From e20f2603771dc6631f25f624d89dd0636eae47ca Mon Sep 17 00:00:00 2001
From: ReenigneArcher <42013603+ReenigneArcher@users.noreply.github.com>
Date: Tue, 1 Oct 2024 20:02:14 -0400
Subject: [PATCH] build(deps): migrate from curl to curl-winssl on Windows
 (#3246)

---
 .codeql-prebuild-cpp-Windows.sh | 13 +++----------
 docs/building.md                |  2 +-
 src/httpcommon.cpp              | 14 +++++++++-----
 3 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/.codeql-prebuild-cpp-Windows.sh b/.codeql-prebuild-cpp-Windows.sh
index 0ada468e242..5b83812173b 100644
--- a/.codeql-prebuild-cpp-Windows.sh
+++ b/.codeql-prebuild-cpp-Windows.sh
@@ -2,18 +2,10 @@
 set -e
 
 # update pacman
-pacman --noconfirm -Suy
-
-# install wget
-pacman --noconfirm -S \
-  wget
-
-# download working curl
-wget https://repo.msys2.org/mingw/ucrt64/mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst
+pacman --noconfirm -Syu
 
 # install dependencies
-pacman -U --noconfirm mingw-w64-ucrt-x86_64-curl-8.8.0-1-any.pkg.tar.zst
-pacman -Syu --noconfirm --ignore=mingw-w64-ucrt-x86_64-curl \
+pacman -S --noconfirm \
   base-devel \
   diffutils \
   gcc \
@@ -22,6 +14,7 @@ pacman -Syu --noconfirm --ignore=mingw-w64-ucrt-x86_64-curl \
   mingw-w64-ucrt-x86_64-boost \
   mingw-w64-ucrt-x86_64-cmake \
   mingw-w64-ucrt-x86_64-cppwinrt \
+  mingw-w64-ucrt-x86_64-curl-winssl \
   mingw-w64-ucrt-x86_64-graphviz \
   mingw-w64-ucrt-x86_64-miniupnpc \
   mingw-w64-ucrt-x86_64-nlohmann-json \
diff --git a/docs/building.md b/docs/building.md
index 502b0a1cbbb..298c4872f67 100644
--- a/docs/building.md
+++ b/docs/building.md
@@ -86,7 +86,7 @@ dependencies=(
   "mingw-w64-ucrt-x86_64-boost"  # Optional
   "mingw-w64-ucrt-x86_64-cmake"
   "mingw-w64-ucrt-x86_64-cppwinrt"
-  "mingw-w64-ucrt-x86_64-curl"
+  "mingw-w64-ucrt-x86_64-curl-winssl"
   "mingw-w64-ucrt-x86_64-graphviz"  # Optional, for docs
   "mingw-w64-ucrt-x86_64-miniupnpc"
   "mingw-w64-ucrt-x86_64-nlohmann-json"
diff --git a/src/httpcommon.cpp b/src/httpcommon.cpp
index 5be5d9ba97f..419ca6dd142 100644
--- a/src/httpcommon.cpp
+++ b/src/httpcommon.cpp
@@ -196,7 +196,12 @@ namespace http {
   bool
   download_file(const std::string &url, const std::string &file) {
     CURL *curl = curl_easy_init();
-    if (!curl) {
+    if (curl) {
+      // sonar complains about weak ssl and tls versions
+      // ideally, the setopts should go after the early returns; however sonar cannot detect the fix
+      curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
+    }
+    else {
       BOOST_LOG(error) << "Couldn't create CURL instance";
       return false;
     }
@@ -214,17 +219,16 @@ namespace http {
       curl_easy_cleanup(curl);
       return false;
     }
+
     curl_easy_setopt(curl, CURLOPT_URL, url.c_str());
     curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, fwrite);
     curl_easy_setopt(curl, CURLOPT_WRITEDATA, fp);
-    curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
-#ifdef _WIN32
-    curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_NATIVE_CA);
-#endif
+
     CURLcode result = curl_easy_perform(curl);
     if (result != CURLE_OK) {
       BOOST_LOG(error) << "Couldn't download ["sv << url << ", code:" << result << ']';
     }
+
     curl_easy_cleanup(curl);
     fclose(fp);
     return result == CURLE_OK;