Граф коммитов

420 Коммитов

Автор SHA1 Сообщение Дата
Stefan Eissing 0535f6ec71
http3: initial support for OpenSSL 3.2 QUIC stack
- HTTP/3 for curl using OpenSSL's own QUIC stack together
  with nghttp3
- configure with `--with-openssl-quic` to enable curl to
  build this. This requires the nghttp3 library
- implementation with the following restrictions:
  * macOS has to use an unconnected UDP socket due to an
    issue in OpenSSL's datagram implementation
    See https://github.com/openssl/openssl/issues/23251
    This makes connections to non-reponsive servers hang.
  * GET requests will send the indicator that they have
    no body in a separate QUIC packet. This may result
    in processing delays or Transfer-Encodings on proxied
    requests
  * uploads that encounter blocks will use 100% cpu as
    detection of these flow control issue is not working
    (we have not figured out to pry that from OpenSSL).

Closes #12734
2024-01-22 16:15:45 +01:00
Daniel Stenberg b3f02e1d92
configure: when enabling QUIC, check that TLS supports QUIC
Most importantly perhaps is when using OpenSSL that the used
build/flavor has the QUIC API: the vanilla OpenSSL does not, only
BoringSSL, libressl, AWS-LC and quictls do.

Ref: 5d044ad948 (r136780413)

Closes #12683
2024-01-12 09:47:42 +01:00
Viktor Szakats 2dbe75bd7f
build: fix some `-Wsign-conversion`/`-Warith-conversion` warnings
- enable `-Wsign-conversion` warnings, but also setting them to not
  raise errors.
- fix `-Warith-conversion` warnings seen in CI.
  These are triggered by `-Wsign-converion` and causing errors unless
  explicitly silenced. It makes more sense to fix them, there just a few
  of them.
- fix some `-Wsign-conversion` warnings.
- hide `-Wsign-conversion` warnings with a `#pragma`.
- add macro `CURL_WARN_SIGN_CONVERSION` to unhide them on a per-build
  basis.
- update a CI job to unhide them with the above macro:
  https://github.com/curl/curl/actions/workflows/linux.yml -> OpenSSL -O3

Closes #12492
2023-12-19 12:45:28 +00:00
Viktor Szakats 03e7dff8ff
windows: delete redundant headers
`winsock2.h` pulls in `windows.h`. `ws2tcpip.h` pulls in `winsock2.h`.
`winsock2.h` and `ws2tcpip.h` are also pulled by `curl/curl.h`.

Keep only those headers that are not already included, or the code under
it uses something from that specific header.

Closes #12539
2023-12-18 14:56:57 +00:00
Viktor Szakats c1bc090d65
windows: simplify detecting and using system headers
- autotools, cmake: assume that if we detect Windows, `windows.h`,
  `winsock2.h` and `ws2tcpip.h` do exist.
- lib: fix 3 outlier `#if` conditions to use `USE_WINSOCK` instead of
  looking for `winsock2.h`.
- autotools: merge 3 Windows check methods into one.
- move Watt-32 and lwIP socket support to `setup-win32.h` from
  `config-win32.h`. It opens up using these with all build tools. Also
  merge logic with Windows Sockets.
- fix to assume Windows sockets with the mingw32ce toolchain.
  Follow-up to: 2748c64d60
- cmake: delete unused variable `signature_call_conv` since
  eb33ccd533.
- autotools: simplify `CURL_CHECK_WIN32_LARGEFILE` detection.
- examples/externalsocket: fix header order.
- cmake/OtherTests.cmake: delete Windows-specific `_source_epilogue`
  that wasn't used anymore.
- cmake/OtherTests.cmake: set `WIN32_LEAN_AND_MEAN` for test
  `SIZEOF_STRUCT_SOCKADDR_STORAGE`.

After this patch curl universally uses `_WIN32` to guard
Windows-specific logic. It guards Windows Sockets-specific logic with
`USE_WINSOCK` (this might need further work).

Reviewed-by: Jay Satiro
Closes #12495
2023-12-16 13:13:44 +00:00
Viktor Szakats 3829759bd0
build: enable missing OpenSSF-recommended warnings, with fixes
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1].

Enable new recommended warnings (except `-Wsign-conversion`):

- enable `-Wformat=2` for clang (in both cmake and autotools).
- add `CURL_PRINTF()` internal attribute and mark functions accepting
  printf arguments with it. This is a copy of existing
  `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
  with redefinting the `printf` symbol:
  https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
  mingw-w64 and enable it on this platform.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
- add `-Wsign-conversion` commented with a FIXME.
- cmake: enable `-pedantic-errors` the way we do it with autotools.
  Follow-up to d5c0351055 #2747
- lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
  checks. Previously it was always disabled due to the internal `printf`
  macro.

Fix them:

- fix bug where an `set_ipv6_v6only()` call was missed in builds with
  `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- add internal `FALLTHROUGH()` macro.
- replace obsolete fall-through comments with `FALLTHROUGH()`.
- fix fallthrough markups: Delete redundant ones (showing up as
  warnings in most cases). Add missing ones. Fix indentation.
- silence `-Wformat-nonliteral` warnings with llvm/clang.
- fix one `-Wformat-nonliteral` warning.
- fix new `-Wformat` and `-Wformat-security` warnings.
- fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
  definition to `lib/curl_setup.h` allowing use in `tests/server`.
- lib: fix two wrongly passed string arguments in log outputs.
  Co-authored-by: Jay Satiro
- fix new `-Wformat` warnings on mingw-w64.

[1] 56c0fde389/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md

Closes #12489
2023-12-16 13:12:37 +00:00
Viktor Szakats ede2e812c2
tidy-up: whitespace
Closes #12484
2023-12-08 03:28:50 +00:00
Viktor Szakats 84338c4de2
build: add more picky warnings and fix them
Enable more picky compiler warnings. I've found these options in the
nghttp3 project when implementing the CMake quick picky warning
functionality for it [1].

`-Wunused-macros` was too noisy to keep around, but fixed a few issues
it revealed while testing.

- autotools: reflect the more precisely-versioned clang warnings.
  Follow-up to 033f8e2a08 #12324
- autotools: sync between clang and gcc the way we set `no-multichar`.
- autotools: avoid setting `-Wstrict-aliasing=3` twice.
- autotools: disable `-Wmissing-noreturn` for MSYS gcc targets [2].
  It triggers in libtool-generated stub code.

- lib/timeval: delete a redundant `!MSDOS` guard from a `WIN32` branch.

- lib/curl_setup.h: delete duplicate declaration for `fileno`.
  Added in initial commit ae1912cb0d
  (1999-12-29). This suggests this may not be needed anymore, but if
  it does, we may restore this for those specific (non-Windows) systems.
- lib: delete unused macro `FTP_BUFFER_ALLOCSIZE` since
  c1d6fe2aaa.
- lib: delete unused macro `isxdigit_ascii` since
  f65f750742.
- lib/mqtt: delete unused macro `MQTT_HEADER_LEN`.
- lib/multi: delete unused macro `SH_READ`/`SH_WRITE`.
- lib/hostip: add `noreturn` function attribute via new `CURL_NORETURN`
  macro.
- lib/mprintf: delete duplicate declaration for `Curl_dyn_vprintf`.
- lib/rand: fix `-Wunreachable-code` and related fallouts [3].
- lib/setopt: fix `-Wunreachable-code-break`.
- lib/system_win32 and lib/timeval: fix double declarations for
  `Curl_freq` and `Curl_isVistaOrGreater` in CMake UNITY mode [4].
- lib/warnless: fix double declarations in CMake UNITY mode [5].
  This was due to force-disabling the header guard of `warnless.h` to
  to reapply it to source code coming after `warnless.c` in UNITY
  builds. This reapplied declarations too, causing the warnings.
  Solved by adding a header guard for the lines that actually need
  to be reapplied.
- lib/vauth/digest: fix `-Wunreachable-code-break` [6].
- lib/vssh/libssh2: fix `-Wunreachable-code-break` and delete redundant
  block.
- lib/vtls/sectransp: fix `-Wunreachable-code-break` [7].
- lib/vtls/sectransp: suppress `-Wunreachable-code`.
  Detected in `else` branches of dynamic feature checks, with results
  known at compile-time, e.g.
  ```c
  if(SecCertificateCopySubjectSummary)  /* -> true */
  ```
  Likely fixable as a separate micro-project, but given SecureTransport
  is deprecated anyway, let's just silence these locally.
- src/tool_help: delete duplicate declaration for `helptext`.
- src/tool_xattr: fix `-Wunreachable-code`.
- tests: delete duplicate declaration for `unitfail` [8].
- tests: delete duplicate declaration for `strncasecompare`.
- tests/libtest: delete duplicate declaration for `gethostname`.
  Originally added in 687df5c8c3
  (2010-08-02).
  Got complicated later: c49e9683b8
  If there are still systems around with warnings, we may restore the
  prototype, but limited for those systems.
- tests/lib2305: delete duplicate declaration for
  `libtest_debug_config`.
- tests/h2-download: fix `-Wunreachable-code-break`.

