romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-04 08:57:52 +03:00
Code Issues Projects Releases Packages Wiki Activity

rustls: add ECH support w/ string ECH config

Browse source 
e.g. `curl --tlsv1.3 --ech ecl:<BASE64 encoded ECH config list> ...`

Closes #16828
This commit is contained in:
Daniel McCarney 2025-03-24 12:11:54 -04:00 committed by Daniel Stenberg
parent 233b668903
commit b1ba919676
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 26 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

26
lib/vtls/rustls.c
View file

@ -903,6 +903,8 @@ init_config_builder_ech(struct Curl_easy *data,
struct rustls_client_config_builder *builder)
{
const rustls_hpke *hpke = rustls_supported_hpke();
unsigned char *ech_config = NULL;
size_t ech_config_len = 0;
if(!hpke) {
failf(data,
@ -924,6 +926,30 @@ init_config_builder_ech(struct Curl_easy *data,
return CURLE_SSL_CONNECT_ERROR;
}
}
else if(data->set.tls_ech & CURLECH_CLA_CFG
&& data->set.str[STRING_ECH_CONFIG]) {
const char *b64 = data->set.str[STRING_ECH_CONFIG];
size_t decode_result;
rustls_result rr;
if(!b64) {
infof(data, "rustls: ECHConfig from command line empty");
return CURLE_SSL_CONNECT_ERROR;
}
/* rustls-ffi expects the raw TLS encoded ECHConfigList bytes */
decode_result = Curl_base64_decode(b64, &ech_config, &ech_config_len);
if(decode_result || !ech_config) {
infof(data, "rustls: cannot base64 decode ECHConfig from command line");
return CURLE_SSL_CONNECT_ERROR;
}
rr = rustls_client_config_builder_enable_ech(builder,
ech_config,
ech_config_len,
hpke);
if(rr != RUSTLS_RESULT_OK) {
rustls_failf(data, rr, "rustls: failed to configure ECH");
return CURLE_SSL_CONNECT_ERROR;
}
}
return CURLE_OK;
}