git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 0d6ea58) | patch

author	Sergey Kandaurov <pluknet@nginx.com>
	Fri, 1 Sep 2023 16:31:46 +0000 (20:31 +0400)
committer	Sergey Kandaurov <pluknet@nginx.com>
	Fri, 1 Sep 2023 16:31:46 +0000 (20:31 +0400)
commit	b489ba83e9be446923facfe1a2fe392be3095d1f
tree	4da7c71acb7027a2b59a086bf58e39917d0698f1	tree \| snapshot
parent	0d6ea58ebb9b589a1438930b6a64bd8ce1b52e62	commit \| diff

QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level.

As explained in BoringSSL change[1], levels were introduced in the original
QUIC API to draw a line between when keys are released and when are active.
In the new QUIC API they are released in separate calls when it's needed.
BoringSSL has then a consideration to remove levels API, hence the change.

If not available e.g. from a QUIC packet header, levels can be taken based on
keys availability. The only real use of levels is to prevent using app keys
before they are active in QuicTLS that provides the old BoringSSL QUIC API,
it is replaced with an equivalent check of c->ssl->handshaked.

This change also removes OpenSSL compat shims since they are no longer used.
The only exception left is caching write level from the keylog callback in
the internal field which is a handy equivalent of checking keys availability.

[1] https://boringssl.googlesource.com/boringssl/+/1e859054

src/event/quic/ngx_event_quic.c		diff \| blob \| history
src/event/quic/ngx_event_quic_openssl_compat.c		diff \| blob \| history
src/event/quic/ngx_event_quic_openssl_compat.h		diff \| blob \| history
src/event/quic/ngx_event_quic_ssl.c		diff \| blob \| history

nginx upstream