diff --git a/Source/CTest/cmCTestCurl.cxx b/Source/CTest/cmCTestCurl.cxx index 3a5806b9589..b8e5db1c96e 100644 --- a/Source/CTest/cmCTestCurl.cxx +++ b/Source/CTest/cmCTestCurl.cxx @@ -19,6 +19,7 @@ cmCTestCurl::cmCTestCurl(cmCTest* ctest) , CurlOpts(ctest) { this->SetProxyType(); + cmCurlInitOnce(); // In windows, this will init the winsock stuff ::curl_global_init(CURL_GLOBAL_ALL); this->Curl = curl_easy_init(); diff --git a/Source/CTest/cmCTestSubmitHandler.cxx b/Source/CTest/cmCTestSubmitHandler.cxx index e69a7feb60b..85c77bea050 100644 --- a/Source/CTest/cmCTestSubmitHandler.cxx +++ b/Source/CTest/cmCTestSubmitHandler.cxx @@ -171,6 +171,7 @@ bool cmCTestSubmitHandler::SubmitUsingHTTP( headers = ::curl_slist_append(headers, h.c_str()); } + cmCurlInitOnce(); /* In windows, this will init the winsock stuff */ ::curl_global_init(CURL_GLOBAL_ALL); cmCTestCurlOpts curlOpts(this->CTest); diff --git a/Source/cmCurl.cxx b/Source/cmCurl.cxx index ddd5f69b9d5..65fccd03505 100644 --- a/Source/cmCurl.cxx +++ b/Source/cmCurl.cxx @@ -39,6 +39,11 @@ # define CURL_SSLVERSION_TLSv1_3 CURL_SSLVERSION_LAST #endif +// curl versions before 7.64.1 referred to Secure Transport as DarwinSSL +#if defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM < 0x074001 +# define CURLSSLBACKEND_SECURETRANSPORT CURLSSLBACKEND_DARWINSSL +#endif + // Make sure we keep up with new TLS versions supported by curl. // Do this only for our vendored curl to avoid breaking builds // against external future versions of curl. @@ -47,6 +52,30 @@ static_assert(CURL_SSLVERSION_LAST == 8, "A new CURL_SSLVERSION_ may be available!"); #endif +void cmCurlInitOnce() +{ + // curl 7.56.0 introduced curl_global_sslset. +#if defined(__APPLE__) && defined(CMAKE_USE_SYSTEM_CURL) && \ + defined(LIBCURL_VERSION_NUM) && LIBCURL_VERSION_NUM >= 0x073800 + static bool initialized = false; + if (initialized) { + return; + } + initialized = true; + + cm::optional curl_ssl_backend = + cmSystemTools::GetEnvVar("CURL_SSL_BACKEND"); + if (!curl_ssl_backend || curl_ssl_backend->empty()) { + curl_version_info_data* cv = curl_version_info(CURLVERSION_FIRST); + // curl 8.3.0 through 8.5.x did not re-initialize LibreSSL correctly, + // so prefer the Secure Transport backend by default in those versions. + if (cv->version_num >= 0x080300 && cv->version_num < 0x080600) { + curl_global_sslset(CURLSSLBACKEND_SECURETRANSPORT, NULL, NULL); + } + } +#endif +} + cm::optional cmCurlParseTLSVersion(cm::string_view tls_version) { cm::optional v; diff --git a/Source/cmCurl.h b/Source/cmCurl.h index 8b8c88b895e..bb2221f2576 100644 --- a/Source/cmCurl.h +++ b/Source/cmCurl.h @@ -11,6 +11,7 @@ #include +void cmCurlInitOnce(); cm::optional cmCurlParseTLSVersion(cm::string_view tls_version); cm::optional cmCurlPrintTLSVersion(int curl_tls_version); std::string cmCurlSetCAInfo(::CURL* curl, const std::string& cafile = {}); diff --git a/Source/cmFileCommand.cxx b/Source/cmFileCommand.cxx index ce8cc2a39fd..6265f82177d 100644 --- a/Source/cmFileCommand.cxx +++ b/Source/cmFileCommand.cxx @@ -2115,6 +2115,7 @@ bool HandleDownloadCommand(std::vector const& args, url = cmCurlFixFileURL(url); ::CURL* curl; + cmCurlInitOnce(); ::curl_global_init(CURL_GLOBAL_DEFAULT); curl = ::curl_easy_init(); if (!curl) { @@ -2488,6 +2489,7 @@ bool HandleUploadCommand(std::vector const& args, url = cmCurlFixFileURL(url); ::CURL* curl; + cmCurlInitOnce(); ::curl_global_init(CURL_GLOBAL_DEFAULT); curl = ::curl_easy_init(); if (!curl) {