Hello Jan,
> x64 builds with OpenSSL just use the Windows certificate store. That
> applies even to cross-compiled x64 builds. Try it yourself
> https://phpdev.toolsforresearch.com/curl-mingw32-7.61.1.zip
I tried, but it failed for me on w2k8r2. I tried both the 32bit and x64:
>
Hello Han,
> Hmm on second thought, this is a problem with mingw using an outdated
> version of win32api. They should have added this enum a long time ago
> since it’s available in VS2012.
I agree. I file a bug with mingw. But in the mean time I think we should
go with Daniels Patch until we use
tested the patch with my application and it works for me.
Cheers,
Thomas
>From 33344920f85259efc4e9606047df9655c080cb5d Mon Sep 17 00:00:00 2001
From: Thomas Glanzmann
Date: Thu, 6 Sep 2018 21:37:15 +0200
Subject: [PATCH] schannel: Fix build regression introduced in 5a3efb1db for
mingw
Hello Daniel,
> > If you like to run me some more experiements, I can do that. I just
> > compile curl with a higher SO_SNDBUF / SO_RCVBUF, fire up a ec2 AWS
> > instance with windows server 2016 somewhere in the world with a big pipe
> > and high latency and download something from my well
Hello Daniel,
I fired up a Windows 2016 instance in Canada using AWS. First thing I
got was an error message MSVCR100.dll is missing. So I installed the
visual c++ runtime. And tried again.
Microsoft Windows [Version 10.0.14393]
generating test file...
running vanilla...
start:0.469000
Hello,
I recently had a customer complaining that the download speed from
Canada to Paris is bad. He got 150 Mbit/s and had a 1 Gbit line with a
single connection. Both systems were Windows Server 2016. Proprietary
Application. This was for 80ms latency link. After some testing I found out
that
Hello Ray,
thank you for your build instructions. In the ouptut there was clearly
something really wrong because I ran gcc to link the mingw target which
can't work. But now it works and I had to add on more library:
-lcrypt32. I'm building against openssl 1.1.0 pre 6. Below, find my
build
Hello,
I try to compile libcurl using mingw32 and a static linked openssl. It
worked in the past, however at the moment I'm unable to do so. The
reason seems to be:
...
configure:21627: result: no
configure:21655: PKG_CONFIG_LIBDIR will be set to
Hello Marton,
> Sorry for spamming, but I compiled some builds of curl in order to find the
> build in which the bug was introduced and I think I found it: 7.39.0 works
> but 7.40.0 does not. I hope this helps.
could you run a git bisect on this to find the offending commit?
Hello Marton,
> But it doesn't work on MacOS Sierra with libcurl 7.51.0:
can you upgrade to the newest version (7.53.1)? There was a bug which
has been fixed last April regarding closing a connection with NTLM
authentication. Maybe this solves your problem.
Cheers,
Thomas
Hello Ray,
> Landed in https://github.com/curl/curl/commit/e08c0cd
thanks a lot.
> Unrelated to this issue but regarding mbedTLS, support for
> CURLOPT_SSL_CTX_FUNCTION is coming soon. You may want to check out the
> PR at https://github.com/curl/curl/pull/1272 should you have any feedback.
I
I need the following patch to compile curl git HEAD against mbedtls.
Otherwise I get the following compiler error message:
CC vtls/libcurl_la-mbedtls.lo
vtls/mbedtls.c: In function 'mbedtls_version_from_curl':
vtls/mbedtls.c:162:10: error: 'ssl_version' undeclared (first use in this
Hello Greg,
> I've spent a few hours trying to run libcurl in codeblocks (GNU GCC
> mingw-32 Compiler),
I'm building on Debian Linux for Windows. However maybe my instructions
help you:
apt-get install git make gcc libx11-dev mingw-w64 libtool
git clone https://github.com/curl/curl
cd curl
Hello Samuel,
> I've recently been undertaking some TLS performance investigation, and
> as part of this I've been trying to understand how features like Session
> ID reuse improve the set-up time of new TLS connections. I'm using the
> libcurl multi interface in an existing application, and I'm
Hello,
> SSL and multithread crash on windows, how to use mutex on windows?
Best way is you post a striped down example which crashes.
