[PATCH 4 of 4] QUIC: removed compatibility with older BoringSSL API

Sergey Kandaurov pluknet at nginx.com
Thu Oct 6 22:50:17 UTC 2022


# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1665096357 -14400
#      Fri Oct 07 02:45:57 2022 +0400
# Branch quic
# Node ID 4c1e6c90445c1d65a92ef797eb60e49c01c21441
# Parent  69df425adfc0cddb97629c78d771be285cd36b56
QUIC: removed compatibility with older BoringSSL API.

SSL_CIPHER_get_protocol_id() appeared in BoringSSL somewhere between
BORINGSSL_API_VERSION 12 and 13, and started to be used in nginx QUIC
methods in a4c05aff8ec0 without macro test, which remained unnoticed.
This justifies older BoringSSL API isn't used now and can be dropped.

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -18,7 +18,7 @@
 #define NGX_QUIC_MAX_BUFFERED    65535
 
 
-#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
+#if defined BORINGSSL_API_VERSION || defined LIBRESSL_VERSION_NUMBER
 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
     const uint8_t *secret, size_t secret_len);
@@ -40,7 +40,7 @@ static ngx_int_t ngx_quic_crypto_input(n
 
 
 static SSL_QUIC_METHOD quic_method = {
-#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
+#if defined BORINGSSL_API_VERSION || defined LIBRESSL_VERSION_NUMBER
     .set_read_secret = ngx_quic_set_read_secret,
     .set_write_secret = ngx_quic_set_write_secret,
 #else
@@ -52,7 +52,7 @@ static SSL_QUIC_METHOD quic_method = {
 };
 
 
-#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
+#if defined BORINGSSL_API_VERSION || defined LIBRESSL_VERSION_NUMBER
 
 static int
 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
@@ -602,7 +602,7 @@ ngx_quic_init_connection(ngx_connection_
         return NGX_ERROR;
     }
 
-#if BORINGSSL_API_VERSION >= 11
+#ifdef BORINGSSL_API_VERSION
     if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
         ngx_log_error(NGX_LOG_INFO, c->log, 0,
                       "quic SSL_set_quic_early_data_context() failed");



More information about the nginx-devel mailing list