Mirrors/curl
0
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-01-18 17:21:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

vquic: drop support for OpenSSL-QUIC

Browse Source 
- It is slower and uses more memory than the alternatives and is only
  experimental in curl.
- We disable a few tests for OpenSSL-QUIC because of flakiness
- It gets little attention from OpenSSL and we have no expectation of the
  major flaws getting corrected anytime soon.
- No one has spoken up for keeping it
- curl users building with vanilla OpenSSL can still use QUIC through the
  means of ngtcp2

Closes #20226
This commit is contained in:
Daniel Stenberg
2026-01-17 22:49:28 +01:00
parent 6c31df453b
commit 6aaac9dd38
22 changed files with 17 additions and 2719 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
.github/workflows/http3-linux.yml vendored
View File

@@ -439,21 +439,6 @@ jobs:
-DCURL_USE_WOLFSSL=ON -DUSE_NGTCP2=ON
-DUSE_ECH=ON
- name: 'openssl-quic'
install_steps: skipall
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
tflags: '--min=1640'
configure: >-
LDFLAGS=-Wl,-rpath,/home/runner/openssl/build/lib
--with-openssl=/home/runner/openssl/build --with-openssl-quic
- name: 'openssl-quic'
PKG_CONFIG_PATH: /home/runner/openssl/build/lib/pkgconfig:/home/runner/nghttp3/build/lib/pkgconfig:/home/runner/nghttp2/build/lib/pkgconfig
generate: >-
-DOPENSSL_ROOT_DIR=/home/runner/openssl/build -DUSE_OPENSSL_QUIC=ON
-DCURL_DISABLE_LDAP=ON
-DCMAKE_UNITY_BUILD=ON
- name: 'quiche'
install_steps: skipall
PKG_CONFIG_PATH: /home/runner/nghttp2/build/lib/pkgconfig

8
.github/workflows/macos.yml vendored
View File

@@ -232,7 +232,7 @@ jobs:
- name: 'OpenSSL libssh'
compiler: llvm@18
install: libssh libnghttp3
generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF
generate: -DENABLE_DEBUG=ON -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DCURL_BROTLI=OFF -DCURL_ZSTD=OFF
- name: '!ssl c-ares'
compiler: clang
configure: --enable-debug --enable-ares --without-ssl
@@ -330,19 +330,19 @@ jobs:
compiler: clang
install: libnghttp3
install_steps: torture
generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON
generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl
tflags: '-t --shallow=25 --min=480 1 to 500'
- name: 'OpenSSL torture 2'
compiler: clang
install: libnghttp3
install_steps: torture
generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON
generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl
tflags: '-t --shallow=25 --min=730 501 to 1250'
- name: 'OpenSSL torture 3'
compiler: clang
install: libnghttp3
install_steps: torture
generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl -DUSE_OPENSSL_QUIC=ON
generate: -DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DENABLE_THREADED_RESOLVER=OFF -DOPENSSL_ROOT_DIR=/opt/homebrew/opt/openssl
tflags: '-t --shallow=25 --min=628 1251 to 9999'
steps:

2
.github/workflows/windows.yml vendored
View File

@@ -200,7 +200,7 @@ jobs:
- { build: 'autotools', sys: 'msys' , env: 'x86_64' , tflags: '' , config: '--with-openssl', install: 'openssl-devel libssh2-devel', name: 'default R' }
# MinGW
- { build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: 'skiprun' , config: '--enable-debug --with-openssl --disable-threaded-resolver --disable-curldebug --enable-static --without-zlib', install: 'mingw-w64-x86_64-openssl mingw-w64-x86_64-libssh2', name: 'default' }
- { build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: '' , config: '--enable-debug --with-openssl --enable-windows-unicode --enable-ares --with-openssl-quic --enable-static --disable-shared --enable-ca-native', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-openssl mingw-w64-x86_64-nghttp3 mingw-w64-x86_64-libssh2', name: 'c-ares U' }
- { build: 'autotools', sys: 'mingw64' , env: 'x86_64' , tflags: '' , config: '--enable-debug --with-openssl --enable-windows-unicode --enable-ares --enable-static --disable-shared --enable-ca-native', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-openssl mingw-w64-x86_64-nghttp3 mingw-w64-x86_64-libssh2', name: 'c-ares U' }
- { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '--min=1650', config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel c-ares U' }
# MinGW torture
- { build: 'cmake' , sys: 'mingw64' , env: 'x86_64' , tflags: '-t --shallow=13 --min=700 1 to 950' , config: '-DENABLE_DEBUG=ON -DBUILD_SHARED_LIBS=OFF -DCURL_USE_SCHANNEL=ON -DENABLE_UNICODE=ON -DENABLE_ARES=ON', install: 'mingw-w64-x86_64-c-ares mingw-w64-x86_64-libssh2', type: 'Debug', name: 'schannel U torture 1' }

24
CMakeLists.txt
View File

@@ -686,11 +686,6 @@ else()
set(_openssl_default ON)
endif()
cmake_dependent_option(CURL_USE_OPENSSL "Enable OpenSSL for SSL/TLS" ${_openssl_default} CURL_ENABLE_SSL OFF)
option(USE_OPENSSL_QUIC "Use OpenSSL and nghttp3 libraries for HTTP/3 support" OFF)
if(USE_OPENSSL_QUIC AND NOT CURL_USE_OPENSSL)
message(WARNING "OpenSSL QUIC has been requested, but without enabling OpenSSL. Will not enable QUIC.")
set(USE_OPENSSL_QUIC OFF)
endif()
option(CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG "Disable automatic loading of OpenSSL configuration" OFF)
curl_count_true(_enabled_ssl_options_count
@@ -959,7 +954,7 @@ endmacro()
# Ensure that OpenSSL (or fork) or wolfSSL actually supports QUICTLS API.
macro(curl_openssl_check_quic)
if(USE_OPENSSL AND NOT USE_OPENSSL_QUIC)
if(USE_OPENSSL)
if(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0)
if(NOT DEFINED HAVE_SSL_SET_QUIC_TLS_CBS)
curl_openssl_check_exists("SSL_set_quic_tls_cbs" HAVE_SSL_SET_QUIC_TLS_CBS)
@@ -1057,7 +1052,7 @@ if(USE_NGTCP2)
find_package(NGTCP2 REQUIRED COMPONENTS "wolfSSL")
elseif(HAVE_BORINGSSL OR HAVE_AWSLC)
find_package(NGTCP2 REQUIRED COMPONENTS "BoringSSL")
elseif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0 AND NOT USE_OPENSSL_QUIC)
elseif(OPENSSL_VERSION VERSION_GREATER_EQUAL 3.5.0)
find_package(NGTCP2 REQUIRED COMPONENTS "ossl")
if(NGTCP2_VERSION VERSION_LESS 1.12.0)
message(FATAL_ERROR "ngtcp2 1.12.0 or upper required for OpenSSL")
@@ -1106,19 +1101,6 @@ if(USE_QUICHE)
endif()
endif()
if(USE_OPENSSL_QUIC)
if(USE_NGTCP2 OR USE_QUICHE)
message(FATAL_ERROR "Only one HTTP/3 backend can be selected")
elseif(CURL_WITH_MULTI_SSL)
message(FATAL_ERROR "MultiSSL cannot be enabled with HTTP/3 and vice versa.")
endif()
find_package(OpenSSL 3.3.0 REQUIRED)
find_package(NGHTTP3 REQUIRED)
set(USE_NGHTTP3 ON)
list(APPEND CURL_LIBS CURL::nghttp3)
endif()
if(NOT CURL_DISABLE_SRP AND (HAVE_GNUTLS_SRP OR HAVE_OPENSSL_SRP))
set(USE_TLS_SRP 1)
endif()
@@ -1991,7 +1973,7 @@ curl_add_if("NTLM" NOT CURL_DISABLE_NTLM AND
(_use_curl_ntlm_core OR USE_WINDOWS_SSPI))
curl_add_if("TLS-SRP" USE_TLS_SRP)
curl_add_if("HTTP2" USE_NGHTTP2)
curl_add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE OR USE_OPENSSL_QUIC)
curl_add_if("HTTP3" USE_NGTCP2 OR USE_QUICHE)
curl_add_if("MultiSSL" CURL_WITH_MULTI_SSL)
curl_add_if("HTTPS-proxy" NOT CURL_DISABLE_PROXY AND _ssl_enabled AND (USE_OPENSSL OR USE_GNUTLS
OR USE_SCHANNEL OR USE_RUSTLS OR USE_MBEDTLS OR

