificate(s) must be in PEM format. + +This allows you to use a different trust for the proxy compared to the remote +server connected to via the proxy. + +Equivalent to --cacert but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-capath.d b/libs/curl/docs/cmdline-opts/proxy-capath.d deleted file mode 100644 index 0429984f..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-capath.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-capath -Help: CA directory to verify peer against for proxy -Arg: -Added: 7.52.0 -See-also: proxy-cacert proxy capath -Category: proxy tls -Example: --proxy-capath /local/directory -x https://proxy $URL ---- -Same as --capath but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-capath.md b/libs/curl/docs/cmdline-opts/proxy-capath.md new file mode 100644 index 00000000..bc2c7b56 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-capath.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-capath +Help: CA directory to verify proxy against +Arg: +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - proxy-cacert + - proxy + - capath +Example: + - --proxy-capath /local/directory -x https://proxy $URL +--- + +# `--proxy-capath` + +Same as --capath but used in HTTPS proxy context. + +Use the specified certificate directory to verify the proxy. Multiple paths +can be provided by separated with colon (`:`) (e.g. `path1:path2:path3`). The +certificates must be in PEM format, and if curl is built against OpenSSL, the +directory must have been processed using the c_rehash utility supplied with +OpenSSL. Using --proxy-capath can allow OpenSSL-powered curl to make +SSL-connections much more efficiently than using --proxy-cacert if the +--proxy-cacert file contains many CA certificates. + +If this option is set, the default capath value is ignored. diff --git a/libs/curl/docs/cmdline-opts/proxy-cert-type.d b/libs/curl/docs/cmdline-opts/proxy-cert-type.d deleted file mode 100644 index 9e09fdbb..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-cert-type.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-cert-type -Arg: -Added: 7.52.0 -Help: Client certificate type for HTTPS proxy -Category: proxy tls -Example: --proxy-cert-type PEM --proxy-cert file -x https://proxy $URL -See-also: proxy-cert ---- -Same as --cert-type but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-cert-type.md b/libs/curl/docs/cmdline-opts/proxy-cert-type.md new file mode 100644 index 00000000..c2e8ed1e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-cert-type.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-cert-type +Arg: +Added: 7.52.0 +Help: Client certificate type for HTTPS proxy +Category: proxy tls +Multi: single +See-also: + - proxy-cert + - proxy-key +Example: + - --proxy-cert-type PEM --proxy-cert file -x https://proxy $URL +--- + +# `--proxy-cert-type` + +Set type of the provided client certificate when using HTTPS proxy. PEM, DER, +ENG and P12 are recognized types. + +The default type depends on the TLS backend and is usually PEM, however for +Secure Transport and Schannel it is P12. If --proxy-cert is a pkcs11: URI then +ENG is the default type. + +Equivalent to --cert-type but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-cert.d b/libs/curl/docs/cmdline-opts/proxy-cert.d deleted file mode 100644 index 5eae2a54..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-cert.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-cert -Arg: -Help: Set client certificate for proxy -Added: 7.52.0 -Category: proxy tls -Example: --proxy-cert file -x https://proxy $URL -See-also: proxy-cert-type ---- -Same as --cert but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-cert.md b/libs/curl/docs/cmdline-opts/proxy-cert.md new file mode 100644 index 00000000..a588329d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-cert.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-cert +Arg: +Help: Set client certificate for proxy +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - proxy + - proxy-key + - proxy-cert-type +Example: + - --proxy-cert file -x https://proxy $URL +--- + +# `--proxy-cert` + +Use the specified client certificate file when communicating with an HTTPS +proxy. The certificate must be in PKCS#12 format if using Secure Transport, or +PEM format if using any other engine. If the optional password is not +specified, it is queried for on the terminal. Use --proxy-key to provide the +private key. + +This option is the equivalent to --cert but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-ciphers.d b/libs/curl/docs/cmdline-opts/proxy-ciphers.d deleted file mode 100644 index aefcc92c..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-ciphers.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-ciphers -Arg: -Help: SSL ciphers to use for proxy -Added: 7.52.0 -Category: proxy tls -Example: --proxy-ciphers ECDHE-ECDSA-AES256-CCM8 -x https://proxy $URL -See-also: ciphers curves proxy ---- -Same as --ciphers but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-ciphers.md b/libs/curl/docs/cmdline-opts/proxy-ciphers.md new file mode 100644 index 00000000..065d4495 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-ciphers.md @@ -0,0 +1,26 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ciphers +Arg: +Help: SSL ciphers to use for proxy +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - ciphers + - curves + - proxy +Example: + - --proxy-ciphers ECDHE-ECDSA-AES256-CCM8 -x https://proxy $URL +--- + +# `--proxy-ciphers` + +Same as --ciphers but used in HTTPS proxy context. + +Specifies which ciphers to use in the connection to the HTTPS proxy. The list +of ciphers must specify valid ciphers. Read up on SSL cipher list details on +this URL: + +https://curl.se/docs/ssl-ciphers.html diff --git a/libs/curl/docs/cmdline-opts/proxy-crlfile.d b/libs/curl/docs/cmdline-opts/proxy-crlfile.d deleted file mode 100644 index 3dd01807..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-crlfile.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-crlfile -Arg: -Help: Set a CRL list for proxy -Added: 7.52.0 -Category: proxy tls -Example: --proxy-crlfile rejects.txt -x https://proxy $URL -See-also: crlfile proxy ---- -Same as --crlfile but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-crlfile.md b/libs/curl/docs/cmdline-opts/proxy-crlfile.md new file mode 100644 index 00000000..726e4495 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-crlfile.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-crlfile +Arg: +Help: Set a CRL list for proxy +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - crlfile + - proxy +Example: + - --proxy-crlfile rejects.txt -x https://proxy $URL +--- + +# `--proxy-crlfile` + +Provide filename for a PEM formatted file with a Certificate Revocation List +that specifies peer certificates that are considered revoked when +communicating with an HTTPS proxy. + +Equivalent to --crlfile but only used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-digest.d b/libs/curl/docs/cmdline-opts/proxy-digest.d deleted file mode 100644 index 9677e92c..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-digest.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-digest -Help: Use Digest authentication on the proxy -See-also: proxy proxy-anyauth proxy-basic -Category: proxy tls -Example: --proxy-digest --proxy-user user:passwd -x proxy $URL -Added: 7.12.0 ---- -Tells curl to use HTTP Digest authentication when communicating with the given -proxy. Use --digest for enabling HTTP Digest with a remote host. diff --git a/libs/curl/docs/cmdline-opts/proxy-digest.md b/libs/curl/docs/cmdline-opts/proxy-digest.md new file mode 100644 index 00000000..77b88d7e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-digest.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-digest +Help: Digest auth with the proxy +Category: proxy tls +Added: 7.12.0 +Multi: mutex +See-also: + - proxy + - proxy-anyauth + - proxy-basic +Example: + - --proxy-digest --proxy-user user:passwd -x proxy $URL +--- + +# `--proxy-digest` + +Use HTTP Digest authentication when communicating with the given proxy. Use +--digest for enabling HTTP Digest with a remote host. diff --git a/libs/curl/docs/cmdline-opts/proxy-header.d b/libs/curl/docs/cmdline-opts/proxy-header.d deleted file mode 100644 index 8ea20938..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-header.d +++ /dev/null @@ -1,29 +0,0 @@ -Long: proxy-header -Arg:
-Help: Pass custom header(s) to proxy -Protocols: HTTP -Added: 7.37.0 -Category: proxy -Example: --proxy-header "X-First-Name: Joe" -x http://proxy $URL -Example: --proxy-header "User-Agent: surprise" -x http://proxy $URL -Example: --proxy-header "Host:" -x http://proxy $URL -See-also: proxy ---- -Extra header to include in the request when sending HTTP to a proxy. You may -specify any number of extra headers. This is the equivalent option to --header -but is for proxy communication only like in CONNECT requests when you want a -separate header sent to the proxy to what is sent to the actual remote host. - -curl will make sure that each header you add/replace is sent with the proper -end-of-line marker, you should thus **not** add that as a part of the header -content: do not add newlines or carriage returns, they will only mess things -up for you. - -Headers specified with this option will not be included in requests that curl -knows will not be sent to a proxy. - -Starting in 7.55.0, this option can take an argument in @filename style, which -then adds a header for each line in the input file. Using @- will make curl -read the header file from stdin. - -This option can be used multiple times to add/replace/remove multiple headers. diff --git a/libs/curl/docs/cmdline-opts/proxy-header.md b/libs/curl/docs/cmdline-opts/proxy-header.md new file mode 100644 index 00000000..0361fdff --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-header.md @@ -0,0 +1,38 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-header +Arg:
+Help: Pass custom header(s) to proxy +Protocols: HTTP +Added: 7.37.0 +Category: proxy +Multi: append +See-also: + - proxy +Example: + - --proxy-header "X-First-Name: Joe" -x http://proxy $URL + - --proxy-header "User-Agent: surprise" -x http://proxy $URL + - --proxy-header "Host:" -x http://proxy $URL +--- + +# `--proxy-header` + +Extra header to include in the request when sending HTTP to a proxy. You may +specify any number of extra headers. This is the equivalent option to --header +but is for proxy communication only like in CONNECT requests when you want a +separate header sent to the proxy to what is sent to the actual remote host. + +curl makes sure that each header you add/replace is sent with the proper +end-of-line marker, you should thus **not** add that as a part of the header +content: do not add newlines or carriage returns, they only mess things up for +you. + +Headers specified with this option are not included in requests that curl +knows are not be sent to a proxy. + +This option can take an argument in @filename style, which then adds a header +for each line in the input file (added in 7.55.0). Using @- makes curl read +the headers from stdin. + +This option can be used multiple times to add/replace/remove multiple headers. diff --git a/libs/curl/docs/cmdline-opts/proxy-http2.md b/libs/curl/docs/cmdline-opts/proxy-http2.md new file mode 100644 index 00000000..ca6a091f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-http2.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-http2 +Tags: Versions HTTP/2 +Protocols: HTTP +Added: 8.1.0 +Mutexed: +Requires: HTTP/2 +Help: Use HTTP/2 with HTTPS proxy +Category: http proxy +Multi: boolean +See-also: + - proxy +Example: + - --proxy-http2 -x proxy $URL +--- + +# `--proxy-http2` + +Negotiate HTTP/2 with an HTTPS proxy. The proxy might still only offer HTTP/1 +and then curl sticks to using that version. + +This has no effect for any other kinds of proxies. diff --git a/libs/curl/docs/cmdline-opts/proxy-insecure.d b/libs/curl/docs/cmdline-opts/proxy-insecure.d deleted file mode 100644 index 738d4228..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-insecure.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: proxy-insecure -Help: Do HTTPS proxy connections without verifying the proxy -Added: 7.52.0 -Category: proxy tls -Example: --proxy-insecure -x https://proxy $URL -See-also: proxy insecure ---- -Same as --insecure but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-insecure.md b/libs/curl/docs/cmdline-opts/proxy-insecure.md new file mode 100644 index 00000000..5796c362 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-insecure.md @@ -0,0 +1,30 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-insecure +Help: Skip HTTPS proxy cert verification +Added: 7.52.0 +Category: proxy tls +Multi: boolean +See-also: + - proxy + - insecure +Example: + - --proxy-insecure -x https://proxy $URL +--- + +# `--proxy-insecure` + +Same as --insecure but used in HTTPS proxy context. + +Every secure connection curl makes is verified to be secure before the +transfer takes place. This option makes curl skip the verification step with a +proxy and proceed without checking. + +When this option is not used for a proxy using HTTPS, curl verifies the +proxy's TLS certificate before it continues: that the certificate contains the +right name which matches the hostname and that the certificate has been signed +by a CA certificate present in the cert store. See this online resource for +further details: **https://curl.se/docs/sslcerts.html** + +**WARNING**: using this option makes the transfer to the proxy insecure. diff --git a/libs/curl/docs/cmdline-opts/proxy-key-type.d b/libs/curl/docs/cmdline-opts/proxy-key-type.d deleted file mode 100644 index 0194ba67..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-key-type.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-key-type -Arg: -Help: Private key file type for proxy -Added: 7.52.0 -Category: proxy tls -Example: --proxy-key-type DER --proxy-key here -x https://proxy $URL -See-also: proxy-key proxy ---- -Same as --key-type but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-key-type.md b/libs/curl/docs/cmdline-opts/proxy-key-type.md new file mode 100644 index 00000000..587c13c5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-key-type.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-key-type +Arg: +Help: Private key file type for proxy +Added: 7.52.0 +Category: proxy tls +Multi: single +See-also: + - proxy-key + - proxy +Example: + - --proxy-key-type DER --proxy-key here -x https://proxy $URL +--- + +# `--proxy-key-type` + +Specify the private key file type your --proxy-key provided private key uses. +DER, PEM, and ENG are supported. If not specified, PEM is assumed. + +Equivalent to --key-type but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-key.d b/libs/curl/docs/cmdline-opts/proxy-key.d deleted file mode 100644 index bf6868a4..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-key.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-key -Help: Private key for HTTPS proxy -Arg: -Category: proxy tls -Example: --proxy-key here -x https://proxy $URL -Added: 7.52.0 -See-also: proxy-key-type proxy ---- -Same as --key but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-key.md b/libs/curl/docs/cmdline-opts/proxy-key.md new file mode 100644 index 00000000..7caa636e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-key.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-key +Help: Private key for HTTPS proxy +Arg: +Category: proxy tls +Added: 7.52.0 +Multi: single +See-also: + - proxy-key-type + - proxy +Example: + - --proxy-key here -x https://proxy $URL +--- + +# `--proxy-key` + +Specify the filename for your private key when using client certificates with +your HTTPS proxy. This option is the equivalent to --key but used in HTTPS +proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-negotiate.d b/libs/curl/docs/cmdline-opts/proxy-negotiate.d deleted file mode 100644 index 5085a7cb..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-negotiate.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: proxy-negotiate -Help: Use HTTP Negotiate (SPNEGO) authentication on the proxy -Added: 7.17.1 -See-also: proxy-anyauth proxy-basic -Category: proxy auth -Example: --proxy-negotiate --proxy-user user:passwd -x proxy $URL ---- -Tells curl to use HTTP Negotiate (SPNEGO) authentication when communicating -with the given proxy. Use --negotiate for enabling HTTP Negotiate (SPNEGO) -with a remote host. diff --git a/libs/curl/docs/cmdline-opts/proxy-negotiate.md b/libs/curl/docs/cmdline-opts/proxy-negotiate.md new file mode 100644 index 00000000..0285155c --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-negotiate.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-negotiate +Help: HTTP Negotiate (SPNEGO) auth with the proxy +Added: 7.17.1 +Category: proxy auth +Multi: mutex +See-also: + - proxy-anyauth + - proxy-basic + - proxy-service-name +Example: + - --proxy-negotiate --proxy-user user:passwd -x proxy $URL +--- + +# `--proxy-negotiate` + +Use HTTP Negotiate (SPNEGO) authentication when communicating with the given +proxy. Use --negotiate for enabling HTTP Negotiate (SPNEGO) with a remote +host. diff --git a/libs/curl/docs/cmdline-opts/proxy-ntlm.d b/libs/curl/docs/cmdline-opts/proxy-ntlm.d deleted file mode 100644 index 03d2d179..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-ntlm.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-ntlm -Help: Use NTLM authentication on the proxy -See-also: proxy-negotiate proxy-anyauth -Category: proxy auth -Example: --proxy-ntlm --proxy-user user:passwd -x http://proxy $URL -Added: 7.10.7 ---- -Tells curl to use HTTP NTLM authentication when communicating with the given -proxy. Use --ntlm for enabling NTLM with a remote host. diff --git a/libs/curl/docs/cmdline-opts/proxy-ntlm.md b/libs/curl/docs/cmdline-opts/proxy-ntlm.md new file mode 100644 index 00000000..e403f98e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-ntlm.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ntlm +Help: NTLM authentication with the proxy +Category: proxy auth +Added: 7.10.7 +Multi: mutex +See-also: + - proxy-negotiate + - proxy-anyauth + - proxy-user +Example: + - --proxy-ntlm --proxy-user user:passwd -x http://proxy $URL +--- + +# `--proxy-ntlm` + +Use HTTP NTLM authentication when communicating with the given proxy. Use +--ntlm for enabling NTLM with a remote host. diff --git a/libs/curl/docs/cmdline-opts/proxy-pass.d b/libs/curl/docs/cmdline-opts/proxy-pass.d deleted file mode 100644 index a513991d..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-pass.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-pass -Arg: -Help: Pass phrase for the private key for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth -Example: --proxy-pass secret --proxy-key here -x https://proxy $URL -See-also: proxy proxy-key ---- -Same as --pass but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-pass.md b/libs/curl/docs/cmdline-opts/proxy-pass.md new file mode 100644 index 00000000..88cefd54 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-pass.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-pass +Arg: +Help: Passphrase for private key for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: single +See-also: + - proxy + - proxy-key +Example: + - --proxy-pass secret --proxy-key here -x https://proxy $URL +--- + +# `--proxy-pass` + +Passphrase for the private key for HTTPS proxy client certificate. + +Equivalent to --pass but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-pinnedpubkey.d b/libs/curl/docs/cmdline-opts/proxy-pinnedpubkey.d deleted file mode 100644 index 4e168ef6..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-pinnedpubkey.d +++ /dev/null @@ -1,21 +0,0 @@ -Long: proxy-pinnedpubkey -Arg: -Help: FILE/HASHES public key to verify proxy with -Protocols: TLS -Category: proxy tls -Example: --proxy-pinnedpubkey keyfile $URL -Example: --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' $URL -Added: 7.59.0 -See-also: pinnedpubkey proxy ---- -Tells curl to use the specified public key file (or hashes) to verify the -proxy. This can be a path to a file which contains a single public key in PEM -or DER format, or any number of base64 encoded sha256 hashes preceded by -'sha256//' and separated by ';'. - -When negotiating a TLS or SSL connection, the server sends a certificate -indicating its identity. A public key is extracted from this certificate and -if it does not exactly match the public key provided to this option, curl will -abort the connection before sending or receiving any data. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/proxy-pinnedpubkey.md b/libs/curl/docs/cmdline-opts/proxy-pinnedpubkey.md new file mode 100644 index 00000000..6f0b52d3 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-pinnedpubkey.md @@ -0,0 +1,29 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-pinnedpubkey +Arg: +Help: FILE/HASHES public key to verify proxy with +Protocols: TLS +Category: proxy tls +Added: 7.59.0 +Multi: single +See-also: + - pinnedpubkey + - proxy +Example: + - --proxy-pinnedpubkey keyfile $URL + - --proxy-pinnedpubkey 'sha256//ce118b51897f4452dc' $URL +--- + +# `--proxy-pinnedpubkey` + +Use the specified public key file (or hashes) to verify the proxy. This can be +a path to a file which contains a single public key in PEM or DER format, or +any number of base64 encoded sha256 hashes preceded by 'sha256//' and +separated by ';'. + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl +aborts the connection before sending or receiving any data. diff --git a/libs/curl/docs/cmdline-opts/proxy-service-name.d b/libs/curl/docs/cmdline-opts/proxy-service-name.d deleted file mode 100644 index 230b802d..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-service-name.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-service-name -Arg: -Help: SPNEGO proxy service name -Added: 7.43.0 -Category: proxy tls -Example: --proxy-service-name "shrubbery" -x proxy $URL -See-also: service-name proxy ---- -This option allows you to change the service name for proxy negotiation. diff --git a/libs/curl/docs/cmdline-opts/proxy-service-name.md b/libs/curl/docs/cmdline-opts/proxy-service-name.md new file mode 100644 index 00000000..b3d665d8 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-service-name.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-service-name +Arg: +Help: SPNEGO proxy service name +Added: 7.43.0 +Category: proxy tls +Multi: single +See-also: + - service-name + - proxy + - proxy-negotiate +Example: + - --proxy-service-name "shrubbery" -x proxy $URL +--- + +# `--proxy-service-name` + +Set the service name for SPNEGO when doing proxy authentication. diff --git a/libs/curl/docs/cmdline-opts/proxy-ssl-allow-beast.d b/libs/curl/docs/cmdline-opts/proxy-ssl-allow-beast.d deleted file mode 100644 index d712429e..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-ssl-allow-beast.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: proxy-ssl-allow-beast -Help: Allow security flaw for interop for HTTPS proxy -Added: 7.52.0 -Category: proxy tls -Example: --proxy-ssl-allow-beast -x https://proxy $URL -See-also: ssl-allow-beast proxy ---- -Same as --ssl-allow-beast but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-ssl-allow-beast.md b/libs/curl/docs/cmdline-opts/proxy-ssl-allow-beast.md new file mode 100644 index 00000000..089038de --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-ssl-allow-beast.md @@ -0,0 +1,29 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ssl-allow-beast +Help: Allow this security flaw for HTTPS proxy +Added: 7.52.0 +Category: proxy tls +Multi: boolean +See-also: + - ssl-allow-beast + - proxy +Example: + - --proxy-ssl-allow-beast -x https://proxy $URL +--- + +# `--proxy-ssl-allow-beast` + +Do not work around a security flaw in the TLS1.0 protocol known as BEAST when +communicating to an HTTPS proxy. If this option is not used, the TLS layer may +use workarounds known to cause interoperability problems with some older +server implementations. + +This option only changes how curl does TLS 1.0 with an HTTPS proxy and has no +effect on later TLS versions. + +**WARNING**: this option loosens the TLS security, and by using this flag you +ask for exactly that. + +Equivalent to --ssl-allow-beast but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-ssl-auto-client-cert.d b/libs/curl/docs/cmdline-opts/proxy-ssl-auto-client-cert.d deleted file mode 100644 index 77eb5352..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-ssl-auto-client-cert.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: proxy-ssl-auto-client-cert -Help: Use auto client certificate for proxy (Schannel) -Added: 7.77.0 -Category: proxy tls -Example: --proxy-ssl-auto-client-cert -x https://proxy $URL -See-also: ssl-auto-client-cert proxy ---- -Same as --ssl-auto-client-cert but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-ssl-auto-client-cert.md b/libs/curl/docs/cmdline-opts/proxy-ssl-auto-client-cert.md new file mode 100644 index 00000000..578a7a64 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-ssl-auto-client-cert.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-ssl-auto-client-cert +Help: Auto client certificate for proxy +Added: 7.77.0 +Category: proxy tls +Multi: boolean +See-also: + - ssl-auto-client-cert + - proxy +Example: + - --proxy-ssl-auto-client-cert -x https://proxy $URL +--- + +# `--proxy-ssl-auto-client-cert` + +Same as --ssl-auto-client-cert but used in HTTPS proxy context. + +This is only supported by Schannel. diff --git a/libs/curl/docs/cmdline-opts/proxy-tls13-ciphers.d b/libs/curl/docs/cmdline-opts/proxy-tls13-ciphers.d deleted file mode 100644 index 5ec835c7..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-tls13-ciphers.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: proxy-tls13-ciphers -Arg: -help: TLS 1.3 proxy cipher suites -Protocols: TLS -Category: proxy tls -Example: --proxy-tls13-ciphers TLS_AES_128_GCM_SHA256 -x proxy $URL -Added: 7.61.0 -See-also: tls13-ciphers curves ---- -Specifies which cipher suites to use in the connection to your HTTPS proxy -when it negotiates TLS 1.3. The list of ciphers suites must specify valid -ciphers. Read up on TLS 1.3 cipher suite details on this URL: - - https://curl.se/docs/ssl-ciphers.html - -This option is currently used only when curl is built to use OpenSSL 1.1.1 or -later. If you are using a different SSL backend you can try setting TLS 1.3 -cipher suites by using the --proxy-ciphers option. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/proxy-tls13-ciphers.md b/libs/curl/docs/cmdline-opts/proxy-tls13-ciphers.md new file mode 100644 index 00000000..002fd0b0 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-tls13-ciphers.md @@ -0,0 +1,29 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tls13-ciphers +Arg: +help: TLS 1.3 proxy cipher suites +Protocols: TLS +Category: proxy tls +Added: 7.61.0 +Multi: single +See-also: + - tls13-ciphers + - curves + - proxy-ciphers +Example: + - --proxy-tls13-ciphers TLS_AES_128_GCM_SHA256 -x proxy $URL +--- + +# `--proxy-tls13-ciphers` + +Specify which cipher suites to use in the connection to your HTTPS proxy when +it negotiates TLS 1.3. The list of ciphers suites must specify valid ciphers. +Read up on TLS 1.3 cipher suite details on this URL: + +https://curl.se/docs/ssl-ciphers.html + +This option is currently used only when curl is built to use OpenSSL 1.1.1 or +later. If you are using a different SSL backend you can try setting TLS 1.3 +cipher suites by using the --proxy-ciphers option. diff --git a/libs/curl/docs/cmdline-opts/proxy-tlsauthtype.d b/libs/curl/docs/cmdline-opts/proxy-tlsauthtype.d deleted file mode 100644 index 4d58af5a..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-tlsauthtype.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-tlsauthtype -Arg: -Help: TLS authentication type for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth -Example: --proxy-tlsauthtype SRP -x https://proxy $URL -See-also: proxy proxy-tlsuser ---- -Same as --tlsauthtype but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-tlsauthtype.md b/libs/curl/docs/cmdline-opts/proxy-tlsauthtype.md new file mode 100644 index 00000000..684a7d55 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-tlsauthtype.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tlsauthtype +Arg: +Help: TLS authentication type for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: single +See-also: + - proxy + - proxy-tlsuser + - proxy-tlspassword +Example: + - --proxy-tlsauthtype SRP -x https://proxy $URL +--- + +# `--proxy-tlsauthtype` + +Set TLS authentication type with HTTPS proxy. The only supported option is +`SRP`, for TLS-SRP (RFC 5054). This option works only if the underlying +libcurl is built with TLS-SRP support. + +Equivalent to --tlsauthtype but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-tlspassword.d b/libs/curl/docs/cmdline-opts/proxy-tlspassword.d deleted file mode 100644 index 6b41ed3c..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-tlspassword.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-tlspassword -Arg: -Help: TLS password for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth -Example: --proxy-tlspassword passwd -x https://proxy $URL -See-also: proxy proxy-tlsuser ---- -Same as --tlspassword but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-tlspassword.md b/libs/curl/docs/cmdline-opts/proxy-tlspassword.md new file mode 100644 index 00000000..fe9ae7d2 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-tlspassword.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tlspassword +Arg: +Help: TLS password for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: single +See-also: + - proxy + - proxy-tlsuser +Example: + - --proxy-tlspassword passwd -x https://proxy $URL +--- + +# `--proxy-tlspassword` + +Set password to use with the TLS authentication method specified with +--proxy-tlsauthtype when using HTTPS proxy. Requires that --proxy-tlsuser is +set. + +This option does not work with TLS 1.3. + +Equivalent to --tlspassword but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-tlsuser.d b/libs/curl/docs/cmdline-opts/proxy-tlsuser.d deleted file mode 100644 index 8291ab26..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-tlsuser.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: proxy-tlsuser -Arg: -Help: TLS username for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth -Example: --proxy-tlsuser smith -x https://proxy $URL -See-also: proxy proxy-tlspassword ---- -Same as --tlsuser but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-tlsuser.md b/libs/curl/docs/cmdline-opts/proxy-tlsuser.md new file mode 100644 index 00000000..35177011 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-tlsuser.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tlsuser +Arg: +Help: TLS username for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: single +See-also: + - proxy + - proxy-tlspassword +Example: + - --proxy-tlsuser smith -x https://proxy $URL +--- + +# `--proxy-tlsuser` + +Set username for use for HTTPS proxy with the TLS authentication method +specified with --proxy-tlsauthtype. Requires that --proxy-tlspassword also is +set. + +This option does not work with TLS 1.3. diff --git a/libs/curl/docs/cmdline-opts/proxy-tlsv1.d b/libs/curl/docs/cmdline-opts/proxy-tlsv1.d deleted file mode 100644 index 7175e617..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-tlsv1.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: proxy-tlsv1 -Help: Use TLSv1 for HTTPS proxy -Added: 7.52.0 -Category: proxy tls auth -Example: --proxy-tlsv1 -x https://proxy $URL -See-also: proxy ---- -Same as --tlsv1 but used in HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-tlsv1.md b/libs/curl/docs/cmdline-opts/proxy-tlsv1.md new file mode 100644 index 00000000..7b322e3a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-tlsv1.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-tlsv1 +Help: TLSv1 for HTTPS proxy +Added: 7.52.0 +Category: proxy tls auth +Multi: mutex +See-also: + - proxy +Example: + - --proxy-tlsv1 -x https://proxy $URL +--- + +# `--proxy-tlsv1` + +Use at least TLS version 1.x when negotiating with an HTTPS proxy. That means +TLS version 1.0 or higher + +Equivalent to --tlsv1 but for an HTTPS proxy context. diff --git a/libs/curl/docs/cmdline-opts/proxy-user.d b/libs/curl/docs/cmdline-opts/proxy-user.d deleted file mode 100644 index 81ed55be..00000000 --- a/libs/curl/docs/cmdline-opts/proxy-user.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: proxy-user -Short: U -Arg: -Help: Proxy user and password -Category: proxy auth -Example: --proxy-user name:pwd -x proxy $URL -Added: 4.0 -See-also: proxy-pass ---- -Specify the user name and password to use for proxy authentication. - -If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM -authentication then you can tell curl to select the user name and password -from your environment by specifying a single colon with this option: "-U :". - -On systems where it works, curl will hide the given option argument from -process listings. This is not enough to protect credentials from possibly -getting seen by other users on the same system as they will still be visible -for a moment before cleared. Such sensitive data should be retrieved from a -file instead or similar and never used in clear text in a command line. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/proxy-user.md b/libs/curl/docs/cmdline-opts/proxy-user.md new file mode 100644 index 00000000..8ba19322 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy-user.md @@ -0,0 +1,29 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy-user +Short: U +Arg: +Help: Proxy user and password +Category: proxy auth +Added: 4.0 +Multi: single +See-also: + - proxy-pass +Example: + - --proxy-user smith:secret -x proxy $URL +--- + +# `--proxy-user` + +Specify the username and password to use for proxy authentication. + +If you use a Windows SSPI-enabled curl binary and do either Negotiate or NTLM +authentication then you can tell curl to select the username and password from +your environment by specifying a single colon with this option: "-U :". + +On systems where it works, curl hides the given option argument from process +listings. This is not enough to protect credentials from possibly getting seen +by other users on the same system as they still are visible for a moment +before cleared. Such sensitive data should be retrieved from a file instead or +similar and never used in clear text in a command line. diff --git a/libs/curl/docs/cmdline-opts/proxy.d b/libs/curl/docs/cmdline-opts/proxy.d deleted file mode 100644 index 60674b5f..00000000 --- a/libs/curl/docs/cmdline-opts/proxy.d +++ /dev/null @@ -1,43 +0,0 @@ -Long: proxy -Short: x -Arg: [protocol://]host[:port] -Help: Use this proxy -Category: proxy -Example: --proxy http://proxy.example $URL -Added: 4.0 -See-also: socks5 proxy-basic ---- -Use the specified proxy. - -The proxy string can be specified with a protocol:// prefix. No protocol -specified or http:// will be treated as HTTP proxy. Use socks4://, socks4a://, -socks5:// or socks5h:// to request a specific SOCKS version to be used. -(Added in 7.21.7) - -HTTPS proxy support via https:// protocol prefix was added in 7.52.0 for -OpenSSL, GnuTLS and NSS. - -Unrecognized and unsupported proxy protocols cause an error since 7.52.0. -Prior versions may ignore the protocol and use http:// instead. - -If the port number is not specified in the proxy string, it is assumed to be -1080. - -This option overrides existing environment variables that set the proxy to -use. If there's an environment variable setting a proxy, you can set proxy to -\&"" to override it. - -All operations that are performed over an HTTP proxy will transparently be -converted to HTTP. It means that certain protocol specific operations might -not be available. This is not the case if you can tunnel through the proxy, as -one with the --proxytunnel option. - -User and password that might be provided in the proxy string are URL decoded -by curl. This allows you to pass in special characters such as @ by using %40 -or pass in a colon with %3a. - -The proxy host can be specified the same way as the proxy environment -variables, including the protocol prefix (http://) and the embedded user + -password. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/proxy.md b/libs/curl/docs/cmdline-opts/proxy.md new file mode 100644 index 00000000..51f638c6 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy.md @@ -0,0 +1,58 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy +Short: x +Arg: [protocol://]host[:port] +Help: Use this proxy +Category: proxy +Added: 4.0 +Multi: single +See-also: + - socks5 + - proxy-basic +Example: + - --proxy http://proxy.example $URL +--- + +# `--proxy` + +Use the specified proxy. + +The proxy string can be specified with a protocol:// prefix. No protocol +specified or http:// it is treated as an HTTP proxy. Use socks4://, +socks4a://, socks5:// or socks5h:// to request a specific SOCKS version to be +used. (Added in 7.21.7) + +Unix domain sockets are supported for socks proxy. Set localhost for the host +part. e.g. socks5h://localhost/path/to/socket.sock + +HTTPS proxy support works set with the https:// protocol prefix for OpenSSL +and GnuTLS (added in 7.52.0). It also works for BearSSL, mbedTLS, rustls, +Schannel, Secure Transport and wolfSSL (added in 7.87.0). + +Unrecognized and unsupported proxy protocols cause an error (added in 7.52.0). +Ancient curl versions ignored unknown schemes and used http:// instead. + +If the port number is not specified in the proxy string, it is assumed to be +1080. + +This option overrides existing environment variables that set the proxy to +use. If there is an environment variable setting a proxy, you can set proxy to +"" to override it. + +All operations that are performed over an HTTP proxy are transparently +converted to HTTP. It means that certain protocol specific operations might +not be available. This is not the case if you can tunnel through the proxy, as +one with the --proxytunnel option. + +User and password that might be provided in the proxy string are URL decoded +by curl. This allows you to pass in special characters such as @ by using %40 +or pass in a colon with %3a. + +The proxy host can be specified the same way as the proxy environment +variables, including the protocol prefix (http://) and the embedded user + +password. + +When a proxy is used, the active FTP mode as set with --ftp-port, cannot be +used. diff --git a/libs/curl/docs/cmdline-opts/proxy1.0.d b/libs/curl/docs/cmdline-opts/proxy1.0.d deleted file mode 100644 index 65faf4b3..00000000 --- a/libs/curl/docs/cmdline-opts/proxy1.0.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: proxy1.0 -Arg: -Help: Use HTTP/1.0 proxy on given port -Category: proxy -Example: --proxy1.0 -x http://proxy $URL -Added: 7.19.4 -See-also: proxy socks5 preproxy ---- -Use the specified HTTP 1.0 proxy. If the port number is not specified, it is -assumed at port 1080. - -The only difference between this and the HTTP proxy option --proxy, is that -attempts to use CONNECT through the proxy will specify an HTTP 1.0 protocol -instead of the default HTTP 1.1. diff --git a/libs/curl/docs/cmdline-opts/proxy1.0.md b/libs/curl/docs/cmdline-opts/proxy1.0.md new file mode 100644 index 00000000..4d3203a0 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxy1.0.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxy1.0 +Arg: +Help: Use HTTP/1.0 proxy on given port +Category: proxy +Added: 7.19.4 +Multi: mutex +See-also: + - proxy + - socks5 + - preproxy +Example: + - --proxy1.0 http://proxy $URL +--- + +# `--proxy1.0` + +Use the specified HTTP 1.0 proxy. If the port number is not specified, it is +assumed at port 1080. + +The only difference between this and the HTTP proxy option --proxy, is that +attempts to use CONNECT through the proxy specifies an HTTP 1.0 protocol +instead of the default HTTP 1.1. diff --git a/libs/curl/docs/cmdline-opts/proxytunnel.d b/libs/curl/docs/cmdline-opts/proxytunnel.d deleted file mode 100644 index a62cbb69..00000000 --- a/libs/curl/docs/cmdline-opts/proxytunnel.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: proxytunnel -Short: p -Help: Operate through an HTTP proxy tunnel (using CONNECT) -See-also: proxy -Category: proxy -Example: --proxytunnel -x http://proxy $URL -Added: 7.3 ---- -When an HTTP proxy is used --proxy, this option will make curl tunnel through -the proxy. The tunnel approach is made with the HTTP proxy CONNECT request and -requires that the proxy allows direct connect to the remote port number curl -wants to tunnel through to. - -To suppress proxy CONNECT response headers when curl is set to output headers -use --suppress-connect-headers. diff --git a/libs/curl/docs/cmdline-opts/proxytunnel.md b/libs/curl/docs/cmdline-opts/proxytunnel.md new file mode 100644 index 00000000..169d2ad8 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/proxytunnel.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: proxytunnel +Short: p +Help: HTTP proxy tunnel (using CONNECT) +Category: proxy +Added: 7.3 +Multi: boolean +See-also: + - proxy +Example: + - --proxytunnel -x http://proxy $URL +--- + +# `--proxytunnel` + +When an HTTP proxy is used --proxy, this option makes curl tunnel the traffic +through the proxy. The tunnel approach is made with the HTTP proxy CONNECT +request and requires that the proxy allows direct connect to the remote port +number curl wants to tunnel through to. + +To suppress proxy CONNECT response headers when curl is set to output headers +use --suppress-connect-headers. diff --git a/libs/curl/docs/cmdline-opts/pubkey.d b/libs/curl/docs/cmdline-opts/pubkey.d deleted file mode 100644 index 27790491..00000000 --- a/libs/curl/docs/cmdline-opts/pubkey.d +++ /dev/null @@ -1,18 +0,0 @@ -Long: pubkey -Arg: -Protocols: SFTP SCP -Help: SSH Public key file name -Category: sftp scp auth -Example: --pubkey file.pub sftp://example.com/ -Added: 7.16.2 -See-also: pass ---- -Public key file name. Allows you to provide your public key in this separate -file. - -If this option is used several times, the last one will be used. - -(As of 7.39.0, curl attempts to automatically extract the public key from the -private key file, so passing this option is generally not required. Note that -this public key extraction requires libcurl to be linked against a copy of -libssh2 1.2.8 or higher that is itself linked against OpenSSL.) diff --git a/libs/curl/docs/cmdline-opts/pubkey.md b/libs/curl/docs/cmdline-opts/pubkey.md new file mode 100644 index 00000000..373d113c --- /dev/null +++ b/libs/curl/docs/cmdline-opts/pubkey.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: pubkey +Arg: +Protocols: SFTP SCP +Help: SSH Public key filename +Category: sftp scp ssh auth +Added: 7.16.2 +Multi: single +See-also: + - pass +Example: + - --pubkey file.pub sftp://example.com/ +--- + +# `--pubkey` + +Public key filename. Allows you to provide your public key in this separate +file. + +curl attempts to automatically extract the public key from the private key +file, so passing this option is generally not required. Note that this public +key extraction requires libcurl to be linked against a copy of libssh2 1.2.8 +or higher that is itself linked against OpenSSL. (Added in 7.39.0.) diff --git a/libs/curl/docs/cmdline-opts/quote.d b/libs/curl/docs/cmdline-opts/quote.d deleted file mode 100644 index 1f0f5ead..00000000 --- a/libs/curl/docs/cmdline-opts/quote.d +++ /dev/null @@ -1,70 +0,0 @@ -Long: quote -Arg: -Short: Q -Help: Send command(s) to server before transfer -Protocols: FTP SFTP -Category: ftp sftp -Example: --quote "DELE file" ftp://example.com/foo -Added: 5.3 -See-also: request ---- -Send an arbitrary command to the remote FTP or SFTP server. Quote commands are -sent BEFORE the transfer takes place (just after the initial PWD command in an -FTP transfer, to be exact). To make commands take place after a successful -transfer, prefix them with a dash '-'. To make commands be sent after curl -has changed the working directory, just before the transfer command(s), prefix -the command with a '+' (this is only supported for FTP). You may specify any -number of commands. - -By default curl will stop at first failure. To make curl continue even if the -command fails, prefix the command with an asterisk (*). Otherwise, if the -server returns failure for one of the commands, the entire operation will be -aborted. - -You must send syntactically correct FTP commands as RFC 959 defines to FTP -servers, or one of the commands listed below to SFTP servers. - -This option can be used multiple times. - -SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP quote commands -itself before sending them to the server. File names may be quoted -shell-style to embed spaces or special characters. Following is the list of -all supported SFTP quote commands: -.RS -.IP "atime date file" -The atime command sets the last access time of the file named by the file -operand. The can be all sorts of date strings, see the -*curl_getdate(3)* man page for date expression details. (Added in 7.73.0) -.IP "chgrp group file" -The chgrp command sets the group ID of the file named by the file operand to -the group ID specified by the group operand. The group operand is a decimal -integer group ID. -.IP "chmod mode file" -The chmod command modifies the file mode bits of the specified file. The -mode operand is an octal integer mode number. -.IP "chown user file" -The chown command sets the owner of the file named by the file operand to the -user ID specified by the user operand. The user operand is a decimal -integer user ID. -.IP "ln source_file target_file" -The ln and symlink commands create a symbolic link at the target_file location -pointing to the source_file location. -.IP "mkdir directory_name" -The mkdir command creates the directory named by the directory_name operand. -.IP "mtime date file" -The mtime command sets the last modification time of the file named by the -file operand. The can be all sorts of date strings, see the -*curl_getdate(3)* man page for date expression details. (Added in 7.73.0) -.IP "pwd" -The pwd command returns the absolute pathname of the current working directory. -.IP "rename source target" -The rename command renames the file or directory named by the source -operand to the destination path named by the target operand. -.IP "rm file" -The rm command removes the file specified by the file operand. -.IP "rmdir directory" -The rmdir command removes the directory entry specified by the directory -operand, provided it is empty. -.IP "symlink source_file target_file" -See ln. -.RE diff --git a/libs/curl/docs/cmdline-opts/quote.md b/libs/curl/docs/cmdline-opts/quote.md new file mode 100644 index 00000000..4972c96f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/quote.md @@ -0,0 +1,90 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: quote +Arg: +Short: Q +Help: Send command(s) to server before transfer +Protocols: FTP SFTP +Category: ftp sftp +Added: 5.3 +Multi: append +See-also: + - request +Example: + - --quote "DELE file" ftp://example.com/foo +--- + +# `--quote` + +Send an arbitrary command to the remote FTP or SFTP server. Quote commands are +sent BEFORE the transfer takes place (just after the initial **PWD** command +in an FTP transfer, to be exact). To make commands take place after a +successful transfer, prefix them with a dash '-'. + +(FTP only) To make commands be sent after curl has changed the working +directory, just before the file transfer command(s), prefix the command with a +'+'. This is not performed when a directory listing is performed. + +You may specify any number of commands. + +By default curl stops at first failure. To make curl continue even if the +command fails, prefix the command with an asterisk (*). Otherwise, if the +server returns failure for one of the commands, the entire operation is +aborted. + +You must send syntactically correct FTP commands as RFC 959 defines to FTP +servers, or one of the commands listed below to SFTP servers. + +SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP quote commands +itself before sending them to the server. Filenames may be quoted shell-style +to embed spaces or special characters. Following is the list of all supported +SFTP quote commands: + +## atime date file +The atime command sets the last access time of the file named by the file +operand. The date expression can be all sorts of date strings, see the +*curl_getdate(3)* man page for date expression details. (Added in 7.73.0) + +## chgrp group file +The chgrp command sets the group ID of the file named by the file operand to +the group ID specified by the group operand. The group operand is a decimal +integer group ID. + +## chmod mode file +The chmod command modifies the file mode bits of the specified file. The +mode operand is an octal integer mode number. + +## chown user file +The chown command sets the owner of the file named by the file operand to the +user ID specified by the user operand. The user operand is a decimal +integer user ID. + +## ln source_file target_file +The ln and symlink commands create a symbolic link at the target_file location +pointing to the source_file location. + +## mkdir directory_name +The mkdir command creates the directory named by the directory_name operand. + +## mtime date file +The mtime command sets the last modification time of the file named by the +file operand. The date expression can be all sorts of date strings, see the +*curl_getdate(3)* man page for date expression details. (Added in 7.73.0) + +## pwd +The pwd command returns the absolute path name of the current working directory. + +## rename source target +The rename command renames the file or directory named by the source +operand to the destination path named by the target operand. + +## rm file +The rm command removes the file specified by the file operand. + +## rmdir directory +The rmdir command removes the directory entry specified by the directory +operand, provided it is empty. + +## symlink source_file target_file +See ln. diff --git a/libs/curl/docs/cmdline-opts/random-file.d b/libs/curl/docs/cmdline-opts/random-file.d deleted file mode 100644 index fe56f574..00000000 --- a/libs/curl/docs/cmdline-opts/random-file.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: random-file -Arg: -Help: File for reading random data from -Category: misc -Example: --random-file rubbish $URL -Added: 7.7 -See-also: egd-file ---- -Specify the path name to file containing what will be considered as random -data. The data may be used to seed the random engine for SSL connections. See -also the --egd-file option. diff --git a/libs/curl/docs/cmdline-opts/random-file.md b/libs/curl/docs/cmdline-opts/random-file.md new file mode 100644 index 00000000..e2c8624a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/random-file.