curb 1.1.0 → 1.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 25a6615cec70148cb19373a5ad0326a93b2e1b4424bd2d02734038857e261659
-  data.tar.gz: 85f2b05e3fd7e8b400d8cd86d65aa2778e4c60e55337442e34d6cda673278c55
+  metadata.gz: 48135be870a425c76338a773b41dc9438883b30cab622cc8c2d81394b860047d
+  data.tar.gz: e7a439c010c1bdbd3ab26b92f2126a4d518a2c7808d7acc6af2e57a03ec07376
 SHA512:
-  metadata.gz: de609adca7bcd45c867a8fa91a20caa429e0064c68587d498bf25f455a1d4c49c6d00ec851af7c80aa1cc2694b4d0dd19291ebfb9b3010793dd8fa8c28e22d4c
-  data.tar.gz: af3d577715760e6b6ca977c5a6295d0af5d8b60858d673675d778deff7b06120876b72975ea35062c5299ac45fbab2d45a70b375cf94d07b410eb8c649a443d1
+  metadata.gz: b5c61d835a10a80211b625dd3ef8cf949fdcf30be9584d2a6793d69e309e3cb283097c2502a8912801ab9ee13679f1e71344034a197c54c88872157e66df74a0
+  data.tar.gz: 20fbde1832dc7338dba7f78c08556eceab4532247f41f0bb1c0c15ba11fc0cd2f07aabeaef62525eba24afc95b5e9854dbb3d71f6d6f493097d614ae913818f8

data/README.md

@@ -1,6 +1,10 @@
 # Curb - Libcurl bindings for Ruby
 
-* [CI Build Status](https://github.com/taf2/curb/actions/workflows/CI.yml)
+[![CI](https://github.com/taf2/curb/actions/workflows/ci.yml/badge.svg)](https://github.com/taf2/curb/actions/workflows/ci.yml)
+[![codecov](https://codecov.io/gh/taf2/curb/branch/master/graph/badge.svg)](https://codecov.io/gh/taf2/curb)
+[![Gem Version](https://badge.fury.io/rb/curb.svg)](https://badge.fury.io/rb/curb)
+
+* [CI Build Status](https://github.com/taf2/curb/actions/workflows/ci.yml)
 * [rubydoc rdoc](http://www.rubydoc.info/github/taf2/curb/)
 * [github project](http://github.com/taf2/curb/tree/master)
 
@@ -70,11 +74,37 @@ puts "\n=== FTP Directory Listing Example ==="
 list = Curl::Easy.new('ftp://ftp.example.com/remote/directory/')
 list.username = 'user'
 list.password = 'password'
-list.dirlistonly = true
+list.set(:dirlistonly, 1)
+list.perform
+puts list.body
+```
+
+### FTP over HTTP proxy tunnel (NLST/LIST)
+When listing directories through an HTTP proxy with `proxy_tunnel` (CONNECT), let libcurl manage the passive data connection. Do not send `PASV`/`EPSV` or `NLST` via `easy.ftp_commands` — QUOTE commands run on the control connection and libcurl will not open the data connection, resulting in 425 errors.
+
+To get NLST-like output safely:
+
+```ruby
+list = Curl::Easy.new('ftp://ftp.example.com/remote/directory/')
+list.username = 'user'
+list.password = 'password'
+list.proxy_url = 'http://proxy.example.com:80'
+list.proxy_tunnel = true
+
+# Ask libcurl to perform a listing (names only)
+list.set(:dirlistonly, 1)
+
+# If the proxy or server has trouble with EPSV/EPRT, you can adjust:
+# list.set(:ftp_use_epsv, 0)       # disable EPSV
+# list.set(:ftp_use_eprt, 0)       # disable EPRT (stick to IPv4 PASV)
+# list.set(:ftp_skip_pasv_ip, 1)   # ignore PASV host, reuse control host
+
 list.perform
 puts list.body
 ```
 
+If you need a full `LIST` output instead of just names, omit `dirlistonly` and parse the server response accordingly. The key is to let libcurl initiate the data connection (PASV/EPSV) instead of trying to drive it via `ftp_commands`.
+
 ### Advanced FTP Usage with Various Options
 ```
 puts "\n=== Advanced FTP Example ==="
@@ -323,6 +353,8 @@ end
 
