Skip to content

wolfssl, tls early data #16167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 12 commits into from
Closed

wolfssl, tls early data #16167

wants to merge 12 commits into from

Conversation

@icing
Copy link
Contributor

@icing icing commented Feb 4, 2025

Enable TLS Early Data for wolfSSL:

  • merge WOLFSSL_CTX and WOLFSSL setup from ngtcp2 with the general implemenation in wolfssl.c
  • enable for QUIC via ngtcp2
  • give Curl_vquic_tls_init() a struct alpn_spec like used for the TCP case. Adapt gnutls and other users.
  • enable pytest test cases for early data with wolfSSL

and while this messes up wolfssl.c anyway, do

  • rename all struct/functions with prefix 'wolfssl_' to 'wssl_' to not pollute that name prefix
  • rename ctx/handle to ssl_ctx/ssl, as used in openssl case

@github-actions github-actions bot added the tests label Feb 4, 2025
@bagder bagder added the feature-window A merge of this requires an open feature window label Feb 9, 2025
@icing icing force-pushed the wolfssl-earlydata branch 2 times, most recently from 6c8686f to 92b27a5 Compare February 20, 2025 12:43
@icing icing requested a review from bagder February 20, 2025 14:42
@icing icing force-pushed the wolfssl-earlydata branch from 9641907 to 8de1264 Compare February 22, 2025 09:29
@bagder
Copy link
Member

bagder commented Feb 22, 2025

This should be mentioned in CURLOPT_SSL_OPTIONS.md for wolfSSL and curl 8.13.0, right?

@icing
Copy link
Contributor Author

icing commented Feb 22, 2025

This should be mentioned in CURLOPT_SSL_OPTIONS.md for wolfSSL and curl 8.13.0, right?

Right. Just added it.

icing added 12 commits February 22, 2025 14:51
@icing
wolfssl, tls early data
6e14234 
Enable TLS Early Data for wolfSSL:

- merge WOLFSSL_CTX and WOLFSSL setup from ngtcp2 with the general implemenation in wolfssl.c
- enable for QUIC via ngtcp2
- give Curl_vquic_tls_init() a `struct alpn_spec` like used for the TCP case. Adapt gnutls and other users.
- enable pytest test cases for early data with wolfSSL

and while this messes up wolfssl.c anyway, do

- rename all struct/functions with prefix 'wolfssl_' to 'wssl_' to not pollute that name prefix
- rename `ctx/handle` to `ssl_ctx/ssl`, as used in openssl case
@icing
fix code in ECH ifdefs
e46f109
@icing
ifdef WOLFSSL_EARLY_DATA support, fixed unused alpns param
11f141c
@icing
fix unused local var
965caa5
@icing
ifdef for WOLFSSL_QUIC presence
40259af
@icing
do not use wolfSSL_set_alpn_protos from its openssl compat layer
09d8eed
@icing
ngtcp2, ifdef WOLFSSL_EARLY_DATA
30e3e22
@icing
init local result var when declaring
b11a3ec
@icing
use "wolf" prefix for functions everyhwere
176b83a 
Some functions may only available in wolfSSl when built with
"openssl-extra", but use the wolf* names to avoid any confusion.
@icing
resolving merge hickups
b479864
@icing
remove result redeclaration
b8d9c15
@icing
update documentation
58f3e6a
@icing icing force-pushed the wolfssl-earlydata branch from 3df548b to 58f3e6a Compare February 22, 2025 13:57
@bagder bagder closed this in edd573d Feb 24, 2025
vszakats added a commit to vszakats/curl that referenced this pull request Apr 15, 2025
@vszakats
wolfssl: fix to enable ALPN when available
0d1e7c0 
Follow-up to edd573d curl#16167
@vszakats vszakats mentioned this pull request Apr 15, 2025
Closed
vszakats added a commit that referenced this pull request Apr 15, 2025
@vszakats
wolfssl: fix to enable ALPN when available
00e8ebf 
wolfSSL headers publish the `HAVE_ALPN` macro to tell if it has ALPN
support compiled in. Use that instead of `HAS_ALPN`, which was never
set.

Follow-up to edd573d #16167
Closes #17056
nbaws pushed a commit to nbaws/curl that referenced this pull request Apr 26, 2025
@vszakats @nbaws
wolfssl: fix to enable ALPN when available
59d2b8c 
wolfSSL headers publish the `HAVE_ALPN` macro to tell if it has ALPN
support compiled in. Use that instead of `HAS_ALPN`, which was never
set.

Follow-up to edd573d curl#16167
Closes curl#17056
nbaws pushed a commit to nbaws/curl that referenced this pull request Apr 26, 2025
@vszakats @nbaws
wolfssl: fix to enable ALPN when available
007f328 
wolfSSL headers publish the `HAVE_ALPN` macro to tell if it has ALPN
support compiled in. Use that instead of `HAS_ALPN`, which was never
set.

Follow-up to edd573d curl#16167
Closes curl#17056
pps83 pushed a commit to pps83/curl that referenced this pull request Apr 26, 2025
@icing @pps83
wolfssl: tls early data support
caf464f 
Enable TLS Early Data for wolfSSL:

- merge WOLFSSL_CTX and WOLFSSL setup from ngtcp2 with the general
  implemenation in wolfssl.c
- enable for QUIC via ngtcp2
- give Curl_vquic_tls_init() a `struct alpn_spec` like used for the TCP
  case. Adapt gnutls and other users.
- enable pytest test cases for early data with wolfSSL

and while this messes up wolfssl.c anyway, do

- rename all struct/functions with prefix 'wolfssl_' to 'wssl_' to not
  pollute that name prefix
- rename `ctx/handle` to `ssl_ctx/ssl`, as used in openssl case

Closes curl#16167
@cpu cpu mentioned this pull request Jul 12, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bagder bagder Awaiting requested review from bagder

Assignees

No one assigned

Labels

feature-window A merge of this requires an open feature window tests

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@icing @bagder