curl: make SecureTransport the secondary TLS-backend

The 8.3.0-specific logic depends on this: curl/curl@26c7feb curl/curl#11774
curl · Oct 8, 2023 · fba3391 · fba3391
1 parent 668be8f
commit fba3391
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/curl-autotools.sh b/curl-autotools.sh
@@ -141,12 +141,17 @@ _VER="$1"
     elif [ "${_OS}" = 'mac' ] && [ "${_OSVER}" -lt '1015' ]; then
       # SecureTransport deprecated in 2019 (macOS 10.15 Catalina, iOS 13.0)
       options="${options} --with-secure-transport"
+      # Without this, SecureTransport becomes the default TLS backend
+      [ -n "${mainssl}" ] && options="${options} --with-default-ssl-backend=${mainssl}"
     fi
     CPPFLAGS="${CPPFLAGS} -DHAS_ALPN"
 
     h3=0
 
+    mainssl=''  # openssl, wolfssl, mbedtls, schannel, secure-transport, gnutls, bearssl, rustls
+
     if [ -n "${_OPENSSL}" ]; then
+      mainssl='openssl'
       options="${options} --with-openssl=${_TOP}/${_OPENSSL}/${_PP}"
       options="${options} --disable-openssl-auto-load-config"
       if [ "${_OPENSSL}" = 'boringssl' ]; then
@@ -166,6 +171,7 @@ _VER="$1"
     fi
 
     if [ -d ../wolfssl ]; then
+      mainssl='wolfssl'
       options="${options} --with-wolfssl=${_TOP}/wolfssl/${_PP}"
       # for QUIC auto-detection
       CPPFLAGS="${CPPFLAGS} -DHAVE_UINTPTR_T"
@@ -176,6 +182,7 @@ _VER="$1"
     fi
 
     if [ -d ../mbedtls ]; then
+      mainssl='mbedtls'
       options="${options} --with-mbedtls=${_TOP}/mbedtls/${_PP}"
     else
       options="${options} --without-mbedtls"

diff --git a/curl-cmake.sh b/curl-cmake.sh
@@ -132,7 +132,10 @@ _VER="$1"
 
   h3=0
 
+  mainssl=''  # openssl, wolfssl, mbedtls, schannel, secure-transport, gnutls, bearssl, rustls
+
   if [ -n "${_OPENSSL}" ]; then
+    mainssl='openssl'
     options="${options} -DCURL_USE_OPENSSL=ON"
     options="${options} -DOPENSSL_ROOT_DIR=${_TOP}/${_OPENSSL}/${_PP}"
     options="${options} -DCURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG=ON"
@@ -152,6 +155,7 @@ _VER="$1"
   fi
 
   if [ -d ../wolfssl ]; then
+    mainssl='wolfssl'
     options="${options} -DCURL_USE_WOLFSSL=ON"
     options="${options} -DWolfSSL_INCLUDE_DIR=${_TOP}/wolfssl/${_PP}/include"
     options="${options} -DWolfSSL_LIBRARY=${_TOP}/wolfssl/${_PP}/lib/libwolfssl.a"
@@ -160,6 +164,7 @@ _VER="$1"
   fi
 
   if [ -d ../mbedtls ]; then
+    mainssl='mbedtls'
     options="${options} -DCURL_USE_MBEDTLS=ON"
     options="${options} -DMBEDTLS_INCLUDE_DIRS=${_TOP}/mbedtls/${_PP}/include"
     options="${options} -DMBEDCRYPTO_LIBRARY=${_TOP}/mbedtls/${_PP}/lib/libmbedcrypto.a"
@@ -172,6 +177,8 @@ _VER="$1"
   elif [ "${_OS}" = 'mac' ] && [ "${_OSVER}" -lt '1015' ]; then
     # SecureTransport deprecated in 2019 (macOS 10.15 Catalina, iOS 13.0)
     options="${options} -DCURL_USE_SECTRANSP=ON"
+    # Without this, SecureTransport becomes the default TLS backend
+    [ -n "${mainssl}" ] && options="${options} -DCURL_DEFAULT_SSL_BACKEND=${mainssl}"
   fi
   CPPFLAGS="${CPPFLAGS} -DHAS_ALPN"