openssl/quictls support

[brbzull0]

Apache Traffic Server uses this library for handling the QUIC side of things of H3, as a part of this effort we plan to use quictls as the cryptography library, this is an effort(I work for Yahoo) to support that.

---

This PR includes all the previous work done in the openssl branch.

Design Notes

As some of the API are different between vendors, I have added two sub-modules to handle the specifics, for both, tls and the crypto module. The specifics of course are coded inside each submodule:
BoringSSL:

• borinssl_crypto.rs
• borinssl_tls.rs

OpenSSL/quictls:

• openssl_quictls_crypto.rs
• openssl_quictls_tls.rs

Each sub-module will be compiled depending on the feature you use (openssl or boringssl vendor) from the main module(tls, crypto).

Features

0-RTT Is not supported in this PR. It will be added afterwards. This is reflected in the README.

CI

• we need to work around having openssl/quitls build and let quiche use it.
• pkg-config seems not to be installed as build-dependency

Building notes for testing.

• Make sure you have the openssl library in your LD_LIBRARY_PATH and the right path inside the PKG_CONFIG_PATH
• Add openssl in the cargo --features list

I am using openssl/quictls 3 for this implementation.

[brbzull0]

CI need to include openssl/quictls so we know we are passing all build/tests with the each vendor.

[Eimji]

Hello,

I am working on a mobile application which allows to use encrypted DNS (Android for the moment, iOS right after).
I tested quiche with a little proto on Android, it works great (thanks!). So I wanted to integrate quiche into my application to develop DoQ and DoH3, but I got compilation errors due to conflicts with OpenSSL. Yes, I use OpenSSL 3.2 to enable DoT and DoH.

It would be great if we can have a pluggable TLS vendor.

@brbzull0 As OpenSSL 3.2 supports now QUIC (not all features), your PR will support legacy OpenSSL > 3.2 or only quictls? Thanks for your work.

[brbzull0]

Hello,

I am working on a mobile application which allows to use encrypted DNS (Android for the moment, iOS right after). I tested quiche with a little proto on Android, it works great (thanks!). So I wanted to integrate quiche into my application to develop DoQ and DoH3, but I got compilation errors due to conflicts with OpenSSL. Yes, I use OpenSSL 3.2 to enable DoT and DoH.

It would be great if we can have a pluggable TLS vendor.

@brbzull0 As OpenSSL 3.2 supports now QUIC (not all features), your PR will support legacy OpenSSL > 3.2 or only quictls? Thanks for your work.

Hello @Eimji . The plan is only quictls for now. Thanks for having a look

[brbzull0]

Making this ready for review so we can gather some input. Thanks.

cc: @ghedo

[brbzull0]

I think is worth having this link here, in case we want to discuss about it.

[LPardue]

A few nits but overall looks good

[LPardue]

Should we add the commit ID in the comment to make tracking more easy?

[LPardue]

Suggested change

	// openssl does not provide a straight interface to deal with custom
	// openssl does not provide a straightforward interface to deal with custom

[LPardue]

hangover that needs cleanup. Probably a noop or maybe an assert?

[brbzull0]

Saw that we need to rebase, I do not know if you guys are doing anything with this branch so I do not want to force push a and break anything on your side.
Can I go ahead and rebae & force push?

Thanks.

[ghedo]

@brbzull0 I was going to do it, just got delayed by travel. Thanks for your work, this is merged now!

[brbzull0]

@brbzull0 I was going to do it, just got delayed by travel. Thanks for your work, this is merged now!

great stuff!
@ghedo @LPardue Thanks a lot gents!