Open cang-mang opened 4 years ago
dtikhonov
commented
4 years ago Yes, supporting OpenSSL would be very nice. There are two obstacles to it:
Note that BoringSSL can be compiled where all exported symbols are prefixed with a custom prefix. That should allow you to use both OpenSSL and BoringSSL in your application.
robmang
commented
3 years ago How would we build lsquic to support boringssl with prefixed exported symbols? Would it be up to us to rename them in lsquic? Thanks
dtikhonov
commented
3 years ago No, you would not need to change any code. See BoringSSL documentation.
jazune
commented
3 years ago Yes, supporting OpenSSL would be very nice. There are two obstacles to it:
- It is not high on our priority list.
- OpenSSL does not support QUIC yet. (There is a patched version, but it's unofficial).
Note that BoringSSL can be compiled where all exported symbols are prefixed with a custom prefix. That should allow you to use both OpenSSL and BoringSSL in your application.
hi,@dtikhonov, any play to suport openssl? If not, I wll do this. my plan is: 1,use openssl QUIC patch to suppot quic sdk. 2,in lsquic, replace AEAD api in boringssl with evp api which both exist in boringssl and openssl. 3,replace boringssl with openssl.
for lsquic,the main change is replacing AEAD with evp。
dtikhonov
commented
3 years ago That would be super if you did it! 👍 💯
I think this would require writing a set of function pointers: one for OpenSSL and one for BoringSSL. But let's see what you come up with. Of course, if you simply replace BoringSSL with OpenSSL, we won't be able to merge it to mainline.
jazune
commented
3 years ago @dtikhonov I plan only change lsquic code that will be suitable for both boringssl and openssl with quic sdk patch. So, it won't effect current compile. And If one want to use openssl, it can also work.
dtikhonov
commented
3 years ago Great, I am looking forward to it!
brjoha
commented
2 years ago Another year. Has pluggable SSL percolated up the priority list at all?
gegles
commented
6 months ago Any update on this? BoringSSL is one of the reason we can't use this in our system at this point...
Thanks!
alexpokotilo
commented
2 months ago I've spent some time to build lsquic with prefix so here is my instruction. I need to add prefix as my project already has openssl as dependency.
1)First we need to build boringssl with prefixes. This is very strange why boringssl doesn't make this process done by just command line directive, but it is how it is. Please check boringssl docs about DBORINGSSL_PREFIX for details.
I just followed these steps and generated symbol file for crypto lib and ssl lib and combined these files into crypto_ssl.txt You can download crypto_ssl.txt generated from current master crypto_ssl.txt If you find problems during linking just regenerate crypto_ssl.txt for current version of boringssl
2) build boringssl with prefix
cmake -DBUILD_SHARED_LIBS=0 -DCMAKE_BUILD_TYPE=Release -DBORINGSSL_PREFIX=LSQUICK -DBORINGSSL_PREFIX_SYMBOLS=crypto_ssl.txt .
make -j 12 crypto ssl
cp symbol_prefix_include/* include/
without "cp symbol_prefix_include/* include/" lsquic will failed on build as symbol_prefix_include directory not added by lsquic CMakeFile into PATH
3) Build lsquic with prefix support
cmake -DLSQUIC_SHARED_LIB=OFF -DLSQUIC_BIN=OFF -DBORINGSSL_DIR=$BORINGSSL -DLSQUIC_TESTS=OFF -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="-DBORINGSSL_PREFIX=LSQUICK" .
make -j 12boringssl don't add BORINGSSL_PREFIX into generated headers. So you have to add BORINGSSL_PREFIX define manually to hint lsquic to build with prefix support. lsquic includes boringssl' headers, but to to be built with prefix you have to specify BORINGSSL_PREFIX during lsquic building again.
Currently, lsquic only support BoringSSL. But in many phone devices, app-packet size is very important, and the old version of the app often takes OpenSSL. Now we add lsquic to the app, then we must add BoringSSL to it, too. So the size of the app-packet becomes too big. In some other cases, the old version of the app takes a static library of OpenSSL, and when we add lsquic with BoringSSL to the app, if the BoringSSL is a static library, then many symbols conflict; else if the BoringSSL is a dynamic library, then at run-time the app crashes. So, can you develop a branch version of supporting OpenSSL? Thanks very much.