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: random-file +Arg: +Help: File for reading random data from +Category: deprecated +Added: 7.7 +Multi: single +See-also: + - egd-file +Example: + - --random-file rubbish $URL +--- + +# `--random-file` + +Deprecated option. This option is ignored (added in 7.84.0). Prior to that it +only had an effect on curl if built to use old versions of OpenSSL. + +Specify the path name to file containing random data. The data may be used to +seed the random engine for SSL connections. diff --git a/libs/curl/docs/cmdline-opts/range.d b/libs/curl/docs/cmdline-opts/range.d deleted file mode 100644 index 7ebf843a..00000000 --- a/libs/curl/docs/cmdline-opts/range.d +++ /dev/null @@ -1,51 +0,0 @@ -Long: range -Short: r -Help: Retrieve only the bytes within RANGE -Arg: -Protocols: HTTP FTP SFTP FILE -Category: http ftp sftp file -Example: --range 22-44 $URL -Added: 4.0 -See-also: continue-at append ---- -Retrieve a byte range (i.e. a partial document) from an HTTP/1.1, FTP or SFTP -server or a local FILE. Ranges can be specified in a number of ways. -.RS -.TP 10 -.B 0-499 -specifies the first 500 bytes -.TP -.B 500-999 -specifies the second 500 bytes -.TP -.B -500 -specifies the last 500 bytes -.TP -.B 9500- -specifies the bytes from offset 9500 and forward -.TP -.B 0-0,-1 -specifies the first and last byte only(*)(HTTP) -.TP -.B 100-199,500-599 -specifies two separate 100-byte ranges(*) (HTTP) -.RE -.IP -(*) = NOTE that this will cause the server to reply with a multipart -response, which will be returned as-is by curl! Parsing or otherwise -transforming this response is the responsibility of the caller. - -Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the -\&'start-stop' range syntax. If a non-digit character is given in the range, -the server's response will be unspecified, depending on the server's -configuration. - -You should also be aware that many HTTP/1.1 servers do not have this feature -enabled, so that when you attempt to get a range, you will instead get the -whole document. - -FTP and SFTP range downloads only support the simple 'start-stop' syntax -(optionally with one of the numbers omitted). FTP use depends on the extended -FTP command SIZE. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/range.md b/libs/curl/docs/cmdline-opts/range.md new file mode 100644 index 00000000..abfdf216 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/range.md @@ -0,0 +1,57 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: range +Short: r +Help: Retrieve only the bytes within RANGE +Arg: +Protocols: HTTP FTP SFTP FILE +Category: http ftp sftp file +Added: 4.0 +Multi: single +See-also: + - continue-at + - append +Example: + - --range 22-44 $URL +--- + +# `--range` + +Retrieve a byte range (i.e. a partial document) from an HTTP/1.1, FTP or SFTP +server or a local FILE. Ranges can be specified in a number of ways. + +## 0-499 +specifies the first 500 bytes + +## 500-999 +specifies the second 500 bytes + +## -500 +specifies the last 500 bytes + +## 9500- +specifies the bytes from offset 9500 and forward + +## 0-0,-1 +specifies the first and last byte only(*)(HTTP) + +## 100-199,500-599 +specifies two separate 100-byte ranges(*) (HTTP) + +## + +(*) = NOTE that these make the server reply with a multipart response, which +is returned as-is by curl! Parsing or otherwise transforming this response is +the responsibility of the caller. + +Only digit characters (0-9) are valid in the 'start' and 'stop' fields of the +'start-stop' range syntax. If a non-digit character is given in the range, the +server's response is unspecified, depending on the server's configuration. + +Many HTTP/1.1 servers do not have this feature enabled, so that when you +attempt to get a range, curl instead gets the whole document. + +FTP and SFTP range downloads only support the simple 'start-stop' syntax +(optionally with one of the numbers omitted). FTP use depends on the extended +FTP command SIZE. diff --git a/libs/curl/docs/cmdline-opts/rate.md b/libs/curl/docs/cmdline-opts/rate.md new file mode 100644 index 00000000..49d0010b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/rate.md @@ -0,0 +1,42 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: rate +Arg: +Help: Request rate for serial transfers +Category: connection global +Added: 7.84.0 +Multi: single +Scope: global +See-also: + - limit-rate + - retry-delay +Example: + - --rate 2/s $URL ... + - --rate 3/h $URL ... + - --rate 14/m $URL ... +--- + +# `--rate` + +Specify the maximum transfer frequency you allow curl to use - in number of +transfer starts per time unit (sometimes called request rate). Without this +option, curl starts the next transfer as fast as possible. + +If given several URLs and a transfer completes faster than the allowed rate, +curl waits until the next transfer is started to maintain the requested +rate. This option has no effect when --parallel is used. + +The request rate is provided as "N/U" where N is an integer number and U is a +time unit. Supported units are 's' (second), 'm' (minute), 'h' (hour) and 'd' +/(day, as in a 24 hour unit). The default time unit, if no "/U" is provided, +is number of transfers per hour. + +If curl is told to allow 10 requests per minute, it does not start the next +request until 6 seconds have elapsed since the previous transfer was started. + +This function uses millisecond resolution. If the allowed frequency is set +more than 1000 per second, it instead runs unrestricted. + +When retrying transfers, enabled with --retry, the separate retry delay logic +is used and not this setting. diff --git a/libs/curl/docs/cmdline-opts/raw.d b/libs/curl/docs/cmdline-opts/raw.d deleted file mode 100644 index dcf77fc4..00000000 --- a/libs/curl/docs/cmdline-opts/raw.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: raw -Help: Do HTTP "raw"; no transfer decoding -Added: 7.16.2 -Protocols: HTTP -Category: http -Example: --raw $URL -See-also: tr-encoding ---- -When used, it disables all internal HTTP decoding of content or transfer -encodings and instead makes them passed on unaltered, raw. diff --git a/libs/curl/docs/cmdline-opts/raw.md b/libs/curl/docs/cmdline-opts/raw.md new file mode 100644 index 00000000..ca63dc31 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/raw.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: raw +Help: Do HTTP raw; no transfer decoding +Added: 7.16.2 +Protocols: HTTP +Category: http +Multi: boolean +See-also: + - tr-encoding +Example: + - --raw $URL +--- + +# `--raw` + +When used, it disables all internal HTTP decoding of content or transfer +encodings and instead makes them passed on unaltered, raw. diff --git a/libs/curl/docs/cmdline-opts/referer.d b/libs/curl/docs/cmdline-opts/referer.d deleted file mode 100644 index 10aa8297..00000000 --- a/libs/curl/docs/cmdline-opts/referer.d +++ /dev/null @@ -1,19 +0,0 @@ -Long: referer -Short: e -Arg: -Protocols: HTTP -Help: Referrer URL -See-also: user-agent header -Category: http -Example: --referer "https://fake.example" $URL -Example: --referer "https://fake.example;auto" -L $URL -Example: --referer ";auto" -L $URL -Added: 4.0 ---- -Sends the "Referrer Page" information to the HTTP server. This can also be set -with the --header flag of course. When used with --location you can append -";auto" to the --referer URL to make curl automatically set the previous URL -when it follows a Location: header. The \&";auto" string can be used alone, -even if you do not set an initial --referer. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/referer.md b/libs/curl/docs/cmdline-opts/referer.md new file mode 100644 index 00000000..1fec2485 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/referer.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: referer +Short: e +Arg: +Protocols: HTTP +Help: Referrer URL +Category: http +Added: 4.0 +Multi: single +See-also: + - user-agent + - header +Example: + - --referer "https://fake.example" $URL + - --referer "https://fake.example;auto" -L $URL + - --referer ";auto" -L $URL +--- + +# `--referer` + +Set the referrer URL in the HTTP request. This can also be set with the +--header flag of course. When used with --location you can append `;auto`" to +the --referer URL to make curl automatically set the previous URL when it +follows a Location: header. The `;auto` string can be used alone, even if you +do not set an initial --referer. diff --git a/libs/curl/docs/cmdline-opts/remote-header-name.d b/libs/curl/docs/cmdline-opts/remote-header-name.d deleted file mode 100644 index 00db0b45..00000000 --- a/libs/curl/docs/cmdline-opts/remote-header-name.d +++ /dev/null @@ -1,23 +0,0 @@ -Long: remote-header-name -Short: J -Protocols: HTTP -Help: Use the header-provided filename -Category: output -Example: -OJ https://example.com/file -Added: 7.20.0 -See-also: remote-name ---- -This option tells the --remote-name option to use the server-specified -Content-Disposition filename instead of extracting a filename from the URL. - -If the server specifies a file name and a file with that name already exists -in the current working directory it will not be overwritten and an error will -occur. If the server does not specify a file name then this option has no -effect. - -There's no attempt to decode %-sequences (yet) in the provided file name, so -this option may provide you with rather unexpected file names. - -**WARNING**: Exercise judicious use of this option, especially on Windows. A -rogue server could send you the name of a DLL or other file that could be -loaded automatically by Windows or some third party software. diff --git a/libs/curl/docs/cmdline-opts/remote-header-name.md b/libs/curl/docs/cmdline-opts/remote-header-name.md new file mode 100644 index 00000000..88c2808a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/remote-header-name.md @@ -0,0 +1,39 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remote-header-name +Short: J +Protocols: HTTP +Help: Use the header-provided filename +Category: output +Added: 7.20.0 +Multi: boolean +See-also: + - remote-name +Example: + - -OJ https://example.com/file +--- + +# `--remote-header-name` + +Tell the --remote-name option to use the server-specified Content-Disposition +filename instead of extracting a filename from the URL. If the server-provided +filename contains a path, that is stripped off before the filename is used. + +The file is saved in the current directory, or in the directory specified with +--output-dir. + +If the server specifies a filename and a file with that name already exists in +the destination directory, it is not overwritten and an error occurs - unless +you allow it by using the --clobber option. If the server does not specify a +filename then this option has no effect. + +There is no attempt to decode %-sequences (yet) in the provided filename, so +this option may provide you with rather unexpected filenames. + +This feature uses the name from the `filename` field, it does not yet support +the `filename*` field (filenames with explicit character sets). + +**WARNING**: Exercise judicious use of this option, especially on Windows. A +rogue server could send you the name of a DLL or other file that could be +loaded automatically by Windows or some third party software. diff --git a/libs/curl/docs/cmdline-opts/remote-name-all.d b/libs/curl/docs/cmdline-opts/remote-name-all.d deleted file mode 100644 index 80e8a0a2..00000000 --- a/libs/curl/docs/cmdline-opts/remote-name-all.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: remote-name-all -Help: Use the remote file name for all URLs -Added: 7.19.0 -Category: output -Example: --remote-name-all ftp://example.com/file1 ftp://example.com/file2 -See-also: remote-name ---- -This option changes the default action for all given URLs to be dealt with as -if --remote-name were used for each one. So if you want to disable that for a -specific URL after --remote-name-all has been used, you must use "-o -" or ---no-remote-name. diff --git a/libs/curl/docs/cmdline-opts/remote-name-all.md b/libs/curl/docs/cmdline-opts/remote-name-all.md new file mode 100644 index 00000000..92d348e2 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/remote-name-all.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remote-name-all +Help: Use the remote filename for all URLs +Added: 7.19.0 +Category: output +Multi: boolean +See-also: + - remote-name +Example: + - --remote-name-all ftp://example.com/file1 ftp://example.com/file2 +--- + +# `--remote-name-all` + +Change the default action for all given URLs to be dealt with as if +--remote-name were used for each one. If you want to disable that for a +specific URL after --remote-name-all has been used, you must use "-o -" or +--no-remote-name. diff --git a/libs/curl/docs/cmdline-opts/remote-name.d b/libs/curl/docs/cmdline-opts/remote-name.d deleted file mode 100644 index c149c185..00000000 --- a/libs/curl/docs/cmdline-opts/remote-name.d +++ /dev/null @@ -1,25 +0,0 @@ -Long: remote-name -Short: O -Help: Write output to a file named as the remote file -Category: important output -Example: -O https://example.com/filename -Added: 4.0 -See-also: remote-name-all ---- -Write output to a local file named like the remote file we get. (Only the file -part of the remote file is used, the path is cut off.) - -The file will be saved in the current working directory. If you want the file -saved in a different directory, make sure you change the current working -directory before invoking curl with this option. - -The remote file name to use for saving is extracted from the given URL, -nothing else, and if it already exists it will be overwritten. If you want the -server to be able to choose the file name refer to --remote-header-name which -can be used in addition to this option. If the server chooses a file name and -that name already exists it will not be overwritten. - -There is no URL decoding done on the file name. If it has %20 or other URL -encoded parts of the name, they will end up as-is as file name. - -You may use this option as many times as the number of URLs you have. diff --git a/libs/curl/docs/cmdline-opts/remote-name.md b/libs/curl/docs/cmdline-opts/remote-name.md new file mode 100644 index 00000000..041800fa --- /dev/null +++ b/libs/curl/docs/cmdline-opts/remote-name.md @@ -0,0 +1,37 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remote-name +Short: O +Help: Write output to file named as remote file +Category: important output +Added: 4.0 +Multi: per-URL +See-also: + - remote-name-all + - output-dir + - remote-header-name +Example: + - -O https://example.com/filename + - -O https://example.com/filename -O https://example.com/file2 +--- + +# `--remote-name` + +Write output to a local file named like the remote file we get. (Only the file +part of the remote file is used, the path is cut off.) + +The file is saved in the current working directory. If you want the file saved +in a different directory, make sure you change the current working directory +before invoking curl with this option or use --output-dir. + +The remote filename to use for saving is extracted from the given URL, nothing +else, and if it already exists it is overwritten. If you want the server to be +able to choose the filename refer to --remote-header-name which can be used in +addition to this option. If the server chooses a filename and that name +already exists it is not overwritten. + +There is no URL decoding done on the filename. If it has %20 or other URL +encoded parts of the name, they end up as-is as filename. + +You may use this option as many times as the number of URLs you have. diff --git a/libs/curl/docs/cmdline-opts/remote-time.d b/libs/curl/docs/cmdline-opts/remote-time.d deleted file mode 100644 index 57287372..00000000 --- a/libs/curl/docs/cmdline-opts/remote-time.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: remote-time -Short: R -Help: Set the remote file's time on the local output -Category: output -Example: --remote-time -o foo $URL -Added: 7.9 -See-also: remote-name time-cond ---- -When used, this will make curl attempt to figure out the timestamp of the -remote file, and if that is available make the local file get that same -timestamp. diff --git a/libs/curl/docs/cmdline-opts/remote-time.md b/libs/curl/docs/cmdline-opts/remote-time.md new file mode 100644 index 00000000..7c5d21f0 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/remote-time.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remote-time +Short: R +Help: Set remote file's time on local output +Category: output +Added: 7.9 +Multi: boolean +See-also: + - remote-name + - time-cond +Example: + - --remote-time -o foo $URL +--- + +# `--remote-time` + +Makes curl attempt to figure out the timestamp of the remote file that is +getting downloaded, and if that is available make the local file get that same +timestamp. diff --git a/libs/curl/docs/cmdline-opts/remove-on-error.md b/libs/curl/docs/cmdline-opts/remove-on-error.md new file mode 100644 index 00000000..4f9cf90d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/remove-on-error.