nginx: src/event/quic/ngx_event_quic

comparison src/event/quic/ngx_event_quic_ssl.c @ 8895:4b2d259bdadd quic

QUIC: connections with wrong ALPN protocols are now rejected. Previously, it was not enforced in the stream module. Now, since b9e02e9b2f1d it is possible to specify protocols. Since ALPN is always required, the 'require_alpn' setting is now obsolete.

author	Vladimir Homutov <vl@nginx.com>
date	Wed, 03 Nov 2021 13:36:21 +0300
parents	61b038fb59c6
children	ff473a6f656c

comparison

equal deleted inserted replaced

-:de7b9af30fc6
+:4b2d259bdadd
 ngx_quic_tp_t           ctp;
 ngx_quic_frame_t       *frame;
 ngx_connection_t       *c;
 ngx_quic_send_ctx_t    *ctx;
 ngx_quic_connection_t  *qc;
+#if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
+unsigned int            alpn_len;
+const unsigned char    *alpn_data;
+#endif
 c = ngx_ssl_get_connection((ngx_ssl_conn_t *) ssl_conn);
 qc = ngx_quic_get_connection(c);
 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
 * parameters; we want to break handshake if something is wrong
 * here;
 */
 #if defined(TLSEXT_TYPE_application_layer_protocol_negotiation)
-if (qc->conf->require_alpn) {
-unsigned int          len;
+SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);
-const unsigned char  *data;
+if (alpn_len == 0) {
-SSL_get0_alpn_selected(ssl_conn, &data, &len);
+qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL;
+qc->error_reason = "unsupported protocol in ALPN extension";
-if (len == 0) {
-qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL;
+ngx_log_error(NGX_LOG_INFO, c->log, 0,
-qc->error_reason = "unsupported protocol in ALPN extension";
+"quic unsupported protocol in ALPN extension");
+return 0;
-ngx_log_error(NGX_LOG_INFO, c->log, 0,
+}
-"quic unsupported protocol in ALPN extension");
-return 0;
-}
-}
 #endif
 SSL_get_peer_quic_transport_params(ssl_conn, &client_params,
 &client_params_len);

Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic_ssl.c @ 8895:4b2d259bdadd quic