luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tidy-up: spelling

Browse Source 
C89, Schannel, Secure Transport, contractions.

Cherry-picked from #14692
Closes #14996
This commit is contained in:
Viktor Szakats 2024-09-10 10:20:47 +02:00
parent 1064dfa86a
commit d83b528a80
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
17 changed files with 34 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/TODO
View File

@ -945,7 +945,7 @@
15.4 Add option to allow abrupt server closure 15.4 Add option to allow abrupt server closure
libcurl w/schannel errors without a known termination point from the server libcurl with Schannel errors without a known termination point from the server
(such as length of transfer, or SSL "close notify" alert) to prevent against (such as length of transfer, or SSL "close notify" alert) to prevent against
a truncation attack. Really old servers may neglect to send any termination a truncation attack. Really old servers may neglect to send any termination
point. An option could be added to ignore such abrupt closures. point. An option could be added to ignore such abrupt closures.

2
docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md
View File

@ -35,7 +35,7 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ALTSVC_CTRL, long bitmask);
Populate the long *bitmask* with the correct set of features to instruct Populate the long *bitmask* with the correct set of features to instruct
libcurl how to handle Alt-Svc for the transfers using this handle. libcurl how to handle Alt-Svc for the transfers using this handle.
libcurl only accepts Alt-Svc headers over a secure transport, meaning libcurl only accepts Alt-Svc headers over a Secure Transport, meaning
HTTPS. It also only completes a request to an alternative origin if that HTTPS. It also only completes a request to an alternative origin if that
origin is properly hosted over HTTPS. These requirements are there to make origin is properly hosted over HTTPS. These requirements are there to make
sure both the source and the destination are legitimate. sure both the source and the destination are legitimate.

4
lib/curl_setup.h
View File

@ -45,8 +45,8 @@
/* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0) /* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0)
that started advertising the `availability` attribute, which then gets used that started advertising the `availability` attribute, which then gets used
by Apple SDK, but, in a way incompatible with gcc, resulting in a misc by Apple SDK, but, in a way incompatible with gcc, resulting in misc errors
errors inside SDK headers, e.g.: inside SDK headers, e.g.:
error: attributes should be specified before the declarator in a function error: attributes should be specified before the declarator in a function
definition definition
error: expected ',' or '}' before error: expected ',' or '}' before

4
lib/url.c
View File

@ -427,8 +427,8 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
/* Set the default CA cert bundle/path detected/specified at build time. /* Set the default CA cert bundle/path detected/specified at build time.
* *
* If Schannel or Secure Transport is the selected SSL backend then these * If Schannel or Secure Transport is the selected SSL backend then these
* locations are ignored. We allow setting CA location for schannel and * locations are ignored. We allow setting CA location for Schannel and
* securetransport when explicitly specified by the user via * Secure Transport when explicitly specified by the user via
* CURLOPT_CAINFO / --cacert. * CURLOPT_CAINFO / --cacert.
*/ */
if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL && if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL &&

7
lib/vtls/sectransp.c
View File

@ -197,7 +197,7 @@ static const uint16_t default_ciphers[] = {
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */
/* TLSv1.3 is not supported by sectransp, but there is also other /* TLSv1.3 is not supported by Secure Transport, but there is also other
* code referencing TLSv1.3, like: kTLSProtocol13 ? */ * code referencing TLSv1.3, like: kTLSProtocol13 ? */
TLS_AES_128_GCM_SHA256, /* 0x1301 */ TLS_AES_128_GCM_SHA256, /* 0x1301 */
TLS_AES_256_GCM_SHA384, /* 0x1302 */ TLS_AES_256_GCM_SHA384, /* 0x1302 */
@ -1227,8 +1227,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
Mountain Lion. Mountain Lion.
So we need to call SSLSetEnableCertVerify() on those older cats in order So we need to call SSLSetEnableCertVerify() on those older cats in order
to disable certificate validation if the user turned that off. to disable certificate validation if the user turned that off.
(SecureTransport will always validate the certificate chain by (Secure Transport always validates the certificate chain by default.)
default.)
Note: Note:
Darwin 11.x.x is Lion (10.7) Darwin 11.x.x is Lion (10.7)
Darwin 12.x.x is Mountain Lion (10.8) Darwin 12.x.x is Mountain Lion (10.8)
@ -2463,7 +2462,7 @@ static CURLcode sectransp_shutdown(struct Curl_cfilter *cf,
} }
else { else {
/* We would like to read the close notify from the server using /* We would like to read the close notify from the server using
* secure transport, however SSLRead() no longer works after we * Secure Transport, however SSLRead() no longer works after we
* sent the notify from our side. So, we just read from the * sent the notify from our side. So, we just read from the
* underlying filter and hope it will end. */ * underlying filter and hope it will end. */
nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result); nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result);

2
m4/curl-override.m4
View File

@ -44,7 +44,7 @@ dnl -------------------------------------------------
dnl This is done to prevent compiler warning dnl This is done to prevent compiler warning
dnl 'function declaration isn't a prototype' dnl 'function declaration isn't a prototype'
dnl in function main. This requires at least dnl in function main. This requires at least
dnl a c89 compiler and does not support K&R. dnl a C89 compiler and does not support K&R.
m4_define([AC_LANG_PROGRAM(C)], m4_define([AC_LANG_PROGRAM(C)],
[$1 [$1

2
src/tool_operate.c
View File

@ -3041,7 +3041,7 @@ static CURLcode transfer_per_config(struct GlobalConfig *global,
* default filename curl-ca-bundle.crt in the user's PATH. * default filename curl-ca-bundle.crt in the user's PATH.
* *
* If Schannel is the selected SSL backend then these locations are * If Schannel is the selected SSL backend then these locations are
* ignored. We allow setting CA location for schannel only when explicitly * ignored. We allow setting CA location for Schannel only when explicitly
* specified by the user via CURLOPT_CAINFO / --cacert. * specified by the user via CURLOPT_CAINFO / --cacert.
*/ */
if(tls_backend_info->backend != CURLSSLBACKEND_SCHANNEL) { if(tls_backend_info->backend != CURLSSLBACKEND_SCHANNEL) {

2
tests/data/test2033
View File

@ -35,7 +35,7 @@ https Server-localhost-sv.pem
simple HTTPS GET with DER public key pinning (Schannel variant) simple HTTPS GET with DER public key pinning (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test2070
View File

@ -34,7 +34,7 @@ https Server-localhost-sv.pem
Ignore certificate revocation "best effort" strategy Ignore certificate revocation "best effort" strategy
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test2079
View File

@ -35,7 +35,7 @@ https Server-localhost-sv.pem
simple HTTPS GET with PEM public key pinning (Schannel variant) simple HTTPS GET with PEM public key pinning (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test2087
View File

@ -35,7 +35,7 @@ https Server-localhost-sv.pem
simple HTTPS GET with base64-sha256 public key pinning (Schannel variant) simple HTTPS GET with base64-sha256 public key pinning (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test3023
View File

@ -34,7 +34,7 @@ https Server-localhost-firstSAN-sv.pem
HTTPS GET to localhost, first subject alt name matches, CN does not match (Schannel variant) HTTPS GET to localhost, first subject alt name matches, CN does not match (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test3024
View File

@ -34,7 +34,7 @@ https Server-localhost-lastSAN-sv.pem
HTTPS GET to localhost, last subject alt name matches, CN does not match (Schannel variant) HTTPS GET to localhost, last subject alt name matches, CN does not match (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>