moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2025-02-28 01:11:47 -05:00
Code Issues Releases Wiki Activity

TLS naming: fix more Winssl and Darwinssl leftovers

Browse Source 
The CMake option is now called CMAKE_USE_SCHANNEL

The winbuild flag is USE_SCHANNEL

The CI jobs and build scripts only use the new names and the new name
options

Tests now require 'Schannel' (when necessary)

Closes #5795
This commit is contained in:
Daniel Stenberg 2020-08-07 17:11:52 +02:00
parent 265717d271
commit 2429f45a97
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
21 changed files with 91 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/macos.yml vendored
View File

@ -40,7 +40,7 @@ jobs:
macosx-version-min: 10.15 macosx-version-min: 10.15
- name: SecureTransport metalink - name: SecureTransport metalink
install: nghttp2 openssl libmetalink install: nghttp2 openssl libmetalink
configure: --enable-debug --without-ssl --with-darwinssl --with-libmetalink configure: --enable-debug --without-ssl --with-secure-transport --with-libmetalink
macosx-version-min: 10.8 macosx-version-min: 10.8
- name: OpenSSL metalink - name: OpenSSL metalink
install: nghttp2 openssl libmetalink install: nghttp2 openssl libmetalink

19
CMakeLists.txt
View File

@ -309,14 +309,17 @@ endif()
# check SSL libraries # check SSL libraries
# TODO support GnuTLS # TODO support GnuTLS
if(CMAKE_USE_WINSSL)
message(FATAL_ERROR "The cmake option CMAKE_USE_WINSSL was renamed to CMAKE_USE_SCHANNEL.")
endif()
if(APPLE) if(APPLE)
option(CMAKE_USE_SECTRANSP "enable Apple OS native SSL/TLS" OFF) option(CMAKE_USE_SECTRANSP "enable Apple OS native SSL/TLS" OFF)
endif() endif()
if(WIN32) if(WIN32)
option(CMAKE_USE_WINSSL "enable Windows native SSL/TLS" OFF) option(CMAKE_USE_SCHANNEL "enable Windows native SSL/TLS" OFF)
cmake_dependent_option(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON cmake_dependent_option(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON
CMAKE_USE_WINSSL OFF) CMAKE_USE_SCHANNEL OFF)
endif() endif()
option(CMAKE_USE_MBEDTLS "Enable mbedTLS for SSL/TLS" OFF) option(CMAKE_USE_MBEDTLS "Enable mbedTLS for SSL/TLS" OFF)
option(CMAKE_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF) option(CMAKE_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF)
@ -324,13 +327,13 @@ option(CMAKE_USE_NSS "Enable NSS for SSL/TLS" OFF)
option(CMAKE_USE_WOLFSSL "enable wolfSSL for SSL/TLS" OFF) option(CMAKE_USE_WOLFSSL "enable wolfSSL for SSL/TLS" OFF)
set(openssl_default ON) set(openssl_default ON)
if(WIN32 OR CMAKE_USE_SECTRANSP OR CMAKE_USE_WINSSL OR CMAKE_USE_MBEDTLS OR CMAKE_USE_NSS OR CMAKE_USE_WOLFSSL) if(WIN32 OR CMAKE_USE_SECTRANSP OR CMAKE_USE_SCHANNEL OR CMAKE_USE_MBEDTLS OR CMAKE_USE_NSS OR CMAKE_USE_WOLFSSL)
set(openssl_default OFF) set(openssl_default OFF)
endif() endif()
option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ${openssl_default}) option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ${openssl_default})
count_true(enabled_ssl_options_count count_true(enabled_ssl_options_count
CMAKE_USE_WINSSL CMAKE_USE_SCHANNEL
CMAKE_USE_SECTRANSP CMAKE_USE_SECTRANSP
CMAKE_USE_OPENSSL CMAKE_USE_OPENSSL
CMAKE_USE_MBEDTLS CMAKE_USE_MBEDTLS
@ -342,10 +345,10 @@ if(enabled_ssl_options_count GREATER "1")
set(CURL_WITH_MULTI_SSL ON) set(CURL_WITH_MULTI_SSL ON)
endif() endif()
if(CMAKE_USE_WINSSL) if(CMAKE_USE_SCHANNEL)
set(SSL_ENABLED ON) set(SSL_ENABLED ON)
set(USE_SCHANNEL ON) # Windows native SSL/TLS support set(USE_SCHANNEL ON) # Windows native SSL/TLS support
set(USE_WINDOWS_SSPI ON) # CMAKE_USE_WINSSL implies CURL_WINDOWS_SSPI set(USE_WINDOWS_SSPI ON) # CMAKE_USE_SCHANNEL implies CURL_WINDOWS_SSPI
list(APPEND CURL_LIBS "crypt32") list(APPEND CURL_LIBS "crypt32")
endif() endif()
if(CURL_WINDOWS_SSPI) if(CURL_WINDOWS_SSPI)
@ -1353,7 +1356,7 @@ _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32)
_add_if("IDN" HAVE_LIBIDN2) _add_if("IDN" HAVE_LIBIDN2)
_add_if("Largefile" (CURL_SIZEOF_CURL_OFF_T GREATER 4) AND _add_if("Largefile" (CURL_SIZEOF_CURL_OFF_T GREATER 4) AND
((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES)) ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES))
# TODO SSP1 (WinSSL) check is missing # TODO SSP1 (Schannel) check is missing
_add_if("SSPI" USE_WINDOWS_SSPI) _add_if("SSPI" USE_WINDOWS_SSPI)
_add_if("GSS-API" HAVE_GSSAPI) _add_if("GSS-API" HAVE_GSSAPI)
_add_if("alt-svc" ENABLE_ALT_SVC) _add_if("alt-svc" ENABLE_ALT_SVC)
@ -1415,7 +1418,7 @@ message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}")
# Clear list and collect SSL backends # Clear list and collect SSL backends
set(_items) set(_items)
_add_if("WinSSL" SSL_ENABLED AND USE_WINDOWS_SSPI) _add_if("Schannel" SSL_ENABLED AND USE_WINDOWS_SSPI)
_add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL) _add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL)
_add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP) _add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP)
_add_if("mbedTLS" SSL_ENABLED AND USE_MBEDTLS) _add_if("mbedTLS" SSL_ENABLED AND USE_MBEDTLS)

4
MacOSX-Framework
View File

@ -103,7 +103,7 @@ MINVER64='-mmacosx-version-min='$MACVER64
if test ! -z $SDK32; then if test ! -z $SDK32; then
echo "----Configuring libcurl for 32 bit universal framework..." echo "----Configuring libcurl for 32 bit universal framework..."
make clean make clean
./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \ ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \
CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32" \ CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32" \
LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 -Wl,-headerpad_max_install_names" \ LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 -Wl,-headerpad_max_install_names" \
CC=$CC CC=$CC
@ -132,7 +132,7 @@ if test ! -z $SDK32; then
popd popd
make clean make clean
echo "----Configuring libcurl for 64 bit universal framework..." echo "----Configuring libcurl for 64 bit universal framework..."
./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \ ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \
CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64" \ CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64" \
LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 -Wl,-headerpad_max_install_names" \ LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 -Wl,-headerpad_max_install_names" \
CC=$CC CC=$CC

24
appveyor.yml
View File

@ -30,7 +30,7 @@ environment:
PRJ_GEN: "Visual Studio 9 2008" PRJ_GEN: "Visual Studio 9 2008"
PRJ_CFG: Release PRJ_CFG: Release
OPENSSL: OFF OPENSSL: OFF
WINSSL: ON SCHANNEL: ON
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: OFF TESTING: OFF
SHARED: ON SHARED: ON
@ -42,7 +42,7 @@ environment:
TARGET: "-A x64" TARGET: "-A x64"
PRJ_CFG: Release PRJ_CFG: Release
OPENSSL: ON OPENSSL: ON
WINSSL: OFF SCHANNEL: OFF
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: OFF TESTING: OFF
SHARED: ON SHARED: ON
@ -54,7 +54,7 @@ environment:
TARGET: "-A ARM64" TARGET: "-A ARM64"
PRJ_CFG: Release PRJ_CFG: Release
OPENSSL: OFF OPENSSL: OFF
WINSSL: ON SCHANNEL: ON
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: OFF TESTING: OFF
SHARED: OFF SHARED: OFF
@ -66,7 +66,7 @@ environment:
PRJ_GEN: "Visual Studio 10 2010 Win64" PRJ_GEN: "Visual Studio 10 2010 Win64"
PRJ_CFG: Debug PRJ_CFG: Debug
OPENSSL: OFF OPENSSL: OFF
WINSSL: OFF SCHANNEL: OFF
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: ON TESTING: ON
SHARED: OFF SHARED: OFF
@ -78,7 +78,7 @@ environment:
TARGET: "-A x64" TARGET: "-A x64"
PRJ_CFG: Debug PRJ_CFG: Debug
OPENSSL: OFF OPENSSL: OFF
WINSSL: ON SCHANNEL: ON
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: ON TESTING: ON
SHARED: OFF SHARED: OFF
@ -90,7 +90,7 @@ environment:
TARGET: "-A x64" TARGET: "-A x64"
PRJ_CFG: Debug PRJ_CFG: Debug
OPENSSL: OFF OPENSSL: OFF
WINSSL: OFF SCHANNEL: OFF
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: ON TESTING: ON
SHARED: OFF SHARED: OFF
@ -102,7 +102,7 @@ environment:
TARGET: "-A x64" TARGET: "-A x64"
PRJ_CFG: Debug PRJ_CFG: Debug
OPENSSL: OFF OPENSSL: OFF
WINSSL: OFF SCHANNEL: OFF
HTTP_ONLY: ON HTTP_ONLY: ON
TESTING: ON TESTING: ON
SHARED: OFF SHARED: OFF
@ -114,7 +114,7 @@ environment:
PRJ_GEN: "MSYS Makefiles" PRJ_GEN: "MSYS Makefiles"
PRJ_CFG: Debug PRJ_CFG: Debug
OPENSSL: OFF OPENSSL: OFF
WINSSL: ON SCHANNEL: ON
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: ON TESTING: ON
SHARED: OFF SHARED: OFF
@ -127,7 +127,7 @@ environment:
PRJ_GEN: "MSYS Makefiles" PRJ_GEN: "MSYS Makefiles"
PRJ_CFG: Debug PRJ_CFG: Debug
OPENSSL: OFF OPENSSL: OFF
WINSSL: ON SCHANNEL: ON
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: ON TESTING: ON
SHARED: OFF SHARED: OFF
@ -140,7 +140,7 @@ environment:
PRJ_GEN: "MSYS Makefiles" PRJ_GEN: "MSYS Makefiles"
PRJ_CFG: Debug PRJ_CFG: Debug
OPENSSL: OFF OPENSSL: OFF
WINSSL: ON SCHANNEL: ON
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: ON TESTING: ON
SHARED: OFF SHARED: OFF
@ -153,7 +153,7 @@ environment:
PRJ_GEN: "MSYS Makefiles" PRJ_GEN: "MSYS Makefiles"
PRJ_CFG: Debug PRJ_CFG: Debug
OPENSSL: OFF OPENSSL: OFF
WINSSL: OFF SCHANNEL: OFF
HTTP_ONLY: OFF HTTP_ONLY: OFF
TESTING: ON TESTING: ON
SHARED: OFF SHARED: OFF
@ -244,7 +244,7 @@ build_script:
-G"%PRJ_GEN%" -G"%PRJ_GEN%"
%TARGET% %TARGET%
-DCMAKE_USE_OPENSSL=%OPENSSL% -DCMAKE_USE_OPENSSL=%OPENSSL%
-DCMAKE_USE_WINSSL=%WINSSL% -DCMAKE_USE_SCHANNEL=%SCHANNEL%
-DHTTP_ONLY=%HTTP_ONLY% -DHTTP_ONLY=%HTTP_ONLY%
-DBUILD_SHARED_LIBS=%SHARED% -DBUILD_SHARED_LIBS=%SHARED%
-DBUILD_TESTING=%TESTING% -DBUILD_TESTING=%TESTING%

