| #
522c89a1 |
| 26-Oct-2024 |
Daniel Stenberg |
lib: remove Curl_ prefix from static functions
'Curl_' is a prefix used for library global functions (cross-files).
Static functions should thus not use it.
Closes #15419
|
| #
8cb2d5f4 |
| 22-Oct-2024 |
Stefan Eissing |
quic: use the session cache with wolfSSL as well
Use session cache for QUIC when built with quictls or wolfSSL.
Add test_017_10 for verifying QUIC TLS session reuse when built with
quic: use the session cache with wolfSSL as well
Use session cache for QUIC when built with quictls or wolfSSL.
Add test_017_10 for verifying QUIC TLS session reuse when built with
quictls, gnutls or wolfssl.
Closes #15358
show more ...
|
| #
fe8399f0 |
| 11-Oct-2024 |
Stefan Eissing |
gnutls: use session cache for QUIC
Add session reuse for QUIC transfers using GnuTLS. This does not include
support for TLS early data, yet.
Fix check of early data support in c
gnutls: use session cache for QUIC
Add session reuse for QUIC transfers using GnuTLS. This does not include
support for TLS early data, yet.
Fix check of early data support in common GnuTLS init code to not access
the filter context, as the struct varies between TCP and QUIC
connections.
Closes #15265
show more ...
|
| #
bcec0840 |
| 02-Oct-2024 |
Daniel Stenberg |
lib: use bool/TRUE/FALSE properly
booleans should use the type 'bool' and set the value to TRUE/FALSE
non-booleans should not be 'bool' and should not set the value to
TRUE/FALS
lib: use bool/TRUE/FALSE properly
booleans should use the type 'bool' and set the value to TRUE/FALSE
non-booleans should not be 'bool' and should not set the value to
TRUE/FALSE
Closes #15123
show more ...
|
| #
fc8575ed |
| 21-Aug-2024 |
Viktor Szakats |
tidy-up: spelling wolfSSL [ci skip]
|
| #
c074ba64 |
| 01-Jul-2024 |
Daniel Stenberg |
code: language cleanup in comments
Based on the standards and guidelines we use for our documentation.
- expand contractions (they're => they are etc)
- host name = > hostname
code: language cleanup in comments
Based on the standards and guidelines we use for our documentation.
- expand contractions (they're => they are etc)
- host name = > hostname
- file name => filename
- user name = username
- man page => manpage
- run-time => runtime
- set-up => setup
- back-end => backend
- a HTTP => an HTTP
- Two spaces after a period => one space after period
Closes #14073
show more ...
|
| #
5dd8f13b |
| 27-May-2024 |
Stefan Eissing |
gnutls: support CA caching
- similar to openssl, use a shared 'credentials' instance
among TLS connections with a plain configuration.
- different to openssl, a connection with a c
gnutls: support CA caching
- similar to openssl, use a shared 'credentials' instance
among TLS connections with a plain configuration.
- different to openssl, a connection with a client certificate
is not eligible to sharing.
- document CURLOPT_CA_CACHE_TIMEOUT in man page
Closes #13795
show more ...
|
| #
08872971 |
| 13-May-2024 |
Viktor Szakats |
lib/v*: tidy up types and casts
Also add a couple of negative checks.
Cherry-picked from #13489
Closes #13622
|
| #
80aa5195 |
| 01-Jun-2024 |
Daniel Stenberg |
wolfssl: support CA caching
As a bonus, add SSLSUPP_CA_CACHE to let TLS backends signal its support
for this so that *setopt() return error if there is no support.
Closes #13786
|
| #
4c46e277 |
| 16-May-2024 |
Juliusz Sosinowicz |
vquic-tls: use correct cert name check API for wolfSSL
wolfSSL_X509_check_host checks the peer name against the alt names and
the common name.
Fixes #13487
Closes #13680
|
| #
b06619d0 |
| 26-Apr-2024 |
Stefan Eissing |
tests: add SNI and peer name checks
- connect to DNS names with trailing dot
- connect to DNS names with double trailing dot
- rustls, always give `peer->hostname` and let it
f
tests: add SNI and peer name checks
- connect to DNS names with trailing dot
- connect to DNS names with double trailing dot
- rustls, always give `peer->hostname` and let it
figure out SNI itself
- add SNI tests for ip address and localhost
- document in code and TODO that QUIC with ngtcp2+wolfssl
does not do proper peer verification of the certificate
- mbedtls, skip tests with ip address verification as not
supported by the library
Closes #13486
show more ...
|
| #
49f83c30 |
| 11-Apr-2024 |
Viktor Szakats |
lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3`
Before this patch `lib/curl_setup.h` defined these two macros right
next to each other, then the source code used them interchangeably.
lib: merge `ENABLE_QUIC` C macro into `USE_HTTP3`
Before this patch `lib/curl_setup.h` defined these two macros right
next to each other, then the source code used them interchangeably.
After this patch, `USE_HTTP3` guards all HTTP/3 / QUIC features.
(Like `USE_HTTP2` does for HTTP/2.) `ENABLE_QUIC` is no longer used.
This patch doesn't change the way HTTP/3 is enabled via autotools
or CMake. Builders who enabled HTTP/3 manually by defining both of
these macros via `CPPFLAGS` can now delete `-DENABLE_QUIC`.
Closes #13352
show more ...
|
| #
8cee4c92 |
| 10-Apr-2024 |
Stefan Eissing |
gnutls: lazy init the trust settings
- delay loading of trust anchors and CRLs after the ClientHello
has been sent off
- add tracing to IO operations
- on IO errors, return the
gnutls: lazy init the trust settings
- delay loading of trust anchors and CRLs after the ClientHello
has been sent off
- add tracing to IO operations
- on IO errors, return the CURLcode of the underlying filter
Closes #13339
show more ...
|
| #
32101010 |
| 22-Mar-2024 |
Stefan Eissing |
tls: use shared init code for TCP+QUIC
Closes #13172
|
| #
181f5f33 |
| 13-Mar-2024 |
Jay Satiro |
vquic-tls: fix the error code returned for bad CA file
- Return CURLE_SSL_CACERT_BADFILE if wolfSSL encounters a problem
reading the cert file or path.
This is a follow-up to
vquic-tls: fix the error code returned for bad CA file
- Return CURLE_SSL_CACERT_BADFILE if wolfSSL encounters a problem
reading the cert file or path.
This is a follow-up to the parent commit aedbbdf1.
Reported-by: Karthikdasari0423@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/13115
show more ...
|
| #
aedbbdf1 |
| 11-Mar-2024 |
Daniel Stenberg |
vquic-tls: return appropirate errors on wolfSSL errors
Reported-by: Dexter Gerig
Closes #13107
|
| #
0535f6ec |
| 18-Jan-2024 |
Stefan Eissing |
http3: initial support for OpenSSL 3.2 QUIC stack
- HTTP/3 for curl using OpenSSL's own QUIC stack together
with nghttp3
- configure with `--with-openssl-quic` to enable curl to
http3: initial support for OpenSSL 3.2 QUIC stack
- HTTP/3 for curl using OpenSSL's own QUIC stack together
with nghttp3
- configure with `--with-openssl-quic` to enable curl to
build this. This requires the nghttp3 library
- implementation with the following restrictions:
* macOS has to use an unconnected UDP socket due to an
issue in OpenSSL's datagram implementation
See https://github.com/openssl/openssl/issues/23251
This makes connections to non-reponsive servers hang.
* GET requests will send the indicator that they have
no body in a separate QUIC packet. This may result
in processing delays or Transfer-Encodings on proxied
requests
* uploads that encounter blocks will use 100% cpu as
detection of these flow control issue is not working
(we have not figured out to pry that from OpenSSL).
Closes #12734
show more ...
|
| #
5d044ad9 |
| 09-Jan-2024 |
Stefan Eissing |
vquic: extract TLS setup into own source
- separate ngtcp2 specific parts out
- provide callback during init to allow ngtcp2 to apply its defaults
Closes #12678
|
