diff options
| -rw-r--r-- | interop/quic-openssl-docker/Dockerfile | 43 | ||||
| -rw-r--r-- | interop/quic-openssl-docker/README.md | 23 | ||||
| -rw-r--r-- | interop/quic-openssl-docker/run_endpoint.sh | 87 |
3 files changed, 153 insertions, 0 deletions
diff --git a/interop/quic-openssl-docker/Dockerfile b/interop/quic-openssl-docker/Dockerfile new file mode 100644 index 0000000000..c35c0f80b8 --- /dev/null +++ b/interop/quic-openssl-docker/Dockerfile @@ -0,0 +1,43 @@ +FROM martenseemann/quic-network-simulator-endpoint:latest + +# Make sure curl picks up the new openssl +ENV PKG_CONFIG_LIBDIR=/usr/lib64/pkgconfig:/usr/lib/pkgconfig:/usr/lib/x86_64-linux-gnu/pkgconfig/:$PKG_CONFIG_LIBDIR +# Set the environment variable LD_LIBRARY_PATH to ensure we get the right libraries +ENV LD_LIBRARY_PATH=/usr/lib64:/usr/lib:/usr/lib/x86_64-linux-gnu:$LD_LIBRARY_PATH + +# Install needed tools +RUN apt-get update && apt-get install -y \ + git make gcc perl cmake build-essential \ + autoconf libtool pkg-config libpsl-dev + +# build nghttp3 +RUN git clone https://github.com/ngtcp2/nghttp3.git && \ + cd nghttp3 && \ + git submodule update --init && \ + autoreconf -i && \ + ./configure --prefix=/usr && \ + make -j check && \ + make install && \ + rm -rf nghttp3 + +# download and build openssl +RUN git clone https://github.com/openssl/openssl.git && \ + cd openssl && \ + ./Configure enable-fips no-docs --prefix=/usr --openssldir=/etc/pki/tls && \ + make -j && make install && \ + rm -rf openssl + +# Build curl +RUN git clone https://github.com/curl/curl.git && \ + cd curl && \ + autoreconf -fi && ./configure --with-openssl-quic --with-openssl --with-nghttp3 --prefix=/usr && \ + make -j && \ + make install && \ + rm -rf /curl + +# copy run script and run it +COPY run_endpoint.sh . +RUN chmod +x run_endpoint.sh +RUN apt-get clean +ENTRYPOINT [ "./run_endpoint.sh" ] + diff --git a/interop/quic-openssl-docker/README.md b/interop/quic-openssl-docker/README.md new file mode 100644 index 0000000000..ff5a55834f --- /dev/null +++ b/interop/quic-openssl-docker/README.md @@ -0,0 +1,23 @@ +quic-openssl-docker +=================== + +Dockerfile for quic working group interop testing + +Overview +-------- + +This Dockerfile builds a container for use with the +[QUIC working group interop testing facility](https://interop.seemann.io/?run=2024-08-05T08:30) +It can also be used locally to test QUIC interoperability via the +[QUIC interop runner](https://github.com/quic-interop/quic-interop-runner) +Please see instructions there for running local interop testing + +Building the container +---------------------- + +From this directory: +`docker build -t quay.io/openssl-ci/openssl-quic-interop:latest .` + +Note the tag name is important, as the interop runner knows the container +by this name. If you build locally with changes, the interop runner project +will pick up the container from your local registry rather than downloading it diff --git a/interop/quic-openssl-docker/run_endpoint.sh b/interop/quic-openssl-docker/run_endpoint.sh new file mode 100644 index 0000000000..c9ecd668f7 --- /dev/null +++ b/interop/quic-openssl-docker/run_endpoint.sh @@ -0,0 +1,87 @@ +#!/bin/bash + +CURLRC=~/testcase_curlrc + +# Set up the routing needed for the simulation +/setup.sh + +# The following variables are available for use: +# - ROLE contains the role of this execution context, client or server +# - SERVER_PARAMS contains user-supplied command line parameters +# - CLIENT_PARAMS contains user-supplied command line parameters + +generate_outputs_http3() { + for i in $REQUESTS + do + OUTFILE=$(basename $i) + echo -e "--http3-only\n-o /downloads/$OUTFILE\n--url $i" >> $CURLRC + echo "--next" >> $CURLRC + done + # Remove the last --next + head -n -1 $CURLRC > $CURLRC.tmp + mv $CURLRC.tmp $CURLRC +} + +dump_curlrc() { + echo "Using curlrc:" + cat $CURLRC +} + +if [ "$ROLE" == "client" ]; then + # Wait for the simulator to start up. + echo "Waiting for simulator" + /wait-for-it.sh sim:57832 -s -t 30 + echo "TESTCASE is $TESTCASE" + rm -f $CURLRC + + case "$TESTCASE" in + "http3"|"transfer") + echo -e "--verbose\n--parallel" >> $CURLRC + generate_outputs_http3 + dump_curlrc + SSL_CERT_FILE=/certs/ca.pem curl --config $CURLRC + if [ $? -ne 0 ] + then + exit 1 + fi + exit 0 + ;; + "handshake") + OUTFILE=$(basename $REQUESTS) + echo -e "--verbose\n--http3\n-H \"Connection: close\"\n-o /downloads/$OUTFILE\n--url $REQUESTS" >> $CURLRC + dump_curlrc + SSL_CERT_FILE=/certs/ca.pem curl --config $CURLRC + if [ $? -ne 0 ] + then + exit 1 + fi + exit 0 + ;; + "retry") + OUTFILE=$(basename $REQUESTS) + SSL_CERT_FILE=/certs/ca.pem curl --verbose --http3 -o /downloads/$OUTFILE $REQUESTS + if [ $? -ne 0 ] + then + exit 1 + fi + exit 0 + ;; + "chacha20") + OUTFILE=$(basename $REQUESTS) + SSL_CERT_FILE=/certs/ca.pem curl --verbose --tlsv1.3 --tls13-ciphers TLS_CHACHA20_POLY1305_SHA256 --http3 -o /downloads/$OUTFILE $REQUESTS + if [ $? -ne 0 ] + then + exit 1 + fi + exit 0 + ;; + *) + echo "UNSUPPORTED TESTCASE $TESTCASE" + exit 127 + ;; + esac +elif [ "$ROLE" == "server" ]; then + echo "UNSUPPORTED" + exit 127 +fi + |