Clean up after CurlHandler removal (dotnet#42506)

Also fix some stragglers from the netfx and uap handler removals.

Author: stephentoub

Documentation/building/unix-instructions.md

@@ -37,11 +37,10 @@ components
 * libc6-dev
 * libssl-dev
 * libkrb5-dev
-* libcurl4-openssl-dev
 * zlib1g-dev
 
 `sudo apt-get install git clang-9 cmake make libc6-dev libssl-dev libkrb5-dev
-libcurl4-openssl-dev zlib1g-dev`
+zlib1g-dev`
 
 #### Managed build
 

Documentation/project-docs/developer-guide.md

@@ -75,7 +75,7 @@ build /p:BuildNative=false
 build -clean
 ```
 ### Build Native
-The native build produces shims over libc, openssl, gssapi, libcurl and libz.
+The native build produces shims over libc, openssl, gssapi, and libz.
 The build system uses CMake to generate Makefiles using clang.
 The build also uses git for generating some version information.
 

src/System.Net.Http/src/Resources/Strings.resx

@@ -276,12 +276,6 @@
   <data name="net_cookie_attribute" xml:space="preserve">
     <value>The '{0}'='{1}' part of the cookie is invalid.</value>
   </data>
-  <data name="net_http_unix_invalid_credential" xml:space="preserve">
-    <value>The libcurl library in use ({0}) does not support different credentials for different authentication schemes.</value>
-  </data>
-  <data name="net_http_unix_https_support_unavailable_libcurl" xml:space="preserve">
-    <value>The libcurl library in use ({0}) does not support HTTPS.</value>
-  </data>
   <data name="ArgumentOutOfRange_FileLengthTooBig" xml:space="preserve">
     <value>Specified file length was too large for the file system.</value>
   </data>
@@ -390,21 +384,6 @@
   <data name="ObjectDisposed_StreamClosed" xml:space="preserve">
     <value>Cannot access a closed stream.</value>
   </data>
-  <data name="net_http_libcurl_callback_notsupported_sslbackend" xml:space="preserve">
-    <value>The handler does not support custom handling of certificates with this combination of libcurl ({0}) and its SSL backend ("{1}"). An SSL backend based on "{2}" is required. Consider using System.Net.Http.SocketsHttpHandler.</value>
-  </data>
-  <data name="net_http_libcurl_callback_notsupported_os" xml:space="preserve">
-    <value>The handler does not support custom handling of certificates on this operating system. Consider using System.Net.Http.SocketsHttpHandler.</value>
-  </data>
-  <data name="net_http_libcurl_clientcerts_notsupported_sslbackend" xml:space="preserve">
-    <value>The handler does not support client authentication certificates with this combination of libcurl ({0}) and its SSL backend ("{1}"). An SSL backend based on "{2}" is required. Consider using System.Net.Http.SocketsHttpHandler.</value>
-  </data>
-  <data name="net_http_libcurl_clientcerts_notsupported_os" xml:space="preserve">
-    <value>The handler does not support client authentication certificates on this operating system. Consider using System.Net.Http.SocketsHttpHandler.</value>
-  </data>
-  <data name="net_http_libcurl_revocation_notsupported_sslbackend" xml:space="preserve">
-    <value>The handler does not support changing revocation settings with this combination of libcurl ({0}) and its SSL backend ("{1}"). An SSL backend based on "{2}" is required. Consider using System.Net.Http.SocketsHttpHandler.</value>
-  </data>
   <data name="net_http_feature_requires_Windows10Version1607" xml:space="preserve">
     <value>Using this feature requires Windows 10 Version 1607.</value>
   </data>
@@ -543,4 +522,4 @@
   <data name="net_http_invalid_header_name" xml:space="preserve">
     <value>Received an invalid header name: '{0}'.</value>
   </data>
-</root>
+</root>

src/System.Net.Http/src/System/Net/Http/DiagnosticsHandlerLoggingStrings.cs

@@ -5,7 +5,7 @@
 namespace System.Net.Http
 {
     /// <summary>
-    /// Defines names of DiagnosticListener and Write events for WinHttpHandler, CurlHandler, and HttpHandlerToFilter.
+    /// Defines names of DiagnosticListener and Write events for DiagnosticHandler
     /// </summary>
     internal static class DiagnosticsHandlerLoggingStrings
     {

src/System.Net.Http/src/System/Net/Http/HttpClient.cs

@@ -604,8 +604,8 @@ private void HandleFinishSendAsyncCleanup(CancellationTokenSource cts, bool disp
             // left for the finalizer to handle, or the developer can explicitly dispose of the
             // content when they're done with it.  But it allows request content to be reused,
             // and more importantly it enables handlers that allow receiving of the response before
-            // fully sending the request.  Prior to this change, a handler like CurlHandler would
-            // fail trying to access certain sites, if the site sent its response before it had
+            // fully sending the request.  Prior to this change, a handler that supported duplex communication
+            // would fail trying to access certain sites, if the site sent its response before it had
             // completely received the request: CurlHandler might then find that the request content
             // was disposed of while it still needed to read from it.
         }

src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/SocketsHttpHandler.cs

@@ -305,7 +305,7 @@ private HttpMessageHandler SetupHandlerChain()
 
             if (settings._allowAutoRedirect)
             {
-                // Just as with WinHttpHandler and CurlHandler, for security reasons, we do not support authentication on redirects
+                // Just as with WinHttpHandler, for security reasons, we do not support authentication on redirects
                 // if the credential is anything other than a CredentialCache.
                 // We allow credentials in a CredentialCache since they are specifically tied to URIs.
                 HttpMessageHandler redirectHandler =

src/System.Net.Http/tests/FunctionalTests/DiagnosticsTests.cs

@@ -751,14 +751,6 @@ public void SendAsync_ExpectedDiagnosticExceptionActivityLogging()
         [Fact]
         public void SendAsync_ExpectedDiagnosticSynchronousExceptionActivityLogging()
         {
-            if (IsCurlHandler)
-            {
-                // The only way to throw a synchronous exception for CurlHandler through
-                // DiagnosticHandler is when the Request uri scheme is Https, and the
-                // backend doesn't support SSL.
-                return;
-            }
-
             RemoteExecutor.Invoke((useSocketsHttpHandlerString, useHttp2String) =>
             {
                 bool exceptionLogged = false;
@@ -1135,14 +1127,7 @@ public void SendAsync_NullRequest_ThrowsArgumentNullException()
                         // Getting the Task first from the .SendAsync() call also tests
                         // that the exception comes from the async Task path.
                         Task t = handler.SendAsync(null);
-                        if (PlatformDetection.IsInAppContainer)
-                        {
-                            await Assert.ThrowsAsync<HttpRequestException>(() => t);
-                        }
-                        else
-                        {
-                            await Assert.ThrowsAsync<ArgumentNullException>(() => t);
-                        }
+                        await Assert.ThrowsAsync<ArgumentNullException>(() => t);
                     }
                 }
 

src/System.Net.Http/tests/FunctionalTests/HttpClientHandlerTest.AcceptAllCerts.cs

@@ -44,15 +44,6 @@ public async Task SetDelegate_ConnectionSucceeds(SslProtocols acceptedProtocol,
             // Issue: #22089
             requestOnlyThisProtocol |= PlatformDetection.IsMacOsHighSierraOrHigher && acceptedProtocol == SslProtocols.Tls;
 
-            if (PlatformDetection.IsMacOsCatalinaOrHigher && acceptedProtocol == SslProtocols.Tls && IsCurlHandler)
-            {
-                // Issue: #39989
-                // When the server uses SslProtocols.Tls, on MacOS, SecureTransport ends up picking a cipher suite
-                // for TLS1.2, even though server said it was only using TLS1.0. LibreSsl throws error that
-                // wrong cipher is used for TLS1.0.
-                throw new SkipTestException("OSX may pick future cipher suites when asked for TLS1.0");
-            }
-
             using (HttpClientHandler handler = CreateHttpClientHandler())
             using (HttpClient client = CreateHttpClient(handler))
             {

src/System.Net.Http/tests/FunctionalTests/HttpClientHandlerTest.Authentication.cs

@@ -50,11 +50,6 @@ public async Task HttpClientHandler_Authentication_Succeeds(string authenticateH
                 return;
             }
 
-            // Digest authentication does not work with domain credentials on CurlHandler. This is blocked by the behavior of LibCurl.
-            NetworkCredential credentials = (IsCurlHandler && authenticateHeader.ToLowerInvariant().Contains("digest")) ?
-                s_credentialsNoDomain :
-                s_credentials;
-
             var options = new LoopbackServer.Options { Domain = Domain, Username = Username, Password = Password };
             await LoopbackServer.CreateServerAsync(async (server, url) =>
             {
@@ -65,7 +60,7 @@ await LoopbackServer.CreateServerAsync(async (server, url) =>
                     server.AcceptConnectionSendResponseAndCloseAsync(HttpStatusCode.Unauthorized, serverAuthenticateHeader);
 
                 await TestHelper.WhenAllCompletedOrAnyFailedWithTimeout(TestHelper.PassingTestTimeoutMilliseconds,
-                    CreateAndValidateRequest(handler, url, result ? HttpStatusCode.OK : HttpStatusCode.Unauthorized, credentials), serverTask);
+                    CreateAndValidateRequest(handler, url, result ? HttpStatusCode.OK : HttpStatusCode.Unauthorized, s_credentials), serverTask);
             }, options);
         }
 
@@ -90,7 +85,7 @@ public async Task HttpClientHandler_MultipleAuthenticateHeaders_WithSameAuth_Suc
         [InlineData("WWW-Authenticate: Digest realm=\"hello\", nonce=\"hello\", algorithm=MD5\r\nWWW-Authenticate: Basic realm=\"hello\"\r\n")]
         public async Task HttpClientHandler_MultipleAuthenticateHeaders_Succeeds(string authenticateHeader)
         {
-            if (PlatformDetection.IsWindowsNanoServer || (IsCurlHandler && authenticateHeader.Contains("Digest")))
+            if (PlatformDetection.IsWindowsNanoServer)
             {
                 // TODO: #28065: Fix failing authentication test cases on different httpclienthandlers.
                 return;
@@ -110,7 +105,7 @@ await LoopbackServer.CreateServerAsync(async (server, url) =>
         [InlineData("WWW-Authenticate: Basic realm=\"hello\"\r\nWWW-Authenticate: Digest realm=\"hello\", nonce=\"hello\", algorithm=MD5\r\nWWW-Authenticate: NTLM\r\n", "Digest", "Negotiate")]
         public async Task HttpClientHandler_MultipleAuthenticateHeaders_PicksSupported(string authenticateHeader, string supportedAuth, string unsupportedAuth)
         {
-            if (PlatformDetection.IsWindowsNanoServer || (IsCurlHandler && authenticateHeader.Contains("Digest")))
+            if (PlatformDetection.IsWindowsNanoServer)
             {
                 // TODO: #28065: Fix failing authentication test cases on different httpclienthandlers.
                 return;
@@ -159,13 +154,9 @@ public static IEnumerable<object[]> Authentication_TestData()
             yield return new object[] { $"Basic realm=\"testrealm\", " +
                     $"Digest realm=\"testrealm\", nonce=\"{Convert.ToBase64String(Encoding.UTF8.GetBytes($"{DateTimeOffset.UtcNow}:XMh;z+$5|`i6Hx}}"))}\", algorithm=MD5", true };
 
-            if (PlatformDetection.IsNetCore)
-            {
-                // TODO: #28060: Fix failing authentication test cases on Framework run.
-                yield return new object[] { "Basic something, Digest something", false };
-                yield return new object[] { $"Digest realm=\"testrealm\", nonce=\"testnonce\", algorithm=MD5 " +
-                    $"Basic realm=\"testrealm\"", false };
-            }
+            yield return new object[] { "Basic something, Digest something", false };
+            yield return new object[] { $"Digest realm=\"testrealm\", nonce=\"testnonce\", algorithm=MD5 " +
+                $"Basic realm=\"testrealm\"", false };
         }
 
         [Theory]
@@ -177,13 +168,6 @@ public static IEnumerable<object[]> Authentication_TestData()
         [InlineData("Negotiate")]
         public async Task PreAuthenticate_NoPreviousAuthenticatedRequests_NoCredentialsSent(string credCacheScheme)
         {
-            if (IsCurlHandler && credCacheScheme != null)
-            {
-                // When provided with a credential that targets just one auth scheme,
-                // libcurl will often proactively send an auth header.
-                return;
-            }
-
             const int NumRequests = 3;
             await LoopbackServer.CreateClientAndServerAsync(async uri =>
             {
@@ -226,13 +210,6 @@ await LoopbackServer.CreateClientAndServerAsync(async uri =>
         [InlineData("Basic", "WWW-Authenticate: Basic realm=\"hello\"\r\n")]
         public async Task PreAuthenticate_FirstRequestNoHeaderAndAuthenticates_SecondRequestPreauthenticates(string credCacheScheme, string authResponse)
         {
-            if (IsCurlHandler && credCacheScheme != null)
-            {
-                // When provided with a credential that targets just one auth scheme,
-                // libcurl will often proactively send an auth header.
-                return;
-            }
-
             await LoopbackServer.CreateClientAndServerAsync(async uri =>
             {
                 using (HttpClientHandler handler = CreateHttpClientHandler())
@@ -439,13 +416,6 @@ await LoopbackServer.CreateClientAndServerAsync(async uri =>
                 // Third request, contains Basic auth header but challenges anyway
                 headers = headers = await server.AcceptConnectionSendResponseAndCloseAsync(HttpStatusCode.Unauthorized, "WWW-Authenticate: Basic realm=\"hello\"\r\n");
                 Assert.Contains(headers, header => header.Contains("Authorization"));
-
-                if (IsNetfxHandler)
-                {
-                    // For some reason, netfx tries one more time.
-                    headers = headers = await server.AcceptConnectionSendResponseAndCloseAsync(HttpStatusCode.Unauthorized, "WWW-Authenticate: Basic realm=\"hello\"\r\n");
