KNOWN_BUGS 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591
  1. _ _ ____ _
  2. ___| | | | _ \| |
  3. / __| | | | |_) | |
  4. | (__| |_| | _ <| |___
  5. \___|\___/|_| \_\_____|
  6. Known Bugs
  7. These are problems and bugs known to exist at the time of this release. Feel
  8. free to join in and help us correct one or more of these. Also be sure to
  9. check the changelog of the current development status, as one or more of these
  10. problems may have been fixed or changed somewhat since this was written.
  11. 1. HTTP
  12. 1.1 hyper memory-leaks
  13. 1.5 Expect-100 meets 417
  14. 2. TLS
  15. 2.3 Unable to use PKCS12 certificate with Secure Transport
  16. 2.4 Secure Transport will not import PKCS#12 client certificates without a password
  17. 2.5 Client cert handling with Issuer DN differs between backends
  18. 2.7 Client cert (MTLS) issues with Schannel
  19. 2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname
  20. 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
  21. 2.12 FTPS with Schannel times out file list operation
  22. 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
  23. 3. Email protocols
  24. 3.1 IMAP SEARCH ALL truncated response
  25. 3.2 No disconnect command
  26. 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses
  27. 3.4 AUTH PLAIN for SMTP is not working on all servers
  28. 4. Command line
  29. 5. Build and portability issues
  30. 5.1 OS400 port requires deprecated IBM library
  31. 5.2 curl-config --libs contains private details
  32. 5.3 building for old macOS fails with gcc
  33. 5.5 cannot handle Unicode arguments in non-Unicode builds on Windows
  34. 5.9 Utilize Requires.private directives in libcurl.pc
  35. 5.11 configure --with-gssapi with Heimdal is ignored on macOS
  36. 5.12 flaky CI builds
  37. 5.13 long paths are not fully supported on Windows
  38. 5.14 Windows Unicode builds use homedir in current locale
  39. 6. Authentication
  40. 6.1 NTLM authentication and unicode
  41. 6.2 MIT Kerberos for Windows build
  42. 6.3 NTLM in system context uses wrong name
  43. 6.4 Negotiate and Kerberos V5 need a fake user name
  44. 6.5 NTLM does not support password with § character
  45. 6.6 libcurl can fail to try alternatives with --proxy-any
  46. 6.7 Do not clear digest for single realm
  47. 6.9 SHA-256 digest not supported in Windows SSPI builds
  48. 6.10 curl never completes Negotiate over HTTP
  49. 6.11 Negotiate on Windows fails
  50. 6.12 cannot use Secure Transport with Crypto Token Kit
  51. 6.13 Negotiate against Hadoop HDFS
  52. 7. FTP
  53. 7.3 FTP with NOBODY and FAILONERROR
  54. 7.4 FTP with ACCT
  55. 7.11 FTPS upload data loss with TLS 1.3
  56. 7.12 FTPS directory listing hangs on Windows with Schannel
  57. 9. SFTP and SCP
  58. 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
  59. 9.2 wolfssh: publickey auth does not work
  60. 9.3 Remote recursive folder creation with SFTP
  61. 9.4 libssh blocking and infinite loop problem
  62. 10. SOCKS
  63. 10.3 FTPS over SOCKS
  64. 11. Internals
  65. 11.2 error buffer not set if connection to multiple addresses fails
  66. 11.4 HTTP test server 'connection-monitor' problems
  67. 11.5 Connection information when using TCP Fast Open
  68. 12. LDAP
  69. 12.1 OpenLDAP hangs after returning results
  70. 12.2 LDAP on Windows does authentication wrong?
  71. 12.3 LDAP on Windows does not work
  72. 12.4 LDAPS with NSS is slow
  73. 13. TCP/IP
  74. 13.2 Trying local ports fails on Windows
  75. 15. CMake
  76. 15.2 support build with GnuTLS
  77. 15.3 unusable tool_hugehelp.c with MinGW
  78. 15.4 build docs/curl.1
  79. 15.6 uses -lpthread instead of Threads::Threads
  80. 15.7 generated .pc file contains strange entries
  81. 15.8 libcurl.pc uses absolute library paths
  82. 15.11 ExternalProject_Add does not set CURL_CA_PATH
  83. 15.13 CMake build with MIT Kerberos does not work
  84. 16. Applications
  85. 17. HTTP/2
  86. 17.2 HTTP/2 frames while in the connection pool kill reuse
  87. 17.3 ENHANCE_YOUR_CALM causes infinite retries
  88. 18. HTTP/3
  89. 18.1 connection migration does not work
  90. ==============================================================================
  91. 1. HTTP
  92. 1.1 hyper memory-leaks
  93. Building curl with the hyper backend causes mysterious memory-leaks
  94. https://github.com/curl/curl/issues/10803
  95. 1.5 Expect-100 meets 417
  96. If an upload using Expect: 100-continue receives an HTTP 417 response, it
  97. ought to be automatically resent without the Expect:. A workaround is for
  98. the client application to redo the transfer after disabling Expect:.
  99. https://curl.se/mail/archive-2008-02/0043.html
  100. 2. TLS
  101. 2.3 Unable to use PKCS12 certificate with Secure Transport
  102. See https://github.com/curl/curl/issues/5403
  103. 2.4 Secure Transport will not import PKCS#12 client certificates without a password
  104. libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that
  105. function rejects certificates that do not have a password.
  106. https://github.com/curl/curl/issues/1308
  107. 2.5 Client cert handling with Issuer DN differs between backends
  108. When the specified client certificate does not match any of the
  109. server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
  110. The github discussion may contain a solution.
  111. See https://github.com/curl/curl/issues/1411
  112. 2.7 Client cert (MTLS) issues with Schannel
  113. See https://github.com/curl/curl/issues/3145
  114. 2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname
  115. This seems to be a limitation in the underlying Schannel API.
  116. https://github.com/curl/curl/issues/3284
  117. 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
  118. In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
  119. implementation likely has a bug that can rarely cause the key exchange to
  120. fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
  121. https://github.com/curl/curl/issues/5488
  122. 2.12 FTPS with Schannel times out file list operation
  123. "Instead of the command completing, it just sits there until the timeout
  124. expires." - the same command line seems to work with other TLS backends and
  125. other operating systems. See https://github.com/curl/curl/issues/5284.
  126. 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
  127. https://github.com/curl/curl/issues/8741
  128. 3. Email protocols
  129. 3.1 IMAP SEARCH ALL truncated response
  130. IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
  131. code reveals that pingpong.c contains some truncation code, at line 408, when
  132. it deems the server response to be too large truncating it to 40 characters"
  133. https://curl.se/bug/view.cgi?id=1366
  134. 3.2 No disconnect command
  135. The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and
  136. SMTP if a failure occurs during the authentication phase of a connection.
  137. 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses
  138. You have to tell libcurl not to expect a body, when dealing with one line
  139. response commands. Please see the POP3 examples and test cases which show
  140. this for the NOOP and DELE commands. https://curl.se/bug/?i=740
  141. 3.4 AUTH PLAIN for SMTP is not working on all servers
  142. Specifying "--login-options AUTH=PLAIN" on the command line does not seem to
  143. work correctly.
  144. See https://github.com/curl/curl/issues/4080
  145. 4. Command line
  146. 5. Build and portability issues
  147. 5.1 OS400 port requires deprecated IBM library
  148. curl for OS400 requires QADRT to build, which provides ASCII wrappers for
  149. libc/POSIX functions in the ILE, but IBM no longer supports or even offers
  150. this library to download.
  151. See https://github.com/curl/curl/issues/5176
  152. 5.2 curl-config --libs contains private details
  153. "curl-config --libs" will include details set in LDFLAGS when configure is
  154. run that might be needed only for building libcurl. Further, curl-config
  155. --cflags suffers from the same effects with CFLAGS/CPPFLAGS.
  156. 5.3 building for old macOS fails with gcc
  157. Building curl for certain old macOS versions fails when gcc is used. We
  158. command using clang in those cases.
  159. See https://github.com/curl/curl/issues/11441
  160. 5.5 cannot handle Unicode arguments in non-Unicode builds on Windows
  161. If a URL or filename cannot be encoded using the user's current codepage then
  162. it can only be encoded properly in the Unicode character set. Windows uses
  163. UTF-16 encoding for Unicode and stores it in wide characters, however curl
  164. and libcurl are not equipped for that at the moment except when built with
  165. _UNICODE and UNICODE defined. And, except for Cygwin, Windows cannot use UTF-8
  166. as a locale.
  167. https://curl.se/bug/?i=345
  168. https://curl.se/bug/?i=731
  169. https://curl.se/bug/?i=3747
  170. 5.9 Utilize Requires.private directives in libcurl.pc
  171. https://github.com/curl/curl/issues/864
  172. 5.11 configure --with-gssapi with Heimdal is ignored on macOS
  173. ... unless you also pass --with-gssapi-libs
  174. https://github.com/curl/curl/issues/3841
  175. 5.12 flaky CI builds
  176. We run many CI builds for each commit and PR on github, and especially a
  177. number of the Windows builds are flaky. This means that we rarely get all CI
  178. builds go green and complete without errors. This is unfortunate as it makes
  179. us sometimes miss actual build problems and it is surprising to newcomers to
  180. the project who (rightfully) do not expect this.
  181. See https://github.com/curl/curl/issues/6972
  182. 5.13 long paths are not fully supported on Windows
  183. curl on Windows cannot access long paths (paths longer than 260 characters).
  184. However, as a workaround, the Windows path prefix \\?\ which disables all path
  185. interpretation may work to allow curl to access the path. For example:
  186. \\?\c:\longpath.
  187. See https://github.com/curl/curl/issues/8361
  188. 5.14 Windows Unicode builds use homedir in current locale
  189. The Windows Unicode builds of curl use the current locale, but expect Unicode
  190. UTF-8 encoded paths for internal use such as open, access and stat. The user's
  191. home directory is retrieved via curl_getenv in the current locale and not as
  192. UTF-8 encoded Unicode.
  193. See https://github.com/curl/curl/pull/7252 and
  194. https://github.com/curl/curl/pull/7281
  195. 6. Authentication
  196. 6.1 NTLM authentication and unicode
  197. NTLM authentication involving unicode user name or password only works
  198. properly if built with UNICODE defined together with the Schannel
  199. backend. The original problem was mentioned in:
  200. https://curl.se/mail/lib-2009-10/0024.html
  201. https://curl.se/bug/view.cgi?id=896
  202. The Schannel version verified to work as mentioned in
  203. https://curl.se/mail/lib-2012-07/0073.html
  204. 6.2 MIT Kerberos for Windows build
  205. libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
  206. library header files exporting symbols/macros that should be kept private to
  207. the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/
  208. 6.3 NTLM in system context uses wrong name
  209. NTLM authentication using SSPI (on Windows) when (lib)curl is running in
  210. "system context" will make it use wrong(?) user name - at least when compared
  211. to what winhttp does. See https://curl.se/bug/view.cgi?id=535
  212. 6.4 Negotiate and Kerberos V5 need a fake user name
  213. In order to get Negotiate (SPNEGO) authentication to work in HTTP or Kerberos
  214. V5 in the email protocols, you need to provide a (fake) user name (this
  215. concerns both curl and the lib) because the code wrongly only considers
  216. authentication if there's a user name provided by setting
  217. conn->bits.user_passwd in url.c https://curl.se/bug/view.cgi?id=440 How?
  218. https://curl.se/mail/lib-2004-08/0182.html A possible solution is to
  219. either modify this variable to be set or introduce a variable such as
  220. new conn->bits.want_authentication which is set when any of the authentication
  221. options are set.
  222. 6.5 NTLM does not support password with § character
  223. https://github.com/curl/curl/issues/2120
  224. 6.6 libcurl can fail to try alternatives with --proxy-any
  225. When connecting via a proxy using --proxy-any, a failure to establish an
  226. authentication will cause libcurl to abort trying other options if the
  227. failed method has a higher preference than the alternatives. As an example,
  228. --proxy-any against a proxy which advertise Negotiate and NTLM, but which
  229. fails to set up Kerberos authentication will not proceed to try authentication
  230. using NTLM.
  231. https://github.com/curl/curl/issues/876
  232. 6.7 Do not clear digest for single realm
  233. https://github.com/curl/curl/issues/3267
  234. 6.9 SHA-256 digest not supported in Windows SSPI builds
  235. Windows builds of curl that have SSPI enabled use the native Windows API calls
  236. to create authentication strings. The call to InitializeSecurityContext fails
  237. with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR.
