comparison src/http/modules/ngx_http_ssl_module.c @ 8922:be08b858086a quic

HTTP/3: http3_hq directive and NGX_HTTP_V3_HQ macro. Listen quic parameter is no longer supported.
author Roman Arutyunyan <arut@nginx.com>
date Sat, 04 Dec 2021 10:52:55 +0300
parents 33226ac61076
children 5c86189a1c1b
comparison
equal deleted inserted replaced
8921:33226ac61076 8922:be08b858086a
415 ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out, 415 ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out,
416 unsigned char *outlen, const unsigned char *in, unsigned int inlen, 416 unsigned char *outlen, const unsigned char *in, unsigned int inlen,
417 void *arg) 417 void *arg)
418 { 418 {
419 #if (NGX_HTTP_V3) 419 #if (NGX_HTTP_V3)
420 const char *fmt; 420 const char *fmt;
421 #endif 421 #endif
422 unsigned int srvlen; 422 unsigned int srvlen;
423 unsigned char *srv; 423 unsigned char *srv;
424 #if (NGX_DEBUG) 424 #if (NGX_DEBUG)
425 unsigned int i; 425 unsigned int i;
426 #endif 426 #endif
427 #if (NGX_HTTP_V2 || NGX_HTTP_V3) 427 #if (NGX_HTTP_V2 || NGX_HTTP_V3)
428 ngx_http_connection_t *hc; 428 ngx_http_connection_t *hc;
429 #endif
430 #if (NGX_HTTP_V3 && NGX_HTTP_V3_HQ)
431 ngx_http_v3_srv_conf_t *h3scf;
429 #endif 432 #endif
430 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) 433 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG)
431 ngx_connection_t *c; 434 ngx_connection_t *c;
432 435
433 c = ngx_ssl_get_connection(ssl_conn); 436 c = ngx_ssl_get_connection(ssl_conn);
434 #endif 437 #endif
435 438
436 #if (NGX_DEBUG) 439 #if (NGX_DEBUG)
450 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; 453 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS;
451 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; 454 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1;
452 } else 455 } else
453 #endif 456 #endif
454 #if (NGX_HTTP_V3) 457 #if (NGX_HTTP_V3)
455 if (hc->addr_conf->quic) { 458 if (hc->addr_conf->http3) {
456 if (hc->addr_conf->http3) { 459
460 #if (NGX_HTTP_V3_HQ)
461 h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module);
462
463 if (h3scf->hq) {
464 srv = (unsigned char *) NGX_HTTP_V3_HQ_ALPN_PROTO;
465 srvlen = sizeof(NGX_HTTP_V3_HQ_ALPN_PROTO) - 1;
466 fmt = NGX_HTTP_V3_HQ_ALPN_DRAFT_FMT;
467 } else
468 #endif
469 {
457 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO; 470 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO;
458 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1; 471 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1;
459 fmt = NGX_HTTP_V3_ALPN_DRAFT_FMT; 472 fmt = NGX_HTTP_V3_ALPN_DRAFT_FMT;
460
461 } else {
462 srv = (unsigned char *) NGX_HTTP_QUIC_ALPN_PROTO;
463 srvlen = sizeof(NGX_HTTP_QUIC_ALPN_PROTO) - 1;
464 fmt = NGX_HTTP_QUIC_ALPN_DRAFT_FMT;
465 } 473 }
466 474
467 /* QUIC draft */ 475 /* QUIC draft */
468 476
469 if (ngx_quic_version(c) > 1) { 477 if (ngx_quic_version(c) > 1) {
1315 for (p = 0; p < cmcf->ports->nelts; p++) { 1323 for (p = 0; p < cmcf->ports->nelts; p++) {
1316 1324
1317 addr = port[p].addrs.elts; 1325 addr = port[p].addrs.elts;
1318 for (a = 0; a < port[p].addrs.nelts; a++) { 1326 for (a = 0; a < port[p].addrs.nelts; a++) {
1319 1327
1320 if (!addr[a].opt.ssl && !addr[a].opt.quic) { 1328 if (!addr[a].opt.ssl && !addr[a].opt.http3) {
1321 continue; 1329 continue;
1322 } 1330 }
1323 1331
1324 if (addr[a].opt.http3) { 1332 if (addr[a].opt.http3) {
1325 name = "http3"; 1333 name = "http3";
1326 1334
1327 } else if (addr[a].opt.quic) {
1328 name = "quic";
1329
1330 } else { 1335 } else {
1331 name = "ssl"; 1336 name = "ssl";
1332 } 1337 }
1333 1338
1334 cscf = addr[a].default_server; 1339 cscf = addr[a].default_server;
1335 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; 1340 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
1336 1341
1337 if (sscf->certificates) { 1342 if (sscf->certificates) {
1338 1343
1339 if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) { 1344 if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) {
1340 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, 1345 ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
1341 "\"ssl_protocols\" must enable TLSv1.3 for " 1346 "\"ssl_protocols\" must enable TLSv1.3 for "
1342 "the \"listen ... %s\" directive in %s:%ui", 1347 "the \"listen ... %s\" directive in %s:%ui",
1343 name, cscf->file_name, cscf->line); 1348 name, cscf->file_name, cscf->line);
1344 return NGX_ERROR; 1349 return NGX_ERROR;