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: remove-on-error +Help: Remove output file on errors +Category: output +Added: 7.83.0 +Multi: boolean +See-also: + - fail +Example: + - --remove-on-error -o output $URL +--- + +# `--remove-on-error` + +Remove output file if an error occurs. If curl returns an error when told to +save output in a local file. This prevents curl from leaving a partial file in +the case of an error during transfer. + +If the output is not a regular file, this option has no effect. diff --git a/libs/curl/docs/cmdline-opts/request-target.d b/libs/curl/docs/cmdline-opts/request-target.d deleted file mode 100644 index d901fd88..00000000 --- a/libs/curl/docs/cmdline-opts/request-target.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: request-target -Arg: -Help: Specify the target for this request -Protocols: HTTP -Added: 7.55.0 -Category: http -Example: --request-target "*" -X OPTIONS $URL -See-also: request ---- -Tells curl to use an alternative "target" (path) instead of using the path as -provided in the URL. Particularly useful when wanting to issue HTTP requests -without leading slash or other data that does not follow the regular URL -pattern, like "OPTIONS *". diff --git a/libs/curl/docs/cmdline-opts/request-target.md b/libs/curl/docs/cmdline-opts/request-target.md new file mode 100644 index 00000000..44285114 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/request-target.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: request-target +Arg: +Help: Specify the target for this request +Protocols: HTTP +Added: 7.55.0 +Category: http +Multi: single +See-also: + - request +Example: + - --request-target "*" -X OPTIONS $URL +--- + +# `--request-target` + +Use an alternative target (path) instead of using the path as provided in the +URL. Particularly useful when wanting to issue HTTP requests without leading +slash or other data that does not follow the regular URL pattern, like +"OPTIONS *". + +curl passes on the verbatim string you give it its the request without any +filter or other safe guards. That includes white space and control characters. diff --git a/libs/curl/docs/cmdline-opts/request.d b/libs/curl/docs/cmdline-opts/request.d deleted file mode 100644 index 9a97149f..00000000 --- a/libs/curl/docs/cmdline-opts/request.d +++ /dev/null @@ -1,44 +0,0 @@ -Long: request -Short: X -Arg: -Help: Specify request method to use -Category: connection -Example: -X "DELETE" $URL -Example: -X NLST ftp://example.com/ -Added: 6.0 -See-also: request-target ---- -(HTTP) Specifies a custom request method to use when communicating with the -HTTP server. The specified request method will be used instead of the method -otherwise used (which defaults to GET). Read the HTTP 1.1 specification for -details and explanations. Common additional HTTP requests include PUT and -DELETE, but related technologies like WebDAV offers PROPFIND, COPY, MOVE and -more. - -Normally you do not need this option. All sorts of GET, HEAD, POST and PUT -requests are rather invoked by using dedicated command line options. - -This option only changes the actual word used in the HTTP request, it does not -alter the way curl behaves. So for example if you want to make a proper HEAD -request, using -X HEAD will not suffice. You need to use the --head option. - -The method string you set with --request will be used for all requests, which -if you for example use --location may cause unintended side-effects when curl -does not change request method according to the HTTP 30x response codes - and -similar. - -(FTP) -Specifies a custom FTP command to use instead of LIST when doing file lists -with FTP. - -(POP3) -Specifies a custom POP3 command to use instead of LIST or RETR. -(Added in 7.26.0) - -(IMAP) -Specifies a custom IMAP command to use instead of LIST. (Added in 7.30.0) - -(SMTP) -Specifies a custom SMTP command to use instead of HELP or VRFY. (Added in 7.34.0) - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/request.md b/libs/curl/docs/cmdline-opts/request.md new file mode 100644 index 00000000..86cf10de --- /dev/null +++ b/libs/curl/docs/cmdline-opts/request.md @@ -0,0 +1,57 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: request +Short: X +Arg: +Help: Specify request method to use +Category: connection pop3 ftp imap smtp +Added: 6.0 +Multi: single +See-also: + - request-target +Example: + - -X "DELETE" $URL + - -X NLST ftp://example.com/ +--- + +# `--request` + +Change the method to use when starting the transfer. + +curl passes on the verbatim string you give it in the request without any +filter or other safe guards. That includes white space and control characters. + +## HTTP +Specifies a custom request method to use when communicating with the HTTP +server. The specified request method is used instead of the method otherwise +used (which defaults to *GET*). Read the HTTP 1.1 specification for details +and explanations. Common additional HTTP requests include *PUT* and *DELETE*, +while related technologies like WebDAV offers *PROPFIND*, *COPY*, *MOVE* and +more. + +Normally you do not need this option. All sorts of *GET*, *HEAD*, *POST* and +*PUT* requests are rather invoked by using dedicated command line options. + +This option only changes the actual word used in the HTTP request, it does not +alter the way curl behaves. For example if you want to make a proper HEAD +request, using -X HEAD does not suffice. You need to use the --head option. + +The method string you set with --request is used for all requests, which +if you for example use --location may cause unintended side-effects when curl +does not change request method according to the HTTP 30x response codes - and +similar. + +## FTP +Specifies a custom FTP command to use instead of *LIST* when doing file lists +with FTP. + +## POP3 +Specifies a custom POP3 command to use instead of *LIST* or *RETR*. +(Added in 7.26.0) + +## IMAP +Specifies a custom IMAP command to use instead of *LIST*. (Added in 7.30.0) + +## SMTP +Specifies a custom SMTP command to use instead of *HELP* or **VRFY**. (Added in 7.34.0) diff --git a/libs/curl/docs/cmdline-opts/resolve.d b/libs/curl/docs/cmdline-opts/resolve.d deleted file mode 100644 index cbe28873..00000000 --- a/libs/curl/docs/cmdline-opts/resolve.d +++ /dev/null @@ -1,38 +0,0 @@ -Long: resolve -Arg: <[+]host:port:addr[,addr]...> -Help: Resolve the host+port to this address -Added: 7.21.3 -Category: connection -Example: --resolve example.com:443:127.0.0.1 $URL -See-also: connect-to alt-svc ---- -Provide a custom address for a specific host and port pair. Using this, you -can make the curl requests(s) use a specified address and prevent the -otherwise normally resolved address to be used. Consider it a sort of -/etc/hosts alternative provided on the command line. The port number should be -the number used for the specific protocol the host will be used for. It means -you need several entries if you want to provide address for the same host but -different ports. - -By specifying '*' as host you can tell curl to resolve any host and specific -port pair to the specified address. Wildcard is resolved last so any --resolve -with a specific host and port will be used first. - -The provided address set by this option will be used even if --ipv4 or --ipv6 -is set to make curl use another IP version. - -By prefixing the host with a '+' you can make the entry time out after curl's -default timeout (1 minute). Note that this will only make sense for long -running parallel transfers with a lot of files. In such cases, if this option -is used curl will try to resolve the host as it normally would once the -timeout has expired. - -Support for providing the IP address within [brackets] was added in 7.57.0. - -Support for providing multiple IP addresses per entry was added in 7.59.0. - -Support for resolving with wildcard was added in 7.64.0. - -Support for the '+' prefix was was added in 7.75.0. - -This option can be used many times to add many host names to resolve. diff --git a/libs/curl/docs/cmdline-opts/resolve.md b/libs/curl/docs/cmdline-opts/resolve.md new file mode 100644 index 00000000..2b71d9a5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/resolve.md @@ -0,0 +1,45 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: resolve +Arg: <[+]host:port:addr[,addr]...> +Help: Resolve host+port to address +Added: 7.21.3 +Category: connection dns +Multi: append +See-also: + - connect-to + - alt-svc +Example: + - --resolve example.com:443:127.0.0.1 $URL +--- + +# `--resolve` + +Provide a custom address for a specific host and port pair. Using this, you +can make the curl requests(s) use a specified address and prevent the +otherwise normally resolved address to be used. Consider it a sort of +/etc/hosts alternative provided on the command line. The port number should be +the number used for the specific protocol the host is used for. It means +you need several entries if you want to provide address for the same host but +different ports. + +By specifying `*` as host you can tell curl to resolve any host and specific +port pair to the specified address. Wildcard is resolved last so any --resolve +with a specific host and port is used first. + +The provided address set by this option is used even if --ipv4 or --ipv6 is +set to make curl use another IP version. + +By prefixing the host with a '+' you can make the entry time out after curl's +default timeout (1 minute). Note that this only makes sense for long running +parallel transfers with a lot of files. In such cases, if this option is used +curl tries to resolve the host as it normally would once the timeout has +expired. + +To redirect connects from a specific hostname or any hostname, independently +of port number, consider the --connect-to option. + +Support for resolving with wildcard was added in 7.64.0. + +Support for the '+' prefix was added in 7.75.0. diff --git a/libs/curl/docs/cmdline-opts/retry-all-errors.d b/libs/curl/docs/cmdline-opts/retry-all-errors.d deleted file mode 100644 index 37fdfc73..00000000 --- a/libs/curl/docs/cmdline-opts/retry-all-errors.d +++ /dev/null @@ -1,31 +0,0 @@ -Long: retry-all-errors -Help: Retry all errors (use with --retry) -Added: 7.71.0 -Category: curl -Example: --retry 5 --retry-all-errors $URL -See-also: retry ---- -Retry on any error. This option is used together with --retry. - -This option is the "sledgehammer" of retrying. Do not use this option by -default (eg in curlrc), there may be unintended consequences such as sending or -receiving duplicate data. Do not use with redirected input or output. You'd be -much better off handling your unique problems in shell script. Please read the -example below. - -**WARNING**: For server compatibility curl attempts to retry failed flaky -transfers as close as possible to how they were started, but this is not -possible with redirected input or output. For example, before retrying it -removes output data from a failed partial transfer that was written to an -output file. However this is not true of data redirected to a | pipe or > -file, which are not reset. We strongly suggest you do not parse or record -output via redirect in combination with this option, since you may receive -duplicate data. - -By default curl will not error on an HTTP response code that indicates an HTTP -error, if the transfer was successful. For example, if a server replies 404 -Not Found and the reply is fully received then that is not an error. When ---retry is used then curl will retry on some HTTP response codes that indicate -transient HTTP errors, but that does not include most 4xx response codes such -as 404. If you want to retry on all response codes that indicate HTTP errors -(4xx and 5xx) then combine with --fail. diff --git a/libs/curl/docs/cmdline-opts/retry-all-errors.md b/libs/curl/docs/cmdline-opts/retry-all-errors.md new file mode 100644 index 00000000..230e7306 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/retry-all-errors.md @@ -0,0 +1,40 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry-all-errors +Help: Retry all errors (with --retry) +Added: 7.71.0 +Category: curl +Multi: boolean +See-also: + - retry +Example: + - --retry 5 --retry-all-errors $URL +--- + +# `--retry-all-errors` + +Retry on any error. This option is used together with --retry. + +This option is the "sledgehammer" of retrying. Do not use this option by +default (for example in your **curlrc**), there may be unintended consequences +such as sending or receiving duplicate data. Do not use with redirected input +or output. You might be better off handling your unique problems in a shell +script. Please read the example below. + +**WARNING**: For server compatibility curl attempts to retry failed flaky +transfers as close as possible to how they were started, but this is not +possible with redirected input or output. For example, before retrying it +removes output data from a failed partial transfer that was written to an +output file. However this is not true of data redirected to a | pipe or \> +file, which are not reset. We strongly suggest you do not parse or record +output via redirect in combination with this option, since you may receive +duplicate data. + +By default curl does not return error for transfers with an HTTP response code +that indicates an HTTP error, if the transfer was successful. For example, if +a server replies 404 Not Found and the reply is fully received then that is +not an error. When --retry is used then curl retries on some HTTP response +codes that indicate transient HTTP errors, but that does not include most 4xx +response codes such as 404. If you want to retry on all response codes that +indicate HTTP errors (4xx and 5xx) then combine with --fail. diff --git a/libs/curl/docs/cmdline-opts/retry-connrefused.d b/libs/curl/docs/cmdline-opts/retry-connrefused.d deleted file mode 100644 index 13574e80..00000000 --- a/libs/curl/docs/cmdline-opts/retry-connrefused.d +++ /dev/null @@ -1,9 +0,0 @@ -Long: retry-connrefused -Help: Retry on connection refused (use with --retry) -Added: 7.52.0 -Category: curl -Example: --retry-connrefused --retry $URL -See-also: retry retry-all-errors ---- -In addition to the other conditions, consider ECONNREFUSED as a transient -error too for --retry. This option is used together with --retry. diff --git a/libs/curl/docs/cmdline-opts/retry-connrefused.md b/libs/curl/docs/cmdline-opts/retry-connrefused.md new file mode 100644 index 00000000..22345cd8 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/retry-connrefused.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry-connrefused +Help: Retry on connection refused (with --retry) +Added: 7.52.0 +Category: curl +Multi: boolean +See-also: + - retry + - retry-all-errors +Example: + - --retry-connrefused --retry 7 $URL +--- + +# `--retry-connrefused` + +In addition to the other conditions, consider ECONNREFUSED as a transient +error too for --retry. This option is used together with --retry. diff --git a/libs/curl/docs/cmdline-opts/retry-delay.d b/libs/curl/docs/cmdline-opts/retry-delay.d deleted file mode 100644 index c4970bc8..00000000 --- a/libs/curl/docs/cmdline-opts/retry-delay.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: retry-delay -Arg: -Help: Wait time between retries -Added: 7.12.3 -Category: curl -Example: --retry-delay 5 --retry $URL -See-also: retry ---- -Make curl sleep this amount of time before each retry when a transfer has -failed with a transient error (it changes the default backoff time algorithm -between retries). This option is only interesting if --retry is also -used. Setting this delay to zero will make curl use the default backoff time. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/retry-delay.md b/libs/curl/docs/cmdline-opts/retry-delay.md new file mode 100644 index 00000000..fcee1767 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/retry-delay.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry-delay +Arg: +Help: Wait time between retries +Added: 7.12.3 +Category: curl timeout +Multi: single +See-also: + - retry +Example: + - --retry-delay 5 --retry 7 $URL +--- + +# `--retry-delay` + +Make curl sleep this amount of time before each retry when a transfer has +failed with a transient error (it changes the default backoff time algorithm +between retries). This option is only interesting if --retry is also +used. Setting this delay to zero makes curl use the default backoff time. diff --git a/libs/curl/docs/cmdline-opts/retry-max-time.d b/libs/curl/docs/cmdline-opts/retry-max-time.d deleted file mode 100644 index 88ce20f7..00000000 --- a/libs/curl/docs/cmdline-opts/retry-max-time.