Adding HTTP/3 support to ftp/curl

M

Mayhem30

I'm trying to add http/3 support to ftp/curl and I'm getting a compile error.

Any ideas?

My edits or additions to Makefile:

Code: 
OPTIONS_GROUP_PROTOCOL= DICT FTP GOPHER HTTP HTTP2 HTTP3 IMAP IPFS LDAP LDAPS LIBSSH LIBSSH2 MQTT POP3 RTSP SMB SMTP TELNET TFTP WEBSOCKET

HTTP3_USES=             ssl
HTTP3_LIB_DEPENDS=      libngtcp2.so:net/libngtcp2 \
                        libnghttp3.so:www/libnghttp3

HTTP3_CONFIGURE_ENABLE= http3
HTTP3_CONFIGURE_WITH=   nghttp3 ngtcp2

HTTP3_BUILD_DEPENDS=    ${LOCALBASE}/include/openssl/quic.h:security/openssl35
HTTP3_RUN_DEPENDS=      ${LOCALBASE}/include/openssl/quic.h:security/openssl35


The compile error:

Code: 
--- vquic/libcurlu_la-curl_ngtcp2.lo ---
In file included from vquic/curl_ngtcp2.c:38:
/usr/local/include/ngtcp2/ngtcp2_crypto_quictls.h:73:3: error: unknown type name 'OSSL_ENCRYPTION_LEVEL'
   73 |   OSSL_ENCRYPTION_LEVEL ossl_level);
      |   ^
/usr/local/include/ngtcp2/ngtcp2_crypto_quictls.h:82:15: error: unknown type name 'OSSL_ENCRYPTION_LEVEL'
   82 | NGTCP2_EXTERN OSSL_ENCRYPTION_LEVEL
      |               ^
--- vquic/libcurlu_la-curl_quiche.lo ---

...
...

--- vquic/libcurlu_la-curl_ngtcp2.lo ---
vquic/curl_ngtcp2.c:2543:3: error: call to undeclared function 'SSL_set_quic_use_legacy_codepoint'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration]
 2543 |   SSL_set_quic_use_legacy_codepoint(ctx->tls.ossl.ssl, 0);
      |   ^
3 errors generated.
*** [vquic/libcurlu_la-curl_ngtcp2.lo] Error code 1

make[2]: stopped in /construction/xports/ftp/curl/work/curl-8.14.1/lib
 
I don't have it in openssl35, but I use openssl from pkg rather then ports build one, so depending on your ports options you might have it in openssl35 , too

Does
Code: 
# readelf -Ws /usr/local/lib/libssl.so | grep SSL_set_quic_use_legacy_codepoint
list it?

With openssl-quictls it lists
Code: 
# readelf -Ws /usr/local/lib/libssl.so | grep SSL_set_quic_use_legacy_codepoint   
   923: 000000000005b4c0    27 FUNC    GLOBAL DEFAULT   14 SSL_set_quic_use_legacy_codepoint@@OPENSSL_3.0.0
over here
 
No, it does not list it which is odd. I'm using OpneSSL 3.5.1 now with Nginx for HTTP/3 support and it's working just fine.
 
The following is hackish but it compiles
curl --http3-only https://example.org
<!doctype html>
<html>
<head>
<title>Example Domain</title>


Diff: 
diff --git a/ftp/curl/Makefile b/ftp/curl/Makefile
index 9781ec2fbc..5addd9353e 100644
--- a/ftp/curl/Makefile
+++ b/ftp/curl/Makefile
@@ -17,61 +17,64 @@ USE_PERL5=  build
 
 CONFIGURE_ARGS=        --disable-test-bundles \
                --disable-unity \
                --disable-werror \
                --enable-dateparse \
                --enable-dnsshuffle \
                --enable-headers-api \
                --enable-hsts \
                --enable-http-auth \
                --enable-manual \
                --enable-mime \
                --enable-netrc \
                --enable-openssl-auto-load-config \
                --enable-progress-meter \
                --enable-ssls-export \
                --with-zsh-functions-dir=${LOCALBASE}/share/zsh/site-functions \
                --without-ca-bundle \
                --without-ca-path \
                --without-fish-functions-dir
 CONFIGURE_ENV= LOCALBASE=${LOCALBASE} \
+               PKG_CONFIG_PATH=${LOCALBASE}/libdata/pkgconfig \
                ac_cv_func_SSLv2_client_method=no
 GNU_CONFIGURE= yes
 INSTALL_TARGET=        install-strip
 TEST_TARGET=   test
 USE_LDCONFIG=  yes
 
 CPE_VENDOR=    haxx
 
 SHEBANG_FILES= */*.pl
 
 OPTIONS_DEFINE=        ALTSVC COOKIES CURL_DEBUG DEBUG DOCS EXAMPLES IDN IPV6 LIBUV NTLM PROXY PSL STATIC TLS_SRP
 OPTIONS_GROUP= COMPRESSION PROTOCOL
 OPTIONS_RADIO= SSL
 OPTIONS_SINGLE=        GSSAPI RESOLV
 OPTIONS_GROUP_COMPRESSION=     BROTLI ZSTD
-OPTIONS_GROUP_PROTOCOL=        DICT FTP GOPHER HTTP HTTP2 IMAP IPFS LDAP LDAPS LIBSSH LIBSSH2 MQTT POP3 RTSP SMB SMTP TELNET TFTP WEBSOCKET
+OPTIONS_GROUP_PROTOCOL=        DICT FTP GOPHER HTTP HTTP2 HTTP3 IMAP IPFS LDAP LDAPS LIBSSH LIBSSH2 MQTT POP3 RTSP SMB SMTP TELNET TFTP WEBSOCKET
 OPTIONS_RADIO_SSL=     GNUTLS OPENSSL WOLFSSL
 OPTIONS_SINGLE_GSSAPI= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT GSSAPI_NONE
 OPTIONS_SINGLE_RESOLV= CARES THREADED_RESOLVER
 OPTIONS_DEFAULT=ALTSVC BROTLI COOKIES GSSAPI_${${SSL_DEFAULT} == base :?BASE :NONE} DICT FTP GOPHER HTTP HTTP2 IDN IMAP IPFS LIBSSH2 NTLM OPENSSL POP3 PROXY PSL RTSP SMTP STATIC TELNET TFTP THREADED_RESOLVER TLS_SRP WEBSOCKET ZSTD
 OPTIONS_SUB=   yes
+HTTP3_CONFIGURE_ON= --with-nghttp3=${LOCALBASE} --with-ngtcp2=${LOCALBASE}
+HTTP3_IMPLIES= openssl
 ALTSVC_DESC=   HTTP Alternative Services support
 COOKIES_DESC=  Cookies support
 CURL_DEBUG_DESC=cURL debug memory tracking
 DICT_DESC=     DICT (RFC 2229) support
 HTTP_DESC=     HTTP/HTTPS support
 HTTP2_DESC=    HTTP/2 support (requires HTTP)
 HTTP2_IMPLIES= HTTP
 IMAP_DESC=     IMAP/IMAPS support
 IPFS_DESC=     IPFS support
 LDAPS_IMPLIES= LDAP
 LDAPS_DESC=    LDAP protocol over SSL support (requires GNUTLS/OPENSSL/WOLFSSL)
 LIBSSH_DESC=   SCP/SFTP support via libssh (requires OPENSSL)
 LIBSSH_IMPLIES=        OPENSSL
 LIBSSH2_DESC=  SCP/SFTP support via libssh2 (requires OPENSSL)
 LIBSSH2_IMPLIES=OPENSSL
 LIBUV_DESC=    Event-based tests
 LIBUV_IMPLIES= DEBUG
 MQTT_DESC=     MQTT support
 POP3_DESC=     POP3/POP3S support
 PROXY_IMPLIES= HTTP
diff --git a/net/libngtcp2/Makefile b/net/libngtcp2/Makefile
index 9827eb40c7..a12e8f1542 100644
--- a/net/libngtcp2/Makefile
+++ b/net/libngtcp2/Makefile
@@ -5,32 +5,32 @@ MASTER_SITES= https://github.com/ngtcp2/ngtcp2/releases/download/v${PORTVERSION}
 PKGNAMEPREFIX= lib
 
 MAINTAINER=    sunpoet@FreeBSD.org
 COMMENT=       Implementation of QUIC protocol
 WWW=           https://nghttp2.org/ngtcp2/ \
                https://github.com/ngtcp2/ngtcp2
 
 LICENSE=       MIT
 LICENSE_FILE=  ${WRKSRC}/COPYING
 
 USES=          libtool pathfix pkgconfig tar:xz
 
 CONFIGURE_ARGS=        --enable-lib-only \
                --with-jemalloc \
                --without-boringssl \
                --without-gnutls \
                --without-libbrotlidec \
                --without-libbrotlienc \
                --without-libev \
                --without-libnghttp3 \
-               --without-openssl \
+               --with-openssl \
                --without-wolfssl
 GNU_CONFIGURE= yes
 INSTALL_TARGET=        install-strip
 USE_LDCONFIG=  yes
 
 SLAVEDIRS=     net/libngtcp2-gnutls net/libngtcp2-wolfssl
 
 post-install:
        cd ${WRKSRC}/crypto/includes/ngtcp2/ && ${COPYTREE_SHARE} . ${STAGEDIR}${PREFIX}/include/ngtcp2
 
 .include <bsd.port.mk>
diff --git a/net/libngtcp2/pkg-plist b/net/libngtcp2/pkg-plist
index 2345c5b2ae..6eaf3bb1e9 100644
--- a/net/libngtcp2/pkg-plist
+++ b/net/libngtcp2/pkg-plist
@@ -1,14 +1,19 @@
 include/ngtcp2/ngtcp2.h
 include/ngtcp2/ngtcp2_crypto.h
 include/ngtcp2/ngtcp2_crypto_boringssl.h
 include/ngtcp2/ngtcp2_crypto_gnutls.h
 include/ngtcp2/ngtcp2_crypto_ossl.h
 include/ngtcp2/ngtcp2_crypto_picotls.h
 include/ngtcp2/ngtcp2_crypto_quictls.h
 include/ngtcp2/ngtcp2_crypto_wolfssl.h
 include/ngtcp2/version.h
 lib/libngtcp2.a
 lib/libngtcp2.so
 lib/libngtcp2.so.16
 lib/libngtcp2.so.16.3.1
+lib/libngtcp2_crypto_ossl.a
+lib/libngtcp2_crypto_ossl.so
+lib/libngtcp2_crypto_ossl.so.0
+lib/libngtcp2_crypto_ossl.so.0.0.0
 libdata/pkgconfig/libngtcp2.pc
+libdata/pkgconfig/libngtcp2_crypto_ossl.pc
 
Sorry, but that doesn't work for me.

Code: 
configure: Added /usr/local/lib to CURL_LIBRARY_PATH
configure: error: the detected TLS library does not support QUIC, making --with-ngtcp2 a no-no
===>  Script "configure" failed unexpectedly.

OpenSSL 3.5.1 is installed, and QUIC is enabled in it.
 
Did you put DEFAULT_VERSIONS+=ssl=openssl35 in make.conf. i also recompiled the other dependencies with that setting in make.conf
 
Thank you, it works now.

The issue now is how to keep it. As soon as I do a sudo gitup ports, all the changes will be lost.

Should I submit these changes as a partial patch and see if the maintainer will complete it?
 
The diff is a bit hackish for the ports tree. You can use pkg lock to prevent the curl and the dependencies to be reinstalled/upgraded by pkg
 
Mayhem30 said:
Thank you, it works now.

The issue now is how to keep it. As soon as I do a sudo gitup ports, all the changes will be lost.

Should I submit these changes as a partial patch and see if the maintainer will complete it?
Click to expand...
Edit misread. Yeah try to point the maintaners to this preliminary diff. Probably best done on bugs.freebsd.org
 
Maybe submit it as a new port curl-quic or so?

That way, the disruption to the curl port is mitigated.

I think there was or is a distinct openssl-quic port just for that reason....
 
jsm Do I have your permission to use that diff you created and submit it on bugs.freebsd.org so a couple of us can create an official HTTP/3 patch for cURL?
 
You should really look into using another lib than OpenSSL as mixing multiple versions or not using base is kinda like asking for problems
 
  • Like
Reactions: jsm
I have GnuTLS working in my overlay repo but I'm waiting on upstream to clarify how multiple SSL backends are supposed to work/co-exist
 
Thank you, but I won't be able to use that as I already have OpenSSL 3.5 installed (for QUIC support in Nginx).
 
You must log in or register to reply here.
Back
Top