# HG changeset patch # User Vladimir Homutov # Date 1601535875 -10800 # Node ID bed310672f39b8c5e5c7eed897029e1bdcfa80af # Parent b31c0245453928d6212cc472f257b8b1e2c824df QUIC: moved ssl configuration pointer to quic configuration. The ssl configuration is obtained at config time and saved for future use. diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c --- a/src/event/ngx_event_quic.c +++ b/src/event/ngx_event_quic.c @@ -120,8 +120,6 @@ struct ngx_quic_connection_s { ngx_quic_conf_t *conf; - ngx_ssl_t *ssl; - ngx_event_t push; ngx_event_t pto; ngx_event_t close; @@ -193,7 +191,7 @@ static int ngx_quic_send_alert(ngx_ssl_c static ngx_quic_connection_t *ngx_quic_new_connection(ngx_connection_t *c, - ngx_ssl_t *ssl, ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); + ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); static ngx_int_t ngx_quic_send_stateless_reset(ngx_connection_t *c, ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); static ngx_int_t ngx_quic_process_stateless_reset(ngx_connection_t *c, @@ -217,8 +215,8 @@ static ngx_int_t ngx_quic_close_streams( ngx_quic_connection_t *qc); static ngx_int_t ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, - ngx_ssl_t *ssl, ngx_quic_conf_t *conf); -static ngx_int_t ngx_quic_process_packet(ngx_connection_t *c, ngx_ssl_t *ssl, + ngx_quic_conf_t *conf); +static ngx_int_t ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf, ngx_quic_header_t *pkt); static ngx_int_t ngx_quic_init_secrets(ngx_connection_t *c); static void ngx_quic_discard_ctx(ngx_connection_t *c, @@ -639,7 +637,7 @@ ngx_quic_send_alert(ngx_ssl_conn_t *ssl_ void -ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_conf_t *conf) +ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf) { ngx_int_t rc; @@ -647,7 +645,7 @@ ngx_quic_run(ngx_connection_t *c, ngx_ss c->log->action = "QUIC initialization"; - rc = ngx_quic_input(c, c->buffer, ssl, conf); + rc = ngx_quic_input(c, c->buffer, conf); if (rc != NGX_OK) { ngx_quic_close_connection(c, rc == NGX_DECLINED ? NGX_DONE : NGX_ERROR); return; @@ -663,8 +661,8 @@ ngx_quic_run(ngx_connection_t *c, ngx_ss static ngx_quic_connection_t * -ngx_quic_new_connection(ngx_connection_t *c, ngx_ssl_t *ssl, - ngx_quic_conf_t *conf, ngx_quic_header_t *pkt) +ngx_quic_new_connection(ngx_connection_t *c, ngx_quic_conf_t *conf, + ngx_quic_header_t *pkt) { ngx_uint_t i; ngx_quic_tp_t *ctp; @@ -718,7 +716,6 @@ ngx_quic_new_connection(ngx_connection_t qc->push.handler = ngx_quic_push_handler; qc->push.cancelable = 1; - qc->ssl = ssl; qc->conf = conf; qc->tp = conf->tp; @@ -1211,7 +1208,7 @@ ngx_quic_init_connection(ngx_connection_ qc = c->quic; - if (ngx_ssl_create_connection(qc->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { + if (ngx_ssl_create_connection(qc->conf->ssl, c, NGX_SSL_BUFFER) != NGX_OK) { return NGX_ERROR; } @@ -1345,7 +1342,7 @@ ngx_quic_input_handler(ngx_event_t *rev) b.last += n; qc->received += n; - rc = ngx_quic_input(c, &b, NULL, NULL); + rc = ngx_quic_input(c, &b, NULL); if (rc == NGX_ERROR) { ngx_quic_close_connection(c, NGX_ERROR); @@ -1609,8 +1606,7 @@ ngx_quic_close_streams(ngx_connection_t static ngx_int_t -ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_ssl_t *ssl, - ngx_quic_conf_t *conf) +ngx_quic_input(ngx_connection_t *c, ngx_buf_t *b, ngx_quic_conf_t *conf) { u_char *p; ngx_int_t rc; @@ -1632,7 +1628,7 @@ ngx_quic_input(ngx_connection_t *c, ngx_ pkt.flags = p[0]; pkt.raw->pos++; - rc = ngx_quic_process_packet(c, ssl, conf, &pkt); + rc = ngx_quic_process_packet(c, conf, &pkt); if (rc == NGX_ERROR) { return NGX_ERROR; @@ -1677,8 +1673,8 @@ ngx_quic_input(ngx_connection_t *c, ngx_ static ngx_int_t -ngx_quic_process_packet(ngx_connection_t *c, ngx_ssl_t *ssl, - ngx_quic_conf_t *conf, ngx_quic_header_t *pkt) +ngx_quic_process_packet(ngx_connection_t *c, ngx_quic_conf_t *conf, + ngx_quic_header_t *pkt) { ngx_int_t rc; ngx_ssl_conn_t *ssl_conn; @@ -1771,7 +1767,7 @@ ngx_quic_process_packet(ngx_connection_t return NGX_ERROR; } - qc = ngx_quic_new_connection(c, ssl, conf, pkt); + qc = ngx_quic_new_connection(c, conf, pkt); if (qc == NULL) { return NGX_ERROR; } diff --git a/src/event/ngx_event_quic.h b/src/event/ngx_event_quic.h --- a/src/event/ngx_event_quic.h +++ b/src/event/ngx_event_quic.h @@ -86,6 +86,7 @@ typedef struct { typedef struct { + ngx_ssl_t *ssl; ngx_quic_tp_t tp; ngx_flag_t retry; ngx_flag_t require_alpn; @@ -114,7 +115,7 @@ struct ngx_quic_stream_s { }; -void ngx_quic_run(ngx_connection_t *c, ngx_ssl_t *ssl, ngx_quic_conf_t *conf); +void ngx_quic_run(ngx_connection_t *c, ngx_quic_conf_t *conf); ngx_connection_t *ngx_quic_open_stream(ngx_connection_t *c, ngx_uint_t bidi); void ngx_quic_finalize_connection(ngx_connection_t *c, ngx_uint_t err, const char *reason); diff --git a/src/http/modules/ngx_http_quic_module.c b/src/http/modules/ngx_http_quic_module.c --- a/src/http/modules/ngx_http_quic_module.c +++ b/src/http/modules/ngx_http_quic_module.c @@ -262,6 +262,8 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t ngx_quic_conf_t *prev = parent; ngx_quic_conf_t *conf = child; + ngx_http_ssl_srv_conf_t *sscf; + ngx_conf_merge_msec_value(conf->tp.max_idle_timeout, prev->tp.max_idle_timeout, 60000); @@ -315,6 +317,9 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); + sscf = ngx_http_conf_get_module_srv_conf(cf, ngx_http_ssl_module); + conf->ssl = &sscf->ssl; + return NGX_CONF_OK; } diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -307,7 +307,6 @@ ngx_http_init_connection(ngx_connection_ if (hc->addr_conf->quic) { ngx_quic_conf_t *qcf; ngx_http_connection_t *phc; - ngx_http_ssl_srv_conf_t *sscf; ngx_http_core_loc_conf_t *clcf; hc->ssl = 1; @@ -336,10 +335,7 @@ ngx_http_init_connection(ngx_connection_ qcf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_quic_module); - sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, - ngx_http_ssl_module); - - ngx_quic_run(c, &sscf->ssl, qcf); + ngx_quic_run(c, qcf); return; } diff --git a/src/stream/ngx_stream_handler.c b/src/stream/ngx_stream_handler.c --- a/src/stream/ngx_stream_handler.c +++ b/src/stream/ngx_stream_handler.c @@ -118,18 +118,14 @@ ngx_stream_init_connection(ngx_connectio #if (NGX_STREAM_QUIC) if (addr_conf->quic) { - ngx_quic_conf_t *qcf; - ngx_stream_ssl_conf_t *scf; + ngx_quic_conf_t *qcf; if (c->qs == NULL) { c->log->connection = c->number; qcf = ngx_stream_get_module_srv_conf(addr_conf->ctx, ngx_stream_quic_module); - scf = ngx_stream_get_module_srv_conf(addr_conf->ctx, - ngx_stream_ssl_module); - - ngx_quic_run(c, &scf->ssl, qcf); + ngx_quic_run(c, qcf); return; } } diff --git a/src/stream/ngx_stream_quic_module.c b/src/stream/ngx_stream_quic_module.c --- a/src/stream/ngx_stream_quic_module.c +++ b/src/stream/ngx_stream_quic_module.c @@ -28,7 +28,7 @@ static ngx_conf_post_t ngx_stream_quic_ { ngx_stream_quic_max_udp_payload_size }; static ngx_conf_num_bounds_t ngx_stream_quic_ack_delay_exponent_bounds = { ngx_conf_check_num_bounds, 0, 20 }; -static ngx_conf_num_bounds_t +static ngx_conf_num_bounds_t ngx_stream_quic_active_connection_id_limit_bounds = { ngx_conf_check_num_bounds, 2, -1 }; @@ -251,6 +251,8 @@ ngx_stream_quic_merge_srv_conf(ngx_conf_ ngx_quic_conf_t *prev = parent; ngx_quic_conf_t *conf = child; + ngx_stream_ssl_conf_t *scf; + ngx_conf_merge_msec_value(conf->tp.max_idle_timeout, prev->tp.max_idle_timeout, 60000); @@ -302,6 +304,9 @@ ngx_stream_quic_merge_srv_conf(ngx_conf_ } } + scf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_ssl_module); + conf->ssl = &scf->ssl; + return NGX_CONF_OK; }