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: retry-max-time -Arg: -Help: Retry only within this period -Added: 7.12.3 -Category: curl -Example: --retry-max-time 30 --retry 10 $URL -See-also: retry ---- -The retry timer is reset before the first transfer attempt. Retries will be -done as usual (see --retry) as long as the timer has not reached this given -limit. Notice that if the timer has not reached the limit, the request will be -made and while performing, it may take longer than this given time period. To -limit a single request's maximum time, use --max-time. Set this option to -zero to not timeout retries. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/retry-max-time.md b/libs/curl/docs/cmdline-opts/retry-max-time.md new file mode 100644 index 00000000..e95a381a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/retry-max-time.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry-max-time +Arg: +Help: Retry only within this period +Added: 7.12.3 +Category: curl timeout +Multi: single +See-also: + - retry +Example: + - --retry-max-time 30 --retry 10 $URL +--- + +# `--retry-max-time` + +The retry timer is reset before the first transfer attempt. Retries are done +as usual (see --retry) as long as the timer has not reached this given +limit. Notice that if the timer has not reached the limit, the request is +made and while performing, it may take longer than this given time period. To +limit a single request's maximum time, use --max-time. Set this option to zero +to not timeout retries. diff --git a/libs/curl/docs/cmdline-opts/retry.d b/libs/curl/docs/cmdline-opts/retry.d deleted file mode 100644 index 428a092e..00000000 --- a/libs/curl/docs/cmdline-opts/retry.d +++ /dev/null @@ -1,24 +0,0 @@ -Long: retry -Arg: -Added: 7.12.3 -Help: Retry request if transient problems occur -Category: curl -Example: --retry 7 $URL -See-also: retry-max-time ---- -If a transient error is returned when curl tries to perform a transfer, it -will retry this number of times before giving up. Setting the number to 0 -makes curl do no retries (which is the default). Transient error means either: -a timeout, an FTP 4xx response code or an HTTP 408, 429, 500, 502, 503 or 504 -response code. - -When curl is about to retry a transfer, it will first wait one second and then -for all forthcoming retries it will double the waiting time until it reaches -10 minutes which then will be the delay between the rest of the retries. By -using --retry-delay you disable this exponential backoff algorithm. See also ---retry-max-time to limit the total time allowed for retries. - -Since curl 7.66.0, curl will comply with the Retry-After: response header if -one was present to know when to issue the next retry. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/retry.md b/libs/curl/docs/cmdline-opts/retry.md new file mode 100644 index 00000000..1cd595dd --- /dev/null +++ b/libs/curl/docs/cmdline-opts/retry.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: retry +Arg: +Added: 7.12.3 +Help: Retry request if transient problems occur +Category: curl +Multi: single +See-also: + - retry-max-time +Example: + - --retry 7 $URL +--- + +# `--retry` + +If a transient error is returned when curl tries to perform a transfer, it +retries this number of times before giving up. Setting the number to 0 +makes curl do no retries (which is the default). Transient error means either: +a timeout, an FTP 4xx response code or an HTTP 408, 429, 500, 502, 503 or 504 +response code. + +When curl is about to retry a transfer, it first waits one second and then for +all forthcoming retries it doubles the waiting time until it reaches 10 +minutes which then remains delay between the rest of the retries. By using +--retry-delay you disable this exponential backoff algorithm. See also +--retry-max-time to limit the total time allowed for retries. + +curl complies with the Retry-After: response header if one was present to know +when to issue the next retry (added in 7.66.0). diff --git a/libs/curl/docs/cmdline-opts/sasl-authzid.d b/libs/curl/docs/cmdline-opts/sasl-authzid.d deleted file mode 100644 index d80e30f5..00000000 --- a/libs/curl/docs/cmdline-opts/sasl-authzid.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: sasl-authzid -Arg: -Help: Identity for SASL PLAIN authentication -Added: 7.66.0 -Category: auth -Example: --sasl-authzid zid imap://example.com/ -See-also: login-options ---- -Use this authorisation identity (authzid), during SASL PLAIN authentication, -in addition to the authentication identity (authcid) as specified by --user. - -If the option is not specified, the server will derive the authzid from the -authcid, but if specified, and depending on the server implementation, it may -be used to access another user's inbox, that the user has been granted access -to, or a shared mailbox for example. diff --git a/libs/curl/docs/cmdline-opts/sasl-authzid.md b/libs/curl/docs/cmdline-opts/sasl-authzid.md new file mode 100644 index 00000000..4c4282d1 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/sasl-authzid.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: sasl-authzid +Arg: +Help: Identity for SASL PLAIN authentication +Added: 7.66.0 +Category: auth +Multi: single +See-also: + - login-options +Example: + - --sasl-authzid zid imap://example.com/ +--- + +# `--sasl-authzid` + +Use this authorization identity (**authzid**), during SASL PLAIN +authentication, in addition to the authentication identity (**authcid**) as +specified by --user. + +If the option is not specified, the server derives the **authzid** from the +**authcid**, but if specified, and depending on the server implementation, it +may be used to access another user's inbox, that the user has been granted +access to, or a shared mailbox for example. diff --git a/libs/curl/docs/cmdline-opts/sasl-ir.d b/libs/curl/docs/cmdline-opts/sasl-ir.d deleted file mode 100644 index f1289fd7..00000000 --- a/libs/curl/docs/cmdline-opts/sasl-ir.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: sasl-ir -Help: Enable initial response in SASL authentication -Added: 7.31.0 -Category: auth -Example: --sasl-ir imap://example.com/ -See-also: sasl-authzid ---- -Enable initial response in SASL authentication. diff --git a/libs/curl/docs/cmdline-opts/sasl-ir.md b/libs/curl/docs/cmdline-opts/sasl-ir.md new file mode 100644 index 00000000..b11137df --- /dev/null +++ b/libs/curl/docs/cmdline-opts/sasl-ir.md @@ -0,0 +1,17 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: sasl-ir +Help: Initial response in SASL authentication +Added: 7.31.0 +Category: auth +Multi: boolean +See-also: + - sasl-authzid +Example: + - --sasl-ir imap://example.com/ +--- + +# `--sasl-ir` + +Enable initial response in SASL authentication. diff --git a/libs/curl/docs/cmdline-opts/service-name.d b/libs/curl/docs/cmdline-opts/service-name.d deleted file mode 100644 index fd9cb436..00000000 --- a/libs/curl/docs/cmdline-opts/service-name.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: service-name -Help: SPNEGO service name -Arg: -Added: 7.43.0 -Category: misc -Example: --service-name sockd/server $URL -See-also: negotiate proxy-service-name ---- -This option allows you to change the service name for SPNEGO. - -Examples: --negotiate --service-name sockd would use sockd/server-name. diff --git a/libs/curl/docs/cmdline-opts/service-name.md b/libs/curl/docs/cmdline-opts/service-name.md new file mode 100644 index 00000000..f98409aa --- /dev/null +++ b/libs/curl/docs/cmdline-opts/service-name.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: service-name +Help: SPNEGO service name +Arg: +Added: 7.43.0 +Category: auth +Multi: single +See-also: + - negotiate + - proxy-service-name +Example: + - --service-name sockd/server $URL +--- + +# `--service-name` + +Set the service name for SPNEGO. diff --git a/libs/curl/docs/cmdline-opts/show-error.d b/libs/curl/docs/cmdline-opts/show-error.d deleted file mode 100644 index c1af391d..00000000 --- a/libs/curl/docs/cmdline-opts/show-error.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: show-error -Short: S -Help: Show error even when -s is used -See-also: no-progress-meter -Category: curl -Example: --show-error --silent $URL -Added: 5.9 ---- -When used with --silent, it makes curl show an error message if it fails. - -This option is global and does not need to be specified for each use of ---next. diff --git a/libs/curl/docs/cmdline-opts/show-error.md b/libs/curl/docs/cmdline-opts/show-error.md new file mode 100644 index 00000000..aaf865bc --- /dev/null +++ b/libs/curl/docs/cmdline-opts/show-error.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: show-error +Short: S +Help: Show error even when -s is used +Category: curl global +Added: 5.9 +Multi: boolean +Scope: global +See-also: + - no-progress-meter +Example: + - --show-error --silent $URL +--- + +# `--show-error` + +When used with --silent, it makes curl show an error message if it fails. diff --git a/libs/curl/docs/cmdline-opts/silent.d b/libs/curl/docs/cmdline-opts/silent.d deleted file mode 100644 index 3834ee62..00000000 --- a/libs/curl/docs/cmdline-opts/silent.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: silent -Short: s -Help: Silent mode -See-also: verbose stderr no-progress-meter -Category: important verbose -Example: -s $URL -Added: 4.0 ---- -Silent or quiet mode. Do not show progress meter or error messages. Makes Curl -mute. It will still output the data you ask for, potentially even to the -terminal/stdout unless you redirect it. - -Use --show-error in addition to this option to disable progress meter but -still show error messages. diff --git a/libs/curl/docs/cmdline-opts/silent.md b/libs/curl/docs/cmdline-opts/silent.md new file mode 100644 index 00000000..090af0cb --- /dev/null +++ b/libs/curl/docs/cmdline-opts/silent.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: silent +Short: s +Help: Silent mode +Category: important verbose +Added: 4.0 +Multi: boolean +See-also: + - verbose + - stderr + - no-progress-meter +Example: + - -s $URL +--- + +# `--silent` + +Silent or quiet mode. Do not show progress meter or error messages. Makes Curl +mute. It still outputs the data you ask for, potentially even to the +terminal/stdout unless you redirect it. + +Use --show-error in addition to this option to disable progress meter but +still show error messages. diff --git a/libs/curl/docs/cmdline-opts/socks4.d b/libs/curl/docs/cmdline-opts/socks4.d deleted file mode 100644 index a1fb1b34..00000000 --- a/libs/curl/docs/cmdline-opts/socks4.d +++ /dev/null @@ -1,23 +0,0 @@ -Long: socks4 -Arg: -Help: SOCKS4 proxy on given host + port -Added: 7.15.2 -Category: proxy -Example: --socks4 hostname:4096 $URL -See-also: socks4a socks5 socks5-hostname ---- -Use the specified SOCKS4 proxy. If the port number is not specified, it is -assumed at port 1080. Using this socket type make curl resolve the host name -and passing the address on to the proxy. - -This option overrides any previous use of --proxy, as they are mutually -exclusive. - -This option is superfluous since you can specify a socks4 proxy with --proxy -using a socks4:// protocol prefix. (Added in 7.21.7) - -Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time ---proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to -the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/socks4.md b/libs/curl/docs/cmdline-opts/socks4.md new file mode 100644 index 00000000..e74fa787 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/socks4.md @@ -0,0 +1,36 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks4 +Arg: +Help: SOCKS4 proxy on given host + port +Added: 7.15.2 +Category: proxy +Multi: single +See-also: + - socks4a + - socks5 + - socks5-hostname +Example: + - --socks4 hostname:4096 $URL +--- + +# `--socks4` + +Use the specified SOCKS4 proxy. If the port number is not specified, it is +assumed at port 1080. Using this socket type make curl resolve the hostname +and passing the address on to the proxy. + +To specify proxy on a unix domain socket, use localhost for host, e.g. +`socks4://localhost/path/to/socket.sock` + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +This option is superfluous since you can specify a socks4 proxy with --proxy +using a socks4:// protocol prefix. (Added in 7.21.7) + +--preproxy can be used to specify a SOCKS proxy at the same time proxy is used +with an HTTP/HTTPS proxy (added in 7.52.0). In such a case, curl first +connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or +HTTPS proxy. diff --git a/libs/curl/docs/cmdline-opts/socks4a.d b/libs/curl/docs/cmdline-opts/socks4a.d deleted file mode 100644 index e39b968a..00000000 --- a/libs/curl/docs/cmdline-opts/socks4a.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: socks4a -Arg: -Help: SOCKS4a proxy on given host + port -Added: 7.18.0 -Category: proxy -Example: --socks4a hostname:4096 $URL -See-also: socks4 socks5 socks5-hostname ---- -Use the specified SOCKS4a proxy. If the port number is not specified, it is -assumed at port 1080. This asks the proxy to resolve the host name. - -This option overrides any previous use of --proxy, as they are mutually -exclusive. - -This option is superfluous since you can specify a socks4a proxy with --proxy -using a socks4a:// protocol prefix. (Added in 7.21.7) - -Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time ---proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to -the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/socks4a.md b/libs/curl/docs/cmdline-opts/socks4a.md new file mode 100644 index 00000000..49fb9a27 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/socks4a.md @@ -0,0 +1,35 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks4a +Arg: +Help: SOCKS4a proxy on given host + port +Added: 7.18.0 +Category: proxy +Multi: single +See-also: + - socks4 + - socks5 + - socks5-hostname +Example: + - --socks4a hostname:4096 $URL +--- + +# `--socks4a` + +Use the specified SOCKS4a proxy. If the port number is not specified, it is +assumed at port 1080. This asks the proxy to resolve the hostname. + +To specify proxy on a unix domain socket, use localhost for host, e.g. +`socks4a://localhost/path/to/socket.sock` + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +This option is superfluous since you can specify a socks4a proxy with --proxy +using a socks4a:// protocol prefix. (Added in 7.21.7) + +--preproxy can be used to specify a SOCKS proxy at the same time --proxy is +used with an HTTP/HTTPS proxy (added in 7.52.0). In such a case, curl first +connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or +HTTPS proxy. diff --git a/libs/curl/docs/cmdline-opts/socks5-basic.d b/libs/curl/docs/cmdline-opts/socks5-basic.d deleted file mode 100644 index 2e62bec5..00000000 --- a/libs/curl/docs/cmdline-opts/socks5-basic.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: socks5-basic -Help: Enable username/password auth for SOCKS5 proxies -Added: 7.55.0 -Category: proxy auth -Example: --socks5-basic --socks5 hostname:4096 $URL -See-also: socks5 ---- -Tells curl to use username/password authentication when connecting to a SOCKS5 -proxy. The username/password authentication is enabled by default. Use ---socks5-gssapi to force GSS-API authentication to SOCKS5 proxies. diff --git a/libs/curl/docs/cmdline-opts/socks5-basic.md b/libs/curl/docs/cmdline-opts/socks5-basic.md new file mode 100644 index 00000000..dc2a5532 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/socks5-basic.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-basic +Help: Username/password auth for SOCKS5 proxies +Added: 7.55.0 +Category: proxy auth +Multi: mutex +See-also: + - socks5 +Example: + - --socks5-basic --socks5 hostname:4096 $URL +--- + +# `--socks5-basic` + +Use username/password authentication when connecting to a SOCKS5 proxy. The +username/password authentication is enabled by default. Use --socks5-gssapi to +force GSS-API authentication to SOCKS5 proxies. diff --git a/libs/curl/docs/cmdline-opts/socks5-gssapi-nec.d b/libs/curl/docs/cmdline-opts/socks5-gssapi-nec.d deleted file mode 100644 index 09166df2..00000000 --- a/libs/curl/docs/cmdline-opts/socks5-gssapi-nec.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: socks5-gssapi-nec -Help: Compatibility with NEC SOCKS5 server -Added: 7.19.4 -Category: proxy auth -Example: --socks5-gssapi-nec --socks5 hostname:4096 $URL -See-also: socks5 ---- -As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961 -says in section 4.3/4.4 it should be protected, but the NEC reference -implementation does not. The option --socks5-gssapi-nec allows the -unprotected exchange of the protection mode negotiation. diff --git a/libs/curl/docs/cmdline-opts/socks5-gssapi-nec.md b/libs/curl/docs/cmdline-opts/socks5-gssapi-nec.md new file mode 100644 index 00000000..eef6b2de --- /dev/null +++ b/libs/curl/docs/cmdline-opts/socks5-gssapi-nec.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-gssapi-nec +Help: Compatibility with NEC SOCKS5 server +Added: 7.19.4 +Category: proxy auth +Multi: boolean +See-also: + - socks5 +Example: + - --socks5-gssapi-nec --socks5 hostname:4096 $URL +--- + +# `--socks5-gssapi-nec` + +As part of the GSS-API negotiation a protection mode is negotiated. RFC 1961 +says in section 4.3/4.4 it should be protected, but the NEC reference +implementation does not. The option --socks5-gssapi-nec allows the +unprotected exchange of the protection mode negotiation. diff --git a/libs/curl/docs/cmdline-opts/socks5-gssapi-service.d b/libs/curl/docs/cmdline-opts/socks5-gssapi-service.d deleted file mode 100644 index 5ce82ac3..00000000 --- a/libs/curl/docs/cmdline-opts/socks5-gssapi-service.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: socks5-gssapi-service -Arg: -Help: SOCKS5 proxy service name for GSS-API -Added: 7.19.4 -Category: proxy auth -Example: --socks5-gssapi-service sockd --socks5 hostname:4096 $URL -See-also: socks5 ---- -The default service name for a socks server is rcmd/server-fqdn. This option -allows you to change it. - -Examples: --socks5 proxy-name --socks5-gssapi-service sockd would use -sockd/proxy-name --socks5 proxy-name --socks5-gssapi-service sockd/real-name -would use sockd/real-name for cases where the proxy-name does not match the -principal name. diff --git a/libs/curl/docs/cmdline-opts/socks5-gssapi-service.md b/libs/curl/docs/cmdline-opts/socks5-gssapi-service.md new file mode 100644 index 00000000..d847e65e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/socks5-gssapi-service.md @@ -0,0 +1,18 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-gssapi-service +Arg: +Help: SOCKS5 proxy service name for GSS-API +Added: 7.19.4 +Category: proxy auth +Multi: single +See-also: + - socks5 +Example: + - --socks5-gssapi-service sockd --socks5 hostname:4096 $URL +--- + +# `--socks5-gssapi-service` + +Set the service name for a socks server. Default is **rcmd/server-fqdn**. diff --git a/libs/curl/docs/cmdline-opts/socks5-gssapi.d b/libs/curl/docs/cmdline-opts/socks5-gssapi.d deleted file mode 100644 index 66209402..00000000 --- a/libs/curl/docs/cmdline-opts/socks5-gssapi.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: socks5-gssapi -Help: Enable GSS-API auth for SOCKS5 proxies -Added: 7.55.0 -Category: proxy auth -Example: --socks5-gssapi --socks5 hostname:4096 $URL -See-also: socks5 ---- -Tells curl to use GSS-API authentication when connecting to a SOCKS5 proxy. -The GSS-API authentication is enabled by default (if curl is compiled with -GSS-API support). Use --socks5-basic to force username/password authentication -to SOCKS5 proxies. diff --git a/libs/curl/docs/cmdline-opts/socks5-gssapi.md b/libs/curl/docs/cmdline-opts/socks5-gssapi.md new file mode 100644 index 00000000..e1742543 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/socks5-gssapi.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-gssapi +Help: Enable GSS-API auth for SOCKS5 proxies +Added: 7.55.0 +Category: proxy auth +Multi: boolean +See-also: + - socks5 +Example: + - --socks5-gssapi --socks5 hostname:4096 $URL +--- + +# `--socks5-gssapi` + +Use GSS-API authentication when connecting to a SOCKS5 proxy. The GSS-API +authentication is enabled by default (if curl is compiled with GSS-API +support). Use --socks5-basic to force username/password authentication to +SOCKS5 proxies. diff --git a/libs/curl/docs/cmdline-opts/socks5-hostname.d b/libs/curl/docs/cmdline-opts/socks5-hostname.d deleted file mode 100644 index 6530429a..00000000 --- a/libs/curl/docs/cmdline-opts/socks5-hostname.d +++ /dev/null @@ -1,22 +0,0 @@ -Long: socks5-hostname -Arg: -Help: SOCKS5 proxy, pass host name to proxy -Added: 7.18.0 -Category: proxy -Example: --socks5-hostname proxy.example:7000 $URL -See-also: socks5 socks4a ---- -Use the specified SOCKS5 proxy (and let the proxy resolve the host name). If -the port number is not specified, it is assumed at port 1080. - -This option overrides any previous use of --proxy, as they are mutually -exclusive. - -This option is superfluous since you can specify a socks5 hostname proxy with ---proxy using a socks5h:// protocol prefix. (Added in 7.21.7) - -Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time ---proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to -the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/socks5-hostname.md b/libs/curl/docs/cmdline-opts/socks5-hostname.md new file mode 100644 index 00000000..1a5e4c1b --- /dev/null +++ b/libs/curl/docs/cmdline-opts/socks5-hostname.md @@ -0,0 +1,34 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5-hostname +Arg: +Help: SOCKS5 proxy, pass hostname to proxy +Added: 7.18.0 +Category: proxy +Multi: single +See-also: + - socks5 + - socks4a +Example: + - --socks5-hostname proxy.example:7000 $URL +--- + +# `--socks5-hostname` + +Use the specified SOCKS5 proxy (and let the proxy resolve the hostname). If +the port number is not specified, it is assumed at port 1080. + +To specify proxy on a unix domain socket, use localhost for host, e.g. +`socks5h://localhost/path/to/socket.sock` + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +This option is superfluous since you can specify a socks5 hostname proxy with +--proxy using a socks5h:// protocol prefix. (Added in 7.21.7) + +--preproxy can be used to specify a SOCKS proxy at the same time --proxy is +used with an HTTP/HTTPS proxy (added in 7.52.0). In such a case, curl first +connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or +HTTPS proxy. diff --git a/libs/curl/docs/cmdline-opts/socks5.d b/libs/curl/docs/cmdline-opts/socks5.d deleted file mode 100644 index af1c0577..00000000 --- a/libs/curl/docs/cmdline-opts/socks5.d +++ /dev/null @@ -1,24 +0,0 @@ -Long: socks5 -Arg: -Help: SOCKS5 proxy on given host + port -Added: 7.18.0 -Category: proxy -Example: --socks5 proxy.example:7000 $URL -See-also: socks5-hostname socks4a ---- -Use the specified SOCKS5 proxy - but resolve the host name locally. If the -port number is not specified, it is assumed at port 1080. - -This option overrides any previous use of --proxy, as they are mutually -exclusive. - -This option is superfluous since you can specify a socks5 proxy with --proxy -using a socks5:// protocol prefix. (Added in 7.21.7) - -Since 7.52.0, --preproxy can be used to specify a SOCKS proxy at the same time ---proxy is used with an HTTP/HTTPS proxy. In such a case curl first connects to -the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. - -If this option is used several times, the last one will be used. - -This option (as well as --socks4) does not work with IPV6, FTPS or LDAP. diff --git a/libs/curl/docs/cmdline-opts/socks5.md b/libs/curl/docs/cmdline-opts/socks5.md new file mode 100644 index 00000000..192adef4 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/socks5.md @@ -0,0 +1,36 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: socks5 +Arg: +Help: SOCKS5 proxy on given host + port +Added: 7.18.0 +Category: proxy +Multi: single +See-also: + - socks5-hostname + - socks4a +Example: + - --socks5 proxy.example:7000 $URL +--- + +# `--socks5` + +Use the specified SOCKS5 proxy - but resolve the hostname locally. If the +port number is not specified, it is assumed at port 1080. + +To specify proxy on a unix domain socket, use localhost for host, e.g. +`socks5://localhost/path/to/socket.sock` + +This option overrides any previous use of --proxy, as they are mutually +exclusive. + +This option is superfluous since you can specify a socks5 proxy with --proxy +using a socks5:// protocol prefix. (Added in 7.21.7) + +--preproxy can be used to specify a SOCKS proxy at the same time --proxy is +used with an HTTP/HTTPS proxy (added in 7.52.0). In such a case, curl first +connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or +HTTPS proxy. + +This option does not work with FTPS or LDAP. diff --git a/libs/curl/docs/cmdline-opts/speed-limit.d b/libs/curl/docs/cmdline-opts/speed-limit.d deleted file mode 100644 index c07b1d76..00000000 --- a/libs/curl/docs/cmdline-opts/speed-limit.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: speed-limit -Short: Y -Arg: -Help: Stop transfers slower than this -Category: connection -Example: --speed-limit 300 --speed-time 10 $URL -Added: 4.7 -See-also: speed-time limit-rate max-time ---- -If a download is slower than this given speed (in bytes per second) for -speed-time seconds it gets aborted. speed-time is set with --speed-time and is -30 if not set. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/speed-limit.md b/libs/curl/docs/cmdline-opts/speed-limit.md new file mode 100644 index 00000000..b95d6e7d --- /dev/null +++ b/libs/curl/docs/cmdline-opts/speed-limit.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: speed-limit +Short: Y +Arg: +Help: Stop transfers slower than this +Category: connection +Added: 4.7 +Multi: single +See-also: + - speed-time + - limit-rate + - max-time +Example: + - --speed-limit 300 --speed-time 10 $URL +--- + +# `--speed-limit` + +If a transfer is slower than this set speed (in bytes per second) for a given +number of seconds, it gets aborted. The time period is set with --speed-time +and is 30 seconds by default. diff --git a/libs/curl/docs/cmdline-opts/speed-time.d b/libs/curl/docs/cmdline-opts/speed-time.d deleted file mode 100644 index 89cba59b..00000000 --- a/libs/curl/docs/cmdline-opts/speed-time.d +++ /dev/null @@ -1,17 +0,0 @@ -Long: speed-time -Short: y -Arg: -Help: Trigger 'speed-limit' abort after this time -Category: connection -Example: --speed-limit 300 --speed-time 10 $URL -Added: 4.7 -See-also: speed-limit limit-rate ---- -If a download is slower than speed-limit bytes per second during a speed-time -period, the download gets aborted. If speed-time is used, the default -speed-limit will be 1 unless set with --speed-limit. - -This option controls transfers and thus will not affect slow connects etc. If -this is a concern for you, try the --connect-timeout option. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/speed-time.md b/libs/curl/docs/cmdline-opts/speed-time.md new file mode 100644 index 00000000..f27702be --- /dev/null +++ b/libs/curl/docs/cmdline-opts/speed-time.md @@ -0,0 +1,25 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: speed-time +Short: y +Arg: +Help: Trigger 'speed-limit' abort after this time +Category: connection timeout +Added: 4.7 +Multi: single +See-also: + - speed-limit + - limit-rate +Example: + - --speed-limit 300 --speed-time 10 $URL +--- + +# `--speed-time` + +If a transfer runs slower than speed-limit bytes per second during a +speed-time period, the transfer is aborted. If speed-time is used, the default +speed-limit is 1 unless set with --speed-limit. + +This option controls transfers (in both directions) but does not affect slow +connects etc. If this is a concern for you, try the --connect-timeout option. diff --git a/libs/curl/docs/cmdline-opts/ssl-allow-beast.d b/libs/curl/docs/cmdline-opts/ssl-allow-beast.d deleted file mode 100644 index 5a7fe995..00000000 --- a/libs/curl/docs/cmdline-opts/ssl-allow-beast.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: ssl-allow-beast -Help: Allow security flaw to improve interop -Added: 7.25.0 -Category: tls -Example: --ssl-allow-beast $URL -See-also: proxy-ssl-allow-beast insecure ---- -This option tells curl to not work around a security flaw in the SSL3 and -TLS1.0 protocols known as BEAST. If this option is not used, the SSL layer -may use workarounds known to cause interoperability problems with some older -SSL implementations. - -**WARNING**: this option loosens the SSL security, and by using this flag you -ask for exactly that. diff --git a/libs/curl/docs/cmdline-opts/ssl-allow-beast.md b/libs/curl/docs/cmdline-opts/ssl-allow-beast.md new file mode 100644 index 00000000..f9933b77 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ssl-allow-beast.md @@ -0,0 +1,27 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-allow-beast +Help: Allow security flaw to improve interop +Protocols: TLS +Added: 7.25.0 +Category: tls +Multi: boolean +See-also: + - proxy-ssl-allow-beast + - insecure +Example: + - --ssl-allow-beast $URL +--- + +# `--ssl-allow-beast` + +Do not work around a security flaw in the TLS1.0 protocol known as BEAST. If +this option is not used, the TLS layer may use workarounds known to cause +interoperability problems with some older server implementations. + +This option only changes how curl does TLS 1.0 and has no effect on later TLS +versions. + +**WARNING**: this option loosens the TLS security, and by using this flag you +ask for exactly that. diff --git a/libs/curl/docs/cmdline-opts/ssl-auto-client-cert.d b/libs/curl/docs/cmdline-opts/ssl-auto-client-cert.d deleted file mode 100644 index 7581bdff..00000000 --- a/libs/curl/docs/cmdline-opts/ssl-auto-client-cert.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: ssl-auto-client-cert -Help: Use auto client certificate (Schannel) -Added: 7.77.0 -See-also: proxy-ssl-auto-client-cert -Category: tls -Example: --ssl-auto-client-cert $URL ---- -Tell libcurl to automatically locate and use a client certificate for -authentication, when requested by the server. This option is only supported -for Schannel (the native Windows SSL library). Prior to 7.77.0 this was the -default behavior in libcurl with Schannel. Since the server can request any -certificate that supports client authentication in the OS certificate store it -could be a privacy violation and unexpected. diff --git a/libs/curl/docs/cmdline-opts/ssl-auto-client-cert.md b/libs/curl/docs/cmdline-opts/ssl-auto-client-cert.md new file mode 100644 index 00000000..4f0be5bd --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ssl-auto-client-cert.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-auto-client-cert +Help: Use auto client certificate (Schannel) +Added: 7.77.0 +Category: tls +Protocols: TLS +Multi: boolean +See-also: + - proxy-ssl-auto-client-cert +Example: + - --ssl-auto-client-cert $URL +--- + +# `--ssl-auto-client-cert` + +(Schannel) Automatically locate and use a client certificate for +authentication, when requested by the server. Since the server can request any +certificate that supports client authentication in the OS certificate store it +could be a privacy violation and unexpected. diff --git a/libs/curl/docs/cmdline-opts/ssl-no-revoke.d b/libs/curl/docs/cmdline-opts/ssl-no-revoke.d deleted file mode 100644 index ba4b661f..00000000 --- a/libs/curl/docs/cmdline-opts/ssl-no-revoke.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: ssl-no-revoke -Help: Disable cert revocation checks (Schannel) -Added: 7.44.0 -Category: tls -Example: --ssl-no-revoke $URL -See-also: crlfile ---- -(Schannel) This option tells curl to disable certificate revocation checks. -WARNING: this option loosens the SSL security, and by using this flag you ask -for exactly that. diff --git a/libs/curl/docs/cmdline-opts/ssl-no-revoke.md b/libs/curl/docs/cmdline-opts/ssl-no-revoke.md new file mode 100644 index 00000000..16981f14 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ssl-no-revoke.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-no-revoke +Help: Disable cert revocation checks (Schannel) +Added: 7.44.0 +Protocols: TLS +Category: tls +Multi: boolean +See-also: + - crlfile +Example: + - --ssl-no-revoke $URL +--- + +# `--ssl-no-revoke` + +(Schannel) Disable certificate revocation checks. WARNING: this option loosens +the SSL security, and by using this flag you ask for exactly that. diff --git a/libs/curl/docs/cmdline-opts/ssl-reqd.d b/libs/curl/docs/cmdline-opts/ssl-reqd.d deleted file mode 100644 index f8f23c9a..00000000 --- a/libs/curl/docs/cmdline-opts/ssl-reqd.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: ssl-reqd -Help: Require SSL/TLS -Protocols: FTP IMAP POP3 SMTP LDAP -Added: 7.20.0 -Category: tls -Example: --ssl-reqd ftp://example.com -See-also: ssl insecure ---- -Require SSL/TLS for the connection. Terminates the connection if the server -does not support SSL/TLS. - -This option is handled in LDAP since version 7.81.0. It is fully supported -by the openldap backend and rejected by the generic ldap backend if explicit -TLS is required. - -This option was formerly known as --ftp-ssl-reqd. diff --git a/libs/curl/docs/cmdline-opts/ssl-reqd.md b/libs/curl/docs/cmdline-opts/ssl-reqd.md new file mode 100644 index 00000000..f21c145f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ssl-reqd.md @@ -0,0 +1,31 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-reqd +Help: Require SSL/TLS +Protocols: FTP IMAP POP3 SMTP LDAP +Added: 7.20.0 +Category: tls imap pop3 smtp ldap +Multi: boolean +See-also: + - ssl + - insecure +Example: + - --ssl-reqd ftp://example.com +--- + +# `--ssl-reqd` + +Require SSL/TLS for the connection - often referred to as STARTTLS or STLS +because of the involved commands. Terminates the connection if the transfer +cannot be upgraded to use SSL/TLS. + +This option is handled in LDAP (added in 7.81.0). It is fully supported by the +OpenLDAP backend and rejected by the generic ldap backend if explicit TLS is +required. + +This option is unnecessary if you use a URL scheme that in itself implies +immediate and implicit use of TLS, like for FTPS, IMAPS, POP3S, SMTPS and +LDAPS. Such a transfer always fails if the TLS handshake does not work. + +This option was formerly known as --ftp-ssl-reqd. diff --git a/libs/curl/docs/cmdline-opts/ssl-revoke-best-effort.d b/libs/curl/docs/cmdline-opts/ssl-revoke-best-effort.d deleted file mode 100644 index aad3ab0b..00000000 --- a/libs/curl/docs/cmdline-opts/ssl-revoke-best-effort.d +++ /dev/null @@ -1,10 +0,0 @@ -Long: ssl-revoke-best-effort -Help: Ignore missing/offline cert CRL dist points -Added: 7.70.0 -Category: tls -Example: --ssl-revoke-best-effort $URL -See-also: crlfile insecure ---- -(Schannel) This option tells curl to ignore certificate revocation checks when -they failed due to missing/offline distribution points for the revocation check -lists. diff --git a/libs/curl/docs/cmdline-opts/ssl-revoke-best-effort.md b/libs/curl/docs/cmdline-opts/ssl-revoke-best-effort.md new file mode 100644 index 00000000..0257e05f --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ssl-revoke-best-effort.