emo/haproxy
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Use QuicTLS 1.1.1s

Browse Source 
In light of Willy's comments on
https://github.com/haproxy/haproxy/issues/1903#issuecomment-1302171732,
we should use an OpenSSL base of 1.1.1, to avoid the massive performance
penalty of 3.x (with HAProxy at least).

So undo the QuicTLS 3.0.7 revert (from 1.1.1q) and upgrade to QuicTLS 1.1.1s

We should hear more details after HAProxyConf on the exact metrics, and
in general in the future about the state of LibreSSL/WolfSSL/etc as
alternatives.
This commit is contained in:
Tristan 2022-11-04 13:21:37 +00:00
parent e89a9aa9f6
commit f9505b92ac
No known key found for this signature in database
GPG Key ID: BDDFC4A0651ACDE4
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
deps/quictls/Makefile vendored
View File

@ -1,8 +1,9 @@
OPENSSL_VERSION = 3.0.7 OPENSSL_VERSION = 1.1.1s
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD) BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
QUICTLS_BUILD_VERSION = quic-mangadex-$(BUILD_VERSION_REPOSHA) QUICTLS_BUILD_VERSION = quic-mangadex-$(BUILD_VERSION_REPOSHA)
QUICTLS_TAG = OpenSSL_$(subst .,_,$(OPENSSL_VERSION))+quic1
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/openssl-$(OPENSSL_VERSION)+quic QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_TAG)
QUICTLS_TARBALL = quictls-$(OPENSSL_VERSION).tar.gz QUICTLS_TARBALL = quictls-$(OPENSSL_VERSION).tar.gz
QUICTLS_BUILDIR = src QUICTLS_BUILDIR = src
QUICTLS_DESTDIR = dist QUICTLS_DESTDIR = dist
@ -19,11 +20,9 @@ $(QUICTLS_BUILDIR): $(QUICTLS_TARBALL)
tar -C $(QUICTLS_BUILDIR) --strip-components=1 -xf "$(QUICTLS_TARBALL)" tar -C $(QUICTLS_BUILDIR) --strip-components=1 -xf "$(QUICTLS_TARBALL)"
build: $(QUICTLS_BUILDIR) build: $(QUICTLS_BUILDIR)
cd "$(QUICTLS_BUILDIR)" && ! [ -f "VERSION.dat.orig" ] && mv -fv "VERSION.dat" "VERSION.dat.orig" || true cd "$(QUICTLS_BUILDIR)" && sed -i 's/^# define OPENSSL_VERSION_TEXT.*$\/# define OPENSSL_VERSION_TEXT "OpenSSL $(OPENSSL_VERSION)+$(QUICTLS_BUILD_VERSION) $(shell date -u +'%e %b %Y')"/g' "include/openssl/opensslv.h"
cd "$(QUICTLS_BUILDIR)" && sed 's/^BUILD_METADATA.*/BUILD_METADATA=$(QUICTLS_BUILD_VERSION)/g' "VERSION.dat.orig" > "VERSION.dat.meta" cd "$(QUICTLS_BUILDIR)" && CC=cc ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" no-shared
cd "$(QUICTLS_BUILDIR)" && sed 's/^RELEASE_DATE.*/RELEASE_DATE="$(shell date -u +'%e %b %Y')"/g' "VERSION.dat.meta" > "VERSION.dat" $(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA)
cd "$(QUICTLS_BUILDIR)" && CC=cc ./Configure --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" -DPURIFY no-shared
$(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA) build_sw
"$(QUICTLS_BUILDIR)/apps/openssl" version "$(QUICTLS_BUILDIR)/apps/openssl" version
$(MAKE) buildinfo_$(shell uname -s) $(MAKE) buildinfo_$(shell uname -s)