From: Viktor Szakats Date: Mon, 11 Aug 2025 16:31:30 +0000 (+0200) Subject: mbedtls: bump minimum version required to 3.2.0 X-Git-Tag: curl-8_16_0~187 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=01a2308236ffd4a13a45c3d9850a66a602839af6;p=thirdparty%2Fcurl.git mbedtls: bump minimum version required to 3.2.0 3.2.0 was released on July 11, 2022. Ref: #18161 Closes #18254 --- diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml index 29205881f3..5b3d90ea00 100644 --- a/.github/workflows/linux.yml +++ b/.github/workflows/linux.yml @@ -113,17 +113,21 @@ jobs: - name: 'mbedtls' install_packages: libnghttp2-dev install_steps: mbedtls - PKG_CONFIG_PATH: /home/runner/mbedtls/lib/pkgconfig # Requires v3.6.0 or v2.28.8 + PKG_CONFIG_PATH: /home/runner/mbedtls/lib/pkgconfig # Requires v3.6.0 generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON - - name: 'mbedtls-pkg MultiSSL' + - name: 'mbedtls-pkg MultiSSL !pc' install_packages: libnghttp2-dev libmbedtls-dev - generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_DEFAULT_SSL_BACKEND=mbedtls -DCURL_USE_OPENSSL=ON -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF - - - name: 'mbedtls-pkg !pc' - install_packages: libnghttp2-dev libmbedtls-dev - install_steps: skipall - generate: -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_USE_PKGCONFIG=OFF -DCURL_COMPLETION_FISH=ON -DCURL_COMPLETION_ZSH=ON + install_steps: mbedtls skipall + generate: >- + -DCURL_USE_MBEDTLS=ON -DENABLE_DEBUG=ON -DCURL_DEFAULT_SSL_BACKEND=mbedtls + -DMBEDTLS_INCLUDE_DIR=/home/runner/mbedtls/include + -DMBEDTLS_LIBRARY=/home/runner/mbedtls/lib/libmbedtls.a + -DMBEDX509_LIBRARY=/home/runner/mbedtls/lib/libmbedx509.a + -DMBEDCRYPTO_LIBRARY=/home/runner/mbedtls/lib/libmbedcrypto.a + -DCURL_USE_PKGCONFIG=OFF -DCURL_USE_OPENSSL=ON + -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF + -DCURL_COMPLETION_FISH=ON -DCURL_COMPLETION_ZSH=ON - name: 'awslc' install_packages: zlib1g-dev diff --git a/CMake/FindMbedTLS.cmake b/CMake/FindMbedTLS.cmake index fcd6afb3ab..4b5a6121f1 100644 --- a/CMake/FindMbedTLS.cmake +++ b/CMake/FindMbedTLS.cmake @@ -71,23 +71,13 @@ else() find_library(MBEDCRYPTO_LIBRARY NAMES "mbedcrypto" "libmbedcrypto") unset(MBEDTLS_VERSION CACHE) - if(MBEDTLS_INCLUDE_DIR) - if(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h") # 3.x - set(_version_header "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h") - elseif(EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") # 2.x - set(_version_header "${MBEDTLS_INCLUDE_DIR}/mbedtls/version.h") - else() - unset(_version_header) - endif() - if(_version_header) - set(_version_regex "#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"([0-9.]+)\"") - file(STRINGS "${_version_header}" _version_str REGEX "${_version_regex}") - string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") - set(MBEDTLS_VERSION "${_version_str}") - unset(_version_regex) - unset(_version_str) - unset(_version_header) - endif() + if(MBEDTLS_INCLUDE_DIR AND EXISTS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h") + set(_version_regex "#[\t ]*define[\t ]+MBEDTLS_VERSION_STRING[\t ]+\"([0-9.]+)\"") + file(STRINGS "${MBEDTLS_INCLUDE_DIR}/mbedtls/build_info.h" _version_str REGEX "${_version_regex}") + string(REGEX REPLACE "${_version_regex}" "\\1" _version_str "${_version_str}") + set(MBEDTLS_VERSION "${_version_str}") + unset(_version_regex) + unset(_version_str) endif() include(FindPackageHandleStandardArgs) diff --git a/CMakeLists.txt b/CMakeLists.txt index 50db8602d7..5e0bf4bf98 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -802,6 +802,9 @@ endif() if(CURL_USE_MBEDTLS) find_package(MbedTLS REQUIRED) + if(MBEDTLS_VERSION VERSION_LESS 3.2.0) + message(FATAL_ERROR "mbedTLS v3.2.0 or newer is required.") + endif() set(_ssl_enabled ON) set(USE_MBEDTLS ON) list(APPEND CURL_LIBS ${MBEDTLS_LIBRARIES}) diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md index a0b1adc9ed..de993c3e4b 100644 --- a/docs/INTERNALS.md +++ b/docs/INTERNALS.md @@ -27,6 +27,7 @@ versions of libs and build tools. - OpenSSL 1.0.2a - LibreSSL 2.9.1 - GnuTLS 3.1.10 + - mbedTLS 3.2.0 - zlib 1.2.5.2 - libssh2 1.2.8 - c-ares 1.6.0 diff --git a/lib/md4.c b/lib/md4.c index 57545dde93..ab40c41b25 100644 --- a/lib/md4.c +++ b/lib/md4.c @@ -53,15 +53,10 @@ #ifdef USE_MBEDTLS #include -#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -#include -#else -#include -#endif -#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) && \ - (MBEDTLS_VERSION_NUMBER < 0x03000000) - #define HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS +#if MBEDTLS_VERSION_NUMBER < 0x03020000 + #error "mbedTLS 3.2.0 or later required" #endif +#include #endif /* USE_MBEDTLS */ /* When OpenSSL or wolfSSL is available, we use their MD4 functions. */ @@ -220,12 +215,7 @@ static void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size) static void MD4_Final(unsigned char *result, MD4_CTX *ctx) { if(ctx->data) { -#ifndef HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS mbedtls_md4(ctx->data, ctx->size, result); -#else - (void)mbedtls_md4_ret(ctx->data, ctx->size, result); -#endif - Curl_safefree(ctx->data); ctx->size = 0; } diff --git a/lib/md5.c b/lib/md5.c index fea20377fe..625670965a 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -36,10 +36,8 @@ #ifdef USE_MBEDTLS #include - -#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) && \ - (MBEDTLS_VERSION_NUMBER < 0x03000000) - #define HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS +#if MBEDTLS_VERSION_NUMBER < 0x03020000 + #error "mbedTLS 3.2.0 or later required" #endif #endif /* USE_MBEDTLS */ @@ -161,15 +159,8 @@ typedef mbedtls_md5_context my_md5_ctx; static CURLcode my_md5_init(void *ctx) { -#if (MBEDTLS_VERSION_NUMBER >= 0x03000000) if(mbedtls_md5_starts(ctx)) return CURLE_OUT_OF_MEMORY; -#elif defined(HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS) - if(mbedtls_md5_starts_ret(ctx)) - return CURLE_OUT_OF_MEMORY; -#else - (void)mbedtls_md5_starts(ctx); -#endif return CURLE_OK; } @@ -177,20 +168,12 @@ static void my_md5_update(void *ctx, const unsigned char *data, unsigned int length) { -#ifndef HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS (void)mbedtls_md5_update(ctx, data, length); -#else - (void)mbedtls_md5_update_ret(ctx, data, length); -#endif } static void my_md5_final(unsigned char *digest, void *ctx) { -#ifndef HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS (void)mbedtls_md5_finish(ctx, digest); -#else - (void)mbedtls_md5_finish_ret(ctx, digest); -#endif } #elif defined(AN_APPLE_OS) diff --git a/lib/sha256.c b/lib/sha256.c index ca026782a3..6f519add58 100644 --- a/lib/sha256.c +++ b/lib/sha256.c @@ -38,9 +38,8 @@ #include #elif defined(USE_MBEDTLS) #include -#if(MBEDTLS_VERSION_NUMBER >= 0x02070000) && \ - (MBEDTLS_VERSION_NUMBER < 0x03000000) - #define HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS +#if MBEDTLS_VERSION_NUMBER < 0x03020000 + #error "mbedTLS 3.2.0 or later required" #endif #include #elif (defined(__MAC_OS_X_VERSION_MAX_ALLOWED) && \ @@ -134,11 +133,7 @@ typedef mbedtls_sha256_context my_sha256_ctx; static CURLcode my_sha256_init(void *ctx) { -#ifndef HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS (void)mbedtls_sha256_starts(ctx, 0); -#else - (void)mbedtls_sha256_starts_ret(ctx, 0); -#endif return CURLE_OK; } @@ -146,20 +141,12 @@ static void my_sha256_update(void *ctx, const unsigned char *data, unsigned int length) { -#ifndef HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS (void)mbedtls_sha256_update(ctx, data, length); -#else - (void)mbedtls_sha256_update_ret(ctx, data, length); -#endif } static void my_sha256_final(unsigned char *digest, void *ctx) { -#ifndef HAS_MBEDTLS_RESULT_CODE_BASED_FUNCTIONS (void)mbedtls_sha256_finish(ctx, digest); -#else - (void)mbedtls_sha256_finish_ret(ctx, digest); -#endif } #elif defined(AN_APPLE_OS) diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 3280d9057c..06ae10232a 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -37,11 +37,10 @@ /* #define MBEDTLS_DEBUG */ #include -#if MBEDTLS_VERSION_NUMBER >= 0x02040000 -#include -#else -#include +#if MBEDTLS_VERSION_NUMBER < 0x03020000 + #error "mbedTLS 3.2.0 or later required" #endif +#include #include #include @@ -49,13 +48,9 @@ #include #include #include - -#if MBEDTLS_VERSION_MAJOR >= 2 -# ifdef MBEDTLS_DEBUG -# include -# endif -#endif /* MBEDTLS_VERSION_MAJOR >= 2 */ - +#ifdef MBEDTLS_DEBUG +#include +#endif #include "cipher_suite.h" #include "../urldata.h" #include "../sendf.h" @@ -263,11 +258,6 @@ mbed_set_ssl_version_min_max(struct Curl_easy *data, * function basically always sets TLS 1.2 as min/max, unless given * unsupported option values. */ -#if MBEDTLS_VERSION_NUMBER < 0x03020000 - int ver_min = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ - int ver_max = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ -#else - /* mbedTLS 3.2.0 (2022) introduced new methods for setting TLS version */ mbedtls_ssl_protocol_version ver_min = MBEDTLS_SSL_VERSION_TLS1_2; mbedtls_ssl_protocol_version ver_max = #ifdef HAS_TLS13_SUPPORT @@ -276,29 +266,14 @@ mbed_set_ssl_version_min_max(struct Curl_easy *data, MBEDTLS_SSL_VERSION_TLS1_2 #endif ; -#endif switch(conn_config->version) { case CURL_SSLVERSION_DEFAULT: -#if MBEDTLS_VERSION_NUMBER < 0x03000000 case CURL_SSLVERSION_TLSv1: case CURL_SSLVERSION_TLSv1_0: - ver_min = MBEDTLS_SSL_MINOR_VERSION_1; - break; case CURL_SSLVERSION_TLSv1_1: - ver_min = MBEDTLS_SSL_MINOR_VERSION_2; - break; -#else - case CURL_SSLVERSION_TLSv1: - case CURL_SSLVERSION_TLSv1_0: - case CURL_SSLVERSION_TLSv1_1: -#endif case CURL_SSLVERSION_TLSv1_2: -#if MBEDTLS_VERSION_NUMBER < 0x03020000 - ver_min = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ -#else ver_min = MBEDTLS_SSL_VERSION_TLS1_2; -#endif break; case CURL_SSLVERSION_TLSv1_3: #ifdef HAS_TLS13_SUPPORT @@ -320,37 +295,17 @@ mbed_set_ssl_version_min_max(struct Curl_easy *data, break; #endif case CURL_SSLVERSION_MAX_TLSv1_2: -#if MBEDTLS_VERSION_NUMBER < 0x03020000 - ver_max = MBEDTLS_SSL_MINOR_VERSION_3; /* TLS 1.2 */ -#else ver_max = MBEDTLS_SSL_VERSION_TLS1_2; -#endif - break; -#if MBEDTLS_VERSION_NUMBER < 0x03000000 - case CURL_SSLVERSION_MAX_TLSv1_1: - ver_max = MBEDTLS_SSL_MINOR_VERSION_2; break; - case CURL_SSLVERSION_MAX_TLSv1_0: - ver_max = MBEDTLS_SSL_MINOR_VERSION_1; - break; -#else case CURL_SSLVERSION_MAX_TLSv1_1: case CURL_SSLVERSION_MAX_TLSv1_0: -#endif default: failf(data, "mbedTLS: unsupported maximum TLS version value"); return CURLE_SSL_CONNECT_ERROR; } -#if MBEDTLS_VERSION_NUMBER < 0x03020000 - mbedtls_ssl_conf_min_version(&backend->config, MBEDTLS_SSL_MAJOR_VERSION_3, - ver_min); - mbedtls_ssl_conf_max_version(&backend->config, MBEDTLS_SSL_MAJOR_VERSION_3, - ver_max); -#else mbedtls_ssl_conf_min_tls_version(&backend->config, ver_min); mbedtls_ssl_conf_max_tls_version(&backend->config, ver_max); -#endif return CURLE_OK; } @@ -360,7 +315,6 @@ mbed_set_ssl_version_min_max(struct Curl_easy *data, cipher suite present in other SSL implementations. Provide provisional support for specifying the cipher suite here. */ #ifdef MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 static int mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, bool prefer_rfc) @@ -371,7 +325,6 @@ mbed_cipher_suite_get_str(uint16_t id, char *buf, size_t buf_size, return Curl_cipher_suite_get_str(id, buf, buf_size, prefer_rfc); return 0; } -#endif static uint16_t mbed_cipher_suite_walk_str(const char **str, const char **end) @@ -499,8 +452,7 @@ add_ciphers: static void mbed_dump_cert_info(struct Curl_easy *data, const mbedtls_x509_crt *crt) { -#if defined(CURL_DISABLE_VERBOSE_STRINGS) || \ - (MBEDTLS_VERSION_NUMBER >= 0x03000000 && defined(MBEDTLS_X509_REMOVE_INFO)) +#if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(MBEDTLS_X509_REMOVE_INFO) (void)data, (void)crt; #else const size_t bufsize = 16384; @@ -558,7 +510,7 @@ static int mbed_verify_cb(void *ptr, mbedtls_x509_crt *crt, *flags &= ~MBEDTLS_X509_BADCERT_CN_MISMATCH; if(*flags) { -#if MBEDTLS_VERSION_NUMBER < 0x03000000 || !defined(MBEDTLS_X509_REMOVE_INFO) +#ifndef MBEDTLS_X509_REMOVE_INFO char buf[128]; mbedtls_x509_crt_verify_info(buf, sizeof(buf), "", *flags); failf(data, "mbedTLS: %s", buf); @@ -727,15 +679,10 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) if(ssl_config->key || ssl_config->key_blob) { if(ssl_config->key) { #ifdef MBEDTLS_FS_IO -#if MBEDTLS_VERSION_NUMBER >= 0x03000000 ret = mbedtls_pk_parse_keyfile(&backend->pk, ssl_config->key, ssl_config->key_passwd, mbedtls_ctr_drbg_random, &backend->ctr_drbg); -#else - ret = mbedtls_pk_parse_keyfile(&backend->pk, ssl_config->key, - ssl_config->key_passwd); -#endif if(ret == 0 && !(mbedtls_pk_can_do(&backend->pk, MBEDTLS_PK_RSA) || mbedtls_pk_can_do(&backend->pk, MBEDTLS_PK_ECKEY))) ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; @@ -756,17 +703,11 @@ mbed_connect_step1(struct Curl_cfilter *cf, struct Curl_easy *data) const unsigned char *key_data = (const unsigned char *)ssl_key_blob->data; const char *passwd = ssl_config->key_passwd; -#if MBEDTLS_VERSION_NUMBER >= 0x03000000 ret = mbedtls_pk_parse_key(&backend->pk, key_data, ssl_key_blob->len, (const unsigned char *)passwd, passwd ? strlen(passwd) : 0, mbedtls_ctr_drbg_random, &backend->ctr_drbg); -#else - ret = mbedtls_pk_parse_key(&backend->pk, key_data, ssl_key_blob->len, - (const unsigned char *)passwd, - passwd ? strlen(passwd) : 0); -#endif if(ret == 0 && !