[1] a70edb08e9/cmake/PickyWarningsC.cmake
[2] https://ci.appveyor.com/project/curlorg/curl/builds/48553586/job/3qkgjauiqla5fj45?fullLog=true#L1675
[3] https://github.com/curl/curl/actions/runs/6880886309/job/18716044703?pr=12331#step:7:72
    https://github.com/curl/curl/actions/runs/6883016087/job/18722707368?pr=12331#step:7:109
[4] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L204
[5] https://ci.appveyor.com/project/curlorg/curl/builds/48555101/job/9g15qkrriklpf1ut#L218
[6] https://github.com/curl/curl/actions/runs/6880886309/job/18716042927?pr=12331#step:7:290
[7] https://github.com/curl/curl/actions/runs/6891484996/job/18746659406?pr=12331#step:9:1193
[8] https://github.com/curl/curl/actions/runs/6882803986/job/18722082562?pr=12331#step:33:1870

Closes #12331
2023-11-21 16:35:42 +00:00
Viktor Szakats 413a0fedd0
autotools: stop setting `-std=gnu89` with `--enable-warnings`
Do not alter the C standard when building with `--enable-warnings` when
building with gcc.

On one hand this alters warning results compared to a default build.
On the other, it may produce different binaries, which is unexpected.

Also fix new warnings that appeared after removing `-std=gnu89`:

- include: fix public curl headers to use the correct printf mask for
  `CURL_FORMAT_CURL_OFF_T` and `CURL_FORMAT_CURL_OFF_TU` with mingw-w64
  and Visual Studio 2013 and newer. This fixes the printf mask warnings
  in examples and tests. E.g. [1]

- conncache: fix printf format string [2].

- http2: fix potential null pointer dereference [3].
  (seen on Slackware with gcc 11.)

- libssh: fix printf format string in SFTP code [4].
  Also make MSVC builds compatible with old CRT versions.

- libssh2: fix printf format string in SFTP code for MSVC.
  Applying the same fix as for libssh above.

- unit1395: fix `argument is null` and related issues [5]:
  - stop calling `strcmp()` with NULL to avoid undefined behaviour.
  - fix checking results if some of them were NULL.
  - do not pass NULL to printf `%s`.

- ci: keep a build job with `-std=gnu89` to continue testing for
  C89-compliance. We can apply this to other gcc jobs as needed.
  Ref: b23ce2cee7 (2022-09-23) #9542

[1] https://dev.azure.com/daniel0244/curl/_build/results?buildId=18581&view=logs&jobId=ccf9cc6d-2ef1-5cf2-2c09-30f0c14f923b
[2] https://github.com/curl/curl/actions/runs/6896854263/job/18763831142?pr=12346#step:6:67
[3] https://github.com/curl/curl/actions/runs/6896854253/job/18763839238?pr=12346#step:30:214
[4] https://github.com/curl/curl/actions/runs/6896854253/job/18763838007?pr=12346#step:29:895
[5] https://github.com/curl/curl/actions/runs/6896854253/job/18763836775?pr=12346#step:33:1689

Closes #12346
2023-11-20 22:28:17 +00:00
Viktor Szakats 95231921b2
autotools: fix/improve gcc and Apple clang version detection
- Before this patch we expected `n.n` `-dumpversion` output, but Ubuntu
  may return `n-win32` (also with `-dumpfullversion`). Causing these
  errors and failing to enable picky warnings:
  ```
  ../configure: line 23845: test: : integer expression expected
  ```
  Ref: https://github.com/libssh2/libssh2/actions/runs/6263453828/job/17007893718#step:5:143

  Fix that by stripping any dash-suffix and handling a dotless (major-only)
  version number by assuming `.0` in that case.

  `9.3-posix`, `9.3-win32`, `6`, `9.3.0`, `11`, `11.2`, `11.2.0`
  Ref: https://github.com/mamedev/mame/pull/9767

- fix Apple clang version detection for releases between
  'Apple LLVM version 7.3.0' and 'Apple LLVM version 10.0.1' where the
  version was under-detected as 3.7 llvm/clang equivalent.

- fix Apple clang version detection for 'Apple clang version 11.0.0'
  and newer where the Apple clang version was detected, instead of its
  llvm/clang equivalent.

- display detected clang/gcc/icc compiler version.

Via libssh2:
- 00a3b88c51
  https://github.com/libssh2/libssh2/pull/1187
- 89ccc83c7d
  https://github.com/libssh2/libssh2/pull/1232

Closes #12362
2023-11-20 22:28:17 +00:00
Viktor Szakats 3215a7916e
autotools: delete LCC compiler support bits
Follow-up to fd7ef00f43 #12222

Closes #12357
2023-11-20 22:28:17 +00:00
Viktor Szakats ab50027ddf
tidy-up: casing typos, delete unused Windows version aliases
- cmake: fix casing of `UnixSockets` to match the rest of the codebase.

- curl-compilers.m4: fix casing in a comment.

- setup-win32: delete unused Windows version constant aliases.

Reviewed-by: Marcel Raad
Closes #12351
2023-11-18 11:16:32 +00:00
Viktor Szakats 033f8e2a08
build: picky warning updates
- cmake: sync some picky gcc warnings with autotools.
- cmake, autotools: add `-Wold-style-definition` for clang too.
- cmake: more precise version info for old clang options.
- cmake: use `IN LISTS` syntax in `foreach()`.

Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad
Closes #12324
2023-11-15 13:00:37 +00:00
Viktor Szakats 9fb6cc54c5
tidy-up: use `OPENSSL_VERSION_NUMBER`
Uniformly use `OPENSSL_VERSION_NUMBER` to check for OpenSSL version.
Before this patch some places used `OPENSSL_VERSION_MAJOR`.

Also fix `lib/md4.c`, which included `opensslconf.h`, but that doesn't
define any version number in these implementations: BoringSSL, AWS-LC,
LibreSSL, wolfSSL. (Only in mainline OpenSSL/quictls). Switch that to
`opensslv.h`. This wasn't causing a deeper problem because the code is
looking for v3, which is only provided by OpenSSL/quictls as of now.

According to https://github.com/openssl/openssl/issues/17517, the macro
`OPENSSL_VERSION_NUMBER` is safe to use and not deprecated.

Reviewed-by: Marcel Raad
Closes #12298
2023-11-08 17:55:22 +00:00
Viktor Szakats fd7ef00f43
build: delete support bits for obsolete Windows compilers
- Pelles C: Unclear status, failed to obtain a fresh copy a few months
  ago. Possible website is HTTP-only. ~10 years ago I left this compiler
  dealing with crashes and other issues with no response on the forum
  for years. It has seen some activity in curl back in 2021.
- LCC: Last stable release in September 2002.
- Salford C: Misses winsock2 support, possibly abandoned? Last mentioned
  in 2006.
- Borland C++: We dropped Borland C++ support in 2018.
- MS Visual C++ 6.0: Released in 1998. curl already requires VS 2010
  (or possibly 2008) as a minimum.

Closes #12222
2023-11-06 22:00:10 +00:00
Viktor Szakats 60359ad504
build: delete `HAVE_STDINT_H` and `HAVE_INTTYPES_H`
We use `stdint.h` unconditionally in all places except one. These uses
are imposed by external dependencies / features. nghttp2, quic, wolfSSL
and `HAVE_MACH_ABSOLUTE_TIME` do require this C99 header. It means that
any of these features make curl require a C99 compiler. (In case of
MSVC, this means Visual Studio 2010 or newer.)

This patch changes the single use of `stdint.h` guarded by
`HAVE_STDINT_H` to use `stdint.h` unconditionally. Also stop using
`inttypes.h` as an alternative there. `HAVE_INTTYPES_H` wasn't used
anywhere else, allowing to delete this feature check as well.

Closes #12275
2023-11-06 17:20:39 +00:00
Viktor Szakats 2100d9fde2
cmake: pre-fill rest of detection values for Windows
The goal of this patch is to avoid unnecessary feature detection work
when doing Windows builds with CMake. Do this by pre-filling well-known
detection results for Windows and specifically for mingw-w64 and MSVC
compilers. Also limit feature checks to platforms where the results are
actually used. Drop a few redundant ones. And some tidying up.

- pre-fill remaining detection values in Windows CMake builds.

  Based on actual detection results observed in CI runs, preceding
  similar work over libssh2 and matching up values with
  `lib/config-win32.h`.

  This brings down CMake configuration time from 58 to 14 seconds on the
  same local machine.

