Mercurial > hg > nginx-quic
comparison src/stream/ngx_stream_ssl_module.c @ 8632:a550d4fa3581 quic
Stream: detect "listen .. quic" without TLSv1.3.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 29 Sep 2021 15:01:56 +0300 |
| parents | 419c066cb710 |
| children | 61d0fa67b55e |
comparison
equal
deleted
inserted
replaced
| 8631:e5a17d6041bd | 8632:a550d4fa3581 |
|---|---|
| 1068 | 1068 |
| 1069 | 1069 |
| 1070 static ngx_int_t | 1070 static ngx_int_t |
| 1071 ngx_stream_ssl_init(ngx_conf_t *cf) | 1071 ngx_stream_ssl_init(ngx_conf_t *cf) |
| 1072 { | 1072 { |
| 1073 ngx_uint_t i; | |
| 1074 ngx_stream_listen_t *listen; | |
| 1073 ngx_stream_handler_pt *h; | 1075 ngx_stream_handler_pt *h; |
| 1076 ngx_stream_ssl_conf_t *scf; | |
| 1074 ngx_stream_core_main_conf_t *cmcf; | 1077 ngx_stream_core_main_conf_t *cmcf; |
| 1075 | 1078 |
| 1076 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module); | 1079 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module); |
| 1077 | 1080 |
| 1078 h = ngx_array_push(&cmcf->phases[NGX_STREAM_SSL_PHASE].handlers); | 1081 h = ngx_array_push(&cmcf->phases[NGX_STREAM_SSL_PHASE].handlers); |
| 1080 return NGX_ERROR; | 1083 return NGX_ERROR; |
| 1081 } | 1084 } |
| 1082 | 1085 |
| 1083 *h = ngx_stream_ssl_handler; | 1086 *h = ngx_stream_ssl_handler; |
| 1084 | 1087 |
| 1088 listen = cmcf->listen.elts; | |
| 1089 | |
| 1090 for (i = 0; i < cmcf->listen.nelts; i++) { | |
| 1091 if (!listen[i].quic) { | |
| 1092 continue; | |
| 1093 } | |
| 1094 | |
| 1095 scf = listen[i].ctx->srv_conf[ngx_stream_ssl_module.ctx_index]; | |
| 1096 | |
| 1097 if (scf->certificates && !(scf->protocols & NGX_SSL_TLSv1_3)) { | |
| 1098 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
| 1099 "\"ssl_protocols\" must enable TLSv1.3 for " | |
| 1100 "the \"listen ... quic\" directive in %s:%ui", | |
| 1101 scf->file, scf->line); | |
| 1102 return NGX_ERROR; | |
| 1103 } | |
| 1104 } | |
| 1105 | |
| 1085 return NGX_OK; | 1106 return NGX_OK; |
| 1086 } | 1107 } |