nginx.git/auto/lib/openssl/conf, branch tunnel nginx QUIC: using QUIC API introduced in OpenSSL 3.5. 2025-05-23T11:00:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-02-13T13:00:56+00:00 6a134dfd4888fc3850d22294687cfb3940994c69 Similarly to the QUIC API originated in BoringSSL, this API allows to register custom TLS callbacks for an external QUIC implementation. See the SSL_set_quic_tls_cbs manual page for details. Due to a different approach used in OpenSSL 3.5, handling of CRYPTO frames was streamlined to always write an incoming CRYPTO buffer to the crypto context. Using SSL_provide_quic_data(), this results in transient allocation of chain links and buffers for CRYPTO frames received in order. Testing didn't reveal performance degradation of QUIC handshakes, https://github.com/nginx/nginx/pull/646 provides specific results. 
Similarly to the QUIC API originated in BoringSSL, this API allows
to register custom TLS callbacks for an external QUIC implementation.
See the SSL_set_quic_tls_cbs manual page for details.

Due to a different approach used in OpenSSL 3.5, handling of CRYPTO
frames was streamlined to always write an incoming CRYPTO buffer to
the crypto context.  Using SSL_provide_quic_data(), this results in
transient allocation of chain links and buffers for CRYPTO frames
received in order.  Testing didn't reveal performance degradation of
QUIC handshakes, https://github.com/nginx/nginx/pull/646 provides
specific results.
QUIC: defined SSL API macros in a single place. 2025-05-23T11:00:47+00:00 Sergey Kandaurov pluknet@nginx.com 2025-05-20T23:54:45+00:00 e561f7dbcfc27f5f648e5151de0796e691cbc1b0 All definitions now set in ngx_event_quic.h, this includes moving NGX_QUIC_OPENSSL_COMPAT from autotests to compile time. Further, to improve code readability, a new NGX_QUIC_QUICTLS_API macro is used for QuicTLS that provides old BoringSSL QUIC API. 
All definitions now set in ngx_event_quic.h, this includes moving
NGX_QUIC_OPENSSL_COMPAT from autotests to compile time.  Further,
to improve code readability, a new NGX_QUIC_QUICTLS_API macro is
used for QuicTLS that provides old BoringSSL QUIC API.
Configure: added support for Homebrew on Apple Silicon. 2024-02-26T20:00:43+00:00 Piotr Sikora piotr@aviatrix.com 2024-02-26T20:00:43+00:00 2deded362ee052564e7359d53c81973c16b18e72 Signed-off-by: Piotr Sikora <piotr@aviatrix.com> 
Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
SSL: avoid using OpenSSL config in build directory (ticket #2404). 2023-06-20T22:29:53+00:00 Maxim Dounin mdounin@mdounin.ru 2023-06-20T22:29:53+00:00 bdea5b703ff6f6fcf98ac8dd4e1e9e5c9ad05017 With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx is asked to build OpenSSL itself. And with this macro automatic loading of OpenSSL configuration (from the build directory) is prevented unless the OPENSSL_CONF environment variable is explicitly set. Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a (fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350). If nginx is used to compile these OpenSSL versions, configuring nginx with NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround. 
With this change, the NGX_OPENSSL_NO_CONFIG macro is defined when nginx
is asked to build OpenSSL itself.  And with this macro automatic loading
of OpenSSL configuration (from the build directory) is prevented unless
the OPENSSL_CONF environment variable is explicitly set.

Note that not loading configuration is broken in OpenSSL 1.1.1 and 1.1.1a
(fixed in OpenSSL 1.1.1b, see https://github.com/openssl/openssl/issues/7350).
If nginx is used to compile these OpenSSL versions, configuring nginx with
NGX_OPENSSL_NO_CONFIG explicitly set to 0 might be used as a workaround.
QUIC: OpenSSL compatibility layer. 2023-02-22T15:16:53+00:00 Roman Arutyunyan arut@nginx.com 2023-02-22T15:16:53+00:00 a36ebf7e95baebf445b0973bd270bc009b0b0e9a The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API. This implementation does not support 0-RTT. 
The change allows to compile QUIC with OpenSSL which lacks BoringSSL QUIC API.

This implementation does not support 0-RTT.
Configure: fixed QUIC support test. 2021-09-27T07:10:38+00:00 Ruslan Ermilov ru@nginx.com 2021-09-27T07:10:38+00:00 f2859767d4218e60f8ac3adbac6123c8a1f68279 OpenSSL library QUIC support cannot be tested at configure time when using the --with-openssl option so assume it's present if requested. While here, fixed the error message in case QUIC support is missing. 
OpenSSL library QUIC support cannot be tested at configure time when
using the --with-openssl option so assume it's present if requested.
While here, fixed the error message in case QUIC support is missing.
Configure: check for QUIC 0-RTT support at compile time. 2021-09-27T07:10:37+00:00 Ruslan Ermilov ru@nginx.com 2021-09-27T07:10:37+00:00 8ce1c2c7e9abc90a63ad74df5ad4cc7c37b24c87 






Configure: simplified condition.
2021-09-21T11:46:17+00:00

Ruslan Ermilov
ru@nginx.com

2021-09-21T11:46:17+00:00

3321ca0c833c88ef4870f3abb8870beb622e2171












Removed NGX_OPENSSL_QUIC macro, NGX_QUIC is enough.
2021-09-14T09:09:13+00:00

Ruslan Ermilov
ru@nginx.com

2021-09-14T09:09:13+00:00

bd89c448b7e7beb15409e2abe2f174a36a7a0823












Changed the OpenSSL QUIC support detection.
2021-09-09T12:34:00+00:00

Ruslan Ermilov
ru@nginx.com

2021-09-09T12:34:00+00:00

7a45071cb6a460c999a3ad5f978f8cfd5d792cdb

As was changed in 253cf267f95a.





As was changed in 253cf267f95a.