diff options
| author | dartraiden <wowemuh@gmail.com> | 2025-06-04 10:22:08 +0300 |
|---|---|---|
| committer | dartraiden <wowemuh@gmail.com> | 2025-06-04 10:27:15 +0300 |
| commit | b14c227e81e60d9d87b6a56074d47f8b92727db8 (patch) | |
| tree | 55d8efd8f7d593a520c01c918fdfd0f81e8605ca /libs/libcurl/src/vtls | |
| parent | 114ca3aa13683f413d2297e675741f54b87dd151 (diff) | |
libcurl: update to 8.14.1
Diffstat (limited to 'libs/libcurl/src/vtls')
| -rw-r--r-- | libs/libcurl/src/vtls/gtls.c | 2 | ||||
| -rw-r--r-- | libs/libcurl/src/vtls/keylog.c | 2 | ||||
| -rw-r--r-- | libs/libcurl/src/vtls/keylog.h | 2 | ||||
| -rw-r--r-- | libs/libcurl/src/vtls/openssl.c | 8 | ||||
| -rw-r--r-- | libs/libcurl/src/vtls/schannel_verify.c | 2 | ||||
| -rw-r--r-- | libs/libcurl/src/vtls/vtls.c | 8 | ||||
| -rw-r--r-- | libs/libcurl/src/vtls/vtls_scache.c | 13 | ||||
| -rw-r--r-- | libs/libcurl/src/vtls/vtls_scache.h | 2 | ||||
| -rw-r--r-- | libs/libcurl/src/vtls/wolfssl.c | 24 | ||||
| -rw-r--r-- | libs/libcurl/src/vtls/x509asn1.c | 2 |
10 files changed, 34 insertions, 31 deletions
diff --git a/libs/libcurl/src/vtls/gtls.c b/libs/libcurl/src/vtls/gtls.c index 1bd7793111..7f2401afd5 100644 --- a/libs/libcurl/src/vtls/gtls.c +++ b/libs/libcurl/src/vtls/gtls.c @@ -233,7 +233,7 @@ static void unload_file(gnutls_datum_t data) }
-/* this function does a SSL/TLS (re-)handshake */
+/* this function does an SSL/TLS (re-)handshake */
static CURLcode handshake(struct Curl_cfilter *cf,
struct Curl_easy *data)
{
diff --git a/libs/libcurl/src/vtls/keylog.c b/libs/libcurl/src/vtls/keylog.c index 77321c9f76..3e6bdff54e 100644 --- a/libs/libcurl/src/vtls/keylog.c +++ b/libs/libcurl/src/vtls/keylog.c @@ -94,7 +94,7 @@ Curl_tls_keylog_write_line(const char *line) linelen = strlen(line);
if(linelen == 0 || linelen > sizeof(buf) - 2) {
- /* Empty line or too big to fit in a LF and NUL. */
+ /* Empty line or too big to fit in an LF and NUL. */
return FALSE;
}
diff --git a/libs/libcurl/src/vtls/keylog.h b/libs/libcurl/src/vtls/keylog.h index 5b2df7fe8f..88151dea2d 100644 --- a/libs/libcurl/src/vtls/keylog.h +++ b/libs/libcurl/src/vtls/keylog.h @@ -61,7 +61,7 @@ bool Curl_tls_keylog_write(const char *label, const unsigned char *secret, size_t secretlen);
/*
- * Appends a line to the key log file, ensure it is terminated by a LF.
+ * Appends a line to the key log file, ensure it is terminated by an LF.
* Returns true iff the key log file is open and a valid line was provided.
*/
bool Curl_tls_keylog_write_line(const char *line);
diff --git a/libs/libcurl/src/vtls/openssl.c b/libs/libcurl/src/vtls/openssl.c index b5ae754a96..2556b5c57f 100644 --- a/libs/libcurl/src/vtls/openssl.c +++ b/libs/libcurl/src/vtls/openssl.c @@ -698,9 +698,11 @@ static long ossl_bio_cf_ctrl(BIO *bio, int cmd, long num, void *ptr) ret = 1;
break;
#ifdef BIO_CTRL_EOF
- case BIO_CTRL_EOF:
+ case BIO_CTRL_EOF: {
/* EOF has been reached on input? */
- return !cf->next || !cf->next->connected;
+ struct ssl_connect_data *connssl = cf->ctx;
+ return connssl->peer_closed;
+ }
#endif
default:
ret = 0;
@@ -4048,7 +4050,7 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, CVE-2010-4180 when using previous OpenSSL versions we no longer enable
this option regardless of OpenSSL version and SSL_OP_ALL definition.
- OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability:
+ OpenSSL added a work-around for an SSL 3.0/TLS 1.0 CBC vulnerability:
https://web.archive.org/web/20240114184648/openssl.org/~bodo/tls-cbc.txt.
In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around
despite the fact that SSL_OP_ALL is documented to do "rather harmless"
diff --git a/libs/libcurl/src/vtls/schannel_verify.c b/libs/libcurl/src/vtls/schannel_verify.c index 69d79182cf..b4d7241790 100644 --- a/libs/libcurl/src/vtls/schannel_verify.c +++ b/libs/libcurl/src/vtls/schannel_verify.c @@ -331,7 +331,7 @@ static CURLcode add_certs_file_to_store(HCERTSTORE trust_store, }
}
- /* Null terminate the buffer */
+ /* null-terminate the buffer */
ca_file_buffer[ca_file_bufsize] = '\0';
result = add_certs_data_to_store(trust_store,
diff --git a/libs/libcurl/src/vtls/vtls.c b/libs/libcurl/src/vtls/vtls.c index 37aaea9358..f707e92577 100644 --- a/libs/libcurl/src/vtls/vtls.c +++ b/libs/libcurl/src/vtls/vtls.c @@ -768,8 +768,8 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, do {
end_pos = strstr(begin_pos, ";sha256//");
/*
- * if there is an end_pos, null terminate,
- * otherwise it will go to the end of the original string
+ * if there is an end_pos, null-terminate, otherwise it will go to the
+ * end of the original string
*/
if(end_pos)
end_pos[0] = '\0';
@@ -845,8 +845,8 @@ CURLcode Curl_pin_peer_pubkey(struct Curl_easy *data, }
/*
- * Otherwise we will assume it is PEM and try to decode it
- * after placing null terminator
+ * Otherwise we will assume it is PEM and try to decode it after placing
+ * null-terminator
*/
pem_read = pubkey_pem_to_der(curlx_dyn_ptr(&buf), &pem_ptr, &pem_len);
/* if it was not read successfully, exit */
diff --git a/libs/libcurl/src/vtls/vtls_scache.c b/libs/libcurl/src/vtls/vtls_scache.c index d2d2718e51..3e1825d635 100644 --- a/libs/libcurl/src/vtls/vtls_scache.c +++ b/libs/libcurl/src/vtls/vtls_scache.c @@ -108,7 +108,7 @@ static struct Curl_ssl_scache *cf_ssl_scache_get(struct Curl_easy *data) return scache;
}
-static void cf_ssl_scache_sesssion_ldestroy(void *udata, void *obj)
+static void cf_ssl_scache_session_ldestroy(void *udata, void *obj)
{
struct Curl_ssl_session *s = obj;
(void)udata;
@@ -161,7 +161,7 @@ Curl_ssl_session_create2(void *sdata, size_t sdata_len, if(alpn) {
s->alpn = strdup(alpn);
if(!s->alpn) {
- cf_ssl_scache_sesssion_ldestroy(NULL, s);
+ cf_ssl_scache_session_ldestroy(NULL, s);
return CURLE_OUT_OF_MEMORY;
}
}
@@ -176,7 +176,7 @@ void Curl_ssl_session_destroy(struct Curl_ssl_session *s) if(Curl_node_llist(&s->list))
Curl_node_remove(&s->list);
else {
- cf_ssl_scache_sesssion_ldestroy(NULL, s);
+ cf_ssl_scache_session_ldestroy(NULL, s);
}
}
}
@@ -341,7 +341,7 @@ CURLcode Curl_ssl_scache_create(size_t max_peers, for(i = 0; i < scache->peer_count; ++i) {
scache->peers[i].max_sessions = max_sessions_per_peer;
Curl_llist_init(&scache->peers[i].sessions,
- cf_ssl_scache_sesssion_ldestroy);
+ cf_ssl_scache_session_ldestroy);
}
*pscache = scache;
@@ -598,9 +598,8 @@ CURLcode Curl_ssl_peer_key_make(struct Curl_cfilter *cf, goto out;
*ppeer_key = curlx_dyn_take(&buf, &key_len);
- /* we just added printable char, and dynbuf always 0 terminates,