 ### HTTP POST form:
 
+Note: Instance methods like `easy.http_post(...)` do not accept a URL argument. Set the URL first (for example, `Curl::Easy.new(url)` or `easy.url = url`) and then call `easy.http_post(...)`. If you want to pass the URL directly to the call, use the class/module helpers such as `Curl::Easy.http_post(url, ...)` or `Curl.post(url, ...)`.
+
 ```ruby
 c = Curl::Easy.http_post("http://my.rails.box/thing/create",
                          Curl::PostField.content('thing[name]', 'box'),
@@ -335,6 +367,19 @@ c = Curl::Easy.http_post("http://my.rails.box/thing/create",
 c = Curl::Easy.new("http://my.rails.box/files/upload")
 c.multipart_form_post = true
 c.http_post(Curl::PostField.file('thing[file]', 'myfile.rb'))
+
+### Custom request target
+
+Some advanced scenarios need a request-target that differs from the URL host/path (for example, absolute-form targets or special values like `*`). If your libcurl supports `CURLOPT_REQUEST_TARGET` (libcurl ≥ 7.55), you can override it:
+
+```ruby
+c = Curl::Easy.new("http://127.0.0.1:9129/methods")
+c.request_target = "http://localhost:9129/methods"  # absolute-form target
+c.headers = { 'Host' => 'example.com' }              # override Host header if needed
+c.perform
+```
+
+For HTTPS, prefer `easy.resolve = ["host:443:IP"]` to keep Host/SNI/certificates aligned.
 ```
 
 ### Using HTTP/2
@@ -414,3 +459,31 @@ end
 * `on_missing` is called when the response code is 4xx
 * `on_failure` is called when the response code is 5xx
 * `on_complete` is called in all cases.
+
+### Cookies
+
+- Manual cookies: Set the outgoing `Cookie` header via `easy.cookies = "name=value; other=val"`. This only affects the request header and does not modify libcurl's internal cookie engine.
+- Cookie engine: Enable with `easy.enable_cookies = true`. Optionally set `easy.cookiefile` (to load) and/or `easy.cookiejar` (to persist). Cookies received via `Set-Cookie` go into this engine.
+- Inspect engine cookies: `easy.cookielist` returns an array of strings (Netscape or Set-Cookie format).
+- Modify engine cookies: use `easy.cookielist = ...` or `easy.set(:cookielist, ...)` with either a `Set-Cookie` style string, Netscape cookie lines, or special commands: `"ALL"` (clear), `"SESS"` (remove session cookies), `"FLUSH"` (write to jar), `"RELOAD"` (reload from file).
+- Clearing manual cookies: assign an empty string (`easy.cookies = ''`). Assigning `nil` has no effect in current versions.
+
+Examples:
+
+```ruby
+easy = Curl::Easy.new("https://example.com")
+
+# Use the cookie engine and persist cookies
+easy.enable_cookies = true
+easy.cookiejar = "/tmp/cookies.txt"
+easy.perform
+
+# Later: inspect and tweak engine cookies
+p easy.cookielist
+easy.cookielist = 'ALL' # clear stored cookies
+
+# Send custom Cookie header for a single request
+easy.cookies = "flag=1; session_override=abc"
+easy.perform
+easy.cookies = ''  # clear manual Cookie header
+```

data/ext/curb.c

@@ -143,12 +143,14 @@ static VALUE ruby_curl_asyncdns_q(VALUE mod) {
  * in RFC 2478). For libcurl versions < 7.10.8, always returns false.
  */
 static VALUE ruby_curl_spnego_q(VALUE mod) {
-#ifdef HAVE_CURL_VERSION_SPNEGO
   curl_version_info_data *ver = curl_version_info(CURLVERSION_NOW);
-  return((ver->features & CURL_VERSION_SPNEGO) ? Qtrue : Qfalse);
-#else
-  return Qfalse;
+#ifdef HAVE_CURL_VERSION_SPNEGO
+  if (ver->features & CURL_VERSION_SPNEGO) return Qtrue;
 #endif
+#ifdef HAVE_CURL_VERSION_GSSNEGOTIATE
+  if (ver->features & CURL_VERSION_GSSNEGOTIATE) return Qtrue;
+#endif
+  return Qfalse;
 }
 
 /*
@@ -614,6 +616,11 @@ void Init_curb_core() {
 #if HAVE_CURLOPT_PROXYHEADER
   CURB_DEFINE(CURLOPT_PROXYHEADER);
 #endif
+#if HAVE_CURLOPT_REQUEST_TARGET
+  /* Allows overriding the Request-URI target used in the request line.
+   * Useful for absolute-form requests or special targets like "*". */
+  CURB_DEFINE(CURLOPT_REQUEST_TARGET);
+#endif
 #if HAVE_CURLOPT_HTTP200ALIASES
   CURB_DEFINE(CURLOPT_HTTP200ALIASES);
 #endif

data/ext/curb.h

@@ -28,11 +28,11 @@
 #include "curb_macros.h"
 
 // These should be managed from the Rake 'release' task.
-#define CURB_VERSION   "1.1.0"
-#define CURB_VER_NUM   1010
+#define CURB_VERSION   "1.2.1"
+#define CURB_VER_NUM   1021
 #define CURB_VER_MAJ   1
-#define CURB_VER_MIN   1
-#define CURB_VER_MIC   0
+#define CURB_VER_MIN   2
+#define CURB_VER_MIC   1
 #define CURB_VER_PATCH 0
 
 

data/ext/curb_easy.c

@@ -12,6 +12,9 @@
 
 #include <errno.h>
 #include <string.h>
+#ifndef _WIN32
+#include <strings.h>
+#endif
 
 extern VALUE mCurl;
 
@@ -222,6 +225,24 @@ void curl_easy_mark(ruby_curl_easy *rbce) {
 }
 
 static void ruby_curl_easy_free(ruby_curl_easy *rbce) {
+  if (!rbce) {
+    return;
+  }
+
+  if (!NIL_P(rbce->multi)) {
+    VALUE multi_val = rbce->multi;
+    ruby_curl_multi *rbcm = NULL;
+
+    rbce->multi = Qnil;
+
+    if (!NIL_P(multi_val) && RB_TYPE_P(multi_val, T_DATA)) {
+      Data_Get_Struct(multi_val, ruby_curl_multi, rbcm);
+      if (rbcm) {
+        rb_curl_multi_forget_easy(rbcm, rbce);
+      }
+    }
+  }
+
   if (rbce->curl_headers) {
     curl_slist_free_all(rbce->curl_headers);
   }
@@ -307,8 +328,10 @@ static void ruby_curl_easy_zero(ruby_curl_easy *rbce) {
   rbce->verbose = 0;
   rbce->multipart_form_post = 0;
   rbce->enable_cookies = 0;
+  rbce->cookielist_engine_enabled = 0;
   rbce->ignore_content_length = 0;
   rbce->callback_active = 0;
+  rbce->last_result = 0;
 }
 
 /*
@@ -317,6 +340,9 @@ static void ruby_curl_easy_zero(ruby_curl_easy *rbce) {
 static VALUE ruby_curl_easy_allocate(VALUE klass) {
   ruby_curl_easy *rbce;
   rbce = ALLOC(ruby_curl_easy);
+  if (!rbce) {
+    rb_raise(rb_eNoMemError, "Failed to allocate memory for Curl::Easy");
+  }
   rbce->curl = NULL;
   rbce->opts  = Qnil;
   rbce->multi = Qnil;
@@ -375,8 +401,14 @@ static VALUE ruby_curl_easy_initialize(int argc, VALUE *argv, VALUE self) {
 static struct curl_slist *duplicate_curl_slist(struct curl_slist *list) {
     struct curl_slist *dup = NULL;
     struct curl_slist *tmp;
+    struct curl_slist *new_list;
     for (tmp = list; tmp; tmp = tmp->next) {
-        dup = curl_slist_append(dup, tmp->data);
+        new_list = curl_slist_append(dup, tmp->data);
+        if (!new_list) {
+            if (dup) { curl_slist_free_all(dup); }
+            rb_raise(rb_eNoMemError, "Failed to duplicate curl_slist");
+        }
+        dup = new_list;
     }
     return dup;
 }
@@ -395,6 +427,9 @@ static VALUE ruby_curl_easy_clone(VALUE self) {
   Data_Get_Struct(self, ruby_curl_easy, rbce);
 
   newrbce = ALLOC(ruby_curl_easy);
+  if (!newrbce) {
+    rb_raise(rb_eNoMemError, "Failed to allocate memory for Curl::Easy clone");
+  }
   /* shallow copy */
   memcpy(newrbce, rbce, sizeof(ruby_curl_easy));
 
