Mercurial > hg > nginx

changeset 9040:8c0bccdf2743 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: avoid using C99 designated initializers. They are not supported by MSVC till 2012. SSL_QUIC_METHOD initialization is moved to run-time to preserve portability among SSL library implementations, which allows to reduce its visibility. Note using of a static storage to keep SSL_set_quic_method() reference valid.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 22 Nov 2022 18:05:35 +0400
parents a6cc246654f8
children e23fd55e1cc6
files src/event/quic/ngx_event_quic_protection.c src/event/quic/ngx_event_quic_ssl.c
diffstat 2 files changed, 23 insertions(+), 24 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -147,6 +147,7 @@ ngx_quic_keys_set_initial_secret(ngx_qui
 {
     size_t              is_len;
     uint8_t             is[SHA256_DIGEST_LENGTH];
+    ngx_str_t           iss;
     ngx_uint_t          i;
     const EVP_MD       *digest;
     ngx_quic_hkdf_t     seq[8];
@@ -176,10 +177,8 @@ ngx_quic_keys_set_initial_secret(ngx_qui
         return NGX_ERROR;
     }
 
-    ngx_str_t iss = {
-        .data = is,
-        .len = is_len
-    };
+    iss.len = is_len;
+    iss.data = is;
 
     ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0,
                    "quic ngx_quic_set_initial_secret");
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -39,19 +39,6 @@ static int ngx_quic_send_alert(ngx_ssl_c
 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data);
 
 
-static SSL_QUIC_METHOD quic_method = {
-#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER
-    .set_read_secret = ngx_quic_set_read_secret,
-    .set_write_secret = ngx_quic_set_write_secret,
-#else
-    .set_encryption_secrets = ngx_quic_set_encryption_secrets,
-#endif
-    .add_handshake_data = ngx_quic_add_handshake_data,
-    .flush_flight = ngx_quic_flush_flight,
-    .send_alert = ngx_quic_send_alert,
-};
-
-
 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER
 
 static int
@@ -533,13 +520,14 @@ ngx_quic_crypto_input(ngx_connection_t *
 ngx_int_t
 ngx_quic_init_connection(ngx_connection_t *c)
 {
-    u_char                 *p;
-    size_t                  clen;
-    ssize_t                 len;
-    ngx_str_t               dcid;
-    ngx_ssl_conn_t         *ssl_conn;
-    ngx_quic_socket_t      *qsock;
-    ngx_quic_connection_t  *qc;
+    u_char                  *p;
+    size_t                   clen;
+    ssize_t                  len;
+    ngx_str_t                dcid;
+    ngx_ssl_conn_t          *ssl_conn;
+    ngx_quic_socket_t       *qsock;
+    ngx_quic_connection_t   *qc;
+    static SSL_QUIC_METHOD   quic_method;
 
     qc = ngx_quic_get_connection(c);
 
@@ -551,6 +539,18 @@ ngx_quic_init_connection(ngx_connection_
 
     ssl_conn = c->ssl->connection;
 
+    if (!quic_method.send_alert) {
+#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER
+        quic_method.set_read_secret = ngx_quic_set_read_secret;
+        quic_method.set_write_secret = ngx_quic_set_write_secret;
+#else
+        quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets;
+#endif
+        quic_method.add_handshake_data = ngx_quic_add_handshake_data;
+        quic_method.flush_flight = ngx_quic_flush_flight;
+        quic_method.send_alert = ngx_quic_send_alert;
+    }
+
     if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
         ngx_log_error(NGX_LOG_INFO, c->log, 0,
                       "quic SSL_set_quic_method() failed");