Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 9119:08ef02ad5c54
HTTP/2: "http2" directive.
The directive enables HTTP/2 in the current server. The previous way to
enable HTTP/2 via "listen ... http2" is now deprecated. The new approach
allows to share HTTP/2 and HTTP/0.9-1.1 on the same port.
For SSL connections, HTTP/2 is now selected by ALPN callback based on whether
the protocol is enabled in the virtual server chosen by SNI. This however only
works since OpenSSL 1.0.2h, where ALPN callback is invoked after SNI callback.
For older versions of OpenSSL, HTTP/2 is enabled based on the default virtual
server configuration.
For plain TCP connections, HTTP/2 is now auto-detected by HTTP/2 preface, if
HTTP/2 is enabled in the default virtual server. If preface is not matched,
HTTP/0.9-1.1 is assumed.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Tue, 16 May 2023 16:30:08 +0400 |
| parents | 69bae2437d74 |
| children | 0aaa09927703 |
comparison
equal
deleted
inserted
replaced
| 9118:b4a57278bf24 | 9119:08ef02ad5c54 |
|---|---|
| 433 unsigned int i; | 433 unsigned int i; |
| 434 #endif | 434 #endif |
| 435 #if (NGX_HTTP_V2 || NGX_HTTP_V3) | 435 #if (NGX_HTTP_V2 || NGX_HTTP_V3) |
| 436 ngx_http_connection_t *hc; | 436 ngx_http_connection_t *hc; |
| 437 #endif | 437 #endif |
| 438 #if (NGX_HTTP_V2) | |
| 439 ngx_http_v2_srv_conf_t *h2scf; | |
| 440 #endif | |
| 438 #if (NGX_HTTP_V3) | 441 #if (NGX_HTTP_V3) |
| 439 ngx_http_v3_srv_conf_t *h3scf; | 442 ngx_http_v3_srv_conf_t *h3scf; |
| 440 #endif | 443 #endif |
| 441 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) | 444 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) |
| 442 ngx_connection_t *c; | 445 ngx_connection_t *c; |
| 454 | 457 |
| 455 #if (NGX_HTTP_V2 || NGX_HTTP_V3) | 458 #if (NGX_HTTP_V2 || NGX_HTTP_V3) |
| 456 hc = c->data; | 459 hc = c->data; |
| 457 #endif | 460 #endif |
| 458 | 461 |
| 459 #if (NGX_HTTP_V2) | |
| 460 if (hc->addr_conf->http2) { | |
| 461 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; | |
| 462 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; | |
| 463 } else | |
| 464 #endif | |
| 465 #if (NGX_HTTP_V3) | 462 #if (NGX_HTTP_V3) |
| 466 if (hc->addr_conf->quic) { | 463 if (hc->addr_conf->quic) { |
| 467 | 464 |
| 468 h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); | 465 h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); |
| 469 | 466 |
| 486 } | 483 } |
| 487 | 484 |
| 488 } else | 485 } else |
| 489 #endif | 486 #endif |
| 490 { | 487 { |
| 491 srv = (unsigned char *) NGX_HTTP_ALPN_PROTOS; | 488 #if (NGX_HTTP_V2) |
| 492 srvlen = sizeof(NGX_HTTP_ALPN_PROTOS) - 1; | 489 h2scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v2_module); |
| 490 | |
| 491 if (h2scf->enable || hc->addr_conf->http2) { | |
| 492 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; | |
| 493 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; | |
| 494 | |
| 495 } else | |
| 496 #endif | |
| 497 { | |
| 498 srv = (unsigned char *) NGX_HTTP_ALPN_PROTOS; | |
| 499 srvlen = sizeof(NGX_HTTP_ALPN_PROTOS) - 1; | |
| 500 } | |
| 493 } | 501 } |
| 494 | 502 |
| 495 if (SSL_select_next_proto((unsigned char **) out, outlen, srv, srvlen, | 503 if (SSL_select_next_proto((unsigned char **) out, outlen, srv, srvlen, |
| 496 in, inlen) | 504 in, inlen) |
| 497 != OPENSSL_NPN_NEGOTIATED) | 505 != OPENSSL_NPN_NEGOTIATED) |