Mercurial > hg > nginx-quic

diff src/event/ngx_event_openssl.c @ 8812:7c2adf237091 quic
Merged with the default branch.
author: Sergey Kandaurov <pluknet@nginx.com>
date: Tue, 25 Jan 2022 23:42:48 +0300
parents: eaf356a35f5d e30f7dc7f143
children: ce6d9cf0f567
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1383,6 +1383,9 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_
     if (SSL_CTX_set0_tmp_dh_pkey(ssl->ctx, dh) != 1) {
         ngx_ssl_error(NGX_LOG_EMERG, ssl->log, 0,
                       "SSL_CTX_set0_tmp_dh_pkey(\%s\") failed", file->data);
+#if (OPENSSL_VERSION_NUMBER >= 0x3000001fL)
+        EVP_PKEY_free(dh);
+#endif
         BIO_free(bio);
         return NGX_ERROR;
     }
@@ -4455,7 +4458,21 @@ ngx_ssl_session_ticket_key_callback(ngx_
             return -1;
         }
 
-        return (i == 0) ? 1 : 2 /* renew */;
+        /* renew if TLSv1.3 */
+
+#ifdef TLS1_3_VERSION
+        if (SSL_version(ssl_conn) == TLS1_3_VERSION) {
+            return 2;
+        }
+#endif
+
+        /* renew if non-default key */
+
+        if (i != 0) {
+            return 2;
+        }
+
+        return 1;
     }
 }
author	Sergey Kandaurov <pluknet@nginx.com>
date	Tue, 25 Jan 2022 23:42:48 +0300
parents	eaf356a35f5d e30f7dc7f143
children	ce6d9cf0f567