common: fix HTTPS handshake on Windows, harden HTTP client

[ServeurpersoCom]

Overview

The -hf downloader hung or failed on Windows builds using from-source LibreSSL. Root cause: MSVC at /O2 miscompiles LibreSSL's bignum on Windows x64, producing non deterministic RSA verification during the TLS handshake (ssl_err 0x4FFF086, alternating first/last octet invalid). Verified clean on Linux with the same sources. BoringSSL under MSVC was not affected.

Fix this:

PS C:\A> llama serve -hf unsloth/gemma-4-E4B-it-GGUF:BF16 -lv 4
�[34m0.00.070.785�[0m �[32mI �[0mcommon_params_handle_remote_preset: looking for remote preset at https://huggingface.co/unsloth/gemma-4-E4B-it-GGUF/resolve/main/preset.ini
PS C:\A> ^C
(infinite wait)

Add a timeout and surface the log:

PS D:\A\git\llama.cpp\build\bin\Release> .\llama-server.exe -hf unsloth/gemma-4-E4B-it-GGUF:BF16 -lv 4
�[34m0.00.020.437�[0m �[32mI �[0mcommon_params_handle_remote_preset: looking for remote preset at https://huggingface.co/unsloth/gemma-4-E4B-it-GGUF/resolve/main/preset.ini
�[34m0.00.058.244�[0m �[32mI �[0mcommon_download_file_single_online: HEAD failed, status: -1
�[34m0.00.058.251�[0m �[32mI �[0mcommon_params_handle_remote_preset: no remote preset found, skipping
�[34m0.00.064.753�[0m �[31mE get_repo_commit: error: HTTPLIB failed: SSL connection failed [ssl_err:4 backend:0x4fff086 reason:error:04FFF086:rsa routines:CRYPTO_internal:last octet invalid]
�[0m�[34m0.00.064.757�[0m �[35mW get_repo_files: failed to resolve commit for unsloth/gemma-4-E4B-it-GGUF
�[0mfailed to download model from Hugging Face

Then finally, correct the root cause:

PS D:\A\git\llama.cpp\build\bin\Release> .\llama-server.exe -hf unsloth/gemma-4-E4B-it-GGUF:Q8_K_XL -lv 4
�[34m0.00.020.530�[0m �[32mI �[0mcommon_params_handle_remote_preset: looking for remote preset at https://huggingface.co/unsloth/gemma-4-E4B-it-GGUF/resolve/main/preset.ini
�[34m0.00.168.244�[0m �[32mI �[0mcommon_download_file_single_online: HEAD failed, status: 404
�[34m0.00.168.506�[0m �[32mI �[0mcommon_params_handle_remote_preset: no remote preset found, skipping

Downloading gemma-4-E4B-it-UD-Q8_K_XL.gguf ─────────                  36%�[K�[1B

Requirements

• I have read and agree with the contributing guidelines
• AI usage disclosure: YES

[ServeurpersoCom]

I'm also checking the other codepath, the build with Wine from llama-install.sh, in any case this PR is atomic and fixes 3 HTTP client problems (timeout + verbosity + MSVC RSA build)

[angt]

Im trying with llama-install.sh, but it didn't work so far:

cmake -DFILTER=aarch64-windows-cpu-kk -P build.cmake

but still stuck:

PS Z:\> .\llama.exe serve -hf unsloth/gemma-4-E4B-it-GGUF:BF16 -lv 4
0.00.006.703 I common_params_handle_remote_preset: looking for remote preset at https://huggingface.co/unsloth/gemma-4-E4B-it-GGUF/resolve/main/preset.ini

[ServeurpersoCom]

Im trying with llama-install.sh, but it didn't work so far:

cmake -DFILTER=aarch64-windows-cpu-kk -P build.cmake

but still stuck:

PS Z:\> .\llama.exe serve -hf unsloth/gemma-4-E4B-it-GGUF:BF16 -lv 4
0.00.006.703 I common_params_handle_remote_preset: looking for remote preset at https://huggingface.co/unsloth/gemma-4-E4B-it-GGUF/resolve/main/preset.ini

Did you try it with this PR merged and the freeze remains silent?

[angt]

Did you try it with this PR merged and the freeze remains silent?

Im double checking everything rn (windows testing requires many steps haha), but i have the good commit:

$ git ll
05f4bb79c (HEAD -> master, pascal/fix/https-handshake-msvc) common: fix HTTPS handshake on Windows, harden HTTP client
617255d43 (pascal/master, pascal/HEAD) vendor : update cpp-httplib to 0.46.0 (#23650)

[ServeurpersoCom]

Did you try it with this PR merged and the freeze remains silent?

Im double checking everything rn (windows testing requires many steps haha), but i have the good commit:

$ git ll
05f4bb79c (HEAD -> master, pascal/fix/https-handshake-msvc) common: fix HTTPS handshake on Windows, harden HTTP client
617255d43 (pascal/master, pascal/HEAD) vendor : update cpp-httplib to 0.46.0 (#23650)

Reproduced: slilent freeze!! I fix also this codepath.

[ServeurpersoCom]

llama-install.sh: BoringSSL requires fixes on their own repo to build on Wine. I'm switching to LibreSSL.

[ServeurpersoCom]

ggml-org/llama-install.sh#1