emo/haproxy
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

Use QuicTLS 1.1.1s

Browse Source 
In light of Willy's comments on
https://github.com/haproxy/haproxy/issues/1903#issuecomment-1302171732,
we should use an OpenSSL base of 1.1.1, to avoid the massive performance
penalty of 3.x (with HAProxy at least).

So undo the QuicTLS 3.0.7 revert (from 1.1.1q) and upgrade to QuicTLS 1.1.1s

We should hear more details after HAProxyConf on the exact metrics, and
in general in the future about the state of LibreSSL/WolfSSL/etc as
alternatives.
This commit is contained in:
Tristan 2022-11-04 13:21:37 +00:00
parent e89a9aa9f6
commit f9505b92ac
No known key found for this signature in database
GPG Key ID: BDDFC4A0651ACDE4
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
deps/quictls/Makefile vendored
View File

@ -1,8 +1,9 @@
OPENSSL_VERSION = 3.0.7
OPENSSL_VERSION = 1.1.1s
BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD)
QUICTLS_BUILD_VERSION = quic-mangadex-$(BUILD_VERSION_REPOSHA)
QUICTLS_TAG = OpenSSL_$(subst .,_,$(OPENSSL_VERSION))+quic1
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/openssl-$(OPENSSL_VERSION)+quic
QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_TAG)
QUICTLS_TARBALL = quictls-$(OPENSSL_VERSION).tar.gz
QUICTLS_BUILDIR = src
QUICTLS_DESTDIR = dist
@ -19,11 +20,9 @@ $(QUICTLS_BUILDIR): $(QUICTLS_TARBALL)
tar -C $(QUICTLS_BUILDIR) --strip-components=1 -xf "$(QUICTLS_TARBALL)"
build: $(QUICTLS_BUILDIR)
cd "$(QUICTLS_BUILDIR)" && ! [ -f "VERSION.dat.orig" ] && mv -fv "VERSION.dat" "VERSION.dat.orig" || true
cd "$(QUICTLS_BUILDIR)" && sed 's/^BUILD_METADATA.*/BUILD_METADATA=$(QUICTLS_BUILD_VERSION)/g' "VERSION.dat.orig" > "VERSION.dat.meta"
cd "$(QUICTLS_BUILDIR)" && sed 's/^RELEASE_DATE.*/RELEASE_DATE="$(shell date -u +'%e %b %Y')"/g' "VERSION.dat.meta" > "VERSION.dat"
cd "$(QUICTLS_BUILDIR)" && CC=cc ./Configure --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" -DPURIFY no-shared
$(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA) build_sw
cd "$(QUICTLS_BUILDIR)" && sed -i 's/^# define OPENSSL_VERSION_TEXT.*$\/# define OPENSSL_VERSION_TEXT "OpenSSL $(OPENSSL_VERSION)+$(QUICTLS_BUILD_VERSION) $(shell date -u +'%e %b %Y')"/g' "include/openssl/opensslv.h"
cd "$(QUICTLS_BUILDIR)" && CC=cc ./config --prefix="/opt/quictls" --openssldir="/opt/quictls" --libdir="lib" no-shared
$(MAKE) -C "$(QUICTLS_BUILDIR)" -j "$(shell nproc)" VERSION=$(OPENSSL_VERSION)+quic-mangadex-$(BUILD_VERSION_REPOSHA)
"$(QUICTLS_BUILDIR)/apps/openssl" version
$(MAKE) buildinfo_$(shell uname -s)