Skip to content

OpenSSL 3.2 QUIC stack based HTTP/3#12734

Closed
icing wants to merge 7 commits intocurl:masterfrom
icing:h3-openssl
Closed

OpenSSL 3.2 QUIC stack based HTTP/3#12734
icing wants to merge 7 commits intocurl:masterfrom
icing:h3-openssl

Conversation

@icing
Copy link
Contributor

@icing icing commented Jan 18, 2024
edited
Loading

  • HTTP/3 for curl using OpenSSL's own QUIC stack together with nghttp3
  • configure with --with-openssl-quic to enable curl to build this. This requires the nghttp3 library
  • implementation with the following restrictions:
    • macOS has to use an unconnected UDP socket due to an issue in OpenSSL's datagram implementation See OpenSSL 3.2.0, QUIC, macOS, error 56 on connected UDP socket openssl/openssl#23251 This makes connections to non-reponsive servers hang.
    • GET requests will send the indicator that they have no body in a separate QUIC packet. This may result in processing delays or Transfer-Encodings on proxied requests
    • uploads that encounter blocks will use 100% cpu as detection of these flow control issue is not working (we have not figured out to pry that from OpenSSL).
  • added a CI job for linux, excluding http/3 tests in suite, since 2500 and 2502 fail

@github-actions github-actions bot added tests CI Continuous Integration labels Jan 18, 2024
@bagder
Copy link
Member

bagder commented Jan 19, 2024

Can you also add a description to HTTP3.md how to build this setup?

icing added 6 commits January 22, 2024 09:17
@icing
OpenSSL 3.2 QUIC stack based HTTP/3 (WIP)
bdcf67f 
- HTTP/3 for curl using OpenSSL's own QUIC stack together
  with nghttp3
- configure with `--with-openssl-quic` to enable curl to
  build this. This requires the nghttp3 library
- implementation with the following restrictions:
  * macOS has to use an unconnected UDP socket due to an
    issue in OpenSSL's datagram implementation
    See openssl/openssl#23251
    This makes connections to non-reponsive servers hang.
  * GET requests will send the indicator that they have
    no body in a separate QUIC packet. This may result
    in processing delays or Transfer-Encodings on proxied
    requests
  * uploads that encounter blocks will use 100% cpu as
    detection of these flow control issue is not working
    (we have not figured out to pry that from OpenSSL).
@icing
fixing configure to work for non-openssl-quic again
4323124
@icing
fixed codespell, fixed configure ngtcp2 feature check
b8f63a1
@icing
try adding a CI job for openssl-quic under linux
f65c081
@icing
add CI workflow, change connect default error to CURLE_COULDNT_CONNECT
b2ac598
@icing
document how HTTP/3 with openssl 3.2+ can be build
5418649 
- remove no longer neede config param in building openssl3
@icing icing marked this pull request as ready for review January 22, 2024 08:19
@icing
Copy link
Contributor Author

icing commented Jan 22, 2024

Can you also add a description to HTTP3.md how to build this setup?

Done.

@icing icing requested a review from bagder January 22, 2024 08:20
@icing icing added feature-window A merge of this requires an open feature window HTTP/3 h3 or quic related labels Jan 22, 2024
@icing icing changed the title OpenSSL 3.2 QUIC stack based HTTP/3 (WIP) OpenSSL 3.2 QUIC stack based HTTP/3 Jan 22, 2024
bagder
bagder reviewed Jan 22, 2024
View reviewed changes
Copy link
Member

@bagder bagder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise I think this looks good!

@bagder bagder closed this in 0535f6e Jan 22, 2024
vszakats added a commit to curl/curl-for-win that referenced this pull request Jan 22, 2024
@vszakats
curl-autotools.sh: add support for openssl 3.2.0 QUIC [ci skip]
0a13525 
It works with some manual hacks due to nghttp3 being undetected by autotools
(a long-time issue).

When enabled, the version string is showing some duplication:
```
curl 8.6.0-DEV (x86_64-w64-mingw32) libcurl/8.6.0-DEV OpenSSL/3.2.0 (Schannel) zlib/1.3 WinIDN libssh2/1.11.1_DEV nghttp2/1.58.0 OpenSSL/3.2.0 (Schannel) nghttp3/1.1.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets
```

Ref: curl/curl@0535f6e
Ref: curl/curl#12734
@vszakats
Copy link
Member

vszakats commented Jan 22, 2024
edited
Loading

Few observations after enabling support for this in curl-for-win:

  • CMake logic is missing, so enabled it only for autotools.
  • OpenSSL 3.2.0 requires -lcrypt32 on Windows, but not added by autotools, so detection fails unless adding it to LIBS manually (pre-existing issue).
  • nghttp3 (and ngtcp2) have a long-time detection issue with autotools, so have to force-enable it. This means that HTTP/3 also needs to be force-enabled to get OpenSSL QUIC enabled. (pre-existing issue)
  • TLS backends are duplicated in the -V output:
curl 8.6.0-DEV (x86_64-w64-mingw32) libcurl/8.6.0-DEV OpenSSL/3.2.0 (Schannel) zlib/1.3 WinIDN \
  libssh2/1.11.1_DEV nghttp2/1.58.0 OpenSSL/3.2.0 (Schannel) nghttp3/1.1.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets

@vszakats vszakats mentioned this pull request Jan 23, 2024
Closed
@talregev
Copy link
Contributor

talregev commented Feb 22, 2024
edited
Loading

@icing Can you add the cmake functionality / flag to compile http3 with openssl 3.2 + nghttp3 ?

@icing
Copy link
Contributor Author

icing commented Feb 23, 2024

@talregev I must admit my cmake skills are lacking.

@talregev
Copy link
Contributor

talregev commented Feb 25, 2024

I will open an issue about it.

@talregev talregev mentioned this pull request Feb 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bagder bagder bagder left review comments

Assignees

No one assigned

Labels

CI Continuous Integration feature-window A merge of this requires an open feature window HTTP/3 h3 or quic related tests

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@icing @bagder @vszakats @talregev

Comments