# HG changeset patch # User Roman Arutyunyan # Date 1584538636 -10800 # Node ID 253cf267f95a6198162d48aa65a95a5dad698d42 # Parent 78540e2160d0aed45b6436034d7474c52c27cdbc Moved setting QUIC methods to runtime. This allows listening to both https and http3 in the same server. Also, the change eliminates the ssl_quic directive. diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1460,28 +1460,6 @@ ngx_ssl_early_data(ngx_conf_t *cf, ngx_s ngx_int_t -ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) -{ - if (!enable) { - return NGX_OK; - } - -#if NGX_OPENSSL_QUIC - - ngx_quic_init_ssl_methods(ssl->ctx); - return NGX_OK; - -#else - - ngx_log_error(NGX_LOG_WARN, ssl->log, 0, - "\"ssl_quic\" is not supported on this platform"); - return NGX_ERROR; - -#endif -} - - -ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable) { if (!enable) { diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -196,7 +196,6 @@ ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name); ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable); -ngx_int_t ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable); ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable); ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx, diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -126,13 +126,6 @@ static SSL_QUIC_METHOD quic_method = { }; -void -ngx_quic_init_ssl_methods(SSL_CTX* ctx) -{ - SSL_CTX_set_quic_method(ctx, &quic_method); -} - - #if BORINGSSL_API_VERSION >= 10 static int @@ -410,6 +403,12 @@ ngx_quic_init_connection(ngx_connection_ ssl_conn = c->ssl->connection; + if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "SSL_set_quic_method() failed"); + return NGX_ERROR; + } + if (SSL_set_quic_transport_params(ssl_conn, params, sizeof(params) - 1) == 0) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "SSL_set_quic_transport_params() failed"); diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c --- a/src/http/modules/ngx_http_ssl_module.c +++ b/src/http/modules/ngx_http_ssl_module.c @@ -249,13 +249,6 @@ static ngx_command_t ngx_http_ssl_comma offsetof(ngx_http_ssl_srv_conf_t, early_data), NULL }, - { ngx_string("ssl_quic"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, - ngx_conf_set_flag_slot, - NGX_HTTP_SRV_CONF_OFFSET, - offsetof(ngx_http_ssl_srv_conf_t, quic), - NULL }, - ngx_null_command }; @@ -575,7 +568,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t sscf->enable = NGX_CONF_UNSET; sscf->prefer_server_ciphers = NGX_CONF_UNSET; sscf->early_data = NGX_CONF_UNSET; - sscf->quic = NGX_CONF_UNSET; sscf->buffer_size = NGX_CONF_UNSET_SIZE; sscf->verify = NGX_CONF_UNSET_UINT; sscf->verify_depth = NGX_CONF_UNSET_UINT; @@ -620,8 +612,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * ngx_conf_merge_value(conf->early_data, prev->early_data, 0); - ngx_conf_merge_value(conf->quic, prev->quic, 0); - ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); @@ -867,10 +857,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * return NGX_CONF_ERROR; } - if (ngx_ssl_quic(cf, &conf->ssl, conf->quic) != NGX_OK) { - return NGX_CONF_ERROR; - } - return NGX_CONF_OK; } diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h --- a/src/http/modules/ngx_http_ssl_module.h +++ b/src/http/modules/ngx_http_ssl_module.h @@ -21,7 +21,6 @@ typedef struct { ngx_flag_t prefer_server_ciphers; ngx_flag_t early_data; - ngx_flag_t quic; ngx_uint_t protocols;