123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658 |
- _ _ ____ _
- ___| | | | _ \| |
- / __| | | | |_) | |
- | (__| |_| | _ <| |___
- \___|\___/|_| \_\_____|
- Known Bugs
- These are problems and bugs known to exist at the time of this release. Feel
- free to join in and help us correct one or more of these. Also be sure to
- check the changelog of the current development status, as one or more of these
- problems may have been fixed or changed somewhat since this was written.
- 1. HTTP
- 1.2 hyper is slow
- 1.5 Expect-100 meets 417
- 2. TLS
- 2.1 IMAPS connection fails with rustls error
- 2.3 Unable to use PKCS12 certificate with Secure Transport
- 2.4 Secure Transport will not import PKCS#12 client certificates without a password
- 2.5 Client cert handling with Issuer DN differs between backends
- 2.7 Client cert (MTLS) issues with Schannel
- 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
- 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
- 3. Email protocols
- 3.1 IMAP SEARCH ALL truncated response
- 3.2 No disconnect command
- 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses
- 3.4 AUTH PLAIN for SMTP is not working on all servers
- 3.5 APOP authentication fails on POP3
- 3.6 POP3 issue when reading small chunks
- 4. Command line
- 5. Build and portability issues
- 5.1 OS400 port requires deprecated IBM library
- 5.2 curl-config --libs contains private details
- 5.3 building for old macOS fails with gcc
- 5.5 cannot handle Unicode arguments in non-Unicode builds on Windows
- 5.6 cygwin: make install installs curl-config.1 twice
- 5.9 Utilize Requires.private directives in libcurl.pc
- 5.11 configure --with-gssapi with Heimdal is ignored on macOS
- 5.12 flaky CI builds
- 5.13 long paths are not fully supported on Windows
- 5.14 Windows Unicode builds use homedir in current locale
- 5.15 Unicode on Windows
- 6. Authentication
- 6.1 NTLM authentication and unicode
- 6.2 MIT Kerberos for Windows build
- 6.3 NTLM in system context uses wrong name
- 6.5 NTLM does not support password with § character
- 6.6 libcurl can fail to try alternatives with --proxy-any
- 6.7 Do not clear digest for single realm
- 6.9 SHA-256 digest not supported in Windows SSPI builds
- 6.10 curl never completes Negotiate over HTTP
- 6.11 Negotiate on Windows fails
- 6.12 cannot use Secure Transport with Crypto Token Kit
- 6.13 Negotiate against Hadoop HDFS
- 7. FTP
- 7.1 FTP upload fails if remembered dir is deleted
- 7.2 Implicit FTPS upload timeout
- 7.3 FTP with NOBODY and FAILONERROR
- 7.4 FTP with ACCT
- 7.5 FTPS upload, FileZilla, GnuTLS and close_notify
- 7.11 FTPS upload data loss with TLS 1.3
- 7.12 FTPS directory listing hangs on Windows with Schannel
- 9. SFTP and SCP
- 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
- 9.2 wolfssh: publickey auth does not work
- 9.3 Remote recursive folder creation with SFTP
- 9.4 libssh blocking and infinite loop problem
- 9.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
- 10. SOCKS
- 10.3 FTPS over SOCKS
- 11. Internals
- 11.1 gssapi library name + version is missing in curl_version_info()
- 11.2 error buffer not set if connection to multiple addresses fails
- 11.4 HTTP test server 'connection-monitor' problems
- 11.5 Connection information when using TCP Fast Open
- 12. LDAP
- 12.1 OpenLDAP hangs after returning results
- 12.2 LDAP on Windows does authentication wrong?
- 12.3 LDAP on Windows does not work
- 12.4 LDAPS requests to ActiveDirectory server hang
- 13. TCP/IP
- 13.2 Trying local ports fails on Windows
- 15. CMake
- 15.1 cmake outputs: no version information available
- 15.2 support build with GnuTLS
- 15.3 unusable tool_hugehelp.c with MinGW
- 15.6 uses -lpthread instead of Threads::Threads
- 15.7 generated .pc file contains strange entries
- 15.11 ExternalProject_Add does not set CURL_CA_PATH
- 15.13 CMake build with MIT Kerberos does not work
- 16. aws-sigv4
- 16.1 aws-sigv4 does not sign requests with * correctly
- 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
- 17. HTTP/2
- 17.1 HTTP/2 prior knowledge over proxy
- 17.2 HTTP/2 frames while in the connection pool kill reuse
- 17.3 ENHANCE_YOUR_CALM causes infinite retries
- 18. HTTP/3
- 18.1 connection migration does not work
- 19. RTSP
- 19.1 Some methods do not support response bodies
- ==============================================================================
- 1. HTTP
- 1.2 hyper is slow
- When curl is built to use hyper for HTTP, it is unnecessary slow.
- https://github.com/curl/curl/issues/11203
- 1.5 Expect-100 meets 417
- If an upload using Expect: 100-continue receives an HTTP 417 response, it
- ought to be automatically resent without the Expect:. A workaround is for
- the client application to redo the transfer after disabling Expect:.
- https://curl.se/mail/archive-2008-02/0043.html
- 2. TLS
- 2.1 IMAPS connection fails with rustls error
- https://github.com/curl/curl/issues/10457
- 2.3 Unable to use PKCS12 certificate with Secure Transport
- See https://github.com/curl/curl/issues/5403
- 2.4 Secure Transport will not import PKCS#12 client certificates without a password
- libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that
- function rejects certificates that do not have a password.
- https://github.com/curl/curl/issues/1308
- 2.5 Client cert handling with Issuer DN differs between backends
- When the specified client certificate does not match any of the
- server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
- The github discussion may contain a solution.
- See https://github.com/curl/curl/issues/1411
- 2.7 Client cert (MTLS) issues with Schannel
- See https://github.com/curl/curl/issues/3145
- 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
- In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
- implementation likely has a bug that can rarely cause the key exchange to
- fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
- https://github.com/curl/curl/issues/5488
- 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
- https://github.com/curl/curl/issues/8741
- 3. Email protocols
- 3.1 IMAP SEARCH ALL truncated response
- IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
- code reveals that pingpong.c contains some truncation code, at line 408, when
- it deems the server response to be too large truncating it to 40 characters"
- https://curl.se/bug/view.cgi?id=1366
- 3.2 No disconnect command
- The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and
- SMTP if a failure occurs during the authentication phase of a connection.
- 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses
- You have to tell libcurl not to expect a body, when dealing with one line
- response commands. Please see the POP3 examples and test cases which show
- this for the NOOP and DELE commands. https://curl.se/bug/?i=740
- 3.4 AUTH PLAIN for SMTP is not working on all servers
- Specifying "--login-options AUTH=PLAIN" on the command line does not seem to
- work correctly.
- See https://github.com/curl/curl/issues/4080
- 3.5 APOP authentication fails on POP3
- See https://github.com/curl/curl/issues/10073
- 3.6 POP3 issue when reading small chunks
- CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982
- See https://github.com/curl/curl/issues/12063
- 4. Command line
- 5. Build and portability issues
- 5.1 OS400 port requires deprecated IBM library
- curl for OS400 requires QADRT to build, which provides ASCII wrappers for
- libc/POSIX functions in the ILE, but IBM no longer supports or even offers
- this library to download.
- See https://github.com/curl/curl/issues/5176
- 5.2 curl-config --libs contains private details
- "curl-config --libs" will include details set in LDFLAGS when configure is
- run that might be needed only for building libcurl. Further, curl-config
- --cflags suffers from the same effects with CFLAGS/CPPFLAGS.
- 5.3 building for old macOS fails with gcc
- Building curl for certain old macOS versions fails when gcc is used. We
- command using clang in those cases.
- See https://github.com/curl/curl/issues/11441
- 5.5 cannot handle Unicode arguments in non-Unicode builds on Windows
- If a URL or filename cannot be encoded using the user's current codepage then
- it can only be encoded properly in the Unicode character set. Windows uses
- UTF-16 encoding for Unicode and stores it in wide characters, however curl
- and libcurl are not equipped for that at the moment except when built with
- _UNICODE and UNICODE defined. And, except for Cygwin, Windows cannot use UTF-8
- as a locale.
