Google Git
Sign in
fuchsia / third_party / github.com / Kitware / CMake / d3cbee99e3c998d5821add091b426661f09f19f8^! / .
commitd3cbee99e3c998d5821add091b426661f09f19f8[log] [tgz]
authorBrad King <brad.king@kitware.com>Thu May 09 09:01:46 2024 -0400
committerBrad King <brad.king@kitware.com>Thu May 09 14:58:06 2024 -0400
treeaae811a093a1055e2a789860ad42f83488ae59dc
parentd224c018fe807a733b82973214782e5c24c1ce76 [diff]
macOS: Prefer building with system-provided curl

Our vendored curl only enables the Secure Transport backend by default
(`CURL_SSL_BACKEND=secure-transport`), but it is limited to TLS 1.2.

The macOS SDK provides the curl development components, and the
corresponding `libcurl.4.dylib` runtime library comes with macOS.
On macOS 12 and above, the default `CURL_SSL_BACKEND=openssl`
backend seems to be capable of selecting TLS 1.3 at runtime for
https connections.

Unfortunately the macOS version of curl, even on macOS 14.4, does
not accept `CURL_SSLVERSION_TLSv1_3` at runtime to enforce TLS 1.3.
However, while our vendored curl accepts the option and passes it
to Secure Transport, macOS does not actually enforce it anyway.

Fixes: #25870
Fixes: #23701

diff --git a/.gitlab/ci/configure_macos_arm64_ninja.cmake b/.gitlab/ci/configure_macos_arm64_ninja.cmake
index 9611f0b..de0ffc0 100644
--- a/.gitlab/ci/configure_macos_arm64_ninja.cmake
+++ b/.gitlab/ci/configure_macos_arm64_ninja.cmake

@@ -8,7 +8,7 @@
 set(CMake_TEST_GUI "ON" CACHE BOOL "")
 set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
 set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
-set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
+set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
 
 include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
 include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake")

diff --git a/.gitlab/ci/configure_macos_x86_64_makefiles.cmake b/.gitlab/ci/configure_macos_x86_64_makefiles.cmake
index ed25f68..43505db 100644
--- a/.gitlab/ci/configure_macos_x86_64_makefiles.cmake
+++ b/.gitlab/ci/configure_macos_x86_64_makefiles.cmake

@@ -8,7 +8,7 @@
 endif()
 set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
 set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
-set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
+set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
 
 include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
 include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake")

diff --git a/.gitlab/ci/configure_macos_x86_64_ninja.cmake b/.gitlab/ci/configure_macos_x86_64_ninja.cmake
index 0feafa2..83d1e2c 100644
--- a/.gitlab/ci/configure_macos_x86_64_ninja.cmake
+++ b/.gitlab/ci/configure_macos_x86_64_ninja.cmake

@@ -11,7 +11,7 @@
 endif()
 set(CMake_TEST_TLS_VERIFY_URL "https://gitlab.kitware.com" CACHE STRING "")
 set(CMake_TEST_TLS_VERIFY_URL_BAD "https://badtls-expired.kitware.com" CACHE STRING "")
-set(CMake_TEST_TLS_VERSION "1.3" CACHE STRING "")
+set(CMake_TEST_TLS_VERSION "1.2" CACHE STRING "")
 
 include("${CMAKE_CURRENT_LIST_DIR}/configure_macos_common.cmake")
 include("${CMAKE_CURRENT_LIST_DIR}/configure_common.cmake")

diff --git a/CMakeLists.txt b/CMakeLists.txt
index e8537ed..081bd7d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt

@@ -178,6 +178,9 @@
       string(TOLOWER "${util}" lutil)
       set(CMAKE_USE_SYSTEM_${util} "${CMAKE_USE_SYSTEM_LIBRARY_${util}}"
         CACHE BOOL "Use system-installed ${lutil}" FORCE)
+    elseif(util STREQUAL "CURL" AND APPLE)
+      # macOS provides a curl with backends configured by Apple.
+      set(CMAKE_USE_SYSTEM_LIBRARY_${util} ON)
     else()
       set(CMAKE_USE_SYSTEM_LIBRARY_${util} OFF)
     endif()

diff --git a/bootstrap b/bootstrap
index 60e5638..3abeec6 100755
--- a/bootstrap
+++ b/bootstrap

@@ -684,8 +684,8 @@
                           (default)
   --system-cppdap         use system-installed cppdap library
   --no-system-cppdap      use cmake-provided cppdap library (default)
-  --system-curl           use system-installed curl library
-  --no-system-curl        use cmake-provided curl library (default)
+  --system-curl           use system-installed curl library (default on macOS)
+  --no-system-curl        use cmake-provided curl library (default elsewhere)
   --system-expat          use system-installed expat library
   --no-system-expat       use cmake-provided expat library (default)
   --system-jsoncpp        use system-installed jsoncpp library