From 73e9f23083204074eed51e4b70d2b85764783233 Mon Sep 17 00:00:00 2001 From: Tal Regev Date: Mon, 4 Mar 2024 23:52:55 +0200 Subject: [PATCH 1/3] Add http3 feature to curl --- ports/curl/openssl_quic.patch | 53 +++++++++++++++++++++++++++++++++++ ports/curl/portfile.cmake | 2 ++ ports/curl/vcpkg.json | 14 +++++++++ 3 files changed, 69 insertions(+) create mode 100644 ports/curl/openssl_quic.patch diff --git a/ports/curl/openssl_quic.patch b/ports/curl/openssl_quic.patch new file mode 100644 index 00000000000000..997992c9c67f3e --- /dev/null +++ b/ports/curl/openssl_quic.patch @@ -0,0 +1,53 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -719,9 +719,22 @@ + include_directories(${MSH3_INCLUDE_DIRS}) + list(APPEND CURL_LIBS ${MSH3_LIBRARIES}) + endif() + +-if(CURL_WITH_MULTI_SSL AND (USE_NGTCP2 OR USE_QUICHE OR USE_MSH3)) ++option(USE_OPENSSL_QUIC "Use openssl and nghttp3 libraries for HTTP/3 support" OFF) ++if(USE_OPENSSL_QUIC) ++ if(USE_NGTCP2 OR USE_QUICHE OR USE_MSH3) ++ message(FATAL_ERROR "Only one HTTP/3 backend can be selected!") ++ endif() ++ find_package(OpenSSL 3.2.0 REQUIRED) ++ ++ find_package(NGHTTP3 REQUIRED) ++ set(USE_NGHTTP3 ON) ++ include_directories(${NGHTTP3_INCLUDE_DIRS}) ++ list(APPEND CURL_LIBS ${NGHTTP3_LIBRARIES}) ++endif() ++ ++if(CURL_WITH_MULTI_SSL AND (USE_NGTCP2 OR USE_QUICHE OR USE_MSH3 OR USE_OPENSSL_QUIC)) + message(FATAL_ERROR "MultiSSL cannot be enabled with HTTP/3 and vice versa.") + endif() + + if(NOT CURL_DISABLE_SRP AND (HAVE_GNUTLS_SRP OR HAVE_OPENSSL_SRP)) +@@ -1541,9 +1554,9 @@ + (use_curl_ntlm_core OR USE_WINDOWS_SSPI) AND + NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED) + _add_if("TLS-SRP" USE_TLS_SRP) + _add_if("HTTP2" USE_NGHTTP2) +- _add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE) ++ _add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE OR USE_OPENSSL_QUIC) + _add_if("MultiSSL" CURL_WITH_MULTI_SSL) + # TODO wolfSSL only support this from v5.0.0 onwards + _add_if("HTTPS-proxy" SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS + OR USE_SCHANNEL OR USE_RUSTLS OR USE_BEARSSL OR +diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake +--- a/lib/curl_config.h.cmake ++++ b/lib/curl_config.h.cmake +@@ -719,8 +719,11 @@ + + /* to enable quiche */ + #cmakedefine USE_QUICHE 1 + ++/* to enable openssl + nghttp3 */ ++#cmakedefine USE_OPENSSL_QUIC 1 ++ + /* Define to 1 if you have the quiche_conn_set_qlog_fd function. */ + #cmakedefine HAVE_QUICHE_CONN_SET_QLOG_FD 1 + + /* to enable msh3 */ diff --git a/ports/curl/portfile.cmake b/ports/curl/portfile.cmake index ef0e56ba99510f..e5c70566b10f95 100644 --- a/ports/curl/portfile.cmake +++ b/ports/curl/portfile.cmake @@ -15,12 +15,14 @@ vcpkg_from_github( export-components.patch dependencies.patch cmake-config.patch + openssl_quic.patch ) vcpkg_check_features(OUT_FEATURE_OPTIONS FEATURE_OPTIONS FEATURES # Support HTTP2 TLS Download https://curl.haxx.se/ca/cacert.pem rename to curl-ca-bundle.crt, copy it to libcurl.dll location. http2 USE_NGHTTP2 + http3 USE_OPENSSL_QUIC wolfssl CURL_USE_WOLFSSL openssl CURL_USE_OPENSSL mbedtls CURL_USE_MBEDTLS diff --git a/ports/curl/vcpkg.json b/ports/curl/vcpkg.json index 88acd187381643..f3e1f06a1a0820 100644 --- a/ports/curl/vcpkg.json +++ b/ports/curl/vcpkg.json @@ -1,6 +1,7 @@ { "name": "curl", "version": "8.6.0", + "port-version": 1, "description": "A library for transferring data with URLs", "homepage": "https://curl.se/", "license": "curl AND ISC AND BSD-3-Clause", @@ -45,6 +46,19 @@ "nghttp2" ] }, + "http3": { + "description": "HTTP3 support", + "dependencies": [ + { + "name": "curl", + "default-features": false, + "features": [ + "openssl" + ] + }, + "nghttp3" + ] + }, "idn": { "description": "Default IDN support", "dependencies": [ From 30ca63051f71816a6024ded17d60d804028ee649 Mon Sep 17 00:00:00 2001 From: Tal Regev Date: Tue, 5 Mar 2024 18:58:17 +0200 Subject: [PATCH 2/3] http3 support as openssl in ssl --- ports/curl/vcpkg.json | 7 ++++++- versions/baseline.json | 2 +- versions/c-/curl.json | 5 +++++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/ports/curl/vcpkg.json b/ports/curl/vcpkg.json index f3e1f06a1a0820..573612964e0826 100644 --- a/ports/curl/vcpkg.json +++ b/ports/curl/vcpkg.json @@ -48,6 +48,7 @@ }, "http3": { "description": "HTTP3 support", + "supports": "(uwp | !windows) & !(osx | ios) & !mingw", "dependencies": [ { "name": "curl", @@ -56,7 +57,11 @@ "openssl" ] }, - "nghttp3" + "nghttp3", + { + "name": "openssl", + "version>=": "3.2.0" + } ] }, "idn": { diff --git a/versions/baseline.json b/versions/baseline.json index c32579fc90db61..1afaec0fc8d476 100644 --- a/versions/baseline.json +++ b/versions/baseline.json @@ -2062,7 +2062,7 @@ }, "curl": { "baseline": "8.6.0", - "port-version": 0 + "port-version": 1 }, "curlpp": { "baseline": "2018-06-15", diff --git a/versions/c-/curl.json b/versions/c-/curl.json index 7565cfc630d59f..5bf1fe495e8e5c 100644 --- a/versions/c-/curl.json +++ b/versions/c-/curl.json @@ -1,5 +1,10 @@ { "versions": [ + { + "git-tree": "8c1fb523e9f0ccd18a4f3e2e832e2ecab7dd9f15", + "version": "8.6.0", + "port-version": 1 + }, { "git-tree": "dba7665cff5bd6f1a31ad0aa864fd83049eac93e", "version": "8.6.0", From 23349cc81b78451e824d310bd661fcd570d495b2 Mon Sep 17 00:00:00 2001 From: Tal Regev Date: Wed, 13 Mar 2024 20:46:06 +0200 Subject: [PATCH 3/3] Remove ssl --- ports/curl/portfile.cmake | 4 ++- ports/curl/use_ca_native.patch | 51 ++++++++++++++++++++++++++++++++++ ports/curl/vcpkg.json | 38 ++++--------------------- versions/c-/curl.json | 2 +- 4 files changed, 61 insertions(+), 34 deletions(-) create mode 100644 ports/curl/use_ca_native.patch diff --git a/ports/curl/portfile.cmake b/ports/curl/portfile.cmake index e5c70566b10f95..a29ba6bc2d4760 100644 --- a/ports/curl/portfile.cmake +++ b/ports/curl/portfile.cmake @@ -15,7 +15,8 @@ vcpkg_from_github( export-components.patch dependencies.patch cmake-config.patch - openssl_quic.patch + openssl_quic.patch + use_ca_native.patch ) vcpkg_check_features(OUT_FEATURE_OPTIONS FEATURE_OPTIONS @@ -38,6 +39,7 @@ vcpkg_check_features(OUT_FEATURE_OPTIONS FEATURE_OPTIONS winldap USE_WIN32_LDAP websockets ENABLE_WEBSOCKETS zstd CURL_ZSTD + ca-native CURL_USE_CA_NATIVE INVERTED_FEATURES non-http HTTP_ONLY winldap CURL_DISABLE_LDAP # Only WinLDAP support ATM diff --git a/ports/curl/use_ca_native.patch b/ports/curl/use_ca_native.patch new file mode 100644 index 00000000000000..f424b859ad3b56 --- /dev/null +++ b/ports/curl/use_ca_native.patch @@ -0,0 +1,51 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 656aa7c740facf..6d3baccda703f9 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -399,6 +399,8 @@ cmake_dependent_option(CURL_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF CURL_EN + cmake_dependent_option(CURL_USE_WOLFSSL "Enable wolfSSL for SSL/TLS" OFF CURL_ENABLE_SSL OFF) + cmake_dependent_option(CURL_USE_GNUTLS "Enable GnuTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF) + ++option(CURL_USE_CA_NATIVE "Use standard certificate store of operating system" OFF) ++ + set(openssl_default ON) + if(WIN32 OR CURL_USE_SECTRANSP OR CURL_USE_SCHANNEL OR CURL_USE_MBEDTLS OR CURL_USE_WOLFSSL) + set(openssl_default OFF) +@@ -430,6 +432,9 @@ endif() + if(CURL_WINDOWS_SSPI) + set(USE_WINDOWS_SSPI ON) + endif() ++if(CURL_USE_CA_NATIVE) ++ set(USE_CA_NATIVE ON) ++endif() + + if(CURL_USE_SECTRANSP) + set(use_core_foundation_and_core_services ON) +diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake +index 0f4db69820ed17..901d4bce698d59 100644 +--- a/lib/curl_config.h.cmake ++++ b/lib/curl_config.h.cmake +@@ -741,6 +741,9 @@ ${SIZEOF_TIME_T_CODE} + /* to enable Windows SSL */ + #cmakedefine USE_SCHANNEL 1 + ++/* Use standard certificate store of operating system */ ++#cmakedefine CURL_USE_CA_NATIVE 1 ++ + /* enable multiple SSL backends */ + #cmakedefine CURL_WITH_MULTI_SSL 1 + +diff --git a/lib/setopt.c b/lib/setopt.c +index 8a5a5d7c33d21d..180098c5e82ef8 100644 +--- a/lib/setopt.c ++++ b/lib/setopt.c +@@ -2370,6 +2370,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) + data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN); + data->set.ssl.revoke_best_effort = !!(arg & CURLSSLOPT_REVOKE_BEST_EFFORT); + data->set.ssl.native_ca_store = !!(arg & CURLSSLOPT_NATIVE_CA); ++#if defined(USE_CA_NATIVE) ++ data->set.ssl.native_ca_store = true; ++#endif + data->set.ssl.auto_client_cert = !!(arg & CURLSSLOPT_AUTO_CLIENT_CERT); + /* If a setting is added here it should also be added in dohprobe() + which sets its own CURLOPT_SSL_OPTIONS based on these settings. */ diff --git a/ports/curl/vcpkg.json b/ports/curl/vcpkg.json index 573612964e0826..8e3238c5b95115 100644 --- a/ports/curl/vcpkg.json +++ b/ports/curl/vcpkg.json @@ -17,8 +17,9 @@ "zlib" ], "default-features": [ + "ca-native", "non-http", - "ssl" + "openssl" ], "features": { "brotli": { @@ -33,6 +34,9 @@ "c-ares" ] }, + "ca-native": { + "description": "Use standard certificate store of operating system" + }, "http2": { "description": "HTTP2 support", "dependencies": [ @@ -40,7 +44,7 @@ "name": "curl", "default-features": false, "features": [ - "ssl" + "openssl" ] }, "nghttp2" @@ -48,7 +52,6 @@ }, "http3": { "description": "HTTP3 support", - "supports": "(uwp | !windows) & !(osx | ios) & !mingw", "dependencies": [ { "name": "curl", @@ -143,35 +146,6 @@ "libssh2" ] }, - "ssl": { - "description": "Default SSL backend", - "dependencies": [ - { - "name": "curl", - "default-features": false, - "features": [ - "sectransp" - ], - "platform": "osx | ios" - }, - { - "name": "curl", - "default-features": false, - "features": [ - "schannel" - ], - "platform": "(windows & !uwp) | mingw" - }, - { - "name": "curl", - "default-features": false, - "features": [ - "openssl" - ], - "platform": "(uwp | !windows) & !(osx | ios) & !mingw" - } - ] - }, "sspi": { "description": "SSPI support", "supports": "windows & !uwp" diff --git a/versions/c-/curl.json b/versions/c-/curl.json index 5bf1fe495e8e5c..18e609e6033f6c 100644 --- a/versions/c-/curl.json +++ b/versions/c-/curl.json @@ -1,7 +1,7 @@ { "versions": [ { - "git-tree": "8c1fb523e9f0ccd18a4f3e2e832e2ecab7dd9f15", + "git-tree": "488a1338ca73d6226654f1e158525133a2d4ecd6", "version": "8.6.0", "port-version": 1 },