1                                  _   _ ____  _
2                              ___| | | |  _ \| |
3                             / __| | | | |_) | |
4                            | (__| |_| |  _ <| |___
5                             \___|\___/|_| \_\_____|
6
7                                  Known Bugs
8
9These are problems and bugs known to exist at the time of this release. Feel
10free to join in and help us correct one or more of these. Also be sure to
11check the changelog of the current development status, as one or more of these
12problems may have been fixed or changed somewhat since this was written.
13
14 1. HTTP
15 1.2 hyper is slow
16 1.5 Expect-100 meets 417
17
18 2. TLS
19 2.3 Unable to use PKCS12 certificate with Secure Transport
20 2.4 Secure Transport will not import PKCS#12 client certificates without a password
21 2.5 Client cert handling with Issuer DN differs between backends
22 2.7 Client cert (MTLS) issues with Schannel
23 2.11 Schannel TLS 1.2 handshake bug in old Windows versions
24 2.12 FTPS with Schannel times out file list operation
25 2.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
26
27 3. Email protocols
28 3.1 IMAP SEARCH ALL truncated response
29 3.2 No disconnect command
30 3.3 POP3 expects "CRLF.CRLF" eob for some single-line responses
31 3.4 AUTH PLAIN for SMTP is not working on all servers
32 3.5 APOP authentication fails on POP3
33
34 4. Command line
35
36 5. Build and portability issues
37 5.1 OS400 port requires deprecated IBM library
38 5.2 curl-config --libs contains private details
39 5.3 building for old macOS fails with gcc
40 5.5 cannot handle Unicode arguments in non-Unicode builds on Windows
41 5.6 cygwin: make install installs curl-config.1 twice
42 5.9 Utilize Requires.private directives in libcurl.pc
43 5.11 configure --with-gssapi with Heimdal is ignored on macOS
44 5.12 flaky CI builds
45 5.13 long paths are not fully supported on Windows
46 5.14 Windows Unicode builds use homedir in current locale
47
48 6. Authentication
49 6.1 NTLM authentication and unicode
50 6.2 MIT Kerberos for Windows build
51 6.3 NTLM in system context uses wrong name
52 6.5 NTLM does not support password with § character
53 6.6 libcurl can fail to try alternatives with --proxy-any
54 6.7 Do not clear digest for single realm
55 6.9 SHA-256 digest not supported in Windows SSPI builds
56 6.10 curl never completes Negotiate over HTTP
57 6.11 Negotiate on Windows fails
58 6.12 cannot use Secure Transport with Crypto Token Kit
59 6.13 Negotiate against Hadoop HDFS
60
61 7. FTP
62 7.3 FTP with NOBODY and FAILONERROR
63 7.4 FTP with ACCT
64 7.11 FTPS upload data loss with TLS 1.3
65 7.12 FTPS directory listing hangs on Windows with Schannel
66
67 9. SFTP and SCP
68 9.1 SFTP does not do CURLOPT_POSTQUOTE correct
69 9.2 wolfssh: publickey auth does not work
70 9.3 Remote recursive folder creation with SFTP
71 9.4 libssh blocking and infinite loop problem
72 9.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
73
74 10. SOCKS
75 10.3 FTPS over SOCKS
76
77 11. Internals
78 11.2 error buffer not set if connection to multiple addresses fails
79 11.4 HTTP test server 'connection-monitor' problems
80 11.5 Connection information when using TCP Fast Open
81
82 12. LDAP
83 12.1 OpenLDAP hangs after returning results
84 12.2 LDAP on Windows does authentication wrong?
85 12.3 LDAP on Windows does not work
86 12.4 LDAPS requests to ActiveDirectory server hang
87
88 13. TCP/IP
89 13.2 Trying local ports fails on Windows
90
91 15. CMake
92 15.1 cmake outputs: no version information available
93 15.2 support build with GnuTLS
94 15.3 unusable tool_hugehelp.c with MinGW
95 15.6 uses -lpthread instead of Threads::Threads
96 15.7 generated .pc file contains strange entries
97 15.8 libcurl.pc uses absolute library paths
98 15.11 ExternalProject_Add does not set CURL_CA_PATH
99 15.13 CMake build with MIT Kerberos does not work
100
101 16. aws-sigv4
102 16.1 aws-sigv4 does not sign requests with * correctly
103 16.6 aws-sigv4 does not behave well with AWS VPC Lattice
104
105 17. HTTP/2
106 17.2 HTTP/2 frames while in the connection pool kill reuse
107 17.3 ENHANCE_YOUR_CALM causes infinite retries
108
109 18. HTTP/3
110 18.1 connection migration does not work
111
112 19. RTSP
113 19.1 Some methods do not support response bodies
114
115==============================================================================
116
1171. HTTP
118
1191.2 hyper is slow
120
121 When curl is built to use hyper for HTTP, it is unnecessary slow.
122
123 https://github.com/curl/curl/issues/11203
124
1251.5 Expect-100 meets 417
126
127 If an upload using Expect: 100-continue receives an HTTP 417 response, it
128 ought to be automatically resent without the Expect:. A workaround is for
129 the client application to redo the transfer after disabling Expect:.
