[MacPorts] #69145: curl @8.5.0+darwinssl: Port install reports that variant clashes with gnutls and exits
MacPorts
noreply at macports.org
Mon Feb 5 18:16:50 UTC 2024
#69145: curl @8.5.0+darwinssl: Port install reports that variant clashes with
gnutls and exits
---------------------------+------------------------
Reporter: FaradayLight | Owner: ryandesign
Type: defect | Status: closed
Priority: Normal | Milestone:
Component: ports | Version: 2.8.1
Resolution: invalid | Keywords:
Port: curl |
---------------------------+------------------------
Changes (by ryandesign):
* status: assigned => closed
* resolution: => invalid
Comment:
Well, I already partly explained, but let me give some more detail about
why the port is behaving correctly and why any changes to its behavior
will require work from the curl developers.
curl has many TLS backends, available through many variants in the port
(darwinssl, gnutls, mbedtls, ssl (openssl or libressl), and wolfssl), but
you can only select one of them.
You can read all about [https://curl.se/docs/http3.html HTTP/3 support in
curl] on the curl web site. It requires the use of one of four different
QUIC libraries. Only one of those four implementations—the one that uses
ngtcp2 and nghttp3—isn't considered experimental anymore so that's what
the MacPorts curl port's http3 variant uses.
ngtcp2 requires a TLS library that has QUIC support. The possibilities
listed on the curl web site are the quictls fork of openssl, gnutls, and
wolfssl. At present, the ngtcp2 port uses gnutls unconditionally.
Therefore, the curl port's http3 variant also has to use gnutls
unconditionally, and thus prevent you from using any other TLS variant. It
has nothing to do with whether or not the gnutls port is already installed
when you install the curl port.
It would be possible to add variants to the ngtcp2 port so that you could
choose between gnutls or wolfssl (or quictls, if we made a port for that).
However, then the curl port's http3 variant would have to attempt to match
the variant that was selected in the ngtcp2 port. MacPorts base doesn't
have the capability for a port to declare a dependency on a variant of
another port (see #126) so this is complicated and brittle and not
something we usually want to do, so it's just as well that ngtcp2 doesn't
offer this choice.
darwinssl, mbedtls, and openssl do not have QUIC support so they cannot be
used by the ngtcp2 library, and thus you cannot select one of these as
your curl TLS variant if you also want HTTP/3 support.
darwinssl currently uses the macOS SecureTransport framework. Apple has
deprecated this framework and will not add new features to it, like TLS
1.3 or QUIC support. Apple wishes for developers to migrate to the Network
framework. curl hasn't done that yet. If you want curl to support HTTP/3
with the darwinssl option, the prerequisite is that curl adds support for
the Network framework. I didn't see an issue in their issue tracker
specifically about that, although it has been mentioned in passing in
other issues over there, for example here where
[https://github.com/curl/curl/issues/11098#issuecomment-1542173939 the
lead developer of curl said "I don't see this happening anytime soon"].
You can file an issue there if being able to use HTTP/3 with darwinssl is
important to you.
--
Ticket URL: <https://trac.macports.org/ticket/69145#comment:13>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list