diff --git a/ports/curl/openssl_quic.patch b/ports/curl/openssl_quic.patch new file mode 100644 index 00000000000000..997992c9c67f3e --- /dev/null +++ b/ports/curl/openssl_quic.patch @@ -0,0 +1,53 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -719,9 +719,22 @@ + include_directories(${MSH3_INCLUDE_DIRS}) + list(APPEND CURL_LIBS ${MSH3_LIBRARIES}) + endif() + +-if(CURL_WITH_MULTI_SSL AND (USE_NGTCP2 OR USE_QUICHE OR USE_MSH3)) ++option(USE_OPENSSL_QUIC "Use openssl and nghttp3 libraries for HTTP/3 support" OFF) ++if(USE_OPENSSL_QUIC) ++ if(USE_NGTCP2 OR USE_QUICHE OR USE_MSH3) ++ message(FATAL_ERROR "Only one HTTP/3 backend can be selected!") ++ endif() ++ find_package(OpenSSL 3.2.0 REQUIRED) ++ ++ find_package(NGHTTP3 REQUIRED) ++ set(USE_NGHTTP3 ON) ++ include_directories(${NGHTTP3_INCLUDE_DIRS}) ++ list(APPEND CURL_LIBS ${NGHTTP3_LIBRARIES}) ++endif() ++ ++if(CURL_WITH_MULTI_SSL AND (USE_NGTCP2 OR USE_QUICHE OR USE_MSH3 OR USE_OPENSSL_QUIC)) + message(FATAL_ERROR "MultiSSL cannot be enabled with HTTP/3 and vice versa.") + endif() + + if(NOT CURL_DISABLE_SRP AND (HAVE_GNUTLS_SRP OR HAVE_OPENSSL_SRP)) +@@ -1541,9 +1554,9 @@ + (use_curl_ntlm_core OR USE_WINDOWS_SSPI) AND + NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED) + _add_if("TLS-SRP" USE_TLS_SRP) + _add_if("HTTP2" USE_NGHTTP2) +- _add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE) ++ _add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE OR USE_OPENSSL_QUIC) + _add_if("MultiSSL" CURL_WITH_MULTI_SSL) + # TODO wolfSSL only support this from v5.0.0 onwards + _add_if("HTTPS-proxy" SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS + OR USE_SCHANNEL OR USE_RUSTLS OR USE_BEARSSL OR +diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake +--- a/lib/curl_config.h.cmake ++++ b/lib/curl_config.h.cmake +@@ -719,8 +719,11 @@ + + /* to enable quiche */ + #cmakedefine USE_QUICHE 1 + ++/* to enable openssl + nghttp3 */ ++#cmakedefine USE_OPENSSL_QUIC 1 ++ + /* Define to 1 if you have the quiche_conn_set_qlog_fd function. */ + #cmakedefine HAVE_QUICHE_CONN_SET_QLOG_FD 1 + + /* to enable msh3 */ diff --git a/ports/curl/portfile.cmake b/ports/curl/portfile.cmake index ef0e56ba99510f..a29ba6bc2d4760 100644 --- a/ports/curl/portfile.cmake +++ b/ports/curl/portfile.cmake @@ -15,12 +15,15 @@ vcpkg_from_github( export-components.patch dependencies.patch cmake-config.patch + openssl_quic.patch + use_ca_native.patch ) vcpkg_check_features(OUT_FEATURE_OPTIONS FEATURE_OPTIONS FEATURES # Support HTTP2 TLS Download https://curl.haxx.se/ca/cacert.pem rename to curl-ca-bundle.crt, copy it to libcurl.dll location. http2 USE_NGHTTP2 + http3 USE_OPENSSL_QUIC wolfssl CURL_USE_WOLFSSL openssl CURL_USE_OPENSSL mbedtls CURL_USE_MBEDTLS @@ -36,6 +39,7 @@ vcpkg_check_features(OUT_FEATURE_OPTIONS FEATURE_OPTIONS winldap USE_WIN32_LDAP websockets ENABLE_WEBSOCKETS zstd CURL_ZSTD + ca-native CURL_USE_CA_NATIVE INVERTED_FEATURES non-http HTTP_ONLY winldap CURL_DISABLE_LDAP # Only WinLDAP support ATM diff --git a/ports/curl/use_ca_native.patch b/ports/curl/use_ca_native.patch new file mode 100644 index 00000000000000..f424b859ad3b56 --- /dev/null +++ b/ports/curl/use_ca_native.patch @@ -0,0 +1,51 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 656aa7c740facf..6d3baccda703f9 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -399,6 +399,8 @@ cmake_dependent_option(CURL_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF CURL_EN + cmake_dependent_option(CURL_USE_WOLFSSL "Enable wolfSSL for SSL/TLS" OFF CURL_ENABLE_SSL OFF) + cmake_dependent_option(CURL_USE_GNUTLS "Enable GnuTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF) + ++option(CURL_USE_CA_NATIVE "Use standard certificate store of operating system" OFF) ++ + set(openssl_default ON) + if(WIN32 