mirror of
https://github.com/moparisthebest/curl
synced 2024-11-13 21:15:08 -05:00
cleanup: spell DoH with a lowercase o
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> Closes #7413
This commit is contained in:
parent
b463c10950
commit
de1004eb0f
@ -1,7 +1,7 @@
|
||||
Long: doh-cert-status
|
||||
Help: Verify the status of the DOH server cert via OCSP-staple
|
||||
Help: Verify the status of the DoH server cert via OCSP-staple
|
||||
Protocols: all
|
||||
Added: 7.76.0
|
||||
Category: dns tls
|
||||
---
|
||||
Same as --cert-status but used for DOH (DNS-over-HTTPS).
|
||||
Same as --cert-status but used for DoH (DNS-over-HTTPS).
|
||||
|
@ -1,7 +1,7 @@
|
||||
Long: doh-insecure
|
||||
Help: Allow insecure DOH server connections
|
||||
Help: Allow insecure DoH server connections
|
||||
Protocols: all
|
||||
Added: 7.76.0
|
||||
Category: dns tls
|
||||
---
|
||||
Same as --insecure but used for DOH (DNS-over-HTTPS).
|
||||
Same as --insecure but used for DoH (DNS-over-HTTPS).
|
||||
|
@ -1,14 +1,14 @@
|
||||
Long: doh-url
|
||||
Arg: <URL>
|
||||
Help: Resolve host names over DOH
|
||||
Help: Resolve host names over DoH
|
||||
Protocols: all
|
||||
Added: 7.62.0
|
||||
Category: dns
|
||||
---
|
||||
Specifies which DNS-over-HTTPS (DOH) server to use to resolve hostnames,
|
||||
Specifies which DNS-over-HTTPS (DoH) server to use to resolve hostnames,
|
||||
instead of using the default name resolver mechanism. The URL must be HTTPS.
|
||||
|
||||
Some SSL options that you set for your transfer will apply to DOH since the
|
||||
Some SSL options that you set for your transfer will apply to DoH since the
|
||||
name lookups take place over SSL. However, the certificate verification
|
||||
settings are not inherited and can be controlled separately via
|
||||
--doh-insecure and --doh-cert-status.
|
||||
|
@ -201,7 +201,7 @@ Timeout for DNS cache. See \fICURLOPT_DNS_CACHE_TIMEOUT(3)\fP
|
||||
.IP CURLOPT_DNS_USE_GLOBAL_CACHE
|
||||
OBSOLETE Enable global DNS cache. See \fICURLOPT_DNS_USE_GLOBAL_CACHE(3)\fP
|
||||
.IP CURLOPT_DOH_URL
|
||||
Use this DOH server for name resolves. See \fICURLOPT_DOH_URL(3)\fP
|
||||
Use this DoH server for name resolves. See \fICURLOPT_DOH_URL(3)\fP
|
||||
.IP CURLOPT_BUFFERSIZE
|
||||
Ask for alternate buffer size. See \fICURLOPT_BUFFERSIZE(3)\fP
|
||||
.IP CURLOPT_PORT
|
||||
@ -566,21 +566,21 @@ Proxy SSL version to use. See \fICURLOPT_PROXY_SSLVERSION(3)\fP
|
||||
.IP CURLOPT_SSL_VERIFYHOST
|
||||
Verify the host name in the SSL certificate. See \fICURLOPT_SSL_VERIFYHOST(3)\fP
|
||||
.IP CURLOPT_DOH_SSL_VERIFYHOST
|
||||
Verify the host name in the DOH (DNS-over-HTTPS) SSL certificate. See
|
||||
Verify the host name in the DoH (DNS-over-HTTPS) SSL certificate. See
|
||||
\fICURLOPT_DOH_SSL_VERIFYHOST(3)\fP
|
||||
.IP CURLOPT_PROXY_SSL_VERIFYHOST
|
||||
Verify the host name in the proxy SSL certificate. See \fICURLOPT_PROXY_SSL_VERIFYHOST(3)\fP
|
||||
.IP CURLOPT_SSL_VERIFYPEER
|
||||
Verify the SSL certificate. See \fICURLOPT_SSL_VERIFYPEER(3)\fP
|
||||
.IP CURLOPT_DOH_SSL_VERIFYPEER
|
||||
Verify the DOH (DNS-over-HTTPS) SSL certificate. See
|
||||
Verify the DoH (DNS-over-HTTPS) SSL certificate. See
|
||||
\fICURLOPT_DOH_SSL_VERIFYPEER(3)\fP
|
||||
.IP CURLOPT_PROXY_SSL_VERIFYPEER
|
||||
Verify the proxy SSL certificate. See \fICURLOPT_PROXY_SSL_VERIFYPEER(3)\fP
|
||||
.IP CURLOPT_SSL_VERIFYSTATUS
|
||||
Verify the SSL certificate's status. See \fICURLOPT_SSL_VERIFYSTATUS(3)\fP
|
||||
.IP CURLOPT_DOH_SSL_VERIFYSTATUS
|
||||
Verify the DOH (DNS-over-HTTPS) SSL certificate's status. See
|
||||
Verify the DoH (DNS-over-HTTPS) SSL certificate's status. See
|
||||
\fICURLOPT_DOH_SSL_VERIFYSTATUS(3)\fP
|
||||
.IP CURLOPT_CAINFO
|
||||
CA cert bundle. See \fICURLOPT_CAINFO(3)\fP
|
||||
|
@ -22,25 +22,25 @@
|
||||
.\"
|
||||
.TH CURLOPT_DOH_SSL_VERIFYHOST 3 "11 Feb 2021" "libcurl 7.76.0" "curl_easy_setopt options"
|
||||
.SH NAME
|
||||
CURLOPT_DOH_SSL_VERIFYHOST \- verify the host name in the DOH SSL certificate
|
||||
CURLOPT_DOH_SSL_VERIFYHOST \- verify the host name in the DoH SSL certificate
|
||||
.SH SYNOPSIS
|
||||
#include <curl/curl.h>
|
||||
|
||||
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYHOST, long verify);
|
||||
.SH DESCRIPTION
|
||||
Pass a long set to 2L as asking curl to \fIverify\fP the DOH (DNS-over-HTTPS)
|
||||
Pass a long set to 2L as asking curl to \fIverify\fP the DoH (DNS-over-HTTPS)
|
||||
server's certificate name fields against the host name.
|
||||
|
||||
This option is the DOH equivalent of \fICURLOPT_SSL_VERIFYHOST(3)\fP and
|
||||
only affects requests to the DOH server.
|
||||
This option is the DoH equivalent of \fICURLOPT_SSL_VERIFYHOST(3)\fP and
|
||||
only affects requests to the DoH server.
|
||||
|
||||
When \fICURLOPT_DOH_SSL_VERIFYHOST(3)\fP is 2, the SSL certificate provided by
|
||||
the DOH server must indicate that the server name is the same as the server
|
||||
the DoH server must indicate that the server name is the same as the server
|
||||
name to which you meant to connect to, or the connection fails.
|
||||
|
||||
Curl considers the DOH server the intended one when the Common Name field or a
|
||||
Curl considers the DoH server the intended one when the Common Name field or a
|
||||
Subject Alternate Name field in the certificate matches the host name in the
|
||||
DOH URL to which you told Curl to connect.
|
||||
DoH URL to which you told Curl to connect.
|
||||
|
||||
When the \fIverify\fP value is set to 1L it is treated the same as 2L. However
|
||||
for consistency with the other VERIFYHOST options we suggest use 2 and not 1.
|
||||
@ -49,14 +49,14 @@ When the \fIverify\fP value is set to 0L, the connection succeeds regardless of
|
||||
the names used in the certificate. Use that ability with caution!
|
||||
|
||||
See also \fICURLOPT_DOH_SSL_VERIFYPEER(3)\fP to verify the digital signature
|
||||
of the DOH server certificate. If libcurl is built against NSS and
|
||||
of the DoH server certificate. If libcurl is built against NSS and
|
||||
\fICURLOPT_DOH_SSL_VERIFYPEER(3)\fP is zero,
|
||||
\fICURLOPT_DOH_SSL_VERIFYHOST(3)\fP is also set to zero and cannot be
|
||||
overridden.
|
||||
.SH DEFAULT
|
||||
2
|
||||
.SH PROTOCOLS
|
||||
DOH
|
||||
DoH
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
CURL *curl = curl_easy_init();
|
||||
@ -65,7 +65,7 @@ if(curl) {
|
||||
|
||||
curl_easy_setopt(curl, CURLOPT_DOH_URL, "https://cloudflare-dns.com/dns-query");
|
||||
|
||||
/* Disable host name verification of the DOH server */
|
||||
/* Disable host name verification of the DoH server */
|
||||
curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYHOST, 0L);
|
||||
|
||||
curl_easy_perform(curl);
|
||||
|
@ -22,7 +22,7 @@
|
||||
.\"
|
||||
.TH CURLOPT_DOH_SSL_VERIFYPEER 3 "11 Feb 2021" "libcurl 7.76.0" "curl_easy_setopt options"
|
||||
.SH NAME
|
||||
CURLOPT_DOH_SSL_VERIFYPEER \- verify the DOH SSL certificate
|
||||
CURLOPT_DOH_SSL_VERIFYPEER \- verify the DoH SSL certificate
|
||||
.SH SYNOPSIS
|
||||
#include <curl/curl.h>
|
||||
|
||||
@ -30,12 +30,12 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYPEER, long verify)
|
||||
.SH DESCRIPTION
|
||||
Pass a long as parameter set to 1L to enable or 0L to disable.
|
||||
|
||||
This option tells curl to verify the authenticity of the DOH (DNS-over-HTTPS)
|
||||
This option tells curl to verify the authenticity of the DoH (DNS-over-HTTPS)
|
||||
server's certificate. A value of 1 means curl verifies; 0 (zero) means it
|
||||
doesn't.
|
||||
|
||||
This option is the DOH equivalent of \fICURLOPT_SSL_VERIFYPEER(3)\fP and
|
||||
only affects requests to the DOH server.
|
||||
This option is the DoH equivalent of \fICURLOPT_SSL_VERIFYPEER(3)\fP and
|
||||
only affects requests to the DoH server.
|
||||
|
||||
When negotiating a TLS or SSL connection, the server sends a certificate
|
||||
indicating its identity. Curl verifies whether the certificate is authentic,
|
||||
@ -65,7 +65,7 @@ the correct end-point.
|
||||
.SH DEFAULT
|
||||
1
|
||||
.SH PROTOCOLS
|
||||
DOH
|
||||
DoH
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
CURL *curl = curl_easy_init();
|
||||
@ -74,7 +74,7 @@ if(curl) {
|
||||
|
||||
curl_easy_setopt(curl, CURLOPT_DOH_URL, "https://cloudflare-dns.com/dns-query");
|
||||
|
||||
/* Disable certificate verification of the DOH server */
|
||||
/* Disable certificate verification of the DoH server */
|
||||
curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYPEER, 0L);
|
||||
|
||||
curl_easy_perform(curl);
|
||||
|
@ -22,7 +22,7 @@
|
||||
.\"
|
||||
.TH CURLOPT_DOH_SSL_VERIFYSTATUS 3 "11 Feb 2021" "libcurl 7.76.0" "curl_easy_setopt options"
|
||||
.SH NAME
|
||||
CURLOPT_DOH_SSL_VERIFYSTATUS \- verify the DOH SSL certificate's status
|
||||
CURLOPT_DOH_SSL_VERIFYSTATUS \- verify the DoH SSL certificate's status
|
||||
.SH SYNOPSIS
|
||||
#include <curl/curl.h>
|
||||
|
||||
@ -30,19 +30,19 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_SSL_VERIFYSTATUS, long verif
|
||||
.SH DESCRIPTION
|
||||
Pass a long as parameter set to 1 to enable or 0 to disable.
|
||||
|
||||
This option determines whether libcurl verifies the status of the DOH
|
||||
This option determines whether libcurl verifies the status of the DoH
|
||||
(DNS-over-HTTPS) server cert using the "Certificate Status Request" TLS
|
||||
extension (aka. OCSP stapling).
|
||||
|
||||
This option is the DOH equivalent of \fICURLOPT_SSL_VERIFYSTATUS(3)\fP and
|
||||
only affects requests to the DOH server.
|
||||
This option is the DoH equivalent of \fICURLOPT_SSL_VERIFYSTATUS(3)\fP and
|
||||
only affects requests to the DoH server.
|
||||
|
||||
Note that if this option is enabled but the server does not support the TLS
|
||||
extension, the verification will fail.
|
||||
.SH DEFAULT
|
||||
0
|
||||
.SH PROTOCOLS
|
||||
DOH
|
||||
DoH
|
||||
.SH EXAMPLE
|
||||
.nf
|
||||
CURL *curl = curl_easy_init();
|
||||
@ -51,7 +51,7 @@ if(curl) {
|
||||
|
||||
curl_easy_setopt(curl, CURLOPT_DOH_URL, "https://cloudflare-dns.com/dns-query");
|
||||
|
||||
/* Ask for OCSP stapling when verifying the DOH server */
|
||||
/* Ask for OCSP stapling when verifying the DoH server */
|
||||
curl_easy_setopt(curl, CURLOPT_DOH_SSL_VERIFYSTATUS, 1L);
|
||||
|
||||
curl_easy_perform(curl);
|
||||
|
@ -28,7 +28,7 @@ CURLOPT_DOH_URL \- provide the DNS-over-HTTPS URL
|
||||
|
||||
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_DOH_URL, char *URL);
|
||||
.SH DESCRIPTION
|
||||
Pass in a pointer to a \fIURL\fP for the DOH server to use for name
|
||||
Pass in a pointer to a \fIURL\fP for the DoH server to use for name
|
||||
resolving. The parameter should be a char * to a null-terminated string which
|
||||
must be URL-encoded in the following format: "https://host:port/path". It MUST
|
||||
specify a HTTPS URL.
|
||||
@ -39,19 +39,19 @@ still return \fICURLE_OK\fP.
|
||||
|
||||
curl sends POST requests to the given DNS-over-HTTPS URL.
|
||||
|
||||
To find the DOH server itself, which might be specified using a name, libcurl
|
||||
To find the DoH server itself, which might be specified using a name, libcurl
|
||||
will use the default name lookup function. You can bootstrap that by providing
|
||||
the address for the DOH server with \fICURLOPT_RESOLVE(3)\fP.
|
||||
the address for the DoH server with \fICURLOPT_RESOLVE(3)\fP.
|
||||
|
||||
Disable DOH use again by setting this option to NULL.
|
||||
Disable DoH use again by setting this option to NULL.
|
||||
|
||||
\fBAdvanced:\fP The DOH lookups use SSL so some SSL settings from your transfer
|
||||
\fBAdvanced:\fP The DoH lookups use SSL so some SSL settings from your transfer
|
||||
are inherited. The hostname and peer certificate verification settings are not
|
||||
inherited and can be controlled separately via
|
||||
\fICURLOPT_DOH_SSL_VERIFYHOST(3)\fP and \fICURLOPT_DOH_SSL_VERIFYPEER(3)\fP.
|
||||
Note \fICURLOPT_SSL_CTX_FUNCTION(3)\fP is inherited.
|
||||
.SH DEFAULT
|
||||
NULL - there is no default DOH URL. If this option isn't set, libcurl will use
|
||||
NULL - there is no default DoH URL. If this option isn't set, libcurl will use
|
||||
the default name resolver.
|
||||
.SH PROTOCOLS
|
||||
All
|
||||
@ -71,7 +71,7 @@ Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient
|
||||
heap space.
|
||||
|
||||
Note that \fIcurl_easy_setopt(3)\fP won't actually parse the given string so
|
||||
given a bad DOH URL, curl will not detect a problem until it tries to resolve
|
||||
given a bad DoH URL, curl will not detect a problem until it tries to resolve
|
||||
a name with it.
|
||||
.SH "SEE ALSO"
|
||||
.BR CURLOPT_VERBOSE "(3), " CURLOPT_RESOLVE "(3), "
|
||||
|
@ -63,12 +63,12 @@ knowing anything about it, which then subsequently can lead to libcurl
|
||||
unknowingly reusing SSL connections with different properties. To remedy this
|
||||
you may set \fICURLOPT_FORBID_REUSE(3)\fP from the callback function.
|
||||
|
||||
WARNING: If you are using DNS-over-HTTPS (DOH) via \fICURLOPT_DOH_URL(3)\fP
|
||||
WARNING: If you are using DNS-over-HTTPS (DoH) via \fICURLOPT_DOH_URL(3)\fP
|
||||
then the CTX callback will also be called for those transfers and the curl
|
||||
handle is set to an internal handle. \fBThis behavior is subject to change.\fP
|
||||
We recommend before performing your transfer set \fICURLOPT_PRIVATE(3)\fP on
|
||||
your curl handle so you can identify it in the CTX callback. If you have a
|
||||
reason to modify DOH SSL context please let us know on the curl-library mailing
|
||||
reason to modify DoH SSL context please let us know on the curl-library mailing
|
||||
list because we are considering removing this capability.
|
||||
.SH DEFAULT
|
||||
NULL
|
||||
|
@ -2088,13 +2088,13 @@ typedef enum {
|
||||
/* Parameters for V4 signature */
|
||||
CURLOPT(CURLOPT_AWS_SIGV4, CURLOPTTYPE_STRINGPOINT, 305),
|
||||
|
||||
/* Same as CURLOPT_SSL_VERIFYPEER but for DOH (DNS-over-HTTPS) servers. */
|
||||
/* Same as CURLOPT_SSL_VERIFYPEER but for DoH (DNS-over-HTTPS) servers. */
|
||||
CURLOPT(CURLOPT_DOH_SSL_VERIFYPEER, CURLOPTTYPE_LONG, 306),
|
||||
|
||||
/* Same as CURLOPT_SSL_VERIFYHOST but for DOH (DNS-over-HTTPS) servers. */
|
||||
/* Same as CURLOPT_SSL_VERIFYHOST but for DoH (DNS-over-HTTPS) servers. */
|
||||
CURLOPT(CURLOPT_DOH_SSL_VERIFYHOST, CURLOPTTYPE_LONG, 307),
|
||||
|
||||
/* Same as CURLOPT_SSL_VERIFYSTATUS but for DOH (DNS-over-HTTPS) servers. */
|
||||
/* Same as CURLOPT_SSL_VERIFYSTATUS but for DoH (DNS-over-HTTPS) servers. */
|
||||
CURLOPT(CURLOPT_DOH_SSL_VERIFYSTATUS, CURLOPTTYPE_LONG, 308),
|
||||
|
||||
/* The CA certificates as "blob" used to validate the peer certificate
|
||||
|
40
lib/doh.c
40
lib/doh.c
@ -186,19 +186,19 @@ doh_write_cb(const void *contents, size_t size, size_t nmemb, void *userp)
|
||||
return realsize;
|
||||
}
|
||||
|
||||
/* called from multi.c when this DOH transfer is complete */
|
||||
/* called from multi.c when this DoH transfer is complete */
|
||||
static int doh_done(struct Curl_easy *doh, CURLcode result)
|
||||
{
|
||||
struct Curl_easy *data = doh->set.dohfor;
|
||||
struct dohdata *dohp = data->req.doh;
|
||||
/* so one of the DOH request done for the 'data' transfer is now complete! */
|
||||
/* so one of the DoH request done for the 'data' transfer is now complete! */
|
||||
dohp->pending--;
|
||||
infof(data, "a DOH request is completed, %u to go", dohp->pending);
|
||||
infof(data, "a DoH request is completed, %u to go", dohp->pending);
|
||||
if(result)
|
||||
infof(data, "DOH request %s", curl_easy_strerror(result));
|
||||
infof(data, "DoH request %s", curl_easy_strerror(result));
|
||||
|
||||
if(!dohp->pending) {
|
||||
/* DOH completed */
|
||||
/* DoH completed */
|
||||
curl_slist_free_all(dohp->headers);
|
||||
dohp->headers = NULL;
|
||||
Curl_expire(data, 0, EXPIRE_RUN_NOW);
|
||||
@ -228,7 +228,7 @@ static CURLcode dohprobe(struct Curl_easy *data,
|
||||
DOHcode d = doh_encode(host, dnstype, p->dohbuffer, sizeof(p->dohbuffer),
|
||||
&p->dohlen);
|
||||
if(d) {
|
||||
failf(data, "Failed to encode DOH packet [%d]", d);
|
||||
failf(data, "Failed to encode DoH packet [%d]", d);
|
||||
return CURLE_OUT_OF_MEMORY;
|
||||
}
|
||||
|
||||
@ -302,7 +302,7 @@ static CURLcode dohprobe(struct Curl_easy *data,
|
||||
/* Inherit *some* SSL options from the user's transfer. This is a
|
||||
best-guess as to which options are needed for compatibility. #3661
|
||||
|
||||
Note DOH does not inherit the user's proxy server so proxy SSL settings
|
||||
Note DoH does not inherit the user's proxy server so proxy SSL settings
|
||||
have no effect and are not inherited. If that changes then two new
|
||||
options should be added to check doh proxy insecure separately,
|
||||
CURLOPT_DOH_PROXY_SSL_VERIFYHOST and CURLOPT_DOH_PROXY_SSL_VERIFYPEER.
