Building libcurl using OpenSSL 3.2 QUIC?

[KMouaKYO]

Hello, are there any plans to build libcurl with OpenSSL v3.2's new QUIC API?
OpenSSL v3.2 was officially released 11/23 (which supports QUIC client capabilities).
In this way, libcurl doesn't need to build with separate QUIC libraries and QUIC supporting tls libraries. It would only require building with OpenSSL v3.2+ and libnghttp3.

[bagder]

We definitely want to support HTTP/3 using OpenSSL QUIC in curl. There is no current plan for this to happen,

Starting in the pending version 8.5.0 release, curl supports HTTP/3 using ngtcp2 for the first time as not experimental. ngtcp2 is a QUIC stack that has been in the works for several years and intense collaboration between curl and the ngtcp2 projects has polished the code in both ends over time. ngtcp2 can use numerous different TLS libraries for this, including just about every OpenSSL fork except the vanilla OpenSSL itself.

The OpenSSL QUIC API is brand new as mentioned above, and none of the usual suspects in the curl project has spent any time or efforts yet trying to build support for it. Since OpenSSL decided to not provide the API "the rest of the world" does, ngtcp2 cannot use OpenSSL. Luckily, the nghttp3 project is a HTTP/3 implementation that is independent of the QUIC stack, so it should be possible to use. There is sample code in the OpenSSL 3.2 release showing an embryo for this.

During the development of HTTP/3 in curl, not one of the (three) QUIC supported backends were complete and functional without feedback from us and subsequent polish and updates. There is a non-zero risk that the OpenSSL QUIC implementation and API also need adjustments as there has been no communication or collaboration on this so far.

Making HTTP/3 support based on nghttp3 + OpenSSL takes some understanding and knowledge of libcurl internals and the involved protocols so it is not considered an easy task. Without researching this topic in detail, I estimate that it would take 6-8 man weeks to bring this to curl. If done by the right person(s).

We would of course appreciate if someone would step up and sponsor this work for us. Without that, this effort is likely to be smeared out rather thin over a long calendar time.

[liudongmiao]

@bagder There is openssl 3.2 quic since curl 8.6.0 (cmake since 8.7.0/1), so is there any chance to remove experimental?
Or, how to do the http3 test and remove expereimental flag?

[icing]

The current OpenSSL APIs (3.2 and 3.3) lack features that curl needs for non-experimental. Sadly, OpenSSL was only able to promise improvements for later versions (scheduled for autumn(?)). Without these, curl uploads using OpenSSL QUIC will often run at 100% cpu.