luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tidy-up: spelling

Browse Source 
C89, Schannel, Secure Transport, contractions.

Cherry-picked from #14692
Closes #14996
This commit is contained in:
Viktor Szakats 2024-09-10 10:20:47 +02:00
parent 1064dfa86a
commit d83b528a80
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
17 changed files with 34 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/macos.yml vendored
View File

@ -39,11 +39,11 @@ permissions: {}
# deprecation warnings with llvm/clang: # deprecation warnings with llvm/clang:
# #
# - 10.7 Lion (2011) - GSS # - 10.7 Lion (2011) - GSS
# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl SecureTransport code) # - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl Secure Transport code)
# - 10.9 Maverick (2013) - LDAP # - 10.9 Maverick (2013) - LDAP
# - 10.14 Mojave (2018) - SecureTransport # - 10.14 Mojave (2018) - Secure Transport
# #
# For SecureTransport, curl implements features that require a target # For Secure Transport, curl implements features that require a target
# newer than the 10.8 required by `CFURLCreateDataAndPropertiesFromResource`. # newer than the 10.8 required by `CFURLCreateDataAndPropertiesFromResource`.
# In this case `-Wno-deprecated-declarations` still comes handy to pacify # In this case `-Wno-deprecated-declarations` still comes handy to pacify
# deprecation warnings, though the real solution would be to avoid calling # deprecation warnings, though the real solution would be to avoid calling
@ -238,14 +238,14 @@ jobs:
TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length
if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then
TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059 TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059
TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2 TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, Secure Transport + nghttp2
else else
TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2 TFLAGS+=' ~2402 ~2404' # non-Secure Transport + nghttp2
fi fi
fi fi
if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then
TFLAGS+=' ~313' # SecureTransport does not support crl file TFLAGS+=' ~313' # Secure Transport does not support crl file
TFLAGS+=' ~1631 ~1632' # SecureTransport is not able to shutdown ftp over https gracefully yet TFLAGS+=' ~1631 ~1632' # Secure Transport is not able to shutdown ftp over https gracefully yet
fi fi
source $HOME/venv/bin/activate source $HOME/venv/bin/activate
rm -f $HOME/.curlrc rm -f $HOME/.curlrc
@ -389,14 +389,14 @@ jobs:
TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length
if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then
TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059 TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059
TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2 TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, Secure Transport + nghttp2
else else
TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2 TFLAGS+=' ~2402 ~2404' # non-Secure Transport + nghttp2
fi fi
fi fi
if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then
TFLAGS+=' ~313' # SecureTransport does not support crl file TFLAGS+=' ~313' # Secure Transport does not support crl file
TFLAGS+=' ~1631 ~1632' # SecureTransport is not able to shutdown ftp over https gracefully yet TFLAGS+=' ~1631 ~1632' # Secure Transport is not able to shutdown ftp over https gracefully yet
fi fi
fi fi
source $HOME/venv/bin/activate source $HOME/venv/bin/activate
@ -407,7 +407,7 @@ jobs:
if: ${{ contains(matrix.name, '+examples') }} if: ${{ contains(matrix.name, '+examples') }}
run: make -C bld VERBOSE=1 run: make -C bld VERBOSE=1
combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, SecureTransport/not, built tool, combinations combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, Secure Transport/not, built tool, combinations
if: true # Set to `true` to enable this test matrix. It runs quickly. if: true # Set to `true` to enable this test matrix. It runs quickly.
name: "${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }} ${{ matrix.image }} ${{ matrix.xcode }} ${{ matrix.config }}" name: "${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }} ${{ matrix.image }} ${{ matrix.xcode }} ${{ matrix.config }}"
runs-on: ${{ matrix.image }} runs-on: ${{ matrix.image }}

2
docs/TODO
View File

@ -945,7 +945,7 @@
15.4 Add option to allow abrupt server closure 15.4 Add option to allow abrupt server closure
libcurl w/schannel errors without a known termination point from the server libcurl with Schannel errors without a known termination point from the server
(such as length of transfer, or SSL "close notify" alert) to prevent against (such as length of transfer, or SSL "close notify" alert) to prevent against
a truncation attack. Really old servers may neglect to send any termination a truncation attack. Really old servers may neglect to send any termination
point. An option could be added to ignore such abrupt closures. point. An option could be added to ignore such abrupt closures.

2
docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md
View File

@ -35,7 +35,7 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ALTSVC_CTRL, long bitmask);
Populate the long *bitmask* with the correct set of features to instruct Populate the long *bitmask* with the correct set of features to instruct
libcurl how to handle Alt-Svc for the transfers using this handle. libcurl how to handle Alt-Svc for the transfers using this handle.
libcurl only accepts Alt-Svc headers over a secure transport, meaning libcurl only accepts Alt-Svc headers over a Secure Transport, meaning
HTTPS. It also only completes a request to an alternative origin if that HTTPS. It also only completes a request to an alternative origin if that
origin is properly hosted over HTTPS. These requirements are there to make origin is properly hosted over HTTPS. These requirements are there to make
sure both the source and the destination are legitimate. sure both the source and the destination are legitimate.

4
lib/curl_setup.h
View File

@ -45,8 +45,8 @@
/* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0) /* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0)
that started advertising the `availability` attribute, which then gets used that started advertising the `availability` attribute, which then gets used
by Apple SDK, but, in a way incompatible with gcc, resulting in a misc by Apple SDK, but, in a way incompatible with gcc, resulting in misc errors
errors inside SDK headers, e.g.: inside SDK headers, e.g.:
error: attributes should be specified before the declarator in a function error: attributes should be specified before the declarator in a function
definition definition
error: expected ',' or '}' before error: expected ',' or '}' before

2
lib/curl_sha512_256.c
View File

@ -34,7 +34,7 @@
* * GnuTLS * * GnuTLS
* * wolfSSL * * wolfSSL
* * Schannel SSPI * * Schannel SSPI
* * SecureTransport (Darwin) * * Secure Transport (Darwin)
* * mbedTLS * * mbedTLS
* * BearSSL * * BearSSL
* * Rustls * * Rustls

6
lib/url.c
View File

@ -426,9 +426,9 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
/* Set the default CA cert bundle/path detected/specified at build time. /* Set the default CA cert bundle/path detected/specified at build time.
* *
* If Schannel or SecureTransport is the selected SSL backend then these * If Schannel or Secure Transport is the selected SSL backend then these
* locations are ignored. We allow setting CA location for schannel and * locations are ignored. We allow setting CA location for Schannel and
* securetransport when explicitly specified by the user via * Secure Transport when explicitly specified by the user via
* CURLOPT_CAINFO / --cacert. * CURLOPT_CAINFO / --cacert.
*/ */
if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL && if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL &&

9
lib/vtls/sectransp.c
View File

@ -24,7 +24,7 @@
***************************************************************************/ ***************************************************************************/
/* /*
* Source file for all iOS and macOS SecureTransport-specific code for the * Source file for all iOS and macOS Secure Transport-specific code for the
* TLS/SSL layer. No code but vtls.c should ever call or use these functions. * TLS/SSL layer. No code but vtls.c should ever call or use these functions.
*/ */
@ -197,7 +197,7 @@ static const uint16_t default_ciphers[] = {
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */
/* TLSv1.3 is not supported by sectransp, but there is also other /* TLSv1.3 is not supported by Secure Transport, but there is also other
* code referencing TLSv1.3, like: kTLSProtocol13 ? */ * code referencing TLSv1.3, like: kTLSProtocol13 ? */
TLS_AES_128_GCM_SHA256, /* 0x1301 */ TLS_AES_128_GCM_SHA256, /* 0x1301 */
TLS_AES_256_GCM_SHA384, /* 0x1302 */ TLS_AES_256_GCM_SHA384, /* 0x1302 */
@ -1227,8 +1227,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
Mountain Lion. Mountain Lion.
So we need to call SSLSetEnableCertVerify() on those older cats in order So we need to call SSLSetEnableCertVerify() on those older cats in order
to disable certificate validation if the user turned that off. to disable certificate validation if the user turned that off.
(SecureTransport will always validate the certificate chain by (Secure Transport always validates the certificate chain by default.)
default.)
Note: Note:
Darwin 11.x.x is Lion (10.7) Darwin 11.x.x is Lion (10.7)
Darwin 12.x.x is Mountain Lion (10.8) Darwin 12.x.x is Mountain Lion (10.8)
@ -2463,7 +2462,7 @@ static CURLcode sectransp_shutdown(struct Curl_cfilter *cf,
} }
else { else {
/* We would like to read the close notify from the server using /* We would like to read the close notify from the server using
* secure transport, however SSLRead() no longer works after we * Secure Transport, however SSLRead() no longer works after we
* sent the notify from our side. So, we just read from the * sent the notify from our side. So, we just read from the
* underlying filter and hope it will end. */ * underlying filter and hope it will end. */
nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result); nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result);

2
lib/vtls/vtls_int.h
View File

@ -220,7 +220,7 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf,
#include "gtls.h" /* GnuTLS versions */ #include "gtls.h" /* GnuTLS versions */
#include "wolfssl.h" /* wolfSSL versions */ #include "wolfssl.h" /* wolfSSL versions */
#include "schannel.h" /* Schannel SSPI version */ #include "schannel.h" /* Schannel SSPI version */
#include "sectransp.h" /* SecureTransport (Darwin) version */ #include "sectransp.h" /* Secure Transport (Darwin) version */
#include "mbedtls.h" /* mbedTLS versions */ #include "mbedtls.h" /* mbedTLS versions */
#include "bearssl.h" /* BearSSL versions */ #include "bearssl.h" /* BearSSL versions */
#include "rustls.h" /* Rustls versions */ #include "rustls.h" /* Rustls versions */

2
m4/curl-override.m4
View File

@ -44,7 +44,7 @@ dnl -------------------------------------------------
dnl This is done to prevent compiler warning dnl This is done to prevent compiler warning
dnl 'function declaration isn't a prototype' dnl 'function declaration isn't a prototype'
dnl in function main. This requires at least dnl in function main. This requires at least
dnl a c89 compiler and does not support K&R. dnl a C89 compiler and does not support K&R.
m4_define([AC_LANG_PROGRAM(C)], m4_define([AC_LANG_PROGRAM(C)],
[$1 [$1

2
src/tool_operate.c
View File

@ -3041,7 +3041,7 @@ static CURLcode transfer_per_config(struct GlobalConfig *global,
* default filename curl-ca-bundle.crt in the user's PATH. * default filename curl-ca-bundle.crt in the user's PATH.
* *
* If Schannel is the selected SSL backend then these locations are * If Schannel is the selected SSL backend then these locations are
* ignored. We allow setting CA location for schannel only when explicitly * ignored. We allow setting CA location for Schannel only when explicitly
* specified by the user via CURLOPT_CAINFO / --cacert. * specified by the user via CURLOPT_CAINFO / --cacert.
*/ */
if(tls_backend_info->backend != CURLSSLBACKEND_SCHANNEL) { if(tls_backend_info->backend != CURLSSLBACKEND_SCHANNEL) {

2
tests/data/test2033
View File

@ -35,7 +35,7 @@ https Server-localhost-sv.pem
simple HTTPS GET with DER public key pinning (Schannel variant) simple HTTPS GET with DER public key pinning (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test2070
View File

@ -34,7 +34,7 @@ https Server-localhost-sv.pem
Ignore certificate revocation "best effort" strategy Ignore certificate revocation "best effort" strategy
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test2079
View File

@ -35,7 +35,7 @@ https Server-localhost-sv.pem
simple HTTPS GET with PEM public key pinning (Schannel variant) simple HTTPS GET with PEM public key pinning (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test2087
View File

@ -35,7 +35,7 @@ https Server-localhost-sv.pem
simple HTTPS GET with base64-sha256 public key pinning (Schannel variant) simple HTTPS GET with base64-sha256 public key pinning (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test3023
View File

@ -34,7 +34,7 @@ https Server-localhost-firstSAN-sv.pem
HTTPS GET to localhost, first subject alt name matches, CN does not match (Schannel variant) HTTPS GET to localhost, first subject alt name matches, CN does not match (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/data/test3024
View File

@ -34,7 +34,7 @@ https Server-localhost-lastSAN-sv.pem
HTTPS GET to localhost, last subject alt name matches, CN does not match (Schannel variant) HTTPS GET to localhost, last subject alt name matches, CN does not match (Schannel variant)
</name> </name>
<setenv> <setenv>
# This test is pointless if we're not using the schannel backend # This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel CURL_SSL_BACKEND=schannel
</setenv> </setenv>
<command> <command>

2
tests/http/test_17_ssl_use.py
View File

@ -231,7 +231,7 @@ class TestSSLUse:
tls_proto = 'TLSv1.2' tls_proto = 'TLSv1.2'
elif env.curl_uses_lib('sectransp'): # not in CI, so untested elif env.curl_uses_lib('sectransp'): # not in CI, so untested
if tls_proto == 'TLSv1.3': if tls_proto == 'TLSv1.3':
pytest.skip('SecureTransport does not support TLSv1.3') pytest.skip('Secure Transport does not support TLSv1.3')
tls_proto = 'TLSv1.2' tls_proto = 'TLSv1.2'
# test # test
extra_args = ['--tls13-ciphers', ':'.join(ciphers13)] if ciphers13 else [] extra_args = ['--tls13-ciphers', ':'.join(ciphers13)] if ciphers13 else []