Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openssl+gnutls, use shared code for TCP+QUIC #13172

wants to merge 13 commits into from


Copy link

@icing icing commented Mar 22, 2024

Having TCP TLS and QUIC TLS use shared code.

  • OpenSSL TCP+QUIC filters now have a common init and cert verify.
  • gnuTLS with common init and verify
  • SSL session storage also used in QUIC Openssl filter
  • struct ssl_peer has added port and transport members
  • peer is passed in session lookup and storage
  • sessions only used when transport matches

@github-actions github-actions bot added the tests label Mar 25, 2024
@icing icing changed the title openssl, use shared init code for TCP+QUIC openssl, use shared code for TCP+QUIC Mar 25, 2024
@icing icing changed the title openssl, use shared code for TCP+QUIC openssl+gnutls, use shared code for TCP+QUIC Mar 26, 2024
Copy link

bagder commented Apr 4, 2024

merge conflicts

icing added 13 commits April 4, 2024 12:20
- session handling is not activated for QUIC, needs
  a bit more work
- configured ssl version is ignore in QUIC, should
  check and error, todo
- add `port` and `transport` to `struct ssl_peer`
- pass peer to session lookup and storage
- rewire openssl session callbacks differently for
  TCP and QUIC filters
- add new peer params in vaious backends
- gnutls, common init code
- openssl, common cert verify code
- fixes builds with gnutls but without ngtcp2
Copy link

vszakats commented Apr 9, 2024

Seems to fail permanently with old linux:

/__w/curl/curl/lib/vtls/openssl.c: In function 'Curl_ossl_ctx_init':
/__w/curl/curl/lib/vtls/openssl.c:3556:18: error: implicit declaration of function 'TLS_method' [-Werror=implicit-function-declaration]
     req_method = TLS_method();
/__w/curl/curl/lib/vtls/openssl.c:3556:5: error: nested extern declaration of 'TLS_method' [-Werror=nested-externs]
     req_method = TLS_method();
/__w/curl/curl/lib/vtls/openssl.c:3556:16: error: assignment makes pointer from integer without a cast [-Werror=int-conversion]
     req_method = TLS_method();
/__w/curl/curl/lib/vtls/openssl.c: In function 'ossl_connect_step2':
/__w/curl/curl/lib/vtls/openssl.c:3955:38: error: cannot take address of bit-field 'keylog_done'
     ossl_log_tls12_secret(octx->ssl, &octx->keylog_done);


Copy link
Contributor Author

icing commented Apr 9, 2024

Thanks, that somehow flew by. Fix in #13325.

vszakats added a commit that referenced this pull request Apr 10, 2024
Visible in daily curl-for-win builds:

lib/vquic/curl_ngtcp2.c:1916:12: error: redefinition of 'ossl_new_session_cb'
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)
lib/vtls/openssl.c:2978:12: note: previous definition is here
static int ossl_new_session_cb(SSL *ssl, SSL_SESSION *ssl_sessionid)

Follow-up to 3210101 #13172
Closes #13332
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Successfully merging this pull request may close these issues.

None yet

3 participants