Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_ssl_module.c @ 9047:c851a2ed5ce8 quic
HTTP/3: "quic" parameter of "listen" directive.
Now "listen" directve has a new "quic" parameter which enables QUIC protocol
for the address. Further, to enable HTTP/3, a new directive "http3" is
introduced. The hq-interop protocol is enabled by "http3_hq" as before.
Now application protocol is chosen by ALPN.
Previously used "http3" parameter of "listen" is deprecated.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Mon, 27 Feb 2023 14:00:56 +0400 |
| parents | 7da4791e0264 |
| children | 5fd628b89bb7 |
comparison
equal
deleted
inserted
replaced
| 9046:7da4791e0264 | 9047:c851a2ed5ce8 |
|---|---|
| 429 unsigned int i; | 429 unsigned int i; |
| 430 #endif | 430 #endif |
| 431 #if (NGX_HTTP_V2 || NGX_HTTP_V3) | 431 #if (NGX_HTTP_V2 || NGX_HTTP_V3) |
| 432 ngx_http_connection_t *hc; | 432 ngx_http_connection_t *hc; |
| 433 #endif | 433 #endif |
| 434 #if (NGX_HTTP_V3 && NGX_HTTP_V3_HQ) | 434 #if (NGX_HTTP_V3) |
| 435 ngx_http_v3_srv_conf_t *h3scf; | 435 ngx_http_v3_srv_conf_t *h3scf; |
| 436 #endif | 436 #endif |
| 437 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) | 437 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) |
| 438 ngx_connection_t *c; | 438 ngx_connection_t *c; |
| 439 | 439 |
| 457 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; | 457 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; |
| 458 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; | 458 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; |
| 459 } else | 459 } else |
| 460 #endif | 460 #endif |
| 461 #if (NGX_HTTP_V3) | 461 #if (NGX_HTTP_V3) |
| 462 if (hc->addr_conf->http3) { | 462 if (hc->addr_conf->quic) { |
| 463 | 463 |
| 464 #if (NGX_HTTP_V3_HQ) | |
| 465 h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); | 464 h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); |
| 466 | 465 |
| 467 if (h3scf->hq) { | 466 if (h3scf->enable && h3scf->enable_hq) { |
| 467 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO | |
| 468 NGX_HTTP_V3_HQ_ALPN_PROTO; | |
| 469 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO NGX_HTTP_V3_HQ_ALPN_PROTO) | |
| 470 - 1; | |
| 471 | |
| 472 } else if (h3scf->enable_hq) { | |
| 468 srv = (unsigned char *) NGX_HTTP_V3_HQ_ALPN_PROTO; | 473 srv = (unsigned char *) NGX_HTTP_V3_HQ_ALPN_PROTO; |
| 469 srvlen = sizeof(NGX_HTTP_V3_HQ_ALPN_PROTO) - 1; | 474 srvlen = sizeof(NGX_HTTP_V3_HQ_ALPN_PROTO) - 1; |
| 470 } else | 475 |
| 471 #endif | 476 } else if (h3scf->enable || hc->addr_conf->http3) { |
| 472 { | |
| 473 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO; | 477 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO; |
| 474 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1; | 478 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1; |
| 479 | |
| 480 } else { | |
| 481 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
| 475 } | 482 } |
| 476 | 483 |
| 477 } else | 484 } else |
| 478 #endif | 485 #endif |
| 479 { | 486 { |
| 1315 for (p = 0; p < cmcf->ports->nelts; p++) { | 1322 for (p = 0; p < cmcf->ports->nelts; p++) { |
| 1316 | 1323 |
| 1317 addr = port[p].addrs.elts; | 1324 addr = port[p].addrs.elts; |
| 1318 for (a = 0; a < port[p].addrs.nelts; a++) { | 1325 for (a = 0; a < port[p].addrs.nelts; a++) { |
| 1319 | 1326 |
| 1320 if (!addr[a].opt.ssl && !addr[a].opt.http3) { | 1327 if (!addr[a].opt.ssl && !addr[a].opt.quic) { |
| 1321 continue; | 1328 continue; |
| 1322 } | 1329 } |
| 1323 | 1330 |
| 1324 cscf = addr[a].default_server; | 1331 cscf = addr[a].default_server; |
| 1325 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; | 1332 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; |
| 1326 | 1333 |
| 1327 if (addr[a].opt.http3) { | 1334 if (addr[a].opt.quic) { |
| 1328 name = "http3"; | 1335 name = "quic"; |
| 1329 | 1336 |
| 1330 #if (NGX_QUIC_OPENSSL_COMPAT) | 1337 #if (NGX_QUIC_OPENSSL_COMPAT) |
| 1331 if (ngx_quic_compat_init(cf, sscf->ssl.ctx) != NGX_OK) { | 1338 if (ngx_quic_compat_init(cf, sscf->ssl.ctx) != NGX_OK) { |
| 1332 return NGX_ERROR; | 1339 return NGX_ERROR; |
| 1333 } | 1340 } |
| 1337 name = "ssl"; | 1344 name = "ssl"; |
| 1338 } | 1345 } |
| 1339 | 1346 |
| 1340 if (sscf->certificates) { | 1347 if (sscf->certificates) { |
| 1341 | 1348 |
| 1342 if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) { | 1349 if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) { |
| 1343 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 1350 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
| 1344 "\"ssl_protocols\" must enable TLSv1.3 for " | 1351 "\"ssl_protocols\" must enable TLSv1.3 for " |
| 1345 "the \"listen ... %s\" directive in %s:%ui", | 1352 "the \"listen ... %s\" directive in %s:%ui", |
| 1346 name, cscf->file_name, cscf->line); | 1353 name, cscf->file_name, cscf->line); |
| 1347 return NGX_ERROR; | 1354 return NGX_ERROR; |