From 3934431421eaf881dc093bb915fa0d9e4c47f7d3 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Wed, 11 Jun 2025 08:16:33 +0200 Subject: [PATCH] tidy-up: drop BearSSL and Secure Transport reference remains Follow-up to 08a3e8e19a59d1530bfb208e187ac7c34c978dfd #16677 Closes #17582 --- .github/workflows/macos.yml | 8 ++------ docs/cmdline-opts/ca-native.md | 7 +++---- docs/cmdline-opts/proxy.md | 4 ++-- tests/data/test2089 | 2 -- tests/http/test_17_ssl_use.py | 2 +- tests/unit/unit1657.c | 3 +-- 6 files changed, 9 insertions(+), 17 deletions(-) diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index c576c73c1e..b0dbdba714 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -39,9 +39,7 @@ permissions: {} # deprecation warnings with llvm/clang: # # - 10.7 Lion (2011) - GSS -# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl Secure Transport code) # - 10.9 Mavericks (2013) - LDAP -# - 10.14 Mojave (2018) - Secure Transport # env: @@ -359,13 +357,11 @@ jobs: CC: '${{ matrix.compiler }}' MATRIX_BUILD: '${{ matrix.build }}' MATRIX_COMPILER: '${{ matrix.compiler }}' - MATRIX_CONFIG: '${{ matrix.config }}' MATRIX_IMAGE: '${{ matrix.image }}' MATRIX_MACOS_VERSION_MIN: '${{ matrix.macos-version-min }}' strategy: fail-fast: false matrix: - config: [OpenSSL] compiler: [gcc-12, gcc-13, gcc-14, llvm@15, llvm@18, clang] # Xcode support matrix as of 2024-07, with default macOS SDK versions and OS names, years: # * = default Xcode on the runner. @@ -459,7 +455,6 @@ jobs: fi if [ "${MATRIX_BUILD}" = 'cmake' ]; then - [ "${MATRIX_CONFIG}" = 'OpenSSL' ] && options+=' -DCURL_USE_OPENSSL=ON' [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && options+=" -DCMAKE_OSX_DEPLOYMENT_TARGET=${MATRIX_MACOS_VERSION_MIN}" # would pick up nghttp2, libidn2, and libssh2 cmake -B bld -G Ninja -D_CURL_PREFILL=ON \ @@ -468,6 +463,7 @@ jobs: -DCMAKE_C_COMPILER_TARGET="$(uname -m | sed 's/arm64/aarch64/')-apple-darwin$(uname -r)" \ -DCMAKE_IGNORE_PREFIX_PATH="$(brew --prefix)" \ -DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF \ + -DCURL_USE_OPENSSL=ON \ -DUSE_NGHTTP2=OFF -DUSE_LIBIDN2=OFF \ -DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF \ ${options} @@ -480,12 +476,12 @@ jobs: options+=" --with-sysroot=${sysroot}" CFLAGS+=" --sysroot=${sysroot}" fi - [ "${MATRIX_CONFIG}" = 'OpenSSL' ] && options+=" --with-openssl=$(brew --prefix openssl)" [ -n "${MATRIX_MACOS_VERSION_MIN}" ] && CFLAGS+=" -mmacosx-version-min=${MATRIX_MACOS_VERSION_MIN}" # would pick up nghttp2, libidn2, but libssh2 is disabled by default mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \ --disable-dependency-tracking \ --disable-docs --disable-manual \ + --with-openssl="$(brew --prefix openssl)" \ --without-nghttp2 --without-libidn2 \ --without-libpsl \ ${options} diff --git a/docs/cmdline-opts/ca-native.md b/docs/cmdline-opts/ca-native.md index 0dd63dd45d..7e833c9d15 100644 --- a/docs/cmdline-opts/ca-native.md +++ b/docs/cmdline-opts/ca-native.md @@ -37,7 +37,6 @@ is equivalent to using the Mozilla CA certificate bundle. When used with rustls _only_ the native CA store is consulted, not other locations set at run time or build time. (Added in 8.13.0) -This option currently has no effect for Schannel or Secure Transport. Those are -native TLS libraries from Microsoft and Apple, respectively, that by default -use the native CA store for verification unless overridden by a CA certificate -location setting. +This option currently has no effect for Schannel. This is the native TLS +library from Microsoft, that by default uses the native CA store for +verification unless overridden by a CA certificate location setting. diff --git a/docs/cmdline-opts/proxy.md b/docs/cmdline-opts/proxy.md index a303b217aa..1ed503c108 100644 --- a/docs/cmdline-opts/proxy.md +++ b/docs/cmdline-opts/proxy.md @@ -28,8 +28,8 @@ Unix domain sockets are supported for socks proxy. Set localhost for the host part. e.g. socks5h://localhost/path/to/socket.sock HTTPS proxy support works with the https:// protocol prefix for OpenSSL and -GnuTLS (added in 7.52.0). It also works for BearSSL, mbedTLS, Rustls, Schannel -and wolfSSL (added in 7.87.0). +GnuTLS (added in 7.52.0). It also works for mbedTLS, Rustls, Schannel and +wolfSSL (added in 7.87.0). Unrecognized and unsupported proxy protocols cause an error (added in 7.52.0). Ancient curl versions ignored unknown schemes and used http:// instead. diff --git a/tests/data/test2089 b/tests/data/test2089 index 8f50f511a4..aee93abf6e 100644 --- a/tests/data/test2089 +++ b/tests/data/test2089 @@ -26,8 +26,6 @@ MooMoo SSL !Schannel -!sectransp -!bearssl local-http diff --git a/tests/http/test_17_ssl_use.py b/tests/http/test_17_ssl_use.py index c903296d51..3da2499de1 100644 --- a/tests/http/test_17_ssl_use.py +++ b/tests/http/test_17_ssl_use.py @@ -503,7 +503,7 @@ class TestSSLUse: def test_17_19_wrong_pin(self, env: Env, proto, httpd): if proto == 'h3' and not env.have_h3(): pytest.skip("h3 not supported") - if env.curl_uses_any_libs(['bearssl', 'rustls-ffi']): + if env.curl_uses_lib('rustls-ffi'): pytest.skip('TLS backend ignores --pinnedpubkey') curl = CurlClient(env=env) url = f'https://{env.authority_for(env.domain1, proto)}/curltest/sslinfo' diff --git a/tests/unit/unit1657.c b/tests/unit/unit1657.c index 6c4bebdde1..8a9dea788e 100644 --- a/tests/unit/unit1657.c +++ b/tests/unit/unit1657.c @@ -35,8 +35,7 @@ static void unit_stop(void) } -#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_SECTRANSP) || \ - defined(USE_MBEDTLS) +#if defined(USE_GNUTLS) || defined(USE_SCHANNEL) || defined(USE_MBEDTLS) struct test1657_spec { CURLcode (*setbuf)(struct test1657_spec *spec, struct dynbuf *buf); -- 2.47.3