Skip to content
Permalink
Browse files

KNOWN_BUGS/TODO: cleanup and remove outdated issues

  • Loading branch information...
bagder committed Sep 5, 2019
1 parent 04ac67a commit 0f37c8df12aec70fd8043cee650d9b13ca016737
Showing with 32 additions and 258 deletions.
  1. +14 −46 docs/KNOWN_BUGS
  2. +18 −212 docs/TODO
@@ -13,15 +13,13 @@ problems may have been fixed or changed somewhat since this was written!

1. HTTP
1.1 CURLFORM_CONTENTLEN in an array
1.2 Disabling HTTP Pipelining
1.3 STARTTRANSFER time is wrong for HTTP POSTs
1.4 multipart formposts file name encoding
1.5 Expect-100 meets 417
1.6 Unnecessary close when 401 received waiting for 100
1.7 Deflate error after all content was received
1.8 DoH isn't used for all name resolves when enabled
1.9 HTTP/2 frames while in the connection pool kill reuse
1.10 Strips trailing dot from host name
1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM

2. TLS
@@ -99,6 +97,7 @@ problems may have been fixed or changed somewhat since this was written!
11.4 HTTP test server 'connection-monitor' problems
11.5 Connection information when using TCP Fast Open
11.6 slow connect to localhost on Windows
11.7 signal-based resolver timeouts

12. LDAP and OpenLDAP
12.1 OpenLDAP hangs after returning results
@@ -122,14 +121,6 @@ problems may have been fixed or changed somewhat since this was written!
see the now closed related issue:
https://github.com/curl/curl/issues/608

1.2 Disabling HTTP Pipelining

Disabling HTTP Pipelining when there are ongoing transfers can lead to
heap corruption and crash. https://curl.haxx.se/bug/view.cgi?id=1411

Similarly, removing a handle when pipelining corrupts data:
https://github.com/curl/curl/issues/2101

1.3 STARTTRANSFER time is wrong for HTTP POSTs

Wrong STARTTRANSFER timer accounting for POST requests Timer works fine with
@@ -190,42 +181,6 @@ problems may have been fixed or changed somewhat since this was written!
This is *best* fixed by adding monitoring to connections while they are kept
in the pool so that pings can be responded to appropriately.

1.10 Strips trailing dot from host name

When given a URL with a trailing dot for the host name part:
"https://example.com./", libcurl will strip off the dot and use the name
without a dot internally and send it dot-less in HTTP Host: headers and in
the TLS SNI field. For the purpose of resolving the name to an address
the hostname is used as is without any change.

The HTTP part violates RFC 7230 section 5.4 but the SNI part is accordance
with RFC 6066 section 3.

URLs using these trailing dots are very rare in the wild and we have not seen
or gotten any real-world problems with such URLs reported. The popular
browsers seem to have stayed with not stripping the dot for both uses (thus
they violate RFC 6066 instead of RFC 7230).

Daniel took the discussion to the HTTPbis mailing list in March 2016:
https://lists.w3.org/Archives/Public/ietf-http-wg/2016JanMar/0430.html but
there was not major rush or interest to fix this. The impression I get is
that most HTTP people rather not rock the boat now and instead prioritize web
compatibility rather than to strictly adhere to these RFCs.

Our current approach allows a knowing client to send a custom HTTP header
with the dot added.

In a few cases there is a difference in name resolving to IP addresses with
a trailing dot, but it can be noted that many HTTP servers will not happily
accept the trailing dot there unless that has been specifically configured
to be a fine virtual host.

If URLs with trailing dots for host names become more popular or even just
used more than for just plain fun experiments, I'm sure we will have reason
to go back and reconsider.

See https://github.com/curl/curl/issues/716 for the discussion.

1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM

I'm using libcurl to POST form data using a FILE* with the CURLFORM_STREAM
@@ -736,6 +691,19 @@ problems may have been fixed or changed somewhat since this was written!

https://github.com/curl/curl/issues/2281

11.7 signal-based resolver timeouts

libcurl built without an asynchronous resolver library uses alarm() to time
out DNS lookups. When a timeout occurs, this causes libcurl to jump from the
signal handler back into the library with a sigsetjmp, which effectively
causes libcurl to continue running within the signal handler. This is
non-portable and could cause problems on some platforms. A discussion on the
problem is available at https://curl.haxx.se/mail/lib-2008-09/0197.html

Also, alarm() provides timeout resolution only to the nearest second. alarm
ought to be replaced by setitimer on systems that support it.


12. LDAP and OpenLDAP

12.1 OpenLDAP hangs after returning results

0 comments on commit 0f37c8d

Please sign in to comment.
You can’t perform that action at this time.