  On AppVeyor CI this translates to:
  - 128 seconds -> 50 seconds VS2022 MSVC with OpenSSL (per CMake job):
    https://ci.appveyor.com/project/curlorg/curl/builds/48208419/job/4gw66ecrjpy7necb#L296
    https://ci.appveyor.com/project/curlorg/curl/builds/48217440/job/8m4fwrr2fe249uo8#L186
  - 62 seconds -> 16 seconds VS2017 MINGW (per CMake job):
    https://ci.appveyor.com/project/curlorg/curl/builds/48208419/job/s1y8q5ivlcs7ub29?fullLog=true#L290
    https://ci.appveyor.com/project/curlorg/curl/builds/48217440/job/pchpxyjsyc9kl13a?fullLog=true#L194

  The formula is about 1-3 seconds delay for each detection. Almost all
  of these trigger a full compile-link cycle behind the scenes, slow
  even today, both cross and native, mingw-w64 and apparently MSVC too.
  Enabling .map files or other custom build features slows it down
  further. (Similar is expected for autotools configure.)

- stop detecting `idn2.h` if idn2 was deselected.
  autotools does this.

- stop detecting `idn2.h` if idn2 was not found.
  This deviates from autotools. Source code requires both header and
  lib, so this is still correct, but faster.

- limit `ADDRESS_FAMILY` detection to Windows.

- normalize `HAVE_WIN32_WINNT` value to lowercase `0x0a12` format.

- pre-fill `HAVE_WIN32_WINNT`-dependent detection results.
  Saving 4 (slow) feature-detections in most builds: `getaddrinfo`,
  `freeaddrinfo`, `inet_ntop`, `inet_pton`

- fix pre-filled `HAVE_SYS_TIME_H`, `HAVE_SYS_PARAM_H`,
  `HAVE_GETTIMEOFDAY` for mingw-w64.
  Luckily this do not change build results, as `WIN32` took
  priority over `HAVE_GETTIMEOFDAY` with the current source
  code.

- limit `HAVE_CLOCK_GETTIME_MONOTONIC_RAW` and
  `HAVE_CLOCK_GETTIME_MONOTONIC` detections to non-Windows.
  We're not using these in the source code for Windows.

- reduce compiler warning noise in CMake internal logs:
  - fix to include `winsock2.h` before `windows.h`.
    Apply it to autotools test snippets too.
  - delete previous `-D_WINSOCKAPI_=` hack that aimed to fix the above.
  - cleanup `CMake/CurlTests.c` to emit less warnings.

- delete redundant `HAVE_MACRO_SIGSETJMP` feature check.
  It was the same check as `HAVE_SIGSETJMP`.

- delete 'experimental' marking from `CURL_USE_OPENSSL`.

- show CMake version via `CMakeLists.txt`.
  Credit to the `zlib-ng` project for the idea:
  61e181c8ae/CMakeLists.txt (L7)

- make `CMake/CurlTests.c` pass `checksrc`.

- `CMake/WindowsCache.cmake` tidy-ups.

- replace `WIN32` guard with `_WIN32` in `CMake/CurlTests.c`.

Closes #12044
2023-10-24 21:06:36 +00:00
Viktor Szakats 58a95b6a49
build: do not publish `HAVE_BORINGSSL`, `HAVE_AWSLC` macros
Syncing this up with CMake.

Source code uses the built-in `OPENSSL_IS_AWSLC` and
`OPENSSL_IS_BORINSSL` macros to detect BoringSSL and AWS-LC. No help is
necessary from the build tools.

The one use of `HAVE_BORINGSSL` in the source turned out to be no longer
necessary for warning-free BoringSSL + Schannel builds. Ref: #1610 #2634

autotools detects this anyway for display purposes.
CMake detects this to decide whether to use the BoringSSL-specific
crypto lib with ngtcp2. It detects AWS-LC, but doesn't use the detection
result just yet (planned in #12066).

Ref: #11964

Reviewed-by: Daniel Stenberg
Reviewed-by: Jay Satiro
Closes #12065
2023-10-08 22:29:45 +00:00
Viktor Szakats 4c6365af02
autotools: restore `HAVE_IOCTL_*` detections
This restores `CURL_CHECK_FUNC_IOCTL` detection. I deleted it in
4d73854462 and
c3456652a0 (2022-08), because the
`HAVE_IOCTL` result it generated was unused in the source. But,
I did miss the fact that this had two dependent checks:
`CURL_CHECK_FUNC_IOCTL_FIONBIO`,
`CURL_CHECK_FUNC_IOCTL_SIOCGIFADDR` that we do actually need:
`HAVE_IOCTL_FIONBIO`, `HAVE_IOCTL_SIOCGIFADDR`.

Regression from 4d73854462

Ref: #11964 (effort to sync cmake detections with autotools)

Closes #12008
2023-10-02 21:19:23 +00:00
Daniel Stenberg 2ba804942f
configure: remove unused checks
- for sys/uio.h
- for fork
- for connect

Ref: #11964

Closes #11973
2023-09-28 23:00:39 +02:00
Viktor Szakats a7f8d04ee0
curl-functions.m4: fixup recent bad edits
Follow-up to 96c29900bc #11940

Closes #11966
2023-09-27 12:58:49 +00:00
Daniel Stenberg d14089df01
curl-functions.m4: fix include line
This made the getaddrinfo detection fail, but we did not spot it in the
CI because it graciously falled back to using legacy functions instead!

Follow-up to 96c29900bc (#11940)

Closes #11965
2023-09-27 14:38:42 +02:00
Viktor Szakats 96c29900bc
build: delete checks for C89 standard headers
Delete checks and guards for standard C89 headers and assume these are
available: `stdio.h`, `string.h`, `time.h`, `setjmp.h`, `stdlib.h`,
`stddef.h`, `signal.h`.

Some of these we already used unconditionally, some others we only used
for feature checks.

Follow-up to 9c7165e96a #11918 (for `stdio.h` in CMake)

Closes #11940
2023-09-26 14:25:10 +00:00
Ryan Schmidt 6ab7e1990b
cmake, configure: also link with CoreServices
When linking with CoreFoundation, also link with CoreServices which is
apparently required to avoid an NSInvalidArgumentException in software
linking with libcurl on macOS Sonoma 14 and later.

Fixes #11893
Closes #11894
2023-09-20 08:38:19 +02:00
Viktor Szakats ce3dce9015
tidy-up: mostly whitespace nits
- delete completed TODO from `./CMakeLists.txt`.
- convert a C++ comment to C89 in `./CMake/CurlTests.c`.
- delete duplicate EOLs from EOF.
- add missing EOL at EOF.
- delete whitespace at EOL (except from expected test results).
- convert tabs to spaces.
- convert CRLF EOLs to LF in GHA yaml.
- text casing fixes in `./CMakeLists.txt`.
- fix a codespell typo in `packages/OS400/initscript.sh`.

Closes #11772
2023-08-31 23:02:10 +00:00
Viktor Szakats c09466abff
egd: delete feature detection and related source code
EGD is Entropy Gathering Daemon, a socket-based entropy source supported
by pre-OpenSSL v1.1 versions and now deprecated. curl also deprecated it
a while ago.

Its detection in CMake was broken all along because OpenSSL libs were
not linked at the point of feature check.

Delete detection from both cmake and autotools, along with the related
source snippet, and the `--with-egd-socket=` `./configure` option.

Closes #11556
2023-08-01 21:58:56 +00:00
Daniel Stenberg 7c8bae0d9c
nss: remove support for this TLS library
Closes #11459
2023-07-29 23:44:28 +02:00
Ryan Schmidt 8b7cbe9dec
macOS: fix target detection more
Now SCDynamicStoreCopyProxies is called (and the required frameworks are
linked in) on all versions of macOS and only on macOS. Fixes crash due
to undefined symbol when built with the macOS 10.11 SDK or earlier.

CURL_OSX_CALL_COPYPROXIES is renamed to CURL_MACOS_CALL_COPYPROXIES and
is now only defined when SCDynamicStoreCopyProxies will actually be
called. Previously, it was defined when ENABLE_IPV6 was not defined but
SCDynamicStoreCopyProxies is not called in that case.

TARGET_OS_OSX is only defined in the macOS 10.12 SDK and later and only
when dynamic targets are enabled. TARGET_OS_MAC is always defined but
means any Mac OS or derivative including macOS, iOS, tvOS, and watchOS.
TARGET_OS_IPHONE means any Darwin OS other than macOS.

Follow-up to c73b2f82

Fixes #11502
Closes #11516
2023-07-29 23:42:53 +02:00
Futaura 6290bdf0ec
amissl: fix AmiSSL v5 detection
Due to changes in the AmiSSL SDK, the detection needed adjusting.

Closes #11477
2023-07-21 12:45:11 +02:00
Daniel Stenberg 127eb0d83a
misc: fix spelling mistakes
Reported-by: musvaage on github
Fixes #11171
Closes #11172
2023-05-23 10:42:09 +02:00
Daniel Stenberg b78ca50cb3
configure: generate a script to run the compiler
in the CURL_RUN_IFELSE macro, with LD_LIBRARY_PATH set to the value of
the configure invoke, and not the value that might be used later,
intended for the execution of the output the compiler ouputs.

For example when the compiler uses the same library (like libz) that
configure checks for.

Reported-by: Jonas Bülow
Fixes #11114
Closes #11120
2023-05-18 20:57:11 +02:00
Viktor Szakats 81c9c8cd39
autotools: sync up clang picky warnings with cmake
Bringing missing options over from CMake.

Move around existing `-Wno-pointer-bool-conversion` option to come
_after_ `-Wconversion`.

Reviewed-by: Marcel Raad
Closes #10974
2023-04-17 11:35:56 +00:00
Jim King 34ef4fab22
openssl: interop with AWS-LC
* Configure changes to detect AWS-LC
* CMakeLists.txt changes to detect AWS-LC
* Compile-time branches needed to support AWS-LC
* Correctly set OSSL_VERSION and report AWS-LC release number
* GitHub Actions script to build with autoconf and cmake against AWS-LC

AWS-LC is a BoringSSL/OpenSSL derivative
For more information see https://github.com/awslabs/aws-lc/

Closes #10320
2023-03-30 10:56:14 +02:00
Jan Engelhardt 73e9e6d767
build: drop the use of XC_AMEND_DISTCLEAN
Because automake used to delete depdirs at once (.deps) and there was an issue
with portability, curl's XC_AMEND_DISTCLEAN greps the Makefiles in an attempt
to build a list of all depfiles and delete them individually instead.

Since commit 08849db866b44510f6b8fd49e313c91a43a3dfd3, automake switched from
deleting directories to individual files. curl's custom logic now finds a lot
more results with the grep (the filtering of these results isn't great), which
causes a massive bloating of the Makefile in the order of O(n^2).

Also remove now-unused XC_AMEND_DISTCLEAN macro group

References: https://github.com/curl/curl/issues/9843
References: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59288

Reported-by: Ilmari Lauhakangas
Fixes #9843
Closes #10661
2023-03-03 09:54:44 +01:00
Jay Satiro cab040248d curl_setup: Suppress OpenSSL 3 deprecation warnings
- Define OPENSSL_SUPPRESS_DEPRECATED.

OpenSSL 3 has deprecated some of the functions libcurl uses such as
those with DES, MD5 and ENGINE prefix. We don't have replacements for
those functions so the warnings were disabled in autotools and cmake
builds, but still showed in other builds.

Closes https://github.com/curl/curl/pull/10543
2023-02-18 19:02:37 -05:00
Daniel Stenberg 2bc1d775f5
copyright: update all copyright lines and remove year ranges
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING

checksrc is updated to allow non-year using copyright statements

Closes #10205
2023-01-03 09:19:21 +01:00
Daniel Stenberg 42aa4e1a70
curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
As OpenSSL's include files are all included using <openssl/*.h> in curl
source code, we just risk that existing openssl files will "shadow"
include files without path if that path is provided.

Fixes #9989
Closes #9988
2022-11-28 17:27:27 +01:00
Stefan Eissing 55807e6c05
tls: backends use connection filters for IO, enabling HTTPS-proxy
- OpenSSL (and compatible)
 - BearSSL
 - gnutls
 - mbedtls
 - rustls
 - schannel
 - secure-transport
 - wolfSSL (v5.0.0 and newer)

 This leaves only the following without HTTPS-proxy support:
 - gskit
 - nss
 - wolfSSL (versions earlier than v5.0.0)

Closes #9962
2022-11-28 13:56:23 +01:00
Stefan Eissing 89ee5cfb38
curl-rustls.m4: on macOS, rustls also needs the Security framework
Closes #9883
2022-11-10 17:50:51 +01:00
Daniel Stenberg 592107fa16
configure: require fork for NTLM-WB
Reported-by: ウさん

Fixes #9847
Closes #9856
2022-11-06 00:04:47 +01:00
Petr Štetiar 8af6b087e0
curl-wolfssl.m4: error out if wolfSSL is not usable
When I explicitly declare, that I would like to have curl built with
wolfSSL support using `--with-wolfssl` configure option, then I would
expect, that either I endup with curl having that support, for example
in form of https support or it wouldn't be available at all.

Downstream projects like for example OpenWrt build curl wolfSSL variant
with `--with-wolfssl` already, but in certain corner cases it does fail:

  configure:25299: checking for wolfSSL_Init in -lwolfssl
  configure:25321: x86_64-openwrt-linux-musl-gcc -o conftest [snip]
  In file included from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/dsa.h:33,
                   from target-x86_64_musl/usr/include/wolfssl/wolfcrypt/asn_public.h:35,
                  from target-x86_64_musl/usr/include/wolfssl/ssl.h:35,
                   from conftest.c:47:
  target-x86_64_musl/usr/include/wolfssl/wolfcrypt/integer.h:37:14: fatal error: wolfssl/wolfcrypt/sp_int.h: No such file or directory
       #include <wolfssl/wolfcrypt/sp_int.h>
                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
  compilation terminated.

and in the end thus produces curl without https support:

 curl: (1) Protocol "https" not supported or disabled in libcurl

So fix it, by making the working wolfSSL mandatory and error out in
configure step when that's not the case:

 checking for wolfSSL_Init in -lwolfssl... no
 configure: error: --with-wolfssl but wolfSSL was not found or doesn't work

References: https://github.com/openwrt/packages/issues/19005
References: https://github.com/openwrt/packages/issues/19547
Signed-off-by: Petr Štetiar <ynezz@true.cz>

Closes #9682
2022-10-10 11:17:53 +02:00
Viktor Szakats 61c7ccab83
autotools: allow --enable-symbol-hiding with windows
This local autotools logic was put in place in
9e24b9c7af (in 2012) which disabled it for
Windows unconditionally. Testing reveals that it actually works with
tested toolchains (mingw-w64 and CI ones), so let's allow this build
feature on that platform. Bringing this in sync with CMake, which already
supported this.

Reviewed-by: Jay Satiro

Closes #9586
2022-09-25 22:19:13 +00:00
Daniel Stenberg b23ce2cee7
curl-compilers.m4: for gcc + want warnings, set gnu89 standard
To better verify that the code is C89

Closes #9542
2022-09-23 08:27:43 +02:00
Daniel Stenberg 51083a197c
curl-compilers.m4: use -O2 as default optimize for clang
Not -Os

Closes #9444
2022-09-06 18:47:48 +02:00
Viktor Szakats c9061f242b
misc: spelling fixes
Found using codespell 2.2.1.

Also delete the redundant protocol designator from an archive.org URL.

Reviewed-by: Daniel Stenberg
Closes #9403
2022-08-31 14:31:01 +00:00
Daniel Stenberg 9e11c2791f
configure: introduce CURL_SIZEOF
This is a rewrite of the previously used GPLv3+exception licensed
file. With this change, there is no more reference to GPL so we can
remove that from LICENSES/.

Ref: #9220
Closes #9291
2022-08-11 09:07:02 +02:00
Futaura c6631e827d
configure: fixup bsdsocket detection code for AmigaOS 4.x
The code that detects bsdsocket.library for AmigaOS did not work
for AmigaOS 4.x. This has been fixed and also cleaned up a little
to reduce duplication. Wasn't technically necessary before, but is
required when building with AmiSSL instead of OpenSSL.

Closes #9268
2022-08-08 15:49:28 +02:00
Futaura e1acfafa49
amissl: make AmiSSL v5 a minimum requirement
AmiSSL v5 is the latest version, featuring a port of OpenSSL 3.0.
Support for previous OpenSSL 1.1.x versions has been dropped, so
makes sense to enforce v5 as the minimum requirement. This also
allows all the AmiSSL stub workarounds to be removed as they are
now provided in a link library in the AmiSSL SDK.

Closes #9267
2022-08-08 09:16:01 +02:00
Daniel Stenberg 3f5b66c13d
curl-compilers.m4: make icc use -diag* options and disable two warnings
-wd and -we are deprecated and are now -diag-disable and -diag-error

Disable warning 1024 and 2259

Closes #9179
2022-07-23 13:38:24 +02:00
Daniel Katz e7511f853a
curl-functions.m4: check whether atomics can link rather than just compile
Some build toolchains support C11 atomics (i.e., _Atomic types), but
will not link the associated atomics runtime unless a flag is passed. In
such an environment, linking an application with libcurl.a can fail due
to undefined symbols for atomic load/store functions.

I encountered this behavior when upgrading curl to 7.84.0 and attempting
to build with Solaris Studio 12.6. Solaris provides the flag
-xatomic=[gcc | studio], allowing users to link to one of two atomics
runtime implementations. However, if the user does not provide this
flag, then neither runtime is linked. This led to builds failing in CI.

Closes #9190
2022-07-21 16:30:19 +02:00