# HG changeset patch # User Sergey Kandaurov # Date 1669125935 -14400 # Node ID 8c0bccdf27435c97dfca10bcd501417ea31c73df # Parent a6cc246654f8c9ae5ede6cd39cfef299ff13df24 QUIC: avoid using C99 designated initializers. They are not supported by MSVC till 2012. SSL_QUIC_METHOD initialization is moved to run-time to preserve portability among SSL library implementations, which allows to reduce its visibility. Note using of a static storage to keep SSL_set_quic_method() reference valid. diff --git a/src/event/quic/ngx_event_quic_protection.c b/src/event/quic/ngx_event_quic_protection.c --- a/src/event/quic/ngx_event_quic_protection.c +++ b/src/event/quic/ngx_event_quic_protection.c @@ -147,6 +147,7 @@ ngx_quic_keys_set_initial_secret(ngx_qui { size_t is_len; uint8_t is[SHA256_DIGEST_LENGTH]; + ngx_str_t iss; ngx_uint_t i; const EVP_MD *digest; ngx_quic_hkdf_t seq[8]; @@ -176,10 +177,8 @@ ngx_quic_keys_set_initial_secret(ngx_qui return NGX_ERROR; } - ngx_str_t iss = { - .data = is, - .len = is_len - }; + iss.len = is_len; + iss.data = is; ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, "quic ngx_quic_set_initial_secret"); diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -39,19 +39,6 @@ static int ngx_quic_send_alert(ngx_ssl_c static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); -static SSL_QUIC_METHOD quic_method = { -#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER - .set_read_secret = ngx_quic_set_read_secret, - .set_write_secret = ngx_quic_set_write_secret, -#else - .set_encryption_secrets = ngx_quic_set_encryption_secrets, -#endif - .add_handshake_data = ngx_quic_add_handshake_data, - .flush_flight = ngx_quic_flush_flight, - .send_alert = ngx_quic_send_alert, -}; - - #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER static int @@ -533,13 +520,14 @@ ngx_quic_crypto_input(ngx_connection_t * ngx_int_t ngx_quic_init_connection(ngx_connection_t *c) { - u_char *p; - size_t clen; - ssize_t len; - ngx_str_t dcid; - ngx_ssl_conn_t *ssl_conn; - ngx_quic_socket_t *qsock; - ngx_quic_connection_t *qc; + u_char *p; + size_t clen; + ssize_t len; + ngx_str_t dcid; + ngx_ssl_conn_t *ssl_conn; + ngx_quic_socket_t *qsock; + ngx_quic_connection_t *qc; + static SSL_QUIC_METHOD quic_method; qc = ngx_quic_get_connection(c); @@ -551,6 +539,18 @@ ngx_quic_init_connection(ngx_connection_ ssl_conn = c->ssl->connection; + if (!quic_method.send_alert) { +#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER + quic_method.set_read_secret = ngx_quic_set_read_secret; + quic_method.set_write_secret = ngx_quic_set_write_secret; +#else + quic_method.set_encryption_secrets = ngx_quic_set_encryption_secrets; +#endif + quic_method.add_handshake_data = ngx_quic_add_handshake_data; + quic_method.flush_flight = ngx_quic_flush_flight; + quic_method.send_alert = ngx_quic_send_alert; + } + if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic SSL_set_quic_method() failed");