- https://curl.se/bug/?i=345
- https://curl.se/bug/?i=731
- https://curl.se/bug/?i=3747
- 5.6 cygwin: make install installs curl-config.1 twice
- https://github.com/curl/curl/issues/8839
- 5.9 Utilize Requires.private directives in libcurl.pc
- https://github.com/curl/curl/issues/864
- 5.11 configure --with-gssapi with Heimdal is ignored on macOS
- ... unless you also pass --with-gssapi-libs
- https://github.com/curl/curl/issues/3841
- 5.12 flaky CI builds
- We run many CI builds for each commit and PR on github, and especially a
- number of the Windows builds are flaky. This means that we rarely get all CI
- builds go green and complete without errors. This is unfortunate as it makes
- us sometimes miss actual build problems and it is surprising to newcomers to
- the project who (rightfully) do not expect this.
- See https://github.com/curl/curl/issues/6972
- 5.13 long paths are not fully supported on Windows
- curl on Windows cannot access long paths (paths longer than 260 characters).
- However, as a workaround, the Windows path prefix \\?\ which disables all path
- interpretation may work to allow curl to access the path. For example:
- \\?\c:\longpath.
- See https://github.com/curl/curl/issues/8361
- 5.14 Windows Unicode builds use homedir in current locale
- The Windows Unicode builds of curl use the current locale, but expect Unicode
- UTF-8 encoded paths for internal use such as open, access and stat. The user's
- home directory is retrieved via curl_getenv in the current locale and not as
- UTF-8 encoded Unicode.
- See https://github.com/curl/curl/pull/7252 and
- https://github.com/curl/curl/pull/7281
- 5.15 Unicode on Windows
- Passing in a unicode filename with -o:
- https://github.com/curl/curl/issues/11461
- Passing in unicode character with -d:
- https://github.com/curl/curl/issues/12231
- 6. Authentication
- 6.1 NTLM authentication and unicode
- NTLM authentication involving unicode user name or password only works
- properly if built with UNICODE defined together with the Schannel
- backend. The original problem was mentioned in:
- https://curl.se/mail/lib-2009-10/0024.html
- https://curl.se/bug/view.cgi?id=896
- The Schannel version verified to work as mentioned in
- https://curl.se/mail/lib-2012-07/0073.html
- 6.2 MIT Kerberos for Windows build
- libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
- library header files exporting symbols/macros that should be kept private to
- the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/
- 6.3 NTLM in system context uses wrong name
- NTLM authentication using SSPI (on Windows) when (lib)curl is running in
- "system context" will make it use wrong(?) user name - at least when compared
- to what winhttp does. See https://curl.se/bug/view.cgi?id=535
- 6.5 NTLM does not support password with § character
- https://github.com/curl/curl/issues/2120
- 6.6 libcurl can fail to try alternatives with --proxy-any
- When connecting via a proxy using --proxy-any, a failure to establish an
- authentication will cause libcurl to abort trying other options if the
- failed method has a higher preference than the alternatives. As an example,
- --proxy-any against a proxy which advertise Negotiate and NTLM, but which
- fails to set up Kerberos authentication will not proceed to try authentication
- using NTLM.
- https://github.com/curl/curl/issues/876
- 6.7 Do not clear digest for single realm
- https://github.com/curl/curl/issues/3267
- 6.9 SHA-256 digest not supported in Windows SSPI builds
- Windows builds of curl that have SSPI enabled use the native Windows API calls
- to create authentication strings. The call to InitializeSecurityContext fails
- with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR.
- Microsoft does not document supported digest algorithms and that SEC_E error
- code is not a documented error for InitializeSecurityContext (digest).
- https://github.com/curl/curl/issues/6302
- 6.10 curl never completes Negotiate over HTTP
- Apparently it is not working correctly...?
- See https://github.com/curl/curl/issues/5235
- 6.11 Negotiate on Windows fails
- When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake
- fails despite having a valid kerberos ticket cached. Works without any issue
- in Unix/Linux.
- https://github.com/curl/curl/issues/5881
- 6.12 cannot use Secure Transport with Crypto Token Kit
- https://github.com/curl/curl/issues/7048
- 6.13 Negotiate authentication against Hadoop HDFS
- https://github.com/curl/curl/issues/8264
- 7. FTP
- 7.1 FTP upload fails if remembered dir is deleted
- curl's FTP code assumes that the directory it entered in a previous transfer
- still exists when it comes back to do a second transfer, and does not respond
- well if it was indeed deleted in the mean time.
