options should be added to check doh proxy insecure separately,
CURLOPT_DOH_PROXY_SSL_VERIFYHOST and CURLOPT_DOH_PROXY_SSL_VERIFYPEER.
*/
- if(data->set.ssl.falsestart)
- ERROR_CHECK_SETOPT(CURLOPT_SSL_FALSESTART, 1L);
if(data->set.str[STRING_SSL_CAFILE]) {
ERROR_CHECK_SETOPT(CURLOPT_CAINFO,
data->set.str[STRING_SSL_CAFILE]);
break;
case CURLOPT_SSL_FALSESTART:
/*
- * Enable TLS false start.
+ * No TLS backends support false start anymore.
*/
- if(!Curl_ssl_false_start())
- return CURLE_NOT_BUILT_IN;
-
- data->set.ssl.falsestart = enabled;
+ return CURLE_NOT_BUILT_IN;
break;
case CURLOPT_CERTINFO:
#ifdef USE_SSL
char *key_type; /* format for private key (default: PEM) */
char *key_passwd; /* plain text private key password */
BIT(certinfo); /* gather lots of certificate info */
- BIT(falsestart);
BIT(earlydata); /* use tls1.3 early data */
BIT(enable_beast); /* allow this flaw for interoperability's sake */
BIT(no_revoke); /* disable SSL certificate revocation checks */
NULL, /* set_engine */
NULL, /* set_engine_default */
NULL, /* engines_list */
- NULL, /* false_start */
gtls_sha256sum, /* sha256sum */
gtls_recv, /* recv decrypted data */
gtls_send, /* send data to encrypt */
NULL, /* set_engine */
NULL, /* set_engine_default */
NULL, /* engines_list */
- NULL, /* false_start */
mbedtls_sha256sum, /* sha256sum */
mbed_recv, /* recv decrypted data */
mbed_send, /* send data to encrypt */
ossl_set_engine, /* set_engine or provider */
ossl_set_engine_default, /* set_engine_default */
ossl_engines_list, /* engines_list */
- NULL, /* false_start */
#ifndef OPENSSL_NO_SHA256
ossl_sha256sum, /* sha256sum */
#else
NULL, /* set_engine */
NULL, /* set_engine_default */
NULL, /* engines_list */
- NULL, /* false_start */
NULL, /* sha256sum */
cr_recv, /* recv decrypted data */
cr_send, /* send data to encrypt */
NULL, /* set_engine */
NULL, /* set_engine_default */
NULL, /* engines_list */
- NULL, /* false_start */
schannel_sha256sum, /* sha256sum */
schannel_recv, /* recv decrypted data */
schannel_send, /* send data to encrypt */
return FALSE;
}
-/*
- * Check whether the SSL backend supports false start.
- */
-bool Curl_ssl_false_start(void)
-{
- if(Curl_ssl->false_start)
- return Curl_ssl->false_start();
- return FALSE;
-}
-
static int multissl_init(void)
{
if(multissl_setup(NULL))
NULL, /* set_engine */
NULL, /* set_engine_default */
NULL, /* engines_list */
- NULL, /* false_start */
NULL, /* sha256sum */
multissl_recv_plain, /* recv decrypted data */
multissl_send_plain, /* send data to encrypt */
bool Curl_ssl_cert_status_request(void);
-bool Curl_ssl_false_start(void);
-
/* The maximum size of the SSL channel binding is 85 bytes, as defined in
* RFC 5929, Section 4.1. The 'tls-server-end-point:' prefix is 21 bytes long,
* and SHA-512 is the longest supported hash algorithm, with a digest length of
#define Curl_ssl_free_certinfo(x) Curl_nop_stmt
#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
#define Curl_ssl_cert_status_request() FALSE
-#define Curl_ssl_false_start() FALSE
#define Curl_ssl_get_internals(a,b,c,d) NULL
#define Curl_ssl_supports(a,b) FALSE
#define Curl_ssl_cfilter_add(a,b,c) CURLE_NOT_BUILT_IN
CURLcode (*set_engine_default)(struct Curl_easy *data);
struct curl_slist *(*engines_list)(struct Curl_easy *data);
- bool (*false_start)(void);
CURLcode (*sha256sum)(const unsigned char *input, size_t inputlen,
unsigned char *sha256sum, size_t sha256sumlen);
ssize_t (*recv_plain)(struct Curl_cfilter *cf, struct Curl_easy *data,
NULL, /* set_engine */
NULL, /* set_engine_default */
NULL, /* engines_list */
- NULL, /* false_start */
wssl_sha256sum, /* sha256sum */
wssl_recv, /* recv decrypted data */
wssl_send, /* send data to encrypt */
if(config->doh_verifystatus)
my_setopt_long(curl, CURLOPT_DOH_SSL_VERIFYSTATUS, 1);
- if(config->falsestart)
- my_setopt_long(curl, CURLOPT_SSL_FALSESTART, 1);
-
my_setopt_SSLVERSION(curl, CURLOPT_SSLVERSION,
config->ssl_version | config->ssl_version_max);
if(config->proxy)
BIT(proxy_ssl_auto_client_cert); /* proxy version of ssl_auto_client_cert */
BIT(noalpn); /* enable/disable TLS ALPN extension */
BIT(abstract_unix_socket); /* path to an abstract Unix domain socket */
- BIT(falsestart);
BIT(path_as_is);
BIT(suppress_connect_headers); /* suppress proxy CONNECT response headers
from user callbacks */
config->doh_verifystatus = toggle;
break;
case C_FALSE_START: /* --false-start */
- config->falsestart = toggle;
+ opt_depr(global, a);
break;
case C_SSL_NO_REVOKE: /* --ssl-no-revoke */
config->ssl_no_revoke = toggle;
projects / thirdparty / curl.git / commitdiff
