-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mbedTLS: CURLOPT_SSL_CTX_FUNCTION support added #1272
Conversation
@o7alesmlakar, thanks for your PR! By analyzing the history of the files in this pull request, we identified @sasq64, @bagder and @jay to be potential reviewers. |
Run |
Apparently gcc test 2033...[NTLM connection mapping, pipelining enabled] failed, I don't think I've done anything to mess with that though. |
Pipelining tests are notoriously flaky, there is a timing component in what order the data is received so occasionally they fail. |
lib/vtls/mbedtls.c
Outdated
data->set.ssl.fsslctxp); | ||
if(ret) { | ||
failf(data, "error signaled by mbedTLS ctx callback"); | ||
return CURLE_SSL_CERTPROBLEM; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CURLOPT_SSL_CTX_FUNCTION says "If an error is returned from the callback no attempt to establish a connection is made and the perform operation will return the callback's error code."
Also saying it's mbedTLS ctx callback is confusing, it's the user's callback. mbedTLS: ctx callback
would be less but rather just say ssl like we do in openssl.c, use these two lines
Great. Now this just needs documentation. If you want to take a crack at it you would need to modify docs/libcurl/opts CURLOPT_SSL_CTX_FUNCTION.3 to say a little something about how it differs for mbedTLS, and then the AVAILABILITY of both that and CURLOPT_SSL_CTX_DATA.3 to say Added in 7.54.0 for mbedTLS. Note 7.54.0 and not 7.53.0 since this PR is too late for tomorrow's release. If you don't want to do the doc stuff that's fine, i can do it. |
Ok, I can give it a shot, except if you think it'll just make more work for you to do all the checks and reviews etc. |
no way go for it, if adjustments are needed so be it |
This may or may not need changes. During review I noticed CURLOPT_SSL_CTX_FUNCTION says re ctx pointer "pointer will be a new one every time". At the current time that is not guaranteed, even for other backends. I've submitted #1290 and will see what happens there first. |
Thanks |
I need to add mbedTLS ca certs from memory, so I added the same code as used in OpenSSL implementation. It's done at the end of step1 and it works out great.
Example (based on OpenSSL example from https://curl.haxx.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html):