diff options
Diffstat (limited to 'Utilities/cmcurl/lib/vquic')
| -rw-r--r-- | Utilities/cmcurl/lib/vquic/msh3.c | 11 | ||||
| -rw-r--r-- | Utilities/cmcurl/lib/vquic/ngtcp2.c | 13 |
2 files changed, 18 insertions, 6 deletions
diff --git a/Utilities/cmcurl/lib/vquic/msh3.c b/Utilities/cmcurl/lib/vquic/msh3.c index be18e6e83c..f7bd315be1 100644 --- a/Utilities/cmcurl/lib/vquic/msh3.c +++ b/Utilities/cmcurl/lib/vquic/msh3.c @@ -95,7 +95,9 @@ static const MSH3_REQUEST_IF msh3_request_if = { void Curl_quic_ver(char *p, size_t len) { - (void)msnprintf(p, len, "msh3/%s", "0.0.1"); + uint32_t v[4]; + MsH3Version(v); + (void)msnprintf(p, len, "msh3/%d.%d.%d.%d", v[0], v[1], v[2], v[3]); } CURLcode Curl_quic_connect(struct Curl_easy *data, @@ -121,7 +123,10 @@ CURLcode Curl_quic_connect(struct Curl_easy *data, return CURLE_FAILED_INIT; } - qs->conn = MsH3ConnectionOpen(qs->api, conn->host.name, unsecure); + qs->conn = MsH3ConnectionOpen(qs->api, + conn->host.name, + (uint16_t)conn->remote_port, + unsecure); if(!qs->conn) { failf(data, "can't create msh3 connection"); if(qs->api) { @@ -357,7 +362,7 @@ static void MSH3_CALL msh3_complete(MSH3_REQUEST *Request, void *IfContext, struct HTTP *stream = IfContext; (void)Request; (void)AbortError; - H3BUGF(printf("* msh3_complete, aborted=%hhu\n", Aborted)); + H3BUGF(printf("* msh3_complete, aborted=%s\n", Aborted ? "true" : "false")); msh3_lock_acquire(&stream->recv_lock); if(Aborted) { stream->recv_error = CURLE_HTTP3; /* TODO - how do we pass AbortError? */ diff --git a/Utilities/cmcurl/lib/vquic/ngtcp2.c b/Utilities/cmcurl/lib/vquic/ngtcp2.c index abce631337..f1a64eea85 100644 --- a/Utilities/cmcurl/lib/vquic/ngtcp2.c +++ b/Utilities/cmcurl/lib/vquic/ngtcp2.c @@ -264,6 +264,7 @@ static SSL_QUIC_METHOD quic_method = {quic_set_encryption_secrets, static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) { + struct connectdata *conn = data->conn; SSL_CTX *ssl_ctx = SSL_CTX_new(TLS_method()); SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_3_VERSION); @@ -291,12 +292,11 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) SSL_CTX_set_keylog_callback(ssl_ctx, keylog_callback); } - { - struct connectdata *conn = data->conn; + if(conn->ssl_config.verifypeer) { const char * const ssl_cafile = conn->ssl_config.CAfile; const char * const ssl_capath = conn->ssl_config.CApath; - if(conn->ssl_config.verifypeer) { + if(ssl_cafile || ssl_capath) { SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER, NULL); /* tell OpenSSL where to find CA certificates that are used to verify the server's certificate. */ @@ -311,6 +311,13 @@ static SSL_CTX *quic_ssl_ctx(struct Curl_easy *data) infof(data, " CAfile: %s", ssl_cafile ? ssl_cafile : "none"); infof(data, " CApath: %s", ssl_capath ? ssl_capath : "none"); } +#ifdef CURL_CA_FALLBACK + else { + /* verifying the peer without any CA certificates won't work so + use openssl's built-in default as fallback */ + SSL_CTX_set_default_verify_paths(ssl_ctx); + } +#endif } return ssl_ctx; } |