QUIC: multiple versions support in ALPN.

Previously, a version based on NGX_QUIC_DRAFT_VERSION was always set. Now it is taken from the negotiated QUIC version that may differ.
author: Sergey Kandaurov <pluknet@nginx.com> 2020-11-10 00:32:56 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> 2020-11-10 00:32:56 +0300
commit: b19923f91bd41f17470c0d4538ba15adcc0b95e8 (patch)
tree: 46f5758ae9d63dbc24ad52c0c8fdc9720e151706 /src/http/modules/ngx_http_ssl_module.c
parent: 7f434603875b35998f09e43e8ed27381bb8094cb (diff)
download: nginx-b19923f91bd41f17470c0d4538ba15adcc0b95e8.tar.gz
nginx-b19923f91bd41f17470c0d4538ba15adcc0b95e8.zip
1 files changed, 27 insertions, 8 deletions
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index a2db307f7..111de479b 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -418,6 +418,9 @@ ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out,
     unsigned char *outlen, const unsigned char *in, unsigned int inlen,
     void *arg)
 {
+#if (NGX_HTTP_QUIC)
+    const char             *fmt;
+#endif
     unsigned int            srvlen;
     unsigned char          *srv;
 #if (NGX_DEBUG)
@@ -452,16 +455,32 @@ ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out,
 
     } else
 #endif
-#if (NGX_HTTP_V3)
-    if (hc->addr_conf->http3) {
-        srv = (unsigned char *) NGX_HTTP_V3_ALPN_ADVERTISE;
-        srvlen = sizeof(NGX_HTTP_V3_ALPN_ADVERTISE) - 1;
-    } else
-#endif
 #if (NGX_HTTP_QUIC)
     if (hc->addr_conf->quic) {
-        srv = (unsigned char *) NGX_HTTP_QUIC_ALPN_ADVERTISE;
-        srvlen = sizeof(NGX_HTTP_QUIC_ALPN_ADVERTISE) - 1;
+#if (NGX_HTTP_V3)
+        if (hc->addr_conf->http3) {
+            srv = (unsigned char *) NGX_HTTP_V3_ALPN_ADVERTISE;
+            srvlen = sizeof(NGX_HTTP_V3_ALPN_ADVERTISE) - 1;
+            fmt = NGX_HTTP_V3_ALPN_DRAFT_FMT;
+
+        } else
+#endif
+        {
+            srv = (unsigned char *) NGX_HTTP_QUIC_ALPN_ADVERTISE;
+            srvlen = sizeof(NGX_HTTP_QUIC_ALPN_ADVERTISE) - 1;
+            fmt = NGX_HTTP_QUIC_ALPN_DRAFT_FMT;
+        }
+
+        /* QUIC draft */
+
+        if (ngx_quic_version(c) > 1) {
+            srv = ngx_pnalloc(c->pool, sizeof("\x05h3-xx") - 1);
+            if (srv == NULL) {
+                return SSL_TLSEXT_ERR_NOACK;
+            }
+            srvlen = ngx_sprintf(srv, fmt, ngx_quic_version(c)) - srv;
+        }
+
     } else
 #endif
     {
author	Sergey Kandaurov <pluknet@nginx.com>	2020-11-10 00:32:56 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	2020-11-10 00:32:56 +0300
commit	b19923f91bd41f17470c0d4538ba15adcc0b95e8 (patch)
tree	46f5758ae9d63dbc24ad52c0c8fdc9720e151706 /src/http/modules/ngx_http_ssl_module.c
parent	7f434603875b35998f09e43e8ed27381bb8094cb (diff)
download	nginx-b19923f91bd41f17470c0d4538ba15adcc0b95e8.tar.gz nginx-b19923f91bd41f17470c0d4538ba15adcc0b95e8.zip