from:"Ray Satiro"

Re: Access gmail with pycurl.

2021-07-01 Thread Ray Satiro via curl-library


On 6/29/2021 12:33 AM, Hongyi Zhao via curl-library wrote:

On Tue, Jun 29, 2021 at 5:55 AM Daniel Stenberg  wrote:

On Sat, 26 Jun 2021, Hongyi Zhao via curl-library wrote:


I noticed that libcurl, hence pycurl supports IMAP and IMAPS, so I want to
know if I can use it to retrieve/remove emails from my Gmail account?

Yes you can.

Jay once wrote ShowGmailFolders.c for example:

https://gist.github.com/jay/a43724c98220de85d020

Thank you for this wonderful code snippet. But for quick testing, I
try the following command based on the notes at
, but failed:

$ curl -x socks5h://127.0.0.1:1 -v -k --ssl
imaps://imap.gmail.com:993 --user "username:passwd"
*   Trying 127.0.0.1:1...
* TCP_NODELAY set
* SOCKS5 communication to imap.gmail.com:993
* SOCKS5 connect to imap.gmail.com:993 (remotely resolved)
* SOCKS5 request granted.
* Connected to 127.0.0.1 (127.0.0.1) port 1 (#0)
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
   CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to imap.gmail.com:993
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to
imap.gmail.com:993



syscall error is probably your proxy. I can connect fine. Note you will 
have to enable "less secure app access" [1] on your google account to 
use the gmail username/password.  There is a way to do it with oauth2 
instead. I don't think I've ever had to do that though and I don't think 
we have an example for it.



[1]: https://myaccount.google.com/lesssecureapps



---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: difficulties with SSL certs

2021-04-08 Thread Ray Satiro via curl-library


On 4/8/2021 12:21 AM, Dennis Clarke via curl-library wrote:

europa$
europa$ curl -4 -L --url 'https://gitlab.com/' -o /dev/null
   % Total% Received % Xferd  Average Speed   TimeTime Time
Current
  Dload  Upload   Total   SpentLeft
Speed
   0 00 00 0  0  0 --:--:-- --:--:-- --:--:--
 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here:https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
europa$

europa$ curl --version
curl 7.75.0 (x86_64-unknown-freebsd13.0) libcurl/7.75.0 OpenSSL/1.1.1k
zlib/1.2.11 libidn2/2.3.0 libssh2/1.9.0
Release-Date: 2021-02-03
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt
pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HTTPS-proxy IDN Largefile libz NTLM NTLM_WB
SSL TLS-SRP UnixSockets
europa$

So I looked into the location where the ssl certs "should" be given my
curl config :

$ ./configure --prefix=/opt/bw --disable-dependency-tracking \
  --disable-silent-rules --without-gnu-ld --enable-shared \
  --enable-static \
  --with-libidn=/usr/local --with-libidn2=/usr/local \
  --with-ssl=/opt/bw --with-ca-path=/opt/bw/ssl/certs \
  --enable-tls-srp --with-libssh2

So I expect that the cacert.pem file at

 https://curl.se/docs/caextract.html

would solve all my problems however :

europa$ ls -lapb/opt/bw/ssl/certs/
total 350
drwxr-xr-x  2 root  wheel   3 Apr  8 02:35 ./
drwxr-xr-x  5 root  wheel   9 Apr  7 00:14 ../
-rw-r--r--  1 root  wheel  208075 Jan 19 04:12 cacert.pem
europa$

This does not help at all and even OpenSSL seems confused.



What is your curl -V version and the verbose output? Your CA path is 
supposed to contain the certificate files named by hash value [1], which 
it doesn't. Putting a single file with a bundle of certificates in the 
path won't help. You can use configure option --with-ca-bundle=FILE. 
Note your OS may have a packaged and maintained directory containing 
certificates or a bundle of certificates, I would use that if you can. 
Also see [2] for scanned paths


[1]: 
https://www.openssl.org/docs/man1.0.2/man3/SSL_CTX_load_verify_locations.html

[2]: https://github.com/curl/curl/blob/curl-7_76_0/acinclude.m4#L2182-L2192

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Requesting Version Info for GSASL

2021-04-02 Thread Ray Satiro via curl-library


On 4/2/2021 3:44 AM, Mac-Fly via curl-library wrote:

I don't know to reply properly to this list, so this is a reply to: Ray Satiro


There is features flag CURL_VERSION_GSASL [1]. The gsasl version
should be in the version information but the version number is not
available separately. What does curl_version() show?

For me, on Windows, it doesn't show this flag, that why I was asking. Although 
I have to link against GSASL library now. So there definitely seems a 
dependency, which I want to transparently show in my applications using the lib.

In gsasl.h, there is this line:
#define GSASL_VERSION "1.10.0"
...which could be exposed to the curl version struct (curl_version_info_data) 
and wrapped inside
#ifdef USE_GSASL
...just as it is the case for the other version information stuff like NGHTTP2 
in the file version.c.

Could be that I don't understand how to use it properly, but this seem missing 
from my (maybe limited) understanding.



To reply to the list you should reply to curl-library@cool.haxx.se which 
it seems you did.


If libcurl was built with GSASL then that flag should be present and the 
GSASL version should show in the dependency version string. Check 
curl_version().


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Requesting Version Info for GSASL

2021-04-02 Thread Ray Satiro via curl-library


On 4/2/2021 1:45 AM, Mac-Fly via curl-library wrote:

since curl 7.76.0 there is a new dependency (at least on Windows) to GSASL.
Is it possible to add the version information for that dependency to the 
curl_version_info_data struct?
Similar to e.g. nghttp2_version or quic_version?
The reason is to easier properly show the features/dependencies in e.g. an 
about dialog or alike.
That would be very much appreciated.



There is features flag CURL_VERSION_GSASL [1]. The gsasl version should 
be in the version information but the version number is not available 
separately. What does curl_version() show?



[1]: https://curl.se/libcurl/c/curl_version_info.html


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Getting pubkey fingerprint in libcurl

2021-03-14 Thread Ray Satiro via curl-library


On 3/12/2021 7:13 AM, Morten Minde Neergaard wrote:

At 01:02, Tue 2021-03-02, Ray Satiro via curl-library wrote:

On 2/26/2021 4:10 PM, Morten Minde Neergaard via curl-library wrote:

[...]

It would be a lot more elegant if there were an option to get the pubkey
fingerprint directly, using the same pattern as CURLOPT_CERTINFO /
CURLINFO_CERTINFO. Suggesting this addition to the curl APIs:

   CURLOPT(CURLOPT_PUBKEY_FINGERPRINT, CURLOPTTYPE_LONG, 309),

[...]

Is this not provided by certinfo already? If not I think it would be easier
to add it there in a separate line, pubkey:asdf

It isn't provided, no.

It might be easier, but I guess my opinion about adding it to
CURLOPT_CERTINFO is colored by my dislike of populating such a large
amount of data and sifting through it running a bunch of string
compares.

The current implementation populates ~20k over 72 different strings for
some random, somewhat representative pages. That feels like a lot more
than what I need. But if we want to keep the implementation simple,
sure, I can try to add it to CURLINFO_CERTINFO =)



It would be good to know if anyone else has an opinion about this.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Concurrency and send/recv

2021-03-12 Thread Ray Satiro via curl-library


On 3/12/2021 11:45 PM, Jacob Hoffman-Andrews via curl-library wrote:
Currently the rustls backend uses a buffer on the stack for its `send` 
/ `recv` implementations. I'd like to switch this to be a 
heap-allocated buffer, initialized once and stored in the 
`connssl->backend` struct. Is it guaranteed that `send` and `recv` are 
never called concurrently? In general what are the concurrency 
properties that apply to TLS backends?


curl handles can't be used from multiple threads at the same time [1] 
and because of that I'm pretty sure it's not possible. Note cached 
connections can be shared between threads (but there is a concurrency 
bug in that). Daniel will have to elaborate on the intentions here but 
I'm pretty sure based on the way it's documented [2] that it's not possible.


[1]: https://curl.se/libcurl/c/threadsafe.html
[2]: https://curl.se/libcurl/c/curl_share_setopt.html


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Handling TCP connection shutdown without TLS close_notify

2021-03-12 Thread Ray Satiro via curl-library


On 3/12/2021 11:27 PM, Jacob Hoffman-Andrews via curl-library wrote:
In https://github.com/curl/curl/issues/4624 
 there is some discussion 
about what to do when a TCP connection is closed without the TLS peer 
sending a close_notify alert first. Close_notify is meant to protect 
against truncation attacks 
(https://tools.ietf.org/html/rfc8446#section-6.1 
), and as of TLS 1.3 
it's mandatory for the peer to send before closing the connection.


I'm trying to decide what to do for this situation in the rustls 
backend. It seems like it's still fairly common for some TLS servers 
to exhibit this behavior. I'm leaning towards doing the more-secure 
thing by default, and treating abrupt TCP connection shutdown as an 
error. But it may turn out that someone needs to interoperate with a 
TLS 1.2 server that abruptly terminates connections.


Is this the sort of thing that would be appropriate as a 
`CURLOPT_SSL_*` option? E.g. `CURLOPT_SSL_ALLOW_INSECURE_CLOSE`? It 
could have values "true", "false", and "default", which would depend 
on the backend: true for OpenSSL, false for rustls.



Truncation attacks can only occur without error when there's no known 
termination point. Most of the time you're going to get a content length 
or chunked encoding so you can tell the transfer is done. As you've seen 
we are allowing a missing close notify for the OpenSSL backend. OpenSSL 
3 (currently in alpha) plans to make it an error, so I assume curl will 
then error. That is acceptable. Their 1.1.1 LTS build is supported until 
like 2023? so if users have that problem they can stay with LTS.


I would make it an error. If it's really a problem we can address it 
later in an option, but I would not spend any time on that now.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Getting pubkey fingerprint in libcurl

2021-03-01 Thread Ray Satiro via curl-library


On 2/26/2021 4:10 PM, Morten Minde Neergaard via curl-library wrote:

I'm making an app that's using public key pinning, and it would be very
helpful to have programmatic access to the pubkey fingerprint. The app
currently has a huge and horrible mountain of platform- and
backend-specific code that extracts the public key fingerprint from the
TLS backend before calculating the exact same fingerprint as curl does
in Curl_pin_peer_pubkey.

It would be a lot more elegant if there were an option to get the pubkey
fingerprint directly, using the same pattern as CURLOPT_CERTINFO /
CURLINFO_CERTINFO. Suggesting this addition to the curl APIs:

  CURLOPT(CURLOPT_PUBKEY_FINGERPRINT, CURLOPTTYPE_LONG, 309),

  CURLINFO_PUBKEY_FINGERPRINT = CURLINFO_STRING + 60,

After refactoring all the TLS backends to extract the code that
calculates the pubkey fingerprint, this implementation should be fairly
trivial.

Comments? Patches accepted?



Is this not provided by certinfo already? If not I think it would be 
easier to add it there in a separate line, pubkey:asdf




---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Adding flags to SChannel cred

2021-02-28 Thread Ray Satiro via curl-library


On 2/28/2021 4:14 PM, Morten Minde Neergaard via curl-library wrote:

At 17:11, Sat 2021-02-27, Ray Satiro via curl-library wrote:

On 2/26/2021 2:56 PM, Morten Minde Neergaard via curl-library wrote:

[...]

The first thing that came to mind would be to add an option
CURLOPT_SSL_BACKEND_FLAGS where each backend could use these flags as
desired. The implementation-specific part of the patch would be like
this for SChannel:

--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -557,6 +557,8 @@ schannel_connect_step1(struct Curl_easy *data, struct 
connectdata *conn,
  "names in server certificates.\n"));
   }
+schannel_cred.dwFlags |= SSL_CONN_CONFIG(backend_flags);
+
   switch(conn->ssl_config.version) {
   case CURL_SSLVERSION_DEFAULT:
   case CURL_SSLVERSION_TLSv1:

[...]

I've proposed two PRs to address the auto credentials issue. One would leave
auto credentials as the default and add an option to disable it [1], and the
other would disable auto credentials as the default (breaking change) and
add an option to enable it [2]. Please take any discussion about it to the
latter PR.

Cool, agree with the change. Since I'm not too familiar with the libcurl
code base, I'd hardly call my looking at the code a review, but gave it
a try nonetheless =)


Regarding strong ciphers, CURLOPT_SSL_CIPHER_LIST [3] (--ciphers for the
curl tool [4]) can be used with Schannel to set some algorithms but unlike
other SSL backends it's relatively limited without ciphersuite support or
umbrella terms like "USE_STRONG_CRYPTO". We would consider a patch for that
to signal strong crypto.

To be clear, you're suggesting this should be possible?

   curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST, "USE_STRONG_CRYPTO");

... and that would also be possible to combine with the current ALGID
stuff? Not that it's a particularly sane use case, but would this be
acceptable?

   curl_easy_setopt(curl, CURLOPT_SSL_CIPHER_LIST,
   
"CALG_RSA_SIGN:CALG_DH_EPHEM:CALG_AES_256:CALG_SHA_384:USE_STRONG_CRYPTO");



Looks fine to me. Older versions should (and already will) error if the 
term is not supported. For example,


> curld --ciphers "USE_STRONG_CRYPTO" https://google.com
curl: (59) Unable to set ciphers to passed via SSL_CONN_CONFIG


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Adding flags to SChannel cred

2021-02-27 Thread Ray Satiro via curl-library


On 2/26/2021 2:56 PM, Morten Minde Neergaard via curl-library wrote:

I'm using libcurl in a project I'm doing, and I'd like to specify some
extra flags to the SCHANNEL_CRED struct to enhance security and remove
potential error sources:

  SCH_USE_STRONG_CRYPTO:
Disables some older cipher suites.

  SCH_CRED_NO_DEFAULT_CREDS
Found a TODO about this flag at
https://curl.haxx.se/docs/todo.html#Add_option_to_disable_client_cer

I'm hoping to avoid forking curl to set the flags, and was basically
wondering how it would make sense to implement this.

The first thing that came to mind would be to add an option
CURLOPT_SSL_BACKEND_FLAGS where each backend could use these flags as
desired. The implementation-specific part of the patch would be like
this for SChannel:

--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -557,6 +557,8 @@ schannel_connect_step1(struct Curl_easy *data, struct 
connectdata *conn,
 "names in server certificates.\n"));
  }
  
+schannel_cred.dwFlags |= SSL_CONN_CONFIG(backend_flags);

+
  switch(conn->ssl_config.version) {
  case CURL_SSLVERSION_DEFAULT:
  case CURL_SSLVERSION_TLSv1:


Now, I see that this isn't particularly pretty. Is such a patch likely
to be merged, and if not does anyone have a better way of solving this?



I've proposed two PRs to address the auto credentials issue. One would 
leave auto credentials as the default and add an option to disable it 
[1], and the other would disable auto credentials as the default 
(breaking change) and add an option to enable it [2]. Please take any 
discussion about it to the latter PR.


Regarding strong ciphers, CURLOPT_SSL_CIPHER_LIST [3] (--ciphers for the 
curl tool [4]) can be used with Schannel to set some algorithms but 
unlike other SSL backends it's relatively limited without ciphersuite 
support or umbrella terms like "USE_STRONG_CRYPTO". We would consider a 
patch for that to signal strong crypto.



[1]: https://github.com/curl/curl/pull/6672
[2]: https://github.com/curl/curl/pull/6673
[3]: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
[4]: https://curl.se/docs/manpage.html#--ciphers

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: libcurl build from source with openssl

2021-02-24 Thread Ray Satiro via curl-library


On 2/24/2021 5:24 PM, Nir Azkiel via curl-library wrote:

This is the cmake file for the libcurl:

    include(ExternalProject)
    message(STATUS "Building libcurl enabled")

    set(CURL_FLAGS -DBUILD_CURL_EXE=OFF -DBUILD_SHARED_LIBS=OFF 
-DUSE_WIN32_LDAP=OFF -DHTTP_ONLY=ON -DCURL_ZLIB=OFF 
-DCURL_DISABLE_CRYPTO_AUTH=ON -DCMAKE_USE_LIBSSH2=OFF 
-DBUILD_TESTING=OFF )

    if (WIN32)
        set(CURL_FLAGS ${CURL_FLAGS} -DCURL_STATIC_CRT=ON )
    endif()

    if (APPLE)
        set(CURL_FLAGS ${CURL_FLAGS} -DCMAKE_USE_SECTRANSP=ON )
    elseif(WIN32)
        set(CURL_FLAGS ${CURL_FLAGS} -DCMAKE_USE_SCHANNEL=ON )
    else()
        set(CURL_FLAGS ${CURL_FLAGS} -DCMAKE_USE_OPENSSL=ON )
    endif()

    ExternalProject_Add(
        libcurl
        PREFIX libcurl
        GIT_REPOSITORY "https://github.com/curl/curl.git 
<https://github.com/curl/curl.git>"

        GIT_TAG "2f33be817cbce6ad7a36f27dd7ada9219f13584c" # curl-7_75_0
        SOURCE_DIR ${CMAKE_CURRENT_BINARY_DIR}/third-party/libcurl
        CMAKE_ARGS  -DCMAKE_CXX_FLAGS=${CMAKE_CXX_FLAGS}
                    -DCMAKE_C_FLAGS=${CMAKE_C_FLAGS}
                    -DCMAKE_BUILD_TYPE=${CMAKE_BUILD_TYPE}
-DCMAKE_C_FLAGS_DEBUG=${CMAKE_C_FLAGS_DEBUG}
-DCMAKE_C_FLAGS_MINSIZEREL=${CMAKE_C_FLAGS_MINSIZEREL}
-DCMAKE_C_FLAGS_RELEASE=${CMAKE_C_FLAGS_RELEASE}
-DCMAKE_C_FLAGS_RELWITHDEBINFO=${CMAKE_C_FLAGS_RELWITHDEBINFO}
-DCMAKE_CXX_STANDARD_LIBRARIES=${CMAKE_CXX_STANDARD_LIBRARIES}
-DCMAKE_INSTALL_PREFIX=${CMAKE_CURRENT_BINARY_DIR}/libcurl/libcurl_install
                    -DCMAKE_INSTALL_LIBDIR=lib
-DCMAKE_TOOLCHAIN_FILE=${CMAKE_TOOLCHAIN_FILE}
                    -DANDROID_ABI=${ANDROID_ABI}
                    -DANDROID_STL=${ANDROID_STL} ${CURL_FLAGS}
        UPDATE_COMMAND ""
        PATCH_COMMAND ""
        TEST_COMMAND ""
    )

    set(CURL_DEBUG_TARGET_NAME "libcurl-d")
    set(CURL_RELEASE_TARGET_NAME "libcurl")
    add_library(curl INTERFACE)
    add_definitions(-DCURL_STATICLIB) # Mandatory for building libcurl 
as static lib


    target_include_directories(curl INTERFACE 
$)


    # libcurl require ws2_32.lib for windows only
    if (WIN32)
        target_link_libraries(curl INTERFACE ws2_32.lib crypt32.lib)
    else(NOT APPLE)
        set(OPENSSL_USE_STATIC_LIBS TRUE)
        find_package(OpenSSL REQUIRED)
      target_link_libraries(curl INTERFACE OpenSSL::SSL OpenSSL::Crypto)
    endif()

    target_link_libraries(curl INTERFACE debug 
${CMAKE_CURRENT_BINARY_DIR}/libcurl/libcurl_install/lib/${CURL_DEBUG_TARGET_NAME}${CMAKE_STATIC_LIBRARY_SUFFIX})
    target_link_libraries(curl INTERFACE optimized 
${CMAKE_CURRENT_BINARY_DIR}/libcurl/libcurl_install/lib/${CURL_RELEASE_TARGET_NAME}${CMAKE_STATIC_LIBRARY_SUFFIX})




on my application cmake I have this :

        add_dependencies(rs-depth-quality libcurl)
        target_link_libraries(rs-depth-quality curl)



The yellow line is in charge of adding the linkage to the curl dependency

The green line add the curl project with it's depedency to my application.

It works on Win /Linux /OSX without SSL, with the SSL addition it 
works on Win but Linux and OSX complains about linkage errors .


Thanks

On Wed, Feb 24, 2021 at 11:13 PM Ray Satiro via curl-library 
mailto:curl-library@cool.haxx.se>> wrote:


On 2/24/2021 9:40 AM, Nir Azkiel via curl-library wrote:

I got libcurl downloaded and build, I would like to add HTTPS
support but I keep getting linkage errors.

I added this flag to libcurl Externalproject_Add
-DCMAKE_USE_OPENSSL=ON

also I added link to ssl like this

set(OPENSSL_USE_STATIC_LIBS TRUE)
find_package(OpenSSL REQUIRED)
target_link_libraries(curl INTERFACE OpenSSL::SSL OpenSSL::Crypto).

I am using libcurl latest release : 7.75

My configure step find the ssl package:
Found OpenSSL: /usr/lib/x86_64-linux-gnu/libcrypto.a (found
version "1.0.2g")
I keep getting linkage errors like this:
../../libcurl/libcurl_install/lib/libcurl.a(openssl.c.o): In
function `ossl_log_tls12_secret':

3703/home/travis/build/Nir-Az/librealsense/build/third-party/libcurl/lib/vtls/openssl.c:270:
undefined reference to `SSL_get_session'
3704../../libcurl/libcurl_install/lib/libcurl.a(openssl.c.o): In
function `ossl_strerror':

3705/home/travis/build/Nir-Az/librealsense/build/third-party/libcurl/lib/vtls/openssl.c:354:
undefined reference to `ERR_error_string_n'



ERR_error_string_n is in libcrypto so I think your project is not
including it. Maybe it is the INTERFACE dependency specification?
OTOH we are a bit unfamiliar with cmake. Can you give us a minimal
sample cmake project that can be used to reproduce?




Please don't top-post, it makes the conversation hard to follow [1]. I 
was able to reproduce using cmake's demo project [2]. It looks like the 
problem is library order. To reproduce I added app

Re: libcurl build from source with openssl

2021-02-24 Thread Ray Satiro via curl-library


On 2/24/2021 9:40 AM, Nir Azkiel via curl-library wrote:
I got libcurl downloaded and build, I would like to add HTTPS support 
but I keep getting linkage errors.


I added this flag to libcurl Externalproject_Add
-DCMAKE_USE_OPENSSL=ON

also I added link to ssl like this

set(OPENSSL_USE_STATIC_LIBS TRUE)
find_package(OpenSSL REQUIRED)
target_link_libraries(curl INTERFACE OpenSSL::SSL OpenSSL::Crypto).

I am using libcurl latest release : 7.75

My configure step find the ssl package:
Found OpenSSL: /usr/lib/x86_64-linux-gnu/libcrypto.a (found version 
"1.0.2g")

I keep getting linkage errors like this:
../../libcurl/libcurl_install/lib/libcurl.a(openssl.c.o): In function 
`ossl_log_tls12_secret':
3703/home/travis/build/Nir-Az/librealsense/build/third-party/libcurl/lib/vtls/openssl.c:270: 
undefined reference to `SSL_get_session'
3704../../libcurl/libcurl_install/lib/libcurl.a(openssl.c.o): In 
function `ossl_strerror':
3705/home/travis/build/Nir-Az/librealsense/build/third-party/libcurl/lib/vtls/openssl.c:354: 
undefined reference to `ERR_error_string_n'



ERR_error_string_n is in libcrypto so I think your project is not 
including it. Maybe it is the INTERFACE dependency specification? OTOH 
we are a bit unfamiliar with cmake. Can you give us a minimal sample 
cmake project that can be used to reproduce?



---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Non-constness of field "data" in "struct curl_blob" with setopt

2021-02-22 Thread Ray Satiro via curl-library

On 2/22/2021 12:39 PM, Tomalak Geret'kal via curl-library wrote:

On 22/02/2021 16:43, Laurent Dufresne via curl-library wrote:

-Original Message-
From: curl-library  On Behalf Of Tomalak 
Geret'kal via curl-library
Sent: Monday, February 22, 2021 5:16 PM
To:curl-library@cool.haxx.se
Cc: Tomalak Geret'kal
Subject: Re: Non-constness of field "data" in "struct curl_blob" with setopt

Why? The data isn't going to be modified. Just cast to `void*`. The `const` is 
erased just like the `char` is in this particular use case.

I think we overall agree about how it should be used (cast it void* and if you 
want a copy, cast it to void* + use the flag), but the API doesn't carry that.
Think of "memcpy". The destination is "void*" and gets written to. The source is 
"const void*".
In fact, the compilers may raise a warning (depending on warning level) if you try to assign a "const 
char*" to a "void*", but not if you assign to a "const void*".

A cast (an explicit conversion) tells the compiler "I want
this conversion please" and there should be no warning.

As I say, it would be best if the documentation were
expanded to guarantee the immutability of what you pass it,
and a curl_const_blob would make for a clearer interface
where this immutability guarantee is enforced for us by the
language, but in its absence I'm not sure I see any concrete
problem here?

If you're concerned about what might happen to your const
data, you can set CURL_BLOB_COPY on and then the resulting
[non-const!] buffer belongs to curl anyway.

Proposed fix at https://github.com/curl/curl/pull/6643

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: CURLOPT_ACCEPT_ENCODING not working (help)

2021-02-09 Thread Ray Satiro via curl-library


On 2/9/2021 2:32 PM, Adrián Gimeno Balaguer via curl-library wrote:


First of all, the reason why I have split module parts search paths 
instead of using the main installation prefixes is due to a permission 
issue on my CI/CD setup, not allowing me to publish directly the 
resulting OpenSSL/ZLib installed paths (both modules having a separate 
build pipeline for reusability purposes). On the other hand, I’ve 
confirmed that all generated dependent libraries are being correctly 
used in runtime with your indication, comparing the following 
resulting output with the versions on the headers:


libcurl/7.74.0-DEV OpenSSL/1.1.1i zlib/1.2.11

Note the program prevents system libraries from leaking in by having 
LD_LIBRARY_PATH set pointing to a ‘bin’ subdirectory where the 
aforementioned libraries go. Also, setting CURLOPT_ACCEPT_ENCODING to 
“” doesn’t make a difference.


So, recently I ran the following for a trial web service which returns 
gzipped data:


CURL* pCURL;

pCURL = curl_easy_init();

curl_easy_setopt(pCURL, CURLOPT_URL, "http://httpbin.org/gzip;);

curl_easy_setopt(pCURL, CURLOPT_ACCEPT_ENCODING, "");

curl_easy_setopt(pCURL, CURLOPT_VERBOSE, 1L);

curl_easy_perform(pCURL);

curl_easy_cleanup(pCURL);

The response body is supposed to contain a demo JSON and I see that 
the above sample correctly displays the original data in the standard 
output:


{

  "gzipped": true,

  "headers": {

    "Accept": "*/*",

"Accept-Encoding": "deflate, gzip",

"Host": "httpbin.org",

"X-Amzn-Trace-Id": "Root=1-6022d6d8-6e2f080d3d5c1e001d076a2a"

  },

  "method": "GET",

  "origin": "81.202.236.251"

}

* Connection #0 to host httpbin.org left intact

So I believe my libcurl is correct. On the other hand, the equivalent 
output from the desired server (which is a REST API managed by a third 
party), where I’ll also include the relevant response headers, is as 
follows:


HTTP/1.1 200 OK

< Date: Tue, 09 Feb 2021 18:39:21 GMT

< Content-Encoding: gzip

< X-Powered-By: Undertow/1

< Content-Type: application/xml;charset=UTF-8

< Content-Length: 758

< Set-Cookie: 
TS0171c831=0147f0636e20bb9c874b5ab4aad7726d9800ce6aafa5b7e8da21a7f47ea8dd54ee8da97abd26a11019badc63800405b90d7d95c801; 
Path=/


<

* Connection #0 to host the.domain.com left intact

As you see, the Content-Length is positive, while the body section 
appears to be missing. In contrast, when I print the response gathered 
through my default program logic, which includes CURLOPT_WRITEDATA, 
CURLOPT_WRITEFUNCTION setup and the like, I see an initial byte (only) 
instead from gzipped content, the next byte being a null terminator. 
I’m then able to decompress the data and get the correct output (an 
XML file) manually through the ZLib library (passing in the allocated 
response which is wrapped in a std::string and should have the exact 
Content-Length size).


If relevant, by any chance, their request also expects a certain 
gzipped XML file and my lines involving related headers setup are like 
the following:


curl_slist* pHTTPHeaders = curl_slist_append(NULL, “Content-Type: 
application/octet-stream”); // Required per specifications (unlike 
“application/XML”)


pHTTPHeaders = curl_slist_append(pHTTPHeaders , "Content-Encoding: gzip");

curl_easy_setopt(pCURL, CURLOPT_ACCEPT_ENCODING, "gzip");

Finally, the managers of that service confidently claim that they 
don’t send the data doubly compressed, but instead “my system probably 
compresses it upon receiving it”. I don’t know how this could make any 
sense at all. I haven’t yet tried to analyze the network packets to 
determine the right data nature.


Thanks for any response in advance.

Regards,

Adrián

*De: *Ray Satiro via curl-library <mailto:curl-library@cool.haxx.se>
*Enviado: *viernes, 5 de febrero de 2021 21:52
*Para: *curl-library@cool.haxx.se <mailto:curl-library@cool.haxx.se>
*CC: *Ray Satiro <mailto:raysat...@yahoo.com>
*Asunto: *Re: CURLOPT_ACCEPT_ENCODING not working (help)

On 2/4/2021 10:07 AM, Adrián Gimeno Balaguer via curl-library wrote:

I’m using a self built libcurl shared library for embedded use in
a C++ application. In the attempt of requesting it to
automatically decompress response data from a remote server of
interest by using a line like the following in my request setup:

curl_easy_setopt(mpCURL, CURLOPT_ACCEPT_ENCODING, "gzip");

The returned data seems to remain compressed. I enabled the
CURLOPT_HEADER option and can see that the server returns positive
Content-Lengths, with few non-human readable characters in the
body content. To be clear, removing the CURLOPT_ACCEPT_ENCODING
option doesn’t make any difference.

The libcurl library compilation is done in a custom automated

Re: CURLOPT_ACCEPT_ENCODING not working (help)

2021-02-05 Thread Ray Satiro via curl-library


On 2/4/2021 10:07 AM, Adrián Gimeno Balaguer via curl-library wrote:


I’m using a self built libcurl shared library for embedded use in a 
C++ application. In the attempt of requesting it to automatically 
decompress response data from a remote server of interest by using a 
line like the following in my request setup:


curl_easy_setopt(mpCURL, CURLOPT_ACCEPT_ENCODING, "gzip");

The returned data seems to remain compressed. I enabled the 
CURLOPT_HEADER option and can see that the server returns positive 
Content-Lengths, with few non-human readable characters in the body 
content. To be clear, removing the CURLOPT_ACCEPT_ENCODING option 
doesn’t make any difference.


The libcurl library compilation is done in a custom automated CI/CD in 
the cloud which also compiles OpenSSL and ZLib as shared libraries in 
separate pipelines, with libcurl pipeline pulling from the master 
branch (from official libcurl’s repo) and a compilation script like 
the following:


cmake -Bbuild -DBUILD_SHARED_LIBS=OFF -DCMAKE_BUILD_TYPE=MinSizeRel 
-DCMAKE_POSITION_INDEPENDENT_CODE=ON -DCURL_DISABLE_COOKIES=ON 
-DCURL_DISABLE_CRYPTO_AUTH=ON -DCURL_DISABLE_LDAP=ON 
-DCURL_DISABLE_PROXY=ON -DENABLE_IPV6=OFF -DENABLE_UNIX_SOCKETS=OFF 
-DHTTP_ONLY=ON 
-DOPENSSL_CRYPTO_LIBRARY=$(Pipeline.Workspace)/ssl/lib/libcrypto.so.1.1 
-DOPENSSL_INCLUDE_DIR=$(Pipeline.Workspace)/ssl/include 
-DOPENSSL_SSL_LIBRARY=$(Pipeline.Workspace)/ssl/lib/libssl.so.1.1 
-DZLIB_INCLUDE_DIR=$(Pipeline.Workspace)/zlib/include 
-DZLIB_LIBRARY=$(Pipeline.Workspace)/zlib/lib/libz.so.1 . && cmake 
--build build


I can see the following possible relevant build output lines (not 
contiguous) that may indicate ZLib gets correctly integrated:


Found ZLIB: /home/vsts/work/1/zlib/lib/libz.so.1 (found version "1.2.11")

Enabled features: SSL libz AsynchDNS alt-svc HTTPS-proxy

However, I’ve seen in the following answer: 
https://stackoverflow.com/a/29966893 
. Looking at my generated 
libcurl headers, I can’t find any match for “HAVE_LIBZ” (neither in my 
build output).




The proper way to specify OpenSSL and zlib locations is by using 
OPENSSL_ROOT_DIR [1] and ZLIB_ROOT variables [2], because we call 
cmake's find_package and that's what they use. For example:


-DCMAKE_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=C:\somewhere -DCURL_ZLIB=ON 
-DZLIB_ROOT=C:\somewhere


This assumes you've already installed openssl and zlib to those 
locations and they have lib,bin,etc. To set the install location when 
configuring zlib via cmake you can use -DCMAKE_INSTALL_PREFIX:PATH=. To 
set the install location when configuring openssl via Configure you can 
use --prefix= and --openssldir=.


Setting ACCEPT_ENCODING to a specific string is almost never used 
correctly. What you should do instead is set it to an empty string "" 
and libcurl will only send the encodings it actually supports [3].


printf("%s\n", curl_version()) to make sure your program is actually 
using the libcurl you built and not some other one in the path.


[1]: https://github.com/Kitware/CMake/blob/master/Modules/FindOpenSSL.cmake
[2]: https://github.com/Kitware/CMake/blob/master/Modules/FindZLIB.cmake
[3]: https://curl.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: curl 7.75.0 fails to compile

2021-02-04 Thread Ray Satiro via curl-library


On 2/4/2021 12:02 PM, Firefox OS via curl-library wrote:

I got following compilation error in 7.75 release.
It was OK in curl 7.74.
The attached patch fixes the compilation problem in my case.

http.c:1963:10: error: conflicting types for ‘Curl_add_timecondition’
  1963 | CURLcode Curl_add_timecondition(const struct connectdata *conn,
   |  ^~
In file included from urldata.h:136,
  from http.c:52:
http.h:67:10: note: previous declaration of ‘Curl_add_timecondition’ was here
67 | CURLcode Curl_add_timecondition(struct Curl_easy *data,
   |  ^~
http.c: In function ‘Curl_http’:
http.c:3167:37: warning: passing argument 1 of ‘Curl_add_timecondition’ from 
incompatible pointer type [-Wincompatible-pointer-types]
  3167 | result = Curl_add_timecondition(data, );
   | ^~~~
   | |
   | struct Curl_easy *
http.c:1963:59: note: expected ‘const struct connectdata *’ but argument is of 
type ‘struct Curl_easy *’
  1963 | CURLcode Curl_add_timecondition(const struct connectdata *conn,
   | ~~^~~~



Thanks, fixed in https://github.com/curl/curl/commit/145848e


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Forcing curl_multi_perform() to return regularly

2021-01-17 Thread Ray Satiro via curl-library


On 1/17/2021 6:16 AM, Andreas Falkenhahn via curl-library wrote:

On 15.01.2021 at 16:59 Daniel Stenberg wrote:


Using what version? There's a maxloops counter in the
transfer.c:readwrite_data() function that's meant to prevent the function from
getting stuck "forever".

BTW, I think a new CURLOPT would be nice here that allows the user to set a timeout value 
because the hard-coded value of 100 iterations can almost mean "forever" in 
case the write function won't return until new data is available. It would be much more 
convenient if it was possible to specify a timeout value after which curl_multi_perform() 
should return. The hard-coded 100 could still be kept as some sort of default which is 
used in case no timeout has been set by the user...



Don't wait in the callback.

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: String encoding used by CURLOPT_ERRORBUFFER

2021-01-14 Thread Ray Satiro via curl-library


On 1/14/2021 1:46 PM, Andreas Falkenhahn via curl-library wrote:

Is there any specification concerning the encoding used by the string copied to 
CURLOPT_ERRORBUFFER in case of an error?

On my German Windows system I often seem to be getting ISO 8859-1. For example, 
the error message for CURLE_SSL_CONNECT_ERROR is this:

 "schannel: next InitializeSecurityContext failed: Unknown error (0x80092013) - 
Die Sperrfunktion konnte die Sperrung nicht überprüfen, da der Sperrserver offline 
war."
  
Note the German umlauts "ü" in the error message.


Is there any way to make curl return something more i18n-proof, e.g. UTF-8? If 
not, consider this a feature request;)



We left extended error messages in the received encoding intentionally. 
curl errors are in English but may append a system error like whatever 
strerror gives us or for some Windows errors we convert to multibyte to 
be consistent and keep local encoding. [1]



[1]: https://github.com/curl/curl/blob/curl-7_74_0/lib/strerror.c#L666-L678


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Test 1061 flaky when run without valgrind

2021-01-11 Thread Ray Satiro via curl-library


On 1/11/2021 3:01 AM, Fabian Keil via curl-library wrote:

Ray Satiro via curl-library  wrote on 2021-01-10:


On 1/10/2021 5:33 PM, Daniel Stenberg via curl-library wrote:

On Sun, 10 Jan 2021, Fabian Keil via curl-library wrote:


The attached patch seems to work around the problem.
Busy-looping probably isn't the right solution, though.

Yeah, that's just not the right fix.

When the code returns there (http_proxy.c line 346) due to CURLE_AGAIN
having been returned from the read function, it should return back out
to the multi state-machine where it should remain in the
CURLM_STATE_WAITPROXYCONNECT state until the socket gets readable
again and it calls Curl_http_connect() again to continue to the
CONNECT handling.

Can you rebuild with --enable-debug and see if the extra output shines
some more light on this? Presumably, in your case the code moves on to
the next state somehow when it shouldn't and we should figure out why!

+1 we want it non-blocking. I can't reproduce this but I took a guess.
Can you please tryhttps://github.com/curl/curl/pull/6432

Good guess. The commit 1253e5f4ba1210 makes the test
succeed 1000 times in a row.



