From: Tal Regev <tal.regev@gmail.com>
Date: Sat, 10 Aug 2024 08:15:25 +0000 (+0300)
Subject: GHA/windows: add GnuTLS to MSVC jobs
X-Git-Tag: curl-8_10_0~259
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd662fb3f41f8862c413d022b877d6538dc684cd;p=thirdparty%2Fcurl.git

GHA/windows: add GnuTLS to MSVC jobs

- enable GnuTLS in MultiSSL job.

- add new GnuTLS job with HTTP/3 enabled.
  Replacing the `!ssl` job.
  Use `Release` mode to work around a vcpkg package issue, ending up
  depending on both the debug and release versions of the gnutls DLL,
  one of them miss to copy next to the binary.

- cmake: add `pkg-config` detection for GnuTLS.

Co-authored-by: Tal Regev
Fixes #14494
Closes #14495
---

diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index f209410bdf..4481fb8bae 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -351,13 +351,13 @@ jobs:
     strategy:
       matrix:
         include:
-        - name: 'schannel U'
-          install: 'brotli zlib zstd libpsl nghttp2 libssh2[core,zlib] pkgconf gsasl openssl mbedtls'
+        - name: 'schannel MultiSSL U'
+          install: 'brotli zlib zstd libpsl nghttp2 libssh2[core,zlib] pkgconf gsasl openssl mbedtls shiftmedia-libgnutls'
           arch: 'x64'
           plat: 'windows'
           type: 'Debug'
           tflags: '~1516 ~2301 ~2302 ~2303 ~2307'
-          config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=ON  -DCURL_USE_SCHANNEL=ON  -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DUSE_WIN32_IDN=ON -DCURL_USE_GSASL=ON -DCURL_USE_OPENSSL=ON -DCURL_USE_MBEDTLS=ON -DCURL_DEFAULT_SSL_BACKEND=schannel'
+          config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=ON  -DCURL_USE_SCHANNEL=ON  -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DUSE_WIN32_IDN=ON -DCURL_USE_GSASL=ON -DCURL_USE_OPENSSL=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_GNUTLS=ON -DCURL_DEFAULT_SSL_BACKEND=schannel'
         - name: 'openssl'
           install: 'brotli zlib zstd libpsl nghttp2 nghttp3 openssl libssh2 pkgconf gsasl'
           arch: 'x64'
@@ -386,17 +386,6 @@ jobs:
           type: 'Debug'
           tflags: '~1516 ~2301 ~2302 ~2303 ~2307'
           config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_OPENSSL=ON -DUSE_HTTPSRR=ON -DUSE_ECH=ON'
-        - name: '!ssl'
-          install: 'brotli zlib zstd libpsl pkgconf libidn2 libssh'
-          arch: 'x64'
-          plat: 'windows'
-          type: 'Debug'
-          tflags: '~1516 ~2301 ~2302 ~2303 ~2307'
-          # WARNING: libssh uses hard-coded world-writable paths (/etc/..., ~/.ssh/) to
-          #          read its configuration from, making it vulnerable to attacks on
-          #          Windows. Do not use this component till there is a fix for these.
-          # https://github.com/curl/curl-for-win/blob/3951808deb04df9489ee17430f236ed54436f81a/libssh.sh#L6-L8
-          config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DHTTP_ONLY=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON'
         - name: 'wolfssl'
           install: 'brotli zlib zstd libpsl nghttp2 wolfssl libssh2 pkgconf gsasl'
           arch: 'x64'
@@ -404,6 +393,17 @@ jobs:
           type: 'Debug'
           tflags: '~1516'
           config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=ON -DCURL_USE_WOLFSSL=ON -DCURL_USE_GSASL=ON'
+        - name: 'gnutls'
+          install: 'brotli zlib zstd libpsl nghttp2 shiftmedia-libgnutls libssh pkgconf gsasl ngtcp2[gnutls] nghttp3'
+          arch: 'x64'
+          plat: 'windows'
+          type: 'Release'
+          tflags: '~1516'
+          # WARNING: libssh uses hard-coded world-writable paths (/etc/..., ~/.ssh/) to
+          #          read its configuration from, making it vulnerable to attacks on
+          #          Windows. Do not use this component till there is a fix for these.
+          # https://github.com/curl/curl-for-win/blob/3951808deb04df9489ee17430f236ed54436f81a/libssh.sh#L6-L8
+          config: '-DENABLE_DEBUG=ON -DENABLE_UNICODE=OFF -DCURL_USE_SCHANNEL=OFF -DCURL_BROTLI=ON -DCURL_ZSTD=ON -DCURL_USE_LIBPSL=ON -DUSE_NGHTTP2=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_GSASL=ON -DUSE_NGTCP2=ON'
       fail-fast: false
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 0d248a9183..9b85324ef7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -594,7 +594,16 @@ if(CURL_USE_WOLFSSL)
 endif()
 
 if(CURL_USE_GNUTLS)
-  find_package(GnuTLS REQUIRED)
+  if(CURL_USE_PKGCONFIG)
+    find_package(PkgConfig QUIET)
+    pkg_search_module(GNUTLS "gnutls")
+    if(GNUTLS_FOUND)
+      set(GNUTLS_LIBRARIES ${GNUTLS_LINK_LIBRARIES})
+    endif()
+  endif()
+  if(NOT GNUTLS_FOUND)
+    find_package(GnuTLS REQUIRED)
+  endif()
   find_package(nettle REQUIRED)
   set(_ssl_enabled ON)
   set(USE_GNUTLS ON)