quic: require at least OpenSSL 3.3 for QUIC

author Stefan Eissing <stefan@eissing.org>

Wed, 26 Jun 2024 09:19:26 +0000 (11:19 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 26 Jun 2024 11:21:52 +0000 (13:21 +0200)
author Stefan Eissing <stefan@eissing.org>
Wed, 26 Jun 2024 09:19:26 +0000 (11:19 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 26 Jun 2024 11:21:52 +0000 (13:21 +0200)
diff --git a/configure.ac b/configure.ac

index f354cd8bd192e8af79e688c54ecc22737bbb0ae4..291484b93063a5cdacd8240594b3e149438fee60 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -3189,7 +3189,7 @@ if test "x$want_openssl_quic" = "xyes"; then
      AC_MSG_ERROR([--with-openssl-quic and --with-ngtcp2 are mutually exclusive])
    fi
    if test "$HAVE_OPENSSL_QUIC" != 1; then
-    AC_MSG_ERROR([--with-openssl-quic requires quic support in OpenSSL])
+    AC_MSG_ERROR([--with-openssl-quic requires quic support and OpenSSL >= 3.3.0])
    fi
    AC_DEFINE(USE_OPENSSL_QUIC, 1, [if openssl QUIC is in use])
    AC_SUBST(USE_OPENSSL_QUIC, [1])
diff --git a/lib/cf-socket.c b/lib/cf-socket.c

index 9554b4904aa4f1e445d47cc3a28263ae69da8e4c..6ff5bdf22664a30de304f0bc4868a141f3e67584 100644 (file)
--- a/lib/cf-socket.c
+++ b/lib/cf-socket.c
@@ -1856,18 +1856,12 @@ static CURLcode cf_udp_setup_quic(struct Curl_cfilter *cf,
    /* QUIC needs a connected socket, nonblocking */
    DEBUGASSERT(ctx->sock != CURL_SOCKET_BAD);
  
-#if defined(__APPLE__) && defined(USE_OPENSSL_QUIC)
-  (void)rc;
-  /* On macOS OpenSSL QUIC fails on connected sockets.
-   * see: <https://github.com/openssl/openssl/issues/23251> */
-#else
    rc = connect(ctx->sock, &ctx->addr.sa_addr,
                 (curl_socklen_t)ctx->addr.addrlen);
    if(-1 == rc) {
      return socket_connect_result(data, ctx->ip.remote_ip, SOCKERRNO);
    }
    ctx->sock_connected = TRUE;
-#endif
    set_local_ip(cf, data);
    CURL_TRC_CF(data, cf, "%s socket %" CURL_FORMAT_SOCKET_T
                " connected: [%s:%d] -> [%s:%d]",
diff --git a/lib/vquic/curl_osslq.c b/lib/vquic/curl_osslq.c

index f9fde75cc09906836121c30e816e91c1fe999e72..0d104f32f14ef7b29c696e21a2274970f6757143 100644 (file)
--- a/lib/vquic/curl_osslq.c
+++ b/lib/vquic/curl_osslq.c
@@ -1442,19 +1442,12 @@ static CURLcode h3_send_streams(struct Curl_cfilter *cf,
      for(i = 0; (i < n) && !blocked; ++i) {
        /* Without stream->s.ssl, we closed that already, so
         * pretend the write did succeed. */
-#ifdef SSL_WRITE_FLAG_CONCLUDE
-      /* Since OpenSSL v3.3.x, on last chunk set EOS if needed  */
        uint64_t flags = (eos && ((i + 1) == n))? SSL_WRITE_FLAG_CONCLUDE : 0;
        written = vec[i].len;
        ok = !s->ssl || SSL_write_ex2(s->ssl, vec[i].base, vec[i].len, flags,
                                     &written);
        if(ok && flags & SSL_WRITE_FLAG_CONCLUDE)
          eos_written = TRUE;
-#else
-      written = vec[i].len;
-      ok = !s->ssl || SSL_write_ex(s->ssl, vec[i].base, vec[i].len,
-                                   &written);
-#endif
        if(ok) {
          /* As OpenSSL buffers the data, we count this as acknowledged
           * from nghttp3's point of view */
diff --git a/m4/curl-openssl.m4 b/m4/curl-openssl.m4

index b9a4729c2143e82f40647534dece63d82d5b0716..3f01645a25dea29d1f2996cc48c8ace141418337 100644 (file)
--- a/m4/curl-openssl.m4
+++ b/m4/curl-openssl.m4
@@ -429,11 +429,14 @@ dnl ---
  dnl We may use OpenSSL QUIC.
  dnl ---
  if test "$OPENSSL_ENABLED" = "1"; then
-  AC_MSG_CHECKING([for QUIC support in OpenSSL])
+  AC_MSG_CHECKING([for QUIC support and OpenSSL >= 3.3])
    AC_LINK_IFELSE([
      AC_LANG_PROGRAM([[
  #include <openssl/ssl.h>
      ]],[[
+      #if (OPENSSL_VERSION_NUMBER < 0x30300000L)
+      #error need at least version 3.3.0
+      #endif
        OSSL_QUIC_client_method();
      ]])
    ],[
author	Stefan Eissing <stefan@eissing.org>
	Wed, 26 Jun 2024 09:19:26 +0000 (11:19 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 26 Jun 2024 11:21:52 +0000 (13:21 +0200)
configure.ac		patch \| blob \| blame \| history
lib/cf-socket.c		patch \| blob \| blame \| history
lib/vquic/curl_osslq.c		patch \| blob \| blame \| history
m4/curl-openssl.m4		patch \| blob \| blame \| history