FS#72243 - [curl] enable http3/quic

Attached to Project: Arch Linux
Opened by Feng Yu (abcfy2) - Sunday, 26 September 2021, 16:24 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:23 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To Christian Hesse (eworm)
Leonidas Spyropoulos (inglor)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 8
Private No

Details

Description:

Please consider enable https/quic in curl.

https://www.linuxfromscratch.org/blfs/view/svn/basicnet/curl.html add [quiche](https://github.com/cloudflare/quiche) will support http3


Additional info:
* package version(s) 7.79.1
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:
This task depends upon

Closed by  Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:23 GMT
Reason for closing:  Moved
Additional comments about closing:  https://gitlab.archlinux.org/archlinux/p ackaging/packages/curl/issues/3
Comment by Feng Yu (abcfy2) - Sunday, 26 September 2021, 16:25 GMT
```
curl --http3 -Lv --compressed https://cloudflare-quic.com/  ✔
curl: option --http3: the installed libcurl version doesn't support this
curl: try 'curl --help' for more information
```
Comment by loqs (loqs) - Sunday, 26 September 2021, 20:07 GMT
http3 support in curl is still experimental? [1]
Providing http3 support using quiche instead of ngtcp2 would mean switching from openssl to boringssl for ssl support in curl?

[1] https://github.com/curl/curl/blob/master/docs/HTTP3.md
Comment by Feng Yu (abcfy2) - Monday, 27 September 2021, 01:52 GMT
Oh, I just read the LFS document and find it use both ngtcp2 and quiche: https://www.linuxfromscratch.org/blfs/view/svn/basicnet/curl.html

And I find LFS use GnuTLS not openssl.

Thanks.
Comment by Feng Yu (abcfy2) - Monday, 27 September 2021, 02:28 GMT
Oh, I just read the LFS document and find it use both ngtcp2 and quiche: https://www.linuxfromscratch.org/blfs/view/svn/basicnet/curl.html

And I find LFS use GnuTLS not openssl.

Thanks.
Comment by Feng Yu (abcfy2) - Monday, 27 September 2021, 02:55 GMT
Hi @loqs. I try to compile curl myself in my debian sid matchine. And I find boringssl is static linked to libquiche. And curl will not use http3 by default. So I think it's safe to add this feature.

Here is what I do:

Compile quiche follow offcial doc using rust:

$ git clone --depth 1 --recursive --shallow-submodules https://github.com/cloudflare/quiche
$ cd quiche
# This build command is from curl: https://github.com/curl/curl/blob/master/docs/HTTP3.md#quiche-version
$ cargo build --release --features ffi,pkg-config-meta,qlog
$ file target/release/libquiche.*
target/release/libquiche.a: current ar archive
target/release/libquiche.d: ASCII text, with very long lines
target/release/libquiche.rlib: current ar archive
target/release/libquiche.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=cf23ba1150c5942b151d89c4e95fb860fe2227b5, with debug_info, not stripped

# No boringssl linked found, so it's static linked.
$ ldd target/release/libquiche.so
linux-vdso.so.1 (0x00007ffcdcb51000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007feee452a000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007feee4509000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007feee43c4000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007feee43be000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007feee41f9000)
/lib64/ld-linux-x86-64.so.2 (0x00007feee479f000)

# Manually install libquiche to global lib
$ sudo mkdir -p /usr/local/lib/pkgconfig
$ sudo cp target/release/libquiche.a target/release/libquiche.so /usr/local/lib/
$ sudo cp target/release/quiche.pc /usr/local/lib/pkgconfig/
$ sudo ldconfig

Then compile curl in curl source code directory:
$ ./configure --with-openssl --with-libssh2 --with-quiche
...
configure: Configured to build curl/libcurl:

Host setup: x86_64-pc-linux-gnu
Install prefix: /usr/local
Compiler: gcc
CFLAGS: -Werror-implicit-function-declaration -O2 -Wno-system-headers -Wenum-conversion -pthread
CPPFLAGS: -isystem /home/vagrant/quiche/include
LDFLAGS: -L/home/vagrant/quiche/target/release
LIBS: -lquiche -lnghttp2 -lidn2 -lrtmp -lssh2 -lssh2 -lgsasl -lpsl -lssl -lcrypto -lssl -lcrypto -lldap -llber -lzstd -lbrotlidec -lz

curl version: 7.79.1
SSL: enabled (OpenSSL)
SSH: enabled (libSSH2)
zlib: enabled
brotli: enabled (libbrotlidec)
zstd: enabled (libzstd)
GSS-API: no (--with-gssapi)
GSASL: enabled
TLS-SRP: enabled
resolver: POSIX threaded
IPv6: enabled
Unix sockets: enabled
IDN: enabled (libidn2)
Build libcurl: Shared=yes, Static=yes
Built-in manual: enabled
--libcurl option: enabled (--disable-libcurl-option)
Verbose errors: enabled (--disable-verbose)
Code coverage: disabled
SSPI: no (--enable-sspi)
ca cert bundle: /etc/ssl/certs/ca-certificates.crt
ca cert path: no
ca fallback: no
LDAP: enabled (OpenLDAP)
LDAPS: enabled
RTSP: enabled
RTMP: enabled (librtmp)
PSL: enabled
Alt-svc: enabled (--disable-alt-svc)
HSTS: enabled (--disable-hsts)
HTTP1: enabled (internal)
HTTP2: enabled (nghttp2)
HTTP3: enabled (quiche)
ECH: no (--enable-ech)
Protocols: DICT FILE FTP FTPS GOPHER GOPHERS HTTP HTTPS IMAP IMAPS LDAP LDAPS MQTT POP3 POP3S RTMP RTSP SCP SFTP SMB SMBS SMTP SMTPS TELNET TFTP
Features: AsynchDNS GSASL HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Largefile NTLM NTLM_WB PSL SSL TLS-SRP UnixSockets alt-svc brotli libz zstd

WARNING: HTTP3 enabled but marked EXPERIMENTAL. Use with caution!

$ make -j$(nproc)
$ sudo make install
$ sudo ldconfig

Here is the result:
$ curl -V
curl 7.79.1 (x86_64-pc-linux-gnu) libcurl/7.79.1 OpenSSL/1.1.1l zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.10.0 nghttp2/1.43.0 quiche/0.10.0 librtmp/2.3 libgsasl/1.10.0 OpenLDAP/2.4.59
Release-Date: 2021-09-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli gsasl HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL TLS-SRP UnixSockets zstd

$ curl -I --compressed https://cloudflare-quic.com/
HTTP/2 200
date: Mon, 27 Sep 2021 02:55:18 GMT
content-type: text/html
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 695173cd6e293161-LAX
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

$ curl --http3 -I --compressed https://cloudflare-quic.com/
HTTP/3 200
date: Mon, 27 Sep 2021 02:55:34 GMT
content-type: text/html
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
server: cloudflare
cf-ray: 6951742fa8195295-LAX
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Thanks.
Comment by Feng Yu (abcfy2) - Monday, 27 September 2021, 02:57 GMT
But the best build step is just follow curl docuemnt I think: https://github.com/curl/curl/blob/master/docs/HTTP3.md#quiche-version

No openssl is needed and boringssl is static linked.
Comment by Kristian (klausenbusk) - Sunday, 02 April 2023, 15:08 GMT
curl supports HTTP3/QUIC using wolfSSL now[1][2], perhaps that is a more feasible option? Instead of a OpenSSL fork.

[1] https://daniel.haxx.se/blog/2022/08/15/quic-and-http-3-with-wolfssl/
[2] https://github.com/curl/curl/blob/curl-8_0_1/docs/HTTP3.md#build-with-wolfssl

Loading...