Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bearssl: support CURLOPT_CAINFO_BLOB #7468

Closed
wants to merge 1 commit into from
Closed

bearssl: support CURLOPT_CAINFO_BLOB #7468

wants to merge 1 commit into from

Conversation

@AzazKamaz
Copy link
Contributor

@AzazKamaz AzazKamaz commented Jul 21, 2021

Just implement support to use CURLOPT_CAINFO_BLOB with bearssl.
Also fixed bearssl support building error on hostname = NULL; while having const char * const hostname = SSL_HOST_NAME();

There are four ways to implement support:

  • have one function with parsing cert file from the buffer and two ways to get buffer. I don't want to read an entire file into memory so denied
  • have two big functions with similar code buf from different sources. Too big code repeat so denied
  • parse cert file iteratively while having state struct. Need to split function into some struct, init(), dispose() and update(). Denied because of complexity
  • have some switches in the cert parsing function. The easiest way with a minimum amount of modification. Implemented this way
@bagder bagder added the SSL/TLS label Jul 21, 2021
lib/vtls/bearssl.c Outdated Show resolved Hide resolved
lib/vtls/bearssl.c Outdated Show resolved Hide resolved
lib/vtls/bearssl.c Outdated Show resolved Hide resolved
lib/vtls/bearssl.c Outdated Show resolved Hide resolved
@AzazKamaz
Copy link
Contributor Author

@AzazKamaz AzazKamaz commented Jul 22, 2021

Actually, I am force pushing my branch to stay away from commits like "fix formatting" or "change initialization way"

@AzazKamaz AzazKamaz requested a review from danielgustafsson Jul 22, 2021
Copy link
Member

@bagder bagder left a comment

The CURLOPT_CAINFO_BLOB.3 man page need an update to clarify that bearssl also supports this option from >= 7.79.0, right?

lib/vtls/bearssl.c Outdated Show resolved Hide resolved
@AzazKamaz
Copy link
Contributor Author

@AzazKamaz AzazKamaz commented Jul 23, 2021

I have added info to docs and used DEBUGASSERT for check.
Also I have changed source->len ? source->len : strlen(source->data) to source->len because documentation requires pointer and size and strlen will cause problems if buffer is zero-length and not zero-determinated.
And added check source->len <= (size_t)INT_MAX same as in OpenSSL backend

@jsoref jsoref mentioned this pull request Jul 23, 2021
@AzazKamaz AzazKamaz requested a review from bagder Jul 23, 2021
bagder
bagder approved these changes Jul 25, 2021
@bagder
Copy link
Member

@bagder bagder commented Jul 28, 2021

Thanks!

@bagder bagder closed this in beb1b1c Jul 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants