On Tue, Apr 23, 2024 at 11:27 AM Pedro Lino <pedro.l...@mailbox.org.invalid>
wrote:
> Hi Damjan
>
> > On 04/22/2024 6:21 PM WEST Damjan Jovanovic <dam...@apache.org> wrote:
>
> > Now what would you guys prefer:
> > - Should I do more testing, on Windows and Linux, and push my changes in
> a
> > few days?
> > - Should I push my changes now, and let you guys test too, and fix any
> > problems as we discover them?
>
> I prefer B. More people testing in different scenarios is probably better.
>
> Best,
> Pedro
>
>
I've now verified it works on Windows too, and have pushed the commits to
trunk.
Here they are, in case you want to cherry-pick:
commit f7b97bf7d9139c8b602d3da3aadbeef0631e39c1 (HEAD -> trunk,
origin/trunk, origin/HEAD)
Author: Damjan Jovanovic <dam...@apache.org>
Date: Sun Apr 21 17:07:24 2024 +0200
Override OpenSSL's certificate verification with our own, instead of
using its verification and selectively overriding the result.
- A nonsense self-signed expired certificate is fed into Curl to get it
to initialize even when the certificates in its expected system path
are missing or elsewhere.
- In Curl's CURLOPT_SSL_CTX_FUNCTION, our Curl_SSLContextCallback, we
then completely override OpenSSL's verification process with ours,
using SSL_CTX_set_cert_verify_callback() (instead of the previous
SSL_CTX_set_verify() which just allows us to override OpenSSL's
verification result).
- The verification is largely the same as before, we just have to call
slightly different functions to retrieve the certificate to verify and
the untrusted chain.
- Create components using the component context, not the legacy multi
service factory.
- Various other cleanups, better logging, etc. were made in the process.
Patch by: me
commit e469ab6aed23a1b38f105a944997af16e61071d0
Author: Damjan Jovanovic <dam...@apache.org>
Date: Mon Apr 22 19:23:06 2024 +0200
Upgrade Curl to version 8.7.1.
Patch by: me
Regards
Damjan
