cmake: standardize HTTPS backend definitions

There were a few oddities around HTTPS provider selection: namely,
`GIT_OPENSSL_DYNAMIC` implied `GIT_OPENSSL`, which made a bit of sense,
until we added FIPS support. In addition, dynamic OpenSSL for _hashes_
and dynamic OpenSSL for HTTPS was conflated in a few places.

Untangle these, and make `GIT_HTTPS_*` the define, for consistency with
other feature provider selection.

cmake/SelectHTTPSBackend.cmake

@@ -48,7 +48,7 @@ if(USE_HTTPS)
 			message(FATAL_ERROR "Cannot use SecureTransport backend, SSLCreateContext not supported")
 		endif()
 
-		set(GIT_SECURE_TRANSPORT 1)
+		set(GIT_HTTPS_SECURETRANSPORT 1)
 		list(APPEND LIBGIT2_SYSTEM_INCLUDES ${SECURITY_INCLUDE_DIR})
 		list(APPEND LIBGIT2_SYSTEM_LIBS ${COREFOUNDATION_LDFLAGS} ${SECURITY_LDFLAGS})
 		list(APPEND LIBGIT2_PC_LIBS ${COREFOUNDATION_LDFLAGS} ${SECURITY_LDFLAGS})
@@ -57,7 +57,7 @@ if(USE_HTTPS)
 			message(FATAL_ERROR "Asked for OpenSSL TLS backend, but it wasn't found")
 		endif()
 
-		set(GIT_OPENSSL 1)
+		set(GIT_HTTPS_OPENSSL 1)
 		list(APPEND LIBGIT2_SYSTEM_INCLUDES ${OPENSSL_INCLUDE_DIR})
 		list(APPEND LIBGIT2_SYSTEM_LIBS ${OPENSSL_LIBRARIES})
 		# Static OpenSSL (lib crypto.a) requires libdl, include it explicitly
@@ -102,13 +102,12 @@ if(USE_HTTPS)
 
 		if(CERT_LOCATION)
 			if(NOT EXISTS ${CERT_LOCATION})
-				message(FATAL_ERROR "Cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist")
+				message(FATAL_ERROR "cannot use CERT_LOCATION=${CERT_LOCATION} as it doesn't exist")
 			endif()
-			add_feature_info(CERT_LOCATION ON "using certificates from ${CERT_LOCATION}")
 			add_definitions(-DGIT_DEFAULT_CERT_LOCATION="${CERT_LOCATION}")
 		endif()
 
-		set(GIT_MBEDTLS 1)
+		set(GIT_HTTPS_MBEDTLS 1)
 		list(APPEND LIBGIT2_SYSTEM_INCLUDES ${MBEDTLS_INCLUDE_DIR})
 		list(APPEND LIBGIT2_SYSTEM_LIBS ${MBEDTLS_LIBRARIES})
 		# mbedTLS has no pkgconfig file, hence we can't require it
@@ -116,12 +115,12 @@ if(USE_HTTPS)
 		# For now, pass its link flags as our own
 		list(APPEND LIBGIT2_PC_LIBS ${MBEDTLS_LIBRARIES})
 	elseif(USE_HTTPS STREQUAL "Schannel")
-		set(GIT_SCHANNEL 1)
+		set(GIT_HTTPS_SCHANNEL 1)
 
 		list(APPEND LIBGIT2_SYSTEM_LIBS "rpcrt4" "crypt32" "ole32")
 		list(APPEND LIBGIT2_PC_LIBS "-lrpcrt4" "-lcrypt32" "-lole32")
 	elseif(USE_HTTPS STREQUAL "WinHTTP")
-		set(GIT_WINHTTP 1)
+		set(GIT_HTTPS_WINHTTP 1)
 
 		# Since MinGW does not come with headers or an import library for winhttp,
 		# we have to include a private header and generate our own import library
@@ -137,16 +136,20 @@ if(USE_HTTPS)
 		list(APPEND LIBGIT2_SYSTEM_LIBS "rpcrt4" "crypt32" "ole32")
 		list(APPEND LIBGIT2_PC_LIBS "-lrpcrt4" "-lcrypt32" "-lole32")
 	elseif(USE_HTTPS STREQUAL "OpenSSL-Dynamic")
-		set(GIT_OPENSSL 1)
-		set(GIT_OPENSSL_DYNAMIC 1)
+		set(GIT_HTTPS_OPENSSL_DYNAMIC 1)
 		list(APPEND LIBGIT2_SYSTEM_LIBS dl)
 	else()
 		message(FATAL_ERROR "unknown HTTPS backend: ${USE_HTTPS}")
 	endif()
 
 	set(GIT_HTTPS 1)
-	add_feature_info(HTTPS GIT_HTTPS "using ${USE_HTTPS}")
+
+	if(USE_HTTPS STREQUAL "mbedTLS" AND CERT_LOCATION)
+		add_feature_info("HTTPS" GIT_HTTPS "using ${USE_HTTPS} (certificate location: ${CERT_LOCATION})")
+	else()
+		add_feature_info("HTTPS" GIT_HTTPS "using ${USE_HTTPS}")
+	endif()
 else()
 	set(GIT_HTTPS 0)
-	add_feature_info(HTTPS NO "HTTPS support is disabled")
+	add_feature_info("HTTPS" NO "HTTPS support is disabled")
 endif()

