Mercurial > hg > nginx-quic
comparison src/http/modules/ngx_http_ssl_module.c @ 9047:c851a2ed5ce8 quic
HTTP/3: "quic" parameter of "listen" directive.
Now "listen" directve has a new "quic" parameter which enables QUIC protocol
for the address. Further, to enable HTTP/3, a new directive "http3" is
introduced. The hq-interop protocol is enabled by "http3_hq" as before.
Now application protocol is chosen by ALPN.
Previously used "http3" parameter of "listen" is deprecated.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Mon, 27 Feb 2023 14:00:56 +0400 |
parents | 7da4791e0264 |
children | 5fd628b89bb7 |
comparison
equal
deleted
inserted
replaced
9046:7da4791e0264 | 9047:c851a2ed5ce8 |
---|---|
429 unsigned int i; | 429 unsigned int i; |
430 #endif | 430 #endif |
431 #if (NGX_HTTP_V2 || NGX_HTTP_V3) | 431 #if (NGX_HTTP_V2 || NGX_HTTP_V3) |
432 ngx_http_connection_t *hc; | 432 ngx_http_connection_t *hc; |
433 #endif | 433 #endif |
434 #if (NGX_HTTP_V3 && NGX_HTTP_V3_HQ) | 434 #if (NGX_HTTP_V3) |
435 ngx_http_v3_srv_conf_t *h3scf; | 435 ngx_http_v3_srv_conf_t *h3scf; |
436 #endif | 436 #endif |
437 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) | 437 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG) |
438 ngx_connection_t *c; | 438 ngx_connection_t *c; |
439 | 439 |
457 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; | 457 srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS; |
458 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; | 458 srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1; |
459 } else | 459 } else |
460 #endif | 460 #endif |
461 #if (NGX_HTTP_V3) | 461 #if (NGX_HTTP_V3) |
462 if (hc->addr_conf->http3) { | 462 if (hc->addr_conf->quic) { |
463 | 463 |
464 #if (NGX_HTTP_V3_HQ) | |
465 h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); | 464 h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module); |
466 | 465 |
467 if (h3scf->hq) { | 466 if (h3scf->enable && h3scf->enable_hq) { |
467 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO | |
468 NGX_HTTP_V3_HQ_ALPN_PROTO; | |
469 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO NGX_HTTP_V3_HQ_ALPN_PROTO) | |
470 - 1; | |
471 | |
472 } else if (h3scf->enable_hq) { | |
468 srv = (unsigned char *) NGX_HTTP_V3_HQ_ALPN_PROTO; | 473 srv = (unsigned char *) NGX_HTTP_V3_HQ_ALPN_PROTO; |
469 srvlen = sizeof(NGX_HTTP_V3_HQ_ALPN_PROTO) - 1; | 474 srvlen = sizeof(NGX_HTTP_V3_HQ_ALPN_PROTO) - 1; |
470 } else | 475 |
471 #endif | 476 } else if (h3scf->enable || hc->addr_conf->http3) { |
472 { | |
473 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO; | 477 srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO; |
474 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1; | 478 srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1; |
479 | |
480 } else { | |
481 return SSL_TLSEXT_ERR_ALERT_FATAL; | |
475 } | 482 } |
476 | 483 |
477 } else | 484 } else |
478 #endif | 485 #endif |
479 { | 486 { |
1315 for (p = 0; p < cmcf->ports->nelts; p++) { | 1322 for (p = 0; p < cmcf->ports->nelts; p++) { |
1316 | 1323 |
1317 addr = port[p].addrs.elts; | 1324 addr = port[p].addrs.elts; |
1318 for (a = 0; a < port[p].addrs.nelts; a++) { | 1325 for (a = 0; a < port[p].addrs.nelts; a++) { |
1319 | 1326 |
1320 if (!addr[a].opt.ssl && !addr[a].opt.http3) { | 1327 if (!addr[a].opt.ssl && !addr[a].opt.quic) { |
1321 continue; | 1328 continue; |
1322 } | 1329 } |
1323 | 1330 |
1324 cscf = addr[a].default_server; | 1331 cscf = addr[a].default_server; |
1325 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; | 1332 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; |
1326 | 1333 |
1327 if (addr[a].opt.http3) { | 1334 if (addr[a].opt.quic) { |
1328 name = "http3"; | 1335 name = "quic"; |
1329 | 1336 |
1330 #if (NGX_QUIC_OPENSSL_COMPAT) | 1337 #if (NGX_QUIC_OPENSSL_COMPAT) |
1331 if (ngx_quic_compat_init(cf, sscf->ssl.ctx) != NGX_OK) { | 1338 if (ngx_quic_compat_init(cf, sscf->ssl.ctx) != NGX_OK) { |
1332 return NGX_ERROR; | 1339 return NGX_ERROR; |
1333 } | 1340 } |
1337 name = "ssl"; | 1344 name = "ssl"; |
1338 } | 1345 } |
1339 | 1346 |
1340 if (sscf->certificates) { | 1347 if (sscf->certificates) { |
1341 | 1348 |
1342 if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) { | 1349 if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) { |
1343 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 1350 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
1344 "\"ssl_protocols\" must enable TLSv1.3 for " | 1351 "\"ssl_protocols\" must enable TLSv1.3 for " |
1345 "the \"listen ... %s\" directive in %s:%ui", | 1352 "the \"listen ... %s\" directive in %s:%ui", |
1346 name, cscf->file_name, cscf->line); | 1353 name, cscf->file_name, cscf->line); |
1347 return NGX_ERROR; | 1354 return NGX_ERROR; |