Ilya, Adding Fred to the thread, so he can gives his opinion about the QUIC part.
On Mon, Jan 31, 2022 at 10:22:01AM +0500, Илья Шипицин wrote: > 0001 .. 0003 are "pre QUIC" patches > 0007 is very simple Regarding the first patches: > Subject: [PATCH 3/7] REGTESTS: skip show_ssl_ocspresponse.vtc when BoringSSL > is used > > OCSP stapling implementation is not compatible with BoringSSL, test > is broken in BoringSSL Merged. > Subject: [PATCH 2/7] BUILD: SSL: define X509_OBJECT for BoringSSL > > X509_OBJECT is opaque in BonringSSL, since we still use it, let us move it to > openssl-compat.h > > from > https://boringssl.googlesource.com/boringssl/+/refs/heads/2924/include/openssl/x509_vfy.h#120 I'm not really fond of this kind of declaration, most of the time we added helpers that were available in recent version of OpenSSL in this file. But in this case, adding a whole structure that was removed... with no guarantee that this will continue to work it's not a good idea. >From what I get they aligned the opaque structures with the OpenSSL API, so we probably will have the same problem with OpenSSL v3 without the obsolete API. And we are currently in the process of porting it to HAProxy. We probably need to change the code that uses X509_OBJECT. So I suppose it will start to work during this portage. > Subject: [PATCH 1/7] BUILD: SSL: adjust guard for X509_get_X509_PUBKEY(x) > > BoringSSL defines that function since > https://boringssl.googlesource.com/boringssl/+/33f8d33af0dcb083610e978baad5a8b6e1cfee82 Merged. -- William Lallemand

