Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 8481:0d2b2664b41c quic
QUIC: added "quic" listen parameter.
The parameter allows processing HTTP/0.9-2 over QUIC.
Also, introduced ngx_http_quic_module and moved QUIC settings there
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Tue, 21 Jul 2020 23:09:22 +0300 |
parents | 7995cd199b52 |
children | 7621ffaa79b3 |
comparison
equal
deleted
inserted
replaced
8480:f537f99b86ee | 8481:0d2b2664b41c |
---|---|
400 unsigned int srvlen; | 400 unsigned int srvlen; |
401 unsigned char *srv; | 401 unsigned char *srv; |
402 #if (NGX_DEBUG) | 402 #if (NGX_DEBUG) |
403 unsigned int i; | 403 unsigned int i; |
404 #endif | 404 #endif |
405 #if (NGX_HTTP_V2 || NGX_HTTP_V3) | 405 #if (NGX_HTTP_V2 || NGX_HTTP_QUIC) |
406 ngx_http_connection_t *hc; | 406 ngx_http_connection_t *hc; |
407 #endif | 407 #endif |
408 #if (NGX_HTTP_V2 || NGX_DEBUG) | 408 #if (NGX_HTTP_V2 || NGX_DEBUG) |
409 ngx_connection_t *c; | 409 ngx_connection_t *c; |
410 | 410 |
417 "SSL ALPN supported by client: %*s", | 417 "SSL ALPN supported by client: %*s", |
418 (size_t) in[i], &in[i + 1]); | 418 (size_t) in[i], &in[i + 1]); |
419 } | 419 } |
420 #endif | 420 #endif |
421 | 421 |
422 #if (NGX_HTTP_V2 || NGX_HTTP_V3) | 422 #if (NGX_HTTP_V2 || NGX_HTTP_QUIC) |
423 hc = c->data; | 423 hc = c->data; |
424 #endif | 424 #endif |
425 | 425 |
426 #if (NGX_HTTP_V2) | 426 #if (NGX_HTTP_V2) |
427 if (hc->addr_conf->http2) { | 427 if (hc->addr_conf->http2) { |
433 #endif | 433 #endif |
434 #if (NGX_HTTP_V3) | 434 #if (NGX_HTTP_V3) |
435 if (hc->addr_conf->http3) { | 435 if (hc->addr_conf->http3) { |
436 srv = (unsigned char *) NGX_HTTP_V3_ALPN_ADVERTISE; | 436 srv = (unsigned char *) NGX_HTTP_V3_ALPN_ADVERTISE; |
437 srvlen = sizeof(NGX_HTTP_V3_ALPN_ADVERTISE) - 1; | 437 srvlen = sizeof(NGX_HTTP_V3_ALPN_ADVERTISE) - 1; |
438 } else | |
439 #endif | |
440 #if (NGX_HTTP_QUIC) | |
441 if (hc->addr_conf->quic) { | |
442 srv = (unsigned char *) NGX_HTTP_QUIC_ALPN_ADVERTISE; | |
443 srvlen = sizeof(NGX_HTTP_QUIC_ALPN_ADVERTISE) - 1; | |
438 } else | 444 } else |
439 #endif | 445 #endif |
440 { | 446 { |
441 srv = (unsigned char *) NGX_HTTP_NPN_ADVERTISE; | 447 srv = (unsigned char *) NGX_HTTP_NPN_ADVERTISE; |
442 srvlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1; | 448 srvlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1; |
1245 | 1251 |
1246 static ngx_int_t | 1252 static ngx_int_t |
1247 ngx_http_ssl_init(ngx_conf_t *cf) | 1253 ngx_http_ssl_init(ngx_conf_t *cf) |
1248 { | 1254 { |
1249 ngx_uint_t a, p, s; | 1255 ngx_uint_t a, p, s; |
1256 const char *name; | |
1250 ngx_http_conf_addr_t *addr; | 1257 ngx_http_conf_addr_t *addr; |
1251 ngx_http_conf_port_t *port; | 1258 ngx_http_conf_port_t *port; |
1252 ngx_http_ssl_srv_conf_t *sscf; | 1259 ngx_http_ssl_srv_conf_t *sscf; |
1253 ngx_http_core_loc_conf_t *clcf; | 1260 ngx_http_core_loc_conf_t *clcf; |
1254 ngx_http_core_srv_conf_t **cscfp, *cscf; | 1261 ngx_http_core_srv_conf_t **cscfp, *cscf; |
1294 for (p = 0; p < cmcf->ports->nelts; p++) { | 1301 for (p = 0; p < cmcf->ports->nelts; p++) { |
1295 | 1302 |
1296 addr = port[p].addrs.elts; | 1303 addr = port[p].addrs.elts; |
1297 for (a = 0; a < port[p].addrs.nelts; a++) { | 1304 for (a = 0; a < port[p].addrs.nelts; a++) { |
1298 | 1305 |
1299 if (!addr[a].opt.ssl && !addr[a].opt.http3) { | 1306 if (!addr[a].opt.ssl && !addr[a].opt.quic) { |
1300 continue; | 1307 continue; |
1308 } | |
1309 | |
1310 if (addr[a].opt.http3) { | |
1311 name = "http3"; | |
1312 | |
1313 } else if (addr[a].opt.quic) { | |
1314 name = "quic"; | |
1315 | |
1316 } else { | |
1317 name = "ssl"; | |
1301 } | 1318 } |
1302 | 1319 |
1303 cscf = addr[a].default_server; | 1320 cscf = addr[a].default_server; |
1304 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; | 1321 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; |
1305 | 1322 |
1306 if (sscf->certificates == NULL) { | 1323 if (sscf->certificates == NULL) { |
1307 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 1324 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
1308 "no \"ssl_certificate\" is defined for " | 1325 "no \"ssl_certificate\" is defined for " |
1309 "the \"listen ... ssl\" directive in %s:%ui", | 1326 "the \"listen ... %s\" directive in %s:%ui", |
1310 cscf->file_name, cscf->line); | 1327 name, cscf->file_name, cscf->line); |
1311 return NGX_ERROR; | 1328 return NGX_ERROR; |
1312 } | 1329 } |
1313 | 1330 |
1314 if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) { | 1331 if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) { |
1315 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 1332 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
1316 "\"ssl_protocols\" did not enable TLSv1.3 for " | 1333 "\"ssl_protocols\" did not enable TLSv1.3 for " |
1317 "the \"listen ... http3\" directive in %s:%ui", | 1334 "the \"listen ... %s\" directives in %s:%ui", |
1318 cscf->file_name, cscf->line); | 1335 name, cscf->file_name, cscf->line); |
1319 return NGX_ERROR; | 1336 return NGX_ERROR; |
1320 } | 1337 } |
1321 } | 1338 } |
1322 } | 1339 } |
1323 | 1340 |