diff options
author | Daniel Stenberg <daniel@haxx.se> | 2020-08-07 17:11:52 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-08-07 17:14:44 +0200 |
commit | 4f24ab26aa1b0581635da55ab40cce047ec8d209 (patch) | |
tree | e0c8d86099094f9cad3ef444f6f5aed2b28d9bd1 | |
parent | 265717d27117a722b2b3ccc5f38de722c3a79070 (diff) | |
download | curl-bagder/tls-name-cleanups.tar.gz |
TLS naming: fix more Winssl and Darwinssl leftoversbagder/tls-name-cleanups
The CMake option is now called CMAKE_USE_SCHANNEL
The winbuild flag is USE_SCHANNEL
The CI jobs and build scripts only use the new names and the new name
options
Tests now require 'Schannel' (when necessary)
-rw-r--r-- | .github/workflows/macos.yml | 2 | ||||
-rw-r--r-- | CMakeLists.txt | 19 | ||||
-rwxr-xr-x | MacOSX-Framework | 4 | ||||
-rw-r--r-- | appveyor.yml | 24 | ||||
-rwxr-xr-x | configure.ac | 26 | ||||
-rw-r--r-- | docs/FEATURES | 2 | ||||
-rw-r--r-- | docs/INSTALL.cmake | 4 | ||||
-rw-r--r-- | docs/INSTALL.md | 8 | ||||
-rw-r--r-- | docs/KNOWN_BUGS | 4 | ||||
-rw-r--r-- | docs/SSLCERTS.md | 2 | ||||
-rw-r--r-- | docs/libcurl/curl_global_sslset.3 | 2 | ||||
-rw-r--r-- | docs/libcurl/libcurl-thread.3 | 4 | ||||
-rw-r--r-- | docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 | 2 | ||||
-rw-r--r-- | packages/Symbian/group/libcurl.mmp | 2 | ||||
-rw-r--r-- | tests/FILEFORMAT.md | 2 | ||||
-rw-r--r-- | tests/data/test2043 | 2 | ||||
-rw-r--r-- | tests/data/test2070 | 2 | ||||
-rwxr-xr-x | tests/runtests.pl | 14 | ||||
-rw-r--r-- | winbuild/BUILD.WINDOWS.txt | 12 | ||||
-rw-r--r-- | winbuild/Makefile.vc | 24 | ||||
-rw-r--r-- | winbuild/MakefileBuild.vc | 20 |
21 files changed, 91 insertions, 90 deletions
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml index c4230e480..5d8f376bc 100644 --- a/.github/workflows/macos.yml +++ b/.github/workflows/macos.yml @@ -40,7 +40,7 @@ jobs: macosx-version-min: 10.15 - name: SecureTransport metalink install: nghttp2 openssl libmetalink - configure: --enable-debug --without-ssl --with-darwinssl --with-libmetalink + configure: --enable-debug --without-ssl --with-secure-transport --with-libmetalink macosx-version-min: 10.8 - name: OpenSSL metalink install: nghttp2 openssl libmetalink diff --git a/CMakeLists.txt b/CMakeLists.txt index 17a492a91..6a79b0b65 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -309,14 +309,17 @@ endif() # check SSL libraries # TODO support GnuTLS +if(CMAKE_USE_WINSSL) + message(FATAL_ERROR "The cmake option CMAKE_USE_WINSSL was renamed to CMAKE_USE_SCHANNEL.") +endif() if(APPLE) option(CMAKE_USE_SECTRANSP "enable Apple OS native SSL/TLS" OFF) endif() if(WIN32) - option(CMAKE_USE_WINSSL "enable Windows native SSL/TLS" OFF) + option(CMAKE_USE_SCHANNEL "enable Windows native SSL/TLS" OFF) cmake_dependent_option(CURL_WINDOWS_SSPI "Use windows libraries to allow NTLM authentication without openssl" ON - CMAKE_USE_WINSSL OFF) + CMAKE_USE_SCHANNEL OFF) endif() option(CMAKE_USE_MBEDTLS "Enable mbedTLS for SSL/TLS" OFF) option(CMAKE_USE_BEARSSL "Enable BearSSL for SSL/TLS" OFF) @@ -324,13 +327,13 @@ option(CMAKE_USE_NSS "Enable NSS for SSL/TLS" OFF) option(CMAKE_USE_WOLFSSL "enable wolfSSL for SSL/TLS" OFF) set(openssl_default