-
Notifications
You must be signed in to change notification settings - Fork 6.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[curl] Add http3 + remove ssl + openssl default ssl + remove other ssl/tls backend features. #37450
Conversation
73ac5d1
to
433c82f
Compare
ports/curl/use_ca_native.patch
Outdated
|
||
+option(CURL_USE_CA_NATIVE "Use standard certificate store of operating system" OFF) | ||
+if(CURL_USE_CA_NATIVE) | ||
+ set(USE_CA_NATIVE ON) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No. Use CURLSSLOPT_NATIVE_CA
runtime option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok. I will remove this feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@BillyONeal I am thinking to bring the native certificate os by default. That even on windows, openssl can take native certificate by default.
What do you think?
curl/curl#13111
433c82f
to
19f41c6
Compare
@@ -142,35 +159,6 @@ | |||
"libssh2" | |||
] | |||
}, | |||
"ssl": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see a reason why ssl
should be removed and openssl
made the default. Could you explain?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can read all comments in my other PR start with @BillyONeal
#37146 (comment)
@BillyONeal Do you want me to remove schannel and other ssl backend features as well? |
i.e. changing windows and osx backend to openssl.
alll for experimental http3 support. |
You can enable native cert check, also for openssl. I wanted to enable it by default. I can make a patch for that. Native cert check for openssl should be marked as manual. @dg0yt Your link updated |
Is this PR, or http3 with restriction, or without http3. |
As long as other backends exist, you have multi-ssl. And cannot have http3. |
As you wish. |
663e8e1
to
1c628e9
Compare
Correct, the expectation was that on Does http3 support only work with openssl? |
This document write down all the options for curl with http3. |
Hmmm... that's unfortunate. Adding some maintainers of https://github.com/microsoft/msquic @nibanks @rzikm @csujedihy Do we have guidance for how normal Windows folks should get to http3 that complies with machine policy? |
:sigh: I'm sorry for making the suggestion to do this, I didn't realize that removing the TLS features would make the platform default TLS backends non functional. I'm no longer sure this is the correct tradeoff. I asked some Windows folks about their thoughts... |
@BillyONeal Don't be sorry, These PRs for that we check, test and learn. I am happy that we check all the options for http3. |
ddf1019
to
bd338b7
Compare
@BillyONeal I added the feature ca-native. also add it by default.
Try and let me know what do you think. |
Closing this as per #37146 (comment) ; sorry our misunderstanding sent you on this path :/ |
./vcpkg x-add-version --all
and committing the result.