b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

curl: add support for Rustls backend

Browse source 
No functional changes for the other TLS backend but it is now possible
to build curl with `rustls-ffi`.

```
> ./result-bin/bin/curl --version
curl 8.0.1 (x86_64-pc-linux-gnu) libcurl/8.0.1 rustls-ffi/0.9.2/rustls/0.20.8 zlib/1.2.13 brotli/1.0.9 zstd/1.5.4 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.51.0
Release-Date: 2023-03-20
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz SPNEGO SSL threadsafe UnixSockets zstd
```
This commit is contained in:
Thomas Gerbet 2023-04-01 18:35:18 +02:00
parent 7f0e9a3d13
commit 74207b79f0
2 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pkgs/development/libraries/rustls-ffi/default.nix
View file

@ -1,4 +1,4 @@
{ lib, stdenv, fetchFromGitHub, rustPlatform, Security, apacheHttpd }: { lib, stdenv, fetchFromGitHub, rustPlatform, Security, apacheHttpd, curl }:
rustPlatform.buildRustPackage rec { rustPlatform.buildRustPackage rec {
pname = "rustls-ffi"; pname = "rustls-ffi";
@ -28,6 +28,7 @@ rustPlatform.buildRustPackage rec {
passthru.tests = { passthru.tests = {
apacheHttpd = apacheHttpd.override { modTlsSupport = true; }; apacheHttpd = apacheHttpd.override { modTlsSupport = true; };
curl = curl.override { opensslSupport = false; rustlsSupport = true; };
}; };
meta = with lib; { meta = with lib; {

13
pkgs/tools/networking/curl/default.nix
View file

@ -22,6 +22,7 @@
, rtmpSupport ? false, rtmpdump , rtmpSupport ? false, rtmpdump
, scpSupport ? zlibSupport && !stdenv.isSunOS && !stdenv.isCygwin, libssh2 , scpSupport ? zlibSupport && !stdenv.isSunOS && !stdenv.isCygwin, libssh2
, wolfsslSupport ? false, wolfssl , wolfsslSupport ? false, wolfssl
, rustlsSupport ? false, rustls-ffi
, zlibSupport ? true, zlib , zlibSupport ? true, zlib
, zstdSupport ? false, zstd , zstdSupport ? false, zstd
@ -42,9 +43,7 @@
# cgit) that are needed here should be included directly in Nixpkgs as # cgit) that are needed here should be included directly in Nixpkgs as
# files. # files.
assert !(gnutlsSupport && opensslSupport); assert !((lib.count (x: x) [ gnutlsSupport opensslSupport wolfsslSupport rustlsSupport ]) > 1);
assert !(gnutlsSupport && wolfsslSupport);
assert !(opensslSupport && wolfsslSupport);
stdenv.mkDerivation (finalAttrs: { stdenv.mkDerivation (finalAttrs: {
pname = "curl"; pname = "curl";
@ -89,6 +88,7 @@ stdenv.mkDerivation (finalAttrs: {
optional rtmpSupport rtmpdump ++ optional rtmpSupport rtmpdump ++
optional scpSupport libssh2 ++ optional scpSupport libssh2 ++
optional wolfsslSupport wolfssl ++ optional wolfsslSupport wolfssl ++
optional rustlsSupport rustls-ffi ++
optional zlibSupport zlib ++ optional zlibSupport zlib ++
optional zstdSupport zstd; optional zstdSupport zstd;
@ -104,11 +104,12 @@ stdenv.mkDerivation (finalAttrs: {
(lib.enableFeature c-aresSupport "ares") (lib.enableFeature c-aresSupport "ares")
(lib.enableFeature ldapSupport "ldap") (lib.enableFeature ldapSupport "ldap")
(lib.enableFeature ldapSupport "ldaps") (lib.enableFeature ldapSupport "ldaps")
# The build fails when using wolfssl with --with-ca-fallback # --with-ca-fallback is only supported for openssl and gnutls https://github.com/curl/curl/blame/curl-8_0_1/acinclude.m4#L1640
(lib.withFeature (!wolfsslSupport) "ca-fallback") (lib.withFeature (opensslSupport || gnutlsSupport) "ca-fallback")
(lib.withFeature http3Support "nghttp3") (lib.withFeature http3Support "nghttp3")
(lib.withFeature http3Support "ngtcp2") (lib.withFeature http3Support "ngtcp2")
(lib.withFeature rtmpSupport "librtmp") (lib.withFeature rtmpSupport "librtmp")
(lib.withFeature rustlsSupport "rustls")
(lib.withFeature zstdSupport "zstd") (lib.withFeature zstdSupport "zstd")
(lib.withFeatureAs brotliSupport "brotli" (lib.getDev brotli)) (lib.withFeatureAs brotliSupport "brotli" (lib.getDev brotli))
(lib.withFeatureAs gnutlsSupport "gnutls" (lib.getDev gnutls)) (lib.withFeatureAs gnutlsSupport "gnutls" (lib.getDev gnutls))
@ -129,7 +130,7 @@ stdenv.mkDerivation (finalAttrs: {
# Without this curl might detect /etc/ssl/cert.pem at build time on macOS, causing curl to ignore NIX_SSL_CERT_FILE. # Without this curl might detect /etc/ssl/cert.pem at build time on macOS, causing curl to ignore NIX_SSL_CERT_FILE.
"--without-ca-bundle" "--without-ca-bundle"
"--without-ca-path" "--without-ca-path"
] ++ lib.optionals (!gnutlsSupport && !opensslSupport && !wolfsslSupport) [ ] ++ lib.optionals (!gnutlsSupport && !opensslSupport && !wolfsslSupport && !rustlsSupport) [
"--without-ssl" "--without-ssl"
]; ];