git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-15 01:05:56 +08:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity
131a2fd5aa
curl-curl/lib/vtls
History
Yedaya Katsman fe1ba25c87
rustls: make max size of cert and key reasonable 
SIZE_MAX is an very overkill size for certificates or keys, lower it to
100KiB for both certificate and keys. The default max size of openssl is
100KiB for the entire chain [1], and it seems firefox fails at ~60kb
[2].

Found by https://github.com/curl/curl/pull/16923

[0] https://docs.openssl.org/3.2/man3/SSL_CTX_set_max_cert_list/#notes
[2] https://0x00.cl/blog/2024/exploring-tls-certs/

Closes #16951
2025-04-03 23:30:36 +02:00
..
.checksrc strparse: switch to curl_off_t as base data type 2025-02-15 21:58:48 +01:00
bearssl.c build: enable -Wcast-qual, fix or silence compiler warnings 2025-03-10 22:30:15 +01:00
bearssl.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
cipher_suite.c vtls: fix compiler warnings seen with gcc 7.3.0 and mbedTLS 2025-03-07 15:43:00 +01:00
cipher_suite.h rustls: add support for setting TLS version and ciphers 2024-08-16 09:55:02 +02:00
gtls.c core: stop redefining E* macros on Windows, map EACCES, related fixes 2025-03-13 00:03:25 +01:00
gtls.h wolfssl: tls early data support 2025-02-24 10:01:51 +01:00
hostcheck.c code: language cleanup in comments 2024-07-01 22:58:55 +02:00
hostcheck.h code: language cleanup in comments 2024-07-01 22:58:55 +02:00
keylog.c lib: unify conversions to/from hex 2025-04-02 14:17:56 +02:00
keylog.h keylog: move some constants to header file 2025-03-27 08:47:43 +01:00
mbedtls_threadlock.c mbedtls: properly cleanup the thread-shared entropy 2024-03-12 03:09:37 -04:00
mbedtls_threadlock.h tidy-up: one comment and EOF newlines 2024-03-12 15:38:44 +00:00
mbedtls.c mbedtls: re-enable an error check 2025-03-24 10:15:02 +01:00
mbedtls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
openssl.c openssl: fix crash on missing cert password 2025-03-24 18:22:53 -04:00
openssl.h OpenSSL/quictls: add support for TLSv1.3 early data 2025-03-03 09:27:04 +01:00
rustls.c rustls: make max size of cert and key reasonable 2025-04-03 23:30:36 +02:00
rustls.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
schannel_int.h schannel: fix TLS cert verification by IP SAN 2024-10-31 08:59:37 +01:00
schannel_verify.c windows: fix issues detected by clang-tidy, and some more 2025-03-24 10:15:08 +01:00
schannel.c windows: fix issues detected by clang-tidy, and some more 2025-03-24 10:15:08 +01:00
schannel.h msvc: add missing push/pop for warning pragmas 2025-01-27 20:59:47 +01:00
sectransp.c build: enable -Wcast-qual, fix or silence compiler warnings 2025-03-10 22:30:15 +01:00
sectransp.h copyright: update all copyright lines and remove year ranges 2023-01-03 09:19:21 +01:00
vtls_int.h vtls: move common early data code into vtls.c 2025-02-26 16:00:37 +01:00
vtls_scache.c vtls_scache: remove "Unreachable Call" 2025-04-01 15:27:56 +02:00
vtls_scache.h build: enable -Wcast-qual, fix or silence compiler warnings 2025-03-10 22:30:15 +01:00
vtls_spack.c build: enable -Wcast-qual, fix or silence compiler warnings 2025-03-10 22:30:15 +01:00
vtls_spack.h build: enable -Wcast-qual, fix or silence compiler warnings 2025-03-10 22:30:15 +01:00
vtls.c vtls: fix build with ssl but without http 2025-04-03 11:37:45 +02:00
vtls.h lib: TLS session ticket caching reworked 2024-12-20 14:59:23 +01:00
wolfssl.c build: enable -Wcast-qual, fix or silence compiler warnings 2025-03-10 22:30:15 +01:00
wolfssl.h wolfssl: tls early data support 2025-02-24 10:01:51 +01:00
x509asn1.c build: enable -Wcast-qual, fix or silence compiler warnings 2025-03-10 22:30:15 +01:00
x509asn1.h rustls: add support for CERTINFO 2025-02-25 07:59:39 +01:00