[curl] Add http3 + remove ssl + openssl default ssl + remove other ssl/tls backend features.

ports/aws-sdk-cpp/vcpkg.in.json

@@ -1,7 +1,7 @@
 {
   "name": "aws-sdk-cpp",
   "version": "1.11.215",
-  "port-version": 1,
+  "port-version": 2,
   "description": "AWS SDK for C++",
   "homepage": "https://github.com/aws/aws-sdk-cpp",
   "license": "Apache-2.0",
@@ -12,7 +12,7 @@
       "name": "curl",
       "default-features": false,
       "features": [
-        "ssl"
+        "openssl"
       ],
       "platform": "!uwp & !windows"
     },

ports/aws-sdk-cpp/vcpkg.json

@@ -2,6 +2,7 @@
   "$note": "Automatically generated by generateFeatures.ps1",
   "name": "aws-sdk-cpp",
   "version": "1.11.255",
+  "port-version": 1,
   "description": "AWS SDK for C++",
   "homepage": "https://github.com/aws/aws-sdk-cpp",
   "license": "Apache-2.0",
@@ -12,7 +13,7 @@
       "name": "curl",
       "default-features": false,
       "features": [
-        "ssl"
+        "openssl"
       ],
       "platform": "!uwp & !windows"
     },

ports/azure-core-cpp/vcpkg.json

@@ -5,6 +5,7 @@
   ],
   "name": "azure-core-cpp",
   "version-semver": "1.11.2",
+  "port-version": 1,
   "description": [
     "Microsoft Azure Core SDK for C++",
     "This library provides shared primitives, abstractions, and helpers for modern Azure SDK client libraries written in the C++."
@@ -40,7 +41,7 @@
           "name": "curl",
           "default-features": false,
           "features": [
-            "ssl"
+            "openssl"
           ]
         }
       ]

ports/configcat/vcpkg.json

@@ -1,6 +1,7 @@
 {
   "name": "configcat",
   "version": "3.2.0",
+  "port-version": 1,
   "description": "ConfigCat SDK for C++ provides easy integration for your application to ConfigCat. ConfigCat is a feature flag and configuration management service that lets you separate feature releases from deployments. Alternative to LaunchDarkly.",
   "homepage": "https://configcat.com/",
   "license": "MIT",
@@ -28,7 +29,7 @@
           "name": "curl",
           "default-features": false,
           "features": [
-            "ssl"
+            "openssl"
           ]
         },
         {

ports/cpr/vcpkg.json

@@ -1,7 +1,7 @@
 {
   "name": "cpr",
   "version-semver": "1.10.5",
-  "port-version": 2,
+  "port-version": 3,
   "description": "C++ Requests is a simple wrapper around libcurl inspired by the excellent Python Requests project.",
   "homepage": "https://github.com/libcpr/cpr",
   "license": "MIT",
@@ -30,7 +30,7 @@
           "name": "curl",
           "default-features": false,
           "features": [
-            "ssl"
+            "openssl"
           ]
         },
         {

ports/curl/ca-native.patch

@@ -0,0 +1,69 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 656aa7c740facf..c4bea84462679a 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -399,6 +399,11 @@ cmake_dependent_option(CURL_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF CURL_EN
+ cmake_dependent_option(CURL_USE_WOLFSSL "Enable wolfSSL for SSL/TLS" OFF CURL_ENABLE_SSL OFF)
+ cmake_dependent_option(CURL_USE_GNUTLS "Enable GnuTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF)
+
++option(CURL_USE_CA_NATIVE "Use standard certificate store of operating system" OFF)
++if(CURL_USE_CA_NATIVE)
++  set(USE_CA_NATIVE ON)
++endif()
++
+ set(openssl_default ON)
+ if(WIN32 OR CURL_USE_SECTRANSP OR CURL_USE_SCHANNEL OR CURL_USE_MBEDTLS OR CURL_USE_WOLFSSL)
+   set(openssl_default OFF)
+diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
+index 0f4db69820ed17..09f1fd14ca9528 100644
+--- a/lib/curl_config.h.cmake
++++ b/lib/curl_config.h.cmake
+@@ -741,6 +741,9 @@ ${SIZEOF_TIME_T_CODE}
+ /* to enable Windows SSL  */
+ #cmakedefine USE_SCHANNEL 1
+
++/* Use standard certificate store of operating system */
++#cmakedefine USE_CA_NATIVE 1
++
+ /* enable multiple SSL backends */
+ #cmakedefine CURL_WITH_MULTI_SSL 1
+
+diff --git a/lib/setopt.c b/lib/setopt.c
+index 8a5a5d7c33d21d..a7ce186baef681 100644
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -2370,6 +2370,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+     data->set.ssl.no_partialchain = !!(arg & CURLSSLOPT_NO_PARTIALCHAIN);
+     data->set.ssl.revoke_best_effort = !!(arg & CURLSSLOPT_REVOKE_BEST_EFFORT);
+     data->set.ssl.native_ca_store = !!(arg & CURLSSLOPT_NATIVE_CA);
++#ifdef USE_CA_NATIVE
++    data->set.ssl.native_ca_store = true;
++#endif
+     data->set.ssl.auto_client_cert = !!(arg & CURLSSLOPT_AUTO_CLIENT_CERT);
+     /* If a setting is added here it should also be added in dohprobe()
+        which sets its own CURLOPT_SSL_OPTIONS based on these settings. */
+@@ -2385,6 +2388,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
+     data->set.proxy_ssl.revoke_best_effort =
+       !!(arg & CURLSSLOPT_REVOKE_BEST_EFFORT);
+     data->set.proxy_ssl.native_ca_store = !!(arg & CURLSSLOPT_NATIVE_CA);
++#ifdef USE_CA_NATIVE
++    data->set.ssl.native_ca_store = true;
++#endif
+     data->set.proxy_ssl.auto_client_cert =
+       !!(arg & CURLSSLOPT_AUTO_CLIENT_CERT);
+     break;
+diff --git a/src/tool_getparam.c b/src/tool_getparam.c
+index 52bb24959ddd71..1c1cf596820bcf 100644
+--- a/src/tool_getparam.c
++++ b/src/tool_getparam.c
+@@ -2749,7 +2749,9 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
+     a = NULL;
+
+   } while(!longopt && !singleopt && *++parse && !*usedarg && !err);
+-
++#ifdef USE_CA_NATIVE
++  config->native_ca_store = true;
++#endif
+ error:
+   if(nextalloc)
+     free(nextarg);

ports/curl/openssl_quic.patch

@@ -0,0 +1,53 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -719,9 +719,22 @@
+   include_directories(${MSH3_INCLUDE_DIRS})
+   list(APPEND CURL_LIBS ${MSH3_LIBRARIES})
+ endif()
+
+-if(CURL_WITH_MULTI_SSL AND (USE_NGTCP2 OR USE_QUICHE OR USE_MSH3))
++option(USE_OPENSSL_QUIC "Use openssl and nghttp3 libraries for HTTP/3 support" OFF)
++if(USE_OPENSSL_QUIC)
++  if(USE_NGTCP2 OR USE_QUICHE OR USE_MSH3)
++    message(FATAL_ERROR "Only one HTTP/3 backend can be selected!")
++  endif()
++  find_package(OpenSSL 3.2.0 REQUIRED)
++
++  find_package(NGHTTP3 REQUIRED)
++  set(USE_NGHTTP3 ON)
++  include_directories(${NGHTTP3_INCLUDE_DIRS})
++  list(APPEND CURL_LIBS ${NGHTTP3_LIBRARIES})
++endif()
++
++if(CURL_WITH_MULTI_SSL AND (USE_NGTCP2 OR USE_QUICHE OR USE_MSH3 OR USE_OPENSSL_QUIC))
+   message(FATAL_ERROR "MultiSSL cannot be enabled with HTTP/3 and vice versa.")
+ endif()
+
+ if(NOT CURL_DISABLE_SRP AND (HAVE_GNUTLS_SRP OR HAVE_OPENSSL_SRP))
+@@ -1541,9 +1554,9 @@
+                           (use_curl_ntlm_core OR USE_WINDOWS_SSPI) AND
+                           NOT CURL_DISABLE_HTTP AND NTLM_WB_ENABLED)
+   _add_if("TLS-SRP"       USE_TLS_SRP)
+   _add_if("HTTP2"         USE_NGHTTP2)
+-  _add_if("HTTP3"         USE_NGTCP2 OR USE_QUICHE)
++  _add_if("HTTP3"         USE_NGTCP2 OR USE_QUICHE OR USE_OPENSSL_QUIC)
+   _add_if("MultiSSL"      CURL_WITH_MULTI_SSL)
+   # TODO wolfSSL only support this from v5.0.0 onwards
+   _add_if("HTTPS-proxy"   SSL_ENABLED AND (USE_OPENSSL OR USE_GNUTLS
+                           OR USE_SCHANNEL OR USE_RUSTLS OR USE_BEARSSL OR
+diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
+--- a/lib/curl_config.h.cmake
++++ b/lib/curl_config.h.cmake
+@@ -719,8 +719,11 @@
+
+ /* to enable quiche */
+ #cmakedefine USE_QUICHE 1
+
++/* to enable openssl + nghttp3 */
++#cmakedefine USE_OPENSSL_QUIC 1
++
+ /* Define to 1 if you have the quiche_conn_set_qlog_fd function. */
+ #cmakedefine HAVE_QUICHE_CONN_SET_QLOG_FD 1
+
+ /* to enable msh3 */

