From d83b528a809afd3e87b002b69afca4e48fc0c7fc Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Tue, 10 Sep 2024 10:20:47 +0200 Subject: [PATCH] tidy-up: spelling C89, Schannel, Secure Transport, contractions. Cherry-picked from #14692 Closes #14996 --- .github/workflows/macos.yml | 24 ++++++++++++------------ docs/TODO | 2 +- docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md | 2 +- lib/curl_setup.h | 4 ++-- lib/curl_sha512_256.c | 2 +- lib/url.c | 6 +++--- lib/vtls/sectransp.c | 9 ++++----- lib/vtls/vtls_int.h | 2 +- m4/curl-override.m4 | 2 +- src/tool_operate.c | 2 +- tests/data/test2033 | 2 +- tests/data/test2070 | 2 +- tests/data/test2079 | 2 +- tests/data/test2087 | 2 +- tests/data/test3023 | 2 +- tests/data/test3024 | 2 +- tests/http/test_17_ssl_use.py | 2 +- 17 files changed, 34 insertions(+), 35 deletions(-) diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index f1a96aeaa5..96ac6704a4 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -39,11 +39,11 @@ permissions: {} # deprecation warnings with llvm/clang: # # - 10.7 Lion (2011) - GSS -# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl SecureTransport code) +# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl Secure Transport code) # - 10.9 Maverick (2013) - LDAP -# - 10.14 Mojave (2018) - SecureTransport +# - 10.14 Mojave (2018) - Secure Transport # -# For SecureTransport, curl implements features that require a target +# For Secure Transport, curl implements features that require a target # newer than the 10.8 required by `CFURLCreateDataAndPropertiesFromResource`. # In this case `-Wno-deprecated-declarations` still comes handy to pacify # deprecation warnings, though the real solution would be to avoid calling @@ -238,14 +238,14 @@ jobs: TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059 - TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2 + TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, Secure Transport + nghttp2 else - TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2 + TFLAGS+=' ~2402 ~2404' # non-Secure Transport + nghttp2 fi fi if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then - TFLAGS+=' ~313' # SecureTransport does not support crl file - TFLAGS+=' ~1631 ~1632' # SecureTransport is not able to shutdown ftp over https gracefully yet + TFLAGS+=' ~313' # Secure Transport does not support crl file + TFLAGS+=' ~1631 ~1632' # Secure Transport is not able to shutdown ftp over https gracefully yet fi source $HOME/venv/bin/activate rm -f $HOME/.curlrc @@ -389,14 +389,14 @@ jobs: TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059 - TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2 + TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, Secure Transport + nghttp2 else - TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2 + TFLAGS+=' ~2402 ~2404' # non-Secure Transport + nghttp2 fi fi if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then - TFLAGS+=' ~313' # SecureTransport does not support crl file - TFLAGS+=' ~1631 ~1632' # SecureTransport is not able to shutdown ftp over https gracefully yet + TFLAGS+=' ~313' # Secure Transport does not support crl file + TFLAGS+=' ~1631 ~1632' # Secure Transport is not able to shutdown ftp over https gracefully yet fi fi source $HOME/venv/bin/activate @@ -407,7 +407,7 @@ jobs: if: ${{ contains(matrix.name, '+examples') }} run: make -C bld VERBOSE=1 - combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, SecureTransport/not, built tool, combinations + combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, Secure Transport/not, built tool, combinations if: true # Set to `true` to enable this test matrix. It runs quickly. name: "${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }} ${{ matrix.image }} ${{ matrix.xcode }} ${{ matrix.config }}" runs-on: ${{ matrix.image }} diff --git a/docs/TODO b/docs/TODO index 92b76c410c..92c4cceb11 100644 --- a/docs/TODO +++ b/docs/TODO @@ -945,7 +945,7 @@ 15.4 Add option to allow abrupt server closure - libcurl w/schannel errors without a known termination point from the server + libcurl with Schannel errors without a known termination point from the server (such as length of transfer, or SSL "close notify" alert) to prevent against a truncation attack. Really old servers may neglect to send any termination point. An option could be added to ignore such abrupt closures. diff --git a/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md b/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md