googleapis
diff --git a/‎bazel/curl.BUILD‎
Lines changed: 13 additions & 12 deletions b/‎bazel/curl.BUILD‎
Lines changed: 13 additions & 12 deletions
diff --git a/‎ci/kokoro/windows/builds/bazel.ps1‎
Lines changed: 136 additions & 17 deletions b/‎ci/kokoro/windows/builds/bazel.ps1‎
Lines changed: 136 additions & 17 deletions
@@ -145,6 +145,8 @@ CURL_WIN_COPTS = [
     "/DCURL_DISABLE_PROXY",
     "/DHAVE_LIBZ",
     "/DHAVE_ZLIB_H",
+    "/DUSE_OPENSSL",    # UPDATED: Enable OpenSSL interface
+    "/DHAVE_BORINGSSL", # UPDATED: Explicitly define BoringSSL
     # Defining _USING_V110_SDK71_ is hackery to defeat curl's incorrect
     # detection of what OS releases we can build on with VC 2012. This
     # may not be needed (or may have to change) if the WINVER setting
@@ -157,8 +159,7 @@ CURL_WIN_SRCS = [
     "lib/inet_ntop.c",
     "lib/system_win32.c",
     "lib/x509asn1.c",
-    "lib/vtls/schannel.c",
-    "lib/vtls/schannel_verify.c",
+    "lib/vtls/openssl.c", # UPDATED: Use OpenSSL/BoringSSL impl
     "lib/idn_win32.c",
 ]
 
@@ -455,12 +456,8 @@ cc_library(
         ":define-ca-bundle-location",
         "@com_github_cares_cares//:ares",
         "@zlib",
-    ] + select({
-        ":windows": [],
-        "//conditions:default": [
-            "@boringssl//:ssl",
-        ],
-    }),
+        "@boringssl//:ssl", # UPDATED: Always link BoringSSL (even on Windows)
+    ],
 )
 
 write_file(
@@ -484,7 +481,6 @@ write_file(
         "#  define BUILDING_LIBCURL 1",
         "#  define CURL_DISABLE_CRYPTO_AUTH 1",
         "#  define CURL_DISABLE_DICT 1",
-        "#  define CURL_DISABLE_FILE 1",
         "#  define CURL_DISABLE_GOPHER 1",
         "#  define CURL_DISABLE_IMAP 1",
         "#  define CURL_DISABLE_LDAP 1",
@@ -495,9 +491,15 @@ write_file(
         "#  define CURL_DISABLE_TELNET 1",
         "#  define CURL_DISABLE_TFTP 1",
         "#  define CURL_PULL_WS2TCPIP_H 1",
-        "#  define USE_WINDOWS_SSPI 1",
+        "#  define USE_OPENSSL 1",          // UPDATED: Added
+        "#  define HAVE_BORINGSSL 1",       // UPDATED: Added
+        "#  define HAVE_LIBSSL 1",          // UPDATED: Added
+        "#  define HAVE_OPENSSL_SSL_H 1",   // UPDATED: Added
+        "#  define HAVE_OPENSSL_CRYPTO_H 1",// UPDATED: Added
+        "#  define HAVE_OPENSSL_PEM_H 1",   // UPDATED: Added
+        "#  define HAVE_OPENSSL_X509_H 1",  // UPDATED: Added
+        "#  define HAVE_OPENSSL_ERR_H 1",   // UPDATED: Added
         "#  define USE_WIN32_IDN 1",
-        "#  define USE_SCHANNEL 1",
         "#  define WANT_IDN_PROTOTYPES 1",
         "#elif defined(__APPLE__)",
         "#  define HAVE_FSETXATTR_6 1",
@@ -543,7 +545,6 @@ write_file(
         "",
         "#if !defined(_WIN32)",
         "#  define CURL_DISABLE_DICT 1",
-        "#  define CURL_DISABLE_FILE 1",
         "#  define CURL_DISABLE_GOPHER 1",
         "#  define CURL_DISABLE_IMAP 1",
         "#  define CURL_DISABLE_LDAP 1",
 
@@ -6,7 +6,7 @@
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     https://www.apache.org/licenses/LICENSE-2.0
+#      https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
@@ -62,32 +62,151 @@ if ($LastExitCode) {
 . ci/kokoro/windows/lib/integration.ps1
 
 function Invoke-REST-Quickstart {
-    bazelisk $common_flags run $build_flags `
-      //google/cloud/storage/quickstart:quickstart -- `
-      "${env:GOOGLE_CLOUD_CPP_STORAGE_TEST_BUCKET_NAME}"
-    if ($LastExitCode) {
-        Write-Host -ForegroundColor Red "bazel run (storage/quickstart) failed with exit code ${LastExitCode}."
-        Exit ${LastExitCode}
+    param($bazel_bin)
+    try {
+        $executable = Join-Path $bazel_bin "google/cloud/storage/quickstart/quickstart.exe"
+        Write-Host "Running REST Quickstart, attempting to run: $executable"
+        if (-not (Test-Path $executable)) {
+          Write-Host -ForegroundColor Red "Executable not found at the specified path."
+          Exit 1
+        }
+        & $executable "${env:GOOGLE_CLOUD_CPP_STORAGE_TEST_BUCKET_NAME}"
+        if ($LastExitCode) {
+            Write-Host -ForegroundColor Red "Execution of (storage/quickstart) failed with exit code ${LastExitCode}."
+            Exit ${LastExitCode}
+        }
+    } catch {
+        Write-Host -ForegroundColor Red "Caught exception while trying to run storage/quickstart: $_"
+        Exit 1
     }
 }
 
 function Invoke-gRPC-Quickstart {
-    bazelisk $common_flags run $build_flags `
-      //google/cloud/pubsub/quickstart:quickstart -- `
-      "${env:GOOGLE_CLOUD_PROJECT}" "${env:GOOGLE_CLOUD_CPP_PUBSUB_TEST_QUICKSTART_TOPIC}"
-    if ($LastExitCode) {
-        Write-Host -ForegroundColor Red "bazel run (pubsub/quickstart) failed with exit code ${LastExitCode}."
-        Exit ${LastExitCode}
+    param($bazel_bin)
+    try {
+        $executable = Join-Path $bazel_bin "google/cloud/pubsub/quickstart/quickstart.exe"
+        Write-Host "Running gRPC Quickstart, attempting to run: $executable"
+        if (-not (Test-Path $executable)) {
+          Write-Host -ForegroundColor Red "Executable not found at the specified path."
+          Exit 1
+        }
+        & $executable "${env:GOOGLE_CLOUD_PROJECT}" "${env:GOOGLE_CLOUD_CPP_PUBSUB_TEST_QUICKSTART_TOPIC}"
+        if ($LastExitCode) {
+            Write-Host -ForegroundColor Red "Execution of (pubsub/quickstart) failed with exit code ${LastExitCode}."
+            Exit ${LastExitCode}
+        }
+    } catch {
+        Write-Host -ForegroundColor Red "Caught exception while trying to run pubsub/quickstart: $_"
+        Exit 1
     }
 }
 
 if (Test-Integration-Enabled) {
     Write-Host "`n$(Get-Date -Format o) Running minimal quickstart prorams"
+    
+    # 1. Install the certificates
     Install-Roots-Pem
-    ${env:GRPC_DEFAULT_SSL_ROOTS_FILE_PATH}="${env:KOKORO_GFILE_DIR}/roots.pem"
-    ${env:GOOGLE_APPLICATION_CREDENTIALS}="${env:KOKORO_GFILE_DIR}/kokoro-run-key.json"
-    Invoke-REST-Quickstart
-    Invoke-gRPC-Quickstart
+
+    # 2. Normalize paths to use Forward Slashes (/)
+    # This is critical for C++ binaries (BoringSSL/libcurl) to parse paths correctly on Windows.
+    $RawRootsPath = Join-Path $env:KOKORO_GFILE_DIR "roots.pem"
+    $RootsPath = $RawRootsPath -replace '\\', '/'
+    
+    $RawKeyPath = Join-Path $env:KOKORO_GFILE_DIR "kokoro-run-key.json"
+    $KeyPath = $RawKeyPath -replace '\\', '/'
+
+    # 3. Set ALL SSL Environment Variables
+    # OpenSSL/BoringSSL may look at SSL_CERT_FILE before CURL_CA_BUNDLE
+    # Use Forward Slashes ($RootsPath) for BoringSSL
+    $env:GRPC_DEFAULT_SSL_ROOTS_FILE_PATH = $RootsPath
+    $env:CURL_CA_BUNDLE = $RootsPath
+    $env:SSL_CERT_FILE = $RootsPath
+    $env:GOOGLE_APPLICATION_CREDENTIALS = $KeyPath
+    
+    # 4. Enable Deep Library Logging
+    $env:GOOGLE_CLOUD_CPP_ENABLE_TRACING="http"
+    $env:CURL_VERBOSE="1"
+
+    # --- DEBUG CHECKS ---
+    Write-Host -ForegroundColor Cyan "`n--- DEBUG: Environment & File Check ---"
+    Write-Host "Roots Path: $RootsPath"
+    
+    Write-Host "`n[Check 1] Environment Variables:"
+    Get-ChildItem Env: | Where-Object { $_.Name -match 'CURL_|GOOGLE_|GRPC_|SSL_' } | Format-Table -AutoSize | Out-Host
+    
+    Write-Host "`n[Check 2] File Verify:"
+    if (Test-Path $RootsPath) {
+        Write-Host -ForegroundColor Green "File exists."
+        Get-Item $RootsPath | Select-Object Length, LastWriteTime
+    } else {
+        Write-Host -ForegroundColor Red "CRITICAL: File not found at $RootsPath"
+    }
+    Write-Host "--- DEBUG END ---`n"
+
+    bazelisk $common_flags build $build_flags `
+        //google/cloud/storage/quickstart:quickstart `
+        //google/cloud/pubsub/quickstart:quickstart
+
+    $bazel_bin = (bazelisk $common_flags info $build_flags bazel-bin).Trim()
+    # Fix bazel-bin path for PowerShell invocation just in case
+    $bazel_bin = $bazel_bin.Replace('/', '\') 
+    Write-Host "bazel-bin directory: $bazel_bin"
+
+    # --- VERIFICATION EXPERIMENT START ---
+    Write-Host -ForegroundColor Cyan "`n--- EXPERIMENT: The 'Strip & Retry' Test ---"
+    
+    # Define paths
+    $DirtyFile = $RawRootsPath
+    $CleanFile = Join-Path $env:KOKORO_GFILE_DIR "roots_clean.pem"
+    $CleanFileForward = $CleanFile -replace '\\', '/'
+
+    # Check for the "Poison" (\r)
+    $text = [System.IO.File]::ReadAllText($DirtyFile)
+    if ($text.Contains("`r")) {
+        Write-Host -ForegroundColor Red "[CONFIRMED] 'roots.pem' contains Carriage Returns (\r)."
+        Write-Host "      Attempting to sanitize and run binary..."
+        
+        # Create the Antidote (Remove all \r)
+        $cleanText = $text.Replace("`r", "")
+        [System.IO.File]::WriteAllText($CleanFile, $cleanText)
+        Write-Host "Created sanitized file: $CleanFileForward"
+
+        # Run the Binary against the CLEAN file
+        Write-Host "`nRunning quickstart.exe using CLEAN file..."
+        
+        # Temporarily override the env var just for this test
+        $env:CURL_CA_BUNDLE = $CleanFileForward
+        $env:SSL_CERT_FILE = $CleanFileForward
+        $env:GRPC_DEFAULT_SSL_ROOTS_FILE_PATH = $CleanFileForward
+        
+        # Construct executable path
+        $QuickstartExe = Join-Path $bazel_bin "google/cloud/storage/quickstart/quickstart.exe"
+
+        try {
+           & $QuickstartExe "${env:GOOGLE_CLOUD_CPP_STORAGE_TEST_BUCKET_NAME}"
+           if ($LastExitCode -eq 0) {
+               Write-Host -ForegroundColor Green "`n[SUCCESS] The binary worked with the clean file!"
+               Write-Host -ForegroundColor Green "CONCLUSION: Carriage Returns were the root cause."
+           } else {
+               Write-Host -ForegroundColor Red "`n[FAILURE] The binary still failed ($LastExitCode) even with the clean file."
+               Write-Host -ForegroundColor Red "CONCLUSION: The issue is NOT carriage returns."
+           }
+        } catch {
+            Write-Host "Execution failed: $_"
+        }
+        
+        # Restore Env Vars for standard test flow
+        $env:CURL_CA_BUNDLE = $RootsPath
+        $env:SSL_CERT_FILE = $RootsPath
+        $env:GRPC_DEFAULT_SSL_ROOTS_FILE_PATH = $RootsPath
+    } else {
+        Write-Host -ForegroundColor Green "[INFO] 'roots.pem' is already clean (No \r). Experiment skipped."
+    }
+    Write-Host "------------------------------------------------"
+    # --- VERIFICATION EXPERIMENT END ---
+
+    Invoke-REST-Quickstart $bazel_bin
+    Invoke-gRPC-Quickstart $bazel_bin
 }
 
 # Shutdown the Bazel server to release any locks