[MacPorts] #69145: curl @8.5.0+darwinssl: Port install reports that variant clashes with gnutls and exits

MacPorts noreply at macports.org
Mon Feb 5 18:16:50 UTC 2024


#69145: curl @8.5.0+darwinssl: Port install reports that variant clashes with
gnutls and exits
---------------------------+------------------------
  Reporter:  FaradayLight  |      Owner:  ryandesign
      Type:  defect        |     Status:  closed
  Priority:  Normal        |  Milestone:
 Component:  ports         |    Version:  2.8.1
Resolution:  invalid       |   Keywords:
      Port:  curl          |
---------------------------+------------------------
Changes (by ryandesign):

 * status:  assigned => closed
 * resolution:   => invalid


Comment:

 Well, I already partly explained, but let me give some more detail about
 why the port is behaving correctly and why any changes to its behavior
 will require work from the curl developers.

 curl has many TLS backends, available through many variants in the port
 (darwinssl, gnutls, mbedtls, ssl (openssl or libressl), and wolfssl), but
 you can only select one of them.

 You can read all about [https://curl.se/docs/http3.html HTTP/3 support in
 curl] on the curl web site. It requires the use of one of four different
 QUIC libraries. Only one of those four implementations—the one that uses
 ngtcp2 and nghttp3—isn't considered experimental anymore so that's what
 the MacPorts curl port's http3 variant uses.

 ngtcp2 requires a TLS library that has QUIC support. The possibilities
 listed on the curl web site are the quictls fork of openssl, gnutls, and
 wolfssl. At present, the ngtcp2 port uses gnutls unconditionally.
 Therefore, the curl port's http3 variant also has to use gnutls
 unconditionally, and thus prevent you from using any other TLS variant. It
 has nothing to do with whether or not the gnutls port is already installed
 when you install the curl port.

 It would be possible to add variants to the ngtcp2 port so that you could
 choose between gnutls or wolfssl (or quictls, if we made a port for that).
 However, then the curl port's http3 variant would have to attempt to match
 the variant that was selected in the ngtcp2 port. MacPorts base doesn't
 have the capability for a port to declare a dependency on a variant of
 another port (see #126) so this is complicated and brittle and not
 something we usually want to do, so it's just as well that ngtcp2 doesn't
 offer this choice.

 darwinssl, mbedtls, and openssl do not have QUIC support so they cannot be
 used by the ngtcp2 library, and thus you cannot select one of these as
 your curl TLS variant if you also want HTTP/3 support.

 darwinssl currently uses the macOS SecureTransport framework. Apple has
 deprecated this framework and will not add new features to it, like TLS
 1.3 or QUIC support. Apple wishes for developers to migrate to the Network
 framework. curl hasn't done that yet. If you want curl to support HTTP/3
 with the darwinssl option, the prerequisite is that curl adds support for
 the Network framework. I didn't see an issue in their issue tracker
 specifically about that, although it has been mentioned in passing in
 other issues over there, for example here where
 [https://github.com/curl/curl/issues/11098#issuecomment-1542173939 the
 lead developer of curl said "I don't see this happening anytime soon"].
 You can file an issue there if being able to use HTTP/3 with darwinssl is
 important to you.

-- 
Ticket URL: <https://trac.macports.org/ticket/69145#comment:13>
MacPorts <https://www.macports.org/>
Ports system for macOS


More information about the macports-tickets mailing list