patch snowflake changes on curl-8.1.2 to curl-8.3.0; update versions …

…for build scripts
snowflakedb · Oct 6, 2023 · 7076316 · 7076316
1 parent 59ea2d0
commit 7076316
Show file tree

Hide file tree

Showing 19 changed files with 224 additions and 25 deletions.
diff --git a/deps/curl-8.3.0/include/curl/curl.h b/deps/curl-8.3.0/include/curl/curl.h
@@ -122,6 +122,10 @@ typedef void CURL;
 typedef void CURLSH;
 #endif
 
+#ifdef __linux__
+extern char sf_enable_getaddrinfo_lock;
+#endif
+
 /*
  * libcurl external API function linkage decorations.
  */
@@ -2210,6 +2214,15 @@ typedef enum {
   /* set a specific client IP for HAProxy PROXY protocol header? */
   CURLOPT(CURLOPT_HAPROXY_CLIENT_IP, CURLOPTTYPE_STRINGPOINT, 323),
 
+  /* Snowflake options. True if enabling ocsp check */
+  CURLOPT(CURLOPT_SSL_SF_OCSP_CHECK, CURLOPTTYPE_LONG, 323),
+
+  /* Snowflake options. True if soft fail is enabled */
+  CURLOPT(CURLOPT_SSL_SF_OCSP_FAIL_OPEN, CURLOPTTYPE_LONG, 324),
+
+  /* Snowflake options. True if OOB telemetry is enabled. Defaults to false */
+  CURLOPT(CURLOPT_SSL_SF_OOB_ENABLE, CURLOPTTYPE_LONG, 325),
+
   CURLOPT_LASTENTRY /* the last unused */
 } CURLoption;
 

diff --git a/deps/curl-8.3.0/lib/Makefile.in b/deps/curl-8.3.0/lib/Makefile.in
@@ -349,7 +349,8 @@ am__objects_3 = vtls/libcurl_la-bearssl.lo vtls/libcurl_la-gtls.lo \
 	vtls/libcurl_la-openssl.lo vtls/libcurl_la-rustls.lo \
 	vtls/libcurl_la-schannel.lo vtls/libcurl_la-schannel_verify.lo \
 	vtls/libcurl_la-sectransp.lo vtls/libcurl_la-vtls.lo \
-	vtls/libcurl_la-wolfssl.lo vtls/libcurl_la-x509asn1.lo
+	vtls/libcurl_la-wolfssl.lo vtls/libcurl_la-x509asn1.lo \
+	vtls/libcurl_la-sf_ocsp.lo vtls/libcurl_la-sf_cJSON.lo
 am__objects_4 = vquic/libcurl_la-curl_msh3.lo \
 	vquic/libcurl_la-curl_ngtcp2.lo \
 	vquic/libcurl_la-curl_quiche.lo vquic/libcurl_la-vquic.lo
@@ -433,7 +434,8 @@ am__objects_11 = libcurlu_la-altsvc.lo libcurlu_la-amigaos.lo \
 	libcurlu_la-timeval.lo libcurlu_la-transfer.lo \
 	libcurlu_la-url.lo libcurlu_la-urlapi.lo \
 	libcurlu_la-version.lo libcurlu_la-version_win32.lo \
-	libcurlu_la-warnless.lo libcurlu_la-ws.lo
+	libcurlu_la-warnless.lo libcurlu_la-ws.lo \
+	vtls/libcurl_la-sf_ocsp.lo vtls/libcurl_la-sf_cJSON.lo
 am__objects_12 = vauth/libcurlu_la-cleartext.lo \
 	vauth/libcurlu_la-cram.lo vauth/libcurlu_la-digest.lo \
 	vauth/libcurlu_la-digest_sspi.lo vauth/libcurlu_la-gsasl.lo \
@@ -786,6 +788,8 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
 	vtls/$(DEPDIR)/libcurl_la-schannel.Plo \
 	vtls/$(DEPDIR)/libcurl_la-schannel_verify.Plo \
 	vtls/$(DEPDIR)/libcurl_la-sectransp.Plo \
+	vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Plo \
+	vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Plo \
 	vtls/$(DEPDIR)/libcurl_la-vtls.Plo \
 	vtls/$(DEPDIR)/libcurl_la-wolfssl.Plo \
 	vtls/$(DEPDIR)/libcurl_la-x509asn1.Plo \
@@ -800,6 +804,8 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \
 	vtls/$(DEPDIR)/libcurlu_la-schannel.Plo \
 	vtls/$(DEPDIR)/libcurlu_la-schannel_verify.Plo \
 	vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo \
+	vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Plo \
+	vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Plo \
 	vtls/$(DEPDIR)/libcurlu_la-vtls.Plo \
 	vtls/$(DEPDIR)/libcurlu_la-wolfssl.Plo \
 	vtls/$(DEPDIR)/libcurlu_la-x509asn1.Plo
@@ -1164,7 +1170,9 @@ LIB_VTLS_CFILES = \
   vtls/sectransp.c          \
   vtls/vtls.c               \
   vtls/wolfssl.c            \
-  vtls/x509asn1.c
+  vtls/x509asn1.c           \
+  vtls/sf_ocsp.c            \
+  vtls/sf_cJSON.c
 
 LIB_VTLS_HFILES = \
   vtls/bearssl.h            \
@@ -1181,7 +1189,9 @@ LIB_VTLS_HFILES = \
   vtls/vtls.h               \
   vtls/vtls_int.h           \
   vtls/wolfssl.h            \
-  vtls/x509asn1.h
+  vtls/x509asn1.h           \
+  vtls/sf_ocsp.h            \
+  vtls/sf_cJSON.h
 
 LIB_VQUIC_CFILES = \
   vquic/curl_msh3.c   \
@@ -1665,6 +1675,10 @@ vtls/libcurl_la-wolfssl.lo: vtls/$(am__dirstamp) \
 	vtls/$(DEPDIR)/$(am__dirstamp)
 vtls/libcurl_la-x509asn1.lo: vtls/$(am__dirstamp) \
 	vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-sf_ocsp.lo: vtls/$(am__dirstamp) \
+	vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurl_la-sf_cJSON.lo: vtls/$(am__dirstamp) \
+	vtls/$(DEPDIR)/$(am__dirstamp)
 vquic/$(am__dirstamp):
 	@$(MKDIR_P) vquic
 	@: > vquic/$(am__dirstamp)
@@ -1748,6 +1762,10 @@ vtls/libcurlu_la-wolfssl.lo: vtls/$(am__dirstamp) \
 	vtls/$(DEPDIR)/$(am__dirstamp)
 vtls/libcurlu_la-x509asn1.lo: vtls/$(am__dirstamp) \
 	vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-sf_ocsp.lo: vtls/$(am__dirstamp) \
+	vtls/$(DEPDIR)/$(am__dirstamp)
+vtls/libcurlu_la-sf_cJSON.lo: vtls/$(am__dirstamp) \
+	vtls/$(DEPDIR)/$(am__dirstamp)
 vquic/libcurlu_la-curl_msh3.lo: vquic/$(am__dirstamp) \
 	vquic/$(DEPDIR)/$(am__dirstamp)
 vquic/libcurlu_la-curl_ngtcp2.lo: vquic/$(am__dirstamp) \
@@ -2087,6 +2105,8 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-openssl.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-rustls.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-schannel.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-schannel_verify.Plo@am__quote@ # am--include-marker
@@ -2101,6 +2121,8 @@ distclean-compile:
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-openssl.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Plo@am__quote@ # am--include-marker
+@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-rustls.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-schannel.Plo@am__quote@ # am--include-marker
 @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-schannel_verify.Plo@am__quote@ # am--include-marker
@@ -3238,6 +3260,20 @@ vtls/libcurl_la-x509asn1.lo: vtls/x509asn1.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-x509asn1.lo `test -f 'vtls/x509asn1.c' || echo '$(srcdir)/'`vtls/x509asn1.c
 
+vtls/libcurl_la-sf_ocsp.lo: vtls/sf_ocsp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-sf_ocsp.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Tpo -c -o vtls/libcurl_la-sf_ocsp.lo `test -f 'vtls/sf_ocsp.c' || echo '$(srcdir)/'`vtls/sf_ocsp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Tpo vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='vtls/sf_ocsp.c' object='vtls/libcurl_la-sf_ocsp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-sf_ocsp.lo `test -f 'vtls/sf_ocsp.c' || echo '$(srcdir)/'`vtls/sf_ocsp.c
+
+vtls/libcurl_la-sf_cJSON.lo: vtls/sf_cJSON.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-sf_cJSON.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Tpo -c -o vtls/libcurl_la-sf_cJSON.lo `test -f 'vtls/sf_cJSON.c' || echo '$(srcdir)/'`vtls/sf_cJSON.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Tpo vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='vtls/sf_cJSON.c' object='vtls/libcurl_la-sf_cJSON.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-sf_cJSON.lo `test -f 'vtls/sf_cJSON.c' || echo '$(srcdir)/'`vtls/sf_cJSON.c
+
 vquic/libcurl_la-curl_msh3.lo: vquic/curl_msh3.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vquic/libcurl_la-curl_msh3.lo -MD -MP -MF vquic/$(DEPDIR)/libcurl_la-curl_msh3.Tpo -c -o vquic/libcurl_la-curl_msh3.lo `test -f 'vquic/curl_msh3.c' || echo '$(srcdir)/'`vquic/curl_msh3.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurl_la-curl_msh3.Tpo vquic/$(DEPDIR)/libcurl_la-curl_msh3.Plo
@@ -4386,6 +4422,20 @@ vtls/libcurlu_la-x509asn1.lo: vtls/x509asn1.c
 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
 @am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-x509asn1.lo `test -f 'vtls/x509asn1.c' || echo '$(srcdir)/'`vtls/x509asn1.c
 
+vtls/libcurlu_la-sf_ocsp.lo: vtls/sf_ocsp.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-sf_ocsp.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Tpo -c -o vtls/libcurlu_la-sf_ocsp.lo `test -f 'vtls/sf_ocsp.c' || echo '$(srcdir)/'`vtls/sf_ocsp.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Tpo vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='vtls/sf_ocsp.c' object='vtls/libcurlu_la-sf_ocsp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-sf_ocsp.lo `test -f 'vtls/sf_ocsp.c' || echo '$(srcdir)/'`vtls/sf_ocsp.c
+
+vtls/libcurlu_la-sf_cJSON.lo: vtls/sf_cJSON.c
+@am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-sf_cJSON.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Tpo -c -o vtls/libcurlu_la-sf_cJSON.lo `test -f 'vtls/sf_cJSON.c' || echo '$(srcdir)/'`vtls/sf_cJSON.c
+@am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Tpo vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	$(AM_V_CC)source='vtls/sf_cJSON.c' object='vtls/libcurlu_la-sf_cJSON.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-sf_cJSON.lo `test -f 'vtls/sf_cJSON.c' || echo '$(srcdir)/'`vtls/sf_cJSON.c
+
 vquic/libcurlu_la-curl_msh3.lo: vquic/curl_msh3.c
 @am__fastdepCC_TRUE@	$(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vquic/libcurlu_la-curl_msh3.lo -MD -MP -MF vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Tpo -c -o vquic/libcurlu_la-curl_msh3.lo `test -f 'vquic/curl_msh3.c' || echo '$(srcdir)/'`vquic/curl_msh3.c
 @am__fastdepCC_TRUE@	$(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Tpo vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Plo
@@ -5337,7 +5387,7 @@ uninstall-am: uninstall-libLTLIBRARIES
 checksrc:
 	$(CHECKSRC)(@PERL@ $(top_srcdir)/scripts/checksrc.pl -D$(srcdir)    \
 	-W$(srcdir)/curl_config.h $(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch]   \
-	$(srcdir)/vtls/*.[ch] $(srcdir)/vquic/*.[ch] $(srcdir)/vssh/*.[ch])
+	$(srcdir)/vquic/*.[ch] $(srcdir)/vssh/*.[ch])
 
