Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL 3.2 QUIC stack based HTTP/3 #12734

Closed
wants to merge 7 commits into from
Closed

OpenSSL 3.2 QUIC stack based HTTP/3 #12734

wants to merge 7 commits into from

Conversation

icing
Copy link
Contributor

@icing icing commented Jan 18, 2024
edited

  • HTTP/3 for curl using OpenSSL's own QUIC stack together with nghttp3
  • configure with --with-openssl-quic to enable curl to build this. This requires the nghttp3 library
  • implementation with the following restrictions:
    • macOS has to use an unconnected UDP socket due to an issue in OpenSSL's datagram implementation See OpenSSL 3.2.0, QUIC, macOS, error 56 on connected UDP socket openssl/openssl#23251 This makes connections to non-reponsive servers hang.
    • GET requests will send the indicator that they have no body in a separate QUIC packet. This may result in processing delays or Transfer-Encodings on proxied requests
    • uploads that encounter blocks will use 100% cpu as detection of these flow control issue is not working (we have not figured out to pry that from OpenSSL).
  • added a CI job for linux, excluding http/3 tests in suite, since 2500 and 2502 fail

@github-actions github-actions bot added tests CI Continuous Integration labels Jan 18, 2024
@bagder
Copy link
Member

bagder commented Jan 19, 2024

Can you also add a description to HTTP3.md how to build this setup?

@icing
OpenSSL 3.2 QUIC stack based HTTP/3 (WIP)
bdcf67f 
- HTTP/3 for curl using OpenSSL's own QUIC stack together
  with nghttp3
- configure with `--with-openssl-quic` to enable curl to
  build this. This requires the nghttp3 library
- implementation with the following restrictions:
  * macOS has to use an unconnected UDP socket due to an
    issue in OpenSSL's datagram implementation
    See openssl/openssl#23251
    This makes connections to non-reponsive servers hang.
  * GET requests will send the indicator that they have
    no body in a separate QUIC packet. This may result
    in processing delays or Transfer-Encodings on proxied
    requests
  * uploads that encounter blocks will use 100% cpu as
    detection of these flow control issue is not working
    (we have not figured out to pry that from OpenSSL).
@icing
fixing configure to work for non-openssl-quic again
4323124
@icing
fixed codespell, fixed configure ngtcp2 feature check
b8f63a1
@icing
try adding a CI job for openssl-quic under linux
f65c081
@icing
add CI workflow, change connect default error to CURLE_COULDNT_CONNECT
b2ac598
@icing
document how HTTP/3 with openssl 3.2+ can be build
5418649 
- remove no longer neede config param in building openssl3
@icing icing marked this pull request as ready for review January 22, 2024 08:19
@icing
Copy link
Contributor Author

icing commented Jan 22, 2024

Can you also add a description to HTTP3.md how to build this setup?

Done.

@icing icing requested a review from bagder January 22, 2024 08:20
@icing icing added feature-window A merge of this requires an open feature window HTTP/3 h3 or quic related labels Jan 22, 2024
@icing icing changed the title OpenSSL 3.2 QUIC stack based HTTP/3 (WIP) OpenSSL 3.2 QUIC stack based HTTP/3 Jan 22, 2024
bagder
bagder reviewed Jan 22, 2024
View reviewed changes
Copy link
Member

@bagder bagder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise I think this looks good!

docs/HTTP3.md Outdated Show resolved Hide resolved
docs/HTTP3.md Outdated Show resolved Hide resolved
docs/HTTP3.md Outdated Show resolved Hide resolved
@bagder bagder closed this in 0535f6e Jan 22, 2024
vszakats added a commit to curl/curl-for-win that referenced this pull request Jan 22, 2024
@vszakats
curl-autotools.sh: add support for openssl 3.2.0 QUIC [ci skip]
0a13525 
It works with some manual hacks due to nghttp3 being undetected by autotools
(a long-time issue).

When enabled, the version string is showing some duplication:
```
curl 8.6.0-DEV (x86_64-w64-mingw32) libcurl/8.6.0-DEV OpenSSL/3.2.0 (Schannel) zlib/1.3 WinIDN libssh2/1.11.1_DEV nghttp2/1.58.0 OpenSSL/3.2.0 (Schannel) nghttp3/1.1.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets
```

Ref: curl/curl@0535f6e
Ref: curl/curl#12734
@vszakats
Copy link
Member

vszakats commented Jan 22, 2024
edited

Few observations after enabling support for this in curl-for-win:

  • CMake logic is missing, so enabled it only for autotools.
  • OpenSSL 3.2.0 requires -lcrypt32 on Windows, but not added by autotools, so detection fails unless adding it to LIBS manually (pre-existing issue).
  • nghttp3 (and ngtcp2) have a long-time detection issue with autotools, so have to force-enable it. This means that HTTP/3 also needs to be force-enabled to get OpenSSL QUIC enabled. (pre-existing issue)
  • TLS backends are duplicated in the -V output:
curl 8.6.0-DEV (x86_64-w64-mingw32) libcurl/8.6.0-DEV OpenSSL/3.2.0 (Schannel) zlib/1.3 WinIDN \
  libssh2/1.11.1_DEV nghttp2/1.58.0 OpenSSL/3.2.0 (Schannel) nghttp3/1.1.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz MultiSSL NTLM SPNEGO SSL SSPI threadsafe UnixSockets

@vszakats vszakats mentioned this pull request Jan 23, 2024
Closed
@talregev
Copy link
Contributor

talregev commented Feb 22, 2024
edited

@icing Can you add the cmake functionality / flag to compile http3 with openssl 3.2 + nghttp3 ?

@icing
Copy link
Contributor Author

icing commented Feb 23, 2024

@talregev I must admit my cmake skills are lacking.

@talregev
Copy link
Contributor

I will open an issue about it.

@talregev talregev mentioned this pull request Feb 25, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bagder bagder bagder left review comments

Assignees
No one assigned
Labels
CI Continuous Integration feature-window A merge of this requires an open feature window HTTP/3 h3 or quic related tests
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@icing @bagder @vszakats @talregev