(mbedtls_pk_can_do(&backend->pk, MBEDTLS_PK_RSA) || mbedtls_pk_can_do(&backend->pk, MBEDTLS_PK_ECKEY))) ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; @@ -1020,17 +961,14 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) } else if(ret) { char errorbuf[128]; -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 CURL_TRC_CF(data, cf, "TLS version %04X", mbedtls_ssl_get_version_number(&backend->ssl)); -#endif mbedtls_strerror(ret, errorbuf, sizeof(errorbuf)); failf(data, "ssl_handshake returned: (-0x%04X) %s", -ret, errorbuf); return CURLE_SSL_CONNECT_ERROR; } -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 { char cipher_str[64]; uint16_t cipher_id; @@ -1040,10 +978,6 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) infof(data, "mbedTLS: %s Handshake complete, cipher is %s", mbedtls_ssl_get_version(&backend->ssl), cipher_str); } -#else - infof(data, "mbedTLS: %s Handshake complete", - mbedtls_ssl_get_version(&backend->ssl)); -#endif if(pinnedpubkey) { int size; @@ -1053,12 +987,7 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) unsigned char *pubkey = NULL; peercert = mbedtls_ssl_get_peer_cert(&backend->ssl); -#if MBEDTLS_VERSION_NUMBER == 0x03000000 - if(!peercert || !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p) || - !peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len)) { -#else if(!peercert || !peercert->raw.p || !peercert->raw.len) { -#endif failf(data, "Failed due to missing peer certificate"); return CURLE_SSL_PINNEDPUBKEYNOTMATCH; } @@ -1080,24 +1009,13 @@ mbed_connect_step2(struct Curl_cfilter *cf, struct Curl_easy *data) /* Make a copy of our const peercert because mbedtls_pk_write_pubkey_der needs a non-const key, for now. https://github.com/Mbed-TLS/mbedtls/issues/396 */ -#if MBEDTLS_VERSION_NUMBER == 0x03000000 - if(mbedtls_x509_crt_parse_der(p, - peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(p), - peercert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len))) { -#else if(mbedtls_x509_crt_parse_der(p, peercert->raw.p, peercert->raw.len)) { -#endif failf(data, "Failed copying peer certificate"); result = CURLE_SSL_PINNEDPUBKEYNOTMATCH; goto pinnedpubkey_error; } -#if MBEDTLS_VERSION_NUMBER == 0x03000000 - size = mbedtls_pk_write_pubkey_der(&p->MBEDTLS_PRIVATE(pk), pubkey, - PUB_DER_MAX_BYTES); -#else size = mbedtls_pk_write_pubkey_der(&p->pk, pubkey, PUB_DER_MAX_BYTES); -#endif if(size <= 0) { failf(data, "Failed copying public key from peer certificate"); @@ -1180,11 +1098,7 @@ mbed_new_session(struct Curl_cfilter *cf, struct Curl_easy *data) goto out; } -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 ietf_tls_id = mbedtls_ssl_get_version_number(&backend->ssl); -#else - ietf_tls_id = CURL_IETF_PROTO_UNKNOWN; -#endif result = Curl_ssl_session_create(sdata, slen, ietf_tls_id, connssl->negotiated.alpn, 0, 0, @@ -1485,16 +1399,12 @@ static CURLcode mbedtls_connect(struct Curl_cfilter *cf, if(ssl_connect_3 == connssl->connecting_state) { /* For tls1.3 we get notified about new sessions */ -#if MBEDTLS_VERSION_NUMBER >= 0x03020000 struct ssl_connect_data *ctx = cf->ctx; struct mbed_ssl_backend_data *backend = (struct mbed_ssl_backend_data *)ctx->backend; if(mbedtls_ssl_get_version_number(&backend->ssl) <= MBEDTLS_SSL_VERSION_TLS1_2) { -#else - { /* no TLSv1.3 supported here */ -#endif retcode = mbed_new_session(cf, data); if(retcode) return retcode; @@ -1564,17 +1474,9 @@ static CURLcode mbedtls_sha256sum(const unsigned char *input, size_t sha256len UNUSED_PARAM) { (void)sha256len; -#if MBEDTLS_VERSION_NUMBER < 0x02070000 - mbedtls_sha256(input, inputlen, sha256sum, 0); -#else /* returns 0 on success, otherwise failure */ -#if MBEDTLS_VERSION_NUMBER >= 0x03000000 if(mbedtls_sha256(input, inputlen, sha256sum, 0) != 0) -#else - if(mbedtls_sha256_ret(input, inputlen, sha256sum, 0) != 0) -#endif return CURLE_BAD_FUNCTION_ARGUMENT; -#endif return CURLE_OK; }