For me the following works, without a problem.
Once:
curl_global_init(CURL_GLOBAL_DEFAULT);
For each thread:
_beginthread(...);
share
WARNING: I compiled and tested this code only for openssl and mbedtls
---
docs/libcurl/opts/CURLOPT_PROXY_PINNEDPUBLICKEY.3 | 99 +++
docs/libcurl/symbols-in-versions | 1 +
include/curl/curl.h | 4 +
lib/url.c
---
docs/libcurl/opts/CURLOPT_PROXYPORT.3 | 3 ++-
lib/url.c | 8 +++-
lib/url.h | 1 +
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/docs/libcurl/opts/CURLOPT_PROXYPORT.3
b/docs/libcurl/opts/CURLOPT_PROXYPORT.3
index
Hello,
> > In issue #1127 they do state: "Supported backends: OpenSSL, GnuTLS, and
> > NSS". I suppose that might mean that those are the only backends that
> > support HTTPS over HTTPS. Maybe they could help clarify that?
> I see. I tried with openssl.
I sent the email to fast. Now I tried
Hello Daniel,
> Right. Focus should first be to make sure everything *existing*
> remains functional but then we should just start working on fixing the
> bugs in the HTTPS proxy functionality. Having the code in the master
> branch will make it easier to do that I think.
I tested it during the
Hello,
> (infra) [~/work/vlconnect] local/linux/bin/curl --proxy-cacert
> /etc/ssl/certs/ca-certificates.crt --cacert
> /etc/ssl/certs/ca-certificates.crt --proxy
> https://tg:passw...@proxy.glanzmann.de:443/ https://google.com
> curl: (4) A requested feature, protocol or option was not found
Hello Daniel,
> Their work and some additional fixes exist in the HTTPS-proxy branch right
> now. I intend to merge that into master within days.
please do.
> If anyone objects or wants to do/check something before that happens,
> now is a great time!
I found the following bugs, we should fix:
Hello,
the attached patch fixed the compile errors for me. No testing done yet.
Cheers,
Thomas
>From acd43bf652ae05e40af1798bc455ed0d7cd6c5f4 Mon Sep 17 00:00:00 2001
From: Thomas Glanzmann <tho...@glanzmann.de>
Date: Thu, 17 Nov 2016 13:17:26 +0100
Subject: [PATCH] mbedtls: h
Hello,
I would like to see this getting merged. I tried to compile it with
mbedtls as a backend, but failed. I'll investigate further this evening:
CC vtls/libcurl_la-cyassl.lo
vtls/mbedtls.c: In function 'mbed_connect_step1':
vtls/mbedtls.c:172:19: error: 'struct ssl_config_data' has no
Hello Daniel,
> Do the HTML and PDF versions of our man pages that we ship in every
> tarball provide any value to you?
I read the manual online or using man, but I'm also building curl from
git. From my point of view they can be removed.
Cheers,
Thomas
sets
the debug level to verbose and also explains in a comment in the source
code what needs to be done to enable it bot in mbedtls and curl.
Cheers,
Thomas
>From d4596e8684ab1a800dcd61725ed97d632fc6b9c9 Mon Sep 17 00:00:00 2001
From: Thomas Glanzmann <tho...@glanzmann.de>
Date:
Hello Ray,
> Thanks, landed in aa9f536 [1].
thank you for comitting that so fast.
> Regarding your other e-mail about why you aren't receiving debugging
> info even with the fix maybe you built mbedTLS without
> MBEDTLS_DEBUG_C?
I had that _not_ enabled. Now that I have, I have still no
Hello,
I already applied the patch that makes it possible to build with
MBEDTLS_DEBUG defined. But I don't get what I need to do to get the
extended debugging. I tried:
#include
void gethaxx(void)
{
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_CAINFO,
This patch is necessary so that curl compiles if MBEDTLS_DEBUG is
defined.
