url.c source code [tensorflow/external/curl/lib/url.c]

1	/***************************************************************************
2	* _ _ ____ _
3	* Project ___\| \| \| \| _ \\| \|
4	* / __\| \| \| \| \|_) \| \|
5	* \| (__\| \|_\| \| _ <\| \|___
6	* \___\|\___/\|_\| \_\_____\|
7	*
8	* Copyright (C) 1998 - 2022, Daniel Stenberg, <[email protected]>, et al.
9	*
10	* This software is licensed as described in the file COPYING, which
11	* you should have received as part of this distribution. The terms
12	* are also available at https://curl.se/docs/copyright.html.
13	*
14	* You may opt to use, copy, modify, merge, publish, distribute and/or sell
15	* copies of the Software, and permit persons to whom the Software is
16	* furnished to do so, under the terms of the COPYING file.
17	*
18	* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19	* KIND, either express or implied.
20	*
21	* SPDX-License-Identifier: curl
22	*
23	***************************************************************************/
24
25	#include "curl_setup.h"
26
27	#ifdef HAVE_NETINET_IN_H
28	#include <netinet/in.h>
29	#endif
30	#ifdef HAVE_NETDB_H
31	#include <netdb.h>
32	#endif
33	#ifdef HAVE_ARPA_INET_H
34	#include <arpa/inet.h>
35	#endif
36	#ifdef HAVE_NET_IF_H
37	#include <net/if.h>
38	#endif
39	#ifdef HAVE_IPHLPAPI_H
40	#include <Iphlpapi.h>
41	#endif
42	#ifdef HAVE_SYS_IOCTL_H
43	#include <sys/ioctl.h>
44	#endif
45	#ifdef HAVE_SYS_PARAM_H
46	#include <sys/param.h>
47	#endif
48
49	#ifdef __VMS
50	#include <in.h>
51	#include <inet.h>
52	#endif
53
54	#ifdef HAVE_SYS_UN_H
55	#include <sys/un.h>
56	#endif
57
58	#ifndef HAVE_SOCKET
59	#error "We can't compile without socket() support!"
60	#endif
61
62	#include <limits.h>
63
64	#ifdef USE_LIBIDN2
65	#include <idn2.h>
66
67	#if defined(WIN32) && defined(UNICODE)
68	#define IDN2_LOOKUP(name, host, flags) \
69	idn2_lookup_u8((const uint8_t )name, (uint8_t *)host, flags)
70	#else
71	#define IDN2_LOOKUP(name, host, flags) \
72	idn2_lookup_ul((const char )name, (char *)host, flags)
73	#endif
74
75	#elif defined(USE_WIN32_IDN)
76	/ prototype for curl_win32_idn_to_ascii() /
77	bool curl_win32_idn_to_ascii(const char in, char* **out);
78	#endif /* USE_LIBIDN2 */
79
80	#include "doh.h"
81	#include "urldata.h"
82	#include "netrc.h"
83
84	#include "formdata.h"
85	#include "mime.h"
86	#include "vtls/vtls.h"
87	#include "hostip.h"
88	#include "transfer.h"
89	#include "sendf.h"
90	#include "progress.h"
91	#include "cookie.h"
92	#include "strcase.h"
93	#include "strerror.h"
94	#include "escape.h"
95	#include "strtok.h"
96	#include "share.h"
97	#include "content_encoding.h"
98	#include "http_digest.h"
99	#include "http_negotiate.h"
100	#include "select.h"
101	#include "multiif.h"
102	#include "easyif.h"
103	#include "speedcheck.h"
104	#include "warnless.h"
105	#include "getinfo.h"
106	#include "urlapi-int.h"
107	#include "system_win32.h"
108	#include "hsts.h"
109
110	/ And now for the protocols /
111	#include "ftp.h"
112	#include "dict.h"
113	#include "telnet.h"
114	#include "tftp.h"
115	#include "http.h"
116	#include "http2.h"
117	#include "file.h"
118	#include "curl_ldap.h"
119	#include "vssh/ssh.h"
120	#include "imap.h"
121	#include "url.h"
122	#include "connect.h"
123	#include "inet_ntop.h"
124	#include "http_ntlm.h"
125	#include "curl_rtmp.h"
126	#include "gopher.h"
127	#include "mqtt.h"
128	#include "http_proxy.h"
129	#include "conncache.h"
130	#include "multihandle.h"
131	#include "dotdot.h"
132	#include "strdup.h"
133	#include "setopt.h"
134	#include "altsvc.h"
135	#include "dynbuf.h"
136	#include "headers.h"
137
138	/ The last 3 #include files should be in this order /
139	#include "curl_printf.h"
140	#include "curl_memory.h"
141	#include "memdebug.h"
142
143	static void conn_free(struct connectdata *conn);
144
145	/ Some parts of the code (e.g. chunked encoding) assume this buffer has at*
146	* more than just a few bytes to play with. Don't let it become too small or
147	* bad things will happen.
148	*/
149	#if READBUFFER_SIZE < READBUFFER_MIN
150	# error READBUFFER_SIZE is too small
151	#endif
152
153	#ifdef USE_UNIX_SOCKETS
154	#define UNIX_SOCKET_PREFIX "localhost"
155	#endif
156
157	/ Reject URLs exceeding this length /
158	#define MAX_URL_LEN 0xffff
159
160	/*
161	* get_protocol_family()
162	*
163	* This is used to return the protocol family for a given protocol.
164	*
165	* Parameters:
166	*
167	* 'h' [in] - struct Curl_handler pointer.
168	*
169	* Returns the family as a single bit protocol identifier.
170	*/
171	static unsigned int get_protocol_family(const struct Curl_handler *h)
172	{
173	DEBUGASSERT(h);
174	DEBUGASSERT(h->family);
175	return h->family;
176	}
177
178
179	/*
180	* Protocol table. Schemes (roughly) in 2019 popularity order:
181	*
182	* HTTPS, HTTP, FTP, FTPS, SFTP, FILE, SCP, SMTP, LDAP, IMAPS, TELNET, IMAP,
183	* LDAPS, SMTPS, TFTP, SMB, POP3, GOPHER POP3S, RTSP, RTMP, SMBS, DICT
184	*/
185	static const struct Curl_handler * const protocols[] = {
186
187	#if defined(USE_SSL) && !defined(CURL_DISABLE_HTTP)
188	&Curl_handler_https,
189	#endif
190
191	#ifndef CURL_DISABLE_HTTP
192	&Curl_handler_http,
193	#endif
194
195	#ifndef CURL_DISABLE_FTP
196	&Curl_handler_ftp,
197	#endif
198
199	#if defined(USE_SSL) && !defined(CURL_DISABLE_FTP)
200	&Curl_handler_ftps,
201	#endif
202
203	#if defined(USE_SSH)
204	&Curl_handler_sftp,
205	#endif
206
207	#ifndef CURL_DISABLE_FILE
208	&Curl_handler_file,
209	#endif
210
211	#if defined(USE_SSH) && !defined(USE_WOLFSSH)
212	&Curl_handler_scp,
213	#endif
214
215	#ifndef CURL_DISABLE_SMTP
216	&Curl_handler_smtp,
217	#ifdef USE_SSL
218	&Curl_handler_smtps,
219	#endif
220	#endif
221
222	#ifndef CURL_DISABLE_LDAP
223	&Curl_handler_ldap,
224	#if !defined(CURL_DISABLE_LDAPS) && \
225	((defined(USE_OPENLDAP) && defined(USE_SSL)) \|\| \
226	(!defined(USE_OPENLDAP) && defined(HAVE_LDAP_SSL)))
227	&Curl_handler_ldaps,
228	#endif
229	#endif
230
231	#ifndef CURL_DISABLE_IMAP
232	&Curl_handler_imap,
233	#ifdef USE_SSL
234	&Curl_handler_imaps,
235	#endif
236	#endif
237
238	#ifndef CURL_DISABLE_TELNET
239	&Curl_handler_telnet,
240	#endif
241
242	#ifndef CURL_DISABLE_TFTP
243	&Curl_handler_tftp,
244	#endif
245
246	#ifndef CURL_DISABLE_POP3
247	&Curl_handler_pop3,
248	#ifdef USE_SSL
249	&Curl_handler_pop3s,
250	#endif
251	#endif
252
253	#if !defined(CURL_DISABLE_SMB) && defined(USE_CURL_NTLM_CORE) && \
254	(SIZEOF_CURL_OFF_T > 4)
255	&Curl_handler_smb,
256	#ifdef USE_SSL
257	&Curl_handler_smbs,
258	#endif
259	#endif
260
261	#ifndef CURL_DISABLE_RTSP
262	&Curl_handler_rtsp,
263	#endif
264
265	#ifndef CURL_DISABLE_MQTT
266	&Curl_handler_mqtt,
267	#endif
268
269	#ifndef CURL_DISABLE_GOPHER
270	&Curl_handler_gopher,
271	#ifdef USE_SSL
272	&Curl_handler_gophers,
273	#endif
274	#endif
275
276	#ifdef USE_LIBRTMP
277	&Curl_handler_rtmp,
278	&Curl_handler_rtmpt,
279	&Curl_handler_rtmpe,
280	&Curl_handler_rtmpte,
281	&Curl_handler_rtmps,
282	&Curl_handler_rtmpts,
283	#endif
284
285	#ifndef CURL_DISABLE_DICT
286	&Curl_handler_dict,
287	#endif
288
289	(struct Curl_handler *) NULL
290	};
291
292	/*
293	* Dummy handler for undefined protocol schemes.
294	*/
295
296	static const struct Curl_handler Curl_handler_dummy = {
297	"<no protocol>", / scheme /
298	ZERO_NULL, / setup_connection /
299	ZERO_NULL, / do_it /
300	ZERO_NULL, / done /
301	ZERO_NULL, / do_more /
302	ZERO_NULL, / connect_it /
303	ZERO_NULL, / connecting /
304	ZERO_NULL, / doing /
305	ZERO_NULL, / proto_getsock /
306	ZERO_NULL, / doing_getsock /
307	ZERO_NULL, / domore_getsock /
308	ZERO_NULL, / perform_getsock /
309	ZERO_NULL, / disconnect /
310	ZERO_NULL, / readwrite /
311	ZERO_NULL, / connection_check /
312	ZERO_NULL, / attach connection /
313	`0`, / defport /
314	`0`, / protocol /
315	`0`, / family /
316	PROTOPT_NONE / flags /
317	};
318
319	void Curl_freeset(struct Curl_easy *data)
320	{
321	/ Free all dynamic strings stored in the data->set substructure. /
322	enum dupstring i;
323	enum dupblob j;
324
325	for(i = (enum dupstring)`0`; i < STRING_LAST; i++) {
326	Curl_safefree(data->set.str[i]);
327	}
328
329	for(j = (enum dupblob)`0`; j < BLOB_LAST; j++) {
330	Curl_safefree(data->set.blobs[j]);
331	}
332
333	if(data->state.referer_alloc) {
334	Curl_safefree(data->state.referer);
335	data->state.referer_alloc = FALSE;
336	}
337	data->state.referer = NULL;
338	if(data->state.url_alloc) {
339	Curl_safefree(data->state.url);
340	data->state.url_alloc = FALSE;
341	}
342	data->state.url = NULL;
343
344	Curl_mime_cleanpart(&data->set.mimepost);
345	}
346
347	/ free the URL pieces /
348	static void up_free(struct Curl_easy *data)
349	{
350	struct urlpieces *up = &data->state.up;
351	Curl_safefree(up->scheme);
352	Curl_safefree(up->hostname);
353	Curl_safefree(up->port);
354	Curl_safefree(up->user);
355	Curl_safefree(up->password);
356	Curl_safefree(up->options);
357	Curl_safefree(up->path);
358	Curl_safefree(up->query);
359	curl_url_cleanup(data->state.uh);
360	data->state.uh = NULL;
361	}
362
363	/*
364	* This is the internal function curl_easy_cleanup() calls. This should
365	* cleanup and free all resources associated with this sessionhandle.
366	*
367	* We ignore SIGPIPE when this is called from curl_easy_cleanup.
368	*/
369
370	CURLcode Curl_close(struct Curl_easy **datap)
371	{
372	struct Curl_multi *m;
373	struct Curl_easy *data;
374
375	if(!datap \|\| !*datap)
376	return CURLE_OK;
377
378	data = *datap;
379	*datap = NULL;
380
381	Curl_expire_clear(data); / shut off timers /
382
383	/ Detach connection if any is left. This should not be normal, but can be*
384	the case for example with CONNECT_ONLY + recv/send (test 556) /*
385	Curl_detach_connection(data);
386	m = data->multi;
387	if(m)
388	/ This handle is still part of a multi handle, take care of this first*
389	and detach this handle from there. /*
390	curl_multi_remove_handle(data->multi, data);
391
392	if(data->multi_easy) {
393	/ when curl_easy_perform() is used, it creates its own multi handle to*
394	use and this is the one /*
395	curl_multi_cleanup(data->multi_easy);
396	data->multi_easy = NULL;
397	}
398
399	/ Destroy the timeout list that is held in the easy handle. It is*
400	/normally/ done by curl_multi_remove_handle() but this is "just in
401	case" /*
402	Curl_llist_destroy(&data->state.timeoutlist, NULL);
403
404	data->magic = `0`; / force a clear AFTER the possibly enforced removal from*
405	the multi handle, since that function uses the magic
406	field! /*
407
408	if(data->state.rangestringalloc)
409	free(data->state.range);
410
411	/ freed here just in case DONE wasn't called /
412	Curl_free_request_state(data);
413
414	/ Close down all open SSL info and sessions /
415	Curl_ssl_close_all(data);
416	Curl_safefree(data->state.first_host);
417	Curl_safefree(data->state.scratch);
418	Curl_ssl_free_certinfo(data);
419
420	/ Cleanup possible redirect junk /
421	free(data->req.newurl);
422	data->req.newurl = NULL;
423
424	if(data->state.referer_alloc) {
425	Curl_safefree(data->state.referer);
426	data->state.referer_alloc = FALSE;
427	}
428	data->state.referer = NULL;
429
430	up_free(data);
431	Curl_safefree(data->state.buffer);
432	Curl_dyn_free(&data->state.headerb);
433	Curl_safefree(data->state.ulbuf);
434	Curl_flush_cookies(data, TRUE);
435	Curl_altsvc_save(data, data->asi, data->set.str[STRING_ALTSVC]);
436	Curl_altsvc_cleanup(&data->asi);
437	Curl_hsts_save(data, data->hsts, data->set.str[STRING_HSTS]);
438	Curl_hsts_cleanup(&data->hsts);
439	#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
440	Curl_http_auth_cleanup_digest(data);
441	#endif
442	Curl_safefree(data->info.contenttype);
443	Curl_safefree(data->info.wouldredirect);
444
445	/ this destroys the channel and we cannot use it anymore after this /
446	Curl_resolver_cancel(data);
447	Curl_resolver_cleanup(data->state.async.resolver);
448
449	Curl_http2_cleanup_dependencies(data);
450
451	/ No longer a dirty share, if it exists /
452	if(data->share) {
453	Curl_share_lock(data, CURL_LOCK_DATA_SHARE, CURL_LOCK_ACCESS_SINGLE);
454	data->share->dirty--;
455	Curl_share_unlock(data, CURL_LOCK_DATA_SHARE);
456	}
457
458	Curl_safefree(data->state.aptr.proxyuserpwd);
459	Curl_safefree(data->state.aptr.uagent);
460	Curl_safefree(data->state.aptr.userpwd);
461	Curl_safefree(data->state.aptr.accept_encoding);
462	Curl_safefree(data->state.aptr.te);
463	Curl_safefree(data->state.aptr.rangeline);
464	Curl_safefree(data->state.aptr.ref);
465	Curl_safefree(data->state.aptr.host);
466	Curl_safefree(data->state.aptr.cookiehost);
467	Curl_safefree(data->state.aptr.rtsp_transport);
468	Curl_safefree(data->state.aptr.user);
469	Curl_safefree(data->state.aptr.passwd);
470	Curl_safefree(data->state.aptr.proxyuser);
471	Curl_safefree(data->state.aptr.proxypasswd);
472
473	#ifndef CURL_DISABLE_DOH
474	if(data->req.doh) {
475	Curl_dyn_free(&data->req.doh->probe[`0`].serverdoh);
476	Curl_dyn_free(&data->req.doh->probe[`1`].serverdoh);
477	curl_slist_free_all(data->req.doh->headers);
478	Curl_safefree(data->req.doh);
479	}
480	#endif
481
482	/ destruct wildcard structures if it is needed /
483	Curl_wildcard_dtor(&data->wildcard);
484	Curl_freeset(data);
485	Curl_headers_cleanup(data);
486	free(data);
487	return CURLE_OK;
488	}
489
490	/*
491	* Initialize the UserDefined fields within a Curl_easy.
492	* This may be safely called on a new or existing Curl_easy.
493	*/
494	CURLcode Curl_init_userdefined(struct Curl_easy *data)
495	{
496	struct UserDefined *set = &data->set;
497	CURLcode result = CURLE_OK;
498
499	set->out = stdout; / default output to stdout /
500	set->in_set = stdin; / default input from stdin /
501	set->err = stderr; / default stderr to stderr /
502
503	/ use fwrite as default function to store output /
504	set->fwrite_func = (curl_write_callback)fwrite;
505
506	/ use fread as default function to read input /
507	set->fread_func_set = (curl_read_callback)fread;
508	set->is_fread_set = `0`;
509
510	set->seek_func = ZERO_NULL;
511	set->seek_client = ZERO_NULL;
512
513	set->filesize = -`1`; / we don't know the size /
514	set->postfieldsize = -`1`; / unknown size /
515	set->maxredirs = -`1`; / allow any amount by default /
516
517	set->method = HTTPREQ_GET; / Default HTTP request /
518	#ifndef CURL_DISABLE_RTSP
519	set->rtspreq = RTSPREQ_OPTIONS; / Default RTSP request /
520	#endif
521	#ifndef CURL_DISABLE_FTP
522	set->ftp_use_epsv = TRUE; / FTP defaults to EPSV operations /
523	set->ftp_use_eprt = TRUE; / FTP defaults to EPRT operations /
524	set->ftp_use_pret = FALSE; / mainly useful for drftpd servers /
525	set->ftp_filemethod = FTPFILE_MULTICWD;
526	set->ftp_skip_ip = TRUE; / skip PASV IP by default /
527	#endif
528	set->dns_cache_timeout = `60`; / Timeout every 60 seconds by default /
529
530	/ Set the default size of the SSL session ID cache /
531	set->general_ssl.max_ssl_sessions = `5`;
532
533	set->proxyport = `0`;
534	set->proxytype = CURLPROXY_HTTP; / defaults to HTTP proxy /
535	set->httpauth = CURLAUTH_BASIC; / defaults to basic /
536
537	#ifndef CURL_DISABLE_PROXY
538	set->proxyauth = CURLAUTH_BASIC; / defaults to basic /
539	/ SOCKS5 proxy auth defaults to username/password + GSS-API /
540	set->socks5auth = CURLAUTH_BASIC \| CURLAUTH_GSSAPI;
541	#endif
542
543	/ make libcurl quiet by default: /
544	set->hide_progress = TRUE; / CURLOPT_NOPROGRESS changes these /
545
546	Curl_mime_initpart(&set->mimepost, data);
547
548	/*
549	* libcurl 7.10 introduced SSL verification by default! This needs to be
550	* switched off unless wanted.
551	*/
552	#ifndef CURL_DISABLE_DOH
553	set->doh_verifyhost = TRUE;
554	set->doh_verifypeer = TRUE;
555	#endif
556	set->ssl.primary.verifypeer = TRUE;
557	set->ssl.primary.verifyhost = TRUE;
558	#ifdef USE_TLS_SRP
559	set->ssl.primary.authtype = CURL_TLSAUTH_NONE;
560	#endif
561	/ defaults to any auth type /
562	set->ssh_auth_types = CURLSSH_AUTH_DEFAULT;
563	set->ssl.primary.sessionid = TRUE; / session ID caching enabled by*
564	default /*
565	#ifndef CURL_DISABLE_PROXY
566	set->proxy_ssl = set->ssl;
567	#endif
568
569	set->new_file_perms = `0644`; / Default permissions /
570	set->new_directory_perms = `0755`; / Default permissions /
571
572	/ for the protocols fields we don't use the CURLPROTO_ALL convenience
573	define since we internally only use the lower 16 bits for the passed
574	in bitmask to not conflict with the private bits /*
575	set->allowed_protocols = (unsigned int)CURLPROTO_ALL;
576	set->redir_protocols = CURLPROTO_HTTP \| CURLPROTO_HTTPS \| CURLPROTO_FTP \|
577	CURLPROTO_FTPS;
578
579	#if defined(HAVE_GSSAPI) \|\| defined(USE_WINDOWS_SSPI)
580	/*
581	* disallow unprotected protection negotiation NEC reference implementation
582	* seem not to follow rfc1961 section 4.3/4.4
583	*/
584	set->socks5_gssapi_nec = FALSE;
585	#endif
586
587	/ Set the default CA cert bundle/path detected/specified at build time.*
588	*
589	* If Schannel is the selected SSL backend then these locations are
590	* ignored. We allow setting CA location for schannel only when explicitly
591	* specified by the user via CURLOPT_CAINFO / --cacert.
592	*/
593	if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL) {
594	#if defined(CURL_CA_BUNDLE)
595	result = Curl_setstropt(&set->str[STRING_SSL_CAFILE], CURL_CA_BUNDLE);
596	if(result)
597	return result;
598
599	result = Curl_setstropt(&set->str[STRING_SSL_CAFILE_PROXY],
600	CURL_CA_BUNDLE);
601	if(result)
602	return result;
603	#endif
604	#if defined(CURL_CA_PATH)
605	result = Curl_setstropt(&set->str[STRING_SSL_CAPATH], CURL_CA_PATH);
606	if(result)
607	return result;
608
609	result = Curl_setstropt(&set->str[STRING_SSL_CAPATH_PROXY], CURL_CA_PATH);
610	if(result)
611	return result;
612	#endif
613	}
614
615	#ifndef CURL_DISABLE_FTP
616	set->wildcard_enabled = FALSE;
617	set->chunk_bgn = ZERO_NULL;
618	set->chunk_end = ZERO_NULL;
619	set->fnmatch = ZERO_NULL;
620	#endif
621	set->tcp_keepalive = FALSE;
622	set->tcp_keepintvl = `60`;
623	set->tcp_keepidle = `60`;
624	set->tcp_fastopen = FALSE;
625	set->tcp_nodelay = TRUE;
626	set->ssl_enable_npn = TRUE;
627	set->ssl_enable_alpn = TRUE;
628	set->expect_100_timeout = `1000L`; / Wait for a second by default. /
629	set->sep_headers = TRUE; / separated header lists by default /
630	set->buffer_size = READBUFFER_SIZE;
631	set->upload_buffer_size = UPLOADBUFFER_DEFAULT;
632	set->happy_eyeballs_timeout = CURL_HET_DEFAULT;
633	set->upkeep_interval_ms = CURL_UPKEEP_INTERVAL_DEFAULT;
634	set->maxconnects = DEFAULT_CONNCACHE_SIZE; / for easy handles /
635	set->maxage_conn = `118`;
636	set->maxlifetime_conn = `0`;
637	set->http09_allowed = FALSE;
638	set->httpwant =
639	#ifdef USE_HTTP2
640	CURL_HTTP_VERSION_2TLS
641	#else
642	CURL_HTTP_VERSION_1_1
643	#endif
644	;
645	Curl_http2_init_userset(set);
646	return result;
647	}
648
649	/**
650	* Curl_open()
651	*
652	* @param curl is a pointer to a sessionhandle pointer that gets set by this
653	* function.
654	* @return CURLcode
655	*/
656
657	CURLcode Curl_open(struct Curl_easy **curl)
658	{
659	CURLcode result;
660	struct Curl_easy *data;
661
662	/ Very simple start-up: alloc the struct, init it with zeroes and return /
663	data = calloc(`1`, sizeof(struct Curl_easy));
664	if(!data) {
665	/ this is a very serious error /
666	DEBUGF(fprintf(stderr, "Error: calloc of Curl_easy failed\n"));
667	return CURLE_OUT_OF_MEMORY;
668	}
669
670	data->magic = CURLEASY_MAGIC_NUMBER;
671
672	result = Curl_resolver_init(data, &data->state.async.resolver);
673	if(result) {
674	DEBUGF(fprintf(stderr, "Error: resolver_init failed\n"));
675	free(data);
676	return result;
677	}
678
679	result = Curl_init_userdefined(data);
680	if(!result) {
681	Curl_dyn_init(&data->state.headerb, CURL_MAX_HTTP_HEADER);
682	Curl_initinfo(data);
683
684	/ most recent connection is not yet defined /
685	data->state.lastconnect_id = -`1`;
686
687	data->progress.flags \|= PGRS_HIDE;
688	data->state.current_speed = -`1`; / init to negative == impossible /
689	}
690
691	if(result) {
692	Curl_resolver_cleanup(data->state.async.resolver);
693	Curl_dyn_free(&data->state.headerb);
694	Curl_freeset(data);
695	free(data);
696	data = NULL;
697	}
698	else
699	*curl = data;
700
701	return result;
702	}
703
704	#ifdef USE_RECV_BEFORE_SEND_WORKAROUND
705	static void conn_reset_postponed_data(struct connectdata conn, int* num)
706	{
707	struct postponed_data * const psnd = &(conn->postponed[num]);
708	if(psnd->buffer) {
709	DEBUGASSERT(psnd->allocated_size > `0`);
710	DEBUGASSERT(psnd->recv_size <= psnd->allocated_size);
711	DEBUGASSERT(psnd->recv_size ?
712	(psnd->recv_processed < psnd->recv_size) :
713	(psnd->recv_processed == `0`));
714	DEBUGASSERT(psnd->bindsock != CURL_SOCKET_BAD);
715	free(psnd->buffer);
716	psnd->buffer = NULL;
717	psnd->allocated_size = `0`;
718	psnd->recv_size = `0`;
719	psnd->recv_processed = `0`;
720	#ifdef DEBUGBUILD
721	psnd->bindsock = CURL_SOCKET_BAD; / used only for DEBUGASSERT /
722	#endif /* DEBUGBUILD */
723	}
724	else {
725	DEBUGASSERT(psnd->allocated_size == `0`);
726	DEBUGASSERT(psnd->recv_size == `0`);
727	DEBUGASSERT(psnd->recv_processed == `0`);
728	DEBUGASSERT(psnd->bindsock == CURL_SOCKET_BAD);
729	}
730	}
731
732	static void conn_reset_all_postponed_data(struct connectdata *conn)
733	{
734	conn_reset_postponed_data(conn, `0`);
735	conn_reset_postponed_data(conn, `1`);
736	}
737	#else /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
738	/ Use "do-nothing" macro instead of function when workaround not used /
739	#define conn_reset_all_postponed_data(c) do {} while(0)
740	#endif /* ! USE_RECV_BEFORE_SEND_WORKAROUND */
741
742
743	static void conn_shutdown(struct Curl_easy data, struct* connectdata *conn)
744	{
745	DEBUGASSERT(conn);
746	DEBUGASSERT(data);
747	infof(data, "Closing connection %ld", conn->connection_id);
748
749	#ifndef USE_HYPER
750	if(conn->connect_state && conn->connect_state->prot_save) {
751	/ If this was closed with a CONNECT in progress, cleanup this temporary*
752	struct arrangement /*
753	data->req.p.http = NULL;
754	Curl_safefree(conn->connect_state->prot_save);
755	}
756	#endif
757
758	/ possible left-overs from the async name resolvers /
759	Curl_resolver_cancel(data);
760
761	/ close the SSL stuff before we close any sockets since they will/may*
762	write to the sockets /*
763	Curl_ssl_close(data, conn, FIRSTSOCKET);
764	#ifndef CURL_DISABLE_FTP
765	Curl_ssl_close(data, conn, SECONDARYSOCKET);
766	#endif
767
768	/ close possibly still open sockets /
769	if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
770	Curl_closesocket(data, conn, conn->sock[SECONDARYSOCKET]);
771	if(CURL_SOCKET_BAD != conn->sock[FIRSTSOCKET])
772	Curl_closesocket(data, conn, conn->sock[FIRSTSOCKET]);
773	if(CURL_SOCKET_BAD != conn->tempsock[`0`])
774	Curl_closesocket(data, conn, conn->tempsock[`0`]);
775	if(CURL_SOCKET_BAD != conn->tempsock[`1`])
776	Curl_closesocket(data, conn, conn->tempsock[`1`]);
777	}
778
779	static void conn_free(struct connectdata *conn)
780	{
781	DEBUGASSERT(conn);
782
783	Curl_free_idnconverted_hostname(&conn->host);
784	Curl_free_idnconverted_hostname(&conn->conn_to_host);
785	#ifndef CURL_DISABLE_PROXY
786	Curl_free_idnconverted_hostname(&conn->http_proxy.host);
787	Curl_free_idnconverted_hostname(&conn->socks_proxy.host);
788	Curl_safefree(conn->http_proxy.user);
789	Curl_safefree(conn->socks_proxy.user);
790	Curl_safefree(conn->http_proxy.passwd);
791	Curl_safefree(conn->socks_proxy.passwd);
792	Curl_safefree(conn->http_proxy.host.rawalloc); / http proxy name buffer /
793	Curl_safefree(conn->socks_proxy.host.rawalloc); / socks proxy name buffer /
794	Curl_free_primary_ssl_config(&conn->proxy_ssl_config);
795	#endif
796	Curl_safefree(conn->user);
797	Curl_safefree(conn->passwd);
798	Curl_safefree(conn->sasl_authzid);
799	Curl_safefree(conn->options);
800	Curl_safefree(conn->oauth_bearer);
801	Curl_dyn_free(&conn->trailer);
802	Curl_safefree(conn->host.rawalloc); / host name buffer /
803	Curl_safefree(conn->conn_to_host.rawalloc); / host name buffer /
804	Curl_safefree(conn->hostname_resolve);
805	Curl_safefree(conn->secondaryhostname);
806	Curl_safefree(conn->connect_state);
807
808	conn_reset_all_postponed_data(conn);
809	Curl_llist_destroy(&conn->easyq, NULL);
810	Curl_safefree(conn->localdev);
811	Curl_free_primary_ssl_config(&conn->ssl_config);
812
813	#ifdef USE_UNIX_SOCKETS
814	Curl_safefree(conn->unix_domain_socket);
815	#endif
816
817	#ifdef USE_SSL
818	Curl_safefree(conn->ssl_extra);
819	#endif
820	free(conn); / free all the connection oriented data /
821	}
822
823	/*
824	* Disconnects the given connection. Note the connection may not be the
825	* primary connection, like when freeing room in the connection cache or
826	* killing of a dead old connection.
827	*
828	* A connection needs an easy handle when closing down. We support this passed
829	* in separately since the connection to get closed here is often already
830	* disassociated from an easy handle.
831	*
832	* This function MUST NOT reset state in the Curl_easy struct if that
833	* isn't strictly bound to the life-time of this particular connection.
834	*
835	*/
836
837	void Curl_disconnect(struct Curl_easy *data,
838	struct connectdata *conn, bool dead_connection)
839	{
840	/ there must be a connection to close /
841	DEBUGASSERT(conn);
842
843	/ it must be removed from the connection cache /
844	DEBUGASSERT(!conn->bundle);
845
846	/ there must be an associated transfer /
847	DEBUGASSERT(data);
848
849	/ the transfer must be detached from the connection /
850	DEBUGASSERT(!data->conn);
851
852	/*
853	* If this connection isn't marked to force-close, leave it open if there
854	* are other users of it
855	*/
856	if(CONN_INUSE(conn) && !dead_connection) {
857	DEBUGF(infof(data, "Curl_disconnect when inuse: %zu", CONN_INUSE(conn)));
858	return;
859	}
860
861	if(conn->dns_entry) {
862	Curl_resolv_unlock(data, conn->dns_entry);
863	conn->dns_entry = NULL;
864	}
865
866	/ Cleanup NTLM connection-related data /
867	Curl_http_auth_cleanup_ntlm(conn);
868
869	/ Cleanup NEGOTIATE connection-related data /
870	Curl_http_auth_cleanup_negotiate(conn);
871
872	if(conn->bits.connect_only)
873	/ treat the connection as dead in CONNECT_ONLY situations /
874	dead_connection = TRUE;
875
876	/ temporarily attach the connection to this transfer handle for the*
877	disconnect and shutdown /*
878	Curl_attach_connection(data, conn);
879
880	if(conn->handler->disconnect)
881	/ This is set if protocol-specific cleanups should be made /
882	conn->handler->disconnect(data, conn, dead_connection);
883
884	conn_shutdown(data, conn);
885
886	/ detach it again /
887	Curl_detach_connection(data);
888
889	conn_free(conn);
890	}
891
892	/*
893	* This function should return TRUE if the socket is to be assumed to
894	* be dead. Most commonly this happens when the server has closed the
895	* connection due to inactivity.
896	*/
897	static bool SocketIsDead(curl_socket_t sock)
898	{
899	int sval;
900	bool ret_val = TRUE;
901
902	sval = SOCKET_READABLE(sock, `0`);
903	if(sval == `0`)
904	/ timeout /
905	ret_val = FALSE;
906
907	return ret_val;
908	}
909
910	/*
911	* IsMultiplexingPossible()
912	*
913	* Return a bitmask with the available multiplexing options for the given
914	* requested connection.
915	*/
916	static int IsMultiplexingPossible(const struct Curl_easy *handle,
917	const struct connectdata *conn)
918	{
919	int avail = `0`;
920
921	/ If a HTTP protocol and multiplexing is enabled /
922	if((conn->handler->protocol & PROTO_FAMILY_HTTP) &&
923	(!conn->bits.protoconnstart \|\| !conn->bits.close)) {
924
925	if(Curl_multiplex_wanted(handle->multi) &&
926	(handle->state.httpwant >= CURL_HTTP_VERSION_2))
927	/ allows HTTP/2 /
928	avail \|= CURLPIPE_MULTIPLEX;
929	}
930	return avail;
931	}
932
933	#ifndef CURL_DISABLE_PROXY
934	static bool
935	proxy_info_matches(const struct proxy_info *data,
936	const struct proxy_info *needle)
937	{
938	if((data->proxytype == needle->proxytype) &&
939	(data->port == needle->port) &&
940	Curl_safe_strcasecompare(data->host.name, needle->host.name))
941	return TRUE;
942
943	return FALSE;
944	}
945
946	static bool
947	socks_proxy_info_matches(const struct proxy_info *data,
948	const struct proxy_info *needle)
949	{
950	if(!proxy_info_matches(data, needle))
951	return FALSE;
952
953	/ the user information is case-sensitive*
954	or at least it is not defined as case-insensitive
955	see https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.1 /*
956	if(!data->user != !needle->user)
957	return FALSE;
958	/ curl_strequal does a case insentive comparison, so do not use it here! /
959	if(data->user &&
960	needle->user &&
961	strcmp(data->user, needle->user) != `0`)
962	return FALSE;
963	if(!data->passwd != !needle->passwd)
964	return FALSE;
965	/ curl_strequal does a case insentive comparison, so do not use it here! /
966	if(data->passwd &&
967	needle->passwd &&
968	strcmp(data->passwd, needle->passwd) != `0`)
969	return FALSE;
970	return TRUE;
971	}
972	#else
973	/ disabled, won't get called /
974	#define proxy_info_matches(x,y) FALSE
975	#define socks_proxy_info_matches(x,y) FALSE
976	#endif
977
978	/ A connection has to have been idle for a shorter time than 'maxage_conn'*
979	(the success rate is just too low after this), or created less than
980	'maxlifetime_conn' ago, to be subject for reuse. /*
981
982	static bool conn_maxage(struct Curl_easy *data,
983	struct connectdata *conn,
984	struct curltime now)
985	{
986	timediff_t idletime, lifetime;
987
988	idletime = Curl_timediff(now, conn->lastused);
989	idletime /= `1000`; / integer seconds is fine /
990
991	if(idletime > data->set.maxage_conn) {
992	infof(data, "Too old connection (%ld seconds idle), disconnect it",
993	idletime);
994	return TRUE;
995	}
996
997	lifetime = Curl_timediff(now, conn->created);
998	lifetime /= `1000`; / integer seconds is fine /
999
1000	if(data->set.maxlifetime_conn && lifetime > data->set.maxlifetime_conn) {
1001	infof(data,
1002	"Too old connection (%ld seconds since creation), disconnect it",
1003	lifetime);
1004	return TRUE;
1005	}
1006
1007
1008	return FALSE;
1009	}
1010
1011	/*
1012	* This function checks if the given connection is dead and extracts it from
1013	* the connection cache if so.
1014	*
1015	* When this is called as a Curl_conncache_foreach() callback, the connection
1016	* cache lock is held!
1017	*
1018	* Returns TRUE if the connection was dead and extracted.
1019	*/
1020	static bool extract_if_dead(struct connectdata *conn,
1021	struct Curl_easy *data)
1022	{
1023	if(!CONN_INUSE(conn)) {
1024	/ The check for a dead socket makes sense only if the connection isn't in*
1025	use /*
1026	bool dead;
1027	struct curltime now = Curl_now();
1028	if(conn_maxage(data, conn, now)) {
1029	/ avoid check if already too old /
1030	dead = TRUE;
1031	}
1032	else if(conn->handler->connection_check) {
1033	/ The protocol has a special method for checking the state of the*
1034	connection. Use it to check if the connection is dead. /*
1035	unsigned int state;
1036
1037	/ briefly attach the connection to this transfer for the purpose of*
1038	checking it /*
1039	Curl_attach_connection(data, conn);
1040
1041	state = conn->handler->connection_check(data, conn, CONNCHECK_ISDEAD);
1042	dead = (state & CONNRESULT_DEAD);
1043	/ detach the connection again /
1044	Curl_detach_connection(data);
1045
1046	}
1047	else {
1048	/ Use the general method for determining the death of a connection /
1049	dead = SocketIsDead(conn->sock[FIRSTSOCKET]);
1050	}
1051
1052	if(dead) {
1053	infof(data, "Connection %ld seems to be dead", conn->connection_id);
1054	Curl_conncache_remove_conn(data, conn, FALSE);
1055	return TRUE;
1056	}
1057	}
1058	return FALSE;
1059	}
1060
1061	struct prunedead {
1062	struct Curl_easy *data;
1063	struct connectdata *extracted;
1064	};
1065
1066	/*
1067	* Wrapper to use extract_if_dead() function in Curl_conncache_foreach()
1068	*
1069	*/
1070	static int call_extract_if_dead(struct Curl_easy *data,
1071	struct connectdata conn, void* *param)
1072	{
1073	struct prunedead p = (struct* prunedead *)param;
1074	if(extract_if_dead(conn, data)) {
1075	/ stop the iteration here, pass back the connection that was extracted /
1076	p->extracted = conn;
1077	return `1`;
1078	}
1079	return `0`; / continue iteration /
1080	}
1081
1082	/*
1083	* This function scans the connection cache for half-open/dead connections,
1084	* closes and removes them. The cleanup is done at most once per second.
1085	*
1086	* When called, this transfer has no connection attached.
1087	*/
1088	static void prune_dead_connections(struct Curl_easy *data)
1089	{
1090	struct curltime now = Curl_now();
1091	timediff_t elapsed;
1092
1093	DEBUGASSERT(!data->conn); / no connection /
1094	CONNCACHE_LOCK(data);
1095	elapsed =
1096	Curl_timediff(now, data->state.conn_cache->last_cleanup);
1097	CONNCACHE_UNLOCK(data);
1098
1099	if(elapsed >= `1000L`) {
1100	struct prunedead prune;
1101	prune.data = data;
1102	prune.extracted = NULL;
1103	while(Curl_conncache_foreach(data, data->state.conn_cache, &prune,
1104	call_extract_if_dead)) {
1105	/ unlocked /
1106
1107	/ remove connection from cache /
1108	Curl_conncache_remove_conn(data, prune.extracted, TRUE);
1109
1110	/ disconnect it /
1111	Curl_disconnect(data, prune.extracted, TRUE);
1112	}
1113	CONNCACHE_LOCK(data);
1114	data->state.conn_cache->last_cleanup = now;
1115	CONNCACHE_UNLOCK(data);
1116	}
1117	}
1118
1119	#ifdef USE_SSH
1120	static bool ssh_config_matches(struct connectdata *one,
1121	struct connectdata *two)
1122	{
1123	return (Curl_safecmp(one->proto.sshc.rsa, two->proto.sshc.rsa) &&
1124	Curl_safecmp(one->proto.sshc.rsa_pub, two->proto.sshc.rsa_pub));
1125	}
1126	#else
1127	#define ssh_config_matches(x,y) FALSE
1128	#endif
1129
1130	/*
1131	* Given one filled in connection struct (named needle), this function should
1132	* detect if there already is one that has all the significant details
1133	* exactly the same and thus should be used instead.
1134	*
1135	* If there is a match, this function returns TRUE - and has marked the
1136	* connection as 'in-use'. It must later be called with ConnectionDone() to
1137	* return back to 'idle' (unused) state.
1138	*
1139	* The force_reuse flag is set if the connection must be used.
1140	*/
1141	static bool
1142	ConnectionExists(struct Curl_easy *data,
1143	struct connectdata *needle,
1144	struct connectdata **usethis,
1145	bool *force_reuse,
1146	bool *waitpipe)
1147	{
1148	struct connectdata *check;
1149	struct connectdata *chosen = `0`;
1150	bool foundPendingCandidate = FALSE;
1151	bool canmultiplex = IsMultiplexingPossible(data, needle);
1152	struct connectbundle *bundle;
1153
1154	#ifdef USE_NTLM
1155	bool wantNTLMhttp = ((data->state.authhost.want &
1156	(CURLAUTH_NTLM \| CURLAUTH_NTLM_WB)) &&
1157	(needle->handler->protocol & PROTO_FAMILY_HTTP));
1158	#ifndef CURL_DISABLE_PROXY
1159	bool wantProxyNTLMhttp = (needle->bits.proxy_user_passwd &&
1160	((data->state.authproxy.want &
1161	(CURLAUTH_NTLM \| CURLAUTH_NTLM_WB)) &&
1162	(needle->handler->protocol & PROTO_FAMILY_HTTP)));
1163	#else
1164	bool wantProxyNTLMhttp = FALSE;
1165	#endif
1166	#endif
1167
1168	*force_reuse = FALSE;
1169	*waitpipe = FALSE;
1170
1171	/ Look up the bundle with all the connections to this particular host.*
1172	Locks the connection cache, beware of early returns! /*
1173	bundle = Curl_conncache_find_bundle(data, needle, data->state.conn_cache);
1174	if(bundle) {
1175	/ Max pipe length is zero (unlimited) for multiplexed connections /
1176	struct Curl_llist_element *curr;
1177
1178	infof(data, "Found bundle for host: %p [%s]",
1179	(void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ?
1180	"can multiplex" : "serially"));
1181
1182	/ We can't multiplex if we don't know anything about the server /
1183	if(canmultiplex) {
1184	if(bundle->multiuse == BUNDLE_UNKNOWN) {
1185	if(data->set.pipewait) {
1186	infof(data, "Server doesn't support multiplex yet, wait");
1187	*waitpipe = TRUE;
1188	CONNCACHE_UNLOCK(data);
1189	return FALSE; / no re-use /
1190	}
1191
1192	infof(data, "Server doesn't support multiplex (yet)");
1193	canmultiplex = FALSE;
1194	}
1195	if((bundle->multiuse == BUNDLE_MULTIPLEX) &&
1196	!Curl_multiplex_wanted(data->multi)) {
1197	infof(data, "Could multiplex, but not asked to");
1198	canmultiplex = FALSE;
1199	}
1200	if(bundle->multiuse == BUNDLE_NO_MULTIUSE) {
1201	infof(data, "Can not multiplex, even if we wanted to");
1202	canmultiplex = FALSE;
1203	}
1204	}
1205
1206	curr = bundle->conn_list.head;
1207	while(curr) {
1208	bool match = FALSE;
1209	size_t multiplexed = `0`;
1210
1211	/*
1212	* Note that if we use a HTTP proxy in normal mode (no tunneling), we
1213	* check connections to that proxy and not to the actual remote server.
1214	*/
1215	check = curr->ptr;
1216	curr = curr->next;
1217
1218	if(check->bits.connect_only \|\| check->bits.close)
1219	/ connect-only or to-be-closed connections will not be reused /
1220	continue;
1221
1222	if(extract_if_dead(check, data)) {
1223	/ disconnect it /
1224	Curl_disconnect(data, check, TRUE);
1225	continue;
1226	}
1227
1228	if(data->set.ipver != CURL_IPRESOLVE_WHATEVER
1229	&& data->set.ipver != check->ip_version) {
1230	/ skip because the connection is not via the requested IP version /
1231	continue;
1232	}
1233
1234	if(bundle->multiuse == BUNDLE_MULTIPLEX)
1235	multiplexed = CONN_INUSE(check);
1236
1237	if(!canmultiplex) {
1238	if(multiplexed) {
1239	/ can only happen within multi handles, and means that another easy*
1240	handle is using this connection /*
1241	continue;
1242	}
1243
1244	if(Curl_resolver_asynch()) {
1245	/ primary_ip[0] is NUL only if the resolving of the name hasn't*
1246	completed yet and until then we don't re-use this connection /*
1247	if(!check->primary_ip[`0`]) {
1248	infof(data,
1249	"Connection #%ld is still name resolving, can't reuse",
1250	check->connection_id);
1251	continue;
1252	}
1253	}
1254
1255	if(check->sock[FIRSTSOCKET] == CURL_SOCKET_BAD) {
1256	foundPendingCandidate = TRUE;
1257	/ Don't pick a connection that hasn't connected yet /
1258	infof(data, "Connection #%ld isn't open enough, can't reuse",
1259	check->connection_id);
1260	continue;
1261	}
1262	}
1263
1264	#ifdef USE_UNIX_SOCKETS
1265	if(needle->unix_domain_socket) {
1266	if(!check->unix_domain_socket)
1267	continue;
1268	if(strcmp(needle->unix_domain_socket, check->unix_domain_socket))
1269	continue;
1270	if(needle->bits.abstract_unix_socket !=
1271	check->bits.abstract_unix_socket)
1272	continue;
1273	}
1274	else if(check->unix_domain_socket)
1275	continue;
1276	#endif
1277
1278	if((needle->handler->flags&PROTOPT_SSL) !=
1279	(check->handler->flags&PROTOPT_SSL))
1280	/ don't do mixed SSL and non-SSL connections /
1281	if(get_protocol_family(check->handler) !=
1282	needle->handler->protocol \|\| !check->bits.tls_upgraded)
1283	/ except protocols that have been upgraded via TLS /
1284	continue;
1285
1286	#ifndef CURL_DISABLE_PROXY
1287	if(needle->bits.httpproxy != check->bits.httpproxy \|\|
1288	needle->bits.socksproxy != check->bits.socksproxy)
1289	continue;
1290
1291	if(needle->bits.socksproxy &&
1292	!socks_proxy_info_matches(&needle->socks_proxy,
1293	&check->socks_proxy))
1294	continue;
1295	#endif
1296	if(needle->bits.conn_to_host != check->bits.conn_to_host)
1297	/ don't mix connections that use the "connect to host" feature and*
1298	* connections that don't use this feature */
1299	continue;
1300
1301	if(needle->bits.conn_to_port != check->bits.conn_to_port)
1302	/ don't mix connections that use the "connect to port" feature and*
1303	* connections that don't use this feature */
1304	continue;
1305
1306	#ifndef CURL_DISABLE_PROXY
1307	if(needle->bits.httpproxy) {
1308	if(!proxy_info_matches(&needle->http_proxy, &check->http_proxy))
1309	continue;
1310
1311	if(needle->bits.tunnel_proxy != check->bits.tunnel_proxy)
1312	continue;
1313
1314	if(needle->http_proxy.proxytype == CURLPROXY_HTTPS) {
1315	/ use https proxy /
1316	if(needle->handler->flags&PROTOPT_SSL) {
1317	/ use double layer ssl /
1318	if(!Curl_ssl_config_matches(&needle->proxy_ssl_config,
1319	&check->proxy_ssl_config))
1320	continue;
1321	if(check->proxy_ssl[FIRSTSOCKET].state != ssl_connection_complete)
1322	continue;
1323	}
1324
1325	if(!Curl_ssl_config_matches(&needle->ssl_config,
1326	&check->ssl_config))
1327	continue;
1328	if(check->ssl[FIRSTSOCKET].state != ssl_connection_complete)
1329	continue;
1330	}
1331	}
1332	#endif
1333
1334	if(!canmultiplex && CONN_INUSE(check))
1335	/ this request can't be multiplexed but the checked connection is*
1336	already in use so we skip it /*
1337	continue;
1338
1339	if(CONN_INUSE(check)) {
1340	/ Subject for multiplex use if 'checks' belongs to the same multi*
1341	handle as 'data' is. /*
1342	struct Curl_llist_element *e = check->easyq.head;
1343	struct Curl_easy *entry = e->ptr;
1344	if(entry->multi != data->multi)
1345	continue;
1346	}
1347
1348	if(needle->localdev \|\| needle->localport) {
1349	/ If we are bound to a specific local end (IP+port), we must not*
1350	re-use a random other one, although if we didn't ask for a
1351	particular one we can reuse one that was bound.
1352
1353	This comparison is a bit rough and too strict. Since the input
1354	parameters can be specified in numerous ways and still end up the
1355	same it would take a lot of processing to make it really accurate.
1356	Instead, this matching will assume that re-uses of bound connections
1357	will most likely also re-use the exact same binding parameters and
1358	missing out a few edge cases shouldn't hurt anyone very much.
1359	*/
1360	if((check->localport != needle->localport) \|\|
1361	(check->localportrange != needle->localportrange) \|\|
1362	(needle->localdev &&
1363	(!check->localdev \|\| strcmp(check->localdev, needle->localdev))))
1364	continue;
1365	}
1366
1367	if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
1368	/ This protocol requires credentials per connection,*
1369	so verify that we're using the same name and password as well /*
1370	if(strcmp(needle->user, check->user) \|\|
1371	strcmp(needle->passwd, check->passwd) \|\|
1372	!Curl_safecmp(needle->sasl_authzid, check->sasl_authzid) \|\|
1373	!Curl_safecmp(needle->oauth_bearer, check->oauth_bearer)) {
1374	/ one of them was different /
1375	continue;
1376	}
1377	}
1378
1379	/ If multiplexing isn't enabled on the h2 connection and h1 is*
1380	explicitly requested, handle it: /*
1381	if((needle->handler->protocol & PROTO_FAMILY_HTTP) &&
1382	(check->httpversion >= `20`) &&
1383	(data->state.httpwant < CURL_HTTP_VERSION_2_0))
1384	continue;
1385
1386	if(get_protocol_family(needle->handler) == PROTO_FAMILY_SSH) {
1387	if(!ssh_config_matches(needle, check))
1388	continue;
1389	}
1390
1391	if((needle->handler->flags&PROTOPT_SSL)
1392	#ifndef CURL_DISABLE_PROXY
1393	\|\| !needle->bits.httpproxy \|\| needle->bits.tunnel_proxy
1394	#endif
1395	) {
1396	/ The requested connection does not use a HTTP proxy or it uses SSL or*
1397	it is a non-SSL protocol tunneled or it is a non-SSL protocol which
1398	is allowed to be upgraded via TLS /*
1399
1400	if((strcasecompare(needle->handler->scheme, check->handler->scheme) \|\|
1401	(get_protocol_family(check->handler) ==
1402	needle->handler->protocol && check->bits.tls_upgraded)) &&
1403	(!needle->bits.conn_to_host \|\| strcasecompare(
1404	needle->conn_to_host.name, check->conn_to_host.name)) &&
1405	(!needle->bits.conn_to_port \|\|
1406	needle->conn_to_port == check->conn_to_port) &&
1407	strcasecompare(needle->host.name, check->host.name) &&
1408	needle->remote_port == check->remote_port) {
1409	/ The schemes match or the protocol family is the same and the*
1410	previous connection was TLS upgraded, and the hostname and host
1411	port match /*
1412	if(needle->handler->flags & PROTOPT_SSL) {
1413	/ This is a SSL connection so verify that we're using the same*
1414	SSL options as well /*
1415	if(!Curl_ssl_config_matches(&needle->ssl_config,
1416	&check->ssl_config)) {
1417	DEBUGF(infof(data,
1418	"Connection #%ld has different SSL parameters, "
1419	"can't reuse",
1420	check->connection_id));
1421	continue;
1422	}
1423	if(check->ssl[FIRSTSOCKET].state != ssl_connection_complete) {
1424	foundPendingCandidate = TRUE;
1425	DEBUGF(infof(data,
1426	"Connection #%ld has not started SSL connect, "
1427	"can't reuse",
1428	check->connection_id));
1429	continue;
1430	}
1431	}
1432	match = TRUE;
1433	}
1434	}
1435	else {
1436	/ The requested connection is using the same HTTP proxy in normal*
1437	mode (no tunneling) /*
1438	match = TRUE;
1439	}
1440
1441	if(match) {
1442	#if defined(USE_NTLM)
1443	/ If we are looking for an HTTP+NTLM connection, check if this is*
1444	already authenticating with the right credentials. If not, keep
1445	looking so that we can reuse NTLM connections if
1446	possible. (Especially we must not reuse the same connection if
1447	partway through a handshake!) /*
1448	if(wantNTLMhttp) {
1449	if(strcmp(needle->user, check->user) \|\|
1450	strcmp(needle->passwd, check->passwd)) {
1451
1452	/ we prefer a credential match, but this is at least a connection*
1453	that can be reused and "upgraded" to NTLM /*
1454	if(check->http_ntlm_state == NTLMSTATE_NONE)
1455	chosen = check;
1456	continue;
1457	}
1458	}
1459	else if(check->http_ntlm_state != NTLMSTATE_NONE) {
1460	/ Connection is using NTLM auth but we don't want NTLM /
1461	continue;
1462	}
1463
1464	#ifndef CURL_DISABLE_PROXY
1465	/ Same for Proxy NTLM authentication /
1466	if(wantProxyNTLMhttp) {
1467	/ Both check->http_proxy.user and check->http_proxy.passwd can be*
1468	* NULL */
1469	if(!check->http_proxy.user \|\| !check->http_proxy.passwd)
1470	continue;
1471
1472	if(strcmp(needle->http_proxy.user, check->http_proxy.user) \|\|
1473	strcmp(needle->http_proxy.passwd, check->http_proxy.passwd))
1474	continue;
1475	}
1476	else if(check->proxy_ntlm_state != NTLMSTATE_NONE) {
1477	/ Proxy connection is using NTLM auth but we don't want NTLM /
1478	continue;
1479	}
1480	#endif
1481	if(wantNTLMhttp \|\| wantProxyNTLMhttp) {
1482	/ Credentials are already checked, we can use this connection /
1483	chosen = check;
1484
1485	if((wantNTLMhttp &&
1486	(check->http_ntlm_state != NTLMSTATE_NONE)) \|\|
1487	(wantProxyNTLMhttp &&
1488	(check->proxy_ntlm_state != NTLMSTATE_NONE))) {
1489	/ We must use this connection, no other /
1490	*force_reuse = TRUE;
1491	break;
1492	}
1493
1494	/ Continue look up for a better connection /
1495	continue;
1496	}
1497	#endif
1498	if(canmultiplex) {
1499	/ We can multiplex if we want to. Let's continue looking for*
1500	the optimal connection to use. /*
1501
1502	if(!multiplexed) {
1503	/ We have the optimal connection. Let's stop looking. /
1504	chosen = check;
1505	break;
1506	}
1507
1508	#ifdef USE_NGHTTP2
1509	/ If multiplexed, make sure we don't go over concurrency limit /
1510	if(check->bits.multiplex) {
1511	/ Multiplexed connections can only be HTTP/2 for now /
1512	struct http_conn *httpc = &check->proto.httpc;
1513	if(multiplexed >= httpc->settings.max_concurrent_streams) {
1514	infof(data, "MAX_CONCURRENT_STREAMS reached, skip (%zu)",
1515	multiplexed);
1516	continue;
1517	}
1518	else if(multiplexed >=
1519	Curl_multi_max_concurrent_streams(data->multi)) {
1520	infof(data, "client side MAX_CONCURRENT_STREAMS reached"
1521	", skip (%zu)",
1522	multiplexed);
1523	continue;
1524	}
1525	}
1526	#endif
1527	/ When not multiplexed, we have a match here! /
1528	chosen = check;
1529	infof(data, "Multiplexed connection found");
1530	break;
1531	}
1532	else {
1533	/ We have found a connection. Let's stop searching. /
1534	chosen = check;
1535	break;
1536	}
1537	}
1538	}
1539	}
1540
1541	if(chosen) {
1542	/ mark it as used before releasing the lock /
1543	Curl_attach_connection(data, chosen);
1544	CONNCACHE_UNLOCK(data);
1545	*usethis = chosen;
1546	return TRUE; / yes, we found one to use! /
1547	}
1548	CONNCACHE_UNLOCK(data);
1549
1550	if(foundPendingCandidate && data->set.pipewait) {
1551	infof(data,
1552	"Found pending candidate for reuse and CURLOPT_PIPEWAIT is set");
1553	*waitpipe = TRUE;
1554	}
1555
1556	return FALSE; / no matching connecting exists /
1557	}
1558
1559	/*
1560	* verboseconnect() displays verbose information after a connect
1561	*/
1562	#ifndef CURL_DISABLE_VERBOSE_STRINGS
1563	void Curl_verboseconnect(struct Curl_easy *data,
1564	struct connectdata *conn)
1565	{
1566	if(data->set.verbose)
1567	infof(data, "Connected to %s (%s) port %u (#%ld)",
1568	#ifndef CURL_DISABLE_PROXY
1569	conn->bits.socksproxy ? conn->socks_proxy.host.dispname :
1570	conn->bits.httpproxy ? conn->http_proxy.host.dispname :
1571	#endif
1572	conn->bits.conn_to_host ? conn->conn_to_host.dispname :
1573	conn->host.dispname,
1574	conn->primary_ip, conn->port, conn->connection_id);
1575	}
1576	#endif
1577
1578	/*
1579	* Helpers for IDNA conversions.
1580	*/
1581	bool Curl_is_ASCII_name(const char *hostname)
1582	{
1583	/ get an UNSIGNED local version of the pointer /
1584	const unsigned char ch = (const* unsigned char *)hostname;
1585
1586	if(!hostname) / bad input, consider it ASCII! /
1587	return TRUE;
1588
1589	while(*ch) {
1590	if(*ch++ & `0x80`)
1591	return FALSE;
1592	}
1593	return TRUE;
1594	}
1595
1596	/*
1597	* Perform any necessary IDN conversion of hostname
1598	*/
1599	CURLcode Curl_idnconvert_hostname(struct Curl_easy *data,
1600	struct hostname *host)
1601	{
1602	#ifndef USE_LIBIDN2
1603	(void)data;
1604	(void)data;
1605	#elif defined(CURL_DISABLE_VERBOSE_STRINGS)
1606	(void)data;
1607	#endif
1608
1609	/ set the name we use to display the host name /
1610	host->dispname = host->name;
1611
1612	/ Check name for non-ASCII and convert hostname to ACE form if we can /
1613	if(!Curl_is_ASCII_name(host->name)) {
1614	#ifdef USE_LIBIDN2
1615	if(idn2_check_version(IDN2_VERSION)) {
1616	char *ace_hostname = NULL;
1617	#if IDN2_VERSION_NUMBER >= 0x00140000
1618	/ IDN2_NFC_INPUT: Normalize input string using normalization form C.*
1619	IDN2_NONTRANSITIONAL: Perform Unicode TR46 non-transitional
1620	processing. /*
1621	int flags = IDN2_NFC_INPUT \| IDN2_NONTRANSITIONAL;
1622	#else
1623	int flags = IDN2_NFC_INPUT;
1624	#endif
1625	int rc = IDN2_LOOKUP(host->name, &ace_hostname, flags);
1626	if(rc != IDN2_OK)
1627	/ fallback to TR46 Transitional mode for better IDNA2003*
1628	compatibility /*
1629	rc = IDN2_LOOKUP(host->name, &ace_hostname,
1630	IDN2_TRANSITIONAL);
1631	if(rc == IDN2_OK) {
1632	host->encalloc = (char *)ace_hostname;
1633	/ change the name pointer to point to the encoded hostname /
1634	host->name = host->encalloc;
1635	}
1636	else {
1637	failf(data, "Failed to convert %s to ACE; %s", host->name,
1638	idn2_strerror(rc));
1639	return CURLE_URL_MALFORMAT;
1640	}
1641	}
1642	#elif defined(USE_WIN32_IDN)
1643	char *ace_hostname = NULL;
1644
1645	if(curl_win32_idn_to_ascii(host->name, &ace_hostname)) {
1646	host->encalloc = ace_hostname;
1647	/ change the name pointer to point to the encoded hostname /
1648	host->name = host->encalloc;
1649	}
1650	else {
1651	char buffer[STRERROR_LEN];
1652	failf(data, "Failed to convert %s to ACE; %s", host->name,
1653	Curl_winapi_strerror(GetLastError(), buffer, sizeof(buffer)));
1654	return CURLE_URL_MALFORMAT;
1655	}
1656	#else
1657	infof(data, "IDN support not present, can't parse Unicode domains");
1658	#endif
1659	}
1660	return CURLE_OK;
1661	}
1662
1663	/*
1664	* Frees data allocated by idnconvert_hostname()
1665	*/
1666	void Curl_free_idnconverted_hostname(struct hostname *host)
1667	{
1668	#if defined(USE_LIBIDN2)
1669	if(host->encalloc) {
1670	idn2_free(host->encalloc); / must be freed with idn2_free() since this was*
1671	allocated by libidn /*
1672	host->encalloc = NULL;
1673	}
1674	#elif defined(USE_WIN32_IDN)
1675	free(host->encalloc); / must be freed with free() since this was*
1676	allocated by curl_win32_idn_to_ascii /*
1677	host->encalloc = NULL;
1678	#else
1679	(void)host;
1680	#endif
1681	}
1682
1683	/*
1684	* Allocate and initialize a new connectdata object.
1685	*/
1686	static struct connectdata allocate_conn(struct* Curl_easy *data)
1687	{
1688	struct connectdata conn = calloc(`1`, sizeof(struct* connectdata));
1689	if(!conn)
1690	return NULL;
1691
1692	#ifdef USE_SSL
1693	/ The SSL backend-specific data (ssl_backend_data) objects are allocated as*
1694	a separate array to ensure suitable alignment.
1695	Note that these backend pointers can be swapped by vtls (eg ssl backend
1696	data becomes proxy backend data). /*
1697	{
1698	size_t onesize = Curl_ssl->sizeof_ssl_backend_data;
1699	size_t totalsize = onesize;
1700	char *ssl;
1701
1702	#ifndef CURL_DISABLE_FTP
1703	totalsize *= `2`;
1704	#endif
1705	#ifndef CURL_DISABLE_PROXY
1706	totalsize *= `2`;
1707	#endif
1708
1709	ssl = calloc(`1`, totalsize);
1710	if(!ssl) {
1711	free(conn);
1712	return NULL;
1713	}
1714	conn->ssl_extra = ssl;
1715	conn->ssl[FIRSTSOCKET].backend = (void *)ssl;
1716	#ifndef CURL_DISABLE_FTP
1717	ssl += onesize;
1718	conn->ssl[SECONDARYSOCKET].backend = (void *)ssl;
1719	#endif
1720	#ifndef CURL_DISABLE_PROXY
1721	ssl += onesize;
1722	conn->proxy_ssl[FIRSTSOCKET].backend = (void *)ssl;
1723	#ifndef CURL_DISABLE_FTP
1724	ssl += onesize;
1725	conn->proxy_ssl[SECONDARYSOCKET].backend = (void *)ssl;
1726	#endif
1727	#endif
1728	}
1729	#endif
1730
1731	conn->handler = &Curl_handler_dummy; / Be sure we have a handler defined*
1732	already from start to avoid NULL
1733	situations and checks /*
1734
1735	/ and we setup a few fields in case we end up actually using this struct /
1736
1737	conn->sock[FIRSTSOCKET] = CURL_SOCKET_BAD; / no file descriptor /
1738	conn->sock[SECONDARYSOCKET] = CURL_SOCKET_BAD; / no file descriptor /
1739	conn->tempsock[`0`] = CURL_SOCKET_BAD; / no file descriptor /
1740	conn->tempsock[`1`] = CURL_SOCKET_BAD; / no file descriptor /
1741	conn->connection_id = -`1`; / no ID /
1742	conn->port = -`1`; / unknown at this point /
1743	conn->remote_port = -`1`; / unknown at this point /
1744	#if defined(USE_RECV_BEFORE_SEND_WORKAROUND) && defined(DEBUGBUILD)
1745	conn->postponed[`0`].bindsock = CURL_SOCKET_BAD; / no file descriptor /
1746	conn->postponed[`1`].bindsock = CURL_SOCKET_BAD; / no file descriptor /
1747	#endif /* USE_RECV_BEFORE_SEND_WORKAROUND && DEBUGBUILD */
1748
1749	/ Default protocol-independent behavior doesn't support persistent*
1750	connections, so we set this to force-close. Protocols that support
1751	this need to set this to FALSE in their "curl_do" functions. /*
1752	connclose(conn, "Default to force-close");
1753
1754	/ Store creation time to help future close decision making /
1755	conn->created = Curl_now();
1756
1757	/ Store current time to give a baseline to keepalive connection times. /
1758	conn->keepalive = Curl_now();
1759
1760	#ifndef CURL_DISABLE_PROXY
1761	conn->http_proxy.proxytype = data->set.proxytype;
1762	conn->socks_proxy.proxytype = CURLPROXY_SOCKS4;
1763
1764	/ note that these two proxy bits are now just on what looks to be*
1765	requested, they may be altered down the road /*
1766	conn->bits.proxy = (data->set.str[STRING_PROXY] &&
1767	*data->set.str[STRING_PROXY]) ? TRUE : FALSE;
1768	conn->bits.httpproxy = (conn->bits.proxy &&
1769	(conn->http_proxy.proxytype == CURLPROXY_HTTP \|\|
1770	conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0 \|\|
1771	conn->http_proxy.proxytype == CURLPROXY_HTTPS)) ?
1772	TRUE : FALSE;
1773	conn->bits.socksproxy = (conn->bits.proxy &&
1774	!conn->bits.httpproxy) ? TRUE : FALSE;
1775
1776	if(data->set.str[STRING_PRE_PROXY] && *data->set.str[STRING_PRE_PROXY]) {
1777	conn->bits.proxy = TRUE;
1778	conn->bits.socksproxy = TRUE;
1779	}
1780
1781	conn->bits.proxy_user_passwd =
1782	(data->state.aptr.proxyuser) ? TRUE : FALSE;
1783	conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy;
1784	#endif /* CURL_DISABLE_PROXY */
1785
1786	#ifndef CURL_DISABLE_FTP
1787	conn->bits.ftp_use_epsv = data->set.ftp_use_epsv;
1788	conn->bits.ftp_use_eprt = data->set.ftp_use_eprt;
1789	#endif
1790	conn->ssl_config.verifystatus = data->set.ssl.primary.verifystatus;
1791	conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
1792	conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
1793	conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options;
1794	#ifndef CURL_DISABLE_PROXY
1795	conn->proxy_ssl_config.verifystatus =
1796	data->set.proxy_ssl.primary.verifystatus;
1797	conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
1798	conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
1799	conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options;
1800	#endif
1801	conn->ip_version = data->set.ipver;
1802	conn->bits.connect_only = data->set.connect_only;
1803	conn->transport = TRNSPRT_TCP; / most of them are TCP streams /
1804
1805	#if !defined(CURL_DISABLE_HTTP) && defined(USE_NTLM) && \
1806	defined(NTLM_WB_ENABLED)
1807	conn->ntlm.ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
1808	conn->proxyntlm.ntlm_auth_hlpr_socket = CURL_SOCKET_BAD;
1809	#endif
1810
1811	/ Initialize the easy handle list /
1812	Curl_llist_init(&conn->easyq, NULL);
1813
1814	#ifdef HAVE_GSSAPI
1815	conn->data_prot = PROT_CLEAR;
1816	#endif
1817
1818	/ Store the local bind parameters that will be used for this connection /
1819	if(data->set.str[STRING_DEVICE]) {
1820	conn->localdev = strdup(data->set.str[STRING_DEVICE]);
1821	if(!conn->localdev)
1822	goto error;
1823	}
1824	conn->localportrange = data->set.localportrange;
1825	conn->localport = data->set.localport;
1826
1827	/ the close socket stuff needs to be copied to the connection struct as*
1828	it may live on without (this specific) Curl_easy /*
1829	conn->fclosesocket = data->set.fclosesocket;
1830	conn->closesocket_client = data->set.closesocket_client;
1831	conn->lastused = Curl_now(); / used now /
1832
1833	return conn;
1834	error:
1835
1836	Curl_llist_destroy(&conn->easyq, NULL);
1837	free(conn->localdev);
1838	#ifdef USE_SSL
1839	free(conn->ssl_extra);
1840	#endif
1841	free(conn);
1842	return NULL;
1843	}
1844
1845	/ returns the handler if the given scheme is built-in /
1846	const struct Curl_handler Curl_builtin_scheme(const* char *scheme)
1847	{
1848	const struct Curl_handler * const *pp;
1849	const struct Curl_handler *p;
1850	/ Scan protocol handler table and match against 'scheme'. The handler may*
1851	be changed later when the protocol specific setup function is called. /*
1852	for(pp = protocols; (p = *pp) != NULL; pp++)
1853	if(strcasecompare(p->scheme, scheme))
1854	/ Protocol found in table. Check if allowed /
1855	return p;
1856	return NULL; / not found /
1857	}
1858
1859
1860	static CURLcode findprotocol(struct Curl_easy *data,
1861	struct connectdata *conn,
1862	const char *protostr)
1863	{
1864	const struct Curl_handler *p = Curl_builtin_scheme(protostr);
1865
1866	if(p && / Protocol found in table. Check if allowed /
1867	(data->set.allowed_protocols & p->protocol)) {
1868
1869	/ it is allowed for "normal" request, now do an extra check if this is*
1870	the result of a redirect /*
1871	if(data->state.this_is_a_follow &&
1872	!(data->set.redir_protocols & p->protocol))
1873	/ nope, get out /
1874	;
1875	else {
1876	/ Perform setup complement if some. /
1877	conn->handler = conn->given = p;
1878
1879	/ 'port' and 'remote_port' are set in setup_connection_internals() /
1880	return CURLE_OK;
1881	}
1882	}
1883
1884	/ The protocol was not found in the table, but we don't have to assign it*
1885	to anything since it is already assigned to a dummy-struct in the
1886	create_conn() function when the connectdata struct is allocated. /*
1887	failf(data, "Protocol \"%s\" not supported or disabled in " LIBCURL_NAME,
1888	protostr);
1889
1890	return CURLE_UNSUPPORTED_PROTOCOL;
1891	}
1892
1893
1894	CURLcode Curl_uc_to_curlcode(CURLUcode uc)
1895	{
1896	switch(uc) {
1897	default:
1898	return CURLE_URL_MALFORMAT;
1899	case CURLUE_UNSUPPORTED_SCHEME:
1900	return CURLE_UNSUPPORTED_PROTOCOL;
1901	case CURLUE_OUT_OF_MEMORY:
1902	return CURLE_OUT_OF_MEMORY;
1903	case CURLUE_USER_NOT_ALLOWED:
1904	return CURLE_LOGIN_DENIED;
1905	}
1906	}
1907
1908	#ifdef ENABLE_IPV6
1909	/*
1910	* If the URL was set with an IPv6 numerical address with a zone id part, set
1911	* the scope_id based on that!
1912	*/
1913
1914	static void zonefrom_url(CURLU uh, struct* Curl_easy *data,
1915	struct connectdata *conn)
1916	{
1917	char *zoneid;
1918	CURLUcode uc = curl_url_get(uh, CURLUPART_ZONEID, &zoneid, `0`);
1919	#ifdef CURL_DISABLE_VERBOSE_STRINGS
1920	(void)data;
1921	#endif
1922
1923	if(!uc && zoneid) {
1924	char *endp;
1925	unsigned long scope = strtoul(zoneid, &endp, `10`);
1926	if(!*endp && (scope < UINT_MAX))
1927	/ A plain number, use it directly as a scope id. /
1928	conn->scope_id = (unsigned int)scope;
1929	#if defined(HAVE_IF_NAMETOINDEX)
1930	else {
1931	#elif defined(WIN32)
1932	else if(Curl_if_nametoindex) {
1933	#endif
1934
1935	#if defined(HAVE_IF_NAMETOINDEX) \|\| defined(WIN32)
1936	/ Zone identifier is not numeric /
1937	unsigned int scopeidx = `0`;
1938	#if defined(WIN32)
1939	scopeidx = Curl_if_nametoindex(zoneid);
1940	#else
1941	scopeidx = if_nametoindex(zoneid);
1942	#endif
1943	if(!scopeidx) {
1944	#ifndef CURL_DISABLE_VERBOSE_STRINGS
1945	char buffer[STRERROR_LEN];
1946	infof(data, "Invalid zoneid: %s; %s", zoneid,
1947	Curl_strerror(errno, buffer, sizeof(buffer)));
1948	#endif
1949	}
1950	else
1951	conn->scope_id = scopeidx;
1952	}
1953	#endif /* HAVE_IF_NAMETOINDEX \|\| WIN32 */
1954
1955	free(zoneid);
1956	}
1957	}
1958	#else
1959	#define zonefrom_url(a,b,c) Curl_nop_stmt
1960	#endif
1961
1962	/*
1963	* Parse URL and fill in the relevant members of the connection struct.
1964	*/
1965	static CURLcode parseurlandfillconn(struct Curl_easy *data,
1966	struct connectdata *conn)
1967	{
1968	CURLcode result;
1969	CURLU *uh;
1970	CURLUcode uc;
1971	char *hostname;
1972	bool use_set_uh = (data->set.uh && !data->state.this_is_a_follow);
1973
1974	up_free(data); / cleanup previous leftovers first /
1975
1976	/ parse the URL /
1977	if(use_set_uh) {
1978	uh = data->state.uh = curl_url_dup(data->set.uh);
1979	}
1980	else {
1981	uh = data->state.uh = curl_url();
1982	}
1983
1984	if(!uh)
1985	return CURLE_OUT_OF_MEMORY;
1986
1987	if(data->set.str[STRING_DEFAULT_PROTOCOL] &&
1988	!Curl_is_absolute_url(data->state.url, NULL, `0`)) {
1989	char *url = aprintf("%s://%s", data->set.str[STRING_DEFAULT_PROTOCOL],
1990	data->state.url);
1991	if(!url)
1992	return CURLE_OUT_OF_MEMORY;
1993	if(data->state.url_alloc)
1994	free(data->state.url);
1995	data->state.url = url;
1996	data->state.url_alloc = TRUE;
1997	}
1998
1999	if(!use_set_uh) {
2000	char *newurl;
2001	uc = curl_url_set(uh, CURLUPART_URL, data->state.url,
2002	CURLU_GUESS_SCHEME \|
2003	CURLU_NON_SUPPORT_SCHEME \|
2004	(data->set.disallow_username_in_url ?
2005	CURLU_DISALLOW_USER : `0`) \|
2006	(data->set.path_as_is ? CURLU_PATH_AS_IS : `0`));
2007	if(uc) {
2008	DEBUGF(infof(data, "curl_url_set rejected %s: %s", data->state.url,
2009	curl_url_strerror(uc)));
2010	return Curl_uc_to_curlcode(uc);
2011	}
2012
2013	/ after it was parsed, get the generated normalized version /
2014	uc = curl_url_get(uh, CURLUPART_URL, &newurl, `0`);
2015	if(uc)
2016	return Curl_uc_to_curlcode(uc);
2017	if(data->state.url_alloc)
2018	free(data->state.url);
2019	data->state.url = newurl;
2020	data->state.url_alloc = TRUE;
2021	}
2022
2023	uc = curl_url_get(uh, CURLUPART_SCHEME, &data->state.up.scheme, `0`);
2024	if(uc)
2025	return Curl_uc_to_curlcode(uc);
2026
2027	uc = curl_url_get(uh, CURLUPART_HOST, &data->state.up.hostname, `0`);
2028	if(uc) {
2029	if(!strcasecompare("file", data->state.up.scheme))
2030	return CURLE_OUT_OF_MEMORY;
2031	}
2032	else if(strlen(data->state.up.hostname) > MAX_URL_LEN) {
2033	failf(data, "Too long host name (maximum is %d)", MAX_URL_LEN);
2034	return CURLE_URL_MALFORMAT;
2035	}
2036
2037	#ifndef CURL_DISABLE_HSTS
2038	if(data->hsts && strcasecompare("http", data->state.up.scheme)) {
2039	if(Curl_hsts(data->hsts, data->state.up.hostname, TRUE)) {
2040	char *url;
2041	Curl_safefree(data->state.up.scheme);
2042	uc = curl_url_set(uh, CURLUPART_SCHEME, "https", `0`);
2043	if(uc)
2044	return Curl_uc_to_curlcode(uc);
2045	if(data->state.url_alloc)
2046	Curl_safefree(data->state.url);
2047	/ after update, get the updated version /
2048	uc = curl_url_get(uh, CURLUPART_URL, &url, `0`);
2049	if(uc)
2050	return Curl_uc_to_curlcode(uc);
2051	uc = curl_url_get(uh, CURLUPART_SCHEME, &data->state.up.scheme, `0`);
2052	if(uc) {
2053	free(url);
2054	return Curl_uc_to_curlcode(uc);
2055	}
2056	data->state.url = url;
2057	data->state.url_alloc = TRUE;
2058	infof(data, "Switched from HTTP to HTTPS due to HSTS => %s",
2059	data->state.url);
2060	}
2061	}
2062	#endif
2063
2064	result = findprotocol(data, conn, data->state.up.scheme);
2065	if(result)
2066	return result;
2067
2068	/*
2069	* User name and password set with their own options override the
2070	* credentials possibly set in the URL.
2071	*/
2072	if(!data->state.aptr.passwd) {
2073	uc = curl_url_get(uh, CURLUPART_PASSWORD, &data->state.up.password, `0`);
2074	if(!uc) {
2075	char *decoded;
2076	result = Curl_urldecode(data->state.up.password, `0`, &decoded, NULL,
2077	conn->handler->flags&PROTOPT_USERPWDCTRL ?
2078	REJECT_ZERO : REJECT_CTRL);
2079	if(result)
2080	return result;
2081	conn->passwd = decoded;
2082	result = Curl_setstropt(&data->state.aptr.passwd, decoded);
2083	if(result)
2084	return result;
2085	}
2086	else if(uc != CURLUE_NO_PASSWORD)
2087	return Curl_uc_to_curlcode(uc);
2088	}
2089
2090	if(!data->state.aptr.user) {
2091	/ we don't use the URL API's URL decoder option here since it rejects*
2092	control codes and we want to allow them for some schemes in the user
2093	and password fields /*
2094	uc = curl_url_get(uh, CURLUPART_USER, &data->state.up.user, `0`);
2095	if(!uc) {
2096	char *decoded;
2097	result = Curl_urldecode(data->state.up.user, `0`, &decoded, NULL,
2098	conn->handler->flags&PROTOPT_USERPWDCTRL ?
2099	REJECT_ZERO : REJECT_CTRL);
2100	if(result)
2101	return result;
2102	conn->user = decoded;
2103	result = Curl_setstropt(&data->state.aptr.user, decoded);
2104	}
2105	else if(uc != CURLUE_NO_USER)
2106	return Curl_uc_to_curlcode(uc);
2107	else if(data->state.aptr.passwd) {
2108	/ no user was set but a password, set a blank user /
2109	result = Curl_setstropt(&data->state.aptr.user, "");
2110	}
2111	if(result)
2112	return result;
2113	}
2114
2115	uc = curl_url_get(uh, CURLUPART_OPTIONS, &data->state.up.options,
2116	CURLU_URLDECODE);
2117	if(!uc) {
2118	conn->options = strdup(data->state.up.options);
2119	if(!conn->options)
2120	return CURLE_OUT_OF_MEMORY;
2121	}
2122	else if(uc != CURLUE_NO_OPTIONS)
2123	return Curl_uc_to_curlcode(uc);
2124
2125	uc = curl_url_get(uh, CURLUPART_PATH, &data->state.up.path,
2126	CURLU_URLENCODE);
2127	if(uc)
2128	return Curl_uc_to_curlcode(uc);
2129
2130	uc = curl_url_get(uh, CURLUPART_PORT, &data->state.up.port,
2131	CURLU_DEFAULT_PORT);
2132	if(uc) {
2133	if(!strcasecompare("file", data->state.up.scheme))
2134	return CURLE_OUT_OF_MEMORY;
2135	}
2136	else {
2137	unsigned long port = strtoul(data->state.up.port, NULL, `10`);
2138	conn->port = conn->remote_port =
2139	(data->set.use_port && data->state.allow_port) ?
2140	data->set.use_port : curlx_ultous(port);
2141	}
2142
2143	(void)curl_url_get(uh, CURLUPART_QUERY, &data->state.up.query, `0`);
2144
2145	hostname = data->state.up.hostname;
2146	if(hostname && hostname[`0`] == `'['`) {
2147	/ This looks like an IPv6 address literal. See if there is an address*
2148	scope. /*
2149	size_t hlen;
2150	conn->bits.ipv6_ip = TRUE;
2151	/ cut off the brackets! /
2152	hostname++;
2153	hlen = strlen(hostname);
2154	hostname[hlen - `1`] = `0`;
2155
2156	zonefrom_url(uh, data, conn);
2157	}
2158
2159	/ make sure the connect struct gets its own copy of the host name /
2160	conn->host.rawalloc = strdup(hostname ? hostname : "");
2161	if(!conn->host.rawalloc)
2162	return CURLE_OUT_OF_MEMORY;
2163	conn->host.name = conn->host.rawalloc;
2164
2165	#ifdef ENABLE_IPV6
2166	if(data->set.scope_id)
2167	/ Override any scope that was set above. /
2168	conn->scope_id = data->set.scope_id;
2169	#endif
2170
2171	return CURLE_OK;
2172	}
2173
2174
2175	/*
2176	* If we're doing a resumed transfer, we need to setup our stuff
2177	* properly.
2178	*/
2179	static CURLcode setup_range(struct Curl_easy *data)
2180	{
2181	struct UrlState *s = &data->state;
2182	s->resume_from = data->set.set_resume_from;
2183	if(s->resume_from \|\| data->set.str[STRING_SET_RANGE]) {
2184	if(s->rangestringalloc)
2185	free(s->range);
2186
2187	if(s->resume_from)
2188	s->range = aprintf("%" CURL_FORMAT_CURL_OFF_T "-", s->resume_from);
2189	else
2190	s->range = strdup(data->set.str[STRING_SET_RANGE]);
2191
2192	s->rangestringalloc = (s->range) ? TRUE : FALSE;
2193
2194	if(!s->range)
2195	return CURLE_OUT_OF_MEMORY;
2196
2197	/ tell ourselves to fetch this range /
2198	s->use_range = TRUE; / enable range download /
2199	}
2200	else
2201	s->use_range = FALSE; / disable range download /
2202
2203	return CURLE_OK;
2204	}
2205
2206
2207	/*
2208	* setup_connection_internals() -
2209	*
2210	* Setup connection internals specific to the requested protocol in the
2211	* Curl_easy. This is inited and setup before the connection is made but
2212	* is about the particular protocol that is to be used.
2213	*
2214	* This MUST get called after proxy magic has been figured out.
2215	*/
2216	static CURLcode setup_connection_internals(struct Curl_easy *data,
2217	struct connectdata *conn)
2218	{
2219	const struct Curl_handler *p;
2220	CURLcode result;
2221
2222	/ Perform setup complement if some. /
2223	p = conn->handler;
2224
2225	if(p->setup_connection) {
2226	result = (*p->setup_connection)(data, conn);
2227
2228	if(result)
2229	return result;
2230
2231	p = conn->handler; / May have changed. /
2232	}
2233
2234	if(conn->port < `0`)
2235	/ we check for -1 here since if proxy was detected already, this*
2236	was very likely already set to the proxy port /*
2237	conn->port = p->defport;
2238
2239	return CURLE_OK;
2240	}
2241
2242	/*
2243	* Curl_free_request_state() should free temp data that was allocated in the
2244	* Curl_easy for this single request.
2245	*/
2246
2247	void Curl_free_request_state(struct Curl_easy *data)
2248	{
2249	Curl_safefree(data->req.p.http);
2250	Curl_safefree(data->req.newurl);
2251
2252	#ifndef CURL_DISABLE_DOH
2253	if(data->req.doh) {
2254	Curl_close(&data->req.doh->probe[`0`].easy);
2255	Curl_close(&data->req.doh->probe[`1`].easy);
2256	}
2257	#endif
2258	}
2259
2260
2261	#ifndef CURL_DISABLE_PROXY
2262	/****************************************************************
2263	* Checks if the host is in the noproxy list. returns true if it matches
2264	* and therefore the proxy should NOT be used.
2265	****************************************************************/
2266	static bool check_noproxy(const char name, const* char *no_proxy)
2267	{
2268	/ no_proxy=domain1.dom,host.domain2.dom*
2269	* (a comma-separated list of hosts which should
2270	* not be proxied, or an asterisk to override
2271	* all proxy variables)
2272	*/
2273	if(no_proxy && no_proxy[`0`]) {
2274	size_t tok_start;
2275	size_t tok_end;
2276	const char *separator = ", ";
2277	size_t no_proxy_len;
2278	size_t namelen;
2279	char *endptr;
2280	if(strcasecompare("*", no_proxy)) {
2281	return TRUE;
2282	}
2283
2284	/ NO_PROXY was specified and it wasn't just an asterisk /
2285
2286	no_proxy_len = strlen(no_proxy);
2287	if(name[`0`] == `'['`) {
2288	/ IPv6 numerical address /
2289	endptr = strchr(name, `']'`);
2290	if(!endptr)
2291	return FALSE;
2292	name++;
2293	namelen = endptr - name;
2294	}
2295	else
2296	namelen = strlen(name);
2297
2298	for(tok_start = `0`; tok_start < no_proxy_len; tok_start = tok_end + `1`) {
2299	while(tok_start < no_proxy_len &&
2300	strchr(separator, no_proxy[tok_start]) != NULL) {
2301	/ Look for the beginning of the token. /
2302	++tok_start;
2303	}
2304
2305	if(tok_start == no_proxy_len)
2306	break; / It was all trailing separator chars, no more tokens. /
2307
2308	for(tok_end = tok_start; tok_end < no_proxy_len &&
2309	strchr(separator, no_proxy[tok_end]) == NULL; ++tok_end)
2310	/ Look for the end of the token. /
2311	;
2312
2313	/ To match previous behavior, where it was necessary to specify*
2314	* ".local.com" to prevent matching "notlocal.com", we will leave
2315	* the '.' off.
2316	*/
2317	if(no_proxy[tok_start] == `'.'`)
2318	++tok_start;
2319
2320	if((tok_end - tok_start) <= namelen) {
2321	/ Match the last part of the name to the domain we are checking. /
2322	const char *checkn = name + namelen - (tok_end - tok_start);
2323	if(strncasecompare(no_proxy + tok_start, checkn,
2324	tok_end - tok_start)) {
2325	if((tok_end - tok_start) == namelen \|\| *(checkn - `1`) == `'.'`) {
2326	/ We either have an exact match, or the previous character is a .*
2327	* so it is within the same domain, so no proxy for this host.
2328	*/
2329	return TRUE;
2330	}
2331	}
2332	} / if((tok_end - tok_start) <= namelen) /
2333	} / for(tok_start = 0; tok_start < no_proxy_len;*
2334	tok_start = tok_end + 1) /*
2335	} / NO_PROXY was specified and it wasn't just an asterisk /
2336
2337	return FALSE;
2338	}
2339
2340	#ifndef CURL_DISABLE_HTTP
2341	/****************************************************************
2342	* Detect what (if any) proxy to use. Remember that this selects a host
2343	* name and is not limited to HTTP proxies only.
2344	* The returned pointer must be freed by the caller (unless NULL)
2345	****************************************************************/
2346	static char detect_proxy(struct* Curl_easy *data,
2347	struct connectdata *conn)
2348	{
2349	char *proxy = NULL;
2350
2351	/ If proxy was not specified, we check for default proxy environment*
2352	* variables, to enable i.e Lynx compliance:
2353	*
2354	* http_proxy=http://some.server.dom:port/
2355	* https_proxy=http://some.server.dom:port/
2356	* ftp_proxy=http://some.server.dom:port/
2357	* no_proxy=domain1.dom,host.domain2.dom
2358	* (a comma-separated list of hosts which should
2359	* not be proxied, or an asterisk to override
2360	* all proxy variables)
2361	* all_proxy=http://some.server.dom:port/
2362	* (seems to exist for the CERN www lib. Probably
2363	* the first to check for.)
2364	*
2365	* For compatibility, the all-uppercase versions of these variables are
2366	* checked if the lowercase versions don't exist.
2367	*/
2368	char proxy_env[`128`];
2369	const char *protop = conn->handler->scheme;
2370	char *envp = proxy_env;
2371	char *prox;
2372	#ifdef CURL_DISABLE_VERBOSE_STRINGS
2373	(void)data;
2374	#endif
2375
2376	/ Now, build <protocol>_proxy and check for such a one to use /
2377	while(*protop)
2378	envp++ = (char)tolower((int)protop++);
2379
2380	/ append _proxy /
2381	strcpy(envp, "_proxy");
2382
2383	/ read the protocol proxy: /
2384	prox = curl_getenv(proxy_env);
2385
2386	/*
2387	* We don't try the uppercase version of HTTP_PROXY because of
2388	* security reasons:
2389	*
2390	* When curl is used in a webserver application
2391	* environment (cgi or php), this environment variable can
2392	* be controlled by the web server user by setting the
2393	* http header 'Proxy:' to some value.
2394	*
2395	* This can cause 'internal' http/ftp requests to be
2396	* arbitrarily redirected by any external attacker.
2397	*/
2398	if(!prox && !strcasecompare("http_proxy", proxy_env)) {
2399	/ There was no lowercase variable, try the uppercase version: /
2400	Curl_strntoupper(proxy_env, proxy_env, sizeof(proxy_env));
2401	prox = curl_getenv(proxy_env);
2402	}
2403
2404	envp = proxy_env;
2405	if(prox) {
2406	proxy = prox; / use this /
2407	}
2408	else {
2409	envp = (char *)"all_proxy";
2410	proxy = curl_getenv(envp); / default proxy to use /
2411	if(!proxy) {
2412	envp = (char *)"ALL_PROXY";
2413	proxy = curl_getenv(envp);
2414	}
2415	}
2416	if(proxy)
2417	infof(data, "Uses proxy env variable %s == '%s'", envp, proxy);
2418
2419	return proxy;
2420	}
2421	#endif /* CURL_DISABLE_HTTP */
2422
2423	/*
2424	* If this is supposed to use a proxy, we need to figure out the proxy
2425	* host name, so that we can re-use an existing connection
2426	* that may exist registered to the same proxy host.
2427	*/
2428	static CURLcode parse_proxy(struct Curl_easy *data,
2429	struct connectdata conn, char* *proxy,
2430	curl_proxytype proxytype)
2431	{
2432	char *portptr = NULL;
2433	int port = -`1`;
2434	char *proxyuser = NULL;
2435	char *proxypasswd = NULL;
2436	char *host = NULL;
2437	bool sockstype;
2438	CURLUcode uc;
2439	struct proxy_info *proxyinfo;
2440	CURLU *uhp = curl_url();
2441	CURLcode result = CURLE_OK;
2442	char *scheme = NULL;
2443	#ifdef USE_UNIX_SOCKETS
2444	char *path = NULL;
2445	bool is_unix_proxy = FALSE;
2446	#endif
2447
2448
2449	if(!uhp) {
2450	result = CURLE_OUT_OF_MEMORY;
2451	goto error;
2452	}
2453
2454	/ When parsing the proxy, allowing non-supported schemes since we have*
2455	these made up ones for proxies. Guess scheme for URLs without it. /*
2456	uc = curl_url_set(uhp, CURLUPART_URL, proxy,
2457	CURLU_NON_SUPPORT_SCHEME\|CURLU_GUESS_SCHEME);
2458	if(!uc) {
2459	/ parsed okay as a URL /
2460	uc = curl_url_get(uhp, CURLUPART_SCHEME, &scheme, `0`);
2461	if(uc) {
2462	result = CURLE_OUT_OF_MEMORY;
2463	goto error;
2464	}
2465
2466	if(strcasecompare("https", scheme))
2467	proxytype = CURLPROXY_HTTPS;
2468	else if(strcasecompare("socks5h", scheme))
2469	proxytype = CURLPROXY_SOCKS5_HOSTNAME;
2470	else if(strcasecompare("socks5", scheme))
2471	proxytype = CURLPROXY_SOCKS5;
2472	else if(strcasecompare("socks4a", scheme))
2473	proxytype = CURLPROXY_SOCKS4A;
2474	else if(strcasecompare("socks4", scheme) \|\|
2475	strcasecompare("socks", scheme))
2476	proxytype = CURLPROXY_SOCKS4;
2477	else if(strcasecompare("http", scheme))
2478	; / leave it as HTTP or HTTP/1.0 /
2479	else {
2480	/ Any other xxx:// reject! /
2481	failf(data, "Unsupported proxy scheme for \'%s\'", proxy);
2482	result = CURLE_COULDNT_CONNECT;
2483	goto error;
2484	}
2485	}
2486	else {
2487	failf(data, "Unsupported proxy syntax in \'%s\'", proxy);
2488	result = CURLE_COULDNT_RESOLVE_PROXY;
2489	goto error;
2490	}
2491
2492	#ifdef USE_SSL
2493	if(!(Curl_ssl->supports & SSLSUPP_HTTPS_PROXY))
2494	#endif
2495	if(proxytype == CURLPROXY_HTTPS) {
2496	failf(data, "Unsupported proxy \'%s\', libcurl is built without the "
2497	"HTTPS-proxy support.", proxy);
2498	result = CURLE_NOT_BUILT_IN;
2499	goto error;
2500	}
2501
2502	sockstype =
2503	proxytype == CURLPROXY_SOCKS5_HOSTNAME \|\|
2504	proxytype == CURLPROXY_SOCKS5 \|\|
2505	proxytype == CURLPROXY_SOCKS4A \|\|
2506	proxytype == CURLPROXY_SOCKS4;
2507
2508	proxyinfo = sockstype ? &conn->socks_proxy : &conn->http_proxy;
2509	proxyinfo->proxytype = proxytype;
2510
2511	/ Is there a username and password given in this proxy url? /
2512	uc = curl_url_get(uhp, CURLUPART_USER, &proxyuser, CURLU_URLDECODE);
2513	if(uc && (uc != CURLUE_NO_USER))
2514	goto error;
2515	uc = curl_url_get(uhp, CURLUPART_PASSWORD, &proxypasswd, CURLU_URLDECODE);
2516	if(uc && (uc != CURLUE_NO_PASSWORD))
2517	goto error;
2518
2519	if(proxyuser \|\| proxypasswd) {
2520	Curl_safefree(proxyinfo->user);
2521	proxyinfo->user = proxyuser;
2522	result = Curl_setstropt(&data->state.aptr.proxyuser, proxyuser);
2523	proxyuser = NULL;
2524	if(result)
2525	goto error;
2526	Curl_safefree(proxyinfo->passwd);
2527	if(!proxypasswd) {
2528	proxypasswd = strdup("");
2529	if(!proxypasswd) {
2530	result = CURLE_OUT_OF_MEMORY;
2531	goto error;
2532	}
2533	}
2534	proxyinfo->passwd = proxypasswd;
2535	result = Curl_setstropt(&data->state.aptr.proxypasswd, proxypasswd);
2536	proxypasswd = NULL;
2537	if(result)
2538	goto error;
2539	conn->bits.proxy_user_passwd = TRUE; / enable it /
2540	}
2541
2542	(void)curl_url_get(uhp, CURLUPART_PORT, &portptr, `0`);
2543
2544	if(portptr) {
2545	port = (int)strtol(portptr, NULL, `10`);
2546	free(portptr);
2547	}
2548	else {
2549	if(data->set.proxyport)
2550	/ None given in the proxy string, then get the default one if it is*
2551	given /*
2552	port = (int)data->set.proxyport;
2553	else {
2554	if(proxytype == CURLPROXY_HTTPS)
2555	port = CURL_DEFAULT_HTTPS_PROXY_PORT;
2556	else
2557	port = CURL_DEFAULT_PROXY_PORT;
2558	}
2559	}
2560	if(port >= `0`) {
2561	proxyinfo->port = port;
2562	if(conn->port < `0` \|\| sockstype \|\| !conn->socks_proxy.host.rawalloc)
2563	conn->port = port;
2564	}
2565
2566	/ now, clone the proxy host name /
2567	uc = curl_url_get(uhp, CURLUPART_HOST, &host, CURLU_URLDECODE);
2568	if(uc) {
2569	result = CURLE_OUT_OF_MEMORY;
2570	goto error;
2571	}
2572	#ifdef USE_UNIX_SOCKETS
2573	if(sockstype && strcasecompare(UNIX_SOCKET_PREFIX, host)) {
2574	uc = curl_url_get(uhp, CURLUPART_PATH, &path, CURLU_URLDECODE);
2575	if(uc) {
2576	result = CURLE_OUT_OF_MEMORY;
2577	goto error;
2578	}
2579	/ path will be "/", if no path was was found /
2580	if(strcmp("/", path)) {
2581	is_unix_proxy = TRUE;
2582	free(host);
2583	host = aprintf(UNIX_SOCKET_PREFIX"%s", path);
2584	if(!host) {
2585	result = CURLE_OUT_OF_MEMORY;
2586	goto error;
2587	}
2588	Curl_safefree(proxyinfo->host.rawalloc);
2589	proxyinfo->host.rawalloc = host;
2590	proxyinfo->host.name = host;
2591	host = NULL;
2592	}
2593	}
2594
2595	if(!is_unix_proxy) {
2596	#endif
2597	Curl_safefree(proxyinfo->host.rawalloc);
2598	proxyinfo->host.rawalloc = host;
2599	if(host[`0`] == `'['`) {
2600	/ this is a numerical IPv6, strip off the brackets /
2601	size_t len = strlen(host);
2602	host[len-`1`] = `0`; / clear the trailing bracket /
2603	host++;
2604	zonefrom_url(uhp, data, conn);
2605	}
2606	proxyinfo->host.name = host;
2607	host = NULL;
2608	#ifdef USE_UNIX_SOCKETS
2609	}
2610	#endif
2611
2612	error:
2613	free(proxyuser);
2614	free(proxypasswd);
2615	free(host);
2616	free(scheme);
2617	#ifdef USE_UNIX_SOCKETS
2618	free(path);
2619	#endif
2620	curl_url_cleanup(uhp);
2621	return result;
2622	}
2623
2624	/*
2625	* Extract the user and password from the authentication string
2626	*/
2627	static CURLcode parse_proxy_auth(struct Curl_easy *data,
2628	struct connectdata *conn)
2629	{
2630	const char *proxyuser = data->state.aptr.proxyuser ?
2631	data->state.aptr.proxyuser : "";
2632	const char *proxypasswd = data->state.aptr.proxypasswd ?
2633	data->state.aptr.proxypasswd : "";
2634	CURLcode result = CURLE_OK;
2635
2636	if(proxyuser) {
2637	result = Curl_urldecode(proxyuser, `0`, &conn->http_proxy.user, NULL,
2638	REJECT_ZERO);
2639	if(!result)
2640	result = Curl_setstropt(&data->state.aptr.proxyuser,
2641	conn->http_proxy.user);
2642	}
2643	if(!result && proxypasswd) {
2644	result = Curl_urldecode(proxypasswd, `0`, &conn->http_proxy.passwd,
2645	NULL, REJECT_ZERO);
2646	if(!result)
2647	result = Curl_setstropt(&data->state.aptr.proxypasswd,
2648	conn->http_proxy.passwd);
2649	}
2650	return result;
2651	}
2652
2653	/ create_conn helper to parse and init proxy values. to be called after unix*
2654	socket init but before any proxy vars are evaluated. /*
2655	static CURLcode create_conn_helper_init_proxy(struct Curl_easy *data,
2656	struct connectdata *conn)
2657	{
2658	char *proxy = NULL;
2659	char *socksproxy = NULL;
2660	char *no_proxy = NULL;
2661	CURLcode result = CURLE_OK;
2662
2663	/*************************************************************
2664	* Extract the user and password from the authentication string
2665	*************************************************************/
2666	if(conn->bits.proxy_user_passwd) {
2667	result = parse_proxy_auth(data, conn);
2668	if(result)
2669	goto out;
2670	}
2671
2672	/*************************************************************
2673	* Detect what (if any) proxy to use
2674	*************************************************************/
2675	if(data->set.str[STRING_PROXY]) {
2676	proxy = strdup(data->set.str[STRING_PROXY]);
2677	/ if global proxy is set, this is it /
2678	if(!proxy) {
2679	failf(data, "memory shortage");
2680	result = CURLE_OUT_OF_MEMORY;
2681	goto out;
2682	}
2683	}
2684
2685	if(data->set.str[STRING_PRE_PROXY]) {
2686	socksproxy = strdup(data->set.str[STRING_PRE_PROXY]);
2687	/ if global socks proxy is set, this is it /
2688	if(!socksproxy) {
2689	failf(data, "memory shortage");
2690	result = CURLE_OUT_OF_MEMORY;
2691	goto out;
2692	}
2693	}
2694
2695	if(!data->set.str[STRING_NOPROXY]) {
2696	const char *p = "no_proxy";
2697	no_proxy = curl_getenv(p);
2698	if(!no_proxy) {
2699	p = "NO_PROXY";
2700	no_proxy = curl_getenv(p);
2701	}
2702	if(no_proxy) {
2703	infof(data, "Uses proxy env variable %s == '%s'", p, no_proxy);
2704	}
2705	}
2706
2707	if(check_noproxy(conn->host.name, data->set.str[STRING_NOPROXY] ?
2708	data->set.str[STRING_NOPROXY] : no_proxy)) {
2709	Curl_safefree(proxy);
2710	Curl_safefree(socksproxy);
2711	}
2712	#ifndef CURL_DISABLE_HTTP
2713	else if(!proxy && !socksproxy)
2714	/ if the host is not in the noproxy list, detect proxy. /
2715	proxy = detect_proxy(data, conn);
2716	#endif /* CURL_DISABLE_HTTP */
2717
2718	Curl_safefree(no_proxy);
2719
2720	#ifdef USE_UNIX_SOCKETS
2721	/ For the time being do not mix proxy and unix domain sockets. See #1274 /
2722	if(proxy && conn->unix_domain_socket) {
2723	free(proxy);
2724	proxy = NULL;
2725	}
2726	#endif
2727
2728	if(proxy && (!*proxy \|\| (conn->handler->flags & PROTOPT_NONETWORK))) {
2729	free(proxy); / Don't bother with an empty proxy string or if the*
2730	protocol doesn't work with network /*
2731	proxy = NULL;
2732	}
2733	if(socksproxy && (!*socksproxy \|\|
2734	(conn->handler->flags & PROTOPT_NONETWORK))) {
2735	free(socksproxy); / Don't bother with an empty socks proxy string or if*
2736	the protocol doesn't work with network /*
2737	socksproxy = NULL;
2738	}
2739
2740	/***********************************************************************
2741	* If this is supposed to use a proxy, we need to figure out the proxy host
2742	* name, proxy type and port number, so that we can re-use an existing
2743	* connection that may exist registered to the same proxy host.
2744	***********************************************************************/
2745	if(proxy \|\| socksproxy) {
2746	curl_proxytype ptype = (curl_proxytype)conn->http_proxy.proxytype;
2747	if(proxy) {
2748	result = parse_proxy(data, conn, proxy, ptype);
2749	Curl_safefree(proxy); / parse_proxy copies the proxy string /
2750	if(result)
2751	goto out;
2752	}
2753
2754	if(socksproxy) {
2755	result = parse_proxy(data, conn, socksproxy, ptype);
2756	/ parse_proxy copies the socks proxy string /
2757	Curl_safefree(socksproxy);
2758	if(result)
2759	goto out;
2760	}
2761
2762	if(conn->http_proxy.host.rawalloc) {
2763	#ifdef CURL_DISABLE_HTTP
2764	/ asking for a HTTP proxy is a bit funny when HTTP is disabled... /
2765	result = CURLE_UNSUPPORTED_PROTOCOL;
2766	goto out;
2767	#else
2768	/ force this connection's protocol to become HTTP if compatible /
2769	if(!(conn->handler->protocol & PROTO_FAMILY_HTTP)) {
2770	if((conn->handler->flags & PROTOPT_PROXY_AS_HTTP) &&
2771	!conn->bits.tunnel_proxy)
2772	conn->handler = &Curl_handler_http;
2773	else
2774	/ if not converting to HTTP over the proxy, enforce tunneling /
2775	conn->bits.tunnel_proxy = TRUE;
2776	}
2777	conn->bits.httpproxy = TRUE;
2778	#endif
2779	}
2780	else {
2781	conn->bits.httpproxy = FALSE; / not a HTTP proxy /
2782	conn->bits.tunnel_proxy = FALSE; / no tunneling if not HTTP /
2783	}
2784
2785	if(conn->socks_proxy.host.rawalloc) {
2786	if(!conn->http_proxy.host.rawalloc) {
2787	/ once a socks proxy /
2788	if(!conn->socks_proxy.user) {
2789	conn->socks_proxy.user = conn->http_proxy.user;
2790	conn->http_proxy.user = NULL;
2791	Curl_safefree(conn->socks_proxy.passwd);
2792	conn->socks_proxy.passwd = conn->http_proxy.passwd;
2793	conn->http_proxy.passwd = NULL;
2794	}
2795	}
2796	conn->bits.socksproxy = TRUE;
2797	}
2798	else
2799	conn->bits.socksproxy = FALSE; / not a socks proxy /
2800	}
2801	else {
2802	conn->bits.socksproxy = FALSE;
2803	conn->bits.httpproxy = FALSE;
2804	}
2805	conn->bits.proxy = conn->bits.httpproxy \|\| conn->bits.socksproxy;
2806
2807	if(!conn->bits.proxy) {
2808	/ we aren't using the proxy after all... /
2809	conn->bits.proxy = FALSE;
2810	conn->bits.httpproxy = FALSE;
2811	conn->bits.socksproxy = FALSE;
2812	conn->bits.proxy_user_passwd = FALSE;
2813	conn->bits.tunnel_proxy = FALSE;
2814	/ CURLPROXY_HTTPS does not have its own flag in conn->bits, yet we need*
2815	to signal that CURLPROXY_HTTPS is not used for this connection /*
2816	conn->http_proxy.proxytype = CURLPROXY_HTTP;
2817	}
2818
2819	out:
2820
2821	free(socksproxy);
2822	free(proxy);
2823	return result;
2824	}
2825	#endif /* CURL_DISABLE_PROXY */
2826
2827	/*
2828	* Curl_parse_login_details()
2829	*
2830	* This is used to parse a login string for user name, password and options in
2831	* the following formats:
2832	*
2833	* user
2834	* user:password
2835	* user:password;options
2836	* user;options
2837	* user;options:password
2838	* :password
2839	* :password;options
2840	* ;options
2841	* ;options:password
2842	*
2843	* Parameters:
2844	*
2845	* login [in] - The login string.
2846	* len [in] - The length of the login string.
2847	* userp [in/out] - The address where a pointer to newly allocated memory
2848	* holding the user will be stored upon completion.
2849	* passwdp [in/out] - The address where a pointer to newly allocated memory
2850	* holding the password will be stored upon completion.
2851	* optionsp [in/out] - The address where a pointer to newly allocated memory
2852	* holding the options will be stored upon completion.
2853	*
2854	* Returns CURLE_OK on success.
2855	*/
2856	CURLcode Curl_parse_login_details(const char login, const* size_t len,
2857	char *userp, char* **passwdp,
2858	char **optionsp)
2859	{
2860	CURLcode result = CURLE_OK;
2861	char *ubuf = NULL;
2862	char *pbuf = NULL;
2863	char *obuf = NULL;
2864	const char *psep = NULL;
2865	const char *osep = NULL;
2866	size_t ulen;
2867	size_t plen;
2868	size_t olen;
2869
2870	/ the input length check is because this is called directly from setopt*
2871	and isn't going through the regular string length check /*
2872	size_t llen = strlen(login);
2873	if(llen > CURL_MAX_INPUT_LENGTH)
2874	return CURLE_BAD_FUNCTION_ARGUMENT;
2875
2876	/ Attempt to find the password separator /
2877	if(passwdp) {
2878	psep = strchr(login, `':'`);
2879
2880	/ Within the constraint of the login string /
2881	if(psep >= login + len)
2882	psep = NULL;
2883	}
2884
2885	/ Attempt to find the options separator /
2886	if(optionsp) {
2887	osep = strchr(login, `';'`);
2888
2889	/ Within the constraint of the login string /
2890	if(osep >= login + len)
2891	osep = NULL;
2892	}
2893
2894	/ Calculate the portion lengths /
2895	ulen = (psep ?
2896	(size_t)(osep && psep > osep ? osep - login : psep - login) :
2897	(osep ? (size_t)(osep - login) : len));
2898	plen = (psep ?
2899	(osep && osep > psep ? (size_t)(osep - psep) :
2900	(size_t)(login + len - psep)) - `1` : `0`);
2901	olen = (osep ?
2902	(psep && psep > osep ? (size_t)(psep - osep) :
2903	(size_t)(login + len - osep)) - `1` : `0`);
2904
2905	/ Allocate the user portion buffer /
2906	if(userp && ulen) {
2907	ubuf = malloc(ulen + `1`);
2908	if(!ubuf)
2909	result = CURLE_OUT_OF_MEMORY;
2910	}
2911
2912	/ Allocate the password portion buffer /
2913	if(!result && passwdp && plen) {
2914	pbuf = malloc(plen + `1`);
2915	if(!pbuf) {
2916	free(ubuf);
2917	result = CURLE_OUT_OF_MEMORY;
2918	}
2919	}
2920
2921	/ Allocate the options portion buffer /
2922	if(!result && optionsp && olen) {
2923	obuf = malloc(olen + `1`);
2924	if(!obuf) {
2925	free(pbuf);
2926	free(ubuf);
2927	result = CURLE_OUT_OF_MEMORY;
2928	}
2929	}
2930
2931	if(!result) {
2932	/ Store the user portion if necessary /
2933	if(ubuf) {
2934	memcpy(ubuf, login, ulen);
2935	ubuf[ulen] = `'\0'`;
2936	Curl_safefree(*userp);
2937	*userp = ubuf;
2938	}
2939
2940	/ Store the password portion if necessary /
2941	if(pbuf) {
2942	memcpy(pbuf, psep + `1`, plen);
2943	pbuf[plen] = `'\0'`;
2944	Curl_safefree(*passwdp);
2945	*passwdp = pbuf;
2946	}
2947
2948	/ Store the options portion if necessary /
2949	if(obuf) {
2950	memcpy(obuf, osep + `1`, olen);
2951	obuf[olen] = `'\0'`;
2952	Curl_safefree(*optionsp);
2953	*optionsp = obuf;
2954	}
2955	}
2956
2957	return result;
2958	}
2959
2960	/*************************************************************
2961	* Figure out the remote port number and fix it in the URL
2962	*
2963	* No matter if we use a proxy or not, we have to figure out the remote
2964	* port number of various reasons.
2965	*
2966	* The port number embedded in the URL is replaced, if necessary.
2967	*************************************************************/
2968	static CURLcode parse_remote_port(struct Curl_easy *data,
2969	struct connectdata *conn)
2970	{
2971
2972	if(data->set.use_port && data->state.allow_port) {
2973	/ if set, we use this instead of the port possibly given in the URL /
2974	char portbuf[`16`];
2975	CURLUcode uc;
2976	conn->remote_port = data->set.use_port;
2977	msnprintf(portbuf, sizeof(portbuf), "%d", conn->remote_port);
2978	uc = curl_url_set(data->state.uh, CURLUPART_PORT, portbuf, `0`);
2979	if(uc)
2980	return CURLE_OUT_OF_MEMORY;
2981	}
2982
2983	return CURLE_OK;
2984	}
2985
2986	/*
2987	* Override the login details from the URL with that in the CURLOPT_USERPWD
2988	* option or a .netrc file, if applicable.
2989	*/
2990	static CURLcode override_login(struct Curl_easy *data,
2991	struct connectdata *conn)
2992	{
2993	CURLUcode uc;
2994	char **userp = &conn->user;
2995	char **passwdp = &conn->passwd;
2996	char **optionsp = &conn->options;
2997
2998	#ifndef CURL_DISABLE_NETRC
2999	if(data->set.use_netrc == CURL_NETRC_REQUIRED && data->state.aptr.user) {
3000	Curl_safefree(*userp);
3001	Curl_safefree(*passwdp);
3002	Curl_safefree(data->state.aptr.user); / disable user+password /
3003	}
3004	#endif
3005
3006	if(data->set.str[STRING_OPTIONS]) {
3007	free(*optionsp);
3008	*optionsp = strdup(data->set.str[STRING_OPTIONS]);
3009	if(!*optionsp)
3010	return CURLE_OUT_OF_MEMORY;
3011	}
3012
3013	#ifndef CURL_DISABLE_NETRC
3014	conn->bits.netrc = FALSE;
3015	if(data->set.use_netrc && !data->set.str[STRING_USERNAME]) {
3016	bool netrc_user_changed = FALSE;
3017	bool netrc_passwd_changed = FALSE;
3018	int ret;
3019	bool url_provided = FALSE;
3020
3021	if(data->state.up.user) {
3022	/ there was a user name in the URL /
3023	userp = &data->state.up.user;
3024	url_provided = TRUE;
3025	}
3026
3027	ret = Curl_parsenetrc(conn->host.name,
3028	userp, passwdp,
3029	&netrc_user_changed, &netrc_passwd_changed,
3030	data->set.str[STRING_NETRC_FILE]);
3031	if(ret > `0`) {
3032	infof(data, "Couldn't find host %s in the %s file; using defaults",
3033	conn->host.name, data->set.str[STRING_NETRC_FILE]);
3034	}
3035	else if(ret < `0`) {
3036	failf(data, ".netrc parser error");
3037	return CURLE_READ_ERROR;
3038	}
3039	else {
3040	/ set bits.netrc TRUE to remember that we got the name from a .netrc*
3041	file, so that it is safe to use even if we followed a Location: to a
3042	different host or similar. /*
3043	conn->bits.netrc = TRUE;
3044	}
3045	if(url_provided) {
3046	Curl_safefree(conn->user);
3047	conn->user = strdup(*userp);
3048	if(!conn->user)
3049	return CURLE_OUT_OF_MEMORY;
3050	}
3051	/ no user was set but a password, set a blank user /
3052	if(userp && !userp && passwdp) {
3053	*userp = strdup("");
3054	if(!*userp)
3055	return CURLE_OUT_OF_MEMORY;
3056	}
3057	}
3058	#endif
3059
3060	/ for updated strings, we update them in the URL /
3061	if(*userp) {
3062	CURLcode result = Curl_setstropt(&data->state.aptr.user, *userp);
3063	if(result)
3064	return result;
3065	}
3066	if(data->state.aptr.user) {
3067	uc = curl_url_set(data->state.uh, CURLUPART_USER, data->state.aptr.user,
3068	CURLU_URLENCODE);
3069	if(uc)
3070	return Curl_uc_to_curlcode(uc);
3071	if(!*userp) {
3072	*userp = strdup(data->state.aptr.user);
3073	if(!*userp)
3074	return CURLE_OUT_OF_MEMORY;
3075	}
3076	}
3077	if(*passwdp) {
3078	CURLcode result = Curl_setstropt(&data->state.aptr.passwd, *passwdp);
3079	if(result)
3080	return result;
3081	}
3082	if(data->state.aptr.passwd) {
3083	uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD,
3084	data->state.aptr.passwd, CURLU_URLENCODE);
3085	if(uc)
3086	return Curl_uc_to_curlcode(uc);
3087	if(!*passwdp) {
3088	*passwdp = strdup(data->state.aptr.passwd);
3089	if(!*passwdp)
3090	return CURLE_OUT_OF_MEMORY;
3091	}
3092	}
3093
3094	return CURLE_OK;
3095	}
3096
3097	/*
3098	* Set the login details so they're available in the connection
3099	*/
3100	static CURLcode set_login(struct Curl_easy *data,
3101	struct connectdata *conn)
3102	{
3103	CURLcode result = CURLE_OK;
3104	const char *setuser = CURL_DEFAULT_USER;
3105	const char *setpasswd = CURL_DEFAULT_PASSWORD;
3106
3107	/ If our protocol needs a password and we have none, use the defaults /
3108	if((conn->handler->flags & PROTOPT_NEEDSPWD) && !data->state.aptr.user)
3109	;
3110	else {
3111	setuser = "";
3112	setpasswd = "";
3113	}
3114	/ Store the default user /
3115	if(!conn->user) {
3116	conn->user = strdup(setuser);
3117	if(!conn->user)
3118	return CURLE_OUT_OF_MEMORY;
3119	}
3120
3121	/ Store the default password /
3122	if(!conn->passwd) {
3123	conn->passwd = strdup(setpasswd);
3124	if(!conn->passwd)
3125	result = CURLE_OUT_OF_MEMORY;
3126	}
3127
3128	return result;
3129	}
3130
3131	/*
3132	* Parses a "host:port" string to connect to.
3133	* The hostname and the port may be empty; in this case, NULL is returned for
3134	* the hostname and -1 for the port.
3135	*/
3136	static CURLcode parse_connect_to_host_port(struct Curl_easy *data,
3137	const char *host,
3138	char **hostname_result,
3139	int *port_result)
3140	{
3141	char *host_dup;
3142	char *hostptr;
3143	char *host_portno;
3144	char *portptr;
3145	int port = -`1`;
3146	CURLcode result = CURLE_OK;
3147
3148	#if defined(CURL_DISABLE_VERBOSE_STRINGS)
3149	(void) data;
3150	#endif
3151
3152	*hostname_result = NULL;
3153	*port_result = -`1`;
3154
3155	if(!host \|\| !*host)
3156	return CURLE_OK;
3157
3158	host_dup = strdup(host);
3159	if(!host_dup)
3160	return CURLE_OUT_OF_MEMORY;
3161
3162	hostptr = host_dup;
3163
3164	/ start scanning for port number at this point /
3165	portptr = hostptr;
3166
3167	/ detect and extract RFC6874-style IPv6-addresses /
3168	if(*hostptr == `'['`) {
3169	#ifdef ENABLE_IPV6
3170	char ptr = ++hostptr; /* advance beyond the initial bracket /
3171	while(ptr && (ISXDIGIT(ptr) \|\| (ptr == `':'`) \|\| (ptr == `'.'`)))
3172	ptr++;
3173	if(*ptr == `'%'`) {
3174	/ There might be a zone identifier /
3175	if(strncmp("%25", ptr, `3`))
3176	infof(data, "Please URL encode %% as %%25, see RFC 6874.");
3177	ptr++;
3178	/ Allow unreserved characters as defined in RFC 3986 /
3179	while(ptr && (ISALPHA(ptr) \|\| ISXDIGIT(ptr) \|\| (ptr == `'-'`) \|\|
3180	(ptr == `'.'`) \|\| (ptr == `'_'`) \|\| (*ptr == `'~'`)))
3181	ptr++;
3182	}
3183	if(*ptr == `']'`)
3184	/ yeps, it ended nicely with a bracket as well /
3185	*ptr++ = `'\0'`;
3186	else
3187	infof(data, "Invalid IPv6 address format");
3188	portptr = ptr;
3189	/ Note that if this didn't end with a bracket, we still advanced the*
3190	* hostptr first, but I can't see anything wrong with that as no host
3191	* name nor a numeric can legally start with a bracket.
3192	*/
3193	#else
3194	failf(data, "Use of IPv6 in *_CONNECT_TO without IPv6 support built-in");
3195	result = CURLE_NOT_BUILT_IN;
3196	goto error;
3197	#endif
3198	}
3199
3200	/ Get port number off server.com:1080 /
3201	host_portno = strchr(portptr, `':'`);
3202	if(host_portno) {
3203	char *endp = NULL;
3204	host_portno = `'\0'`; /* cut off number from host name /
3205	host_portno++;
3206	if(*host_portno) {
3207	long portparse = strtol(host_portno, &endp, `10`);
3208	if((endp && *endp) \|\| (portparse < `0`) \|\| (portparse > `65535`)) {
3209	failf(data, "No valid port number in connect to host string (%s)",
3210	host_portno);
3211	result = CURLE_SETOPT_OPTION_SYNTAX;
3212	goto error;
3213	}
3214	else
3215	port = (int)portparse; / we know it will fit /
3216	}
3217	}
3218
3219	/ now, clone the cleaned host name /
3220	if(hostptr) {
3221	*hostname_result = strdup(hostptr);
3222	if(!*hostname_result) {
3223	result = CURLE_OUT_OF_MEMORY;
3224	goto error;
3225	}
3226	}
3227
3228	*port_result = port;
3229
3230	error:
3231	free(host_dup);
3232	return result;
3233	}
3234
3235	/*
3236	* Parses one "connect to" string in the form:
3237	* "HOST:PORT:CONNECT-TO-HOST:CONNECT-TO-PORT".
