Rustls client auth #2
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This isn't needed anymore after curl#15835, since banned functions are just allowed in general in `docs/examples/.checksrc`, and emits a warning when running make checksrc: `invalid warning specified in .checksrc: "SNPRINTF"` Closes curl#15916
Subparts may have been previously used as a top-level mime structure and thus not rewound. New test 695 checks the proper functioning in these particular conditions. Reported-by: Qriist on github Fixes curl#15842 Closes curl#15911
Count connections to a host against a possibly configured destination limit. Trigger multi `connchange` when a connection has been shutdown, so pending transfers can try to get a connection once again. Reported-by: baranyaib90 on github Fixes curl#15857 Closes curl#15879
Bumps [cygwin/cygwin-install-action](https://github.com/cygwin/cygwin-install-action) from 4 to 5. - [Release notes](https://github.com/cygwin/cygwin-install-action/releases) - [Commits](cygwin/cygwin-install-action@006ad0b...f61179d) --- updated-dependencies: - dependency-name: cygwin/cygwin-install-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Closes curl#15918
MSVC 1900 and older is missing a `const` specifier in the `inet_ntop()` declaration for the second argument. A workaround was in place for it in cmake, but it didn't cover all necessary versions. Replace the workaround with a different one, move it to `lib/inet_ntop.c` and extend to all necessary MSVC versions. Also add CI jobs for the older MSVC versions: 2013, 2015, 2017. Closes curl#15923
Follow-up to 8cfc936 curl#10674 Follow-up to d620ec6 curl#14700 Closes curl#15926
Follow-up to 50f6a6b curl#15926
- bump cookie counter and "creation time" to use 'unsigned int' - use BIT() for single-bit struct field - make invalid_octets() return bool properly Closes curl#15921
To avoid collision with a 3rd-party `RESERVED` symbols. This symbol is used in the public header of MSH3 0.7.0. Closes curl#15929
Starting GHA runner image 20250105.1.0.
As seen on Linux with 0.7.0:
```
/home/runner/msh3/include/msh3.h:377:18: error: width of ‘RESERVED’ exceeds its type
377 | bool RESERVED : 5;
| ^~~~~~~~
/home/runner/msh3/include/msh3.h:490:18: error: width of ‘RESERVED’ exceeds its type
490 | bool RESERVED : 7;
| ^~~~~~~~
```
https://github.com/curl/curl/actions/runs/12655717818/job/35266716846#step:35:195
Bug: curl#15924 (comment)
Bug: curl#15930 (comment)
Closes curl#15927
Also to align with existing VS2010. Keeping the VS2008 job first to give a quick sniff test for MSVC builds. Follow-up to 08ff33e curl#15923 Follow-up to 50f6a6b curl#15926 Closes curl#15932
The `Win64` generator suffix alternative was required by old CMake versions (<3.1) only: https://cmake.org/cmake/help/v3.22/generator/Visual%20Studio%2010%202010.html Closes curl#15935
VS2008 has been partly broken for a while with its shared-debug builds crashing on startup. Its compiler output (UTF-16 HTML) was also barely readable even after conversion. It's also the only platform in CI missing `stdint.h`. This patch migrates a VS2008 job to VS2010 and drops another that already had a VS2010 equivalent. We recommend switching to VS2010 or newer when using MSVC to build curl. Ref: curl#15907 Closes curl#15934
Adds the experimental feature `ssls-export` to libcurl and curl for importing and exporting SSL sessions from/to a file. * add functions to libcurl API * add command line option `--ssl-sessions <filename>` to curl * add documenation * add support in configure * add support in cmake + add pytest case Closes curl#15924
The TE request header field is invalid in HTTP/2. Since clients may not know in advance if a connection negotiates HTTP/2, automatically strip such a header when h2 is in play. Add test_01_10 to verify. Reported-by: Jiri Stary Fixes curl#15941 Closes curl#15943
This discussion: openssl/openssl#23339 (comment) Specifically item number 2 (Send Blocking) was raised by the curl team, noting that SSL_want_write returning false was not a good indicator of when a stream is writeable. The suggestion in that discussion was to use SSL_poll with an SSL_POLL_EVENT_W flag instead, as that is a proper indication of when an SSL_object will allow writing without blocking. While ssl_want_write updates its state based on the last error encountered (implying a need to retry an operation to update the last_error state again), SSL_poll checks stream buffer status during the call, giving it more up to date information on request. This is the method used by our guide demos (quic-hq-interop specifically), and it works well. This change has been run through the curl test suite, and shown to pass all tests. However, given the initial problem description I'm not sure if there is a test case that explicitly checks for blocking and unblocking of streams. As such some additional testing may be warranted. Closes curl#15909
The msh3 backed for QUIC and HTTP/3 was introduced in April 2022 but has never been made to work properly. It has seen no visible traction or developer activity from the msh3 main author (or anyone else seemingly interested) in two years. As a non-functional backend, it only adds friction and "weight" to the development and maintenance. Meanwhile, we have a fully working backend in the ngtcp2 one and we have two fully working backends in OpenSSL-QUIC and quiche well on their way of ending their experimental status in a future. We remove msh3 support from the curl source tree in July 2025. Closes curl#15931
We decided last year not to pursue avoiding this warning, because it adds noise and friction, while in most cases not revealing actual code issues. We fixed the interesting portion of them throughout mid-2024. Conclude this effort by deleting related FIXMEs and temporary comments. Follow-up to 3829759 curl#12489 Closes curl#15939
- autotools: delete stray `VC14_LIB*` references. - autotools: delete (now) empty `CLEANFILES`. - autotools: delete no longer used lib/src .inc includes in root makefile. - autotools: delete stray `cygwinbin` target. - autotools: delete stray `pkgadd` target (Solaris). - lib, src: delete stray files from `.gitignore`. - INSTALL.md: delete reference to non-existing `src/config-win32.h`. - lib/config-win32ce.h: whitespace. - lib/config-win32ce.h: sync comments with `config-win32.h`. Closes curl#15944
Follow-up to 421e592 curl#15832
- moved the dummy functions into the C file, made them non-static - added a Curl_trc_ssls dummy Closes curl#15951
Follow-up to 98932f3 curl#15765 Closes curl#15438
- drop version guard for `__inline`. Supported since `_MSC_VER` 1000. Visual C++, 32-bit, version 4.0 (1996) - drop version guard for `__declspec(noreturn)` and `__forceinline`. Supported since `_MSC_VER` 1200. Visual C++, 32-bit, version 6.0 (1998) For ancient versions, it's possible to override the default behaviour by setting these macros via `CPPFLAGS`: `CURL_NORETURN`, `CURL_INLINE`, `CURL_FORCEINLINE` Closes curl#15946
It's Visual C++, 32-bit, version 2.0, released in 1993. Used to verify if `_INTEGRAL_MAX_BITS` is available. After this patch we assume `_INTEGRAL_MAX_BITS` is always available in MSVC. Closes curl#15952
Pointed out by CodeSonar. "ssl_config" can in fact not be NULL here. Made it an assert instead. Closes curl#15948
Pointed out by CodeSonar. While harmless, we might as well address it. Closes curl#15949
Pointed out by CodeSonar. It is probably not reachable, but might as well just add a precaution. Closes curl#15950
When using early data with GnuTLS, the the timer `appconnect` had the value from the "pretended" connect, not when the actual TLS handshake was done. Closes curl#15954
|
Hi @cpu, hope you don't mind the ping. |
The pending cookie RFC update (currently known as 6265bis draft-19) says Let cookie-age-limit be the maximum age of the cookie (which name of Max-Age and an attribute-value of expiry-time. SHOULD be 400 days or less. This change makes received cookies over the wire get capped to 400 days. It does not cap the expiry date of cookies loaded from file. It does this by rounding the expire time to a even minute. This, to allow the test suite to do the same and have a chance to get the same number for stable testing without requiring a debug build. The test script generates TWO numbers in the output file for each %days[] used in the input test file, and the function that subsequently compares and verifies output is fine with *either* of the two numbers. This is done so that if the test case is generated the second immediately before curl runs, that updated expiry number is also deemed okay. It still checks for an exact match of either number. Closes curl#15937
Use a larger one when shared. Closes curl#15953
curl requires C compilers supporting 64-bit `curl_off_t` type since 8356826 curl#10597 (v8.0.0). Assume the MSVC compiler offers the necessary support. It makes curl require Visual Studio .NET 2003, v7.1 (`_MSC_VER = 1310`). With the possibility that 1300 (Visual Studio .NET, v7.0, 2002), or 1200 (Visual C++, 32-bit, v6.0, 1998) may also work. Follow-up to ca18198 curl#15952 Closes curl#15955
Happy to be pinged :-) Thanks for taking a look at this work.
My personal opinion is that it makes sense to stage this work but not open it as a PR for the Curl developers until there is a rustls-ffi release that offers the needed functionality. I've been tracking the last bits needed for a release in rustls/rustls-ffi#518 - I'm mostly waiting on some upstream Rustls work for post-qc kx. Does that make sense to you? I hope it will only be a matter of weeks and not months. |
We recommend migrating to CMake from winbuild and Visual Studio project files. winbuild is deprecated and will be dropped in September 2025. CMake supports all the features and options, with new ones added promptly. It supports out-of-tree, unity and documentation builds. - deprecate winbuild method in favour of CMake by September 2025. - add migration guide from winbuild to CMake. - add migration guide from Visual Studio Project Files to CMake. - add deprecation message to winbuild. Need to ack with `WINBUILD_ACKNOWLEDGE_DEPRECATED=yes` Authored-by: Jay Satiro - mention `CMAKE_BUILD_TYPE` option in `INSTALL-CMAKE`. - document missing `SSH_PATH` winbuild option. Closes curl#15920
Caused an error when using cmake with gcc 4.4 and 4.5. Also 4.3 when using autotools. Seen with GNU 4.4.0 in CeGCC 0.59.1: ``` cc1: error: unrecognized command line option "-Wtrampolines" ``` `-Wtrampolines` requires gcc 4.6 or upper. Ref: https://gcc.gnu.org/onlinedocs/gcc-4.6.0/gcc/Warning-Options.html Ref: https://master.dl.sourceforge.net/project/cegcc/cegcc/0.59.1/cegcc_mingw32ce_snowleopard_r1397.tar.bz2 Closes curl#15962
- DJGPP 1.x (including `__GO32__`) (MS-DOS) DJGPP 2.x support remains unchanged. - Salford C (Windows) - Turbo C (Windows 16-bit) - Borland C++ < 5.2 (Windows 16-bit?) - Pelles C < 2.8 (Windows) These targets mapped `curl_off_t` to `long`. On Windows and MS-DOS `long` is always 32-bit. curl requires C compilers supporting 64-bit `curl_off_t` type since 8356826 curl#10597 (v8.0.0). Also: drop remaining `__GO32__` and Salford C guards. Closes curl#15957
- drop duplicate declaration block under `__MVS__`. - drop duplicate declaration block under `__IBMC__`. - drop empty `#if` branches under `__IBMC__`. Closes curl#15966
yedayak
force-pushed
the
rustls-client-auth
branch
from
aa4fc16 to
3a2adc4
Compare
yedayak
force-pushed
the
rustls-client-auth
branch
from
3a2adc4 to
f627468
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.