support quic-go/qtls

[m4sterpro1]

panic: qtls.ConnectionState doesn't match

goroutine 1 [running]:
EeQqp0.init.0()
Xvd9xaugT.go:1 +0x1be

[mvdan]

The qtls library is tightly coupled with crypto/tls, to the point that it duplicates a struct definition and assumes it will be a perfect match:

https://github.com/quic-go/qtls-go1-20/blob/cdd4200a5686ff9fe88e28711a6533b6b6fb1746/unsafe.go#L10

This breaks when obfuscated, because we obfuscate each package differently.

An easy fix would be to teach garble that we should obfuscate the qtls packages exactly the same way we obfuscate crypto/tls. That's a pretty hacky fix, but it seems like official QUIC support is coming soon (golang/go#44886 and golang/go#58547), so I would hope that we'd be able to delete the hack soon after.

[m4sterpro1]

Thank you @mvdan ,but what can i do for that we obfuscate qtls the same way we obfuscate crypto/tls

[m4sterpro1]

And I got a new error:

panic: reflect: NumField of non-struct type uint8

goroutine 1 [running]:
reflect.(*rtype).NumField(0xc000010768?)
wAG8DvAMg2.go:1 +0x66

[mvdan]

Thank you @mvdan ,but what can i do for that we obfuscate qtls the same way we obfuscate crypto/tls

I'm mentioning how we can fix the code - it's not a workaround for users.

[Phuong39]

same problem, how i can ignore obfuscate quic-go/qtls ?

[mvdan]

By default all packages are obfuscated. You can control this via GOGARBLE=your/module/path, for example.

[marten-seemann]

That's a pretty hacky fix, but it seems like official QUIC support is coming soon (golang/go#44886 and golang/go#58547), so I would hope that we'd be able to delete the hack soon after.

You’ll be able to delete that hack with the upcoming Go 1.21 release, since quic-go won’t need to fork crypto/tls any more, now that the standard library added the needed TLS APIs.

Here’s our PR that integrates these changes: quic-go/quic-go#3860

[mvdan]

Excellent news :) I actually tried the hacky workaround but couldn't get it to work, so we don't have it in master. The first Go 1.21 release candidate will be out in two weeks, so any users blocked by this issue could always give that a try instead - we aim to support the upcoming Go release as well, and we already test against the latest Go "tip" (master).

[mvdan]

quic-go merged those changes in July, and I believe there isn't any forking of crypto/tls happening if you use Go 1.21 or later. So I believe this issue should now be resolved.

[sonvirgo]

Any news?
Go 1.22.4

[mvdan]

Use upstream Go's QUIC support directly: golang/go#44886

[marten-seemann]

Use upstream Go's QUIC support directly: golang/go#44886

... or if you still want to use a battle-tested QUIC stack, just update quic-go to v0.37.0 or newer (the current release is v0.45.0, lots of improvements since then!). Since v0.37.0 we rely on the new QUIC APIs in crypto/tls, and don't need qtls anymore.

[sonvirgo]

Thank you @mvdan & @marten-seemann. I'll try both packages soon.