123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641 |
- _ _ ____ _
- ___| | | | _ \| |
- / __| | | | |_) | |
- | (__| |_| | _ <| |___
- \___|\___/|_| \_\_____|
- Known Bugs
- These are problems and bugs known to exist at the time of this release. Feel
- free to join in and help us correct one or more of these. Also be sure to
- check the changelog of the current development status, as one or more of these
- problems may have been fixed or changed somewhat since this was written.
- 1. HTTP
- 2. TLS
- 2.1 IMAPS connection fails with Rustls error
- 2.3 Unable to use PKCS12 certificate with Secure Transport
- 2.4 Secure Transport does not import PKCS#12 client certificates without a password
- 2.5 Client cert handling with Issuer DN differs between backends
- 2.7 Client cert (MTLS) issues with Schannel
- 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
- 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
- 3. Email protocols
- 3.1 IMAP SEARCH ALL truncated response
- 3.2 No disconnect command
- 3.4 AUTH PLAIN for SMTP is not working on all servers
- 3.5 APOP authentication fails on POP3
- 3.6 POP3 issue when reading small chunks
- 4. Command line
- 4.1 -T /dev/stdin may upload with an incorrect content length
- 4.2 -T - always uploads chunked
- 5. Build and portability issues
- 5.1 OS400 port requires deprecated IBM library
- 5.2 curl-config --libs contains private details
- 5.3 LDFLAGS passed too late making libs linked incorrectly
- 5.6 Cygwin: make install installs curl-config.1 twice
- 5.11 configure --with-gssapi with Heimdal is ignored on macOS
- 5.12 flaky CI builds
- 5.13 long paths are not fully supported on Windows
- 5.15 Unicode on Windows
- 6. Authentication
- 6.2 MIT Kerberos for Windows build
- 6.3 NTLM in system context uses wrong name
- 6.5 NTLM does not support password with § character
- 6.6 libcurl can fail to try alternatives with --proxy-any
- 6.7 Do not clear digest for single realm
- 6.8 Heimdal memory leaks
- 6.9 SHA-256 digest not supported in Windows SSPI builds
- 6.10 curl never completes Negotiate over HTTP
- 6.11 Negotiate on Windows fails
- 6.12 cannot use Secure Transport with Crypto Token Kit
- 6.13 Negotiate against Hadoop HDFS
- 7. FTP
- 7.4 FTP with ACCT
- 7.12 FTPS directory listing hangs on Windows with Schannel
- 9. SFTP and SCP
- 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
- 9.2 wolfssh: publickey auth does not work
- 9.3 Remote recursive folder creation with SFTP
- 9.4 libssh blocking and infinite loop problem
- 9.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
- 10. SOCKS
- 11. Internals
- 11.1 gssapi library name + version is missing in curl_version_info()
- 11.2 error buffer not set if connection to multiple addresses fails
- 11.3 TFTP tests fail on OpenBSD
- 11.4 HTTP test server 'connection-monitor' problems
- 11.5 Connection information when using TCP Fast Open
- 11.6 test cases sometimes timeout
- 11.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
- 11.8 WinIDN test failures
- 12. LDAP
- 12.1 OpenLDAP hangs after returning results
- 12.2 LDAP on Windows does authentication wrong?
- 12.3 LDAP on Windows does not work
- 12.4 LDAPS requests to ActiveDirectory server hang
- 13. TCP/IP
- 13.2 Trying local ports fails on Windows
- 15. CMake
- 15.1 cmake outputs: no version information available
- 15.2 support build with GnuTLS
- 15.3 unusable tool_hugehelp.c with MinGW
- 15.6 uses -lpthread instead of Threads::Threads
- 15.7 generated .pc file contains strange entries
- 15.13 CMake build with MIT Kerberos does not work
- 16. aws-sigv4
- 16.2 aws-sigv4 does not handle multipart/form-data correctly
- 16.3 aws-sigv4 has problems with particular URLs
- 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
- 17. HTTP/2
- 17.1 HTTP/2 prior knowledge over proxy
- 17.2 HTTP/2 frames while in the connection pool kill reuse
- 17.3 ENHANCE_YOUR_CALM causes infinite retries
- 17.4 HTTP/2 + TLS spends a lot of time in recv
- 18. HTTP/3
- 18.1 connection migration does not work
- 18.2 quiche: QUIC connection is draining
- 19. RTSP
- 19.1 Some methods do not support response bodies
- ==============================================================================
- 1. HTTP
- 2. TLS
- 2.1 IMAPS connection fails with Rustls error
- https://github.com/curl/curl/issues/10457
- 2.3 Unable to use PKCS12 certificate with Secure Transport
- See https://github.com/curl/curl/issues/5403
- 2.4 Secure Transport does not import PKCS#12 client certificates without a password
- libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that
- function rejects certificates that do not have a password.
- https://github.com/curl/curl/issues/1308
- 2.5 Client cert handling with Issuer DN differs between backends
- When the specified client certificate does not match any of the
- server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
- The github discussion may contain a solution.
- See https://github.com/curl/curl/issues/1411
- 2.7 Client cert (MTLS) issues with Schannel
- See https://github.com/curl/curl/issues/3145
- 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
- In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
- implementation likely has a bug that can rarely cause the key exchange to
- fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
- https://github.com/curl/curl/issues/5488
- 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
- https://github.com/curl/curl/issues/8741
- 3. Email protocols
- 3.1 IMAP SEARCH ALL truncated response
- IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
- code reveals that pingpong.c contains some truncation code, at line 408, when
- it deems the server response to be too large truncating it to 40 characters"
- https://curl.se/bug/view.cgi?id=1366
- 3.2 No disconnect command
- The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and
- SMTP if a failure occurs during the authentication phase of a connection.
- 3.4 AUTH PLAIN for SMTP is not working on all servers
- Specifying "--login-options AUTH=PLAIN" on the command line does not seem to
- work correctly.
- See https://github.com/curl/curl/issues/4080
- 3.5 APOP authentication fails on POP3
- See https://github.com/curl/curl/issues/10073
- 3.6 POP3 issue when reading small chunks
- CURL_DBG_SOCK_RMAX=4 ./runtests.pl -v 982
- See https://github.com/curl/curl/issues/12063
- 4. Command line
- 4.1 -T /dev/stdin may upload with an incorrect content length
- -T stats the path to figure out its size in bytes to use it as Content-Length
- if it is a regular file.
- The problem with that is that, on BSDs and some other UNIXes (not Linux),
- open(path) may not give you a file descriptor with a 0 offset from the start
- of the file.
- See https://github.com/curl/curl/issues/12177
- 4.2 -T - always uploads chunked
- When the `<` shell operator is used. curl should realise that stdin is a
- regular file in this case, and that it can do a non-chunked upload, like it
- would do if you used -T file.
- See https://github.com/curl/curl/issues/12171
- 5. Build and portability issues
- 5.1 OS400 port requires deprecated IBM library
- curl for OS400 requires QADRT to build, which provides ASCII wrappers for
- libc/POSIX functions in the ILE, but IBM no longer supports or even offers
- this library to download.
- See https://github.com/curl/curl/issues/5176
- 5.2 curl-config --libs contains private details
- "curl-config --libs" include details set in LDFLAGS when configure is run
- that might be needed only for building libcurl. Further, curl-config --cflags
- suffers from the same effects with CFLAGS/CPPFLAGS.
- 5.3 LDFLAGS passed too late making libs linked incorrectly
- Compiling latest curl on HP-UX and linking against a custom OpenSSL (which is
- on the default loader/linker path), fails because the generated Makefile has
- LDFLAGS passed on after LIBS.
- See https://github.com/curl/curl/issues/14893
- 5.6 Cygwin: make install installs curl-config.1 twice
- https://github.com/curl/curl/issues/8839
- 5.11 configure --with-gssapi with Heimdal is ignored on macOS
- ... unless you also pass --with-gssapi-libs
- https://github.com/curl/curl/issues/3841
- 5.12 flaky CI builds
- We run many CI builds for each commit and PR on github, and especially a
- number of the Windows builds are flaky. This means that we rarely get all CI
- builds go green and complete without errors. This is unfortunate as it makes
- us sometimes miss actual build problems and it is surprising to newcomers to
- the project who (rightfully) do not expect this.
