luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
b9895b9d3f
curl/docs/libcurl/opts/CURLINFO_EARLYDATA_SENT_T.md
Stefan Eissing 962097b8dd
TLS: TLSv1.3 earlydata support for curl 
Based on #14135, implement TLSv1.3 earlydata support for the curl
command line, libcurl and its implementation in GnuTLS.

If a known TLS session announces early data support, and the feature is
enabled *and* it is not a "connect-only" transfer, delay the TLS
handshake until the first request is being sent.

- Add --tls-earldata as new boolean command line option for curl.
- Add CURLSSLOPT_EARLYDATA to libcurl to enable use of the feature.
- Add CURLINFO_EARLYDATA_SENT_T to libcurl, reporting the amount of
  bytes sent and accepted/rejected by the server.

Implementation details:
- store the ALPN protocol selected at the SSL session.
- When reusing the session and enabling earlydata, use exactly
  that ALPN protocol for negoptiation with the server. When the
  sessions ALPN does not match the connections ALPN, earlydata
  will not be enabled.
- Check that the server selected the correct ALPN protocol for
  an earlydata connect. If the server does not confirm or reports
  something different, the connect fails.
- HTTP/2: delay sending the initial SETTINGS frames during connect,
  if not connect-only.

Verification:
- add test_02_32 to verify earlydata GET with nghttpx.
- add test_07_70 to verify earlydata PUT with nghttpx.
- add support in 'hx-download', 'hx-upload' clients for the feature

Assisted-by: ad-chaos on github
Closes #15211
2024-10-11 12:28:22 +02:00

1.7 KiB
Raw Blame History

c SPDX-License-Identifier Title Section Source See-also Protocol TLS-backend Added-in
Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. curl CURLINFO_EARLYDATA_SENT_T 3 libcurl
curl_easy_getinfo (3)
curl_easy_setopt (3)
TLS
GnuTLS
8.11.0

NAME

CURLINFO_EARLYDATA_SENT_T - get the number of bytes sent as TLS early data

SYNOPSIS

#include <curl/curl.h>

CURLcode curl_easy_getinfo(CURL *handle, CURLINFO_EARLYDATA_SENT_T,
                           curl_off_t *amount);

DESCRIPTION

Pass a pointer to an curl_off_t to receive the total amount of bytes that were sent to the server as TLSv1.3 early data. When no TLS early data is used, this reports 0.

TLS early data is only attempted when CURLSSLOPT_EARLYDATA is set for the transfer. In addition, it is only used by libcurl when a TLS session exists that announces support.

The amount is negative when the sent data was rejected by the server. TLS allows a server that announces support for early data to reject any attempt to use it at its own discretion. When for example 127 bytes had been sent, but were rejected, it reports -127 as the amount "sent".

%PROTOCOLS%

EXAMPLE

int main(void)
{
  CURL *curl = curl_easy_init();
  if(curl) {
    CURLcode res;
    curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");

    /* Perform the request */
    res = curl_easy_perform(curl);

    if(!res) {
      curl_off_t amount;
      res = curl_easy_getinfo(curl, CURLINFO_EARLYDATA_SENT_T, &amount);
      if(!res) {
        printf("TLS earlydata: %" CURL_FORMAT_CURL_OFF_T " bytes\n", amount);
      }
    }
  }
}

%AVAILABILITY%

RETURN VALUE

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.