romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-03 12:44:15 +03:00
Code Issues Projects Releases Packages Wiki Activity

configure: make the TLS library choice(s) explicit

Browse source 
configure no longer tries to find a TLS library by default, but all
libraries are now equal: the user needs to explicitly ask what TLS
library or libraries to use.

If no TLS library is selected, configure will error out unless
--without-ssl is explicitly used to request a built without TLS (as that
is very rare these days).

Removes: --with-winssl, --with-darwinssl and all --without-* options for
TLS libraries.

Closes #6897
This commit is contained in:
Daniel Stenberg 2021-04-15 09:04:30 +02:00
parent 4708f29f1c
commit 68d89f242c
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
3 changed files with 149 additions and 147 deletions
Download patch file Download diff file Expand all files Collapse all files

260
configure.ac
View file

@ -181,6 +181,109 @@ dnl
INITIAL_LDFLAGS=$LDFLAGS INITIAL_LDFLAGS=$LDFLAGS
INITIAL_LIBS=$LIBS INITIAL_LIBS=$LIBS
dnl **********************************************************************
dnl See which TLS backend(s) that are requested. Just do all the
dnl TLS AC_ARG_WITH() invokes here and do the checks later
dnl **********************************************************************
OPT_SCHANNEL=no
AC_ARG_WITH(schannel,dnl
AS_HELP_STRING([--with-schannel],[enable Windows native SSL/TLS]),
OPT_SCHANNEL=$withval
TLSCHOICE="schannel")
OPT_SECURETRANSPORT=no
AC_ARG_WITH(secure-transport,dnl
AS_HELP_STRING([--with-secure-transport],[enable Apple OS native SSL/TLS]),
OPT_SECURETRANSPORT=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }Secure-Transport"
)
OPT_AMISSL=no
AC_ARG_WITH(amissl,dnl
AS_HELP_STRING([--with-amissl],[enable Amiga native SSL/TLS (AmiSSL)]),
OPT_AMISSL=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }AmiSSL")
OPT_OPENSSL=no
dnl Default to no CA bundle
ca="no"
AC_ARG_WITH(ssl,dnl
AS_HELP_STRING([--with-ssl=PATH],[old version of --with-openssl])
AS_HELP_STRING([--without-ssl], [build without any TLS library]),
OPT_SSL=$withval
OPT_OPENSSL=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL")
AC_ARG_WITH(openssl,dnl
AS_HELP_STRING([--with-openssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option]),
OPT_OPENSSL=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }OpenSSL")
OPT_GNUTLS=no
AC_ARG_WITH(gnutls,dnl
AS_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to the installation root]),
OPT_GNUTLS=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }GnuTLS")
OPT_MBEDTLS=no
AC_ARG_WITH(mbedtls,dnl
AS_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root]),
OPT_MBEDTLS=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }mbedTLS")
OPT_WOLFSSL=no
AC_ARG_WITH(wolfssl,dnl
AS_HELP_STRING([--with-wolfssl=PATH],[where to look for WolfSSL, PATH points to the installation root (default: system lib default)]),
OPT_WOLFSSL=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }wolfSSL")
OPT_MESALINK=no
AC_ARG_WITH(mesalink,dnl
AS_HELP_STRING([--with-mesalink=PATH],[where to look for MesaLink, PATH points to the installation root]),
OPT_MESALINK=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }MesaLink")
OPT_BEARSSL=no
AC_ARG_WITH(bearssl,dnl
AS_HELP_STRING([--with-bearssl=PATH],[where to look for BearSSL, PATH points to the installation root]),
OPT_BEARSSL=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }BearSSL")
OPT_RUSTLS=no
AC_ARG_WITH(rustls,dnl
AS_HELP_STRING([--with-rustls=PATH],[where to look for rustls, PATH points to the installation root]),
OPT_RUSTLS=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }rustls")
OPT_NSS=no
AC_ARG_WITH(nss,dnl
AS_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the installation root]),
OPT_NSS=$withval
test -z "TLSCHOICE" || TLSCHOICE="${TLSCHOICE:+$TLSCHOICE, }NSS")
dnl If no TLS choice has been made, check if it was explicitly disabled or
dnl error out to force the user to decide.
if test -z "$TLSCHOICE"; then
if test "x$OPT_SSL" != "xno"; then
AC_MSG_ERROR([select TLS backend(s) or disble TLS with --without-ssl.
Select from these:
--with-amissl
--with-bearssl
--with-gnutls
--with-mbedtls
--with-mesalink
--with-nss
--with-openssl (also works for BoringSSL and libressl)
--with-rustls
--with-schannel
--with-secure-transport
--with-wolfssl
])
fi
fi
dnl dnl
dnl Detect the canonical host and target build environment dnl Detect the canonical host and target build environment
dnl dnl
@ -1634,26 +1737,15 @@ dnl -------------------------------------------------
dnl check winssl option before other SSL libraries dnl check winssl option before other SSL libraries
dnl ------------------------------------------------- dnl -------------------------------------------------
OPT_SCHANNEL=no
AC_ARG_WITH(winssl,dnl
AS_HELP_STRING([--with-winssl],[enable Windows native SSL/TLS])
AS_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]),
OPT_SCHANNEL=$withval)
AC_ARG_WITH(schannel,dnl
AS_HELP_STRING([--with-schannel],[enable Windows native SSL/TLS])
AS_HELP_STRING([--without-schannel], [disable Windows native SSL/TLS]),
OPT_SCHANNEL=$withval)
AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)]) AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)])
if test -z "$ssl_backends" -o "x$OPT_SCHANNEL" != xno; then if test "x$OPT_SCHANNEL" != xno; then
ssl_msg= ssl_msg=
if test "x$OPT_SCHANNEL" != "xno" && if test "x$OPT_SCHANNEL" != "xno" &&
test "x$curl_cv_native_windows" = "xyes"; then test "x$curl_cv_native_windows" = "xyes"; then
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support]) AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support])
AC_SUBST(USE_SCHANNEL, [1]) AC_SUBST(USE_SCHANNEL, [1])
ssl_msg="Windows-native" ssl_msg="Schannel"
test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
SCHANNEL_ENABLED=1 SCHANNEL_ENABLED=1
# --with-schannel implies --enable-sspi # --with-schannel implies --enable-sspi
@ -1673,19 +1765,8 @@ if test "x$USE_WIN32_CRYPTO" = "x1" -o "x$USE_SCHANNEL" = "x1"; then
LIBS="-ladvapi32 -lcrypt32 $LIBS" LIBS="-ladvapi32 -lcrypt32 $LIBS"
fi fi
OPT_SECURETRANSPORT=no
AC_ARG_WITH(darwinssl,dnl
AS_HELP_STRING([--with-darwinssl],[enable Apple OS native SSL/TLS])
AS_HELP_STRING([--without-darwinssl], [disable Apple OS native SSL/TLS]),
OPT_SECURETRANSPORT=$withval)
AC_ARG_WITH(secure-transport,dnl
AS_HELP_STRING([--with-secure-transport],[enable Apple OS native SSL/TLS])
AS_HELP_STRING([--without-secure-transport], [disable Apple OS native SSL/TLS]),
OPT_SECURETRANSPORT=$withval)
AC_MSG_CHECKING([whether to enable Secure Transport]) AC_MSG_CHECKING([whether to enable Secure Transport])
if test -z "$ssl_backends" -o "x$OPT_SECURETRANSPORT" != xno; then if test "x$OPT_SECURETRANSPORT" != xno; then
if test "x$OPT_SECURETRANSPORT" != "xno" && if test "x$OPT_SECURETRANSPORT" != "xno" &&
(test "x$cross_compiling" != "xno" || test -d "/System/Library/Frameworks/Security.framework"); then (test "x$cross_compiling" != "xno" || test -d "/System/Library/Frameworks/Security.framework"); then
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
@ -1703,15 +1784,9 @@ else
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
fi fi
OPT_AMISSL=no
AC_ARG_WITH(amissl,dnl
AS_HELP_STRING([--with-amissl],[enable Amiga native SSL/TLS (AmiSSL)])
AS_HELP_STRING([--without-amissl], [disable Amiga native SSL/TLS (AmiSSL)]),
OPT_AMISSL=$withval)
AC_MSG_CHECKING([whether to enable Amiga native SSL/TLS (AmiSSL)]) AC_MSG_CHECKING([whether to enable Amiga native SSL/TLS (AmiSSL)])
if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then
if test -z "$ssl_backends" -o "x$OPT_AMISSL" != xno; then if test "x$OPT_AMISSL" != xno; then
ssl_msg= ssl_msg=
if test "x$OPT_AMISSL" != "xno"; then if test "x$OPT_AMISSL" != "xno"; then
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
@ -1733,25 +1808,10 @@ else
fi fi
dnl ********************************************************************** dnl **********************************************************************
dnl Check for the presence of SSL libraries and headers dnl Check for OpenSSL libraries and headers
dnl ********************************************************************** dnl **********************************************************************
dnl Default to compiler & linker defaults for SSL files & libraries. if test "x$OPT_OPENSSL" != xno; then
OPT_SSL=off
dnl Default to no CA bundle
ca="no"
AC_ARG_WITH(ssl,dnl
AS_HELP_STRING([--with-ssl=PATH],[old version of --with-openssl])
AS_HELP_STRING([--without-ssl], [old version of --without-openssl]),
OPT_SSL=$withval)
AC_ARG_WITH(openssl,dnl
AS_HELP_STRING([--with-openssl=PATH],[Where to look for OpenSSL, PATH points to the SSL installation (default: /usr/local/ssl); when possible, set the PKG_CONFIG_PATH environment variable instead of using this option])
AS_HELP_STRING([--without-openssl], [disable OpenSSL]),
OPT_SSL=$withval)
if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
test X"$OPT_SSL" != Xno; then
ssl_msg= ssl_msg=
dnl backup the pre-ssl variables dnl backup the pre-ssl variables
@ -1781,7 +1841,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
;; ;;
esac esac
case "$OPT_SSL" in case "$OPT_OPENSSL" in
yes) yes)
dnl --with-openssl (without path) used dnl --with-openssl (without path) used
PKGTEST="yes" PKGTEST="yes"
@ -1796,12 +1856,12 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
*) *)
dnl check the given --with-openssl spot dnl check the given --with-openssl spot
PKGTEST="no" PKGTEST="no"
PREFIX_OPENSSL=$OPT_SSL PREFIX_OPENSSL=$OPT_OPENSSL
dnl Try pkg-config even when cross-compiling. Since we dnl Try pkg-config even when cross-compiling. Since we
dnl specify PKG_CONFIG_LIBDIR we're only looking where dnl specify PKG_CONFIG_LIBDIR we're only looking where
dnl the user told us to look dnl the user told us to look
OPENSSL_PCDIR="$OPT_SSL/lib/pkgconfig" OPENSSL_PCDIR="$OPT_OPENSSL/lib/pkgconfig"
if test -f "$OPENSSL_PCDIR/openssl.pc"; then if test -f "$OPENSSL_PCDIR/openssl.pc"; then
AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"]) AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$OPENSSL_PCDIR"])
PKGTEST="yes" PKGTEST="yes"
@ -1965,7 +2025,7 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
LIBS="$CLEANLIBS" LIBS="$CLEANLIBS"
fi fi
if test X"$OPT_SSL" != Xoff && if test X"$OPT_OPENSSL" != Xoff &&
test "$OPENSSL_ENABLED" != "1"; then test "$OPENSSL_ENABLED" != "1"; then
AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!]) AC_MSG_ERROR([OpenSSL libs and/or directories were not found where specified!])
fi fi
@ -2057,10 +2117,9 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno &&
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi fi
if test X"$OPT_SSL" != Xoff && if test X"$OPT_OPENSSL" != Xno &&
test X"$OPT_SSL" != Xno &&
test "$OPENSSL_ENABLED" != "1"; then test "$OPENSSL_ENABLED" != "1"; then
AC_MSG_NOTICE([OPT_SSL: $OPT_SSL]) AC_MSG_NOTICE([OPT_OPENSSL: $OPT_OPENSSL])
AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED]) AC_MSG_NOTICE([OPENSSL_ENABLED: $OPENSSL_ENABLED])
AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected]) AC_MSG_ERROR([--with-openssl was given but OpenSSL could not be detected])
fi fi
@ -2130,15 +2189,7 @@ dnl ----------------------------------------------------
dnl check for GnuTLS dnl check for GnuTLS
dnl ---------------------------------------------------- dnl ----------------------------------------------------
dnl Default to compiler & linker defaults for GnuTLS files & libraries. if test "x$OPT_GNUTLS" != xno; then
OPT_GNUTLS=no
AC_ARG_WITH(gnutls,dnl
AS_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to the installation root])
AS_HELP_STRING([--without-gnutls], [disable GnuTLS detection]),
OPT_GNUTLS=$withval)
if test -z "$ssl_backends" -o "x$OPT_GNUTLS" != xno; then
ssl_msg= ssl_msg=
if test X"$OPT_GNUTLS" != Xno; then if test X"$OPT_GNUTLS" != Xno; then
@ -2279,16 +2330,9 @@ dnl ----------------------------------------------------
dnl check for mbedTLS dnl check for mbedTLS
dnl ---------------------------------------------------- dnl ----------------------------------------------------
OPT_MBEDTLS=no if test "x$OPT_MBEDTLS" != xno; then
_cppflags=$CPPFLAGS
_cppflags=$CPPFLAGS _ldflags=$LDFLAGS
_ldflags=$LDFLAGS
AC_ARG_WITH(mbedtls,dnl
AS_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root])
AS_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
OPT_MBEDTLS=$withval)
if test -z "$ssl_backends" -o "x$OPT_MBEDTLS" != xno; then
ssl_msg= ssl_msg=
if test X"$OPT_MBEDTLS" != Xno; then if test X"$OPT_MBEDTLS" != Xno; then
@ -2371,17 +2415,6 @@ dnl ----------------------------------------------------
dnl check for wolfSSL dnl check for wolfSSL
dnl ---------------------------------------------------- dnl ----------------------------------------------------
dnl Default to compiler & linker defaults for wolfSSL files & libraries.
OPT_WOLFSSL=no
_cppflags=$CPPFLAGS
_ldflags=$LDFLAGS
AC_ARG_WITH(wolfssl,dnl
AS_HELP_STRING([--with-wolfssl=PATH],[where to look for WolfSSL, PATH points to the installation root (default: system lib default)])
AS_HELP_STRING([--without-wolfssl], [disable WolfSSL detection]),
OPT_WOLFSSL=$withval)
case "$OPT_WOLFSSL" in case "$OPT_WOLFSSL" in
yes|no) yes|no)
wolfpkg="" wolfpkg=""
@ -2391,7 +2424,10 @@ case "$OPT_WOLFSSL" in
;; ;;
esac esac
if test -z "$ssl_backends" -o "x$OPT_WOLFSSL" != xno; then if test "x$OPT_WOLFSSL" != xno; then
_cppflags=$CPPFLAGS
_ldflags=$LDFLAGS
ssl_msg= ssl_msg=
if test X"$OPT_WOLFSSL" != Xno; then if test X"$OPT_WOLFSSL" != Xno; then
@ -2532,17 +2568,9 @@ dnl ----------------------------------------------------
dnl check for MesaLink dnl check for MesaLink
dnl ---------------------------------------------------- dnl ----------------------------------------------------
dnl Default to compiler & linker defaults for MesaLink files & libraries. if test "x$OPT_MESALINK" != xno; then
OPT_MESALINK=no _cppflags=$CPPFLAGS
_ldflags=$LDFLAGS
_cppflags=$CPPFLAGS
_ldflags=$LDFLAGS
AC_ARG_WITH(mesalink,dnl
AS_HELP_STRING([--with-mesalink=PATH],[where to look for MesaLink, PATH points to the installation root])
AS_HELP_STRING([--without-mesalink], [disable MesaLink detection]),
OPT_MESALINK=$withval)
if test -z "$ssl_backends" -o "x$OPT_MESALINK" != xno; then
ssl_msg= ssl_msg=
if test X"$OPT_MESALINK" != Xno; then if test X"$OPT_MESALINK" != Xno; then
@ -2624,16 +2652,9 @@ dnl ----------------------------------------------------
dnl check for BearSSL dnl check for BearSSL
dnl ---------------------------------------------------- dnl ----------------------------------------------------
OPT_BEARSSL=no if test "x$OPT_BEARSSL" != xno; then
_cppflags=$CPPFLAGS
_cppflags=$CPPFLAGS _ldflags=$LDFLAGS
_ldflags=$LDFLAGS
AC_ARG_WITH(bearssl,dnl
AS_HELP_STRING([--with-bearssl=PATH],[where to look for BearSSL, PATH points to the installation root])
AS_HELP_STRING([--without-bearssl], [disable BearSSL detection]),
OPT_BEARSSL=$withval)
if test -z "$ssl_backends" -o "x$OPT_BEARSSL" != xno; then
ssl_msg= ssl_msg=
if test X"$OPT_BEARSSL" != Xno; then if test X"$OPT_BEARSSL" != Xno; then
@ -2716,16 +2737,9 @@ dnl ----------------------------------------------------
dnl check for rustls dnl check for rustls
dnl ---------------------------------------------------- dnl ----------------------------------------------------
OPT_RUSTLS=no if test "x$OPT_RUSTLS" != xno; then
_cppflags=$CPPFLAGS
_cppflags=$CPPFLAGS _ldflags=$LDFLAGS
_ldflags=$LDFLAGS
AC_ARG_WITH(rustls,dnl
AS_HELP_STRING([--with-rustls=PATH],[where to look for rustls, PATH points to the installation root])
AS_HELP_STRING([--without-rustls], [disable rustls detection]),
OPT_RUSTLS=$withval)
if test -z "$ssl_backends" -o "x$OPT_RUSTLS" != xno; then
ssl_msg= ssl_msg=
if test X"$OPT_RUSTLS" != Xno; then if test X"$OPT_RUSTLS" != Xno; then
@ -2806,15 +2820,7 @@ dnl ----------------------------------------------------
dnl NSS. Only check if GnuTLS and OpenSSL are not enabled dnl NSS. Only check if GnuTLS and OpenSSL are not enabled
dnl ---------------------------------------------------- dnl ----------------------------------------------------
dnl Default to compiler & linker defaults for NSS files & libraries. if test "x$OPT_NSS" != xno; then
OPT_NSS=no
AC_ARG_WITH(nss,dnl
AS_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the installation root])
AS_HELP_STRING([--without-nss], [disable NSS detection]),
OPT_NSS=$withval)
if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then
ssl_msg= ssl_msg=
if test X"$OPT_NSS" != Xno; then if test X"$OPT_NSS" != Xno; then