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl-revoke-best-effort +Help: Ignore missing cert CRL dist points +Added: 7.70.0 +Protocols: TLS +Category: tls +Multi: boolean +See-also: + - crlfile + - insecure +Example: + - --ssl-revoke-best-effort $URL +--- + +# `--ssl-revoke-best-effort` + +(Schannel) Ignore certificate revocation checks when they failed due to +missing/offline distribution points for the revocation check lists. diff --git a/libs/curl/docs/cmdline-opts/ssl.d b/libs/curl/docs/cmdline-opts/ssl.d deleted file mode 100644 index 83cac5c9..00000000 --- a/libs/curl/docs/cmdline-opts/ssl.d +++ /dev/null @@ -1,20 +0,0 @@ -Long: ssl -Help: Try SSL/TLS -Protocols: FTP IMAP POP3 SMTP LDAP -Added: 7.20.0 -Category: tls -Example: --ssl pop3://example.com/ -See-also: insecure ciphers ---- -Try to use SSL/TLS for the connection. Reverts to a non-secure connection if -the server does not support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd -for different levels of encryption required. - -This option is handled in LDAP since version 7.81.0. It is fully supported -by the openldap backend and ignored by the generic ldap backend. - -Please note that a server may close the connection if the negotiation does -not succeed. - -This option was formerly known as --ftp-ssl (Added in 7.11.0). That option -name can still be used but will be removed in a future version. diff --git a/libs/curl/docs/cmdline-opts/ssl.md b/libs/curl/docs/cmdline-opts/ssl.md new file mode 100644 index 00000000..0c0f2817 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/ssl.md @@ -0,0 +1,35 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: ssl +Help: Try enabling TLS +Protocols: FTP IMAP POP3 SMTP LDAP +Added: 7.20.0 +Category: tls imap pop3 smtp ldap +Multi: boolean +See-also: + - ssl-reqd + - insecure + - ciphers +Example: + - --ssl pop3://example.com/ +--- + +# `--ssl` + +Warning: this is considered an insecure option. Consider using --ssl-reqd +instead to be sure curl upgrades to a secure connection. + +Try to use SSL/TLS for the connection - often referred to as STARTTLS or STLS +because of the involved commands. Reverts to a non-secure connection if the +server does not support SSL/TLS. See also --ftp-ssl-control and --ssl-reqd for +different levels of encryption required. + +This option is handled in LDAP (added in 7.81.0). It is fully supported by the +OpenLDAP backend and ignored by the generic ldap backend. + +Please note that a server may close the connection if the negotiation does +not succeed. + +This option was formerly known as --ftp-ssl (added in 7.11.0). That option +name can still be used but might be removed in a future version. diff --git a/libs/curl/docs/cmdline-opts/sslv2.d b/libs/curl/docs/cmdline-opts/sslv2.d deleted file mode 100644 index f9059644..00000000 --- a/libs/curl/docs/cmdline-opts/sslv2.d +++ /dev/null @@ -1,15 +0,0 @@ -Short: 2 -Long: sslv2 -Tags: Versions -Protocols: SSL -Added: 5.9 -Mutexed: sslv3 tlsv1 tlsv1.1 tlsv1.2 -Requires: TLS -See-also: http1.1 http2 -Help: Use SSLv2 -Category: tls -Example: --sslv2 $URL ---- -This option previously asked curl to use SSLv2, but starting in curl 7.77.0 -this instruction is ignored. SSLv2 is widely considered insecure (see RFC -6176). diff --git a/libs/curl/docs/cmdline-opts/sslv2.md b/libs/curl/docs/cmdline-opts/sslv2.md new file mode 100644 index 00000000..ea92a2cb --- /dev/null +++ b/libs/curl/docs/cmdline-opts/sslv2.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 2 +Long: sslv2 +Tags: Versions +Protocols: SSL +Added: 5.9 +Mutexed: sslv3 tlsv1 tlsv1.1 tlsv1.2 +Requires: TLS +Help: SSLv2 +Category: deprecated +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --sslv2 $URL +--- + +# `--sslv2` + +This option previously asked curl to use SSLv2, but is now ignored +(added in 7.77.0). SSLv2 is widely considered insecure (see RFC 6176). diff --git a/libs/curl/docs/cmdline-opts/sslv3.d b/libs/curl/docs/cmdline-opts/sslv3.d deleted file mode 100644 index 6599531c..00000000 --- a/libs/curl/docs/cmdline-opts/sslv3.d +++ /dev/null @@ -1,15 +0,0 @@ -Short: 3 -Long: sslv3 -Tags: Versions -Protocols: SSL -Added: 5.9 -Mutexed: sslv2 tlsv1 tlsv1.1 tlsv1.2 -Requires: TLS -See-also: http1.1 http2 -Help: Use SSLv3 -Category: tls -Example: --sslv3 $URL ---- -This option previously asked curl to use SSLv3, but starting in curl 7.77.0 -this instruction is ignored. SSLv3 is widely considered insecure (see RFC -7568). diff --git a/libs/curl/docs/cmdline-opts/sslv3.md b/libs/curl/docs/cmdline-opts/sslv3.md new file mode 100644 index 00000000..f022124e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/sslv3.md @@ -0,0 +1,24 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Short: 3 +Long: sslv3 +Tags: Versions +Protocols: SSL +Added: 5.9 +Mutexed: sslv2 tlsv1 tlsv1.1 tlsv1.2 +Requires: TLS +Help: SSLv3 +Category: deprecated +Multi: mutex +See-also: + - http1.1 + - http2 +Example: + - --sslv3 $URL +--- + +# `--sslv3` + +This option previously asked curl to use SSLv3, but is now ignored +(added in 7.77.0). SSLv3 is widely considered insecure (see RFC 7568). diff --git a/libs/curl/docs/cmdline-opts/stderr.d b/libs/curl/docs/cmdline-opts/stderr.d deleted file mode 100644 index 95b66045..00000000 --- a/libs/curl/docs/cmdline-opts/stderr.d +++ /dev/null @@ -1,15 +0,0 @@ -Long: stderr -Arg: -Help: Where to redirect stderr -See-also: verbose silent -Category: verbose -Example: --stderr output.txt $URL -Added: 6.2 ---- -Redirect all writes to stderr to the specified file instead. If the file name -is a plain '-', it is instead written to stdout. - -This option is global and does not need to be specified for each use of ---next. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/stderr.md b/libs/curl/docs/cmdline-opts/stderr.md new file mode 100644 index 00000000..7030e557 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/stderr.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: stderr +Arg: +Help: Where to redirect stderr +Category: verbose global +Added: 6.2 +Multi: single +Scope: global +See-also: + - verbose + - silent +Example: + - --stderr output.txt $URL +--- + +# `--stderr` + +Redirect all writes to stderr to the specified file instead. If the filename +is a plain '-', it is instead written to stdout. diff --git a/libs/curl/docs/cmdline-opts/styled-output.d b/libs/curl/docs/cmdline-opts/styled-output.d deleted file mode 100644 index 364a1824..00000000 --- a/libs/curl/docs/cmdline-opts/styled-output.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: styled-output -Help: Enable styled output for HTTP headers -Added: 7.61.0 -Category: verbose -Example: --styled-output -I $URL -See-also: head verbose ---- -Enables the automatic use of bold font styles when writing HTTP headers to the -terminal. Use --no-styled-output to switch them off. - -This option is global and does not need to be specified for each use of ---next. diff --git a/libs/curl/docs/cmdline-opts/styled-output.md b/libs/curl/docs/cmdline-opts/styled-output.md new file mode 100644 index 00000000..8193896c --- /dev/null +++ b/libs/curl/docs/cmdline-opts/styled-output.md @@ -0,0 +1,23 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: styled-output +Help: Enable styled output for HTTP headers +Added: 7.61.0 +Category: verbose global +Multi: boolean +Scope: global +See-also: + - head + - verbose +Example: + - --styled-output -I $URL +--- + +# `--styled-output` + +Enable automatic use of bold font styles when writing HTTP headers to the +terminal. Use --no-styled-output to switch them off. + +Styled output requires a terminal that supports bold fonts. This feature is +not present on curl for Windows due to lack of this capability. diff --git a/libs/curl/docs/cmdline-opts/suppress-connect-headers.d b/libs/curl/docs/cmdline-opts/suppress-connect-headers.d deleted file mode 100644 index de465623..00000000 --- a/libs/curl/docs/cmdline-opts/suppress-connect-headers.d +++ /dev/null @@ -1,11 +0,0 @@ -Long: suppress-connect-headers -Help: Suppress proxy CONNECT response headers -See-also: dump-header include proxytunnel -Category: proxy -Example: --suppress-connect-headers --include -x proxy $URL -Added: 7.54.0 ---- -When --proxytunnel is used and a CONNECT request is made do not output proxy -CONNECT response headers. This option is meant to be used with --dump-header or ---include which are used to show protocol headers in the output. It has no -effect on debug options such as --verbose or --trace, or any statistics. diff --git a/libs/curl/docs/cmdline-opts/suppress-connect-headers.md b/libs/curl/docs/cmdline-opts/suppress-connect-headers.md new file mode 100644 index 00000000..9e2eefea --- /dev/null +++ b/libs/curl/docs/cmdline-opts/suppress-connect-headers.md @@ -0,0 +1,22 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: suppress-connect-headers +Help: Suppress proxy CONNECT response headers +Category: proxy +Added: 7.54.0 +Multi: boolean +See-also: + - dump-header + - include + - proxytunnel +Example: + - --suppress-connect-headers --include -x proxy $URL +--- + +# `--suppress-connect-headers` + +When --proxytunnel is used and a CONNECT request is made do not output proxy +CONNECT response headers. This option is meant to be used with --dump-header or +--include which are used to show protocol headers in the output. It has no +effect on debug options such as --verbose or --trace, or any statistics. diff --git a/libs/curl/docs/cmdline-opts/tcp-fastopen.d b/libs/curl/docs/cmdline-opts/tcp-fastopen.d deleted file mode 100644 index 7b96b2d8..00000000 --- a/libs/curl/docs/cmdline-opts/tcp-fastopen.d +++ /dev/null @@ -1,8 +0,0 @@ -Long: tcp-fastopen -Added: 7.49.0 -Help: Use TCP Fast Open -Category: connection -Example: --tcp-fastopen $URL -See-also: false-start ---- -Enable use of TCP Fast Open (RFC7413). diff --git a/libs/curl/docs/cmdline-opts/tcp-fastopen.md b/libs/curl/docs/cmdline-opts/tcp-fastopen.md new file mode 100644 index 00000000..9a7c2b0a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/tcp-fastopen.md @@ -0,0 +1,19 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: tcp-fastopen +Added: 7.49.0 +Help: Use TCP Fast Open +Category: connection +Multi: boolean +See-also: + - false-start +Example: + - --tcp-fastopen $URL +--- + +# `--tcp-fastopen` + +Enable use of TCP Fast Open (RFC 7413). TCP Fast Open is a TCP extension that +allows data to get sent earlier over the connection (before the final +handshake ACK) if the client and server have been connected previously. diff --git a/libs/curl/docs/cmdline-opts/tcp-nodelay.d b/libs/curl/docs/cmdline-opts/tcp-nodelay.d deleted file mode 100644 index a819b27f..00000000 --- a/libs/curl/docs/cmdline-opts/tcp-nodelay.d +++ /dev/null @@ -1,12 +0,0 @@ -Long: tcp-nodelay -Help: Use the TCP_NODELAY option -Added: 7.11.2 -Category: connection -Example: --tcp-nodelay $URL -See-also: no-buffer ---- -Turn on the TCP_NODELAY option. See the *curl_easy_setopt(3)* man page for -details about this option. - -Since 7.50.2, curl sets this option by default and you need to explicitly -switch it off if you do not want it on. diff --git a/libs/curl/docs/cmdline-opts/tcp-nodelay.md b/libs/curl/docs/cmdline-opts/tcp-nodelay.md new file mode 100644 index 00000000..6944d701 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/tcp-nodelay.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: tcp-nodelay +Help: Set TCP_NODELAY +Added: 7.11.2 +Category: connection +Multi: boolean +See-also: + - no-buffer +Example: + - --tcp-nodelay $URL +--- + +# `--tcp-nodelay` + +Turn on the TCP_NODELAY option. See the *curl_easy_setopt(3)* man page for +details about this option. + +curl sets this option by default and you need to explicitly switch it off if +you do not want it on (added in 7.50.2). diff --git a/libs/curl/docs/cmdline-opts/telnet-option.d b/libs/curl/docs/cmdline-opts/telnet-option.d deleted file mode 100644 index 50f0d480..00000000 --- a/libs/curl/docs/cmdline-opts/telnet-option.d +++ /dev/null @@ -1,16 +0,0 @@ -Long: telnet-option -Short: t -Arg: -Help: Set telnet option -Category: telnet -Example: -t TTYPE=vt100 telnet://example.com/ -Added: 7.7 -See-also: config ---- -Pass options to the telnet protocol. Supported options are: - -TTYPE= Sets the terminal type. - -XDISPLOC= Sets the X display location. - -NEW_ENV= Sets an environment variable. diff --git a/libs/curl/docs/cmdline-opts/telnet-option.md b/libs/curl/docs/cmdline-opts/telnet-option.md new file mode 100644 index 00000000..a332b1a5 --- /dev/null +++ b/libs/curl/docs/cmdline-opts/telnet-option.md @@ -0,0 +1,28 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: telnet-option +Short: t +Arg: +Help: Set telnet option +Category: telnet +Added: 7.7 +Multi: append +See-also: + - config +Example: + - -t TTYPE=vt100 telnet://example.com/ +--- + +# `--telnet-option` + +Pass options to the telnet protocol. Supported options are: + +## `TTYPE=` +Sets the terminal type. + +## `XDISPLOC=` +Sets the X display location. + +## `NEW_ENV=` +Sets an environment variable. diff --git a/libs/curl/docs/cmdline-opts/tftp-blksize.d b/libs/curl/docs/cmdline-opts/tftp-blksize.d deleted file mode 100644 index c180569a..00000000 --- a/libs/curl/docs/cmdline-opts/tftp-blksize.d +++ /dev/null @@ -1,14 +0,0 @@ -Long: tftp-blksize -Arg: -Help: Set TFTP BLKSIZE option -Protocols: TFTP -Added: 7.20.0 -Category: tftp -Example: --tftp-blksize 1024 tftp://example.com/file -See-also: tftp-no-options ---- -Set TFTP BLKSIZE option (must be >512). This is the block size that curl will -try to use when transferring data to or from a TFTP server. By default 512 -bytes will be used. - -If this option is used several times, the last one will be used. diff --git a/libs/curl/docs/cmdline-opts/tftp-blksize.md b/libs/curl/docs/cmdline-opts/tftp-blksize.md new file mode 100644 index 00000000..21d8476a --- /dev/null +++ b/libs/curl/docs/cmdline-opts/tftp-blksize.md @@ -0,0 +1,21 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: tftp-blksize +Arg: +Help: Set TFTP BLKSIZE option +Protocols: TFTP +Added: 7.20.0 +Category: tftp +Multi: single +See-also: + - tftp-no-options +Example: + - --tftp-blksize 1024 tftp://example.com/file +--- + +# `--tftp-blksize` + +Set the TFTP **BLKSIZE** option (must be 512 or larger). This is the block +size that curl tries to use when transferring data to or from a TFTP +server. By default 512 bytes are used. diff --git a/libs/curl/docs/cmdline-opts/tftp-no-options.d b/libs/curl/docs/cmdline-opts/tftp-no-options.d deleted file mode 100644 index a90655a0..00000000 --- a/libs/curl/docs/cmdline-opts/tftp-no-options.d +++ /dev/null @@ -1,13 +0,0 @@ -Long: tftp-no-options -Help: Do not send any TFTP options -Protocols: TFTP -Added: 7.48.0 -Category: tftp -Example: --tftp-no-options tftp://192.168.0.1/ -See-also: tftp-blksize ---- -Tells curl not to send TFTP options requests. - -This option improves interop with some legacy servers that do not acknowledge -or properly implement TFTP options. When this option is used --tftp-blksize is -ignored. diff --git a/libs/curl/docs/cmdline-opts/tftp-no-options.md b/libs/curl/docs/cmdline-opts/tftp-no-options.md new file mode 100644 index 00000000..063da92e --- /dev/null +++ b/libs/curl/docs/cmdline-opts/tftp-no-options.md @@ -0,0 +1,20 @@ +--- +c: Copyright (C) Daniel Stenberg, , et al. +SPDX-License-Identifier: curl +Long: tftp-no-options +Help: Do not send any TFTP options +Protocols: TFTP +Added: 7.48.0 +Category: tftp +Multi: boolean +See-also: + - tftp-blksize +Example: + - --tftp-no-options tftp://192.168.0.1/ +--- + +# `--tftp-no-options` + +Do not to send TFTP options requests. This improves interop with some legacy +servers that do not acknowledge or properly implement TFTP options. When this +option is used --tftp-blksize is ignored. diff --git a/libs/curl/docs/cmdline-opts/time-cond.d b/libs/curl/docs/cmdline-opts/time-cond.d deleted file mode 100644 index 602d6684..00000000 --- a/libs/curl/docs/cmdline-opts/time-cond.d +++ /dev/null @@ -1,23 +0,0 @@ -Long: time-cond -Short: z -Arg: