combine all supported libs into single Dockerfile

Author: chipitsine

Dockerfile

@@ -1,12 +1,25 @@
 FROM ubuntu:20.04 AS builder-ssl
+ARG SSLLIB=QuicTLS
 
+# combined list of dependencies for QuicTLS, AWS-LC
 ENV DEBIAN_FRONTEND noninteractive
-RUN apt-get -y update && apt-get -y install git make gcc
+RUN apt-get -y update && apt-get -y install git g++ make gcc wget autoconf libtool cmake curl
 
-RUN git clone --depth 1 -b OpenSSL_1_1_1s+quic https://github.com/quictls/openssl.git
-RUN cd /openssl && ./config && make -j$(nproc) && make install_sw
+# AWS-LC requirement
+COPY --from=golang:latest /usr/local/go/ /usr/local/go/
+ENV PATH="/usr/local/go/bin:${PATH}"
+
+RUN if [ "$SSLLIB" = "QuicTLS" ]; \
+      then git clone --depth 1 -b OpenSSL_1_1_1s+quic https://github.com/quictls/openssl.git && cd /openssl && ./config && make -j$(nproc) && make install_sw; \
+      elif [ "$SSLLIB" = "AWS-LC" ]; \
+      then git clone https://github.com/aws/aws-lc && cd aws-lc && cmake -DBUILD_SHARED_LIBS=1 -B build && make -C build && make -C build install; \
+      elif [ "$SSLLIB" = "LibreSSL" ]; \
+      then git clone https://github.com/libressl/portable.git libressl && cd /libressl && ./autogen.sh && autoreconf -fvi && ./configure && make && make install; \
+      else echo "not supported SSLLIB"; exit 1; \
+    fi
 
 FROM ubuntu:20.04 AS builder
+ARG SSLLIB=QuicTLS
 
 COPY --from=builder-ssl /usr/local/include/openssl/ /usr/local/include/openssl/
 COPY --from=builder-ssl \
@@ -23,13 +36,13 @@ RUN apt-get -y update && apt-get -y install git make gcc liblua5.3-0 liblua5.3-d
     CC=gcc \
     TARGET=linux-glibc \
     CPU=generic \
-    USE_OPENSSL=1 \
+    $(if [ "$SSLLIB" = "QuicTLS" ]; then echo USE_OPENSSL=1; elif [ "$SSLLIB" = "LibreSSL" ]; then echo USE_OPENSSL=1; elif [ "$SSLLIB" = "AWS-LC" ]; then echo USE_OPENSSL_AWSLC=1; else echo "not supported SSLLIB"; exit 1; fi) \
     USE_QUIC=1 \
     SSL_INC=/usr/local/include/ \
     SSL_LIB=/usr/local/lib/ \
     SMALL_OPTS="" \
     CPU_CFLAGS.generic="-O0" \
-    DEBUG_CFLAGS="-g -Wno-deprecated-declarations" \
+    ARCH_FLAGS="-g -Wno-deprecated-declarations" \
     ERR=1 \
     DEBUG="-DDEBUG_DONT_SHARE_POOLS -DDEBUG_MEMORY_POOLS -DDEBUG_STRICT=2 -DDEBUG_TASK -DDEBUG_FAIL_ALLOC" \
     LDFLAGS="-fuse-ld=gold" \
@@ -39,6 +52,7 @@ RUN apt-get -y update && apt-get -y install git make gcc liblua5.3-0 liblua5.3-d
   && make install
 
 FROM martenseemann/quic-network-simulator-endpoint:latest
+ARG SSLLIB=QuicTLS
 
 # Required for lighttpd
 ENV TZ=Europe/Paris
@@ -48,9 +62,13 @@ RUN apt-get -y update && apt-get -y install lighttpd liblua5.3-0 && rm -rf /var/
 COPY --from=builder-ssl \
   /usr/local/lib/libssl.so* /usr/local/lib/libcrypto.so* /usr/local/lib/
 COPY --from=builder /usr/local/sbin/haproxy /usr/local/sbin/
-COPY quic.cfg lighttpd.cfg /
+COPY quic.cfg quic-libressl.cfg lighttpd.cfg /
 COPY sslkeylogger.lua /
 
+RUN if [ "$SSLLIB" = "LibreSSL" ]; \
+      then mv /quic-libressl.cfg /quic.cfg; \
+    fi
+
 COPY run_endpoint.sh .
 RUN chmod +x run_endpoint.sh
 

quic-libressl.cfg

@@ -0,0 +1,39 @@
+global
+    cluster-secret what-a-secret!
+
+    #tune.ssl.keylog on
+    lua-load sslkeylogger.lua
+
+defaults
+	mode http
+	timeout connect 5s
+	timeout client  60s
+	timeout server  5s
+	timeout tunnel  1h
+
+frontend fe
+	bind quic4@:443 proto quic ssl allow-0rtt crt /tmp/cert.pem alpn hq-interop,h3 "${HAP_EXTRA_ARGS}"
+	bind quic6@:443 proto quic ssl allow-0rtt crt /tmp/cert.pem alpn hq-interop,h3 "${HAP_EXTRA_ARGS}"
+
+	http-request lua.sslkeylog /logs/keys.log
+
+	use_backend be
+
+backend be
+	server lighttpd 127.0.0.1:10080
+
+traces
+    trace quic sink stderr
+    trace quic level developer
+    trace quic verbosity clean
+    trace quic start now
+
+    trace qmux sink stderr
+    trace qmux level developer
+    trace qmux verbosity minimal
+    trace qmux start now
+
+    trace h3 sink stderr
+    trace h3 level developer
+    trace h3 verbosity minimal
+    trace h3 start now