Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 8922:be08b858086a quic
HTTP/3: http3_hq directive and NGX_HTTP_V3_HQ macro.
Listen quic parameter is no longer supported.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Sat, 04 Dec 2021 10:52:55 +0300 |
| parents | 33226ac61076 |
| children | 5c86189a1c1b |
comparison
equal
deleted
inserted
replaced
| 8921:33226ac61076 | 8922:be08b858086a |
|---|---|
| 415 ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out, | 415 ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn, const unsigned char **out, |
| 416 unsigned char *outlen, const unsigned char *in, unsigned int inlen, | 416 unsigned char *outlen, const unsigned char *in, unsigned int inlen, |
| 417 void *arg) | 417 void *arg) |
| 418 { | 418 { |
| 419 #if (NGX_HTTP_V3) | 419 #if (NGX_HTTP_V3) |
| 420 const char *fmt; | 420 const char *fmt; |
| 421 #endif | 421 #endif |
| 422 unsigned int srvlen; | 422 unsigned int srvlen; |
| 423 unsigned char *srv; | 423 unsigned char *srv; |
| 424 #if (NGX_DEBUG) | 424 #if (NGX_DEBUG) |
| 425 unsigned int i; | 425 unsigned int i; |
| 426 #endif | 426 #endif |
| 427 #if (NGX_HTTP_V2 || NGX_HTTP_V3) | 427 #if (NGX_HTTP_V2 || NGX_HTTP_V3) |
| 428 ngx_http_connection_t *hc; | 428 ngx_http_connection_t *hc; |
| 429 #endif | |
| 430 #if (NGX_HTTP_V3 && NGX_HTTP_V3_HQ) | |
| 431 ngx_http_v3_srv_conf_t *h3scf; | |
| 429 #endif | 432 #endif |
| 430 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) | 433 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) |
| 431 ngx_connection_t *c; | 434 ngx_connection_t *c; |
| 432 | 435 |
| 433 c = ngx_ssl_get_connection(ssl_conn); | 436 c = ngx_ssl_get_connection(ssl_conn); |
| 434 #endif | 437 #endif |
| 435 | 438 |
| 436 #if (NGX_DEBUG) | 439 #if (NGX_DEBUG) |
| 450 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; | 453 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; |
| 451 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; | 454 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; |
| 452 } else | 455 } else |
| 453 #endif | 456 #endif |
| 454 #if (NGX_HTTP_V3) | 457 #if (NGX_HTTP_V3) |
| 455 if (hc->addr_conf->quic) { | 458 if (hc->addr_conf->http3) { |
| 456 if (hc->addr_conf->http3) { | 459 |
| 460 #if (NGX_HTTP_V3_HQ) | |
| 461 h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); | |
| 462 | |
| 463 if (h3scf->hq) { | |
| 464 srv = (unsigned char *) NGX_HTTP_V3_HQ_ALPN_PROTO; | |
| 465 srvlen = sizeof(NGX_HTTP_V3_HQ_ALPN_PROTO) - 1; | |
| 466 fmt = NGX_HTTP_V3_HQ_ALPN_DRAFT_FMT; | |
| 467 } else | |
| 468 #endif | |
| 469 { | |
| 457 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO; | 470 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO; |
| 458 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1; | 471 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1; |
| 459 fmt = NGX_HTTP_V3_ALPN_DRAFT_FMT; | 472 fmt = NGX_HTTP_V3_ALPN_DRAFT_FMT; |
| 460 | |
| 461 } else { | |
| 462 srv = (unsigned char *) NGX_HTTP_QUIC_ALPN_PROTO; | |
| 463 srvlen = sizeof(NGX_HTTP_QUIC_ALPN_PROTO) - 1; | |
| 464 fmt = NGX_HTTP_QUIC_ALPN_DRAFT_FMT; | |
| 465 } | 473 } |
| 466 | 474 |
| 467 /* QUIC draft */ | 475 /* QUIC draft */ |
| 468 | 476 |
| 469 if (ngx_quic_version(c) > 1) { | 477 if (ngx_quic_version(c) > 1) { |
| 1315 for (p = 0; p < cmcf->ports->nelts; p++) { | 1323 for (p = 0; p < cmcf->ports->nelts; p++) { |
| 1316 | 1324 |
| 1317 addr = port[p].addrs.elts; | 1325 addr = port[p].addrs.elts; |
| 1318 for (a = 0; a < port[p].addrs.nelts; a++) { | 1326 for (a = 0; a < port[p].addrs.nelts; a++) { |
| 1319 | 1327 |
| 1320 if (!addr[a].opt.ssl && !addr[a].opt.quic) { | 1328 if (!addr[a].opt.ssl && !addr[a].opt.http3) { |
| 1321 continue; | 1329 continue; |
| 1322 } | 1330 } |
| 1323 | 1331 |
| 1324 if (addr[a].opt.http3) { | 1332 if (addr[a].opt.http3) { |
| 1325 name = "http3"; | 1333 name = "http3"; |
| 1326 | 1334 |
| 1327 } else if (addr[a].opt.quic) { | |
| 1328 name = "quic"; | |
| 1329 | |
| 1330 } else { | 1335 } else { |
| 1331 name = "ssl"; | 1336 name = "ssl"; |
| 1332 } | 1337 } |
| 1333 | 1338 |
| 1334 cscf = addr[a].default_server; | 1339 cscf = addr[a].default_server; |
| 1335 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; | 1340 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; |
| 1336 | 1341 |
| 1337 if (sscf->certificates) { | 1342 if (sscf->certificates) { |
| 1338 | 1343 |
| 1339 if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) { | 1344 if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) { |
| 1340 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 1345 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 1341 "\"ssl_protocols\" must enable TLSv1.3 for " | 1346 "\"ssl_protocols\" must enable TLSv1.3 for " |
| 1342 "the \"listen ... %s\" directive in %s:%ui", | 1347 "the \"listen ... %s\" directive in %s:%ui", |
| 1343 name, cscf->file_name, cscf->line); | 1348 name, cscf->file_name, cscf->line); |
| 1344 return NGX_ERROR; | 1349 return NGX_ERROR; |