C89, Schannel, Secure Transport, contractions.
Cherry-picked from #14692
Closes #14996
# deprecation warnings with llvm/clang:
#
# - 10.7 Lion (2011) - GSS
-# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl SecureTransport code)
+# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl Secure Transport code)
# - 10.9 Maverick (2013) - LDAP
-# - 10.14 Mojave (2018) - SecureTransport
+# - 10.14 Mojave (2018) - Secure Transport
#
-# For SecureTransport, curl implements features that require a target
+# For Secure Transport, curl implements features that require a target
# newer than the 10.8 required by `CFURLCreateDataAndPropertiesFromResource`.
# In this case `-Wno-deprecated-declarations` still comes handy to pacify
# deprecation warnings, though the real solution would be to avoid calling
TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length
if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then
TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059
- TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2
+ TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, Secure Transport + nghttp2
else
- TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2
+ TFLAGS+=' ~2402 ~2404' # non-Secure Transport + nghttp2
fi
fi
if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then
- TFLAGS+=' ~313' # SecureTransport does not support crl file
- TFLAGS+=' ~1631 ~1632' # SecureTransport is not able to shutdown ftp over https gracefully yet
+ TFLAGS+=' ~313' # Secure Transport does not support crl file
+ TFLAGS+=' ~1631 ~1632' # Secure Transport is not able to shutdown ftp over https gracefully yet
fi
source $HOME/venv/bin/activate
rm -f $HOME/.curlrc
TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length
if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then
TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059
- TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2
+ TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, Secure Transport + nghttp2
else
- TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2
+ TFLAGS+=' ~2402 ~2404' # non-Secure Transport + nghttp2
fi
fi
if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then
- TFLAGS+=' ~313' # SecureTransport does not support crl file
- TFLAGS+=' ~1631 ~1632' # SecureTransport is not able to shutdown ftp over https gracefully yet
+ TFLAGS+=' ~313' # Secure Transport does not support crl file
+ TFLAGS+=' ~1631 ~1632' # Secure Transport is not able to shutdown ftp over https gracefully yet
fi
fi
source $HOME/venv/bin/activate
if: ${{ contains(matrix.name, '+examples') }}
run: make -C bld VERBOSE=1
- combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, SecureTransport/not, built tool, combinations
+ combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, Secure Transport/not, built tool, combinations
if: true # Set to `true` to enable this test matrix. It runs quickly.
name: "${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }} ${{ matrix.image }} ${{ matrix.xcode }} ${{ matrix.config }}"
runs-on: ${{ matrix.image }}
15.4 Add option to allow abrupt server closure
- libcurl w/schannel errors without a known termination point from the server
+ libcurl with Schannel errors without a known termination point from the server
(such as length of transfer, or SSL "close notify" alert) to prevent against
a truncation attack. Really old servers may neglect to send any termination
point. An option could be added to ignore such abrupt closures.
Populate the long *bitmask* with the correct set of features to instruct
libcurl how to handle Alt-Svc for the transfers using this handle.
-libcurl only accepts Alt-Svc headers over a secure transport, meaning
+libcurl only accepts Alt-Svc headers over a Secure Transport, meaning
HTTPS. It also only completes a request to an alternative origin if that
origin is properly hosted over HTTPS. These requirements are there to make
sure both the source and the destination are legitimate.
/* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0)
that started advertising the `availability` attribute, which then gets used
- by Apple SDK, but, in a way incompatible with gcc, resulting in a misc
- errors inside SDK headers, e.g.:
+ by Apple SDK, but, in a way incompatible with gcc, resulting in misc errors
+ inside SDK headers, e.g.:
error: attributes should be specified before the declarator in a function
definition
error: expected ',' or '}' before
* * GnuTLS
* * wolfSSL
* * Schannel SSPI
- * * SecureTransport (Darwin)
+ * * Secure Transport (Darwin)
* * mbedTLS
* * BearSSL
* * Rustls
/* Set the default CA cert bundle/path detected/specified at build time.
*
- * If Schannel or SecureTransport is the selected SSL backend then these
- * locations are ignored. We allow setting CA location for schannel and
- * securetransport when explicitly specified by the user via
+ * If Schannel or Secure Transport is the selected SSL backend then these
+ * locations are ignored. We allow setting CA location for Schannel and
+ * Secure Transport when explicitly specified by the user via
* CURLOPT_CAINFO / --cacert.
*/
if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL &&
***************************************************************************/
/*
- * Source file for all iOS and macOS SecureTransport-specific code for the
+ * Source file for all iOS and macOS Secure Transport-specific code for the
* TLS/SSL layer. No code but vtls.c should ever call or use these functions.
*/
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */
- /* TLSv1.3 is not supported by sectransp, but there is also other
+ /* TLSv1.3 is not supported by Secure Transport, but there is also other
* code referencing TLSv1.3, like: kTLSProtocol13 ? */
TLS_AES_128_GCM_SHA256, /* 0x1301 */
TLS_AES_256_GCM_SHA384, /* 0x1302 */
Mountain Lion.
So we need to call SSLSetEnableCertVerify() on those older cats in order
to disable certificate validation if the user turned that off.
- (SecureTransport will always validate the certificate chain by
- default.)
+ (Secure Transport always validates the certificate chain by default.)
Note:
Darwin 11.x.x is Lion (10.7)
Darwin 12.x.x is Mountain Lion (10.8)
}
else {
/* We would like to read the close notify from the server using
- * secure transport, however SSLRead() no longer works after we
+ * Secure Transport, however SSLRead() no longer works after we
* sent the notify from our side. So, we just read from the
* underlying filter and hope it will end. */
nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result);
#include "gtls.h" /* GnuTLS versions */
#include "wolfssl.h" /* wolfSSL versions */
#include "schannel.h" /* Schannel SSPI version */
-#include "sectransp.h" /* SecureTransport (Darwin) version */
+#include "sectransp.h" /* Secure Transport (Darwin) version */
#include "mbedtls.h" /* mbedTLS versions */
#include "bearssl.h" /* BearSSL versions */
#include "rustls.h" /* Rustls versions */
dnl This is done to prevent compiler warning
dnl 'function declaration isn't a prototype'
dnl in function main. This requires at least
-dnl a c89 compiler and does not support K&R.
+dnl a C89 compiler and does not support K&R.
m4_define([AC_LANG_PROGRAM(C)],
[$1
* default filename curl-ca-bundle.crt in the user's PATH.
*
* If Schannel is the selected SSL backend then these locations are
- * ignored. We allow setting CA location for schannel only when explicitly
+ * ignored. We allow setting CA location for Schannel only when explicitly
* specified by the user via CURLOPT_CAINFO / --cacert.
*/
if(tls_backend_info->backend != CURLSSLBACKEND_SCHANNEL) {
simple HTTPS GET with DER public key pinning (Schannel variant)
</name>
<setenv>
-# This test is pointless if we're not using the schannel backend
+# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>
Ignore certificate revocation "best effort" strategy
</name>
<setenv>
-# This test is pointless if we're not using the schannel backend
+# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>
simple HTTPS GET with PEM public key pinning (Schannel variant)
</name>
<setenv>
-# This test is pointless if we're not using the schannel backend
+# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>
simple HTTPS GET with base64-sha256 public key pinning (Schannel variant)
</name>
<setenv>
-# This test is pointless if we're not using the schannel backend
+# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>
HTTPS GET to localhost, first subject alt name matches, CN does not match (Schannel variant)
</name>
<setenv>
-# This test is pointless if we're not using the schannel backend
+# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>
HTTPS GET to localhost, last subject alt name matches, CN does not match (Schannel variant)
</name>
<setenv>
-# This test is pointless if we're not using the schannel backend
+# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>
tls_proto = 'TLSv1.2'
elif env.curl_uses_lib('sectransp'): # not in CI, so untested
if tls_proto == 'TLSv1.3':
- pytest.skip('SecureTransport does not support TLSv1.3')
+ pytest.skip('Secure Transport does not support TLSv1.3')
tls_proto = 'TLSv1.2'
# test
extra_args = ['--tls13-ciphers', ':'.join(ciphers13)] if ciphers13 else []
projects / thirdparty / curl.git / commitdiff
