diff --git a/deps/curl-8.3.0/include/curl/curl.h b/deps/curl-8.3.0/include/curl/curl.h index 898cbda839..5e57265f6b 100644 --- a/deps/curl-8.3.0/include/curl/curl.h +++ b/deps/curl-8.3.0/include/curl/curl.h @@ -122,6 +122,10 @@ typedef void CURL; typedef void CURLSH; #endif +#ifdef __linux__ +extern char sf_enable_getaddrinfo_lock; +#endif + /* * libcurl external API function linkage decorations. */ @@ -2210,6 +2214,15 @@ typedef enum { /* set a specific client IP for HAProxy PROXY protocol header? */ CURLOPT(CURLOPT_HAPROXY_CLIENT_IP, CURLOPTTYPE_STRINGPOINT, 323), + /* Snowflake options. True if enabling ocsp check */ + CURLOPT(CURLOPT_SSL_SF_OCSP_CHECK, CURLOPTTYPE_LONG, 323), + + /* Snowflake options. True if soft fail is enabled */ + CURLOPT(CURLOPT_SSL_SF_OCSP_FAIL_OPEN, CURLOPTTYPE_LONG, 324), + + /* Snowflake options. True if OOB telemetry is enabled. Defaults to false */ + CURLOPT(CURLOPT_SSL_SF_OOB_ENABLE, CURLOPTTYPE_LONG, 325), + CURLOPT_LASTENTRY /* the last unused */ } CURLoption; diff --git a/deps/curl-8.3.0/lib/Makefile.in b/deps/curl-8.3.0/lib/Makefile.in index 7a05ddcbbc..fdfb8fbceb 100644 --- a/deps/curl-8.3.0/lib/Makefile.in +++ b/deps/curl-8.3.0/lib/Makefile.in @@ -349,7 +349,8 @@ am__objects_3 = vtls/libcurl_la-bearssl.lo vtls/libcurl_la-gtls.lo \ vtls/libcurl_la-openssl.lo vtls/libcurl_la-rustls.lo \ vtls/libcurl_la-schannel.lo vtls/libcurl_la-schannel_verify.lo \ vtls/libcurl_la-sectransp.lo vtls/libcurl_la-vtls.lo \ - vtls/libcurl_la-wolfssl.lo vtls/libcurl_la-x509asn1.lo + vtls/libcurl_la-wolfssl.lo vtls/libcurl_la-x509asn1.lo \ + vtls/libcurl_la-sf_ocsp.lo vtls/libcurl_la-sf_cJSON.lo am__objects_4 = vquic/libcurl_la-curl_msh3.lo \ vquic/libcurl_la-curl_ngtcp2.lo \ vquic/libcurl_la-curl_quiche.lo vquic/libcurl_la-vquic.lo @@ -433,7 +434,8 @@ am__objects_11 = libcurlu_la-altsvc.lo libcurlu_la-amigaos.lo \ libcurlu_la-timeval.lo libcurlu_la-transfer.lo \ libcurlu_la-url.lo libcurlu_la-urlapi.lo \ libcurlu_la-version.lo libcurlu_la-version_win32.lo \ - libcurlu_la-warnless.lo libcurlu_la-ws.lo + libcurlu_la-warnless.lo libcurlu_la-ws.lo \ + vtls/libcurl_la-sf_ocsp.lo vtls/libcurl_la-sf_cJSON.lo am__objects_12 = vauth/libcurlu_la-cleartext.lo \ vauth/libcurlu_la-cram.lo vauth/libcurlu_la-digest.lo \ vauth/libcurlu_la-digest_sspi.lo vauth/libcurlu_la-gsasl.lo \ @@ -786,6 +788,8 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ vtls/$(DEPDIR)/libcurl_la-schannel.Plo \ vtls/$(DEPDIR)/libcurl_la-schannel_verify.Plo \ vtls/$(DEPDIR)/libcurl_la-sectransp.Plo \ + vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Plo \ + vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Plo \ vtls/$(DEPDIR)/libcurl_la-vtls.Plo \ vtls/$(DEPDIR)/libcurl_la-wolfssl.Plo \ vtls/$(DEPDIR)/libcurl_la-x509asn1.Plo \ @@ -800,6 +804,8 @@ am__depfiles_remade = ./$(DEPDIR)/libcurl_la-altsvc.Plo \ vtls/$(DEPDIR)/libcurlu_la-schannel.Plo \ vtls/$(DEPDIR)/libcurlu_la-schannel_verify.Plo \ vtls/$(DEPDIR)/libcurlu_la-sectransp.Plo \ + vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Plo \ + vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Plo \ vtls/$(DEPDIR)/libcurlu_la-vtls.Plo \ vtls/$(DEPDIR)/libcurlu_la-wolfssl.Plo \ vtls/$(DEPDIR)/libcurlu_la-x509asn1.Plo @@ -1164,7 +1170,9 @@ LIB_VTLS_CFILES = \ vtls/sectransp.c \ vtls/vtls.c \ vtls/wolfssl.c \ - vtls/x509asn1.c + vtls/x509asn1.c \ + vtls/sf_ocsp.c \ + vtls/sf_cJSON.c LIB_VTLS_HFILES = \ vtls/bearssl.h \ @@ -1181,7 +1189,9 @@ LIB_VTLS_HFILES = \ vtls/vtls.h \ vtls/vtls_int.h \ vtls/wolfssl.h \ - vtls/x509asn1.h + vtls/x509asn1.h \ + vtls/sf_ocsp.h \ + vtls/sf_cJSON.h LIB_VQUIC_CFILES = \ vquic/curl_msh3.c \ @@ -1665,6 +1675,10 @@ vtls/libcurl_la-wolfssl.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurl_la-x509asn1.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) +vtls/libcurl_la-sf_ocsp.lo: vtls/$(am__dirstamp) \ + vtls/$(DEPDIR)/$(am__dirstamp) +vtls/libcurl_la-sf_cJSON.lo: vtls/$(am__dirstamp) \ + vtls/$(DEPDIR)/$(am__dirstamp) vquic/$(am__dirstamp): @$(MKDIR_P) vquic @: > vquic/$(am__dirstamp) @@ -1748,6 +1762,10 @@ vtls/libcurlu_la-wolfssl.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) vtls/libcurlu_la-x509asn1.lo: vtls/$(am__dirstamp) \ vtls/$(DEPDIR)/$(am__dirstamp) +vtls/libcurlu_la-sf_ocsp.lo: vtls/$(am__dirstamp) \ + vtls/$(DEPDIR)/$(am__dirstamp) +vtls/libcurlu_la-sf_cJSON.lo: vtls/$(am__dirstamp) \ + vtls/$(DEPDIR)/$(am__dirstamp) vquic/libcurlu_la-curl_msh3.lo: vquic/$(am__dirstamp) \ vquic/$(DEPDIR)/$(am__dirstamp) vquic/libcurlu_la-curl_ngtcp2.lo: vquic/$(am__dirstamp) \ @@ -2087,6 +2105,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mbedtls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-mbedtls_threadlock.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-openssl.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-rustls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-schannel.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurl_la-schannel_verify.Plo@am__quote@ # am--include-marker @@ -2101,6 +2121,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mbedtls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-mbedtls_threadlock.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-openssl.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-rustls.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-schannel.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@vtls/$(DEPDIR)/libcurlu_la-schannel_verify.Plo@am__quote@ # am--include-marker @@ -3238,6 +3260,20 @@ vtls/libcurl_la-x509asn1.lo: vtls/x509asn1.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-x509asn1.lo `test -f 'vtls/x509asn1.c' || echo '$(srcdir)/'`vtls/x509asn1.c +vtls/libcurl_la-sf_ocsp.lo: vtls/sf_ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-sf_ocsp.