  238. Microsoft does not document supported digest algorithms and that SEC_E error
  239. code is not a documented error for InitializeSecurityContext (digest).
  240. https://github.com/curl/curl/issues/6302
  241. 6.10 curl never completes Negotiate over HTTP
  242. Apparently it is not working correctly...?
  243. See https://github.com/curl/curl/issues/5235
  244. 6.11 Negotiate on Windows fails
  245. When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake
  246. fails despite having a valid kerberos ticket cached. Works without any issue
  247. in Unix/Linux.
  248. https://github.com/curl/curl/issues/5881
  249. 6.12 cannot use Secure Transport with Crypto Token Kit
  250. https://github.com/curl/curl/issues/7048
  251. 6.13 Negotiate authentication against Hadoop HDFS
  252. https://github.com/curl/curl/issues/8264
  253. 7. FTP
  254. 7.3 FTP with NOBODY and FAILONERROR
  255. It seems sensible to be able to use CURLOPT_NOBODY and CURLOPT_FAILONERROR
  256. with FTP to detect if a file exists or not, but it is not working:
  257. https://curl.se/mail/lib-2008-07/0295.html
  258. 7.4 FTP with ACCT
  259. When doing an operation over FTP that requires the ACCT command (but not when
  260. logging in), the operation will fail since libcurl does not detect this and
  261. thus fails to issue the correct command:
  262. https://curl.se/bug/view.cgi?id=635
  263. 7.11 FTPS upload data loss with TLS 1.3
  264. During FTPS upload curl does not attempt to read TLS handshake messages sent
  265. after the initial handshake. OpenSSL servers running TLS 1.3 may send such a
  266. message. When curl closes the upload connection if unread data has been
  267. received (such as a TLS handshake message) then the TCP protocol sends an
  268. RST to the server, which may cause the server to discard or truncate the
  269. upload if it has not read all sent data yet, and then return an error to curl
  270. on the control channel connection.
  271. Since 7.78.0 this is mostly fixed. curl will do a single read before closing
  272. TLS connections (which causes the TLS library to read handshake messages),
  273. however there is still possibility of an RST if more messages need to be read
  274. or a message arrives after the read but before close (network race condition).
  275. https://github.com/curl/curl/issues/6149
  276. 7.12 FTPS directory listing hangs on Windows with Schannel
  277. https://github.com/curl/curl/issues/9161
  278. 9. SFTP and SCP
  279. 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
  280. When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server
  281. using the multi interface, the commands are not being sent correctly and
  282. instead the connection is "cancelled" (the operation is considered done)
  283. prematurely. There is a half-baked (busy-looping) patch provided in the bug
  284. report but it cannot be accepted as-is. See
  285. https://curl.se/bug/view.cgi?id=748
  286. 9.2 wolfssh: publickey auth does not work
  287. When building curl to use the wolfSSH backend for SFTP, the publickey
  288. authentication does not work. This is simply functionality not written for curl
  289. yet, the necessary API for make this work is provided by wolfSSH.
  290. See https://github.com/curl/curl/issues/4820
  291. 9.3 Remote recursive folder creation with SFTP
  292. On this servers, the curl fails to create directories on the remote server
  293. even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
  294. See https://github.com/curl/curl/issues/5204
  295. 9.4 libssh blocking and infinite loop problem
  296. In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to
  297. blocking mode. If the network is suddenly disconnected during sftp
  298. transmission, curl will be stuck, even if curl is configured with a timeout.
  299. https://github.com/curl/curl/issues/8632
  300. 10. SOCKS
  301. 10.3 FTPS over SOCKS
  302. libcurl does not support FTPS over a SOCKS proxy.
  303. 11. Internals
  304. 11.2 error buffer not set if connection to multiple addresses fails
  305. If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
  306. only. But you only have IPv4 connectivity. libcurl will correctly fail with
  307. CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER
  308. remains empty. Issue: https://github.com/curl/curl/issues/544
  309. 11.4 HTTP test server 'connection-monitor' problems
  310. The 'connection-monitor' feature of the sws HTTP test server does not work
  311. properly if some tests are run in unexpected order. Like 1509 and then 1525.
  312. See https://github.com/curl/curl/issues/868
  313. 11.5 Connection information when using TCP Fast Open
  314. CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
  315. enabled.
  316. See https://github.com/curl/curl/issues/1332 and
  317. https://github.com/curl/curl/issues/4296
  318. 12. LDAP
  319. 12.1 OpenLDAP hangs after returning results
  320. By configuration defaults, OpenLDAP automatically chase referrals on
  321. secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
  322. should monitor all socket descriptors involved. Currently, these secondary
  323. descriptors are not monitored, causing OpenLDAP library to never receive
  324. data from them.
  325. As a temporary workaround, disable referrals chasing by configuration.
  326. The fix is not easy: proper automatic referrals chasing requires a
  327. synchronous bind callback and monitoring an arbitrary number of socket
  328. descriptors for a single easy handle (currently limited to 5).
  329. Generic LDAP is synchronous: OK.
  330. See https://github.com/curl/curl/issues/622 and
  331. https://curl.se/mail/lib-2016-01/0101.html
  332. 12.2 LDAP on Windows does authentication wrong?
  333. https://github.com/curl/curl/issues/3116
  334. 12.3 LDAP on Windows does not work
  335. A simple curl command line getting "ldap://ldap.forumsys.com" returns an
  336. error that says "no memory" !
  337. https://github.com/curl/curl/issues/4261
  338. 12.4 LDAPS with NSS is slow
  339. See https://github.com/curl/curl/issues/5874
  340. 13. TCP/IP
  341. 13.2 Trying local ports fails on Windows
  342. This makes '--local-port [range]' to not work since curl can't properly
  343. detect if a port is already in use, so it'll try the first port, use that and
  344. then subsequently fail anyway if that was actually in use.
  345. https://github.com/curl/curl/issues/8112
  346. 15. CMake
  347. 15.2 support build with GnuTLS
  348. 15.3 unusable tool_hugehelp.c with MinGW
  349. see https://github.com/curl/curl/issues/3125
  350. 15.4 build docs/curl.1
  351. The cmake build does not create the docs/curl.1 file and therefore must rely on
  352. it being there already. This makes the --manual option not work and test
  353. cases like 1139 cannot function.
  354. 15.6 uses -lpthread instead of Threads::Threads
  355. See https://github.com/curl/curl/issues/6166
  356. 15.7 generated .pc file contains strange entries
  357. The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc
  358. -lgcc -lgcc_s
  359. See https://github.com/curl/curl/issues/6167
  360. 15.8 libcurl.pc uses absolute library paths
  361. The libcurl.pc file generated by cmake contains things like Libs.private:
  362. /usr/lib64/libssl.so /usr/lib64/libcrypto.so /usr/lib64/libz.so. The
  363. autotools equivalent would say Libs.private: -lssl -lcrypto -lz
  364. See https://github.com/curl/curl/issues/6169
  365. 15.11 ExternalProject_Add does not set CURL_CA_PATH
  366. CURL_CA_BUNDLE and CURL_CA_PATH are not set properly when cmake's
  367. ExternalProject_Add is used to build curl as a dependency.
  368. See https://github.com/curl/curl/issues/6313
  369. 15.13 CMake build with MIT Kerberos does not work
  370. Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
  371. try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with
  372. MIT Kerberos detection sets few variables to potentially weird mix of space,
  373. and ;-separated flags. It had to blow up at some point. All the CMake checks
  374. that involve compilation are doomed from that point, the configured tree
  375. cannot be built.
  376. https://github.com/curl/curl/issues/6904
  377. 16. Applications
  378. 17. HTTP/2
  379. 17.2 HTTP/2 frames while in the connection pool kill reuse
  380. If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
  381. curl while the connection is held in curl's connection pool, the socket will
  382. be found readable when considered for reuse and that makes curl think it is
  383. dead and then it will be closed and a new connection gets created instead.
  384. This is *best* fixed by adding monitoring to connections while they are kept
  385. in the pool so that pings can be responded to appropriately.
  386. 17.3 ENHANCE_YOUR_CALM causes infinite retries
  387. Infinite retries with 2 parallel requests on one connection receiving GOAWAY
  388. with ENHANCE_YOUR_CALM error code.
  389. See https://github.com/curl/curl/issues/5119
  390. 18. HTTP/3
  391. 18.1 connection migration does not work
  392. https://github.com/curl/curl/issues/7695