Recompile Curl to Support HTTP3
[ad_1]
From June 2022 HTTP/3 RFC has been published. As of now, commonly used Web Servers, such as Caddy Web Server and Nginx HTTP/3 is already supported. At the same time, common browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, Apple Safari, etc. have also begun to support HTTP/3. Here is a complaint, Apache httpd support for HTTP/3 is still a long way off.
Commonly used Client software such as curl In fact, HTTP/3 has already been supported, but the curl compiled by major Linux distributions does not include HTTP3 features, so I plan to do it myself.
This article mainly describes in detail how to install the recompiled curl in the following RHEL systems, as well as the problems encountered in compiling curl.
Enterprise Linux 8 (CentOS Stream 8, RHEL 8, Rocky Linux 8, AlmaLinux 8, Oracle Linux 8)
Enterprise Linux 9 (CentOS Stream 9, RHEL 9, Rocky Linux 9, AlmaLinux 9, Oracle Linux 9)
How to install the compiled curl
(The following operations are performed using the root user)
1. Open EPEL Repository
dnf install -y yum-utils epel-release dnf config-manager --enable epel
2. Execute the following command to install Teddysun Linux Repository:
Installation instructions for Enterprise Linux 8 (CentOS Stream 8, RHEL 8, Rocky Linux 8, AlmaLinux 8, Oracle Linux 8)
dnf install -y https://dl.lamp.sh/linux/rhel/el8/x86_64/teddysun-release-1.0-1.el8.noarch.rpm
Installation instructions for Enterprise Linux 9 (CentOS Stream 9, RHEL 9, Rocky Linux 9, AlmaLinux 9, Oracle Linux 9)
dnf install -y https://dl.lamp.sh/linux/rhel/el9/x86_64/teddysun-release-1.0-1.el9.noarch.rpm
3. Rebuild the Repository cache and execute the following command:
dnf makecache
4. Install the recompiled curl through dnf and execute the following command:
dnf install -y curl libcurl libcurl-devel
dnf will automatically install some dependent packages. After successful installation, check the version number of curl and execute the command:curl -V
In Enterprise Linux 8 (CentOS Stream 8, RHEL 8, Rocky Linux 8, AlmaLinux 8, Oracle Linux 8) systems, the display is:
curl 8.10.0 (x86_64-redhat-linux-gnu) libcurl/8.10.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.63.0 nghttp3/1.5.0 librtmp/2.6 libgsasl/1.10.0 OpenLDAP/2.4.46 Release-Date: 2024-09-11 Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss Features: alt-svc AsynchDNS brotli gsasl GSS-API HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd
In Enterprise Linux 9 (CentOS Stream 9, RHEL 9, Rocky Linux 9, AlmaLinux 9, Oracle Linux 9) systems, the display is:
curl 8.10.0 (x86_64-redhat-linux-gnu) libcurl/8.10.0 GnuTLS/3.8.3 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.63.0 ngtcp2/1.7.0 nghttp3/1.5.0 librtmp/2.6 libgsasl/1.10.0 OpenLDAP/2.6.6 Release-Date: 2024-09-11 Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss Features: alt-svc AsynchDNS brotli gsasl GSS-API HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd
5. Feature Description
In Enterprise Linux 8, OpenSSL/3.3.2 + nghttp3/1.5.0 is used, while in Enterprise Linux 9, GnuTLS/3.8.3 + ngtcp2/1.7.0 + nghttp3/1.5.0 is used as the backend to support HTTP/3.
Supports rtmp, ws, wss and other protocols.
Supports features such as brotli, gsasl, zstd, etc.
Compiled all the dependent software of curl to the latest version.
Problems encountered in compiling curl
1. The rpm for ngtcp2 and nghttp3 does not exist
Enabling the HTTP/3 feature requires support from ngtcp2 and nghttp3, but there is currently no relevant rpm, so I referred to the spec file of nghttp2 and made these two dependent rpm packages myself.
ngtcp2 also requires the Crypto helper library to implement the QUIC protocol. The currently supported TLS backends are as follows:
quictls GnuTLS >= 3.7.5 BoringSSL (commit e13f7e2ff5432205f09b4679c8a7715f1c130372); or aws-lc >= 1.19.0 Picotls (commit 89fe56f4d79200a5801a08ed3b6ac8322e01ccd5) wolfSSL >= 5.5.0 LibreSSL >= v3.9.2
The default GnuTLS version installed in Enterprise Linux 9 is 3.8.3, which meets the requirements and is therefore the first choice. Compile the Crypto helper library of libngtcp2_crypto_gnutls and add nghttp3 to enable the HTTP/3 feature.
The default GnuTLS version installed in Enterprise Linux 8 is 3.6.16, which does not meet the requirements. Since there is no other better TLS backend, I compiled openssl3 to the latest 3.3.2 (which has implemented QUIC), and added nghttp3 to enable the HTTP/3 feature.
2. The default version of the dependent software is relatively old
For example, brotli, zstd, libidn2, libpsl, libssh2, libgsasl, the default versions that come with the distribution are relatively old, and they just keep patching them up but never upgrade the versions (of course, this is for stability, after all, it is an enterprise-level system, so it is understandable).
For personal use, there will be no major problems if these dependencies are upgraded, at least I haven’t found any so far.
3. Some dependent software does not exist
For example, librtmp, a software called rtmpdumpa toolkit under the ffmpeg project, used to support RTMP streaming. There is no rpm package by default in RHEL, and only the old version is available in RpmFusion. git It has been updated.
Its latest git commit log is version v2.6, but the compiled library and header files are still v2.3, so I can only write a patch myself, correct the version number, and then compile rpm to the latest version 2.6-1.20240301.git6f6bb13.
I encountered many problems and spent a lot of time, but I finally figured it out. So far, I am very satisfied with it. I share it today and hope you will be satisfied too.