@@ -405,6 +440,9 @@ static VALUE ruby_curl_easy_clone(VALUE self) {
   newrbce->curl_ftp_commands = (rbce->curl_ftp_commands) ? duplicate_curl_slist(rbce->curl_ftp_commands) : NULL;
   newrbce->curl_resolve = (rbce->curl_resolve) ? duplicate_curl_slist(rbce->curl_resolve) : NULL;
 
+  /* A cloned easy should not retain ownership reference to the original multi. */
+  newrbce->multi = Qnil;
+
   if (rbce->opts != Qnil) {
     newrbce->opts = rb_funcall(rbce->opts, rb_intern("dup"), 0);
   }
@@ -645,7 +683,16 @@ static VALUE ruby_curl_easy_proxypwd_get(VALUE self) {
  * call-seq:
  *   easy.cookies                                     => "name1=content1; name2=content2;"
  *
- * Obtain the cookies for this Curl::Easy instance.
+ * Obtain the manually set Cookie header string for this Curl::Easy instance.
+ *
+ * Notes:
+ * - This corresponds to libcurl's CURLOPT_COOKIE and only affects the outgoing
+ *   Cookie request header. It does NOT modify the internal libcurl cookie engine
+ *   that stores cookies received via Set-Cookie.
+ * - To inspect or modify cookies stored in the cookie engine, use
+ *   +easy.cookielist+ (getter) and +easy.cookielist=+ or +easy.set(:cookielist, ...)+ (setter).
+ * - To clear a previously set manual Cookie header, assign an empty string.
+ *   Assigning +nil+ currently has no effect.
  */
 static VALUE ruby_curl_easy_cookies_get(VALUE self) {
   CURB_OBJECT_HGETTER(ruby_curl_easy, cookies);
@@ -655,7 +702,8 @@ static VALUE ruby_curl_easy_cookies_get(VALUE self) {
  * call-seq:
  *   easy.cookiefile                                  => string
  *
- * Obtain the cookiefile file for this Curl::Easy instance.
+ * Obtain the cookiefile path for this Curl::Easy instance (used to load cookies when the
+ * cookie engine is enabled).
  */
 static VALUE ruby_curl_easy_cookiefile_get(VALUE self) {
   CURB_OBJECT_HGETTER(ruby_curl_easy, cookiefile);
@@ -665,7 +713,8 @@ static VALUE ruby_curl_easy_cookiefile_get(VALUE self) {
  * call-seq:
  *   easy.cookiejar                                   => string
  *
- * Obtain the cookiejar file to use for this Curl::Easy instance.
+ * Obtain the cookiejar path for this Curl::Easy instance (used to persist cookies when the
+ * cookie engine is enabled).
  */
 static VALUE ruby_curl_easy_cookiejar_get(VALUE self) {
   CURB_OBJECT_HGETTER(ruby_curl_easy, cookiejar);
@@ -965,7 +1014,15 @@ static VALUE ruby_curl_easy_put_data_set(VALUE self, VALUE data) {
  * call-seq:
  *   easy.ftp_commands = ["CWD /", "MKD directory"]   => ["CWD /", ...]
  *
- * Explicitly sets the list of commands to execute on the FTP server when calling perform
+ * Explicitly sets the list of commands to execute on the FTP server when calling perform.
+ *
+ * NOTE:
+ * - This maps to libcurl CURLOPT_QUOTE; it sends commands on the control connection.
+ * - Do not include data-transfer commands like LIST/NLST/RETR/STOR here. libcurl does not
+ *   parse PASV/EPSV replies from QUOTE commands and will not establish the required data
+ *   connection. For directory listings, set CURLOPT_DIRLISTONLY (via `easy.set(:dirlistonly, true)`)
+ *   and request an FTP directory URL (e.g. "ftp://host/path/") so libcurl manages PASV/EPSV
+ *   and the data connection for you.
  */
 static VALUE ruby_curl_easy_ftp_commands_set(VALUE self, VALUE ftp_commands) {
   CURB_OBJECT_HSETTER(ruby_curl_easy, ftp_commands);
@@ -1874,7 +1931,12 @@ static VALUE ruby_curl_easy_multipart_form_post_q(VALUE self) {
  *   easy.enable_cookies = boolean                    => boolean
  *
  * Configure whether the libcurl cookie engine is enabled for this Curl::Easy
- * instance.
+ * instance. When enabled, cookies received via Set-Cookie are stored by libcurl
+ * and automatically sent on subsequent matching requests. Use +easy.cookiefile+
+ * to load cookies and +easy.cookiejar+ to persist them.
+ *
+ * This setting is independent from the manual Cookie header set via +easy.cookies+.
+ * The manual header is additive and can be cleared by assigning an empty string.
  */
 static VALUE ruby_curl_easy_enable_cookies_set(VALUE self, VALUE enable_cookies)
 {
@@ -2165,7 +2227,11 @@ static VALUE cb_each_http_header(VALUE header, VALUE wrap, int _c, const VALUE *
 
   //rb_p(header_str);
 
-  *list = curl_slist_append(*list, StringValuePtr(header_str));
+  struct curl_slist *new_list = curl_slist_append(*list, StringValuePtr(header_str));
+  if (!new_list) {
+    rb_raise(rb_eNoMemError, "Failed to append to header list");
+  }
+  *list = new_list;
   return header_str;
 }
 
@@ -2197,7 +2263,11 @@ static VALUE cb_each_http_proxy_header(VALUE proxy_header, VALUE wrap, int _c, c
 
   //rb_p(header_str);
 
-  *list = curl_slist_append(*list, StringValuePtr(proxy_header_str));
+  struct curl_slist *new_list = curl_slist_append(*list, StringValuePtr(proxy_header_str));
+  if (!new_list) {
+    rb_raise(rb_eNoMemError, "Failed to append to proxy header list");
+  }
+  *list = new_list;
   return proxy_header_str;
 }
 
@@ -2210,7 +2280,11 @@ static VALUE cb_each_ftp_command(VALUE ftp_command, VALUE wrap, int _c, const VA
   Data_Get_Struct(wrap, struct curl_slist *, list);
 
   ftp_command_string = rb_obj_as_string(ftp_command);
-  *list = curl_slist_append(*list, StringValuePtr(ftp_command));
+  struct curl_slist *new_list = curl_slist_append(*list, StringValuePtr(ftp_command));
+  if (!new_list) {
+    rb_raise(rb_eNoMemError, "Failed to append to FTP command list");
+  }
+  *list = new_list;
 
   return ftp_command_string;
 }
@@ -2224,7 +2298,11 @@ static VALUE cb_each_resolve(VALUE resolve, VALUE wrap, int _c, const VALUE *_pt
   Data_Get_Struct(wrap, struct curl_slist *, list);
 
   resolve_string = rb_obj_as_string(resolve);
-  *list = curl_slist_append(*list, StringValuePtr(resolve));
+  struct curl_slist *new_list = curl_slist_append(*list, StringValuePtr(resolve));
+  if (!new_list) {
+    rb_raise(rb_eNoMemError, "Failed to append to resolve list");
+  }
+  *list = new_list;
 
   return resolve_string;
 }
@@ -2296,6 +2374,14 @@ VALUE ruby_curl_easy_setup(ruby_curl_easy *rbce) {
     curl_easy_setopt(curl, CURLOPT_PROXYUSERPWD, rb_easy_get_str("proxypwd"));
   }
 
+#if HAVE_CURLOPT_NOPROXY
+  if (rb_easy_nil("noproxy")) {
+    curl_easy_setopt(curl, CURLOPT_NOPROXY, NULL);
+  } else {
+    curl_easy_setopt(curl, CURLOPT_NOPROXY, rb_easy_get_str("noproxy"));
+  }
+#endif
+
   // body/header procs
   if (!rb_easy_nil("body_proc")) {
     curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, (curl_write_callback)&proc_data_handler_body);
@@ -2443,9 +2529,8 @@ VALUE ruby_curl_easy_setup(ruby_curl_easy *rbce) {
 #endif
   }
 
-  /* Set up HTTP cookie handling if necessary
-     FIXME this may not get disabled if it's enabled, the disabled again from ruby.
-     */
+  /* Set up HTTP cookie handling if necessary */
+  /* Enable/attach cookie engine if requested, or implicitly via COOKIELIST usage */
   if (rbce->enable_cookies) {
     if (!rb_easy_nil("cookiejar")) {
       curl_easy_setopt(curl, CURLOPT_COOKIEJAR, rb_easy_get_str("cookiejar"));
@@ -2456,6 +2541,9 @@ VALUE ruby_curl_easy_setup(ruby_curl_easy *rbce) {
     } else {
       curl_easy_setopt(curl, CURLOPT_COOKIEFILE, ""); /* "" = magic to just enable */
     }
+  } else if (rbce->cookielist_engine_enabled) {
+    /* Ensure cookie engine is enabled even if enable_cookies? is false. */
+    curl_easy_setopt(curl, CURLOPT_COOKIEFILE, "");
   }
 
   if (!rb_easy_nil("cookies")) {
@@ -2517,7 +2605,11 @@ VALUE ruby_curl_easy_setup(ruby_curl_easy *rbce) {
       rb_iterate(rb_each, rb_easy_get("headers"), cb_each_http_header, wrap);
     } else {
       VALUE headers_str = rb_obj_as_string(rb_easy_get("headers"));
-      *hdrs = curl_slist_append(*hdrs, StringValuePtr(headers_str));
+      struct curl_slist *new_list = curl_slist_append(*hdrs, StringValuePtr(headers_str));
+      if (!new_list) {
+        rb_raise(rb_eNoMemError, "Failed to append to headers list");
+      }
+      *hdrs = new_list;
     }
 
     if (*hdrs) {
@@ -2535,7 +2627,11 @@ VALUE ruby_curl_easy_setup(ruby_curl_easy *rbce) {
       rb_iterate(rb_each, rb_easy_get("proxy_headers"), cb_each_http_proxy_header, wrap);
     } else {
       VALUE proxy_headers_str = rb_obj_as_string(rb_easy_get("proxy_headers"));
-      *phdrs = curl_slist_append(*phdrs, StringValuePtr(proxy_headers_str));
+      struct curl_slist *new_list = curl_slist_append(*phdrs, StringValuePtr(proxy_headers_str));
+      if (!new_list) {
+        rb_raise(rb_eNoMemError, "Failed to append to proxy headers list");
+      }
+      *phdrs = new_list;
     }
 
     if (*phdrs) {
@@ -2635,10 +2731,31 @@ static VALUE ruby_curl_easy_perform_verb_str(VALUE self, const char *verb) {
 
   memset(rbce->err_buf, 0, CURL_ERROR_SIZE);
 
+  /* Use method override and adjust related options for special verbs. */
   curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, verb);
 
+  /* For HEAD, ensure no body is requested/downloaded, as some servers
+   * include a Content-Length header which should not cause libcurl to
+   * wait for a body that will never arrive. */
+  int is_head = (verb && (
+#ifdef _WIN32
+    _stricmp(verb, "HEAD") == 0
+#else
+    strcasecmp(verb, "HEAD") == 0
+#endif
+  ));
+  if (is_head) {
+    curl_easy_setopt(curl, CURLOPT_NOBODY, 1L);
+    curl_easy_setopt(curl, CURLOPT_HTTPGET, 0L);
+    curl_easy_setopt(curl, CURLOPT_POST, 0L);
+  }
+
   retval = rb_funcall(self, rb_intern("perform"), 0);
 
+  /* Restore state after request. */
+  if (is_head) {
+    curl_easy_setopt(curl, CURLOPT_NOBODY, 0L);
+  }
   curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, NULL);
 