Thanks, I just landed it in master. [1]

[1]: https://github.com/curl/curl/commit/70af179

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: cacerts download is a bit sideways on Ubuntu

2021-01-11 Thread Ray Satiro via curl-library


On 1/11/2021 2:48 AM, Jeffrey Walton via curl-library wrote:

On Mon, Jan 11, 2021 at 2:35 AM Daniel Stenberg  wrote:

On Mon, 11 Jan 2021, Jeffrey Walton via curl-library wrote:


$ lsb_release -a
Distributor ID:Ubuntu
Description:Ubuntu 20.04.1 LTS
Release:20.04
Codename:focal

$ command -v wget
/usr/bin/wget

$ wget -O cacert.pem 'https://curl.haxx.se/ca/cacert.pem'
  Unable to locally verify the issuer's authority.

The cert is used by Fastly for a vast amount of servers so you'll likely to
have widespread issues when it doesn't work.

When I visit cURL's site in a browser, the CA used is Let's Encrypt
(and not GlobalSign).


Finally: that URL is the old one anyway, get the bundle from the current URL
and you'll see that it is signed by anoter cert:https://curl.se/ca/cacert.pem

OK, thanks. This did not help.


I tested the same on Ubuntu 18.04 with the shipped curl version there and it
works fine.

Yeah, I updated from 18.04 to 20.04 last week. 18.04 did not have
troubles. I think today is the first time I ran the script under
20.02.

I can give you remote access if you are interested in duplicating it.
I need your authorized_keys.



I'm using 16 LTS and I can't reproduce either. Try openssl

owner@ubuntu1604-x64-vm:~$ debsums ca-certificates | grep -i globalsign
/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt OK
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt OK

owner@ubuntu1604-x64-vm:~$ SSL_CERT_DIR="" openssl s_client -connect 
curl.haxx.se:443 -servername curl.haxx.se -CAfile 
/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt < 
/dev/null | grep "Verify return code"

depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 
2020

verify return:1
depth=0 CN = *.haxx.se
verify return:1
DONE
    Verify return code: 0 (ok)

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Test 1061 flaky when run without valgrind

2021-01-10 Thread Ray Satiro via curl-library


On 1/10/2021 5:33 PM, Daniel Stenberg via curl-library wrote:

On Sun, 10 Jan 2021, Fabian Keil via curl-library wrote:


The attached patch seems to work around the problem.
Busy-looping probably isn't the right solution, though.


Yeah, that's just not the right fix.

When the code returns there (http_proxy.c line 346) due to CURLE_AGAIN 
having been returned from the read function, it should return back out 
to the multi state-machine where it should remain in the 
CURLM_STATE_WAITPROXYCONNECT state until the socket gets readable 
again and it calls Curl_http_connect() again to continue to the 
CONNECT handling.


Can you rebuild with --enable-debug and see if the extra output shines 
some more light on this? Presumably, in your case the code moves on to 
the next state somehow when it shouldn't and we should figure out why! 



+1 we want it non-blocking. I can't reproduce this but I took a guess. 
Can you please try https://github.com/curl/curl/pull/6432


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: compiling error uclinux+curl+wolfssl undefined reference to `wolfTLSv1_1_client_method'

2020-12-29 Thread Ray Satiro via curl-library


On 12/28/2020 3:49 PM, Julian Montes via curl-library wrote:

I am working with curl and a coldfire board ( MCF5272 ).
I have compile successfully  uclinux and use curl with OPENSSL.
Now I am trying to use  curl +wolfssl.

I have this error in curl compile.

_CURL 7.47.0_
*../lib/.libs/libcurl.a(libcurl_la-cyassl.o): In function 
`cyassl_connect_common':

cyassl.c:(.text+0x4f4): undefined reference to `wolfTLSv1_1_client_method'
cyassl.c:(.text+0x500): undefined reference to `wolfTLSv1_client_method'
*

  This is my config line for curl

./configure --host=m68k-uclinux --prefix=/home/ubuntu/dos/user-curl 
--enable-manual=no  --enable-rtsp=no --enable-ipv6=no 
 --disable-libcurl-option --disable-mqtt --disable-gopher 
--disable-pop3 --disable-smtp --without-ssl 
 --with-cyassl=/home/ubuntu/dos/user-wolf  --disable-ares 
--disable-cookies --disable-crypto-auth --disable-ftp --disable-ftps 
--disable-imap --disable-imaps --disable-verbose --disable-telnet 
--disable-tftp --disable-dict  --disable-pthreads 
--disable-threaded-resolver  --disable-proxy --disable-unix-sockets 
--enable-hidden-symbols  --without-librtmp  --disable-verbose 
--disable-versioned-symbols --enable-shared=no --disable-file


I am using *_wolfSSL Release 4.5.0_*
*_
_*
Anyone have any suggestions for this issue?*_
_*



As Daniel said upgrade your curl. We are working on a fix for this. 
Please try https://github.com/curl/curl/pull/6388


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: TESTFAIL: These test cases failed: 1167

2020-12-21 Thread Ray Satiro via curl-library


On 12/21/2020 4:49 PM, Daniel Stenberg via curl-library wrote:

On Mon, 21 Dec 2020, Dennis Clarke via curl-library wrote:


Ah ha, well that provides endless buckets of information.


It seems the script doesn't properly ignore lines with nothing but a 
single hash ('#') sign on them. My proposed patch:


diff --git a/tests/badsymbols.pl b/tests/badsymbols.pl
index bad037975..e609633bb 100755
--- a/tests/badsymbols.pl
+++ b/tests/badsymbols.pl
@@ -88,10 +88,13 @@ sub scanenums {
 next;
 }
 if($skipit) {
 next;
 }
+    if (/^\#\s*\z/) {
+    next;
+    }
 if ( /enum\s+(\S+\s+)?{/ .. /}/ ) {
 s/^\s+//;
 chomp;
 s/[,\s].*//;
 if(($_ !~ /\}(;|)/) && 




Daniel has submitted his patch as a PR [1] and I will follow up there 
with comments.




[1]: https://github.com/curl/curl/pull/6355


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: TESTFAIL: These test cases failed: 1167

2020-12-20 Thread Ray Satiro via curl-library


On 12/20/2020 3:35 PM, Dennis Clarke via curl-library wrote:

Will do but I don't see anything different

Please run it directly using verbose -v, refer to the command line above



Well throwing in a -v does nothing new :

alpha $
alpha $ ./runtests.pl -v -p 1167



Please run badsymbols directly not runtests

cd tests
perl -I. ./badsymbols.pl -v ./..

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: TESTFAIL: These test cases failed: 1167

2020-12-20 Thread Ray Satiro via curl-library


On 12/20/2020 7:29 AM, Dennis Clarke via curl-library wrote:

I'm working on adding a verbose mode to badsymbols [1][2], can you patch
and try it out:

cd tests
perl -I. ./badsymbols.pl -v ./..


[1]:https://github.com/curl/curl/pull/6349
[2]:https://patch-diff.githubusercontent.com/raw/curl/curl/pull/6349.diff


Will do but I don't see anything different



Please run it directly using verbose -v, refer to the command line above

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: TESTFAIL: These test cases failed: 1167

2020-12-20 Thread Ray Satiro via curl-library


On 12/19/2020 9:58 PM, Dennis Clarke via curl-library wrote:

alpha $
alpha $ ./runtests.pl -p 1167
* System characteristics 
* curl 7.74.0 (sparc64-sun-solaris2.10)
* libcurl/7.74.0 OpenSSL/1.1.1i zlib/1.2.11 libidn2/2.3.0 libssh2/1.9.0
* Features: alt-svc AsynchDNS HTTPS-proxy IDN IPv6 Largefile libz NTLM
NTLM_WB SSL TLS-SRP UnixSockets
* Disabled:
* Host: alpha
* System: SunOS alpha 5.10 Generic_150400-65 sun4u sparc
SUNW,SPARC-Enterprise
* OS: solaris
* Servers: HTTP-IPv6 HTTP-unix FTP-IPv6
* Env:
* Seed: 211840
*
test 1167...[Verify curl prefix of public symbols in header files]

perl -I.  returned 1, when expecting 0
  exit FAILED
== Contents of files in the log/ dir after test 1167
=== Start of file commands.log
  perl -I. ./badsymbols.pl ./.. >log/stdout1167 2>log/stderr1167
=== End of file commands.log
=== Start of file ftpserver.cmd
  Testnum 1167
=== End of file ftpserver.cmd
=== Start of file stdout1167
  Bad symbols in public header files:
#
#
#
.
.  a pile of lines which are all just   #
.
#
#
#
#
=== End of file stdout1167

  - abort tests
TESTDONE: 0 tests out of 1 reported OK: 0%

TESTFAIL: These test cases failed: 1167

TESTDONE: 1 tests were considered during 0 seconds.
alpha $ echo $?
1
alpha $



I'm working on adding a verbose mode to badsymbols [1][2], can you patch 
and try it out:


cd tests
perl -I. ./badsymbols.pl -v ./..


[1]: https://github.com/curl/curl/pull/6349
[2]: https://patch-diff.githubusercontent.com/raw/curl/curl/pull/6349.diff

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: TESTFAIL: These test cases failed: 1167

2020-12-19 Thread Ray Satiro via curl-library


On 12/19/2020 11:15 AM, Dennis Clarke via curl-library wrote:

on Solaris 10 sparcv9 :

OK (1376 out of 1376, remaining: 00:00, took 0.134s, duration: 11:18)
TESTDONE: 1091 tests out of 1092 reported OK: 99%

TESTFAIL: These test cases failed: 1167

TESTDONE: 1388 tests were considered during 679 seconds.


So what can I do to dig out the details ?



./runtests.pl -p 1167


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Next-level packaging of curl for Windows

2020-12-17 Thread Ray Satiro via curl-library


On 12/17/2020 4:30 PM, Daniel Stenberg via curl-library wrote:


The curl project received the suggestion to package the official curl 
binary we produce for Windows in a signed installer. In the long term 
this package could be used by Microsoft to ship our official curl 
binary instead of a custom build which lacks features and stays behind 
in terms of changes and fixes.


If you want to help out making this happen, we'll appreciate your help 
as this project is right now pretty much stallling.


More details here:

https://github.com/curl/curl/wiki/Packaging-for-Windows



What is the issue tracking this? I think the wiki should link to that 
issue. I couldn't find it searching.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: docs/URL-SYNTAX.md

2020-12-11 Thread Ray Satiro via curl-library


On 12/11/2020 6:00 PM, Daniel Stenberg via curl-library wrote:
I created and just pushed a first version of docs/URL-SYNTAX.md. It's 
my attempt to document the URL syntax that curl works with and covers 
most angles and takes on URLs from a curl perspective.


Give it a read and file PRs if you can think of improvements!

I'll make sure the document also appears on the website soonish. 



For now you can read it here 
https://github.com/curl/curl/blob/master/docs/URL-SYNTAX.md



---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html

Re: Feature request: HTTPS first

2020-11-06 Thread Ray Satiro via curl-library


On 11/6/2020 11:32 AM, Emil Engler via curl-library wrote:
Hello, as most websites use HTTPS nowadays I would suggest to let curl 
use HTTPS if no protocol was specified rather than HTTP and use HTTP 
as a fallback if HTTPS is not available.
However, I am not certainly sure if that can be done easily (as I am 
not into the TLS protocol). 



I assume you mean a user supplied URL and not the server Location header 
because the latter is treated as a relative path if there's no scheme. 
We have CURLOPT_DEFAULT_PROTOCOL [1] (tool: --proto-default [2]) to set 
the default protocol, but there is no secondary fallback. In other words 
if you pass URL example.com/foo (note no scheme) and set default proto 
to https then curl is going to change it to https://example.com/foo and 
if that fails then that's it.



[1]: https://curl.haxx.se/libcurl/c/CURLOPT_DEFAULT_PROTOCOL.html
[2]: https://curl.haxx.se/docs/manpage.html#--proto-default


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: I'm now the owner of curl.se

2020-11-05 Thread Ray Satiro via curl-library


On 11/5/2020 5:32 AM, Daniel Stenberg wrote:

On Thu, 5 Nov 2020, Ray Satiro wrote:

It is blocked loading some resources from fastly-insights.com 
(without www)


I don't think we're expected to load any resources from there?

(BTW, that resource load is explained in full here: 
https://insights.fastlylabs.com/) 



Here is what I see in the Chrome browser console:

insights.js?k=8cb1247c-87c2-4af9-9229-768b1990f90b:55 Refused to connect 
to 
'https://fastly-insights.com/api/v1/config/8cb1247c-87c2-4af9-9229-768b1990f90b' 
because it violates the following Content Security Policy directive: 
"default-src 'self' curl.haxx.se www.curl.se curl.se 
www.fastly-insights.com". Note that 'connect-src' was not explicitly 
set, so 'default-src' is used as a fallback.


There are no more curl.haxx.se errors since the header has updated.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: I'm now the owner of curl.se

2020-11-04 Thread Ray Satiro via curl-library


On 11/5/2020 1:55 AM, Daniel Stenberg wrote:

On Wed, 4 Nov 2020, Ray Satiro wrote:

I will never quite understand Content-Security-Policy but I think I 
managed to fix that quirk. 


It's not fixed here. It looks like the references to the stylesheets 
are still the old curl.haxx.se and that domain is not in the new policy.


It is now (since my reply), you might still see the old version.



Yes I still get the old version.




Also you may have to add fastly analytics domain to default since you 
appear to be using that for javascript or json or something.


It is already in there since before (www.fastly-insights.com). 



It is blocked loading some resources from fastly-insights.com (without www)

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: I'm now the owner of curl.se

2020-11-04 Thread Ray Satiro via curl-library


On 11/4/2020 5:06 PM, Daniel Stenberg wrote:

Also something looks off with the CSS, see attachment


I will never quite understand Content-Security-Policy but I think I 
managed to fix that quirk. 


It's not fixed here. It looks like the references to the stylesheets are 
still the old curl.haxx.se and that domain is not in the new policy. 
Also you may have to add fastly analytics domain to default since you 
appear to be using that for javascript or json or something.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: server transition today

2020-11-04 Thread Ray Satiro via curl-library


On 10/30/2020 4:17 AM, Daniel Stenberg wrote:

On Fri, 30 Oct 2020, Ray Satiro via curl-library wrote:

The archival process for mail seems to have stopped. For example 
curl-library october archive [1] stopped archiving on the 19th.


Oops. I think it was still storing the emails fine and it was just the 
conversion to HTML that has glitched. I'll work on it!


Thanks for pointing it out! 



It looks like curl-library was fixed for October but curl-users wasn't

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: I'm now the owner of curl.se

2020-11-04 Thread Ray Satiro via curl-library


On 11/4/2020 6:00 AM, Daniel Stenberg via curl-library wrote:

On Mon, 2 Nov 2020, Daniel Stenberg via curl-library wrote:

I'll be back with more info soon when we can consider the new domain 
and address to be the new home.


Welcome to curl.se - our new home.

 https://curl.se and https://www.curl.se/ work equally well.

The old name of course also works fine and so far it doesn't even 
redirect.




I'm getting occasional revocation errors:

Session #6462: The server (curl.se) presented a certificate that did not 
validate, due to RemoteCertificateChainErrors.


0 - The revocation function was unable to check revocation for the 
certificate.


1 - The revocation function was unable to check revocation because the 
revocation server was offline.



Also something looks off with the CSS, see attachment

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Performance issue with libcurl 7.73

2020-10-30 Thread Ray Satiro via curl-library


On 10/29/2020 7:57 PM, Jeffrey McKay via curl-library wrote:

Recently we did have some problem with logging in to some servers, and
I determined that the issue
could be fixed by updating to libcurl 7.71 (not sure why). However I
ran into some other problem
with this version, where for some reason after several thousand
messages, libcurl seemed to be
returning null data in response to a GET.  However I am*not*  asking
about that problem in this
message.

The above problem went away when I switched to libcurl 7.73. However,
this version has its own
problem, a serious performance issue, where large chunks of data seem
to be taking 1 second to
upload, vs a fraction of a second seen with the previous version.

Take a look at the attached two log files, slow_upload.txt and
fast_upload.txt.  These are
logs of the debug function after I do a POST. In the slow version,
each 64k chunk of data
is taking approximately 1 second. In the fast version, each chunk is a
fraction of a second or
not even measurable. These results are consistent when doing multiple
tests at different times
of the day. I don't think it is related to EWS server variability.

Keep in mind that the exact same main program binary executable code
is running in each test, only
the libcurl.dll has been changed.

Any idea what could be causing this? I've also included some of my
code that performs the POST
operation (cleaned up of a lot of extraneous stuff).  Hopefully there
is some curl option that
I can set or change that fixes this.



I was able to reproduce this and have filed a bug report [1]. If you 
can, please take any further comments about this issue to that report 
instead of the mailing list. Thanks


[1]: https://github.com/curl/curl/issues/6146

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: server transition today

2020-10-30 Thread Ray Satiro via curl-library


On 10/23/2020 2:17 AM, Daniel Stenberg via curl-library wrote:
If you spot glitches on the site, please have patience but if they 
remain after 24 hours or so, do let me know and I'll have a look. 



The archival process for mail seems to have stopped. For example 
curl-library october archive [1] stopped archiving on the 19th.



[1]: https://curl.haxx.se/mail/lib-2020-10/


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: How to get Libcurl output into a Buffer?

2020-10-18 Thread Ray Satiro via curl-library


On 10/19/2020 12:31 AM, Lijin TV via curl-library wrote:
|I want to store the result of this curl function into a buffer, how 
can I do so? #include  #include  int main(void) 
{ CURL *curl; CURLcode res; curl = curl_easy_init(); if(curl) { 
curl_easy_setopt(curl, CURLOPT_URL, "www.example.com 
"); res = curl_easy_perform(curl); /* always 
cleanup */ curl_easy_cleanup(curl); } return 0; }|



Please refer to the included documentation or the website [1] before 
asking these questions. Also please ask a single appropriate list 
instead of e-mail both lists. Since you are asking questions about 
libcurl, curl-library is the right list, not curl-tool. The getinmemory 
example [2] shows how you can write a response to memory.



[1]: https://curl.haxx.se/libcurl/c/
[2]: https://curl.haxx.se/libcurl/c/getinmemory.html


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Curl upgrade from 7.65.1 to 7.70.0 causing performance degradation

2020-09-16 Thread Ray Satiro via curl-library


On 9/14/2020 8:13 PM, Kunal Chandarana via curl-library wrote:


This is continuation of an earlier thread 
, that was 
addressed to an incorrect audience. Using curl-library mailing for 
further discussion.


I further investigated the issue. As I mentioned earlier, we use the 
connection pause/unpause feature. If the connection is paused then the 
library uses a temporary buffer (pausewrite function 
) 
for holding the data. I noticed that this buffer continues to increase 
(buffer size reaches upto 7mb for 13mb response) and malloc, 
memcpy calls on the buffer of this size causes slowness. Further 
investigation revealed that buffer size increase has been taking place 
since the following change 
 was 
introduced in the library. Before this change, we did not notice any 
performance degradation. I compared buffer size before and after the 
change, screenshot attached here. How do you think we can proceed from 
here for fixing this issue?




Did you do the things that were recommended, did you try the latest 
version and did you then bisect that version? If you revert that commit, 
what happens? What is your curl_version()?


