On Tue, Oct 24, 2023 at 10:58:55AM +0200, Theo Buehler wrote:
> On Tue, Oct 24, 2023 at 10:42:56AM +0200, Theo Buehler wrote:
> > > Updated tarball, now also portcheck clean.
> >
> > MOD_ENV += ${MODCARGO_ENV}
> > QUICHE_BSSL_PATH=${LOCALBAS}/eboringssl
> >
> > Typo: LOCALBASE
> >
> > There's no BUILD_DEPENDS on security/boringssl/head which would
> > need to be present for this to work.
> >
> > Is boringssl actually used by the build? I can't spot anything in the
> > build log (there are the boring and boring-sys crate, but they aren't
> > built) and the deps directory is also empty.
> >
> > The port seems to produce the same libquiche.a whether boringssl is
> > installed or not and whether the typo above is fixed or not.
> >
> > Is there something missing or does DoQ already work with dnsdist?
> >
> > If DoQ already works then we can leave the port as it is modulo removal
> > of the above line.
> >
> > If not, we will probably need the boringssl-boring-crate feature and
> > teach it to use the eboringssl from ports.
> >
>
> libquiche.a definitely tries to use BoringSSL API (which libcrypto
> doesn't provide), for example
>
> U EVP_AEAD_CTX_seal_scatter
>
> the bindings are made in quiche/src/tls.rs and quiche/src/crypto.rs.
>
> Is the upcoming dnsdist port going to be linked statically against
> libquiche and eboringssl?
Yes, that's the plan. For now I unconditionally enable DoQ, that may
change if I'm going to make a regular dnsdist and a doq flavour. I
can send you my wip port if you want (using dnsdist-1.9.0-alpha3).
-Otto
