aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/event/ngx_event_openssl.c46
-rw-r--r--src/event/ngx_event_openssl.h3
-rw-r--r--src/event/ngx_event_quic.c352
-rw-r--r--src/event/ngx_event_quic.h3
-rw-r--r--src/event/ngx_event_quic_transport.c22
-rw-r--r--src/event/ngx_event_quic_transport.h13
-rw-r--r--src/http/modules/ngx_http_ssl_module.c21
-rw-r--r--src/http/modules/ngx_http_ssl_module.h2
8 files changed, 28 insertions, 434 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index f9a986128..ca94a68ff 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -255,50 +255,6 @@ ngx_ssl_init(ngx_log_t *log)
}
-void
-ngx_ssl_keylogger(const ngx_ssl_conn_t *ssl_conn, const char *line)
-{
- u_char *p;
- size_t len;
- ssize_t n;
- ngx_connection_t *c;
- ngx_ssl_connection_t *sc;
-
- if (line == NULL) {
- return;
- }
-
- len = ngx_strlen(line);
-
- if (len == 0) {
- return;
- }
-
- c = ngx_ssl_get_connection(ssl_conn);
- sc = c->ssl;
-
- p = ngx_alloc(len + 1, c->log);
- if (p == NULL) {
- return;
- }
-
- ngx_memcpy(p, line, len);
- p[len] = '\n';
-
- n = ngx_write_fd(sc->keylog->fd, p, len + 1);
- if (n == -1) {
- ngx_log_error(NGX_LOG_ALERT, c->log, ngx_errno,
- ngx_write_fd_n " to \"%s\" failed",
- sc->keylog->name.data);
-
- } else if ((size_t) n != len + 1) {
- ngx_log_error(NGX_LOG_ALERT, c->log, 0,
- ngx_write_fd_n " to \"%s\" was incomplete: %z of %uz",
- sc->keylog->name.data, n, len + 1);
- }
-}
-
-
ngx_int_t
ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
{
@@ -1560,8 +1516,6 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
return NGX_ERROR;
}
- sc->keylog = ssl->keylog;
-
sc->buffer = ((flags & NGX_SSL_BUFFER) != 0);
sc->buffer_size = ssl->buffer_size;
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 1e9648978..8ed778748 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -78,7 +78,6 @@ struct ngx_ssl_s {
SSL_CTX *ctx;
ngx_log_t *log;
size_t buffer_size;
- ngx_open_file_t *keylog;
};
@@ -101,7 +100,6 @@ struct ngx_ssl_connection_s {
ngx_ssl_ocsp_t *ocsp;
u_char early_buf;
- ngx_open_file_t *keylog;
unsigned handshaked:1;
unsigned renegotiation:1;
@@ -298,7 +296,6 @@ ngx_int_t ngx_ssl_shutdown(ngx_connection_t *c);
void ngx_cdecl ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err,
char *fmt, ...);
void ngx_ssl_cleanup_ctx(void *data);
-void ngx_ssl_keylogger(const ngx_ssl_conn_t *ssl, const char *line);
extern int ngx_ssl_connection_index;
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index 685441188..2e6d4b570 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -93,21 +93,12 @@ typedef struct {
ngx_quic_secret_t client_secret;
ngx_quic_secret_t server_secret;
- enum ssl_encryption_level_t level;
-
uint64_t pnum; /* to be sent */
uint64_t largest_ack; /* received from peer */
uint64_t largest_pn; /* received from peer */
ngx_queue_t frames;
ngx_queue_t sent;
-
- uint64_t largest_range;
- uint64_t first_range;
- ngx_uint_t nranges;
- ngx_quic_ack_range_t ranges[NGX_QUIC_MAX_RANGES];