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Failed sending data to the peer in 7.72.0

2020-09-11 Thread Ray Satiro via curl-library


On 9/11/2020 2:03 PM, James Brown via curl-library wrote:
After upgrading a test cluster from 7.71.1 to 7.72.0, we're now seeing 
around 0.1% of POSTs from one (and only one) of our applications fail 
with "Failed sending data to the peer" (CURLE_SEND_ERROR) and no other 
error. Based on logs, the request actually succeeds, but libcurl is 
returning this error. This application is using the Ruby Typhoeus 
wrapper and is itself unchanged. The relevant connections are all 
HTTP/1.1 connections to hosts on the local network, and the POSTs are 
all very small (<1KB) with nothing interesting about them.


I haven't had any luck tracking this down since it's such a low 
fraction of requests and is only affecting one of our several hundred 
applications, but it reproducibly happens with 7.72 and not with 7.71.1.


Anyone have any suggestions for how to try to track down the 
regression? I looked at the diff between 7.71.1 and 7.72.0 and no 
lines containing the string "CURLE_SEND_ERROR" were touched, which is 
unfortunate.



There are no similar reports and I looked through the commit history but 
nothing stood out. If you can reliably reproduce then try bisecting it 
https://github.com/curl/curl/wiki/how-to-git-bisect



---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: time to remove Visual Studio project files?

2020-09-07 Thread Ray Satiro via curl-library


On 9/6/2020 3:40 AM, Daniel Stenberg wrote:

On Sun, 6 Sep 2020, Ray Satiro via curl-library wrote:

I use the Visual Studio project files. I like that there's several 
configurations that I can switch between.


Isn't that just the equivalent of running different nmake command lines?

Why not just save a few common build setups as pre-written command lines?

Changing the directory name will make it difficult for me to go back 
and forth between commits.


Yes true, but if we are to keep this build option I think we should 
make it more accessible to users (people who build libcurl) and one 
step could be to use a name that is more descriptive for what it is. 



I mean different SSL backend configurations in one project. I use mainly 
Windows SSPI (Schannel) and OpenSSL DLL configurations. For the most 
part I don't have to regenerate the project files as I switch between 
commits. Occasionally a new source file is added or I go far back enough 
that it's necessary to do that otherwise the build will fail. The 
directory is already accessible, I think projects/Windows is pretty apt.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: time to remove Visual Studio project files?

2020-09-05 Thread Ray Satiro via curl-library


On 9/5/2020 9:16 AM, Daniel Stenberg via curl-library wrote:


I'd like to get a better feel for the need to ship the visual studio 
project files we currently host in the project/ directory.


Do you use them? Why isn't generating these files using cmake good 
enough?


If we're going to keep them, I'd like to do some cleanups (like 
renaming the rather strange directory name) and add more documentation 
for them. That requires that there are users of these files that are 
prepared to work (with me) on that. 



I use the Visual Studio project files. I like that there's several 
configurations that I can switch between. Changing the directory name 
will make it difficult for me to go back and forth between commits.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: static link on Ubuntu

2020-08-26 Thread Ray Satiro via curl-library


On 8/25/2020 1:41 PM, Mike via curl-library wrote:


g++ -L/usr/lib/x86_64-linux-gnu/libfreetype.a 
-L/usr/lib/x86_64-linux-gnu/libcurl.a -m64 -static-libgcc 
-DCURL_STATICLIB -I/usr/lib/x86_64-linux-gnu/libcurl.a 
-Wl,--version-script=exports.txt -shared -o "lin.xpl" 
./BitmapSupport.o ./fontmgr.o ./image.o ./main.o ./myList.o ./rain.o 
./shader.o -lGL -lGLEW


and get the runtime error:

dlerror:/home/michael/xplane/aircarft/plugin/lin.xpl: undefined 
symbol: curl_easy_perform




-L is to add to the library search path and -l (lowercase L) is to add 
libraries. /usr/lib/x86_64-linux-gnu/ should be searched by default on 
Ubuntu. You probably want something like -lGL -lGLEW -lfreetype -lcurl



---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Libcurl-win - linkage, redistributables

2020-08-12 Thread Ray Satiro via curl-library


On 8/11/2020 10:54 AM, David Harris via curl-library wrote:

I apologize if some or all of this is covered elsewhere - I*did*  take a browse 
through the last
few months of list archives to see if I could see anything, but nothing jumped 
out.

First, a little context: I am in the process of developing support for the 
infinitely accursed
"OAUTH2" authentication framework, specifically as it is used by GMail. I'm not 
going to
waste everyone's time by ranting about OAUTH2 - suffice it to say that as part 
of the maze of
steps required to make it work, I need some reliable HTTP client code. While I 
could write my
own HTTP/HTTPS handlers, it seemed more logical to use a solid, proven tool 
like libCurl
instead.

I have run into three issues with LibCurl as it exists in the Windows 
environment, most of
them to do with linkage. I'm hoping to get some insight into how best to deal 
with them.

1:  Linking to dynamic RTLs. I've read the stuff in WinBuild about CRT linkage, 
but while I
can understand why the decision might have been made to go with linking to the 
DLL RTL
libraries, it's a problem for me. My program (Pegasus Mail) is pretty much a 
niche product
these days, but it's used on practically every version of Windows that still 
runs. I've always
static-linked to RTLs to avoid having to include MS redistributables in my 
installers: given that
some of the redistributable packages are larger than my entire program, they 
constitute
"bloat" on a level I find uncomfortable. Having to use a version of LibCurl 
that requires
redistributables which will more than double the size of my distribution, all 
so I can do one
badly-designed authentication protocol that's been shoved down our collective 
throats by
people who should have been able to do better... Well, let's just say I've got 
problems with
that idea.

My inclination, then, is to build a version of LibCurl that uses the 
RTLIBCFG=static option, but
this seems to be deprecated so heavily in WinBuild.txt that have to ask: is it 
really as
untested and unreliable as WinBuild.txt seems to suggest? In a practical sense, 
am I really
going to run into problems with this, or is the warning merely a case of 
excessive caution?

2: If I end up building static LibCurl, what libraries do I absolutely*have*  
to include for
reasonable levels of operation? I already produce my own OpenSSL builds (for 
many of the
same reasons I'm describing here - /MD linkage just won't work for me), but do 
I need things
like NGHTTP2, C-ARES or ZLIB for basic HTTP operation? I don't imagine that 
those
libraries will be any easier to build for Windows, so if this is going to turn 
into a major
production exercise, it may end up being better for me to write my own simple 
HTTP code
instead, given how limited my need is. This isn't intended to sound arrogant - 
I've written
HTTP servers and both servers and clients for almost every mail protocol 
there's ever been,
and I have very extensive TCP/IP code libraries, so I believe that simple HTTP 
client code
should be manageable - but I'd sooner use LibCurl if I can, simply because it 
has such
impeccable pedigree and because it offers real scope for growth.

3: What MS redistributable does the 7.71.1 build of LibCurl I downloaded from
https://curl.haxx.se/windows/  require? Is the redistributable available 
anywhere on the site (I
have access to Visual C 9, 14 and 19)?

Please don't think I'm being negative - I would love to have Curl/LibCurl in my 
arsenal of
tools, and once I had it working, I'm sure I would find more and more uses for 
it. I admire the
authors, and love the richness - it's just the little niggles I have to sort 
out so I can work out
how neat a fit it is for my purposes.



I assume you mean BUILD.WINDOWS.txt which says "RTLIBCFG is rarely used 
and therefore rarely tested." That doesn't mean deprecated.


Your build should have at least SSL. I suggest use OpenSSL instead of 
the native SSL (Schannel/WinSSL) because you want to run on older 
versions of Windows and the native SSL on those older versions does not 
support as many SSL protocols or algorithms. OTOH if size is your 
primary concern maybe you should consider the native SSL, but you will 
run the risk that as servers upgrade their TLS and older Windows doesn't 
then your program may not be able to connect to those servers.


The official build of curl for Windows [1] uses the default CRT that 
comes with the OS, msvcrt.dll, which is actually some specific version 
of the CRT when the OS was shipped. It may be easier for you to consider 
using that rather than include a copy of a specific CRT with your program.


There are several ways to build curl for Windows. If you build using 
Visual Studio we do not have a configuration that uses the default OS 
CRT (or maybe we do and I don't know about it?). Instead build using 
mingw/msys.


[1]: https://github.com/curl/curl-for-win


---

Re: Getting CAPTCHA response when download a webpage

2020-07-20 Thread Ray Satiro via curl-library


On 7/19/2020 6:38 PM, Mah. E. via curl-library wrote:

i can open this link on any browser and never ask for recaptcha


I get a captcha in every browser.

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: how to force use schannel functions?

2020-07-02 Thread Ray Satiro via curl-library


On 7/3/2020 12:55 AM, Vermeire, Baudewijn via curl-library wrote:


how can i force curl to use Schannel.c functions?
ï¿½I have configured to use native ssl as well as others, so i would 
expect Schannel is used on windows?


Sorry if this is a stupid question.

OpenSSL library functions are called instead.

Windows 10 Pro , Curl 7.68.



For the curl tool set environment variable CURL_SSL_BACKEND=schannel

For libcurl call curl_global_sslset with CURLSSLBACKEND_SCHANNEL [1].


[1]: https://curl.haxx.se/libcurl/c/curl_global_sslset.html


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Cross-compiled generating error 77 in application

2020-06-19 Thread Ray Satiro via curl-library


On 6/19/2020 3:17 AM, Ray Satiro wrote:
If you use the Schannel backend (native WIndows SSL) instead of 
OpenSSL then you do not need a separate bundle of certificates, the 
Windows OS certificate store is used by default. The next version of 
curl (7.71, to be released next week) will support that for OpenSSL 
but not by default, you would use CURLSSLOPT_NATIVE_CA [5] to enable it. 



To clarify the changes in the next version, it appears the curl tool w/ 
OpenSSL on Windows will fall back on the native CA store when no 
certificate bundle is found. [1] That may override hardcoded paths in 
libcurl. I will seek clarification on that.


[1]: 
https://github.com/curl/curl/blob/fa4fbc5/src/tool_operate.c#L2415-L2428


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Cross-compiled generating error 77 in application

2020-06-19 Thread Ray Satiro via curl-library


On 6/18/2020 1:27 PM, Peter Bushnell via curl-library wrote:
Have added curl source to build a statically compiled libcurl.a to a 
multi-platform application which cross-compiles binaries for on Linux 
for Windows and Mac. The application on Linux and Mac work as 
expected, but when calling curl_easy_perform with a HTTPS URL a 77 
error code is returned. During configure the following ca bundle path 
is set.


/etc/ssl/certs/ca-certificates.crt

When configuring for Windows the same cert is set which can obviously 
not be found in a Windows environment. Hoping that I only need to set 
--with-ca-path or --with-ca-bundle but I've not been able to work out 
what it should be set to. The advice I've seen online is for people to 
download the cert which allows my cross-compiled curl.exe to work with 
SSL, but does not seem to work if placed in the same directory as the 
application. Tried setting the CA bundle path to ./ without luck and 
also tried SSPI but that did not make a difference.


Setting the following allows calls to HTTPS to work, this shows that 
libcurl has been successfully compiled, linked and can work but 
obviously this is not desired behaviour.


curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);

Compiling with the following configure options:

./configure --disable-shared --enable-static --disable-ldap 
--disable-sspi --without-librtmp --disable-ftp --disable-file 
--disable-dict --disable-telnet --disable-tftp --disable-rtsp 
--disable-pop3 --disable-imap --disable-smtp --disable-gopher 
--disable-smb --host=x86_64-w64-mingw32


Configure output:

configure: Configured to build curl/libcurl:

  Host setup:       x86_64-w64-mingw32
  Install prefix: /mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32
  Compiler:         x86_64-w64-mingw32-gcc
   CFLAGS:          -pipe -O2 -pthread
   CPPFLAGS:        -isystem 
/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/include -isystem 
/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/include
   LDFLAGS: -L/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/lib 
-L/mnt/d/github/pyrk-win64/depends/x86_64-w64-mingw32/lib

   LIBS:            -lssl -lcrypto -lssl -lcrypto -lgdi32 -lws2_32

  curl version:     7.70.0
  SSL:              enabled (OpenSSL)
  SSH:              no      (--with-{libssh,libssh2})
  zlib:             no      (--with-zlib)
  brotli:           no      (--with-brotli)
  GSS-API:          no      (--with-gssapi)
  TLS-SRP:          enabled
  resolver:         POSIX threaded
  IPv6:             enabled
  Unix sockets:     no      (--enable-unix-sockets)
  IDN:              no      (--with-{libidn2,winidn})
  Build libcurl:    Shared=no, Static=yes
  Built-in manual:  enabled
  --libcurl option: enabled (--disable-libcurl-option)
  Verbose errors:   enabled (--disable-verbose)
  Code coverage:    disabled
  SSPI:             no      (--enable-sspi)
  ca cert bundle:   /etc/ssl/certs/ca-certificates.crt
  ca cert path:     no
  ca fallback:      no
  LDAP:             no      (--enable-ldap / --with-ldap-lib / 
--with-lber-lib)

  LDAPS:            no      (--enable-ldaps)
  RTSP:             no      (--enable-rtsp)
  RTMP:             no      (--with-librtmp)
  Metalink:         no      (--with-libmetalink)
  PSL:              no      (libpsl not found)
  Alt-svc:          no      (--enable-alt-svc)
  HTTP2:            disabled (--with-nghttp2)
  HTTP3:            disabled (--with-ngtcp2, --with-quiche)
  ESNI:             no      (--enable-esni)
  Protocols:        HTTP HTTPS
  Features:         SSL IPv6 AsynchDNS NTLM TLS-SRP HTTPS-proxy

Any help on this would be appreciated.

On Windows the curl command line tool (curl.exe) will check environment 
variables like CURL_CA_BUNDLE and if not found then search paths. 
[1][2][3] libcurl doesn't do that, if you have no compile-time path then 
you would need to detect the location yourself and use CURLOPT_CAINFO 
[4] to set it.


If you use the Schannel backend (native WIndows SSL) instead of OpenSSL 
then you do not need a separate bundle of certificates, the Windows OS 
certificate store is used by default. The next version of curl (7.71, to 
be released next week) will support that for OpenSSL but not by default, 
you would use CURLSSLOPT_NATIVE_CA [5] to enable it.



[1]: https://curl.haxx.se/docs/sslcerts.html
[2]: 
https://github.com/curl/curl/blob/curl-7_70_0/src/tool_operate.c#L2261-L2339
[3]: 
https://github.com/curl/curl/blob/curl-7_70_0/src/tool_doswin.c#L598-L644

[4]: https://curl.haxx.se/libcurl/c/CURLOPT_CAINFO.html
[5]: https://curl.haxx.se/libcurl/c/CURLOPT_SSL_OPTIONS.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: [libcurl][openssh][x64-uwp] cannot set certification verify locations

2020-06-01 Thread Ray Satiro via curl-library


On 5/30/2020 11:57 AM, Feng LI via curl-library wrote:
|* error setting certificate verify locations: CAfile: 
C:\Users\okidogii\AppData\Local\Packages\df268f7d-b5b4-4991-9c68-8120a7b392bb_75cr2b68sm664\LocalState\cacert.pem 
CApath: none|



Are you sure that file exists? That error message is only returned if 
OpenSSL function SSL_CTX_load_verify_locations fails, so I don't think 
it's a curl problem. [1]


[1]: 
https://github.com/curl/curl/blob/curl-7_70_0/lib/vtls/openssl.c#L2753-L2761


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Minimal libcurl compile for windows

2020-05-06 Thread Ray Satiro via curl-library


On 5/6/2020 3:25 PM, Testing WunTuTri via curl-library wrote:



  I did this

Compiling the static lib on windows with nmake yields libcurl_a.lib 
and a bunch of obj files,


libcurl_a.lib needs to be in the folder with the obj files in order 
for my program to compile without unresolved externals.


Which is GREAT! But,

I can't seem to disable certain curl features using nmake, the same 
way I can do with

./configure && make && make install

|./configure --disable-ares --disable-cookies --disable-crypto-auth 
--disable-ipv6 --disable-manual --disable-proxy --disable-verbose 
--disable-versioned-symbols --enable-hidden-symbols --without-libidn 
--without-librtmp --without-ssl --without-zlib --disable-dict 
--disable-file --disable-ftp --disable-gopher --disable-imap 
--disable-ldap --disable-ldaps --disable-pop3 --disable-rtsp 
--disable-smtp --disable-telnet --disable-tftp --disable-pthread 
--prefix=/curl|


This is the configure command I use on git-bash sdk on the same 
windows VM where I used nmake. Everything compiles without erros 
except the fact that all I get is the libcurl.a library instead of 
libcurl_a.lib.


Using it in my program (x64/windows; http-get request to read string 
from given host)


`
#include "curl/curl.h"

#pragma comment (lib, "crypt32.lib")

#pragma comment (lib, "advapi32")

#pragma comment (lib, "ws2_32.lib")

#pragma comment (lib, "wldap32.lib")

#pragma comment (lib, "normaliz.lib")

#pragma comment (lib, "libcurl/libcurl.a")
`

gives me 6 unresolved externals.

https://pastebin.com/raw/fFPVHZGR


I tried linking all the .o files to libcurl.a when compiling, with no 
luck.



  I expected the following

|make install| to produce the libcurl_a.lib file


  curl/libcurl version

7.70.0

I have been looking everywhere and I've spend nearly 10 hours today 
trying to get this sorted, what am I possibly doing wrong?




If you are not building the library with the Microsoft compiler, as you 
would with winbuild and nmake, then you end up with an .a file. It looks 
as though you are attempting to build your application using the 
Microsoft compiler and linking to that .a file. AFAIK that is not 
guaranteed to work. Likely the errors you are seeing is a result of CRT 
mismatch. MinGW is using one CRT and Visual Studio or whatever expects 
another. Even if you use the same CRT I don't think it is supported to 
mix static libraries that way, but I'm not certain. My advice pick one 
compiler or the other.


If you need to use MS compiler to build your app and need static 
libcurl.lib and want to disable features with the winbuild method, you 
could probably do that by finding the defines and specifying them on the 
command line.


nmake /E CC="cl /DCURL_DISABLE_COOKIES /DCURL_DISABLE_DICT 
/DCURL_DISABLE_FILE /DCURL_DISABLE_FTP /DCURL_DISABLE_LDAP 
/DCURL_DISABLE_LDAPS /DCURL_DISABLE_TELNET /DCURL_DISABLE_TFTP "


and so on


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Curl status code does not match 'last' status when using 102 'Processing' in interim

2020-05-01 Thread Ray Satiro via curl-library


On 5/1/2020 12:54 PM, Alex Shaver via curl-library wrote:
I have a server I connect to that may return one or more 102 
'processing' messages to keep the connection alive while a long 
processing action is underway. Supposing the final message is a 200 
response, when I check the curl status code, it returns 102 as the status.


I first noticed this while using pycurl, but I also tested using the 
curl command line tool, and got the same result. Fortunately, I can 
register a header callback and just manually parse the statuses 
myself. But this appears to be a bug as `CURLINFO_RESPONSE_CODE` is 
documented as returning the 'last' response code. Granted, the 'last' 
in that phrase may simply mean to the most recent 'request/response' 
process it ran, but it still feels like it could be improved. Or I may 
be misusing the tool. Advice on how to do it correctly would be 
appreciated, if it is not an error.



I can't reproduce this. libcurl should store the most recent code. [1] 
Can you please try the latest curl? [2]


Terminal 1:
while true; do perl -e 'print ("HTTP/1.1 102 
Processing\r\nContent-Length: 0\r\n\r\nHTTP/1.1 200 
OK\r\nContent-Length: 0\r\n\r\n")' | nc -4l localhost 8000; done


Terminal 2:
curl --write-out "%{http_code}" http://localhost:8000
200


[1]: https://github.com/curl/curl/blob/curl-7_70_0/lib/http.c#L3785-L3786
[2]: https://curl.haxx.se/download.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Retrieving the local address between connect() and HTTP

2020-04-26 Thread Ray Satiro via curl-library

On 4/26/2020 4:44 PM, Jean-Francois Dockes wrote:

Ray Satiro via curl-library writes:
  > On 4/26/2020 10:40 AM, Jean-Francois Dockes via curl-library wrote:
  > > My apologies if this is a frequent question, I could not find an answer.
  > >
  > > It would be convenient for me to retrieve the local address of the
  > > connected socket used for an HTTP GET before the HTTP transaction
  > > begins.
  > >
  > > The pseudo HTTP protocol which my code implements (UPnP) needs to set a
  > > HTTP header which contains a callback URL for the remote host to send
  > > events to. In case the local machine has multiple interfaces, the easiest
  > > way to build an URL which the remote is guaranteed to be able to connect 
to
  > > seems to be just using the connected socket local address.
  > >
  > > Unfortunately, it seems that the two callbacks in this area,
  > > CURLOPT_SOCKOPTFUNCTION and CURLOPT_OPENSOCKETFUNCTION, occur before the
  > > socket is connected.
  > >
  > > I could connect the socket myself (losing the nice CURL code which does it
  > > for me), or find another way to derive the right interface from the
  > > remote address I am connecting to, but a getsockname() on the connected
  > > socket would be much simpler. So I was hoping that there was a way.
  > >
  > > This is assuming that I can call CURLOPT_HTTPHEADER from this point, which
  > > may also not be the case. So, questions...
  >
  > I don't think that is possible without doing the connect yourself. There
  > is CURLINFO_ACTIVESOCKET [1] but it doesn't set the socket until the
  > transfer is done. It is really meant to be used with
  > CURLOPT_CONNECT_ONLY [2].
  >
  > Try doing the connection yourself, set CURLOPT_HTTPHEADER and then in
  > CURLOPT_SOCKOPTFUNCTION [3] return CURL_SOCKOPT_ALREADY_CONNECTED.

Thanks for the CURLOPT_CONNECT_ONLY pointer.

Is there something to prevent me from using the resulting socket fd with
CURLOPT_OPENSOCKETFUNCTION / CURLOPT_SOCKOPTFUNCTION ? I see that this is a
bit convoluted, but it gains me the use of the libcurl URL parsing and
connect code instead of DIY. Does it make sense ? Performance is no big
issue in my use case.

I'm not sure I understand. If you are using libcurl to CONNECT_ONLY [1] 
then it doesn't do data transfer (ie no HTTP). Is that what you want? If 
it is then yes you can use ACTIVESOCKET.

OTOH if you want libcurl to do a HTTP transfer and you want the socket 
right after the connection is made then you should make the connection. 
Note libcurl may make multiple connections in the case of happy eyeballs 
or DOH (DNS-over-HTTPS) or FTP, so unless you don't use all of that you 
can't really be sure which socket is the transfer socket. In other 
words, the socket callbacks may be called multiple times for one 
transfer. (Also multiple times if the connection failed).

I hesitate to mention this but if you are so against manually connecting 
you might be able to get away with it. You could save the socket from 
CURLOPT_SOCKOPTFUNCTION and then in the progress function check to see 
if socket != CURL_SOCKET_BAD && socket != prev and if so change the 
headers. You'd be relying on the progress function to be called after 
the connection is made but before the HTTP request is generated (ie 
before the user-specified headers are added) which is not guaranteed.

[1]: https://curl.haxx.se/libcurl/c/CURLOPT_CONNECT_ONLY.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Retrieving the local address between connect() and HTTP

2020-04-26 Thread Ray Satiro via curl-library


On 4/26/2020 10:40 AM, Jean-Francois Dockes via curl-library wrote:

My apologies if this is a frequent question, I could not find an answer.

It would be convenient for me to retrieve the local address of the
connected socket used for an HTTP GET before the HTTP transaction
begins.

The pseudo HTTP protocol which my code implements (UPnP) needs to set a
HTTP header which contains a callback URL for the remote host to send
events to. In case the local machine has multiple interfaces, the easiest
way to build an URL which the remote is guaranteed to be able to connect to
seems to be just using the connected socket local address.

Unfortunately, it seems that the two callbacks in this area,
CURLOPT_SOCKOPTFUNCTION and CURLOPT_OPENSOCKETFUNCTION, occur before the
socket is connected.

I could connect the socket myself (losing the nice CURL code which does it
for me), or find another way to derive the right interface from the
remote address I am connecting to, but a getsockname() on the connected
socket would be much simpler. So I was hoping that there was a way.

This is assuming that I can call CURLOPT_HTTPHEADER from this point, which
may also not be the case. So, questions...


I don't think that is possible without doing the connect yourself. There 
is CURLINFO_ACTIVESOCKET [1] but it doesn't set the socket until the 
transfer is done. It is really meant to be used with 
CURLOPT_CONNECT_ONLY [2].


Try doing the connection yourself, set CURLOPT_HTTPHEADER and then in 
CURLOPT_SOCKOPTFUNCTION [3] return CURL_SOCKOPT_ALREADY_CONNECTED.



[1]: https://curl.haxx.se/libcurl/c/CURLINFO_ACTIVESOCKET.html
[2]: https://curl.haxx.se/libcurl/c/CURLOPT_CONNECT_ONLY.html
[3]: https://curl.haxx.se/libcurl/c/CURLOPT_SOCKOPTFUNCTION.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: How to not send TLS 1.3 Ciphers?

2020-04-15 Thread Ray Satiro via curl-library


On 4/15/2020 6:36 PM, Mark Windshield via curl-library wrote:
I'm trying to not send TLS 1.3 Ciphers when making a request through 
libcurl (but have the option to set them), I tried compiling openssl 
with 'define TLS_DEFAULT_CIPHERSUITES " " ' instead of it containing 
the three "default" ciphers, but when replacing openssl and using 
liubcurl with that compiled version of openssl it'd always throw a SSL 
Connect error unless I set at least one TLS1.3 Cipher via. 
CURLOPT_TLS13_CIPHERS.
What worked was compiling openssl with "-no-tls1_3", but then I was 
obviously not able to set TLS1.3 Ciphers at all anymore.


I didn't find anything on the matter so I was wondering if and then 
how it is possible to not send any TLS13_Ciphers, while still being 
able to set them via CURLTOP_TLS13_Cipher when needed?



Set the maximum TLS version to 1.2 by using --tls-max 1.2, don't mess 
with the ciphersuites. For example get the headers from www.test.com 
using only TLS 1.2:


curl -I --tlsv1.2 --tls-max 1.2 https://www.test.com


[1]: https://curl.haxx.se/docs/manpage.html#--tls-max

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: static libcurl with clang

2020-03-22 Thread Ray Satiro via curl-library


On 3/20/2020 5:51 AM, Mike via curl-library wrote:
1>libcurl_a.lib(krb5_sspi.obj) : error LNK2019: Verweis auf nicht 
aufgelöstes externes Symbol "__imp_ntohl" in Funktion 
"Curl_auth_create_gssapi_security_message".


please any help as I'm stuck.
many thanks

If you have built libcurl as a static library you will have to include 
the dependencies needed, the lib does not do that for you. In Visual 
Studio properties Linker > Additional Dependencies included by default 
in a project usually include most of that but you may have to specify 
some on your own such as ws2_32. If the functions it can't find are CRT 
functions then that is an issue with your project and not libcurl.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: How to get more information about error code 7

2020-03-19 Thread Ray Satiro via curl-library


On 3/19/2020 4:30 PM, Leo Song via curl-library wrote:
This Curl error 7 is happening intermittently, so yes I am able to 
connect to the server using the command line tool.
Therefore, in case if this happens again in future, I want my 
application to display more error messages than just Curl error 7, 
which is why I am wondering if there is a way to add debugging log 
from openssl in libcurl.


Please don't top-post it makes the conversation hard to follow. [1]

CURLOPT_DEBUGFUNCTION does not work unless CURLOPT_VERBOSE is enabled. [2]

CURLOPT_ERRORBUFFER can sometimes be used to obtain a more detailed 
error string. [3]


[1]: https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post
[2]: https://curl.haxx.se/libcurl/c/CURLOPT_DEBUGFUNCTION.html
[3]: https://curl.haxx.se/libcurl/c/CURLOPT_ERRORBUFFER.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: static libcurl with clang

2020-03-18 Thread Ray Satiro via curl-library


On 3/18/2020 5:08 AM, Mike via curl-library wrote:

Sure I only use the sln projects with VS but get errors like:
1>libcurl.lib(telnet.obj) : error LNK2001: Nicht aufgelöstes externes 
Symbol "__imp_send".
1>libcurl.lib(multi.obj) : error LNK2001: Nicht aufgelöstes externes 
Symbol "__imp_send".
1>libcurl.lib(asyn-thread.obj) : error LNK2001: Nicht aufgelöstes 
externes Symbol "__imp_send".
1>libcurl.lib(sendf.obj) : error LNK2001: Nicht aufgelöstes externes 
Symbol "__imp_send".
1>libcurl.lib(socketpair.obj) : error LNK2001: Nicht aufgelöstes 
externes Symbol "__imp_send".
1>libcurl.lib(ftp.obj) : error LNK2001: Nicht aufgelöstes externes 
Symbol "__imp_WSAGetLastError".
1>libcurl.lib(telnet.obj) : error LNK2001: Nicht aufgelöstes externes 
Symbol "__imp_WSAGetLastError".
1>libcurl.lib(tftp.obj) : error LNK2001: Nicht aufgelöstes externes 
Symbol "__imp_WSAGetLastError".
1>libcurl.lib(multi.obj) : error LNK2001: Nicht aufgelöstes externes 
Symbol "__imp_WSAGetLastError".



Looks like you're missing ws2_32.lib for winsock functions.

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: static libcurl with clang

2020-03-17 Thread Ray Satiro via curl-library


On 3/17/2020 5:32 AM, Mike via curl-library wrote:

I get this error with clang and others with vs compiler:
truncated or malformed archive (string table at long name offset 0not 
terminated)

I try to use libcurl static in my project with Visual Studio.
Is there a working prebuild visual studio download?


If you are using the Microsoft compiler with Visual Studio then I 
suggest use static libraries built with the Microsoft compiler. There 
are some pregenerated VS project files in some common configurations in 
the projects directory, or the winbuild directory has some instructions 
and a makefile for building custom configurations.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Did cookie behavior with POSTing change?

2020-03-15 Thread Ray Satiro via curl-library


On 3/15/2020 6:38 PM, rob--- via curl-library wrote:

The version is what I interpret fromhttp://pmoz.info/try/phpinfo.php  . I
assumed that since the php was recently built, it would also have a new
version of curl. I guess not? This is a shared server, hosted with 1&1, so I
don't have direct influence over what version is used, but if it's indeed
ancient, I'll try to have it fixed.



Please don't top-post it makes the conversation hard to follow. [1] 
Since the libcurl version is that old I'd guess it's probably been there 
for a while. I think it's more likely something else in your script 
broke. You could try to enable CURLOPT_VERBOSE in your script. [2] If 
that doesn't help you could try to debug it using the latest version of 
the curl tool. [3]



[1]: https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post
[2]: https://www.php.net/manual/en/function.curl-setopt.php
[3]: https://curl.haxx.se/download.html


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Did cookie behavior with POSTing change?

2020-03-15 Thread Ray Satiro via curl-library


On 3/15/2020 4:45 PM, rob--- via curl-library wrote:


Iï¿½ve been using cURL for a long time to make automated posts to the 
phpBB3 forum. Recently, it stopped working. The forum software has not 
been changed, so I think this is something in the cURL behavior. I can 
still successfully log in to the forum using cURL, and read anything 
(with GET requests). But POSTing fails, with a message from the forum 
that I need to be logged in. Iï¿½m using the same curl handle (with 
cookie jar) for the GET and POST requests, which used to work like a 
charm. From phpinfo(), my current cURL version is 7.38.0, and the php 
build date was March 2 (which may be when things stopped working ï¿½ I 
donï¿½t recall exactly). I do not know what the cURL version was before 
this.


In any case, Iï¿½m trying to get back in business, and would appreciate 
any pointers as to how to go about this.




That version of curl is over 5 years old. If it is an issue in curl it's 
likely long since been fixed.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Lib Curl Conflicts with Norton Anti Virus

2020-03-06 Thread Ray Satiro via curl-library


On 3/6/2020 5:58 PM, Essam Makhlouf via curl-library wrote:


I had a life chat with Norton support agent and allowed a remote 
control session to help me resolve the problem. He confirmed the file 
is indeed infected. But could not explain why the 64 bit is not infected.
Norton agent suggested to exclude the file from Norton scan. But I 
explained this will not help. When Norton scans the file on the users 
machines, it will delete it from their machines. What I need is to 
resolve the conflict with Norton.


You must work with Norton to resolve the false positive (unless you are 
actually infected, in which case it's not a false positive). We cannot 
do anything about this. Create a post on Norton's forums [1] and explain 
what happened.


[1]: https://community.norton.com/en/forums/category/norton-products

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: sharing cookies … bug?

2020-03-05 Thread Ray Satiro via curl-library


On 3/5/2020 11:06 AM, Felipe Gasper via curl-library wrote:

Would a PR to clarify the documentation on this point be acceptable? e.g., in 
curl_share_setopt(3)’s description of CURL_LOCK_DATA_COOKIE, something like:

---
Prior to 7.67, designating a cookie-sharing share object on an easy automatically enabled 
that easy object’s cookie engine. As of curl 7.67, though, for an easy object to use a 
cookie share it is necessary to explicitly initialize that easy object’s cookie engine, 
e.g., curl_easy_setopt(easy, CURLOPT_COOKIEFILE, "").
---



It's not necessary to document the bug but I've submitted a PR to 
clarify the documentation. [1]


Thanks

[1]: https://github.com/curl/curl/pull/5048

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

How to debug server logs lock timeout?

2020-03-03 Thread Ray Satiro via curl-library

I am running all the tests with ASAN (flags -fsanitize=address,undefined 
-fno-sanitize-recover and make test TFLAGS=-n) in Ubuntu 16. A few times 
I saw:


test 0285...Warning: server logs lock timeout (2 seconds) expired
OK (285 out of 1287, remaining: 06:22, took 2.1s, duration: 01:48)
test 0286...Warning: server logs lock timeout (2 seconds) expired
OK (286 out of 1287, remaining: 06:37, took 5.0s, duration: 01:53)
test 0287...OK (287 out of 1287, remaining: 06:36, took 0.1s, duration: 
01:53)


I cannot reproduce. It doesn't seem to be something about those tests 
specifically. Any ideas for debugging this or should I not worry about it?


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Building with HTTPS-Proxy feature on Windows

2020-03-02 Thread Ray Satiro via curl-library


On 3/2/2020 5:36 PM, Lopes, David via curl-library wrote:


I am unable to build with HTTPS-Proxy feature on Windows (curl 7.68)

I am using OpenSSL as the backend, I have also tried with the WINSSL 
backend


Is there any flag I need to set to build with the feature?

I always get these features:

1> [CMake] -- Enabled features: SSL IPv6 libz AsynchDNS NTLM

1> [CMake] -- Enabled protocols: DICT FILE FTP FTPS GOPHER HTTP HTTPS 
IMAP IMAPS LDAP POP3 POP3S RTSP SMTP SMTPS TELNET TFTP


 1. [CMake] -- Enabled SSL backends: OpenSSL



It is a bug that it is missing from the features list. HTTPS-proxy is 
enabled by default if you use OpenSSL, GnuTLS or NSS. HTTPS-proxy is not 
supported for Schannel (Windows native SSL). If you've built curl with 
OpenSSL then curl -V it should show you the full features. I've 
submitted a PR to add HTTPS-proxy to the features detection in the cmake 
build. [1]


[1]: https://github.com/curl/curl/pull/5025

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: windows NTLM auth with sspi enabled fails mysteriously for some customers

2020-02-27 Thread Ray Satiro via curl-library


On 2/27/2020 5:26 PM, Daniel Stenberg via curl-library wrote:

On Thu, 27 Feb 2020, Zach Hall via curl-library wrote:

build with command line option ENABLE_SSPI=yes. For our environment 
and the
vast majority of our customers' environments, this hasn't caused a 
problem,
However for some it causes login failures. I had one of the customers 
with
this problem test logging in with a libcurl.dll built with 
ENABLE_SSPI=no

installed in our install directory and they could login without issue.

Any clue why this might be happening?


The primary reason we support "ENABLE_SSPI=yes" builds in addition to 
having our own native NTLM implmentation is because of the existance 
of subtle differences in implementations and what they support.


Unfortunately, NTLM is a tricky beast (in my humble opinion) and to 
figure out the exact differences between the implementations we'd have 
to run two builds with otherwise same credentials against a fixed 
server and try to reverse engineeer and understand what SSPI does and 
compare to our own implementation. An interesting task no doubt, but 
also challenging and most likely quite time consuming. 



The only issue I can think of that may possibly be related is 
https://github.com/curl/curl/issues/2120


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: use libcurl to obtain the real-time speed of git clone.

2020-02-20 Thread Ray Satiro via curl-library


On 2/18/2020 4:34 AM, Hongyi Zhao via curl-library wrote:

So yes, git should
be able to show you the current download speed with libcurl. Doesn't it
already do this?

Yes.

But I want to use libcurl to do more self-customized jobs.



libcurl can show a progress meter if you disable NOPROGRESS [1]:

curl_easy_setopt(curl, CURLOPT_NOPROGRESS, 0L);

  % Total    % Received % Xferd  Average Speed   Time    Time Time  Current
 Dload  Upload   Total   Spent Left  Speed
100 15.5M    0 15.5M    0 0  2412k  0 --:--:--  0:00:06 --:--:-- 
2618k


In cases where the content size isn't known it shows 100%. (Seems to me 
it should show ??? or something instead?)


The way it calculates the current speed can be found lib/progress.c [1]. 
It calculates it approximately once every second based on the last 5 
seconds. I made an example from that code to demonstrate [2].


[1]: https://github.com/curl/curl/blob/curl-7_68_0/lib/progress.c#L371
[2]: https://gist.github.com/jay/3db44871ccbe7cc089a25381135e122f

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: 7.58.0 curl_global_sslset returns CURLSSLSET_TOO_LATE

2020-01-28 Thread Ray Satiro via curl-library


On 1/28/2020 8:09 PM, Pawel Veselov wrote:

On Wed, Jan 29, 2020 at 1:09 AM Ray Satiro  wrote:

On 1/28/2020 5:13 PM, Pawel Veselov wrote:

On Tue, Jan 28, 2020 at 10:24 PM Ray Satiro via 
curl-library  wrote:

On 1/28/2020 1:17 PM, Pawel Veselov via curl-library wrote:

I have a simple prologue code in my program to select SSL backend. It
works on relatively
recent versions (e.g. 7.65), but specifically on 7.58 ("latest" for
Ubuntu 18),
curl_global_sslset() returns CURLSSLSET_TOO_LATE.
I thought somebody else may be calling init function, but I can see
from the source code
that it simply returns TOO_LATE if there are no multiple SSL backends,
and if ID
doesn't match the ID of the backend that was actually compiled in.

