diff options
author | robot-contrib <robot-contrib@yandex-team.ru> | 2022-05-15 13:30:59 +0300 |
---|---|---|
committer | robot-contrib <robot-contrib@yandex-team.ru> | 2022-05-15 13:30:59 +0300 |
commit | 00e5165677c67bdda88ef5b51216688eac357a3a (patch) | |
tree | 230fc76cb76d47655f8481f9ae231c3590f55bfa /contrib/libs/curl/lib/vquic | |
parent | 7a146619b8d5b192fddae23c34605f0494256956 (diff) | |
download | ydb-00e5165677c67bdda88ef5b51216688eac357a3a.tar.gz |
Update contrib/libs/curl to 7.83.1
ref:e0fbfbe6faf65e15f45ef0f846e92356916e91cf
Diffstat (limited to 'contrib/libs/curl/lib/vquic')
-rw-r--r-- | contrib/libs/curl/lib/vquic/msh3.c | 11 | ||||
-rw-r--r-- | contrib/libs/curl/lib/vquic/ngtcp2.c | 13 |
2 files changed, 18 insertions, 6 deletions
diff --git a/contrib/libs/curl/lib/vquic/msh3.c b/contrib/libs/curl/lib/vquic/msh3.c index 071f13e1fc..47279bd2b2 100644 --- a/contrib/libs/curl/lib/vquic/msh3.c +++ b/contrib/libs/curl/lib/vquic/msh3.c @@ -95,7 +95,9 @@ static const MSH3_REQUEST_IF msh3_request_if = { void Curl_quic_ver(char *p, size_t len) { - (void)msnprintf(p, len, "msh3/%s", "0.0.1"); + uint32_t v[4]; + MsH3Version(v); + (void)msnprintf(p, len, "msh3/%d.%d.%d.%d", v[0], v[1], v[2], v[3]); } CURLcode Curl_quic_connect(struct Curl_easy *data, @@ -121,7 +123,10 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, return CURLE_FAILED_INIT; } - qs->conn = MsH3ConnectionOpen(qs->api, conn->host.name, unsecure); + qs->conn = MsH3ConnectionOpen(qs->api, + conn->host.name, + (uint16_t)conn->remote_port, + unsecure); if(!qs->conn) { failf(data, "can't create msh3 connection"); if(qs->api) { @@ -357,7 +362,7 @@ static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext, struct HTTP *stream = IfContext; (void)Request; (void)AbortError; - H3BUGF(printf("* msh3_complete, aborted=%hhu\n", Aborted)); + H3BUGF(printf("* msh3_complete, aborted=%s\n", Aborted ? "true" : "false")); msh3_lock_acquire(&stream->recv_lock); if(Aborted) { stream->recv_error = CURLE_HTTP3; /* TODO - how do we pass AbortError? */ diff --git a/contrib/libs/curl/lib/vquic/ngtcp2.c b/contrib/libs/curl/lib/vquic/ngtcp2.c index 233d7e2e4f..2636985597 100644 --- a/contrib/libs/curl/lib/vquic/ngtcp2.c +++ b/contrib/libs/curl/lib/vquic/ngtcp2.c @@ -264,6 +264,7 @@ static SSL_QUIC_METHOD quic_method = {quic_set_encryption_secrets, static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) { + struct connectdata *conn = data->conn; SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method()); SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION); @@ -291,12 +292,11 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback); } - { - struct connectdata *conn = data->conn; + if(conn->ssl_config.verifypeer) { const char * const ssl_cafile = conn->ssl_config.CAfile; const char * const ssl_capath = conn->ssl_config.CApath; - if(conn->ssl_config.verifypeer) { + if(ssl_cafile || ssl_capath) { SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); /* tell OpenSSL where to find CA certificates that are used to verify the server's certificate. */ @@ -311,6 +311,13 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); } +#ifdef CURL_CA_FALLBACK + else { + /* verifying the peer without any CA certificates won't work so + use openssl's built-in default as fallback */ + SSL_CTX_set_default_verify_paths(ssl_ctx); + } +#endif } return ssl_ctx; } |