- struct timeval ack_received;
- ngx_uint_t send_ack; /* unsigned send_ack:1 */
} ngx_quic_send_ctx_t;
@@ -239,14 +230,7 @@ static ngx_int_t ngx_quic_check_peer(ngx_quic_connection_t *qc,
ngx_quic_header_t *pkt);
static ngx_int_t ngx_quic_payload_handler(ngx_connection_t *c,
ngx_quic_header_t *pkt);
-static ngx_int_t ngx_quic_ack_packet(ngx_connection_t *c,
- ngx_quic_header_t *pkt);
-static ngx_int_t ngx_quic_send_ack_range(ngx_connection_t *c,
- ngx_quic_send_ctx_t *ctx, uint64_t smallest, uint64_t largest);
-static void ngx_quic_drop_ack_ranges(ngx_connection_t *c,
- ngx_quic_send_ctx_t *ctx, uint64_t pn);
-static ngx_int_t ngx_quic_send_ack(ngx_connection_t *c,
- ngx_quic_send_ctx_t *ctx);
+static ngx_int_t ngx_quic_send_ack(ngx_connection_t *c, ngx_quic_header_t *pkt);
static ngx_int_t ngx_quic_ack_delay(ngx_connection_t *c,
struct timeval *received, enum ssl_encryption_level_t level);
static ngx_int_t ngx_quic_send_cc(ngx_connection_t *c);
@@ -701,13 +685,8 @@ ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf,
ngx_queue_init(&qc->send_ctx[i].sent);
qc->send_ctx[i].largest_pn = (uint64_t) -1;
qc->send_ctx[i].largest_ack = (uint64_t) -1;
- qc->send_ctx[i].largest_range = (uint64_t) -1;
}
- qc->send_ctx[0].level = ssl_encryption_initial;
- qc->send_ctx[1].level = ssl_encryption_handshake;
- qc->send_ctx[2].level = ssl_encryption_application;
-
for (i = 0; i < NGX_QUIC_ENCRYPTION_LAST; i++) {
ngx_queue_init(&qc->crypto[i].frames);
}
@@ -1995,8 +1974,6 @@ ngx_quic_discard_ctx(ngx_connection_t *c, enum ssl_encryption_level_t level)
ngx_quic_congestion_ack(c, f);
ngx_quic_free_frame(c, f);
}
-
- ctx->send_ack = 0;
}
@@ -2132,7 +2109,7 @@ ngx_quic_payload_handler(ngx_connection_t *c, ngx_quic_header_t *pkt)
/* got there with ack-eliciting packet */
if (!ack_sent) {
- if (ngx_quic_ack_packet(c, pkt) != NGX_OK) {
+ if (ngx_quic_send_ack(c, pkt) != NGX_OK) {
return NGX_ERROR;
}
@@ -2297,298 +2274,31 @@ ngx_quic_payload_handler(ngx_connection_t *c, ngx_quic_header_t *pkt)
static ngx_int_t
-ngx_quic_ack_packet(ngx_connection_t *c, ngx_quic_header_t *pkt)
-{
- uint64_t base, largest, smallest, gs, ge, gap, range, pn;
- ngx_uint_t i, j, nr;
- ngx_quic_send_ctx_t *ctx;
- ngx_quic_ack_range_t *r;
-
- c->log->action = "preparing ack";
-
- ctx = ngx_quic_get_send_ctx(c->quic, pkt->level);
-
- ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0,
- "ngx_quic_ack_packet pn %uL largest %uL nranges %ui",
- pkt->pn, ctx->largest_range, ctx->nranges);
-
- if (!ctx->send_ack) {
- ngx_post_event(&c->quic->push, &ngx_posted_events);
- }
-
- ctx->send_ack = 1;
-
- base = ctx->largest_range;
- pn = pkt->pn;
-
- if (base == (uint64_t) -1) {
- ctx->largest_range = pn;
- ctx->ack_received = pkt->received;
- return NGX_OK;
- }
-
- if (base == pn) {
- return NGX_OK;
- }
-
- largest = base;
- smallest = largest - ctx->first_range;
-
- if (pn > base) {
- ctx->largest_range = pn;
- ctx->ack_received = pkt->received;
-
- if (pn - base == 1) {
- ctx->first_range++;
- return NGX_OK;
-
- } else {
- /* new gap in front of current largest */
- gap = pn - base - 2;
- range = ctx->first_range;
-
- ctx->first_range = 0;
- i = 0;
-
- goto insert;
- }
- }
-
- /* pn < base, perform lookup in existing ranges */
-
- if (pn >= smallest && pn <= largest) {
- return NGX_OK;
- }
-
-#if (NGX_SUPPRESS_WARN)
- r = NULL;
-#endif
-
- for (i = 0; i < ctx->nranges; i++) {
- r = &ctx->ranges[i];
-
- ge = smallest - 1;
- gs = ge - r->gap;
-
- if (pn >= gs && pn <= ge) {
-
- if (gs == ge) {
- /* gap size is exactly one packet, now filled */
-
- /* data moves to previous range, current is removed */
-
- if (i == 0) {
- ctx->first_range += r->range + 2;
-
- } else {
- ctx->ranges[i - 1].range += r->range + 2;
- }
-
- nr = ctx->nranges - i - 1;
- if (nr) {
- ngx_memmove(&ctx->ranges[i], &ctx->ranges[i + 1],
- sizeof(ngx_quic_ack_range_t) * nr);
- }
-
- ctx->nranges--;
-
- } else if (pn == gs) {
- /* current gap shrinks from tail (current range grows) */
- r->gap--;
- r->range++;
-
- } else if (pn == ge) {
- /* current gap shrinks from head (previous range grows) */
- r->gap--;
-
- if (i == 0) {
- ctx->first_range++;
-
- } else {
- ctx->ranges[i - 1].range++;
- }
-
- } else {
- /* current gap is split into two parts */
-
- r->gap = pn - gs - 1;
- gap = ge - pn - 1;
- range = 0;
-
- goto insert;
- }
-
- return NGX_OK;
- }
-
- largest = smallest - r->gap - 2;
- smallest = largest - r->range;
-
- if (pn >= smallest && pn <= largest) {
- /* this packet number is already known */
- return NGX_OK;
- }
-
- }
-
- if (pn == smallest - 1) {
- /* extend first or last range */
-
- if (i == 0) {
- ctx->first_range++;
-
- } else {
- r->range++;
- }
-
- return NGX_OK;
- }
-
- /* nothing found, add new range at the tail */
-
- if (ctx->nranges == NGX_QUIC_MAX_RANGES) {
- /* packet is too old to keep it */
- return ngx_quic_send_ack_range(c, ctx, pn, pn);
- }
-
- gap = smallest - 2 - pn;
- range = 0;
-
-insert:
-
- nr = ctx->nranges - i;
-
- if (ctx->nranges == NGX_QUIC_MAX_RANGES) {
- /* last range is dropped and reused for newer data */
-
- for (j = i; j < ctx->nranges; j++) {
- largest = smallest - ctx->ranges[j].gap - 2;
- smallest = largest - ctx->ranges[j].range;
- }
-
- if (ngx_quic_send_ack_range(c, ctx, smallest, largest) != NGX_OK) {
- return NGX_ERROR;
- }
-
- nr--;
-
- } else {
- ctx->nranges++;
- }
-
- ngx_memmove(&ctx->ranges[i + 1], &ctx->ranges[i],
- sizeof(ngx_quic_ack_range_t) * nr);
-
- ctx->ranges[i].gap = gap;
- ctx->ranges[i].range = range;
-
- return NGX_OK;
-}
-
-
-static ngx_int_t
-ngx_quic_send_ack_range(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
- uint64_t smallest, uint64_t largest)
+ngx_quic_send_ack(ngx_connection_t *c, ngx_quic_header_t *pkt)
{
ngx_quic_frame_t *frame;
- frame = ngx_quic_alloc_frame(c, 0);
- if (frame == NULL) {
- return NGX_ERROR;
- }
-
- frame->level = ctx->level;
- frame->type = NGX_QUIC_FT_ACK;
- frame->u.ack.largest = largest;
- frame->u.ack.delay = 0;
