diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2023-02-22 19:16:53 +0400 |
|---|---|---|
| committer | Roman Arutyunyan <arut@nginx.com> | 2023-02-22 19:16:53 +0400 |
| commit | a36ebf7e95baebf445b0973bd270bc009b0b0e9a (patch) | |
| tree | 28f396ec4a7a6a828a8ee3e7f05b5e56ebbfecf4 /src/stream/ngx_stream_ssl_module.c | |
| parent | 76adb919138225b24280bc477ff468fd13cc9e62 (diff) | |
| download | nginx-a36ebf7e95baebf445b0973bd270bc009b0b0e9a.tar.gz nginx-a36ebf7e95baebf445b0973bd270bc009b0b0e9a.zip | |
QUIC: OpenSSL compatibility layer.
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.
This implementation does not support 0-RTT.
Diffstat (limited to 'src/stream/ngx_stream_ssl_module.c')
| -rw-r--r-- | src/stream/ngx_stream_ssl_module.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index 4b98f2586..4a4e75514 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -9,6 +9,10 @@ #include <ngx_core.h> #include <ngx_stream.h> +#if (NGX_QUIC_OPENSSL_COMPAT) +#include <ngx_event_quic_openssl_compat.h> +#endif + typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); @@ -1218,6 +1222,12 @@ ngx_stream_ssl_init(ngx_conf_t *cf) scf = listen[i].ctx->srv_conf[ngx_stream_ssl_module.ctx_index]; +#if (NGX_QUIC_OPENSSL_COMPAT) + if (ngx_quic_compat_init(cf, scf->ssl.ctx) != NGX_OK) { + return NGX_ERROR; + } +#endif + if (scf->certificates && !(scf->protocols & NGX_SSL_TLSv1_3)) { ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "\"ssl_protocols\" must enable TLSv1.3 for " |