ports/curl/portfile.cmake

@@ -15,12 +15,15 @@ vcpkg_from_github(
         export-components.patch
         dependencies.patch
         cmake-config.patch
+        openssl_quic.patch
+        ca-native.patch
 )
 
 vcpkg_check_features(OUT_FEATURE_OPTIONS FEATURE_OPTIONS
     FEATURES
         # Support HTTP2 TLS Download https://curl.haxx.se/ca/cacert.pem rename to curl-ca-bundle.crt, copy it to libcurl.dll location.
         http2       USE_NGHTTP2
+        http3       USE_OPENSSL_QUIC
         wolfssl     CURL_USE_WOLFSSL
         openssl     CURL_USE_OPENSSL
         mbedtls     CURL_USE_MBEDTLS
@@ -35,6 +38,7 @@ vcpkg_check_features(OUT_FEATURE_OPTIONS FEATURE_OPTIONS
         winidn      USE_WIN32_IDN
         websockets  ENABLE_WEBSOCKETS
         zstd        CURL_ZSTD
+        ca-native   CURL_USE_CA_NATIVE
     INVERTED_FEATURES
         ldap        CURL_DISABLE_LDAP
         ldap        CURL_DISABLE_LDAPS

ports/curl/vcpkg.json

@@ -1,7 +1,7 @@
 {
   "name": "curl",
   "version": "8.6.0",
-  "port-version": 1,
+  "port-version": 2,
   "description": "A library for transferring data with URLs",
   "homepage": "https://curl.se/",
   "license": "curl AND ISC AND BSD-3-Clause",
@@ -17,8 +17,9 @@
     "zlib"
   ],
   "default-features": [
+    "ca-native",
     "non-http",
-    "ssl"
+    "openssl"
   ],
   "features": {
     "brotli": {
@@ -33,19 +34,39 @@
         "c-ares"
       ]
     },
+    "ca-native": {
+      "description": "Use standard certificate store of operating system"
+    },
     "http2": {
       "description": "HTTP2 support",
       "dependencies": [
         {
           "name": "curl",
           "default-features": false,
           "features": [
-            "ssl"
+            "openssl"
           ]
         },
         "nghttp2"
       ]
     },
+    "http3": {
+      "description": "HTTP3 support",
+      "dependencies": [
+        {
+          "name": "curl",
+          "default-features": false,
+          "features": [
+            "openssl"
+          ]
+        },
+        "nghttp3",
+        {
+          "name": "openssl",
+          "version>=": "3.2.0"
+        }
+      ]
+    },
     "idn": {
       "description": "Default IDN support",
       "dependencies": [
@@ -90,12 +111,6 @@
         }
       ]
     },
-    "mbedtls": {
-      "description": "SSL support (mbedTLS)",
-      "dependencies": [
-        "mbedtls"
-      ]
-    },
     "non-http": {
       "description": "Enables protocols beyond HTTP/HTTPS/HTTP2"
     },
@@ -105,23 +120,6 @@
         "openssl"
       ]
     },
-    "schannel": {
-      "description": "SSL support (Secure Channel)",
-      "supports": "windows & !uwp",
-      "dependencies": [
-        {
-          "name": "curl",
-          "default-features": false,
-          "features": [
-            "sspi"
-          ]
-        }
-      ]
-    },
-    "sectransp": {
-      "description": "SSL support (sectransp)",
-      "supports": "osx | ios"
-    },
     "ssh": {
       "description": "SSH support via libssh2",
       "dependencies": [
@@ -142,35 +140,6 @@
         "libssh2"
       ]
     },
-    "ssl": {
-      "description": "Default SSL backend",
-      "dependencies": [
-        {
-          "name": "curl",
-          "default-features": false,
-          "features": [
-            "sectransp"
-          ],
-          "platform": "osx | ios"
-        },
-        {
-          "name": "curl",
-          "default-features": false,
-          "features": [
-            "schannel"
-          ],
-          "platform": "(windows & !uwp) | mingw"
-        },
-        {
-          "name": "curl",
-          "default-features": false,
-          "features": [
-            "openssl"
-          ],
-          "platform": "(uwp | !windows) & !(osx | ios) & !mingw"
-        }
-      ]
-    },
     "sspi": {
       "description": "SSPI support",
       "supports": "windows & !uwp"
@@ -198,25 +167,6 @@
         }
       ]
     },
-    "winssl": {
-      "description": "Legacy name for schannel",
-      "supports": "windows & !uwp",
-      "dependencies": [
-        {
-          "name": "curl",
-          "default-features": false,
-          "features": [
-            "schannel"
-          ]
-        }
-      ]
-    },
-    "wolfssl": {
-      "description": "SSL support (wolfSSL)",
-      "dependencies": [
-        "wolfssl"
-      ]
-    },
     "zstd": {
       "description": "ZStandard support (zstd)",
       "dependencies": [