index 2255854433..190d28f973 100644 --- a/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md +++ b/docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md @@ -35,7 +35,7 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ALTSVC_CTRL, long bitmask); Populate the long *bitmask* with the correct set of features to instruct libcurl how to handle Alt-Svc for the transfers using this handle. -libcurl only accepts Alt-Svc headers over a secure transport, meaning +libcurl only accepts Alt-Svc headers over a Secure Transport, meaning HTTPS. It also only completes a request to an alternative origin if that origin is properly hosted over HTTPS. These requirements are there to make sure both the source and the destination are legitimate. diff --git a/lib/curl_setup.h b/lib/curl_setup.h index 6a74340233..c9771d7544 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -45,8 +45,8 @@ /* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0) that started advertising the `availability` attribute, which then gets used - by Apple SDK, but, in a way incompatible with gcc, resulting in a misc - errors inside SDK headers, e.g.: + by Apple SDK, but, in a way incompatible with gcc, resulting in misc errors + inside SDK headers, e.g.: error: attributes should be specified before the declarator in a function definition error: expected ',' or '}' before diff --git a/lib/curl_sha512_256.c b/lib/curl_sha512_256.c index 576eda244b..80fd8cf129 100644 --- a/lib/curl_sha512_256.c +++ b/lib/curl_sha512_256.c @@ -34,7 +34,7 @@ * * GnuTLS * * wolfSSL * * Schannel SSPI - * * SecureTransport (Darwin) + * * Secure Transport (Darwin) * * mbedTLS * * BearSSL * * Rustls diff --git a/lib/url.c b/lib/url.c index 01b6fb5bc5..cac8d71edb 100644 --- a/lib/url.c +++ b/lib/url.c @@ -426,9 +426,9 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) /* Set the default CA cert bundle/path detected/specified at build time. * - * If Schannel or SecureTransport is the selected SSL backend then these - * locations are ignored. We allow setting CA location for schannel and - * securetransport when explicitly specified by the user via + * If Schannel or Secure Transport is the selected SSL backend then these + * locations are ignored. We allow setting CA location for Schannel and + * Secure Transport when explicitly specified by the user via * CURLOPT_CAINFO / --cacert. */ if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL && diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c index 0038cdf5cf..27e2aea0ab 100644 --- a/lib/vtls/sectransp.c +++ b/lib/vtls/sectransp.c @@ -24,7 +24,7 @@ ***************************************************************************/ /* - * Source file for all iOS and macOS SecureTransport-specific code for the + * Source file for all iOS and macOS Secure Transport-specific code for the * TLS/SSL layer. No code but vtls.c should ever call or use these functions. */ @@ -197,7 +197,7 @@ static const uint16_t default_ciphers[] = { TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */ - /* TLSv1.3 is not supported by sectransp, but there is also other + /* TLSv1.3 is not supported by Secure Transport, but there is also other * code referencing TLSv1.3, like: kTLSProtocol13 ? */ TLS_AES_128_GCM_SHA256, /* 0x1301 */ TLS_AES_256_GCM_SHA384, /* 0x1302 */ @@ -1227,8 +1227,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf, Mountain Lion. So we need to call SSLSetEnableCertVerify() on those older cats in order to disable certificate validation if the user turned that off. - (SecureTransport will always validate the certificate chain by - default.) + (Secure Transport always validates the certificate chain by default.) Note: Darwin 11.x.x is Lion (10.7) Darwin 12.x.x is Mountain Lion (10.8) @@ -2463,7 +2462,7 @@ static CURLcode sectransp_shutdown(struct Curl_cfilter *cf, } else { /* We would like to read the close notify from the server using - * secure transport, however SSLRead() no longer works after we + * Secure Transport, however SSLRead() no longer works after we * sent the notify from our side. So, we just read from the * underlying filter and hope it will end. */ nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result); diff --git a/lib/vtls/vtls_int.h b/lib/vtls/vtls_int.h index 836bfad708..ce5e7cf396 100644 --- a/lib/vtls/vtls_int.h +++ b/lib/vtls/vtls_int.h @@ -220,7 +220,7 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf, #include "gtls.h" /* GnuTLS versions */ #include "wolfssl.h" /* wolfSSL versions */ #include "schannel.h" /* Schannel SSPI version */ -#include "sectransp.h" /* SecureTransport (Darwin) version */ +#include "sectransp.h" /* Secure Transport (Darwin) version */ #include "mbedtls.h" /* mbedTLS versions */ #include "bearssl.h" /* BearSSL versions */ #include "rustls.h" /* Rustls versions */ diff --git a/m4/curl-override.m4 b/m4/curl-override.m4 index bc3f669c3a..a640169c6e 100644 --- a/m4/curl-override.m4 +++ b/m4/curl-override.m4 @@ -44,7 +44,7 @@ dnl ------------------------------------------------- dnl This is done to prevent compiler warning dnl 'function declaration isn't a prototype' dnl in function main. This requires at least -dnl a c89 compiler and does not support K&R. +dnl a C89 compiler and does not support K&R. m4_define([AC_LANG_PROGRAM(C)], [$1 diff --git a/src/tool_operate.c b/src/tool_operate.c index 275f2584b8..289ce588df 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -3041,7 +3041,7 @@ static CURLcode transfer_per_config(struct GlobalConfig *global, * default filename curl-ca-bundle.crt in the user's PATH. * * If Schannel is the selected SSL backend then these locations are - * ignored. We allow setting CA location for schannel only when explicitly + * ignored. We allow setting CA location for Schannel only when explicitly * specified by the user via CURLOPT_CAINFO / --cacert. */ if(tls_backend_info->backend != CURLSSLBACKEND_SCHANNEL) { diff --git a/tests/data/test2033 b/tests/data/test2033 index 2a9f90091f..c23d8d0c3b 100644 --- a/tests/data/test2033 +++ b/tests/data/test2033 @@ -35,7 +35,7 @@ https Server-localhost-sv.pem simple HTTPS GET with DER public key pinning (Schannel variant) -# This test is pointless if we're not using the schannel backend +# This test is pointless if we are not using the Schannel backend CURL_SSL_BACKEND=schannel diff --git a/tests/data/test2070 b/tests/data/test2070 index 38b6ca89d0..678f3f210f 100644 --- a/tests/data/test2070 +++ b/tests/data/test2070 @@ -34,7 +34,7 @@ https Server-localhost-sv.pem Ignore certificate revocation "best effort" strategy -# This test is pointless if we're not using the schannel backend +# This test is pointless if we are not using the Schannel backend CURL_SSL_BACKEND=schannel diff --git a/tests/data/test2079 b/tests/data/test2079 index 0164d1b3b3..da531902a1 100644 --- a/tests/data/test2079 +++ b/tests/data/test2079 @@ -35,7 +35,7 @@ https Server-localhost-sv.pem simple HTTPS GET with PEM public key pinning (Schannel variant) -# This test is pointless if we're not using the schannel backend +# This test is pointless if we are not using the Schannel backend CURL_SSL_BACKEND=schannel diff --git a/tests/data/test2087 b/tests/data/test2087 index 13efe48b65..61de80a5e6 100644 --- a/tests/data/test2087 +++ b/tests/data/test2087 @@ -35,7 +35,7 @@ https Server-localhost-sv.pem simple HTTPS GET with base64-sha256 public key pinning (Schannel variant) -# This test is pointless if we're not using the schannel backend +# This test is pointless if we are not using the Schannel backend CURL_SSL_BACKEND=schannel diff --git a/tests/data/test3023 b/tests/data/test3023 index fe43c199f6..258f34eb0f 100644 --- a/tests/data/test3023 +++ b/tests/data/test3023 @@ -34,7 +34,7 @@ https Server-localhost-firstSAN-sv.pem HTTPS GET to localhost, first subject alt name matches, CN does not match (Schannel variant) -# This test is pointless if we're not using the schannel backend +# This test is pointless if we are not using the Schannel backend CURL_SSL_BACKEND=schannel diff --git a/tests/data/test3024 b/tests/data/test3024 index 55b26788e9..57c1273484 100644 --- a/tests/data/test3024 +++ b/tests/data/test3024 @@ -34,7 +34,7 @@ https Server-localhost-lastSAN-sv.pem HTTPS GET to localhost, last subject alt name matches, CN does not match (Schannel variant) -# This test is pointless if we're not using the schannel backend +# This test is pointless if we are not using the Schannel backend CURL_SSL_BACKEND=schannel diff --git a/tests/http/test_17_ssl_use.py b/tests/http/test_17_ssl_use.py index c7dc2ad5f7..4228a3147a 100644 --- a/tests/http/test_17_ssl_use.py +++ b/tests/http/test_17_ssl_use.py @@ -231,7 +231,7 @@ class TestSSLUse: tls_proto = 'TLSv1.2' elif env.curl_uses_lib('sectransp'): # not in CI, so untested if tls_proto == 'TLSv1.3': - pytest.skip('SecureTransport does not support TLSv1.3') + pytest.skip('Secure Transport does not support TLSv1.3') tls_proto = 'TLSv1.2' # test extra_args = ['--tls13-ciphers', ':'.join(ciphers13)] if ciphers13 else []