[PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL
Roman Arutyunyan
arut at nginx.com
Mon Oct 17 11:07:59 UTC 2022
Hi,
On Tue, Oct 11, 2022 at 02:35:51PM +0400, Sergey Kandaurov wrote:
> # HG changeset patch
> # User Sergey Kandaurov <pluknet at nginx.com>
> # Date 1665442922 -14400
> # Tue Oct 11 03:02:02 2022 +0400
> # Branch quic
> # Node ID caced81ce0a9cb218ae8cdd6176c12e0614acee9
> # Parent 82b03006a7bd93c3b5c962a3afac89e0639b0c12
> QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL.
>
> This function is present in QuicTLS only. After SSL_READ_EARLY_DATA_SUCCESS
> became visible in LibreSSL together with experimental QUIC API, this required
> to revise the conditional compilation test to use more narrow macros.
>
> diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
> --- a/src/event/quic/ngx_event_quic_ssl.c
> +++ b/src/event/quic/ngx_event_quic_ssl.c
> @@ -557,7 +557,7 @@ ngx_quic_init_connection(ngx_connection_
> return NGX_ERROR;
> }
>
> -#ifdef SSL_READ_EARLY_DATA_SUCCESS
> +#if (!defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL)
What about the macro OPENSSL_INFO_QUIC? It's only defined in QuicTLS.
> if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
> SSL_set_quic_early_data_enabled(ssl_conn, 1);
> }
--
Roman Arutyunyan
More information about the nginx-devel
mailing list