Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_ssl_module.c @ 7999:0d2b2664b41c quic
QUIC: added "quic" listen parameter.
The parameter allows processing HTTP/0.9-2 over QUIC.
Also, introduced ngx_http_quic_module and moved QUIC settings there
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Tue, 21 Jul 2020 23:09:22 +0300 |
| parents | 7995cd199b52 |
| children | 7621ffaa79b3 |
comparison
equal
deleted
inserted
replaced
| 7998:f537f99b86ee | 7999:0d2b2664b41c |
|---|---|
| 400 unsigned int srvlen; | 400 unsigned int srvlen; |
| 401 unsigned char *srv; | 401 unsigned char *srv; |
| 402 #if (NGX_DEBUG) | 402 #if (NGX_DEBUG) |
| 403 unsigned int i; | 403 unsigned int i; |
| 404 #endif | 404 #endif |
| 405 #if (NGX_HTTP_V2 || NGX_HTTP_V3) | 405 #if (NGX_HTTP_V2 || NGX_HTTP_QUIC) |
| 406 ngx_http_connection_t *hc; | 406 ngx_http_connection_t *hc; |
| 407 #endif | 407 #endif |
| 408 #if (NGX_HTTP_V2 || NGX_DEBUG) | 408 #if (NGX_HTTP_V2 || NGX_DEBUG) |
| 409 ngx_connection_t *c; | 409 ngx_connection_t *c; |
| 410 | 410 |
| 417 "SSL ALPN supported by client: %*s", | 417 "SSL ALPN supported by client: %*s", |
| 418 (size_t) in[i], &in[i + 1]); | 418 (size_t) in[i], &in[i + 1]); |
| 419 } | 419 } |
| 420 #endif | 420 #endif |
| 421 | 421 |
| 422 #if (NGX_HTTP_V2 || NGX_HTTP_V3) | 422 #if (NGX_HTTP_V2 || NGX_HTTP_QUIC) |
| 423 hc = c->data; | 423 hc = c->data; |
| 424 #endif | 424 #endif |
| 425 | 425 |
| 426 #if (NGX_HTTP_V2) | 426 #if (NGX_HTTP_V2) |
| 427 if (hc->addr_conf->http2) { | 427 if (hc->addr_conf->http2) { |
| 433 #endif | 433 #endif |
| 434 #if (NGX_HTTP_V3) | 434 #if (NGX_HTTP_V3) |
| 435 if (hc->addr_conf->http3) { | 435 if (hc->addr_conf->http3) { |
| 436 srv = (unsigned char *) NGX_HTTP_V3_ALPN_ADVERTISE; | 436 srv = (unsigned char *) NGX_HTTP_V3_ALPN_ADVERTISE; |
| 437 srvlen = sizeof(NGX_HTTP_V3_ALPN_ADVERTISE) - 1; | 437 srvlen = sizeof(NGX_HTTP_V3_ALPN_ADVERTISE) - 1; |
| 438 } else | |
| 439 #endif | |
| 440 #if (NGX_HTTP_QUIC) | |
| 441 if (hc->addr_conf->quic) { | |
| 442 srv = (unsigned char *) NGX_HTTP_QUIC_ALPN_ADVERTISE; | |
| 443 srvlen = sizeof(NGX_HTTP_QUIC_ALPN_ADVERTISE) - 1; | |
| 438 } else | 444 } else |
| 439 #endif | 445 #endif |
| 440 { | 446 { |
| 441 srv = (unsigned char *) NGX_HTTP_NPN_ADVERTISE; | 447 srv = (unsigned char *) NGX_HTTP_NPN_ADVERTISE; |
| 442 srvlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1; | 448 srvlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1; |
| 1245 | 1251 |
| 1246 static ngx_int_t | 1252 static ngx_int_t |
| 1247 ngx_http_ssl_init(ngx_conf_t *cf) | 1253 ngx_http_ssl_init(ngx_conf_t *cf) |
| 1248 { | 1254 { |
| 1249 ngx_uint_t a, p, s; | 1255 ngx_uint_t a, p, s; |
| 1256 const char *name; | |
| 1250 ngx_http_conf_addr_t *addr; | 1257 ngx_http_conf_addr_t *addr; |
| 1251 ngx_http_conf_port_t *port; | 1258 ngx_http_conf_port_t *port; |
| 1252 ngx_http_ssl_srv_conf_t *sscf; | 1259 ngx_http_ssl_srv_conf_t *sscf; |
| 1253 ngx_http_core_loc_conf_t *clcf; | 1260 ngx_http_core_loc_conf_t *clcf; |
| 1254 ngx_http_core_srv_conf_t **cscfp, *cscf; | 1261 ngx_http_core_srv_conf_t **cscfp, *cscf; |
| 1294 for (p = 0; p < cmcf->ports->nelts; p++) { | 1301 for (p = 0; p < cmcf->ports->nelts; p++) { |
| 1295 | 1302 |
| 1296 addr = port[p].addrs.elts; | 1303 addr = port[p].addrs.elts; |
| 1297 for (a = 0; a < port[p].addrs.nelts; a++) { | 1304 for (a = 0; a < port[p].addrs.nelts; a++) { |
| 1298 | 1305 |
| 1299 if (!addr[a].opt.ssl && !addr[a].opt.http3) { | 1306 if (!addr[a].opt.ssl && !addr[a].opt.quic) { |
| 1300 continue; | 1307 continue; |
| 1308 } | |
| 1309 | |
| 1310 if (addr[a].opt.http3) { | |
| 1311 name = "http3"; | |
| 1312 | |
| 1313 } else if (addr[a].opt.quic) { | |
| 1314 name = "quic"; | |
| 1315 | |
| 1316 } else { | |
| 1317 name = "ssl"; | |
| 1301 } | 1318 } |
| 1302 | 1319 |
| 1303 cscf = addr[a].default_server; | 1320 cscf = addr[a].default_server; |
| 1304 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; | 1321 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; |
| 1305 | 1322 |
| 1306 if (sscf->certificates == NULL) { | 1323 if (sscf->certificates == NULL) { |
| 1307 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 1324 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 1308 "no \"ssl_certificate\" is defined for " | 1325 "no \"ssl_certificate\" is defined for " |
| 1309 "the \"listen ... ssl\" directive in %s:%ui", | 1326 "the \"listen ... %s\" directive in %s:%ui", |
| 1310 cscf->file_name, cscf->line); | 1327 name, cscf->file_name, cscf->line); |
| 1311 return NGX_ERROR; | 1328 return NGX_ERROR; |
| 1312 } | 1329 } |
| 1313 | 1330 |
| 1314 if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) { | 1331 if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) { |
| 1315 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 1332 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 1316 "\"ssl_protocols\" did not enable TLSv1.3 for " | 1333 "\"ssl_protocols\" did not enable TLSv1.3 for " |
| 1317 "the \"listen ... http3\" directive in %s:%ui", | 1334 "the \"listen ... %s\" directives in %s:%ui", |
| 1318 cscf->file_name, cscf->line); | 1335 name, cscf->file_name, cscf->line); |
| 1319 return NGX_ERROR; | 1336 return NGX_ERROR; |
| 1320 } | 1337 } |
| 1321 } | 1338 } |
| 1322 } | 1339 } |
| 1323 | 1340 |