CI: add whitespace checker

Fix issues detected.

Also:

- One of the `.vc` files used LF EOLs, while the other didn't.
Make that one also use LF EOLs, as this is appare

CI: add whitespace checker

Fix issues detected.

Also:

- One of the `.vc` files used LF EOLs, while the other didn't.
Make that one also use LF EOLs, as this is apparently supported by
`nmake`.

- Drop `.dsw` and `.btn` types from `.gitattributes`.
The repository doesn't use them.

- Sync section order with the rest of files in
`tests/certs/EdelCurlRoot-ca.prm`.

- Indent/align `.prm` and `.pem` files.

- Delete dummy `[something]` section from `.prm` and `.pem` files.

Mental note:
MSVC `.sln` files seem to accept spaces for indentation and also support
LF line-endings. I cannot test this and I don't know what's more
convenient when updating them, so left them as-is, with specific
exclusions.

Closes #14031

show more ...

tests: avoid use of sha1 in certificates

The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RH

tests: avoid use of sha1 in certificates

The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.

Fixes #10135

This gets rid of issues related to sha1 signatures.

Manual steps after "make clean-certs" and "make build-certs":

- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
(make clean-certs does not remove the original tests/stunnel.pem)

- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
options of tests/data/test2041 and tests/data/test2087

Closes #10153

show more ...

tests: add authorityInfoAccess to generated certs

Generate stunnel.pem as well

Closes #9980

tests/certs: rebuild certs with 2048-bit RSA keys

The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become

tests/certs: rebuild certs with 2048-bit RSA keys

The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become
crackable some time before 2010. The NIST recommends at least 2048-bit
keys for RSA for now.

Better use full 2048 also for testing.

Closes #2973

show more ...

stunnel: regenerated self-signed test certificate with SHA1 hash

The previous test certificate contained a MD5 hash which is not
supported using TLSv1.2 with Schannel on Windows 7 or new

stunnel: regenerated self-signed test certificate with SHA1 hash

The previous test certificate contained a MD5 hash which is not
supported using TLSv1.2 with Schannel on Windows 7 or newer.

See the update to this blog post on IEInternals / MSDN:
http://blogs.msdn.com/b/ieinternals/archive/2011/03/25/
misbehaving-https-servers-impair-tls-1.1-and-tls-1.2.aspx

"Update: If the server negotiates a TLS1.2 connection with a
Windows 7 or 8 schannel.dll-using client application, and it
provides a certificate chain which uses the (weak) MD5 hash
algorithm, the client will abort the connection (TCP/IP FIN)
upon receipt of the certificate."

show more ...

test harness: update stunnel.pem Diffie-Hellman parameters from 512 to 1024 bit

jayjwa added the "DH PARAMETERS" to make this work with recent stunnels

Peter Sylvester brought code that now allows a callback to modified the URL
even when the multi interface is used, and then libcurl will simulate a
"follow location" to that new URL. Test 509

Peter Sylvester brought code that now allows a callback to modified the URL
even when the multi interface is used, and then libcurl will simulate a
"follow location" to that new URL. Test 509 was added to test this feature.

show more ...

added stunnel PEM