[PATCH 4 of 4] QUIC: removed compatibility with older BoringSSL API

Sergey Kandaurov pluknet at nginx.com
Tue Oct 11 10:35:53 UTC 2022 

# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1665484416 -14400
#      Tue Oct 11 14:33:36 2022 +0400
# Branch quic
# Node ID a75c44ea9902d86a9e88262c3634e34d86374ae4
# Parent  c0165ddcb1c6981f8e5230081f03a277f62d20c3
QUIC: removed compatibility with older BoringSSL API.

SSL_CIPHER_get_protocol_id() appeared in BoringSSL somewhere between
BORINGSSL_API_VERSION 12 and 13 for compatibility with OpenSSL 1.1.1.
It was adopted without a proper macro test, which remained unnoticed.
This justifies that such old BoringSSL API isn't widely used and its
support can be dropped.

While here, removed SSL_set_quic_use_legacy_codepoint() that became
useless after the default was flipped in BoringSSL over a year ago.

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -18,7 +18,7 @@
 #define NGX_QUIC_MAX_BUFFERED    65535
 
 
-#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
+#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER
 static int ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
     enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
     const uint8_t *secret, size_t secret_len);
@@ -40,7 +40,7 @@ static ngx_int_t ngx_quic_crypto_input(n
 
 
 static SSL_QUIC_METHOD quic_method = {
-#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
+#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER
     .set_read_secret = ngx_quic_set_read_secret,
     .set_write_secret = ngx_quic_set_write_secret,
 #else
@@ -52,7 +52,7 @@ static SSL_QUIC_METHOD quic_method = {
 };
 
 
-#if BORINGSSL_API_VERSION >= 10 || defined LIBRESSL_VERSION_NUMBER
+#if defined OPENSSL_IS_BORINGSSL || defined LIBRESSL_VERSION_NUMBER
 
 static int
 ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
@@ -563,10 +563,6 @@ ngx_quic_init_connection(ngx_connection_
     }
 #endif
 
-#if (BORINGSSL_API_VERSION >= 13 && BORINGSSL_API_VERSION < 15)
-    SSL_set_quic_use_legacy_codepoint(ssl_conn, 0);
-#endif
-
     qsock = ngx_quic_get_socket(c);
 
     dcid.data = qsock->sid.id;
@@ -602,7 +598,7 @@ ngx_quic_init_connection(ngx_connection_
         return NGX_ERROR;
     }
 
-#if BORINGSSL_API_VERSION >= 11
+#ifdef OPENSSL_IS_BORINGSSL
     if (SSL_set_quic_early_data_context(ssl_conn, p, clen) == 0) {
         ngx_log_error(NGX_LOG_INFO, c->log, 0,
                       "quic SSL_set_quic_early_data_context() failed");

More information about the nginx-devel mailing list