#
5dd8f13b |
| 27-May-2024 |
Stefan Eissing |
gnutls: support CA caching - similar to openssl, use a shared 'credentials' instance among TLS connections with a plain configuration. - different to openssl, a connection with a c
gnutls: support CA caching - similar to openssl, use a shared 'credentials' instance among TLS connections with a plain configuration. - different to openssl, a connection with a client certificate is not eligible to sharing. - document CURLOPT_CA_CACHE_TIMEOUT in man page Closes #13795
show more ...
|
#
08872971 |
| 13-May-2024 |
Viktor Szakats |
lib/v*: tidy up types and casts Also add a couple of negative checks. Cherry-picked from #13489 Closes #13622
|
#
80aa5195 |
| 01-Jun-2024 |
Daniel Stenberg |
wolfssl: support CA caching As a bonus, add SSLSUPP_CA_CACHE to let TLS backends signal its support for this so that *setopt() return error if there is no support. Closes #13786
|
#
4c46e277 |
| 16-May-2024 |
Juliusz Sosinowicz |
vquic-tls: use correct cert name check API for wolfSSL wolfSSL_X509_check_host checks the peer name against the alt names and the common name. Fixes #13487 Closes #13680
|
#
b06619d0 |
| 26-Apr-2024 |
Stefan Eissing |
tests: add SNI and peer name checks - connect to DNS names with trailing dot - connect to DNS names with double trailing dot - rustls, always give `peer->hostname` and let it f
tests: add SNI and peer name checks - connect to DNS names with trailing dot - connect to DNS names with double trailing dot - rustls, always give `peer->hostname` and let it figure out SNI itself - add SNI tests for ip address and localhost - document in code and TODO that QUIC with ngtcp2+wolfssl does not do proper peer verification of the certificate - mbedtls, skip tests with ip address verification as not supported by the library Closes #13486
show more ...
|
#
49f83c30 |
| 11-Apr-2024 |
Viktor Szakats |
lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3` Before this patch `lib/curl_setup.h` defined these two macros right next to each other, then the source code used them interchangeably.
lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3` Before this patch `lib/curl_setup.h` defined these two macros right next to each other, then the source code used them interchangeably. After this patch, `USE_HTTP3` guards all HTTP/3 / QUIC features. (Like `USE_HTTP2` does for HTTP/2.) `ENABLE_QUIC` is no longer used. This patch doesn't change the way HTTP/3 is enabled via autotools or CMake. Builders who enabled HTTP/3 manually by defining both of these macros via `CPPFLAGS` can now delete `-DENABLE_QUIC`. Closes #13352
show more ...
|
#
8cee4c92 |
| 10-Apr-2024 |
Stefan Eissing |
gnutls: lazy init the trust settings - delay loading of trust anchors and CRLs after the ClientHello has been sent off - add tracing to IO operations - on IO errors, return the
gnutls: lazy init the trust settings - delay loading of trust anchors and CRLs after the ClientHello has been sent off - add tracing to IO operations - on IO errors, return the CURLcode of the underlying filter Closes #13339
show more ...
|
#
32101010 |
| 22-Mar-2024 |
Stefan Eissing |
tls: use shared init code for TCP+QUIC Closes #13172
|
#
181f5f33 |
| 13-Mar-2024 |
Jay Satiro |
vquic-tls: fix the error code returned for bad CA file - Return CURLE_SSL_CACERT_BADFILE if wolfSSL encounters a problem reading the cert file or path. This is a follow-up to
vquic-tls: fix the error code returned for bad CA file - Return CURLE_SSL_CACERT_BADFILE if wolfSSL encounters a problem reading the cert file or path. This is a follow-up to the parent commit aedbbdf1. Reported-by: Karthikdasari0423@users.noreply.github.com Fixes https://github.com/curl/curl/issues/13115
show more ...
|
#
aedbbdf1 |
| 11-Mar-2024 |
Daniel Stenberg |
vquic-tls: return appropirate errors on wolfSSL errors Reported-by: Dexter Gerig Closes #13107
|
#
0535f6ec |
| 18-Jan-2024 |
Stefan Eissing |
http3: initial support for OpenSSL 3.2 QUIC stack - HTTP/3 for curl using OpenSSL's own QUIC stack together with nghttp3 - configure with `--with-openssl-quic` to enable curl to
http3: initial support for OpenSSL 3.2 QUIC stack - HTTP/3 for curl using OpenSSL's own QUIC stack together with nghttp3 - configure with `--with-openssl-quic` to enable curl to build this. This requires the nghttp3 library - implementation with the following restrictions: * macOS has to use an unconnected UDP socket due to an issue in OpenSSL's datagram implementation See https://github.com/openssl/openssl/issues/23251 This makes connections to non-reponsive servers hang. * GET requests will send the indicator that they have no body in a separate QUIC packet. This may result in processing delays or Transfer-Encodings on proxied requests * uploads that encounter blocks will use 100% cpu as detection of these flow control issue is not working (we have not figured out to pry that from OpenSSL). Closes #12734
show more ...
|
#
5d044ad9 |
| 09-Jan-2024 |
Stefan Eissing |
vquic: extract TLS setup into own source - separate ngtcp2 specific parts out - provide callback during init to allow ngtcp2 to apply its defaults Closes #12678
|