Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

configure not support building with ngtcp2 + boringssl #12724

Closed
Cering opened this issue Jan 17, 2024 · 7 comments
Closed

configure not support building with ngtcp2 + boringssl #12724

Cering opened this issue Jan 17, 2024 · 7 comments
Labels
build HTTP/3 h3 or quic related

Comments

@Cering
Copy link
Contributor

Cering commented Jan 17, 2024
edited

I did this

  • I found HTTP3: ngtcp2 builds are no longer experimental, and tried to build curl-8.5.0 with nghttp3-1.1.0, ngtcp2-1.1.0 and boringssl in linux.
  • The nghttp3/ngtcp2/boringssl's library were built success, but failed when building curl. The error info was configure: error: --with-ngtcp2 was specified but could not find ngtcp2_crypto_openssl pkg-config file.
  • The configure only checking for libngtcp2_crypto_openssl options with pkg-config, but not contain libngtcp2_crypto_boringssl. However, the ngtcp2's output just have libngtcp2_crypto_boringssl.a and libngtcp2_crypto_boringssl.pc, so the curl's configure failed.
[yl@yldev-161edcc8c lib]$ ll
total 1512
-rw-r--r-- 1 yl root 1429772 Jan 17 10:22 libngtcp2.a
-rw-r--r-- 1 yl root  105938 Jan 17 10:22 libngtcp2_crypto_boringssl.a
-rwxr-xr-x 1 yl root    1043 Jan 17 10:22 libngtcp2.la
drwxr-xr-x 2 yl root    4096 Jan 17 10:22 pkgconfig
[yl@yldev-161edcc8c lib]$ ll pkgconfig/
total 8
-rw-r--r-- 1 yl root 1435 Jan 17 10:22 libngtcp2_crypto_boringssl.pc
-rw-r--r-- 1 yl root 1384 Jan 17 10:22 libngtcp2.pc
  • I tried to fake libngtcp2_crypto_boringssl as libngtcp2_crypto_openssl like below, then built curl success. But not sure that was a safe way.
    • ln -sfnv libngtcp2_crypto_boringssl.a libngtcp2_crypto_openssl.a
    • cp -fv libngtcp2_crypto_boringssl.pc libngtcp2_crypto_openssl.pc, and modify Name to libngtcp2_crypto_openssl
  • All librarys' building script please see below, is there another way to support libngtcp2_crypto_boringssl?

Detail building script

  • build boringssl
#!/bin/bash

curPath=$(cd $(dirname $0); pwd)
outPath=${curPath}/output_linux

cmake \
      -DCMAKE_INSTALL_PREFIX="${outPath}" \
      -DCMAKE_BUILD_TYPE=Release \
      -DCMAKE_C_FLAGS_RELEASE="-fPIC" \
      -DCMAKE_CXX_FLAGS_RELEASE="-fPIC" \
      -DCMAKE_ASM_FLAGS_RELEASE="-fPIC" \
      -DOPENSSL_NO_ASM=1 \
      -GNinja \
      ../..

cmake --build . -v
  • build nghttp3
#!/bin/bash
curPath=$(cd $(dirname $0); pwd)
outPath="${curPath}/output_linux"

set -e

export CFLAGS="-pipe -fPIC -g"
export CXXFLAGS="${CFLAGS}"

./configure --prefix=${outPath} \
            --enable-lib-only \
            --enable-static \
            --disable-shared

make -j8 V=1
make install
  • build ngtcp2
#!/bin/bash
curPath=$(cd $(dirname $0); pwd)
outPath="${curPath}/output_linux"
sslPath="${curPath}/../boringssl/output_linux"
nghttp3Path="${curPath}/../nghttp3/output_linux"

set -e

export CFLAGS="-pipe -fPIC -g"
export CXXFLAGS="${CFLAGS}"
export LDFLAGS="-L${sslPath}/lib -L${nghttp3Path}/lib"
export LIBS="-lpthread"
export BORINGSSL_CFLAGS="-I${sslPath}/include"
export BORINGSSL_LIBS="-lssl -lcrypto"
export NGHTTP3_CFLAGS="-I${nghttp3Path}/include"
export NGHTTP3_LIBS="-lnghttp3"
export PKG_CONFIG_PATH="${nghttp3Path}/lib/pkgconfig"


