From ace3b172ad3a948a9779409a3477d6ac0e7667b5 Mon Sep 17 00:00:00 2001
From: ReenigneArcher <42013603+ReenigneArcher@users.noreply.github.com>
Date: Mon, 30 Sep 2024 09:02:02 -0400
Subject: [PATCH] build(deps): use latest curl for windows build

---
 .codeql-prebuild-cpp-Windows.sh | 15 ++++-----------
 .github/workflows/CI.yml        | 16 +++++++++++++++-
 docs/building.md                |  2 +-
 src/httpcommon.cpp              | 11 +++++++++--
 4 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/.codeql-prebuild-cpp-Windows.sh b/.codeql-prebuild-cpp-Windows.sh
index 31ee6cd94d3..b96deebadc4 100644
--- a/.codeql-prebuild-cpp-Windows.sh
+++ b/.codeql-prebuild-cpp-Windows.sh
@@ -2,18 +2,10 @@
 set -e
 
 # update pacman
-pacman --noconfirm -Suy
-
-# install wget
-pacman --noconfirm -S \
-  wget
-
-# download working curl
-wget https://repo.msys2.org/mingw/ucrt64/mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst
+pacman --noconfirm -Syu
 
 # install dependencies
-pacman -U --noconfirm mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst
-pacman -Syu --noconfirm --ignore=mingw-w64-ucrt-x86_64-curl \
+pacman -S --noconfirm \
   base-devel \
   diffutils \
   gcc \
@@ -21,13 +13,14 @@ pacman -Syu --noconfirm --ignore=mingw-w64-ucrt-x86_64-curl \
   make \
   mingw-w64-ucrt-x86_64-cmake \
   mingw-w64-ucrt-x86_64-cppwinrt \
+  mingw-w64-ucrt-x86_64-curl \
+  mingw-w64-ucrt-x86_64-curl-winssl \
   mingw-w64-ucrt-x86_64-graphviz \
   mingw-w64-ucrt-x86_64-miniupnpc \
   mingw-w64-ucrt-x86_64-nlohmann-json \
   mingw-w64-ucrt-x86_64-nodejs \
   mingw-w64-ucrt-x86_64-nsis \
   mingw-w64-ucrt-x86_64-onevpl \
-  mingw-w64-ucrt-x86_64-openssl \
   mingw-w64-ucrt-x86_64-opus \
   mingw-w64-ucrt-x86_64-rust \
   mingw-w64-ucrt-x86_64-toolchain
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index c1b6620b16d..1bcc641c885 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -1019,9 +1019,23 @@ jobs:
           msystem: ucrt64
           update: true
           install: >-
+            git
+            mingw-w64-ucrt-x86_64-cmake
+            mingw-w64-ucrt-x86_64-cppwinrt
+            mingw-w64-ucrt-x86_64-curl
+            mingw-w64-ucrt-x86_64-curl-winssl
+            mingw-w64-ucrt-x86_64-graphviz
+            mingw-w64-ucrt-x86_64-miniupnpc
+            mingw-w64-ucrt-x86_64-nlohmann-json
+            mingw-w64-ucrt-x86_64-nodejs
+            mingw-w64-ucrt-x86_64-nsis
+            mingw-w64-ucrt-x86_64-onevpl
+            mingw-w64-ucrt-x86_64-opus
+            mingw-w64-ucrt-x86_64-toolchain
             wget
 
       - name: Update Windows dependencies
+        if: false
         shell: msys2 {0}
         run: |
           # download working curl
@@ -1034,13 +1048,13 @@ jobs:
             git \
             mingw-w64-ucrt-x86_64-cmake \
             mingw-w64-ucrt-x86_64-cppwinrt \
+            mingw-w64-ucrt-x86_64-curl-winssl \
             mingw-w64-ucrt-x86_64-graphviz \
             mingw-w64-ucrt-x86_64-miniupnpc \
             mingw-w64-ucrt-x86_64-nlohmann-json \
             mingw-w64-ucrt-x86_64-nodejs \
             mingw-w64-ucrt-x86_64-nsis \
             mingw-w64-ucrt-x86_64-onevpl \
-            mingw-w64-ucrt-x86_64-openssl \
             mingw-w64-ucrt-x86_64-opus \
             mingw-w64-ucrt-x86_64-toolchain
 
diff --git a/docs/building.md b/docs/building.md
index 6d0e7c4751e..c01033b1ce3 100644
--- a/docs/building.md
+++ b/docs/building.md
@@ -87,13 +87,13 @@ dependencies=(
   "mingw-w64-ucrt-x86_64-cmake"
   "mingw-w64-ucrt-x86_64-cppwinrt"
   "mingw-w64-ucrt-x86_64-curl"
+  "mingw-w64-ucrt-x86_64-curl-winssl"
   "mingw-w64-ucrt-x86_64-graphviz"  # Optional, for docs
   "mingw-w64-ucrt-x86_64-miniupnpc"
   "mingw-w64-ucrt-x86_64-nlohmann-json"
   "mingw-w64-ucrt-x86_64-nodejs"
   "mingw-w64-ucrt-x86_64-nsis"
   "mingw-w64-ucrt-x86_64-onevpl"
-  "mingw-w64-ucrt-x86_64-openssl"
   "mingw-w64-ucrt-x86_64-opus"
   "mingw-w64-ucrt-x86_64-toolchain"
 )
diff --git a/src/httpcommon.cpp b/src/httpcommon.cpp
index 5be5d9ba97f..8b4d9e4a36c 100644
--- a/src/httpcommon.cpp
+++ b/src/httpcommon.cpp
@@ -196,7 +196,12 @@ namespace http {
   bool
   download_file(const std::string &url, const std::string &file) {
     CURL *curl = curl_easy_init();
-    if (!curl) {
+    if (curl) {
+      // sonar complains about weak ssl and tls versions
+      // ideally, the setopts should go after the early returns; however sonar cannot detect the fix
+      curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+    }
+    else {
       BOOST_LOG(error) << "Couldn't create CURL instance";
       return false;
     }
@@ -214,17 +219,19 @@ namespace http {
       curl_easy_cleanup(curl);
       return false;
     }
+
     curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
     curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, fwrite);
     curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp);
-    curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
 #ifdef _WIN32
     curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA);
 #endif
+
     CURLcode result = curl_easy_perform(curl);
     if (result != CURLE_OK) {
       BOOST_LOG(error) << "Couldn't download ["sv << url << ", code:" << result << ']';
     }
+
     curl_easy_cleanup(curl);
     fclose(fp);
     return result == CURLE_OK;