Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_ssl.c @ 9033:9076a74f1221 quic
QUIC: removed compatibility with older BoringSSL API.
SSL_CIPHER_get_protocol_id() appeared in BoringSSL somewhere between
BORINGSSL_API_VERSION 12 and 13 for compatibility with OpenSSL 1.1.1.
It was adopted without a proper macro test, which remained unnoticed.
This justifies that such old BoringSSL API isn't widely used and its
support can be dropped.
While here, removed SSL_set_quic_use_legacy_codepoint() that became
useless after the default was flipped in BoringSSL over a year ago.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 20 Oct 2022 16:21:07 +0400 |
parents | 41796b6804d9 |
children | 8c0bccdf2743 |
comparison
equal
deleted
inserted
replaced
9032:41796b6804d9 | 9033:9076a74f1221 |
---|---|
16 * Implementations MUST support buffering at least 4096 bytes of data | 16 * Implementations MUST support buffering at least 4096 bytes of data |
17 */ | 17 */ |
18 #define NGX_QUIC_MAX_BUFFERED 65535 | 18 #define NGX_QUIC_MAX_BUFFERED 65535 |
19 | 19 |
20 | 20 |
21 #if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER | 21 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER |
22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, | 22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
24 const uint8_t *secret, size_t secret_len); | 24 const uint8_t *secret, size_t secret_len); |
25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, | 25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
38 enum ssl_encryption_level_t level, uint8_t alert); | 38 enum ssl_encryption_level_t level, uint8_t alert); |
39 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); | 39 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); |
40 | 40 |
41 | 41 |
42 static SSL_QUIC_METHOD quic_method = { | 42 static SSL_QUIC_METHOD quic_method = { |
43 #if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER | 43 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER |
44 .set_read_secret = ngx_quic_set_read_secret, | 44 .set_read_secret = ngx_quic_set_read_secret, |
45 .set_write_secret = ngx_quic_set_write_secret, | 45 .set_write_secret = ngx_quic_set_write_secret, |
46 #else | 46 #else |
47 .set_encryption_secrets = ngx_quic_set_encryption_secrets, | 47 .set_encryption_secrets = ngx_quic_set_encryption_secrets, |
48 #endif | 48 #endif |
50 .flush_flight = ngx_quic_flush_flight, | 50 .flush_flight = ngx_quic_flush_flight, |
51 .send_alert = ngx_quic_send_alert, | 51 .send_alert = ngx_quic_send_alert, |
52 }; | 52 }; |
53 | 53 |
54 | 54 |
55 #if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER | 55 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER |
56 | 56 |
57 static int | 57 static int |
58 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, | 58 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
59 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 59 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
60 const uint8_t *rsecret, size_t secret_len) | 60 const uint8_t *rsecret, size_t secret_len) |
561 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { | 561 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
562 SSL_set_quic_early_data_enabled(ssl_conn, 1); | 562 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
563 } | 563 } |
564 #endif | 564 #endif |
565 | 565 |
566 #if (BORINGSSL_API_VERSION >= 13 && BORINGSSL_API_VERSION < 15) | |
567 SSL_set_quic_use_legacy_codepoint(ssl_conn, 0); | |
568 #endif | |
569 | |
570 qsock = ngx_quic_get_socket(c); | 566 qsock = ngx_quic_get_socket(c); |
571 | 567 |
572 dcid.data = qsock->sid.id; | 568 dcid.data = qsock->sid.id; |
573 dcid.len = qsock->sid.len; | 569 dcid.len = qsock->sid.len; |
574 | 570 |
600 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 596 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
601 "quic SSL_set_quic_transport_params() failed"); | 597 "quic SSL_set_quic_transport_params() failed"); |
602 return NGX_ERROR; | 598 return NGX_ERROR; |
603 } | 599 } |
604 | 600 |
605 #if BORINGSSL_API_VERSION >= 11 | 601 #ifdef OPENSSL_IS_BORINGSSL |
606 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { | 602 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
607 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 603 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
608 "quic SSL_set_quic_early_data_context() failed"); | 604 "quic SSL_set_quic_early_data_context() failed"); |
609 return NGX_ERROR; | 605 return NGX_ERROR; |
610 } | 606 } |