Welcome! Log In Create A New Profile

Re: [PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL

Forum List Message List New Topic Print View

Sergey Kandaurov

October 17, 2022 10:06AM

> On 17 Oct 2022, at 15:07, Roman Arutyunyan <arut@nginx.com> wrote:
>
> Hi,
>
> On Tue, Oct 11, 2022 at 02:35:51PM +0400, Sergey Kandaurov wrote:
>> # HG changeset patch
>> # User Sergey Kandaurov <pluknet@nginx.com>
>> # Date 1665442922 -14400
>> # Tue Oct 11 03:02:02 2022 +0400
>> # Branch quic
>> # Node ID caced81ce0a9cb218ae8cdd6176c12e0614acee9
>> # Parent 82b03006a7bd93c3b5c962a3afac89e0639b0c12
>> QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL.
>>
>> This function is present in QuicTLS only. After SSL_READ_EARLY_DATA_SUCCESS
>> became visible in LibreSSL together with experimental QUIC API, this required
>> to revise the conditional compilation test to use more narrow macros.
>>
>> diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
>> --- a/src/event/quic/ngx_event_quic_ssl.c
>> +++ b/src/event/quic/ngx_event_quic_ssl.c
>> @@ -557,7 +557,7 @@ ngx_quic_init_connection(ngx_connection_
>> return NGX_ERROR;
>> }
>>
>> -#ifdef SSL_READ_EARLY_DATA_SUCCESS
>> +#if (!defined LIBRESSL_VERSION_NUMBER && !defined OPENSSL_IS_BORINGSSL)
>
> What about the macro OPENSSL_INFO_QUIC? It's only defined in QuicTLS.
>
>> if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
>> SSL_set_quic_early_data_enabled(ssl_conn, 1);
>> }

I wonder how long will it take to use this macro in the upstream OpenSSL.
Given that QuicTLS may be considered as something interim,
I think it should be ok for now.
And it respects the no-quic QuicTLS build option.

Together with the adjusted log summary:

QUIC: using SSL_set_quic_early_data_enabled() only with QuicTLS.

This function is present in QuicTLS only. After SSL_READ_EARLY_DATA_SUCCESS
became visible in LibreSSL together with experimental QUIC API, this required
to revise the conditional compilation test to use more narrow macros.

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -557,7 +557,7 @@ ngx_quic_init_connection(ngx_connection_
return NGX_ERROR;
}

-#ifdef SSL_READ_EARLY_DATA_SUCCESS
+#ifdef OPENSSL_INFO_QUIC
if (SSL_CTX_get_max_early_data(qc->conf->ssl->ctx)) {
SSL_set_quic_early_data_enabled(ssl_conn, 1);
}

--
Sergey Kandaurov

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH 0 of 4] quic libressl support	Sergey Kandaurov	735	October 06, 2022 06:54PM
[PATCH 4 of 4] QUIC: removed compatibility with older BoringSSL API	Sergey Kandaurov	159	October 06, 2022 06:54PM
[PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	134	October 06, 2022 06:54PM
[PATCH 1 of 4] QUIC: using native TLSv1.3 cipher suite constants	Sergey Kandaurov	163	October 06, 2022 06:54PM
[PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Sergey Kandaurov	175	October 06, 2022 06:54PM
[PATCH 0 of 4] quic libressl support #2	Sergey Kandaurov	147	October 11, 2022 06:44AM
[PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Sergey Kandaurov	121	October 11, 2022 06:44AM
Re: [PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Roman Arutyunyan	107	October 17, 2022 07:10AM
Re: [PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Sergey Kandaurov	105	October 17, 2022 10:06AM
Re: [PATCH 2 of 4] QUIC: do not use SSL_set_quic_early_data_enabled() with LibreSSL	Roman Arutyunyan	136	October 18, 2022 07:48AM
[PATCH 1 of 4] QUIC: using native TLSv1.3 cipher suite constants	Sergey Kandaurov	124	October 11, 2022 06:44AM
[PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	133	October 11, 2022 06:44AM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Roman Arutyunyan	143	October 17, 2022 09:32AM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	145	October 17, 2022 10:28AM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Maxim Dounin	120	October 20, 2022 08:12PM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	111	November 15, 2022 07:30AM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Maxim Dounin	103	November 17, 2022 11:00PM
Re: [PATCH 3 of 4] QUIC: support for setting QUIC methods with LibreSSL	Sergey Kandaurov	115	November 21, 2022 06:28AM
[PATCH 4 of 4] QUIC: removed compatibility with older BoringSSL API	Sergey Kandaurov	202	October 11, 2022 06:44AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 244

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018