luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tidy-up: spelling

Browse Source 
C89, Schannel, Secure Transport, contractions.

Cherry-picked from #14692
Closes #14996
This commit is contained in:
Viktor Szakats 2024-09-10 10:20:47 +02:00
parent 1064dfa86a
commit d83b528a80
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
17 changed files with 34 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.github/workflows/macos.yml vendored
View File

@ -39,11 +39,11 @@ permissions: {}
# deprecation warnings with llvm/clang:
#
# - 10.7 Lion (2011) - GSS
# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl SecureTransport code)
# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl Secure Transport code)
# - 10.9 Maverick (2013) - LDAP
# - 10.14 Mojave (2018) - SecureTransport
# - 10.14 Mojave (2018) - Secure Transport
#
# For SecureTransport, curl implements features that require a target
# For Secure Transport, curl implements features that require a target
# newer than the 10.8 required by `CFURLCreateDataAndPropertiesFromResource`.
# In this case `-Wno-deprecated-declarations` still comes handy to pacify
# deprecation warnings, though the real solution would be to avoid calling
@ -238,14 +238,14 @@ jobs:
TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length
if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then
TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059
TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2
TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, Secure Transport + nghttp2
else
TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2
TFLAGS+=' ~2402 ~2404' # non-Secure Transport + nghttp2
fi
fi
if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then
TFLAGS+=' ~313' # SecureTransport does not support crl file
TFLAGS+=' ~1631 ~1632' # SecureTransport is not able to shutdown ftp over https gracefully yet
TFLAGS+=' ~313' # Secure Transport does not support crl file
TFLAGS+=' ~1631 ~1632' # Secure Transport is not able to shutdown ftp over https gracefully yet
fi
source $HOME/venv/bin/activate
rm -f $HOME/.curlrc
@ -389,14 +389,14 @@ jobs:
TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length
if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then
TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059
TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2
TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, Secure Transport + nghttp2
else
TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2
TFLAGS+=' ~2402 ~2404' # non-Secure Transport + nghttp2
fi
fi
if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then
TFLAGS+=' ~313' # SecureTransport does not support crl file
TFLAGS+=' ~1631 ~1632' # SecureTransport is not able to shutdown ftp over https gracefully yet
TFLAGS+=' ~313' # Secure Transport does not support crl file
TFLAGS+=' ~1631 ~1632' # Secure Transport is not able to shutdown ftp over https gracefully yet
fi
fi
source $HOME/venv/bin/activate
@ -407,7 +407,7 @@ jobs:
if: ${{ contains(matrix.name, '+examples') }}
run: make -C bld VERBOSE=1
combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, SecureTransport/not, built tool, combinations
combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, Secure Transport/not, built tool, combinations
if: true # Set to `true` to enable this test matrix. It runs quickly.
name: "${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }} ${{ matrix.image }} ${{ matrix.xcode }} ${{ matrix.config }}"
runs-on: ${{ matrix.image }}

2
docs/TODO
View File

@ -945,7 +945,7 @@
15.4 Add option to allow abrupt server closure
libcurl w/schannel errors without a known termination point from the server
libcurl with Schannel errors without a known termination point from the server
(such as length of transfer, or SSL "close notify" alert) to prevent against
a truncation attack. Really old servers may neglect to send any termination
point. An option could be added to ignore such abrupt closures.

2
docs/libcurl/opts/CURLOPT_ALTSVC_CTRL.md
View File

@ -35,7 +35,7 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_ALTSVC_CTRL, long bitmask);
Populate the long *bitmask* with the correct set of features to instruct
libcurl how to handle Alt-Svc for the transfers using this handle.
libcurl only accepts Alt-Svc headers over a secure transport, meaning
libcurl only accepts Alt-Svc headers over a Secure Transport, meaning
HTTPS. It also only completes a request to an alternative origin if that
origin is properly hosted over HTTPS. These requirements are there to make
sure both the source and the destination are legitimate.

4
lib/curl_setup.h
View File

@ -45,8 +45,8 @@
/* Workaround for Homebrew gcc 12.4.0, 13.3.0, 14.1.0 and newer (as of 14.1.0)
that started advertising the `availability` attribute, which then gets used
by Apple SDK, but, in a way incompatible with gcc, resulting in a misc
errors inside SDK headers, e.g.:
by Apple SDK, but, in a way incompatible with gcc, resulting in misc errors
inside SDK headers, e.g.:
error: attributes should be specified before the declarator in a function
definition
error: expected ',' or '}' before

2
lib/curl_sha512_256.c
View File

@ -34,7 +34,7 @@
* * GnuTLS
* * wolfSSL
* * Schannel SSPI
* * SecureTransport (Darwin)
* * Secure Transport (Darwin)
* * mbedTLS
* * BearSSL
* * Rustls

6
lib/url.c
View File

@ -426,9 +426,9 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data)
/* Set the default CA cert bundle/path detected/specified at build time.
*
* If Schannel or SecureTransport is the selected SSL backend then these
* locations are ignored. We allow setting CA location for schannel and
* securetransport when explicitly specified by the user via
* If Schannel or Secure Transport is the selected SSL backend then these
* locations are ignored. We allow setting CA location for Schannel and
* Secure Transport when explicitly specified by the user via
* CURLOPT_CAINFO / --cacert.
*/
if(Curl_ssl_backend() != CURLSSLBACKEND_SCHANNEL &&

9
lib/vtls/sectransp.c
View File

@ -24,7 +24,7 @@
***************************************************************************/
/*
* Source file for all iOS and macOS SecureTransport-specific code for the
* Source file for all iOS and macOS Secure Transport-specific code for the
* TLS/SSL layer. No code but vtls.c should ever call or use these functions.
*/
@ -197,7 +197,7 @@ static const uint16_t default_ciphers[] = {
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA8 */
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, /* 0xCCA9 */
/* TLSv1.3 is not supported by sectransp, but there is also other
/* TLSv1.3 is not supported by Secure Transport, but there is also other
* code referencing TLSv1.3, like: kTLSProtocol13 ? */
TLS_AES_128_GCM_SHA256, /* 0x1301 */
TLS_AES_256_GCM_SHA384, /* 0x1302 */
@ -1227,8 +1227,7 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
Mountain Lion.
So we need to call SSLSetEnableCertVerify() on those older cats in order
to disable certificate validation if the user turned that off.
(SecureTransport will always validate the certificate chain by
default.)
(Secure Transport always validates the certificate chain by default.)
Note:
Darwin 11.x.x is Lion (10.7)
Darwin 12.x.x is Mountain Lion (10.8)
@ -2463,7 +2462,7 @@ static CURLcode sectransp_shutdown(struct Curl_cfilter *cf,
}
else {
/* We would like to read the close notify from the server using
* secure transport, however SSLRead() no longer works after we
* Secure Transport, however SSLRead() no longer works after we
* sent the notify from our side. So, we just read from the
* underlying filter and hope it will end. */
nread = Curl_conn_cf_recv(cf->next, data, buf, sizeof(buf), &result);

2
lib/vtls/vtls_int.h
View File

@ -220,7 +220,7 @@ CURLcode Curl_ssl_set_sessionid(struct Curl_cfilter *cf,
#include "gtls.h" /* GnuTLS versions */
#include "wolfssl.h" /* wolfSSL versions */
#include "schannel.h" /* Schannel SSPI version */
#include "sectransp.h" /* SecureTransport (Darwin) version */
#include "sectransp.h" /* Secure Transport (Darwin) version */
#include "mbedtls.h" /* mbedTLS versions */
#include "bearssl.h" /* BearSSL versions */
#include "rustls.h" /* Rustls versions */

2
m4/curl-override.m4
View File

@ -44,7 +44,7 @@ dnl -------------------------------------------------
dnl This is done to prevent compiler warning
dnl 'function declaration isn't a prototype'
dnl in function main. This requires at least
dnl a c89 compiler and does not support K&R.
dnl a C89 compiler and does not support K&R.
m4_define([AC_LANG_PROGRAM(C)],
[$1

2
src/tool_operate.c
View File

@ -3041,7 +3041,7 @@ static CURLcode transfer_per_config(struct GlobalConfig *global,
* default filename curl-ca-bundle.crt in the user's PATH.
*
* If Schannel is the selected SSL backend then these locations are
* ignored. We allow setting CA location for schannel only when explicitly
* ignored. We allow setting CA location for Schannel only when explicitly
* specified by the user via CURLOPT_CAINFO / --cacert.
*/
if(tls_backend_info->backend != CURLSSLBACKEND_SCHANNEL) {

2
tests/data/test2033
View File

@ -35,7 +35,7 @@ https Server-localhost-sv.pem
simple HTTPS GET with DER public key pinning (Schannel variant)
</name>
<setenv>
# This test is pointless if we're not using the schannel backend
# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>

2
tests/data/test2070
View File

@ -34,7 +34,7 @@ https Server-localhost-sv.pem
Ignore certificate revocation "best effort" strategy
</name>
<setenv>
# This test is pointless if we're not using the schannel backend
# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>

2
tests/data/test2079
View File

@ -35,7 +35,7 @@ https Server-localhost-sv.pem
simple HTTPS GET with PEM public key pinning (Schannel variant)
</name>
<setenv>
# This test is pointless if we're not using the schannel backend
# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>

2
tests/data/test2087
View File

@ -35,7 +35,7 @@ https Server-localhost-sv.pem
simple HTTPS GET with base64-sha256 public key pinning (Schannel variant)
</name>
<setenv>
# This test is pointless if we're not using the schannel backend
# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>

2
tests/data/test3023
View File

@ -34,7 +34,7 @@ https Server-localhost-firstSAN-sv.pem
HTTPS GET to localhost, first subject alt name matches, CN does not match (Schannel variant)
</name>
<setenv>
# This test is pointless if we're not using the schannel backend
# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>

2
tests/data/test3024
View File

@ -34,7 +34,7 @@ https Server-localhost-lastSAN-sv.pem
HTTPS GET to localhost, last subject alt name matches, CN does not match (Schannel variant)
</name>
<setenv>
# This test is pointless if we're not using the schannel backend
# This test is pointless if we are not using the Schannel backend
CURL_SSL_BACKEND=schannel
</setenv>
<command>

2
tests/http/test_17_ssl_use.py
View File

@ -231,7 +231,7 @@ class TestSSLUse:
tls_proto = 'TLSv1.2'
elif env.curl_uses_lib('sectransp'): # not in CI, so untested
if tls_proto == 'TLSv1.3':
pytest.skip('SecureTransport does not support TLSv1.3')
pytest.skip('Secure Transport does not support TLSv1.3')
tls_proto = 'TLSv1.2'
# test
extra_args = ['--tls13-ciphers', ':'.join(ciphers13)] if ciphers13 else []