The generic `ssl` feature selects Secure Transport on macOS, which is a
deprecated library and support for it in curl is also deprecated and
scheduled for removal after May 2025: https://daniel.haxx.se/blog/tag/securetransport/
Secure Transport is replaced by Network Framework, but as per the blog
post above, there's no foreseeable future of curl supporting it.
With this information, we now explicitly use OpenSSL as the backend for
curl, inline with the default choice for Linux.
This gives us some key benefits:
- A maintained and current TLS library
- TLS 1.0 and 1.1 is disabled by default
- TLS 1.3 is now available
- Modern cipher suites
- Removal of TLS_EMPTY_RENEGOTIATION_INFO_SCSV extension
- Opportunity to support HTTP/3 with nghttp3 and OpenSSL's QUIC support
- More extensions, key exchanges, EC point formats, etc.
This implementation can be better improved in the future by ripping
out a lot of the manual logic in LibWebSocket and rely on libcurl to
parse our message payloads. But for now, this uses the 'raw mode' of
curl websockets in connect-only mode to allow for somewhat seamless
integration into our event loop.
This updates our local ICU overlay port to use ICU 76.1. This includes
Unicode 16 and CLDR 46.
Upstream vcpkg is not able to supply versions past 74 yet due to various
dependency issues, but we are able to use this version ourselves. The
overlay port now includes a patch to revert ICU's dependence on autoconf
2.72 for now, as this version is not yet available on all systems.
All of the test changes were cross-referenced with Firefox to ensure
correctness.
libpxbackend was not being installed from vcpkg which lead to use of
libpxbackend on the system causing library mismatch in rolling
distros(ie arch linux)
a
This allows us to get identical metrics on macOS and Linux. Without
this, Skia will use CoreText on macOS and give us slightly different
text metrics. That causes layout tests to be slightly different on
different platforms, which is a huge headache. So let's not do that.
You can now launch Ladybird and headless-browser with --force-fontconfig
to load fonts through fontconfig. Tests run in this mode by default.
It currently doesn't support animated image.
Note that Gfx::Bitmap has no support for get_pixel when the format is
RGBA8888. This is why it has been removed from the tests.
We currently have 2 base64 coders: one in AK, another in LibWeb for a
"forgiving" implementation. ECMA-262 has an upcoming proposal which will
require a third implementation.
Instead, let's use the base64 implementation that is used by Node.js and
recommended by the upcoming proposal. It handles forgiving decoding as
well.
Our users of AK's implementation should be fine with the forgiving
implementation. The AK impl originally had naive forgiving behavior, but
that was removed solely for performance reasons.
Using http://mattmahoney.net/dc/enwik8.zip (100MB unzipped) as a test,
performance of our old home-grown implementations vs. the simdutf
implementation (on Linux x64):
Encode Decode
AK base64 0.226s 0.169s
LibWeb base64 N/A 1.244s
simdutf 0.161s 0.047s
This commit replaces all TLS connection code with wolfssl.
The certificate parsing code has to remain for now, as wolfssl does not
seem to have any exposed API for that.
