-
Notifications
You must be signed in to change notification settings - Fork 709
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP tls: add feature to build against OpenSSL #126
Conversation
951c599
to
f7df2fb
Compare
This adds a new feature "openssl" to build against OpenSSL instead of BoringSSL. We need this because the OpenSSL and BoringSSL APIs are not fully compatible (e.g. some "functions" are actually macros wrapping SSL_ctrl()). To build OpenSSL do: ``` % git clone --branch=master-quic-support https://github.com/akamai/openssl/ % cd openssl % export OPENSSL_INSTALL_PATH=$PWD/build % ./config enable-tls1_3 --prefix=$OPENSSL_INSTALL_PATH % make -j$(nproc) % make install_sw ``` To build quiche using the above OpenSSL build do: ``` % export PKG_CONFIG_PATH=$OPENSSL_INSTALL_PATH/lib/pkgconfig % export LD_LIBRARY_PATH=$OPENSSL_INSTALL_PATH/lib % cargo test --features openssl ```
@@ -173,6 +173,14 @@ fn main() { | |||
println!("cargo:rustc-link-lib=static=ssl"); | |||
} | |||
|
|||
if cfg!(feature = "openssl") { | |||
#[cfg(feature = "openssl")] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The order of libcrypto
and libssl
below should be swapped. I failed to build quiche with unresolved symbols because the linker command line had -lcrypto -lssl
in that order. Swapping the two here fixed it.
Can we add the rustls and ring option? #129 |
Any update on openssl support? |
@splitice not really. The upstream OpenSSL PR is still open with no end in sight. |
What is it blocked on? |
perhaps target https://github.com/akamai/openssl/tree/OpenSSL_1_1_1d-quic ? |
The OpenSSL project decided they will implement the full QUIC protocol, rather than provide an API for other QUIC implementations to use https://www.mail-archive.com/[email protected]/msg02585.html so supporting OpenSSL in quiche will not be possible going forward. Closing this. |
This adds a new feature "openssl" to build against OpenSSL instead of
BoringSSL. We need this because the OpenSSL and BoringSSL APIs are not
fully compatible (e.g. some "functions" are actually macros wrapping
SSL_ctrl()).
To build OpenSSL do:
To build quiche using the above OpenSSL build do:
Depends on #125 and openssl/openssl#8797 but note that this doesn't actually work yet (handshake fails), so will need to debug further.