Could you please save me some investigative time and let me know in
which version
was this changed so that calling this with without IDs returns list of
available backends even
in case of single backend?

sslset also returns too late if it has been called after global init.

global init hasn't been called.


How are you calling it, with name or id?

I just want the list, so I pass id of -1 and name of 0.


There was an issue when id was
set to -1 that was fixed [1] a year ago. Also there was an improvement
in 7.60 to return the backends even if too late [2]. The change is
documented you could test for it like this:

if(rc != CURLSSLSET_OK) {
  curl_version_info_data *verinfo = curl_version_info(CURLVERSION_NOW);
  if(verinfo->version_num >= CURL_VERSION_BITS(7,60,0)) {
/* backend list available even if CURLSSLSET_TOO_LATE */
  }
}

Ah, I see. The bone that I have to pick with this is that return of
TOO_LATE can happen because either global init was called, or
because there is only one backend (and I didn't guess right), and
I can't really tell the difference.

The whole deal here is that I want to prevent getting libcurl with one
backend in particular. I guess my logic should be:
* call sslset with -1/NULL. If that gives me a list of backends,
pick the one that I want, and call sslset again, and see if it worked
* If there was no list of backends, try to call with the bad
   backend ID, and see if then it succeeds. If it does, then I have
   a backend I don't want


To be clear it is supposed to work as it is documented [1].
If it does not work that way (aside from that known bug in early versions) 
please let us know.
I don't know why you would try to set the backend you don't want.

I was trying to figure out a good way to workaround #3346
for versions that still have it.


Do you mean you need to know if a particular backend is in use?

Yes. If a particular backend is in use, I want to not let my
application continue,
and if I have a choice - pick any other backend except for that one I dislike
and NONE:)


We don't have a curl_global_sslget [2].

That's a pity. But even if it was added now, I would still need to make the
logic work for earlier versions (reasonably, but I need, for example,
to support Ubuntu 16 that uses 7.47).


[1]:https://curl.haxx.se/libcurl/c/curl_global_sslset.html
[2]:https://github.com/curl/curl/pull/2063

Thank you for your help!



Well the workaround I mentioned in that bug does work, you can see how 
we used it [1] in the curl tool. Basically after curl has initialized 
you can call curl_easy_init [2] to create an easy handle (note if you do 
this before initializing curl, it will call initialization for you) and 
then get the backend of that handle. Currently the backend is set 
globally and can't be changed but it could be improved at some point to 
allow it per handle, which I think is part of why I got a lukewarm 
reception to add a global way to get the backend.


In your case you would use CURLINFO_TLS_SESSION [4] the predecessor to 
CURLINFO_TLS_SSL_PTR [3]. Although it is not documented (I will change 
this) only since 7.45.0 it will always return the backend in use [5]. So 
you could do it like this:


/* initialize curl before calling curl_version_info */
if(!(verinfo->features & CURL_VERSION_SSL)) {
  problem = true; /* may happen */
}
else if(verinfo->version_num < CURL_VERSION_BITS(7,45,0)) {
  /* no multiple ssl backends and no ssl backend constants */
  sslver = duplowercase(verinfo->ssl_version);
  if(!sslver) /* shouldn't happen */
    abort();
  if(strstr(sslver, "openssl")) /* may happen */
    problem = true;
  free(sslver);
else {
  CURL *curltls = curl_easy_init();
  struct curl_tlssessioninfo *tbi = NULL;
  CURLcode rc = curl_easy_getinfo(curltls, CURLINFO_TLS_SESSION, );
  if(rc || tbi->backend == CURLSSLBACKEND_NONE) { /* shouldn't happen */
    curl_easy_cleanup(curltls);
    abort();
  }
  if(tbi->backend == CURLSSLBACKEND_OPENSSL) /* may happen */
    problem = true;
  curl_easy_cleanup(curltls);
}


Working with the string compare has some caveats because like in the 
case of openssl it doesn't the forks. For example you may have libressl 
or bori

Re: 7.58.0 curl_global_sslset returns CURLSSLSET_TOO_LATE

2020-01-28 Thread Ray Satiro via curl-library

On 1/28/2020 5:13 PM, Pawel Veselov wrote:
On Tue, Jan 28, 2020 at 10:24 PM Ray Satiro via curl-library 
mailto:curl-library@cool.haxx.se>> wrote:

On 1/28/2020 1:17 PM, Pawel Veselov via curl-library wrote:
>
> I have a simple prologue code in my program to select SSL
backend. It
> works on relatively
> recent versions (e.g. 7.65), but specifically on 7.58 ("latest" for
> Ubuntu 18),
> curl_global_sslset() returns CURLSSLSET_TOO_LATE.
> I thought somebody else may be calling init function, but I can see
> from the source code
> that it simply returns TOO_LATE if there are no multiple SSL
backends,
> and if ID
> doesn't match the ID of the backend that was actually compiled in.
>
> Could you please save me some investigative time and let me know in
> which version
> was this changed so that calling this with without IDs returns
list of
> available backends even
> in case of single backend?

sslset also returns too late if it has been called after global init.

global init hasn't been called.

How are you calling it, with name or id? 

I just want the list, so I pass id of -1 and name of 0.

There was an issue when id was
set to -1 that was fixed [1] a year ago. Also there was an
improvement
in 7.60 to return the backends even if too late [2]. The change is
documented you could test for it like this:

   if(rc != CURLSSLSET_OK) {
 curl_version_info_data *verinfo =
curl_version_info(CURLVERSION_NOW);
 if(verinfo->version_num >= CURL_VERSION_BITS(7,60,0)) {
   /* backend list available even if CURLSSLSET_TOO_LATE */
 }
   }

Ah, I see. The bone that I have to pick with this is that return of
TOO_LATE can happen because either global init was called, or
because there is only one backend (and I didn't guess right), and
I can't really tell the difference.

The whole deal here is that I want to prevent getting libcurl with one
backend in particular. I guess my logic should be:
* call sslset with -1/NULL. If that gives me a list of backends,
pick the one that I want, and call sslset again, and see if it worked
* If there was no list of backends, try to call with the bad
  backend ID, and see if then it succeeds. If it does, then I have
  a backend I don't want

To be clear it is supposed to work as it is documented [1]. If it does 
not work that way (aside from that known bug in early versions) please 
let us know. I don't know why you would try to set the backend you don't 
want. Do you mean you need to know if a particular backend is in use? We 
don't have a curl_global_sslget [2].

[1]: https://curl.haxx.se/libcurl/c/curl_global_sslset.html
[2]: https://github.com/curl/curl/pull/2063

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: 7.58.0 curl_global_sslset returns CURLSSLSET_TOO_LATE

2020-01-28 Thread Ray Satiro via curl-library


On 1/28/2020 1:17 PM, Pawel Veselov via curl-library wrote:


I have a simple prologue code in my program to select SSL backend. It 
works on relatively
recent versions (e.g. 7.65), but specifically on 7.58 ("latest" for 
Ubuntu 18),

curl_global_sslset() returns CURLSSLSET_TOO_LATE.
I thought somebody else may be calling init function, but I can see 
from the source code
that it simply returns TOO_LATE if there are no multiple SSL backends, 
and if ID

doesn't match the ID of the backend that was actually compiled in.

Could you please save me some investigative time and let me know in 
which version
was this changed so that calling this with without IDs returns list of 
available backends even

in case of single backend?



sslset also returns too late if it has been called after global init. 
How are you calling it, with name or id? There was an issue when id was 
set to -1 that was fixed [1] a year ago. Also there was an improvement 
in 7.60 to return the backends even if too late [2]. The change is 
documented you could test for it like this:


  if(rc != CURLSSLSET_OK) {
    curl_version_info_data *verinfo = curl_version_info(CURLVERSION_NOW);
    if(verinfo->version_num >= CURL_VERSION_BITS(7,60,0)) {
  /* backend list available even if CURLSSLSET_TOO_LATE */
    }
  }

[1]: https://github.com/curl/curl/commit/2456152
[2]: https://github.com/curl/curl/commit/d0394de

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: CURLE_SSL_CACERT_BADFILE error for HTTPS URL

2020-01-12 Thread Ray Satiro via curl-library


On 1/12/2020 10:49 AM, shiftag via curl-library wrote:

On 1/12/20 1:32 AM, Daniel Stenberg wrote:

On Sat, 11 Jan 2020, shiftag via curl-library wrote:


So it appears the issue is not related to the compilation. The normal
behavior of libcurl is checking /etc/ssl/certs
,so I rebuild the content
of that directory with .crt files and the symbolink link to .pem with
the symbolink link to the hash (the one generated by c_rehash command).

I'd recommend you rather use the configure option
--with-ca-bundle=FILE or --with-ca-path=DIRECTORY instead and point
out exactly the file and/or path you want your build to use.

Or set it at run-time.


Hi Daniel,

That's what I did, I built libcurl with --with-ca-bundle and
--with-ca-path but I unfortunately did a wrong copy/paste for curl one.
I add the options that way:

             --with-ca-bundle=$(PATHDEP)/certs/ca-bundle.crt
             --with-ca-path=$(PATHDEP)/certs

using the static curl binary in verbose mode I could see both path are
correct. But I think the issue is related to the certs stuff. As I'm
using a non-standard path I had to generate/download the ca-bundle, the
crt files, pem files and the hash. So, curl static binay is checking the
right path but still I end-up with error 77.



I'm missing the earlier messages in this conversation so I'm not sure if 
this has been covered yet but try curl tool options --cacert [1] and 
--capath [2]. If those run time options work but the build time options 
do not then there may be a bug. However if the run time options do not 
work either then there is another issue. Please include verbose output 
if you need more help.


[1]: https://curl.haxx.se/docs/manpage.html#--cacert
[2]: https://curl.haxx.se/docs/manpage.html#--capath

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: SSL session ID reuse - clarification needed

2020-01-04 Thread Ray Satiro via curl-library


On 1/3/2020 5:29 PM, Peter Wu via curl-library wrote:

On Fri, Jan 03, 2020 at 09:21:04PM +0100, Daniel Jeliński via curl-library 
wrote:

Hi all,
I see that libcurl supports SSL session ID cache already, unless
CURLOPT_SSL_SESSIONID_CACHE is cleared. However, I'm having a hard
time finding information about the scope of session ID reuse:
- Are session IDs reused only within an easy handle or globally for
all handles within the application?

It looks like it is reused within an easy handle only. The attached
program was based on the output of:



Yes. Check out the share interface [1]. You can use 
CURL_LOCK_DATA_SSL_SESSION [2] to share Session IDs.



[1]: https://curl.haxx.se/libcurl/c/libcurl-share.html
[2]: https://curl.haxx.se/libcurl/c/curl_share_setopt.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Use GetEnvironmentVariable() instead of getenv()?

2020-01-02 Thread Ray Satiro via curl-library


On 1/2/2020 9:56 AM, Christoph M. Becker via curl-library wrote:

I've noticed that curl_getenv() uses getenv() on Windows[1].  However,
environment variables set with SetEnvironmentVariable() are not seen by
getenv() (although GetEnvironmentVariable() sees changes done by
putenv()), and since SetEnvironmentVariable() is preferable to putenv()
because the former is thread-safe, this can be an issue.  At least it
affects thread-safe PHP builds[2].

Is there anything that prevents libcurl to use GetEnvironmentVariable()
instead of getenv()?

[1]

[2]


Confirmed. I've opened an issue [1] for further discussion.

[1]: https://github.com/curl/curl/issues/4774


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: IP address of failed/tried connections?

2020-01-01 Thread Ray Satiro via curl-library


On 1/2/2020 12:34 AM, Ray Satiro wrote:
libcurl saves that information only if a connection is made [1]. You 
may not be looking for debug strings but CURLINFO_TEXT is the fastest 
way I can think of to do what you're asking [2][3][4][5]. Either that 
or you modify libcurl for your own purposes to do it. (I don't think 
there's any interest to add such a feature upstream, but I'm sure I'll 
be shortly corrected if there is). 


hm I'm a little scattered today, I just thought of 
CURLOPT_OPENSOCKETFUNCTION [1] and CURLOPT_SOCKOPTFUNCTION [2]. You 
could record the addresses on open and then use primary_ip to see which 
one curl is using for the transfer. Also you could choose on open to do 
the connection yourself and return CURL_SOCKOPT_ALREADY_CONNECTED if you 
need that type information, such as you need to know always whether a 
connection succeeded or not (remember libcurl may discard a successful 
connection if another connection beat it due to happy eyeballs).


[1]: https://curl.haxx.se/libcurl/c/CURLOPT_OPENSOCKETFUNCTION.html
[2]: https://curl.haxx.se/libcurl/c/CURLOPT_SOCKOPTFUNCTION.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: IP address of failed/tried connections?

2020-01-01 Thread Ray Satiro via curl-library


On 1/2/2020 12:34 AM, Ray Satiro wrote:
Note libcurl may attempt two connections at once and then goes with 
the fastest connection in what is known as "happy eyeballs".


Oops I meant it attempts both connections simultaneously and then uses 
the first completed connection. You can read more about it at 
https://en.wikipedia.org/wiki/Happy_Eyeballs


Also the debug strings aren't guaranteed the remain the same, they may 
change in future versions.



---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: IP address of failed/tried connections?

2020-01-01 Thread Ray Satiro via curl-library


On 1/1/2020 10:48 PM, Arthur Murray via curl-library wrote:

I would like to get the IP#(s) of both successful and failed
connections after "curl_easy_perform". For example: If I try to:

curl_easy_setopt(curl, CURLOPT_URL,"http://www.google.com:999;);
res = curl_easy_perform(curl);

It will timeout for port 999 but both of these getinfo entries are empty:

curl_easy_getinfo(curl, CURLINFO_PRIMARY_IP, );
curl_easy_getinfo(curl, CURLINFO_ACTIVESOCKET, );

How do I programmatically get the tried IPs?   (curl -v shows "Trying
[IP#]...", but I'm not looking for debug strings)

Hostnames resolve to many IP #s, different ones at different times of
day and from different geo locations. How can my software access and
use them from libcurl?



libcurl saves that information only if a connection is made [1]. You may 
not be looking for debug strings but CURLINFO_TEXT is the fastest way I 
can think of to do what you're asking [2][3][4][5]. Either that or you 
modify libcurl for your own purposes to do it. (I don't think there's 
any interest to add such a feature upstream, but I'm sure I'll be 
shortly corrected if there is).


Note libcurl may attempt two connections at once and then goes with the 
fastest connection in what is known as "happy eyeballs". happy eyeballs 
occurs if one ip address is ipv4 and the other is ipv6, however iirc due 
to a bug old versions of libcurl allowed happy eyeballs of two ip 
addresses of same family if only that family was present.


[1]: https://github.com/curl/curl/blob/curl-7_67_0/lib/connect.c#L913
[2]: https://curl.haxx.se/libcurl/c/CURLOPT_DEBUGFUNCTION.html
[3]: https://github.com/curl/curl/blob/curl-7_67_0/lib/connect.c#L1129
[4]: https://github.com/curl/curl/blob/curl-7_67_0/lib/connect.c#L938-L940
[5]: https://github.com/curl/curl/blob/curl-7_67_0/lib/url.c#L1393-L1399

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Android: curl return error "couldn't resolve host" when enable c-ares

2019-12-26 Thread Ray Satiro via curl-library


On 12/26/2019 3:03 AM, Nguyen Khue via curl-library wrote:
I build curl with option --enable-ares for android application. When I 
run my application, if I don't set dns server then curl always return 
error "couldn't resolve host". I didn't get this error when running on 
the desktop application. How I can fix it?


Do the c-ares test programs work? Do other system programs work to 
resolve hosts? Does verbose output [1][2] give you any clue?



[1]: https://curl.haxx.se/docs/manpage.html#-v
[2]: https://curl.haxx.se/libcurl/c/CURLOPT_VERBOSE.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: how to make requests of http2 using curl

2019-12-16 Thread Ray Satiro via curl-library


On 12/17/2019 2:26 AM, Daniel Stenberg via curl-library wrote:

On Tue, 17 Dec 2019, peng xu via curl-library wrote:

I have wriiten the code below to make a http2 request, but the debug 
info showed me that it's http 1.1, would you please tell me why and 
how should I amend it:


Does your libcurl support HTTP/2 to begin with?


?? {
?? curl_version_info_data *info = curl_version_info(CURLVERSION_NOW);
?? printf("HTTP2 is %s\n", ((info->features & CURL_VERSION_HTTP2) ? 
"supported" : "NOT supported"));

?? printf("%s\n", curl_version());
?? }

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: ImportError: pycurl: libcurl link-time version (7.64.0) is older than compile-time version (7.65.3)

2019-12-10 Thread Ray Satiro via curl-library


On 12/10/2019 9:03 AM, Hongyi Zhao via curl-library wrote:

I use pipenv to install pycurl for my project:

$ pipenv install pycurl

Then when I run the project, I meet the following error:

---
$ speed-check.sh
Traceback (most recent call last):
   File 
"/root-share/home/distro-desktop/software/anti-gfw/socks5/socks5-haproxy/speed-check/pycurl-myhomura.py",
line 8, in 
 import pycurl
ImportError: pycurl: libcurl link-time version (7.64.0) is older than
compile-time version (7.65.3)
-

I'm using Debian 10, and the curl is installed from repo with the followng info:


$ curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1d
zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0
nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps
pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM
NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
--

Any hints for solve this issue?



I suggest ask pycurl people about that, 
https://github.com/pycurl/pycurl/issues


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: http requests

2019-12-01 Thread Ray Satiro via curl-library


On 12/2/2019 2:21 AM, Daniel Stenberg wrote:

On Mon, 2 Dec 2019, Ray Satiro via curl-library wrote:

If you are using Visual Studio you will probably have to build it 
yourself from source [1] since I don't think we have pre-built libs 
for Visual Studio.


How about the vcpkg approach mentioned at the top of 
https://curl.haxx.se/docs/install.html, isn't that also a decent way 
to get libcurl for your Visual Studio build? 


I didn't know about that... I stand corrected I guess!

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: http requests

2019-12-01 Thread Ray Satiro via curl-library


On 11/29/2019 10:25 AM, Gustav Wiberg via curl-library wrote:


Im trying to get libcurl working with Visual Studio 2017 with C++ on 
Windows 10. I have tried different things and maybe I have messed VS 
2017 ;-)


I have never used C++ before so u understand my knowledge about this...

 I want to do a very simple http request and I can't figure out to get 
this to work. Im unsure where to link libraries and what libraries to 
link and what folders to include etc. Should I download from 
https://curl.haxx.se/windows/ ?


Can someone point me in the right direction?


If you are using Visual Studio you will probably have to build it 
yourself from source [1] since I don't think we have pre-built libs for 
Visual Studio.


There are several ways to build curl using Visual Studio (ie Microsoft's 
compiler). Cmake [2], winbuild [3], and project files generated in 
common configurations [4].


For example let's look at winbuild. You would open a Visual Studio 
command prompt in the platform you want to build, x86 or x64. For 
example you probably have at least two of these shortcuts in your Visual 
Studio folder (or Tools subfolder) in the start menu:


Visual Studio Command Prompt (this is the x86 one)
run:
cd /d [srcdir]\winbuild
nmake /f Makefile.vc mode=dll VC=15

When done open:

Visual Studio x64 Win64 Command Prompt (this is the x64 one)
run:
cd /d [srcdir]\winbuild
nmake /f Makefile.vc mode=dll VC=15

Then you should have a build of both x86 and x64 libcurl.dll and 
curl.exe. If you run dir /b [srcdir]\builds you should see this:


libcurl-vc15-x64-release-dll-ipv6-sspi-winssl
libcurl-vc15-x64-release-dll-ipv6-sspi-winssl-obj-curl
libcurl-vc15-x64-release-dll-ipv6-sspi-winssl-obj-lib
libcurl-vc15-x86-release-dll-ipv6-sspi-winssl
libcurl-vc15-x86-release-dll-ipv6-sspi-winssl-obj-curl
libcurl-vc15-x86-release-dll-ipv6-sspi-winssl-obj-lib

The obj directories are temporary and can be removed, what you really 
want are these:


libcurl-vc15-x64-release-dll-ipv6-sspi-winssl
libcurl-vc15-x86-release-dll-ipv6-sspi-winssl

Those contain bin, include and lib.

bin contains curl.exe and libcurl.dll and you would add that location 
(x86 and x64 respectively) to your VS project in Debugging > 
Environment. For example:


For configurations using x86/Win32 platform add a line:
PATH=[srcdir]\builds\libcurl-vc15-x86-release-dll-ipv6-sspi-winssl\bin;%PATH%

For configurations using x64/Win64 platform add a line:
PATH=[srcdir]\builds\libcurl-vc15-x64-release-dll-ipv6-sspi-winssl\bin;%PATH%

Your application would also need the DLL outside of Visual Studio, so 
instead you may want to copy the DLL to the same directory as your 
application and then you wouldn't have to specify the PATH that way.


include contains the include files and you would add that location (x86 
and x64 respectively) to your VS project in C++ > General > Additional 
Include Directories.


lib contains the import file for libcurl.dll, and you would add that 
location (x86 and x64 respectively) to your VS project in Linker > 
General > Additional Library Directories. Also you would add 
libcurl.lib; in Linker > Input > Additional Dependencies.


You can try example docs/examples/simple.c [5] in your project to see if 
it's working.


[1]: https://curl.haxx.se/download.html
[2]: 
https://raw.githubusercontent.com/curl/curl/curl-7_67_0/docs/INSTALL.cmake
[3]: 
https://raw.githubusercontent.com/curl/curl/curl-7_67_0/winbuild/BUILD.WINDOWS.txt

[4]: https://raw.githubusercontent.com/curl/curl/curl-7_67_0/projects/README
[5]: 
https://raw.githubusercontent.com/curl/curl/curl-7_67_0/docs/examples/simple.c



---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Missing data fragments when custom headers set

2019-11-24 Thread Ray Satiro via curl-library

On 11/24/2019 6:42 AM, Firefox OS via curl-library wrote:

Dnia 2019-11-24, o godz. 10:21:07
tangram67 via curl-library napisał(a):

Hi to all.

I'm using libcurl as a receiver for MP3 radio streams.
When using custom headers in conjunction with header and body data
callbacks, some data is missing in the data callbacks. This is also
reproducable when using the following command line:

curl --header "Icy-MetaData: 1" -sD - -o ./ndr1.mp3
http://ndr-edge-2061.dus-lg.cdn.addradio.net/ndr/ndr1niedersachsen/hannover/mp3/128/stream.mp3

If you play the resulting MP3 file with some kind of media player you
can hear dropdowns caused by missing data. If you remove the custom
header, then the stream is OK. Also this behaviour is independant of the
header value, so any header string will cause the problem.

Hi Dirk,

What makes you think the dropdowns are caused by missing data?

You requested the server to multiplex metadata with the MP3 stream.
You can't send such a stream directly to MP3 decoder. Instead,
your client needs to extract "icy-metaint:" response header and demux
the stream appropriately (extract the metadata instead of sending
them to MP3 decoder). Otherwise you're periodically feeding the decoder
with garbage.

Please cross-check your results with a client which doesn't use libcurl, e.g.
wget -S --header "Icy-MetaData: 1" -O
ndr2.mp3http://ndr-edge-2061.dus-lg.cdn.addradio.net/ndr/ndr1niedersachsen/hannover/mp3/128/stream.mp3

For demux explanation check out https://stackoverflow.com/a/44090879 so
it is possible, but I'd only do it if you have to.

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html

Re: How to manage buggy http/2 in MacOS and Linux

2019-11-19 Thread Ray Satiro via curl-library


On 11/19/2019 8:00 AM, Jeroen Ooms wrote:

On Tue, Nov 19, 2019 at 9:25 AM Ray Satiro via curl-library
  wrote:

On 11/18/2019 8:42 AM, Jeroen Ooms via curl-library wrote:

I maintain the libcurl R bindings which are used by 1M+ users to build
clients for countless web services. On MacOS and Linux, the bindings
link to the system version of libcurl. As of MacOS Catalina (released
last month) this is now libcurl 7.64.1 which is the first time that
http/2 is enabled by default. This is where the problems begin.

Users that have upgraded to Catalina are reporting applications that
were stable before are now randomly giving "Error in the HTTP2 framing
layer" errors. Similar sounds from Linux users. As we know, HTTP/2
support in libcurl was quite buggy until very recently (eg:
https://daniel.haxx.se/blog/2018/09/05/curl-7-61-1-comes-with-only-bug-fixes/
) and maybe still today not as reliable as HTTP/1.

As maintainer of the bindings, I'm not sure how to handle this. One
solution would to be override the default CURLOPT_HTTP_VERSION in the
bindings to CURL_HTTP_VERSION_1_1 for certain versions of libcurl, but
it's hard to judge which versions of libcurl have robust http/2
support.

"Quite buggy" is an overstatement.

Sorry, I didn't mean to be overly critical, again http/2 is incredibly
complex. But in my experience, http/2 in libcurl has only very
recently become more stable. In Daniel's words from the blog 1 year
ago: "I think it is safe to say that HTTP/2 users of libcurl have
previously used it in a pretty “tidy” fashion, because I believe I
corrected four or five separate issues that made it misbehave.  It was
rather pure luck that has made it still work as well as it has for
past users!". Obviously, most problems only appear when you start
multiplexing, they do not really affect single requests over the
command line.


I think Daniel calling it "pure luck" is too conciliatory, it was that 
edge cases are just that, edge cases.



I am subscribed to your repo and I am not aware of issues regarding this. 
Without knowing what was reported I think it's premature to say.

Most of these problems are not reported in my repo, I get emailed or
tagged by users who attribute the error to the server or the package
that uses curl. But if you search for "Error in the HTTP2 framing
layer" there are a lot of people starting to see these errors
recently, without realizing these problems originate. Here is one
example of such a report I was trying to debug:
https://github.com/eddelbuettel/rpushbullet/issues/57


I don't have statistics on this but I'll guess most of those "framing 
layer" errors are proper. Some servers don't hangup properly and that is 
a problem for HTTP/2. Nevermind that TLS on its own has similar 
sensitivity. The blame certainly can be on curl, I think it's few and 
far between. For example #4267 which was fixed [1] in 7.67.0. That is a 
patch that you would want to backport if you were an OS maintainer 
maintaining a recent older version of curl.


[1]: https://github.com/curl/curl/commit/c1b6a38

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: How to manage buggy http/2 in MacOS and Linux

2019-11-19 Thread Ray Satiro via curl-library


On 11/18/2019 8:42 AM, Jeroen Ooms via curl-library wrote:

I maintain the libcurl R bindings which are used by 1M+ users to build
clients for countless web services. On MacOS and Linux, the bindings
link to the system version of libcurl. As of MacOS Catalina (released
last month) this is now libcurl 7.64.1 which is the first time that
http/2 is enabled by default. This is where the problems begin.

Users that have upgraded to Catalina are reporting applications that
were stable before are now randomly giving "Error in the HTTP2 framing
layer" errors. Similar sounds from Linux users. As we know, HTTP/2
support in libcurl was quite buggy until very recently (eg:
https://daniel.haxx.se/blog/2018/09/05/curl-7-61-1-comes-with-only-bug-fixes/
) and maybe still today not as reliable as HTTP/1.

As maintainer of the bindings, I'm not sure how to handle this. One
solution would to be override the default CURLOPT_HTTP_VERSION in the
bindings to CURL_HTTP_VERSION_1_1 for certain versions of libcurl, but
it's hard to judge which versions of libcurl have robust http/2
support.



"Quite buggy" is an overstatement. I am subscribed to your repo and I am 
not aware of issues regarding this. Without knowing what was reported I 
think it's premature to say. If you are aware of a specific version you 
need to work around then you can use version info's version_num and 
nghttp2_ver_num, however the latter is only available since 7.66.0. Both 
have format (MAJOR << 16) | (MINOR << 8) | PATCH.


curl_version_info_data *ver = curl_version_info(CURLVERSION_NOW);
ver->version_num < 0x074300 /* libcurl 7.67.0 */ ||
ver->age < 5 /* libcurl 7.66.0 */ || ver->nghttp2_ver_num < 0x012600 /* 
nghttp2 1.38.0 */

then fall back to http 1.1

(age check isn't necessary above since the checked curl version is 
greater than that, but left in for example)


I suppose it's also possible to report the problem you are having to 
Apple, they may fix it if they backport patches like other OS 
maintainers do.



---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Problem linking on mac-os

2019-11-16 Thread Ray Satiro via curl-library


On 11/16/2019 10:12 AM, Ben Greear via curl-library wrote:
I have a program called l4helper, that links against a libcurl (and 
lib-cares) that

I have compiled myself.

The library is in my LD_LIBRARY_PATH, and at any rate was never in 
/usr/local/lib/libcares.2.dylib


Anyone know why it is trying to load that specific location and how to 
make it look

in ./local/lib or something like that?

ct-mini1:~ lanforge$ ./l4helper --help
dyld: Library not loaded: /usr/local/lib/libcares.2.dylib
  Referenced from: /Users/lanforge/./l4helper
  Reason: image not found
Abort trap: 6 


That sounds like a question for l4helper people. I don't know Mac OS X 
but from what I've read just now you may need DYLD_LIBRARY_PATH instead, 
or if that doesn't work you can run a test similar to Linux LD_PRELOAD:


DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES=somelib ./l4helper



---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: reproducible, but limited, SEGFAULTS after upgrade curl/libcurl 7.66 -> 7.67. curl issue, or not?

2019-11-12 Thread Ray Satiro via curl-library


On 11/12/2019 11:38 AM, PGNet Dev via curl-library wrote:

Retrieving:http://download.opensuse.org/distribution/leap/15.1/repo/oss/repodata/57cb86253c19b7c80ce4de1fb5a081a842e24eac5308c84b159d6728e3edc183-appdata.xml.gz
  
-[starting]Segmentation
 fault (core dumped)
...
```

journal reports,
```
journalctl -f
...
Nov 11 13:37:51 prod223 kernel: [13139.140228] zypper[26689]: segfault 
at 6d6172617088 ip 7fbced4c5961 sp 7ffdf070a3e0 error 4 in 
libcurl.so.4.6.0[7fbced488000+88000]
Nov 11 13:37:51 prod223 kernel: [13139.140236] Code: 8c 94 00 00 00 39 71 28 
0f 8c 8b 00 00 00 0f 1f 00 49 89 41 08 49 89 c1 48 8b 40 08 48 39 78 20 7e bd 48 8b 
10 48 85 d2 74 3f <48> 39 7a 20 7f 19 7c 05 39 72 28 7f 12 48 89 c2 49 89 10 49 
89 d0
Nov 11 13:37:51 prod223 kernel: [13139.140245] RIP: 0033:0x7fbced4c5961
Nov 11 13:37:51 prod223 kernel: [13139.140246] Code: 8c 94 00 00 00 39 71 28 
0f 8c 8b 00 00 00 0f 1f 00 49 89 41 08 49 89 c1 48 8b 40 08 48 39 78 20 7e bd 48 8b 
10 48 85 d2 74 3f <48> 39 7a 20 7f 19 7c 05 39 72 28 7f 12 48 89 c2 49 89 10 49 
89 d0
Nov 11 13:37:51 prod223 kernel: [13139.140247] RSP: 
002b:7ffdf070a3e0 EFLAGS: 00010202
Nov 11 13:37:51 prod223 kernel: [13139.140248] RAX: 55e3802b0da8 
RBX: 55e380270938 RCX: 55e380270938
Nov 11 13:37:51 prod223 kernel: [13139.140249] RDX: 6d6172617068 
RSI: 00053d91 RDI: 3353
Nov 11 13:37:51 prod223 kernel: [13139.140250] RBP: 3353 
R08: 7ffdf070a3e0 R09: 7ffdf070a3e0
Nov 11 13:37:51 prod223 kernel: [13139.140251] R10: 7ffdf070a420 
R11: 3353 R12: 00053d91
Nov 11 13:37:51 prod223 kernel: [13139.140251] R13: 55e380270938 
R14: 55e380218890 R15: 55e380270ae0
Nov 11 13:37:51 prod223 kernel: [13139.140252] FS:  7fbcef7caa00 
GS:  
...
```

Again, downgrading curl/libcurl -> v7.60 fixes the problem.

Also, WITH v7.67, *DIS*abling the one repo also fixes the problem.

I'm not sure this*is*  curl, vs something else systemic ... Can provide add'l 
info as needed.

*Is*  this^^ likely a curl issue?



There's not enough information to tell. I downloaded that appdata file 
without a problem using 7.67 but I'm using Windows. We need a link to 
the issue filed with the repo and a minimal self-contained example that 
can be used to reproduce. Find out if there's a way to enable curl 
verbosity, like for example in git you enable it with environment 
GIT_CURL_VERBOSE, maybe zypper has something similar.


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Fwd: FW: Reg: Issue with libcurl (https call)

2019-11-03 Thread Ray Satiro via curl-library


On 10/28/2019 4:00 AM, Daniel Stenberg via curl-library wrote:

On Mon, 28 Oct 2019, karthikeyan Sivakkumar via curl-library wrote:

 7. We re facing segmentation fault in the 'appending header' 
section
 itself. This behavior is consistent and dbx analysis as well as 
truss
 command output point to the same curl_slist_append() function 
call as the

 reason for the segmentation fault.


curl_slist_append() is a public libcurl function that has worked the 
same way for many years and that's also unmodified since a long time.


It seems likely that this crash is caused by your application's use of 
this function.


If you think differently, then please provide a stand-alone example 
source code for a program that shows this problem reproduced. 



Also please review libcurl thread safety. [1]


[1]: https://curl.haxx.se/libcurl/c/threadsafe.html


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Problems with schannel support for CURLOPT_CAINFO

2019-11-01 Thread Ray Satiro via curl-library


On 10/31/2019 7:11 AM, Richard Alcock via curl-library wrote:

I'm hitting what I think is two problems using CURLOPT_CAINFO with the
schannel backend.

The issues stem from making requests concurrently from multiple
threads specifing the same file in CURLOPT_CAINFO. If I run the code
below on multiple threads concurrently, some number of them fail, and
print out:

"ERROR: Problem with the SSL CA cert (path? access rights?) -
schannel: failed to open CA file '': Broken pipe"

CURL *curl = curl_easy_init();
char error[CURL_ERROR_SIZE];
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, error);
curl_easy_setopt(curl, CURLOPT_FILE, nullptr);
curl_easy_setopt(curl, CURLOPT_URL,"https://example.com/;);
curl_easy_setopt(curl, CURLOPT_CAINFO,"");
int res = curl_easy_perform(curl);
if (res != CURLE_OK) {
  std::cerr << "ERROR: " << curl_easy_strerror(res) << " - " <<
std::string(error) << "\n";
}
curl_easy_cleanup(curl);

I believe this is because in schannel_verify.c the ca_file provided in
CURLOPT_CAINFO is opened (via CreateFile) with the (default) share
mode of 0. From MSDN this "Prevents other processes from opening a
file or device if they request delete, read, or write access." This is
fixed by passing FILE_SHARE_READ to the call to CreateFile. Any reason
why the "no sharing allowed" mode was chosen here instead?


It's a bug and I didn't catch it during review. Fix just landed [1].



The second issue is in how the Windows error is converted to a string.
I believe when CreateFile fails GetLastError is returning 32
(ERROR_SHARING_VIOLATION) but the string version is "Broken Pipe"
which suggests POSIX errno is being used rather than Windows errors.
This is Curl_strerror which is used widely, so not sure of
consequences of making a change there. Any thoughts?


I opened issue #4550 [2] based on your report.

Thanks

[1]: https://github.com/curl/curl/commit/9c49824
[2]: https://github.com/curl/curl/issues/4550

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: file:// test URLs

2019-10-18 Thread Ray Satiro via curl-library


On 10/18/2019 6:40 PM, Marcel Raad via curl-library wrote:

I'm currently trying to get a successful test suite run for curl compiled with 
MSYS GCC, which has more Unix-like behavior compared to MinGW.
(Or, to be exact, I'm trying to be able to add autotools builds to AppVeyor 
with only what is preinstalled.)

Virtually allfile://  tests are failing. They use paths like
file://localhost/%PWD%/log/test200.txt
which translates to something like
file://localhost//home/marcel/curl/tests/log/test200.txt
Note the double slash after the host name. This works fine on Linux, but 
doesn't on MSYS.
Is this format on purpose? Is it defined to work and an MSYS bug or something 
we should fix in the tests?


I don't think that ever worked for msys. Older versions allowed 
something like file://localhost/foo to read from the root of the current 
drive but that wouldn't work the way you expect. Like if the current 
drive was c it would have attempted c:/home/marcel/curl/. Recent 
versions are stricter. I don't think it's an MSYS bug. curl for windows 
( I assume WIN32 is defined here?) is going to attempt to write to 
windows paths, does msys filter that? I know it does with command line 
arguments so if you write -o /home/marcel/curl/out it actually changes 
the argument to something like -o 
C:/MinGW/msys/1.0/home/marcel/curl/out. I have an argumentparser [1] 
that can show you what happens.



[1]: https://gist.github.com/jay/19aba48653bd591cf4b90eb9249a302c


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: spnego sspi delegation [windows 7]

2019-10-10 Thread Ray Satiro via curl-library

On 10/10/2019 5:24 AM, Claudio via curl-library wrote:

-Original Message-
From: curl-library  On Behalf Of Claudio
via curl-library
Sent: Wednesday, July 03, 2019 1:56 PM
To:curl-library@cool.haxx.se
Cc: Rinaldi, Claudio: Quants (LDN)
Subject: spnego sspi delegation [windows 7]

This mail originated from outside our organisation -curl-library@cool.haxx.se

Hello Everyone,

I have a problem with curl lib in window which I have managed to quick fix it
but I would need some further insight from experts.
I am using curllib (or curl command)   with --negotiate authentication on
Windows and "--delegation always" (or policy)  parameter. We use Kerberos
authentication for what I know.
The server I connect to will forward the request to a back end system and my
credential must be provided to be authorized. In Linux seems to work out of
the box but in windows I had always had an error like

"Could not impersonate INTRANET\ as authentication token was not
provided".

The ticket stored in my box for the server I connect to includes the following
attribute

Ticket Flags  -> forwardable renewable pre_authent ok_as_delegate

I have managed to make it work via adding the flag ISC_REQ_DELEGATE to the
call in spnego_sspi.c (around line 250)

  nego->status = s_pSecFn->InitializeSecurityContext(nego->credentials,
 chlg ? nego->context :
 NULL,
 nego->spn,
 ISC_REQ_DELEGATE | 
ISC_REQ_CONFIDENTIALITY,
// <== CODE CHANGE added flag ISC_REQ_DELEGATE
  0, SECURITY_NATIVE_DREP,
 chlg ? _desc : NULL,
 0, nego->context,
 _desc, ,
 );

Now what I wanted to do is to handle the parameter --delegation properly.
First of all I wound need to see in the security package support DELEGATION.
Hence I have checked if the

nego->status = s_pSecFn->QuerySecurityPackageInfo((TCHAR *)

TEXT(SP_NAME_NEGOTIATE),

 );

unsigned long isc_flags = ISC_REQ_CONFIDENTIALITY; if (SecurityPackage-

fCapabilities & SECPKG_FLAG_DELEGATION) {

  if (data->set.gssapi_delegation &
CURLGSSAPI_DELEGATION_POLICY_FLAG)
  {
  isc_flags |= ISC_REQ_DELEGATE;
  }
  else if (data->set.gssapi_delegation & CURLGSSAPI_DELEGATION_FLAG)
  {
  // error not supported ???
  }
  }

Of course is not a gssapi_delegation but I assume sspi should mimic the gssapi
interface/functionality so we could in theory use the same flag.

Question 1:  Is there a way to force the delegation using sspi ? or
CURLGSSAPI_DELEGATION_FLAG is not supported e.g. there is no way to
force if the Active directory does not allow it?

Question 2: When I Iook at the fCapability flags in the SecurityPackage
structure for the loaded package (secur32) I have the info below back (which I
have pretty printed).  The SECPKG_FLAG_DELEGATION is false so I am a bit
puzzled. I can make it work but the library tells me the delegation is not
supported.

Now my knowledge in here is very limited.
If I want to reuse the delegation option what flag do I need to check  to know
If this functionality is supported ? If It is GSS COMPATIBLE ?

Thanks for any help you could provide.

Best Regards
Claudio Rinaldi

Security Package: Negotiate
Security Package supported flags: 83bb3
Comment: Microsoft Package Negotiator

SUPPORTED [SECPKG_FLAG_INTEGRITY]
SUPPORTED [SECPKG_FLAG_PRIVACY]
NOT SUPPORTED [SECPKG_FLAG_TOKEN_ONLY]
NOT SUPPORTED [SECPKG_FLAG_DATAGRAM]
SUPPORTED [SECPKG_FLAG_CONNECTION]
SUPPORTED [SECPKG_FLAG_MULTI_REQUIRED] NOT SUPPORTED
[SECPKG_FLAG_CLIENT_ONLY]
SUPPORTED [SECPKG_FLAG_EXTENDED_ERROR]
SUPPORTED [SECPKG_FLAG_IMPERSONATION]
SUPPORTED [SECPKG_FLAG_ACCEPT_WIN32_NAME] NOT SUPPORTED
[SECPKG_FLAG_STREAM]
SUPPORTED [SECPKG_FLAG_NEGOTIABLE]
SUPPORTED [SECPKG_FLAG_GSS_COMPATIBLE]
SUPPORTED [SECPKG_FLAG_LOGON]
NOT SUPPORTED [SECPKG_FLAG_ASCII_BUFFERS] NOT SUPPORTED
[SECPKG_FLAG_FRAGMENT] NOT SUPPORTED
[SECPKG_FLAG_MUTUAL_AUTH]

NOT SUPPORTED [SECPKG_FLAG_DELEGATION]

NOT SUPPORTED [SECPKG_FLAG_READONLY_WITH_CHECKSUM]
SUPPORTED [SECPKG_FLAG_RESTRICTED_TOKENS] NOT SUPPORTED
[SECPKG_FLAG_NEGO_EXTENDER] NOT SUPPORTED
[SECPKG_FLAG_NEGOTIABLE2] NOT SUPPORTED
[SECPKG_FLAG_APPCONTAINER_PASSTHROUGH]
NOT SUPPORTED [SECPKG_FLAG_APPCONTAINER_CHECKS]

Hi Everyone,

A couple of month ago I sent the above email but unfortunately I did not get 
any answer . I have fixed the code locally and it works but it would be good to 
get this in an

Re: Feature request: passing ssl certificate and/or key parameter as content, not path

2019-10-10 Thread Ray Satiro via curl-library


On 10/10/2019 10:48 AM, Nicolas Mora via curl-library wrote:
According to the libcurl documentation [1], if you want to specify a 
SSL certificate or key to the connection, the parameter must be a file 
path rather than the certificate or key value: "Pass a pointer to a 
zero terminated string as parameter. The string should be the file 
name of your client certificate."


This makes it difficult to use ssl authenticated requests on an 
embedded program where those options can come from various places (API 
response, config file, self-generated, whatever). The only workaround 
I find is to use mkstemp, which adds layers of complexity.


Would it be possible to add the possibility to pass the cert/key 
content as well? By adding a new value to CURLOPT_SSLCERTTYPE for 
example, like "PEM_DATA"?


I can work on a patch but I'd like to know first if the idea would be 
accepted. 



Gilles Vollant already has a work-in-progress pull request for this, I 
think they are going to call it CURLOPT_SSLCERT_BLOB. Please contribute 
to the discussion at https://github.com/curl/curl/pull/4371


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Get cookies for specific URL

2019-09-25 Thread Ray Satiro via curl-library


On 9/24/2019 10:23 AM, Daniel Stenberg via curl-library wrote:

On Tue, 24 Sep 2019, H?lzl, Dominik via curl-library wrote:


get all cookies for a specific URL?


No, we don't provide such an API. Yet. Maybe we should? Ideas on how 
it would look like? 



I took a shot at it [1].


[1]: https://github.com/curl/curl/pull/4420


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: curl_easy_perform() crash (more info)

2019-09-12 Thread Ray Satiro via curl-library


On 9/10/2019 6:08 AM, Daniel Polski via curl-library wrote:

curl 7.65.3
openssl 1.1.1b

I'm still hunting for the crash bug in my application and found 
something interesting: "old SSL session ID is stale, removing" (marked 
"<-- this row") is reported twice about the same time in the verbose 
curl output below.


Are 2 threads trying to remove the same session without locking? As 
far as I understand from openssl.c that should be prevented by the 
call to Curl_ssl_sessionid_lock(conn)?


I setup a share which I initialize once with:
CURLSH *sslShare;
sslShare = curl_share_init();
curl_share_setopt(sslShare, CURLSHOPT_SHARE, CURL_LOCK_DATA_SSL_SESSION);

and then different threads call a function which in turn set it like 
this before calling curl_easy_perform:

CURL *curl = curl_easy_init();
(...)
curl_easy_setopt(curl, CURLOPT_SHARE, ?? ?? ?? sslShare);
res = curl_easy_perform(curl);


Should that be enough for session share protection, or do I also have 
to configure own locking similar to this:

curl_share_setopt(sslShare, CURLSHOPT_LOCKFUNC, a_lock_cb);
curl_share_setopt(sslShare, CURLSHOPT_UNLOCKFUNC, an_unlock_cb); 



Refer to CURLOPT_SHARE [1], curl_share_setopt [2] and thread safety 
guidelines [3]. Excerpt from CURLOPT_SHARE:


"If the curl handles are used simultaneously in multiple threads, you 
MUST use the locking methods in the share handle. See curl_share_setopt 
for details."


[1]: https://curl.haxx.se/libcurl/c/CURLOPT_SHARE.html
[2]: https://curl.haxx.se/libcurl/c/curl_share_setopt.html
[3]: https://curl.haxx.se/libcurl/c/threadsafe.html

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Windows compilation error

2019-07-14 Thread Ray Satiro via curl-library

On 7/7/2019 6:51 PM, MATSUDA Daiki wrote:
> On 2019年07月08日 07:17, Ray Satiro via curl-library wrote:
>> On 7/7/2019 5:43 PM, MATSUDA Daiki wrote:
>>> On 2019年07月07日 15:17, Ray Satiro via curl-library wrote:
>>>> On 7/2/2019 8:07 PM, MATSUDA Daiki via curl-library wrote:
>>>>> In my research, the curl library with /MD option in spite of static.
>>>>>
>>>>> https://docs.microsoft.com/en-us/cpp/build/reference/md-mt-ld-use-run-time-library?view=vs-2019
>>>>>
>>>>>
>>>>
>>>>
>>>> Is it possible that you want RTLIBCFG=static? [1] It is not the
>>>> recommended method.
>>>
>>> I know the option 'RTLBCFG'. But is there any meaning under the
>>> situation with mode=static and without RTLBCFG=static?
>>
>>
>> I'm sorry but I don't understand what you're asking. The difference is
>> described in the document that I referenced. Either you can build
>> libcurl as a static library or a DLL. When you are building libcurl it
>> needs a C runtime (almost invariably Microsoft's C runtime on Windows ms
>> crt). By default we use the CRT import library and so when you build
>> your app with static libcurl it should link to the CRT DLL.
>
> I pointed that when try to build other apps with other static library,
> libcurl static library without RTLIBCFG=static occurs compile error.
>
> e.g.
> https://stackoverflow.com/questions/5839362/why-do-i-get-lnk4098-conflicts-with-use-of-other-libs-when-trying-to-compile-c/5839453#5839453
>
>
> Is such a static library by default for useful?
>
> As I got the developer's aspect, I use RTLBCFG=static. 


It's possible you have other libraries that were built to use the static
crt runtime. Typically static libraries reference the import crt library
for linking.

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: using curl for a constant stream of event notifications

2019-07-10 Thread Ray Satiro via curl-library

On 7/9/2019 12:43 PM, R C via curl-library wrote:
>
> I have been using the curl library, to write some c code for for
> accessing IoT devices.
>
> Some of these devices can produce a "constant stream" of event
> notifications,  in text/xml.
>
> I wonder what the best approach would be to open such a stream and
> keep reading it.
> (probably close it once in a while, and restart that event stream.
>
> any suggestions for a "best practices" approach?

Every time the write callback is called append the received data in a
buffer (like example [1]), parse that buffer for complete notifications,
notify of those notifications and then remove that data from the buffer
(like example [2]).

If your app's notification process is anything other than quick then I
suggest push the notifications asynchronously by instead copying the
notification to some location where it can be later consumed by your
app. The reason for this is you don't want to slow down the curl event
loop from receiving data from the server and writing it to memory.

[1]: https://curl.haxx.se/libcurl/c/getinmemory.html
[2]: https://gist.github.com/jay/f355d98e87fde19b1455b0b31dd118fd

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Windows compilation error

2019-07-07 Thread Ray Satiro via curl-library

On 7/7/2019 5:43 PM, MATSUDA Daiki wrote:
> On 2019年07月07日 15:17, Ray Satiro via curl-library wrote:
>> On 7/2/2019 8:07 PM, MATSUDA Daiki via curl-library wrote:
>>> In my research, the curl library with /MD option in spite of static.
>>>
>>> https://docs.microsoft.com/en-us/cpp/build/reference/md-mt-ld-use-run-time-library?view=vs-2019
>>>
>>
>>
>> Is it possible that you want RTLIBCFG=static? [1] It is not the
>> recommended method.
>
> I know the option 'RTLBCFG'. But is there any meaning under the
> situation with mode=static and without RTLBCFG=static? 

I'm sorry but I don't understand what you're asking. The difference is
described in the document that I referenced. Either you can build
libcurl as a static library or a DLL. When you are building libcurl it
needs a C runtime (almost invariably Microsoft's C runtime on Windows ms
crt). By default we use the CRT import library and so when you build
your app with static libcurl it should link to the CRT DLL.

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Windows compilation error

2019-07-07 Thread Ray Satiro via curl-library

On 7/2/2019 8:07 PM, MATSUDA Daiki via curl-library wrote:
> In my research, the curl library with /MD option in spite of static.
>
> https://docs.microsoft.com/en-us/cpp/build/reference/md-mt-ld-use-run-time-library?view=vs-2019


Is it possible that you want RTLIBCFG=static? [1] It is not the
recommended method.


[1]:
https://github.com/curl/curl/blob/curl-7_65_1/winbuild/BUILD.WINDOWS.txt#L105-L114

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Missing bcrytp.dll when running Watcom compiled Libcurl program on XP.

2019-07-07 Thread Ray Satiro via curl-library

On 7/3/2019 7:36 AM, Gisle Vanem via curl-library wrote:
> Dan Gribble wrote:
>
>> I have copied libcrypto-1_1.dll and libssl-1_1.dll (from openssl
>> 1.1.1c) to my application directory in order to run the compiled
>> application,
>> but other than that I have not done anything else.
>
> You have to rebuild OpenSSL with a '_WIN32_WINNT' value
> suitable for Win-XP ('-D_WIN32_WINNT=0x0501' should work
> I think). Or maybe lower the value in
> 'Configurations\50-win-onecore.conf'
>
> Look at OpenSSL's crypto/rand/rand_win.c where bcrypt.dll
> functions are used:
>
> ?? /* On Windows Vista or higher use BCrypt instead of the legacy
> CryptoAPI */
> ?? # if defined(_MSC_VER) && defined(_WIN32_WINNT) && _WIN32_WINNT >=
> 0x0600
> ?? #?? define USE_BCRYPTGENRANDOM
> ?? # endif


The OpenSSL that is provided on the Windows download page should work
for Windows XP. I suggest use that instead of your OpenSSL if you don't
want to build it yourself. https://curl.haxx.se/windows/

---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: bind address lockup

2019-07-06 Thread Ray Satiro via curl-library

On 6/27/2019 5:21 PM, Robert NEMKIN via curl-library wrote:
> Hope I'm right, but bind() is for server/receiving sockets.
> I want to bind to a specific interface as client socket.
>
> I use curl_easy_setopt(curl, CURLOPT_INTERFACE, interface) to bind to
> a specific interface. I guess, that I set up the options in libcurl,
> then when I issue curl_easy_perform(curl), it does all the work to set
> up the socket and do the transfer.
>
> > But your way of saying this makes me curious. Why do you call it
> > setsockopt bind address? Where exactly does it hang? And for how long?
>
> I know, that setsockopt is thread safe according to the POSIX
> standard. But is the linux kernel (4.19.37-5) implementation correct?
> Sometimes it took more than a minute to start the transfer, sometimes
> it never starts.
>
> >
> >> Maybe I can use some workaround? E.g. download a little testfile
> >> sequential to do the bindaddress serialized with keepalive, then start
> >> the multithreaded download?
> >
> > You could add one transfer at a time and only start the next once the
> > previous has started to get data as then you know they don't do bind()
> > at the same time. But I wouldn't feel entirely safe with that since
> then
> > we don't know for sure where the problem is or that this is actually a
> > working fix or just accidentally working...
> >
>
> I guess it's a kernel problem, because if I start four wget from
> commandline, it locks too.
> Example:
>
> wget --bind-address=x.y.z.p -O /dev/null -q
> http://server1.domain/testfile &?? wget --bind-address=x.y.z.p -O
> /dev/null -q http://server2.domain/testfile & wget
> --bind-address=x.y.z.p -O /dev/null -q http://server3.domain/testfile
> & wget --bind-address=x.y.z.p -O /dev/null -q
> http://server4.domain/testfile &
>
> I need a fix in short term. If I'm right and the kernel implementation
> has a bug, it would took more time to resolve it.
> To transfer two files per connectin is my newest idea, I don't know if
> it's working or not.
>
> My guess is that the kernel is fast enough to do the setsockopt in
> case of 1-2 ethernet cards, so the bug remains hidden. Maybe I'm the
> first who installed 18 cards in one machine, and tested it for this usage.


If you file as a linux bug please let us know where it's filed. Thanks


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Missing bcrytp.dll when running Watcom compiled Libcurl program on XP.

2019-07-02 Thread Ray Satiro via curl-library

On 7/2/2019 11:44 AM, Dan Gribble via curl-library wrote:
> Please excuse my ignorance/inexperience but i'm very new to C++ (and
> OOP, compiling/linking in general).? I'll try and explain as best i
> can what I have done so far and hopefully you will be able to advise
> how to proceed.
>
> I am developing an application that uses the cURL library to post JSON
> format data. The requirement at my installation is to use the Watcom
> compiler which intially caused a few headaches, but I have managed to
> overcome them with some help from Luca on this mailing list.
>
> I downloaded cURL 7.64.0 and have been using the curl header in my
> application to carry out the post operations. In order to get around
> the problem of the Watcom calling conventions being different to
> CDECL, under the guidence of Luca I generated an import Lib for Watcom
> from the libcurl.dll and have been using that when compiling and
> linking to generate my executable.
>
> My application works fine under Windows 7 and 10, however, I get the
> bcrypt.dll missing error message when attempting to run it on Windows XP.
>
> If you require any further information, please let me know and I will
> do my best to assist you.


Please don't top-post [1] it makes the conversation hard to follow.
Either libcurl or one of its dependents is dependent on bcrypt. Official
builds don't need bcrypt. You can use Dependency Walker [2] to see
exactly what DLL needs bcrypt. As I said it's possible you are building
curl in a way that requires bcrypt but I don't know what that is. It
would help to know exactly how you are building curl.


[1]: https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post
[2]: http://www.dependencywalker.com/


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

Re: Missing bcrytp.dll when running Watcom compiled Libcurl program on XP.

2019-07-02 Thread Ray Satiro via curl-library

On 6/28/2019 7:42 AM, Dan Gribble via curl-library wrote:
> I am experiencing a problem when a program using Libcurl that is
> compiled on Windows 7 using the Watcom C++ compiler is run on Windows XP.
>
> I am aware that XP is no longer supported, however, at my installation
> we still have a couple of legacy machines that we require to still run XP.
>
> I have openSSL 1.1.1c installed on Win 7 machine, and have copied the
> libcurl.dll, lincrypto-1_1.dll and libssl-1_1.dll files to one of
> legacy XP machines, however, when trying to execute the program, it
> says that "brcypt.dll" is missing.
>
> I undertand that bcypt.dll was introduced in in Windows operating
> systems later than XP, so it works fine on our Windows, 7 and 10 machines.
>
> I would be extremely grateful if anyone could suggest a method that
> would enable my program to run on Windows XP.


How exactly did you build curl? I see in Makefile.Watcom WINVER is set
to Vista when IPv6 is enabled at build time [1]. We may have similar
logic elsewhere. In other words some features may require targeting
later versions of Windows for some compilers. The official build of curl
for windows [2] works on XP and comes with IPv6 enabled. To use that
libcurl.dll you would also need the OpenSSL DLLs and there is a link to
them on the same page.


[1]: https://github.com/curl/curl/blob/curl-7_65_1/lib/Makefile.Watcom#L108
[2]: https://curl.haxx.se/windows/


---
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

1 2 3 4 5 6 7 >

1 - 100 of 608 matches

Mail list logo