Mercurial > hg > nginx

diff src/http/modules/ngx_http_ssl_module.c @ 9081:c851a2ed5ce8 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
HTTP/3: "quic" parameter of "listen" directive. Now "listen" directve has a new "quic" parameter which enables QUIC protocol for the address. Further, to enable HTTP/3, a new directive "http3" is introduced. The hq-interop protocol is enabled by "http3_hq" as before. Now application protocol is chosen by ALPN. Previously used "http3" parameter of "listen" is deprecated.
author Roman Arutyunyan <arut@nginx.com>
date Mon, 27 Feb 2023 14:00:56 +0400
parents 7da4791e0264
children 5fd628b89bb7
line wrap: on
line diff
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -431,7 +431,7 @@ ngx_http_ssl_alpn_select(ngx_ssl_conn_t 
 #if (NGX_HTTP_V2 || NGX_HTTP_V3)
     ngx_http_connection_t   *hc;
 #endif
-#if (NGX_HTTP_V3 && NGX_HTTP_V3_HQ)
+#if (NGX_HTTP_V3)
     ngx_http_v3_srv_conf_t  *h3scf;
 #endif
 #if (NGX_HTTP_V2 || NGX_HTTP_V3 || NGX_DEBUG)
@@ -459,19 +459,26 @@ ngx_http_ssl_alpn_select(ngx_ssl_conn_t 
     } else
 #endif
 #if (NGX_HTTP_V3)
-    if (hc->addr_conf->http3) {
+    if (hc->addr_conf->quic) {
 
-#if (NGX_HTTP_V3_HQ)
         h3scf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_v3_module);
 
-        if (h3scf->hq) {
+        if (h3scf->enable && h3scf->enable_hq) {
+            srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO
+                                    NGX_HTTP_V3_HQ_ALPN_PROTO;
+            srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO NGX_HTTP_V3_HQ_ALPN_PROTO)
+                     - 1;
+
+        } else if (h3scf->enable_hq) {
             srv = (unsigned char *) NGX_HTTP_V3_HQ_ALPN_PROTO;
             srvlen = sizeof(NGX_HTTP_V3_HQ_ALPN_PROTO) - 1;
-        } else
-#endif
-        {
+
+        } else if (h3scf->enable || hc->addr_conf->http3) {
             srv = (unsigned char *) NGX_HTTP_V3_ALPN_PROTO;
             srvlen = sizeof(NGX_HTTP_V3_ALPN_PROTO) - 1;
+
+        } else {
+            return SSL_TLSEXT_ERR_ALERT_FATAL;
         }
 
     } else
@@ -1317,15 +1324,15 @@ ngx_http_ssl_init(ngx_conf_t *cf)
         addr = port[p].addrs.elts;
         for (a = 0; a < port[p].addrs.nelts; a++) {
 
-            if (!addr[a].opt.ssl && !addr[a].opt.http3) {
+            if (!addr[a].opt.ssl && !addr[a].opt.quic) {
                 continue;
             }
 
             cscf = addr[a].default_server;
             sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index];
 
-            if (addr[a].opt.http3) {
-                name = "http3";
+            if (addr[a].opt.quic) {
+                name = "quic";
 
 #if (NGX_QUIC_OPENSSL_COMPAT)
                 if (ngx_quic_compat_init(cf, sscf->ssl.ctx) != NGX_OK) {
@@ -1339,7 +1346,7 @@ ngx_http_ssl_init(ngx_conf_t *cf)
 
             if (sscf->certificates) {
 
-                if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) {
+                if (addr[a].opt.quic && !(sscf->protocols & NGX_SSL_TLSv1_3)) {
                     ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                                   "\"ssl_protocols\" must enable TLSv1.3 for "
                                   "the \"listen ... %s\" directive in %s:%ui",