macOS: Prefer building with system-provided curl (!9500) · Merge requests · CMake / CMake

Brad King requested to merge brad.king/cmake:rel-macos-curl into master May 08, 2024

Our vendored curl only enables the Secure Transport backend by default (CURL_SSL_BACKEND=secure-transport), but it is limited to TLS 1.2.

The macOS SDK provides the curl development components, and the corresponding libcurl.4.dylib runtime library comes with macOS. On macOS 12 and above, the default CURL_SSL_BACKEND=openssl backend seems to be capable of selecting TLS 1.3 at runtime for https connections.

Unfortunately the macOS version of curl, even on macOS 14.4, does not accept CURL_SSLVERSION_TLSv1_3 at runtime to enforce TLS 1.3. However, while our vendored curl accepts the option and passes it to Secure Transport, macOS does not actually enforce it anyway.

Fixes: #25870 (closed)
Fixes: #23701 (closed)
Topic-rename: macos-prefer-system-curl

Edited May 09, 2024 by Brad King

macOS: Prefer building with system-provided curl

Merge request reports