cmake/SelectHashes.cmake

@@ -34,7 +34,6 @@ elseif(USE_SHA1 STREQUAL "OpenSSL")
 elseif(USE_SHA1 STREQUAL "OpenSSL-FIPS")
 	set(GIT_SHA1_OPENSSL_FIPS 1)
 elseif(USE_SHA1 STREQUAL "OpenSSL-Dynamic")
-	set(GIT_SHA1_OPENSSL 1)
 	set(GIT_SHA1_OPENSSL_DYNAMIC 1)
 	list(APPEND LIBGIT2_SYSTEM_LIBS dl)
 elseif(USE_SHA1 STREQUAL "CommonCrypto")
@@ -80,7 +79,6 @@ elseif(USE_SHA256 STREQUAL "OpenSSL")
 elseif(USE_SHA256 STREQUAL "OpenSSL-FIPS")
 	set(GIT_SHA256_OPENSSL_FIPS 1)
 elseif(USE_SHA256 STREQUAL "OpenSSL-Dynamic")
-	set(GIT_SHA256_OPENSSL 1)
 	set(GIT_SHA256_OPENSSL_DYNAMIC 1)
 	list(APPEND LIBGIT2_SYSTEM_LIBS dl)
 elseif(USE_SHA256 STREQUAL "CommonCrypto")

src/libgit2/libgit2.c

@@ -126,17 +126,17 @@ const char *git_libgit2_feature_backend(git_feature_t feature)
 		break;
 
 	case GIT_FEATURE_HTTPS:
-#if defined(GIT_HTTPS) && defined(GIT_OPENSSL)
+#if defined(GIT_HTTPS_OPENSSL)
 		return "openssl";
-#elif defined(GIT_HTTPS) && defined(GIT_OPENSSL_DYNAMIC)
+#elif defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 		return "openssl-dynamic";
-#elif defined(GIT_HTTPS) && defined(GIT_MBEDTLS)
+#elif defined(GIT_HTTPS_MBEDTLS)
 		return "mbedtls";
-#elif defined(GIT_HTTPS) && defined(GIT_SECURE_TRANSPORT)
+#elif defined(GIT_HTTPS_SECURETRANSPORT)
 		return "securetransport";
-#elif defined(GIT_HTTPS) && defined(GIT_SCHANNEL)
+#elif defined(GIT_HTTPS_SCHANNEL)
 		return "schannel";
-#elif defined(GIT_HTTPS) && defined(GIT_WINHTTP)
+#elif defined(GIT_HTTPS_WINHTTP)
 		return "winhttp";
 #elif defined(GIT_HTTPS)
 		GIT_ASSERT_WITH_RETVAL(!"Unknown HTTPS backend", NULL);

src/libgit2/settings.c

@@ -204,13 +204,13 @@ int git_libgit2_opts(int key, ...)
 		break;
 
 	case GIT_OPT_SET_SSL_CERT_LOCATIONS:
-#ifdef GIT_OPENSSL
+#if defined(GIT_HTTPS_OPENSSL) || defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 		{
 			const char *file = va_arg(ap, const char *);
 			const char *path = va_arg(ap, const char *);
 			error = git_openssl__set_cert_location(file, path);
 		}
-#elif defined(GIT_MBEDTLS)
+#elif defined(GIT_HTTPS_MBEDTLS)
 		{
 			const char *file = va_arg(ap, const char *);
 			const char *path = va_arg(ap, const char *);
@@ -223,7 +223,7 @@ int git_libgit2_opts(int key, ...)
 		break;
 
 	case GIT_OPT_ADD_SSL_X509_CERT:
-#ifdef GIT_OPENSSL
+#if defined(GIT_HTTPS_OPENSSL) || defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 		{
 			X509 *cert = va_arg(ap, X509 *);
 			error = git_openssl__add_x509_cert(cert);
@@ -303,7 +303,9 @@ int git_libgit2_opts(int key, ...)
 		break;
 
 	case GIT_OPT_SET_SSL_CIPHERS:
-#if (GIT_OPENSSL || GIT_MBEDTLS)
+#if defined(GIT_HTTPS_OPENSSL) || \
+    defined(GIT_HTTPS_OPENSSL_DYNAMIC) || \
+    defined(GIT_HTTPS_MBEDTLS)
 		{
 			git__free(git__ssl_ciphers);
 			git__ssl_ciphers = git__strdup(va_arg(ap, const char *));

src/libgit2/streams/mbedtls.c

@@ -7,7 +7,7 @@
 
 #include "streams/mbedtls.h"
 
-#ifdef GIT_MBEDTLS
+#ifdef GIT_HTTPS_MBEDTLS
 
 #include <ctype.h>
 

src/libgit2/streams/mbedtls.h

@@ -13,7 +13,7 @@
 
 extern int git_mbedtls_stream_global_init(void);
 
