Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 8167:5d91389e0fd3 quic
Initial QUIC support in http.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Fri, 28 Feb 2020 13:09:51 +0300 |
parents | ef7ee19776db |
children | 01dc595de244 |
comparison
equal
deleted
inserted
replaced
8166:7999d3fbb765 | 8167:5d91389e0fd3 |
---|---|
245 { ngx_string("ssl_early_data"), | 245 { ngx_string("ssl_early_data"), |
246 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | 246 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, |
247 ngx_conf_set_flag_slot, | 247 ngx_conf_set_flag_slot, |
248 NGX_HTTP_SRV_CONF_OFFSET, | 248 NGX_HTTP_SRV_CONF_OFFSET, |
249 offsetof(ngx_http_ssl_srv_conf_t, early_data), | 249 offsetof(ngx_http_ssl_srv_conf_t, early_data), |
250 NULL }, | |
251 | |
252 { ngx_string("ssl_quic"), | |
253 NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, | |
254 ngx_conf_set_flag_slot, | |
255 NGX_HTTP_SRV_CONF_OFFSET, | |
256 offsetof(ngx_http_ssl_srv_conf_t, quic), | |
250 NULL }, | 257 NULL }, |
251 | 258 |
252 ngx_null_command | 259 ngx_null_command |
253 }; | 260 }; |
254 | 261 |
566 */ | 573 */ |
567 | 574 |
568 sscf->enable = NGX_CONF_UNSET; | 575 sscf->enable = NGX_CONF_UNSET; |
569 sscf->prefer_server_ciphers = NGX_CONF_UNSET; | 576 sscf->prefer_server_ciphers = NGX_CONF_UNSET; |
570 sscf->early_data = NGX_CONF_UNSET; | 577 sscf->early_data = NGX_CONF_UNSET; |
578 sscf->quic = NGX_CONF_UNSET; | |
571 sscf->buffer_size = NGX_CONF_UNSET_SIZE; | 579 sscf->buffer_size = NGX_CONF_UNSET_SIZE; |
572 sscf->verify = NGX_CONF_UNSET_UINT; | 580 sscf->verify = NGX_CONF_UNSET_UINT; |
573 sscf->verify_depth = NGX_CONF_UNSET_UINT; | 581 sscf->verify_depth = NGX_CONF_UNSET_UINT; |
574 sscf->certificates = NGX_CONF_UNSET_PTR; | 582 sscf->certificates = NGX_CONF_UNSET_PTR; |
575 sscf->certificate_keys = NGX_CONF_UNSET_PTR; | 583 sscf->certificate_keys = NGX_CONF_UNSET_PTR; |
610 ngx_conf_merge_value(conf->prefer_server_ciphers, | 618 ngx_conf_merge_value(conf->prefer_server_ciphers, |
611 prev->prefer_server_ciphers, 0); | 619 prev->prefer_server_ciphers, 0); |
612 | 620 |
613 ngx_conf_merge_value(conf->early_data, prev->early_data, 0); | 621 ngx_conf_merge_value(conf->early_data, prev->early_data, 0); |
614 | 622 |
623 ngx_conf_merge_value(conf->quic, prev->quic, 0); | |
624 | |
615 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, | 625 ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols, |
616 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 | 626 (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1 |
617 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); | 627 |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2)); |
618 | 628 |
619 ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size, | 629 ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size, |
694 + conf->certificates->nelts - 1); | 704 + conf->certificates->nelts - 1); |
695 return NGX_CONF_ERROR; | 705 return NGX_CONF_ERROR; |
696 } | 706 } |
697 } | 707 } |
698 | 708 |
709 printf("ngx_ssl_create\n"); | |
699 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { | 710 if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) { |
700 return NGX_CONF_ERROR; | 711 return NGX_CONF_ERROR; |
701 } | 712 } |
702 | 713 |
703 cln = ngx_pool_cleanup_add(cf->pool, 0); | 714 cln = ngx_pool_cleanup_add(cf->pool, 0); |
852 } | 863 } |
853 | 864 |
854 } | 865 } |
855 | 866 |
856 if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) { | 867 if (ngx_ssl_early_data(cf, &conf->ssl, conf->early_data) != NGX_OK) { |
868 return NGX_CONF_ERROR; | |
869 } | |
870 | |
871 if (ngx_ssl_quic(cf, &conf->ssl, conf->quic) != NGX_OK) { | |
857 return NGX_CONF_ERROR; | 872 return NGX_CONF_ERROR; |
858 } | 873 } |
859 | 874 |
860 return NGX_CONF_OK; | 875 return NGX_CONF_OK; |
861 } | 876 } |
1139 port = cmcf->ports->elts; | 1154 port = cmcf->ports->elts; |
1140 for (p = 0; p < cmcf->ports->nelts; p++) { | 1155 for (p = 0; p < cmcf->ports->nelts; p++) { |
1141 | 1156 |
1142 addr = port[p].addrs.elts; | 1157 addr = port[p].addrs.elts; |
1143 for (a = 0; a < port[p].addrs.nelts; a++) { | 1158 for (a = 0; a < port[p].addrs.nelts; a++) { |
1144 | 1159 printf("ssl %d http3 %d\n", addr[a].opt.ssl, addr[a].opt.http3); |
1145 if (!addr[a].opt.ssl) { | 1160 |
1161 if (!addr[a].opt.ssl && !addr[a].opt.http3) { | |
1146 continue; | 1162 continue; |
1147 } | 1163 } |
1148 | 1164 |
1149 cscf = addr[a].default_server; | 1165 cscf = addr[a].default_server; |
1150 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; | 1166 sscf = cscf->ctx->srv_conf[ngx_http_ssl_module.ctx_index]; |
1167 printf("sscf->protocols %lx\n", sscf->protocols); | |
1151 | 1168 |
1152 if (sscf->certificates == NULL) { | 1169 if (sscf->certificates == NULL) { |
1153 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | 1170 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, |
1154 "no \"ssl_certificate\" is defined for " | 1171 "no \"ssl_certificate\" is defined for " |
1155 "the \"listen ... ssl\" directive in %s:%ui", | 1172 "the \"listen ... ssl\" directive in %s:%ui", |
1156 cscf->file_name, cscf->line); | 1173 cscf->file_name, cscf->line); |
1157 return NGX_ERROR; | 1174 return NGX_ERROR; |
1158 } | 1175 } |
1176 | |
1177 if (addr[a].opt.http3 && !(sscf->protocols & NGX_SSL_TLSv1_3)) { | |
1178 ngx_log_error(NGX_LOG_EMERG, cf->log, 0, | |
1179 "\"ssl_protocols\" did not enable TLSv1.3 for " | |
1180 "the \"listen ... http3\" directive in %s:%ui", | |
1181 cscf->file_name, cscf->line); | |
1182 return NGX_ERROR; | |
1183 } | |
1159 } | 1184 } |
1160 } | 1185 } |
1161 | 1186 |
1162 return NGX_OK; | 1187 return NGX_OK; |
1163 } | 1188 } |