[Daniel's week] April 11, 2025

Fri Apr 11 16:35:47 CEST 2025

Hello,

Another week ends. Another email is sent.

## no regressions

This week we can happily conclude that we had no - serious enough -
regressions reported against 8.13.0 to make us to a .1 release. This is a
rather positive break from our recent tradition. A large part thanks to the
great friends who helped out and took our release candidates on test drives
and reporting problems.

## HTTPS-RR

I found myself with some sudden extra spare time over the weekend and what do
someone like me do then? I decided to write a new set of unit tests for
libcurl's HTTPS-RR parser [5]. With this in place I feel much more sure of the
quality and its functionality.

Another piece in the HTTPS-RR testing equation is to create a test DNS server
that we can inject into the test setup to feed good and bad responses to
libcurl to make sure it behaves appropriately. A test DNS server can also be
used for verifying normal name resolving code paths. Unfortunately, it is
quite tricky to make the regular getaddrinfo() calls use a custom DNS server.
When built to use c-ares, it is easy.

There are ways to fool getaddrinfo() into using a specific IP address, like
with LD_PRELOAD or bwrap/container tricks to make it load another config file,
but making it use something else than port 53 is next-level challenging. I
will simply leave out getaddrinfo()-using builds from this testing for now.

The DNS test server work [4] is still ongoing but I have laid the groundworks for
it and I can run local tests using hostnames that get resolved using this
server.

## socketpair

This week we merged a PR [6] into curl that makes it possible for it to use
pipe2() instead of pipe() on systems where it is available. It made be reflect
back on the evolution of the "socketpair" module in curl and the journey we
have had over various different IPC mechanisms:

Inter-thread communication from the libcurl name resolver thread

1. let's use socketpair() to signal "complete"
2. wait, implement a clone for Windows since it lacks socketpair
3. oops, it fails on iOS, use pipe() there
4. eh, use pipe() everwhere where it exists
5. hold on, eventfd() is better on 64-bit CPUs
6. wrong, eventfd can actually be used on all CPUs
7. hold my beer, there's a pipe2() to use for some platforms
8. to be continued

## write C for curl

I blogged about how we write C in curl [1]. A fun reaction to this post was
this follow-up video [2] from a popular YouTuber which already has more views
than any single video I ever did...

## former MVP

I finally got the confirmation that I am now officially a *former* Microsoft
MVP [3] and they in fact emphasize that "former" word strongly in their email.
I ejected myself out of that program because it has absolutely zero value to
me, and just filled my inbox with junk invitations to meetings and events I
couldn't care less about. Good riddance.

## distro meeting

We had the curl distro meeting 2025 on Thursday and I wrote a summary [7].

## 10K

There are now more than 10,000 subscribers of my YouTube channel [8]. Thanks
for this, and I intend to continue populating it with the same kind of content
going forward. Focusing on curl, networking and open source. Like I always do.

If you have requests for particular video presentations and topics, don't be
shy to tell me.

## ngtcp2

This week the ngtcp2 overlord Tatsuhiro merged a PR [9] into their main git
branch that adds support for the recently added OpenSSL QUIC API. New in
OpenSSL 3.5, which was shipped just a few days ago [10].

This support is mentioned to appear publicly in the pending ngtcp2 1.12.0
release.

In the curl project, Stefan Eissing mentioned he has started toying with
getting curl to work with such an ngtcp2 build as this now suddenly opens up
the opportunity for curl users to do proper HTTP/3 using OpenSSL.

With this, we get a slightly messy naming problem: we can build support for
QUIC into curl using OpenSSL these two ways:

1. OpenSSL-QUIC + nghttp3
2. OpenSSL QUIC API + ngtcp2 + nghttp3

The first version uses the full QUIC implementation in OpenSSL with HTTP/3
support added by nghttp3. The second appraoch does QUIC with ngtcp2 and "only"
uses OpenSSL to do the TLS parts using its QUIC API, and also uses nghttp3 for
the HTTP/3 parts.

Early tests indicate that version 2 performs much better.

## tpm2 pains

I've been struggling through several debug sessions together with a customer
to get a tpm2 OpenSSL v3 "provider" to work with curl.

This is an yet another area of OpenSSL that is underdocumented, lacks examples
and seems to assume that you know a lot of about this stuff already when
trying to code for it. This journey will continue next week. I'll work it out
eventually, it just is going to take time and effort.

## letter

Together with a large amount of organizations and individuals I signed the
joint letter calling for a rejection of the proposed Swedish Data Storage and
Access to Electronic Information Legislation [13].

## curl-using device of the week

This "whiteboard" interactive display [11] runs curl. The photo was of course
added to the collection [12].

## Coming up

- the curl feature window opens tomorrow April 12
- I am keynoting foss-north on Monday April 14 [9]
- more tpm2 fighting
- easter national holiday around next weekend

## Links

[1] = https://daniel.haxx.se/blog/2025/04/07/writing-c-for-curl/
[2] = https://youtu.be/13jenENwBoE?si=WCQIifX9PKKFwPbO
[3] = https://daniel.haxx.se/blog/2024/10/02/im-a-professional/
[4] = https://github.com/curl/curl/pull/17015
[5] = https://github.com/curl/curl/pull/16972
[6] = https://github.com/curl/curl/pull/16987
[7] = https://daniel.haxx.se/blog/2025/04/10/summing-up-the-curl-distro-2025-meet/
[8] = http://www.youtube.com/@DanielStenberg
[9] = https://github.com/ngtcp2/ngtcp2/pull/1582
[10] = https://github.com/openssl/openssl/releases/tag/openssl-3.5.0
[11] = https://daniel.haxx.se/blog/wp-content/uploads/2016/10/blackboard-curl.jpg
[12] = https://daniel.haxx.se/blog/2016/10/03/screenshotted-curl-credits/
[13] = https://www.globalencryption.org/2025/04/joint-letter-on-swedish-data-storage-and-access-to-electronic-information-legislation/

-- 

  / daniel.haxx.se