[PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL
Sergey Kandaurov
pluknet at nginx.com
Tue Oct 11 10:35:52 UTC 2022
# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1665484414 -14400
# Tue Oct 11 14:33:34 2022 +0400
# Branch quic
# Node ID c0165ddcb1c6981f8e5230081f03a277f62d20c3
# Parent caced81ce0a9cb218ae8cdd6176c12e0614acee9
QUIC: support for setting QUIC methods with LibreSSL.
Setting QUIC methods is converted to use C99 designated initializers
for simplicity, as LibreSSL 3.6.0 has different SSL_QUIC_METHOD layout.
Additionally, it's stick with set_read_secret/set_write_secret callbacks.
LibreSSL prefers set_encryption_secrets over them but has unexpectedly
incompatible behaviour expressed in passing read and write secrets split
in separate calls, unlike this is documented in old BoringSSL sources.
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -18,7 +18,7 @@
#define NGX_QUIC_MAX_BUFFERED 65535
-#if BORINGSSL_API_VERSION >= 10
+#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
const uint8_t *secret, size_t secret_len);
@@ -40,19 +40,19 @@ static ngx_int_t ngx_quic_crypto_input(n
static SSL_QUIC_METHOD quic_method = {
-#if BORINGSSL_API_VERSION >= 10
- ngx_quic_set_read_secret,
- ngx_quic_set_write_secret,
+#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
+ .set_read_secret = ngx_quic_set_read_secret,
+ .set_write_secret = ngx_quic_set_write_secret,
#else
- ngx_quic_set_encryption_secrets,
+ .set_encryption_secrets = ngx_quic_set_encryption_secrets,
#endif
- ngx_quic_add_handshake_data,
- ngx_quic_flush_flight,
- ngx_quic_send_alert,
+ .add_handshake_data = ngx_quic_add_handshake_data,
+ .flush_flight = ngx_quic_flush_flight,
+ .send_alert = ngx_quic_send_alert,
};
-#if BORINGSSL_API_VERSION >= 10
+#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
static int
ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
More information about the nginx-devel
mailing list