mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2024-12-15 06:40:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

openssl quic: populate x509 store before handshake

Browse Source 
Since OpenSSL does its own send/recv internally, we may miss the moment
to populate the x509 store right before the server response. Do it
instead before we start the handshake, at the loss of the time to set
this up.

Closes #15137
This commit is contained in:
Stefan Eissing 2024-10-03 10:51:26 +02:00 committed by Daniel Stenberg
parent 6c1b15768c
commit 65eb20260b
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
lib/vquic/curl_osslq.c
View File

@ -1701,6 +1701,14 @@ static CURLcode cf_osslq_connect(struct Curl_cfilter *cf,
}
}
/* Since OpenSSL does its own send/recv internally, we may miss the
* moment to populate the x509 store right before the server response.
* Do it instead before we start the handshake, at the loss of the
* time to set this up. */
result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data);
if(result)
goto out;
ERR_clear_error();
err = SSL_do_handshake(ctx->tls.ossl.ssl);
@ -1725,7 +1733,6 @@ static CURLcode cf_osslq_connect(struct Curl_cfilter *cf,
case SSL_ERROR_WANT_READ:
ctx->q.last_io = now;
CURL_TRC_CF(data, cf, "QUIC SSL_connect() -> WANT_RECV");
result = Curl_vquic_tls_before_recv(&ctx->tls, cf, data);
goto out;
case SSL_ERROR_WANT_WRITE:
ctx->q.last_io = now;