Switch to OpenSSL instead of crypto API

macOS before 10.7 requires to use OpenSSL because a lot of things is
simple missed.

src/tools/cargo/Cargo.toml

@@ -115,3 +115,4 @@ doc = false
 deny-warnings = []
 vendored-openssl = ["openssl/vendored"]
 pretty-env-logger = ["pretty_env_logger"]
+macos_before_10_7 = []

src/tools/legacy-bootstrap/helper.rs

@@ -7,6 +7,15 @@ pub fn insert_cargo_features() {
     macos_feature_version();
 }
 
+#[allow(dead_code)]
+pub fn force_openssl() -> bool {
+    if cfg!(target_os = "macos") {
+        macos::version() < 11
+    } else {
+        false
+    }
+}
+
 #[cfg(target_os = "macos")]
 fn macos_feature_version() {
     let version = macos::version();

vendor/commoncrypto-sys/Cargo.toml

@@ -10,6 +10,7 @@ license = "MIT"
 
 [features]
 lint = ["clippy"]
+macos_before_10_7 = []
 
 [dependencies]
 libc = "0.2"

vendor/commoncrypto-sys/build.rs

@@ -0,0 +1,6 @@
+#[path = "../../src/tools/legacy-bootstrap/helper.rs"]
+mod legacy_bootstrap_helper;
+
+fn main() {
+    legacy_bootstrap_helper::insert_cargo_features();
+}

vendor/commoncrypto-sys/src/lib.rs

@@ -197,33 +197,45 @@ extern "C" {
     /// Generates SHA512 hash. See `man 3cc CC_SHA` for details.
     pub fn CC_SHA512_Final(md: *mut u8, ctx: *mut CC_SHA512_CTX) -> c_int;
     /// Generic digest hasher.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigest(algorithm: CCDigestAlgorithm,
                     data: *const u8,
                     length: usize,
                     output: *mut u8)
                     -> c_int;
     /// Allocate and initialize a `CCDigestCtx` for a digest.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestCreate(algorithm: CCDigestAlgorithm) -> *mut CCDigestCtx;
     /// Continue to digest data. Returns `0` on success.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestUpdate(ctx: *mut CCDigestCtx, data: *const u8, length: usize) -> c_int;
     /// Conclude digest operations and produce the digest output. Returns `0` on success.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestFinal(ctx: *mut CCDigestCtx, output: *mut u8) -> c_int;
     /// Clear and free a `CCDigestCtx`.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestDestroy(ctx: *mut CCDigestCtx);
     /// Clear and re-initialize a `CCDigestCtx` for the same algorithm.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestReset(ctx: *mut CCDigestCtx);
     /// Produce the digest output result for the bytes currently processed. Returns `0` on success.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestGetDigest(ctx: *mut CCDigestCtx, output: *mut u8) -> c_int;
     /// Provides the block size of the digest algorithm. Returns `0` on failure.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestGetBlockSize(algorithm: CCDigestAlgorithm) -> usize;
     /// Provides the digest output size of the digest algorithm. Returns `0` on failure.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestGetOutputSize(algorithm: CCDigestAlgorithm) -> usize;
     /// Provides the block size of the digest algorithm. Returns `0` on failure.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestGetBlockSizeFromRef(ctx: *mut CCDigestCtx) -> usize;
     /// Provides the digest output size of the digest algorithm. Returns `0` on failure.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCDigestGetOutputSizeFromRef(ctx: *mut CCDigestCtx) -> usize;
 
     /// Derive a key from a user-supplied password via PBKDF2.
+    #[cfg(not(feature = "macos_before_10_7"))]
     pub fn CCKeyDerivationPBKDF(algorithm: CCPBKDFAlgorithm,
                                 password: *const u8,
                                 passwordLen: usize,

vendor/commoncrypto/Cargo.toml

@@ -10,6 +10,7 @@ license = "MIT"
 
 [features]
 lint = ["clippy"]
+macos_before_10_7 = []
 
 [dependencies]
 commoncrypto-sys = { version = "0.2.0", path = "../commoncrypto-sys" }

vendor/commoncrypto/build.rs

@@ -0,0 +1,6 @@
+#[path = "../../src/tools/legacy-bootstrap/helper.rs"]
+mod legacy_bootstrap_helper;
+
+fn main() {
+    legacy_bootstrap_helper::insert_cargo_features();
+}

vendor/commoncrypto/src/lib.rs

@@ -22,9 +22,12 @@
 
 #![warn(missing_docs)]
 