1
RELEASE-NOTES
View File

@@ -77,7 +77,6 @@ For all changes ever done in curl:
Planned upcoming removals include:
o OpenSSL-QUIC
o RTMP support
o Support for c-ares versions before 1.16.0
o Support for Windows XP/2003

62
configure.ac
View File

@@ -170,7 +170,7 @@ curl_unix_sockets_msg="no (--enable-unix-sockets)"
ssl_backends=
curl_h1_msg="enabled (internal)"
curl_h2_msg="no (--with-nghttp2)"
curl_h3_msg="no (--with-ngtcp2 --with-nghttp3, --with-quiche, --with-openssl-quic)"
curl_h3_msg="no (--with-ngtcp2 --with-nghttp3, --with-quiche)"
enable_altsvc="yes"
hsts="yes"
@@ -3607,53 +3607,14 @@ if test "$USE_NGTCP2" = "1" && test "$WOLFSSL_ENABLED" = "1"; then
fi
fi
dnl **********************************************************************
dnl Check for OpenSSL QUIC
dnl **********************************************************************
OPT_OPENSSL_QUIC="no"
if test "$disable_http" = "yes" || test "$OPENSSL_ENABLED" != "1"; then
# without HTTP or without openssl, no use
OPT_OPENSSL_QUIC="no"
fi
AC_ARG_WITH(openssl-quic,
AS_HELP_STRING([--with-openssl-quic],[Enable OpenSSL QUIC usage])
AS_HELP_STRING([--without-openssl-quic],[Disable OpenSSL QUIC usage]),
[OPT_OPENSSL_QUIC=$withval])
case "$OPT_OPENSSL_QUIC" in
no)
dnl --without-openssl-quic option used
want_openssl_quic="no"
;;
yes)
dnl --with-openssl-quic option used
want_openssl_quic="yes"
;;
esac
curl_openssl_quic_msg="no (--with-openssl-quic)"
if test "$want_openssl_quic" = "yes"; then
if test "$USE_NGTCP2" = "1"; then
AC_MSG_ERROR([--with-openssl-quic and --with-ngtcp2 are mutually exclusive])
fi
if test "$have_openssl_quic" != "1"; then
AC_MSG_ERROR([--with-openssl-quic requires quic support and OpenSSL >= 3.3.0])
fi
AC_DEFINE(USE_OPENSSL_QUIC, 1, [if openssl QUIC is in use])
USE_OPENSSL_QUIC=1
fi
dnl **********************************************************************
dnl Check for nghttp3 (HTTP/3 with ngtcp2)
dnl **********************************************************************
OPT_NGHTTP3="yes"
if test "$USE_NGTCP2" != "1" && test "$USE_OPENSSL_QUIC" != "1"; then
# without ngtcp2 or openssl quic, nghttp3 is of no use for us
if test "$USE_NGTCP2" != "1"; then
# without ngtcp2, nghttp3 is of no use for us
OPT_NGHTTP3="no"
want_nghttp3="no"
fi
@@ -3682,9 +3643,9 @@ esac
curl_http3_msg="no (--with-nghttp3)"
if test "$want_nghttp3" != "no"; then
if test "$USE_NGTCP2" != "1" && test "$USE_OPENSSL_QUIC" != "1"; then
# without ngtcp2 or openssl quic, nghttp3 is of no use for us
AC_MSG_ERROR([nghttp3 enabled without a QUIC library; enable ngtcp2 or OpenSSL-QUIC])
if test "x$USE_NGTCP2" != "x1"; then
# without ngtcp2, nghttp3 is of no use for us
AC_MSG_ERROR([nghttp3 enabled without a QUIC library; enable ngtcp2])
fi
dnl backup the pre-nghttp3 variables
@@ -3753,17 +3714,6 @@ if test "$USE_NGTCP2" = "1" && test "$USE_NGHTTP3" = "1"; then
curl_h3_msg="enabled (ngtcp2 + nghttp3)"
fi
dnl **********************************************************************
dnl Check for OpenSSL and nghttp3 (HTTP/3 with nghttp3 using OpenSSL QUIC)
dnl **********************************************************************
if test "$USE_OPENSSL_QUIC" = "1" && test "$USE_NGHTTP3" = "1"; then
experimental="$experimental HTTP3"
USE_OPENSSL_H3=1
AC_MSG_NOTICE([HTTP3 support is experimental])
curl_h3_msg="enabled (openssl + nghttp3)"
fi
dnl **********************************************************************
dnl Check for quiche (QUIC)
dnl **********************************************************************

16
docs/DEPRECATE.md
View File

@@ -16,21 +16,6 @@ how your use case cannot be satisfied properly using a workaround.
In March 2026, we drop support for all c-ares versions before 1.16.0.
## OpenSSL-QUIC
OpenSSL-QUIC is what we call the curl QUIC backend that uses the OpenSSL QUIC
stack.
- It is slower and uses more memory than the alternatives and is only
experimental in curl.
- It gets little attention from OpenSSL and we have no expectation of the
major flaws getting corrected anytime soon.
- No one has spoken up for keeping it
- curl users building with vanilla OpenSSL can still use QUIC through the
means of ngtcp2
We remove the OpenSSL-QUIC backend in January 2026.
## RTMP
RTMP in curl is powered by the 3rd party library librtmp.
@@ -71,3 +56,4 @@ CMake 3.18 was released on 2020-07-15.
- Support for Visual Studio 2008 (removed in 8.18.0)
- OpenSSL 1.1.1 and older (removed in 8.18.0)
- Support for Windows XP (removed in 8.19.0)
- OpenSSL-QUIC (removed in 8.19.0)

48
docs/HTTP3.md
View File

@@ -250,54 +250,6 @@ Build curl:
If `make install` results in `Permission denied` error, you need to prepend
it with `sudo`.
# OpenSSL version
QUIC support is **EXPERIMENTAL**
Use OpenSSL 3.3.1 or newer (QUIC support was added in 3.3.0, with
shortcomings on some platforms like macOS). 3.4.1 or newer is recommended.
Build via:
% cd ..
% git clone -b $OPENSSL_VERSION https://github.com/openssl/openssl
% cd openssl
% ./config enable-tls1_3 --prefix=<somewhere> --libdir=lib
% make
% make install
Build nghttp3:
% cd ..
% git clone -b $NGHTTP3_VERSION https://github.com/ngtcp2/nghttp3
% cd nghttp3
% git submodule update --init
% autoreconf -fi
% ./configure --prefix=<somewhere2> --enable-lib-only
% make
% make install
Build curl:
% cd ..
% git clone https://github.com/curl/curl
% cd curl
% autoreconf -fi
% LDFLAGS="-Wl,-rpath,<somewhere>/lib" ./configure --with-openssl=<somewhere> --with-openssl-quic --with-nghttp3=<somewhere2>
% make
% make install
You can build curl with cmake:
% cd ..
% git clone https://github.com/curl/curl
% cd curl
% cmake -B bld -DCURL_USE_OPENSSL=ON -DUSE_OPENSSL_QUIC=ON
% cmake --build bld
% cmake --install bld
If `make install` results in `Permission denied` error, you need to prepend
it with `sudo`.
# `--http3`
Use only HTTP/3:

1
docs/INSTALL-CMAKE.md
View File

@@ -275,7 +275,6 @@ target_link_libraries(my_target PRIVATE CURL::libcurl)
- `ENABLE_UNIX_SOCKETS`: Enable Unix domain sockets support. Default: `ON`
- `USE_ECH`: Enable ECH support. Default: `OFF`
- `USE_HTTPSRR`: Enable HTTPS RR support. Default: `OFF`
- `USE_OPENSSL_QUIC`: Use OpenSSL and nghttp3 libraries for HTTP/3 support. Default: `OFF`
- `USE_SSLS_EXPORT`: Enable experimental SSL session import/export. Default: `OFF`
## Disabling features

2
lib/Makefile.inc
View File

@@ -118,14 +118,12 @@ LIB_VTLS_HFILES = \
LIB_VQUIC_CFILES = \
vquic/curl_ngtcp2.c \
vquic/curl_osslq.c \
vquic/curl_quiche.c \
vquic/vquic.c \
vquic/vquic-tls.c
LIB_VQUIC_HFILES = \
vquic/curl_ngtcp2.h \
vquic/curl_osslq.h \
vquic/curl_quiche.h \
vquic/vquic.h \
vquic/vquic_int.h \

3
lib/curl_config-cmake.h.in
View File

@@ -749,9 +749,6 @@ ${SIZEOF_TIME_T_CODE}
/* to enable quiche */
#cmakedefine USE_QUICHE 1
/* to enable openssl + nghttp3 */
#cmakedefine USE_OPENSSL_QUIC 1
/* to enable openssl + ngtcp2 + nghttp3 */
#cmakedefine OPENSSL_QUIC_API2 1

2457
lib/vquic/curl_osslq.c
View File

File diff suppressed because it is too large Load Diff

51
lib/vquic/curl_osslq.h
View File

@@ -1,51 +0,0 @@
#ifndef HEADER_CURL_VQUIC_CURL_OSSLQ_H
#define HEADER_CURL_VQUIC_CURL_OSSLQ_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at https://curl.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* SPDX-License-Identifier: curl
*
***************************************************************************/
#include "../curl_setup.h"
#if !defined(CURL_DISABLE_HTTP) && defined(USE_OPENSSL_QUIC) && \
defined(USE_NGHTTP3)
#ifdef HAVE_NETINET_UDP_H
#include <netinet/udp.h>
#endif
struct Curl_cfilter;
#include "../urldata.h"
void Curl_osslq_ver(char *p, size_t len);
CURLcode Curl_cf_osslq_create(struct Curl_cfilter **pcf,
struct Curl_easy *data,
struct connectdata *conn,
const struct Curl_addrinfo *ai);
bool Curl_conn_is_osslq(const struct Curl_easy *data,
const struct connectdata *conn,
int sockindex);
#endif
#endif /* HEADER_CURL_VQUIC_CURL_OSSLQ_H */

5
lib/vquic/vquic.c
View File

@@ -36,7 +36,6 @@
#include "../cfilters.h"
#include "../curl_trc.h"
#include "curl_ngtcp2.h"
#include "curl_osslq.h"
#include "curl_quiche.h"
#include "../multiif.h"
#include "../progress.h"
@@ -66,8 +65,6 @@ void Curl_quic_ver(char *p, size_t len)
{
#if defined(USE_NGTCP2) && defined(USE_NGHTTP3)
Curl_ngtcp2_ver(p, len);
#elif defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3)
Curl_osslq_ver(p, len);
#elif defined(USE_QUICHE)
Curl_quiche_ver(p, len);
#endif
@@ -703,8 +700,6 @@ CURLcode Curl_cf_quic_create(struct Curl_cfilter **pcf,
DEBUGASSERT(transport == TRNSPRT_QUIC);
#if defined(USE_NGTCP2) && defined(USE_NGHTTP3)
return Curl_cf_ngtcp2_create(pcf, data, conn, ai);
#elif defined(USE_OPENSSL_QUIC) && defined(USE_NGHTTP3)
return Curl_cf_osslq_create(pcf, data, conn, ai);
#elif defined(USE_QUICHE)
return Curl_cf_quiche_create(pcf, data, conn, ai);
#else

4
lib/vtls/openssl.c
View File

@@ -3652,11 +3652,7 @@ static CURLcode ossl_init_method(struct Curl_cfilter *cf,
return CURLE_SSL_CONNECT_ERROR;
}
#ifdef USE_OPENSSL_QUIC
*pmethod = OSSL_QUIC_client_method();
#else
*pmethod = TLS_method();
#endif
break;
default:
failf(data, "unsupported transport %d in SSL init", peer->transport);

19
m4/curl-openssl.m4
View File

@@ -394,24 +394,5 @@ AS_HELP_STRING([--disable-openssl-auto-load-config],[Disable automatic loading o
fi
])
dnl ---
dnl We may use OpenSSL QUIC.
dnl ---
AC_MSG_CHECKING([for QUIC support and OpenSSL >= 3.3])
AC_LINK_IFELSE([
AC_LANG_PROGRAM([[
#include <openssl/ssl.h>
]],[[
#if (OPENSSL_VERSION_NUMBER < 0x30300000L)
#error need at least version 3.3.0
#endif
OSSL_QUIC_client_method();
]])
],[
AC_MSG_RESULT([yes])
have_openssl_quic=1
],[
AC_MSG_RESULT([no])
])
fi
])

