Hiya,
On 15/09/2023 16:14, Daniel Stenberg wrote:
On Thu, 14 Sep 2023, Stephen Farrell wrote:I've only gotten this working on a localhost test so far but reckon I should have curl+ECH working with either OpenSSL or WolfSSL in the next week or so. Once I'm there, is it worth making a PR for curl on github to get feedbackSure, why not?!
Will do that so:-) As of now, I have both curl+OpenSSL+ECH and curl+WolfSSL+ECH working more or less the same wrt ECH, both being able to take an ECHConfig from command line or from an HTTPS RR in DNS. I still have to add more HTTPS RR parsing (e.g. to pull out ALPNs and IP address hints) and for some reason the WolfSSL version doesn't like the defo.ie public key cert (--capath doesn't seem to work the same with both?), but the ECH handling is the same, so things seem in good shape. I guess that attempting to walk the DNS tree if an aliasMode HTTPS RR is found is ok to leave for later. (So I plan to leave that for later:-) Question: what, if anything, is worth doing now to consider how applications using libcurl might make use of ECH? If the answer is "don't worry about that yet", I'm fine with that, if there's something obvious to do, happy to do that before I make a PR. Cheers, S. .
OpenPGP_0xE4D8E9F997A833DD.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
