From 2e232cd07403a8570c1a8a32f45f391c4fcc13dd Mon Sep 17 00:00:00 2001
From: Brian Neradt <brian.neradt@gmail.com>
Date: Wed, 12 May 2021 18:29:36 +0000
Subject: [PATCH] build_h3_tools: use draft-29

This changes build_h3_tools to build openssl-quic with branch
OpenSSL_1_1_1g-quic-draft-29 since that is what ATS currently supports.
Building against draft-32 results in functional HTTP/3 behavior but not
HTTPS behavior. Further, curl built against draft-32 also has HTTPS
problems.

This also makes /opt/openssl-quic a symlink to the built directory which
contains the explicit openssl draft branch name. Thus, with default
environment parameters, running the script results in the following:

$ ls -lad /opt/openssl-quic*
lrwxrwxrwx 1 root root 46 May 12 18:50 /opt/openssl-quic -> /opt/openssl-quic-OpenSSL_1_1_1g-quic-draft-29
drwxr-xr-x 7 root root 67 May 12 18:49 /opt/openssl-quic-OpenSSL_1_1_1g-quic-draft-29
---
 tools/build_h3_tools.sh | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/tools/build_h3_tools.sh b/tools/build_h3_tools.sh
index 80c188c012c..ff5523a3d6c 100755
--- a/tools/build_h3_tools.sh
+++ b/tools/build_h3_tools.sh
@@ -19,15 +19,20 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 
-# Probably have to change these to your preferred installation directory
+# Update this as the draft we support updates.
+OPENSSL_BRANCH=${OPENSSL_BRANCH:-"OpenSSL_1_1_1g-quic-draft-29"}
+
+# Set these, if desired, to change these to your preferred installation
+# directory
 BASE=${BASE:-"/opt"}
-OPENSSL=${OPENSSL:-"${BASE}/openssl-quic"}
+OPENSSL_BASE=${OPENSSL_BASE:-"${BASE}/openssl-quic"}
+OPENSSL_PREFIX=${OPENSSL_PREFIX:-"${OPENSSL_BASE}-${OPENSSL_BRANCH}"}
 MAKE="make"
 
 # These are for Linux like systems, specially the LDFLAGS, also depends on dirs above
 CFLAGS=${CFLAGS:-"-O3 -g"}
 CXXFLAGS=${CXXFLAGS:-"-O3 -g"}
-LDFLAGS=${LDFLAGS:-"-Wl,-rpath=${OPENSSL}/lib"}
+LDFLAGS=${LDFLAGS:-"-Wl,-rpath=${OPENSSL_PREFIX}/lib"}
 
 if [ -e /etc/redhat-release ]; then
     MAKE="gmake"
@@ -54,11 +59,15 @@ fi
 
 # OpenSSL needs special hackery ... Only grabbing the branch we need here... Bryan has shit for network.
 echo "Building OpenSSL with QUIC support"
-[ ! -d openssl-quic ] && git clone -b OpenSSL_1_1_1g-quic-draft-32 --depth 1 https://github.com/tatsuhiro-t/openssl openssl-quic
+[ ! -d openssl-quic ] && git clone -b ${OPENSSL_BRANCH} --depth 1 https://github.com/tatsuhiro-t/openssl openssl-quic
 cd openssl-quic
-./config --prefix=${OPENSSL}
+./config --prefix=${OPENSSL_PREFIX}
 ${MAKE} -j $(nproc)
 sudo ${MAKE} install
+
+# The symlink target provides a more convenient path for the user while also
+# providing, in the symlink source, the precise draft of the OpenSSL build.
+sudo ln -sf ${OPENSSL_PREFIX} ${OPENSSL_BASE}
 cd ..
 
 # Then nghttp3
@@ -66,7 +75,7 @@ echo "Building nghttp3..."
 [ ! -d nghttp3 ] && git clone https://github.com/ngtcp2/nghttp3.git
 cd nghttp3
 autoreconf -if
-./configure --prefix=${BASE} PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL}/lib/pkgconfig CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}"
+./configure --prefix=${BASE} PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_PREFIX}/lib/pkgconfig CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}"
 ${MAKE} -j $(nproc)
 sudo ${MAKE} install
 cd ..
@@ -76,7 +85,7 @@ echo "Building ngtcp2..."
 [ ! -d ngtcp2 ] && git clone https://github.com/ngtcp2/ngtcp2.git
 cd ngtcp2
 autoreconf -if
-./configure --prefix=${BASE} PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL}/lib/pkgconfig CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}"
+./configure --prefix=${BASE} PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_PREFIX}/lib/pkgconfig CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}"
 ${MAKE} -j $(nproc)
 sudo ${MAKE} install
 cd ..
@@ -87,7 +96,7 @@ echo "Building nghttp2 ..."
 cd nghttp2
 git checkout --track -b quic origin/quic
 autoreconf -if
-./configure --prefix=${BASE} PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL}/lib/pkgconfig CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}"
+./configure --prefix=${BASE} PKG_CONFIG_PATH=${BASE}/lib/pkgconfig:${OPENSSL_PREFIX}/lib/pkgconfig CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}"
 ${MAKE} -j $(nproc)
 sudo ${MAKE} install
 cd ..
@@ -97,6 +106,6 @@ echo "Building curl ..."
 [ ! -d curl ] && git clone https://github.com/curl/curl.git
 cd curl
 autoreconf -i
-./configure --prefix=${BASE} --with-ssl=${OPENSSL} --with-nghttp2=${BASE} --with-nghttp3=${BASE} --with-ngtcp2=${BASE} CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}"
+./configure --prefix=${BASE} --with-ssl=${OPENSSL_PREFIX} --with-nghttp2=${BASE} --with-nghttp3=${BASE} --with-ngtcp2=${BASE} CFLAGS="${CFLAGS}" CXXFLAGS="${CXXFLAGS}" LDFLAGS="${LDFLAGS}"
 ${MAKE} -j $(nproc)
 sudo ${MAKE} install