romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 10:21:41 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/docs/libcurl
History
Wyatt O'Day 1dc6ddde06
mbedTLS: cleanup insecure/deprecated code 
1. With `MBEDTLS_SSL_PROTO_TLS1_2` not enabled, the mbedTLS code was not
able to connect to any server due to broken logic in curl's
`mbed_set_ssl_version_min_max()`. Now it correctly sets the minimum
supported TLS version based on what is compiled in the library.

2. If debugging is enabled, move the debugging enabling earlier in the
`mbed_connect_step1()` so that verbose errors are actually displayed if
failures happen (see the previous point -- it would've made debugging
that issue easier).

3. Remove the constant `mbedtls_x509_crt_profile_fr` and instead use
mbedTLS-included profile `mbedtls_x509_crt_profile_next` with
`mbedtls_ssl_conf_cert_profile()`. This will follow the latest standards
as new mbedTLS versions are released (rather than being stuck-in-time
until someone comes along to fix what was hard-coded here). This has the
immediate benefit of no longer supporting SHA1 certs and insecure RSA
key-lengths (1024). This fix immediately prevents previously possible
MITM attacks (SHA1 hashes and RSA-1024 keys can be forged relatively
easily by nation-state actors and criminal organizations with
deep-pockets).

4. Added [predictive
resistance](https://mbed-tls.readthedocs.io/en/latest/kb/how-to/add-a-random-generator/#enabling-prediction-resistance)
to the random number generator (adding more entropy to the RNG).

5. Split the random number generator into initialization, the actual
random generation, and the "freeing" of the resources. This
significantly reduces the overhead of using the RNG.

6. Removed the separate RNG function in the TLS connect stage (instead
use the "main" one) and remove the ad-hoc threading support. Instead
properly document how to enable threading in mbedTLS. As it was, other
internals of mbedTLS could have race conditions (in the RSA module in
particular) if `MBEDTLS_THREADING_C` was *not* enabled. And if it is
enabled, then these race-conditions cannot happen. And also, if
MBEDTLS_THREADING_C is enabled then the RNG functions [are fully
thread-safe](https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading/).

   So, the previous ad-hoc threading support was both partial and broken.

7. Enable support for disabling `MBEDTLS_PEM_PARSE_C`.

8. Add support for `CURLOPT_SSLCERTTYPE` so user can specify `PEM` or
`DER` and get faster execution.

Closes #19983
2025-12-20 17:33:57 +01:00
..
opts CURLOPT_ACCEPT_ENCODING.md: warn about the expansion 2025-12-19 10:44:43 +01:00
.gitignore gitignore: the generated libcurl-symbols.md 2024-01-25 16:34:06 +01:00
ABI.md docs: use present tense 2024-02-27 09:47:21 +01:00
CMakeLists.txt cmake: fix building docs when the base directory contains .3 2025-09-16 12:37:11 +02:00
curl_easy_cleanup.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_duphandle.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_escape.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_easy_getinfo.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_header.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_easy_init.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_nextheader.md docs/libcurl: fix C formatting nits 2025-12-04 22:49:03 +01:00
curl_easy_option_by_id.md docs: minor edits to please the new spellchecker regime 2025-02-27 13:15:21 +01:00
curl_easy_option_by_name.md docs: minor edits to please the new spellchecker regime 2025-02-27 13:15:21 +01:00
curl_easy_option_next.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_easy_pause.md docs/libcurl: fix C formatting nits 2025-12-04 22:49:03 +01:00
curl_easy_perform.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_recv.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_reset.md docs: use lowercase curl and libcurl 2025-01-02 17:15:54 +01:00
curl_easy_send.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_setopt.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_ssls_export.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_ssls_import.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_strerror.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_easy_unescape.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_easy_upkeep.md mqtt: send ping at upkeep interval 2025-04-16 09:36:19 +02:00
curl_escape.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_formadd.md docs/libcurl: fix C formatting nits 2025-12-04 22:49:03 +01:00
curl_formfree.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_formget.md docs/libcurl: fix C formatting nits 2025-12-04 22:49:03 +01:00
curl_free.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_getdate.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_getenv.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_global_cleanup.md badwords: catch and fix threading-related words 2025-12-16 21:26:58 +01:00
curl_global_init.md badwords: catch and fix threading-related words 2025-12-16 21:26:58 +01:00
curl_global_init_mem.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_global_sslset.md TLS: remove support for Secure Transport and BearSSL 2025-06-11 07:54:19 +02:00
curl_global_trace.md badwords: catch and fix threading-related words 2025-12-16 21:26:58 +01:00
curl_mime_addpart.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_data.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_data_cb.md docs/libcurl: fix C formatting nits 2025-12-04 22:49:03 +01:00
curl_mime_encoder.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_filedata.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_filename.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_free.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_headers.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_init.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_mime_name.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_subparts.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mime_type.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_mprintf.md docs/libcurl: fix C formatting nits 2025-12-04 22:49:03 +01:00
curl_multi_add_handle.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_assign.md docs: use mresult as variable name for CURLMcode 2025-12-17 08:55:12 +01:00
curl_multi_cleanup.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_fdset.md docs: use mresult as variable name for CURLMcode 2025-12-17 08:55:12 +01:00
curl_multi_get_handles.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_multi_get_offt.md curl_multi_get_offt: language fix 2025-08-05 11:48:31 +02:00
curl_multi_info_read.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_init.md docs/libcurl: expand multi documentation 2024-10-01 15:17:17 +02:00
curl_multi_notify_disable.md multi: use CURLMNOTIFY_ as notification id prefix 2025-10-07 17:18:05 +02:00
curl_multi_notify_enable.md multi: use CURLMNOTIFY_ as notification id prefix 2025-10-07 17:18:05 +02:00
curl_multi_perform.md docs: use mresult as variable name for CURLMcode 2025-12-17 08:55:12 +01:00
curl_multi_poll.md docs: use mresult as variable name for CURLMcode 2025-12-17 08:55:12 +01:00
curl_multi_remove_handle.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_multi_setopt.md multi: add notifications API 2025-10-07 10:55:31 +02:00
curl_multi_socket.md docs/libcurl: make examples build with picky compiler options 2025-04-11 15:23:51 +02:00
curl_multi_socket_action.md docs: use mresult as variable name for CURLMcode 2025-12-17 08:55:12 +01:00
curl_multi_socket_all.md docs/libcurl: make examples build with picky compiler options 2025-04-11 15:23:51 +02:00
curl_multi_strerror.md docs: use mresult as variable name for CURLMcode 2025-12-17 08:55:12 +01:00
curl_multi_timeout.md docs/libcurl: make examples build with picky compiler options 2025-04-11 15:23:51 +02:00
curl_multi_wait.md docs: use mresult as variable name for CURLMcode 2025-12-17 08:55:12 +01:00
curl_multi_waitfds.md docs: use mresult as variable name for CURLMcode 2025-12-17 08:55:12 +01:00
curl_multi_wakeup.md docs: use mresult as variable name for CURLMcode 2025-12-17 08:55:12 +01:00
curl_pushheader_byname.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_pushheader_bynum.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_share_cleanup.md docs/libcurl: add to cleanup docs that their inputs go invalid 2024-07-23 11:18:46 +02:00
curl_share_init.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_share_setopt.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_share_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_slist_append.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_slist_free_all.md docs/libcurl: make examples build with picky compiler options 2025-04-11 15:23:51 +02:00
curl_strequal.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_strnequal.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_unescape.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_url.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_url_cleanup.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
curl_url_dup.md docs/libcurl: return value overhall 2025-01-02 16:58:05 +01:00
curl_url_get.md doc: some returned in-memory data may not be altered 2025-11-25 11:05:27 +01:00
curl_url_set.md urlapi: allow more path characters "raw" when asked to URL encode 2025-08-01 23:22:32 +02:00
curl_url_strerror.md curldown: fixups 2024-07-19 17:03:25 +02:00
curl_version.md curl_version_info.md: clarify ssl_version for MultiSSL 2025-05-11 12:23:36 -04:00
curl_version_info.md apple sectrust: add to features 2025-10-16 10:58:45 +02:00
curl_ws_meta.md docs/libcurl: fix C formatting nits 2025-12-04 22:49:03 +01:00
curl_ws_recv.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_ws_send.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
curl_ws_start_frame.md docs: rename CURLcode variables to 'result' 2025-12-17 08:55:12 +01:00
libcurl-easy.md curldown: make 'added-in:' a mandatory header field 2024-07-18 18:04:09 +02:00
libcurl-env-dbg.md pytest: improve stragglers 2025-12-02 17:04:20 +01:00
libcurl-env.md netrc: use the NETRC environment variable (first) if set 2025-07-27 18:26:43 +02:00
libcurl-errors.md docs/libcurl: remove ancient version references 2025-09-12 08:27:38 +02:00
libcurl-multi.md libcurl-multi.md: added curl_multi_get_offt mention 2025-09-17 23:11:38 +02:00
libcurl-security.md docs: switch more URLs to https:// 2025-12-08 12:57:51 +01:00
libcurl-share.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
libcurl-thread.md mbedTLS: cleanup insecure/deprecated code 2025-12-20 17:33:57 +01:00
libcurl-tutorial.md badwords: catch and fix threading-related words 2025-12-16 21:26:58 +01:00
libcurl-url.md GHA: silence proselint warnings and an error 2024-10-15 16:44:17 +02:00
libcurl-ws.md websocket: support CURLOPT_READFUNCTION 2025-08-11 23:28:54 +02:00
libcurl.m4 autotools: tidy-up if expressions 2025-12-10 22:29:19 +01:00
libcurl.md badwords: catch and fix threading-related words 2025-12-16 21:26:58 +01:00
Makefile.am tests: always make bundles, adapt build and tests 2025-06-14 21:08:23 +02:00
Makefile.inc multi: add notifications API 2025-10-07 10:55:31 +02:00
mksymbolsmanpage.pl scripts: enable strict warnings in Perl where missing, fix fallouts 2025-07-27 22:35:18 +02:00
symbols-in-versions multi: use CURLMNOTIFY_ as notification id prefix 2025-10-07 17:18:05 +02:00
symbols.pl scripts: enable strict warnings in Perl where missing, fix fallouts 2025-07-27 22:35:18 +02:00