26
configure.ac
View File

@ -1611,29 +1611,29 @@ dnl -------------------------------------------------
dnl check winssl option before other SSL libraries dnl check winssl option before other SSL libraries
dnl ------------------------------------------------- dnl -------------------------------------------------
OPT_WINSSL=no OPT_SCHANNEL=no
AC_ARG_WITH(winssl,dnl AC_ARG_WITH(winssl,dnl
AC_HELP_STRING([--with-winssl],[enable Windows native SSL/TLS]) AC_HELP_STRING([--with-winssl],[enable Windows native SSL/TLS])
AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]), AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]),
OPT_WINSSL=$withval) OPT_SCHANNEL=$withval)
AC_ARG_WITH(schannel,dnl AC_ARG_WITH(schannel,dnl
AC_HELP_STRING([--with-schannel],[enable Windows native SSL/TLS]) AC_HELP_STRING([--with-schannel],[enable Windows native SSL/TLS])
AC_HELP_STRING([--without-schannel], [disable Windows native SSL/TLS]), AC_HELP_STRING([--without-schannel], [disable Windows native SSL/TLS]),
OPT_WINSSL=$withval) OPT_SCHANNEL=$withval)
AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)]) AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)])
if test -z "$ssl_backends" -o "x$OPT_WINSSL" != xno; then if test -z "$ssl_backends" -o "x$OPT_SCHANNEL" != xno; then
ssl_msg= ssl_msg=
if test "x$OPT_WINSSL" != "xno" && if test "x$OPT_SCHANNEL" != "xno" &&
test "x$curl_cv_native_windows" = "xyes"; then test "x$curl_cv_native_windows" = "xyes"; then
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support]) AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support])
AC_SUBST(USE_SCHANNEL, [1]) AC_SUBST(USE_SCHANNEL, [1])
ssl_msg="Windows-native" ssl_msg="Windows-native"
test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
WINSSL_ENABLED=1 SCHANNEL_ENABLED=1
# --with-winssl implies --enable-sspi # --with-schannel implies --enable-sspi
AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
AC_SUBST(USE_WINDOWS_SSPI, [1]) AC_SUBST(USE_WINDOWS_SSPI, [1])
curl_sspi_msg="enabled" curl_sspi_msg="enabled"
@ -2819,7 +2819,7 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then
test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg"
fi fi
case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED" in case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED" in
x) x)
AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl or --with-bearssl to address this.]) AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl or --with-bearssl to address this.])
@ -3282,7 +3282,7 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
versioned_symbols_flavour="NSS_" versioned_symbols_flavour="NSS_"
elif test "x$WOLFSSL_ENABLED" = "x1"; then elif test "x$WOLFSSL_ENABLED" = "x1"; then
versioned_symbols_flavour="WOLFSSL_" versioned_symbols_flavour="WOLFSSL_"
elif test "x$WINSSL_ENABLED" = "x1"; then elif test "x$SCHANNEL_ENABLED" = "x1"; then
versioned_symbols_flavour="SCHANNEL_" versioned_symbols_flavour="SCHANNEL_"
elif test "x$SECURETRANSPORT_ENABLED" = "x1"; then elif test "x$SECURETRANSPORT_ENABLED" = "x1"; then
versioned_symbols_flavour="SECURE_TRANSPORT_" versioned_symbols_flavour="SECURE_TRANSPORT_"
@ -4566,16 +4566,16 @@ AC_HELP_STRING([--disable-sspi],[Disable SSPI]),
fi fi
;; ;;
*) *)
if test "x$WINSSL_ENABLED" = "x1"; then if test "x$SCHANNEL_ENABLED" = "x1"; then
# --with-winssl implies --enable-sspi # --with-schannel implies --enable-sspi
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
else else
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
fi fi
;; ;;
esac ], esac ],
if test "x$WINSSL_ENABLED" = "x1"; then if test "x$SCHANNEL_ENABLED" = "x1"; then
# --with-winssl implies --enable-sspi # --with-schannel implies --enable-sspi
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
else else
AC_MSG_RESULT(no) AC_MSG_RESULT(no)

