Mercurial > hg > nginx

diff src/event/ngx_event_quic.c @ 8422:90b02ff6b003 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Compatibility with BoringSSL master branch. Recently BoringSSL introduced SSL_set_quic_early_data_context() that serves as an additional constrain to enable 0-RTT in QUIC. Relevant changes: * https://boringssl.googlesource.com/boringssl/+/7c52299%5E!/ * https://boringssl.googlesource.com/boringssl/+/8519432%5E!/
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 01 Jun 2020 19:53:13 +0300
parents c206233d9c29
children c70446e3d771
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -1040,6 +1040,7 @@ static ngx_int_t
 ngx_quic_init_connection(ngx_connection_t *c)
 {
     u_char                 *p;
+    size_t                  clen;
     ssize_t                 len;
     ngx_ssl_conn_t         *ssl_conn;
     ngx_quic_connection_t  *qc;
@@ -1064,7 +1065,7 @@ ngx_quic_init_connection(ngx_connection_
     }
 #endif
 
-    len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp);
+    len = ngx_quic_create_transport_params(NULL, NULL, &qc->tp, &clen);
     /* always succeeds */
 
     p = ngx_pnalloc(c->pool, len);
@@ -1072,7 +1073,7 @@ ngx_quic_init_connection(ngx_connection_
         return NGX_ERROR;
     }
 
-    len = ngx_quic_create_transport_params(p, p + len, &qc->tp);
+    len = ngx_quic_create_transport_params(p, p + len, &qc->tp, NULL);
     if (len < 0) {
         return NGX_ERROR;
     }
@@ -1087,6 +1088,14 @@ ngx_quic_init_connection(ngx_connection_
         return NGX_ERROR;
     }
 
+#if NGX_OPENSSL_QUIC_ZRTT_CTX
+    if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "quic SSL_set_quic_early_data_context() failed");
+        return NGX_ERROR;
+    }
+#endif
+
     qc->max_streams = qc->tp.initial_max_streams_bidi;
     qc->state = ssl_encryption_handshake;