[PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL
Sergey Kandaurov
pluknet at nginx.com
Thu Oct 6 22:50:15 UTC 2022
# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1665096324 -14400
# Fri Oct 07 02:45:24 2022 +0400
# Branch quic
# Node ID bca678bec15a7c4cabf256b0fb0931607ea2ae4b
# Parent 7cfc0bc3fb0484d26778b01dc60c88e8a38fb5d3
QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL.
This function is present in QuicTLS only. After SSL_READ_EARLY_DATA_SUCCESS
became visible in LibreSSL together with experimental QUIC API, this required
to revise the conditional compilation test to use more narrow macros.
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -557,7 +557,7 @@ ngx_quic_init_connection(ngx_connection_
return NGX_ERROR;
}
-#ifdef SSL_READ_EARLY_DATA_SUCCESS
+#if (!defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL)
if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
SSL_set_quic_early_data_enabled(ssl_conn, 1);
}
More information about the nginx-devel
mailing list