OR CURL_USE_SECTRANSP OR CURL_USE_SCHANNEL OR CURL_USE_MBEDTLS OR CURL_USE_WOLFSSL) + set(openssl_default OFF) +@@ -430,6 +432,9 @@ endif() + if(CURL_WINDOWS_SSPI) + set(USE_WINDOWS_SSPI ON) + endif() ++if(CURL_USE_CA_NATIVE) ++ set(USE_CA_NATIVE ON) ++endif() + + if(CURL_USE_SECTRANSP) + set(use_core_foundation_and_core_services ON) +diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake +index 0f4db69820ed17..901d4bce698d59 100644 +--- a/lib/curl_config.h.cmake ++++ b/lib/curl_config.h.cmake +@@ -741,6 +741,9 @@ ${SIZEOF_TIME_T_CODE} + /* to enable Windows SSL */ + #cmakedefine USE_SCHANNEL 1 + ++/* Use standard certificate store of operating system */ ++#cmakedefine CURL_USE_CA_NATIVE 1 ++ + /* enable multiple SSL backends */ + #cmakedefine CURL_WITH_MULTI_SSL 1 + +diff --git a/lib/setopt.c b/lib/setopt.c +index 8a5a5d7c33d21d..180098c5e82ef8 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -2370,6 +2370,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); + data->set.ssl.revoke_best_effort = !!(arg & CURLSSLOPT_REVOKE_BEST_EFFORT); + data->set.ssl.native_ca_store = !!(arg & CURLSSLOPT_NATIVE_CA); ++#if defined(USE_CA_NATIVE) ++ data->set.ssl.native_ca_store = true; ++#endif + data->set.ssl.auto_client_cert = !!(arg & CURLSSLOPT_AUTO_CLIENT_CERT); + /* If a setting is added here it should also be added in dohprobe() + which sets its own CURLOPT_SSL_OPTIONS based on these settings. */ diff --git a/ports/curl/vcpkg.json b/ports/curl/vcpkg.json index 88acd187381643..8e3238c5b95115 100644 --- a/ports/curl/vcpkg.json +++ b/ports/curl/vcpkg.json @@ -1,6 +1,7 @@ { "name": "curl", "version": "8.6.0", + "port-version": 1, "description": "A library for transferring data with URLs", "homepage": "https://curl.se/", "license": "curl AND ISC AND BSD-3-Clause", @@ -16,8 +17,9 @@ "zlib" ], "default-features": [ + "ca-native", "non-http", - "ssl" + "openssl" ], "features": { "brotli": { @@ -32,6 +34,9 @@ "c-ares" ] }, + "ca-native": { + "description": "Use standard certificate store of operating system" + }, "http2": { "description": "HTTP2 support", "dependencies": [ @@ -39,12 +44,29 @@ "name": "curl", "default-features": false, "features": [ - "ssl" + "openssl" ] }, "nghttp2" ] }, + "http3": { + "description": "HTTP3 support", + "dependencies": [ + { + "name": "curl", + "default-features": false, + "features": [ + "openssl" + ] + }, + "nghttp3", + { + "name": "openssl", + "version>=": "3.2.0" + } + ] + }, "idn": { "description": "Default IDN support", "dependencies": [ @@ -124,35 +146,6 @@ "libssh2" ] }, - "ssl": { - "description": "Default SSL backend", - "dependencies": [ - { - "name": "curl", - "default-features": false, - "features": [ - "sectransp" - ], - "platform": "osx | ios" - }, - { - "name": "curl", - "default-features": false, - "features": [ - "schannel" - ], - "platform": "(windows & !uwp) | mingw" - }, - { - "name": "curl", - "default-features": false, - "features": [ - "openssl" - ], - "platform": "(uwp | !windows) & !(osx | ios) & !mingw" - } - ] - }, "sspi": { "description": "SSPI support", "supports": "windows & !uwp" diff --git a/versions/baseline.json b/versions/baseline.json index c32579fc90db61..1afaec0fc8d476 100644 --- a/versions/baseline.json +++ b/versions/baseline.json @@ -2062,7 +2062,7 @@ }, "curl": { "baseline": "8.6.0", - "port-version": 0 + "port-version": 1 }, "curlpp": { "baseline": "2018-06-15", diff --git a/versions/c-/curl.json b/versions/c-/curl.json index 7565cfc630d59f..18e609e6033f6c 100644 --- a/versions/c-/curl.json +++ b/versions/c-/curl.json @@ -1,5 +1,10 @@ { "versions": [ + { + "git-tree": "488a1338ca73d6226654f1e158525133a2d4ecd6", + "version": "8.6.0", + "port-version": 1 + }, { "git-tree": "dba7665cff5bd6f1a31ad0aa864fd83049eac93e", "version": "8.6.0",