From: Viktor Szakats <commit@vsz.me>
Date: Fri, 11 Apr 2025 00:02:52 +0000 (+0200)
Subject: cmake: add openssl 3.5.0 + ngtcp2 support
X-Git-Tag: curl-8_14_0~282
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=07cc50f8ebc6ad4c2ad23642ca727d79dab8855e;p=thirdparty%2Fcurl.git

cmake: add openssl 3.5.0 + ngtcp2 support

```
curl 8.13.1-DEV (Darwin) libcurl/8.13.1-DEV OpenSSL/3.5.0 [...] ngtcp2/1.12.90 nghttp3/1.9.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Largefile libz NTLM PSL SSL threadsafe TLS-SRP UnixSockets zstd
```

Ref: #17027
Closes #17018
---

diff --git a/CMake/FindNGTCP2.cmake b/CMake/FindNGTCP2.cmake
index 63f3ca27a8..eb1185635e 100644
--- a/CMake/FindNGTCP2.cmake
+++ b/CMake/FindNGTCP2.cmake
@@ -30,6 +30,7 @@
 # - BoringSSL:  Use `libngtcp2_crypto_boringssl`. (choose this for AWS-LC)
 # - wolfSSL:    Use `libngtcp2_crypto_wolfssl`.
 # - GnuTLS:     Use `libngtcp2_crypto_gnutls`.
+# - ossl:       Use `libngtcp2_crypto_ossl`.
 #
 # Input variables:
 #
@@ -49,7 +50,7 @@
 if(NGTCP2_FIND_COMPONENTS)
   set(_ngtcp2_crypto_backend "")
   foreach(_component IN LISTS NGTCP2_FIND_COMPONENTS)
-    if(_component MATCHES "^(BoringSSL|quictls|wolfSSL|GnuTLS)")
+    if(_component MATCHES "^(BoringSSL|quictls|wolfSSL|GnuTLS|ossl)")
       if(_ngtcp2_crypto_backend)
         message(FATAL_ERROR "NGTCP2: Only one crypto library can be selected")
       endif()
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 377ed73e8a..34caee3a2f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1052,8 +1052,12 @@ endmacro()
 # Ensure that the OpenSSL fork actually supports QUIC.
 macro(curl_openssl_check_quic)
   if(NOT DEFINED HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT)
-    if(USE_OPENSSL)
-      curl_openssl_check_exists("SSL_set_quic_use_legacy_codepoint" HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT)
+    if(USE_OPENSSL AND NOT USE_OPENSSL_QUIC)
+      if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0 AND NOT USE_OPENSSL_QUIC)
+        curl_openssl_check_exists("SSL_set_quic_tls_cbs" HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT)
+      else()
+        curl_openssl_check_exists("SSL_set_quic_use_legacy_codepoint" HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT)
+      endif()
     endif()
     if(USE_WOLFSSL)
       curl_openssl_check_exists("wolfSSL_set_quic_use_legacy_codepoint" HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT)
@@ -1141,6 +1145,12 @@ if(USE_NGTCP2)
       find_package(NGTCP2 REQUIRED "wolfSSL")
     elseif(HAVE_BORINGSSL OR HAVE_AWSLC)
       find_package(NGTCP2 REQUIRED "BoringSSL")
+    elseif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0 AND NOT USE_OPENSSL_QUIC)
+      find_package(NGTCP2 REQUIRED "ossl")
+      if(NGTCP2_VERSION VERSION_LESS 1.12.0)
+        message(FATAL_ERROR "ngtcp2 1.12.0 or upper required for OpenSSL")
+      endif()
+      set(OPENSSL_QUIC_API2 1)
     else()
       find_package(NGTCP2 REQUIRED "quictls")
       if(NOT HAVE_LIBRESSL)
@@ -1151,7 +1161,7 @@ if(USE_NGTCP2)
   elseif(USE_GNUTLS)
     find_package(NGTCP2 REQUIRED "GnuTLS")
   else()
-    message(FATAL_ERROR "ngtcp2 requires OpenSSL, wolfSSL or GnuTLS")
+    message(FATAL_ERROR "ngtcp2 requires a supported TLS-backend")
   endif()
   list(APPEND CURL_LIBS ${NGTCP2_LIBRARIES})
   list(APPEND CURL_LIBDIRS ${NGTCP2_LIBRARY_DIRS})
diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake
index 90f7d51459..736fcc1451 100644
--- a/lib/curl_config.h.cmake
+++ b/lib/curl_config.h.cmake
@@ -764,6 +764,9 @@ ${SIZEOF_TIME_T_CODE}
 /* to enable openssl + nghttp3 */
 #cmakedefine USE_OPENSSL_QUIC 1
 
+/* to enable openssl + ngtcp2 + nghttp3 */
+#cmakedefine OPENSSL_QUIC_API2 1
+
 /* Define to 1 if you have the quiche_conn_set_qlog_fd function. */
 #cmakedefine HAVE_QUICHE_CONN_SET_QLOG_FD 1