Moved setting QUIC methods to runtime.

This allows listening to both https and http3 in the same server. Also, the change eliminates the ssl_quic directive.
author: Roman Arutyunyan <arut@nginx.com> 2020-03-18 16:37:16 +0300
committer: Roman Arutyunyan <arut@nginx.com> 2020-03-18 16:37:16 +0300
commit: 5aa8e519c9fecc00b3a74781716ceb66609c5661 (patch)
tree: 428b068b5e7fda6f9ffe67fd3fc93d549642b744 /src
parent: 50f919cec4a81d8c37d754e0be72283c92954800 (diff)
download: nginx-5aa8e519c9fecc00b3a74781716ceb66609c5661.tar.gz
nginx-5aa8e519c9fecc00b3a74781716ceb66609c5661.tar.bz2
5 files changed, 6 insertions, 45 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index eac1981a2..91b415caa 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1460,28 +1460,6 @@ ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
 
 
 ngx_int_t
-ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
-{
-    if (!enable) {
-        return NGX_OK;
-    }
-
-#if NGX_OPENSSL_QUIC
-
-    ngx_quic_init_ssl_methods(ssl->ctx);
-    return NGX_OK;
-
-#else
-
-    ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
-                  "\"ssl_quic\" is not supported on this platform");
-    return NGX_ERROR;
-
-#endif
-}
-
-
-ngx_int_t
 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
 {
     if (!enable) {
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 620a216ef..bd90e47fe 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -196,7 +196,6 @@ ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
 ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl,
     ngx_uint_t enable);
-ngx_int_t ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable);
 ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl,
     ngx_uint_t enable);
 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index 7f732ba8b..b77ae0f0c 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -126,13 +126,6 @@ static SSL_QUIC_METHOD quic_method = {
 };
 
 
-void
-ngx_quic_init_ssl_methods(SSL_CTX* ctx)
-{
-    SSL_CTX_set_quic_method(ctx, &quic_method);
-}
-
-
 #if BORINGSSL_API_VERSION >= 10
 
 static int
@@ -410,6 +403,12 @@ ngx_quic_init_connection(ngx_connection_t *c)
 
     ssl_conn = c->ssl->connection;
 
+    if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "SSL_set_quic_method() failed");
+        return NGX_ERROR;
+    }
+
     if (SSL_set_quic_transport_params(ssl_conn, params, sizeof(params) - 1) == 0) {
         ngx_log_error(NGX_LOG_INFO, c->log, 0,
                       "SSL_set_quic_transport_params() failed");
diff --git a/src/http/modules/ngx_http_ssl_module.c b/src/http/modules/ngx_http_ssl_module.c
index 8640c2211..4b480a006 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -249,13 +249,6 @@ static ngx_command_t  ngx_http_ssl_commands[] = {
       offsetof(ngx_http_ssl_srv_conf_t, early_data),
       NULL },
 
-    { ngx_string("ssl_quic"),
-      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
-      ngx_conf_set_flag_slot,
-      NGX_HTTP_SRV_CONF_OFFSET,
-      offsetof(ngx_http_ssl_srv_conf_t, quic),
-      NULL },
-
       ngx_null_command
 };
 
@@ -575,7 +568,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
     sscf->enable = NGX_CONF_UNSET;
     sscf->prefer_server_ciphers = NGX_CONF_UNSET;
     sscf->early_data = NGX_CONF_UNSET;
-    sscf->quic = NGX_CONF_UNSET;
     sscf->buffer_size = NGX_CONF_UNSET_SIZE;
     sscf->verify = NGX_CONF_UNSET_UINT;
     sscf->verify_depth = NGX_CONF_UNSET_UINT;
@@ -620,8 +612,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 
     ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
 
-    ngx_conf_merge_value(conf->quic, prev->quic, 0);
-
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
                          (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
                           |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
@@ -867,10 +857,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
         return NGX_CONF_ERROR;
     }
 
-    if (ngx_ssl_quic(cf, &conf->ssl, conf->quic) != NGX_OK) {
-        return NGX_CONF_ERROR;
-    }
-
     return NGX_CONF_OK;
 }
 
diff --git a/src/http/modules/ngx_http_ssl_module.h b/src/http/modules/ngx_http_ssl_module.h
index 310d7c737..26fdccfe4 100644
--- a/src/http/modules/ngx_http_ssl_module.h
+++ b/src/http/modules/ngx_http_ssl_module.h
@@ -21,7 +21,6 @@ typedef struct {
 
     ngx_flag_t                      prefer_server_ciphers;
     ngx_flag_t                      early_data;
-    ngx_flag_t                      quic;
 
     ngx_uint_t                      protocols;
author	Roman Arutyunyan <arut@nginx.com>	2020-03-18 16:37:16 +0300
committer	Roman Arutyunyan <arut@nginx.com>	2020-03-18 16:37:16 +0300
commit	5aa8e519c9fecc00b3a74781716ceb66609c5661 (patch)
tree	428b068b5e7fda6f9ffe67fd3fc93d549642b744 /src
parent	50f919cec4a81d8c37d754e0be72283c92954800 (diff)
download	nginx-5aa8e519c9fecc00b3a74781716ceb66609c5661.tar.gz nginx-5aa8e519c9fecc00b3a74781716ceb66609c5661.tar.bz2