4646 # renovate: datasource=github-tags depName=Mbed-TLS/mbedtls versioning=semver:^3.0.0 registryUrl=https://github.com
4747 MBEDTLS_VERSION_PREV : 3.6.4
4848 # renovate: datasource=github-tags depName=awslabs/aws-lc versioning=semver registryUrl=https://github.com
49- AWSLC_VERSION : 1.61.4
49+ AWSLC_VERSION : 1.63.0
5050 # renovate: datasource=github-tags depName=google/boringssl versioning=semver registryUrl=https://github.com
5151 BORINGSSL_VERSION : 0.20251002.0
5252 # handled in renovate.json
5555 RUSTLS_VERSION : 0.15.0
5656 # handled in renovate.json
5757 OPENLDAP_VERSION : 2.6.10
58+ # renovate: datasource=github-tags depName=nghttp2/nghttp2 versioning=semver registryUrl=https://github.com
59+ NGHTTP2_VERSION : 1.68.0
60+ # renovate: datasource=github-tags depName=pizlonator/fil-c versioning=semver-partial registryUrl=https://github.com
61+ FIL_C_VERSION : 0.674
5862
5963jobs :
6064 linux :
@@ -191,13 +195,13 @@ jobs:
191195name : ' openssl torture !FTP'
192196 install_packages : libnghttp2-dev libssh2-1-dev libc-ares-dev
193197 generate : -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON
194- tflags : -t --shallow=25 !FTP
198+ tflags : ' -t --shallow=25 !FTP'
195199 torture : true
196200
197201 - name : ' openssl torture FTP'
198202 install_packages : libnghttp2-dev libssh2-1-dev libc-ares-dev
199203 generate : -DCURL_USE_OPENSSL=ON -DENABLE_DEBUG=ON -DENABLE_ARES=ON
200- tflags : -t --shallow=20 FTP
204+ tflags : ' -t --shallow=20 FTP'
201205 torture : true
202206
203207 - name : ' openssl i686'
@@ -213,6 +217,17 @@ jobs:
213217name : ' !ssl !http !smtp !imap'
214218 configure : --without-ssl --enable-debug --disable-http --disable-smtp --disable-imap --disable-unity
215219
220+ - name : ' libressl Fil-C'
221+ install_steps : filc libressl-filc nghttp2-filc pytest
222+ tflags : ' !776' # adds 1-9 minutes to the test run step, and fails consistently
223+ CC : /home/runner/filc/build/bin/filcc
224+ PKG_CONFIG_PATH : /home/runner/nghttp2/lib/pkgconfig
225+ generate : >-
226+ -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF -DCMAKE_UNITY_BUILD=OFF
227+ -DOPENSSL_ROOT_DIR=/home/runner/libressl -DCURL_USE_LIBPSL=OFF
228+ -DCURL_ZLIB=OFF -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF
229+ -DCURL_DISABLE_LDAP=ON -DUSE_LIBIDN2=OFF -DCURL_USE_LIBSSH2=OFF
230+
216231name : ' clang-tidy'
217232 install_packages : clang-tidy libssl-dev libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev libkrb5-dev librtmp-dev libgnutls28-dev
218233 install_steps : skipall mbedtls rustls wolfssl-opensslextra
@@ -292,12 +307,12 @@ jobs:
292307 - name : ' event-based'
293308 install_packages : libssh-dev
294309 configure : --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
295- tflags : -n --test-event '!TLS-SRP '
310+ tflags : ' -n --test-event'
296311
297312 - name : ' duphandle'
298313 install_packages : libssh-dev
299314 configure : --enable-debug --disable-shared --disable-threaded-resolver --with-libssh --with-openssl
300- tflags : -n --test-duphandle '!TLS-SRP '
315+ tflags : ' -n --test-duphandle'
301316
302317 - name : ' rustls valgrind'
303318 install_packages : libnghttp2-dev libldap-dev valgrind
@@ -351,7 +366,7 @@ jobs:
351366 HOMEBREW_NO_AUTO_UPDATE=1 /home/linuxbrew/.linuxbrew/bin/brew install ${INSTALL_PACKAGES_BREW}
352367 fi
353368
354- name : ' install prereqs'
369+ name : ' install prereqs (i686) '
355370 if : ${{ contains(matrix.build.name, 'i686') }}
356371 run : |
357372 sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
@@ -363,7 +378,7 @@ jobs:
363378 libpsl-dev:i386 libbrotli-dev:i386 libzstd-dev:i386 \
364379 ${MATRIX_INSTALL_PACKAGES}
365380
366- name : ' install dependencies '
381+ name : ' install prereqs (alpine) '
367382 if : ${{ startsWith(matrix.build.container, 'alpine') }}
368383 run : |
369384 apk add --no-cache build-base autoconf automake libtool perl openssl-dev \
@@ -372,6 +387,16 @@ jobs:
372387 py3-impacket py3-asn1 py3-six py3-pycryptodomex \
373388 perl-time-hires openssh stunnel sudo git openssl
374389
390+ name : ' install Fil-C'
391+ if : ${{ contains(matrix.build.install_steps, 'filc') }}
392+ run : |
393+ cd /home/runner
394+ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
395+ --location "https://github.com/pizlonator/fil-c/releases/download/v${FIL_C_VERSION}/filc-${FIL_C_VERSION}-linux-x86_64.tar.xz" | tar -xJ
396+ mv "filc-${FIL_C_VERSION}-linux-x86_64" filc
397+ cd filc
398+ ./setup.sh
399+
375400name : ' cache libressl'
376401 if : ${{ contains(matrix.build.install_steps, 'libressl') }}
377402 uses : actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
@@ -392,6 +417,48 @@ jobs:
392417 cmake --build .
393418 cmake --install .
394419
420+ name : ' cache libressl (filc)'
421+ if : ${{ contains(matrix.build.install_steps, 'libressl-filc') }}
422+ uses : actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
423+ id : cache-libressl-filc
424+ env :
425+ cache-name : cache-libressl-filc
426+ with :
427+ path : ~/libressl
428+ key : ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.LIBRESSL_VERSION }}-${{ env.FIL_C_VERSION }}
429+
430+ - name : ' build libressl (filc)'
431+ if : ${{ contains(matrix.build.install_steps, 'libressl-filc') && steps.cache-libressl-filc.outputs.cache-hit != 'true' }}
432+ run : |
433+ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
434+ --location "https://github.com/libressl/portable/releases/download/v${LIBRESSL_VERSION}/libressl-${LIBRESSL_VERSION}.tar.gz" | tar -xz
435+ cd "libressl-${LIBRESSL_VERSION}"
436+ cmake -B . -G Ninja -DLIBRESSL_APPS=OFF -DLIBRESSL_TESTS=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/libressl \
437+ -DCMAKE_C_COMPILER=/home/runner/filc/build/bin/filcc -DENABLE_ASM=OFF
438+ cmake --build .
439+ cmake --install .
440+
441+ name : ' cache nghttp2 (filc)'
442+ uses : actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
443+ id : cache-nghttp2-filc
444+ env :
445+ cache-name : cache-nghttp2-filc
446+ with :
447+ path : ~/nghttp2
448+ key : ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.NGHTTP2_VERSION }}-${{ env.FIL_C_VERSION }}
449+
450+ - name : ' build nghttp2 (filc)'
451+ if : ${{ contains(matrix.build.install_steps, 'nghttp2-filc') && steps.cache-nghttp2-filc.outputs.cache-hit != 'true' }}
452+ run : |
453+ curl --disable --fail --silent --show-error --connect-timeout 15 --max-time 120 --retry 6 --retry-connrefused \
454+ --location "https://github.com/nghttp2/nghttp2/releases/download/v${NGHTTP2_VERSION}/nghttp2-${NGHTTP2_VERSION}.tar.xz" | tar -xJ
455+ cd "nghttp2-${NGHTTP2_VERSION}"
456+ cmake -B . -G Ninja -DENABLE_LIB_ONLY=ON -DBUILD_TESTING=OFF -DENABLE_DOC=OFF -DCMAKE_INSTALL_PREFIX=/home/runner/nghttp2 \
457+ -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=OFF \
458+ -DCMAKE_C_COMPILER=/home/runner/filc/build/bin/filcc
459+ cmake --build .
460+ cmake --install .
461+
395462name : ' cache wolfssl (all)'
396463 if : ${{ contains(matrix.build.install_steps, 'wolfssl-all') }}
397464 uses : actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
@@ -652,7 +719,7 @@ jobs:
652719 fi
653720
654721name : ' single-use function check'
655- if : ${{ contains(matrix.build.configure, '--disable-unity') || contains(matrix.build.generate, '-DCMAKE_UNITY_BUILD=OFF') }}
722+ if : ${{ ( contains(matrix.build.configure, '--disable-unity') || contains(matrix.build.generate, '-DCMAKE_UNITY_BUILD=OFF')) && !contains(matrix.build.install_steps, 'filc ') }}
656723 run : |
657724 git config --global --add safe.directory "*"
658725 if [ "${MATRIX_BUILD}" = 'cmake' ]; then
@@ -698,6 +765,7 @@ jobs:
698765 run : |
699766 if [ "${TEST_TARGET}" = 'test-ci' ] && [[ "${MATRIX_INSTALL_PACKAGES}" = *'valgrind'* ]]; then
700767 TFLAGS+=' -j6'
768+ TFLAGS+=' !776' # skip long-running flaky test
701769 if [[ "${MATRIX_INSTALL_PACKAGES}" = *'libgss-dev'* ]]; then
702770 TFLAGS+=' ~2077 ~2078' # memory leaks from Curl_auth_decode_spnego_message() -> gss_init_sec_context()
703771 fi
0 commit comments