Enable QUIC with Tongsuo SSL library
Maxim Dounin
mdounin at mdounin.ru
Fri May 26 16:09:57 UTC 2023
Hello!
On Fri, May 26, 2023 at 02:43:22PM +0300, Vladimir Homutov via nginx-devel wrote:
> # HG changeset patch
> # User Vladimir Khomutov <vl at wbsrv.ru>
> # Date 1677761453 -10800
> # Thu Mar 02 15:50:53 2023 +0300
> # Node ID 348772f63be2b77a893b8d101c6b6905382a5735
> # Parent 8eae1b4f1c5528b063351804168a6085f5f50b42
> QUIC: added support for the Tongsuo SSL library.
>
> For the needs of QUIC, this is basically openssl-1.1.1h with
> BoringSSL-compatible QUIC support.
>
> The library was developed by AliBaba and was previously called BabaSSL,
> thus macro names [1].
>
> [1] https://github.com/Tongsuo-Project/Tongsuo
>
> diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
> --- a/src/event/quic/ngx_event_quic_ssl.c
> +++ b/src/event/quic/ngx_event_quic_ssl.c
> @@ -12,6 +12,7 @@
>
> #if defined OPENSSL_IS_BORINGSSL \
> || defined LIBRESSL_VERSION_NUMBER \
> + || defined BABASSL_VERSION_NUMBER \
> || NGX_QUIC_OPENSSL_COMPAT
> #define NGX_QUIC_BORINGSSL_API 1
> #endif
I don't like the idea of introducing explicit support for
additional OpenSSL/LibreSSL/BoringSSL forks. There should be a
way to detect this without checking individual libraries.
Also, using something like --with-cc-opt="-DOPENSSL_IS_BORINGSSL"
might be a good enough workaround in this particular case (untested
though).
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list