- See https://github.com/curl/curl/issues/6972
- 5.13 long paths are not fully supported on Windows
- curl on Windows cannot access long paths (paths longer than 260 characters).
- However, as a workaround, the Windows path prefix \\?\ which disables all
- path interpretation may work to allow curl to access the path. For example:
- \\?\c:\longpath.
- See https://github.com/curl/curl/issues/8361
- 5.15 Unicode on Windows
- Passing in a Unicode filename with -o:
- https://github.com/curl/curl/issues/11461
- Passing in Unicode character with -d:
- https://github.com/curl/curl/issues/12231
- Windows Unicode builds use homedir in current locale
- The Windows Unicode builds of curl use the current locale, but expect Unicode
- UTF-8 encoded paths for internal use such as open, access and stat. The
- user's home directory is retrieved via curl_getenv in the current locale and
- not as UTF-8 encoded Unicode.
- See https://github.com/curl/curl/pull/7252 and
- https://github.com/curl/curl/pull/7281
- Cannot handle Unicode arguments in non-Unicode builds on Windows
- If a URL or filename cannot be encoded using the user's current codepage then
- it can only be encoded properly in the Unicode character set. Windows uses
- UTF-16 encoding for Unicode and stores it in wide characters, however curl
- and libcurl are not equipped for that at the moment except when built with
- _UNICODE and UNICODE defined. Except for Cygwin, Windows cannot use UTF-8 as
- a locale.
- https://curl.se/bug/?i=345
- https://curl.se/bug/?i=731
- https://curl.se/bug/?i=3747
- NTLM authentication and Unicode
- NTLM authentication involving Unicode username or password only works
- properly if built with UNICODE defined together with the Schannel backend.
- The original problem was mentioned in:
- https://curl.se/mail/lib-2009-10/0024.html
- https://curl.se/bug/view.cgi?id=896
- The Schannel version verified to work as mentioned in
- https://curl.se/mail/lib-2012-07/0073.html
- 6. Authentication
- 6.2 MIT Kerberos for Windows build
- libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
- library header files exporting symbols/macros that should be kept private to
- the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/
- 6.3 NTLM in system context uses wrong name
- NTLM authentication using SSPI (on Windows) when (lib)curl is running in
- "system context" makes it use wrong(?) username - at least when compared to
- what winhttp does. See https://curl.se/bug/view.cgi?id=535
- 6.5 NTLM does not support password with § character
- https://github.com/curl/curl/issues/2120
- 6.6 libcurl can fail to try alternatives with --proxy-any
- When connecting via a proxy using --proxy-any, a failure to establish an
- authentication causes libcurl to abort trying other options if the failed
- method has a higher preference than the alternatives. As an example,
- --proxy-any against a proxy which advertise Negotiate and NTLM, but which
- fails to set up Kerberos authentication does not proceed to try
- authentication using NTLM.
- https://github.com/curl/curl/issues/876
- 6.7 Do not clear digest for single realm
- https://github.com/curl/curl/issues/3267
- 6.8 Heimdal memory leaks
- Running test 2077 and 2078 with curl built to do GSS with Heimdal causes
- valgrind errors (memory leak).
- https://github.com/curl/curl/issues/14446
- 6.9 SHA-256 digest not supported in Windows SSPI builds
- Windows builds of curl that have SSPI enabled use the native Windows API calls
- to create authentication strings. The call to InitializeSecurityContext fails
- with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR.
- Microsoft does not document supported digest algorithms and that SEC_E error
- code is not a documented error for InitializeSecurityContext (digest).
- https://github.com/curl/curl/issues/6302
- 6.10 curl never completes Negotiate over HTTP
- Apparently it is not working correctly...?
- See https://github.com/curl/curl/issues/5235
- 6.11 Negotiate on Windows fails
- When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake
- fails despite having a valid kerberos ticket cached. Works without any issue
- in Unix/Linux.
- https://github.com/curl/curl/issues/5881
- 6.12 cannot use Secure Transport with Crypto Token Kit
- https://github.com/curl/curl/issues/7048
- 6.13 Negotiate authentication against Hadoop HDFS
- https://github.com/curl/curl/issues/8264
- 7. FTP
- 7.4 FTP with ACCT
- When doing an operation over FTP that requires the ACCT command (but not when
- logging in), the operation fails since libcurl does not detect this and thus
- fails to issue the correct command: https://curl.se/bug/view.cgi?id=635
- 7.12 FTPS server compatibility on Windows with Schannel
- FTPS is not widely used with the Schannel TLS backend and so there may be
- more bugs compared to other TLS backends such as OpenSSL. In the past users
- have reported hanging and failed connections. It is likely some changes to
- curl since then fixed the issues. None of the reported issues can be
- reproduced any longer.
- If you encounter an issue connecting to your server via FTPS with the latest
- curl and Schannel then please search for open issues or file a new issue.
- 9. SFTP and SCP
- 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
- When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server
- using the multi interface, the commands are not being sent correctly and
- instead the connection is "cancelled" (the operation is considered done)
- prematurely. There is a half-baked (busy-looping) patch provided in the bug
- report but it cannot be accepted as-is. See
- https://curl.se/bug/view.cgi?id=748
- 9.2 wolfssh: publickey auth does not work
- When building curl to use the wolfSSH backend for SFTP, the publickey
- authentication does not work. This is simply functionality not written for curl
- yet, the necessary API for make this work is provided by wolfSSH.
- See https://github.com/curl/curl/issues/4820
- 9.3 Remote recursive folder creation with SFTP
- On this servers, the curl fails to create directories on the remote server
- even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
- See https://github.com/curl/curl/issues/5204
- 9.4 libssh blocking and infinite loop problem
- In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to
- blocking mode. If the network is suddenly disconnected during sftp
- transmission, curl is stuck, even if curl is configured with a timeout.
- https://github.com/curl/curl/issues/8632
- 9.5 Cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
- Running SCP and SFTP tests on Cygwin makes this warning message appear.
- https://github.com/curl/curl/issues/11244
- 10. SOCKS
- 11. Internals
- 11.1 gssapi library name + version is missing in curl_version_info()
- The struct needs to be expanded and code added to store this info.
- See https://github.com/curl/curl/issues/13492
- 11.2 error buffer not set if connection to multiple addresses fails
- If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
- when you only have IPv4 connectivity. libcurl fails with
- CURLE_COULDNT_CONNECT, but the error buffer set by CURLOPT_ERRORBUFFER
- remains empty. Issue: https://github.com/curl/curl/issues/544
- 11.3 TFTP tests fail on OpenBSD
- When adding an OpenBSD job with tests to GHA, some tests consistently fail
- to run.
- See https://github.com/curl/curl/issues/13623
- 11.4 HTTP test server 'connection-monitor' problems
- The 'connection-monitor' feature of the sws HTTP test server does not work
- properly if some tests are run in unexpected order. Like 1509 and then 1525.
- See https://github.com/curl/curl/issues/868
- 11.5 Connection information when using TCP Fast Open
- CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
- enabled.
- See https://github.com/curl/curl/issues/1332 and
- https://github.com/curl/curl/issues/4296
- 11.6 test cases sometimes timeout
- Occasionally, one of the tests timeouts. Inexplicably.
- See https://github.com/curl/curl/issues/13350
- 11.7 CURLOPT_CONNECT_TO does not work for HTTPS proxy
- It is unclear if the same option should even cover the proxy connection or if
- if requires a separate option.
- See https://github.com/curl/curl/issues/14481
- 11.8 WinIDN test failures
- Test 165 disabled when built with WinIDN.
