Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTPS support, replace client implementation? #17583

Open
hrydgard opened this issue Jun 15, 2023 · 12 comments
Open

HTTPS support, replace client implementation? #17583

hrydgard opened this issue Jun 15, 2023 · 12 comments
Milestone

Comments

@hrydgard
Copy link
Owner

hrydgard commented Jun 15, 2023

PPSSPP currently uses a fully custom but too simple HTTP client implementation.

It does not support SSL (https) nor does it support http2, etc.

Currently it's only really used for version checks and the store, but as more things will be added (like retroachievements) it starts looking silly that we don't have a proper https implementation.

Ideally I'd like to avoid depending on openssl which has always been an awkward dependency.

One option would be to use native https implementations on each platform (like Android's java https, Windows also has one, etc) but it gets messy. So not sure what to choose.

Options:

  • openssl (bloat)
  • wolfssl (bloat, dubious business model)
  • mbedtls (looking fairly promising)
  • naett (platform https wrapper) (chosen!)

of those, three are TLS libraries that we could wrap around our http client, while naett takes over the whole http request machinery.

@hrydgard hrydgard added this to the Future-Prio milestone Jun 15, 2023
@anr2me
Copy link
Collaborator

anr2me commented Jun 15, 2023

This will also be helpful in implementing sceHTTPS syscalls in the future :) although such library is rarely used other than for authentication and Browser apps.

Btw, how about using WolfSSL ? as i remembered there is an emulator using it (i forgot which one)

Edit: RPCS3 seems to use it.

Client side example https://www.freertos.org/FreeRTOS-Plus/WolfSSL/Using-SSL-TLS-in-a-client-site-application.html
Server side example https://www.freertos.org/FreeRTOS-Plus/WolfSSL/Using-SSL-TLS-in-a-server-site-application.html

wolfSSL seems to have compatibility layer for migrating from OpenSSL to wolfSSL:

You can implement our compatibility layer without changing your code. To do so you'll want to:

  1. Change your compiler include path -Iwolfssl -Iwolfssl/wolfssl. This includes the wolfssl root and the wolfssl/wolfssl header folder.
  2. Change your library to use -lwolfssl.

Also when build the wolfssl library to include the openssl compatibility layer you'll need to add the --enable-opensslextra option. To see a list of options you can use ./configure --help.

PS: another interesting library (native HTTP/HTTPS wrapper) https://github.com/erkkah/naett

@hrydgard
Copy link
Owner Author

wolfSSL looks worth looking at, thanks for the suggestion!

@hrydgard
Copy link
Owner Author

hrydgard commented Jun 15, 2023

naett actually looks better for our purposes, even though it won't be guaranteed identical across platforms. Only other drawback I guess would be an added curl dependency on linux, but that shouldn't be a big deal I hope..

@webgeek1234
Copy link
Contributor

https://gitlab.incom.co/libretro/ppsspp/-/jobs/169312#L548

This seems to have broken android builds on newer ndk versions. My libretro android builds are failing like the above log shows. This is with ndk r25c. It looks like the github workflow here is using r21, while official libretro builds use r22. Neither of those are failing. Which probably means it's something more recent clang versions are being more strict about.

@hrydgard
Copy link
Owner Author

Thanks, I'll submit a fix. We actually specify an NDK version in our build file and it's not practical to test compilation on multiple, so sometimes that sort of thing can break temporarily.

@hrydgard
Copy link
Owner Author

I've submitted what I believe to be a fix to that specific error, though not tested myself on the newer NDK.

@webgeek1234
Copy link
Contributor

https://gitlab.incom.co/libretro/ppsspp/-/jobs/169694#L542

The fix from last week worked, but building on the newer ndk broke again after the switch back to upstream neatt. Appears that the change to move the variable declarations was not upstreamed.

@hrydgard
Copy link
Owner Author

hrydgard commented Aug 1, 2023

Thanks for checking @webgeek1234 , I missed that. I'll get it upstreamed.

@hrydgard
Copy link
Owner Author

hrydgard commented Aug 2, 2023

@webgeek1234 Should be fixed now.

@bengalih
Copy link

Will this support game streaming over SSL as well?
I'm not sure what sort of performance hit this would take.
I am able to play games fine in most cases when connected to my home network via VPN from another location with fast internet.
Would be nice to not have to establish VPN and use direct SSL. I expect if the games i playable over the VPN's encryption, it should be playable over SSL encryption instead?

Wanted to try to use NGINX as a proxy, but the lack of the client to provide (support?) https:// in it's string and no basic authentication makes this impossible to test.

@anr2me
Copy link
Collaborator

anr2me commented Nov 15, 2023

Will this support game streaming over SSL as well? I'm not sure what sort of performance hit this would take. I am able to play games fine in most cases when connected to my home network via VPN from another location with fast internet. Would be nice to not have to establish VPN and use direct SSL. I expect if the games i playable over the VPN's encryption, it should be playable over SSL encryption instead?

Wanted to try to use NGINX as a proxy, but the lack of the client to provide (support?) https:// in it's string and no basic authentication makes this impossible to test.

Are you talking about remote disc feature?

@bengalih
Copy link

Will this support game streaming over SSL as well? I'm not sure what sort of performance hit this would take. I am able to play games fine in most cases when connected to my home network via VPN from another location with fast internet. Would be nice to not have to establish VPN and use direct SSL. I expect if the games i playable over the VPN's encryption, it should be playable over SSL encryption instead?
Wanted to try to use NGINX as a proxy, but the lack of the client to provide (support?) https:// in it's string and no basic authentication makes this impossible to test.

Are you talking about remote disc feature?

Yes sir. Remote disc streaming.
Now, granted I have a fiber connection at home, but I am able to play in remote locations if they also have a decent download.
Not sure if this case was ever assumed, or if it was designed to play over LAN only, just letting you know at least one person does sometimes use it over WAN.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants