{"id":20464842,"url":"https://github.com/envoyproxy/envoy-openssl","last_synced_at":"2025-04-06T07:09:48.406Z","repository":{"id":39709161,"uuid":"193154690","full_name":"envoyproxy/envoy-openssl","owner":"envoyproxy","description":"Envoy OpenSSL extensions","archived":false,"fork":false,"pushed_at":"2024-10-24T01:31:13.000Z","size":260532,"stargazers_count":47,"open_issues_count":38,"forks_count":45,"subscribers_count":19,"default_branch":"release/v1.28","last_synced_at":"2024-10-24T17:09:25.838Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/envoyproxy.png","metadata":{"files":{"readme":"README.md","changelog":"changelogs/1.0.0.yaml","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":"support/README.md","governance":"GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-21T20:09:57.000Z","updated_at":"2024-10-22T09:40:46.000Z","dependencies_parsed_at":"2024-01-10T17:10:31.491Z","dependency_job_id":"f806b519-1806-4e85-9da3-50de5815af81","html_url":"https://github.com/envoyproxy/envoy-openssl","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Fenvoy-openssl","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Fenvoy-openssl/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Fenvoy-openssl/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/envoyproxy%2Fenvoy-openssl/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/envoyproxy","download_url":"https://codeload.github.com/envoyproxy/envoy-openssl/tar.gz/refs/heads/release/v1.28","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247445667,"owners_count":20939958,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T13:16:36.727Z","updated_at":"2025-04-06T07:09:43.391Z","avatar_url":"https://github.com/envoyproxy.png","language":"C++","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Envoy Logo](https://github.com/envoyproxy/artwork/blob/main/PNG/Envoy_Logo_Final_PANTONE.png)\n\n[Cloud-native high-performance edge/middle/service proxy](https://www.envoyproxy.io/)\n\n# Envoy OpenSSL\n\nThis README deals with the specifics of this [envoyproxy/envoy-openssl](https://github.com/envoyproxy/envoy-openssl) repository, describing primarily how it differs from the regular [envoyproxy/envoy](https://github.com/envoyproxy/envoy) repository. The full README for the regular [envoyproxy/envoy](https://github.com/envoyproxy/envoy) repository can be found [here](https://github.com/envoyproxy/envoy/blob/main/README.md). \n\n## Repository Structure\n\nThis repository is a copy of the regular [envoyproxy/envoy](https://github.com/envoyproxy/envoy)\nrepository, with additions \u0026 modifications that enable Envoy to be built on OpenSSL rather than\nBoringSSL. In addition to the regular Envoy repository structure, already described in\n[REPO_LAYOUT.md](REPO_LAYOUT.md), this repository has the following additions \u0026 modifications that\nare specific to building Envoy on OpenSSL:\n\n* `bssl-compat` This additional directory contains the BoringSSL Compatability Layer implementation. This provides an implementation of the BoringSSL API on top of the OpenSSL libraries.\n* `openssl` This additional directory contains config \u0026 script files for building Envoy on the `bssl-compat` library rather than on BoringSSL. Where possible, these scripts are minimal wrappers, and delegate most of their behavior to the corresponding scripts in the regular envoy `ci` directory.\n* `WORKSPACE` This is the regular envoy `WORKSPACE` file with an additional `local_repository` declaration for the `bssl-compat` library.\n\n## Branching\n\nIt is intended that this repository contains the same `release/v1.xx` branch structure as the\nregular envoy repository, starting from `release/v1.26`. Each of those branches is a copy of the\nidentically named branch from the regular [envoyproxy/envoy](https://github.com/envoyproxy/envoy)\nrepository, with the addition of:\n\n* The additional script \u0026 config files, required to build on OpenSSL, as described above.\n* Modifications to envoy source code that cannot be hidden in the `bssl-compat` layer.\n\nNote that the initial `release/v1.26` branch is *not* intended for production.\nIt is anticipated that `release/v1.28` will be the first branch to reach production.\n\n## Building\n\nThe process for building envoy-openssl is very similar to building regular envoy, wherever possible\nreusing the same builder image and the same scripts, and the same steps.\n\nBuilding the envoy-openssl project is done in a build container which is based on the regular envoy\nbuild container, but with some additional requirements installed, including OpenSSL 3.0.x. This build\ncontainer is launched using the the `openssl/run_envoy_docker.sh` script, which handles some openssl\nspecific config and then passes control to the regular `ci/run_envoy_docker.sh` script.\n\nBuilding \u0026 running tests, and building the envoy binary itself, is done using the regular\n`ci/do_ci.sh` script.\n\nAlthough the regular `ci/do_ci.sh` script supports many options for building \u0026 testing different\nvariants of envoy, as descibed in [ci/README](ci/README.md), including the use of various sanitizers,\nthe envoy-openssl project has so far only been built and tested using the `debug` options described\nbelow. All of the other `ci/do_ci.sh` options that are described in the regular envoy documentation\n[here](https://github.com/envoyproxy/envoy/tree/main/ci#readme) _may_ work but have not been tested.\n\nTo build the envoy executable and run specified tests, in debug mode:\n```bash\n./openssl/run_envoy_docker.sh './ci/do_ci.sh debug //test/extensions/transport_sockets/tls/...'\n```\n\nTo build just the envoy executable, in debug mode:\n```bash\n./openssl/run_envoy_docker.sh './ci/do_ci.sh debug.server_only'\n```\n\nAfter running these build commands, the resulting envoy executable can be found in the host's file\nsystem at `/tmp/envoy-docker-build/envoy/x64/source/exe/envoy/envoy`. Note that you can place the\nbuild artifacts at a different location on the host by setting ENVOY_DOCKER_BUILD_DIR environment\nvariable _before_ invoking the `openssl/run_envoy_docker.sh` script. For example, running the\nfollowing command would put the build artifact in `/build/envoy/x64/source/exe/envoy/envoy`:\n```bash\nENVOY_DOCKER_BUILD_DIR=/build ./openssl/run_envoy_docker.sh './ci/do_ci.sh debug.server_only'\n```\n\nNote that, in addition to running the `do_ci.sh` script directly in batch mode, as done in the examples\nabove, the `openssl/run_envoy_docker.sh` script can also be used to run an interactive shell, which\ncan be more convenient, for example when repeatedly building \u0026 running tests:\n\n```bash\nhost $ ./openssl/run_envoy_docker.sh bash\n\ncontainer $ ./ci/do_ci.sh debug //test/extensions/transport_sockets/tls/...\ncontainer $ ./ci/do_ci.sh debug //test/common/runtime/...\n```\n\n## Running Envoy\n\nWhen running the envoy executable in the build container, by default it will fail, with the following error\nmessage, bacause the build image only has OpenSSL 1.1.x installed, but the envoy executable needs to load\nand use OpenSSL 3.0.x libraries:\n\n```bash\n$ /build/envoy/x64/source/exe/envoy/envoy --version\nExpecting to load OpenSSL version 3.0.x but got 1.1.6\n```\n\nTo ensure that envoy loads the OpenSSL 3.0.x libraries, their path needs to be prepended to `LD_LIBRARY_PATH` before it is executed:\n\n```bash\n$ LD_LIBRARY_PATH=$OPENSSL_ROOT_DIR/lib64:$LD_LIBRARY_PATH /build/envoy/x64/source/exe/envoy/envoy --version\n/build/envoy/x64/source/exe/envoy/envoy  version: dcd3e1c50ace27b14441fc8b28650b62c0bf2dd2/1.26.8-dev/Modified/DEBUG/BoringSSL\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvoyproxy%2Fenvoy-openssl","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fenvoyproxy%2Fenvoy-openssl","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fenvoyproxy%2Fenvoy-openssl/lists"}