romenskiy2012/curl

Fork 0

mirror of https://github.com/curl/curl.git synced 2026-04-20 11:21:15 +03:00

Commit graph

Author	SHA1	Message	Date
Daniel Stenberg	08a3e8e19a	TLS: remove support for Secure Transport and BearSSL These libraries do not support TLS 1.3 and have been marked for removal for over a year. We want to help users select a TLS dependency that is future-proof and reliable, and not supporting TLS 1.3 in 2025 does not infer confidence. Users who build libcurl are likely to be served better and get something more future-proof with a TLS library that supports 1.3. Closes #16677	2025-06-11 07:54:19 +02:00
Yedaya Katsman	2cf19c245e	tests: test mtls also w/ clientAuth EKU only The google chrome root program will stop allowing roots that have both clientAuth and ServerAuth [1]. In one of the mtls tests, use a certificate with only the clientAuth EKU. [1] https://googlechrome.github.io/chromerootprogram/#322-pki-hierarchies-included-in-the-chrome-root-store Closes #17493	2025-05-31 15:20:25 +02:00
Yedaya Katsman	8988f33f62	tests: Add https-mtls server to force client auth - test2088 verifies that mutual tls works This adds a new certificate to generate which has the clientAuth key usage enabled, and uses it to connect to a https-mtls server. Closes #16923	2025-04-07 08:46:56 +02:00

Author

SHA1

Message

Date

Daniel Stenberg

08a3e8e19a

TLS: remove support for Secure Transport and BearSSL

These libraries do not support TLS 1.3 and have been marked for removal
for over a year. We want to help users select a TLS dependency that is
future-proof and reliable, and not supporting TLS 1.3 in 2025 does not
infer confidence. Users who build libcurl are likely to be served better
and get something more future-proof with a TLS library that supports
1.3.

Closes #16677

2025-06-11 07:54:19 +02:00

Yedaya Katsman

2cf19c245e

tests: test mtls also w/ clientAuth EKU only

The google chrome root program will stop allowing roots that have both
clientAuth and ServerAuth [1].

In one of the mtls tests, use a certificate with only the clientAuth
EKU.

[1] https://googlechrome.github.io/chromerootprogram/#322-pki-hierarchies-included-in-the-chrome-root-store

Closes #17493

2025-05-31 15:20:25 +02:00

Yedaya Katsman

8988f33f62

tests: Add https-mtls server to force client auth

- test2088 verifies that mutual tls works

This adds a new certificate to generate which has the clientAuth key
usage enabled, and uses it to connect to a https-mtls server.

Closes #16923

2025-04-07 08:46:56 +02:00

3 commits