   return retval;
@@ -3523,6 +3640,12 @@ static VALUE ruby_curl_easy_num_connects_get(VALUE self) {
  * Returned strings are in Netscape cookiejar format or in Set-Cookie format.
  * Since 7.43.0 cookies in the Set-Cookie format without a domain name are not exported.
  *
+ * To modify the cookie engine (add/replace/remove), use +easy.cookielist= string+
+ * or +easy.set(:cookielist, string)+ with one of the following accepted inputs:
+ * - A Set-Cookie style header string: "Set-Cookie: name=value; Domain=example.com; Path=/; Expires=..."
+ * - One or more lines in Netscape cookie file format (tab-separated fields)
+ * - Special commands: "ALL" (clear all), "SESS" (remove session cookies), "FLUSH" (write to jar), "RELOAD" (reload from file)
+ *
  * @see https://curl.se/libcurl/c/CURLINFO_COOKIELIST.html option <code>CURLINFO_COOKIELIST</code> of 
  *   <code>curl_easy_getopt(3)</code> to see how libcurl behaves.
  * @note requires libcurl 7.14.1 or higher, otherwise +-1+ is always returned
@@ -3584,7 +3707,7 @@ static VALUE ruby_curl_easy_ftp_entry_path_get(VALUE self) {
     return Qnil;
   }
 #else
-  rb_warn("Installed libcurl is too old to support num_connects");
+  rb_warn("Installed libcurl is too old to support ftp_entry_path");
   return Qnil;
 #endif
 }
@@ -3725,6 +3848,12 @@ static VALUE ruby_curl_easy_set_opt(VALUE self, VALUE opt, VALUE val) {
     VALUE proxypwd = val;
     CURB_OBJECT_HSETTER(ruby_curl_easy, proxypwd);
     } break;
+#if HAVE_CURLOPT_NOPROXY
+  case CURLOPT_NOPROXY: {
+    VALUE noproxy = val;
+    CURB_OBJECT_HSETTER(ruby_curl_easy, noproxy);
+    } break;
+#endif
   case CURLOPT_COOKIE: {
     VALUE cookies = val;
     CURB_OBJECT_HSETTER(ruby_curl_easy, cookies);
@@ -3737,9 +3866,72 @@ static VALUE ruby_curl_easy_set_opt(VALUE self, VALUE opt, VALUE val) {
     VALUE cookiejar = val;
     CURB_OBJECT_HSETTER(ruby_curl_easy, cookiejar);
     } break;
+#if HAVE_CURLOPT_REQUEST_TARGET
+  case CURLOPT_REQUEST_TARGET: {
+    /* Forward request-target directly to libcurl as a string. */
+    curl_easy_setopt(rbce->curl, CURLOPT_REQUEST_TARGET, NIL_P(val) ? NULL : StringValueCStr(val));
+    } break;
+#endif
   case CURLOPT_TCP_NODELAY: {
     curl_easy_setopt(rbce->curl, CURLOPT_TCP_NODELAY, NUM2LONG(val));
     } break;
+  /* FTP-specific toggles */
+#if HAVE_CURLOPT_DIRLISTONLY
+  case CURLOPT_DIRLISTONLY: {
+    int type = rb_type(val);
+    VALUE value;
+    if (type == T_TRUE) {
+      value = rb_int_new(1);
+    } else if (type == T_FALSE) {
+      value = rb_int_new(0);
+    } else {
+      value = rb_funcall(val, rb_intern("to_i"), 0);
+    }
+    curl_easy_setopt(rbce->curl, CURLOPT_DIRLISTONLY, NUM2LONG(value));
+    } break;
+#endif
+#if HAVE_CURLOPT_FTP_USE_EPSV
+  case CURLOPT_FTP_USE_EPSV: {
+    int type = rb_type(val);
+    VALUE value;
+    if (type == T_TRUE) {
+      value = rb_int_new(1);
+    } else if (type == T_FALSE) {
+      value = rb_int_new(0);
+    } else {
+      value = rb_funcall(val, rb_intern("to_i"), 0);
+    }
+    curl_easy_setopt(rbce->curl, CURLOPT_FTP_USE_EPSV, NUM2LONG(value));
+    } break;
+#endif
+#if HAVE_CURLOPT_FTP_USE_EPRT
+  case CURLOPT_FTP_USE_EPRT: {
+    int type = rb_type(val);
+    VALUE value;
+    if (type == T_TRUE) {
+      value = rb_int_new(1);
+    } else if (type == T_FALSE) {
+      value = rb_int_new(0);
+    } else {
+      value = rb_funcall(val, rb_intern("to_i"), 0);
+    }
+    curl_easy_setopt(rbce->curl, CURLOPT_FTP_USE_EPRT, NUM2LONG(value));
+    } break;
+#endif
+#if HAVE_CURLOPT_FTP_SKIP_PASV_IP
+  case CURLOPT_FTP_SKIP_PASV_IP: {
+    int type = rb_type(val);
+    VALUE value;
+    if (type == T_TRUE) {
+      value = rb_int_new(1);
+    } else if (type == T_FALSE) {
+      value = rb_int_new(0);
+    } else {
+      value = rb_funcall(val, rb_intern("to_i"), 0);
+    }
+    curl_easy_setopt(rbce->curl, CURLOPT_FTP_SKIP_PASV_IP, NUM2LONG(value));
+    } break;
+#endif
   case CURLOPT_RANGE: {
     curl_easy_setopt(rbce->curl, CURLOPT_RANGE, StringValueCStr(val));
     } break;
@@ -3802,6 +3994,9 @@ static VALUE ruby_curl_easy_set_opt(VALUE self, VALUE opt, VALUE val) {
     Check_Type(val, T_FILE);
     GetOpenFile(val, open_f_ptr);
     curl_easy_setopt(rbce->curl, CURLOPT_STDERR, rb_io_stdio_file(open_f_ptr));
+    /* Retain a Ruby reference to the IO to prevent GC/finalization
+     * while libcurl still holds and writes to the underlying FILE*. */
+    rb_easy_set("stderr_io", val);
     break;
   case CURLOPT_PROTOCOLS:
   case CURLOPT_REDIR_PROTOCOLS:
@@ -3814,8 +4009,23 @@ static VALUE ruby_curl_easy_set_opt(VALUE self, VALUE opt, VALUE val) {
 #endif
 #if HAVE_CURLOPT_COOKIELIST
   case CURLOPT_COOKIELIST: {
+	/* Forward to libcurl */
 	curl_easy_setopt(rbce->curl, CURLOPT_COOKIELIST, StringValueCStr(val));
-    } break;
+	/* Track whether the cookie engine should be enabled for requests.
+	 * According to libcurl docs, CURLOPT_COOKIELIST also enables the cookie engine
+	 * when provided with a non-command string. Some environments may still require
+	 * an explicit "enable" via CURLOPT_COOKIEFILE="" to send cookies on requests.
+	 * We do that in the perform setup when this flag is set.
+	 */
+	if (RB_TYPE_P(val, T_STRING)) {
+	  const char *s = StringValueCStr(val);
+	  if (!(strcmp(s, "ALL") == 0 || strcmp(s, "SESS") == 0 || strcmp(s, "FLUSH") == 0 || strcmp(s, "RELOAD") == 0)) {
+	    rbce->cookielist_engine_enabled = 1;
+	  }
+	} else {
+	  /* Non-string values are unexpected; be conservative and do not enable. */
+	}
+  } break;
 #endif
 #if HAVE_CURLOPT_PROXY_SSL_VERIFYHOST
   case CURLOPT_PROXY_SSL_VERIFYHOST:
@@ -3832,11 +4042,19 @@ static VALUE ruby_curl_easy_set_opt(VALUE self, VALUE opt, VALUE val) {
       long i, len = RARRAY_LEN(val);
       for (i = 0; i < len; i++) {
         VALUE item = rb_ary_entry(val, i);
-        list = curl_slist_append(list, StringValueCStr(item));
+        struct curl_slist *new_list = curl_slist_append(list, StringValueCStr(item));
+        if (!new_list) {
+          curl_slist_free_all(list);
+          rb_raise(rb_eNoMemError, "Failed to append to resolve list");
+        }
+        list = new_list;
       }
     } else {
       /* If a single string is passed, use it directly */
       list = curl_slist_append(NULL, StringValueCStr(val));
+      if (!list) {
+        rb_raise(rb_eNoMemError, "Failed to create resolve list");
+      }
     }
     /* Save the list pointer in the ruby_curl_easy structure for cleanup later */
     rbce->curl_resolve = list;

data/ext/curb_easy.h

@@ -77,6 +77,7 @@ typedef struct {
   char verbose;
   char multipart_form_post;
   char enable_cookies;
+  char cookielist_engine_enabled; /* track if CURLOPT_COOKIELIST was used with a non-command to enable engine */
   char ignore_content_length;
   char callback_active;