Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add quictls-openssl package with version 1.1.1v, 3.0.10, and 3.1.2. #19234

Closed
wants to merge 3 commits into from
Closed

Add quictls-openssl package with version 1.1.1v, 3.0.10, and 3.1.2. #19234

wants to merge 3 commits into from

Conversation

cjbradfield
Copy link
Contributor

@cjbradfield cjbradfield commented Aug 16, 2023
edited
Loading

This package is openssl + quictls's patches to support the BoringSSL QUIC APIs.
Specify library name and version: quictls-openssl/3.1.2, quictls-openssl/3.01.0, quictls-openssl/1.1.1v

The QUIC protocol (which http3 runs on top of) is tightly bound with TLS and requires the quictls fork of openssl to function. Follow-on QUIC packages such as ngtcp2 will depend on this package.

@cjbradfield
Add quictls-openssl package with version 1.1.1v, 3.0.10, and 3.1.2.
ad556fa 
This package is the openssl + quictls patches from BoringSSL which are
necessary to use openssl to encrypt the QUIC protocol.
@prince-chrismc prince-chrismc mentioned this pull request Aug 16, 2023
Open
@conan-center-bot

This comment has been minimized.

Sign in to view
@conan-center-bot

This comment has been minimized.

Sign in to view
@cjbradfield
Copy link
Contributor Author

Note to the reviewers: Since quictls/openssl is a fork of openssl, I was able to copy the openssl recipes for 1.x and 3.x along with the test files and make minor changes. It may be easier to review if you diff each file with its analog in the openssl recipe.

@Croydon
Copy link
Contributor

Croydon commented Aug 21, 2023
edited
Loading

Note to the reviewers: Since quictls/openssl is a fork of openssl, I was able to copy the openssl recipes for 1.x and 3.x along with the test files and make minor changes. It may be easier to review if you diff each file with its analog in the openssl recipe.

But it will probably stay hard to maintain, as improvements for the OpenSSL recipe are likely good for this recipe as well.

What is the motivation for it? Can't the patches be upstreamed to OpenSSL?

If the patches are from BoringSSL, can't BoringSSL be used?

@cjbradfield
Copy link
Contributor Author

cjbradfield commented Aug 21, 2023
edited
Loading

But it will probably stay hard to maintain, as improvements for the OpenSSL recipe are likely good for this recipe as well.

What is the motivation for it? Can't the patches be upstreamed to OpenSSL?

If the patches are from BoringSSL, can't BoringSSL be used?

  1. Yes-ish. The quictls/openssl fork (which is a collaborative effort from Microsoft and Akamai) will release this patchset on top of OpenSSL versions at a separate cadence to OpenSSL. Yes, any improvements to the OpenSSL recipe will likely apply here. I asked the Slack channel whether this should be a new recipe or just a +quic version of the original OpenSSL one and all the responses I got were in support of a new recipe (since it is technically a different package with a different release cadence). If the reviewers feel differently, I can go down that path instead.
  2. The motivation for the fork is to support the same API BoringSSL does for QUIC as many projects prefer to use OpenSSL instead of BoringSSL. Importing this will enable the Conan community to import QUIC implementations such as ngtcp2 (https://github.com/ngtcp2/ngtcp2) and msquic (https://github.com/microsoft/msquic). It is unclear if/when it will ever merge with OpenSSL.
  3. The APIs originated in BoringSSL to support QUIC in the Chromium project. I would love to import BoringSSL; however, it requires a functional Go compiler to build which seems like too heavy a requirement for a C++ package. This is, however, the preferred SSL library of msquic; I'm uncertain if msquic compiles with BoringSSL.

@conan-center-bot

This comment has been minimized.

Sign in to view
@conan-center-bot
Copy link
Collaborator

Conan v1 pipeline ✔️

All green in build 4 (2b546eef0687502e784edef57852907e210667d8):

  • quictls-openssl/1.1.1v:
    All packages built successfully! (All logs)

  • quictls-openssl/3.0.10:
    All packages built successfully! (All logs)

  • quictls-openssl/3.1.2:
    All packages built successfully! (All logs)

Conan v2 pipeline ✔️

Note: Conan v2 builds are now mandatory. Please read our discussion about it.

All green in build 4 (2b546eef0687502e784edef57852907e210667d8):

  • quictls-openssl/3.0.10:
    All packages built successfully! (All logs)

  • quictls-openssl/3.1.2:
    All packages built successfully! (All logs)

  • quictls-openssl/1.1.1v:
    All packages built successfully! (All logs)

@ErniGH ErniGH mentioned this pull request Jun 14, 2024
Open
@github-actions GitHub Actions
Copy link
Contributor

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Jun 16, 2024
@perseoGI perseoGI assigned perseoGI and unassigned perseoGI Jun 17, 2024
@github-actions github-actions bot removed the stale label Jun 18, 2024
@Croydon
Copy link
Contributor

Croydon commented Jun 20, 2024

Sorry, that this never got decided in some ways @cjbradfield

In the meantime, OpenSSL got some QUIC support and works on further support for it. So, is having an own recipe with those patches still something useful?

@cjbradfield
Copy link
Contributor Author

Sorry, that this never got decided in some ways @cjbradfield

In the meantime, OpenSSL got some QUIC support and works on further support for it. So, is having an own recipe with those patches still something useful?

No problem. I understand that this was a complicated decision given that OpenSSL may choose to support QUIC in the future. The driver for this was a BSD-licensed SSL supported by ngtcp2 (the QUIC stack for nghttp3). So, the utility really revolves around what does ngtcp2 require to work so that nghttp3 can work on top of it.

My clients decided to go with http/2 for now so my interest in this has waned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danimtb danimtb Awaiting requested review from danimtb

@AbrilRBS AbrilRBS Awaiting requested review from AbrilRBS

@jcar87 jcar87 Awaiting requested review from jcar87

@uilianries uilianries Awaiting requested review from uilianries

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@cjbradfield @conan-center-bot @Croydon @perseoGI