Make it error if another TLS backend is used. Also tweaked the
documentation for it to make it more clear it is only for OpenSSL.
Follow-up to 9cf4759354
Reported-by: Michael Osipov
Fixes#18362Closes#18364
- drop `ALLOW_RENEG` undocumented (insecure) build-time option.
- drop unnecessary check for `OPENSSL_VERSION_NUMBER`.
It's present in all supported OpenSSL versions and forks.
Follow-up to 80c10c5d5d#18351
Follow-up to 59311bd3df#3293#3283Closes#18359
To please the curl_multi_setopt() typechecker
- set multi callback protypes to match exactylu
- set CURLMOPT_MAX_HOST_CONNECTIONS as a long
Closes#18357
... even if there are tests still pending. To help visualize tests that
might be hanging.
Attempts to set the limit at 10 seconds of silence.
Closes#18349
- cancel thread waits until thread start is at least 5ms in the past
to give it some time to get its cancellation setup in place
- cancel thread without holding the mutex. It's supposed to be an
async operation, but better be safe
- set DEFERRED cancel state explicitly, should be default in a pthread,
but better be safe
Closes#18350
- assume:
- `BIO_CTRL_EOF`
- `SSL_CTRL_SET_MSG_CALLBACK`
- `SSL_CTRL_SET_MSG_CALLBACK`
- `SSL_CTRL_SET_TLSEXT_HOSTNAME`
- `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`
- `SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS`
- `SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG`
- `SSL_OP_NO_COMPRESSION`
- `SSL_OP_NO_TICKET`
- `X509_V_FLAG_PARTIAL_CHAIN`
- `X509_V_FLAG_TRUSTED_FIRST`
They are present in all supported OpenSSL (and fork) versions.
- replace `SSL_ERROR_WANT_EARLY` with `SSL_ERROR_WANT_CLIENT_HELLO_CB`.
The former appeared in OpenSSL 1.1.1-dev, but renamed before
the stable release.
- document support for macros:
- `ENGINE_CTRL_GET_CMD_FROM_NAME`
- `SSL_ERROR_WANT_ASYNC_JOB`
- `SSL_ERROR_WANT_ASYNC`
- `SSL2_VERSION_MAJOR`
- `TLS1_3_VERSION`
- drop legacy fallback for `CONF_MFLAGS_DEFAULT_SECTION`.
It was there for OpenSSL 0.9.8 support.
- fix `SSL_CTRL_SET_MSG_CALLBACK` accidentally serving as a guard for
OpenSSL (and forks) as a whole.
Tested OK with OpenSSL 1.0.2 and 1.1.0 in CI.
Closes#18351
Add optional detail to `Curl_resolver_error()` to add to failure message
where available. This makes, for c-ares, the reason for a failed
resource available to the user without extra trace config.
When "dns" tracing enabled, print the c-ares server config at the start
of a resolve.
Closes#18251
Add a flag `thrd_don` to assess if the resolving thread has finished and
only destroy the context when *both* ref_count reaches 0 and thrd_done
is true.
Closes#18345
When the thread started is too fast, the signal will come before the
wait. Add an additional check before the wait to catch the thread
having started or already ended.
Closes#18344
- During handshake, do not require reading more data if unprocessed
encrypted data that may be a complete TLS record is already available.
- During handshake, check that the socket is writeable before processing
encrypted data that may require an immediate reply to the server.
These two fixes are for issues that were found during renegotiation
testing but could affect any handshake.
Prior to this change it was possible in some abnormal network conditions
for the Schannel TLS handshake procedure to erroneously wait or error.
Ref: https://github.com/curl/curl/pull/18125
Closes https://github.com/curl/curl/pull/18323
It had a typo, but it wasn't causing an issue, because `TLS1_3_VERSION`
is enough to detect this feature and the version check remained unused.
Follow-up to 0d3b5937b3#16477
Cherry-picked from #18330Closes#18333
Changed strategy to start up and terminate resolver thread.
When starting up:
Start the thread with mutex acquired, wait for signal from thread that
it started and has incremented the ref counter. Thread set
pthread_cancel() to disabled before that and only enables cancelling
during resolving itself. This assure that the ref counter is correct and
the unlinking of the resolve context always happens.
When shutting down resolving:
If ref counting shows thread has finished, join it, free everything. If
thread has not finished, try pthread_cancel() (non Windows), but keep
the thread handle around.
When destroying resolving:
Shutdown first, then, if the thread is still there and 'quick_exit' is
not set, join it and free everything. This might occur a delay if
getaddrinfo() hangs and cannot be interrupted by pthread_cancel().
Destroying resolving happens when another resolve is started on an
easy handle or when the easy handle is closed.
Add test795 to check that connect timeout triggers correctly
when resolving is delayed. Add debug env var `CURL_DNS_DELAY_MS`
to simulate delays in resolving.
Fix test1557 to set `quick_exit` and use `xxx.invalid` as domain
instead of `nothing` that was leading to hangers in CI.
Closes#18263
`runtests.pl` defaults to `-` if a command is not set, since
c43ad0f972.
Also:
- drop a stray `</file>`.
- replace a `nothing` with a guaranteed invalid hostname.
Ref: 4334033b43
- replace unused URLs with `-`.
Closes#18319
We are destroying the ares channel already when we shutdown
resolving. Querying the pollset afterwards is still happening,
especially in event based processing and needs to work in the
absence of a channel.
Fixes#18317
Reported-by: Natris on github
Closes#18318
To make the CI jobs use native Win32 API calls instead of calling
external tools to look up and kill PIDs of native Windows test server
processes.
Follow-up to 2388b0e587#18308Closes#18296