130 https://curl.se/mail/archive-2008-02/0043.html
131
1322. TLS
133
1342.3 Unable to use PKCS12 certificate with Secure Transport
135
136 See https://github.com/curl/curl/issues/5403
137
1382.4 Secure Transport will not import PKCS#12 client certificates without a password
139
140 libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that
141 function rejects certificates that do not have a password.
142 https://github.com/curl/curl/issues/1308
143
1442.5 Client cert handling with Issuer DN differs between backends
145
146 When the specified client certificate does not match any of the
147 server-specified DNs, the OpenSSL and GnuTLS backends behave differently.
148 The github discussion may contain a solution.
149
150 See https://github.com/curl/curl/issues/1411
151
1522.7 Client cert (MTLS) issues with Schannel
153
154 See https://github.com/curl/curl/issues/3145
155
1562.11 Schannel TLS 1.2 handshake bug in old Windows versions
157
158 In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake
159 implementation likely has a bug that can rarely cause the key exchange to
160 fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED.
161
162 https://github.com/curl/curl/issues/5488
163
1642.12 FTPS with Schannel times out file list operation
165
166 "Instead of the command completing, it just sits there until the timeout
167 expires." - the same command line seems to work with other TLS backends and
168 other operating systems. See https://github.com/curl/curl/issues/5284.
169
1702.13 CURLOPT_CERTINFO results in CURLE_OUT_OF_MEMORY with Schannel
171
172 https://github.com/curl/curl/issues/8741
173
1743. Email protocols
175
1763.1 IMAP SEARCH ALL truncated response
177
178 IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the
179 code reveals that pingpong.c contains some truncation code, at line 408, when
180 it deems the server response to be too large truncating it to 40 characters"
181 https://curl.se/bug/view.cgi?id=1366
182
1833.2 No disconnect command
184
185 The disconnect commands (LOGOUT and QUIT) may not be sent by IMAP, POP3 and
186 SMTP if a failure occurs during the authentication phase of a connection.
187
1883.3 POP3 expects "CRLF.CRLF" eob for some single-line responses
189
190 You have to tell libcurl not to expect a body, when dealing with one line
191 response commands. Please see the POP3 examples and test cases which show
192 this for the NOOP and DELE commands. https://curl.se/bug/?i=740
193
1943.4 AUTH PLAIN for SMTP is not working on all servers
195
196 Specifying "--login-options AUTH=PLAIN" on the command line does not seem to
197 work correctly.
198
199 See https://github.com/curl/curl/issues/4080
200
2013.5 APOP authentication fails on POP3
202
203 See https://github.com/curl/curl/issues/10073
204
2054. Command line
206
2075. Build and portability issues
208
2095.1 OS400 port requires deprecated IBM library
210
211 curl for OS400 requires QADRT to build, which provides ASCII wrappers for
212 libc/POSIX functions in the ILE, but IBM no longer supports or even offers
213 this library to download.
214
215 See https://github.com/curl/curl/issues/5176
216
2175.2 curl-config --libs contains private details
218
219 "curl-config --libs" will include details set in LDFLAGS when configure is
220 run that might be needed only for building libcurl. Further, curl-config
221 --cflags suffers from the same effects with CFLAGS/CPPFLAGS.
222
2235.3 building for old macOS fails with gcc
224
225 Building curl for certain old macOS versions fails when gcc is used. We
226 command using clang in those cases.
227
228 See https://github.com/curl/curl/issues/11441
229
2305.5 cannot handle Unicode arguments in non-Unicode builds on Windows
231
232 If a URL or filename cannot be encoded using the user's current codepage then
233 it can only be encoded properly in the Unicode character set. Windows uses
234 UTF-16 encoding for Unicode and stores it in wide characters, however curl
235 and libcurl are not equipped for that at the moment except when built with
236 _UNICODE and UNICODE defined. And, except for Cygwin, Windows cannot use UTF-8
237 as a locale.
238
239  https://curl.se/bug/?i=345
240  https://curl.se/bug/?i=731
241  https://curl.se/bug/?i=3747
242
2435.6 cygwin: make install installs curl-config.1 twice
244
245 https://github.com/curl/curl/issues/8839
246
2475.9 Utilize Requires.private directives in libcurl.pc
248
249 https://github.com/curl/curl/issues/864
250
2515.11 configure --with-gssapi with Heimdal is ignored on macOS
252
253 ... unless you also pass --with-gssapi-libs
254
255 https://github.com/curl/curl/issues/3841
256
2575.12 flaky CI builds
258
259 We run many CI builds for each commit and PR on github, and especially a
260 number of the Windows builds are flaky. This means that we rarely get all CI
261 builds go green and complete without errors. This is unfortunate as it makes
262 us sometimes miss actual build problems and it is surprising to newcomers to
263 the project who (rightfully) do not expect this.
264
265 See https://github.com/curl/curl/issues/6972
266
2675.13 long paths are not fully supported on Windows
268
269 curl on Windows cannot access long paths (paths longer than 260 characters).
270 However, as a workaround, the Windows path prefix \\?\ which disables all path
271 interpretation may work to allow curl to access the path. For example:
272 \\?\c:\longpath.
273
274 See https://github.com/curl/curl/issues/8361
275
2765.14 Windows Unicode builds use homedir in current locale
277
278 The Windows Unicode builds of curl use the current locale, but expect Unicode
279 UTF-8 encoded paths for internal use such as open, access and stat. The user's
280 home directory is retrieved via curl_getenv in the current locale and not as
281 UTF-8 encoded Unicode.
282
283 See https://github.com/curl/curl/pull/7252 and
284     https://github.com/curl/curl/pull/7281
285
2866. Authentication
287
2886.1 NTLM authentication and unicode
289
290 NTLM authentication involving unicode user name or password only works
291 properly if built with UNICODE defined together with the Schannel
292 backend. The original problem was mentioned in:
293 https://curl.se/mail/lib-2009-10/0024.html
294 https://curl.se/bug/view.cgi?id=896
295
296 The Schannel version verified to work as mentioned in
297 https://curl.se/mail/lib-2012-07/0073.html
298
2996.2 MIT Kerberos for Windows build
300
301 libcurl fails to build with MIT Kerberos for Windows (KfW) due to KfW's
302 library header files exporting symbols/macros that should be kept private to
303 the KfW library. See ticket #5601 at https://krbdev.mit.edu/rt/
304
3056.3 NTLM in system context uses wrong name
306
307 NTLM authentication using SSPI (on Windows) when (lib)curl is running in
308 "system context" will make it use wrong(?) user name - at least when compared
309 to what winhttp does. See https://curl.se/bug/view.cgi?id=535
310
3116.5 NTLM does not support password with § character
312
313 https://github.com/curl/curl/issues/2120
314
3156.6 libcurl can fail to try alternatives with --proxy-any
316
317 When connecting via a proxy using --proxy-any, a failure to establish an
318 authentication will cause libcurl to abort trying other options if the
319 failed method has a higher preference than the alternatives. As an example,
320 --proxy-any against a proxy which advertise Negotiate and NTLM, but which
321 fails to set up Kerberos authentication will not proceed to try authentication
322 using NTLM.
323
324 https://github.com/curl/curl/issues/876
325
3266.7 Do not clear digest for single realm
327
328 https://github.com/curl/curl/issues/3267
329
3306.9 SHA-256 digest not supported in Windows SSPI builds
331
332 Windows builds of curl that have SSPI enabled use the native Windows API calls
333 to create authentication strings. The call to InitializeSecurityContext fails
334 with SEC_E_QOP_NOT_SUPPORTED which causes curl to fail with CURLE_AUTH_ERROR.
335
336 Microsoft does not document supported digest algorithms and that SEC_E error
337 code is not a documented error for InitializeSecurityContext (digest).
338
339 https://github.com/curl/curl/issues/6302
340
3416.10 curl never completes Negotiate over HTTP
342
343 Apparently it is not working correctly...?
344
345 See https://github.com/curl/curl/issues/5235
346
3476.11 Negotiate on Windows fails
348
349 When using --negotiate (or NTLM) with curl on Windows, SSL/TLS handshake
350 fails despite having a valid kerberos ticket cached. Works without any issue
351 in Unix/Linux.
