nginx: src/http/modules/ngx_http_ssl

comparison src/http/modules/ngx_http_ssl_module.c @ 8889:61d0fa67b55e quic

Merged with the default branch.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Wed, 03 Nov 2021 11:22:07 +0300
parents	e5a17d6041bd db6b630e6086
children	606bf52888d2

comparison

equal deleted inserted replaced

-:6d1488b62dc5
+:61d0fa67b55e
 #define NGX_DEFAULT_CIPHERS     "HIGH:!aNULL:!MD5"
 #define NGX_DEFAULT_ECDH_CURVE  "auto"
-#define NGX_HTTP_NPN_ADVERTISE  "\x08http/1.1"
+#define NGX_HTTP_ALPN_PROTOS    "\x08http/1.1\x08http/1.0\x08http/0.9"
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 static int ngx_http_ssl_alpn_select(ngx_ssl_conn_t *ssl_conn,
 const unsigned char **out, unsigned char *outlen,
 const unsigned char *in, unsigned int inlen, void *arg);
-#endif
-#ifdef TLSEXT_TYPE_next_proto_neg
-static int ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
-const unsigned char **out, unsigned int *outlen, void *arg);
 #endif
 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
 ngx_http_variable_value_t *v, uintptr_t data);
 static ngx_int_t ngx_http_ssl_variable(ngx_http_request_t *r,
 NGX_HTTP_VAR_CHANGEABLE|NGX_HTTP_VAR_NOCACHEABLE, 0 },
 { ngx_string("ssl_server_name"), NULL, ngx_http_ssl_variable,
 (uintptr_t) ngx_ssl_get_server_name, NGX_HTTP_VAR_CHANGEABLE, 0 },
+{ ngx_string("ssl_alpn_protocol"), NULL, ngx_http_ssl_variable,
+(uintptr_t) ngx_ssl_get_alpn_protocol, NGX_HTTP_VAR_CHANGEABLE, 0 },
 { ngx_string("ssl_client_cert"), NULL, ngx_http_ssl_variable,
 (uintptr_t) ngx_ssl_get_certificate, NGX_HTTP_VAR_CHANGEABLE, 0 },
 { ngx_string("ssl_client_raw_cert"), NULL, ngx_http_ssl_variable,
 (uintptr_t) ngx_ssl_get_raw_certificate,
 hc = c->data;
 #endif
 #if (NGX_HTTP_V2)
 if (hc->addr_conf->http2) {
-srv =
+srv = (unsigned char *) NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS;
-(unsigned char *) NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
+srvlen = sizeof(NGX_HTTP_V2_ALPN_PROTO NGX_HTTP_ALPN_PROTOS) - 1;
-srvlen = sizeof(NGX_HTTP_V2_ALPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
 } else
 #endif
 #if (NGX_HTTP_QUIC)
 if (hc->addr_conf->quic) {
 #if (NGX_HTTP_V3)
 }
 } else
 #endif
 {
-srv = (unsigned char *) NGX_HTTP_NPN_ADVERTISE;
+srv = (unsigned char *) NGX_HTTP_ALPN_PROTOS;
-srvlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
+srvlen = sizeof(NGX_HTTP_ALPN_PROTOS) - 1;
 }
 if (SSL_select_next_proto((unsigned char **) out, outlen, srv, srvlen,
 in, inlen)
 != OPENSSL_NPN_NEGOTIATED)
 {
-return SSL_TLSEXT_ERR_NOACK;
+return SSL_TLSEXT_ERR_ALERT_FATAL;
 }
 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
 "SSL ALPN selected: %*s", (size_t) *outlen, *out);
-return SSL_TLSEXT_ERR_OK;
-}
-#endif
-#ifdef TLSEXT_TYPE_next_proto_neg
-static int
-ngx_http_ssl_npn_advertised(ngx_ssl_conn_t *ssl_conn,
-const unsigned char **out, unsigned int *outlen, void *arg)
-{
-#if (NGX_HTTP_V2 || NGX_DEBUG)
-ngx_connection_t  *c;
-c = ngx_ssl_get_connection(ssl_conn);
-ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "SSL NPN advertised");
-#endif
-#if (NGX_HTTP_V2)
-{
-ngx_http_connection_t  *hc;
-hc = c->data;
-if (hc->addr_conf->http2) {
-*out =
-(unsigned char *) NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE;
-*outlen = sizeof(NGX_HTTP_V2_NPN_ADVERTISE NGX_HTTP_NPN_ADVERTISE) - 1;
-return SSL_TLSEXT_ERR_OK;
-}
-}
-#endif
-*out = (unsigned char *) NGX_HTTP_NPN_ADVERTISE;
-*outlen = sizeof(NGX_HTTP_NPN_ADVERTISE) - 1;
 return SSL_TLSEXT_ERR_OK;
 }
 #endif
 #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
 SSL_CTX_set_alpn_select_cb(conf->ssl.ctx, ngx_http_ssl_alpn_select, NULL);
 #endif
-#ifdef TLSEXT_TYPE_next_proto_neg
-SSL_CTX_set_next_protos_advertised_cb(conf->ssl.ctx,
-ngx_http_ssl_npn_advertised, NULL);
-#endif
 if (ngx_ssl_ciphers(cf, &conf->ssl, &conf->ciphers,
 conf->prefer_server_ciphers)
 != NGX_OK)
 {
 return NGX_CONF_ERROR;

Mercurial > hg > nginx

comparison src/http/modules/ngx_http_ssl_module.c @ 8889:61d0fa67b55e quic