 # for debug builds, we scan the sources on all regular make invokes
 @CURLDEBUG_TRUE@all-local: checksrc

diff --git a/deps/curl-8.3.0/lib/Makefile.inc b/deps/curl-8.3.0/lib/Makefile.inc
@@ -56,7 +56,9 @@ LIB_VTLS_CFILES =           \
   vtls/sectransp.c          \
   vtls/vtls.c               \
   vtls/wolfssl.c            \
-  vtls/x509asn1.c
+  vtls/x509asn1.c           \
+  vtls/sf_ocsp.c            \
+  vtls/sf_cJSON.c
 
 LIB_VTLS_HFILES =           \
   vtls/bearssl.h            \
@@ -73,7 +75,9 @@ LIB_VTLS_HFILES =           \
   vtls/vtls.h               \
   vtls/vtls_int.h           \
   vtls/wolfssl.h            \
-  vtls/x509asn1.h
+  vtls/x509asn1.h           \
+  vtls/sf_ocsp.h            \
+  vtls/sf_cJSON.h
 
 LIB_VQUIC_CFILES = \
   vquic/curl_msh3.c   \

diff --git a/deps/curl-8.3.0/lib/curl_addrinfo.c b/deps/curl-8.3.0/lib/curl_addrinfo.c
@@ -47,6 +47,10 @@
 #  include <inet.h>
 #endif
 
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
+#include <pthread.h>
+#endif
+
 #include <stddef.h>
 
 #include "curl_addrinfo.h"
@@ -86,6 +90,15 @@ Curl_freeaddrinfo(struct Curl_addrinfo *cahead)
   }
 }
 
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
+static void Curl_print_pthread_error(int error)
+{
+  printf("pthread mutex_raw error no is: %d\n", error);
+  if(error == EINVAL) {
+    printf("the mutex has not been properly initialized.\n");
+  }
+}
+#endif
 
 #ifdef HAVE_GETADDRINFO
 /*
@@ -102,6 +115,16 @@ Curl_freeaddrinfo(struct Curl_addrinfo *cahead)
  * whole library, any such call should be 'routed' through this one.
  */
 
+ /*
+ * SNOW-119090 where application is not pthread compatible causing
+ * libnss_file.so being loaded before the pthread and SEGFAULT when
+ * calling getaddrinfo().
+ */
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
+static pthread_mutex_t sf_getaddrinfo_mutex = PTHREAD_MUTEX_INITIALIZER;
+char sf_enable_getaddrinfo_lock = 0;
+#endif
+
 int
 Curl_getaddrinfo_ex(const char *nodename,
                     const char *servname,
@@ -115,9 +138,22 @@ Curl_getaddrinfo_ex(const char *nodename,
   struct Curl_addrinfo *ca;
   size_t ss_size;
   int error;
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
+  int mutex_error;
+#endif
 
   *result = NULL; /* assume failure */
 
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
+  if(sf_enable_getaddrinfo_lock == 1) {
+    mutex_error = pthread_mutex_lock(&sf_getaddrinfo_mutex);
+    if(mutex_error) {
+      Curl_print_pthread_error(mutex_error);
+      return mutex_error;
+    }
+  }
+#endif
+
   error = getaddrinfo(nodename, servname, hints, &aihead);
   if(error)
     return error;
@@ -186,6 +222,16 @@ Curl_getaddrinfo_ex(const char *nodename,
   if(aihead)
     freeaddrinfo(aihead);
 
+#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H)
+  if(sf_enable_getaddrinfo_lock == 1) {
+    mutex_error = pthread_mutex_unlock(&sf_getaddrinfo_mutex);
+    if(mutex_error) {
+      Curl_print_pthread_error(mutex_error);
+      error = mutex_error;
+    }
+  }
+#endif
+
   /* if we failed, also destroy the Curl_addrinfo list */
   if(error) {
     Curl_freeaddrinfo(cafirst);

diff --git a/deps/curl-8.3.0/lib/setopt.c b/deps/curl-8.3.0/lib/setopt.c
@@ -2036,6 +2036,32 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
       TRUE : FALSE;
     break;
 #endif
+  case CURLOPT_SSL_SF_OCSP_CHECK:
+    data->set.ssl.primary.sf_ocsp_check = (0 != va_arg(param, long)) ?
+                                         TRUE : FALSE;
+    /* Update the current connection ssl_config. */
+    if(data->conn) {
+      data->conn->ssl_config.sf_ocsp_check =
+        data->set.ssl.primary.sf_ocsp_check;
+    }
+    break;
+  case CURLOPT_SSL_SF_OCSP_FAIL_OPEN:
+    data->set.ssl.primary.sf_ocsp_failopen = (0 != va_arg(param, long)) ?
+            TRUE:FALSE;
+    if(data->conn) {
+      data->conn->ssl_config.sf_ocsp_failopen =
+              data->set.ssl.primary.sf_ocsp_failopen;
+    }
+    break;
+  case CURLOPT_SSL_SF_OOB_ENABLE:
+    data->set.ssl.primary.sf_oob_enable = (0 != va_arg(param, long)) ?
+                                         TRUE : FALSE;
+    /* Update the current connection ssl_config. */
+    if(data->conn) {
+      data->conn->ssl_config.sf_oob_enable =
+        data->set.ssl.primary.sf_oob_enable;
+    }
+    break;
   case CURLOPT_SSL_CTX_FUNCTION:
     /*
      * Set a SSL_CTX callback

diff --git a/deps/curl-8.3.0/lib/url.c b/deps/curl-8.3.0/lib/url.c
@@ -1565,12 +1565,21 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
   conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer;
   conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost;
   conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options;
+  conn->ssl_config.sf_ocsp_check = data->set.ssl.primary.sf_ocsp_check;
+  conn->ssl_config.sf_ocsp_failopen = data->set.ssl.primary.sf_ocsp_failopen;
+  conn->ssl_config.sf_oob_enable = data->set.ssl.primary.sf_oob_enable;
 #ifndef CURL_DISABLE_PROXY
   conn->proxy_ssl_config.verifystatus =
     data->set.proxy_ssl.primary.verifystatus;
   conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer;
   conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost;
   conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options;
+  conn->proxy_ssl_config.sf_ocsp_check =
+    data->set.proxy_ssl.primary.sf_ocsp_check;
+  conn->proxy_ssl_config.sf_ocsp_failopen =
+    data->set.proxy_ssl.primary.sf_ocsp_failopen;
+  conn->proxy_ssl_config.sf_oob_enable =
+    data->set.proxy_ssl.primary.sf_oob_enable;
 #endif
   conn->ip_version = data->set.ipver;
   conn->connect_only = data->set.connect_only;

diff --git a/deps/curl-8.3.0/lib/urldata.h b/deps/curl-8.3.0/lib/urldata.h
@@ -267,6 +267,9 @@ typedef enum {
 struct ssl_backend_data;
 
 struct ssl_primary_config {
+  bool sf_ocsp_check;    /* set TRUE if client side ocsp check is enabled */
+  bool sf_ocsp_failopen; /* set FALSE if failopen has to be disabled.*/
+  bool sf_oob_enable;    /* set TRUE if OOB telemetry is enabled.*/
   char *CApath;          /* certificate dir (doesn't work on windows) */
   char *CAfile;          /* certificate to verify peer against */
   char *issuercert;      /* optional issuer certificate filename */