- frame->u.ack.range_count = 0;
- frame->u.ack.first_range = largest - smallest;
+ c->log->action = "generating acknowledgment";
- ngx_sprintf(frame->info, "ACK for PN=%uL..%uL 0 ranges level=%d",
- largest, smallest, frame->level);
-
- return NGX_OK;
-}
-
-
-static void
-ngx_quic_drop_ack_ranges(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
- uint64_t pn)
-{
- uint64_t base;
- ngx_uint_t i, smallest, largest;
- ngx_quic_ack_range_t *r;
-
- base = ctx->largest_range;
-
- if (base == (uint64_t) -1) {
- return;
- }
+ /* every ACK-eliciting packet is acknowledged, TODO ACK Ranges */
- largest = base;
- smallest = largest - ctx->first_range;
-
- if (pn >= largest) {
- ctx->largest_range = (uint64_t) - 1;
- ctx->first_range = 0;
- ctx->nranges = 0;
- return;
- }
-
- if (pn >= smallest) {
- ctx->first_range = largest - pn - 1;
- ctx->nranges = 0;
- return;
- }
-
- for (i = 0; i < ctx->nranges; i++) {
- r = &ctx->ranges[i];
- largest = smallest - r->gap - 2;
- smallest = largest - r->range;
- if (pn >= largest) {
- ctx->nranges = i;
- return;
- }
- if (pn >= smallest) {
- r->range = largest - pn - 1;
- ctx->nranges = i + 1;
- return;
- }
- }
-}
-
-
-static ngx_int_t
-ngx_quic_send_ack(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
-{
- size_t ranges_len;
- ngx_quic_frame_t *frame;
-
- ranges_len = sizeof(ngx_quic_ack_range_t) * ctx->nranges;
-
- frame = ngx_quic_alloc_frame(c, ranges_len);
+ frame = ngx_quic_alloc_frame(c, 0);
if (frame == NULL) {
return NGX_ERROR;
}
- ngx_memcpy(frame->data, ctx->ranges, ranges_len);
+ frame->level = (pkt->level == ssl_encryption_early_data)
+ ? ssl_encryption_application
+ : pkt->level;
- frame->level = ctx->level;
frame->type = NGX_QUIC_FT_ACK;
- frame->u.ack.largest = ctx->largest_range;
- frame->u.ack.delay = ngx_quic_ack_delay(c, &ctx->ack_received, ctx->level);
- frame->u.ack.range_count = ctx->nranges;
- frame->u.ack.first_range = ctx->first_range;
- frame->u.ack.ranges_start = frame->data;
- frame->u.ack.ranges_end = frame->data + ranges_len;
-
- ngx_sprintf(frame->info, "ACK for PN=%uL %ui ranges level=%d",
- ctx->largest_range, ctx->nranges, frame->level);
+ frame->u.ack.largest = pkt->pn;
+ frame->u.ack.delay = ngx_quic_ack_delay(c, &pkt->received, frame->level);
+ ngx_sprintf(frame->info, "ACK for PN=%uL from frame handler level=%d",
+ pkt->pn, frame->level);
ngx_quic_queue_frame(c->quic, frame);
- ctx->send_ack = 0;
-
return NGX_OK;
}
@@ -2828,22 +2538,7 @@ ngx_quic_handle_ack_frame_range(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx,
if (f->pnum >= min && f->pnum <= max) {
ngx_quic_congestion_ack(c, f);
- switch (f->type) {
- case NGX_QUIC_FT_ACK:
- ngx_quic_drop_ack_ranges(c, ctx, f->u.ack.largest);
- break;
-
- case NGX_QUIC_FT_STREAM0:
- case NGX_QUIC_FT_STREAM1:
- case NGX_QUIC_FT_STREAM2:
- case NGX_QUIC_FT_STREAM3:
- case NGX_QUIC_FT_STREAM4:
- case NGX_QUIC_FT_STREAM5:
- case NGX_QUIC_FT_STREAM6:
- case NGX_QUIC_FT_STREAM7:
- ngx_quic_handle_stream_ack(c, f);
- break;
- }
+ ngx_quic_handle_stream_ack(c, f);
if (f->pnum > found_num || !found) {
*send_time = f->last;
@@ -2965,6 +2660,10 @@ ngx_quic_handle_stream_ack(ngx_connection_t *c, ngx_quic_frame_t *f)
ngx_quic_stream_t *sn;
ngx_quic_connection_t *qc;
+ if (f->type < NGX_QUIC_FT_STREAM0 || f->type > NGX_QUIC_FT_STREAM7) {
+ return;
+ }
+
qc = c->quic;
sn = ngx_quic_find_stream(&qc->streams.tree, f->u.stream.stream_id);
@@ -4013,7 +3712,6 @@ static ngx_int_t
ngx_quic_output(ngx_connection_t *c)
{
ngx_uint_t i;
- ngx_quic_send_ctx_t *ctx;
ngx_quic_connection_t *qc;
c->log->action = "sending frames";
@@ -4021,16 +3719,7 @@ ngx_quic_output(ngx_connection_t *c)
qc = c->quic;
for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
-
- ctx = &qc->send_ctx[i];
-
- if (ctx->send_ack) {
- if (ngx_quic_send_ack(c, ctx) != NGX_OK) {
- return NGX_ERROR;
- }
- }
-
- if (ngx_quic_output_frames(c, ctx) != NGX_OK) {
+ if (ngx_quic_output_frames(c, &qc->send_ctx[i]) != NGX_OK) {
return NGX_ERROR;
}
}
@@ -4068,7 +3757,6 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
hlen = (f->level == ssl_encryption_application) ? NGX_QUIC_MAX_SHORT_HEADER
: NGX_QUIC_MAX_LONG_HEADER;
hlen += EVP_GCM_TLS_TAG_LEN;
- hlen -= NGX_QUIC_MAX_CID_LEN - qc->scid.len;
do {
len = 0;
@@ -4098,7 +3786,7 @@ ngx_quic_output_frames(ngx_connection_t *c, ngx_quic_send_ctx_t *ctx)
* send more than three times the data it receives;
*/
- if (((c->sent + hlen + len + f->len) / 3) > qc->received) {
+ if (((c->sent + len + f->len) / 3) > qc->received) {
ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
"quic hit amplification limit"
" received %uz sent %O",
diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h
index cb9fbb35c..7ff12f6d5 100644
--- a/src/event/ngx_event_quic.h
+++ b/src/event/ngx_event_quic.h
@@ -54,8 +54,7 @@
#define NGX_QUIC_STREAM_BUFSIZE 65536
-#define NGX_QUIC_MAX_CID_LEN 20
-#define NGX_QUIC_SERVER_CID_LEN NGX_QUIC_MAX_CID_LEN
+#define NGX_QUIC_SERVER_CID_LEN 20
#define NGX_QUIC_SR_TOKEN_LEN 16
diff --git a/src/event/ngx_event_quic_transport.c b/src/event/ngx_event_quic_transport.c
index f81be23c9..1bd470f26 100644
--- a/src/event/ngx_event_quic_transport.c
+++ b/src/event/ngx_event_quic_transport.c
@@ -1259,25 +1259,18 @@ ngx_quic_create_frame(u_char *p, ngx_quic_frame_t *f)
static size_t
ngx_quic_create_ack(u_char *p, ngx_quic_ack_frame_t *ack)
{
- size_t len;
- u_char *start;
- ngx_uint_t i;
- ngx_quic_ack_range_t *ranges;
+ size_t len;
+ u_char *start;
- ranges = (ngx_quic_ack_range_t *) ack->ranges_start;
+ /* minimal ACK packet */
if (p == NULL) {
len = ngx_quic_varint_len(NGX_QUIC_FT_ACK);
len += ngx_quic_varint_len(ack->largest);
len += ngx_quic_varint_len(ack->delay);
- len += ngx_quic_varint_len(ack->range_count);
+ len += ngx_quic_varint_len(0);
len += ngx_quic_varint_len(ack->first_range);
- for (i = 0; i < ack->range_count; i++) {
- len += ngx_quic_varint_len(ranges[i].gap);
- len += ngx_quic_varint_len(ranges[i].range);
- }
-
return len;
}
@@ -1286,14 +1279,9 @@ ngx_quic_create_ack(u_char *p, ngx_quic_ack_frame_t *ack)
ngx_quic_build_int(&p, NGX_QUIC_FT_ACK);
ngx_quic_build_int(&p, ack->largest);
ngx_quic_build_int(&p, ack->delay);
- ngx_quic_build_int(&p, ack->range_count);
+ ngx_quic_build_int(&p, 0);
ngx_quic_build_int(&p, ack->first_range);
- for (i = 0; i < ack->range_count; i++) {
- ngx_quic_build_int(&p, ranges[i].gap);
- ngx_quic_build_int(&p, ranges[i].range);
- }
-
return p - start;
}
diff --git a/src/event/ngx_event_quic_transport.h b/src/event/ngx_event_quic_transport.h
index 12aad5aae..54f903473 100644
--- a/src/event/ngx_event_quic_transport.h
+++ b/src/event/ngx_event_quic_transport.h
@@ -120,15 +120,6 @@
#define NGX_QUIC_CID_LEN_MIN 8
#define NGX_QUIC_CID_LEN_MAX 20
-#define NGX_QUIC_MAX_RANGES 10
-
-
-typedef struct {
- uint64_t gap;
- uint64_t range;
-} ngx_quic_ack_range_t;
-
-
typedef struct {
uint64_t largest;
uint64_t delay;
@@ -137,8 +128,8 @@ typedef struct {
uint64_t ect0;
uint64_t ect1;
uint64_t ce;
- u_char *ranges_start;
- u_char *ranges_end;
+ u_char *ranges_start;
+ u_char *ranges_end;
} ngx_quic_ack_frame_t;
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 99dbd8ec6..409514821 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -119,13 +119,6 @@ static ngx_command_t ngx_http_ssl_commands[] = {
0,
NULL },
- { ngx_string("ssl_keys_file"),
- NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
- ngx_conf_set_str_slot,
- NGX_HTTP_SRV_CONF_OFFSET,
- offsetof(ngx_http_ssl_srv_conf_t, keys_file),
- NULL },
-
{ ngx_string("ssl_dhparam"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
@@ -612,7 +605,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
* sscf->trusted_certificate = { 0, NULL };
* sscf->crl = { 0, NULL };
* sscf->ciphers = { 0, NULL };
- * sscf->keys_file = { 0, NULL };
* sscf->shm_zone = NULL;
* sscf->ocsp_responder = { 0, NULL };
* sscf->stapling_file = { 0, NULL };
@@ -684,8 +676,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
ngx_conf_merge_ptr_value(conf->passwords, prev->passwords, NULL);
- ngx_conf_merge_str_value(conf->keys_file, prev->keys_file, "");
-
ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
@@ -922,17 +912,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
return NGX_CONF_ERROR;
}
- if (conf->keys_file.len) {
-
- conf->ssl.keylog = ngx_conf_open_file(cf->cycle, &conf->keys_file);
-
- if (conf->ssl.keylog == NULL) {
- return NGX_CONF_ERROR;
- }
-
- SSL_CTX_set_keylog_callback(conf->ssl.ctx, ngx_ssl_keylogger);
- }
-
if (conf->stapling) {
if (ngx_ssl_stapling(cf, &conf->ssl, &conf->stapling_file,
diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
index aab185e05..98aa1be40 100644
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -36,8 +36,6 @@ typedef struct {
ngx_array_t *certificates;
ngx_array_t *certificate_keys;
- ngx_str_t keys_file;
-
ngx_array_t *certificate_values;
ngx_array_t *certificate_key_values;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 11:41:46 +0000