352
353 https://github.com/curl/curl/issues/5881
354
3556.12 cannot use Secure Transport with Crypto Token Kit
356
357 https://github.com/curl/curl/issues/7048
358
3596.13 Negotiate authentication against Hadoop HDFS
360
361 https://github.com/curl/curl/issues/8264
362
3637. FTP
364
3657.3 FTP with NOBODY and FAILONERROR
366
367 It seems sensible to be able to use CURLOPT_NOBODY and CURLOPT_FAILONERROR
368 with FTP to detect if a file exists or not, but it is not working:
369 https://curl.se/mail/lib-2008-07/0295.html
370
3717.4 FTP with ACCT
372
373 When doing an operation over FTP that requires the ACCT command (but not when
374 logging in), the operation will fail since libcurl does not detect this and
375 thus fails to issue the correct command:
376 https://curl.se/bug/view.cgi?id=635
377
3787.11 FTPS upload data loss with TLS 1.3
379
380 During FTPS upload curl does not attempt to read TLS handshake messages sent
381 after the initial handshake. OpenSSL servers running TLS 1.3 may send such a
382 message. When curl closes the upload connection if unread data has been
383 received (such as a TLS handshake message) then the TCP protocol sends an
384 RST to the server, which may cause the server to discard or truncate the
385 upload if it has not read all sent data yet, and then return an error to curl
386 on the control channel connection.
387
388 Since 7.78.0 this is mostly fixed. curl will do a single read before closing
389 TLS connections (which causes the TLS library to read handshake messages),
390 however there is still possibility of an RST if more messages need to be read
391 or a message arrives after the read but before close (network race condition).
392
393 https://github.com/curl/curl/issues/6149
394
3957.12 FTPS directory listing hangs on Windows with Schannel
396
397 https://github.com/curl/curl/issues/9161
398
3999. SFTP and SCP
400
4019.1 SFTP does not do CURLOPT_POSTQUOTE correct
402
403 When libcurl sends CURLOPT_POSTQUOTE commands when connected to a SFTP server
404 using the multi interface, the commands are not being sent correctly and
405 instead the connection is "cancelled" (the operation is considered done)
406 prematurely. There is a half-baked (busy-looping) patch provided in the bug
407 report but it cannot be accepted as-is. See
408 https://curl.se/bug/view.cgi?id=748
409
4109.2 wolfssh: publickey auth does not work
411
412 When building curl to use the wolfSSH backend for SFTP, the publickey
413 authentication does not work. This is simply functionality not written for curl
414 yet, the necessary API for make this work is provided by wolfSSH.
415
416 See https://github.com/curl/curl/issues/4820
417
4189.3 Remote recursive folder creation with SFTP
419
420 On this servers, the curl fails to create directories on the remote server
421 even when the CURLOPT_FTP_CREATE_MISSING_DIRS option is set.
422
423 See https://github.com/curl/curl/issues/5204
424
4259.4 libssh blocking and infinite loop problem
426
427 In the SSH_SFTP_INIT state for libssh, the ssh session working mode is set to
428 blocking mode. If the network is suddenly disconnected during sftp
429 transmission, curl will be stuck, even if curl is configured with a timeout.
430
431 https://github.com/curl/curl/issues/8632
432
4339.5 cygwin: "WARNING: UNPROTECTED PRIVATE KEY FILE!"
434
435 Running SCP and SFTP tests on cygwin makes this warning message appear.
436
437 https://github.com/curl/curl/issues/11244
438
43910. SOCKS
440
44110.3 FTPS over SOCKS
442
443 libcurl does not support FTPS over a SOCKS proxy.
444
445
44611. Internals
447
44811.2 error buffer not set if connection to multiple addresses fails
449
450 If you ask libcurl to resolve a hostname like example.com to IPv6 addresses
451 only. But you only have IPv4 connectivity. libcurl will correctly fail with
452 CURLE_COULDNT_CONNECT. But the error buffer set by CURLOPT_ERRORBUFFER
453 remains empty. Issue: https://github.com/curl/curl/issues/544
454
45511.4 HTTP test server 'connection-monitor' problems
456
457 The 'connection-monitor' feature of the sws HTTP test server does not work
458 properly if some tests are run in unexpected order. Like 1509 and then 1525.
459
460 See https://github.com/curl/curl/issues/868
461
46211.5 Connection information when using TCP Fast Open
463
464 CURLINFO_LOCAL_PORT (and possibly a few other) fails when TCP Fast Open is
465 enabled.
466
467 See https://github.com/curl/curl/issues/1332 and
468 https://github.com/curl/curl/issues/4296
469
47012. LDAP
471
47212.1 OpenLDAP hangs after returning results
473
474 By configuration defaults, OpenLDAP automatically chase referrals on
475 secondary socket descriptors. The OpenLDAP backend is asynchronous and thus
476 should monitor all socket descriptors involved. Currently, these secondary
477 descriptors are not monitored, causing OpenLDAP library to never receive
478 data from them.
