Mercurial > hg > nginx-quic
comparison src/event/ngx_event_openssl.c @ 7333:ba971deb4b44
SSL: support for TLSv1.3 early data with BoringSSL.
Early data AKA 0-RTT mode is enabled as long as "ssl_early_data on" is
specified in the configuration (default is off).
The $ssl_early_data variable evaluates to "1" if the SSL handshake
isn't yet completed, and can be used to set the Early-Data header as
per draft-ietf-httpbis-replay-04.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 07 Aug 2018 02:16:07 +0300 |
parents | 7ad0f4ace359 |
children | 0de0b16a551c |
comparison
equal
deleted
inserted
replaced
7332:7ad0f4ace359 | 7333:ba971deb4b44 |
---|---|
1160 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); | 1160 SSL_CTX_set_tmp_ecdh(ssl->ctx, ecdh); |
1161 | 1161 |
1162 EC_KEY_free(ecdh); | 1162 EC_KEY_free(ecdh); |
1163 #endif | 1163 #endif |
1164 #endif | 1164 #endif |
1165 #endif | |
1166 | |
1167 return NGX_OK; | |
1168 } | |
1169 | |
1170 | |
1171 ngx_int_t | |
1172 ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) | |
1173 { | |
1174 if (!enable) { | |
1175 return NGX_OK; | |
1176 } | |
1177 | |
1178 #ifdef SSL_ERROR_EARLY_DATA_REJECTED | |
1179 | |
1180 /* BoringSSL */ | |
1181 | |
1182 SSL_CTX_set_early_data_enabled(ssl->ctx, 1); | |
1183 | |
1184 #else | |
1185 ngx_log_error(NGX_LOG_WARN, ssl->log, 0, | |
1186 "\"ssl_early_data\" is not supported on this platform, " | |
1187 "ignored"); | |
1165 #endif | 1188 #endif |
1166 | 1189 |
1167 return NGX_OK; | 1190 return NGX_OK; |
1168 } | 1191 } |
1169 | 1192 |
3622 return NGX_OK; | 3645 return NGX_OK; |
3623 } | 3646 } |
3624 | 3647 |
3625 | 3648 |
3626 ngx_int_t | 3649 ngx_int_t |
3650 ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | |
3651 { | |
3652 s->len = 0; | |
3653 | |
3654 #ifdef SSL_ERROR_EARLY_DATA_REJECTED | |
3655 if (SSL_in_early_data(c->ssl->connection)) { | |
3656 ngx_str_set(s, "1"); | |
3657 } | |
3658 #endif | |
3659 | |
3660 return NGX_OK; | |
3661 } | |
3662 | |
3663 | |
3664 ngx_int_t | |
3627 ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) | 3665 ngx_ssl_get_server_name(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) |
3628 { | 3666 { |
3629 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME | 3667 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
3630 | 3668 |
3631 size_t len; | 3669 size_t len; |