IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

QUIC: removed compatibility with older BoringSSL API.

Browse Source 
SSL_CIPHER_get_protocol_id() appeared in BoringSSL somewhere between
BORINGSSL_API_VERSION 12 and 13 for compatibility with OpenSSL 1.1.1.
It was adopted without a proper macro test, which remained unnoticed.
This justifies that such old BoringSSL API isn't widely used and its
support can be dropped.

While here, removed SSL_set_quic_use_legacy_codepoint() that became
useless after the default was flipped in BoringSSL over a year ago.
This commit is contained in:
Sergey Kandaurov 2022-10-20 16:21:07 +04:00
parent ce65faea95
commit 34500dcac3
1 changed files with 4 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/event/quic/ngx_event_quic_ssl.c
View File

@ -18,7 +18,7 @@
#define NGX_QUIC_MAX_BUFFERED 65535 #define NGX_QUIC_MAX_BUFFERED 65535
#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER
static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher, enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
const uint8_t *secret, size_t secret_len); const uint8_t *secret, size_t secret_len);
@ -40,7 +40,7 @@ static ngx_int_t ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data);
static SSL_QUIC_METHOD quic_method = { static SSL_QUIC_METHOD quic_method = {
#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER
.set_read_secret = ngx_quic_set_read_secret, .set_read_secret = ngx_quic_set_read_secret,
.set_write_secret = ngx_quic_set_write_secret, .set_write_secret = ngx_quic_set_write_secret,
#else #else
@ -52,7 +52,7 @@ static SSL_QUIC_METHOD quic_method = {
}; };
#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER #if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER
static int static int
ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
@ -563,10 +563,6 @@ ngx_quic_init_connection(ngx_connection_t *c)
} }
#endif #endif
#if (BORINGSSL_API_VERSION >= 13 && BORINGSSL_API_VERSION < 15)
SSL_set_quic_use_legacy_codepoint(ssl_conn, 0);
#endif
qsock = ngx_quic_get_socket(c); qsock = ngx_quic_get_socket(c);
dcid.data = qsock->sid.id; dcid.data = qsock->sid.id;
@ -602,7 +598,7 @@ ngx_quic_init_connection(ngx_connection_t *c)
return NGX_ERROR; return NGX_ERROR;
} }
#if BORINGSSL_API_VERSION >= 11 #ifdef OPENSSL_IS_BORINGSSL
if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) { if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
ngx_log_error(NGX_LOG_INFO, c->log, 0, ngx_log_error(NGX_LOG_INFO, c->log, 0,
"quic SSL_set_quic_early_data_context() failed"); "quic SSL_set_quic_early_data_context() failed");