nginx: src/event/quic/ngx_event

comparison src/event/quic/ngx_event_quic.c @ 9157:daf8f5ba23d8

QUIC: removed use of SSL_quic_read_level and SSL_quic_write_level. As explained in BoringSSL change[1], levels were introduced in the original QUIC API to draw a line between when keys are released and when are active. In the new QUIC API they are released in separate calls when it's needed. BoringSSL has then a consideration to remove levels API, hence the change. If not available e.g. from a QUIC packet header, levels can be taken based on keys availability. The only real use of levels is to prevent using app keys before they are active in QuicTLS that provides the old BoringSSL QUIC API, it is replaced with an equivalent check of c->ssl->handshaked. This change also removes OpenSSL compat shims since they are no longer used. The only exception left is caching write level from the keylog callback in the internal field which is a handy equivalent of checking keys availability. [1] https://boringssl.googlesource.com/boringssl/+/1e859054

author	Sergey Kandaurov <pluknet@nginx.com>
date	Fri, 01 Sep 2023 20:31:46 +0400
parents	36b59521a41c
children	ad3d34ddfdcc

comparison

equal deleted inserted replaced

-:36b59521a41c
+:daf8f5ba23d8
 }
 #if !defined (OPENSSL_IS_BORINGSSL)
 /* OpenSSL provides read keys for an application level before it's ready */
-if (pkt->level == ssl_encryption_application
+if (pkt->level == ssl_encryption_application && !c->ssl->handshaked) {
-&& SSL_quic_read_level(c->ssl->connection)
-< ssl_encryption_application)
-{
 ngx_log_error(NGX_LOG_INFO, c->log, 0,
 "quic no %s keys ready, ignoring packet",
 ngx_quic_level_name(pkt->level));
 return NGX_DECLINED;
 }

Mercurial > hg > nginx

comparison src/event/quic/ngx_event_quic.c @ 9157:daf8f5ba23d8