From f9505b92acdb9879272694e97773151f771cbbfa Mon Sep 17 00:00:00 2001 From: Tristan Date: Fri, 4 Nov 2022 13:21:37 +0000 Subject: [PATCH] Use QuicTLS 1.1.1s In light of Willy's comments on https://github.com/haproxy/haproxy/issues/1903#issuecomment-1302171732, we should use an OpenSSL base of 1.1.1, to avoid the massive performance penalty of 3.x (with HAProxy at least). So undo the QuicTLS 3.0.7 revert (from 1.1.1q) and upgrade to QuicTLS 1.1.1s We should hear more details after HAProxyConf on the exact metrics, and in general in the future about the state of LibreSSL/WolfSSL/etc as alternatives. --- deps/quictls/Makefile | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/deps/quictls/Makefile b/deps/quictls/Makefile index 6fc1b6c..82ac8dc 100644 --- a/deps/quictls/Makefile +++ b/deps/quictls/Makefile @@ -1,8 +1,9 @@ -OPENSSL_VERSION = 3.0.7 +OPENSSL_VERSION = 1.1.1s BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD) QUICTLS_BUILD_VERSION = quic-mangadex-$(BUILD_VERSION_REPOSHA) +QUICTLS_TAG = OpenSSL_$(subst .,_,$(OPENSSL_VERSION))+quic1 -QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/openssl-$(OPENSSL_VERSION)+quic +QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_TAG) QUICTLS_TARBALL = quictls-$(OPENSSL_VERSION).tar.gz QUICTLS_BUILDIR = src QUICTLS_DESTDIR = dist @@ -19,11 +20,9 @@ $(QUICTLS_BUILDIR): $(QUICTLS_TARBALL) tar -C $(QUICTLS_BUILDIR) --strip-components=1 -xf "$(QUICTLS_TARBALL)" build: $(QUICTLS_BUILDIR) - cd "$(QUICTLS_BUILDIR)" && ! [ -f "VERSION.dat.orig" ] && mv -fv "VERSION.dat" "VERSION.dat.orig" || true - cd "$(QUICTLS_BUILDIR)" && sed 's/^BUILD_METADATA.*/BUILD_METADATA=$(QUICTLS_BUILD_VERSION)/g' "VERSION.dat.orig" > "VERSION.dat.meta" - cd "$(QUICTLS_BUILDIR)" && sed 's/^RELEASE_DATE.*/RELEASE_DATE="$(shell date -u +'%e %b %Y')"/g' "VERSION.dat.meta" > "VERSION.dat" - cd "$(QUICTLS_BUILDIR)" && CC=cc ./Configure --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" -DPURIFY no-shared - $(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA) build_sw + cd "$(QUICTLS_BUILDIR)" && sed -i 's/^# define OPENSSL_VERSION_TEXT.*$\/# define OPENSSL_VERSION_TEXT "OpenSSL $(OPENSSL_VERSION)+$(QUICTLS_BUILD_VERSION) $(shell date -u +'%e %b %Y')"/g' "include/openssl/opensslv.h" + cd "$(QUICTLS_BUILDIR)" && CC=cc ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" no-shared + $(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA) "$(QUICTLS_BUILDIR)/apps/openssl" version $(MAKE) buildinfo_$(shell uname -s)