gentoo auto-resync : 09:02:2025 - 00:12:00

author: V3n3RiX <venerix@koprulu.sector> 2025-02-09 00:12:01 +0000
committer: V3n3RiX <venerix@koprulu.sector> 2025-02-09 00:12:01 +0000
commit: b95a6fd4a7b591baa7cfc689f8ce5643592d07be (patch)
tree: 6a7c4722b40bdb6c409879ce253d8b42817fec14 /net-misc/curl
parent: 8b3c41ecef8a1cdd270ce3aabcfdfb991839699c (diff)
3 files changed, 527 insertions, 0 deletions
diff --git a/net-misc/curl/Manifest b/net-misc/curl/Manifest
index 6b5796ca3350..b88bc98263c8 100644
--- a/net-misc/curl/Manifest
+++ b/net-misc/curl/Manifest
@@ -6,6 +6,7 @@ AUX curl-8.11.0-mbedtls-global-init.patch 1868 BLAKE2B 722959cd1f70d336f093ae833
 AUX curl-8.11.0-netrc-large-file.patch 719 BLAKE2B b7a838f76a6c6eba341bacb7826caf1c7ca73c57a3b60f8136b47b32e91bfe3b0663d47b3273095b8a93736ceda96833d25f106d82efbc7afe6315020bfca798 SHA512 ef0d4204e6ca7bee17ccebf20ea6873076a571819bcece058eae7e6c3a62bff431d6161aa4da0725ea1e8b278f121d682361f4df1fe4adc58a1375e611a510a8
 AUX curl-8.11.0-setopt-http_content_decoding.patch 691 BLAKE2B a812c178c0a3a4f5dc78fc576c9aef247de70eb32ab02b96e2e1e5b9428e6928c538e0a981ac98ae2f1428ae4c12bad767e1efc32a48a21ed99e0afc50180ec6 SHA512 9ef6fca7ae98bce6cee40ca5c25e7a22e937e0118bcee948e95cb8a8c5e6ca3f7e8b2327716cf7d55d976bfd6d30d57617d7da52ff971b82b22ff33878fa1d3e
 AUX curl-8.11.1-async-thread-close-eventfd.patch 1080 BLAKE2B fa1ff8ff20870c80a4c7dd0ef2ec116ce78a987b9659a77f513c44b6237f0b0b6bf48e547cefd6e157d85ee6113669bffe02e6f7321b19a8ffec12caa2d655f4 SHA512 a4662fbea884a05e151c0d100e012e9f1c1f8de53f70f20c9df6fc54ea9d293211475dd084bae32bf0508c7438971f921f6840cae4e9424589511dbe44584609
+AUX curl-8.12.0-multi.patch 5760 BLAKE2B 563bba68b61ab1f7cde20130b398e10fde4618b199d1db276d4c8864b1b68792ff6b209dce40311184fd73606a17f38a0cce263a3adea33d2881d3fa38b22911 SHA512 7e72c091e1aede53f3981df81972908c19d15925ad78f396b02e13a44ffd487bacddb4514d05609f0bae5d78c8a4ebcf648fed0076f28146ed3e4501ef97d960
 AUX curl-8.8.0-install-manpage.patch 659 BLAKE2B 44a303863fb826d0fca139c8a9091ce1e9ed461f3ee1545b4c3fb9a03dae2f707622b61d4f34345bafcccab751f989972eead676de5a784b5af138a1cc0e467c SHA512 0d5acfb2cf32b3855a29e01cacc5b3f06014832ca0adfa554938b3b06658dd63a4bac75932b4476b856f4c9adb096217bbb549b1a81a4a012f8b668cb9420079
 AUX curl-8.8.0-mbedtls.patch 1686 BLAKE2B 6bafbfcf8c418e0507dc910aafe8667c3a71c535fa13f329ef67087edb4f6dcbe70113f752baf8a9ac6c72424045a3111b4e21992c84c7d2cd66684cfaa0ad0f SHA512 07ae1a42da92a200bbc72d911ecbf83b93df2a2be6022605842fc08bc870e466b19b6dc78298039027266155a5c9fcc81f05107fdbdfba4cfac4ddaad4d2a586
 AUX curl-8.8.0-multi_wait-timeout.patch 2732 BLAKE2B ae2f40f6dcec16761d959fe5eeaff531ff3ac2c2cd26d676261ecac406653c3d560941455f6d46dd1552f20429582173e45f05865cbdd009c28f21de6a98a458 SHA512 1fbb5506ce1b87c90ea2d029adb9eaccb9930203c8aa0c119666cbee6fc1fc190423f02592bb2620ca3fa1b60822fc704bbc6f671152e877b2383173260acb04
@@ -24,6 +25,7 @@ DIST curl-8.9.1.tar.xz 2782364 BLAKE2B 6e38e20e2b03ab5bfbb8d9797442dfdd9644fc80d
 DIST curl-8.9.1.tar.xz.asc 488 BLAKE2B 437268f6e5ba5db73f205fd87f3ded1e5fc200e8bf63a83cdb7e21dfbf2f4a4620e598cd0bf5d8fa1548ade08d45b386599542cd988df46a238b85790409f42e SHA512 18acd58436d70900ab6912b84774da2c451b9dbfc83d6d00f85bbbe7894b67075918e58956fdb753fcc1486e4f10caa31139d7c68b037d7c83dc2e9c2fae9f9b
 EBUILD curl-8.10.1-r2.ebuild 11386 BLAKE2B 4fc98c3aa27836ed387bee340f1c197bd1c3eeb902bc976de4a04e35df38df8e57f790d827583fb08e6634b160adbf35ffa97b036162542bbc540e5425bfa1b2 SHA512 be8490b399f27925e0f911f7aa4a21f4967c68b1e22b0c3e85776118b8db68161b7c9568f4f1fa85bdf4acbdc876068cf2054a17e04ba0640ceb18165091f30b
 EBUILD curl-8.11.1-r2.ebuild 11440 BLAKE2B 7b9b657400dc526b4f3e062d930861c11a783d6ca749df3d4673aa5409fed3c4cff25adea2263e8713de28db99b7a66a74fe0508c60773a028157af31e1ee2eb SHA512 5c80516ee662687c65e5f77e19469a8d36d65277f40110b3c3d54a6c94481aad0212ff98783f65ef0667b37b971cd7472f55b662eb1ad2754b6b881a4dd14a68
+EBUILD curl-8.12.0-r1.ebuild 11669 BLAKE2B 84f5d4b056b2f4a2e142cddd26d9c5d8143677350d2be116fe04c7dba6e7590fe075c02ba3466acb32091662f47254f489bef93ce8bb4c87edd3be1abb451a88 SHA512 b934aefa031d3242bbdbf6b676eab406ddeedf7d869361b800c42737dec6819f3bab7cd6618bc8ad8afdc72c0c965be93f57d2e03874e7ae283a053702a73626
 EBUILD curl-8.12.0.ebuild 11637 BLAKE2B e2263e9b91e5629d126cd3a151e0bc5f8cf289148d50d70df2237ff5d73c1afc4473813ac08081a2818e2b4069f7e7b7f9121cfdeb9025c19a7ca71263f8c7dc SHA512 98599baa5514c7a1010b149dc5b15610464a5f188f4ec2bc479102cac35a551e49f0418dad01236be277dc3619d129af4d9aab949a6b85ee3247afa4080e9294
 EBUILD curl-8.9.1-r2.ebuild 11436 BLAKE2B d3c76be0c731c44b2f5a2005f1820582c359128b4d1936789fd6d10bdfb8c6f2b9edeb12e978b5e211f2af4ee4a1381195ebcb4082ba756bd26fea7114b7998c SHA512 85430bf7f790d20368926e0b512277daff19f299517824d23aa7dc80fa96150b203abaa9a36736a7e6cc232a437198605df8860f84ae56c2d62027cfdbe7f663
 EBUILD curl-9999.ebuild 11637 BLAKE2B e2263e9b91e5629d126cd3a151e0bc5f8cf289148d50d70df2237ff5d73c1afc4473813ac08081a2818e2b4069f7e7b7f9121cfdeb9025c19a7ca71263f8c7dc SHA512 98599baa5514c7a1010b149dc5b15610464a5f188f4ec2bc479102cac35a551e49f0418dad01236be277dc3619d129af4d9aab949a6b85ee3247afa4080e9294
diff --git a/net-misc/curl/curl-8.12.0-r1.ebuild b/net-misc/curl/curl-8.12.0-r1.ebuild
new file mode 100644
index 000000000000..7acb873fe0b5
--- /dev/null
+++ b/net-misc/curl/curl-8.12.0-r1.ebuild
@@ -0,0 +1,389 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# Maintainers should subscribe to the 'curl-distros' ML for backports etc
+# https://daniel.haxx.se/blog/2024/03/25/curl-distro-report/
+# https://lists.haxx.se/listinfo/curl-distros
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/danielstenberg.asc
+inherit autotools multilib-minimal multiprocessing prefix toolchain-funcs verify-sig
+
+DESCRIPTION="A Client that groks URLs"
+HOMEPAGE="https://curl.se/"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/curl/curl.git"
+else
+	SRC_URI="
+		https://curl.se/download/${P}.tar.xz
+		verify-sig? ( https://curl.se/download/${P}.tar.xz.asc )
+	"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+fi
+
+LICENSE="BSD curl ISC test? ( BSD-4 )"
+SLOT="0"
+IUSE="+adns +alt-svc brotli debug +ftp gnutls gopher +hsts +http2 +http3 idn +imap kerberos ldap mbedtls +openssl +pop3"
+IUSE+=" +psl +progress-meter +quic rtmp rustls samba +smtp ssh ssl sslv3 static-libs test telnet +tftp +websockets zstd"
+# These select the default tls implementation / which quic impl to use
+IUSE+=" +curl_quic_openssl curl_quic_ngtcp2 curl_ssl_gnutls curl_ssl_mbedtls +curl_ssl_openssl curl_ssl_rustls"
+RESTRICT="!test? ( test )"
+
+# Only one default ssl / quic provider can be enabled
+# The default provider needs its USE satisfied
+# HTTP/3 and MultiSSL are mutually exclusive; it's not clear if MultiSSL offers any benefit at all in the modern day.
+# https://github.com/curl/curl/commit/65ece771f4602107d9cdd339dff4b420280a2c2e
+REQUIRED_USE="
+	quic? (
+		^^ (
+			curl_quic_openssl
+			curl_quic_ngtcp2
+		)
+		http3
+		ssl
+	)
+	ssl? (
+		^^ (
+			curl_ssl_gnutls
+			curl_ssl_mbedtls
+			curl_ssl_openssl
+			curl_ssl_rustls
+		)
+	)
+	curl_quic_openssl? (
+		curl_ssl_openssl
+		quic
+		!gnutls
+		!mbedtls
+		!rustls
+	)
+	curl_quic_ngtcp2? (
+		curl_ssl_gnutls
+		quic
+		!mbedtls
+		!openssl
+		!rustls
+	)
+	curl_ssl_gnutls? ( gnutls )
+	curl_ssl_mbedtls? ( mbedtls )
+	curl_ssl_openssl? ( openssl )
+	curl_ssl_rustls? ( rustls )
+	http3? ( alt-svc quic )
+"
+
+# cURL's docs and CI/CD are great resources for confirming supported versions
+# particulary for fast-moving targets like HTTP/2 and TCP/2 e.g.:
+# - https://github.com/curl/curl/blob/master/docs/INTERNALS.md (core dependencies + minimum versions)
+# - https://github.com/curl/curl/blob/master/docs/HTTP3.md (example of a feature that moves quickly)
+# - https://github.com/curl/curl/blob/master/.github/workflows/http3-linux.yml (CI/CD for TCP/2)
+# However 'supported' vs 'works' are two entirely different things; be sane but
+# don't be afraid to require a later version.
+# ngtcp2 = https://bugs.gentoo.org/912029 - can only build with one tls backend at a time.
+RDEPEND="
+	>=sys-libs/zlib-1.1.4[${MULTILIB_USEDEP}]
+	adns? ( >=net-dns/c-ares-1.16.0:=[${MULTILIB_USEDEP}] )
+	brotli? ( app-arch/brotli:=[${MULTILIB_USEDEP}] )
+	http2? ( >=net-libs/nghttp2-1.15.0:=[${MULTILIB_USEDEP}] )
+	http3? ( >=net-libs/nghttp3-1.1.0[${MULTILIB_USEDEP}] )
+	idn? ( >=net-dns/libidn2-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=virtual/krb5-0-r1[${MULTILIB_USEDEP}] )
+	ldap? ( >=net-nds/openldap-2.0.0:=[static-libs?,${MULTILIB_USEDEP}] )
+	psl? ( net-libs/libpsl[${MULTILIB_USEDEP}] )
+	quic? (
+		curl_quic_openssl? ( >=dev-libs/openssl-3.3.0:=[quic,${MULTILIB_USEDEP}] )
+		curl_quic_ngtcp2? ( >=net-libs/ngtcp2-1.2.0[gnutls,ssl,-openssl,${MULTILIB_USEDEP}] )
+	)
+	rtmp? ( media-video/rtmpdump[${MULTILIB_USEDEP}] )
+	ssh? ( >=net-libs/libssh2-1.0.0[${MULTILIB_USEDEP}] )
+	ssl? (
+		gnutls? (
+			app-misc/ca-certificates
+			>=net-libs/gnutls-3.1.10:=[static-libs?,${MULTILIB_USEDEP}]
+			dev-libs/nettle:=[${MULTILIB_USEDEP}]
+		)
+		mbedtls? (
+			app-misc/ca-certificates
+			net-libs/mbedtls:0=[${MULTILIB_USEDEP}]
+		)
+		openssl? (
+			>=dev-libs/openssl-0.9.7:=[sslv3(-)=,static-libs?,${MULTILIB_USEDEP}]
+		)
+		rustls? (
+			>=net-libs/rustls-ffi-0.14.0:=[${MULTILIB_USEDEP}]
+		)
+	)
+	zstd? ( app-arch/zstd:=[${MULTILIB_USEDEP}] )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	dev-lang/perl
+	virtual/pkgconfig
+	test? (
+		sys-apps/diffutils
+		http2? ( >=net-libs/nghttp2-1.15.0:=[utils,${MULTILIB_USEDEP}] )
+		http3? ( net-libs/nghttp2:=[utils,${MULTILIB_USEDEP}] )
+	)
+	verify-sig? ( sec-keys/openpgp-keys-danielstenberg )
+"
+
+DOCS=( README docs/{FEATURES.md,INTERNALS.md,FAQ,BUGS.md,CONTRIBUTE.md} )
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/curl/curlbuild.h
+)
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/curl-config
+)
+
+QA_CONFIG_IMPL_DECL_SKIP=(
+	__builtin_available
+	closesocket
+	CloseSocket
+	getpass_r
+	ioctlsocket
+	IoctlSocket
+	mach_absolute_time
+	setmode
+	_fseeki64
+	# custom AC_LINK_IFELSE code fails to link even without -Werror
+	OSSL_QUIC_client_method
+)
+
+PATCHES=(
+	"${FILESDIR}/${PN}-prefix-4.patch"
+	"${FILESDIR}/${PN}-respect-cflags-3.patch"
+	"${FILESDIR}/${P}-multi.patch"
+)
+
+src_prepare() {
+	default
+
+	eprefixify curl-config.in
+	eautoreconf
+}
+
+multilib_src_configure() {
+	# We make use of the fact that later flags override earlier ones
+	# So start with all ssl providers off until proven otherwise
+	# TODO: in the future, we may want to add wolfssl (https://www.wolfssl.com/)
+	local myconf=()
+
+	myconf+=( --without-ca-fallback --with-ca-bundle="${EPREFIX}"/etc/ssl/certs/ca-certificates.crt  )
+	if use ssl; then
+		myconf+=( --without-gnutls --without-mbedtls --without-rustls )
+
+		if use gnutls; then
+			multilib_is_native_abi && einfo "SSL provided by gnutls"
+			myconf+=( --with-gnutls )
+		fi
+		if use mbedtls; then
+			multilib_is_native_abi && einfo "SSL provided by mbedtls"
+			myconf+=( --with-mbedtls )
+		fi
+		if use openssl; then
+			multilib_is_native_abi && einfo "SSL provided by openssl"
+			myconf+=( --with-ssl --with-ca-path="${EPREFIX}"/etc/ssl/certs )
+		fi
+		if use rustls; then
+			multilib_is_native_abi && einfo "SSL provided by rustls"
+			myconf+=( --with-rustls )
+		fi
+		if use curl_ssl_gnutls; then
+			multilib_is_native_abi && einfo "Default SSL provided by gnutls"
+			myconf+=( --with-default-ssl-backend=gnutls )
+		elif use curl_ssl_mbedtls; then
+			multilib_is_native_abi && einfo "Default SSL provided by mbedtls"
+			myconf+=( --with-default-ssl-backend=mbedtls )
+		elif use curl_ssl_openssl; then
+			multilib_is_native_abi && einfo "Default SSL provided by openssl"
+			myconf+=( --with-default-ssl-backend=openssl )
+		elif use curl_ssl_rustls; then
+			multilib_is_native_abi && einfo "Default SSL provided by rustls"
+			myconf+=( --with-default-ssl-backend=rustls )
+		else
+			eerror "We can't be here because of REQUIRED_USE."
+			die "Please file a bug, hit impossible condition w/ USE=ssl handling."
+		fi
+
+	else
+		myconf+=( --without-ssl )
+		einfo "SSL disabled"
+	fi
+
+	# These configuration options are organized alphabetically
+	# within each category.  This should make it easier if we
+	# ever decide to make any of them contingent on USE flags:
+	# 1) protocols first.  To see them all do
+	# 'grep SUPPORT_PROTOCOLS configure.ac'
+	# 2) --enable/disable options second.
+	# 'grep -- --enable configure | grep Check | awk '{ print $4 }' | sort
+	# 3) --with/without options third.
+	# grep -- --with configure | grep Check | awk '{ print $4 }' | sort
+
+	myconf+=(
+		$(use_enable alt-svc)
+		--enable-basic-auth
+		--enable-bearer-auth
+		--enable-digest-auth
+		--enable-kerberos-auth
+		--enable-negotiate-auth
+		--enable-aws
+		--enable-dict
+		--disable-ech
+		--enable-file
+		$(use_enable ftp)
+		$(use_enable gopher)
+		$(use_enable hsts)
+		--enable-http
+		$(use_enable imap)
+		$(use_enable ldap)
+		$(use_enable ldap ldaps)
+		--enable-ntlm
+		$(use_enable pop3)
+		--enable-rt
+		--enable-rtsp
+		$(use_enable samba smb)
+		$(use_with ssh libssh2)
+		$(use_enable smtp)
+		$(use_enable telnet)
+		$(use_enable tftp)
+		--enable-tls-srp
+		$(use_enable adns ares)
+		--enable-cookies
+		--enable-dateparse
+		--enable-dnsshuffle
+		--enable-doh
+		--enable-symbol-hiding
+		--enable-http-auth
+		--enable-ipv6
+		--enable-largefile
+		--enable-manual
+		--enable-mime
+		--enable-netrc
+		$(use_enable progress-meter)
+		--enable-proxy
+		--enable-socketpair
+		--disable-sspi
+		$(use_enable static-libs static)
+		--disable-versioned-symbols
+		--without-amissl
+		--without-bearssl
+		$(use_with brotli)
+		--with-fish-functions-dir="${EPREFIX}"/usr/share/fish/vendor_completions.d
+		$(use_with http2 nghttp2)
+		$(use_with idn libidn2)
+		$(use_with kerberos gssapi "${EPREFIX}"/usr)
+		--without-libgsasl
+		$(use_with psl libpsl)
+		--without-msh3
+		$(use_with http3 nghttp3)
+		$(use_with curl_quic_ngtcp2 ngtcp2)
+		$(use_with curl_quic_openssl openssl-quic)
+		--without-quiche
+		$(use_with rtmp librtmp)
+		--without-schannel
+		--without-secure-transport
+		--without-test-caddy
+		--without-test-httpd
+		--without-test-nghttpx
+		$(use_enable websockets)
+		--without-winidn
+		--without-wolfssl
+		--with-zlib
+		$(use_with zstd)
+		--with-zsh-functions-dir="${EPREFIX}"/usr/share/zsh/site-functions
+	)
+
+	if use debug; then
+		myconf+=(
+			--enable-debug
+		)
+	fi
+
+	if use test && multilib_is_native_abi && ( use http2 || use http3 ); then
+		myconf+=(
+			--with-test-nghttpx="${BROOT}/usr/bin/nghttpx"
+		)
+	fi
+
+	# Since 8.12.0 adns/c-ares and the threaded resolver are mutually exclusive
+	# This is in support of some work to enable `httpsrr` to use adns and the rest
+	# of curl to use the threaded resolver; we'll just make `httpsrr` conditional on adns
+	# when the time comes.
+	if use adns; then
+		myconf+=(
+			--disable-threaded-resolver
+		)
+	else
+		myconf+=(
+			--enable-threaded-resolver
+		)
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+	if ! multilib_is_native_abi; then
+		# Avoid building the client (we just want libcurl for multilib)
+		sed -i -e '/SUBDIRS/s:src::' Makefile || die
+		sed -i -e '/SUBDIRS/s:scripts::' Makefile || die
+	fi
+
+}
+
+multilib_src_compile() {
+	default
+
+	if multilib_is_native_abi; then
+		# Shell completions
+		! tc-is-cross-compiler && emake -C scripts
+	fi
+}
+
+# There is also a pytest harness that tests for bugs in some very specific
+# situations; we can rely on upstream for this rather than adding additional test deps.
+multilib_src_test() {
+	# See https://github.com/curl/curl/blob/master/tests/runtests.pl#L5721
+	# -n: no valgrind (unreliable in sandbox and doesn't work correctly on all arches)
+	# -v: verbose
+	# -a: keep going on failure (so we see everything that breaks, not just 1st test)
+	# -k: keep test files after completion
+	# -am: automake style TAP output
+	# -p: print logs if test fails
+	# Note: if needed, we can skip specific tests. See e.g. Fedora's packaging
+	# or just read https://github.com/curl/curl/tree/master/tests#run.
+	# Note: we don't run the testsuite for cross-compilation.
+	# Upstream recommend 7*nproc as a starting point for parallel tests, but
+	# this ends up breaking when nproc is huge (like -j80).
+	# The network sandbox causes tests 241 and 1083 to fail; these are typically skipped
+	# as most gentoo users don't have an 'ip6-localhost'
+	multilib_is_native_abi && emake test TFLAGS="-n -v -a -k -am -p -j$((2*$(makeopts_jobs))) !241 !1083"
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+
+	if multilib_is_native_abi; then
+		# Shell completions
+		! tc-is-cross-compiler && emake -C scripts DESTDIR="${D}" install
+	fi
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	find "${ED}" -type f -name '*.la' -delete || die
+	rm -rf "${ED}"/etc/ || die
+}
+
+pkg_postinst() {
+	if use debug; then
+		ewarn "USE=debug has been selected, enabling debug codepaths and making cURL extra verbose."
+		ewarn "Use this _only_ for testing. Debug builds should _not_ be used in anger."
+		ewarn "hic sunt dracones; you have been warned."
+	fi
+}
diff --git a/net-misc/curl/files/curl-8.12.0-multi.patch b/net-misc/curl/files/curl-8.12.0-multi.patch
new file mode 100644
index 000000000000..b9405af8da5b
--- /dev/null
+++ b/net-misc/curl/files/curl-8.12.0-multi.patch
@@ -0,0 +1,136 @@
+https://github.com/curl/curl/issues/16236#issuecomment-2645385845
+https://github.com/curl/curl/commit/242a1439e7d8cdb72ae6a2fa2e705e2d9a2b7501
+
+
+--- a/lib/setopt.c
++++ b/lib/setopt.c
+@@ -1584,10 +1584,6 @@ static CURLcode setopt_pointers(struct Curl_easy *data, CURLoption option,
+       if(data->share->hsts == data->hsts)
+         data->hsts = NULL;
+ #endif
+-#ifdef USE_SSL
+-      if(data->share->ssl_scache == data->state.ssl_scache)
+-        data->state.ssl_scache = data->multi ? data->multi->ssl_scache : NULL;
+-#endif
+ #ifdef USE_LIBPSL
+       if(data->psl == &data->share->psl)
+         data->psl = data->multi ? &data->multi->psl : NULL;
+@@ -1628,10 +1624,6 @@ static CURLcode setopt_pointers(struct Curl_easy *data, CURLoption option,
+         data->hsts = data->share->hsts;
+       }
+ #endif
+-#ifdef USE_SSL
+-      if(data->share->ssl_scache)
+-        data->state.ssl_scache = data->share->ssl_scache;
+-#endif
+ #ifdef USE_LIBPSL
+       if(data->share->specifier & (1 << CURL_LOCK_DATA_PSL))
+         data->psl = &data->share->psl;
+--- a/lib/transfer.c
++++ b/lib/transfer.c
+@@ -567,12 +567,6 @@ CURLcode Curl_pretransfer(struct Curl_easy *data)
+ #endif
+   data->state.httpreq = data->set.method;
+ 
+-#ifdef USE_SSL
+-  if(!data->state.ssl_scache)
+-    /* There was no ssl session cache set via a share, use the multi one */
+-    data->state.ssl_scache = data->multi->ssl_scache;
+-#endif
+-
+   data->state.requests = 0;
+   data->state.followlocation = 0; /* reset the location-follow counter */
+   data->state.this_is_a_follow = FALSE; /* reset this */
+--- a/lib/urldata.h
++++ b/lib/urldata.h
+@@ -1199,7 +1199,6 @@ struct UrlState {
+   curl_prot_t first_remote_protocol;
+ 
+   int retrycount; /* number of retries on a new connection */
+-  struct Curl_ssl_scache *ssl_scache; /* TLS session pool */
+   int os_errno;  /* filled in with errno whenever an error occurs */
+   long followlocation; /* redirect counter */
+   int requests; /* request counter: redirects + authentication retakes */
+--- a/lib/vtls/vtls_scache.c
++++ b/lib/vtls/vtls_scache.c
+@@ -82,6 +82,17 @@ struct Curl_ssl_scache {
+   long age;
+ };
+ 
++static struct Curl_ssl_scache *cf_ssl_scache_get(struct Curl_easy *data)
++{
++  struct Curl_ssl_scache *scache = NULL;
++  /* If a share is present, its ssl_scache has preference over the multi */
++  if(data->share && data->share->ssl_scache)
++    scache = data->share->ssl_scache;
++  else if(data->multi && data->multi->ssl_scache)
++    scache = data->multi->ssl_scache;
++  return scache;
++}
++
+ static void cf_ssl_scache_clear_session(struct Curl_ssl_session *s)
+ {
+   if(s->sdata) {
+@@ -792,7 +803,7 @@ CURLcode Curl_ssl_scache_put(struct Curl_cfilter *cf,
+                              const char *ssl_peer_key,
+                              struct Curl_ssl_session *s)
+ {
+-  struct Curl_ssl_scache *scache = data->state.ssl_scache;
++  struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+   struct ssl_config_data *ssl_config = Curl_ssl_cf_get_config(cf, data);
+   CURLcode result;
+   DEBUGASSERT(ssl_config);
+@@ -826,7 +837,7 @@ CURLcode Curl_ssl_scache_take(struct Curl_cfilter *cf,
+                               const char *ssl_peer_key,
+                               struct Curl_ssl_session **ps)
+ {
+-  struct Curl_ssl_scache *scache = data->state.ssl_scache;
++  struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+   struct Curl_ssl_scache_peer *peer = NULL;
+   struct Curl_llist_node *n;
+@@ -870,7 +881,7 @@ CURLcode Curl_ssl_scache_add_obj(struct Curl_cfilter *cf,
+                                  void *sobj,
+                                  Curl_ssl_scache_obj_dtor *sobj_free)
+ {
+-  struct Curl_ssl_scache *scache = data->state.ssl_scache;
++  struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+   struct Curl_ssl_scache_peer *peer = NULL;
+   CURLcode result;
+@@ -898,7 +909,7 @@ bool Curl_ssl_scache_get_obj(struct Curl_cfilter *cf,
+                              const char *ssl_peer_key,
+                              void **sobj)
+ {
+-  struct Curl_ssl_scache *scache = data->state.ssl_scache;
++  struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+   struct Curl_ssl_scache_peer *peer = NULL;
+   CURLcode result;
+@@ -924,7 +935,7 @@ void Curl_ssl_scache_remove_all(struct Curl_cfilter *cf,
+                                 struct Curl_easy *data,
+                                 const char *ssl_peer_key)
+ {
+-  struct Curl_ssl_scache *scache = data->state.ssl_scache;
++  struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+   struct ssl_primary_config *conn_config = Curl_ssl_cf_get_primary_config(cf);
+   struct Curl_ssl_scache_peer *peer = NULL;
+   CURLcode result;
+@@ -1021,7 +1032,7 @@ CURLcode Curl_ssl_session_import(struct Curl_easy *data,
+                                  const unsigned char *shmac, size_t shmac_len,
+                                  const unsigned char *sdata, size_t sdata_len)
+ {
+-  struct Curl_ssl_scache *scache = data->state.ssl_scache;
++  struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+   struct Curl_ssl_scache_peer *peer = NULL;
+   struct Curl_ssl_session *s = NULL;
+   bool locked = FALSE;
+@@ -1092,7 +1103,7 @@ CURLcode Curl_ssl_session_export(struct Curl_easy *data,
+                                  curl_ssls_export_cb *export_fn,
+                                  void *userptr)
+ {
+-  struct Curl_ssl_scache *scache = data->state.ssl_scache;
++  struct Curl_ssl_scache *scache = cf_ssl_scache_get(data);
+   struct Curl_ssl_scache_peer *peer;
+   struct dynbuf sbuf, hbuf;
+   struct Curl_llist_node *n;
author	V3n3RiX <venerix@koprulu.sector>	2025-02-09 00:12:01 +0000
committer	V3n3RiX <venerix@koprulu.sector>	2025-02-09 00:12:01 +0000
commit	b95a6fd4a7b591baa7cfc689f8ce5643592d07be (patch)
tree	6a7c4722b40bdb6c409879ce253d8b42817fec14 /net-misc/curl
parent	8b3c41ecef8a1cdd270ce3aabcfdfb991839699c (diff)