luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
925aea1aba
curl/lib/vtls
History
Jan Venekamp 925aea1aba
mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL 
With mbedTLS if the minimum version of TLS is set to 1.3,
MBEDTLS_SSL_VERIFY_OPTIONAL is not available in client mode. See:
https://github.com/Mbed-TLS/mbedtls/blob/2ca6c285/library/ssl_tls.c#L1357
Also, there might be plans to remove it completely in future mbedTLS
versions.

Switch to always use MBEDTLS_SSL_VERIFY_REQUIRED. If verifypeer or
verifyhost are disabled the corresponding error flags are cleared in the
verify callback function. That is also where verification errors are
logged.

Closes #14591
2024-08-20 12:45:06 +02:00
..
bearssl.c bearssl: fix setting tls version 2024-08-19 10:46:58 +02:00
bearssl.h
cipher_suite.c rustls: add support for setting TLS version and ciphers 2024-08-16 09:55:02 +02:00
cipher_suite.h rustls: add support for setting TLS version and ciphers 2024-08-16 09:55:02 +02:00
gtls.c gnutls/wolfssl: improve error message when certificate fails 2024-08-14 11:47:01 +02:00
gtls.h
hostcheck.c code: language cleanup in comments 2024-07-01 22:58:55 +02:00
hostcheck.h code: language cleanup in comments 2024-07-01 22:58:55 +02:00
keylog.c
keylog.h
mbedtls_threadlock.c
mbedtls_threadlock.h
mbedtls.c mbedtls: no longer use MBEDTLS_SSL_VERIFY_OPTIONAL 2024-08-20 12:45:06 +02:00
mbedtls.h
openssl.c vtls: fix static function name collisions between TLS backends 2024-08-13 09:28:27 +02:00
openssl.h
rustls.c tidy-up: spelling quiche and Rustls 2024-08-20 00:44:10 +02:00
rustls.h
schannel_int.h code: language cleanup in comments 2024-07-01 22:58:55 +02:00
schannel_verify.c tidy-up: misc spelling (bit, ASCII) 2024-08-15 15:30:09 +02:00
schannel.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
schannel.h
sectransp.c vtls: fix static function name collisions between TLS backends 2024-08-13 09:28:27 +02:00
sectransp.h
vtls_int.h tidy-up: spelling quiche and Rustls 2024-08-20 00:44:10 +02:00
vtls.c spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
vtls.h spnego_gssapi: implement TLS channel bindings for openssl 2024-08-12 19:16:54 +02:00
wolfssl.c wolfssl: fix setting tls version 2024-08-19 10:50:31 +02:00
wolfssl.h wolfssl: improve shutdown handling 2024-08-05 08:49:20 +02:00
x509asn1.c x509asn1: raise size limit for x509 certification information 2024-08-02 23:20:57 +02:00
x509asn1.h x509asn1: unittests and fixes for gtime2str 2024-07-30 23:08:59 +02:00