Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After upgrading curl from version 7.80 to 7.81 http3 connections stopped working. Error:
curl --head --http3 -v https://cloudflare.com * Trying 2606:4700::6810:84e5:443... * Connect socket 5 over QUIC to 2606:4700::6810:84e5:443 * error setting certificate verify locations: CAfile: none CApath: none * Trying 2606:4700::6810:85e5:443... * Connect socket 6 over QUIC to 2606:4700::6810:85e5:443 * error setting certificate verify locations: CAfile: none CApath: none * Trying 104.16.133.229:443... * Connect socket 0 over QUIC to 104.16.133.229:443 * error setting certificate verify locations: CAfile: none CApath: none * Trying 104.16.132.229:443... * Connect socket 7 over QUIC to 104.16.132.229:443 * error setting certificate verify locations: CAfile: none CApath: none * Closing connection 0 curl: (96) error setting certificate verify locations: CAfile: none CApath: none
Probably stopped working after this commit - c148f0f
Configure flags:
--without-ca-bundle --without-ca-path --with-ca-fallback
On http2 protocol working:
* Trying 2606:4700::6810:84e5:443... * Connected to cloudflare.com (2606:4700::6810:84e5) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Supplemental data (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=cloudflare.com * start date: Jun 4 00:00:00 2021 GMT * expire date: Jun 3 23:59:59 2022 GMT * subjectAltName: host "cloudflare.com" matched cert's "cloudflare.com" * issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3 * SSL certificate verify ok. * Using HTTP2, server supports multiplexing * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 ...
When using the HTTP2 protocol, the certificate is searched through the SSL library. When using the HTTP3 protocol, the certificate search is not performed.
[curl -V output] curl 7.82.0 (x86_64-pc-linux-gnu) libcurl/7.82.0 OpenSSL/3.0.2 zlib/1.2.12 brotli/1.0.9 zstd/1.5.2 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.47.0 ngtcp2/0.4.0-DEV nghttp3/0.4.0-DEV Release-Date: 2022-03-05 Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets zstd
NixOS 22.05 Unstable.
The text was updated successfully, but these errors were encountered:
Seems correct, configure --with-ca-fallback is not supported by h3 (yet).
configure --with-ca-fallback
Sorry, something went wrong.
06fd973
quiche: support ca-fallback
8f6fca7
Follow-up to b01f3e6 which added this for ngtcp2/openssl Fixes #8696 Closes #....
fdb5e21
Follow-up to b01f3e6 which added this for ngtcp2/openssl Removed from KNOWN_BUGS Fixes #8696 Closes #8830
Successfully merging a pull request may close this issue.
After upgrading curl from version 7.80 to 7.81 http3 connections stopped working.
Error:
Probably stopped working after this commit - c148f0f
Configure flags:
On http2 protocol working:
When using the HTTP2 protocol, the certificate is searched through the SSL library. When using the HTTP3 protocol, the certificate search is not performed.
curl/libcurl version
[curl -V output]
curl 7.82.0 (x86_64-pc-linux-gnu) libcurl/7.82.0 OpenSSL/3.0.2 zlib/1.2.12 brotli/1.0.9 zstd/1.5.2 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.47.0 ngtcp2/0.4.0-DEV nghttp3/0.4.0-DEV
Release-Date: 2022-03-05
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets zstd
operating system
NixOS 22.05 Unstable.
The text was updated successfully, but these errors were encountered: