Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_quic_module.c @ 8204:831d1960826f quic
QUIC: generate default stateless reset token key.
Previously, if quic_stateless_reset_token_key was empty or unspecified,
initial stateless reset token was not generated. However subsequent tokens
were generated with empty key, which resulted in error with certain SSL
libraries, for example OpenSSL.
Now a random 32-byte stateless reset token key is generated if none is
specified in the configuration. As a result, stateless reset tokens are now
generated for all server ids.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 11 Nov 2020 21:08:48 +0000 |
parents | 279ad36f2f4b |
children | e1eb7f4ca9f1 |
comparison
equal
deleted
inserted
replaced
8203:d8b01c2b8931 | 8204:831d1960826f |
---|---|
315 } | 315 } |
316 } | 316 } |
317 | 317 |
318 ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); | 318 ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); |
319 | 319 |
320 if (conf->sr_token_key.len == 0) { | |
321 conf->sr_token_key.len = NGX_QUIC_DEFAULT_SRT_KEY_LEN; | |
322 | |
323 conf->sr_token_key.data = ngx_pnalloc(cf->pool, conf->sr_token_key.len); | |
324 if (conf->sr_token_key.data == NULL) { | |
325 return NGX_CONF_ERROR; | |
326 } | |
327 | |
328 if (RAND_bytes(conf->sr_token_key.data, conf->sr_token_key.len) <= 0) { | |
329 return NGX_CONF_ERROR; | |
330 } | |
331 } | |
332 | |
320 sscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_ssl_module); | 333 sscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_ssl_module); |
321 conf->ssl = &sscf->ssl; | 334 conf->ssl = &sscf->ssl; |
322 | 335 |
323 return NGX_CONF_OK; | 336 return NGX_CONF_OK; |
324 } | 337 } |