-#ifdef GIT_MBEDTLS
+#ifdef GIT_HTTPS_MBEDTLS
 extern int git_mbedtls__set_cert_location(const char *file, const char *path);
 
 extern int git_mbedtls_stream_new(git_stream **out, const char *host, const char *port);

src/libgit2/streams/openssl.c

@@ -9,7 +9,7 @@
 #include "streams/openssl_legacy.h"
 #include "streams/openssl_dynamic.h"
 
-#ifdef GIT_OPENSSL
+#if defined(GIT_HTTPS_OPENSSL) || defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 
 #include <ctype.h>
 
@@ -29,7 +29,7 @@
 # include <netinet/in.h>
 #endif
 
-#ifndef GIT_OPENSSL_DYNAMIC
+#ifndef GIT_HTTPS_OPENSSL_DYNAMIC
 # include <openssl/ssl.h>
 # include <openssl/err.h>
 # include <openssl/x509v3.h>
@@ -64,7 +64,7 @@ static void shutdown_ssl(void)
 }
 
 #ifdef VALGRIND
-# if !defined(GIT_OPENSSL_LEGACY) && !defined(GIT_OPENSSL_DYNAMIC)
+# if !defined(GIT_HTTPS_OPENSSL_LEGACY) && !defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 
 static void *git_openssl_malloc(size_t bytes, const char *file, int line)
 {
@@ -86,7 +86,7 @@ static void git_openssl_free(void *mem, const char *file, int line)
 	GIT_UNUSED(line);
 	git__free(mem);
 }
-# else /* !GIT_OPENSSL_LEGACY && !GIT_OPENSSL_DYNAMIC */
+# else /* !GIT_HTTPS_OPENSSL_LEGACY && !GIT_HTTPS_OPENSSL_DYNAMIC */
 static void *git_openssl_malloc(size_t bytes)
 {
 	return git__calloc(1, bytes);
@@ -101,7 +101,7 @@ static void git_openssl_free(void *mem)
 {
 	git__free(mem);
 }
-# endif /* !GIT_OPENSSL_LEGACY && !GIT_OPENSSL_DYNAMIC */
+# endif /* !GIT_HTTPS_OPENSSL_LEGACY && !GIT_HTTPS_OPENSSL_DYNAMIC */
 #endif /* VALGRIND */
 
 static int openssl_init(void)
@@ -181,7 +181,7 @@ bool openssl_initialized;
 
 int git_openssl_stream_global_init(void)
 {
-#ifndef GIT_OPENSSL_DYNAMIC
+#ifndef GIT_HTTPS_OPENSSL_DYNAMIC
 	return openssl_init();
 #else
 	if (git_mutex_init(&openssl_mutex) != 0)
@@ -193,7 +193,7 @@ int git_openssl_stream_global_init(void)
 
 static int openssl_ensure_initialized(void)
 {
-#ifdef GIT_OPENSSL_DYNAMIC
+#ifdef GIT_HTTPS_OPENSSL_DYNAMIC
 	int error = 0;
 
 	if (git_mutex_lock(&openssl_mutex) != 0)
@@ -214,7 +214,7 @@ static int openssl_ensure_initialized(void)
 #endif
 }
 
-#if !defined(GIT_OPENSSL_LEGACY) && !defined(GIT_OPENSSL_DYNAMIC)
+#if !defined(GIT_HTTPS_OPENSSL_LEGACY) && !defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 int git_openssl_set_locking(void)
 {
 # ifdef GIT_THREADS

src/libgit2/streams/openssl.h

@@ -15,14 +15,14 @@
 
 extern int git_openssl_stream_global_init(void);
 
-#if defined(GIT_OPENSSL) && !defined(GIT_OPENSSL_DYNAMIC)
+#if defined(GIT_HTTPS_OPENSSL)
 # include <openssl/ssl.h>
 # include <openssl/err.h>
 # include <openssl/x509v3.h>
 # include <openssl/bio.h>
 # endif
 
-#ifdef GIT_OPENSSL
+#if defined(GIT_HTTPS_OPENSSL) || defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 extern int git_openssl__set_cert_location(const char *file, const char *path);
 extern int git_openssl__add_x509_cert(X509 *cert);
 extern int git_openssl__reset_context(void);

src/libgit2/streams/openssl_dynamic.c

@@ -8,7 +8,7 @@
 #include "streams/openssl.h"
 #include "streams/openssl_dynamic.h"
 
-#if defined(GIT_OPENSSL) && defined(GIT_OPENSSL_DYNAMIC)
+#ifdef GIT_HTTPS_OPENSSL_DYNAMIC
 
 #include "runtime.h"
 
