-
"HTTP/3 please". Attempt to use HTTP/3 but fallback to h1/h2 if h3 does not work. This option makes curl try h3 first and if that has not succeeded after N milliseconds, a second attempt using TLS+TCP is initiated and then the first to connect wins and is used. This might then also make h3 not get used if it is too slow. In a future, if a significant portion of servers run HTTP/3, we could consider enabling this option by default.
-
"HTTP/3 only". Only try HTTP/3 against the given server and fail if h3 was
Daniel Stenberg bagder
⌨️
bagder
/ h3-options.md
Last active
January 13, 2023 23:32
How to select HTTP/3 when the support goes "release" for real
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/lib/http2.c b/lib/http2.c | |
| index 3c8674cbf..ead356307 100644 | |
| --- a/lib/http2.c | |
| +++ b/lib/http2.c | |
| @@ -391,12 +391,14 @@ static bool http2_connisdead(struct Curl_cfilter *cf, struct Curl_easy *data) | |
| not in use by any other transfer, there shouldn't be any data here, | |
| only "protocol frames" */ | |
| CURLcode result; | |
| ssize_t nread = -1; | |
bagder
/ output.txt
Created
December 29, 2022 08:18
pytest in tests/httpd (WITH apache2-dev installed)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cd tests/httpd | |
| $ pytest | |
| ===================================== test session starts ===================================== | |
| platform linux -- Python 3.10.9, pytest-7.2.0, pluggy-1.0.0+repack | |
| httpd: [/usr/sbin/apache2] | |
| rootdir: /home/daniel/src/curl/tests/httpd | |
| collected 0 items / 1 error | |
| =========================================== ERRORS ============================================ | |
| ______________________________ ERROR collecting test_01_basic.py ______________________________ |
bagder
/ output.txt
Last active
December 29, 2022 08:17
pytest in tests/httpd (without apache2-dev installed)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ cd tests/httpd/ | |
| $ pytest | |
| ===================================== test session starts ===================================== | |
| platform linux -- Python 3.10.9, pytest-7.2.0, pluggy-1.0.0+repack | |
| httpd: [/usr/sbin/apache2] | |
| rootdir: /home/daniel/src/curl/tests/httpd | |
| collected 0 items / 1 error | |
| =========================================== ERRORS ============================================ | |
| ______________________________ ERROR collecting test_01_basic.py ______________________________ |
bagder
/ audit-response.md
Last active
December 21, 2022 13:21
The curl security-team's response to the curl security audit remarks December 2022
The subject was brought up for discussion on the mailing list: https://curl.se/mail/lib-2022-09/0149.html - no actual changes for this have been made.
This remains an outstanding TODO. MQTT is a little used protocol in curl and this (MQTT over TLS) has not appeared much as a wanted feature.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <curl/curl.h> | |
| #define F "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\x01\xff" | |
| #define F2 F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F | |
| int main(void) | |
| { | |
| printf("%s\n", curl_version()); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <string.h> | |
| #include <curl/curl.h> | |
| #define F "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\x01\xff" | |
| #define F2 F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F F | |
| #define F3 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 F2 | |
| #define F4 F3 F3 | |
| int main(void) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl [master]$ ./src/curl -w '%{certs}\n' https://curl.se/ -s -o /dev/null | |
| Subject:CN = curl.se | |
| Issuer:C = US, O = Let's Encrypt, CN = R3 | |
| Version:2 | |
| Serial Number:03439cffb072ac0cf6e9e08c4cf8b12fca6a | |
| Signature Algorithm:sha256WithRSAEncryption | |
| Public Key Algorithm:rsaEncryption | |
| X509v3 Key Usage:Digital Signature, Key Encipherment | |
| X509v3 Extended Key Usage:TLS Web Server Authentication, TLS Web Client Authentication |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| CXX=g++ CC=gcc cmake -H. -Bbuild -GNinja -DCMAKE_BUILD_TYPE=release -DBUILD_SHARED_LIBS=1 && cmake --build build | |
| mkdir -p lib | |
| cp ./build/crypto/libcrypto.so ./lib/ | |
| cp ./build/ssl/libssl.so ./lib/ | |
| cmake --build build --target clean | |
| rm -f build/CMakeCache.txt | |
| CXX="g++" CC="gcc" cmake -H. -Bbuild -GNinja -DCMAKE_POSITION_INDEPENDENT_CODE=on && cmake --build build |