cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH v3] TLS False Start support for NSS

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Mon, 27 Apr 2015 15:55:40 +0200

On Thursday 23 April 2015 16:02:19 Paul Howarth wrote:
> On 23/04/15 15:04, Kamil Dudka wrote:
> > On Thursday 23 April 2015 14:11:25 Paul Howarth wrote:
> >> On 22/04/15 17:42, Kamil Dudka wrote:
> >>> On Wednesday 22 April 2015 13:10:22 Paul Howarth wrote:
> >>>> On 22/04/15 13:03, Kamil Dudka wrote:
> >>>>> If SSL_SetCanFalseStartCallback() is the newest introduced symbol
> >>>>> required
> >>>>> for the TLS False Start feature to work, we can add autoconf check for
> >>>>> the
> >>>>> presence of that symbol in NSS libs, and #ifdef the code based on the
> >>>>> result of that check. That would cover also the case where a
> >>>>> downstream
> >>>>> maintainer cherry-picks the feature to an older version of NSS.
> >>>>
> >>>> Works for me. I'm able to build with the attached patch, which should
> >>>> be
> >>>> adaptable to being an autoconf-based one instead of a version-number
> >>>> based one.
> >>>>
> >>>> Paul.
> >>>
> >>> Thanks for the patch! Do we still need the #ifdef for
> >>> SSL_ENABLE_FALSE_START if the code is already #idef-ed based on the NSS
> >>> version?
> >>
> >> Only the ones within the NSS-version #ifdef (not all are), and only if
> >> NSS upstream does not support building without TLS 1.2 support (I don't
> >> know if this is the case or not).
> >>
> >> Paul.
> >
> > Even if NSS had an option to disable TLS 1.2, I believe it would not hide
> > the define of SSL_LIBRARY_VERSION_TLS_1_2. If TLS 1.2 was not implemented
> > by NSS, it would effectively disable the False Start feature but it should
> > not break the compilation.
> >
> > Paul, could you please try the attached patch whether it works for you?
>
> Builds OK for F-15 (OpenSSL build), F-16 (NSS 3.14.1), F-17 (NSS
> 3.14.3), F-18 (3.15.3), F-19 (NSS 3.17.2) and Rawhide. Looks good!
>
> Paul.

Thank you for checking it, Paul!

I have pushed the patch:

https://github.com/bagder/curl/commit/d4f62f6c

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-04-27

This message: [ Message body ]
Next message: marcel bendler: "curl IMAP mailbox atom special"
Previous message: Daniel Stenberg: "Re: schannel SEC_E_BUFFER_TOO_SMALL"
In reply to: Paul Howarth: "Re: [PATCH v3] TLS False Start support for NSS"
Next in thread: Daniel Stenberg: "Re: [PATCH v3] TLS False Start support for NSS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]