From: Viktor Szakats Date: Tue, 30 Jul 2024 16:05:02 +0000 (+0200) Subject: tidy-up: URL updates X-Git-Tag: curl-8_9_1~5 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=767d5811b5c783b42cea999dd42ecf0453085d17;p=thirdparty%2Fcurl.git tidy-up: URL updates Closes #14318 --- diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md index 7838fc0af2..607810c04c 100644 --- a/docs/CIPHERS.md +++ b/docs/CIPHERS.md @@ -25,7 +25,7 @@ libcurl was built to use. This is an attempt to list known cipher names. ## OpenSSL -(based on [OpenSSL docs](https://www.openssl.org/docs/manmaster/man1/openssl-ciphers.html)) +(based on [OpenSSL docs](https://docs.openssl.org/master/man1/openssl-ciphers/)) When specifying multiple cipher names, separate them with colon (`:`). diff --git a/docs/libcurl/libcurl-thread.md b/docs/libcurl/libcurl-thread.md index eeff1fbeee..ef7ae9b7d9 100644 --- a/docs/libcurl/libcurl-thread.md +++ b/docs/libcurl/libcurl-thread.md @@ -59,7 +59,7 @@ libcurl is built as a DLL and OpenSSL is linked statically to it then libcurl does this cleanup automatically and there is no leak (added in libcurl 8.8.0). Please review the OpenSSL documentation for a full list of circumstances: -https://www.openssl.org/docs/man3.0/man3/OPENSSL_thread_stop.html#NOTES +https://docs.openssl.org/3.0/man3/OPENSSL_init_crypto/#notes # Signals diff --git a/include/curl/curl.h b/include/curl/curl.h index 677bcd42ea..6da44ce9bf 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -2133,7 +2133,7 @@ typedef enum { /* the EC curves requested by the TLS client (RFC 8422, 5.1); * OpenSSL support via 'set_groups'/'set_curves': - * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html + * https://docs.openssl.org/master/man3/SSL_CTX_set1_curves/ */ CURLOPT(CURLOPT_SSL_EC_CURVES, CURLOPTTYPE_STRINGPOINT, 298), diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c index 4f989f2e44..2b6042df32 100644 --- a/lib/vtls/mbedtls.c +++ b/lib/vtls/mbedtls.c @@ -249,8 +249,8 @@ static const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_fr = 1024, /* RSA min key len */ }; -/* See https://tls.mbed.org/discussions/generic/ - howto-determine-exact-buffer-len-for-mbedtls_pk_write_pubkey_der +/* See https://web.archive.org/web/20200921194007/tls.mbed.org/discussions/ + generic/howto-determine-exact-buffer-len-for-mbedtls_pk_write_pubkey_der */ #define RSA_PUB_DER_MAX_BYTES (38 + 2 * MBEDTLS_MPI_MAX_SIZE) #define ECP_PUB_DER_MAX_BYTES (30 + 2 * MBEDTLS_ECP_MAX_BYTES) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 2b60f7fba8..3ced4c2a40 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -231,7 +231,7 @@ /* * Whether SSL_CTX_set1_curves_list is available. * OpenSSL: supported since 1.0.2, see - * https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set1_groups.html + * https://docs.openssl.org/master/man3/SSL_CTX_set1_curves/ * BoringSSL: supported since 5fd1807d95f7 (committed 2016-09-30) * LibreSSL: since 2.5.3 (April 12, 2017) */ @@ -3567,12 +3567,12 @@ CURLcode Curl_ossl_ctx_init(struct ossl_ctx *octx, CVE-2010-4180 when using previous OpenSSL versions we no longer enable this option regardless of OpenSSL version and SSL_OP_ALL definition. - OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability - (https://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to - SSL_OP_ALL that _disables_ that work-around despite the fact that - SSL_OP_ALL is documented to do "rather harmless" workarounds. In order to - keep the secure work-around, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit - must not be set. + OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability: + https://web.archive.org/web/20240114184648/openssl.org/~bodo/tls-cbc.txt. + In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around + despite the fact that SSL_OP_ALL is documented to do "rather harmless" + workarounds. In order to keep the secure work-around, the + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set. */ ctx_options = SSL_OP_ALL; @@ -4363,7 +4363,7 @@ static CURLcode ossl_pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert, if(!buff1) break; /* failed */ - /* https://www.openssl.org/docs/crypto/d2i_X509.html */ + /* https://docs.openssl.org/master/man3/d2i_X509/ */ len2 = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &temp); /* @@ -4975,7 +4975,7 @@ static ssize_t ossl_recv(struct Curl_cfilter *cf, default: /* openssl/ssl.h for SSL_ERROR_SYSCALL says "look at error stack/return value/errno" */ - /* https://www.openssl.org/docs/crypto/ERR_get_error.html */ + /* https://docs.openssl.org/master/man3/ERR_get_error/ */ if(octx->io_result == CURLE_AGAIN) { *curlcode = CURLE_AGAIN; nread = -1;