delta/curl.git/lib/vtls, branch bagder/https-proxyu-req-http github.com: bagder/curl.git vtls: deduplicate client certificates in ssl_config_data 2020-09-14T10:56:47+00:00 Gergely Nagy ngg@tresorit.com 2020-06-29T18:07:37+00:00 182ff2d63c9a25c14ee1e7dc9e6d63e9079df677 Closes #5629 
Closes #5629
lib: fix -Wassign-enum warnings 2020-09-08T11:53:02+00:00 Daniel Stenberg daniel@haxx.se 2020-09-07T08:52:48+00:00 17fcdf6a310d4c80762455ee9d5e4f52bd55c809 configure --enable-debug now enables -Wassign-enum with clang, identifying several enum "abuses" also fixed. Reported-by: Gisle Vanem Bug: https://github.com/curl/curl/commit/879007f8118771f4896334731aaca5850a154675#commitcomment-42087553 Closes #5929 
configure --enable-debug now enables -Wassign-enum with clang,
identifying several enum "abuses" also fixed.

Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/879007f8118771f4896334731aaca5850a154675#commitcomment-42087553

Closes #5929
openssl: consider ALERT_CERTIFICATE_EXPIRED a failed verification 2020-09-07T15:26:27+00:00 Daniel Stenberg daniel@haxx.se 2020-09-07T14:20:16+00:00 6d946ad9feb7d5809f071e4da6125fed28a04be0 If the error reason from the lib is SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR. This unifies the libcurl return code and makes libressl run test 313 (CRL testing) fine. Closes #5934 
If the error reason from the lib is
SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return
CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR.

This unifies the libcurl return code and makes libressl run test 313
(CRL testing) fine.

Closes #5934
openssl: avoid error conditions when importing native CA 2020-09-02T20:47:52+00:00 Daniel Stenberg daniel@haxx.se 2020-09-02T13:26:09+00:00 b3fbb2fb9dde9ab93db67a7ccc2130e68714016b The code section that is OpenSSL 3+ specific now uses the same logic as is used in the version < 3 section. It caused a compiler error without it. Closes #5907 
The code section that is OpenSSL 3+ specific now uses the same logic as
is used in the version < 3 section. It caused a compiler error without
it.

Closes #5907
vtls: make it 'struct Curl_ssl_session' 2020-09-02T20:41:59+00:00 Daniel Stenberg daniel@haxx.se 2020-09-02T10:17:49+00:00 3acb2abdf5c712a11d281f45222efe26e7675656 Use uppercase C for internal symbols. Closes #5906 
Use uppercase C for internal symbols.

Closes #5906
schannel: make it 'struct Curl_schannel*' 2020-09-02T20:41:59+00:00 Daniel Stenberg daniel@haxx.se 2020-09-02T10:11:01+00:00 add7022666299caa823a15e824677d459650743a As internal global names should use captical C. Closes #5906 
As internal global names should use captical C.

Closes #5906
llist: make it "struct Curl_llist" 2020-09-02T20:41:58+00:00 Daniel Stenberg daniel@haxx.se 2020-09-02T10:06:20+00:00 9b3f888a00fe0c796e8ef7f00d03bb2adc2baa4e As internal global names should use captical C. Closes #5906 
As internal global names should use captical C.

Closes #5906
tls: add CURLOPT_SSL_EC_CURVES and --curves 2020-08-30T15:24:04+00:00 Michael Baentsch 57787676+baentsch@users.noreply.github.com 2020-08-29T12:09:24+00:00 ede125b7b7ca8fc5a1fe3d7c1aee6bff2ea0bf24 Closes #5892 
Closes #5892
TLS: fix SRP detection by using the proper #ifdefs 2020-08-28T12:13:05+00:00 Daniel Stenberg daniel@haxx.se 2020-08-27T10:46:43+00:00 68a51324740945f1da9758bc1d26bbe4835bd847 USE_TLS_SRP will be true if *any* selected TLS backend can use SRP HAVE_OPENSSL_SRP is defined when OpenSSL can use it HAVE_GNUTLS_SRP is defined when GnuTLS can use it Clarify in the curl_verison_info docs that CURL_VERSION_TLSAUTH_SRP is set if at least one of the supported backends offers SRP. Reported-by: Stefan Strogin Fixes #5865 Closes #5870 
USE_TLS_SRP will be true if *any* selected TLS backend can use SRP

HAVE_OPENSSL_SRP is defined when OpenSSL can use it

HAVE_GNUTLS_SRP is defined when GnuTLS can use it

Clarify in the curl_verison_info docs that CURL_VERSION_TLSAUTH_SRP is
set if at least one of the supported backends offers SRP.

Reported-by: Stefan Strogin
Fixes #5865
Closes #5870
openssl: Fix wincrypt symbols conflict with BoringSSL 2020-08-27T03:24:41+00:00 Jay Satiro raysatiro@yahoo.com 2020-08-26T05:49:47+00:00 fbe07c6829ba8c5793c84c2856526e19e9029ab9 OpenSSL undefines the conflicting symbols but BoringSSL does not so we must do it ourselves. Reported-by: Samuel Tranchet Assisted-by: Javier Blazquez Ref: https://bugs.chromium.org/p/boringssl/issues/detail?id=371 Ref: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1g/include/openssl/ossl_typ.h#L66-L73 Fixes https://github.com/curl/curl/issues/5669 Closes https://github.com/curl/curl/pull/5857 
OpenSSL undefines the conflicting symbols but BoringSSL does not so we
must do it ourselves.

Reported-by: Samuel Tranchet
Assisted-by: Javier Blazquez

Ref: https://bugs.chromium.org/p/boringssl/issues/detail?id=371
Ref: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1g/include/openssl/ossl_typ.h#L66-L73

Fixes https://github.com/curl/curl/issues/5669
Closes https://github.com/curl/curl/pull/5857