vtest and varnish-cache repo relationship

Willy Tarreau w at 1wt.eu
Sat May 10 17:45:51 UTC 2025 

Hi Julian,

On Tue, May 06, 2025 at 05:43:28PM +0300, Julian Wiesener wrote:
> Hi,
> 
> as i'm working on VTest HTTP/3, this discussion is of particular intrest to me.

Oh that's cool!

> Still WIP, i have not shared any code, thus i assume most of you are not
> aware of my efforts, so thanks for considering my opinion.
> 
> I used ngtcp2/nghttp3 and implemented the needed VUDP* equalents for what is
> VTCP* in Varnish as well as its VTest copy (see lib/vtcp.h).
> To me it would make much sense to have it in a shared library, basically the
> "varnish-lib" idea.
> Of course it would mean, that it would be OK, to have (at least optional)
> dependencies on ngtcp2, nghttp3 and a SSL Library*.
> IIRC HAproxy already have an other HTTP/3 implementation, so i would assume
> they would not be intrested, in using "varnish-lib" outside of VTest,
> but there might still be room for collaboration in the future.

We do indeed have out own H3/QUIC implementation, but it's independent
on vtest. For us, vtest is a totally standalone tool. We simply update
it from time to time. Also it totally makes sense to me to use ngtcp2
and nghttp3 for vtest, because these libs are widely used and generally
considered as a reference implementation, something that vtest would
definitely benefit from.

> For Varnish, i think it would make sense to use the poposed lib for HTTP/3, i
> would keep the server init (TLS Key reading etc.) out of the shared lib, so
> Varnish can still use other means (keyless).

I can't speak for that part :-)

> * ATM i use WolfSSL as my OS comes with a LibreSSL without Quic support,
> however, new enough OpenSSL, its derivates and GNUtls can be used with ngtcp2

You may want to have a look at aws-lc. It's really cool. It's a fork of
BoringSSL but with a stable API. As such, it's compatible with the openssl
API, and supports QUIC via the de-facto standard API that all libs now
support, and is fast. Plus it builds easily and relatively quickly (not
as fast as wolfssl though). On the other hand, wolfssl is so light and
builds so fast that it can also be a source dependency for the vtest
project. One just needs to make sure to properly configure it for the
local machine.

Hoping this helps,
Willy

More information about the varnish-dev mailing list