4.3.7 release preparation #12044
Draft
4.3.7 release preparation #12044
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit 2f1e6d4.
…1646) * [mbedtls] Store bio functions in a GC root. * [mbedtls] Fix incorrect alt name check. * [mbedtls] Replace String_val with Bytes_val to prevent compiler warnings. * [mbedtls] use SecTrustCopyAnchorCertificates to get root certs on macOS. SecKeychainOpen is deprecated. * [mbedtls] Remove unused includes and use angled brackets. * [mbedtls] Fix more warnings. * [mbedtls] Support mbedtls 3.x.
…ts (#11838) * Use windows api to verify ssl certs Taken from: Apprentice-Alchemist/hashlink@4d59012 * Handle error if cert store fails to open * Fix mscv warnings about invalid arguments Warning C6387 'parameters' could be '0': this does not adhere to the specification for the function 'CertGetCertificateChain'. Warning C6387 'policy_parameters' could be '0': this does not adhere to the specification for the function 'CertVerifyCertificateChainPolicy'. This also fixes an "incorrect parameter" runtime error. * Clear errors if certificate loading succeeded * Perform checks for all calls of verify_callback We need to do this every time, because if any callback call returns a non zero flags then the entire verification fails, see: https://github.com/Mbed-TLS/mbedtls/blob/3aefa5b705846c5d4466ae8747160ae9e5054ea8/library/x509_crt.c#L3031 We don't need to loop through the chain, since mbedtls already loops through and calls the callback on every certificate in the chain. * Free handles on certificate verification errors * Replace existing certificates if they exist This avoids duplicate certificates in the store * Propagate CN_MISMATCH ssl cert error The windows api functions won't check this automatically for us without further modifications, so it's easiest to just respect mbedtls' judgement and propagate this error. * Clarify comment regarding error mapping * Skip verification callback if no errors were found
* copy var flags when duplicating Also don't unroll loops that have static vars closes #11800 * hoist static locals when unrolling loops see #11800 * hoist all var declarations when unrolling loops * awkwardly deal with captured locals * clean up a bit, but don't hoist non-statics after all * don't need this now * remove test
* add CfNoLookup * invalidate
* Local statics cannot be found in class decls * Add test * Update test * Fix test for CI
* clean up warning handling and add optional WUnsafeEnumEquality * wah
* Always check var shadowing, disable associated warning by default * Deprecate some warnings related defines
* [ci] Use ARM runner. * [ci] Run tests on Linux ARM runners.
This was
linked to
issues
Mar 7, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Warning
Do NOT merge! I will rebase when the release is ready