6
tests/http/test_02_download.py
View File

@@ -314,8 +314,6 @@ class TestDownload:
# download, several at a time, pause and abort paused
@pytest.mark.parametrize("proto", Env.http_protos())
def test_02_23a_lib_abort_paused(self, env: Env, httpd, nghttpx, proto):
if proto == 'h3' and env.curl_uses_ossl_quic():
pytest.skip('OpenSSL QUIC fails here')
if proto == 'h3' and env.ci_run and env.curl_uses_lib('quiche'):
pytest.skip("fails in CI, but works locally for unknown reasons")
count = 10
@@ -341,8 +339,6 @@ class TestDownload:
# download, several at a time, abort after n bytes
@pytest.mark.parametrize("proto", Env.http_protos())
def test_02_23b_lib_abort_offset(self, env: Env, httpd, nghttpx, proto):
if proto == 'h3' and env.curl_uses_ossl_quic():
pytest.skip('OpenSSL QUIC fails here')
if proto == 'h3' and env.ci_run and env.curl_uses_lib('quiche'):
pytest.skip("fails in CI, but works locally for unknown reasons")
count = 10
@@ -368,8 +364,6 @@ class TestDownload:
# download, several at a time, abort after n bytes
@pytest.mark.parametrize("proto", Env.http_protos())
def test_02_23c_lib_fail_offset(self, env: Env, httpd, nghttpx, proto):
if proto == 'h3' and env.curl_uses_ossl_quic():
pytest.skip('OpenSSL QUIC fails here')
if proto == 'h3' and env.ci_run and env.curl_uses_lib('quiche'):
pytest.skip("fails in CI, but works locally for unknown reasons")
count = 10

2
tests/http/test_03_goaway.py
View File

@@ -75,8 +75,6 @@ class TestGoAway:
@pytest.mark.skipif(condition=not Env.have_h3(), reason="h3 not supported")
def test_03_02_h3_goaway(self, env: Env, httpd, nghttpx):
proto = 'h3'
if proto == 'h3' and env.curl_uses_ossl_quic():
pytest.skip('OpenSSL QUIC fails here')
count = 3
self.r = None

2
tests/http/test_05_errors.py
View File

@@ -58,8 +58,6 @@ class TestErrors:
# download files, check that we get CURLE_PARTIAL_FILE for all
@pytest.mark.parametrize("proto", Env.http_mplx_protos())
def test_05_02_partial_20(self, env: Env, httpd, nghttpx, proto):
if proto == 'h3' and env.curl_uses_ossl_quic():
pytest.skip("openssl-quic is flaky in yielding proper error codes")
if proto == 'h3' and env.curl_uses_lib('quiche') and \
not env.curl_lib_version_at_least('quiche', '0.24.8'):
pytest.skip("quiche issue #2277 not fixed")

2
tests/http/test_07_upload.py
View File

@@ -507,8 +507,6 @@ class TestUpload:
@pytest.mark.parametrize("proto", Env.http_protos())
def test_07_43_upload_denied(self, env: Env, httpd, nghttpx, proto):
if proto == 'h3' and env.curl_uses_ossl_quic():
pytest.skip("openssl-quic is flaky in filed PUTs")
fdata = os.path.join(env.gen_dir, 'data-10m')
count = 1
max_upload = 128 * 1024

4
tests/http/test_14_auth.py
View File

@@ -65,8 +65,6 @@ class TestAuth:
def test_14_03_digest_put_auth(self, env: Env, httpd, nghttpx, proto):
if not env.curl_has_feature('digest'):
pytest.skip("curl built without digest")
if proto == 'h3' and env.curl_uses_ossl_quic():
pytest.skip("openssl-quic is flaky in retrying POST")
data='0123456789'
curl = CurlClient(env=env)
url = f'https://{env.authority_for(env.domain1, proto)}/restricted/digest/data.json'
@@ -97,7 +95,7 @@ class TestAuth:
def test_14_05_basic_large_pw(self, env: Env, httpd, nghttpx, proto):
if proto == 'h3' and not env.curl_uses_lib('ngtcp2'):
# See <https://github.com/cloudflare/quiche/issues/1573>
pytest.skip("quiche/openssl-quic have problems with large requests")
pytest.skip("quiche has problems with large requests")
# just large enough that nghttp2 will submit
password = 'x' * (47 * 1024)
fdata = os.path.join(env.gen_dir, 'data-10m')

2
tests/http/testenv/curl.py
View File

@@ -515,7 +515,7 @@ class ExecResult:
s = self._stats[idx]
url = s['url_effective']
# connect time is sometimes reported as 0 by openssl-quic (sigh)
self.check_stat_positive_or_0(s, idx, 'time_connect')
# all stat keys which reporting timings
all_keys = {