- schannel: apply BoringSSL workaround to AWS-LC too.
Affects Schannel + AWS-LC MultiSSL builds. (not tested in CI)
Ref: 274940d743#2643#2634
- curl_ntlm_core: deduplicate macro defines.
- curl_ntlm_core: document version thresholds for an AWS-LC-specific
workaround.
It was necessary between v1.2.0 2022-09-01 and v1.30.1 2024-06-21.
No longer necessary since v1.31.0 2024-07-01:
ba94617d99
Follow-up to 34ef4fab22#10320
- lib758: drop redundant OpenSSL version guards.
`OPENSSL_VERSION_NUMBER > 3` automatically guards against LibreSSL,
BoringSSL and AWS-LC.
Ref: https://github.com/curl/curl/pull/18288/commits/6ddd8f2c0bbfcb0847b1ee7f257fb772fa47310c
Follow-up to a5f0ab7995#18288
- dllmain, curl_sha512_256: formatting.
Closes#18387
- use wakeup sockets non-locked.
- send wakeup notify only in normal control flow (not cancel). close
wakeup sockets in unlink only.
- remove 5ms thread lifetime wait crutch before pthread_cancel().
Closes#18380
To avoid NULL derferences with many outputs and --next.
Follow-up to 034612cd51
Add test 760 to verify
Reported-by: BobodevMm on github
Fixes#18375Closes#18376
Make it error if another TLS backend is used. Also tweaked the
documentation for it to make it more clear it is only for OpenSSL.
Follow-up to 9cf4759354
Reported-by: Michael Osipov
Fixes#18362Closes#18364
- drop `ALLOW_RENEG` undocumented (insecure) build-time option.
- drop unnecessary check for `OPENSSL_VERSION_NUMBER`.
It's present in all supported OpenSSL versions and forks.
Follow-up to 80c10c5d5d#18351
Follow-up to 59311bd3df#3293#3283Closes#18359
To please the curl_multi_setopt() typechecker
- set multi callback protypes to match exactylu
- set CURLMOPT_MAX_HOST_CONNECTIONS as a long
Closes#18357
... even if there are tests still pending. To help visualize tests that
might be hanging.
Attempts to set the limit at 10 seconds of silence.
Closes#18349
- cancel thread waits until thread start is at least 5ms in the past
to give it some time to get its cancellation setup in place
- cancel thread without holding the mutex. It's supposed to be an
async operation, but better be safe
- set DEFERRED cancel state explicitly, should be default in a pthread,
but better be safe
Closes#18350
- assume:
- `BIO_CTRL_EOF`
- `SSL_CTRL_SET_MSG_CALLBACK`
- `SSL_CTRL_SET_MSG_CALLBACK`
- `SSL_CTRL_SET_TLSEXT_HOSTNAME`
- `SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER`
- `SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS`
- `SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG`
- `SSL_OP_NO_COMPRESSION`
- `SSL_OP_NO_TICKET`
- `X509_V_FLAG_PARTIAL_CHAIN`
- `X509_V_FLAG_TRUSTED_FIRST`
They are present in all supported OpenSSL (and fork) versions.
- replace `SSL_ERROR_WANT_EARLY` with `SSL_ERROR_WANT_CLIENT_HELLO_CB`.
The former appeared in OpenSSL 1.1.1-dev, but renamed before
the stable release.
- document support for macros:
- `ENGINE_CTRL_GET_CMD_FROM_NAME`
- `SSL_ERROR_WANT_ASYNC_JOB`
- `SSL_ERROR_WANT_ASYNC`
- `SSL2_VERSION_MAJOR`
- `TLS1_3_VERSION`
- drop legacy fallback for `CONF_MFLAGS_DEFAULT_SECTION`.
It was there for OpenSSL 0.9.8 support.
- fix `SSL_CTRL_SET_MSG_CALLBACK` accidentally serving as a guard for
OpenSSL (and forks) as a whole.
Tested OK with OpenSSL 1.0.2 and 1.1.0 in CI.
Closes#18351