2
docs/FEATURES
View File

@ -194,7 +194,7 @@ FOOTNOTES
currently supported currently supported
*5 = requires nghttp2 and possibly a recent TLS library *5 = requires nghttp2 and possibly a recent TLS library
*6 = requires c-ares *6 = requires c-ares
*7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for *7 = requires OpenSSL, NSS, GSKit, Schannel or Secure Transport; GnuTLS, for
example, only supports SSLv3 and TLSv1 example, only supports SSLv3 and TLSv1
*8 = requires libssh2 *8 = requires libssh2
*9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI *9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI

4
docs/INSTALL.cmake
View File

@ -24,8 +24,8 @@ Current flaws in the curl CMake build
Missing features in the cmake build: Missing features in the cmake build:
- Builds libcurl without large file support - Builds libcurl without large file support
- Does not support all SSL libraries (only OpenSSL, WinSSL, DarwinSSL, and - Does not support all SSL libraries (only OpenSSL, Schannel,
mbed TLS, NSS, WolfSSL) Secure Transport, and mbed TLS, NSS, WolfSSL)
- Doesn't allow different resolver backends (no c-ares build support) - Doesn't allow different resolver backends (no c-ares build support)
- No RTMP support built - No RTMP support built
- Doesn't allow build curl and libcurl debug enabled - Doesn't allow build curl and libcurl debug enabled

8
docs/INSTALL.md
View File

@ -258,9 +258,9 @@ Windows you should choose another SSL backend such as OpenSSL.
On modern Apple operating systems, curl can be built to use Apple's SSL/TLS On modern Apple operating systems, curl can be built to use Apple's SSL/TLS
implementation, Secure Transport, instead of OpenSSL. To build with Secure implementation, Secure Transport, instead of OpenSSL. To build with Secure
Transport for SSL/TLS, use the configure option `--with-darwinssl`. (It is not Transport for SSL/TLS, use the configure option `--with-secure-transport`. (It
necessary to use the option `--without-ssl`.) This feature requires iOS 5.0 or is not necessary to use the option `--without-ssl`.) This feature requires iOS
later, or OS X 10.5 ("Leopard") or later. 5.0 or later, or OS X 10.5 ("Leopard") or later.
When Secure Transport is in use, the curl options `--cacert` and `--capath` When Secure Transport is in use, the curl options `--cacert` and `--capath`
and their libcurl equivalents, will be ignored, because Secure Transport uses and their libcurl equivalents, will be ignored, because Secure Transport uses
@ -281,7 +281,7 @@ commands in curl's directory in the shell will build the code such that it
will run on cats as old as OS X 10.6 ("Snow Leopard") (using bash): will run on cats as old as OS X 10.6 ("Snow Leopard") (using bash):
export MACOSX_DEPLOYMENT_TARGET="10.6" export MACOSX_DEPLOYMENT_TARGET="10.6"
./configure --with-darwinssl ./configure --with-secure-transport
make make
# Android # Android

4
docs/KNOWN_BUGS
View File

@ -462,12 +462,12 @@ problems may have been fixed or changed somewhat since this was written!
6.1 NTLM authentication and unicode 6.1 NTLM authentication and unicode
NTLM authentication involving unicode user name or password only works NTLM authentication involving unicode user name or password only works
properly if built with UNICODE defined together with the WinSSL/Schannel properly if built with UNICODE defined together with the Schannel
backend. The original problem was mentioned in: backend. The original problem was mentioned in:
https://curl.haxx.se/mail/lib-2009-10/0024.html https://curl.haxx.se/mail/lib-2009-10/0024.html
https://curl.haxx.se/bug/view.cgi?id=896 https://curl.haxx.se/bug/view.cgi?id=896
The WinSSL/Schannel version verified to work as mentioned in The Schannel version verified to work as mentioned in
https://curl.haxx.se/mail/lib-2012-07/0073.html https://curl.haxx.se/mail/lib-2012-07/0073.html
6.2 MIT Kerberos for Windows build 6.2 MIT Kerberos for Windows build

