Moved setting QUIC methods to runtime.

author Roman Arutyunyan <arut@nginx.com>

Wed, 18 Mar 2020 13:37:16 +0000 (16:37 +0300)

committer Roman Arutyunyan <arut@nginx.com>

Wed, 18 Mar 2020 13:37:16 +0000 (16:37 +0300)
author Roman Arutyunyan <arut@nginx.com>
Wed, 18 Mar 2020 13:37:16 +0000 (16:37 +0300)
committer Roman Arutyunyan <arut@nginx.com>
Wed, 18 Mar 2020 13:37:16 +0000 (16:37 +0300)
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c

index eac1981a2ec5622cb948886a9f26870043e136c5..91b415caa8e2f368e336c414a64b191a35d0cac1 100644 (file)
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1459,28 +1459,6 @@ ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
  }
  
  
-ngx_int_t
-ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
-{
-    if (!enable) {
-        return NGX_OK;
-    }
-
-#if NGX_OPENSSL_QUIC
-
-    ngx_quic_init_ssl_methods(ssl->ctx);
-    return NGX_OK;
-
-#else
-
-    ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
-                  "\"ssl_quic\" is not supported on this platform");
-    return NGX_ERROR;
-
-#endif
-}
-
-
  ngx_int_t
  ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
  {
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h

index 620a216efe5c373b40cf56b2b22ea232e8fbd926..bd90e47fe7f2b1604df6fd6b2063836e83c03884 100644 (file)
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -196,7 +196,6 @@ ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
  ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
  ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl,
      ngx_uint_t enable);
-ngx_int_t ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable);
  ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl,
      ngx_uint_t enable);
  ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c

index 7f732ba8b8ef7368f296d89bf02e57f375dd93ef..b77ae0f0c642929940a0a0500d0e93014f797b69 100644 (file)
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -126,13 +126,6 @@ static SSL_QUIC_METHOD quic_method = {
  };
  
  
-void
-ngx_quic_init_ssl_methods(SSL_CTX* ctx)
-{
-    SSL_CTX_set_quic_method(ctx, &quic_method);
-}
-
-
  #if BORINGSSL_API_VERSION >= 10
  
  static int
@@ -410,6 +403,12 @@ ngx_quic_init_connection(ngx_connection_t *c)
  
      ssl_conn = c->ssl->connection;
  
+    if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "SSL_set_quic_method() failed");
+        return NGX_ERROR;
+    }
+
      if (SSL_set_quic_transport_params(ssl_conn, params, sizeof(params) - 1) == 0) {
          ngx_log_error(NGX_LOG_INFO, c->log, 0,
                        "SSL_set_quic_transport_params() failed");
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c

index 8640c221163f8a9584e33cf45e5153c89aaab145..4b480a00671865f626d78be99828c45be64e84d3 100644 (file)
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -249,13 +249,6 @@ static ngx_command_t  ngx_http_ssl_commands[] = {
        offsetof(ngx_http_ssl_srv_conf_t, early_data),
        NULL },
  
-    { ngx_string("ssl_quic"),
-      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
-      ngx_conf_set_flag_slot,
-      NGX_HTTP_SRV_CONF_OFFSET,
-      offsetof(ngx_http_ssl_srv_conf_t, quic),
-      NULL },
-
        ngx_null_command
  };
  
@@ -575,7 +568,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
      sscf->enable = NGX_CONF_UNSET;
      sscf->prefer_server_ciphers = NGX_CONF_UNSET;
      sscf->early_data = NGX_CONF_UNSET;
-    sscf->quic = NGX_CONF_UNSET;
      sscf->buffer_size = NGX_CONF_UNSET_SIZE;
      sscf->verify = NGX_CONF_UNSET_UINT;
      sscf->verify_depth = NGX_CONF_UNSET_UINT;
@@ -620,8 +612,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
  
      ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
  
-    ngx_conf_merge_value(conf->quic, prev->quic, 0);
-
      ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
                           (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
                            |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
@@ -867,10 +857,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
          return NGX_CONF_ERROR;
      }
  
-    if (ngx_ssl_quic(cf, &conf->ssl, conf->quic) != NGX_OK) {
-        return NGX_CONF_ERROR;
-    }
-
      return NGX_CONF_OK;
  }
  
diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h

index 310d7c737591216012bb1fd11957401fea1756ba..26fdccfe4c1da5d7b524e2adb2c2711bd4af2754 100644 (file)
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -21,7 +21,6 @@ typedef struct {
  
      ngx_flag_t                      prefer_server_ciphers;
      ngx_flag_t                      early_data;
-    ngx_flag_t                      quic;
  
      ngx_uint_t                      protocols;
author	Roman Arutyunyan <arut@nginx.com>
	Wed, 18 Mar 2020 13:37:16 +0000 (16:37 +0300)
committer	Roman Arutyunyan <arut@nginx.com>
	Wed, 18 Mar 2020 13:37:16 +0000 (16:37 +0300)
src/event/ngx_event_openssl.c		patch \| blob \| history
src/event/ngx_event_openssl.h		patch \| blob \| history
src/event/ngx_event_quic.c		patch \| blob \| history
src/http/modules/ngx_http_ssl_module.c		patch \| blob \| history
src/http/modules/ngx_http_ssl_module.h		patch \| blob \| history