[PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL

Sergey Kandaurov pluknet at nginx.com
Tue Oct 11 10:35:52 UTC 2022 

# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1665484414 -14400
#      Tue Oct 11 14:33:34 2022 +0400
# Branch quic
# Node ID c0165ddcb1c6981f8e5230081f03a277f62d20c3
# Parent  caced81ce0a9cb218ae8cdd6176c12e0614acee9
QUIC: support for setting QUIC methods with LibreSSL.

Setting QUIC methods is converted to use C99 designated initializers
for simplicity, as LibreSSL 3.6.0 has different SSL_QUIC_METHOD layout.

Additionally, it's stick with set_read_secret/set_write_secret callbacks.
LibreSSL prefers set_encryption_secrets over them but has unexpectedly
incompatible behaviour expressed in passing read and write secrets split
in separate calls, unlike this is documented in old BoringSSL sources.

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -18,7 +18,7 @@
 #define NGX_QUIC_MAX_BUFFERED    65535
 
 
-#if BORINGSSL_API_VERSION >= 10
+#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
     const uint8_t *secret, size_t secret_len);
@@ -40,19 +40,19 @@ static ngx_int_t ngx_quic_crypto_input(n
 
 
 static SSL_QUIC_METHOD quic_method = {
-#if BORINGSSL_API_VERSION >= 10
-    ngx_quic_set_read_secret,
-    ngx_quic_set_write_secret,
+#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
+    .set_read_secret = ngx_quic_set_read_secret,
+    .set_write_secret = ngx_quic_set_write_secret,
 #else
-    ngx_quic_set_encryption_secrets,
+    .set_encryption_secrets = ngx_quic_set_encryption_secrets,
 #endif
-    ngx_quic_add_handshake_data,
-    ngx_quic_flush_flight,
-    ngx_quic_send_alert,
+    .add_handshake_data = ngx_quic_add_handshake_data,
+    .flush_flight = ngx_quic_flush_flight,
+    .send_alert = ngx_quic_send_alert,
 };
 
 
-#if BORINGSSL_API_VERSION >= 10
+#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
 
 static int
 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,

More information about the nginx-devel mailing list