QUIC: moved ssl configuration pointer to quic configuration.

The ssl configuration is obtained at config time and saved for future use.

6 files changed, 30 insertions, 31 deletions

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index 5b99e99b1..a9c092176 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -120,8 +120,6 @@ struct ngx_quic_connection_s {
 
     ngx_quic_conf_t                  *conf;
 
-    ngx_ssl_t                        *ssl;
-
     ngx_event_t                       push;
     ngx_event_t                       pto;
     ngx_event_t                       close;
@@ -193,7 +191,7 @@ static int ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn,
 
 
 static ngx_quic_connection_t *ngx_quic_new_connection(ngx_connection_t *c,
-    ngx_ssl_t *ssl, ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
+    ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
 static ngx_int_t ngx_quic_send_stateless_reset(ngx_connection_t *c,
     ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
 static ngx_int_t ngx_quic_process_stateless_reset(ngx_connection_t *c,
@@ -217,8 +215,8 @@ static ngx_int_t ngx_quic_close_streams(ngx_connection_t *c,
     ngx_quic_connection_t *qc);
 
 static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b,
-    ngx_ssl_t *ssl, ngx_quic_conf_t *conf);
-static ngx_int_t ngx_quic_process_packet(ngx_connection_t *c, ngx_ssl_t *ssl,
+    ngx_quic_conf_t *conf);
+static ngx_int_t ngx_quic_process_packet(ngx_connection_t *c,
     ngx_quic_conf_t *conf, ngx_quic_header_t *pkt);
 static ngx_int_t ngx_quic_init_secrets(ngx_connection_t *c);
 static void ngx_quic_discard_ctx(ngx_connection_t *c,
@@ -639,7 +637,7 @@ ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
 
 
 void
-ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_conf_t *conf)
+ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf)
 {
     ngx_int_t  rc;
 
@@ -647,7 +645,7 @@ ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_conf_t *conf)
 
     c->log->action = "QUIC initialization";
 
-    rc = ngx_quic_input(c, c->buffer, ssl, conf);
+    rc = ngx_quic_input(c, c->buffer, conf);
     if (rc != NGX_OK) {
         ngx_quic_close_connection(c, rc == NGX_DECLINED ? NGX_DONE : NGX_ERROR);
         return;
@@ -663,8 +661,8 @@ ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_conf_t *conf)
 
 
 static ngx_quic_connection_t *
-ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl,
-    ngx_quic_conf_t *conf, ngx_quic_header_t *pkt)
+ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
+    ngx_quic_header_t *pkt)
 {
     ngx_uint_t              i;
     ngx_quic_tp_t          *ctp;
@@ -718,7 +716,6 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl,
     qc->push.handler = ngx_quic_push_handler;
     qc->push.cancelable = 1;
 
-    qc->ssl = ssl;
     qc->conf = conf;
     qc->tp = conf->tp;
 
@@ -1211,7 +1208,7 @@ ngx_quic_init_connection(ngx_connection_t *c)
 
     qc = c->quic;
 
-    if (ngx_ssl_create_connection(qc->ssl, c, NGX_SSL_BUFFER) != NGX_OK) {
+    if (ngx_ssl_create_connection(qc->conf->ssl, c, NGX_SSL_BUFFER) != NGX_OK) {
         return NGX_ERROR;
     }
 
@@ -1345,7 +1342,7 @@ ngx_quic_input_handler(ngx_event_t *rev)
     b.last += n;
     qc->received += n;
 
-    rc = ngx_quic_input(c, &b, NULL, NULL);
+    rc = ngx_quic_input(c, &b, NULL);
 
     if (rc == NGX_ERROR) {
         ngx_quic_close_connection(c, NGX_ERROR);
@@ -1609,8 +1606,7 @@ ngx_quic_close_streams(ngx_connection_t *c, ngx_quic_connection_t *qc)
 
 
 static ngx_int_t
-ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_ssl_t *ssl,
-    ngx_quic_conf_t *conf)
+ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_quic_conf_t *conf)
 {
     u_char             *p;
     ngx_int_t           rc;
@@ -1632,7 +1628,7 @@ ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_ssl_t *ssl,
         pkt.flags = p[0];
         pkt.raw->pos++;
 
-        rc = ngx_quic_process_packet(c, ssl, conf, &pkt);
+        rc = ngx_quic_process_packet(c, conf, &pkt);
 
         if (rc == NGX_ERROR) {
             return NGX_ERROR;
@@ -1677,8 +1673,8 @@ ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_ssl_t *ssl,
 
 
 static ngx_int_t
-ngx_quic_process_packet(ngx_connection_t *c, ngx_ssl_t *ssl,
-    ngx_quic_conf_t *conf, ngx_quic_header_t *pkt)
+ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf,
+    ngx_quic_header_t *pkt)
 {
     ngx_int_t               rc;
     ngx_ssl_conn_t         *ssl_conn;
@@ -1771,7 +1767,7 @@ ngx_quic_process_packet(ngx_connection_t *c, ngx_ssl_t *ssl,
                 return NGX_ERROR;
             }
 
-            qc = ngx_quic_new_connection(c, ssl, conf, pkt);
+            qc = ngx_quic_new_connection(c, conf, pkt);
             if (qc == NULL) {
                 return NGX_ERROR;
             }
diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h
index 1249a8b9e..2dac905e7 100644
--- a/src/event/ngx_event_quic.h
+++ b/src/event/ngx_event_quic.h
@@ -86,6 +86,7 @@ typedef struct {
 
 
 typedef struct {
+    ngx_ssl_t                 *ssl;
     ngx_quic_tp_t              tp;
     ngx_flag_t                 retry;
     ngx_flag_t                 require_alpn;
@@ -114,7 +115,7 @@ struct ngx_quic_stream_s {
 };
 
 
-void ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_conf_t *conf);
+void ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf);
 ngx_connection_t *ngx_quic_open_stream(ngx_connection_t *c, ngx_uint_t bidi);
 void ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err,
     const char *reason);
diff --git a/src/http/modules/ngx_http_quic_module.c b/src/http/modules/ngx_http_quic_module.c
index ec70c7286..34898984a 100644
--- a/src/http/modules/ngx_http_quic_module.c
+++ b/src/http/modules/ngx_http_quic_module.c
@@ -262,6 +262,8 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_quic_conf_t *prev = parent;
     ngx_quic_conf_t *conf = child;
 
+    ngx_http_ssl_srv_conf_t  *sscf;
+
     ngx_conf_merge_msec_value(conf->tp.max_idle_timeout,
                               prev->tp.max_idle_timeout, 60000);
 
@@ -315,6 +317,9 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 
     ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, "");
 
+    sscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_ssl_module);
+    conf->ssl = &sscf->ssl;
+
     return NGX_CONF_OK;
 }
 
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 2a8a22564..b3e27c62e 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -307,7 +307,6 @@ ngx_http_init_connection(ngx_connection_t *c)
     if (hc->addr_conf->quic) {
         ngx_quic_conf_t           *qcf;
         ngx_http_connection_t     *phc;
-        ngx_http_ssl_srv_conf_t   *sscf;
         ngx_http_core_loc_conf_t  *clcf;
 
         hc->ssl = 1;
@@ -336,10 +335,7 @@ ngx_http_init_connection(ngx_connection_t *c)
 
             qcf = ngx_http_get_module_srv_conf(hc->conf_ctx,
                                                ngx_http_quic_module);
-            sscf = ngx_http_get_module_srv_conf(hc->conf_ctx,
-                                                ngx_http_ssl_module);
-
-            ngx_quic_run(c, &sscf->ssl, qcf);
+            ngx_quic_run(c, qcf);
             return;
         }
 
diff --git a/src/stream/ngx_stream_handler.c b/src/stream/ngx_stream_handler.c
index 2b0848a67..33f7bc191 100644
--- a/src/stream/ngx_stream_handler.c
+++ b/src/stream/ngx_stream_handler.c
@@ -118,18 +118,14 @@ ngx_stream_init_connection(ngx_connection_t *c)
 #if (NGX_STREAM_QUIC)
 
     if (addr_conf->quic) {
-        ngx_quic_conf_t        *qcf;
-        ngx_stream_ssl_conf_t  *scf;
+        ngx_quic_conf_t  *qcf;
 
         if (c->qs == NULL) {
             c->log->connection = c->number;
 
             qcf = ngx_stream_get_module_srv_conf(addr_conf->ctx,
                                                  ngx_stream_quic_module);
-            scf = ngx_stream_get_module_srv_conf(addr_conf->ctx,
-                                                 ngx_stream_ssl_module);
-
-            ngx_quic_run(c, &scf->ssl, qcf);
+            ngx_quic_run(c, qcf);
             return;
         }
     }
diff --git a/src/stream/ngx_stream_quic_module.c b/src/stream/ngx_stream_quic_module.c
index 362855f1a..ba601a030 100644
--- a/src/stream/ngx_stream_quic_module.c
+++ b/src/stream/ngx_stream_quic_module.c
@@ -28,7 +28,7 @@ static ngx_conf_post_t  ngx_stream_quic_max_udp_payload_size_post =
     { ngx_stream_quic_max_udp_payload_size };
 static ngx_conf_num_bounds_t  ngx_stream_quic_ack_delay_exponent_bounds =
     { ngx_conf_check_num_bounds, 0, 20 };
-static ngx_conf_num_bounds_t 
+static ngx_conf_num_bounds_t
                             ngx_stream_quic_active_connection_id_limit_bounds =
     { ngx_conf_check_num_bounds, 2, -1 };
 
@@ -251,6 +251,8 @@ ngx_stream_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
     ngx_quic_conf_t *prev = parent;
     ngx_quic_conf_t *conf = child;
 
+    ngx_stream_ssl_conf_t  *scf;
+
     ngx_conf_merge_msec_value(conf->tp.max_idle_timeout,
                               prev->tp.max_idle_timeout, 60000);
 
@@ -302,6 +304,9 @@ ngx_stream_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
         }
     }
 
+    scf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_ssl_module);
+    conf->ssl = &scf->ssl;
+
     return NGX_CONF_OK;
 }