From: Viktor Szakats <commit@vsz.me>
Date: Sun, 8 Oct 2023 17:43:10 +0000 (+0000)
Subject: h3: add support for ngtcp2 with AWS-LC builds
X-Git-Tag: curl-8_4_0~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0e4bef0862cb6dfb7693b9b67a6835cf85e23e4e;p=thirdparty%2Fcurl.git

h3: add support for ngtcp2 with AWS-LC builds

```
curl 8.4.0-DEV (x86_64-apple-darwin) libcurl/8.4.0-DEV (SecureTransport) AWS-LC/1.15.0 nghttp2/1.56.0 ngtcp2/0.19.1 nghttp3/0.15.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile MultiSSL NTLM SSL threadsafe UnixSockets
```

Also delete an obsolete GnuTLS TODO and update the header comment in
`FindNGTCP2.cmake`.

Reviewed-by: Daniel Stenberg
Closes #12066
---

diff --git a/CMake/FindNGTCP2.cmake b/CMake/FindNGTCP2.cmake
index ae92e417a5..7ea466582a 100644
--- a/CMake/FindNGTCP2.cmake
+++ b/CMake/FindNGTCP2.cmake
@@ -31,8 +31,10 @@ Find the ngtcp2 library
 This module accepts optional COMPONENTS to control the crypto library (these are
 mutually exclusive)::
 
-  OpenSSL:  Use libngtcp2_crypto_quictls
-  GnuTLS:   Use libngtcp2_crypto_gnutls
+  quictls, LibreSSL:  Use libngtcp2_crypto_quictls
+  BoringSSL, AWS-LC:  Use libngtcp2_crypto_boringssl
+  wolfSSL:            Use libngtcp2_crypto_wolfssl
+  GnuTLS:             Use libngtcp2_crypto_gnutls
 
 Result Variables
 ^^^^^^^^^^^^^^^^
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 458b25550e..1b19c681d2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -668,7 +668,7 @@ if(USE_NGTCP2)
   if(USE_OPENSSL OR USE_WOLFSSL)
     if(USE_WOLFSSL)
       find_package(NGTCP2 REQUIRED wolfSSL)
-    elseif(HAVE_BORINGSSL)
+    elseif(HAVE_BORINGSSL OR HAVE_AWSLC)
       find_package(NGTCP2 REQUIRED BoringSSL)
     else()
       find_package(NGTCP2 REQUIRED quictls)
@@ -685,9 +685,7 @@ if(USE_NGTCP2)
     if(NOT HAVE_SSL_CTX_SET_QUIC_METHOD)
       message(FATAL_ERROR "QUIC support is missing in OpenSSL/LibreSSL/BoringSSL/wolfSSL. Try setting -DOPENSSL_ROOT_DIR")
     endif()
-
   elseif(USE_GNUTLS)
-    # TODO add GnuTLS support as vtls library.
     find_package(NGTCP2 REQUIRED GnuTLS)
   else()
     message(FATAL_ERROR "ngtcp2 requires OpenSSL, wolfSSL or GnuTLS")
diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
index 27711ef0cd..795c7140fe 100644
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -30,7 +30,7 @@
 
 #ifdef USE_OPENSSL
 #include <openssl/err.h>
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
 #include <ngtcp2/ngtcp2_crypto_boringssl.h>
 #else
 #include <ngtcp2/ngtcp2_crypto_quictls.h>
@@ -407,7 +407,7 @@ static CURLcode quic_ssl_ctx(SSL_CTX **pssl_ctx,
     goto out;
   }
 
-#ifdef OPENSSL_IS_BORINGSSL
+#if defined(OPENSSL_IS_BORINGSSL) || defined(OPENSSL_IS_AWSLC)
   if(ngtcp2_crypto_boringssl_configure_client_context(ssl_ctx) != 0) {
     failf(data, "ngtcp2_crypto_boringssl_configure_client_context failed");
     goto out;