./configure --prefix=${outPath} \
            --enable-lib-only \
            --enable-static \
            --disable-shared \
            --with-boringssl \
            --with-libnghttp3

make -j8 V=1
make install
  • build curl
#!/bin/bash
curPath=$(cd $(dirname $0); pwd)
outPath="${curPath}/output_linux"
sslPath="${curPath}/../boringssl/output_linux"
nghttp2Path="${curPath}/../nghttp2/output_linux"
nghttp3Path="${curPath}/../nghttp3/output_linux"
ngtcp2Path="${curPath}/../ngtcp2/output_linux"

set -e

export CFLAGS="-pipe -fPIC -g -O0"

./configure --prefix=${outPath} \
            --with-ssl=${sslPath} \
            --with-nghttp2=${nghttp2Path} \
            --with-nghttp3=${nghttp3Path} \
            --with-ngtcp2=${ngtcp2Path}

make -j8 V=1
make install

curl/libcurl version

curl-8.5.0 release

operating system

Linux mylinux 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
@bagder bagder added cmake HTTP/3 h3 or quic related build and removed cmake labels Jan 17, 2024
@bagder
Copy link
Member

bagder commented Jan 17, 2024

I'm puzzled. curl only looks for libngtcp2_crypto_quictls since 8.2.0, not even the _*openssl one. Did you really use 8.5.0?

Our HTTP/3 build docs explicitly mentions and lists quictls, not BoringSSL and it seems nobody has made the BoringSSL build work recently. The configure script needs some work.

@Cering
Copy link
Contributor Author

Cering commented Jan 17, 2024

Oh! I just updated the curl's repo from old commit, but forgot running autoreconf -fi before compiling.

After did that, the error info became configure: error: --with-ngtcp2 was specified but could not find ngtcp2_crypto_quictls pkg-config file. I will change boringssl to quictls and try to build curl again, thanks.

@Cering
Copy link
Contributor Author

Cering commented Jan 17, 2024

I tried to fake libngtcp2_crypto_boringssl as libngtcp2_crypto_openssl like below, then built curl success.

  • I examine this suceess building, it used curl-8.0.1's configure file that still support buinding ngtcp2 with openssl.

OpenSSL does not offer the required APIs for building a QUIC client. You need to use a TLS library that has such APIs and that works with ngtcp2

  • So although openssl not support quic apis, but replace it with boringssl maybe feasible? Why curl not support looks for libngtcp2_crypto_openssl since 8.2.0?

@bagder bagder changed the title configure not support libngtcp2_crypto_boringssl configure not support building with ngtcp2 + boringssl Jan 17, 2024
@bagder
Copy link
Member

bagder commented Jan 17, 2024

Why curl not support looks for libngtcp2_crypto_openssl since 8.2.0?

Because ngtcp2 renamed it to the more suitable quictls. quictls is an OpenSSL fork with the QUIC API, while the OpenSSL project does not support the QUIC API. They provide a different QUIC API.

@Cering
Copy link
Contributor Author

Cering commented Jan 17, 2024

Get it, thanks again!

@Cering
Copy link
Contributor Author

Cering commented Jan 18, 2024

Update: also tried to fake libngtcp2_crypto_boringssl as libngtcp2_crypto_openssl like below, and built curl success

  • ln -sfnv libngtcp2_crypto_boringssl.a libngtcp2_crypto_quictls.a
  • cp -fv libngtcp2_crypto_boringssl.pc libngtcp2_crypto_quictls.pc && sed -i 's/libngtcp2_crypto_boringssl/libngtcp2_crypto_quictls/g' libngtcp2_crypto_quictls.pc

This curl can send request via http3 success, that may imply ngtcp2 + boringssl also be feasible?

curl 8.6.0-DEV (x86_64-unknown-linux-gnu) libcurl/8.6.0-DEV BoringSSL zlib/1.2.7 nghttp2/1.41.0 ngtcp2/1.1.0 nghttp3/1.1.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS Debug HSTS HTTP2 HTTP3 HTTPS-proxy IPv6 Largefile libz NTLM SSL threadsafe TrackMemory UnixSockets

@bagder
Copy link
Member

bagder commented Jan 18, 2024

This curl can send request via http3 success, that may imply ngtcp2 + boringssl also be feasible?

Yes it is. The configure script just needs some love.

@tatsuhiro-t tatsuhiro-t mentioned this issue Jan 24, 2024
Closed
@bagder bagder closed this as completed in fe537e2 Jan 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
build HTTP/3 h3 or quic related
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

build: Add libngtcp2_crypto_boringssl detection to autotools tatsuhiro-t/curl
2 participants
@bagder @Cering