479
480 As a temporary workaround, disable referrals chasing by configuration.
481
482 The fix is not easy: proper automatic referrals chasing requires a
483 synchronous bind callback and monitoring an arbitrary number of socket
484 descriptors for a single easy handle (currently limited to 5).
485
486 Generic LDAP is synchronous: OK.
487
488 See https://github.com/curl/curl/issues/622 and
489     https://curl.se/mail/lib-2016-01/0101.html
490
49112.2 LDAP on Windows does authentication wrong?
492
493 https://github.com/curl/curl/issues/3116
494
49512.3 LDAP on Windows does not work
496
497 A simple curl command line getting "ldap://ldap.forumsys.com" returns an
498 error that says "no memory" !
499
500 https://github.com/curl/curl/issues/4261
501
50212.4 LDAPS requests to ActiveDirectory server hang
503
504 https://github.com/curl/curl/issues/9580
505
50613. TCP/IP
507
50813.2 Trying local ports fails on Windows
509
510 This makes '--local-port [range]' to not work since curl cannot properly
511 detect if a port is already in use, so it will try the first port, use that and
512 then subsequently fail anyway if that was actually in use.
513
514 https://github.com/curl/curl/issues/8112
515
51615. CMake
517
51815.1 cmake outputs: no version information available
519
520 Something in the SONAME generation seems to be wrong in the cmake build.
521
522 https://github.com/curl/curl/issues/11158
523
52415.2 support build with GnuTLS
525
52615.3 unusable tool_hugehelp.c with MinGW
527
528 see https://github.com/curl/curl/issues/3125
529
53015.6 uses -lpthread instead of Threads::Threads
531
532 See https://github.com/curl/curl/issues/6166
533
53415.7 generated .pc file contains strange entries
535
536 The Libs.private field of the generated .pc file contains -lgcc -lgcc_s -lc
537 -lgcc -lgcc_s
538
539 See https://github.com/curl/curl/issues/6167
540
54115.8 libcurl.pc uses absolute library paths
542
543 The libcurl.pc file generated by cmake contains things like Libs.private:
544 /usr/lib64/libssl.so /usr/lib64/libcrypto.so /usr/lib64/libz.so. The
545 autotools equivalent would say Libs.private: -lssl -lcrypto -lz
546
547 See https://github.com/curl/curl/issues/6169
548
54915.11 ExternalProject_Add does not set CURL_CA_PATH
550
551 CURL_CA_BUNDLE and CURL_CA_PATH are not set properly when cmake's
552 ExternalProject_Add is used to build curl as a dependency.
553
554 See https://github.com/curl/curl/issues/6313
555
55615.13 CMake build with MIT Kerberos does not work
557
558 Minimum CMake version was bumped in curl 7.71.0 (#5358) Since CMake 3.2
559 try_compile started respecting the CMAKE_EXE_FLAGS. The code dealing with
560 MIT Kerberos detection sets few variables to potentially weird mix of space,
561 and ;-separated flags. It had to blow up at some point. All the CMake checks
562 that involve compilation are doomed from that point, the configured tree
563 cannot be built.
564
565 https://github.com/curl/curl/issues/6904
566
56716. aws-sigv4
568
56916.1 aws-sigv4 does not sign requests with * correctly
570
571 https://github.com/curl/curl/issues/7559
572
57316.6 aws-sigv4 does not behave well with AWS VPC Lattice
574
575 https://github.com/curl/curl/issues/11007
576
57717. HTTP/2
578
57917.2 HTTP/2 frames while in the connection pool kill reuse
580
581 If the server sends HTTP/2 frames (like for example an HTTP/2 PING frame) to
582 curl while the connection is held in curl's connection pool, the socket will
583 be found readable when considered for reuse and that makes curl think it is
584 dead and then it will be closed and a new connection gets created instead.
585
586 This is *best* fixed by adding monitoring to connections while they are kept
587 in the pool so that pings can be responded to appropriately.
588
58917.3 ENHANCE_YOUR_CALM causes infinite retries
590
591 Infinite retries with 2 parallel requests on one connection receiving GOAWAY
592 with ENHANCE_YOUR_CALM error code.
593
594 See https://github.com/curl/curl/issues/5119
595
59618. HTTP/3
597
59818.1 connection migration does not work
599
600 https://github.com/curl/curl/issues/7695
601
60219. RTSP
603
60419.1 Some methods do not support response bodies
605
606 The RTSP implementation is written to assume that a number of RTSP methods
607 will always get responses without bodies, even though there seems to be no
608 indication in the RFC that this is always the case.
609
610 https://github.com/curl/curl/issues/12414
611