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Tpo -c -o vtls/libcurl_la-sf_ocsp.lo `test -f 'vtls/sf_ocsp.c' || echo '$(srcdir)/'`vtls/sf_ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Tpo vtls/$(DEPDIR)/libcurl_la-sf_ocsp.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/sf_ocsp.c' object='vtls/libcurl_la-sf_ocsp.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-sf_ocsp.lo `test -f 'vtls/sf_ocsp.c' || echo '$(srcdir)/'`vtls/sf_ocsp.c + +vtls/libcurl_la-sf_cJSON.lo: vtls/sf_cJSON.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vtls/libcurl_la-sf_cJSON.lo -MD -MP -MF vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Tpo -c -o vtls/libcurl_la-sf_cJSON.lo `test -f 'vtls/sf_cJSON.c' || echo '$(srcdir)/'`vtls/sf_cJSON.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Tpo vtls/$(DEPDIR)/libcurl_la-sf_cJSON.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/sf_cJSON.c' object='vtls/libcurl_la-sf_cJSON.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurl_la-sf_cJSON.lo `test -f 'vtls/sf_cJSON.c' || echo '$(srcdir)/'`vtls/sf_cJSON.c + vquic/libcurl_la-curl_msh3.lo: vquic/curl_msh3.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurl_la_CPPFLAGS) $(CPPFLAGS) $(libcurl_la_CFLAGS) $(CFLAGS) -MT vquic/libcurl_la-curl_msh3.lo -MD -MP -MF vquic/$(DEPDIR)/libcurl_la-curl_msh3.Tpo -c -o vquic/libcurl_la-curl_msh3.lo `test -f 'vquic/curl_msh3.c' || echo '$(srcdir)/'`vquic/curl_msh3.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurl_la-curl_msh3.Tpo vquic/$(DEPDIR)/libcurl_la-curl_msh3.Plo @@ -4386,6 +4422,20 @@ vtls/libcurlu_la-x509asn1.lo: vtls/x509asn1.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-x509asn1.lo `test -f 'vtls/x509asn1.c' || echo '$(srcdir)/'`vtls/x509asn1.c +vtls/libcurlu_la-sf_ocsp.lo: vtls/sf_ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-sf_ocsp.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Tpo -c -o vtls/libcurlu_la-sf_ocsp.lo `test -f 'vtls/sf_ocsp.c' || echo '$(srcdir)/'`vtls/sf_ocsp.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Tpo vtls/$(DEPDIR)/libcurlu_la-sf_ocsp.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/sf_ocsp.c' object='vtls/libcurlu_la-sf_ocsp.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-sf_ocsp.lo `test -f 'vtls/sf_ocsp.c' || echo '$(srcdir)/'`vtls/sf_ocsp.c + +vtls/libcurlu_la-sf_cJSON.lo: vtls/sf_cJSON.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vtls/libcurlu_la-sf_cJSON.lo -MD -MP -MF vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Tpo -c -o vtls/libcurlu_la-sf_cJSON.lo `test -f 'vtls/sf_cJSON.c' || echo '$(srcdir)/'`vtls/sf_cJSON.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Tpo vtls/$(DEPDIR)/libcurlu_la-sf_cJSON.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='vtls/sf_cJSON.c' object='vtls/libcurlu_la-sf_cJSON.