Mercurial > hg > nginx-quic
view src/core/ngx_bpf.h @ 8717:e06283038ec8 quic
QUIC: clear SSL_OP_ENABLE_MIDDLEBOX_COMPAT on SSL context switch.
The SSL_OP_ENABLE_MIDDLEBOX_COMPAT option is provided by QuicTLS and enabled
by default in the newly created SSL contexts. SSL_set_quic_method() is used
to clear it, which is required for SSL handshake to work on QUIC connections.
Switching context in the ngx_http_ssl_servername() SNI callback overrides SSL
options from the new SSL context. This results in the option set again.
Fix is to explicitly clear it when switching to another SSL context.
Initially reported here (in Russian):
http://mailman.nginx.org/pipermail/nginx-ru/2021-November/063989.html
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 07 Dec 2021 15:49:51 +0300 |
| parents | d3747ba486e7 |
| children |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. */ #ifndef _NGX_BPF_H_INCLUDED_ #define _NGX_BPF_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <linux/bpf.h> typedef struct { char *name; int offset; } ngx_bpf_reloc_t; typedef struct { char *license; enum bpf_prog_type type; struct bpf_insn *ins; size_t nins; ngx_bpf_reloc_t *relocs; size_t nrelocs; } ngx_bpf_program_t; void ngx_bpf_program_link(ngx_bpf_program_t *program, const char *symbol, int fd); int ngx_bpf_load_program(ngx_log_t *log, ngx_bpf_program_t *program); int ngx_bpf_map_create(ngx_log_t *log, enum bpf_map_type type, int key_size, int value_size, int max_entries, uint32_t map_flags); int ngx_bpf_map_update(int fd, const void *key, const void *value, uint64_t flags); int ngx_bpf_map_delete(int fd, const void *key); int ngx_bpf_map_lookup(int fd, const void *key, void *value); #endif /* _NGX_BPF_H_INCLUDED_ */