romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 01:01:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

TLS: TLSv1.3 earlydata support for curl

Browse source 
Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.

If a known TLS session announces early data support, and the feature is
enabled *and* it is not a "connect-only" transfer, delay the TLS
handshake until the first request is being sent.

- Add --tls-earldata as new boolean command line option for curl.
- Add CURLSSLOPT_EARLYDATA to libcurl to enable use of the feature.
- Add CURLINFO_EARLYDATA_SENT_T to libcurl, reporting the amount of
  bytes sent and accepted/rejected by the server.

Implementation details:
- store the ALPN protocol selected at the SSL session.
- When reusing the session and enabling earlydata, use exactly
  that ALPN protocol for negoptiation with the server. When the
  sessions ALPN does not match the connections ALPN, earlydata
  will not be enabled.
- Check that the server selected the correct ALPN protocol for
  an earlydata connect. If the server does not confirm or reports
  something different, the connect fails.
- HTTP/2: delay sending the initial SETTINGS frames during connect,
  if not connect-only.

Verification:
- add test_02_32 to verify earlydata GET with nghttpx.
- add test_07_70 to verify earlydata PUT with nghttpx.
- add support in 'hx-download', 'hx-upload' clients for the feature

Assisted-by: ad-chaos on github
Closes #15211
This commit is contained in:
Stefan Eissing 2024-10-09 14:46:32 +02:00 committed by Daniel Stenberg
parent d0377f5a86
commit 962097b8dd
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
40 changed files with 899 additions and 134 deletions
Download patch file Download diff file Expand all files Collapse all files

6
include/curl/curl.h
View file

@ -943,6 +943,9 @@ typedef enum {
a client certificate for authentication. (Schannel) */
#define CURLSSLOPT_AUTO_CLIENT_CERT (1<<5)
/* If possible, send data using TLS 1.3 early data */
#define CURLSSLOPT_EARLYDATA (1<<6)
/* The default connection attempt delay in milliseconds for happy eyeballs.
CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.3 and happy-eyeballs-timeout-ms.d document
this value, keep them in sync. */
@ -2954,7 +2957,8 @@ typedef enum {
CURLINFO_QUEUE_TIME_T = CURLINFO_OFF_T + 65,
CURLINFO_USED_PROXY = CURLINFO_LONG + 66,
CURLINFO_POSTTRANSFER_TIME_T = CURLINFO_OFF_T + 67,
CURLINFO_LASTONE = 67
CURLINFO_EARLYDATA_SENT_T = CURLINFO_OFF_T + 68,
CURLINFO_LASTONE = 68
} CURLINFO;
/* CURLINFO_RESPONSE_CODE is the new name for the option previously known as