Skip to content

Allow to use custom OpenSSL version #5614

New issue
New issue
Open
Feature
Open
Allow to use custom OpenSSL version#5614
Feature
Labels
externalProposed by non-MSFTfeature requestA request for new functionalitygood first issueGood for newcomers
@j-schultz

Description

@j-schultz
j-schultz
opened on Nov 20, 2025

Describe the feature you'd like supported

OpenSSL is a complex dependency, and in many projects it is actually a dependency of multiple packages. As a critical component, it is important to keep OpenSSL up-to-date. Hence, we want each one of our dependencies to link against the same OpenSSL version that we supply, to avoid the danger of one package shipping its own potentially outdated and vulnerable OpenSSL version, and having to wait for each individual package to update its dependencies. This also helps when statically linking dependencies, because you cannot easily statically link two different versions of the same library.

Proposed solution

I propose that msquic adds a possibility for OpenSSL (and potentially also for other vendored components) for the user to choose how to find OpenSSL:

  • Use submodule
  • Supply OPENSSL_LIB_DIR and OPENSSL_INCLUDE_DIR variables
  • Use find_package

Additional context

See #5166

Metadata

Metadata

Assignees

No one assigned

    Labels

    externalProposed by non-MSFTfeature requestA request for new functionalitygood first issueGood for newcomers

    Type

    Feature

    Projects

    DPT Iteration Tracker

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions