src: gate all quic behind disabled-by-default compile flag

Due to 93ae85bd19 it is clear that we will need to revert back to using OpenSSL's official releases. This means we will be forced to re-implement at least part of the underlying QUIC implementation to use different crypto APIs. For that reason, this PR disables building any of the QUIC support by default and introduces a new compile time flag. PR-URL: https://github.com/nodejs/node/pull/57142 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Jordan Harband <ljharb@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: Stephen Belanger <admin@stephenbelanger.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
2025-02-19 13:49:30 -08:00 · 2025-02-19 13:49:30 -08:00 · 3b0fce1c96
commit 3b0fce1c96
parent 06d5701e0b
7 changed files with 26 additions and 34 deletions
--- a/configure.py
+++ b/configure.py
@ -38,7 +38,6 @@ import nodedownload
 sys.path.insert(0, 'tools')
 import getmoduleversion
 import getnapibuildversion
 import getsharedopensslhasquic
 from gyp_node import run_gyp
 from utils import SearchFiles
@ -847,6 +846,12 @@ parser.add_argument('--without-siphash',
 # End dummy list.
 parser.add_argument('--with-quic',
    action='store_true',
    dest='quic',
    default=None,
    help='build with QUIC support')
 parser.add_argument('--without-ssl',
    action='store_true',
    dest='without_ssl',
@ -1743,6 +1748,7 @@ def configure_openssl(o):
  variables['node_shared_ngtcp2'] = b(options.shared_ngtcp2)
  variables['node_shared_nghttp3'] = b(options.shared_nghttp3)
  variables['openssl_is_fips'] = b(options.openssl_is_fips)
  variables['node_quic'] = b(options.quic)
  variables['node_fipsinstall'] = b(False)
  if options.openssl_no_asm:
@ -1804,13 +1810,8 @@ def configure_openssl(o):
  if options.openssl_is_fips and not options.shared_openssl:
    variables['node_fipsinstall'] = b(True)
-  if options.shared_openssl:
+  variables['openssl_quic'] = b(options.quic)
-    has_quic = getsharedopensslhasquic.get_has_quic(options.__dict__['shared_openssl_includes'])
+  if options.quic:
  else:
    has_quic = getsharedopensslhasquic.get_has_quic('deps/openssl/openssl/include')
  variables['openssl_quic'] = b(has_quic)
  if has_quic:
    o['defines'] += ['NODE_OPENSSL_HAS_QUIC']
  configure_library('openssl', o)
--- a/node.gyp
+++ b/node.gyp
@ -927,12 +927,16 @@
        [ 'node_use_openssl=="true"', {
          'sources': [
            '<@(node_crypto_sources)',
            '<@(node_quic_sources)',
          ],
          'dependencies': [
            'deps/ncrypto/ncrypto.gyp:ncrypto',
          ],
        }],
        [ 'node_quic=="true"', {
          'sources': [
            '<@(node_quic_sources)',
          ],
        }],
        [ 'OS in "linux freebsd mac solaris" and '
          'target_arch=="x64" and '
          'node_target_type=="executable"', {
--- a/src/node_options.cc
+++ b/src/node_options.cc
@ -443,7 +443,13 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
            true);
  AddOption("--experimental-quic",
            "" /* undocumented until its development */,
 #ifdef NODE_OPENSSL_HAS_QUIC
            &EnvironmentOptions::experimental_quic,
 #else
            // Option is a no-op if the NODE_OPENSSL_HAS_QUIC
            // compile flag is not enabled
            NoOp{},
 #endif
            kAllowedInEnvvar);
  AddOption("--experimental-webstorage",
            "experimental Web Storage API",
--- a/src/node_options.h
+++ b/src/node_options.h
@ -127,7 +127,9 @@ class EnvironmentOptions : public Options {
  bool experimental_websocket = true;
  bool experimental_sqlite = true;
  bool experimental_webstorage = false;
 #ifdef NODE_OPENSSL_HAS_QUIC
  bool experimental_quic = false;
 #endif
  std::string localstorage_file;
  bool experimental_global_navigator = true;
  bool experimental_global_web_crypto = true;
--- a/test/common/index.js
+++ b/test/common/index.js
@ -54,7 +54,7 @@ const noop = () => {};
 const hasCrypto = Boolean(process.versions.openssl) &&
                  !process.env.NODE_SKIP_CRYPTO;
-const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
+const hasQuic = hasCrypto && !!process.config.variables.node_quic;
 function parseTestFlags(filename = process.argv[1]) {
  // The copyright notice is relatively big and the flags could come afterwards.
--- a/test/parallel/test-process-env-allowed-flags-are-documented.js
+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
@ -130,7 +130,9 @@ assert(undocumented.delete('--no-verify-base-objects'));
 assert(undocumented.delete('--trace-promises'));
 assert(undocumented.delete('--no-trace-promises'));
 assert(undocumented.delete('--experimental-quic'));
-assert(undocumented.delete('--no-experimental-quic'));
+if (common.hasQuic) {
  assert(undocumented.delete('--no-experimental-quic'));
 }
 // Remove negated versions of the flags.
 for (const flag of undocumented) {
--- a/tools/getsharedopensslhasquic.py
+++ b/tools/getsharedopensslhasquic.py
@ -1,23 +0,0 @@
 from __future__ import print_function
 import os
 import re
 def get_has_quic(include_path):
  if include_path:
    openssl_quic_h = os.path.join(
        include_path,
        'openssl',
        'quic.h')
    try:
      f = open(openssl_quic_h)
    except OSError:
      return False
    regex = r'^#\s*define OPENSSL_INFO_QUIC'
    for line in f:
      if (re.match(regex, line)):
        return True
  return False