2
docs/SSLCERTS.md
View File

@ -14,7 +14,7 @@ If libcurl was built with Schannel or Secure Transport support (the native SSL
libraries included in Windows and Mac OS X), then this does not apply to libraries included in Windows and Mac OS X), then this does not apply to
you. Scroll down for details on how the OS-native engines handle SSL you. Scroll down for details on how the OS-native engines handle SSL
certificates. If you're not sure, then run "curl -V" and read the results. If certificates. If you're not sure, then run "curl -V" and read the results. If
the version string says "WinSSL" in it, then it was built with Schannel the version string says `Schannel` in it, then it was built with Schannel
support. support.
It is about trust It is about trust

2
docs/libcurl/curl_global_sslset.3
View File

@ -40,7 +40,7 @@ typedef enum {
CURLSSLBACKEND_POLARSSL = 6, /* deprecated */ CURLSSLBACKEND_POLARSSL = 6, /* deprecated */
CURLSSLBACKEND_WOLFSSL = 7, CURLSSLBACKEND_WOLFSSL = 7,
CURLSSLBACKEND_SCHANNEL = 8, CURLSSLBACKEND_SCHANNEL = 8,
CURLSSLBACKEND_DARWINSSL = 9, CURLSSLBACKEND_SECURETRANSPORT = 9,
CURLSSLBACKEND_AXTLS = 10, /* deprecated */ CURLSSLBACKEND_AXTLS = 10, /* deprecated */
CURLSSLBACKEND_MBEDTLS = 11, CURLSSLBACKEND_MBEDTLS = 11,
CURLSSLBACKEND_MESALINK = 12, CURLSSLBACKEND_MESALINK = 12,

4
docs/libcurl/libcurl-thread.3
View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___ .\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____| .\" * \___|\___/|_| \_\_____|
.\" * .\" *
.\" * Copyright (C) 2015 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * Copyright (C) 2015 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * .\" *
.\" * This software is licensed as described in the file COPYING, which .\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms .\" * you should have received as part of this distribution. The terms
@ -59,7 +59,7 @@ https://gnutls.org/manual/html_node/Thread-safety.html
thread-safe already without anything required. thread-safe already without anything required.
.IP Secure-Transport .IP Secure-Transport
The engine is used by libcurl in a way that is fully thread-safe. The engine is used by libcurl in a way that is fully thread-safe.
.IP WinSSL .IP Schannel
The engine is used by libcurl in a way that is fully thread-safe. The engine is used by libcurl in a way that is fully thread-safe.
.IP wolfSSL .IP wolfSSL
The engine is used by libcurl in a way that is fully thread-safe. The engine is used by libcurl in a way that is fully thread-safe.

2
docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3
View File

@ -54,7 +54,7 @@ struct curl_tlssessioninfo {
The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_* The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_*
series: CURLSSLBACKEND_NONE (when built without TLS support), series: CURLSSLBACKEND_NONE (when built without TLS support),
CURLSSLBACKEND_WOLFSSL, CURLSSLBACKEND_DARWINSSL, CURLSSLBACKEND_GNUTLS, CURLSSLBACKEND_WOLFSSL, CURLSSLBACKEND_SECURETRANSPORT, CURLSSLBACKEND_GNUTLS,
CURLSSLBACKEND_GSKIT, CURLSSLBACKEND_MBEDTLS, CURLSSLBACKEND_NSS, CURLSSLBACKEND_GSKIT, CURLSSLBACKEND_MBEDTLS, CURLSSLBACKEND_NSS,
CURLSSLBACKEND_OPENSSL, CURLSSLBACKEND_SCHANNEL or CURLSSLBACKEND_OPENSSL, CURLSSLBACKEND_SCHANNEL or
CURLSSLBACKEND_MESALINK. (Note that the OpenSSL forks are all reported as just CURLSSLBACKEND_MESALINK. (Note that the OpenSSL forks are all reported as just

2
packages/Symbian/group/libcurl.mmp
View File

@ -38,7 +38,7 @@ SOURCE \
idn_win32.c vtls/cyassl.c http_proxy.c non-ascii.c \ idn_win32.c vtls/cyassl.c http_proxy.c non-ascii.c \
asyn-ares.c asyn-thread.c curl_gssapi.c http_ntlm.c curl_ntlm_wb.c \ asyn-ares.c asyn-thread.c curl_gssapi.c http_ntlm.c curl_ntlm_wb.c \
curl_ntlm_core.c curl_sasl.c vtls/schannel.c curl_multibyte.c \ curl_ntlm_core.c curl_sasl.c vtls/schannel.c curl_multibyte.c \
vtls/darwinssl.c conncache.c curl_sasl_sspi.c smb.c curl_endian.c \ conncache.c curl_sasl_sspi.c smb.c curl_endian.c \
curl_des.c curl_range.c system_win32.c sha256.c \ curl_des.c curl_range.c system_win32.c sha256.c \
vauth/vauth.c vauth/cleartext.c vauth/cram.c vauth/digest.c \ vauth/vauth.c vauth/cleartext.c vauth/cram.c vauth/digest.c \
vauth/digest_sspi.c vauth/krb5_gssapi.c vauth/krb5_sspi.c \ vauth/digest_sspi.c vauth/krb5_gssapi.c vauth/krb5_sspi.c \

2
tests/FILEFORMAT.md
View File

@ -328,6 +328,7 @@ Features testable here are:
- `parsedate` - `parsedate`
- `proxy` - `proxy`
- `PSL` - `PSL`
- `Schannel`
- `shuffle-dns` - `shuffle-dns`
- `socks` - `socks`
- `SPNEGO` - `SPNEGO`
@ -342,7 +343,6 @@ Features testable here are:
- `unix-sockets` - `unix-sockets`
- `verbose-strings` - `verbose-strings`
- `win32` - `win32`
- `WinSSL`
as well as each protocol that curl supports. A protocol only needs to be as well as each protocol that curl supports. A protocol only needs to be
specified if it is different from the server (useful when the server specified if it is different from the server (useful when the server

2
tests/data/test2043
View File

@ -10,7 +10,7 @@ HTTP GET
# Client-side # Client-side
<client> <client>
<features> <features>
WinSSL Schannel
</features> </features>
<server> <server>
none none

2
tests/data/test2070
View File

@ -24,7 +24,7 @@ MooMoo
# Client-side # Client-side
<client> <client>
<features> <features>
WinSSL Schannel
!MinGW !MinGW
</features> </features>
<server> <server>

14
tests/runtests.pl
View File

@ -268,8 +268,8 @@ my $has_openssl; # built with a lib using an OpenSSL-like API
my $has_gnutls; # built with GnuTLS my $has_gnutls; # built with GnuTLS
my $has_nss; # built with NSS my $has_nss; # built with NSS
my $has_wolfssl; # built with wolfSSL my $has_wolfssl; # built with wolfSSL
my $has_winssl; # built with WinSSL (Secure Channel aka Schannel) my $has_schannel; # built with Schannel
my $has_darwinssl; # built with DarwinSSL (Secure Transport) my $has_sectransp; # built with Secure Transport
my $has_boringssl; # built with BoringSSL my $has_boringssl; # built with BoringSSL
my $has_libressl; # built with libressl my $has_libressl; # built with libressl
my $has_mbedtls; # built with mbedTLS my $has_mbedtls; # built with mbedTLS
@ -2788,7 +2788,6 @@ sub setupfeatures {
$feature{"alt-svc"} = $has_altsvc; $feature{"alt-svc"} = $has_altsvc;
$feature{"brotli"} = $has_brotli; $feature{"brotli"} = $has_brotli;
$feature{"crypto"} = $has_crypto; $feature{"crypto"} = $has_crypto;
$feature{"DarwinSSL"} = $has_darwinssl; # alias
$feature{"debug"} = $debug_build; $feature{"debug"} = $debug_build;
$feature{"getrlimit"} = $has_getrlimit; $feature{"getrlimit"} = $has_getrlimit;
$feature{"GnuTLS"} = $has_gnutls; $feature{"GnuTLS"} = $has_gnutls;
@ -2810,8 +2809,8 @@ sub setupfeatures {
$feature{"NTLM_WB"} = $has_ntlm_wb; $feature{"NTLM_WB"} = $has_ntlm_wb;
$feature{"OpenSSL"} = $has_openssl || $has_libressl || $has_boringssl; $feature{"OpenSSL"} = $has_openssl || $has_libressl || $has_boringssl;
$feature{"PSL"} = $has_psl; $feature{"PSL"} = $has_psl;
$feature{"Schannel"} = $has_winssl; # alias $feature{"Schannel"} = $has_schannel;
$feature{"sectransp"} = $has_darwinssl; $feature{"sectransp"} = $has_sectransp;
$feature{"SPNEGO"} = $has_spnego; $feature{"SPNEGO"} = $has_spnego;
$feature{"SSL"} = $has_ssl; $feature{"SSL"} = $has_ssl;
$feature{"SSLpinning"} = $has_sslpinning; $feature{"SSLpinning"} = $has_sslpinning;
@ -2822,7 +2821,6 @@ sub setupfeatures {
$feature{"unittest"} = $debug_build; $feature{"unittest"} = $debug_build;
$feature{"unix-sockets"} = $has_unix; $feature{"unix-sockets"} = $has_unix;
$feature{"win32"} = $has_win32; $feature{"win32"} = $has_win32;
$feature{"WinSSL"} = $has_winssl;
$feature{"zstd"} = $has_zstd; $feature{"zstd"} = $has_zstd;
# make each protocol an enabled "feature" # make each protocol an enabled "feature"
@ -2907,7 +2905,7 @@ sub checksystem {
$has_mingw = 1 if ($curl =~ /-pc-mingw32/); $has_mingw = 1 if ($curl =~ /-pc-mingw32/);
} }
if ($libcurl =~ /(winssl|schannel)/i) { if ($libcurl =~ /(winssl|schannel)/i) {
$has_winssl=1; $has_schannel=1;
$has_sslpinning=1; $has_sslpinning=1;
} }
elsif ($libcurl =~ /openssl/i) { elsif ($libcurl =~ /openssl/i) {
@ -2927,7 +2925,7 @@ sub checksystem {
$has_sslpinning=1; $has_sslpinning=1;
} }
elsif ($libcurl =~ /securetransport/i) { elsif ($libcurl =~ /securetransport/i) {
$has_darwinssl=1; $has_sectransp=1;
$has_sslpinning=1; $has_sslpinning=1;
} }
elsif ($libcurl =~ /BoringSSL/i) { elsif ($libcurl =~ /BoringSSL/i) {

12
winbuild/BUILD.WINDOWS.txt
View File

@ -91,7 +91,7 @@ where <options> is one or many of:
ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes
ENABLE_IDN=<yes or no> - Enable use of Windows IDN APIs, defaults to yes ENABLE_IDN=<yes or no> - Enable use of Windows IDN APIs, defaults to yes
Requires Windows Vista or later Requires Windows Vista or later
ENABLE_WINSSL=<yes or no> - Enable native Windows SSL support, defaults to yes ENABLE_SCHANNEL=<yes or no> - Enable native Windows SSL support, defaults to yes
GEN_PDB=<yes or no> - Generate Program Database (debug symbols for release build) GEN_PDB=<yes or no> - Generate Program Database (debug symbols for release build)
DEBUG=<yes or no> - Debug builds DEBUG=<yes or no> - Debug builds
MACHINE=<x86 or x64> - Target architecture (default is x86) MACHINE=<x86 or x64> - Target architecture (default is x86)
@ -123,8 +123,8 @@ import symbols.
Legacy Windows and SSL Legacy Windows and SSL
====================== ======================
When you build curl using the build files in this directory the default SSL When you build curl using the build files in this directory the default SSL
backend will be WinSSL (Windows SSPI, more specifically Schannel), the native backend will be Schannel (Windows SSPI), the native SSL library that comes
SSL library that comes with the Windows OS. WinSSL in Windows <= XP is not able with the Windows OS. Schannel in Windows <= XP is not able to connect to
to connect to servers that no longer support the legacy handshakes and servers that no longer support the legacy handshakes and algorithms used by
algorithms used by those versions. If you will be using curl in one of those those versions. If you will be using curl in one of those earlier versions of
earlier versions of Windows you should choose another SSL backend like OpenSSL. Windows you should choose another SSL backend like OpenSSL.

24
winbuild/Makefile.vc
View File

@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____| # \___|\___/|_| \_\_____|
# #
# Copyright (C) 1999 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. # Copyright (C) 1999 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
# #
# This software is licensed as described in the file COPYING, which # This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms # you should have received as part of this distribution. The terms
@ -56,7 +56,7 @@ CFGSET=true
!MESSAGE Requires Windows Vista or later !MESSAGE Requires Windows Vista or later
!MESSAGE ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes !MESSAGE ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes
!MESSAGE ENABLE_SSPI=<yes or no> - Enable SSPI support, defaults to yes !MESSAGE ENABLE_SSPI=<yes or no> - Enable SSPI support, defaults to yes
!MESSAGE ENABLE_WINSSL=<yes or no> - Enable native Windows SSL support, defaults to yes !MESSAGE ENABLE_SCHANNEL=<yes or no> - Enable native Windows SSL support, defaults to yes
!MESSAGE ENABLE_OPENSSL_AUTO_LOAD_CONFIG=<yes or no> !MESSAGE ENABLE_OPENSSL_AUTO_LOAD_CONFIG=<yes or no>
!MESSAGE - Whether the OpenSSL configuration will be loaded automatically, defaults to yes !MESSAGE - Whether the OpenSSL configuration will be loaded automatically, defaults to yes
!MESSAGE ENABLE_UNICODE=<yes or no> - Enable UNICODE support, defaults to no !MESSAGE ENABLE_UNICODE=<yes or no> - Enable UNICODE support, defaults to no
@ -125,16 +125,16 @@ USE_SSPI = true
USE_SSPI = false USE_SSPI = false
!ENDIF !ENDIF
!IFNDEF ENABLE_WINSSL !IFNDEF ENABLE_SCHANNEL
!IF DEFINED(WITH_SSL) || DEFINED(WITH_MBEDTLS) !IF DEFINED(WITH_SSL) || DEFINED(WITH_MBEDTLS)
USE_WINSSL = false USE_SCHANNEL = false
!ELSE !ELSE
USE_WINSSL = $(USE_SSPI) USE_SCHANNEL = $(USE_SSPI)
!ENDIF !ENDIF
!ELSEIF "$(ENABLE_WINSSL)"=="yes" !ELSEIF "$(ENABLE_SCHANNEL)"=="yes"
USE_WINSSL = true USE_SCHANNEL = true
!ELSEIF "$(ENABLE_WINSSL)"=="no" !ELSEIF "$(ENABLE_SCHANNEL)"=="no"
USE_WINSSL = false USE_SCHANNEL = false
!ENDIF !ENDIF
!IFNDEF ENABLE_OPENSSL_AUTO_LOAD_CONFIG !IFNDEF ENABLE_OPENSSL_AUTO_LOAD_CONFIG
@ -253,8 +253,8 @@ CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-ipv6
CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-sspi CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-sspi
!ENDIF !ENDIF
!IF "$(USE_WINSSL)"=="true" !IF "$(USE_SCHANNEL)"=="true"
CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-winssl CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-schannel
!ENDIF !ENDIF
!IF "$(USE_NGHTTP2)"=="true" !IF "$(USE_NGHTTP2)"=="true"
@ -285,7 +285,7 @@ $(MODE):
@SET USE_IDN=$(USE_IDN) @SET USE_IDN=$(USE_IDN)
@SET USE_IPV6=$(USE_IPV6) @SET USE_IPV6=$(USE_IPV6)
@SET USE_SSPI=$(USE_SSPI) @SET USE_SSPI=$(USE_SSPI)
@SET USE_WINSSL=$(USE_WINSSL) @SET USE_SCHANNEL=$(USE_SCHANNEL)
@SET USE_UNICODE=$(USE_UNICODE) @SET USE_UNICODE=$(USE_UNICODE)
# compatibility bit # compatibility bit
@SET WITH_NGHTTP2=$(WITH_NGHTTP2) @SET WITH_NGHTTP2=$(WITH_NGHTTP2)

20
winbuild/MakefileBuild.vc
View File

@ -333,20 +333,20 @@ SSPI_CFLAGS = $(SSPI_CFLAGS) /DUSE_WINDOWS_SSPI
!ENDIF !ENDIF
!IFNDEF USE_WINSSL !IFNDEF USE_SCHANNEL
!IF "$(USE_SSL)"=="true" !IF "$(USE_SSL)"=="true"
USE_WINSSL = false USE_SCHANNEL = false
!ELSE !ELSE
USE_WINSSL = $(USE_SSPI) USE_SCHANNEL = $(USE_SSPI)
!ENDIF !ENDIF
!ELSEIF "$(USE_WINSSL)"=="yes" !ELSEIF "$(USE_SCHANNEL)"=="yes"
USE_WINSSL = true USE_SCHANNEL = true
!ENDIF !ENDIF
!IF "$(USE_WINSSL)"=="true" !IF "$(USE_SCHANNEL)"=="true"
!IF "$(USE_SSPI)"!="true" !IF "$(USE_SSPI)"!="true"
!ERROR cannot build with WinSSL without SSPI !ERROR cannot build with Schannel without SSPI
!ENDIF !ENDIF
SSPI_CFLAGS = $(SSPI_CFLAGS) /DUSE_SCHANNEL SSPI_CFLAGS = $(SSPI_CFLAGS) /DUSE_SCHANNEL
WIN_LIBS = $(WIN_LIBS) Crypt32.lib WIN_LIBS = $(WIN_LIBS) Crypt32.lib
@ -482,9 +482,9 @@ CFLAGS = $(CFLAGS) $(CFLAGS_PDB) /Fd"$(LIB_DIROBJ)\$(PDB)"
LFLAGS = $(LFLAGS) $(LFLAGS_PDB) LFLAGS = $(LFLAGS) $(LFLAGS_PDB)
!ENDIF !ENDIF
!IF ( "$(USE_SSL)"=="true" && "$(USE_WINSSL)"=="true" ) \ !IF ( "$(USE_SSL)"=="true" && "$(USE_SCHANNEL)"=="true" ) \
|| ( "$(USE_SSL)"=="true" && "$(USE_MBEDTLS)"=="true" ) \ || ( "$(USE_SSL)"=="true" && "$(USE_MBEDTLS)"=="true" ) \
|| ( "$(USE_MBEDTLS)"=="true" && "$(USE_WINSSL)"=="true" ) || ( "$(USE_MBEDTLS)"=="true" && "$(USE_SCHANNEL)"=="true" )
CFLAGS = $(CFLAGS) /DCURL_WITH_MULTI_SSL CFLAGS = $(CFLAGS) /DCURL_WITH_MULTI_SSL
!ENDIF !ENDIF
@ -536,7 +536,7 @@ $(TARGET): $(LIB_OBJS) $(LIB_DIROBJ) $(DIRDIST)
@echo Using IDN: $(USE_IDN) @echo Using IDN: $(USE_IDN)
@echo Using IPv6: $(USE_IPV6) @echo Using IPv6: $(USE_IPV6)
@echo Using SSPI: $(USE_SSPI) @echo Using SSPI: $(USE_SSPI)
@echo Using WinSSL: $(USE_WINSSL) @echo Using Schannel: $(USE_SCHANNEL)
@echo CFLAGS: $(CFLAGS) @echo CFLAGS: $(CFLAGS)
@echo LFLAGS: $(LFLAGS) @echo LFLAGS: $(LFLAGS)
@echo GenPDB: $(GEN_PDB) @echo GenPDB: $(GEN_PDB)