[curl] Curl port is missing multiple features like ZSTD

[MichalPetryka]

Is your feature request related to a problem? Please describe.

Building curl with features available (with curl["brotli","c-ares","http2","non-http","sspi","websockets","c-ares","openssl","ssh","mbedtls","schannel","winidn","winldap"]:x64-windows to be exact) on VCPKG reports those features as unavailable:

• [x] CURL_VERSION_ZSTD
• [ ] CURL_VERSION_GSASL
• [ ] CURL_VERSION_HTTP3
• [x] CURL_VERSION_PSL
• [ ] CURL_VERSION_NTLM_WB (not supported anymore)
• [ ] CURL_VERSION_TLSAUTH_SRP
• [ ] CURL_VERSION_GSSAPI

You can find the descriptions of all the flags here.

Proposed solution

Make building libcurl with provided features possible.

Describe alternatives you've considered

No response

Additional context

No response

[teo-tsirpanis]

Zstd will be enabled with #32533. I took a look at the rest (disclaimer: I might be wrong at some of these):

• CURL_VERSION_GSASL: Needs a port for libgsasl. Also Curl does not seem to have an option to enable it in CMake.
• CURL_VERSION_HTTP3: Curl supports three backends for HTTP/3: quiche, msquic and ngtcp2. They are mutually exclusive which means that we must decide on which to use. Only the latter two backends currently have a port on vcpkg, with msquic being quite outdated.
• CURL_VERSION_PSL: Needs a port of libpsl.
• CURL_VERSION_NTLM_WB: Since NTLM is enabled by default and does not need any additional dependencies, it should be relatively easy to enable.
• CURL_VERSION_TLSAUTH_SRP: Depends on whether OpenSSL supports it. I'm not sure if our vcpkg port does, and I don't know how we can signal it to the CMake build.
• CURL_VERSION_GSSAPI: Needs a port of heimdal or MIT Kerberos. Like HTTP/3, we will have to pick one of the two.

[dg0yt]

• CURL_VERSION_TLSAUTH_SRP: Depends on whether OpenSSL supports it. I'm not sure if our vcpkg port does, and I don't know how we can signal it to the CMake build.

Make srp an openssl feature, and make the curl port feature depend on that openssl port feature. (And make sure this is tested at least once on all supported triplets.)

[MichalPetryka]

• CURL_VERSION_HTTP3: Curl supports three backends for HTTP/3: quiche, msquic and ngtcp2. They are mutually exclusive which means that we must decide on which to use. Only the latter two backends currently have a port on vcpkg, with msquic being quite outdated.

I've looked at the TLS libraries all that are supported with those and with curl (curl requires to be linked with the same library) and there are basically only 3 real choices:

• QuicTLS - won't get a port as per #17949
• BoringSSL - unstable API & ABI so only static linking makes sense, vcpkg port seems to be really out of date since the project has no versioning
• GnuTLS - LGPL which makes static linking problematic, on Windows it seems to have no option to use system certificate store which can be problematic.

Other options would need modifications to curl, have limited platform support (like Schannel - only Windows 11+), don't seem to be really actively supported (like PicoTLS) or use GPL (WolfSSL).

[talregev]

For http3, I try to compile with ngtcp2, nghttp3 and libgnutls. For windows I am trying with shiftmedia-libgnutls. When I compile with curl, It don't compile with gnutls.h that coming from shiftmedia-libgnutls, and it give me syntax error. clearly I do something wrong. Anybody want to take a look? to help? I feel close on this.

[kotori2]

I'm actually not in favor of using OpenSSL forks because they tends to cause linking errors while there is a great amount of libraries depends on the OG OpenSSL. According to the OpenSSL roadmap, the primitive QUIC support with OpenSSL should already been released in OpenSSL 3.2.0 (Nov 2023). But it seems curl is not working on the OpenSSL QUIC API support right now. The only discussion page I found: https://github.com/curl/curl/discussions/12425

[talregev]

I'm actually not in favor of using OpenSSL forks because they tends to cause linking errors while there is a great amount of libraries depends on the OG OpenSSL. According to the OpenSSL roadmap, the primitive QUIC support with OpenSSL should already been released in OpenSSL 3.2.0 (Nov 2023). But it seems curl is not working on the OpenSSL QUIC API support right now. The only discussion page I found: curl/curl#12425

It not sufficient https://github.com/ngtcp2/ngtcp2/issues/990#issuecomment-1782838798

quicktls have plan to build their own lib above openssl: https://github.com/quictls/openssl/discussions/124

[talregev]

Please remove the CURL_VERSION_NTLM_WB. curl will remove this support soon: https://curl.se/dev/deprecate.html

[talregev]

Added psl feature: https://github.com/microsoft/vcpkg/pull/38345

[talregev]

CURL_VERSION_GSSAPI added for linux: https://github.com/microsoft/vcpkg/pull/38402

Feel free to improve krb5 to support more os.

[talregev]

I can do a PR for CURL_VERSION_GSASL. only for linux. But I don't see curl ubuntu ship with that. Any idea?

Will you interesting only in linux?

[talregev]

@MichalPetryka please mark it finished CURL_VERSION_GSSAPI. This feature is for unix, and krb5 is now compile in linux and osx. https://github.com/microsoft/vcpkg/pull/38943

[talregev]

CURL_VERSION_TLSAUTH_SRP it already happen automatic, it check that openssl or gnussl have this feature. I confirm that in vcpkg curl with openssl detect this feature and compile it when you use openssl. So please mark that feature too.

> ./curl --version
curl 8.8.0-DEV (Linux) libcurl/8.8.0-DEV OpenSSL/3.3.0 zlib/1.3.1
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Largefile libz NTLM SSL threadsafe TLS-SRP UnixSockets

Please note on the TLS-SRP.