Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 8870:a550d4fa3581 quic
Stream: detect "listen .. quic" without TLSv1.3.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 29 Sep 2021 15:01:56 +0300 |
parents | 419c066cb710 |
children | 61d0fa67b55e |
comparison
equal
deleted
inserted
replaced
8869:e5a17d6041bd | 8870:a550d4fa3581 |
---|---|
1068 | 1068 |
1069 | 1069 |
1070 static ngx_int_t | 1070 static ngx_int_t |
1071 ngx_stream_ssl_init(ngx_conf_t *cf) | 1071 ngx_stream_ssl_init(ngx_conf_t *cf) |
1072 { | 1072 { |
1073 ngx_uint_t i; | |
1074 ngx_stream_listen_t *listen; | |
1073 ngx_stream_handler_pt *h; | 1075 ngx_stream_handler_pt *h; |
1076 ngx_stream_ssl_conf_t *scf; | |
1074 ngx_stream_core_main_conf_t *cmcf; | 1077 ngx_stream_core_main_conf_t *cmcf; |
1075 | 1078 |
1076 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module); | 1079 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module); |
1077 | 1080 |
1078 h = ngx_array_push(&cmcf->phases[NGX_STREAM_SSL_PHASE].handlers); | 1081 h = ngx_array_push(&cmcf->phases[NGX_STREAM_SSL_PHASE].handlers); |
1080 return NGX_ERROR; | 1083 return NGX_ERROR; |
1081 } | 1084 } |
1082 | 1085 |
1083 *h = ngx_stream_ssl_handler; | 1086 *h = ngx_stream_ssl_handler; |
1084 | 1087 |
1088 listen = cmcf->listen.elts; | |
1089 | |
1090 for (i = 0; i < cmcf->listen.nelts; i++) { | |
1091 if (!listen[i].quic) { | |
1092 continue; | |
1093 } | |
1094 | |
1095 scf = listen[i].ctx->srv_conf[ngx_stream_ssl_module.ctx_index]; | |
1096 | |
1097 if (scf->certificates && !(scf->protocols & NGX_SSL_TLSv1_3)) { | |
1098 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
1099 "\"ssl_protocols\" must enable TLSv1.3 for " | |
1100 "the \"listen ... quic\" directive in %s:%ui", | |
1101 scf->file, scf->line); | |
1102 return NGX_ERROR; | |
1103 } | |
1104 } | |
1105 | |
1085 return NGX_OK; | 1106 return NGX_OK; |
1086 } | 1107 } |