-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
quic ngtcp2 not call CURLOPT_SSL_CTX_FUNCTION #10222
Comments
This sounds like a very good idea! |
Addressed the ctx callback in #10239. Could you explain what you mean by the verify peer suggestion? I see support for this in the code, must be missing something. Thanks. |
@icing thank you for your quick response. Because in my project(mobile products), i don't config STRING_SSL_CAPATH and STRING_SSL_CAFILE, but in lib/vquic/ngtcp.c Lines 273 to 301 in c12fb3d
and in lib/vtls/openssl.c Lines 3780 to 3785 in c12fb3d
and SSL_VERIFY_PEER is not binding with STRING_SSL_CAPATH and STRING_SSL_CAFILE Lines 3258 to 3287 in c12fb3d
so I think the code logic of openssl and ngtcp about SSL_VERIFY_PEER should be consistent。 |
Understood, thanks for the explanation. I updated #10239 so that openssl setup works the same in ngtcp2 and plain TLS. This allows also the shared X509_STORE feature to work here. |
@violetlige if this PR does what you expect, we'll merge it and close this ticket. WDYT? |
@icing that is exactly what I expect, thank you very much for your quick processing. |
Using common method for SSL_CTX initialization of verfiy peer and CA settings. This also provides X509_STORE sharing to become available for ngtcp2+openssl HTTP/3. Reported-by: violetlige on github Fixes curl#10222 Closes curl#10239
Package:
curl 7.87.0
File:
lib/vquic/ngtcp2.c
maybe should add this code in function 'Curl_quic_connect' (after quic_ssl_ctx)
and maybe should set SSL_VERIFY_PEER like this in function 'quic_ssl_ctx' (wolfssl and so on)
The text was updated successfully, but these errors were encountered: