Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OpenSSL-based MsQuic on Windows #72262

Merged
merged 4 commits into from
Jul 18, 2022
Merged

Support OpenSSL-based MsQuic on Windows #72262

merged 4 commits into from
Jul 18, 2022

Conversation

rzikm
Copy link
Member

@rzikm rzikm commented Jul 15, 2022
edited by ManickaP
Loading

Closes #69978.

While not officially supported, it is not hard for us to support QUIC on older Windows version via OpenSSL-based build of MsQuic.

The only limitation now is that the X509Certificate2 instances must have exportable private keys (i.e. passing X509KeyStorageFlags.Exportable to ctor).

@ghost ghost assigned rzikm Jul 15, 2022
@ghost
Copy link

ghost commented Jul 15, 2022

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

Closes 69978.

While not officially supported, it is not hard for us to support QUIC on older Windows version via OpenSSL-based build of MsQuic.

The only limitation now is that the X509Certificate2 instances must have exportable private keys (i.e. passing X509KeyStorageFlags.Exportable to ctor).

Author: rzikm
Assignees: -
Labels:

area-System.Net
Milestone: -

@rzikm
Copy link
Member Author

rzikm commented Jul 15, 2022

I tested the build with locally built MsQuic on Windows 11, it would be nice if somebody tested this e.g. on Windows 10 machine to confirm this.

ManickaP
ManickaP reviewed Jul 15, 2022
View reviewed changes
Copy link
Member

@ManickaP ManickaP left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but we should get a confirmation this works on Windows 10 before merging.

src/libraries/System.Net.Quic/src/System/Net/Quic/Internal/MsQuicApi.cs Outdated Show resolved Hide resolved
rzikm and others added 2 commits July 15, 2022 17:18
@rzikm @ManickaP
Update src/libraries/System.Net.Quic/src/System/Net/Quic/Internal/MsQ…
1bc405a 
…uicApi.cs

Co-authored-by: Marie Píchová <11718369+ManickaP@users.noreply.github.com>
@rzikm
Merge remote-tracking branch 'upstream/main' into 69978-QUIC-Support-…
212f8ff 
…for-OpenSSL-build-of-MsQuic-on-Windows
@davidfowl
Copy link
Member

Does OpenSSL work well on windows?

@wfurt
Copy link
Member

wfurt commented Jul 15, 2022

Does OpenSSL work well on windows?

AFAIK, MsQuic has tests for that scenario e.g. it is supported combination for them. Since this depend only on crypto, I see no reason why this would work any different than Linux.
It will not work for .NET users out of the box but this allows anybody to bundle custom MsQuic bits.

wfurt
wfurt reviewed Jul 15, 2022
View reviewed changes
src/libraries/System.Net.Quic/src/System/Net/Quic/Internal/MsQuicApi.cs
// Assume SChanel is being used on windows and query for the actual provider from the library
QUIC_TLS_PROVIDER provider = OperatingSystem.IsWindows() ? QUIC_TLS_PROVIDER.SCHANNEL : QUIC_TLS_PROVIDER.OPENSSL;
size = sizeof(QUIC_TLS_PROVIDER);
apiTable->GetParam(null, QUIC_PARAM_GLOBAL_TLS_PROVIDER, &size, &provider);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we expect that the provider will not change if there is MsQuic version that does not support the query?

Copy link
Member Author

@rzikm rzikm Jul 15, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't expect MsQuic would remove the param in future versions. And with older versions we have no way of knowing which provider is used so we might as well assume SChannel on Windows and OpenSSL everywhere else as we do now.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The question was really about running on older msquic versions. I don't know if this was added in/prior to 2.0 or if that is more recent addition.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's fine to assume this and state that MsQuic+OpenSSL is only supported on Windows for MsQuic v2+.

wfurt
wfurt approved these changes Jul 15, 2022
View reviewed changes
Copy link
Member

@wfurt wfurt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nibanks
Copy link

nibanks commented Jul 18, 2022

Does OpenSSL work well on windows?

Yes, very well. It is is more feature complete than Schannel. The perf of OpenSSL crypto is not quite as good as in-box bcrypt though.

@rzikm
Copy link
Member Author

rzikm commented Jul 18, 2022

I tried in a Windows 10 VM and most of the tests pass. I debugged those that fail these seem to have failed due to some "Access Denied" error in GenerateCertificates, which seems to be something environmental on my side.

@rzikm rzikm merged commit 3e5f0c1 into dotnet:main Jul 18, 2022
@karelz karelz added this to the 7.0.0 milestone Jul 19, 2022
@CarnaViire CarnaViire mentioned this pull request Jul 19, 2022
Closed
CarnaViire added a commit to CarnaViire/runtime that referenced this pull request Jul 19, 2022
@CarnaViire
Revert "Support OpenSSL-based MsQuic on Windows (dotnet#72262)"
4be7775 
This reverts commit 3e5f0c1.
This was referenced Jul 19, 2022
Merged
Closed
CarnaViire added a commit that referenced this pull request Jul 19, 2022
@CarnaViire
Revert "Support OpenSSL-based MsQuic on Windows (#72262)" (#72456)
779779a 
This reverts commit 3e5f0c1.
@rzikm rzikm mentioned this pull request Jul 21, 2022
Merged
@ghost ghost locked as resolved and limited conversation to collaborators Aug 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ManickaP ManickaP ManickaP left review comments

@wfurt wfurt wfurt approved these changes

@nibanks nibanks nibanks approved these changes

Assignees

@rzikm rzikm

Labels
area-System.Net
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.

[QUIC] Support for OpenSSL build of MsQuic on Windows
6 participants
@rzikm @davidfowl @wfurt @nibanks @ManickaP @karelz