ON) -if(WIN32 OR CMAKE_USE_SECTRANSP OR CMAKE_USE_WINSSL OR CMAKE_USE_MBEDTLS OR CMAKE_USE_NSS OR CMAKE_USE_WOLFSSL) +if(WIN32 OR CMAKE_USE_SECTRANSP OR CMAKE_USE_SCHANNEL OR CMAKE_USE_MBEDTLS OR CMAKE_USE_NSS OR CMAKE_USE_WOLFSSL) set(openssl_default OFF) endif() option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ${openssl_default}) count_true(enabled_ssl_options_count - CMAKE_USE_WINSSL + CMAKE_USE_SCHANNEL CMAKE_USE_SECTRANSP CMAKE_USE_OPENSSL CMAKE_USE_MBEDTLS @@ -342,10 +345,10 @@ if(enabled_ssl_options_count GREATER "1") set(CURL_WITH_MULTI_SSL ON) endif() -if(CMAKE_USE_WINSSL) +if(CMAKE_USE_SCHANNEL) set(SSL_ENABLED ON) set(USE_SCHANNEL ON) # Windows native SSL/TLS support - set(USE_WINDOWS_SSPI ON) # CMAKE_USE_WINSSL implies CURL_WINDOWS_SSPI + set(USE_WINDOWS_SSPI ON) # CMAKE_USE_SCHANNEL implies CURL_WINDOWS_SSPI list(APPEND CURL_LIBS "crypt32") endif() if(CURL_WINDOWS_SSPI) @@ -1353,7 +1356,7 @@ _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX OR USE_THREADS_WIN32) _add_if("IDN" HAVE_LIBIDN2) _add_if("Largefile" (CURL_SIZEOF_CURL_OFF_T GREATER 4) AND ((SIZEOF_OFF_T GREATER 4) OR USE_WIN32_LARGE_FILES)) -# TODO SSP1 (WinSSL) check is missing +# TODO SSP1 (Schannel) check is missing _add_if("SSPI" USE_WINDOWS_SSPI) _add_if("GSS-API" HAVE_GSSAPI) _add_if("alt-svc" ENABLE_ALT_SVC) @@ -1415,7 +1418,7 @@ message(STATUS "Enabled protocols: ${SUPPORT_PROTOCOLS}") # Clear list and collect SSL backends set(_items) -_add_if("WinSSL" SSL_ENABLED AND USE_WINDOWS_SSPI) +_add_if("Schannel" SSL_ENABLED AND USE_WINDOWS_SSPI) _add_if("OpenSSL" SSL_ENABLED AND USE_OPENSSL) _add_if("Secure Transport" SSL_ENABLED AND USE_SECTRANSP) _add_if("mbedTLS" SSL_ENABLED AND USE_MBEDTLS) diff --git a/MacOSX-Framework b/MacOSX-Framework index 4cf23f0d0..73d9ed8b4 100755 --- a/MacOSX-Framework +++ b/MacOSX-Framework @@ -103,7 +103,7 @@ MINVER64='-mmacosx-version-min='$MACVER64 if test ! -z $SDK32; then echo "----Configuring libcurl for 32 bit universal framework..." make clean - ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \ + ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \ CFLAGS="-Os -isysroot $SDK32_DIR $ARCHES32" \ LDFLAGS="-Wl,-syslibroot,$SDK32_DIR $ARCHES32 -Wl,-headerpad_max_install_names" \ CC=$CC @@ -132,7 +132,7 @@ if test ! -z $SDK32; then popd make clean echo "----Configuring libcurl for 64 bit universal framework..." - ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-darwinssl \ + ./configure --disable-dependency-tracking --disable-static --with-gssapi --with-secure-transport \ CFLAGS="-Os -isysroot $SDK64_DIR $ARCHES64" \ LDFLAGS="-Wl,-syslibroot,$SDK64_DIR $ARCHES64 -Wl,-headerpad_max_install_names" \ CC=$CC diff --git a/appveyor.yml b/appveyor.yml index 3f6aea2d6..e34784159 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -30,7 +30,7 @@ environment: PRJ_GEN: "Visual Studio 9 2008" PRJ_CFG: Release OPENSSL: OFF - WINSSL: ON + SCHANNEL: ON HTTP_ONLY: OFF TESTING: OFF SHARED: ON @@ -42,7 +42,7 @@ environment: TARGET: "-A x64" PRJ_CFG: Release OPENSSL: ON - WINSSL: OFF + SCHANNEL: OFF HTTP_ONLY: OFF TESTING: OFF SHARED: ON @@ -54,7 +54,7 @@ environment: TARGET: "-A ARM64" PRJ_CFG: Release OPENSSL: OFF - WINSSL: ON + SCHANNEL: ON HTTP_ONLY: OFF TESTING: OFF SHARED: OFF @@ -66,7 +66,7 @@ environment: PRJ_GEN: "Visual Studio 10 2010 Win64" PRJ_CFG: Debug OPENSSL: OFF - WINSSL: OFF + SCHANNEL: OFF HTTP_ONLY: OFF TESTING: ON SHARED: OFF @@ -78,7 +78,7 @@ environment: TARGET: "-A x64" PRJ_CFG: Debug OPENSSL: OFF - WINSSL: ON + SCHANNEL: ON HTTP_ONLY: OFF TESTING: ON SHARED: OFF @@ -90,7 +90,7 @@ environment: TARGET: "-A x64" PRJ_CFG: Debug OPENSSL: OFF - WINSSL: OFF + SCHANNEL: OFF HTTP_ONLY: OFF TESTING: ON SHARED: OFF @@ -102,7 +102,7 @@ environment: TARGET: "-A x64" PRJ_CFG: Debug OPENSSL: OFF - WINSSL: OFF + SCHANNEL: OFF HTTP_ONLY: ON TESTING: ON SHARED: OFF @@ -114,7 +114,7 @@ environment: PRJ_GEN: "MSYS Makefiles" PRJ_CFG: Debug OPENSSL: OFF - WINSSL: ON + SCHANNEL: ON HTTP_ONLY: OFF TESTING: ON SHARED: OFF @@ -127,7 +127,7 @@ environment: PRJ_GEN: "MSYS Makefiles" PRJ_CFG: Debug OPENSSL: OFF - WINSSL: ON + SCHANNEL: ON HTTP_ONLY: OFF TESTING: ON SHARED: OFF @@ -140,7 +140,7 @@ environment: PRJ_GEN: "MSYS Makefiles" PRJ_CFG: Debug OPENSSL: OFF - WINSSL: ON + SCHANNEL: ON HTTP_ONLY: OFF TESTING: ON SHARED: OFF @@ -153,7 +153,7 @@ environment: PRJ_GEN: "MSYS Makefiles" PRJ_CFG: Debug OPENSSL: OFF - WINSSL: OFF + SCHANNEL: OFF HTTP_ONLY: OFF TESTING: ON SHARED: OFF @@ -244,7 +244,7 @@ build_script: -G"%PRJ_GEN%" %TARGET% -DCMAKE_USE_OPENSSL=%OPENSSL% - -DCMAKE_USE_WINSSL=%WINSSL% + -DCMAKE_USE_SCHANNEL=%SCHANNEL% -DHTTP_ONLY=%HTTP_ONLY% -DBUILD_SHARED_LIBS=%SHARED% -DBUILD_TESTING=%TESTING% diff --git a/configure.ac b/configure.ac index 3d40872ec..9c738d12d 100755 --- a/configure.ac +++ b/configure.ac @@ -1611,29 +1611,29 @@ dnl ------------------------------------------------- dnl check winssl option before other SSL libraries dnl ------------------------------------------------- -OPT_WINSSL=no +OPT_SCHANNEL=no AC_ARG_WITH(winssl,dnl AC_HELP_STRING([--with-winssl],[enable Windows native SSL/TLS]) AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]), - OPT_WINSSL=$withval) + OPT_SCHANNEL=$withval) AC_ARG_WITH(schannel,dnl AC_HELP_STRING([--with-schannel],[enable Windows native SSL/TLS]) AC_HELP_STRING([--without-schannel], [disable Windows native SSL/TLS]), - OPT_WINSSL=$withval) + OPT_SCHANNEL=$withval) AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)]) -if test -z "$ssl_backends" -o "x$OPT_WINSSL" != xno; then +if test -z "$ssl_backends" -o "x$OPT_SCHANNEL" != xno; then ssl_msg= - if test "x$OPT_WINSSL" != "xno" && + if test "x$OPT_SCHANNEL" != "xno" && test "x$curl_cv_native_windows" = "xyes"; then AC_MSG_RESULT(yes) AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support]) AC_SUBST(USE_SCHANNEL, [1]) ssl_msg="Windows-native" test schannel != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - WINSSL_ENABLED=1 - # --with-winssl implies --enable-sspi + SCHANNEL_ENABLED=1 + # --with-schannel implies --enable-sspi AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support]) AC_SUBST(USE_WINDOWS_SSPI, [1]) curl_sspi_msg="enabled" @@ -2819,7 +2819,7 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi -case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED" in +case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED" in x) AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink, --with-amissl or --with-bearssl to address this.]) @@ -3282,7 +3282,7 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar versioned_symbols_flavour="NSS_" elif test "x$WOLFSSL_ENABLED" = "x1"; then versioned_symbols_flavour="WOLFSSL_" - elif test "x$WINSSL_ENABLED" = "x1"; then + elif test "x$SCHANNEL_ENABLED" = "x1"; then versioned_symbols_flavour="SCHANNEL_" elif test "x$SECURETRANSPORT_ENABLED" = "x1"; then versioned_symbols_flavour="SECURE_TRANSPORT_" @@ -4566,16 +4566,16 @@ AC_HELP_STRING([--disable-sspi],[Disable SSPI]), fi ;; *) - if test "x$WINSSL_ENABLED" = "x1"; then - # --with-winssl implies --enable-sspi + if test "x$SCHANNEL_ENABLED" = "x1"; then + # --with-schannel implies --enable-sspi AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) fi ;; esac ], - if test "x$WINSSL_ENABLED" = "x1"; then - # --with-winssl implies --enable-sspi + if test "x$SCHANNEL_ENABLED" = "x1"; then + # --with-schannel implies --enable-sspi AC_MSG_RESULT(yes) else AC_MSG_RESULT(no) diff --git a/docs/FEATURES b/docs/FEATURES index 1d23fccbf..35b26e1b2 100644 --- a/docs/FEATURES +++ b/docs/FEATURES @@ -194,7 +194,7 @@ FOOTNOTES currently supported *5 = requires nghttp2 and possibly a recent TLS library *6 = requires c-ares - *7 = requires OpenSSL, NSS, GSKit, WinSSL or Secure Transport; GnuTLS, for + *7 = requires OpenSSL, NSS, GSKit, Schannel or Secure Transport; GnuTLS, for example, only supports SSLv3 and TLSv1 *8 = requires libssh2 *9 = requires OpenSSL, GnuTLS, mbedTLS, NSS, yassl, Secure Transport or SSPI diff --git a/docs/INSTALL.cmake b/docs/INSTALL.cmake index c967b0851..828d9b9c5 100644 --- a/docs/INSTALL.cmake +++ b/docs/INSTALL.cmake @@ -24,8 +24,8 @@ Current flaws in the curl CMake build Missing features in the cmake build: - Builds libcurl without large file support - - Does not support all SSL libraries (only OpenSSL, WinSSL, DarwinSSL, and - mbed TLS, NSS, WolfSSL) + - Does not support all SSL libraries (only OpenSSL, Schannel, + Secure Transport, and mbed TLS, NSS, WolfSSL) - Doesn't allow different resolver backends (no c-ares build support) - No RTMP support built - Doesn't allow build curl and libcurl debug enabled diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 63d41421b..33b439ec5 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -258,9 +258,9 @@ Windows you should choose another SSL backend such as OpenSSL. On modern Apple operating systems, curl can be built to use Apple's SSL/TLS implementation, Secure Transport, instead of OpenSSL. To build with Secure -Transport for SSL/TLS, use the configure option `--with-darwinssl`. (It is not -necessary to use the option `--without-ssl`.) This feature requires iOS 5.0 or -later, or OS X 10.5 ("Leopard") or later. +Transport for SSL/TLS, use the configure option `--with-secure-transport`. (It +is not necessary to use the option `--without-ssl`.) This feature requires iOS +5.0 or later, or OS X 10.5 ("Leopard") or later. When Secure Transport is in use, the curl options `--cacert` and `--capath` and their libcurl equivalents, will be ignored, because Secure Transport uses @@ -281,7 +281,7 @@ commands in curl's directory in the shell will build the code such that it will run on cats as old as OS X 10.6 ("Snow Leopard") (using bash): export MACOSX_DEPLOYMENT_TARGET="10.6" - ./configure --with-darwinssl + ./configure --with-secure-transport make # Android diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index e86c03eb2..267a977dd 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -462,12 +462,12 @@ problems may have been fixed or changed somewhat since this was written! 6.1 NTLM authentication and unicode NTLM authentication involving unicode user name or password only works - properly if built with UNICODE defined together with the WinSSL/Schannel + properly if built with UNICODE defined together with the Schannel backend. The original problem was mentioned in: https://curl.haxx.se/mail/lib-2009-10/0024.html https://curl.haxx.se/bug/view.cgi?id=896 - The WinSSL/Schannel version verified to work as mentioned in + The Schannel version verified to work as mentioned in https://curl.haxx.se/mail/lib-2012-07/0073.html 6.2 MIT Kerberos for Windows build diff --git a/docs/SSLCERTS.md b/docs/SSLCERTS.md index fcbc4646e..39170d085 100644 --- a/docs/SSLCERTS.md +++ b/docs/SSLCERTS.md @@ -14,7 +14,7 @@ If libcurl was built with Schannel or Secure Transport support (the native SSL libraries included in Windows and Mac OS X), then this does not apply to you. Scroll down for details on how the OS-native engines handle SSL certificates. If you're not sure, then run "curl -V" and read the results. If -the version string says "WinSSL" in it, then it was built with Schannel +the version string says `Schannel` in it, then it was built with Schannel support. It is about trust diff --git a/docs/libcurl/curl_global_sslset.3 b/docs/libcurl/curl_global_sslset.3 index fa2447e6f..02fbfc90c 100644 --- a/docs/libcurl/curl_global_sslset.3 +++ b/docs/libcurl/curl_global_sslset.3 @@ -40,7 +40,7 @@ typedef enum { CURLSSLBACKEND_POLARSSL = 6, /* deprecated */ CURLSSLBACKEND_WOLFSSL = 7, CURLSSLBACKEND_SCHANNEL = 8, - CURLSSLBACKEND_DARWINSSL = 9, + CURLSSLBACKEND_SECURETRANSPORT = 9, CURLSSLBACKEND_AXTLS = 10, /* deprecated */ CURLSSLBACKEND_MBEDTLS = 11, CURLSSLBACKEND_MESALINK = 12, diff --git a/docs/libcurl/libcurl-thread.3 b/docs/libcurl/libcurl-thread.3 index 796a5bb59..a85d0ca0d 100644 --- a/docs/libcurl/libcurl-thread.3 +++ b/docs/libcurl/libcurl-thread.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 2015 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 2015 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -59,7 +59,7 @@ https://gnutls.org/manual/html_node/Thread-safety.html thread-safe already without anything required. .IP Secure-Transport The engine is used by libcurl in a way that is fully thread-safe. -.IP WinSSL +.IP Schannel The engine is used by libcurl in a way that is fully thread-safe. .IP wolfSSL The engine is used by libcurl in a way that is fully thread-safe. diff --git a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 index d68a5bcba..cdc88460a 100644 --- a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 +++ b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 @@ -54,7 +54,7 @@ struct curl_tlssessioninfo { The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_* series: CURLSSLBACKEND_NONE (when built without TLS support), -CURLSSLBACKEND_WOLFSSL, CURLSSLBACKEND_DARWINSSL, CURLSSLBACKEND_GNUTLS, +CURLSSLBACKEND_WOLFSSL, CURLSSLBACKEND_SECURETRANSPORT, CURLSSLBACKEND_GNUTLS, CURLSSLBACKEND_GSKIT, CURLSSLBACKEND_MBEDTLS, CURLSSLBACKEND_NSS, CURLSSLBACKEND_OPENSSL, CURLSSLBACKEND_SCHANNEL or CURLSSLBACKEND_MESALINK. (Note that the OpenSSL forks are all reported as just diff --git a/packages/Symbian/group/libcurl.mmp b/packages/Symbian/group/libcurl.mmp index 3cbea6093..c10305a82 100644 --- a/packages/Symbian/group/libcurl.mmp +++ b/packages/Symbian/group/libcurl.mmp @@ -38,7 +38,7 @@ SOURCE \ idn_win32.c vtls/cyassl.c http_proxy.c non-ascii.c \ asyn-ares.c asyn-thread.c curl_gssapi.c http_ntlm.c curl_ntlm_wb.c \ curl_ntlm_core.c curl_sasl.c vtls/schannel.c curl_multibyte.c \ - vtls/darwinssl.c conncache.c curl_sasl_sspi.c smb.c curl_endian.c \ + conncache.c curl_sasl_sspi.c smb.c curl_endian.c \ curl_des.c curl_range.c system_win32.c sha256.c \ vauth/vauth.c vauth/cleartext.c vauth/cram.c vauth/digest.c \ vauth/digest_sspi.c vauth/krb5_gssapi.c vauth/krb5_sspi.c \ diff --git a/tests/FILEFORMAT.md b/tests/FILEFORMAT.md index 08dab7052..c280c852d 100644 --- a/tests/FILEFORMAT.md +++ b/tests/FILEFORMAT.md @@ -328,6 +328,7 @@ Features testable here are: - `parsedate` - `proxy` - `PSL` +- `Schannel` - `shuffle-dns` - `socks` - `SPNEGO` @@ -342,7 +343,6 @@ Features testable here are: - `unix-sockets` - `verbose-strings` - `win32` -- `WinSSL` as well as each protocol that curl supports. A protocol only needs to be specified if it is different from the server (useful when the server diff --git a/tests/data/test2043 b/tests/data/test2043 index 34f53b72e..754a9b92e 100644 --- a/tests/data/test2043 +++ b/tests/data/test2043 @@ -10,7 +10,7 @@ HTTP GET # Client-side <client> <features> -WinSSL +Schannel </features> <server> none diff --git a/tests/data/test2070 b/tests/data/test2070 index 4a21512ba..f03c87b49 100644 --- a/tests/data/test2070 +++ b/tests/data/test2070 @@ -24,7 +24,7 @@ MooMoo # Client-side <client> <features> -WinSSL +Schannel !MinGW </features> <server> diff --git a/tests/runtests.pl b/tests/runtests.pl index 203301400..a409bcc75 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -268,8 +268,8 @@ my $has_openssl; # built with a lib using an OpenSSL-like API my $has_gnutls; # built with GnuTLS my $has_nss; # built with NSS my $has_wolfssl; # built with wolfSSL -my $has_winssl; # built with WinSSL (Secure Channel aka Schannel) -my $has_darwinssl; # built with DarwinSSL (Secure Transport) +my $has_schannel; # built with Schannel +my $has_sectransp; # built with Secure Transport my $has_boringssl; # built with BoringSSL my $has_libressl; # built with libressl my $has_mbedtls; # built with mbedTLS @@ -2788,7 +2788,6 @@ sub setupfeatures { $feature{"alt-svc"} = $has_altsvc; $feature{"brotli"} = $has_brotli; $feature{"crypto"} = $has_crypto; - $feature{"DarwinSSL"} = $has_darwinssl; # alias $feature{"debug"} = $debug_build; $feature{"getrlimit"} = $has_getrlimit; $feature{"GnuTLS"} = $has_gnutls; @@ -2810,8 +2809,8 @@ sub setupfeatures { $feature{"NTLM_WB"} = $has_ntlm_wb; $feature{"OpenSSL"} = $has_openssl || $has_libressl || $has_boringssl; $feature{"PSL"} = $has_psl; - $feature{"Schannel"} = $has_winssl; # alias - $feature{"sectransp"} = $has_darwinssl; + $feature{"Schannel"} = $has_schannel; + $feature{"sectransp"} = $has_sectransp; $feature{"SPNEGO"} = $has_spnego; $feature{"SSL"} = $has_ssl; $feature{"SSLpinning"} = $has_sslpinning; @@ -2822,7 +2821,6 @@ sub setupfeatures { $feature{"unittest"} = $debug_build; $feature{"unix-sockets"} = $has_unix; $feature{"win32"} = $has_win32; - $feature{"WinSSL"} = $has_winssl; $feature{"zstd"} = $has_zstd; # make each protocol an enabled "feature" @@ -2907,7 +2905,7 @@ sub checksystem { $has_mingw = 1 if ($curl =~ /-pc-mingw32/); } if ($libcurl =~ /(winssl|schannel)/i) { - $has_winssl=1; + $has_schannel=1; $has_sslpinning=1; } elsif ($libcurl =~ /openssl/i) { @@ -2927,7 +2925,7 @@ sub checksystem { $has_sslpinning=1; } elsif ($libcurl =~ /securetransport/i) { - $has_darwinssl=1; + $has_sectransp=1; $has_sslpinning=1; } elsif ($libcurl =~ /BoringSSL/i) { diff --git a/winbuild/BUILD.WINDOWS.txt b/winbuild/BUILD.WINDOWS.txt index 0e88e6449..5b63bdcd7 100644 --- a/winbuild/BUILD.WINDOWS.txt +++ b/winbuild/BUILD.WINDOWS.txt @@ -91,7 +91,7 @@ where <options> is one or many of: ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes
ENABLE_IDN=<yes or no> - Enable use of Windows IDN APIs, defaults to yes
Requires Windows Vista or later
- ENABLE_WINSSL=<yes or no> - Enable native Windows SSL support, defaults to yes
+ ENABLE_SCHANNEL=<yes or no> - Enable native Windows SSL support, defaults to yes
GEN_PDB=<yes or no> - Generate Program Database (debug symbols for release build)
DEBUG=<yes or no> - Debug builds
MACHINE=<x86 or x64> - Target architecture (default is x86)
@@ -123,8 +123,8 @@ import symbols. Legacy Windows and SSL
======================
When you build curl using the build files in this directory the default SSL
-backend will be WinSSL (Windows SSPI, more specifically Schannel), the native
-SSL library that comes with the Windows OS. WinSSL in Windows <= XP is not able
-to connect to servers that no longer support the legacy handshakes and
-algorithms used by those versions. If you will be using curl in one of those
-earlier versions of Windows you should choose another SSL backend like OpenSSL.
+backend will be Schannel (Windows SSPI), the native SSL library that comes
+with the Windows OS. Schannel in Windows <= XP is not able to connect to
+servers that no longer support the legacy handshakes and algorithms used by
+those versions. If you will be using curl in one of those earlier versions of
+Windows you should choose another SSL backend like OpenSSL.
diff --git a/winbuild/Makefile.vc b/winbuild/Makefile.vc index 7ad49f09f..54cbf0c2a 100644 --- a/winbuild/Makefile.vc +++ b/winbuild/Makefile.vc @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1999 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. +# Copyright (C) 1999 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -56,7 +56,7 @@ CFGSET=true !MESSAGE Requires Windows Vista or later !MESSAGE ENABLE_IPV6=<yes or no> - Enable IPv6, defaults to yes !MESSAGE