Moved setting QUIC methods to runtime.

This allows listening to both https and http3 in the same server.
Also, the change eliminates the ssl_quic directive.

src/event/ngx_event_openssl.c

@@ -1459,28 +1459,6 @@ ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
 }
 
 
-ngx_int_t
-ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
-{
-    if (!enable) {
-        return NGX_OK;
-    }
-
-#if NGX_OPENSSL_QUIC
-
-    ngx_quic_init_ssl_methods(ssl->ctx);
-    return NGX_OK;
-
-#else
-
-    ngx_log_error(NGX_LOG_WARN, ssl->log, 0,
-                  "\"ssl_quic\" is not supported on this platform");
-    return NGX_ERROR;
-
-#endif
-}
-
-
 ngx_int_t
 ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable)
 {

src/event/ngx_event_openssl.h

@@ -196,7 +196,6 @@ ngx_int_t ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file);
 ngx_int_t ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name);
 ngx_int_t ngx_ssl_early_data(ngx_conf_t *cf, ngx_ssl_t *ssl,
     ngx_uint_t enable);
-ngx_int_t ngx_ssl_quic(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_uint_t enable);
 ngx_int_t ngx_ssl_client_session_cache(ngx_conf_t *cf, ngx_ssl_t *ssl,
     ngx_uint_t enable);
 ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,

src/event/ngx_event_quic.c

@@ -126,13 +126,6 @@ static SSL_QUIC_METHOD quic_method = {
 };
 
 
-void
-ngx_quic_init_ssl_methods(SSL_CTX* ctx)
-{
-    SSL_CTX_set_quic_method(ctx, &quic_method);
-}
-
-
 #if BORINGSSL_API_VERSION >= 10
 
 static int
@@ -410,6 +403,12 @@ ngx_quic_init_connection(ngx_connection_t *c)
 
     ssl_conn = c->ssl->connection;
 
+    if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
+        ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                      "SSL_set_quic_method() failed");
+        return NGX_ERROR;
+    }
+
     if (SSL_set_quic_transport_params(ssl_conn, params, sizeof(params) - 1) == 0) {
         ngx_log_error(NGX_LOG_INFO, c->log, 0,
                       "SSL_set_quic_transport_params() failed");

src/http/modules/ngx_http_ssl_module.c

@@ -249,13 +249,6 @@ static ngx_command_t  ngx_http_ssl_commands[] = {
       offsetof(ngx_http_ssl_srv_conf_t, early_data),
       NULL },
 
-    { ngx_string("ssl_quic"),
-      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG,
-      ngx_conf_set_flag_slot,
-      NGX_HTTP_SRV_CONF_OFFSET,
-      offsetof(ngx_http_ssl_srv_conf_t, quic),
-      NULL },
-
       ngx_null_command
 };
 
@@ -575,7 +568,6 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t *cf)
     sscf->enable = NGX_CONF_UNSET;
     sscf->prefer_server_ciphers = NGX_CONF_UNSET;
     sscf->early_data = NGX_CONF_UNSET;
-    sscf->quic = NGX_CONF_UNSET;
     sscf->buffer_size = NGX_CONF_UNSET_SIZE;
     sscf->verify = NGX_CONF_UNSET_UINT;
     sscf->verify_depth = NGX_CONF_UNSET_UINT;
@@ -620,8 +612,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 
     ngx_conf_merge_value(conf->early_data, prev->early_data, 0);
 
-    ngx_conf_merge_value(conf->quic, prev->quic, 0);
-
     ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
                          (NGX_CONF_BITMASK_SET|NGX_SSL_TLSv1
                           |NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2));
@@ -867,10 +857,6 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
         return NGX_CONF_ERROR;
     }
 
-    if (ngx_ssl_quic(cf, &conf->ssl, conf->quic) != NGX_OK) {
-        return NGX_CONF_ERROR;
-    }
-
     return NGX_CONF_OK;
 }
 

src/http/modules/ngx_http_ssl_module.h

@@ -21,7 +21,6 @@ typedef struct {
 
     ngx_flag_t                      prefer_server_ciphers;
     ngx_flag_t                      early_data;
-    ngx_flag_t                      quic;
 
     ngx_uint_t                      protocols;