+#[cfg(not(feature = "macos_before_10_7"))]
 extern crate commoncrypto_sys;
 
 #[warn(missing_docs)]
+#[cfg(not(feature = "macos_before_10_7"))]
 pub mod hash;
 #[warn(missing_docs)]
+#[cfg(not(feature = "macos_before_10_7"))]
 pub mod pbkdf2;

vendor/crypto-hash/Cargo.toml

@@ -21,11 +21,13 @@ readme = "README.md"
 keywords = ["crypto", "hash", "digest"]
 license = "MIT"
 repository = "https://github.com/malept/crypto-hash"
+[features]
+macos_before_10_7 = []
 [dependencies.hex]
 version = "0.3"
 [target."cfg(any(target_os = \"macos\", target_os = \"ios\"))".dependencies.commoncrypto]
 version = "0.2"
-[target."cfg(not(any(target_os = \"windows\", target_os = \"macos\", target_os = \"ios\")))".dependencies.openssl]
+[target."cfg(not(any(target_os = \"windows\", target_os = \"ios\")))".dependencies.openssl]
 version = "0.10"
 [target."cfg(target_os = \"windows\")".dependencies.winapi]
 version = "0.3"

vendor/crypto-hash/build.rs

@@ -0,0 +1,6 @@
+#[path = "../../src/tools/legacy-bootstrap/helper.rs"]
+mod legacy_bootstrap_helper;
+
+fn main() {
+    legacy_bootstrap_helper::insert_cargo_features();
+}

vendor/crypto-hash/src/lib.rs

@@ -43,23 +43,23 @@
 
 #![warn(missing_docs)]
 
-#[cfg(any(target_os = "macos", target_os = "ios"))]
+#[cfg(any(all(target_os = "macos", not(feature = "macos_before_10_7")), target_os = "ios"))]
 extern crate commoncrypto;
 extern crate hex;
-#[cfg(not(any(target_os = "macos", target_os = "ios", target_os = "windows")))]
+#[cfg(not(any(all(target_os = "macos", not(feature = "macos_before_10_7")), target_os = "ios", target_os = "windows")))]
 extern crate openssl;
 #[cfg(target_os = "windows")]
 extern crate winapi;
 
 use std::io::Write;
 
-#[cfg(any(target_os = "macos", target_os = "ios"))]
+#[cfg(any(all(target_os = "macos", not(feature = "macos_before_10_7")), target_os = "ios"))]
 #[path = "imp/commoncrypto.rs"]
 mod imp;
 #[cfg(target_os = "windows")]
 #[path = "imp/cryptoapi.rs"]
 mod imp;
-#[cfg(not(any(target_os = "macos", target_os = "ios", target_os = "windows")))]
+#[cfg(not(any(all(target_os = "macos", not(feature = "macos_before_10_7")), target_os = "ios", target_os = "windows")))]
 #[path = "imp/openssl.rs"]
 mod imp;
 

vendor/libgit2-sys/Cargo.toml

@@ -48,6 +48,7 @@ https = ["openssl-sys"]
 ssh = ["libssh2-sys"]
 ssh_key_from_memory = []
 zlib-ng-compat = ["libz-sys/zlib-ng", "libssh2-sys/zlib-ng-compat"]
+macos_before_10_7 = []
 [target."cfg(unix)".dependencies.openssl-sys]
 version = "0.9"
 optional = true

vendor/libgit2-sys/build.rs

@@ -4,7 +4,12 @@ use std::io;
 use std::path::{Path, PathBuf};
 use std::process::Command;
 
+#[path = "../../src/tools/legacy-bootstrap/helper.rs"]
+mod legacy_bootstrap_helper;
+
 fn main() {
+    legacy_bootstrap_helper::insert_cargo_features();
+
     let https = env::var("CARGO_FEATURE_HTTPS").is_ok();
     let ssh = env::var("CARGO_FEATURE_SSH").is_ok();
     let zlib_ng_compat = env::var("CARGO_FEATURE_ZLIB_NG_COMPAT").is_ok();
@@ -136,7 +141,7 @@ fn main() {
 
         if windows {
             features.push_str("#define GIT_WINHTTP 1\n");
-        } else if target.contains("apple") {
+        } else if !legacy_bootstrap_helper::force_openssl() && target.contains("apple") {
             features.push_str("#define GIT_SECURE_TRANSPORT 1\n");
         } else {
             features.push_str("#define GIT_OPENSSL 1\n");