ENABLE_SSPI=<yes or no> - Enable SSPI support, defaults to yes -!MESSAGE ENABLE_WINSSL=<yes or no> - Enable native Windows SSL support, defaults to yes +!MESSAGE ENABLE_SCHANNEL=<yes or no> - Enable native Windows SSL support, defaults to yes !MESSAGE ENABLE_OPENSSL_AUTO_LOAD_CONFIG=<yes or no> !MESSAGE - Whether the OpenSSL configuration will be loaded automatically, defaults to yes !MESSAGE ENABLE_UNICODE=<yes or no> - Enable UNICODE support, defaults to no @@ -125,16 +125,16 @@ USE_SSPI = true USE_SSPI = false !ENDIF -!IFNDEF ENABLE_WINSSL +!IFNDEF ENABLE_SCHANNEL !IF DEFINED(WITH_SSL) || DEFINED(WITH_MBEDTLS) -USE_WINSSL = false +USE_SCHANNEL = false !ELSE -USE_WINSSL = $(USE_SSPI) +USE_SCHANNEL = $(USE_SSPI) !ENDIF -!ELSEIF "$(ENABLE_WINSSL)"=="yes" -USE_WINSSL = true -!ELSEIF "$(ENABLE_WINSSL)"=="no" -USE_WINSSL = false +!ELSEIF "$(ENABLE_SCHANNEL)"=="yes" +USE_SCHANNEL = true +!ELSEIF "$(ENABLE_SCHANNEL)"=="no" +USE_SCHANNEL = false !ENDIF !IFNDEF ENABLE_OPENSSL_AUTO_LOAD_CONFIG @@ -253,8 +253,8 @@ CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-ipv6 CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-sspi !ENDIF -!IF "$(USE_WINSSL)"=="true" -CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-winssl +!IF "$(USE_SCHANNEL)"=="true" +CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-schannel !ENDIF !IF "$(USE_NGHTTP2)"=="true" @@ -285,7 +285,7 @@ $(MODE): @SET USE_IDN=$(USE_IDN) @SET USE_IPV6=$(USE_IPV6) @SET USE_SSPI=$(USE_SSPI) - @SET USE_WINSSL=$(USE_WINSSL) + @SET USE_SCHANNEL=$(USE_SCHANNEL) @SET USE_UNICODE=$(USE_UNICODE) # compatibility bit @SET WITH_NGHTTP2=$(WITH_NGHTTP2) diff --git a/winbuild/MakefileBuild.vc b/winbuild/MakefileBuild.vc index 568fb11b6..eefc091a2 100644 --- a/winbuild/MakefileBuild.vc +++ b/winbuild/MakefileBuild.vc @@ -333,20 +333,20 @@ SSPI_CFLAGS = $(SSPI_CFLAGS) /DUSE_WINDOWS_SSPI !ENDIF
-!IFNDEF USE_WINSSL
+!IFNDEF USE_SCHANNEL
!IF "$(USE_SSL)"=="true"
-USE_WINSSL = false
+USE_SCHANNEL = false
!ELSE
-USE_WINSSL = $(USE_SSPI)
+USE_SCHANNEL = $(USE_SSPI)
!ENDIF
-!ELSEIF "$(USE_WINSSL)"=="yes"
-USE_WINSSL = true
+!ELSEIF "$(USE_SCHANNEL)"=="yes"
+USE_SCHANNEL = true
!ENDIF
-!IF "$(USE_WINSSL)"=="true"
+!IF "$(USE_SCHANNEL)"=="true"
!IF "$(USE_SSPI)"!="true"
-!ERROR cannot build with WinSSL without SSPI
+!ERROR cannot build with Schannel without SSPI
!ENDIF
SSPI_CFLAGS = $(SSPI_CFLAGS) /DUSE_SCHANNEL
WIN_LIBS = $(WIN_LIBS) Crypt32.lib
@@ -482,9 +482,9 @@ CFLAGS = $(CFLAGS) $(CFLAGS_PDB) /Fd"$(LIB_DIROBJ)\$(PDB)" LFLAGS = $(LFLAGS) $(LFLAGS_PDB)
!ENDIF
-!IF ( "$(USE_SSL)"=="true" && "$(USE_WINSSL)"=="true" ) \
+!IF ( "$(USE_SSL)"=="true" && "$(USE_SCHANNEL)"=="true" ) \
|| ( "$(USE_SSL)"=="true" && "$(USE_MBEDTLS)"=="true" ) \
- || ( "$(USE_MBEDTLS)"=="true" && "$(USE_WINSSL)"=="true" )
+ || ( "$(USE_MBEDTLS)"=="true" && "$(USE_SCHANNEL)"=="true" )
CFLAGS = $(CFLAGS) /DCURL_WITH_MULTI_SSL
!ENDIF
@@ -536,7 +536,7 @@ $(TARGET): $(LIB_OBJS) $(LIB_DIROBJ) $(DIRDIST) @echo Using IDN: $(USE_IDN)
@echo Using IPv6: $(USE_IPV6)
@echo Using SSPI: $(USE_SSPI)
- @echo Using WinSSL: $(USE_WINSSL)
+ @echo Using Schannel: $(USE_SCHANNEL)
@echo CFLAGS: $(CFLAGS)
@echo LFLAGS: $(LFLAGS)
@echo GenPDB: $(GEN_PDB)
|