- 12. LDAP
- 12.1 OpenLDAP hangs after returning results
- By configuration defaults, OpenLDAP automatically chase referrals on
- secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
- should monitor all socket descriptors involved. Currently, these secondary
- descriptors are not monitored, causing OpenLDAP library to never receive
- data from them.
- As a temporary workaround, disable referrals chasing by configuration.
- The fix is not easy: proper automatic referrals chasing requires a
- synchronous bind callback and monitoring an arbitrary number of socket
- descriptors for a single easy handle (currently limited to 5).
- Generic LDAP is synchronous: OK.
- See https://github.com/curl/curl/issues/622 and
- https://curl.se/mail/lib-2016-01/0101.html
- 12.2 LDAP on Windows does authentication wrong?
- https://github.com/curl/curl/issues/3116
- 12.3 LDAP on Windows does not work
- A simple curl command line getting "ldap://ldap.forumsys.com" returns an
- error that says "no memory" !
- https://github.com/curl/curl/issues/4261
- 12.4 LDAPS requests to ActiveDirectory server hang
- https://github.com/curl/curl/issues/9580
- 13. TCP/IP
- 13.2 Trying local ports fails on Windows
- This makes '--local-port [range]' to not work since curl cannot properly
- detect if a port is already in use, so it tries the first port, uses that and
- then subsequently fails anyway if that was actually in use.
- https://github.com/curl/curl/issues/8112
- 15. CMake
- 15.1 cmake outputs: no version information available
- Something in the SONAME generation seems to be wrong in the cmake build.
- https://github.com/curl/curl/issues/11158
- 15.6 uses -lpthread instead of Threads::Threads
- See https://github.com/curl/curl/issues/6166
- 15.7 generated .pc file contains strange entries
- The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc
- -lgcc -lgcc_s
- See https://github.com/curl/curl/issues/6167
- 15.13 CMake build with MIT Kerberos does not work
- Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
- try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with
- MIT Kerberos detection sets few variables to potentially weird mix of space,
- and ;-separated flags. It had to blow up at some point. All the CMake checks
- that involve compilation are doomed from that point, the configured tree
- cannot be built.
- https://github.com/curl/curl/issues/6904
- 16. aws-sigv4
- 16.2 aws-sigv4 does not handle multipart/form-data correctly
- https://github.com/curl/curl/issues/13351
- 16.3 aws-sigv4 has problems with particular URLs
- https://github.com/curl/curl/issues/13058
- 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
- https://github.com/curl/curl/issues/11007
- 17. HTTP/2
- 17.1 HTTP/2 prior knowledge over proxy
- https://github.com/curl/curl/issues/12641
- 17.2 HTTP/2 frames while in the connection pool kill reuse
- If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
- curl while the connection is held in curl's connection pool, the socket is
- found readable when considered for reuse and that makes curl think it is dead
- and then it is closed and a new connection gets created instead.
- This is *best* fixed by adding monitoring to connections while they are kept
- in the pool so that pings can be responded to appropriately.
- 17.3 ENHANCE_YOUR_CALM causes infinite retries
- Infinite retries with 2 parallel requests on one connection receiving GOAWAY
- with ENHANCE_YOUR_CALM error code.
- See https://github.com/curl/curl/issues/5119
- 17.4 HTTP/2 + TLS spends a lot of time in recv
- It has been observered that by making the speed limit less accurate we could
- improve this performance. (by reverting
- https://github.com/curl/curl/commit/db5c9f4f9e0779b49624752b135281a0717b277b)
- Can we find a golden middle ground?
- See https://curl.se/mail/lib-2024-05/0026.html and
- https://github.com/curl/curl/issues/13416
- 18. HTTP/3
- 18.1 connection migration does not work
- https://github.com/curl/curl/issues/7695
- 18.2 quiche: QUIC connection is draining
- The transfer ends with error "QUIC connection is draining".
- https://github.com/curl/curl/issues/12037
- 19. RTSP
- 19.1 Some methods do not support response bodies
- The RTSP implementation is written to assume that a number of RTSP methods
- always get responses without bodies, even though there seems to be no
- indication in the RFC that this is always the case.
- https://github.com/curl/curl/issues/12414
|