Follow-up to 21248e052d
Disabling "assignment within conditional expression" for MSVC needs to
be done before the function starts, for it to take effect.
Closes#8218
"As a last resort, you can access the field foo of a structure bar by
writing bar.MBEDTLS_PRIVATE(foo). Note that you do so at your own risk,
since such code is likely to break in a future minor version of Mbed
TLS." -
f2d1199edc/docs/3.0-migration-guide.md
That future minor version is v3.1.0. I set the >= to == for the version
checks because v3.1.0 is a release, and I am not sure when the private
designation was reverted after v3.0.0.
Closes#8214
-- curl version=[7.81.0-DEV]
CMake Warning (dev) at /usr/share/cmake-3.22.1/Modules/FindPackageHandleStandardArgs.cmake:438 (message):
The package name passed to `find_package_handle_standard_args` (MBEDTLS)
does not match the name of the calling package (MbedTLS). This can lead to
problems in calling code that expects `find_package` result variables
(e.g., `_FOUND`) to follow a certain pattern.
Call Stack (most recent call first):
deps/curl/CMake/FindMbedTLS.cmake:31 (find_package_handle_standard_args)
deps/curl/CMakeLists.txt:473 (find_package)
This warning is for project developers. Use -Wno-dev to suppress it.
Closes#8207
... and double-check in the OpenSSL shutdown that the socket is actually
still there before it is used.
Fixes#8193Closes#8195
Reported-by: Leszek Kubik
Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and
`CURLOPT_SSL_VERIFYHOST`.
The name check now uses a function from lib/vtls/openssl.c which will
need attention for when TLS is not done by OpenSSL or is disabled while
QUIC is enabled.
Possibly the servercert() function in openssl.c should be adjusted to be
able to use for both regular TLS and QUIC.
Ref: #8173Closes#8178
It feels a bit unfortunate to litter an ugly tag for this functionality,
but if we get link scans of all markdown files, this might be worth the
price.
Prior to this change OpenSSL_version was only detected in configure
builds. For other builds the old version parsing code was used which
would result in incorrect versioning for OpenSSL 3:
Before:
curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11
WinIDN libssh2/1.9.0
After:
curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11
WinIDN libssh2/1.9.0
Reported-by: lllaffer@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/8154
Closes https://github.com/curl/curl/pull/8155
The new CURLOPT_PREREQFUNCTION callback is another way to sanitize
addresses.
Using the curl_url API is a way to mitigate against attacks relying on
URL parsing differences.
