# HG changeset patch # User Sergey Kandaurov # Date 1666268467 -14400 # Node ID 9076a74f12214c06eac65df64999c28c869d9e64 # Parent 41796b6804d95d7e3f965f647a003262108b4862 QUIC: removed compatibility with older BoringSSL API. SSL_CIPHER_get_protocol_id() appeared in BoringSSL somewhere between BORINGSSL_API_VERSION 12 and 13 for compatibility with OpenSSL 1.1.1. It was adopted without a proper macro test, which remained unnoticed. This justifies that such old BoringSSL API isn't widely used and its support can be dropped. While here, removed SSL_set_quic_use_legacy_codepoint() that became useless after the default was flipped in BoringSSL over a year ago. diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -18,7 +18,7 @@ #define NGX_QUIC_MAX_BUFFERED 65535 -#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER +#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len); @@ -40,7 +40,7 @@ static ngx_int_t ngx_quic_crypto_input(n static SSL_QUIC_METHOD quic_method = { -#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER +#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER .set_read_secret = ngx_quic_set_read_secret, .set_write_secret = ngx_quic_set_write_secret, #else @@ -52,7 +52,7 @@ static SSL_QUIC_METHOD quic_method = { }; -#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER +#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, @@ -563,10 +563,6 @@ ngx_quic_init_connection(ngx_connection_ } #endif -#if (BORINGSSL_API_VERSION >= 13 && BORINGSSL_API_VERSION < 15) - SSL_set_quic_use_legacy_codepoint(ssl_conn, 0); -#endif - qsock = ngx_quic_get_socket(c); dcid.data = qsock->sid.id; @@ -602,7 +598,7 @@ ngx_quic_init_connection(ngx_connection_ return NGX_ERROR; } -#if BORINGSSL_API_VERSION >= 11 +#ifdef OPENSSL_IS_BORINGSSL if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "quic SSL_set_quic_early_data_context() failed");