1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

url: add CURLOPT_SSL_FALSESTART option

This option can be used to enable/disable TLS False Start defined in the RFC
draft-bmoeller-tls-falsestart.
This commit is contained in:
Alessandro Ghedini 2015-02-14 16:57:07 +01:00 committed by Kamil Dudka
parent a332922a52
commit 4dcd25e138
9 changed files with 87 additions and 5 deletions

View File

@ -436,6 +436,8 @@ Enable use of NPN. See \fICURLOPT_SSL_ENABLE_NPN(3)\fP
Use identifier with SSL engine. See \fICURLOPT_SSLENGINE(3)\fP
.IP CURLOPT_SSLENGINE_DEFAULT
Default SSL engine. See \fICURLOPT_SSLENGINE_DEFAULT(3)\fP
.IP CURLOPT_SSL_FALSESTART
Enable TLS False Start. See \fICURLOPT_SSL_FALSESTART(3)\fP
.IP CURLOPT_SSLVERSION
SSL version to use. See \fICURLOPT_SSLVERSION(3)\fP
.IP CURLOPT_SSL_VERIFYHOST

View File

@ -0,0 +1,48 @@
.\" **************************************************************************
.\" * _ _ ____ _
.\" * Project ___| | | | _ \| |
.\" * / __| | | | |_) | |
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
.\" * are also available at http://curl.haxx.se/docs/copyright.html.
.\" *
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
.\" * copies of the Software, and permit persons to whom the Software is
.\" * furnished to do so, under the terms of the COPYING file.
.\" *
.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
.\" * KIND, either express or implied.
.\" *
.\" **************************************************************************
.\"
.TH CURLOPT_SSL_FALSESTART 3 "14 Feb 2015" "libcurl 7.41.0" "curl_easy_setopt options"
.SH NAME
CURLOPT_SSL_FALSESTART \- enable TLS false start
.SH SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_FALSESTART, long enable);
.SH DESCRIPTION
Pass a long as parameter set to 1 to enable or 0 to disable.
This option determines whether libcurl should use false start during the TLS
handshake. False start is a mode where a TLS client will start sending
application data before verifying the server's Finished message, thus saving a
round trip when performing a full handshake.
.SH DEFAULT
0
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY
Added in 7.42.0. This option is currently only supported by the NSS TLS
backend.
.SH RETURN VALUE
Returns CURLE_OK if false start is supported by the SSL backend, otherwise
returns CURLE_NOT_BUILT_IN.

View File

@ -90,7 +90,8 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3 \
CURLOPT_SSLCERT.3 CURLOPT_SSLCERTTYPE.3 CURLOPT_SSL_CIPHER_LIST.3 \
CURLOPT_SSL_CTX_DATA.3 CURLOPT_SSL_CTX_FUNCTION.3 \
CURLOPT_SSL_ENABLE_ALPN.3 CURLOPT_SSL_ENABLE_NPN.3 CURLOPT_SSLENGINE.3 \
CURLOPT_SSLENGINE_DEFAULT.3 CURLOPT_SSLKEY.3 CURLOPT_SSLKEYTYPE.3 \
CURLOPT_SSLENGINE_DEFAULT.3 CURLOPT_SSL_FALSESTART.3 \
CURLOPT_SSLKEY.3 CURLOPT_SSLKEYTYPE.3 \
CURLOPT_SSL_OPTIONS.3 CURLOPT_SSL_SESSIONID_CACHE.3 \
CURLOPT_SSL_VERIFYHOST.3 CURLOPT_SSL_VERIFYPEER.3 \
CURLOPT_SSL_VERIFYSTATUS.3 CURLOPT_SSLVERSION.3 CURLOPT_STDERR.3 \
@ -193,8 +194,8 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html \
CURLOPT_SSL_CIPHER_LIST.html CURLOPT_SSL_CTX_DATA.html \
CURLOPT_SSL_CTX_FUNCTION.html CURLOPT_SSL_ENABLE_ALPN.html \
CURLOPT_SSL_ENABLE_NPN.html CURLOPT_SSLENGINE.html \
CURLOPT_SSLENGINE_DEFAULT.html CURLOPT_SSLKEY.html \
CURLOPT_SSLKEYTYPE.html CURLOPT_SSL_OPTIONS.html \
CURLOPT_SSLENGINE_DEFAULT.html CURLOPT_SSL_FALSESTART.html \
CURLOPT_SSLKEY.html CURLOPT_SSLKEYTYPE.html CURLOPT_SSL_OPTIONS.html \
CURLOPT_SSL_SESSIONID_CACHE.html CURLOPT_SSL_VERIFYHOST.html \
CURLOPT_SSL_VERIFYPEER.html CURLOPT_SSL_VERIFYSTATUS.html \
CURLOPT_SSLVERSION.html CURLOPT_STDERR.html CURLOPT_TCP_KEEPALIVE.html \
@ -296,8 +297,8 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf \
CURLOPT_SSL_CIPHER_LIST.pdf CURLOPT_SSL_CTX_DATA.pdf \
CURLOPT_SSL_CTX_FUNCTION.pdf CURLOPT_SSL_ENABLE_ALPN.pdf \
CURLOPT_SSL_ENABLE_NPN.pdf CURLOPT_SSLENGINE.pdf \
CURLOPT_SSLENGINE_DEFAULT.pdf CURLOPT_SSLKEY.pdf \
CURLOPT_SSLKEYTYPE.pdf CURLOPT_SSL_OPTIONS.pdf \
CURLOPT_SSLENGINE_DEFAULT.pdf CURLOPT_SSL_FALSESTART.pdf \
CURLOPT_SSLKEY.pdf CURLOPT_SSLKEYTYPE.pdf CURLOPT_SSL_OPTIONS.pdf \
CURLOPT_SSL_SESSIONID_CACHE.pdf CURLOPT_SSL_VERIFYHOST.pdf \
CURLOPT_SSL_VERIFYPEER.pdf CURLOPT_SSL_VERIFYSTATUS.pdf \
CURLOPT_SSLVERSION.pdf CURLOPT_STDERR.pdf CURLOPT_TCP_KEEPALIVE.pdf \

View File

@ -510,6 +510,7 @@ CURLOPT_SSL_CTX_DATA 7.10.6
CURLOPT_SSL_CTX_FUNCTION 7.10.6
CURLOPT_SSL_ENABLE_ALPN 7.36.0
CURLOPT_SSL_ENABLE_NPN 7.36.0
CURLOPT_SSL_FALSESTART 7.42.0
CURLOPT_SSL_OPTIONS 7.25.0
CURLOPT_SSL_SESSIONID_CACHE 7.16.0
CURLOPT_SSL_VERIFYHOST 7.8.1

View File

@ -1626,6 +1626,9 @@ typedef enum {
/* Set if we should verify the certificate status. */
CINIT(SSL_VERIFYSTATUS, LONG, 232),
/* Set if we should enable TLS false start. */
CINIT(SSL_FALSESTART, LONG, 233),
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;

View File

@ -2027,6 +2027,17 @@ CURLcode Curl_setopt(struct SessionHandle *data, CURLoption option,
result = CURLE_NOT_BUILT_IN;
#endif
break;
case CURLOPT_SSL_FALSESTART:
/*
* Enable TLS false start.
*/
if(!Curl_ssl_false_start()) {
result = CURLE_NOT_BUILT_IN;
break;
}
data->set.ssl.falsestart = (0 != va_arg(param, long))?TRUE:FALSE;
break;
case CURLOPT_CERTINFO:
#ifdef have_curlssl_certinfo
data->set.ssl.certinfo = (0 != va_arg(param, long))?TRUE:FALSE;

View File

@ -351,6 +351,7 @@ struct ssl_config_data {
void *fsslctxp; /* parameter for call back */
bool sessionid; /* cache session IDs or not */
bool certinfo; /* gather lots of certificate info */
bool falsestart;
#ifdef USE_TLS_SRP
char *username; /* TLS username (for, e.g., SRP) */

View File

@ -857,4 +857,16 @@ bool Curl_ssl_cert_status_request(void)
#endif
}
/*
* Check whether the SSL backend supports false start.
*/
bool Curl_ssl_false_start(void)
{
#ifdef curlssl_false_start
return curlssl_false_start();
#else
return FALSE;
#endif
}
#endif /* USE_SSL */

View File

@ -118,6 +118,8 @@ CURLcode Curl_pin_peer_pubkey(const char *pinnedpubkey,
bool Curl_ssl_cert_status_request(void);
bool Curl_ssl_false_start(void);
#define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
#else
@ -145,6 +147,7 @@ bool Curl_ssl_cert_status_request(void);
#define Curl_ssl_kill_session(x) Curl_nop_stmt
#define Curl_ssl_random(x,y,z) ((void)x, CURLE_NOT_BUILT_IN)
#define Curl_ssl_cert_status_request() FALSE
#define Curl_ssl_false_start() FALSE
#endif
#endif /* HEADER_CURL_VTLS_H */