[Daniel's week] Jan 8, 2023
daniel at haxx.se
Mon Jan 9 16:31:37 CET 2023
# Daniel's weekly report
# January 8, 2023
Instead of bumping curl copyright year ranges to show 2023, we decided to
remove the years completely! This means that we have now finally made the last
updates of copyright years in curl source headers and feels like a relief.
A discussion fired up in the curl camp about the future and handling of the
TLS backend called GSKit, primarily used on the systems formerly known as
AS/400 (nowadays called IBM i). We don't have any CI builds for this and when
we break the code it can take a long time until someone notices. Not at good
situation for code that handles security related things for curl.
gskit is now mentioned as deprecated and is subject for removal, but there are
noises being made and there is hope that it will be rescued and brought up to
shape so that we can avoid ripping it out.
The concept of specifying `NO_PROXY` to exclude certain hosts from using a
proxy is not defined by any standard and spec. (Stan Hu wrote [this nice
summary of the
two years ago.)
It was pointed out that curl supports a list of **space**-separated patterns
in addition to the more common **comma**-separated list. Allowing just space
for this is more of an accident and has now been marked as deprecated and the
support of those will be removed... in 18 months. Most implementations agree
that comma is the correct separator.
Stefan's HTTP work has continued and we have worked a bit on the aftermath of
the most recent refactor as a few regression turned up. There is a little more
work needed to get the msh3 HTTP/3 backend back to functionality, but we are
Stefan is working on a huge new test suite for HTTP/2 and HTTP/3 which is
going to help us make sure we can remove the experimental tag from HTTP/3
support later this spring.
As a step towards enabling HTTP/3 support for everyone we have also started to
discuss exactly how users would like to ask for HTTP/3 and how to do fallback
properly in case HTTP/3 doesn't work - as we expect HTTP/3 to not be too
widely supported just yet plus the fact that lots of companies and
organizations actively block UDP and therefore prevents QUIC from working.
We also want to be able to transition into having such options enabled by
default at some future point when HTTP/3 is prevalent to motivate it.
Right now, we aim at doing h3/h2 connections a little happy eyeballs style:
start the h3 attempt a short moment before we start a parallel h2 attempt, and
then we go with the connection that succeeds first.
## Blog posts
- nothing this week
## Coming up
- 10 days until feature freeze
- my last week before a two week vacation
- wolfSSL team meeting
More information about the daniel