search

stunnel / static-curl

static builds cURL with HTTP3
MIT License
231 stars 29 forks source link

VIA padlock is bugged, please build without it #83

Closed ValdikSS closed 3 months ago

ValdikSS commented 3 months ago

Hello, Please build with no-hw-padlock OpenSSL compilation option, as Padlock is bugged (again). https://github.com/openssl/openssl/issues/24879 https://github.com/curl/curl/issues/14180

travislee89 commented 3 months ago

I can't reproduce this.
I request that my servers are fine.
I tried to access Google and https://cloudflare-quic.com/ also all are fine.

Using curl 8.9.1 arm64 glibc and x86_64 glibc.

curl -v -s -o /dev/null --http3-only <my-domain>
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Connected to my-domain (<ip-address>) port 443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://my-domain/
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: my-domain]
* [HTTP/3] [0] [:path: /]
* [HTTP/3] [0] [user-agent: curl/8.9.1]
* [HTTP/3] [0] [accept: */*]

> GET / HTTP/3
> Host: my-domain
> User-Agent: curl/8.9.1
> Accept: */*
>
* Request completely sent off
< HTTP/3 200

The log on server side:

{
  "host": "my-domain",
  "resp": 200,
  "r_time": 0.002,
  "req": "GET / HTTP/3.0",
  "ssl": "TLSv1.3",
  "cipher": "TLS_AES_256_GCM_SHA384",
  "ua": "curl/8.9.1"
}
ValdikSS commented 3 months ago

@travislee89 what CPU/platform are you testing on?

travislee89 commented 3 months ago

static curl 8.9.1 with glibc, Debian 12

ValdikSS commented 3 months ago

@travislee89 Neither of these is VIA. You don't have Padlock.

travislee89 commented 3 months ago

Oh, I'll change it. You can test it later.

travislee89 commented 3 months ago

Please download curl-binary-linux-8.9.1 and test it.

https://github.com/stunnel/static-curl/actions/runs/10431207982

ValdikSS commented 3 months ago

The build has failed on armv7 architecture with: armv7l-linux-musleabihf-cc: error: unrecognized command-line option '-m64'

and i686 has not been built (my machine is not x86_64 capable).

travislee89 commented 3 months ago

Yeah, I knew it. I'm checking it out.

travislee89 commented 3 months ago

@ValdikSS https://github.com/stunnel/static-curl/actions/runs/10433718926

ValdikSS commented 3 months ago

It works, thanks!