diff options
Diffstat (limited to 'docs/KNOWN_BUGS')
| -rw-r--r-- | docs/KNOWN_BUGS | 26 |
1 files changed, 22 insertions, 4 deletions
diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 606983bb8..e35172daf 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -25,13 +25,14 @@ problems may have been fixed or changed somewhat since this was written! 2. TLS 2.1 CURLINFO_SSL_VERIFYRESULT has limited support 2.2 DER in keychain - 2.4 DarwinSSL won't import PKCS#12 client certificates without a password + 2.4 Secure Transport won't import PKCS#12 client certificates without a password 2.5 Client cert handling with Issuer DN differs between backends 2.6 CURL_GLOBAL_SSL 2.7 Client cert (MTLS) issues with Schannel 2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname 2.9 TLS session cache doesn't work with TFO 2.10 Store TLS context per transfer instead of per connection + 2.11 Schannel TLS 1.2 handshake bug in old Windows versions 3. Email protocols 3.1 IMAP SEARCH ALL truncated response @@ -102,6 +103,7 @@ problems may have been fixed or changed somewhat since this was written! 11.8 DoH leaks memory after followlocation 11.9 DoH doesn't inherit all transfer options 11.10 Blocking socket operations in non-blocking API + 11.11 A shared connection cache is not thread-safe 12. LDAP and OpenLDAP 12.1 OpenLDAP hangs after returning results @@ -209,7 +211,7 @@ problems may have been fixed or changed somewhat since this was written! Curl doesn't recognize certificates in DER format in keychain, but it works with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 -2.4 DarwinSSL won't import PKCS#12 client certificates without a password +2.4 Secure Transport won't import PKCS#12 client certificates without a password libcurl calls SecPKCS12Import with the PKCS#12 client certificate, but that function rejects certificates that do not have a password. @@ -275,6 +277,14 @@ problems may have been fixed or changed somewhat since this was written! https://github.com/curl/curl/issues/5102 +2.11 Schannel TLS 1.2 handshake bug in old Windows versions + + In old versions of Windows such as 7 and 8.1 the Schannel TLS 1.2 handshake + implementation likely has a bug that can rarely cause the key exchange to + fail, resulting in error SEC_E_BUFFER_TOO_SMALL or SEC_E_MESSAGE_ALTERED. + + https://github.com/curl/curl/issues/5488 + 3. Email protocols 3.1 IMAP SEARCH ALL truncated response @@ -462,12 +472,12 @@ problems may have been fixed or changed somewhat since this was written! 6.1 NTLM authentication and unicode NTLM authentication involving unicode user name or password only works - properly if built with UNICODE defined together with the WinSSL/Schannel + properly if built with UNICODE defined together with the Schannel backend. The original problem was mentioned in: https://curl.haxx.se/mail/lib-2009-10/0024.html https://curl.haxx.se/bug/view.cgi?id=896 - The WinSSL/Schannel version verified to work as mentioned in + The Schannel version verified to work as mentioned in https://curl.haxx.se/mail/lib-2012-07/0073.html 6.2 MIT Kerberos for Windows build @@ -744,6 +754,14 @@ problems may have been fixed or changed somewhat since this was written! The list of blocking socket operations is in TODO section "More non-blocking". +11.11 A shared connection cache is not thread-safe + + The share interface offers CURL_LOCK_DATA_CONNECT to have multiple easy + handle share a connection cache, but due to how connections are used they are + still not thread-safe when used shared. + + See https://github.com/curl/curl/issues/4915 + 12. LDAP and OpenLDAP 12.1 OpenLDAP hangs after returning results |