diff --git a/Cargo.toml b/Cargo.toml index bf4937a010..ddac5a0b26 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -40,7 +40,8 @@ members = ["systest"] [features] default = ["ssl"] -ssl = ["openssl-sys", "openssl-probe", "curl-sys/ssl"] +ssl = ["openssl-sys", "openssl-probe", "curl-sys/ssl"] # OpenSSL/system TLS backend +mesalink = ["curl-sys/mesalink"] # MesaLink TLS backend http2 = ["curl-sys/http2"] static-curl = ["curl-sys/static-curl"] static-ssl = ["curl-sys/static-ssl"] diff --git a/README.md b/README.md index 5507004f88..4c442e5104 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,8 @@ By default, this crate will attempt to dynamically link to the system-wide libcurl and the system-wide SSL library. Some of this behavior can be customized with various Cargo features: -- `ssl`: Enable SSL support. Enabled by default. +- `ssl`: Enable SSL/TLS support using the platform-default TLS backend. On Windows this is [Schannel], on macOS [Secure Transport], and [OpenSSL] (or equivalent) on all other platforms. Enabled by default. +- `mesalink`: Enable SSL/TLS support via [MesaLink], an alternative TLS backend written in Rust based on [Rustls]. MesaLink is always statically linked. Disabled by default. - `http2`: Enable HTTP/2 support via libnghttp2. Disabled by default. - `static-curl`: Use a bundled libcurl version and statically link to it. Disabled by default. - `static-ssl`: Use a bundled OpenSSL version and statically link to it. Only applies on platforms that use OpenSSL. Disabled by default. @@ -169,3 +170,9 @@ In order to avoid this failure you can either The `curl-rust` crate is licensed under the MIT license, see `LICENSE` for more details. + + +[OpenSSL]: https://www.openssl.org/ +[Rustls]: https://github.com/ctz/rustls +[Schannel]: https://docs.microsoft.com/en-us/windows/win32/com/schannel +[Secure Transport]: https://developer.apple.com/documentation/security/secure_transport diff --git a/curl-sys/Cargo.toml b/curl-sys/Cargo.toml index 6a5c625766..3b8247ce54 100644 --- a/curl-sys/Cargo.toml +++ b/curl-sys/Cargo.toml @@ -23,6 +23,12 @@ libz-sys = "1.0.18" libc = "0.2.2" libnghttp2-sys = { optional = true, version = "0.1" } +[dependencies.mesalink] +version = "1.1.0-cratesio" +optional = true +default-features = false +features = ["client_apis", "error_strings", "tls13", "aesgcm", "chachapoly", "x25519", "ecdh", "ecdsa", "verifier"] + [target.'cfg(all(unix, not(target_os = "macos")))'.dependencies] openssl-sys = { version = "0.9", optional = true } diff --git a/curl-sys/build.rs b/curl-sys/build.rs index 57662e8294..59c23b0c09 100644 --- a/curl-sys/build.rs +++ b/curl-sys/build.rs @@ -211,13 +211,23 @@ fn main() { .file("curl/lib/vauth/vauth.c"); } - if windows { - cfg.define("USE_THREADS_WIN32", None) - .define("HAVE_IOCTLSOCKET_FIONBIO", None) - .define("USE_WINSOCK", None) - .file("curl/lib/system_win32.c"); + // Configure TLS backend. Since Cargo does not support mutually exclusive + // features, make sure we only compile one vtls. + if cfg!(feature = "mesalink") { + cfg.define("USE_MESALINK", None) + .file("curl/lib/vtls/mesalink.c"); + + if let Some(path) = env::var_os("DEP_MESALINK_INCLUDE") { + cfg.include(path); + } - if cfg!(feature = "ssl") { + if windows { + cfg.define("HAVE_WINDOWS", None); + } else { + cfg.define("HAVE_UNIX", None); + } + } else if cfg!(feature = "ssl") { + if windows { cfg.define("USE_WINDOWS_SSPI", None) .define("USE_SCHANNEL", None) .file("curl/lib/x509asn1.c") @@ -225,7 +235,32 @@ fn main() { .file("curl/lib/socks_sspi.c") .file("curl/lib/vtls/schannel.c") .file("curl/lib/vtls/schannel_verify.c"); + } else if target.contains("-apple-") { + cfg.define("USE_SECTRANSP", None) + .file("curl/lib/vtls/sectransp.c"); + if xcode_major_version().map_or(true, |v| v >= 9) { + // On earlier Xcode versions (<9), defining HAVE_BUILTIN_AVAILABLE + // would cause __bultin_available() to fail to compile due to + // unrecognized platform names, so we try to check for Xcode + // version first (if unknown, assume it's recent, as in >= 9). + cfg.define("HAVE_BUILTIN_AVAILABLE", "1"); + } + } else { + cfg.define("USE_OPENSSL", None) + .file("curl/lib/vtls/openssl.c"); + + println!("cargo:rustc-cfg=link_openssl"); + if let Some(path) = env::var_os("DEP_OPENSSL_INCLUDE") { + cfg.include(path); + } } + } + + if windows { + cfg.define("USE_THREADS_WIN32", None) + .define("HAVE_IOCTLSOCKET_FIONBIO", None) + .define("USE_WINSOCK", None) + .file("curl/lib/system_win32.c"); if cfg!(feature = "spnego") { cfg.file("curl/lib/vauth/spnego_sspi.c"); @@ -265,28 +300,6 @@ fn main() { .define("SIZEOF_INT", "4") .define("SIZEOF_SHORT", "2"); - if cfg!(feature = "ssl") { - if target.contains("-apple-") { - cfg.define("USE_SECTRANSP", None) - .file("curl/lib/vtls/sectransp.c"); - if xcode_major_version().map_or(true, |v| v >= 9) { - // On earlier Xcode versions (<9), defining HAVE_BUILTIN_AVAILABLE - // would cause __bultin_available() to fail to compile due to - // unrecognized platform names, so we try to check for Xcode - // version first (if unknown, assume it's recent, as in >= 9). - cfg.define("HAVE_BUILTIN_AVAILABLE", "1"); - } - } else { - cfg.define("USE_OPENSSL", None) - .file("curl/lib/vtls/openssl.c"); - - println!("cargo:rustc-cfg=link_openssl"); - if let Some(path) = env::var_os("DEP_OPENSSL_INCLUDE") { - cfg.include(path); - } - } - } - if cfg!(feature = "spnego") { cfg.define("HAVE_GSSAPI", None) .file("curl/lib/curl_gssapi.c") diff --git a/curl-sys/lib.rs b/curl-sys/lib.rs index 1528899575..9eaca45091 100644 --- a/curl-sys/lib.rs +++ b/curl-sys/lib.rs @@ -6,6 +6,8 @@ extern crate libc; extern crate libnghttp2_sys; #[cfg(link_libz)] extern crate libz_sys; +#[cfg(feature = "mesalink")] +extern crate mesalink; // ensure lib is linked to #[cfg(link_openssl)] extern crate openssl_sys; #[cfg(windows)]