diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2022-10-20 16:21:07 +0400 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2022-10-20 16:21:07 +0400 |
| commit | 34500dcac348ed6438c5feb995a9eece98ec27bb (patch) | |
| tree | d544710f795b1ba0067ffd5c7ccb5e54552f3253 /src | |
| parent | ce65faea95598bac9c95686d1d211d9fcd0b1ee3 (diff) | |
| download | nginx-34500dcac348ed6438c5feb995a9eece98ec27bb.tar.gz nginx-34500dcac348ed6438c5feb995a9eece98ec27bb.zip | |
QUIC: removed compatibility with older BoringSSL API.
SSL_CIPHER_get_protocol_id() appeared in BoringSSL somewhere between
BORINGSSL_API_VERSION 12 and 13 for compatibility with OpenSSL 1.1.1.
It was adopted without a proper macro test, which remained unnoticed.
This justifies that such old BoringSSL API isn't widely used and its
support can be dropped.
While here, removed SSL_set_quic_use_legacy_codepoint() that became
useless after the default was flipped in BoringSSL over a year ago.
Diffstat (limited to 'src')
| -rw-r--r-- | src/event/quic/ngx_event_quic_ssl.c | 12 |
1 files changed, 4 insertions, 8 deletions
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c index 1eef2972d..2d9de48a5 100644 --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -18,7 +18,7 @@ #define NGX_QUIC_MAX_BUFFERED 65535 -#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER +#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); @@ -40,7 +40,7 @@ static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); static SSL_QUIC_METHOD quic_method = { -#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER +#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER .set_read_secret = ngx_quic_set_read_secret, .set_write_secret = ngx_quic_set_write_secret, #else @@ -52,7 +52,7 @@ static SSL_QUIC_METHOD quic_method = { }; -#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER +#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, @@ -563,10 +563,6 @@ ngx_quic_init_connection(ngx_connection_t *c) } #endif -#if (BORINGSSL_API_VERSION >= 13 && BORINGSSL_API_VERSION < 15) - SSL_set_quic_use_legacy_codepoint(ssl_conn, 0); -#endif - qsock = ngx_quic_get_socket(c); dcid.data = qsock->sid.id; @@ -602,7 +598,7 @@ ngx_quic_init_connection(ngx_connection_t *c) return NGX_ERROR; } -#if BORINGSSL_API_VERSION >= 11 +#ifdef OPENSSL_IS_BORINGSSL if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic SSL_set_quic_early_data_context() failed"); |