romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-10 21:46:19 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/lib/vtls
History
Viktor Szakats 3eb00fa795
openssl: save and restore OpenSSL error queue in two functions 
After merging #18228, I reviewed whether the clearing of the error queue
may interfere with preceding code. Turns out there may be a preceding
`SSL_Connect()` call.

This patch replaces the previous fix of clearing the error queue with
saving and restoring it in two functions which may be called between
the connect call and the `SSL_get_error()` call following it:
- `ossl_log_tls12_secret()`
- `Curl_ssl_setup_x509_store()`

The `ERR_set_mark()`, `ERR_pop_to_mark()` functions are present in all
supported OpenSSL and LibreSSL versions. Also in BoringSSL since its
initial commit.

OpenSSL may modify its error queue in all API calls that can fail.

Thanks-to: Viktor Dukhovni
Ref: https://github.com/curl/curl/issues/18190#issuecomment-3167702142
Ref: https://github.com/curl/curl/issues/18190#issuecomment-3169211739
Ref: https://github.com/curl/curl/issues/18190#issuecomment-3169988050

Follow-up to 8ec241bc99 #18228 #18190
Ref: e8b00fcd6a #10432 #10389
Fixes #18190
Closes #18234
2025-08-13 18:54:08 +02:00
..
.checksrc checksrc: reduce exceptions, apply again to curlx 2025-06-27 17:33:35 +02:00
cipher_suite.c tidy-up: prefer ifdef/ifndef for single checks 2025-07-27 22:35:17 +02:00
cipher_suite.h TLS: remove support for Secure Transport and BearSSL 2025-06-11 07:54:19 +02:00
gtls.c tidy-up: prefer ifdef/ifndef for single checks 2025-07-27 22:35:17 +02:00
gtls.h http/3: report handshake with version and cipher as for TCP connections 2025-07-14 14:08:32 +02:00
hostcheck.c tidy-up: more whitespace/indent, comments 2025-07-25 11:47:51 +02:00
hostcheck.h openssl: some small cleanups 2025-07-18 00:40:26 +02:00
keylog.c urlapi: use uppercase hex encoding 2025-06-25 11:44:13 +02:00
keylog.h spelling: 'a' vs 'an' 2025-05-30 11:38:35 +02:00
mbedtls.c mbedtls: bump minimum version required to 3.2.0 2025-08-13 09:09:45 +02:00
mbedtls.h lib: include files using known path 2025-04-08 17:00:00 +02:00
mbedtls_threadlock.c lib: include files using known path 2025-04-08 17:00:00 +02:00
mbedtls_threadlock.h lib: include files using known path 2025-04-08 17:00:00 +02:00
openssl.c openssl: save and restore OpenSSL error queue in two functions 2025-08-13 18:54:08 +02:00
openssl.h openssl: check SSL_write() length on retries 2025-08-01 17:54:05 +02:00
rustls.c tls: CURLINFO_TLS_SSL_PTR testing 2025-08-01 09:37:36 +02:00
rustls.h lib: include files using known path 2025-04-08 17:00:00 +02:00
schannel.c schannel: add an error message for client cert not found 2025-08-08 03:43:54 -04:00
schannel.h tidy-up: prefer ifdef/ifndef for single checks 2025-07-27 22:35:17 +02:00
schannel_int.h schannel: not supported with UWP, drop redundant code 2025-07-31 20:05:32 +02:00
schannel_verify.c windows: document toolchain support for CERT_NAME_SEARCH_ALL_NAMES_FLAG 2025-07-31 20:43:21 +02:00
vtls.c vtls: set seen http version on successful ALPN 2025-08-05 16:01:39 +02:00
vtls.h tidy-up: whitespace 2025-07-11 13:32:54 +02:00
vtls_int.h lib: replace getsock() logic with pollsets 2025-08-04 23:43:13 +02:00
vtls_scache.c tidy-up: whitespace 2025-07-11 13:32:54 +02:00
vtls_scache.h lib: replace scache no-op macros with #ifdef 2025-06-27 17:33:34 +02:00
vtls_spack.c build: fix build errors/warnings in rare configurations 2025-07-23 22:17:03 +02:00
vtls_spack.h build: fix build errors/warnings in rare configurations 2025-07-23 22:17:03 +02:00
wolfssl.c wolfssl: rename ML-KEM hybrids to match IETF draft 2025-08-05 08:58:19 +02:00
wolfssl.h GHA/checksrc: expand spellcheck, fix issues found 2025-07-21 16:09:01 +02:00
x509asn1.c misc: fix typos 2025-07-12 08:59:44 +02:00
x509asn1.h TLS: remove support for Secure Transport and BearSSL 2025-06-11 07:54:19 +02:00