Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add quictls-openssl package with version 1.1.1v, 3.0.10, and 3.1.2. #19234

Closed
wants to merge 3 commits into from

Conversation

cjbradfield
Copy link
Contributor

@cjbradfield cjbradfield commented Aug 16, 2023

This package is openssl + quictls's patches to support the BoringSSL QUIC APIs.
Specify library name and version: quictls-openssl/3.1.2, quictls-openssl/3.01.0, quictls-openssl/1.1.1v

The QUIC protocol (which http3 runs on top of) is tightly bound with TLS and requires the quictls fork of openssl to function. Follow-on QUIC packages such as ngtcp2 will depend on this package.


This package is the openssl + quictls patches from BoringSSL which are
necessary to use openssl to encrypt the QUIC protocol.
@conan-center-bot

This comment has been minimized.

@conan-center-bot

This comment has been minimized.

@cjbradfield
Copy link
Contributor Author

Note to the reviewers: Since quictls/openssl is a fork of openssl, I was able to copy the openssl recipes for 1.x and 3.x along with the test files and make minor changes. It may be easier to review if you diff each file with its analog in the openssl recipe.

@Croydon
Copy link
Contributor

Croydon commented Aug 21, 2023

Note to the reviewers: Since quictls/openssl is a fork of openssl, I was able to copy the openssl recipes for 1.x and 3.x along with the test files and make minor changes. It may be easier to review if you diff each file with its analog in the openssl recipe.

But it will probably stay hard to maintain, as improvements for the OpenSSL recipe are likely good for this recipe as well.

What is the motivation for it? Can't the patches be upstreamed to OpenSSL?

If the patches are from BoringSSL, can't BoringSSL be used?

@cjbradfield
Copy link
Contributor Author

cjbradfield commented Aug 21, 2023

But it will probably stay hard to maintain, as improvements for the OpenSSL recipe are likely good for this recipe as well.

What is the motivation for it? Can't the patches be upstreamed to OpenSSL?

If the patches are from BoringSSL, can't BoringSSL be used?

  1. Yes-ish. The quictls/openssl fork (which is a collaborative effort from Microsoft and Akamai) will release this patchset on top of OpenSSL versions at a separate cadence to OpenSSL. Yes, any improvements to the OpenSSL recipe will likely apply here. I asked the Slack channel whether this should be a new recipe or just a +quic version of the original OpenSSL one and all the responses I got were in support of a new recipe (since it is technically a different package with a different release cadence). If the reviewers feel differently, I can go down that path instead.
  2. The motivation for the fork is to support the same API BoringSSL does for QUIC as many projects prefer to use OpenSSL instead of BoringSSL. Importing this will enable the Conan community to import QUIC implementations such as ngtcp2 (https://github.com/ngtcp2/ngtcp2) and msquic (https://github.com/microsoft/msquic). It is unclear if/when it will ever merge with OpenSSL.
  3. The APIs originated in BoringSSL to support QUIC in the Chromium project. I would love to import BoringSSL; however, it requires a functional Go compiler to build which seems like too heavy a requirement for a C++ package. This is, however, the preferred SSL library of msquic; I'm uncertain if msquic compiles with BoringSSL.

@conan-center-bot

This comment has been minimized.

@conan-center-bot
Copy link
Collaborator

Conan v1 pipeline ✔️

All green in build 4 (2b546eef0687502e784edef57852907e210667d8):

  • quictls-openssl/1.1.1v:
    All packages built successfully! (All logs)

  • quictls-openssl/3.0.10:
    All packages built successfully! (All logs)

  • quictls-openssl/3.1.2:
    All packages built successfully! (All logs)


Conan v2 pipeline ✔️

Note: Conan v2 builds are now mandatory. Please read our discussion about it.

All green in build 4 (2b546eef0687502e784edef57852907e210667d8):

  • quictls-openssl/3.0.10:
    All packages built successfully! (All logs)

  • quictls-openssl/3.1.2:
    All packages built successfully! (All logs)

  • quictls-openssl/1.1.1v:
    All packages built successfully! (All logs)

Copy link
Contributor

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale label Jun 16, 2024
@perseoGI perseoGI assigned perseoGI and unassigned perseoGI Jun 17, 2024
@github-actions github-actions bot removed the stale label Jun 18, 2024
@Croydon
Copy link
Contributor

Croydon commented Jun 20, 2024

Sorry, that this never got decided in some ways @cjbradfield

In the meantime, OpenSSL got some QUIC support and works on further support for it. So, is having an own recipe with those patches still something useful?

@cjbradfield
Copy link
Contributor Author

Sorry, that this never got decided in some ways @cjbradfield

In the meantime, OpenSSL got some QUIC support and works on further support for it. So, is having an own recipe with those patches still something useful?

No problem. I understand that this was a complicated decision given that OpenSSL may choose to support QUIC in the future. The driver for this was a BSD-licensed SSL supported by ngtcp2 (the QUIC stack for nghttp3). So, the utility really revolves around what does ngtcp2 require to work so that nghttp3 can work on top of it.

My clients decided to go with http/2 for now so my interest in this has waned.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants