Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_ssl_module.c @ 7633:5d91389e0fd3 quic
Initial QUIC support in http.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Fri, 28 Feb 2020 13:09:51 +0300 |
| parents | ef7ee19776db |
| children | 01dc595de244 |
comparison
equal
deleted
inserted
replaced
| 7632:7999d3fbb765 | 7633:5d91389e0fd3 |
|---|---|
| 245 { ngx_string("ssl_early_data"), | 245 { ngx_string("ssl_early_data"), |
| 246 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 246 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
| 247 ngx_conf_set_flag_slot, | 247 ngx_conf_set_flag_slot, |
| 248 NGX_HTTP_SRV_CONF_OFFSET, | 248 NGX_HTTP_SRV_CONF_OFFSET, |
| 249 offsetof(ngx_http_ssl_srv_conf_t, early_data), | 249 offsetof(ngx_http_ssl_srv_conf_t, early_data), |
| 250 NULL }, | |
| 251 | |
| 252 { ngx_string("ssl_quic"), | |
| 253 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
| 254 ngx_conf_set_flag_slot, | |
| 255 NGX_HTTP_SRV_CONF_OFFSET, | |
| 256 offsetof(ngx_http_ssl_srv_conf_t, quic), | |
| 250 NULL }, | 257 NULL }, |
| 251 | 258 |
| 252 ngx_null_command | 259 ngx_null_command |
| 253 }; | 260 }; |
| 254 | 261 |
| 566 */ | 573 */ |
| 567 | 574 |
| 568 sscf->enable = NGX_CONF_UNSET; | 575 sscf->enable = NGX_CONF_UNSET; |
| 569 sscf->prefer_server_ciphers = NGX_CONF_UNSET; | 576 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
| 570 sscf->early_data = NGX_CONF_UNSET; | 577 sscf->early_data = NGX_CONF_UNSET; |
| 578 sscf->quic = NGX_CONF_UNSET; | |
| 571 sscf->buffer_size = NGX_CONF_UNSET_SIZE; | 579 sscf->buffer_size = NGX_CONF_UNSET_SIZE; |
| 572 sscf->verify = NGX_CONF_UNSET_UINT; | 580 sscf->verify = NGX_CONF_UNSET_UINT; |
| 573 sscf->verify_depth = NGX_CONF_UNSET_UINT; | 581 sscf->verify_depth = NGX_CONF_UNSET_UINT; |
| 574 sscf->certificates = NGX_CONF_UNSET_PTR; | 582 sscf->certificates = NGX_CONF_UNSET_PTR; |
| 575 sscf->certificate_keys = NGX_CONF_UNSET_PTR; | 583 sscf->certificate_keys = NGX_CONF_UNSET_PTR; |
| 610 ngx_conf_merge_value(conf->prefer_server_ciphers, | 618 ngx_conf_merge_value(conf->prefer_server_ciphers, |
| 611 prev->prefer_server_ciphers, 0); | 619 prev->prefer_server_ciphers, 0); |
| 612 | 620 |
| 613 ngx_conf_merge_value(conf->early_data, prev->early_data, 0); | 621 ngx_conf_merge_value(conf->early_data, prev->early_data, 0); |
| 614 | 622 |
| 623 ngx_conf_merge_value(conf->quic, prev->quic, 0); | |
| 624 | |
| 615 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 625 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
| 616 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 | 626 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |
| 617 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); | 627 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
| 618 | 628 |
| 619 ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size, | 629 ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size, |
| 694 + conf->certificates->nelts - 1); | 704 + conf->certificates->nelts - 1); |
| 695 return NGX_CONF_ERROR; | 705 return NGX_CONF_ERROR; |
| 696 } | 706 } |
| 697 } | 707 } |
| 698 | 708 |
| 709 printf("ngx_ssl_create\n"); | |
| 699 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { | 710 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { |
| 700 return NGX_CONF_ERROR; | 711 return NGX_CONF_ERROR; |
| 701 } | 712 } |
| 702 | 713 |
| 703 cln = ngx_pool_cleanup_add(cf->pool, 0); | 714 cln = ngx_pool_cleanup_add(cf->pool, 0); |
| 852 } | 863 } |
| 853 | 864 |
| 854 } | 865 } |
| 855 | 866 |
| 856 if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) { | 867 if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) { |
| 868 return NGX_CONF_ERROR; | |
| 869 } | |
| 870 | |
| 871 if (ngx_ssl_quic(cf, &conf->ssl, conf->quic) != NGX_OK) { | |
| 857 return NGX_CONF_ERROR; | 872 return NGX_CONF_ERROR; |
| 858 } | 873 } |
| 859 | 874 |
| 860 return NGX_CONF_OK; | 875 return NGX_CONF_OK; |
| 861 } | 876 } |
| 1139 port = cmcf->ports->elts; | 1154 port = cmcf->ports->elts; |
| 1140 for (p = 0; p < cmcf->ports->nelts; p++) { | 1155 for (p = 0; p < cmcf->ports->nelts; p++) { |
| 1141 | 1156 |
| 1142 addr = port[p].addrs.elts; | 1157 addr = port[p].addrs.elts; |
| 1143 for (a = 0; a < port[p].addrs.nelts; a++) { | 1158 for (a = 0; a < port[p].addrs.nelts; a++) { |
| 1144 | 1159 printf("ssl %d http3 %d\n", addr[a].opt.ssl, addr[a].opt.http3); |
| 1145 if (!addr[a].opt.ssl) { | 1160 |
| 1161 if (!addr[a].opt.ssl && !addr[a].opt.http3) { | |
| 1146 continue; | 1162 continue; |
| 1147 } | 1163 } |
| 1148 | 1164 |
| 1149 cscf = addr[a].default_server; | 1165 cscf = addr[a].default_server; |
| 1150 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; | 1166 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; |
| 1167 printf("sscf->protocols %lx\n", sscf->protocols); | |
| 1151 | 1168 |
| 1152 if (sscf->certificates == NULL) { | 1169 if (sscf->certificates == NULL) { |
| 1153 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 1170 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 1154 "no \"ssl_certificate\" is defined for " | 1171 "no \"ssl_certificate\" is defined for " |
| 1155 "the \"listen ... ssl\" directive in %s:%ui", | 1172 "the \"listen ... ssl\" directive in %s:%ui", |
| 1156 cscf->file_name, cscf->line); | 1173 cscf->file_name, cscf->line); |
| 1157 return NGX_ERROR; | 1174 return NGX_ERROR; |
| 1158 } | 1175 } |
| 1176 | |
| 1177 if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) { | |
| 1178 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 1179 "\"ssl_protocols\" did not enable TLSv1.3 for " | |
| 1180 "the \"listen ... http3\" directive in %s:%ui", | |
| 1181 cscf->file_name, cscf->line); | |
| 1182 return NGX_ERROR; | |
| 1183 } | |
| 1159 } | 1184 } |
| 1160 } | 1185 } |
| 1161 | 1186 |
| 1162 return NGX_OK; | 1187 return NGX_OK; |
| 1163 } | 1188 } |