3238	*/
3239	static CURLcode parse_connect_to_string(struct Curl_easy *data,
3240	struct connectdata *conn,
3241	const char *conn_to_host,
3242	char **host_result,
3243	int *port_result)
3244	{
3245	CURLcode result = CURLE_OK;
3246	const char *ptr = conn_to_host;
3247	int host_match = FALSE;
3248	int port_match = FALSE;
3249
3250	*host_result = NULL;
3251	*port_result = -`1`;
3252
3253	if(*ptr == `':'`) {
3254	/ an empty hostname always matches /
3255	host_match = TRUE;
3256	ptr++;
3257	}
3258	else {
3259	/ check whether the URL's hostname matches /
3260	size_t hostname_to_match_len;
3261	char *hostname_to_match = aprintf("%s%s%s",
3262	conn->bits.ipv6_ip ? "[" : "",
3263	conn->host.name,
3264	conn->bits.ipv6_ip ? "]" : "");
3265	if(!hostname_to_match)
3266	return CURLE_OUT_OF_MEMORY;
3267	hostname_to_match_len = strlen(hostname_to_match);
3268	host_match = strncasecompare(ptr, hostname_to_match,
3269	hostname_to_match_len);
3270	free(hostname_to_match);
3271	ptr += hostname_to_match_len;
3272
3273	host_match = host_match && *ptr == `':'`;
3274	ptr++;
3275	}
3276
3277	if(host_match) {
3278	if(*ptr == `':'`) {
3279	/ an empty port always matches /
3280	port_match = TRUE;
3281	ptr++;
3282	}
3283	else {
3284	/ check whether the URL's port matches /
3285	char *ptr_next = strchr(ptr, `':'`);
3286	if(ptr_next) {
3287	char *endp = NULL;
3288	long port_to_match = strtol(ptr, &endp, `10`);
3289	if((endp == ptr_next) && (port_to_match == conn->remote_port)) {
3290	port_match = TRUE;
3291	ptr = ptr_next + `1`;
3292	}
3293	}
3294	}
3295	}
3296
3297	if(host_match && port_match) {
3298	/ parse the hostname and port to connect to /
3299	result = parse_connect_to_host_port(data, ptr, host_result, port_result);
3300	}
3301
3302	return result;
3303	}
3304
3305	/*
3306	* Processes all strings in the "connect to" slist, and uses the "connect
3307	* to host" and "connect to port" of the first string that matches.
3308	*/
3309	static CURLcode parse_connect_to_slist(struct Curl_easy *data,
3310	struct connectdata *conn,
3311	struct curl_slist *conn_to_host)
3312	{
3313	CURLcode result = CURLE_OK;
3314	char *host = NULL;
3315	int port = -`1`;
3316
3317	while(conn_to_host && !host && port == -`1`) {
3318	result = parse_connect_to_string(data, conn, conn_to_host->data,
3319	&host, &port);
3320	if(result)
3321	return result;
3322
3323	if(host && *host) {
3324	conn->conn_to_host.rawalloc = host;
3325	conn->conn_to_host.name = host;
3326	conn->bits.conn_to_host = TRUE;
3327
3328	infof(data, "Connecting to hostname: %s", host);
3329	}
3330	else {
3331	/ no "connect to host" /
3332	conn->bits.conn_to_host = FALSE;
3333	Curl_safefree(host);
3334	}
3335
3336	if(port >= `0`) {
3337	conn->conn_to_port = port;
3338	conn->bits.conn_to_port = TRUE;
3339	infof(data, "Connecting to port: %d", port);
3340	}
3341	else {
3342	/ no "connect to port" /
3343	conn->bits.conn_to_port = FALSE;
3344	port = -`1`;
3345	}
3346
3347	conn_to_host = conn_to_host->next;
3348	}
3349
3350	#ifndef CURL_DISABLE_ALTSVC
3351	if(data->asi && !host && (port == -`1`) &&
3352	((conn->handler->protocol == CURLPROTO_HTTPS) \|\|
3353	#ifdef CURLDEBUG
3354	/ allow debug builds to circumvent the HTTPS restriction /
3355	getenv("CURL_ALTSVC_HTTP")
3356	#else
3357	`0`
3358	#endif
3359	)) {
3360	/ no connect_to match, try alt-svc! /
3361	enum alpnid srcalpnid;
3362	bool hit;
3363	struct altsvc *as;
3364	const int allowed_versions = ( ALPN_h1
3365	#ifdef USE_HTTP2
3366	\| ALPN_h2
3367	#endif
3368	#ifdef ENABLE_QUIC
3369	\| ALPN_h3
3370	#endif
3371	) & data->asi->flags;
3372
3373	host = conn->host.rawalloc;
3374	#ifdef USE_HTTP2
3375	/ with h2 support, check that first /
3376	srcalpnid = ALPN_h2;
3377	hit = Curl_altsvc_lookup(data->asi,
3378	srcalpnid, host, conn->remote_port, / from /
3379	&as / to /,
3380	allowed_versions);
3381	if(!hit)
3382	#endif
3383	{
3384	srcalpnid = ALPN_h1;
3385	hit = Curl_altsvc_lookup(data->asi,
3386	srcalpnid, host, conn->remote_port, / from /
3387	&as / to /,
3388	allowed_versions);
3389	}
3390	if(hit) {
3391	char hostd = strdup((char* *)as->dst.host);
3392	if(!hostd)
3393	return CURLE_OUT_OF_MEMORY;
3394	conn->conn_to_host.rawalloc = hostd;
3395	conn->conn_to_host.name = hostd;
3396	conn->bits.conn_to_host = TRUE;
3397	conn->conn_to_port = as->dst.port;
3398	conn->bits.conn_to_port = TRUE;
3399	conn->bits.altused = TRUE;
3400	infof(data, "Alt-svc connecting from [%s]%s:%d to [%s]%s:%d",
3401	Curl_alpnid2str(srcalpnid), host, conn->remote_port,
3402	Curl_alpnid2str(as->dst.alpnid), hostd, as->dst.port);
3403	if(srcalpnid != as->dst.alpnid) {
3404	/ protocol version switch /
3405	switch(as->dst.alpnid) {
3406	case ALPN_h1:
3407	conn->httpversion = `11`;
3408	break;
3409	case ALPN_h2:
3410	conn->httpversion = `20`;
3411	break;
3412	case ALPN_h3:
3413	conn->transport = TRNSPRT_QUIC;
3414	conn->httpversion = `30`;
3415	break;
3416	default: / shouldn't be possible /
3417	break;
3418	}
3419	}
3420	}
3421	}
3422	#endif
3423
3424	return result;
3425	}
3426
3427	#ifdef USE_UNIX_SOCKETS
3428	static CURLcode resolve_unix(struct Curl_easy *data,
3429	struct connectdata *conn,
3430	char *unix_path)
3431	{
3432	struct Curl_dns_entry *hostaddr = NULL;
3433	bool longpath = FALSE;
3434
3435	DEBUGASSERT(unix_path);
3436	DEBUGASSERT(conn->dns_entry == NULL);
3437
3438	/ Unix domain sockets are local. The host gets ignored, just use the*
3439	* specified domain socket address. Do not cache "DNS entries". There is
3440	* no DNS involved and we already have the filesystem path available. */
3441	hostaddr = calloc(`1`, sizeof(struct Curl_dns_entry));
3442	if(!hostaddr)
3443	return CURLE_OUT_OF_MEMORY;
3444
3445	hostaddr->addr = Curl_unix2addr(unix_path, &longpath,
3446	conn->bits.abstract_unix_socket);
3447	if(!hostaddr->addr) {
3448	if(longpath)
3449	/ Long paths are not supported for now /
3450	failf(data, "Unix socket path too long: '%s'", unix_path);
3451	free(hostaddr);
3452	return longpath ? CURLE_COULDNT_RESOLVE_HOST : CURLE_OUT_OF_MEMORY;
3453	}
3454
3455	hostaddr->inuse++;
3456	conn->dns_entry = hostaddr;
3457	return CURLE_OK;
3458	}
3459	#endif
3460
3461	#ifndef CURL_DISABLE_PROXY
3462	static CURLcode resolve_proxy(struct Curl_easy *data,
3463	struct connectdata *conn,
3464	bool *async)
3465	{
3466	struct Curl_dns_entry *hostaddr = NULL;
3467	struct hostname *host;
3468	timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
3469	int rc;
3470
3471	DEBUGASSERT(conn->dns_entry == NULL);
3472
3473	host = conn->bits.socksproxy ? &conn->socks_proxy.host :
3474	&conn->http_proxy.host;
3475
3476	conn->hostname_resolve = strdup(host->name);
3477	if(!conn->hostname_resolve)
3478	return CURLE_OUT_OF_MEMORY;
3479
3480	rc = Curl_resolv_timeout(data, conn->hostname_resolve, (int)conn->port,
3481	&hostaddr, timeout_ms);
3482	conn->dns_entry = hostaddr;
3483	if(rc == CURLRESOLV_PENDING)
3484	*async = TRUE;
3485	else if(rc == CURLRESOLV_TIMEDOUT)
3486	return CURLE_OPERATION_TIMEDOUT;
3487	else if(!hostaddr) {
3488	failf(data, "Couldn't resolve proxy '%s'", host->dispname);
3489	return CURLE_COULDNT_RESOLVE_PROXY;
3490	}
3491
3492	return CURLE_OK;
3493	}
3494	#endif
3495
3496	static CURLcode resolve_ip(struct Curl_easy *data,
3497	struct connectdata *conn,
3498	bool *async)
3499	{
3500	struct Curl_dns_entry *hostaddr = NULL;
3501	struct hostname *connhost;
3502	timediff_t timeout_ms = Curl_timeleft(data, NULL, TRUE);
3503	int rc;
3504
3505	DEBUGASSERT(conn->dns_entry == NULL);
3506
3507	connhost = conn->bits.conn_to_host ? &conn->conn_to_host : &conn->host;
3508
3509	/ If not connecting via a proxy, extract the port from the URL, if it is*
3510	* there, thus overriding any defaults that might have been set above. */
3511	conn->port = conn->bits.conn_to_port ? conn->conn_to_port :
3512	conn->remote_port;
3513
3514	/ Resolve target host right on /
3515	conn->hostname_resolve = strdup(connhost->name);
3516	if(!conn->hostname_resolve)
3517	return CURLE_OUT_OF_MEMORY;
3518
3519	rc = Curl_resolv_timeout(data, conn->hostname_resolve, (int)conn->port,
3520	&hostaddr, timeout_ms);
3521	conn->dns_entry = hostaddr;
3522	if(rc == CURLRESOLV_PENDING)
3523	*async = TRUE;
3524	else if(rc == CURLRESOLV_TIMEDOUT) {
3525	failf(data, "Failed to resolve host '%s' with timeout after %ld ms",
3526	connhost->dispname,
3527	Curl_timediff(Curl_now(), data->progress.t_startsingle));
3528	return CURLE_OPERATION_TIMEDOUT;
3529	}
3530	else if(!hostaddr) {
3531	failf(data, "Could not resolve host: %s", connhost->dispname);
3532	return CURLE_COULDNT_RESOLVE_HOST;
3533	}
3534
3535	return CURLE_OK;
3536	}
3537
3538	/ Perform a fresh resolve /
3539	static CURLcode resolve_fresh(struct Curl_easy *data,
3540	struct connectdata *conn,
3541	bool *async)
3542	{
3543	#ifdef USE_UNIX_SOCKETS
3544	char *unix_path = conn->unix_domain_socket;
3545
3546	#ifndef CURL_DISABLE_PROXY
3547	if(!unix_path && conn->socks_proxy.host.name &&
3548	!strncmp(UNIX_SOCKET_PREFIX"/",
3549	conn->socks_proxy.host.name, sizeof(UNIX_SOCKET_PREFIX)))
3550	unix_path = conn->socks_proxy.host.name + sizeof(UNIX_SOCKET_PREFIX) - `1`;
3551	#endif
3552
3553	if(unix_path) {
3554	conn->transport = TRNSPRT_UNIX;
3555	return resolve_unix(data, conn, unix_path);
3556	}
3557	#endif
3558
3559	#ifndef CURL_DISABLE_PROXY
3560	if(CONN_IS_PROXIED(conn))
3561	return resolve_proxy(data, conn, async);
3562	#endif
3563
3564	return resolve_ip(data, conn, async);
3565	}
3566
3567	/*************************************************************
3568	* Resolve the address of the server or proxy
3569	*************************************************************/
3570	static CURLcode resolve_server(struct Curl_easy *data,
3571	struct connectdata *conn,
3572	bool *async)
3573	{
3574	DEBUGASSERT(conn);
3575	DEBUGASSERT(data);
3576
3577	/ Resolve the name of the server or proxy /
3578	if(conn->bits.reuse) {
3579	/ We're reusing the connection - no need to resolve anything, and*
3580	idnconvert_hostname() was called already in create_conn() for the re-use
3581	case. /*
3582	*async = FALSE;
3583	return CURLE_OK;
3584	}
3585
3586	return resolve_fresh(data, conn, async);
3587	}
3588
3589	/*
3590	* Cleanup the connection just allocated before we can move along and use the
3591	* previously existing one. All relevant data is copied over and old_conn is
3592	* ready for freeing once this function returns.
3593	*/
3594	static void reuse_conn(struct Curl_easy *data,
3595	struct connectdata *old_conn,
3596	struct connectdata *conn)
3597	{
3598	/ 'local_ip' and 'local_port' get filled with local's numerical*
3599	ip address and port number whenever an outgoing connection is
3600	established from the primary socket to a remote address. */
3601	char local_ip[MAX_IPADR_LEN] = "";
3602	int local_port = -`1`;
3603
3604	/ get the user+password information from the old_conn struct since it may*
3605	* be new for this request even when we re-use an existing connection */
3606	if(old_conn->user) {
3607	/ use the new user name and password though /
3608	Curl_safefree(conn->user);
3609	Curl_safefree(conn->passwd);
3610	conn->user = old_conn->user;
3611	conn->passwd = old_conn->passwd;
3612	old_conn->user = NULL;
3613	old_conn->passwd = NULL;
3614	}
3615
3616	#ifndef CURL_DISABLE_PROXY
3617	conn->bits.proxy_user_passwd = old_conn->bits.proxy_user_passwd;
3618	if(conn->bits.proxy_user_passwd) {
3619	/ use the new proxy user name and proxy password though /
3620	Curl_safefree(conn->http_proxy.user);
3621	Curl_safefree(conn->socks_proxy.user);
3622	Curl_safefree(conn->http_proxy.passwd);
3623	Curl_safefree(conn->socks_proxy.passwd);
3624	conn->http_proxy.user = old_conn->http_proxy.user;
3625	conn->socks_proxy.user = old_conn->socks_proxy.user;
3626	conn->http_proxy.passwd = old_conn->http_proxy.passwd;
3627	conn->socks_proxy.passwd = old_conn->socks_proxy.passwd;
3628	old_conn->http_proxy.user = NULL;
3629	old_conn->socks_proxy.user = NULL;
3630	old_conn->http_proxy.passwd = NULL;
3631	old_conn->socks_proxy.passwd = NULL;
3632	}
3633	#endif
3634
3635	Curl_free_idnconverted_hostname(&conn->host);
3636	Curl_free_idnconverted_hostname(&conn->conn_to_host);
3637	Curl_safefree(conn->host.rawalloc);
3638	Curl_safefree(conn->conn_to_host.rawalloc);
3639	conn->host = old_conn->host;
3640	old_conn->host.rawalloc = NULL;
3641	old_conn->host.encalloc = NULL;
3642	conn->conn_to_host = old_conn->conn_to_host;
3643	old_conn->conn_to_host.rawalloc = NULL;
3644	conn->conn_to_port = old_conn->conn_to_port;
3645	conn->remote_port = old_conn->remote_port;
3646	Curl_safefree(conn->hostname_resolve);
3647
3648	conn->hostname_resolve = old_conn->hostname_resolve;
3649	old_conn->hostname_resolve = NULL;
3650
3651	/ persist connection info in session handle /
3652	if(conn->transport == TRNSPRT_TCP) {
3653	Curl_conninfo_local(data, conn->sock[FIRSTSOCKET],
3654	local_ip, &local_port);
3655	}
3656	Curl_persistconninfo(data, conn, local_ip, local_port);
3657
3658	conn_reset_all_postponed_data(old_conn); / free buffers /
3659
3660	/ re-use init /
3661	conn->bits.reuse = TRUE; / yes, we're re-using here /
3662
3663	conn_free(old_conn);
3664	}
3665
3666	/**
3667	* create_conn() sets up a new connectdata struct, or re-uses an already
3668	* existing one, and resolves host name.
3669	*
3670	* if this function returns CURLE_OK and *async is set to TRUE, the resolve
3671	* response will be coming asynchronously. If *async is FALSE, the name is
3672	* already resolved.
3673	*
3674	* @param data The sessionhandle pointer
3675	* @param in_connect is set to the next connection data pointer
3676	* @param async is set TRUE when an async DNS resolution is pending
3677	* @see Curl_setup_conn()
3678	*
3679	*/
3680
3681	static CURLcode create_conn(struct Curl_easy *data,
3682	struct connectdata **in_connect,
3683	bool *async)
3684	{
3685	CURLcode result = CURLE_OK;
3686	struct connectdata *conn;
3687	struct connectdata *conn_temp = NULL;
3688	bool reuse;
3689	bool connections_available = TRUE;
3690	bool force_reuse = FALSE;
3691	bool waitpipe = FALSE;
3692	size_t max_host_connections = Curl_multi_max_host_connections(data->multi);
3693	size_t max_total_connections = Curl_multi_max_total_connections(data->multi);
3694
3695	*async = FALSE;
3696	*in_connect = NULL;
3697
3698	/*************************************************************
3699	* Check input data
3700	*************************************************************/
3701	if(!data->state.url) {
3702	result = CURLE_URL_MALFORMAT;
3703	goto out;
3704	}
3705
3706	/ First, split up the current URL in parts so that we can use the*
3707	parts for checking against the already present connections. In order
3708	to not have to modify everything at once, we allocate a temporary
3709	connection data struct and fill in for comparison purposes. /*
3710	conn = allocate_conn(data);
3711
3712	if(!conn) {
3713	result = CURLE_OUT_OF_MEMORY;
3714	goto out;
3715	}
3716
3717	/ We must set the return variable as soon as possible, so that our*
3718	parent can cleanup any possible allocs we may have done before
3719	any failure /*
3720	*in_connect = conn;
3721
3722	result = parseurlandfillconn(data, conn);
3723	if(result)
3724	goto out;
3725
3726	if(data->set.str[STRING_SASL_AUTHZID]) {
3727	conn->sasl_authzid = strdup(data->set.str[STRING_SASL_AUTHZID]);
3728	if(!conn->sasl_authzid) {
3729	result = CURLE_OUT_OF_MEMORY;
3730	goto out;
3731	}
3732	}
3733
3734	if(data->set.str[STRING_BEARER]) {
3735	conn->oauth_bearer = strdup(data->set.str[STRING_BEARER]);
3736	if(!conn->oauth_bearer) {
3737	result = CURLE_OUT_OF_MEMORY;
3738	goto out;
3739	}
3740	}
3741
3742	#ifdef USE_UNIX_SOCKETS
3743	if(data->set.str[STRING_UNIX_SOCKET_PATH]) {
3744	conn->unix_domain_socket = strdup(data->set.str[STRING_UNIX_SOCKET_PATH]);
3745	if(!conn->unix_domain_socket) {
3746	result = CURLE_OUT_OF_MEMORY;
3747	goto out;
3748	}
3749	conn->bits.abstract_unix_socket = data->set.abstract_unix_socket;
3750	}
3751	#endif
3752
3753	/ After the unix socket init but before the proxy vars are used, parse and*
3754	initialize the proxy vars /*
3755	#ifndef CURL_DISABLE_PROXY
3756	result = create_conn_helper_init_proxy(data, conn);
3757	if(result)
3758	goto out;
3759
3760	/*************************************************************
3761	* If the protocol is using SSL and HTTP proxy is used, we set
3762	* the tunnel_proxy bit.
3763	*************************************************************/
3764	if((conn->given->flags&PROTOPT_SSL) && conn->bits.httpproxy)
3765	conn->bits.tunnel_proxy = TRUE;
3766	#endif
3767
3768	/*************************************************************
3769	* Figure out the remote port number and fix it in the URL
3770	*************************************************************/
3771	result = parse_remote_port(data, conn);
3772	if(result)
3773	goto out;
3774
3775	/ Check for overridden login details and set them accordingly so that*
3776	they are known when protocol->setup_connection is called! /*
3777	result = override_login(data, conn);
3778	if(result)
3779	goto out;
3780
3781	result = set_login(data, conn); / default credentials /
3782	if(result)
3783	goto out;
3784
3785	/*************************************************************
3786	* Process the "connect to" linked list of hostname/port mappings.
3787	* Do this after the remote port number has been fixed in the URL.
3788	*************************************************************/
3789	result = parse_connect_to_slist(data, conn, data->set.connect_to);
3790	if(result)
3791	goto out;
3792
3793	/*************************************************************
3794	* IDN-convert the hostnames
3795	*************************************************************/
3796	result = Curl_idnconvert_hostname(data, &conn->host);
3797	if(result)
3798	goto out;
3799	if(conn->bits.conn_to_host) {
3800	result = Curl_idnconvert_hostname(data, &conn->conn_to_host);
3801	if(result)
3802	goto out;
3803	}
3804	#ifndef CURL_DISABLE_PROXY
3805	if(conn->bits.httpproxy) {
3806	result = Curl_idnconvert_hostname(data, &conn->http_proxy.host);
3807	if(result)
3808	goto out;
3809	}
3810	if(conn->bits.socksproxy) {
3811	result = Curl_idnconvert_hostname(data, &conn->socks_proxy.host);
3812	if(result)
3813	goto out;
3814	}
3815	#endif
3816
3817	/*************************************************************
3818	* Check whether the host and the "connect to host" are equal.
3819	* Do this after the hostnames have been IDN-converted.
3820	*************************************************************/
3821	if(conn->bits.conn_to_host &&
3822	strcasecompare(conn->conn_to_host.name, conn->host.name)) {
3823	conn->bits.conn_to_host = FALSE;
3824	}
3825
3826	/*************************************************************
3827	* Check whether the port and the "connect to port" are equal.
3828	* Do this after the remote port number has been fixed in the URL.
3829	*************************************************************/
3830	if(conn->bits.conn_to_port && conn->conn_to_port == conn->remote_port) {
3831	conn->bits.conn_to_port = FALSE;
3832	}
3833
3834	#ifndef CURL_DISABLE_PROXY
3835	/*************************************************************
3836	* If the "connect to" feature is used with an HTTP proxy,
3837	* we set the tunnel_proxy bit.
3838	*************************************************************/
3839	if((conn->bits.conn_to_host \|\| conn->bits.conn_to_port) &&
3840	conn->bits.httpproxy)
3841	conn->bits.tunnel_proxy = TRUE;
3842	#endif
3843
3844	/*************************************************************
3845	* Setup internals depending on protocol. Needs to be done after
3846	* we figured out what/if proxy to use.
3847	*************************************************************/
3848	result = setup_connection_internals(data, conn);
3849	if(result)
3850	goto out;
3851
3852	conn->recv[FIRSTSOCKET] = Curl_recv_plain;
3853	conn->send[FIRSTSOCKET] = Curl_send_plain;
3854	conn->recv[SECONDARYSOCKET] = Curl_recv_plain;
3855	conn->send[SECONDARYSOCKET] = Curl_send_plain;
3856
3857	conn->bits.tcp_fastopen = data->set.tcp_fastopen;
3858
3859	/***********************************************************************
3860	* file: is a special case in that it doesn't need a network connection
3861	***********************************************************************/
3862	#ifndef CURL_DISABLE_FILE
3863	if(conn->handler->flags & PROTOPT_NONETWORK) {
3864	bool done;
3865	/ this is supposed to be the connect function so we better at least check*
3866	that the file is present here! /*
3867	DEBUGASSERT(conn->handler->connect_it);
3868	Curl_persistconninfo(data, conn, NULL, -`1`);
3869	result = conn->handler->connect_it(data, &done);
3870
3871	/ Setup a "faked" transfer that'll do nothing /
3872	if(!result) {
3873	conn->bits.tcpconnect[FIRSTSOCKET] = TRUE; / we are "connected /
3874
3875	Curl_attach_connection(data, conn);
3876	result = Curl_conncache_add_conn(data);
3877	if(result)
3878	goto out;
3879
3880	/*
3881	* Setup whatever necessary for a resumed transfer
3882	*/
3883	result = setup_range(data);
3884	if(result) {
3885	DEBUGASSERT(conn->handler->done);
3886	/ we ignore the return code for the protocol-specific DONE /
3887	(void)conn->handler->done(data, result, FALSE);
3888	goto out;
3889	}
3890	Curl_setup_transfer(data, -`1`, -`1`, FALSE, -`1`);
3891	}
3892
3893	/ since we skip do_init() /
3894	Curl_init_do(data, conn);
3895
3896	goto out;
3897	}
3898	#endif
3899
3900	/ Get a cloned copy of the SSL config situation stored in the*
3901	connection struct. But to get this going nicely, we must first make
3902	sure that the strings in the master copy are pointing to the correct
3903	strings in the session handle strings array!
3904
3905	Keep in mind that the pointers in the master copy are pointing to strings
3906	that will be freed as part of the Curl_easy struct, but all cloned
3907	copies will be separately allocated.
3908	*/
3909	data->set.ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH];
3910	data->set.ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE];
3911	data->set.ssl.primary.issuercert = data->set.str[STRING_SSL_ISSUERCERT];
3912	data->set.ssl.primary.issuercert_blob = data->set.blobs[BLOB_SSL_ISSUERCERT];
3913	data->set.ssl.primary.cipher_list =
3914	data->set.str[STRING_SSL_CIPHER_LIST];
3915	data->set.ssl.primary.cipher_list13 =
3916	data->set.str[STRING_SSL_CIPHER13_LIST];
3917	data->set.ssl.primary.pinned_key =
3918	data->set.str[STRING_SSL_PINNEDPUBLICKEY];
3919	data->set.ssl.primary.cert_blob = data->set.blobs[BLOB_CERT];
3920	data->set.ssl.primary.ca_info_blob = data->set.blobs[BLOB_CAINFO];
3921	data->set.ssl.primary.curves = data->set.str[STRING_SSL_EC_CURVES];
3922
3923	#ifndef CURL_DISABLE_PROXY
3924	data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY];
3925	data->set.proxy_ssl.primary.CAfile = data->set.str[STRING_SSL_CAFILE_PROXY];
3926	data->set.proxy_ssl.primary.cipher_list =
3927	data->set.str[STRING_SSL_CIPHER_LIST_PROXY];
3928	data->set.proxy_ssl.primary.cipher_list13 =
3929	data->set.str[STRING_SSL_CIPHER13_LIST_PROXY];
3930	data->set.proxy_ssl.primary.pinned_key =
3931	data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY];
3932	data->set.proxy_ssl.primary.cert_blob = data->set.blobs[BLOB_CERT_PROXY];
3933	data->set.proxy_ssl.primary.ca_info_blob =
3934	data->set.blobs[BLOB_CAINFO_PROXY];
3935	data->set.proxy_ssl.primary.issuercert =
3936	data->set.str[STRING_SSL_ISSUERCERT_PROXY];
3937	data->set.proxy_ssl.primary.issuercert_blob =
3938	data->set.blobs[BLOB_SSL_ISSUERCERT_PROXY];
3939	data->set.proxy_ssl.primary.CRLfile =
3940	data->set.str[STRING_SSL_CRLFILE_PROXY];
3941	data->set.proxy_ssl.cert_type = data->set.str[STRING_CERT_TYPE_PROXY];
3942	data->set.proxy_ssl.key = data->set.str[STRING_KEY_PROXY];
3943	data->set.proxy_ssl.key_type = data->set.str[STRING_KEY_TYPE_PROXY];
3944	data->set.proxy_ssl.key_passwd = data->set.str[STRING_KEY_PASSWD_PROXY];
3945	data->set.proxy_ssl.primary.clientcert = data->set.str[STRING_CERT_PROXY];
3946	data->set.proxy_ssl.key_blob = data->set.blobs[BLOB_KEY_PROXY];
3947	#endif
3948	data->set.ssl.primary.CRLfile = data->set.str[STRING_SSL_CRLFILE];
3949	data->set.ssl.cert_type = data->set.str[STRING_CERT_TYPE];
3950	data->set.ssl.key = data->set.str[STRING_KEY];
3951	data->set.ssl.key_type = data->set.str[STRING_KEY_TYPE];
3952	data->set.ssl.key_passwd = data->set.str[STRING_KEY_PASSWD];
3953	data->set.ssl.primary.clientcert = data->set.str[STRING_CERT];
3954	#ifdef USE_TLS_SRP
3955	data->set.ssl.primary.username = data->set.str[STRING_TLSAUTH_USERNAME];
3956	data->set.ssl.primary.password = data->set.str[STRING_TLSAUTH_PASSWORD];
3957	#ifndef CURL_DISABLE_PROXY
3958	data->set.proxy_ssl.primary.username =
3959	data->set.str[STRING_TLSAUTH_USERNAME_PROXY];
3960	data->set.proxy_ssl.primary.password =
3961	data->set.str[STRING_TLSAUTH_PASSWORD_PROXY];
3962	#endif
3963	#endif
3964	data->set.ssl.key_blob = data->set.blobs[BLOB_KEY];
3965
3966	if(!Curl_clone_primary_ssl_config(&data->set.ssl.primary,
3967	&conn->ssl_config)) {
3968	result = CURLE_OUT_OF_MEMORY;
3969	goto out;
3970	}
3971
3972	#ifndef CURL_DISABLE_PROXY
3973	if(!Curl_clone_primary_ssl_config(&data->set.proxy_ssl.primary,
3974	&conn->proxy_ssl_config)) {
3975	result = CURLE_OUT_OF_MEMORY;
3976	goto out;
3977	}
3978	#endif
3979
3980	prune_dead_connections(data);
3981
3982	/*************************************************************
3983	* Check the current list of connections to see if we can
3984	* re-use an already existing one or if we have to create a
3985	* new one.
3986	*************************************************************/
3987
3988	DEBUGASSERT(conn->user);
3989	DEBUGASSERT(conn->passwd);
3990
3991	/ reuse_fresh is TRUE if we are told to use a new connection by force, but*
3992	we only acknowledge this option if this is not a re-used connection
3993	already (which happens due to follow-location or during a HTTP
3994	authentication phase). CONNECT_ONLY transfers also refuse reuse. /*
3995	if((data->set.reuse_fresh && !data->state.this_is_a_follow) \|\|
3996	data->set.connect_only)
3997	reuse = FALSE;
3998	else
3999	reuse = ConnectionExists(data, conn, &conn_temp, &force_reuse, &waitpipe);
4000
4001	if(reuse) {
4002	/*
4003	* We already have a connection for this, we got the former connection in
4004	* the conn_temp variable and thus we need to cleanup the one we just
4005	* allocated before we can move along and use the previously existing one.
4006	*/
4007	reuse_conn(data, conn, conn_temp);
4008	conn = conn_temp;
4009	*in_connect = conn;
4010
4011	#ifndef CURL_DISABLE_PROXY
4012	infof(data, "Re-using existing connection #%ld with %s %s",
4013	conn->connection_id,
4014	conn->bits.proxy?"proxy":"host",
4015	conn->socks_proxy.host.name ? conn->socks_proxy.host.dispname :
4016	conn->http_proxy.host.name ? conn->http_proxy.host.dispname :
4017	conn->host.dispname);
4018	#else
4019	infof(data, "Re-using existing connection #%ld with host %s",
4020	conn->connection_id, conn->host.dispname);
4021	#endif
4022	}
4023	else {
4024	/ We have decided that we want a new connection. However, we may not*
4025	be able to do that if we have reached the limit of how many
4026	connections we are allowed to open. /*
4027
4028	if(conn->handler->flags & PROTOPT_ALPN_NPN) {
4029	/ The protocol wants it, so set the bits if enabled in the easy handle*
4030	(default) /*
4031	if(data->set.ssl_enable_alpn)
4032	conn->bits.tls_enable_alpn = TRUE;
4033	if(data->set.ssl_enable_npn)
4034	conn->bits.tls_enable_npn = TRUE;
4035	}
4036
4037	if(waitpipe)
4038	/ There is a connection that might become usable for multiplexing*
4039	"soon", and we wait for that /*
4040	connections_available = FALSE;
4041	else {
4042	/ this gets a lock on the conncache /
4043	struct connectbundle *bundle =
4044	Curl_conncache_find_bundle(data, conn, data->state.conn_cache);
4045
4046	if(max_host_connections > `0` && bundle &&
4047	(bundle->num_connections >= max_host_connections)) {
4048	struct connectdata *conn_candidate;
4049
4050	/ The bundle is full. Extract the oldest connection. /
4051	conn_candidate = Curl_conncache_extract_bundle(data, bundle);
4052	CONNCACHE_UNLOCK(data);
4053
4054	if(conn_candidate)
4055	Curl_disconnect(data, conn_candidate, FALSE);
4056	else {
4057	infof(data, "No more connections allowed to host: %zu",
4058	max_host_connections);
4059	connections_available = FALSE;
4060	}
4061	}
4062	else
4063	CONNCACHE_UNLOCK(data);
4064
4065	}
4066
4067	if(connections_available &&
4068	(max_total_connections > `0`) &&
4069	(Curl_conncache_size(data) >= max_total_connections)) {
4070	struct connectdata *conn_candidate;
4071
4072	/ The cache is full. Let's see if we can kill a connection. /
4073	conn_candidate = Curl_conncache_extract_oldest(data);
4074	if(conn_candidate)
4075	Curl_disconnect(data, conn_candidate, FALSE);
4076	else {
4077	infof(data, "No connections available in cache");
4078	connections_available = FALSE;
4079	}
4080	}
4081
4082	if(!connections_available) {
4083	infof(data, "No connections available.");
4084
4085	conn_free(conn);
4086	*in_connect = NULL;
4087
4088	result = CURLE_NO_CONNECTION_AVAILABLE;
4089	goto out;
4090	}
4091	else {
4092	/*
4093	* This is a brand new connection, so let's store it in the connection
4094	* cache of ours!
4095	*/
4096	Curl_attach_connection(data, conn);
4097	result = Curl_conncache_add_conn(data);
4098	if(result)
4099	goto out;
4100	}
4101
4102	#if defined(USE_NTLM)
4103	/ If NTLM is requested in a part of this connection, make sure we don't*
4104	assume the state is fine as this is a fresh connection and NTLM is
4105	connection based. /*
4106	if((data->state.authhost.picked & (CURLAUTH_NTLM \| CURLAUTH_NTLM_WB)) &&
4107	data->state.authhost.done) {
4108	infof(data, "NTLM picked AND auth done set, clear picked");
4109	data->state.authhost.picked = CURLAUTH_NONE;
4110	data->state.authhost.done = FALSE;
4111	}
4112
4113	if((data->state.authproxy.picked & (CURLAUTH_NTLM \| CURLAUTH_NTLM_WB)) &&
4114	data->state.authproxy.done) {
4115	infof(data, "NTLM-proxy picked AND auth done set, clear picked");
4116	data->state.authproxy.picked = CURLAUTH_NONE;
4117	data->state.authproxy.done = FALSE;
4118	}
4119	#endif
4120	}
4121
4122	/ Setup and init stuff before DO starts, in preparing for the transfer. /
4123	Curl_init_do(data, conn);
4124
4125	/*
4126	* Setup whatever necessary for a resumed transfer
4127	*/
4128	result = setup_range(data);
4129	if(result)
4130	goto out;
4131
4132	/ Continue connectdata initialization here. /
4133
4134	/*
4135	* Inherit the proper values from the urldata struct AFTER we have arranged
4136	* the persistent connection stuff
4137	*/
4138	conn->seek_func = data->set.seek_func;
4139	conn->seek_client = data->set.seek_client;
4140
4141	/*************************************************************
4142	* Resolve the address of the server or proxy
4143	*************************************************************/
4144	result = resolve_server(data, conn, async);
4145
4146	out:
4147	return result;
4148	}
4149
4150	/ Curl_setup_conn() is called after the name resolve initiated in*
4151	* create_conn() is all done.
4152	*
4153	* Curl_setup_conn() also handles reused connections
4154	*/
4155	CURLcode Curl_setup_conn(struct Curl_easy *data,
4156	bool *protocol_done)
4157	{
4158	CURLcode result = CURLE_OK;
4159	struct connectdata *conn = data->conn;
4160
4161	Curl_pgrsTime(data, TIMER_NAMELOOKUP);
4162
4163	if(conn->handler->flags & PROTOPT_NONETWORK) {
4164	/ nothing to setup when not using a network /
4165	*protocol_done = TRUE;
4166	return result;
4167	}
4168	protocol_done = FALSE; /* default to not done /
4169
4170	#ifndef CURL_DISABLE_PROXY
4171	/ set proxy_connect_closed to false unconditionally already here since it*
4172	is used strictly to provide extra information to a parent function in the
4173	case of proxy CONNECT failures and we must make sure we don't have it
4174	lingering set from a previous invoke /*
4175	conn->bits.proxy_connect_closed = FALSE;
4176	#endif
4177
4178	#ifdef CURL_DO_LINEEND_CONV
4179	data->state.crlf_conversions = `0`; / reset CRLF conversion counter /
4180	#endif /* CURL_DO_LINEEND_CONV */
4181
4182	/ set start time here for timeout purposes in the connect procedure, it*
4183	is later set again for the progress meter purpose /*
4184	conn->now = Curl_now();
4185
4186	if(CURL_SOCKET_BAD == conn->sock[FIRSTSOCKET]) {
4187	conn->bits.tcpconnect[FIRSTSOCKET] = FALSE;
4188	result = Curl_connecthost(data, conn, conn->dns_entry);
4189	if(result)
4190	return result;
4191	}
4192	else {
4193	Curl_pgrsTime(data, TIMER_CONNECT); / we're connected already /
4194	if(conn->ssl[FIRSTSOCKET].use \|\|
4195	(conn->handler->protocol & PROTO_FAMILY_SSH))
4196	Curl_pgrsTime(data, TIMER_APPCONNECT); / we're connected already /
4197	conn->bits.tcpconnect[FIRSTSOCKET] = TRUE;
4198	*protocol_done = TRUE;
4199	Curl_updateconninfo(data, conn, conn->sock[FIRSTSOCKET]);
4200	Curl_verboseconnect(data, conn);
4201	}
4202
4203	conn->now = Curl_now(); / time this after the connect is done, we set*
4204	this here perhaps a second time /*
4205	return result;
4206	}
4207
4208	CURLcode Curl_connect(struct Curl_easy *data,
4209	bool *asyncp,
4210	bool *protocol_done)
4211	{
4212	CURLcode result;
4213	struct connectdata *conn;
4214
4215	asyncp = FALSE; /* assume synchronous resolves by default /
4216
4217	/ init the single-transfer specific data /
4218	Curl_free_request_state(data);
4219	memset(&data->req, `0`, sizeof(struct SingleRequest));
4220	data->req.size = data->req.maxdownload = -`1`;
4221
4222	/ call the stuff that needs to be called /
4223	result = create_conn(data, &conn, asyncp);
4224
4225	if(!result) {
4226	if(CONN_INUSE(conn) > `1`)
4227	/ multiplexed /
4228	*protocol_done = TRUE;
4229	else if(!*asyncp) {
4230	/ DNS resolution is done: that's either because this is a reused*
4231	connection, in which case DNS was unnecessary, or because DNS
4232	really did finish already (synch resolver/fast async resolve) /*
4233	result = Curl_setup_conn(data, protocol_done);
4234	}
4235	}
4236
4237	if(result == CURLE_NO_CONNECTION_AVAILABLE) {
4238	return result;
4239	}
4240	else if(result && conn) {
4241	/ We're not allowed to return failure with memory left allocated in the*
4242	connectdata struct, free those here /*
4243	Curl_detach_connection(data);
4244	Curl_conncache_remove_conn(data, conn, TRUE);
4245	Curl_disconnect(data, conn, TRUE);
4246	}
4247
4248	return result;
4249	}
4250
4251	/*
4252	* Curl_init_do() inits the readwrite session. This is inited each time (in
4253	* the DO function before the protocol-specific DO functions are invoked) for
4254	* a transfer, sometimes multiple times on the same Curl_easy. Make sure
4255	* nothing in here depends on stuff that are setup dynamically for the
4256	* transfer.
4257	*
4258	* Allow this function to get called with 'conn' set to NULL.
4259	*/
4260
4261	CURLcode Curl_init_do(struct Curl_easy data, struct* connectdata *conn)
4262	{
4263	struct SingleRequest *k = &data->req;
4264
4265	/ if this is a pushed stream, we need this: /
4266	CURLcode result = Curl_preconnect(data);
4267	if(result)
4268	return result;
4269
4270	if(conn) {
4271	conn->bits.do_more = FALSE; / by default there's no curl_do_more() to*
4272	use /*
4273	/ if the protocol used doesn't support wildcards, switch it off /
4274	if(data->state.wildcardmatch &&
4275	!(conn->handler->flags & PROTOPT_WILDCARD))
4276	data->state.wildcardmatch = FALSE;
4277	}
4278
4279	data->state.done = FALSE; / _done() is not called yet /*
4280	data->state.expect100header = FALSE;
4281
4282	if(data->set.opt_no_body)
4283	/ in HTTP lingo, no body means using the HEAD request... /
4284	data->state.httpreq = HTTPREQ_HEAD;
4285
4286	k->start = Curl_now(); / start time /
4287	k->now = k->start; / current time is now /
4288	k->header = TRUE; / assume header /
4289	k->bytecount = `0`;
4290	k->ignorebody = FALSE;
4291
4292	Curl_speedinit(data);
4293	Curl_pgrsSetUploadCounter(data, `0`);
4294	Curl_pgrsSetDownloadCounter(data, `0`);
4295
4296	return CURLE_OK;
4297	}
4298

Browse the source code of tensorflow/external/curl/lib/url.c