Merge pull request #280 from sagebind/mesalink-ssl

Add support for MesaLink as a TLS backend

Author: alexcrichton

Cargo.toml

@@ -40,7 +40,8 @@ members = ["systest"]
 
 [features]
 default = ["ssl"]
-ssl = ["openssl-sys", "openssl-probe", "curl-sys/ssl"]
+ssl = ["openssl-sys", "openssl-probe", "curl-sys/ssl"] # OpenSSL/system TLS backend
+mesalink = ["curl-sys/mesalink"] # MesaLink TLS backend
 http2 = ["curl-sys/http2"]
 static-curl = ["curl-sys/static-curl"]
 static-ssl = ["curl-sys/static-ssl"]

README.md

@@ -131,7 +131,8 @@ By default, this crate will attempt to dynamically link to the system-wide
 libcurl and the system-wide SSL library. Some of this behavior can be customized
 with various Cargo features:
 
-- `ssl`: Enable SSL support. Enabled by default.
+- `ssl`: Enable SSL/TLS support using the platform-default TLS backend. On Windows this is [Schannel], on macOS [Secure Transport], and [OpenSSL] (or equivalent) on all other platforms.  Enabled by default.
+- `mesalink`: Enable SSL/TLS support via [MesaLink], an alternative TLS backend written in Rust based on [Rustls]. MesaLink is always statically linked. Disabled by default.
 - `http2`: Enable HTTP/2 support via libnghttp2. Disabled by default.
 - `static-curl`: Use a bundled libcurl version and statically link to it. Disabled by default.
 - `static-ssl`: Use a bundled OpenSSL version and statically link to it. Only applies on platforms that use OpenSSL. Disabled by default.
@@ -169,3 +170,9 @@ In order to avoid this failure you can either
 
 The `curl-rust` crate is licensed under the MIT license, see `LICENSE` for more
 details.
+
+
+[OpenSSL]: https://www.openssl.org/
+[Rustls]: https://github.com/ctz/rustls
+[Schannel]: https://docs.microsoft.com/en-us/windows/win32/com/schannel
+[Secure Transport]: https://developer.apple.com/documentation/security/secure_transport

curl-sys/Cargo.toml

@@ -23,6 +23,12 @@ libz-sys = "1.0.18"
 libc = "0.2.2"
 libnghttp2-sys = { optional = true, version = "0.1" }
 
+[dependencies.mesalink]
+version = "1.1.0-cratesio"
+optional = true
+default-features = false
+features = ["client_apis", "error_strings", "tls13", "aesgcm", "chachapoly", "x25519", "ecdh", "ecdsa", "verifier"]
+
 [target.'cfg(all(unix, not(target_os = "macos")))'.dependencies]
 openssl-sys = { version = "0.9", optional = true }
 

curl-sys/build.rs

@@ -211,21 +211,56 @@ fn main() {
             .file("curl/lib/vauth/vauth.c");
     }
 
-    if windows {
-        cfg.define("USE_THREADS_WIN32", None)
-            .define("HAVE_IOCTLSOCKET_FIONBIO", None)
-            .define("USE_WINSOCK", None)
-            .file("curl/lib/system_win32.c");
+    // Configure TLS backend. Since Cargo does not support mutually exclusive
+    // features, make sure we only compile one vtls.
+    if cfg!(feature = "mesalink") {
+        cfg.define("USE_MESALINK", None)
+            .file("curl/lib/vtls/mesalink.c");
+
+        if let Some(path) = env::var_os("DEP_MESALINK_INCLUDE") {
+            cfg.include(path);
+        }
 
-        if cfg!(feature = "ssl") {
+        if windows {
+            cfg.define("HAVE_WINDOWS", None);
+        } else {
+            cfg.define("HAVE_UNIX", None);
+        }
+    } else if cfg!(feature = "ssl") {
+        if windows {
             cfg.define("USE_WINDOWS_SSPI", None)
                 .define("USE_SCHANNEL", None)
                 .file("curl/lib/x509asn1.c")
                 .file("curl/lib/curl_sspi.c")
                 .file("curl/lib/socks_sspi.c")
                 .file("curl/lib/vtls/schannel.c")
                 .file("curl/lib/vtls/schannel_verify.c");
+        } else if target.contains("-apple-") {
+            cfg.define("USE_SECTRANSP", None)
+                .file("curl/lib/vtls/sectransp.c");
+            if xcode_major_version().map_or(true, |v| v >= 9) {
+                // On earlier Xcode versions (<9), defining HAVE_BUILTIN_AVAILABLE
+                // would cause __bultin_available() to fail to compile due to
+                // unrecognized platform names, so we try to check for Xcode
+                // version first (if unknown, assume it's recent, as in >= 9).
+                cfg.define("HAVE_BUILTIN_AVAILABLE", "1");
+            }
+        } else {
+            cfg.define("USE_OPENSSL", None)
+                .file("curl/lib/vtls/openssl.c");
+
+            println!("cargo:rustc-cfg=link_openssl");
+            if let Some(path) = env::var_os("DEP_OPENSSL_INCLUDE") {
+                cfg.include(path);
+            }
         }
+    }
+
+    if windows {
+        cfg.define("USE_THREADS_WIN32", None)
+            .define("HAVE_IOCTLSOCKET_FIONBIO", None)
+            .define("USE_WINSOCK", None)
+            .file("curl/lib/system_win32.c");
 
         if cfg!(feature = "spnego") {
             cfg.file("curl/lib/vauth/spnego_sspi.c");
@@ -265,28 +300,6 @@ fn main() {
             .define("SIZEOF_INT", "4")
             .define("SIZEOF_SHORT", "2");
 
-        if cfg!(feature = "ssl") {
-            if target.contains("-apple-") {
-                cfg.define("USE_SECTRANSP", None)
-                    .file("curl/lib/vtls/sectransp.c");
-                if xcode_major_version().map_or(true, |v| v >= 9) {
-                    // On earlier Xcode versions (<9), defining HAVE_BUILTIN_AVAILABLE
-                    // would cause __bultin_available() to fail to compile due to
-                    // unrecognized platform names, so we try to check for Xcode
-                    // version first (if unknown, assume it's recent, as in >= 9).
-                    cfg.define("HAVE_BUILTIN_AVAILABLE", "1");
-                }
-            } else {
-                cfg.define("USE_OPENSSL", None)
-                    .file("curl/lib/vtls/openssl.c");
-
-                println!("cargo:rustc-cfg=link_openssl");
-                if let Some(path) = env::var_os("DEP_OPENSSL_INCLUDE") {
-                    cfg.include(path);
-                }
-            }
-        }
-
         if cfg!(feature = "spnego") {
             cfg.define("HAVE_GSSAPI", None)
                 .file("curl/lib/curl_gssapi.c")

curl-sys/lib.rs

@@ -6,6 +6,8 @@ extern crate libc;
 extern crate libnghttp2_sys;
 #[cfg(link_libz)]
 extern crate libz_sys;
+#[cfg(feature = "mesalink")]
+extern crate mesalink; // ensure lib is linked to
 #[cfg(link_openssl)]
 extern crate openssl_sys;
 #[cfg(windows)]