- * no need to track length */
-
+ /* we just added printable char, and dynbuf always null-terminates, no need
+ * to track length */
out:
curlx_dyn_free(&buf);
diff --git a/libs/libcurl/src/vtls/vtls_scache.h b/libs/libcurl/src/vtls/vtls_scache.h index 9bce4c36a5..3f2a3978c8 100644 --- a/libs/libcurl/src/vtls/vtls_scache.h +++ b/libs/libcurl/src/vtls/vtls_scache.h @@ -113,7 +113,7 @@ CURLcode Curl_ssl_scache_add_obj(struct Curl_cfilter *cf, void *sobj,
Curl_ssl_scache_obj_dtor *sobj_dtor_cb);
-/* All about a SSL session ticket */
+/* All about an SSL session ticket */
struct Curl_ssl_session {
const void *sdata; /* session ticket data, plain bytes */
size_t sdata_len; /* number of bytes in sdata */
diff --git a/libs/libcurl/src/vtls/wolfssl.c b/libs/libcurl/src/vtls/wolfssl.c index fad04a997f..0971895859 100644 --- a/libs/libcurl/src/vtls/wolfssl.c +++ b/libs/libcurl/src/vtls/wolfssl.c @@ -299,9 +299,11 @@ static long wssl_bio_cf_ctrl(WOLFSSL_BIO *bio, int cmd, long num, void *ptr) ret = 1;
break;
#ifdef WOLFSSL_BIO_CTRL_EOF
- case WOLFSSL_BIO_CTRL_EOF:
+ case WOLFSSL_BIO_CTRL_EOF: {
/* EOF has been reached on input? */
- return !cf->next || !cf->next->connected;
+ struct ssl_connect_data *connssl = cf->ctx;
+ return connssl->peer_closed;
+ }
#endif
default:
ret = 0;
@@ -509,7 +511,7 @@ static CURLcode wssl_on_session_reuse(struct Curl_cfilter *cf, *do_early_data = FALSE;
#ifdef WOLFSSL_EARLY_DATA
connssl->earlydata_max = wolfSSL_SESSION_get_max_early_data(
- wolfSSL_get_session(wssl->ssl));
+ wolfSSL_get_session(wssl->ssl));
#else
(void)wssl;
connssl->earlydata_max = 0;
@@ -574,11 +576,19 @@ wssl_setup_session(struct Curl_cfilter *cf, if(result)
goto out;
}
+#ifdef WOLFSSL_EARLY_DATA
if(do_early_data) {
+ unsigned int edmax = (scs->earlydata_max < UINT_MAX) ?
+ (unsigned int)scs->earlydata_max : UINT_MAX;
/* We only try the ALPN protocol the session used before,
* otherwise we might send early data for the wrong protocol */
Curl_alpn_restrict_to(alpns, scs->alpn);
+ wolfSSL_set_max_early_data(wss->ssl, edmax);
}
+#else
+ /* Should never enable when not supported */
+ DEBUGASSERT(!do_early_data);
+#endif
}
}
wolfSSL_SESSION_free(session);
@@ -931,14 +941,6 @@ wssl_legacy_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) "POLY1305_SHA256:TLS_AES_128_CCM_SHA256"
#define QUIC_GROUPS "P-256:P-384:P-521"
-#if defined(HAVE_SECRET_CALLBACK)
-static void keylog_callback(const WOLFSSL *ssl, const char *line)
-{
- (void)ssl;
- Curl_tls_keylog_write_line(line);
-}
-#endif
-
CURLcode Curl_wssl_ctx_init(struct wssl_ctx *wctx,
struct Curl_cfilter *cf,
struct Curl_easy *data,
diff --git a/libs/libcurl/src/vtls/x509asn1.c b/libs/libcurl/src/vtls/x509asn1.c index d9c970d7d2..1b4821484c 100644 --- a/libs/libcurl/src/vtls/x509asn1.c +++ b/libs/libcurl/src/vtls/x509asn1.c @@ -256,7 +256,7 @@ static const char *getASN1Element(struct Curl_asn1Element *elem, #ifdef WANT_EXTRACT_CERTINFO
/*
- * Search the null terminated OID or OID identifier in local table.
+ * Search the null-terminated OID or OID identifier in local table.
* Return the table entry pointer or NULL if not found.
*/
static const struct Curl_OID *searchOID(const char *oid)
|