luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
A command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, TFTP, WS and WSS. libcurl offers a myriad of powerful features
25,816 Commits 20 Branches 224 Tags 202 MiB
C 74.8%
Perl 8.1%
M4 4.8%
Python 4.3%
CMake 2.7%
Other 5.3%
6011a986ca
Go to file
Peter Wu 6011a986ca vtls: Extract and simplify key log file handling from OpenSSL 
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:

 - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
 - Do not perform dynamic memory allocation when preparing a log entry.
   Unless the TLS specifications change we can suffice with a reasonable
   fixed-size buffer.
 - Simplify state tracking when SSL_CTX_set_keylog_callback is
   unavailable. My original sslkeylog.c code included this tracking in
   order to handle multiple calls to SSL_connect and detect new keys
   after renegotiation (via SSL_read/SSL_write). For curl however we can
   be sure that a single master secret eventually becomes available
   after SSL_connect, so a simple flag is sufficient. An alternative to
   the flag is examining SSL_state(), but this seems more complex and is
   not pursued. Capturing keys after server renegotiation was already
   unsupported in curl and remains unsupported.

Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:

    # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
    openssl s_server -www -tls1
    # Likewise, but fail the server handshake.
    openssl s_server -www -tls1 -Verify 2
    # TLS 1.3 test. No need to test the failing server handshake.
    openssl s_server -www -tls1_3

Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.

    tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
        -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
        -dtls.port==4433,http -ohttp.desegment_body:FALSE \
        -Y 'tls.handshake.verify_data or http'

A single connection can easily be identified via the `tcp.stream` field.
2020-05-27 21:19:51 +02:00
.github github/workflow: enable MQTT in the macOS debug build 2020-04-14 13:04:10 +02:00
CMake CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche) 2020-05-10 23:36:41 +02:00
docs all: fix codespell errors 2020-05-25 19:44:04 +00:00
include all: fix codespell errors 2020-05-25 19:44:04 +00:00
lib vtls: Extract and simplify key log file handling from OpenSSL 2020-05-27 21:19:51 +02:00
m4 configure: remove use of -vec-report0 from CFLAGS with icc 2020-04-06 23:19:06 +02:00
packages all: fix codespell errors 2020-05-25 19:44:04 +00:00
plan9 copyright: fix out-of-date copyright ranges and missing headers 2020-03-24 15:05:59 +01:00
projects curl_multibyte: add to curlx 2020-05-14 18:13:27 +02:00
scripts all: fix codespell errors 2020-05-25 19:44:04 +00:00
src all: fix codespell errors 2020-05-25 19:44:04 +00:00
tests FILEFORMAT: add more features that tests can depend on 2020-05-27 14:33:49 +02:00
winbuild curl_multibyte: add to curlx 2020-05-14 18:13:27 +02:00
.azure-pipelines.yml CI: do not include */ci branches in PR builds 2020-04-26 19:24:11 +02:00
.cirrus.yml test1238: avoid tftpd being busy for tests shortly following 2020-05-11 19:59:19 +02:00
.dir-locals.el copyright: fix out-of-date copyright ranges and missing headers 2020-03-24 15:05:59 +01:00
.gitattributes .gitattributes: make tabs in indentation a visible error 2018-12-06 20:21:17 +01:00
.gitignore source cleanup: remove all custom typedef structs 2020-05-15 08:54:42 +02:00
.lgtm.yml copyright: fix out-of-date copyright ranges and missing headers 2020-03-24 15:05:59 +01:00
.mailmap mailmap: James Fuller 2020-05-14 08:55:00 +02:00
.travis.yml travis: simplify quiche build instructions wrt boringssl 2020-05-22 21:10:07 +02:00
acinclude.m4 build: fixed build for systems with select() in unistd.h 2020-03-31 10:59:06 +02:00
appveyor.yml test1238: avoid tftpd being busy for tests shortly following 2020-05-11 19:59:19 +02:00
buildconf buildconf: use find -execdir instead, remove -print and the ares files 2020-04-15 14:54:42 +02:00
buildconf.bat copyrights: update all copyright notices to 2019 on files changed this year 2019-11-02 23:15:56 +01:00
CHANGES CHANGES: spell fix, use correct path to script 2017-02-07 08:22:37 +01:00
CMakeLists.txt CMake: add libssh build support 2020-05-15 21:58:12 +02:00
configure.ac configure: fix pthread check with static boringssl 2020-05-22 21:10:07 +02:00
COPYING COPYING: it's 2020! 2020-01-03 15:12:46 +01:00
curl-config.in copyright: updated year ranges out of sync 2020-05-24 00:02:33 +02:00
GIT-INFO CHANGES.0: removed 2017-02-07 08:20:10 +01:00
libcurl.pc.in libcurl.pc: Merge Libs.private into Libs for static-only builds 2020-05-12 08:53:12 +02:00
MacOSX-Framework copyright: fix out-of-date copyright ranges and missing headers 2020-03-24 15:05:59 +01:00
Makefile.am CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche) 2020-05-10 23:36:41 +02:00
Makefile.dist build: remove the Borland specific makefiles 2018-06-02 11:23:40 +02:00
maketgz maketgz: delete .bak files, fix indentation 2018-06-15 23:28:34 +00:00
README README: mention that the docs is in docs/ 2020-01-27 13:06:45 +01:00
README.md README.md: add Azure DevOps Pipelines build status badge 2020-03-03 17:11:26 +01:00
RELEASE-NOTES RELEASE-NOTES: synced 2020-05-25 09:40:25 +02:00
SECURITY.md SECURITY.md: minor rephrase 2020-03-30 08:53:25 +02:00

README.md

curl logo

CII Best Practices Coverity passed Travis-CI Build Status AppVeyor Build Status Azure DevOps Build Status Cirrus Build Status Backers on Open Collective Sponsors on Open Collective Language Grade: C/C++ Codacy Badge Fuzzing Status

Curl is a command-line tool for transferring data specified with URL syntax. Find out how to use curl by reading the curl.1 man page or the MANUAL document. Find out how to install Curl by reading the INSTALL document.

libcurl is the library curl is using to do its job. It is readily available to be used by your software. Read the libcurl.3 man page to learn how!

You can find answers to the most frequent questions we get in the FAQ document.

Study the COPYING file for distribution terms and similar. If you distribute curl binaries or other binaries that involve libcurl, you might enjoy the LICENSE-MIXING document.

Contact

If you have problems, questions, ideas or suggestions, please contact us by posting to a suitable mailing list.

All contributors to the project are listed in the THANKS document.

Website

Visit the curl web site for the latest news and downloads.

Git

To download the very latest source from the Git server do this:

git clone https://github.com/curl/curl.git

(you'll get a directory named curl created, filled with the source code)

Security problems

Report suspected security problems via our HackerOne page and not in public!

Notice

Curl contains pieces of source code that is Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms.

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]