diff options
| author | Brad King <brad.king@kitware.com> | 2022-05-16 15:43:51 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2022-05-16 15:43:51 (GMT) |
| commit | 71747a28ea56d8e2f86759176c15fc1e56f5f605 (patch) | |
| tree | e49f7f73e1b16cdc08f05666cd5e3089584b493d /Utilities/cmcurl/lib/vquic | |
| parent | 02902188ecfb85824c4bea56c2d3262791adbda9 (diff) | |
| parent | 9d8f81f4f8ac4a234ced9c446958fdfcaed4faa3 (diff) | |
| download | CMake-71747a28ea56d8e2f86759176c15fc1e56f5f605.zip CMake-71747a28ea56d8e2f86759176c15fc1e56f5f605.tar.gz CMake-71747a28ea56d8e2f86759176c15fc1e56f5f605.tar.bz2 | |
Merge branch 'upstream-curl' into update-curl
* upstream-curl:
curl 2022-05-11 (462196e6)
Diffstat (limited to 'Utilities/cmcurl/lib/vquic')
| -rw-r--r-- | Utilities/cmcurl/lib/vquic/msh3.c | 11 | ||||
| -rw-r--r-- | Utilities/cmcurl/lib/vquic/ngtcp2.c | 13 |
2 files changed, 18 insertions, 6 deletions
diff --git a/Utilities/cmcurl/lib/vquic/msh3.c b/Utilities/cmcurl/lib/vquic/msh3.c index be18e6e..f7bd315 100644 --- a/Utilities/cmcurl/lib/vquic/msh3.c +++ b/Utilities/cmcurl/lib/vquic/msh3.c @@ -95,7 +95,9 @@ static const MSH3_REQUEST_IF msh3_request_if = { void Curl_quic_ver(char *p, size_t len) { - (void)msnprintf(p, len, "msh3/%s", "0.0.1"); + uint32_t v[4]; + MsH3Version(v); + (void)msnprintf(p, len, "msh3/%d.%d.%d.%d", v[0], v[1], v[2], v[3]); } CURLcode Curl_quic_connect(struct Curl_easy *data, @@ -121,7 +123,10 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, return CURLE_FAILED_INIT; } - qs->conn = MsH3ConnectionOpen(qs->api, conn->host.name, unsecure); + qs->conn = MsH3ConnectionOpen(qs->api, + conn->host.name, + (uint16_t)conn->remote_port, + unsecure); if(!qs->conn) { failf(data, "can't create msh3 connection"); if(qs->api) { @@ -357,7 +362,7 @@ static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext, struct HTTP *stream = IfContext; (void)Request; (void)AbortError; - H3BUGF(printf("* msh3_complete, aborted=%hhu\n", Aborted)); + H3BUGF(printf("* msh3_complete, aborted=%s\n", Aborted ? "true" : "false")); msh3_lock_acquire(&stream->recv_lock); if(Aborted) { stream->recv_error = CURLE_HTTP3; /* TODO - how do we pass AbortError? */ diff --git a/Utilities/cmcurl/lib/vquic/ngtcp2.c b/Utilities/cmcurl/lib/vquic/ngtcp2.c index abce631..f1a64ee 100644 --- a/Utilities/cmcurl/lib/vquic/ngtcp2.c +++ b/Utilities/cmcurl/lib/vquic/ngtcp2.c @@ -264,6 +264,7 @@ static SSL_QUIC_METHOD quic_method = {quic_set_encryption_secrets, static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) { + struct connectdata *conn = data->conn; SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method()); SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION); @@ -291,12 +292,11 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback); } - { - struct connectdata *conn = data->conn; + if(conn->ssl_config.verifypeer) { const char * const ssl_cafile = conn->ssl_config.CAfile; const char * const ssl_capath = conn->ssl_config.CApath; - if(conn->ssl_config.verifypeer) { + if(ssl_cafile || ssl_capath) { SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); /* tell OpenSSL where to find CA certificates that are used to verify the server's certificate. */ @@ -311,6 +311,13 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); } +#ifdef CURL_CA_FALLBACK + else { + /* verifying the peer without any CA certificates won't work so + use openssl's built-in default as fallback */ + SSL_CTX_set_default_verify_paths(ssl_ctx); + } +#endif } return ssl_ctx; } |