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -c -o vtls/libcurlu_la-sf_cJSON.lo `test -f 'vtls/sf_cJSON.c' || echo '$(srcdir)/'`vtls/sf_cJSON.c + vquic/libcurlu_la-curl_msh3.lo: vquic/curl_msh3.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libcurlu_la_CPPFLAGS) $(CPPFLAGS) $(libcurlu_la_CFLAGS) $(CFLAGS) -MT vquic/libcurlu_la-curl_msh3.lo -MD -MP -MF vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Tpo -c -o vquic/libcurlu_la-curl_msh3.lo `test -f 'vquic/curl_msh3.c' || echo '$(srcdir)/'`vquic/curl_msh3.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Tpo vquic/$(DEPDIR)/libcurlu_la-curl_msh3.Plo @@ -5337,7 +5387,7 @@ uninstall-am: uninstall-libLTLIBRARIES checksrc: $(CHECKSRC)(@PERL@ $(top_srcdir)/scripts/checksrc.pl -D$(srcdir) \ -W$(srcdir)/curl_config.h $(srcdir)/*.[ch] $(srcdir)/vauth/*.[ch] \ - $(srcdir)/vtls/*.[ch] $(srcdir)/vquic/*.[ch] $(srcdir)/vssh/*.[ch]) + $(srcdir)/vquic/*.[ch] $(srcdir)/vssh/*.[ch]) # for debug builds, we scan the sources on all regular make invokes @CURLDEBUG_TRUE@all-local: checksrc diff --git a/deps/curl-8.3.0/lib/Makefile.inc b/deps/curl-8.3.0/lib/Makefile.inc index a08180b531..f0461774a2 100644 --- a/deps/curl-8.3.0/lib/Makefile.inc +++ b/deps/curl-8.3.0/lib/Makefile.inc @@ -56,7 +56,9 @@ LIB_VTLS_CFILES = \ vtls/sectransp.c \ vtls/vtls.c \ vtls/wolfssl.c \ - vtls/x509asn1.c + vtls/x509asn1.c \ + vtls/sf_ocsp.c \ + vtls/sf_cJSON.c LIB_VTLS_HFILES = \ vtls/bearssl.h \ @@ -73,7 +75,9 @@ LIB_VTLS_HFILES = \ vtls/vtls.h \ vtls/vtls_int.h \ vtls/wolfssl.h \ - vtls/x509asn1.h + vtls/x509asn1.h \ + vtls/sf_ocsp.h \ + vtls/sf_cJSON.h LIB_VQUIC_CFILES = \ vquic/curl_msh3.c \ diff --git a/deps/curl-8.3.0/lib/curl_addrinfo.c b/deps/curl-8.3.0/lib/curl_addrinfo.c index f9211d3f57..765199f96e 100644 --- a/deps/curl-8.3.0/lib/curl_addrinfo.c +++ b/deps/curl-8.3.0/lib/curl_addrinfo.c @@ -47,6 +47,10 @@ # include #endif +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) +#include +#endif + #include #include "curl_addrinfo.h" @@ -86,6 +90,15 @@ Curl_freeaddrinfo(struct Curl_addrinfo *cahead) } } +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) +static void Curl_print_pthread_error(int error) +{ + printf("pthread mutex_raw error no is: %d\n", error); + if(error == EINVAL) { + printf("the mutex has not been properly initialized.\n"); + } +} +#endif #ifdef HAVE_GETADDRINFO /* @@ -102,6 +115,16 @@ Curl_freeaddrinfo(struct Curl_addrinfo *cahead) * whole library, any such call should be 'routed' through this one. */ + /* + * SNOW-119090 where application is not pthread compatible causing + * libnss_file.so being loaded before the pthread and SEGFAULT when + * calling getaddrinfo(). + */ +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) +static pthread_mutex_t sf_getaddrinfo_mutex = PTHREAD_MUTEX_INITIALIZER; +char sf_enable_getaddrinfo_lock = 0; +#endif + int Curl_getaddrinfo_ex(const char *nodename, const char *servname, @@ -115,9 +138,22 @@ Curl_getaddrinfo_ex(const char *nodename, struct Curl_addrinfo *ca; size_t ss_size; int error; +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) + int mutex_error; +#endif *result = NULL; /* assume failure */ +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) + if(sf_enable_getaddrinfo_lock == 1) { + mutex_error = pthread_mutex_lock(&sf_getaddrinfo_mutex); + if(mutex_error) { + Curl_print_pthread_error(mutex_error); + return mutex_error; + } + } +#endif + error = getaddrinfo(nodename, servname, hints, &aihead); if(error) return error; @@ -186,6 +222,16 @@ Curl_getaddrinfo_ex(const char *nodename, if(aihead) freeaddrinfo(aihead); +#if defined(USE_THREADS_POSIX) && defined(HAVE_PTHREAD_H) + if(sf_enable_getaddrinfo_lock == 1) { + mutex_error = pthread_mutex_unlock(&sf_getaddrinfo_mutex); + if(mutex_error) { + Curl_print_pthread_error(mutex_error); + error = mutex_error; + } + } +#endif + /* if we failed, also destroy the Curl_addrinfo list */ if(error) { Curl_freeaddrinfo(cafirst); diff --git a/deps/curl-8.3.0/lib/setopt.c b/deps/curl-8.3.0/lib/setopt.c index 2cef1b3d82..4271a7684d 100644 --- a/deps/curl-8.3.0/lib/setopt.c +++ b/deps/curl-8.3.0/lib/setopt.c @@ -2036,6 +2036,32 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) TRUE : FALSE; break; #endif + case CURLOPT_SSL_SF_OCSP_CHECK: + data->set.ssl.primary.sf_ocsp_check = (0 != va_arg(param, long)) ? + TRUE : FALSE; + /* Update the current connection ssl_config. */ + if(data->conn) { + data->conn->ssl_config.sf_ocsp_check = + data->set.ssl.primary.sf_ocsp_check; + } + break; + case CURLOPT_SSL_SF_OCSP_FAIL_OPEN: + data->set.ssl.primary.sf_ocsp_failopen = (0 != va_arg(param, long)) ? + TRUE:FALSE; + if(data->conn) { + data->conn->ssl_config.sf_ocsp_failopen = + data->set.ssl.primary.sf_ocsp_failopen; + } + break; + case CURLOPT_SSL_SF_OOB_ENABLE: + data->set.ssl.primary.sf_oob_enable = (0 != va_arg(param, long)) ? + TRUE : FALSE; + /* Update the current connection ssl_config. */ + if(data->conn) { + data->conn->ssl_config.sf_oob_enable = + data->set.ssl.primary.sf_oob_enable; + } + break; case CURLOPT_SSL_CTX_FUNCTION: /* * Set a SSL_CTX callback diff --git a/deps/curl-8.3.0/lib/url.c b/deps/curl-8.3.0/lib/url.c index 4f5673ed0d..e331c1280e 100644 --- a/deps/curl-8.3.0/lib/url.c +++ b/deps/curl-8.3.0/lib/url.c @@ -1565,12 +1565,21 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->ssl_config.verifypeer = data->set.ssl.primary.verifypeer; conn->ssl_config.verifyhost = data->set.ssl.primary.verifyhost; conn->ssl_config.ssl_options = data->set.ssl.primary.ssl_options; + conn->ssl_config.sf_ocsp_check = data->set.ssl.primary.sf_ocsp_check; + conn->ssl_config.sf_ocsp_failopen = data->set.ssl.primary.sf_ocsp_failopen; + conn->ssl_config.sf_oob_enable = data->set.ssl.primary.sf_oob_enable; #ifndef CURL_DISABLE_PROXY conn->proxy_ssl_config.verifystatus = data->set.proxy_ssl.primary.verifystatus; conn->proxy_ssl_config.verifypeer = data->set.proxy_ssl.primary.verifypeer; conn->proxy_ssl_config.verifyhost = data->set.proxy_ssl.primary.verifyhost; conn->proxy_ssl_config.ssl_options = data->set.proxy_ssl.primary.ssl_options; + conn->proxy_ssl_config.sf_ocsp_check = + data->set.proxy_ssl.primary.sf_ocsp_check; + conn->proxy_ssl_config.sf_ocsp_failopen = + data->set.proxy_ssl.primary.sf_ocsp_failopen; + conn->proxy_ssl_config.sf_oob_enable = + data->set.proxy_ssl.primary.sf_oob_enable; #endif conn->ip_version = data->set.ipver; conn->connect_only = data->set.connect_only; diff --git a/deps/curl-8.3.0/lib/urldata.h b/deps/curl-8.3.0/lib/urldata.h index 4bfb3b48d2..57460c8ae3 100644 --- a/deps/curl-8.3.0/lib/urldata.h +++ b/deps/curl-8.3.0/lib/urldata.h @@ -267,6 +267,9 @@ typedef enum { struct ssl_backend_data; struct ssl_primary_config { + bool sf_ocsp_check; /* set TRUE if client side ocsp check is enabled */ + bool sf_ocsp_failopen; /* set FALSE if failopen has to be disabled.*/ + bool sf_oob_enable; /* set TRUE if OOB telemetry is enabled.*/ char *CApath; /* certificate dir (doesn't work on windows) */ char *CAfile; /* certificate to verify peer against */ char *issuercert; /* optional issuer certificate filename */ diff --git a/deps/curl-8.3.0/lib/vtls/openssl.c b/deps/curl-8.3.0/lib/vtls/openssl.c index a12e712b16..39d20435f5 100644 --- a/deps/curl-8.3.0/lib/vtls/openssl.c +++ b/deps/curl-8.3.0/lib/vtls/openssl.c @@ -63,6 +63,7 @@ #include "multiif.h" #include "strerror.h" #include "curl_printf.h" +#include "sf_ocsp.h" #include #include @@ -1738,6 +1739,9 @@ static int ossl_init(void) Curl_tls_keylog_open(); + /* init Cert OCSP revocation checks */ + initCertOCSP(); + return 1; } @@ -4092,6 +4096,39 @@ static CURLcode servercert(struct Curl_cfilter *cf, return CURLE_PEER_FAILED_VERIFICATION; } + /* !!! Starting Snowflake OCSP !!! */ + if (conn_config->sf_ocsp_check) + { + STACK_OF(X509) *ch = NULL; + X509_STORE *st = NULL; + + ch = SSL_get_peer_cert_chain(backend->handle); + if (!ch) + { + failf(data, "Out of memory. Failed to get certificate chain"); + X509_free(backend->server_cert); + backend->server_cert = NULL; + return CURLE_OUT_OF_MEMORY; + } + st = SSL_CTX_get_cert_store(backend->ctx); + if (!st) + { + failf(data, "NULL data store"); + X509_free(backend->server_cert); + backend->server_cert = NULL; + return CURLE_SSL_INVALIDCERTSTATUS; + } + + result = checkCertOCSP(conn, data, ch, st, conn_config->sf_ocsp_failopen, conn_config->sf_oob_enable); + if (result) + { + X509_free(backend->server_cert); + backend->server_cert = NULL; + return result; + } + } + /* !!! End of Snowflake OCSP !!! */ + infof(data, "%s certificate:", Curl_ssl_cf_is_proxy(cf)? "Proxy" : "Server"); diff --git a/deps/curl-8.3.0/winbuild/MakefileBuild.vc b/deps/curl-8.3.0/winbuild/MakefileBuild.vc index b6049e832f..f50d683be0 100644 --- a/deps/curl-8.3.0/winbuild/MakefileBuild.vc +++ b/deps/curl-8.3.0/winbuild/MakefileBuild.vc @@ -48,11 +48,11 @@ CC = cl.exe !IF "$(VC)"=="6" CC_NODEBUG = $(CC) /O2 /DNDEBUG CC_DEBUG = $(CC) /Od /Gm /Zi /D_DEBUG /GZ -CFLAGS = /I. /I../lib /I../include /nologo /W4 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL +CFLAGS = /I. /I../lib /I../include /nologo /W4 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL /ZH:SHA_256 !ELSE CC_NODEBUG = $(CC) /O2 /DNDEBUG CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd -CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL +CFLAGS = /I. /I ../lib /I../include /nologo /W4 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL /ZH:SHA_256 !ENDIF LFLAGS = /nologo /machine:$(MACHINE) @@ -69,7 +69,11 @@ LFLAGS_PDB = /incremental:no /opt:ref,icf /DEBUG CFLAGS_LIBCURL_STATIC = /DCURL_STATICLIB -WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib +!IF "$(MACHINE)"=="x64" +WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib ole32.lib +!ELSE +WIN_LIBS = ws2_32.lib wldap32.lib advapi32.lib crypt32.lib msvcrt.lib ole32.lib +!ENDIF BASE_NAME = libcurl BASE_NAME_DEBUG = $(BASE_NAME)_debug @@ -280,6 +284,10 @@ ZLIB = static ZLIB_CFLAGS = /DHAVE_LIBZ $(ADDITIONAL_ZLIB_CFLAGS) /I"$(ZLIB_INC_DIR)" !ENDIF +OOB_LIBS = libtelemetry_a.lib +OOBLIB = static +OOB_CFLAGS = +OOB_LFLAGS = !IFDEF SSH2_PATH SSH2_INC_DIR= $(SSH2_PATH)\include @@ -463,12 +471,15 @@ PDB = $(PDB_NAME_STATIC_DEBUG) TARGET = $(LIB_NAME_STATIC) PDB = $(PDB_NAME_STATIC) !ENDIF -LNK = $(LNKLIB) /out:$(LIB_DIROBJ)\$(TARGET) +LNK = $(LNKLIB) $(WIN_LIBS) /out:$(LIB_DIROBJ)\$(TARGET) CURL_CC = $(CURL_CC) $(CFLAGS_LIBCURL_STATIC) # AS_DLL !ENDIF +CFLAGS = $(CFLAGS) $(OOB_CFLAGS) +LFLAGS = $(LFLAGS) $(OOB_LFLAGS) $(OOB_LIBS) + !IF "$(USE_SSL)"=="true" CFLAGS = $(CFLAGS) $(SSL_CFLAGS) LFLAGS = $(LFLAGS) $(SSL_LFLAGS) $(SSL_LIBS) diff --git a/scripts/build_awssdk.bat b/scripts/build_awssdk.bat index 72d16559e4..c205649e08 100755 --- a/scripts/build_awssdk.bat +++ b/scripts/build_awssdk.bat @@ -4,7 +4,7 @@ :: @echo off set aws_src_version=1.3.50 -set aws_build_version=4 +set aws_build_version=5 set aws_version=%aws_src_version%.%aws_build_version% call %* goto :EOF diff --git a/scripts/build_awssdk.sh b/scripts/build_awssdk.sh index 25e023d4f7..89a6b8a0c2 100755 --- a/scripts/build_awssdk.sh +++ b/scripts/build_awssdk.sh @@ -13,7 +13,7 @@ function usage() { set -o pipefail AWS_SRC_VERSION=1.3.50 -AWS_BUILD_VERSION=4 +AWS_BUILD_VERSION=5 AWS_DIR=aws-sdk-cpp-$AWS_SRC_VERSION AWS_VERSION=$AWS_SRC_VERSION.$AWS_BUILD_VERSION diff --git a/scripts/build_azuresdk.bat b/scripts/build_azuresdk.bat index a04d4900f7..931ef682e0 100644 --- a/scripts/build_azuresdk.bat +++ b/scripts/build_azuresdk.bat @@ -4,7 +4,7 @@ :: @echo off set azure_src_version=0.1.20 -set azure_build_version=3 +set azure_build_version=4 set azure_version=%azure_src_version%.%azure_build_version% call %* goto :EOF diff --git a/scripts/build_azuresdk.sh b/scripts/build_azuresdk.sh index 6db362f1e4..04b83b1cc4 100755 --- a/scripts/build_azuresdk.sh +++ b/scripts/build_azuresdk.sh @@ -12,7 +12,7 @@ function usage() { set -o pipefail AZURE_SRC_VERSION=0.1.20 -AZURE_BUILD_VERSION=3 +AZURE_BUILD_VERSION=4 AZURE_DIR=azure-storage-cpplite-$AZURE_SRC_VERSION AZURE_VERSION=$AZURE_SRC_VERSION.$AZURE_BUILD_VERSION diff --git a/scripts/build_curl.bat b/scripts/build_curl.bat index 20fac89347..62d6cdd756 100644 --- a/scripts/build_curl.bat +++ b/scripts/build_curl.bat @@ -10,8 +10,8 @@ :: - vs14 / vs15 @echo off -set CURL_SRC_VERSION=8.1.2 -set CURL_BUILD_VERSION=3 +set CURL_SRC_VERSION=8.3.0 +set CURL_BUILD_VERSION=1 set CURL_VERSION=%CURL_SRC_VERSION%.%CURL_BUILD_VERSION% call %* goto :EOF diff --git a/scripts/build_curl.sh b/scripts/build_curl.sh index 008cd89db8..1f72bb610b 100755 --- a/scripts/build_curl.sh +++ b/scripts/build_curl.sh @@ -12,8 +12,8 @@ function usage() { } set -o pipefail -CURL_SRC_VERSION=8.1.2 -CURL_BUILD_VERSION=3 +CURL_SRC_VERSION=8.3.0 +CURL_BUILD_VERSION=1 CURL_DIR=$CURL_SRC_VERSION CURL_VERSION=${CURL_DIR}.${CURL_BUILD_VERSION} diff --git a/scripts/build_oob.bat b/scripts/build_oob.bat index 6cd0df74b1..02470ece78 100644 --- a/scripts/build_oob.bat +++ b/scripts/build_oob.bat @@ -3,7 +3,7 @@ :: @echo off set OOB_SRC_VERSION=1.0.4 -set OOB_BUILD_VERSION=3 +set OOB_BUILD_VERSION=4 set OOB_VERSION=%OOB_SRC_VERSION%.%OOB_BUILD_VERSION% call %* goto :EOF @@ -23,7 +23,7 @@ set dynamic_runtime=%4 set scriptdir=%~dp0 -set CURL_VERSION=8.1.2 +set CURL_VERSION=8.3.0 call "%scriptdir%\_init.bat" %platform% %build_type% %vs_version% if %ERRORLEVEL% NEQ 0 goto :error diff --git a/scripts/build_oob.sh b/scripts/build_oob.sh index e9dfb0bfd0..04a72e2e39 100755 --- a/scripts/build_oob.sh +++ b/scripts/build_oob.sh @@ -12,9 +12,9 @@ function usage() { set -o pipefail OOB_SRC_VERSION=1.0.4 -OOB_BUILD_VERSION=3 +OOB_BUILD_VERSION=4 OOB_VERSION=$OOB_SRC_VERSION.$OOB_BUILD_VERSION -CURL_VERSION=8.1.2 +CURL_VERSION=8.3.0 UUID_VERSION=2.39.0 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" diff --git a/scripts/build_openssl.bat b/scripts/build_openssl.bat index 284566a267..7ed8a36773 100644 --- a/scripts/build_openssl.bat +++ b/scripts/build_openssl.bat @@ -10,7 +10,7 @@ :: - vs14 / vs15 @echo off -set OPENSSL_SRC_VERSION=3.0.9 +set OPENSSL_SRC_VERSION=3.1.3 set OPENSSL_BUILD_VERSION=1 set OPENSSL_VERSION=%OPENSSL_SRC_VERSION%.%OPENSSL_BUILD_VERSION% call %* diff --git a/scripts/build_openssl.sh b/scripts/build_openssl.sh index 4bed4a3197..e337cb0738 100755 --- a/scripts/build_openssl.sh +++ b/scripts/build_openssl.sh @@ -12,7 +12,7 @@ function usage() { } set -o pipefail -OPENSSL_SRC_VERSION=3.0.9 +OPENSSL_SRC_VERSION=3.1.3 OPENSSL_BUILD_VERSION=1 OPENSSL_VERSION=$OPENSSL_SRC_VERSION.$OPENSSL_BUILD_VERSION