-                    Assert.Contains(headers, header => header.Contains("Authorization"));
-                }
             });
         }
 
@@ -458,13 +428,6 @@ public async Task PreAuthenticate_SuccessfulBasic_ThenDigestChallenged()
                 return;
             }
 
-            if (IsCurlHandler)
-            {
-                // When provided with a credential that targets just one auth scheme,
-                // libcurl will often proactively send an auth header.
-                return;
-            }
-
             await LoopbackServer.CreateClientAndServerAsync(async uri =>
             {
                 using (HttpClientHandler handler = CreateHttpClientHandler())
@@ -503,16 +466,14 @@ public static IEnumerable<object[]> ServerUsesWindowsAuthentication_MemberData()
             string server = Configuration.Http.WindowsServerHttpHost;
             string authEndPoint = "showidentity.ashx";
 
-            yield return new object[] { $"http://{server}/test/auth/ntlm/{authEndPoint}", false };
-            yield return new object[] { $"https://{server}/test/auth/ntlm/{authEndPoint}", false };
+            yield return new object[] { $"http://{server}/test/auth/ntlm/{authEndPoint}" };
+            yield return new object[] { $"https://{server}/test/auth/ntlm/{authEndPoint}" };
 
-            // Curlhandler (due to libcurl bug) cannot do Negotiate (SPNEGO) Kerberos to NTLM fallback.
-            yield return new object[] { $"http://{server}/test/auth/negotiate/{authEndPoint}", true };
-            yield return new object[] { $"https://{server}/test/auth/negotiate/{authEndPoint}", true };
+            yield return new object[] { $"http://{server}/test/auth/negotiate/{authEndPoint}" };
+            yield return new object[] { $"https://{server}/test/auth/negotiate/{authEndPoint}" };
 
             // Server requires TLS channel binding token (cbt) with NTLM authentication.
-            // CurlHandler (due to libcurl bug) cannot do NTLM authentication with cbt.
-            yield return new object[] { $"https://{server}/test/auth/ntlm-epa/{authEndPoint}", true };
+            yield return new object[] { $"https://{server}/test/auth/ntlm-epa/{authEndPoint}" };
         }
 
         private static bool IsNtlmInstalled => Capability.IsNtlmInstalled();
@@ -575,11 +536,6 @@ public async Task Proxy_DomainJoinedProxyServerUsesKerberos_Success(Uri server)
         [ConditionalFact(nameof(IsDomainJoinedServerAvailable))]
         public async Task Credentials_DomainJoinedServerUsesKerberos_Success()
         {
-            if (IsCurlHandler)
-            {
-                throw new SkipTestException("Skipping test on CurlHandler (libCurl)");
-            }
-
             using (HttpClientHandler handler = CreateHttpClientHandler())
             using (HttpClient client = CreateHttpClient(handler))
             {
@@ -598,7 +554,7 @@ public async Task Credentials_DomainJoinedServerUsesKerberos_Success()
         [ConditionalFact(nameof(IsDomainJoinedServerAvailable))]
         public async Task Credentials_DomainJoinedServerUsesKerberos_UseIpAddressAndHostHeader_Success()
         {
-            if (IsCurlHandler || IsWinHttpHandler)
+            if (IsWinHttpHandler)
             {
                 throw new SkipTestException("Skipping test on platform handlers (CurlHandler, WinHttpHandler)");
             }
@@ -628,13 +584,8 @@ public async Task Credentials_DomainJoinedServerUsesKerberos_UseIpAddressAndHost
 
         [ConditionalTheory(nameof(IsNtlmInstalled), nameof(IsWindowsServerAvailable))]
         [MemberData(nameof(ServerUsesWindowsAuthentication_MemberData))]
-        public async Task Credentials_ServerUsesWindowsAuthentication_Success(string server, bool skipOnCurlHandler)
+        public async Task Credentials_ServerUsesWindowsAuthentication_Success(string server)
         {
-            if (IsCurlHandler && skipOnCurlHandler)
-            {
-                throw new SkipTestException("CurlHandler (libCurl) doesn't handle Negotiate with NTLM fallback nor CBT");
-            }
-
             using (HttpClientHandler handler = CreateHttpClientHandler())
             using (HttpClient client = CreateHttpClient(handler))
             {
@@ -656,11 +607,6 @@ public async Task Credentials_ServerUsesWindowsAuthentication_Success(string ser
         [InlineData("Negotiate")]
         public async Task Credentials_ServerChallengesWithWindowsAuth_ClientSendsWindowsAuthHeader(string authScheme)
         {
-            if (authScheme == "Negotiate" && IsCurlHandler)
-            {
-                throw new SkipTestException("CurlHandler (libCurl) doesn't handle Negotiate with NTLM fallback");
-            }
-
             await LoopbackServerFactory.CreateClientAndServerAsync(
                 async uri =>
                 {