nginx-quic: src/event/quic/ngx_event_quic

annotate src/event/quic/ngx_event_quic_migration.h @ 8717:e06283038ec8 quic

QUIC: clear SSL_OP_ENABLE_MIDDLEBOX_COMPAT on SSL context switch. The SSL_OP_ENABLE_MIDDLEBOX_COMPAT option is provided by QuicTLS and enabled by default in the newly created SSL contexts. SSL_set_quic_method() is used to clear it, which is required for SSL handshake to work on QUIC connections. Switching context in the ngx_http_ssl_servername() SNI callback overrides SSL options from the new SSL context. This results in the option set again. Fix is to explicitly clear it when switching to another SSL context. Initially reported here (in Russian): http://mailman.nginx.org/pipermail/nginx-ru/2021-November/063989.html

author	Sergey Kandaurov <pluknet@nginx.com>
date	Tue, 07 Dec 2021 15:49:51 +0300
parents	40445fc7c403
children	ddd5e5c0f87d

rev	line source
8387 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	1
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	2 /*
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	3 * Copyright (C) Nginx, Inc.
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	4 */
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	5
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	6
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	7 #ifndef _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	8 #define _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	9
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	10
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	11 #include <ngx_config.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	12 #include <ngx_core.h>
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	13
8423 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	14 #define NGX_QUIC_PATH_RETRIES 3
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	15
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	16 #define NGX_QUIC_PATH_NEW 0
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	17 #define NGX_QUIC_PATH_VALIDATING 1
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	18 #define NGX_QUIC_PATH_VALIDATED 2
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	19
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	20 #define NGX_QUIC_PATH_VALID_TIME 600 /* seconds */
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	21
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	22
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	23 #define ngx_quic_path_state_str(p) \
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	24 ((p)->state == NGX_QUIC_PATH_NEW) ? "new" : \
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	25 (((p)->state == NGX_QUIC_PATH_VALIDATED) ? "validated" : "validating")
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	26
8387 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	27
76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	28 ngx_int_t ngx_quic_handle_path_challenge_frame(ngx_connection_t *c,
8438 5186ee5a94b9 QUIC: simplified sending 1-RTT only frames. Sergey Kandaurov <pluknet@nginx.com> parents: 8423 diff changeset	29 ngx_quic_path_challenge_frame_t *f);
8387 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	30 ngx_int_t ngx_quic_handle_path_response_frame(ngx_connection_t *c,
8438 5186ee5a94b9 QUIC: simplified sending 1-RTT only frames. Sergey Kandaurov <pluknet@nginx.com> parents: 8423 diff changeset	31 ngx_quic_path_challenge_frame_t *f);
8387 76f476ce4d31 QUIC: distinct files for connection migration. Vladimir Homutov <vl@nginx.com> parents: diff changeset	32
8702 40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8438 diff changeset	33 ngx_quic_path_t ngx_quic_find_path(ngx_connection_t c,
40445fc7c403 QUIC: fixed migration during NAT rebinding. Vladimir Homutov <vl@nginx.com> parents: 8438 diff changeset	34 struct sockaddr *sockaddr, socklen_t socklen);
8423 4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	35 ngx_quic_path_t ngx_quic_add_path(ngx_connection_t c,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	36 struct sockaddr *sockaddr, socklen_t socklen);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	37
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	38 ngx_int_t ngx_quic_update_paths(ngx_connection_t c, ngx_quic_header_t pkt);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	39 ngx_int_t ngx_quic_handle_migration(ngx_connection_t *c,
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	40 ngx_quic_header_t *pkt);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	41
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	42 void ngx_quic_path_validation_handler(ngx_event_t *ev);
4117aa7fa38e QUIC: connection migration. Vladimir Homutov <vl@nginx.com> parents: 8407 diff changeset	43
8407 c8bda5e1e662 QUIC: headers cleanup. Vladimir Homutov <vl@nginx.com> parents: 8387 diff changeset	44 #endif /* _NGX_EVENT_QUIC_MIGRATION_H_INCLUDED_ */

Mercurial > hg > nginx-quic

annotate src/event/quic/ngx_event_quic_migration.h @ 8717:e06283038ec8 quic