From: Daniel Stenberg Date: Mon, 15 Apr 2024 15:08:16 +0000 (+0200) Subject: version: add "ECH" as a feature X-Git-Tag: curl-8_8_0~220 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5e3fd347c5f32d507ad37a83c07010e6fc32d1d4;p=thirdparty%2Fcurl.git version: add "ECH" as a feature If available Follow-up to a362962b7 Closes #13378 --- diff --git a/docs/cmdline-opts/version.md b/docs/cmdline-opts/version.md index 0fe8d74193..6a7919f890 100644 --- a/docs/cmdline-opts/version.md +++ b/docs/cmdline-opts/version.md @@ -46,6 +46,9 @@ curl was built with support for character set conversions (like EBCDIC) This curl uses a libcurl built with Debug. This enables more error-tracking and memory debugging etc. For curl-developers only! +## `ECH` +ECH support is present. + ## `gsasl` The built-in SASL authentication includes extensions to support SCRAM because libcurl was built with libgsasl. diff --git a/docs/libcurl/curl_version_info.md b/docs/libcurl/curl_version_info.md index 1eb77345ec..1b538d363e 100644 --- a/docs/libcurl/curl_version_info.md +++ b/docs/libcurl/curl_version_info.md @@ -176,6 +176,12 @@ supports HTTP Brotli content encoding using libbrotlidec (Added in 7.57.0) libcurl was built with debug capabilities (added in 7.10.6) +## ECH + +*features* mask bit: non-existent + +libcurl was built with ECH support (experimental, added in 8.8.0) + ## gsasl *features* mask bit: CURL_VERSION_GSASL diff --git a/lib/version.c b/lib/version.c index 8273386148..257c1fedbf 100644 --- a/lib/version.c +++ b/lib/version.c @@ -417,6 +417,14 @@ static int https_proxy_present(curl_version_info_data *info) } #endif +#if defined(USE_SSL) && defined(USE_ECH) +static int ech_present(curl_version_info_data *info) +{ + (void) info; + return Curl_ssl_supports(NULL, SSLSUPP_ECH); +} +#endif + /* * Features table. * @@ -445,6 +453,9 @@ static const struct feat features_table[] = { #ifdef DEBUGBUILD FEATURE("Debug", NULL, CURL_VERSION_DEBUG), #endif +#if defined(USE_SSL) && defined(USE_ECH) + FEATURE("ECH", ech_present, 0), +#endif #ifdef USE_GSASL FEATURE("gsasl", NULL, CURL_VERSION_GSASL), #endif diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 7839ab4ab6..2fa12c3a98 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -5269,6 +5269,9 @@ const struct Curl_ssl Curl_ssl_openssl = { SSLSUPP_SSL_CTX | #ifdef HAVE_SSL_CTX_SET_CIPHERSUITES SSLSUPP_TLS13_CIPHERSUITES | +#endif +#ifdef USE_ECH + SSLSUPP_ECH | #endif SSLSUPP_HTTPS_PROXY, diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index cd7eeeca17..c40ff26208 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -37,6 +37,7 @@ struct Curl_ssl_session; #define SSLSUPP_HTTPS_PROXY (1<<4) /* supports access via HTTPS proxies */ #define SSLSUPP_TLS13_CIPHERSUITES (1<<5) /* supports TLS 1.3 ciphersuites */ #define SSLSUPP_CAINFO_BLOB (1<<6) +#define SSLSUPP_ECH (1<<7) #define ALPN_ACCEPTED "ALPN: server accepted " diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 82593f301b..c747990ee9 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -1504,6 +1504,9 @@ const struct Curl_ssl Curl_ssl_wolfssl = { #endif SSLSUPP_CA_PATH | SSLSUPP_CAINFO_BLOB | +#ifdef USE_ECH + SSLSUPP_ECH | +#endif SSLSUPP_SSL_CTX, sizeof(struct wolfssl_ssl_backend_data),