mingw32 curl (ffmpeg GPL3): configure does not detect compatible mbedtls

[LigH-de]

Compiling ffmpeg license2 = 2 = GPLv3 [disables OpenSSL and FDK-AAC], curl = 1 = Yes (same backend as FFmpeg's)

build/curl-git/build-32bit/ab-suite.configure.log tail:

checking whether to enable Windows native SSL/TLS... no
checking whether to enable Secure Transport... no
checking whether to enable Amiga native SSL/TLS (AmiSSL v5)... no
checking for mbedtls_havege_init in -lmbedtls... no
checking for mbedtls_ssl_init in -lmbedtls... no
configure: error: TLS not detected, you will not be able to use HTTPS, FTPS, NTLM and more.
Use --with-openssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-schannel, --with-secure-transport, --with-amissl, --with-bearssl or --with-rustls to address this.

build/curl-git/build-32bit/config.log excerpts:

configure:28213: checking for mbedtls_havege_init in -lmbedtls
configure:28236: ccache gcc -o conftest.exe -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mtune=generic -O2 -pipe -D__USE_MINGW_ANSI_STDIO=1 -mthreads -Werror-implicit-function-declaration -Wno-system-headers -DGNUTLS_INTERNAL_BUILD -DNGHTTP2_STATICLIB -DPSL_STATIC -IG:/MABS/msys64/mingw32/include -IG:/MABS/msys64/mingw32/include  -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mtune=generic -O2 -pipe -D__USE_MINGW_ANSI_STDIO=1 -static-libgcc -static-libstdc++ -LG:/MABS/msys64/mingw32/lib -LG:/MABS/msys64/mingw32/lib  conftest.c -lmbedtls -lmbedx509 -lmbedcrypto -lwldap32 -lzstd  -lbrotlidec -lbrotlidec -lbrotlicommon -lz -lws2_32  >&5
G:/MABS/msys64/mingw32/bin/../lib/gcc/i686-w64-mingw32/13.2.0/../../../../i686-w64-mingw32/bin/ld.exe: cannot find -lmbedtls: No such file or directory
G:/MABS/msys64/mingw32/bin/../lib/gcc/i686-w64-mingw32/13.2.0/../../../../i686-w64-mingw32/bin/ld.exe: cannot find -lmbedx509: No such file or directory
G:/MABS/msys64/mingw32/bin/../lib/gcc/i686-w64-mingw32/13.2.0/../../../../i686-w64-mingw32/bin/ld.exe: cannot find -lmbedcrypto: No such file or directory
collect2.exe: error: ld returned 1 exit status

configure:28282: checking for mbedtls_ssl_init in -lmbedtls
configure:28305: ccache gcc -o conftest.exe -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mtune=generic -O2 -pipe -D__USE_MINGW_ANSI_STDIO=1 -mthreads -Werror-implicit-function-declaration -Wno-system-headers -DGNUTLS_INTERNAL_BUILD -DNGHTTP2_STATICLIB -DPSL_STATIC -IG:/MABS/msys64/mingw32/include -IG:/MABS/msys64/mingw32/include  -I/include -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mtune=generic -O2 -pipe -D__USE_MINGW_ANSI_STDIO=1 -static-libgcc -static-libstdc++ -LG:/MABS/msys64/mingw32/lib -LG:/MABS/msys64/mingw32/lib  -L/lib conftest.c -lmbedtls -lmbedx509 -lmbedcrypto -lwldap32 -lzstd  -lbrotlidec -lbrotlidec -lbrotlicommon -lz -lws2_32  >&5
G:/MABS/msys64/mingw32/bin/../lib/gcc/i686-w64-mingw32/13.2.0/../../../../i686-w64-mingw32/bin/ld.exe: cannot find -lmbedtls: No such file or directory
G:/MABS/msys64/mingw32/bin/../lib/gcc/i686-w64-mingw32/13.2.0/../../../../i686-w64-mingw32/bin/ld.exe: cannot find -lmbedx509: No such file or directory
G:/MABS/msys64/mingw32/bin/../lib/gcc/i686-w64-mingw32/13.2.0/../../../../i686-w64-mingw32/bin/ld.exe: cannot find -lmbedcrypto: No such file or directory
collect2.exe: error: ld returned 1 exit status

As a workaround, I may use a different backend for curl explicitly. I guess SChannel is recommendable for Windows use?

[LigH-de]

Well, ffmpeg doesn't find mbedtls either.

build/ffmpeg-git/build-static-32bit/ab-suite.configure.log

CPPFLAGS: 
CFLAGS: -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mtune=generic -O2 -pipe -D__USE_MINGW_ANSI_STDIO=1 -mthreads
CXXFLAGS: -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mtune=generic -O2 -pipe -D__USE_MINGW_ANSI_STDIO=1
LDFLAGS: -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mtune=generic -O2 -pipe -D__USE_MINGW_ANSI_STDIO=1 -static-libgcc -static-libstdc++ -L/local32/lib -L/mingw32/lib
../configure --prefix=/local32 --bindir=/local32/bin-video --pkg-config=pkgconf --pkg-config-flags=--keep-system-libs --keep-system-cflags --static --cc=ccache gcc --cxx=ccache g++ --ld=ccache g++ --extra-cxxflags=-fpermissive --extra-cflags=-Wno-int-conversion --disable-autodetect --disable-doc --enable-amf --enable-bzlib --enable-cuda --enable-cuvid --enable-d3d11va --enable-dxva2 --enable-iconv --enable-lzma --enable-nvenc --enable-zlib --enable-sdl2 --enable-ffnvcodec --enable-nvdec --enable-cuda-llvm --enable-libmp3lame --enable-libopus --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-libdav1d --enable-libaom --disable-debug --enable-fontconfig --enable-libass --enable-libbluray --enable-libfreetype --enable-libmfx --enable-libmysofa --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-libsnappy --enable-libsoxr --enable-libspeex --enable-libtheora --enable-libtwolame --enable-libvidstab --enable-libvo-amrwbenc --enable-libwebp --enable-libxml2 --enable-libzimg --enable-libshine --enable-gpl --enable-avisynth --enable-libxvid --enable-libopenmpt --enable-version3 --enable-librav1e --enable-libsrt --enable-libgsm --enable-libvmaf --enable-chromaprint --enable-frei0r --enable-libaribb24 --enable-libbs2b --enable-libcaca --enable-libcdio --enable-libflite --enable-libfribidi --enable-libgme --enable-libilbc --enable-libkvazaar --enable-libmodplug --enable-librtmp --enable-librubberband --enable-libtesseract --enable-libxavs --enable-libzmq --enable-libzvbi --enable-openal --enable-libcodec2 --enable-ladspa --enable-liblensfun --enable-libglslang --enable-vulkan --enable-libuavs3d --enable-libplacebo --enable-libjxl --enable-opencl --enable-opengl --enable-libopenh264 --enable-mbedtls --extra-cflags=-DLIBTWOLAME_STATIC --extra-libs=-lstdc++ --extra-cflags=-DCACA_STATIC --extra-cflags=-DMODPLUG_STATIC --extra-cflags=-DCHROMAPRINT_NODLL --extra-libs=-lstdc++ --extra-cflags=-DZMQ_STATIC --extra-libs=-lpsapi --extra-cflags=-DLIBXML_STATIC --extra-libs=-liconv --disable-w32threads --extra-cflags=-DKVZ_STATIC_LIB --extra-cflags=-DAL_LIBTYPE_STATIC --extra-cflags=-IG:/MABS/local32/include --extra-cflags=-IG:/MABS/local32/include/AL --extra-version=g81b3a82fae+1
ERROR: mbedTLS not found

build/ffmpeg-git/build-static-32bit/ffbuild/config.log tail

check_pkg_config mbedtls mbedtls mbedtls/x509_crt.h mbedtls_x509_crt_init
test_pkg_config mbedtls mbedtls mbedtls/x509_crt.h mbedtls_x509_crt_init
pkgconf --exists --print-errors mbedtls
Package mbedtls was not found in the pkg-config search path.
Perhaps you should add the directory containing `mbedtls.pc'
to the PKG_CONFIG_PATH environment variable
Package 'mbedtls' not found
check_pkg_config mbedtls mbedtls mbedtls/ssl.h mbedtls_ssl_init
test_pkg_config mbedtls mbedtls mbedtls/ssl.h mbedtls_ssl_init
pkgconf --exists --print-errors mbedtls
Package mbedtls was not found in the pkg-config search path.
Perhaps you should add the directory containing `mbedtls.pc'
to the PKG_CONFIG_PATH environment variable
Package 'mbedtls' not found
check_lib mbedtls mbedtls/ssl.h mbedtls_ssl_init -lmbedtls -lmbedx509 -lmbedcrypto
check_func_headers mbedtls/ssl.h mbedtls_ssl_init -lmbedtls -lmbedx509 -lmbedcrypto
test_ld cc -lmbedtls -lmbedx509 -lmbedcrypto
test_cc
BEGIN /tmp/ffconf.J3rbpjlo/test.c
    1	#include <mbedtls/ssl.h>
    2	#include <stdint.h>
    3	long check_mbedtls_ssl_init(void) { return (long) mbedtls_ssl_init; }
    4	int main(void) { int ret = 0;
    5	 ret |= ((intptr_t)check_mbedtls_ssl_init) & 0xFFFF;
    6	return ret; }
END /tmp/ffconf.J3rbpjlo/test.c
ccache gcc -D_ISOC11_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -DWIN32_LEAN_AND_MEAN -U__STRICT_ANSI__ -D__USE_MINGW_ANSI_STDIO=1 -D__printf__=__gnu_printf__ -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_FORTIFY_SOURCE=2 -fstack-protector-strong -mtune=generic -O2 -pipe -D__USE_MINGW_ANSI_STDIO=1 -mthreads -Wno-int-conversion -DLIBTWOLAME_STATIC -DCACA_STATIC -DMODPLUG_STATIC -DCHROMAPRINT_NODLL -DZMQ_STATIC -DLIBXML_STATIC -DKVZ_STATIC_LIB -DAL_LIBTYPE_STATIC -IG:/MABS/local32/include -IG:/MABS/local32/include/AL -std=c17 -fomit-frame-pointer -IG:/MABS/local32/include -pthread -IG:/MABS/msys64/mingw32/include -I/mingw32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include/libpng16 -IG:/MABS/msys64/mingw32/include -IG:/MABS/local32/include -IG:/MABS/msys64/mingw32/include -IG:/MABS/local32/include/harfbuzz -IG:/MABS/local32/include/fribidi -DFRIBIDI_LIB_STATIC -IG:/MABS/local32/include/freetype2 -DXML_STATIC -IG:/MABS/local32/include -IG:/MABS/local32/include/libxml2 -DLIBXML_STATIC -IG:/MABS/local32/include/bs2b -IG:/MABS/msys64/mingw32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include/freetype2 -IG:/MABS/msys64/mingw32/include -DXML_STATIC -IG:/MABS/local32/include/freetype2 -IG:/MABS/local32/include/fribidi -DFRIBIDI_LIB_STATIC -IG:/MABS/local32/include -IG:/MABS/local32/include -DHWY_STATIC_DEFINE -IG:/MABS/msys64/mingw32/include -DJXL_STATIC_DEFINE -DJXL_CMS_STATIC_DEFINE -IG:/MABS/local32/include -DJXL_THREADS_STATIC_DEFINE -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include/lensfun -IG:/MABS/msys64/mingw32/include/glib-2.0 -IG:/MABS/msys64/mingw32/lib/glib-2.0/include -IG:/MABS/msys64/mingw32/include -IG:/MABS/local32/include -IG:/MABS/local32/include/mfx -IG:/MABS/msys64/mingw32/include -IG:/MABS/local32/include -IG:/MABS/msys64/mingw32/include -IG:/MABS/msys64/mingw32/include/openjpeg-2.5 -DOPJ_STATIC -IG:/MABS/local32/include -IG:/MABS/local32/include/opus -IG:/MABS/local32/include/opus -IG:/MABS/local32/include -DPL_STATIC -IG:/MABS/local32/include/spirv_cross -IG:/MABS/msys64/mingw32/include -IG:/MABS/local32/include/rav1e -IG:/MABS/local32/include -IG:/MABS/msys64/mingw32/include -IG:/MABS/local32/include/rubberband -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include/srt -IG:/MABS/msys64/mingw32/include -IG:/MABS/local32/include -IG:/MABS/local32/include/leptonica -IG:/MABS/msys64/mingw32/include -DLIBDEFLATE_DLL -DLIBARCHIVE_STATIC -ULIBDEFLATE_DLL -DLZMA_API_STATIC -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include/libvmaf -pthread -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include/webp -IG:/MABS/local32/include -IG:/MABS/local32/include/webp -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/local32/include -IG:/MABS/msys64/mingw32/include -IG:/MABS/local32/include -IG:/MABS/local32/include/libxml2 -DLIBXML_STATIC -c -o /tmp/ffconf.J3rbpjlo/test.o /tmp/ffconf.J3rbpjlo/test.c
G:/MABS/msys64/tmp/ffconf.J3rbpjlo/test.c:1:10: fatal error: mbedtls/ssl.h: No such file or directory
    1 | #include <mbedtls/ssl.h>
      |          ^~~~~~~~~~~~~~~
compilation terminated.
ERROR: mbedTLS not found

