# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1584985714 -10800
# Node ID 7f0981be07c456a5a1108da2ea71bf184d0c0845
# Parent  8e54a17dabeef03616bb6e4942bb15260d58e5c2
Fixed client certificate verification.

For ngx_http_process_request() part to work, this required to set both
r->http_connection->ssl and c->ssl on a QUIC stream.  To avoid damaging
global SSL object, ngx_ssl_shutdown() is managed to ignore QUIC streams.

diff -r 8e54a17dabee -r 7f0981be07c4 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c	Mon Mar 23 21:20:20 2020 +0300
+++ b/src/event/ngx_event_openssl.c	Mon Mar 23 20:48:34 2020 +0300
@@ -2735,6 +2735,11 @@
     int        n, sslerr, mode;
     ngx_err_t  err;
 
+    if (c->qs) {
+        /* QUIC streams inherit SSL object */
+        return NGX_OK;
+    }
+
     if (SSL_in_init(c->ssl->connection)) {
         /*
          * OpenSSL 1.0.2f complains if SSL_shutdown() is called during
diff -r 8e54a17dabee -r 7f0981be07c4 src/event/ngx_event_quic.c
--- a/src/event/ngx_event_quic.c	Mon Mar 23 21:20:20 2020 +0300
+++ b/src/event/ngx_event_quic.c	Mon Mar 23 20:48:34 2020 +0300
@@ -1470,6 +1470,7 @@
     sn->c->sockaddr = c->sockaddr;
     sn->c->local_sockaddr = c->local_sockaddr;
     sn->c->addr_text = c->addr_text;
+    sn->c->ssl = c->ssl;
 
     rev = sn->c->read;
     wev = sn->c->write;
diff -r 8e54a17dabee -r 7f0981be07c4 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c	Mon Mar 23 21:20:20 2020 +0300
+++ b/src/http/ngx_http_request.c	Mon Mar 23 20:48:34 2020 +0300
@@ -225,6 +225,7 @@
     if (c->type == SOCK_DGRAM) {
         hc = ngx_pcalloc(c->pool, sizeof(ngx_http_v3_connection_t));
         hc->quic = 1;
+        hc->ssl = 1;
 
     } else
 #endif