|
||||
@ -366,8 +366,8 @@ static CURLcode dohprobe(struct Curl_easy *data,
|
||||
doh->set.dohfor = data; /* identify for which transfer this is done */
|
||||
p->easy = doh;
|
||||
|
||||
/* DOH private_data must be null because the user must have a way to
|
||||
distinguish their transfer's handle from DOH handles in user
|
||||
/* DoH private_data must be null because the user must have a way to
|
||||
distinguish their transfer's handle from DoH handles in user
|
||||
callbacks (ie SSL CTX callback). */
|
||||
DEBUGASSERT(!doh->set.private_data);
|
||||
|
||||
@ -386,7 +386,7 @@ static CURLcode dohprobe(struct Curl_easy *data,
|
||||
}
|
||||
|
||||
/*
|
||||
* Curl_doh() resolves a name using DOH. It resolves a name and returns a
|
||||
* Curl_doh() resolves a name using DoH. It resolves a name and returns a
|
||||
* 'Curl_addrinfo *' with the address information.
|
||||
*/
|
||||
|
||||
@ -420,7 +420,7 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data,
|
||||
if(!dohp->headers)
|
||||
goto error;
|
||||
|
||||
/* create IPv4 DOH request */
|
||||
/* create IPv4 DoH request */
|
||||
result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V4],
|
||||
DNS_TYPE_A, hostname, data->set.str[STRING_DOH],
|
||||
data->multi, dohp->headers);
|
||||
@ -429,7 +429,7 @@ struct Curl_addrinfo *Curl_doh(struct Curl_easy *data,
|
||||
dohp->pending++;
|
||||
|
||||
if(Curl_ipv6works(data)) {
|
||||
/* create IPv6 DOH request */
|
||||
/* create IPv6 DoH request */
|
||||
result = dohprobe(data, &dohp->probe[DOH_PROBE_SLOT_IPADDR_V6],
|
||||
DNS_TYPE_AAAA, hostname, data->set.str[STRING_DOH],
|
||||
data->multi, dohp->headers);
|
||||
@ -768,7 +768,7 @@ static void showdoh(struct Curl_easy *data,
|
||||
for(i = 0; i < d->numaddr; i++) {
|
||||
const struct dohaddr *a = &d->addr[i];
|
||||
if(a->type == DNS_TYPE_A) {
|
||||
infof(data, "DOH A: %u.%u.%u.%u",
|
||||
infof(data, "DoH A: %u.%u.%u.%u",
|
||||
a->ip.v4[0], a->ip.v4[1],
|
||||
a->ip.v4[2], a->ip.v4[3]);
|
||||
}
|
||||
@ -777,7 +777,7 @@ static void showdoh(struct Curl_easy *data,
|
||||
char buffer[128];
|
||||
char *ptr;
|
||||
size_t len;
|
||||
msnprintf(buffer, 128, "DOH AAAA: ");
|
||||
msnprintf(buffer, 128, "DoH AAAA: ");
|
||||
ptr = &buffer[10];
|
||||
len = 118;
|
||||
for(j = 0; j < 16; j += 2) {
|
||||
@ -803,7 +803,7 @@ static void showdoh(struct Curl_easy *data,
|
||||
* doh2ai()
|
||||
*
|
||||
* This function returns a pointer to the first element of a newly allocated
|
||||
* Curl_addrinfo struct linked list filled with the data from a set of DOH
|
||||
* Curl_addrinfo struct linked list filled with the data from a set of DoH
|
||||
* lookups. Curl_addrinfo is meant to work like the addrinfo struct does for
|
||||
* a IPv6 stack, but usable also for IPv4, all hosts and environments.
|
||||
*
|
||||
@ -931,7 +931,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data,
|
||||
|
||||
if(!dohp->probe[DOH_PROBE_SLOT_IPADDR_V4].easy &&
|
||||
!dohp->probe[DOH_PROBE_SLOT_IPADDR_V6].easy) {
|
||||
failf(data, "Could not DOH-resolve: %s", data->state.async.hostname);
|
||||
failf(data, "Could not DoH-resolve: %s", data->state.async.hostname);
|
||||
return data->conn->bits.proxy?CURLE_COULDNT_RESOLVE_PROXY:
|
||||
CURLE_COULDNT_RESOLVE_HOST;
|
||||
}
|
||||
@ -941,7 +941,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data,
|
||||
};
|
||||
struct dohentry de;
|
||||
int slot;
|
||||
/* remove DOH handles from multi handle and close them */
|
||||
/* remove DoH handles from multi handle and close them */
|
||||
for(slot = 0; slot < DOH_PROBE_SLOTS; slot++) {
|
||||
curl_multi_remove_handle(data->multi, dohp->probe[slot].easy);
|
||||
Curl_close(&dohp->probe[slot].easy);
|
||||
@ -958,7 +958,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data,
|
||||
&de);
|
||||
Curl_dyn_free(&p->serverdoh);
|
||||
if(rc[slot]) {
|
||||
infof(data, "DOH: %s type %s for %s", doh_strerror(rc[slot]),
|
||||
infof(data, "DoH: %s type %s for %s", doh_strerror(rc[slot]),
|
||||
type2name(p->dnstype), dohp->host);
|
||||
}
|
||||
} /* next slot */
|
||||
@ -969,7 +969,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data,
|
||||
struct Curl_dns_entry *dns;
|
||||
struct Curl_addrinfo *ai;
|
||||
|
||||
infof(data, "DOH Host name: %s", dohp->host);
|
||||
infof(data, "DoH Host name: %s", dohp->host);
|
||||
showdoh(data, &de);
|
||||
|
||||
ai = doh2ai(&de, dohp->host, dohp->port);
|
||||
@ -1007,7 +1007,7 @@ CURLcode Curl_doh_is_resolved(struct Curl_easy *data,
|
||||
|
||||
} /* !dohp->pending */
|
||||
|
||||
/* else wait for pending DOH transactions to complete */
|
||||
/* else wait for pending DoH transactions to complete */
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
|
@ -101,7 +101,7 @@ void de_init(struct dohentry *d);
|
||||
void de_cleanup(struct dohentry *d);
|
||||
#endif
|
||||
|
||||
#else /* if DOH is disabled */
|
||||
#else /* if DoH is disabled */
|
||||
#define Curl_doh(a,b,c,d) NULL
|
||||
#define Curl_doh_is_resolved(x,y) CURLE_COULDNT_RESOLVE_HOST
|
||||
#endif
|
||||
|
@ -1190,7 +1190,7 @@ int Curl_resolv_getsock(struct Curl_easy *data,
|
||||
{
|
||||
#ifdef CURLRES_ASYNCH
|
||||
if(data->conn->bits.doh)
|
||||
/* nothing to wait for during DOH resolve, those handles have their own
|
||||
/* nothing to wait for during DoH resolve, those handles have their own
|
||||
sockets */
|
||||
return GETSOCK_BLANK;
|
||||
return Curl_resolver_getsock(data, socks);
|
||||
|
@ -1872,7 +1872,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
|
||||
break;
|
||||
case CURLOPT_DOH_SSL_VERIFYPEER:
|
||||
/*
|
||||
* Enable peer SSL verifying for DOH.
|
||||
* Enable peer SSL verifying for DoH.
|
||||
*/
|
||||
data->set.doh_verifypeer = (0 != va_arg(param, long)) ?
|
||||
TRUE : FALSE;
|
||||
@ -1911,7 +1911,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
|
||||
break;
|
||||
case CURLOPT_DOH_SSL_VERIFYHOST:
|
||||
/*
|
||||
* Enable verification of the host name in the peer certificate for DOH
|
||||
* Enable verification of the host name in the peer certificate for DoH
|
||||
*/
|
||||
arg = va_arg(param, long);
|
||||
|
||||
@ -1955,7 +1955,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
|
||||
break;
|
||||
case CURLOPT_DOH_SSL_VERIFYSTATUS:
|
||||
/*
|
||||
* Enable certificate status verifying for DOH.
|
||||
* Enable certificate status verifying for DoH.
|
||||
*/
|
||||
if(!Curl_ssl_cert_status_request()) {
|
||||
result = CURLE_NOT_BUILT_IN;
|
||||
|
@ -1848,9 +1848,9 @@ struct UserDefined {
|
||||
BIT(disallow_username_in_url); /* disallow username in url */
|
||||
BIT(doh); /* DNS-over-HTTPS enabled */
|
||||
BIT(doh_get); /* use GET for DoH requests, instead of POST */
|
||||
BIT(doh_verifypeer); /* DOH certificate peer verification */
|
||||
BIT(doh_verifyhost); /* DOH certificate hostname verification */
|
||||
BIT(doh_verifystatus); /* DOH certificate status verification */
|
||||
BIT(doh_verifypeer); /* DoH certificate peer verification */
|
||||
BIT(doh_verifyhost); /* DoH certificate hostname verification */
|
||||
BIT(doh_verifystatus); /* DoH certificate status verification */
|
||||
BIT(http09_allowed); /* allow HTTP/0.9 responses */
|
||||
BIT(mail_rcpt_allowfails); /* allow RCPT TO command to fail for some
|
||||
recipients */
|
||||
|
@ -174,7 +174,7 @@ struct OperationConfig {
|
||||
bool use_httpget;
|
||||
bool insecure_ok; /* set TRUE to allow insecure SSL connects */
|
||||
bool doh_insecure_ok; /* set TRUE to allow insecure SSL connects
|
||||
for DOH */
|
||||
for DoH */
|
||||
bool proxy_insecure_ok; /* set TRUE to allow insecure SSL connects
|
||||
for proxy */
|
||||
bool terminal_binary_ok;
|
||||
|
@ -245,13 +245,13 @@ static const struct helptxt helptext[] = {
|
||||
"DNS server addrs to use",
|
||||
CURLHELP_DNS},
|
||||
{" --doh-cert-status",
|
||||
"Verify the status of the DOH server cert via OCSP-staple",
|
||||
"Verify the status of the DoH server cert via OCSP-staple",
|
||||
CURLHELP_DNS | CURLHELP_TLS},
|
||||
{" --doh-insecure",
|
||||
"Allow insecure DOH server connections",
|
||||
"Allow insecure DoH server connections",
|
||||
CURLHELP_DNS | CURLHELP_TLS},
|
||||
{" --doh-url <URL>",
|
||||
"Resolve host names over DOH",
|
||||
"Resolve host names over DoH",
|
||||
CURLHELP_DNS},
|
||||
{"-D, --dump-header <filename>",
|
||||
"Write the received headers to <filename>",
|
||||
|
@ -11,7 +11,7 @@ DOH
|
||||
# Server-side
|
||||
<reply>
|
||||
|
||||
# This is the DOH response for foo.example.com A 127.0.0.1. This requires that
|
||||
# This is the DoH response for foo.example.com A 127.0.0.1. This requires that
|
||||
# the test server is accessible at that address!
|
||||
|
||||
<data1 base64="yes">
|
||||
@ -43,7 +43,7 @@ Funny-head: yesyes
|
||||
http
|
||||
</server>
|
||||
|
||||
# requires debug so that it can use the DOH server without https
|
||||
# requires debug so that it can use the DoH server without https
|
||||
# requires IPv6 so that we can assume and compare both DoH requests
|
||||
|
||||
<features>
|
||||
@ -52,7 +52,7 @@ DoH
|
||||
ipv6
|
||||
</features>
|
||||
<name>
|
||||
HTTP GET using DOH
|
||||
HTTP GET using DoH
|
||||
</name>
|
||||
<command>
|
||||
http://foo.example.com:%HTTPPORT/%TESTNUMBER --doh-url http://%HOSTIP:%HTTPPORT/%TESTNUMBER0001
|
||||
|
Loading…
Reference in New Issue
Block a user