Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bearssl: support CURLOPT_CAINFO_BLOB #7468

Closed
wants to merge 1 commit into from
Closed

bearssl: support CURLOPT_CAINFO_BLOB #7468

wants to merge 1 commit into from

Conversation

AzazKamaz
Copy link
Contributor

Just implement support to use CURLOPT_CAINFO_BLOB with bearssl.
Also fixed bearssl support building error on hostname = NULL; while having const char * const hostname = SSL_HOST_NAME();

There are four ways to implement support:

  • have one function with parsing cert file from the buffer and two ways to get buffer. I don't want to read an entire file into memory so denied
  • have two big functions with similar code buf from different sources. Too big code repeat so denied
  • parse cert file iteratively while having state struct. Need to split function into some struct, init(), dispose() and update(). Denied because of complexity
  • have some switches in the cert parsing function. The easiest way with a minimum amount of modification. Implemented this way

@bagder bagder added the TLS label Jul 21, 2021
danielgustafsson
danielgustafsson reviewed Jul 21, 2021
View reviewed changes
lib/vtls/bearssl.c Outdated Show resolved Hide resolved
lib/vtls/bearssl.c Outdated Show resolved Hide resolved
lib/vtls/bearssl.c Outdated Show resolved Hide resolved
jsoref
jsoref reviewed Jul 22, 2021
View reviewed changes
lib/vtls/bearssl.c Outdated Show resolved Hide resolved
@AzazKamaz
Copy link
Contributor Author

Actually, I am force pushing my branch to stay away from commits like "fix formatting" or "change initialization way"

bagder
bagder reviewed Jul 22, 2021
View reviewed changes
Copy link
Member

@bagder bagder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The CURLOPT_CAINFO_BLOB.3 man page need an update to clarify that bearssl also supports this option from >= 7.79.0, right?

lib/vtls/bearssl.c Outdated Show resolved Hide resolved
@AzazKamaz
Copy link
Contributor Author

I have added info to docs and used DEBUGASSERT for check.
Also I have changed source->len ? source->len : strlen(source->data) to source->len because documentation requires pointer and size and strlen will cause problems if buffer is zero-length and not zero-determinated.
And added check source->len <= (size_t)INT_MAX same as in OpenSSL backend

@jsoref jsoref mentioned this pull request Jul 23, 2021
Closed
@AzazKamaz AzazKamaz requested a review from bagder July 23, 2021 10:23
@jay jay added the feature-window A merge of this requires an open feature window label Jul 26, 2021
@bagder
Copy link
Member

bagder commented Jul 28, 2021

Thanks!

@bagder bagder closed this in beb1b1c Jul 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jsoref jsoref jsoref left review comments

@bagder bagder bagder approved these changes

@danielgustafsson danielgustafsson Awaiting requested review from danielgustafsson

Assignees
No one assigned
Labels
feature-window A merge of this requires an open feature window TLS
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@AzazKamaz @bagder @danielgustafsson @jsoref @jay