sectransp: add support for HTTP/2 in gcc builds

Before this patch `--http2` did not work in gcc builds with Secure
Transport, because ALPN relied on a compiler supporting the
`HAVE_BUILTIN_AVAILABLE` aka `__builtin_available()` feature. This
is clang-specific and missing from gcc (as of gcc v14).

Add support for ALPN and HTTP/2 when this compiler feature is missing.

Also drop test exceptions from GHA/macos in CI.

Follow-up to 092f6815c808489f1cea3df8449e16dff2c35e6b
Ref: c349bd668c91f2484ae21c0f361ddf497143093c #14097 (issue 15.)
Ref: #4314

Closes #16581

diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 8e6b1afa286bc3213ecc70a6b7b874dd876a46d1..0d9bb9f1b2383488a09c84c69200e8f5268d9653 100644 (file)
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -314,12 +314,6 @@ jobs:
           export TFLAGS='-j20 ${{ matrix.build.tflags }}'
           if [ -z '${{ matrix.build.torture }}' ]; then
             TFLAGS+=' ~2037 ~2041'  # flaky
-            if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then
-              if [[ '${{ matrix.build.configure }}' = *'--with-secure-transport'* || \
-                    '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then
-                TFLAGS+=' ~HTTP/2'  # 2400 2401 2402 2403 2404 2406, Secure Transport + nghttp2
-              fi
-            fi
             if [[ '${{ matrix.build.configure }}' = *'--with-secure-transport'* || \
                   '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then
               TFLAGS+=' ~313'  # Secure Transport does not support crl file

diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c
index 9e98b15a9fcf38e890e74b238720c2009c602797..dfbb09cf10e060012af18a064909b6a1be9983ad 100644 (file)
--- a/lib/vtls/sectransp.c
+++ b/lib/vtls/sectransp.c
@@ -1091,10 +1091,13 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
   if(result != CURLE_OK)
     return result;
 
+  if(connssl->alpn) {
 #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && \
     defined(HAVE_BUILTIN_AVAILABLE)
-  if(connssl->alpn) {
     if(__builtin_available(macOS 10.13.4, iOS 11, tvOS 11, *)) {
+#else
+    if(&SSLSetALPNProtocols && &SSLCopyALPNProtocols) {
+#endif
       struct alpn_proto_buf proto;
       size_t i;
       CFStringRef cstr;
@@ -1117,7 +1120,6 @@ static CURLcode sectransp_connect_step1(struct Curl_cfilter *cf,
       infof(data, VTLS_INFOF_ALPN_OFFER_1STR, proto.data);
     }
   }
-#endif
 
   if(ssl_config->key) {
     infof(data, "WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure "
@@ -2088,10 +2090,13 @@ check_handshake:
         break;
     }
 
+    if(connssl->alpn) {
 #if (CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && \
     defined(HAVE_BUILTIN_AVAILABLE)
-    if(connssl->alpn) {
       if(__builtin_available(macOS 10.13.4, iOS 11, tvOS 11, *)) {
+#else
+      if(&SSLSetALPNProtocols && &SSLCopyALPNProtocols) {
+#endif
         CFArrayRef alpnArr = NULL;
         CFStringRef chosenProtocol = NULL;
         err = SSLCopyALPNProtocols(backend->ssl_ctx, &alpnArr);
@@ -2119,7 +2124,6 @@ check_handshake:
           CFRelease(alpnArr);
       }
     }
-#endif
 
     return CURLE_OK;
   }