28
docs/INSTALL.md
View file

@ -30,11 +30,13 @@ proceed.
A normal Unix installation is made in three or four steps (after you've A normal Unix installation is made in three or four steps (after you've
unpacked the source archive): unpacked the source archive):
./configure ./configure --with-openssl [--with-gnutls --with-wolfssl]
make make
make test (optional) make test (optional)
make install make install
(Adjust the configure line accordingly to use the TLS library you want.)
You probably need to be root when doing the last command. You probably need to be root when doing the last command.
Get a full listing of all available configure options by invoking it like: Get a full listing of all available configure options by invoking it like:
@ -73,7 +75,7 @@ Without pkg-config installed, use this:
If you insist on forcing a build without SSL support, even though you may If you insist on forcing a build without SSL support, even though you may
have OpenSSL installed in your system, you can run configure like this: have OpenSSL installed in your system, you can run configure like this:
./configure --without-openssl ./configure --without-ssl
If you have OpenSSL installed, but with the libraries in one place and the If you have OpenSSL installed, but with the libraries in one place and the
header files somewhere else, you have to set the `LDFLAGS` and `CPPFLAGS` header files somewhere else, you have to set the `LDFLAGS` and `CPPFLAGS`
@ -109,17 +111,19 @@ want to alter it, you can select how to deal with each individual library.
## Select TLS backend ## Select TLS backend
The default OpenSSL configure check will also detect and use BoringSSL or These options are provided to select TLS backend to use.
libressl.
- GnuTLS: `--without-openssl --with-gnutls`. - AmiSSL: `--with-amissl`
- wolfSSL: `--without-openssl --with-wolfssl` - BearSSL: `--with-bearssl`
- NSS: `--without-openssl --with-nss` - GnuTLS: `--with-gnutls`.
- mbedTLS: `--without-openssl --with-mbedtls` - mbedTLS: `--with-mbedtls`
- schannel: `--without-openssl --with-schannel` - MesaLink: `--with-mesalink`
- secure transport: `--without-openssl --with-secure-transport` - NSS: `--with-nss`
- MesaLink: `--without-openssl --with-mesalink` - OpenSSL: `--with-openssl` (also for BoringSSL and libressl)
- BearSSL: `--without-openssl --with-bearssl` - rustls: `--with-rustls`
- schannel: `--with-schannel`
- secure transport: `--with-secure-transport`
- wolfSSL: `--with-wolfssl`
# Windows # Windows

8
docs/TODO
View file

@ -112,7 +112,6 @@
13.4 Cache/share OpenSSL contexts 13.4 Cache/share OpenSSL contexts
13.5 Export session ids 13.5 Export session ids
13.6 Provide callback for cert verification 13.6 Provide callback for cert verification
13.7 improve configure --with-openssl
13.8 Support DANE 13.8 Support DANE
13.9 TLS record padding 13.9 TLS record padding
13.10 Support Authority Information Access certificate extension (AIA) 13.10 Support Authority Information Access certificate extension (AIA)
@ -768,13 +767,6 @@
certificate, but this doesn't seem to be exposed in the libcurl APIs. Could certificate, but this doesn't seem to be exposed in the libcurl APIs. Could
it be? There's so much that could be done if it were! it be? There's so much that could be done if it were!
13.7 improve configure --with-openssl
Consider making the configure script not guess which TLS library to use (as
it makes it harder to purposely select another library than the default).
Maybe require specific TLS library option(s) or an explicit no-TLS-at-all
option.
13.8 Support DANE 13.8 Support DANE
DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL