Merge pull request #701 from swt2c/secure_transport

Add support for SecureTransport SSL backend
author: Oleg Pudeyev <p@users.noreply.github.com> 2022-01-11 14:21:28 -0500
committer: GitHub <noreply@github.com> 2022-01-11 14:21:28 -0500
commit: 997935f48e6bdd59e585726a8bfa57f337d858ed (patch)
tree: f51f7d14fc7ed7dadb8f83c05d7bccd93ce7e495
parent: 121169921ded16579ea282c666ea668e5f708219 (diff)
parent: 3adfed3d2ce2a2ed6ee1f64f2457fac3aec86c91 (diff)
download: pycurl-997935f48e6bdd59e585726a8bfa57f337d858ed.tar.gz
7 files changed, 37 insertions, 11 deletions
diff --git a/INSTALL.rst b/INSTALL.rst
index ffc8030..89b868e 100644
--- a/INSTALL.rst
+++ b/INSTALL.rst
@@ -53,7 +53,7 @@ It will then fail at runtime as follows::
 
 To fix this, you need to tell ``setup.py`` what SSL backend is used::
 
-    python setup.py --with-[openssl|gnutls|nss|mbedtls|wolfssl] install
+    python setup.py --with-[openssl|gnutls|nss|mbedtls|wolfssl|sectransp] install
 
 Note: as of PycURL 7.21.5, setup.py accepts ``--with-openssl`` option to
 indicate that libcurl is built against OpenSSL/LibreSSL/BoringSSL.
@@ -86,7 +86,7 @@ environment variable::
 The same applies to the SSL backend, if you need to specify it (see the SSL
 note above)::
 
-    export PYCURL_SSL_LIBRARY=[openssl|gnutls|nss|mbedtls]
+    export PYCURL_SSL_LIBRARY=[openssl|gnutls|nss|mbedtls|sectransp]
     easy_install pycurl
 
 
diff --git a/setup.py b/setup.py
index 08fe1fb..e0083e3 100644
--- a/setup.py
+++ b/setup.py
@@ -145,6 +145,7 @@ class ExtensionConfiguration(object):
             '--with-gnutls': self.using_gnutls,
             '--with-nss': self.using_nss,
             '--with-mbedtls': self.using_mbedtls,
+            '--with-sectransp': self.using_sectransp,
         }
 
     def detect_ssl_option(self):
@@ -162,7 +163,7 @@ class ExtensionConfiguration(object):
 
         if 'PYCURL_SSL_LIBRARY' in os.environ:
             ssl_lib = os.environ['PYCURL_SSL_LIBRARY']
-            if ssl_lib in ['openssl', 'wolfssl', 'gnutls', 'nss', 'mbedtls']:
+            if ssl_lib in ['openssl', 'wolfssl', 'gnutls', 'nss', 'mbedtls', 'sectransp']:
                 ssl_lib_detected = ssl_lib
                 getattr(self, 'using_%s' % ssl_lib)()
             else:
@@ -326,8 +327,9 @@ class ExtensionConfiguration(object):
                 sys.stderr.write('''\
 Warning: libcurl is configured to use SSL, but we have not been able to \
 determine which SSL backend it is using. If your Curl is built against \
-OpenSSL, LibreSSL, BoringSSL, GnuTLS, NSS or mbedTLS please specify the SSL backend \
-manually. For other SSL backends please ignore this message.''')
+OpenSSL, LibreSSL, BoringSSL, GnuTLS, NSS, mbedTLS, or Secure Transport \
+please specify the SSL backend manually. For other SSL backends please \
+ignore this message.''')
         else:
             if self.detect_ssl_option():
                 sys.stderr.write("Warning: SSL backend specified manually but libcurl does not use SSL\n")
@@ -371,6 +373,9 @@ manually. For other SSL backends please ignore this message.''')
         elif ssl_version.startswith('mbedTLS/'):
             self.using_mbedtls()
             ssl_lib_detected = 'mbedtls'
+        elif ssl_version.startswith('SecureTransport'):
+            self.using_sectransp()
+            ssl_lib_detected = 'sectransp'
         return ssl_lib_detected
 
     def detect_ssl_lib_on_centos6_plus(self):
@@ -572,6 +577,11 @@ manually. For other SSL backends please ignore this message.''')
         self.define_macros.append(('HAVE_CURL_SSL', 1))
         self.ssl_lib_detected = 'mbedtls'
 
