Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_ssl.c @ 9033:9076a74f1221 quic
QUIC: removed compatibility with older BoringSSL API.
SSL_CIPHER_get_protocol_id() appeared in BoringSSL somewhere between
BORINGSSL_API_VERSION 12 and 13 for compatibility with OpenSSL 1.1.1.
It was adopted without a proper macro test, which remained unnoticed.
This justifies that such old BoringSSL API isn't widely used and its
support can be dropped.
While here, removed SSL_set_quic_use_legacy_codepoint() that became
useless after the default was flipped in BoringSSL over a year ago.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 20 Oct 2022 16:21:07 +0400 |
| parents | 41796b6804d9 |
| children | 8c0bccdf2743 |
comparison
equal
deleted
inserted
replaced
| 9032:41796b6804d9 | 9033:9076a74f1221 |
|---|---|
| 16 * Implementations MUST support buffering at least 4096 bytes of data | 16 * Implementations MUST support buffering at least 4096 bytes of data |
| 17 */ | 17 */ |
| 18 #define NGX_QUIC_MAX_BUFFERED 65535 | 18 #define NGX_QUIC_MAX_BUFFERED 65535 |
| 19 | 19 |
| 20 | 20 |
| 21 #if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER | 21 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER |
| 22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, | 22 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
| 23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 23 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
| 24 const uint8_t *secret, size_t secret_len); | 24 const uint8_t *secret, size_t secret_len); |
| 25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, | 25 static int ngx_quic_set_write_secret(ngx_ssl_conn_t *ssl_conn, |
| 26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 26 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
| 38 enum ssl_encryption_level_t level, uint8_t alert); | 38 enum ssl_encryption_level_t level, uint8_t alert); |
| 39 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); | 39 static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data); |
| 40 | 40 |
| 41 | 41 |
| 42 static SSL_QUIC_METHOD quic_method = { | 42 static SSL_QUIC_METHOD quic_method = { |
| 43 #if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER | 43 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER |
| 44 .set_read_secret = ngx_quic_set_read_secret, | 44 .set_read_secret = ngx_quic_set_read_secret, |
| 45 .set_write_secret = ngx_quic_set_write_secret, | 45 .set_write_secret = ngx_quic_set_write_secret, |
| 46 #else | 46 #else |
| 47 .set_encryption_secrets = ngx_quic_set_encryption_secrets, | 47 .set_encryption_secrets = ngx_quic_set_encryption_secrets, |
| 48 #endif | 48 #endif |
| 50 .flush_flight = ngx_quic_flush_flight, | 50 .flush_flight = ngx_quic_flush_flight, |
| 51 .send_alert = ngx_quic_send_alert, | 51 .send_alert = ngx_quic_send_alert, |
| 52 }; | 52 }; |
| 53 | 53 |
| 54 | 54 |
| 55 #if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER | 55 #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER |
| 56 | 56 |
| 57 static int | 57 static int |
| 58 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, | 58 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, |
| 59 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, | 59 enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, |
| 60 const uint8_t *rsecret, size_t secret_len) | 60 const uint8_t *rsecret, size_t secret_len) |
| 561 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { | 561 if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) { |
| 562 SSL_set_quic_early_data_enabled(ssl_conn, 1); | 562 SSL_set_quic_early_data_enabled(ssl_conn, 1); |
| 563 } | 563 } |
| 564 #endif | 564 #endif |
| 565 | 565 |
| 566 #if (BORINGSSL_API_VERSION >= 13 && BORINGSSL_API_VERSION < 15) | |
| 567 SSL_set_quic_use_legacy_codepoint(ssl_conn, 0); | |
| 568 #endif | |
| 569 | |
| 570 qsock = ngx_quic_get_socket(c); | 566 qsock = ngx_quic_get_socket(c); |
| 571 | 567 |
| 572 dcid.data = qsock->sid.id; | 568 dcid.data = qsock->sid.id; |
| 573 dcid.len = qsock->sid.len; | 569 dcid.len = qsock->sid.len; |
| 574 | 570 |
| 600 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 596 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 601 "quic SSL_set_quic_transport_params() failed"); | 597 "quic SSL_set_quic_transport_params() failed"); |
| 602 return NGX_ERROR; | 598 return NGX_ERROR; |
| 603 } | 599 } |
| 604 | 600 |
| 605 #if BORINGSSL_API_VERSION >= 11 | 601 #ifdef OPENSSL_IS_BORINGSSL |
| 606 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { | 602 if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { |
| 607 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 603 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 608 "quic SSL_set_quic_early_data_context() failed"); | 604 "quic SSL_set_quic_early_data_context() failed"); |
| 609 return NGX_ERROR; | 605 return NGX_ERROR; |
| 610 } | 606 } |