ср, 2 февр. 2022 г. в 21:51, Frederic Lecaille :
> On 1/31/22 6:22 AM, Илья Шипицин wrote:
> > Hello,
> >
> > 0001 .. 0003 are "pre QUIC" patches
> > 0004 .. 0006 are most questionable QUIC part
> > 0007 is very simple
> >
> >
> > we can discuss whether BoringSSL should be
> > 1) dropped completely
> > 2) supported, but no QUIC
> > 3) supported for QUIC as well
> >
> > as for "3)" I've checked current state of QUICTLS, looks like its future
> > is not clear, it is not updated since mid december 2021, also it is not
> > clear whether OpenSSL is going to accept it or not.
> >
> > thanks,
> > Ilya
>
> Hello Ilya,
>
> As said by William, we do not support BoringSSL for QUIC. The functions
> (QUIC specific or not) which are not supported by BoringSSL must be
> added to openssl-compat.h. Have a look to this section:
>
>
> #ifdef OPENSSL_IS_BORINGSSL
> /*
> * Functions missing in BoringSSL
> */
>
>
> So, please add missing BoringSSL functions in this file. Obviously they
> will do nothing for QUIC.
>
that may work for some patches.
however, some commits broke "ifdef" layout:
0005 - ctx <--> tls_ctx ? there's nothing to move to openssl-compat.h. or
I am wrong ?
- if (!(ctx->rx.key = pool_alloc(pool_head_quic_tls_key)))
+ if (!(tls_ctx->rx.key = pool_alloc(pool_head_quic_tls_key)))
goto err;
0004 - ifdef makes "BoringSSL" part just wrong. I do not think fix is
possible to be delivered to openssl-compat.h
+ goto abort;
#else
if (!SSL_client_hello_get0_ext(ssl, qc->tps_tls_ext,
_data, _len))
-#endif
{
/* This is not redundant. It we only return 0 without
setting
* <*al>, this has as side effect to generate another
TLS alert
@@ -2519,6 +2519,7 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
quic_set_tls_alert(qc, SSL_AD_MISSING_EXTENSION);
return 0;
}
+#endif
> Fred.
>