mirror of
https://github.com/curl/curl.git
synced 2026-04-14 22:31:41 +03:00
TLS: remove support for Secure Transport and BearSSL
These libraries do not support TLS 1.3 and have been marked for removal for over a year. We want to help users select a TLS dependency that is future-proof and reliable, and not supporting TLS 1.3 in 2025 does not infer confidence. Users who build libcurl are likely to be served better and get something more future-proof with a TLS library that supports 1.3. Closes #16677
This commit is contained in:
Daniel Stenberg
parent
b761eb5add
commit
08a3e8e19a
89 changed files with 163 additions and 5036 deletions
|
|
@ -679,24 +679,18 @@ if(CURL_DEFAULT_SSL_BACKEND)
|
|||
set(_valid_default_ssl_backend FALSE)
|
||||
endif()
|
||||
|
||||
if(APPLE)
|
||||
cmake_dependent_option(CURL_USE_SECTRANSP "Enable Apple OS native SSL/TLS (Secure Transport)" OFF CURL_ENABLE_SSL OFF)
|
||||
endif()
|
||||
if(WIN32)
|
||||
cmake_dependent_option(CURL_USE_SCHANNEL "Enable Windows native SSL/TLS (Schannel)" OFF CURL_ENABLE_SSL OFF)
|
||||
option(CURL_WINDOWS_SSPI "Enable SSPI on Windows" ${CURL_USE_SCHANNEL})
|
||||
endif()
|
||||
cmake_dependent_option(CURL_USE_MBEDTLS "Enable mbedTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF)
|
||||
cmake_dependent_option(CURL_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF CURL_ENABLE_SSL OFF)
|
||||
cmake_dependent_option(CURL_USE_WOLFSSL "Enable wolfSSL for SSL/TLS" OFF CURL_ENABLE_SSL OFF)
|
||||
cmake_dependent_option(CURL_USE_GNUTLS "Enable GnuTLS for SSL/TLS" OFF CURL_ENABLE_SSL OFF)
|
||||
cmake_dependent_option(CURL_USE_RUSTLS "Enable Rustls for SSL/TLS" OFF CURL_ENABLE_SSL OFF)
|
||||
|
||||
if(WIN32 OR
|
||||
CURL_USE_SECTRANSP OR
|
||||
CURL_USE_SCHANNEL OR
|
||||
CURL_USE_MBEDTLS OR
|
||||
CURL_USE_BEARSSL OR
|
||||
CURL_USE_WOLFSSL OR
|
||||
CURL_USE_GNUTLS OR
|
||||
CURL_USE_RUSTLS)
|
||||
|
|
@ -714,10 +708,8 @@ option(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG "Disable automatic loading of OpenS
|
|||
|
||||
curl_count_true(_enabled_ssl_options_count
|
||||
CURL_USE_SCHANNEL
|
||||
CURL_USE_SECTRANSP
|
||||
CURL_USE_OPENSSL
|
||||
CURL_USE_MBEDTLS
|
||||
CURL_USE_BEARSSL
|
||||
CURL_USE_WOLFSSL
|
||||
CURL_USE_GNUTLS
|
||||
CURL_USE_RUSTLS
|
||||
|
|
@ -741,26 +733,6 @@ if(CURL_WINDOWS_SSPI)
|
|||
set(USE_WINDOWS_SSPI ON)
|
||||
endif()
|
||||
|
||||
if(CURL_USE_SECTRANSP)
|
||||
set(_use_core_foundation_and_core_services ON)
|
||||
|
||||
find_library(SECURITY_FRAMEWORK NAMES "Security")
|
||||
mark_as_advanced(SECURITY_FRAMEWORK)
|
||||
if(NOT SECURITY_FRAMEWORK)
|
||||
message(FATAL_ERROR "Security framework not found")
|
||||
endif()
|
||||
list(APPEND CURL_LIBS "-framework Security")
|
||||
|
||||
set(_ssl_enabled ON)
|
||||
set(USE_SECTRANSP ON)
|
||||
|
||||
if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "secure-transport")
|
||||
set(_valid_default_ssl_backend TRUE)
|
||||
endif()
|
||||
|
||||
message(WARNING "Secure Transport does not support TLS 1.3.")
|
||||
endif()
|
||||
|
||||
if(_use_core_foundation_and_core_services)
|
||||
find_library(COREFOUNDATION_FRAMEWORK NAMES "CoreFoundation")
|
||||
mark_as_advanced(COREFOUNDATION_FRAMEWORK)
|
||||
|
|
@ -844,21 +816,6 @@ if(CURL_USE_MBEDTLS)
|
|||
set(_curl_ca_bundle_supported TRUE)
|
||||
endif()
|
||||
|
||||
if(CURL_USE_BEARSSL)
|
||||
find_package(BearSSL REQUIRED)
|
||||
set(_ssl_enabled ON)
|
||||
set(USE_BEARSSL ON)
|
||||
list(APPEND CURL_LIBS ${BEARSSL_LIBRARIES})
|
||||
include_directories(SYSTEM ${BEARSSL_INCLUDE_DIRS})
|
||||
|
||||
if(CURL_DEFAULT_SSL_BACKEND AND CURL_DEFAULT_SSL_BACKEND STREQUAL "bearssl")
|
||||
set(_valid_default_ssl_backend TRUE)
|
||||
endif()
|
||||
set(_curl_ca_bundle_supported TRUE)
|
||||
|
||||
message(WARNING "BearSSL does not support TLS 1.3.")
|
||||
endif()
|
||||
|
||||
if(CURL_USE_WOLFSSL)
|
||||
find_package(WolfSSL REQUIRED)
|
||||
set(_ssl_enabled ON)
|
||||
|
|
@ -2134,7 +2091,6 @@ if(NOT CURL_DISABLE_NTLM AND
|
|||
(USE_OPENSSL OR
|
||||
USE_MBEDTLS OR
|
||||
USE_GNUTLS OR
|
||||
USE_SECTRANSP OR
|
||||
USE_WIN32_CRYPTO OR
|
||||
(USE_WOLFSSL AND HAVE_WOLFSSL_DES_ECB_ENCRYPT)))
|
||||
set(_use_curl_ntlm_core ON)
|
||||
|
|
@ -2215,8 +2171,7 @@ curl_add_if("HTTP2" USE_NGHTTP2)
|
|||
curl_add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE OR USE_MSH3 OR USE_OPENSSL_QUIC)
|
||||
curl_add_if("MultiSSL" CURL_WITH_MULTI_SSL)
|
||||
curl_add_if("HTTPS-proxy" NOT CURL_DISABLE_PROXY AND _ssl_enabled AND (USE_OPENSSL OR USE_GNUTLS
|
||||
OR USE_SCHANNEL OR USE_RUSTLS OR USE_BEARSSL OR
|
||||
USE_MBEDTLS OR USE_SECTRANSP OR
|
||||
OR USE_SCHANNEL OR USE_RUSTLS OR USE_MBEDTLS OR
|
||||
(USE_WOLFSSL AND HAVE_WOLFSSL_BIO_NEW)))
|
||||
curl_add_if("Unicode" ENABLE_UNICODE)
|
||||
curl_add_if("threadsafe" HAVE_ATOMIC OR
|
||||
|
|
@ -2245,9 +2200,7 @@ set(_items "")
|
|||
curl_add_if("Schannel" _ssl_enabled AND USE_SCHANNEL)
|
||||
curl_add_if("${_openssl}" _ssl_enabled AND USE_OPENSSL AND OPENSSL_VERSION VERSION_LESS 3.0.0)
|
||||
curl_add_if("${_openssl} v3+" _ssl_enabled AND USE_OPENSSL AND OPENSSL_VERSION VERSION_GREATER_EQUAL 3.0.0)
|
||||
curl_add_if("Secure Transport" _ssl_enabled AND USE_SECTRANSP)
|
||||
curl_add_if("mbedTLS" _ssl_enabled AND USE_MBEDTLS)
|
||||
curl_add_if("BearSSL" _ssl_enabled AND USE_BEARSSL)
|
||||
curl_add_if("wolfSSL" _ssl_enabled AND USE_WOLFSSL)
|
||||
curl_add_if("GnuTLS" _ssl_enabled AND USE_GNUTLS)
|
||||
curl_add_if("rustls" _ssl_enabled AND USE_RUSTLS)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue