termux-packages icon indicating copy to clipboard operation
termux-packages copied to clipboard
verified publisher icon termux

Missing HTTP/3 support in curl

Open Kartatz opened this issue 2 years ago • 11 comments

Problem description

As of curl 8.5.0, HTTP/3 support is no longer considered experimental when built with the ngtcp2 backend (see https://github.com/curl/curl/commit/5f78cf503c786a1d48d13528dde038bccfa6c67c). However, the latest curl release in the Termux repository doesn't have HTTP/3 support enabled.

What steps will reproduce the bug?

Update curl to latest version.

What is the expected behavior?

Curl releases shipped with HTTP/3 support enabled.

System information

Doesn't matter.

Kartatz avatar Dec 06 '23 15:12 Kartatz

https://curl.se/docs/http3.html says:

OpenSSL does not offer the required APIs for building a QUIC client. You need to use a TLS library that has such APIs and that works with ngtcp2.

So to add HTTP/3 support we either need to switch curl's TLS backend to GnuTLS or WolfSSL, or switch our distribution of OpenSSL to, or separately package, quictls, the Microsoft/Akamai fork that adds QUIC support. curl also apparently supports being built with multiple TLS backends. If I understand how it works, we could add GnuTLS or WolfSSL for HTTP/3 and use the existing OpenSSL backend otherwise. Personally I'd go with the latter, keeping the OpenSSL backend and adding GnuTLS, which is already installed by default as it's a dependency of apt and dpkg. Either way, do we package ngtcp2 and nghttp3 separately?

Edit: This is outdated. OpenSSL 3.2 does support QUIC. So to PR linked below is fine.

landfillbaby avatar Dec 06 '23 18:12 landfillbaby

https://curl.se/docs/http3.html says:

OpenSSL does not offer the required APIs for building a QUIC client. You need to use a TLS library that has such APIs and that works with ngtcp2.

So to add HTTP/3 support we either need to switch curl's TLS backend to GnuTLS or WolfSSL, or switch our distribution of OpenSSL to the Microsoft/Akamai fork that adds QUIC support.

Both GnuTLS and WolfSSL are packaged, so while not trivial - and maybe warranting a version epoch bump(?) - it should be a pretty painless switch. Again, not accounting for unforeseen complications.

TomJo2000 avatar Dec 06 '23 18:12 TomJo2000

IMO a seperate package named libcurl-gnutls should be added, and make it confilcts, provides libcurl.

licy183 avatar Dec 07 '23 01:12 licy183

Hello, I have tried to add HTP3 support. If anyone needs Screenshot_2024-02-11-13-35-55-312_com termux it, I can PR it

lateautumn233 avatar Feb 11 '24 05:02 lateautumn233

Thank you for your attention to this issue. But I'm afraid that there is some other thing blocking this.

libcurl is an essential package in Termux. Enabling this feature will make other packages (nghttp3 and ngtcp2) essential too, but these packages are not used by other packages. Adding two essential packages to bootstrap but only enabling a barely used feature is actually not acceptable to me.

Furthermore, it is difficult to decide which TLS+QUIC library to use. Using quictls will make it hard to maintain openssl. Using gnutls will package many essential libraries (gnutls, libgmp, libnettle, libidn2, libiconv, libunistring, libunbound, libevent). Using wolfssl will also package it as essential library.

licy183 avatar Feb 11 '24 06:02 licy183

Thank you for your attention to this issue. But I'm afraid that there is some other thing blocking this.

libcurl is an essential package in Termux. Enabling this feature will make other packages (nghttp3 and ngtcp2) essential too, but these packages are not used by other packages. Adding two essential packages to bootstrap but only enabling a barely used feature is actually not acceptable to me.

Furthermore, it is difficult to decide which TLS+QUIC library to use. Using quictls will make it hard to maintain openssl. Using gnutls will package many essential libraries (gnutls, libgmp, libnettle, libidn2, libiconv, libunistring, libunbound, libevent). Using wolfssl will also package it as essential library.

https://github.com/curl/curl/blob/master/docs/HTTP3.md#openssl-version We don't need to make any modifications to OpenSSL

lateautumn233 avatar Feb 11 '24 06:02 lateautumn233

Using openssl as TLS+QUIC library will also mark nghttp3 and/or ngtcp2 essential.

My ideal solution would be to make libcurl-http3 a standalone package, which could provide libcurl.so or anything else, instead of packaging this feature into libcurl itself (which will add lots of dependencies). .

licy183 avatar Feb 11 '24 06:02 licy183

Using openssl as TLS+QUIC library will also mark nghttp3 and/or ngtcp2 essential.

My ideal solution would be to make libcurl-http3 a standalone package, which could provide libcurl.so or anything else, instead of packaging this feature into libcurl itself (which will add lots of dependencies). .

Actually, all you need to do is add nghttp3

lateautumn233 avatar Feb 11 '24 06:02 lateautumn233

I still don't think it is a proper way to enable this feature directly in libcurl. There is currently little commonly-used Linux Distro enabling this feature in their main repository, and I am negative about adding nghttp3 as essential package because it is used by libcurl only and HTTP/3 is not barely used currently.

Maybe other maintainers have something to say.

licy183 avatar Feb 11 '24 07:02 licy183

There is currently little commonly-used Linux Distro enabling this feature in their main repository

FWIW archlinux has enabled nghttp3 support for curl recently. [1][2]

[1] https://gitlab.archlinux.org/archlinux/packaging/packages/curl/-/issues/3#note_158654 [2] https://gitlab.archlinux.org/archlinux/packaging/packages/curl/-/commit/b60348c6695d0db05819005f528c23ee3c1d324b

GalaxySnail avatar Feb 11 '24 10:02 GalaxySnail

OK. I'll enable this feature in libcurl rather than add a new package.

licy183 avatar Feb 11 '24 13:02 licy183