@@ -128,7 +128,8 @@ int git_openssl_stream_dynamic_init(void)
 	    (openssl_handle = dlopen("libssl.so.1.0.0", RTLD_NOW)) == NULL &&
 	    (openssl_handle = dlopen("libssl.1.0.0.dylib", RTLD_NOW)) == NULL &&
 	    (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL &&
-	    (openssl_handle = dlopen("libssl.so.3", RTLD_NOW)) == NULL) {
+	    (openssl_handle = dlopen("libssl.so.3", RTLD_NOW)) == NULL &&
+	    (openssl_handle = dlopen("libssl.3.dylib", RTLD_NOW)) == NULL) {
 		git_error_set(GIT_ERROR_SSL, "could not load ssl libraries");
 		return -1;
 	}
@@ -314,4 +315,4 @@ void GENERAL_NAMES_free(GENERAL_NAME *sk)
 		sk_free(sk);
 }
 
-#endif /* GIT_OPENSSL && GIT_OPENSSL_DYNAMIC */
+#endif /* GIT_HTTPS_OPENSSL_DYNAMIC */

src/libgit2/streams/openssl_dynamic.h

@@ -149,7 +149,7 @@
 #ifndef INCLUDE_streams_openssl_dynamic_h__
 #define INCLUDE_streams_openssl_dynamic_h__
 
-#ifdef GIT_OPENSSL_DYNAMIC
+#ifdef GIT_HTTPS_OPENSSL_DYNAMIC
 
 # define BIO_CTRL_FLUSH               11
 
@@ -348,6 +348,6 @@ extern void GENERAL_NAMES_free(GENERAL_NAME *sk);
 
 extern int git_openssl_stream_dynamic_init(void);
 
-#endif /* GIT_OPENSSL_DYNAMIC */
+#endif /* GIT_HTTPS_OPENSSL_DYNAMIC */
 
 #endif

src/libgit2/streams/openssl_legacy.c

@@ -11,14 +11,14 @@
 #include "runtime.h"
 #include "git2/sys/openssl.h"
 
-#if defined(GIT_OPENSSL) && !defined(GIT_OPENSSL_DYNAMIC)
+#if defined(GIT_HTTPS_OPENSSL) && !defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 # include <openssl/ssl.h>
 # include <openssl/err.h>
 # include <openssl/x509v3.h>
 # include <openssl/bio.h>
 #endif
 
-#if defined(GIT_OPENSSL_LEGACY) || defined(GIT_OPENSSL_DYNAMIC)
+#if defined(GIT_HTTPS_OPENSSL_LEGACY) || defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 
 /*
  * OpenSSL 1.1 made BIO opaque so we have to use functions to interact with it
@@ -173,7 +173,7 @@ int git_openssl_set_locking(void)
 	return -1;
 #endif
 
-#ifdef GIT_OPENSSL_DYNAMIC
+#ifdef GIT_HTTPS_OPENSSL_DYNAMIC
 	/*
 	 * This function is required on legacy versions of OpenSSL; when building
 	 * with dynamically-loaded OpenSSL, we detect whether we loaded it or not.
@@ -200,4 +200,4 @@ int git_openssl_set_locking(void)
 }
 #endif /* GIT_THREADS */
 
-#endif /* GIT_OPENSSL_LEGACY || GIT_OPENSSL_DYNAMIC */
+#endif /* GIT_HTTPS_OPENSSL_LEGACY || GIT_HTTPS_OPENSSL_DYNAMIC */

src/libgit2/streams/openssl_legacy.h

@@ -9,7 +9,7 @@
 
 #include "streams/openssl_dynamic.h"
 
-#if defined(GIT_OPENSSL) && !defined(GIT_OPENSSL_DYNAMIC)
+#if defined(GIT_HTTPS_OPENSSL) && !defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 # include <openssl/ssl.h>
 # include <openssl/err.h>
 # include <openssl/x509v3.h>
@@ -17,11 +17,11 @@
 
 # if (defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L) || \
      (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
-#  define GIT_OPENSSL_LEGACY
+#  define GIT_HTTPS_OPENSSL_LEGACY
 # endif
 #endif
 
-#if defined(GIT_OPENSSL_LEGACY) && !defined(GIT_OPENSSL_DYNAMIC)
+#if defined(GIT_HTTPS_OPENSSL_LEGACY) && !defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 # define OPENSSL_init_ssl OPENSSL_init_ssl__legacy
 # define BIO_meth_new BIO_meth_new__legacy
 # define BIO_meth_free BIO_meth_free__legacy
@@ -39,7 +39,7 @@
 # define ASN1_STRING_get0_data ASN1_STRING_get0_data__legacy
 #endif
 
-#if defined(GIT_OPENSSL_LEGACY) || defined(GIT_OPENSSL_DYNAMIC)
+#if defined(GIT_HTTPS_OPENSSL_LEGACY) || defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 
 extern int OPENSSL_init_ssl__legacy(uint64_t opts, const void *settings);
 extern BIO_METHOD *BIO_meth_new__legacy(int type, const char *name);

src/libgit2/streams/schannel.c

@@ -7,7 +7,7 @@
 
 #include "streams/schannel.h"
 
-#ifdef GIT_SCHANNEL
+#ifdef GIT_HTTPS_SCHANNEL
 
 #define SECURITY_WIN32
 

src/libgit2/streams/schannel.h

@@ -11,7 +11,7 @@
 
 #include "git2/sys/stream.h"
 
-#ifdef GIT_SCHANNEL
+#ifdef GIT_HTTPS_SCHANNEL
 
 extern int git_schannel_stream_new(
 	git_stream **out,

src/libgit2/streams/stransport.c

@@ -7,7 +7,7 @@
 
 #include "streams/stransport.h"
 
-#ifdef GIT_SECURE_TRANSPORT
+#ifdef GIT_HTTPS_SECURETRANSPORT
 
 #include <CoreFoundation/CoreFoundation.h>
 #include <Security/SecureTransport.h>

src/libgit2/streams/stransport.h

@@ -11,7 +11,7 @@
 
 #include "git2/sys/stream.h"
 
-#ifdef GIT_SECURE_TRANSPORT
+#ifdef GIT_HTTPS_SECURETRANSPORT
 
 extern int git_stransport_stream_new(git_stream **out, const char *host, const char *port);
 extern int git_stransport_stream_wrap(git_stream **out, git_stream *in, const char *host);

src/libgit2/streams/tls.c

@@ -28,13 +28,14 @@ int git_tls_stream_new(git_stream **out, const char *host, const char *port)
 	if ((error = git_stream_registry_lookup(&custom, GIT_STREAM_TLS)) == 0) {
 		init = custom.init;
 	} else if (error == GIT_ENOTFOUND) {
-#ifdef GIT_SECURE_TRANSPORT
+#if defined(GIT_HTTPS_SECURETRANSPORT)
 		init = git_stransport_stream_new;
-#elif defined(GIT_OPENSSL)
+#elif defined(GIT_HTTPS_OPENSSL) || \
+      defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 		init = git_openssl_stream_new;
-#elif defined(GIT_MBEDTLS)
+#elif defined(GIT_HTTPS_MBEDTLS)
 		init = git_mbedtls_stream_new;
-#elif defined(GIT_SCHANNEL)
+#elif defined(GIT_HTTPS_SCHANNEL)
 		init = git_schannel_stream_new;
 #endif
 	} else {
@@ -60,13 +61,14 @@ int git_tls_stream_wrap(git_stream **out, git_stream *in, const char *host)
 	if (git_stream_registry_lookup(&custom, GIT_STREAM_TLS) == 0) {
 		wrap = custom.wrap;
 	} else {
-#ifdef GIT_SECURE_TRANSPORT
+#if defined(GIT_HTTPS_SECURETRANSPORT)
 		wrap = git_stransport_stream_wrap;
-#elif defined(GIT_OPENSSL)
+#elif defined(GIT_HTTPS_OPENSSL) || \
+      defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 		wrap = git_openssl_stream_wrap;
-#elif defined(GIT_MBEDTLS)
+#elif defined(GIT_HTTPS_MBEDTLS)
 		wrap = git_mbedtls_stream_wrap;
-#elif defined(GIT_SCHANNEL)
+#elif defined(GIT_HTTPS_SCHANNEL)
 		wrap = git_schannel_stream_wrap;
 #endif
 	}

src/libgit2/transports/auth_ntlm.h

@@ -15,14 +15,6 @@
 
 #if defined(GIT_AUTH_NTLM)
 
-#if defined(GIT_OPENSSL)
-# define CRYPT_OPENSSL
-#elif defined(GIT_MBEDTLS)
-# define CRYPT_MBEDTLS
-#elif defined(GIT_SECURE_TRANSPORT)
-# define CRYPT_COMMONCRYPTO
-#endif
-
 extern int git_http_auth_ntlm(
 	git_http_auth_context **out,
 	const git_net_url *url);

src/libgit2/transports/http.c

@@ -7,7 +7,7 @@
 
 #include "common.h"
 
-#ifndef GIT_WINHTTP
+#ifndef GIT_HTTPS_WINHTTP
 
 #include "net.h"
 #include "remote.h"
@@ -762,4 +762,4 @@ int git_smart_subtransport_http(git_smart_subtransport **out, git_transport *own
 	return 0;
 }
 
-#endif /* !GIT_WINHTTP */
+#endif /* !GIT_HTTPS_WINHTTP */

src/libgit2/transports/winhttp.c

@@ -7,7 +7,7 @@
 
 #include "common.h"
 
-#ifdef GIT_WINHTTP
+#ifdef GIT_HTTPS_WINHTTP
 
 #include "git2.h"
 #include "git2/transport.h"
@@ -1715,4 +1715,4 @@ int git_smart_subtransport_http(git_smart_subtransport **out, git_transport *own
 	return 0;
 }
 
-#endif /* GIT_WINHTTP */
+#endif /* GIT_HTTPS_WINHTTP */

src/util/git2_features.h.in

@@ -49,13 +49,13 @@
 #cmakedefine GIT_AUTH_NEGOTIATE_GSSAPI 1
 #cmakedefine GIT_AUTH_NEGOTIATE_SSPI 1
 
-#cmakedefine GIT_WINHTTP 1
 #cmakedefine GIT_HTTPS 1
-#cmakedefine GIT_OPENSSL 1
-#cmakedefine GIT_OPENSSL_DYNAMIC 1
-#cmakedefine GIT_SECURE_TRANSPORT 1
-#cmakedefine GIT_MBEDTLS 1
-#cmakedefine GIT_SCHANNEL 1
+#cmakedefine GIT_HTTPS_OPENSSL 1
+#cmakedefine GIT_HTTPS_OPENSSL_DYNAMIC 1
+#cmakedefine GIT_HTTPS_SECURETRANSPORT 1
+#cmakedefine GIT_HTTPS_MBEDTLS 1
+#cmakedefine GIT_HTTPS_SCHANNEL 1
+#cmakedefine GIT_HTTPS_WINHTTP 1
 
 #cmakedefine GIT_HTTPPARSER_HTTPPARSER 1
 #cmakedefine GIT_HTTPPARSER_LLHTTP 1

src/util/hash/openssl.c

@@ -7,7 +7,7 @@
 
 #include "openssl.h"
 
-#ifdef GIT_OPENSSL_DYNAMIC
+#if defined(GIT_SHA1_OPENSSL_DYNAMIC) || defined(GIT_SHA256_OPENSSL_DYNAMIC)
 # include <dlfcn.h>
 
 static int handle_count;
@@ -31,7 +31,8 @@ static int git_hash_openssl_global_init(void)
 		    (openssl_handle = dlopen("libssl.so.1.0.0", RTLD_NOW)) == NULL &&
 		    (openssl_handle = dlopen("libssl.1.0.0.dylib", RTLD_NOW)) == NULL &&
 		    (openssl_handle = dlopen("libssl.so.10", RTLD_NOW)) == NULL &&
-		    (openssl_handle = dlopen("libssl.so.3", RTLD_NOW)) == NULL) {
+		    (openssl_handle = dlopen("libssl.so.3", RTLD_NOW)) == NULL &&
+		    (openssl_handle = dlopen("libssl.3.dylib", RTLD_NOW)) == NULL) {
 			git_error_set(GIT_ERROR_SSL, "could not load ssl libraries");
 			return -1;
 		}
@@ -46,17 +47,13 @@ static int git_hash_openssl_global_init(void)
 
 #endif
 
-#ifdef GIT_SHA1_OPENSSL
-
-# ifdef GIT_OPENSSL_DYNAMIC
+#ifdef GIT_SHA1_OPENSSL_DYNAMIC
 static int (*SHA1_Init)(SHA_CTX *c);
 static int (*SHA1_Update)(SHA_CTX *c, const void *data, size_t len);
 static int (*SHA1_Final)(unsigned char *md, SHA_CTX *c);
-# endif
 
 int git_hash_sha1_global_init(void)
 {
-#ifdef GIT_OPENSSL_DYNAMIC
 	if (git_hash_openssl_global_init() < 0)
 		return -1;
 
@@ -67,10 +64,17 @@ int git_hash_sha1_global_init(void)
 		git_error_set(GIT_ERROR_SSL, "could not load hash function: %s", msg ? msg : "unknown error");
 		return -1;
 	}
-#endif
 
 	return 0;
 }
+#elif GIT_SHA1_OPENSSL
+int git_hash_sha1_global_init(void)
+{
+	return 0;
+}
+#endif
+
+#if defined(GIT_SHA1_OPENSSL) || defined(GIT_SHA1_OPENSSL_DYNAMIC)
 
 int git_hash_sha1_ctx_init(git_hash_sha1_ctx *ctx)
 {
@@ -196,17 +200,13 @@ int git_hash_sha1_final(unsigned char *out, git_hash_sha1_ctx *ctx)
 
 #endif
 
-#ifdef GIT_SHA256_OPENSSL
-
-# ifdef GIT_OPENSSL_DYNAMIC
+#ifdef GIT_SHA256_OPENSSL_DYNAMIC
 static int (*SHA256_Init)(SHA256_CTX *c);
 static int (*SHA256_Update)(SHA256_CTX *c, const void *data, size_t len);
 static int (*SHA256_Final)(unsigned char *md, SHA256_CTX *c);
-#endif
 
 int git_hash_sha256_global_init(void)
 {
-#ifdef GIT_OPENSSL_DYNAMIC
 	if (git_hash_openssl_global_init() < 0)
 		return -1;
 
@@ -217,10 +217,17 @@ int git_hash_sha256_global_init(void)
 		git_error_set(GIT_ERROR_SSL, "could not load hash function: %s", msg ? msg : "unknown error");
 		return -1;
 	}
-#endif
 
 	return 0;
 }
+#elif GIT_SHA256_OPENSSL
+int git_hash_sha256_global_init(void)
+{
+	return 0;
+}
+#endif
+
+#if defined(GIT_SHA256_OPENSSL) || defined(GIT_SHA256_OPENSSL_DYNAMIC)
 
 int git_hash_sha256_ctx_init(git_hash_sha256_ctx *ctx)
 {

src/util/hash/openssl.h

@@ -10,31 +10,33 @@
 
 #include "hash/sha.h"
 
-#ifndef GIT_OPENSSL_DYNAMIC
-# if defined(GIT_SHA1_OPENSSL_FIPS) || defined(GIT_SHA256_OPENSSL_FIPS)
-#  include <openssl/evp.h>
-# else
-#  include <openssl/sha.h>
-# endif
-#else
+#if defined(GIT_SHA1_OPENSSL_FIPS) || defined(GIT_SHA256_OPENSSL_FIPS)
+# include <openssl/evp.h>
+#endif
 
+#if defined(GIT_SHA1_OPENSSL) || defined(GIT_SHA256_OPENSSL)
+# include <openssl/sha.h>
+#endif
+
+#if defined(GIT_SHA1_OPENSSL_DYNAMIC)
 typedef struct {
 	unsigned int h0, h1, h2, h3, h4;
 	unsigned int Nl, Nh;
 	unsigned int data[16];
 	unsigned int num;
 } SHA_CTX;
+#endif
 
+#if defined(GIT_SHA256_OPENSSL_DYNAMIC)
 typedef struct {
 	unsigned int h[8];
 	unsigned int Nl, Nh;
 	unsigned int data[16];
 	unsigned int num, md_len;
 } SHA256_CTX;
-
 #endif
 
-#ifdef GIT_SHA1_OPENSSL
+#if defined(GIT_SHA1_OPENSSL) || defined(GIT_SHA1_OPENSSL_DYNAMIC)
 struct git_hash_sha1_ctx {
 	SHA_CTX c;
 };
@@ -46,7 +48,7 @@ struct git_hash_sha1_ctx {
 };
 #endif
 
-#ifdef GIT_SHA256_OPENSSL
+#if defined(GIT_SHA256_OPENSSL) || defined(GIT_SHA256_OPENSSL_DYNAMIC)
 struct git_hash_sha256_ctx {
 	SHA256_CTX c;
 };

src/util/hash/sha.h

@@ -22,8 +22,10 @@ typedef struct git_hash_sha256_ctx git_hash_sha256_ctx;
 #endif
 
 #if defined(GIT_SHA1_OPENSSL) || \
+    defined(GIT_SHA1_OPENSSL_DYNAMIC) || \
     defined(GIT_SHA1_OPENSSL_FIPS) || \
     defined(GIT_SHA256_OPENSSL) || \
+    defined(GIT_SHA256_OPENSSL_DYNAMIC) || \
     defined(GIT_SHA256_OPENSSL_FIPS)
 # include "openssl.h"
 #endif

src/util/win32/error.c

@@ -9,7 +9,7 @@
 
 #include "utf-conv.h"
 
-#ifdef GIT_WINHTTP
+#ifdef GIT_HTTPS_WINHTTP
 # include <winhttp.h>
 #endif
 
@@ -24,7 +24,7 @@ char *git_win32_get_error_message(DWORD error_code)
 	if (!error_code)
 		return NULL;
 
-#ifdef GIT_WINHTTP
+#ifdef GIT_HTTPS_WINHTTP
 	/* Errors raised by WinHTTP are not in the system resource table */
 	if (error_code >= WINHTTP_ERROR_BASE &&
 		error_code <= WINHTTP_ERROR_LAST)

tests/libgit2/core/features.c

@@ -92,17 +92,17 @@ void test_core_features__backends(void)
 	cl_assert(threads == NULL);
 #endif
 
-#if defined(GIT_HTTPS) && defined(GIT_OPENSSL)
+#if defined(GIT_HTTPS_OPENSSL)
 	cl_assert_equal_s("openssl", https);
-#elif defined(GIT_HTTPS) && defined(GIT_OPENSSL_DYNAMIC)
+#elif defined(GIT_HTTPS_OPENSSL_DYNAMIC)
 	cl_assert_equal_s("openssl-dynamic", https);
-#elif defined(GIT_HTTPS) && defined(GIT_MBEDTLS)
+#elif defined(GIT_HTTPS_MBEDTLS)
 	cl_assert_equal_s("mbedtls", https);
-#elif defined(GIT_HTTPS) && defined(GIT_SECURE_TRANSPORT)
+#elif defined(GIT_HTTPS_SECURETRANSPORT)
 	cl_assert_equal_s("securetransport", https);
-#elif defined(GIT_HTTPS) && defined(GIT_SCHANNEL)
+#elif defined(GIT_HTTPS_SCHANNEL)
 	cl_assert_equal_s("schannel", https);
-#elif defined(GIT_HTTPS) && defined(GIT_WINHTTP)
+#elif defined(GIT_HTTPS_WINHTTP)
 	cl_assert_equal_s("winhttp", https);
 #elif defined(GIT_HTTPS)
 	cl_assert(0);

tests/libgit2/online/clone.c

@@ -1373,7 +1373,7 @@ void test_online_clone__sha256(void)
 
 void test_online_clone__connect_timeout_configurable(void)
 {
-#ifdef GIT_WINHTTP
+#ifdef GIT_HTTPS_WINHTTP
 	cl_skip();
 #else
 	uint64_t start, finish;
@@ -1392,7 +1392,7 @@ void test_online_clone__connect_timeout_configurable(void)
 
 void test_online_clone__connect_timeout_default(void)
 {
-#ifdef GIT_WINHTTP
+#ifdef GIT_HTTPS_WINHTTP
 	cl_skip();
 #else
 	/* This test takes ~ 75 seconds on Unix. */
@@ -1410,7 +1410,7 @@ void test_online_clone__connect_timeout_default(void)
 
 void test_online_clone__timeout_configurable_times_out(void)
 {
-#ifdef GIT_WINHTTP
+#ifdef GIT_HTTPS_WINHTTP
 	cl_skip();
 #else
 	git_repository *failed_repo;
@@ -1427,7 +1427,7 @@ void test_online_clone__timeout_configurable_times_out(void)
 
 void test_online_clone__timeout_configurable_succeeds_slowly(void)
 {
-#ifdef GIT_WINHTTP
+#ifdef GIT_HTTPS_WINHTTP
 	cl_skip();
 #else
 	if (!_remote_speed_slow)

tests/libgit2/online/customcert.c

@@ -10,7 +10,7 @@
 #include "str.h"
 #include "streams/openssl.h"
 
-#if (GIT_OPENSSL && !GIT_OPENSSL_DYNAMIC)
+#ifdef GIT_HTTPS_OPENSSL
 # include <openssl/ssl.h>
 # include <openssl/err.h>
 # include <openssl/x509v3.h>
@@ -30,13 +30,13 @@
 #define CUSTOM_CERT_THREE_URL "https://test.libgit2.org:3443/anonymous/test.git"
 #define CUSTOM_CERT_THREE_FILE "three.pem.raw"
 
-#if (GIT_OPENSSL || GIT_MBEDTLS)
+#if (GIT_HTTPS_OPENSSL || GIT_HTTPS_OPENSSL_DYNAMIC || GIT_HTTPS_MBEDTLS)
 static git_repository *g_repo;
 #endif
 
 void test_online_customcert__initialize(void)
 {
-#if (GIT_OPENSSL || GIT_MBEDTLS)
+#if (GIT_HTTPS_OPENSSL || GIT_HTTPS_OPENSSL_DYNAMIC || GIT_HTTPS_MBEDTLS)
 	git_str path = GIT_STR_INIT, file = GIT_STR_INIT;
 	char cwd[GIT_PATH_MAX];
 
@@ -58,7 +58,7 @@ void test_online_customcert__initialize(void)
 
 void test_online_customcert__cleanup(void)
 {
-#if (GIT_OPENSSL || GIT_MBEDTLS)
+#if (GIT_HTTPS_OPENSSL || GIT_HTTPS_OPENSSL_DYNAMIC || GIT_HTTPS_MBEDTLS)
 	if (g_repo) {
 		git_repository_free(g_repo);
 		g_repo = NULL;
@@ -68,14 +68,14 @@ void test_online_customcert__cleanup(void)
 	cl_fixture_cleanup(CUSTOM_CERT_DIR);
 #endif
 
-#ifdef GIT_OPENSSL
+#if (GIT_HTTPS_OPENSSL || GIT_HTTPS_OPENSSL_DYNAMIC)
 	git_openssl__reset_context();
 #endif
 }
 
 void test_online_customcert__file(void)
 {
-#if (GIT_OPENSSL || GIT_MBEDTLS)
+#if (GIT_HTTPS_OPENSSL || GIT_HTTPS_OPENSSL_DYNAMIC || GIT_HTTPS_MBEDTLS)
 	cl_git_pass(git_clone(&g_repo, CUSTOM_CERT_ONE_URL, "./cloned", NULL));
 	cl_assert(git_fs_path_exists("./cloned/master.txt"));
 #endif
@@ -83,7 +83,7 @@ void test_online_customcert__file(void)
 
 void test_online_customcert__path(void)
 {
-#if (GIT_OPENSSL || GIT_MBEDTLS)
+#if (GIT_HTTPS_OPENSSL || GIT_HTTPS_OPENSSL_DYNAMIC || GIT_HTTPS_MBEDTLS)
 	cl_git_pass(git_clone(&g_repo, CUSTOM_CERT_TWO_URL, "./cloned", NULL));
 	cl_assert(git_fs_path_exists("./cloned/master.txt"));
 #endif
@@ -91,7 +91,7 @@ void test_online_customcert__path(void)
 
 void test_online_customcert__raw_x509(void)
 {
-#if (GIT_OPENSSL && !GIT_OPENSSL_DYNAMIC)
+#if GIT_HTTPS_OPENSSL
 	X509* x509_cert = NULL;
 	char cwd[GIT_PATH_MAX];
 	git_str raw_file = GIT_STR_INIT,

tests/libgit2/stream/registration.c

@@ -84,7 +84,7 @@ void test_stream_registration__tls(void)
 	/* We don't have TLS support enabled, or we're on Windows
 	 * with WinHTTP, which is not actually TLS stream support.
 	 */
-#if defined(GIT_WINHTTP) || !defined(GIT_HTTPS)
+#if defined(GIT_HTTPS_WINHTTP) || !defined(GIT_HTTPS)
 	cl_git_fail_with(-1, error);
 #else
 	cl_git_pass(error);