Compilation against openssl is forced if `--with-nghttp2` is specified
and `--with-libressl` is omitted, because the default `--with-darwinssl`
(Secure Transport) lacks support for ALPN which is necessary to negotiate
HTTP/2 over TLS encrypted connections.
Also fixed a problem where `--with-libressl` was ignored on Lion.
More info:
* [cURL HTTP/2 Support](http://curl.haxx.se/dev/readme-http2.html)
* [cURL ALPN Support](http://curl.haxx.se/docs/ssl-compared.html)
ClosesHomebrew/homebrew#37979.
ClosesHomebrew/homebrew#36942.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
New ground has been broken. New seeds have been sowed, etc etc. This
makes the necessary changes to LibreSSL and cURL to enable the latter
to be built with the former. This has been supported upstream for the
last 3 months, and cURL officially supports LibreSSL
[now](http://daniel.haxx.se/blog/2014/08/05/libressl-vs-boringssl-for-cu
rl/) and [has done](http://curl.haxx.se/changes.html) since 7.38.0. A
recompile of LibreSSL and cURL is necessary if you wish to adopt this
locally, but the dependents of cURL should not need to be recompiled.
ClosesHomebrew/homebrew#34499.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
Kills ssl2 from OpenSSL. This PR relates to Homebrew/homebrew#31745. Force recompiles
everything that relies on OpenSSL from the master branch to enforce the
new OpenSSL no-ssl2 rule.
curl will opportunistically pick up unrequested librares, despite
superenv filtering. This adds a few extra options for things curl can
find on its own, and explicitly disables anything that's unrequested.
The openssl that ships with OS X does not support TLS 1.1 or 1.2. This
is a security issue for for applications that use functionality from
libssl.
On 10.8 and newer, Apple has deprecated use of openssl and added support
for TLS 1.1 and 1.2 to its Secure Transport framework (or "darwinssl" in
curl). On older versions of OS X, a newer openssl is required to obtain
such functionality.
Thus, we default to using darwinssl where it makes sense. An option to
use Homebrew's openssl is provided. On platforms where Secure Transport
does not support the newer protocols, we simply use Homebrew's openssl.
ClosesHomebrew/homebrew#25824.