- https://github.com/curl/curl/issues/12181
- 7.2 Implicit FTPS upload timeout
- https://github.com/curl/curl/issues/11720
- 7.3 FTP with NOBODY and FAILONERROR
- It seems sensible to be able to use CURLOPT_NOBODY and CURLOPT_FAILONERROR
- with FTP to detect if a file exists or not, but it is not working:
- https://curl.se/mail/lib-2008-07/0295.html
- 7.4 FTP with ACCT
- When doing an operation over FTP that requires the ACCT command (but not when
- logging in), the operation will fail since libcurl does not detect this and
- thus fails to issue the correct command:
- https://curl.se/bug/view.cgi?id=635
- 7.5 FTPS upload, FileZilla, GnuTLS and close_notify
- An issue where curl does not send the TLS alert close_notify, which triggers
- the wrath of GnuTLS in FileZilla server, and a FTP reply 426 ECONNABORTED.
- https://github.com/curl/curl/issues/11383
- 7.11 FTPS upload data loss with TLS 1.3
- During FTPS upload curl does not attempt to read TLS handshake messages sent
- after the initial handshake. OpenSSL servers running TLS 1.3 may send such a
- message. When curl closes the upload connection if unread data has been
- received (such as a TLS handshake message) then the TCP protocol sends an
- RST to the server, which may cause the server to discard or truncate the
- upload if it has not read all sent data yet, and then return an error to curl
- on the control channel connection.
- Since 7.78.0 this is mostly fixed. curl will do a single read before closing
- TLS connections (which causes the TLS library to read handshake messages),
- however there is still possibility of an RST if more messages need to be read
- or a message arrives after the read but before close (network race condition).
- https://github.com/curl/curl/issues/6149
- 7.12 FTPS server compatibility on Windows with Schannel
- FTPS is not widely used with the Schannel TLS backend and so there may be more
- bugs compared to other TLS backends such as OpenSSL. In the past users have
- reported hanging and failed connections. It's very likely some changes to curl
- since then fixed the issues. None of the reported issues can be reproduced any
- longer.
- If you encounter an issue connecting to your server via FTPS with the latest
- curl and Schannel then please search for open issues or file a new issue.
- 9. SFTP and SCP
- 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
- When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server
- using the multi interface, the commands are not being sent correctly and
- instead the connection is "cancelled" (the operation is considered done)
- prematurely. There is a half-baked (busy-looping) patch provided in the bug
- report but it cannot be accepted as-is. See
- https://curl.se/bug/view.cgi?id=748
- 9.2 wolfssh: publickey auth does not work
- When building curl to use the wolfSSH backend for SFTP, the publickey
- authentication does not work. This is simply functionality not written for curl
- yet, the necessary API for make this work is provided by wolfSSH.
- See https://github.com/curl/curl/issues/4820
- 9.3 Remote recursive folder creation with SFTP
- On this servers, the curl fails to create directories on the remote server
- even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
- See https://github.com/curl/curl/issues/5204
- 9.4 libssh blocking and infinite loop problem
- In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to
- blocking mode. If the network is suddenly disconnected during sftp
- transmission, curl will be stuck, even if curl is configured with a timeout.
- https://github.com/curl/curl/issues/8632
- 9.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
- Running SCP and SFTP tests on cygwin makes this warning message appear.
- https://github.com/curl/curl/issues/11244
- 10. SOCKS
- 10.3 FTPS over SOCKS
- libcurl does not support FTPS over a SOCKS proxy.
- 11. Internals
- 11.1 gssapi library name + version is missing in curl_version_info()
- The struct needs to be expanded and code added to store this info.
- See https://github.com/curl/curl/issues/13492
- 11.2 error buffer not set if connection to multiple addresses fails
- If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
- only. But you only have IPv4 connectivity. libcurl will correctly fail with
- CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER
- remains empty. Issue: https://github.com/curl/curl/issues/544
- 11.4 HTTP test server 'connection-monitor' problems
- The 'connection-monitor' feature of the sws HTTP test server does not work
- properly if some tests are run in unexpected order. Like 1509 and then 1525.
- See https://github.com/curl/curl/issues/868
- 11.5 Connection information when using TCP Fast Open
- CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
- enabled.
- See https://github.com/curl/curl/issues/1332 and
- https://github.com/curl/curl/issues/4296
- 12. LDAP
- 12.1 OpenLDAP hangs after returning results
- By configuration defaults, OpenLDAP automatically chase referrals on
- secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
- should monitor all socket descriptors involved. Currently, these secondary
- descriptors are not monitored, causing OpenLDAP library to never receive
- data from them.
- As a temporary workaround, disable referrals chasing by configuration.
- The fix is not easy: proper automatic referrals chasing requires a
- synchronous bind callback and monitoring an arbitrary number of socket
- descriptors for a single easy handle (currently limited to 5).
- Generic LDAP is synchronous: OK.
- See https://github.com/curl/curl/issues/622 and
- https://curl.se/mail/lib-2016-01/0101.html
- 12.2 LDAP on Windows does authentication wrong?
- https://github.com/curl/curl/issues/3116
- 12.3 LDAP on Windows does not work
- A simple curl command line getting "ldap://ldap.forumsys.com" returns an
- error that says "no memory" !
- https://github.com/curl/curl/issues/4261
- 12.4 LDAPS requests to ActiveDirectory server hang
- https://github.com/curl/curl/issues/9580
- 13. TCP/IP
- 13.2 Trying local ports fails on Windows
- This makes '--local-port [range]' to not work since curl cannot properly
- detect if a port is already in use, so it will try the first port, use that and
- then subsequently fail anyway if that was actually in use.
- https://github.com/curl/curl/issues/8112
- 15. CMake
- 15.1 cmake outputs: no version information available
- Something in the SONAME generation seems to be wrong in the cmake build.
- https://github.com/curl/curl/issues/11158
- 15.2 support build with GnuTLS
- 15.3 unusable tool_hugehelp.c with MinGW
- see https://github.com/curl/curl/issues/3125
- 15.6 uses -lpthread instead of Threads::Threads
- See https://github.com/curl/curl/issues/6166
- 15.7 generated .pc file contains strange entries
- The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc
- -lgcc -lgcc_s
- See https://github.com/curl/curl/issues/6167
- 15.11 ExternalProject_Add does not set CURL_CA_PATH
- CURL_CA_BUNDLE and CURL_CA_PATH are not set properly when cmake's
- ExternalProject_Add is used to build curl as a dependency.
- See https://github.com/curl/curl/issues/6313
- 15.13 CMake build with MIT Kerberos does not work
- Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
- try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with
- MIT Kerberos detection sets few variables to potentially weird mix of space,
- and ;-separated flags. It had to blow up at some point. All the CMake checks
- that involve compilation are doomed from that point, the configured tree
- cannot be built.
- https://github.com/curl/curl/issues/6904
- 16. aws-sigv4
- 16.1 aws-sigv4 does not sign requests with * correctly
- https://github.com/curl/curl/issues/7559
- 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
- https://github.com/curl/curl/issues/11007
- 17. HTTP/2
- 17.1 HTTP/2 prior knowledge over proxy
- https://github.com/curl/curl/issues/12641
- 17.2 HTTP/2 frames while in the connection pool kill reuse
- If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
- curl while the connection is held in curl's connection pool, the socket will
- be found readable when considered for reuse and that makes curl think it is
- dead and then it will be closed and a new connection gets created instead.
- This is *best* fixed by adding monitoring to connections while they are kept
- in the pool so that pings can be responded to appropriately.
- 17.3 ENHANCE_YOUR_CALM causes infinite retries
- Infinite retries with 2 parallel requests on one connection receiving GOAWAY
- with ENHANCE_YOUR_CALM error code.
- See https://github.com/curl/curl/issues/5119
- 18. HTTP/3
- 18.1 connection migration does not work
- https://github.com/curl/curl/issues/7695
- 19. RTSP
- 19.1 Some methods do not support response bodies
- The RTSP implementation is written to assume that a number of RTSP methods
- will always get responses without bodies, even though there seems to be no
- indication in the RFC that this is always the case.
- https://github.com/curl/curl/issues/12414
|