Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ngtcp2: verify the server cert on connect #8178

wants to merge 2 commits into from


Copy link

@bagder bagder commented Dec 23, 2021

This makes ngtcp2+quictls acknowledge CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST

  • ngtcp2 + quictls
  • ngtcp2 + gnutls
  • quiche

Ref: #8173

@bagder bagder added the HTTP/3 h3 or quic related label Dec 23, 2021
Copy link
Member Author

bagder commented Dec 23, 2021

Since quiche uses boringssl, it can probably be possible to use more or less the same code there, and possibly we can write the generic openssl certificate check code to be usable in all three places, but as a first shot the functionality should get there and only later I'll work on combining code.

Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and

The name check now uses a function from lib/vtls/openssl.c which will
need attention for when TLS is not done by OpenSSL or is disabled while
QUIC is enabled.

Possibly the servercert() function in openssl.c should be adjusted to be
able to use for both regular TLS and QUIC.

Ref: #8173
@bagder bagder closed this in c148f0f Dec 28, 2021
bagder added a commit that referenced this pull request Dec 28, 2021
@bagder bagder deleted the bagder/http3-ngtcp2-cacert branch January 4, 2022 15:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
HTTP/3 h3 or quic related

Successfully merging this pull request may close these issues.

None yet

1 participant