libcurl: update to 8.14.0

author: dartraiden <wowemuh@gmail.com> 2025-06-04 09:49:23 +0300
committer: dartraiden <wowemuh@gmail.com> 2025-06-04 10:27:11 +0300
commit: 86d1a677fd310d7d90d6f7545c02a4bd68e1d955 (patch)
tree: 7fd5f46ef18038d10dcdf9fa19ffee547d51d6ad /libs/libcurl/src/vtls/rustls.c
parent: e8e2a816fbbcec0d6a64496928fecff19c281d82 (diff)
1 files changed, 27 insertions, 26 deletions
diff --git a/libs/libcurl/src/vtls/rustls.c b/libs/libcurl/src/vtls/rustls.c
index f8e668e17a..4876175212 100644
--- a/libs/libcurl/src/vtls/rustls.c
+++ b/libs/libcurl/src/vtls/rustls.c
@@ -24,22 +24,22 @@
  * SPDX-License-Identifier: curl
  *
  ***************************************************************************/
-#include "curl_setup.h"
+#include "../curl_setup.h"
 
 #ifdef USE_RUSTLS
 
-#include "curl_printf.h"
+#include "../curl_printf.h"
 
 #include <rustls.h>
 
-#include "inet_pton.h"
-#include "urldata.h"
-#include "sendf.h"
+#include "../curlx/inet_pton.h"
+#include "../urldata.h"
+#include "../sendf.h"
 #include "vtls.h"
 #include "vtls_int.h"
 #include "rustls.h"
 #include "keylog.h"
-#include "strerror.h"
+#include "../strerror.h"
 #include "cipher_suite.h"
 #include "x509asn1.h"
 
@@ -417,7 +417,7 @@ read_file_into(const char *filename,
     uint8_t buf[256];
     const size_t rr = fread(buf, 1, sizeof(buf), f);
     if(rr == 0 ||
-       CURLE_OK != Curl_dyn_addn(out, buf, rr)) {
+       CURLE_OK != curlx_dyn_addn(out, buf, rr)) {
       fclose(f);
       return 0;
     }
@@ -692,7 +692,7 @@ init_config_builder_verifier_crl(
   struct dynbuf crl_contents;
   rustls_result rr;
 
-  Curl_dyn_init(&crl_contents, DYN_CRLFILE_SIZE);
+  curlx_dyn_init(&crl_contents, DYN_CRLFILE_SIZE);
   if(!read_file_into(conn_config->CRLfile, &crl_contents)) {
     failf(data, "rustls: failed to read revocation list file");
     result = CURLE_SSL_CRL_BADFILE;
@@ -701,8 +701,8 @@ init_config_builder_verifier_crl(
 
   rr = rustls_web_pki_server_cert_verifier_builder_add_crl(
     builder,
-    Curl_dyn_uptr(&crl_contents),
-    Curl_dyn_len(&crl_contents));
+    curlx_dyn_uptr(&crl_contents),
+    curlx_dyn_len(&crl_contents));
   if(rr != RUSTLS_RESULT_OK) {
     rustls_failf(data, rr, "failed to parse revocation list");
     result = CURLE_SSL_CRL_BADFILE;
@@ -710,7 +710,7 @@ init_config_builder_verifier_crl(
   }
 
 cleanup:
-  Curl_dyn_free(&crl_contents);
+  curlx_dyn_free(&crl_contents);
   return result;
 }
 
@@ -868,8 +868,8 @@ init_config_builder_client_auth(struct Curl_easy *data,
     return CURLE_SSL_CERTPROBLEM;
   }
 
-  Curl_dyn_init(&cert_contents, SIZE_MAX);
-  Curl_dyn_init(&key_contents, SIZE_MAX);
+  curlx_dyn_init(&cert_contents, DYN_CERTFILE_SIZE);
+  curlx_dyn_init(&key_contents, DYN_KEYFILE_SIZE);
 
   if(!read_file_into(conn_config->clientcert, &cert_contents)) {
     failf(data, "rustls: failed to read client certificate file: '%s'",
@@ -884,10 +884,10 @@ init_config_builder_client_auth(struct Curl_easy *data,
     goto cleanup;
   }
 
-  rr = rustls_certified_key_build(Curl_dyn_uptr(&cert_contents),
-                                  Curl_dyn_len(&cert_contents),
-                                  Curl_dyn_uptr(&key_contents),
-                                  Curl_dyn_len(&key_contents),
+  rr = rustls_certified_key_build(curlx_dyn_uptr(&cert_contents),
+                                  curlx_dyn_len(&cert_contents),
+                                  curlx_dyn_uptr(&key_contents),
+                                  curlx_dyn_len(&key_contents),
                                   &certified_key);
   if(rr != RUSTLS_RESULT_OK) {
     rustls_failf(data, rr, "rustls: failed to build certified key");
@@ -915,8 +915,8 @@ init_config_builder_client_auth(struct Curl_easy *data,
   }
 
 cleanup:
-  Curl_dyn_free(&cert_contents);
-  Curl_dyn_free(&key_contents);
+  curlx_dyn_free(&cert_contents);
+  curlx_dyn_free(&key_contents);
   if(certified_key) {
     rustls_certified_key_free(certified_key);
   }
@@ -961,8 +961,7 @@ init_config_builder_ech(struct Curl_easy *data,
     return CURLE_OK;
   }
 
-  if(data->set.tls_ech & CURLECH_CLA_CFG
-       && data->set.str[STRING_ECH_CONFIG]) {
+  if(data->set.tls_ech & CURLECH_CLA_CFG && data->set.str[STRING_ECH_CONFIG]) {
     const char *b64 = data->set.str[STRING_ECH_CONFIG];
     size_t decode_result;
     if(!b64) {
@@ -971,7 +970,7 @@ init_config_builder_ech(struct Curl_easy *data,
       goto cleanup;
     }
     /* rustls-ffi expects the raw TLS encoded ECHConfigList bytes */
-    decode_result = Curl_base64_decode(b64, &ech_config, &ech_config_len);
+    decode_result = curlx_base64_decode(b64, &ech_config, &ech_config_len);
     if(decode_result || !ech_config) {
       infof(data, "rustls: cannot base64 decode ECHConfig from command line");
       result = CURLE_SSL_CONNECT_ERROR;
@@ -980,10 +979,8 @@ init_config_builder_ech(struct Curl_easy *data,
   }
   else {
     if(connssl->peer.hostname) {
-      dns = Curl_fetch_addr(
-        data,
-        connssl->peer.hostname,
-        connssl->peer.port);
+      dns = Curl_dnscache_get(data, connssl->peer.hostname,
+                              connssl->peer.port, data->conn->ip_version);
     }
     if(!dns) {
       failf(data, "rustls: ECH requested but no DNS info available");
@@ -1010,6 +1007,10 @@ init_config_builder_ech(struct Curl_easy *data,
     goto cleanup;
   }
 cleanup:
+  /* if we base64 decoded, we can free now */
+  if(data->set.tls_ech & CURLECH_CLA_CFG && data->set.str[STRING_ECH_CONFIG]) {
+    free(ech_config);
+  }
   if(dns) {
     Curl_resolv_unlink(data, &dns);
   }
author	dartraiden <wowemuh@gmail.com>	2025-06-04 09:49:23 +0300
committer	dartraiden <wowemuh@gmail.com>	2025-06-04 10:27:11 +0300
commit	86d1a677fd310d7d90d6f7545c02a4bd68e1d955 (patch)
tree	7fd5f46ef18038d10dcdf9fa19ffee547d51d6ad /libs/libcurl/src/vtls/rustls.c
parent	e8e2a816fbbcec0d6a64496928fecff19c281d82 (diff)