# deprecation warnings with llvm/clang:
#
# - 10.7 Lion (2011) - GSS
-# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl Secure Transport code)
# - 10.9 Mavericks (2013) - LDAP
-# - 10.14 Mojave (2018) - Secure Transport
#
env:
CC: '${{ matrix.compiler }}'
MATRIX_BUILD: '${{ matrix.build }}'
MATRIX_COMPILER: '${{ matrix.compiler }}'
- MATRIX_CONFIG: '${{ matrix.config }}'
MATRIX_IMAGE: '${{ matrix.image }}'
MATRIX_MACOS_VERSION_MIN: '${{ matrix.macos-version-min }}'
strategy:
fail-fast: false
matrix:
- config: [OpenSSL]
compiler: [gcc-12, gcc-13, gcc-14, llvm@15, llvm@18, clang]
# Xcode support matrix as of 2024-07, with default macOS SDK versions and OS names, years:
# * = default Xcode on the runner.
fi
if [ "${MATRIX_BUILD}" = 'cmake' ]; then
- [ "${MATRIX_CONFIG}" = 'OpenSSL' ] && options+=' -DCURL_USE_OPENSSL=ON'
[ -n "${MATRIX_MACOS_VERSION_MIN}" ] && options+=" -DCMAKE_OSX_DEPLOYMENT_TARGET=${MATRIX_MACOS_VERSION_MIN}"
# would pick up nghttp2, libidn2, and libssh2
cmake -B bld -G Ninja -D_CURL_PREFILL=ON \
-DCMAKE_C_COMPILER_TARGET="$(uname -m | sed 's/arm64/aarch64/')-apple-darwin$(uname -r)" \
-DCMAKE_IGNORE_PREFIX_PATH="$(brew --prefix)" \
-DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF \
+ -DCURL_USE_OPENSSL=ON \
-DUSE_NGHTTP2=OFF -DUSE_LIBIDN2=OFF \
-DCURL_USE_LIBPSL=OFF -DCURL_USE_LIBSSH2=OFF \
${options}
options+=" --with-sysroot=${sysroot}"
CFLAGS+=" --sysroot=${sysroot}"
fi
- [ "${MATRIX_CONFIG}" = 'OpenSSL' ] && options+=" --with-openssl=$(brew --prefix openssl)"
[ -n "${MATRIX_MACOS_VERSION_MIN}" ] && CFLAGS+=" -mmacosx-version-min=${MATRIX_MACOS_VERSION_MIN}"
# would pick up nghttp2, libidn2, but libssh2 is disabled by default
mkdir bld && cd bld && ../configure --enable-unity --enable-test-bundles --enable-warnings --enable-werror \
--disable-dependency-tracking \
--disable-docs --disable-manual \
+ --with-openssl="$(brew --prefix openssl)" \
--without-nghttp2 --without-libidn2 \
--without-libpsl \
${options}
_only_ the native CA store is consulted, not other locations set at run time or
build time. (Added in 8.13.0)
-This option currently has no effect for Schannel or Secure Transport. Those are
-native TLS libraries from Microsoft and Apple, respectively, that by default
-use the native CA store for verification unless overridden by a CA certificate
-location setting.
+This option currently has no effect for Schannel. This is the native TLS
+library from Microsoft, that by default uses the native CA store for
+verification unless overridden by a CA certificate location setting.
part. e.g. socks5h://localhost/path/to/socket.sock
HTTPS proxy support works with the https:// protocol prefix for OpenSSL and
-GnuTLS (added in 7.52.0). It also works for BearSSL, mbedTLS, Rustls, Schannel
-and wolfSSL (added in 7.87.0).
+GnuTLS (added in 7.52.0). It also works for mbedTLS, Rustls, Schannel and
+wolfSSL (added in 7.87.0).
Unrecognized and unsupported proxy protocols cause an error (added in 7.52.0).
Ancient curl versions ignored unknown schemes and used http:// instead.
def test_17_19_wrong_pin(self, env: Env, proto, httpd):
if proto == 'h3' and not env.have_h3():
pytest.skip("h3 not supported")
- if env.curl_uses_any_libs(['bearssl', 'rustls-ffi']):
+ if env.curl_uses_lib('rustls-ffi'):
pytest.skip('TLS backend ignores --pinnedpubkey')
curl = CurlClient(env=env)
url = f'https://{env.authority_for(env.domain1, proto)}/curltest/sslinfo'
projects / thirdparty / curl.git / commitdiff