+    def using_sectransp(self):
+        self.define_macros.append(('HAVE_CURL_SECTRANSP', 1))
+        self.define_macros.append(('HAVE_CURL_SSL', 1))
+        self.ssl_lib_detected = 'sectransp'
+
 def get_bdist_msi_version_hack():
     # workaround for distutils/msi version requirement per
     # epydoc.sourceforge.net/stdlib/distutils.version.StrictVersion-class.html -
@@ -627,6 +637,7 @@ PRETTY_SSL_LIBS = {
     'gnutls': 'GnuTLS',
     'nss': 'NSS',
     'mbedtls': 'mbedTLS',
+    'sectransp': 'Secure Transport',
 }
 
 def get_extension(argv, split_extension_source=False):
@@ -954,6 +965,7 @@ PycURL Unix options:
  --with-nss                          libcurl is linked against NSS
  --with-mbedtls                      libcurl is linked against mbedTLS
  --with-wolfssl                      libcurl is linked against wolfSSL
+ --with-sectransp                    libcurl is linked against Secure Transport
 '''
 
 windows_help = '''\
diff --git a/src/module.c b/src/module.c
index 2331168..cfc257a 100644
--- a/src/module.c
+++ b/src/module.c
@@ -374,6 +374,7 @@ initpycurl(void)
                 case CURLSSLBACKEND_NSS:
                 case CURLSSLBACKEND_WOLFSSL:
                 case CURLSSLBACKEND_MBEDTLS:
+                case CURLSSLBACKEND_SECURETRANSPORT:
                     runtime_supported_backend_found = 1;
                     break;
                 default:
@@ -404,6 +405,8 @@ initpycurl(void)
         runtime_ssl_lib = "nss";
     } else if (!strncmp(vi->ssl_version, "mbedTLS/", 8)) {
         runtime_ssl_lib = "mbedtls";
+    } else if (!strncmp(vi->ssl_version, "Secure Transport", 16)) {
+        runtime_ssl_lib = "secure-transport";
     } else {
         runtime_ssl_lib = "none/other";
     }
diff --git a/src/pycurl.h b/src/pycurl.h
index 31d1eac..42c7d57 100644
--- a/src/pycurl.h
+++ b/src/pycurl.h
@@ -220,6 +220,9 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
 #   define PYCURL_NEED_MBEDTLS_TSL
 #   define COMPILE_SSL_LIB "mbedtls"
 #   define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 1
+# elif defined(HAVE_CURL_SECTRANSP)
+#   define COMPILE_SSL_LIB "secure-transport"
+#   define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 1
 # else
 #  ifdef _MSC_VER
     /* sigh */
@@ -237,7 +240,7 @@ pycurl_inet_ntop (int family, void *addr, char *string, size_t string_size);
     * no reason to require users match those */
 #  define COMPILE_SSL_LIB "none/other"
 #  define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 0
-# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_WOLFSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS */
+# endif /* HAVE_CURL_OPENSSL || HAVE_CURL_WOLFSSL || HAVE_CURL_GNUTLS || HAVE_CURL_NSS || HAVE_CURL_MBEDTLS || HAVE_CURL_SECTRANSP */
 #else
 # define COMPILE_SSL_LIB "none/other"
 # define COMPILE_SUPPORTED_SSL_BACKEND_FOUND 0
diff --git a/tests/fake-curl/libcurl/Makefile b/tests/fake-curl/libcurl/Makefile
index 57943e9..b5d0816 100644
--- a/tests/fake-curl/libcurl/Makefile
+++ b/tests/fake-curl/libcurl/Makefile
@@ -13,10 +13,16 @@ clean:
 
 CC = `curl-config --cc`
 CFLAGS += `curl-config --cflags`
+UNAME := $(shell uname -s)
+ifeq ($(UNAME),Darwin)
+	SONAME_FLAG = -install_name
+else
+	SONAME_FLAG = -soname
+endif
 
 .c.so:
 	$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fPIC \
-		-Wl,-soname,$@ -o $@ $<
+		-Wl,$(SONAME_FLAG),$@ -o $@ $<
 
 show-targets:
 	ls *c |sed -e 's/.c$$/.so/' | awk '{print $$1 " \\"}'
diff --git a/tests/option_constants_test.py b/tests/option_constants_test.py
index b8aab1e..9eda4e3 100644
--- a/tests/option_constants_test.py
+++ b/tests/option_constants_test.py
@@ -241,7 +241,7 @@ class OptionConstantsTest(unittest.TestCase):
         curl.close()
 
     @util.min_libcurl(7, 42, 0)
-    @util.only_ssl_backends('nss')
+    @util.only_ssl_backends('nss', 'secure-transport')
     def test_ssl_falsestart(self):
         curl = pycurl.Curl()
         curl.setopt(curl.SSL_FALSESTART, 1)
@@ -263,7 +263,7 @@ class OptionConstantsTest(unittest.TestCase):
         curl.setopt(curl.ISSUERCERT, '/bogus-issuercert')
         curl.close()
 
-    @util.only_ssl
+    @util.only_ssl_backends('openssl', 'gnutls', 'nss')
     def test_capath(self):
         curl = pycurl.Curl()
         curl.setopt(curl.CAPATH, '/bogus-capath')
@@ -271,7 +271,7 @@ class OptionConstantsTest(unittest.TestCase):
 
     # CURLOPT_PROXY_CAPATH was introduced in libcurl-7.52.0
     @util.min_libcurl(7, 52, 0)
-    @util.only_ssl
+    @util.only_ssl_backends('openssl', 'gnutls', 'nss')
     def test_proxy_capath(self):
         curl = pycurl.Curl()
         curl.setopt(curl.PROXY_CAPATH, '/bogus-capath')
@@ -331,7 +331,7 @@ class OptionConstantsTest(unittest.TestCase):
         curl.setopt(curl.RANDOM_FILE, '/bogus-random')
         curl.close()
 
-    @util.only_ssl_backends('openssl', 'gnutls')
+    @util.only_ssl_backends('openssl', 'gnutls', 'secure-transport')
     def test_egdsocket(self):
         curl = pycurl.Curl()
         curl.setopt(curl.EGDSOCKET, '/bogus-egdsocket')
diff --git a/tests/util.py b/tests/util.py
index de8b0e7..d9c0b57 100644
--- a/tests/util.py
+++ b/tests/util.py
@@ -175,6 +175,8 @@ def only_ssl_backends(*backends):
                 current_backend = 'gnutls'
             elif 'NSS/' in pycurl.version:
                 current_backend = 'nss'
+            elif 'SecureTransport' in pycurl.version:
+                current_backend = 'secure-transport'
             else:
                 current_backend = 'none'
             if current_backend not in backends:
author	Oleg Pudeyev <p@users.noreply.github.com>	2022-01-11 14:21:28 -0500
committer	GitHub <noreply@github.com>	2022-01-11 14:21:28 -0500
commit	997935f48e6bdd59e585726a8bfa57f337d858ed (patch)
tree	f51f7d14fc7ed7dadb8f83c05d7bccd93ce7e495
parent	121169921ded16579ea282c666ea668e5f708219 (diff)
parent	3adfed3d2ce2a2ed6ee1f64f2457fac3aec86c91 (diff)
download	pycurl-997935f48e6bdd59e585726a8bfa57f337d858ed.tar.gz