[curl] Add http3 + remove ssl + openssl default ssl + remove other ssl/tls backend features.

[talregev]

• Changes comply with the maintainer guide.
• SHA512s are updated for each updated download.
• The "supports" clause reflects platforms that may be fixed by this new version.
• Any fixed CI baseline entries are removed from that file.
• Any patches that are no longer applied are deleted from the port's directory.
• The version database is fixed by rerunning ./vcpkg x-add-version --all and committing the result.
• Only one version is added to each modified port's versions file.

[Osyotr]

No. Use CURLSSLOPT_NATIVE_CA runtime option.

[talregev]

ok. I will remove this feature.

[talregev]

@BillyONeal I am thinking to bring the native certificate os by default. That even on windows, openssl can take native certificate by default.
What do you think?
curl/curl#13111

[Osyotr]

I don't see a reason why ssl should be removed and openssl made the default. Could you explain?

[talregev]

You can read all comments in my other PR start with @BillyONeal
#37146 (comment)

[talregev]

@BillyONeal Do you want me to remove schannel and other ssl backend features as well?

[dg0yt]

i.e. changing windows and osx backend to openssl.
Backend comparision: https://curl.se/docs/ssl-compared.html

• no automatic CRL
• no native cert check
• extra deployment burden

alll for experimental http3 support.

[talregev]

i.e. changing windows and osx backend to openssl. Backend comparision: https://curl.se/docs/ssl-compared.html

• no automatic CRL
• no native cert check
• extra deployment burden

alll for experimental http3 support.

You can enable native cert check, also for openssl. I wanted to enable it by default. I can make a patch for that.
This document is a little outdated.

Native cert check for openssl should be marked as manual.
https://github.com/curl/curl/blob/master/docs/cmdline-opts/ca-native.md
curl/curl#12155

@dg0yt Your link updated

[talregev]

i.e. changing windows and osx backend to openssl. Backend comparision: https://curl.se/docs/ssl-compared.html

• no automatic CRL
• no native cert check
• extra deployment burden

alll for experimental http3 support.

Is this PR, or http3 with restriction, or without http3.

[dg0yt]

Do you want me to remove schannel and other ssl backend features as well?

As long as other backends exist, you have multi-ssl. And cannot have http3.

[talregev]

Do you want me to remove schannel and other ssl backend features as well?

As long as other backends exist, you have multi-ssl. And cannot have http3.

As you wish.
mbedtls, schannel, sectransp, winssl, wolfssl features was removed.

[BillyONeal]

Correct, the expectation was that on osx | ios, the TLS backend selected is sectransp, on (windows & !uwp) | mingw the backend selected is schannel, and openssl selected otherwise.

Does http3 support only work with openssl?

[talregev]

This document write down all the options for curl with http3.
https://curl.se/docs/http3.html

[BillyONeal]

This document write down all the options for curl with http3. https://curl.se/docs/http3.html

Hmmm... that's unfortunate. Adding some maintainers of https://github.com/microsoft/msquic

@nibanks @rzikm @csujedihy Do we have guidance for how normal Windows folks should get to http3 that complies with machine policy?

[BillyONeal]

:sigh: I'm sorry for making the suggestion to do this, I didn't realize that removing the TLS features would make the platform default TLS backends non functional. I'm no longer sure this is the correct tradeoff. I asked some Windows folks about their thoughts...

[talregev]

@BillyONeal Don't be sorry, These PRs for that we check, test and learn. I am happy that we check all the options for http3.
My original offer to this PR is that openssl will check native certificate by default, include windows.
Then you can compile curl tool and test the new http3 connection.
I will make another commit later, with the command to test the curl http3 connection on windows (or any other os).

[talregev]

@BillyONeal I added the feature ca-native. also add it by default.
On windows you can try:

vcpkg install curl[tool,http3]
cd installed\x64-windows\tools\curl
curl --http3 https://curl.se/ -I

Try and let me know what do you think.
We can also go back to my previous PR that is on draft: #37146
Or if there is other option.
Also we can wait for maintainers of msquic for their respond.

[BillyONeal]

Closing this as per #37146 (comment) ; sorry our misunderstanding sent you on this path :/