Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: ECH support when curl is using DoH
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Stephen Farrell <stephen.farrell_at_cs.tcd.ie>
Date: Sat, 16 Sep 2023 01:47:31 +0100
Hiya,
On 15/09/2023 16:14, Daniel Stenberg wrote:
> On Thu, 14 Sep 2023, Stephen Farrell wrote:
>
>> I've only gotten this working on a localhost test so far but reckon I
>> should have curl+ECH working with either OpenSSL or WolfSSL in the
>> next week or so. Once I'm there, is it worth making a PR for curl on
>> github to get feedback
>
> Sure, why not?!
Will do that so:-)
As of now, I have both curl+OpenSSL+ECH and curl+WolfSSL+ECH
working more or less the same wrt ECH, both being able to
take an ECHConfig from command line or from an HTTPS RR in
DNS.
I still have to add more HTTPS RR parsing (e.g. to pull out
ALPNs and IP address hints) and for some reason the WolfSSL
version doesn't like the defo.ie public key cert (--capath
doesn't seem to work the same with both?), but the ECH
handling is the same, so things seem in good shape. I guess
that attempting to walk the DNS tree if an aliasMode HTTPS
RR is found is ok to leave for later. (So I plan to leave
that for later:-)
Question: what, if anything, is worth doing now to consider
how applications using libcurl might make use of ECH? If the
answer is "don't worry about that yet", I'm fine with that,
if there's something obvious to do, happy to do that before
I make a PR.
Cheers,
S.
.
Received on 2023-09-16
Date: Sat, 16 Sep 2023 01:47:31 +0100
Hiya,
On 15/09/2023 16:14, Daniel Stenberg wrote:
> On Thu, 14 Sep 2023, Stephen Farrell wrote:
>
>> I've only gotten this working on a localhost test so far but reckon I
>> should have curl+ECH working with either OpenSSL or WolfSSL in the
>> next week or so. Once I'm there, is it worth making a PR for curl on
>> github to get feedback
>
> Sure, why not?!
Will do that so:-)
As of now, I have both curl+OpenSSL+ECH and curl+WolfSSL+ECH
working more or less the same wrt ECH, both being able to
take an ECHConfig from command line or from an HTTPS RR in
DNS.
I still have to add more HTTPS RR parsing (e.g. to pull out
ALPNs and IP address hints) and for some reason the WolfSSL
version doesn't like the defo.ie public key cert (--capath
doesn't seem to work the same with both?), but the ECH
handling is the same, so things seem in good shape. I guess
that attempting to walk the DNS tree if an aliasMode HTTPS
RR is found is ok to leave for later. (So I plan to leave
that for later:-)
Question: what, if anything, is worth doing now to consider
how applications using libcurl might make use of ECH? If the
answer is "don't worry about that yet", I'm fine with that,
if there's something obvious to do, happy to do that before
I make a PR.
Cheers,
S.
.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
- application/pgp-keys attachment: OpenPGP public key
- application/pgp-signature attachment: OpenPGP digital signature