Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ngtcp2: verify the server cert on connect #8178

Closed
wants to merge 2 commits into from
Closed

Conversation

@bagder
Copy link
Member

@bagder bagder commented Dec 23, 2021

This makes ngtcp2+quictls acknowledge CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST

  • ngtcp2 + quictls
  • ngtcp2 + gnutls
  • quiche

Ref: #8173

@bagder bagder added the HTTP/3 label Dec 23, 2021
@bagder
Copy link
Member Author

@bagder bagder commented Dec 23, 2021

Since quiche uses boringssl, it can probably be possible to use more or less the same code there, and possibly we can write the generic openssl certificate check code to be usable in all three places, but as a first shot the functionality should get there and only later I'll work on combining code.

bagder added 2 commits Dec 25, 2021
Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and
`CURLOPT_SSL_VERIFYHOST`.

The name check now uses a function from lib/vtls/openssl.c which will
need attention for when TLS is not done by OpenSSL or is disabled while
QUIC is enabled.

Possibly the servercert() function in openssl.c should be adjusted to be
able to use for both regular TLS and QUIC.

Ref: #8173
@bagder bagder force-pushed the bagder/http3-ngtcp2-cacert branch from 0ed45a6 to 08bcfd8 Dec 25, 2021
@bagder bagder closed this in c148f0f Dec 28, 2021
@bagder bagder deleted the bagder/http3-ngtcp2-cacert branch Jan 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

1 participant