diff options
Diffstat (limited to 'README.rst')
-rw-r--r-- | README.rst | 58 |
1 files changed, 25 insertions, 33 deletions
@@ -48,11 +48,6 @@ The following package is required to build the libnghttp2 library: * pkg-config >= 0.20 -To build and run the unit test programs, the following package is -required: - -* cunit >= 2.1 - To build the documentation, you need to install: * sphinx (http://sphinx-doc.org/) @@ -100,6 +95,11 @@ To mitigate heap fragmentation in long running server programs Alpine Linux currently does not support malloc replacement due to musl limitations. See details in issue `#762 <https://github.com/nghttp2/nghttp2/issues/762>`_. +For BoringSSL or aws-lc build, to enable :rfc:`8879` TLS Certificate +Compression in applications, the following library is required: + +* libbrotli-dev >= 1.0.9 + To enable mruby support for nghttpx, `mruby <https://github.com/mruby/mruby>`_ is required. We need to build mruby with C++ ABI explicitly turned on, and probably need other @@ -127,7 +127,7 @@ following libraries are required: <https://github.com/quictls/openssl/tree/OpenSSL_1_1_1w+quic>`_; or LibreSSL (does not support 0RTT); or aws-lc; or `BoringSSL <https://boringssl.googlesource.com/boringssl/>`_ (commit - f42be90d665b6a376177648ccbb76fbbd6497c13) + 8e6a26d128484b886e6dcbfa558b993d38950bb5) * `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ >= 1.0.0 * `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ >= 1.1.0 @@ -205,7 +205,7 @@ required packages: sudo apt-get install g++ clang make binutils autoconf automake \ autotools-dev libtool pkg-config \ - zlib1g-dev libcunit1-dev libssl-dev libxml2-dev libev-dev \ + zlib1g-dev libssl-dev libxml2-dev libev-dev \ libevent-dev libjansson-dev \ libc-ares-dev libjemalloc-dev libsystemd-dev \ ruby-dev bison libelf-dev @@ -337,23 +337,24 @@ connections alive during reload. The detailed steps to build HTTP/3 enabled h2load and nghttpx follow. -Build custom OpenSSL: +Build aws-lc: .. code-block:: text - $ git clone --depth 1 -b OpenSSL_1_1_1w+quic https://github.com/quictls/openssl - $ cd openssl - $ ./config --prefix=$PWD/build --openssldir=/etc/ssl - $ make -j$(nproc) - $ make install_sw + $ git clone --depth 1 -b v1.21.0 https://github.com/aws/aws-lc + $ cd aws-lc + $ cmake -B build -DDISABLE_GO=ON --install-prefix=$PWD/opt + $ make -j$(nproc) -C build + $ cmake --install build $ cd .. Build nghttp3: .. code-block:: text - $ git clone --depth 1 -b v1.1.0 https://github.com/ngtcp2/nghttp3 + $ git clone --depth 1 -b v1.2.0 https://github.com/ngtcp2/nghttp3 $ cd nghttp3 + $ git submodule update --init --depth 1 $ autoreconf -i $ ./configure --prefix=$PWD/build --enable-lib-only $ make -j$(nproc) @@ -364,11 +365,13 @@ Build ngtcp2: .. code-block:: text - $ git clone --depth 1 -b v1.2.0 https://github.com/ngtcp2/ngtcp2 + $ git clone --depth 1 -b v1.3.0 https://github.com/ngtcp2/ngtcp2 $ cd ngtcp2 + $ git submodule update --init --depth 1 $ autoreconf -i - $ ./configure --prefix=$PWD/build --enable-lib-only \ - PKG_CONFIG_PATH="$PWD/../openssl/build/lib/pkgconfig" + $ ./configure --prefix=$PWD/build --enable-lib-only --with-boringssl \ + BORINGSSL_CFLAGS="-I$PWD/../aws-lc/opt/include" \ + BORINGSSL_LIBS="-L$PWD/../aws-lc/opt/lib -lssl -lcrypto" $ make -j$(nproc) $ make install $ cd .. @@ -391,10 +394,10 @@ Build nghttp2: $ cd nghttp2 $ git submodule update --init $ autoreconf -i - $ ./configure --with-mruby --with-neverbleed --enable-http3 --with-libbpf \ - CC=clang-14 CXX=clang++-14 \ - PKG_CONFIG_PATH="$PWD/../openssl/build/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig:$PWD/../ngtcp2/build/lib/pkgconfig:$PWD/../libbpf/build/lib64/pkgconfig" \ - LDFLAGS="$LDFLAGS -Wl,-rpath,$PWD/../openssl/build/lib -Wl,-rpath,$PWD/../libbpf/build/lib64" + $ ./configure --with-mruby --enable-http3 --with-libbpf \ + CC=clang-15 CXX=clang++-15 \ + PKG_CONFIG_PATH="$PWD/../aws-lc/opt/lib/pkgconfig:$PWD/../nghttp3/build/lib/pkgconfig:$PWD/../ngtcp2/build/lib/pkgconfig:$PWD/../libbpf/build/lib64/pkgconfig" \ + LDFLAGS="$LDFLAGS -Wl,-rpath,$PWD/../aws-lc/opt/lib -Wl,-rpath,$PWD/../libbpf/build/lib64" $ make -j$(nproc) The eBPF program ``reuseport_kern.o`` should be found under bpf @@ -479,7 +482,7 @@ Previously nghttp2 library did not send client magic, which is first 24 bytes byte string of client connection preface, and client applications have to send it by themselves. Since v1.0.0, client magic is sent by library via first call of ``nghttp2_session_send()`` -or ``nghttp2_session_mem_send()``. +or ``nghttp2_session_mem_send2()``. The client applications which send client magic must remove the relevant code. @@ -1446,17 +1449,6 @@ See `Contribution Guidelines <https://nghttp2.org/documentation/contribute.html>`_ for more details. -Reporting vulnerability ------------------------ - -If you find a vulnerability in our software, please send the email to -"tatsuhiro.t at gmail dot com" about its details instead of submitting -issues on github issue page. It is a standard practice not to -disclose vulnerability information publicly until a fixed version is -released, or mitigation is worked out. - -In the future, we may setup a dedicated mail address for this purpose. - Versioning ---------- |