---
lib/vtls/mbedtls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index f30f2ce..18c2d4f 100644
--- a/lib/vtls/mbedtls.c
+++ b/lib/vtls/mbedtls.c
@@ -420,7
Hello Dan,
* Dan Fandrich [2016-07-02 21:30]:
> > /home/sithglan/work/vlconnect/curl/../local/win32/include/mbedtls/ssl.h:545:5:
> > error: unknown type name 'mbedtls_time_t'
> This looks like an mbedtls problem. A client #including an mbedtls
> include file
Hello,
when I compile libcurl with mbedtls-2.3.0 I hit the following libcurl
compile regression:
In file included from ../lib/urldata.h:98:0,
from vtls/darwinssl.c:31:
/home/sithglan/work/vlconnect/curl/../local/win32/include/mbedtls/ssl.h:545:5:
error: unknown type name
Hello Ray,
> Works here with mbedTLS. Maybe you forgot CURLOPT_SHARE?
yes, I forgot to use CURLOPT_SHARE. Now it works. Thank you for the
follow up, the example code, and explanation.
> And to answer your question from the first e-mail: yes you can reuse easy
> handles, see curl_easy_reset [2]
Hello,
* Thomas Glanzmann <tho...@glanzmann.de> [2016-04-29 09:45]:
> now that Ray has fixed session reuse, I wonder if it is possible to
> reuse SSL session across curl handles? If I use the same curl handle it
> works, but if I try to use curl_easy_duphandle[1] it does _not_ wor
Hello,
now that Ray has fixed session reuse, I wonder if it is possible to
reuse SSL session across curl handles? If I use the same curl handle it
works, but if I try to use curl_easy_duphandle[1] it does _not_ work.
Any tricks to reuse session with multiple curl handles? If it is not
possible,
Hello Ray,
> Fixed in https://github.com/curl/curl/commit/9f498de
I just tried it, and it works for me. Thank you for fixining this.
Cheers,
Thomas
---
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:
Hello Christian,
* Christian Hägele [2016-04-27 09:56]:
> That's nice to hear. Maybe that bumps the priority to merge that
> pull-request. A comment from you might help there. We have this patch
> (and some others) in production for quite some time and would
Hello Christian,
* Christian Hägele [2016-04-26 13:32]:
> I did not look at your specific problem with NTLM_SSP in detail, but I
> want to mention 4 open pull-request regarding NTLM and
> CURLOPT_CONNECT_ONLY:
Thanks a lot for the heads up. 655 fixes my issue.
Hello Daniel,
> Awesome. I'll eagerly await the results!
I was not able to bisect it because some versions did not compile and so
I had to skip them. I'm down to:
1c0f70f534d155de5e3e7013c48ebd15848c16bc
790d1a4816de8976b9cc796138455ed2daf94bb8
55db5bdff79a16200ff93e1a5d89e38acfdf0eb1
Hell,
> - Hypothesis: Test with older libcurl
I tried with 7.40 and with this version I do _not_ have the problem.
I'll now do a git bisect to identify the offending commit and report
back.
Cheers,
Thomas
---
List admin:
-ECDHE-RSA-WITH-AES-256-GCM-SHA384
* Dumping cert info:
* cert. version : 3
* serial number : 02:BE:92
* issuer name : C=IL, O=StartCom Ltd., OU=Secure Digital Certificate
Signing, CN=StartCom Class 2 Primary Intermediate Server CA
* subject name : C=DE, ST=Bayern, L=Erlangen, O=
Hello,
previously I built openssl and mbedtls using mingw32 on Debian. Does
someone have instructions how to build wolfSSL using mingw32 on Debian?
I would like to try wolfSSL and compare it from a codesize view with
mbedTLS. But I'm only building on Linux.
Cheers,
Thomas
Hello,
> Not really related to Curl or anything Daniel, but I see you're using the
> free certs from Let's Encrypt. I think that's awesome. I've always
> wanted SSL for my domain but I never had the money. Now that Let's
> Encrypt is in the beta phase and open to the public, I'm so glad to
Hello,
I would like to prepopulate the DNS cache with a IPv6 (preferred) and a
IPv4 address. When I try to do the same it works perfectly if the host
is dual stack, but not if it is IPv4 only. How was the usage for such a
scenario intended? I assumed that it would even try IPv4 if no IPv6 is
Hello Ray,
> I thought we already do this [1], I'm at a loss for why session resume
> doesn't work if in fact it doesn't. I recall it did appear to resume
> for me, probably I had a different google server than you.
does it work for you? I tried with session id and tickets and used curl
debug
Hello Daniel,
> The CURLOPT_RESOLVE feature is actually simpler than so. It stores a
> *single* address for a given host+port combo, and it will not
> overwrite an existing entry.
thank you for the explanation. I'll go with IPv4 for the time being.
> There have been work in the past to make it
Hello Ray,
* Ray Satiro [2016-01-11 09:25]:
> Also I notice if peer verification is disabled the SSLpinning result
> isn't checked. This was not caught by the tests so I'll add a test for
> that.
I noticed that, too. But I thought this was the intended behaviour
because
Hello Ray,
> - There is a comment in the code that says a peer cert is not available
> after an SSL session resume, specifically "If the session was resumed, there
> will be no peer cert". It appears that was copied from PolarSSL. I looked in
> the mbedTLS documentation to confirm but there's
Hello Ray,
related: https://tls.mbed.org/discussions/generic/resumed-tls-handshake
Cheers,
Thomas
---
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Hello Daniel,
> I use "./configure --enable-debug --enable-werror" and then gcc pointed it
> out very loudly to me =)
I see. I added --enable-werror to my default build parameters in the
build script. Last time I screwed up char vs unsigned char I ended up
building a very ugly workaround and to
Hello Daniel,
when compiling the current git HEAD with --enable-werror I get two more.
My build environment is Debian Jessie amd64. In order to reproduce this:
test -d curl || git clone https://github.com/bagder/curl.git
cd curl
git reset --hard origin/master; git clean -f
Hello Daniel,
> This landed in commit bf93a121 with just some very minor edits.
thank you. Good catch with the unsigned char. I should default to this.
Cheers,
Thomas
---
List admin:
Hello Daniel,
> I will gladly accept patches that introduce it. Have you considered
> the API/option for passing the cacert bundle to libcurl?
I have thought about this as well. I think we have two options:
- Make CURLOPT_CAINFO and/or CURLOPT_CAPATH not only accept a
path as
Hello Mindaugas,
> https://stackoverflow.com/questions/34543265/how-to-load-pem-certificate-together-with-private-key-in-libcurl-using-mbedtls
the following untested patch against libcurl should do what you want:
diff --git a/lib/vtls/mbedtls.c b/lib/vtls/mbedtls.c
index da869e2..31058ef 100644
---
docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 | 5 +--
lib/vtls/mbedtls.c | 50 +
lib/vtls/mbedtls.h | 1 +
3 files changed, 54 insertions(+), 2 deletions(-)
diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
Hello,
> At a quick glance it looks good to me, except it only supports DER/PEM
> as is, if you want to also support the new sha256// hashes you need to
> define curlssl_sha256sum in mbedtls, that *should* be fairly easy to do
> I'd hope.
I'm using this patch with sha256// on mbedtls since the
Hello Ray,
first of all good news. This morning the branch
origin/iotssl-541-pathlen-bugfix was merged. Making you error go away.
However I found at least on other cert still not working.
> I don't know why you are seeing --cacert only accepting a single
> certificate. I have searched the curl
Hello Ray,
> Does anyone have mbedTLS working in curl 7.46.0?
when I build mbedTLS on Linux and try what you did, I notice the
following:
- --cacert Only accepts a single certificate not a file
containing multiple certs.
- I patched MBEDTLS to tell me why it flagged
Hello Ray,
> > - --cacert Only accepts a single certificate not a file
> > containing multiple certs.
> I don't know why you are seeing --cacert only accepting a single
> certificate. I have searched the curl repo and I can't find that. And I
> don't believe that's correct for
ost certificate but _not_ the root certificate. As it
should.
Cheers,
Thomas
>From 6cabb75af82dbc4f6874ea1a1b3952433f83abaf Mon Sep 17 00:00:00 2001
From: Thomas Glanzmann <tho...@glanzmann.de>
Date: Sat, 21 Nov 2015 13:32:38 +0100
Subject: [PATCH] hardcode cacert of startssl
---
docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 | 5 ++--
lib/vtls/mbedtls.c | 42 +
lib/vtls/mbedtls.h | 1 +
3 files changed, 46 insertions(+), 2 deletions(-)
diff --git
59 matches
Mail list logo