HTTP/3 Support Added to cURL in Gentoo

HTTP/3 may still be in the draft state but that isn’t stopping software from adding support for it. As a Gentoo developer, I decided to maintain Gentoo’s reputation for not being one to shy away from the bleeding edge by adding (optional) support for HTTP/3 to cURL. I believe that this makes Gentoo the first Linux distribution to ship support for this new protocol outside of the Firefox and Chrome/Chromium browsers.

cURL is a command line tool as well a library (libcurl) that is used by a wide variety of software. It’s commonly used by applications written in php, it’s used by the Kodi media center, and it’s at least an optional dependency of everything from git to systemd to cmake and dovecot. By adding support for HTTP/3 to cURL, potentially everything that uses cURL will also instantly also start supporting HTTP/3.

cURL added HTTP/3 support in version 7.66.0. Rather than writing the entirety of large, complex, and evolving HTTP/3 protocol implementation again (and having to maintain that forever), cURL instead leverages libraries. The two options it currently supports for this purpose are quiche and the combination of ngtcp2 and nghttp3.

Quiche is an HTTP/3 implementation first released by Cloudflare in January 2019. Since Cloudflare is using it to add support for HTTP/3 to its entire CDN (Content Distribution Network), they’re actively developing it keeping track of the latest changes being made in the HTTP/3 drafts. Quiche uses Google’s boringssl for cryptography which allows it to evolve faster, not having to wait for OpenSSL to implement features. It’s written in Rust which is great for security and maintainability. However, being written in Rust is also a problem as that means quiche is only available on platforms that Rust supports (amd64, arm64, ppc64, and x86) which is a much reduced subset of what cURL and the C language support (which is pretty much everything).

ngtcp2 (which implements IETF QUIC, the underlying HTTP/3 protocol) and nghttp3 (which implements the higher level HTTP/3 protocol) together form an HTTP/3 implementation. They are closely modeled on nghttp2 which is already used by cURL as well as the Apache web server (httpd). Therefore, they’re easier for existing software to use. They are written in C using standard build tools making them highly portable and able to run on essentially any architecture. ngtcp2 uses OpenSSL but the changes necessary for HTTP/3 support are not yet available in OpenSSL. This situation is also preventing HTTP/3 support from being available in other software that uses OpenSSL, including nodejs (see nodejs issue). Therefore, for the moment, in order to use ngtcp2, a patched version of OpenSSL must also be used. That isn’t an tenable solution for a Linux distribution such as Gentoo for a variety of reasons, including maintainability and security concerns involved with carrying a non-upstream version of such a critical package as OpenSSL. In the mean time, I’ve included the net-libs/ngtcp2 and net-libs/nghttp3 packages in Gentoo but masked them; that way, when OpenSSL is updated, the packages are ready and can simply be unmasked.

To enable HTTP/3 support in Gentoo, add the quiche use flag to the net-misc/curl package and re-emerge curl:

echo "net-misc/curl quiche" >> /etc/portage/package.use
emerge -1 net-misc/curl

After that, use the curl command’s new --http3 argument when making https requests. See the cURL documentation for more information.

CC BY-SA 4.0 HTTP/3 Support Added to cURL in Gentoo by Craig Andrews is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

3 thoughts on “HTTP/3 Support Added to cURL in Gentoo

  1. eix indeed shows the concerned USE flags, but equery isn’t:

    eix net-misc/curl
    [I] net-misc/curl
    Available versions: 7.65.0^t ~7.65.3^t 7.66.0^t ~7.67.0^t ~7.67.0-r1^t {adns alt-svc brotli esni http2 idn ipv6 kerberos ldap metalink nghttp3 +progress-meter quiche rtmp samba ssh ssl static-libs test threads ABI_MIPS=”n32 n64 o32″ ABI_RISCV=”lp64 lp64d” ABI_S390=”32 64″ ABI_X86=”32 64 x32″ CURL_SSL=”gnutls libressl mbedtls nss +openssl winssl” ELIBC=”Winnt”}
    Installed versions: 7.66.0^t(02:19:17 05/11/2019)(http2 ssl -adns -alt-svc -brotli -idn -ipv6 -kerberos -ldap -metalink -nghttp3 -progress-meter -quiche -rtmp -samba -ssh -static-libs -test -threads ABI_MIPS=”-n32 -n64 -o32″ ABI_RISCV=”-lp64 -lp64d” ABI_S390=”-32 -64″ ABI_X86=”64 -32 -x32″ CURL_SSL=”openssl -gnutls -libressl -mbedtls -nss -winssl” ELIBC=”-Winnt”)
    ————————————————————————————————————————————————————————————
    equery u net-misc/curl
    USE flags should not start with a ‘+’: +ssl
    [ Legend : U – final flag setting for installation]
    [ : I – package is installed with flag ]
    [ Colors : set, unset ]
    * Found these USE flags for net-misc/curl-7.66.0:
    U I
    – – abi_x86_32 : 32-bit (x86) libraries
    – – adns : Add support for asynchronous DNS resolution
    – – alt-svc : Enable alt-svc support
    – – brotli : Enable brotli compression support
    – – curl_ssl_gnutls : Use GnuTLS
    – – curl_ssl_libressl : Use LibreSSL
    – – curl_ssl_mbedtls : Use mbed TLS
    – – curl_ssl_nss : Use Mozilla’s Network Security Services
    + + curl_ssl_openssl : Use OpenSSL
    + + http2 : Enable HTTP/2.0 support
    – – idn : Enable support for Internationalized Domain Names
    – – ipv6 : Add support for IP version 6
    – – kerberos : Add kerberos support
    – – ldap : Add LDAP support (Lightweight Directory Access Protocol)
    – – metalink : Enable metalink support
    – – progress-meter : Enable the progress meter
    – – rtmp : Enable RTMP Streaming Media support
    – – samba : Add support for SAMBA (Windows File and Printer sharing)
    – – ssh : Enable SSH urls in curl using libssh2
    + + ssl : Enable crypto engine support (via openssl if USE=’-gnutls -nss’)
    – – static-libs : Build static versions of dynamic libraries as well
    – – test : Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but
    can be toggled independently)
    – – threads : Add threads support for various packages. Usually pthreads
    —————————————————————————————————————————————————————-
    Is it just me?
    Am I missing something?

    Thks 4 ur attention.

    1. Please note that as of right now, net-misc/curl’s quiche use flag is masked on all arches except ~amd64 and ~arm64. If you’re not one of those 2 arches, the flag will be masked and eix won’t show it.
      You can use `emerge net-misc/curl -pv` to see the flag; if it’s masked it’ll show like this: (-quiche)

      See https://bugs.gentoo.org/694320 for progress on keywording net-libs/quiche for additional arches.

Leave a Reply to Craig Andrews Cancel reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.