[openvpn3] Update, adapt upstream build, cleanup, test

ports/openvpn3/dependencies.diff

@@ -0,0 +1,55 @@
+diff --git a/cmake/findcoredeps.cmake b/cmake/findcoredeps.cmake
+index b7d00d4..b13eed1 100644
+--- a/cmake/findcoredeps.cmake
++++ b/cmake/findcoredeps.cmake
+@@ -30,7 +30,7 @@ endif ()
+ function(add_ssl_library target)
+     if (${USE_MBEDTLS})
+         find_package(mbedTLS REQUIRED)
+-        set(SSL_LIBRARY mbedTLS::mbedTLS)
++        set(SSL_LIBRARY "${MBEDTLS_LIBRARIES}")
+         target_compile_definitions(${target} PRIVATE -DUSE_MBEDTLS)
+     else ()
+         find_package(OpenSSL REQUIRED)
+@@ -38,7 +38,7 @@ function(add_ssl_library target)
+         target_compile_definitions(${target} PRIVATE -DUSE_OPENSSL)
+     endif ()
+
+-    target_link_libraries(${target} ${SSL_LIBRARY})
++    target_link_libraries(${target} PUBLIC ${SSL_LIBRARY})
+ endfunction()
+
+
+@@ -93,10 +93,10 @@ function(add_core_dependencies target)
+     # a patched version. So we want to prefer its include
+     # directories.
+     find_package(asio REQUIRED)
+-    target_link_libraries(${target} asio::asio)
++    target_link_libraries(${target} PUBLIC asio::asio)
+
+     find_package(lz4 REQUIRED)
+-    target_link_libraries(${target} lz4::lz4)
++    target_link_libraries(${target} PUBLIC lz4::lz4)
+
+     add_ssl_library(${target})
+
+@@ -105,14 +105,16 @@ function(add_core_dependencies target)
+         find_library(iokit IOKit)
+         find_library(coreServices CoreServices)
+         find_library(systemConfiguration SystemConfiguration)
+-        target_link_libraries(${target} ${coreFoundation} ${iokit} ${coreServices} ${systemConfiguration} ${lz4})
++        target_link_libraries(${target} PUBLIC ${coreFoundation} ${iokit} ${coreServices} ${systemConfiguration} ${lz4})
+     endif()
+
+     if(UNIX)
+-        target_link_libraries(${target} pthread)
++        set(THREADS_PREFER_PTHREAD_FLAG 1)
++        find_package(Threads REQUIRED)
++        target_link_libraries(${target} PUBLIC Threads::Threads)
+     endif()
+
+-    target_link_libraries(${target} ${EXTRA_LIBS})
++    target_link_libraries(${target} PUBLIC ${EXTRA_LIBS})
+
+     if (USE_WERROR)
+         if (MSVC)

ports/openvpn3/mbedtls-compat.diff

@@ -0,0 +1,50 @@
+diff --git a/openvpn/mbedtls/mbedtls_compat.hpp b/openvpn/mbedtls/mbedtls_compat.hpp
+index 19e6f25..9db4e01 100644
+--- a/openvpn/mbedtls/mbedtls_compat.hpp
++++ b/openvpn/mbedtls/mbedtls_compat.hpp
+@@ -27,11 +27,11 @@
+ #include <mbedtls/version.h>
+ #include <mbedtls/pem.h>
+
+-#if not defined(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION)
++#if !defined(MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION)
+ #define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
+ #endif
+
+-#if not defined(MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE)
++#if !defined(MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE)
+ #define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
+ #endif
+
+diff --git a/openvpn/mbedtls/ssl/sslctx.hpp b/openvpn/mbedtls/ssl/sslctx.hpp
+index f6c3d28..83763e4 100644
+--- a/openvpn/mbedtls/ssl/sslctx.hpp
++++ b/openvpn/mbedtls/ssl/sslctx.hpp
+@@ -1589,10 +1589,13 @@ class MbedTLSContext : public SSLFactoryAPI
+                     digest_prefix_len = sizeof(PKCS1::DigestPrefix::SHA512);
+                     break;
+                 default:
++# if MBEDTLS_VERSION_NUMBER < 0x03000000
++#  define MAYBE_LOG_MODE << "mode=" << mode
++# else
++#  define MAYBE_LOG_MODE
++# endif
+                     OVPN_LOG_INFO("MbedTLSContext::epki_sign unrecognized hash_id"
+-#if MBEDTLS_VERSION_NUMBER < 0x03000000
+-                                  << "mode=" << mode
+-#endif
++                                  MAYBE_LOG_MODE
+                                   << " md_alg=" << md_alg << " hashlen=" << hashlen);
+                     return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+                 }
+@@ -1627,9 +1630,7 @@ class MbedTLSContext : public SSLFactoryAPI
+             else
+             {
+                 OVPN_LOG_INFO("MbedTLSContext::epki_sign unrecognized parameters"
+-#if MBEDTLS_VERSION_NUMBER < 0x03000000
+-                              << "mode=" << mode
+-#endif
++                              MAYBE_LOG_MODE
+                               << " md_alg=" << md_alg << " hashlen=" << hashlen);
+                 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+             }

ports/openvpn3/only-library.diff

@@ -0,0 +1,52 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 6cf519d..d07321c 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -32,11 +32,13 @@ include(ovpn-doxygen)
+
+ add_subdirectory(client)
+ add_subdirectory(test/unittests)
++if(BUILD_TOOLS)
+ add_subdirectory(test/ovpncli)
+
+ add_subdirectory(openvpn/omi)
+ add_subdirectory(openvpn/ovpnagent/win)
+ add_subdirectory(openvpn/ovpnagent/mac)
++endif()
+
+ if (ENABLE_DOXYGEN)
+     # Exclude some project specific directories
+diff --git a/client/CMakeLists.txt b/client/CMakeLists.txt
+index e1ecf8f..5afe6ec 100644
+--- a/client/CMakeLists.txt
++++ b/client/CMakeLists.txt
+@@ -1,5 +1,29 @@
+ include(findcoredeps)
+ include(findswigdeps)
++add_library(ovpnclilib ovpncli.cpp)
++add_core_dependencies(ovpnclilib)
++target_compile_features(ovpnclilib PUBLIC cxx_std_17)
++target_include_directories(ovpnclilib PRIVATE "${CMAKE_CURRENT_SOURCE_DIR}" PUBLIC "$<INSTALL_INTERFACE:include>")
++set_target_properties(ovpnclilib PROPERTIES
++    OUTPUT_NAME ovpncli
++    EXPORT_NAME ovpncli
++)
++install(TARGETS ovpnclilib EXPORT unofficial-openvpn3-targets)
++install(EXPORT unofficial-openvpn3-targets
++    NAMESPACE unofficial::openvpn3::
++    DESTINATION share/unofficial-openvpn3
++)
++file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/unofficial-openvpn3-config.cmake" "\
++include(CMakeFindDependencyMacro)
++find_dependency(asio CONFIG)
++find_dependency(lz4 CONFIG)
++if(UNIX)
++  set(THREADS_PREFER_PTHREAD_FLAG 1)
++  find_dependency(Threads)
++endif()
++include(\"\${CMAKE_CURRENT_LIST_DIR}/unofficial-openvpn3-targets.cmake\")
++")
++install(FILES "${CMAKE_CURRENT_BINARY_DIR}/unofficial-openvpn3-config.cmake" DESTINATION share/unofficial-openvpn3)
+
+ if (BUILD_SWIG_LIB)
+     set_property(SOURCE ovpncli.i PROPERTY CPLUSPLUS ON)

ports/openvpn3/portfile.cmake

@@ -1,23 +1,35 @@
-set(VCPKG_LIBRARY_LINKAGE static)
+if(VCPKG_TARGET_IS_WINDOWS)
+    vcpkg_check_linkage(ONLY_STATIC_LIBRARY)
+endif()
 
 vcpkg_from_github(
     OUT_SOURCE_PATH SOURCE_PATH
     REPO OpenVPN/openvpn3
-    REF release/3.7
-    SHA512 de95bd2b1a01179aa81e1612be175540c2486b856f66880372d09966655bbbadd71d874ed49b032566dde2896207bc76298c5cfcf73e86272c04d5aaa977d660
+    REF "release/${VERSION}"
+    SHA512 f096644078c10022685c1a8f7e0afddf352b4a5c229a772d24adbc6ec3f44e27501beabd28c4da1b6b182ae9d220b80865757693d52d085817d42f2322b71213
     HEAD_REF master
+    PATCHES
+        dependencies.diff
+        mbedtls-compat.diff
+        only-library.diff
 )
-
-file(COPY "${CMAKE_CURRENT_LIST_DIR}/CMakeLists.txt" DESTINATION "${SOURCE_PATH}")
+file(REMOVE_RECURSE "${SOURCE_PATH}/deps")
 
 vcpkg_cmake_configure(
     SOURCE_PATH "${SOURCE_PATH}"
+    OPTIONS
+        -DBUILD_SWIG_LIB=OFF
+        -DBUILD_TESTING=OFF
+        -DCMAKE_DISABLE_FIND_PACKAGE_Python3=ON
+        -DCMAKE_DISABLE_FIND_PACKAGE_SWIG=ON
+        -DCMAKE_FIND_PACKAGE_PREFER_CONFIG=ON
+        -DUSE_MBEDTLS=1   # vcpkg legacy choice
 )
 
 vcpkg_cmake_install()
 
-file(COPY "${SOURCE_PATH}/openvpn" DESTINATION "${CURRENT_PACKAGES_DIR}/include")
 file(COPY "${SOURCE_PATH}/client/ovpncli.hpp" DESTINATION "${CURRENT_PACKAGES_DIR}/include/openvpn")
+file(COPY "${SOURCE_PATH}/openvpn" DESTINATION "${CURRENT_PACKAGES_DIR}/include")
 
 file(GLOB_RECURSE HEADERS "${CURRENT_PACKAGES_DIR}/include/openvpn/*")
 foreach(HEADER IN LISTS HEADERS)
@@ -29,9 +41,9 @@ foreach(HEADER IN LISTS HEADERS)
     file(WRITE "${HEADER}" "${_contents}")
 endforeach()
 
-vcpkg_cmake_config_fixup(PACKAGE_NAME unofficial-openvpn CONFIG_PATH share/unofficial-openvpn)
+vcpkg_cmake_config_fixup(PACKAGE_NAME unofficial-openvpn3)
+# Transitional
+file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/unofficial-openvpnConfig.cmake" DESTINATION "${CURRENT_PACKAGES_DIR}/share/unofficial-openvpn")
 
 file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/share")
-file(INSTALL
-    "${SOURCE_PATH}/COPYRIGHT.AGPLV3"
-    DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)
+vcpkg_install_copyright(FILE_LIST "${SOURCE_PATH}/LICENSE.rst" "${SOURCE_PATH}/COPYRIGHT.AGPLV3")

ports/openvpn3/unofficial-openvpnConfig.cmake

@@ -0,0 +1,4 @@
+file(READ "${CMAKE_CURRENT_LIST_DIR}/usage" usage)
+message(WARNING "find_package(${CMAKE_FIND_PACKAGE_NAME}) is deprecated. Use find_package(unofficial-openvpn3) instead.")
+include(CMakeFindDependencyMacro)
+find_dependency(unofficial-openvpn3 CONFIG)

ports/openvpn3/vcpkg.json

@@ -1,13 +1,13 @@
 {
   "name": "openvpn3",
-  "version": "3.7.0",
-  "port-version": 2,
+  "version": "3.10",
   "description": "a C++ class library that implements the functionality of an OpenVPN client, and is protocol-compatible with the OpenVPN 2.x branch.",
   "homepage": "https://openvpn.net",
-  "license": "AGPL-3.0",
-  "supports": "!xbox",
+  "license": "AGPL-3.0-only",
+  "supports": "!uwp & !xbox",
   "dependencies": [
     "asio",
+    "lz4",
     "mbedtls",
     {
       "name": "tap-windows6",

scripts/ci.baseline.txt

@@ -883,8 +883,6 @@ openscap:arm64-osx=fail
 openscap:x64-windows-static=fail
 opensubdiv:x64-android=fail
 openturns:arm64-windows=fail
-openvpn3:x64-osx=fail
-openvpn3:arm64-osx=fail
 openvr:x64-windows-static=fail
 # Conflicts with optional-lite, by the same author
 optional-bare:arm-neon-android=skip

scripts/test_ports/vcpkg-ci-openvpn3/portfile.cmake

@@ -0,0 +1,4 @@
+set(VCPKG_POLICY_EMPTY_PACKAGE enabled)
+
+vcpkg_cmake_configure(SOURCE_PATH "${CURRENT_PORT_DIR}/project")
+vcpkg_cmake_build()

scripts/test_ports/vcpkg-ci-openvpn3/project/CMakeLists.txt

@@ -0,0 +1,7 @@
+cmake_minimum_required(VERSION 3.7)
+project(openvpn3-test CXX)
+
+add_executable(main main.cpp)
+
+find_package(unofficial-openvpn3 CONFIG REQUIRED)
+target_link_libraries(main PRIVATE unofficial::openvpn3::ovpncli)

scripts/test_ports/vcpkg-ci-openvpn3/project/main.cpp

@@ -0,0 +1,21 @@
+#include <openvpn/ovpncli.hpp>
+
+using namespace openvpn::ClientAPI;
+
+// Cf. https://github.com/OpenVPN/openvpn3/blob/master/README.rst#openvpn-3-client-core
+class Client : public OpenVPNClient
+{
+public:
+    void acc_event(const AppCustomControlMessageEvent &) override {}
+    void event(const Event&) override {}
+    void external_pki_cert_request(ExternalPKICertRequest &) override {}
+    void external_pki_sign_request(ExternalPKISignRequest &) override {}
+    void log(const LogInfo&) override {}
+    bool pause_on_connection_timeout() override { return false; }
+};
+
+int main()
+{
+    Client c;
+    return OpenVPNClient::stats_n();
+}

scripts/test_ports/vcpkg-ci-openvpn3/vcpkg.json

@@ -0,0 +1,12 @@
+{
+  "name": "vcpkg-ci-openvpn3",
+  "version-string": "ci",
+  "description": "Validates openvpn3",
+  "dependencies": [
+    "openvpn3",
+    {
+      "name": "vcpkg-cmake",
+      "host": true
+    }
+  ]
+}

versions/baseline.json

@@ -6677,8 +6677,8 @@
       "port-version": 0
     },
     "openvpn3": {
-      "baseline": "3.7.0",
-      "port-version": 2
+      "baseline": "3.10",
+      "port-version": 0
     },
     "openvr": {
       "baseline": "2.5.1",

versions/o-/openvpn3.json

@@ -1,5 +1,10 @@
 {
   "versions": [
+    {
+      "git-tree": "f24948a1abcd067f9d1063088f83afa5e2b4270f",
+      "version": "3.10",
+      "port-version": 0
+    },
     {
       "git-tree": "97a26dd437bb027004b075333db96473652ca1fd",
       "version": "3.7.0",