Is there a good reason why to prefer mbedTLS over SChannel in Zeranoe and full builds?

[Biswa96]

Duplicate of #2593

[LigH-de]

Well, the strange thing is: Compilation worked flawlessly this morning before I switched from INI based ffmpeg to full-in-GPL3 ffmpeg. So I guess I did not notice this issue because my ffmpeg_options.txt has another TLS backend enabled...

[Biswa96]

It fails because there is no 32 bit mbedtls package in msys2 https://packages.msys2.org/base/mingw-w64-mbedtls

[LigH-de]

In this case it may be better to change the default option of enable-mbedtls in Zeranoe(+) ffmpeg builds to another library. How about openssl, libtls, gnutls or just only schannel instead?

[LigH-de]

I changed mbedtls to libtls ih the media-autobuild_suite.bat line 123 (zeranoe option set). The result was curl and ffmpeg using gnutls.

[hydra3333]

I have used gnutls for ages. Do you have a preference, and if so then what would lead to that preference ?
Thanks

[LigH-de]

Same question. I'd like to know a ranking between all the available SSL/TLS backends. There is a chart by curl which suggests that mbedtls was once preferred for being small, despite not supporting TLS 1.3 well.

I guess if I remove any explicit SSL/TLS library from the list of linked libraries in the Zeranoe preset, that should leave SChannel as native default for Windows builds, as it is included in the "builtin" preset.

[hydra3333]

I recall that a couple of years ago a problem building ffmpeg with SChannel which is why I commented it out back then and left it that way.
Perhaps it was me (although it had worked OK previously), perhaps it was transitory who knows, so I have no good reason other than that to avoid it :)

Thanks for that link to the table !
GNUTLS seems to do a couple more things than schannel eg "Integrates with system token database" and has TLS SRP, whatever those mean :) But I can only read the words not know well the consequences.
Some people may think otherwise, microsoft as the vendor for schannel "could" be a positive depending on how one chooses to look at it.

[1480c1]

I'm wondering if perhaps we should just disable all but one or two ssl options and only re-add them as requested so we can reduce the number of differing configurations.

[hydra3333]

Cool !
Wondering if you would perhaps entertain leave gnutls in (even if commented out) although that may be a bit of an ask as it seems to be mentioned 31 times in media-suite_compile.sh.

[1480c1]

Probably I will remove openssl and mbedtls for now, and leave gnutls and libressl and schannel, any more opinions before I go that route?

[Andarwinux]

What's wrong with OpenSSL? It is fully compatible with the GPL.