HTTPS support, replace client implementation?

[hrydgard]

PPSSPP currently uses a fully custom but too simple HTTP client implementation.

It does not support SSL (https) nor does it support http2, etc.

Currently it's only really used for version checks and the store, but as more things will be added (like retroachievements) it starts looking silly that we don't have a proper https implementation.

Ideally I'd like to avoid depending on openssl which has always been an awkward dependency.

One option would be to use native https implementations on each platform (like Android's java https, Windows also has one, etc) but it gets messy. So not sure what to choose.

Options:

• openssl (bloat)
• wolfssl (bloat, dubious business model)
• mbedtls (looking fairly promising)
• naett (platform https wrapper) (chosen!)

of those, three are TLS libraries that we could wrap around our http client, while naett takes over the whole http request machinery.

[anr2me]

This will also be helpful in implementing sceHTTPS syscalls in the future :) although such library is rarely used other than for authentication and Browser apps.

Btw, how about using WolfSSL ? as i remembered there is an emulator using it (i forgot which one)

Edit: RPCS3 seems to use it.

Client side example https://www.freertos.org/FreeRTOS-Plus/WolfSSL/Using-SSL-TLS-in-a-client-site-application.html
Server side example https://www.freertos.org/FreeRTOS-Plus/WolfSSL/Using-SSL-TLS-in-a-server-site-application.html

wolfSSL seems to have compatibility layer for migrating from OpenSSL to wolfSSL:

You can implement our compatibility layer without changing your code. To do so you'll want to:

1. Change your compiler include path -Iwolfssl -Iwolfssl/wolfssl. This includes the wolfssl root and the wolfssl/wolfssl header folder.
2. Change your library to use -lwolfssl.

Also when build the wolfssl library to include the openssl compatibility layer you'll need to add the --enable-opensslextra option. To see a list of options you can use ./configure --help.

PS: another interesting library (native HTTP/HTTPS wrapper) https://github.com/erkkah/naett

[hrydgard]

wolfSSL looks worth looking at, thanks for the suggestion!

[hrydgard]

naett actually looks better for our purposes, even though it won't be guaranteed identical across platforms. Only other drawback I guess would be an added curl dependency on linux, but that shouldn't be a big deal I hope..

[webgeek1234]

https://gitlab.incom.co/libretro/ppsspp/-/jobs/169312#L548

This seems to have broken android builds on newer ndk versions. My libretro android builds are failing like the above log shows. This is with ndk r25c. It looks like the github workflow here is using r21, while official libretro builds use r22. Neither of those are failing. Which probably means it's something more recent clang versions are being more strict about.

[hrydgard]

Thanks, I'll submit a fix. We actually specify an NDK version in our build file and it's not practical to test compilation on multiple, so sometimes that sort of thing can break temporarily.

[hrydgard]

I've submitted what I believe to be a fix to that specific error, though not tested myself on the newer NDK.

[webgeek1234]

https://gitlab.incom.co/libretro/ppsspp/-/jobs/169694#L542

The fix from last week worked, but building on the newer ndk broke again after the switch back to upstream neatt. Appears that the change to move the variable declarations was not upstreamed.

[hrydgard]

Thanks for checking @webgeek1234 , I missed that. I'll get it upstreamed.

[hrydgard]

@webgeek1234 Should be fixed now.

[bengalih]

Will this support game streaming over SSL as well?
I'm not sure what sort of performance hit this would take.
I am able to play games fine in most cases when connected to my home network via VPN from another location with fast internet.
Would be nice to not have to establish VPN and use direct SSL. I expect if the games i playable over the VPN's encryption, it should be playable over SSL encryption instead?

Wanted to try to use NGINX as a proxy, but the lack of the client to provide (support?) https:// in it's string and no basic authentication makes this impossible to test.

[anr2me]

Will this support game streaming over SSL as well? I'm not sure what sort of performance hit this would take. I am able to play games fine in most cases when connected to my home network via VPN from another location with fast internet. Would be nice to not have to establish VPN and use direct SSL. I expect if the games i playable over the VPN's encryption, it should be playable over SSL encryption instead?

Wanted to try to use NGINX as a proxy, but the lack of the client to provide (support?) https:// in it's string and no basic authentication makes this impossible to test.

Are you talking about remote disc feature?

[bengalih]

Will this support game streaming over SSL as well? I'm not sure what sort of performance hit this would take. I am able to play games fine in most cases when connected to my home network via VPN from another location with fast internet. Would be nice to not have to establish VPN and use direct SSL. I expect if the games i playable over the VPN's encryption, it should be playable over SSL encryption instead?
Wanted to try to use NGINX as a proxy, but the lack of the client to provide (support?) https:// in it's string and no basic authentication makes this impossible to test.

Are you talking about remote disc feature?

Yes sir. Remote disc streaming.
Now, granted I have a fiber connection at home, but I am able to play in remote locations if they also have a decent download.
Not sure if this case was ever assumed, or if it was designed to play over LAN only, just letting you know at least one person does sometimes use it over WAN.