-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ECH: Supplying an ECHConfigList on the command line does not work #16006
Comments
/cc @sftcd |
will have a look in a sec - probably my fault:-) |
Ah, the ech command line parsing for "ecl:" and "pn:" is being checked-for and skipped-over twice now. Looks like there was a tidy-up fix in Dec (6bb76d9) that (modified or) put that check into |
Ah, sorry. My fault for poking on code without properly testing the results... |
Actually it looks like leaving the skipping-over in Was there some other reason to do the skipping-over in |
Speaking of testing - it's on my list to add some tests for ECH but I've been holding back as I'm not sure how to add a test for running the ECH protocol without the test harness somehow including an ECH-enabled TLS server, which is a bit daunting. Any ideas there welcome. (I'll send a mail on that though, off-topic for this issue.) |
Just me thinking the prefixes are sent in to the setopt option but they don't need to be stored in the data->set.str[] strings.
Does it need to? It is a provided config set by the application. |
Currently, yes. I forget why exactly, but I think if the config was provided by a libcurl caller, then maybe |
I'm not sure I'm following. The setopt_cptr() function does check for the prefixes now. |
Right, probably just me explaining badly:-) |
Why? What would be the difference? the command line tool is just a libcurl application. |
I did this
I am playing around with the ECH support in curl. I did the build steps described in https://github.com/curl/curl/blob/master/docs/ECH.md using a Docker container:
Dockerfile:
Doing a curl ECH request using DoH works as expected:
Result
But supplying an ECH config via command line argument does NOT work:
Result
I expected the following
SSL_ECH_STATUS: success
when using--ech ecl:...
curl/libcurl version
curl 8.12.0-DEV (aarch64-unknown-linux-musl) libcurl/8.12.0-DEV OpenSSL/3.5.0 libidn2/2.3.7 libpsl/0.21.5
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS ECH HSTS HTTPS-proxy IDN IPv6 Largefile NTLM PSL SSL threadsafe TLS-SRP UnixSockets
operating system
Alpine Linux in Docker container (running on macOS 15.3):
Linux 118d1cdf363b 6.10.14-linuxkit #1 SMP Fri Nov 29 17:22:03 UTC 2024 aarch64 Linux
The text was updated successfully, but these errors were encountered: