diff --git a/README b/README index cde316a7d..ec5efa7ac 100644 --- a/README +++ b/README @@ -58,10 +58,9 @@ Experimental QUIC support for nginx Refer to http://nginx.org/en/docs/configure.html for details. When configuring nginx, it's possible to enable QUIC and HTTP/3 - using the following new configuration options: + using the following new configuration option: --with-http_v3_module - enable QUIC and HTTP/3 - --with-stream_quic_module - enable QUIC in Stream A library that provides QUIC support is recommended to build nginx, there are several of those available on the market: @@ -105,9 +104,6 @@ Experimental QUIC support for nginx The HTTP "listen" directive got a new option "quic" which enables QUIC as client transport protocol instead of TCP. - The Stream "listen" directive got a new option "quic" which enables - QUIC as client transport protocol instead of TCP or plain UDP. - Along with "quic", it's also possible to specify "reuseport" option [8] to make it work properly with multiple workers. @@ -148,10 +144,6 @@ Experimental QUIC support for nginx The value of $http3 is "h3" for HTTP/3 connections, "hq" for hq connections, or an empty string otherwise. - In stream, an additional variable is available: $quic. - The value of $quic is "quic" if QUIC connection is used, - or an empty string otherwise. - Example configuration: http { @@ -190,7 +182,7 @@ Example configuration: Syntax: quic_retry on | off; Default: quic_retry off; - Context: http | stream, server + Context: http, server Enables the QUIC Address Validation feature. This includes: - sending a new token in a Retry packet or a NEW_TOKEN frame @@ -199,7 +191,7 @@ Example configuration: Syntax: quic_gso on | off; Default: quic_gso off; - Context: http | stream, server + Context: http, server Enables sending in optimized batch mode using segmentation offloading. Optimized sending is only supported on Linux featuring UDP_SEGMENT. @@ -207,7 +199,7 @@ Example configuration: Syntax: quic_host_key file; Default: - - Context: http | stream, server + Context: http, server Specifies a file with the secret key used to encrypt stateless reset and address validation tokens. By default, a randomly generated key is used. @@ -215,24 +207,12 @@ Example configuration: Syntax: quic_active_connection_id_limit number; Default: quic_active_connection_id_limit 2; - Context: http | stream, server + Context: http, server Sets the QUIC active_connection_id_limit transport parameter value. This is the maximum number of connection IDs we are willing to store. - Syntax: quic_timeout time; - Default: quic_timeout 60s; - Context: stream, server - - Defines a timeout used to negotiate the QUIC idle timeout. - In the http module, it is taken from the keepalive_timeout directive. - - - Syntax: quic_stream_buffer_size size; - Default: quic_stream_buffer_size 64k; - Context: stream, server - Syntax: http3_stream_buffer_size size; Default: http3_stream_buffer_size 64k; Context: http, server diff --git a/auto/modules b/auto/modules index 08a33cacc..76e6531c5 100644 --- a/auto/modules +++ b/auto/modules @@ -1075,20 +1075,6 @@ if [ $STREAM != NO ]; then ngx_module_incs= - if [ $STREAM_QUIC = YES ]; then - USE_OPENSSL_QUIC=YES - have=NGX_STREAM_QUIC . auto/have - STREAM_SSL=YES - - ngx_module_name=ngx_stream_quic_module - ngx_module_deps=src/stream/ngx_stream_quic_module.h - ngx_module_srcs=src/stream/ngx_stream_quic_module.c - ngx_module_libs= - ngx_module_link=$STREAM_QUIC - - . auto/module - fi - if [ $STREAM_SSL = YES ]; then USE_OPENSSL=YES have=NGX_STREAM_SSL . auto/have diff --git a/auto/options b/auto/options index ced563806..552ef837e 100644 --- a/auto/options +++ b/auto/options @@ -119,7 +119,6 @@ MAIL_SMTP=YES STREAM=NO STREAM_SSL=NO -STREAM_QUIC=NO STREAM_REALIP=NO STREAM_LIMIT_CONN=YES STREAM_ACCESS=YES @@ -324,7 +323,6 @@ use the \"--with-mail_ssl_module\" option instead" --with-stream) STREAM=YES ;; --with-stream=dynamic) STREAM=DYNAMIC ;; --with-stream_ssl_module) STREAM_SSL=YES ;; - --with-stream_quic_module) STREAM_QUIC=YES ;; --with-stream_realip_module) STREAM_REALIP=YES ;; --with-stream_geoip_module) STREAM_GEOIP=YES ;; --with-stream_geoip_module=dynamic) @@ -547,7 +545,6 @@ cat << END --with-stream enable TCP/UDP proxy module --with-stream=dynamic enable dynamic TCP/UDP proxy module --with-stream_ssl_module enable ngx_stream_ssl_module - --with-stream_quic_module enable ngx_stream_quic_module --with-stream_realip_module enable ngx_stream_realip_module --with-stream_geoip_module enable ngx_stream_geoip_module --with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module diff --git a/src/stream/ngx_stream.c b/src/stream/ngx_stream.c index 4c41af173..2762786e2 100644 --- a/src/stream/ngx_stream.c +++ b/src/stream/ngx_stream.c @@ -518,22 +518,9 @@ ngx_stream_optimize_servers(ngx_conf_t *cf, ngx_array_t *ports) ls->reuseport = addr[i].opt.reuseport; #endif -#if (NGX_STREAM_QUIC) - - ls->quic = addr[i].opt.quic; - - if (ls->quic) { - ngx_rbtree_init(&ls->rbtree, &ls->sentinel, - ngx_quic_rbtree_insert_value); - } - -#endif - #if !(NGX_WIN32) - if (!ls->quic) { - ngx_rbtree_init(&ls->rbtree, &ls->sentinel, - ngx_udp_rbtree_insert_value); - } + ngx_rbtree_init(&ls->rbtree, &ls->sentinel, + ngx_udp_rbtree_insert_value); #endif stport = ngx_palloc(cf->pool, sizeof(ngx_stream_port_t)); @@ -593,9 +580,6 @@ ngx_stream_add_addrs(ngx_conf_t *cf, ngx_stream_port_t *stport, addrs[i].conf.ctx = addr[i].opt.ctx; #if (NGX_STREAM_SSL) addrs[i].conf.ssl = addr[i].opt.ssl; -#endif -#if (NGX_STREAM_QUIC) - addrs[i].conf.quic = addr[i].opt.quic; #endif addrs[i].conf.proxy_protocol = addr[i].opt.proxy_protocol; addrs[i].conf.addr_text = addr[i].opt.addr_text; @@ -631,9 +615,6 @@ ngx_stream_add_addrs6(ngx_conf_t *cf, ngx_stream_port_t *stport, addrs6[i].conf.ctx = addr[i].opt.ctx; #if (NGX_STREAM_SSL) addrs6[i].conf.ssl = addr[i].opt.ssl; -#endif -#if (NGX_STREAM_QUIC) - addrs6[i].conf.quic = addr[i].opt.quic; #endif addrs6[i].conf.proxy_protocol = addr[i].opt.proxy_protocol; addrs6[i].conf.addr_text = addr[i].opt.addr_text; diff --git a/src/stream/ngx_stream.h b/src/stream/ngx_stream.h index 8cc95a3ab..46c362296 100644 --- a/src/stream/ngx_stream.h +++ b/src/stream/ngx_stream.h @@ -16,10 +16,6 @@ #include #endif -#if (NGX_STREAM_QUIC) -#include -#endif - typedef struct ngx_stream_session_s ngx_stream_session_t; @@ -55,7 +51,6 @@ typedef struct { unsigned bind:1; unsigned wildcard:1; unsigned ssl:1; - unsigned quic:1; #if (NGX_HAVE_INET6) unsigned ipv6only:1; #endif @@ -81,7 +76,6 @@ typedef struct { ngx_stream_conf_ctx_t *ctx; ngx_str_t addr_text; unsigned ssl:1; - unsigned quic:1; unsigned proxy_protocol:1; } ngx_stream_addr_conf_t; diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c index 9be1a71cd..f0b79341d 100644 --- a/src/stream/ngx_stream_core_module.c +++ b/src/stream/ngx_stream_core_module.c @@ -760,29 +760,6 @@ ngx_stream_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) #endif } - if (ngx_strcmp(value[i].data, "quic") == 0) { -#if (NGX_STREAM_QUIC) - ngx_stream_ssl_conf_t *sslcf; - - sslcf = ngx_stream_conf_get_module_srv_conf(cf, - ngx_stream_ssl_module); - - sslcf->listen = 1; - sslcf->file = cf->conf_file->file.name.data; - sslcf->line = cf->conf_file->line; - - ls->quic = 1; - ls->type = SOCK_DGRAM; - - continue; -#else - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "the \"quic\" parameter requires " - "ngx_stream_quic_module"); - return NGX_CONF_ERROR; -#endif - } - if (ngx_strncmp(value[i].data, "so_keepalive=", 13) == 0) { if (ngx_strcmp(&value[i].data[13], "on") == 0) { @@ -894,12 +871,6 @@ ngx_stream_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) } #endif -#if (NGX_STREAM_SSL && NGX_STREAM_QUIC) - if (ls->ssl && ls->quic) { - return "\"ssl\" parameter is incompatible with \"quic\""; - } -#endif - if (ls->so_keepalive) { return "\"so_keepalive\" parameter is incompatible with \"udp\""; } diff --git a/src/stream/ngx_stream_handler.c b/src/stream/ngx_stream_handler.c index 3b95bf812..669b6a18d 100644 --- a/src/stream/ngx_stream_handler.c +++ b/src/stream/ngx_stream_handler.c @@ -129,10 +129,6 @@ ngx_stream_init_connection(ngx_connection_t *c) s->ssl = addr_conf->ssl; #endif -#if (NGX_STREAM_QUIC) - s->ssl |= addr_conf->quic; -#endif - if (c->buffer) { s->received += c->buffer->last - c->buffer->pos; } @@ -177,21 +173,6 @@ ngx_stream_init_connection(ngx_connection_t *c) s->start_sec = tp->sec; s->start_msec = tp->msec; -#if (NGX_STREAM_QUIC) - - if (addr_conf->quic) { - ngx_quic_conf_t *qcf; - - if (c->quic == NULL) { - qcf = ngx_stream_get_module_srv_conf(addr_conf->ctx, - ngx_stream_quic_module); - ngx_quic_run(c, qcf); - return; - } - } - -#endif - rev = c->read; rev->handler = ngx_stream_session_handler; diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c index 20b1adce3..ed275c009 100644 --- a/src/stream/ngx_stream_proxy_module.c +++ b/src/stream/ngx_stream_proxy_module.c @@ -1772,21 +1772,6 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream, if (dst->type == SOCK_STREAM && pscf->half_close && src->read->eof && !u->half_closed && !dst->buffered) { - -#if (NGX_STREAM_QUIC) - if (dst->quic) { - - if (ngx_quic_shutdown_stream(dst, NGX_WRITE_SHUTDOWN) - != NGX_OK) - { - ngx_stream_proxy_finalize(s, - NGX_STREAM_INTERNAL_SERVER_ERROR); - return; - } - - } else -#endif - if (ngx_shutdown_socket(dst->fd, NGX_WRITE_SHUTDOWN) == -1) { ngx_connection_error(c, ngx_socket_errno, ngx_shutdown_socket_n " failed"); diff --git a/src/stream/ngx_stream_quic_module.c b/src/stream/ngx_stream_quic_module.c deleted file mode 100644 index 42f5fe060..000000000 --- a/src/stream/ngx_stream_quic_module.c +++ /dev/null @@ -1,343 +0,0 @@ - -/* - * Copyright (C) Nginx, Inc. - * Copyright (C) Roman Arutyunyan - */ - - -#include -#include -#include - - -static ngx_int_t ngx_stream_variable_quic(ngx_stream_session_t *s, - ngx_stream_variable_value_t *v, uintptr_t data); -static ngx_int_t ngx_stream_quic_add_variables(ngx_conf_t *cf); -static void *ngx_stream_quic_create_srv_conf(ngx_conf_t *cf); -static char *ngx_stream_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, - void *child); -static char *ngx_stream_quic_host_key(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf); - - -static ngx_command_t ngx_stream_quic_commands[] = { - - { ngx_string("quic_timeout"), - NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, - ngx_conf_set_msec_slot, - NGX_STREAM_SRV_CONF_OFFSET, - offsetof(ngx_quic_conf_t, timeout), - NULL }, - - { ngx_string("quic_stream_buffer_size"), - NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, - ngx_conf_set_size_slot, - NGX_STREAM_SRV_CONF_OFFSET, - offsetof(ngx_quic_conf_t, stream_buffer_size), - NULL }, - - { ngx_string("quic_retry"), - NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, - ngx_conf_set_flag_slot, - NGX_STREAM_SRV_CONF_OFFSET, - offsetof(ngx_quic_conf_t, retry), - NULL }, - - { ngx_string("quic_gso"), - NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, - ngx_conf_set_flag_slot, - NGX_STREAM_SRV_CONF_OFFSET, - offsetof(ngx_quic_conf_t, gso_enabled), - NULL }, - - { ngx_string("quic_host_key"), - NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG, - ngx_stream_quic_host_key, - NGX_STREAM_SRV_CONF_OFFSET, - 0, - NULL }, - - { ngx_string("quic_active_connection_id_limit"), - NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1, - ngx_conf_set_num_slot, - NGX_STREAM_SRV_CONF_OFFSET, - offsetof(ngx_quic_conf_t, active_connection_id_limit), - NULL }, - - ngx_null_command -}; - - -static ngx_stream_module_t ngx_stream_quic_module_ctx = { - ngx_stream_quic_add_variables, /* preconfiguration */ - NULL, /* postconfiguration */ - - NULL, /* create main configuration */ - NULL, /* init main configuration */ - - ngx_stream_quic_create_srv_conf, /* create server configuration */ - ngx_stream_quic_merge_srv_conf, /* merge server configuration */ -}; - - -ngx_module_t ngx_stream_quic_module = { - NGX_MODULE_V1, - &ngx_stream_quic_module_ctx, /* module context */ - ngx_stream_quic_commands, /* module directives */ - NGX_STREAM_MODULE, /* module type */ - NULL, /* init master */ - NULL, /* init module */ - NULL, /* init process */ - NULL, /* init thread */ - NULL, /* exit thread */ - NULL, /* exit process */ - NULL, /* exit master */ - NGX_MODULE_V1_PADDING -}; - - -static ngx_stream_variable_t ngx_stream_quic_vars[] = { - - { ngx_string("quic"), NULL, ngx_stream_variable_quic, 0, 0, 0 }, - - ngx_stream_null_variable -}; - -static ngx_str_t ngx_stream_quic_salt = ngx_string("ngx_quic"); - - -static ngx_int_t -ngx_stream_variable_quic(ngx_stream_session_t *s, - ngx_stream_variable_value_t *v, uintptr_t data) -{ - if (s->connection->quic) { - - v->len = 4; - v->valid = 1; - v->no_cacheable = 1; - v->not_found = 0; - v->data = (u_char *) "quic"; - return NGX_OK; - } - - v->not_found = 1; - - return NGX_OK; -} - - -static ngx_int_t -ngx_stream_quic_add_variables(ngx_conf_t *cf) -{ - ngx_stream_variable_t *var, *v; - - for (v = ngx_stream_quic_vars; v->name.len; v++) { - var = ngx_stream_add_variable(cf, &v->name, v->flags); - if (var == NULL) { - return NGX_ERROR; - } - - var->get_handler = v->get_handler; - var->data = v->data; - } - - return NGX_OK; -} - - -static void * -ngx_stream_quic_create_srv_conf(ngx_conf_t *cf) -{ - ngx_quic_conf_t *conf; - - conf = ngx_pcalloc(cf->pool, sizeof(ngx_quic_conf_t)); - if (conf == NULL) { - return NULL; - } - - /* - * set by ngx_pcalloc(): - * - * conf->host_key = { 0, NULL } - * conf->stream_close_code = 0; - * conf->stream_reject_code_uni = 0; - * conf->stream_reject_code_bidi= 0; - */ - - conf->timeout = NGX_CONF_UNSET_MSEC; - conf->stream_buffer_size = NGX_CONF_UNSET_SIZE; - conf->max_concurrent_streams_bidi = NGX_CONF_UNSET_UINT; - conf->max_concurrent_streams_uni = NGX_CONF_UNSET_UINT; - - conf->retry = NGX_CONF_UNSET; - conf->gso_enabled = NGX_CONF_UNSET; - - conf->active_connection_id_limit = NGX_CONF_UNSET_UINT; - - return conf; -} - - -static char * -ngx_stream_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) -{ - ngx_quic_conf_t *prev = parent; - ngx_quic_conf_t *conf = child; - - ngx_stream_ssl_conf_t *scf; - - ngx_conf_merge_msec_value(conf->timeout, prev->timeout, 60000); - - ngx_conf_merge_size_value(conf->stream_buffer_size, - prev->stream_buffer_size, - 65536); - - ngx_conf_merge_uint_value(conf->max_concurrent_streams_bidi, - prev->max_concurrent_streams_bidi, 16); - - ngx_conf_merge_uint_value(conf->max_concurrent_streams_uni, - prev->max_concurrent_streams_uni, 3); - - ngx_conf_merge_value(conf->retry, prev->retry, 0); - ngx_conf_merge_value(conf->gso_enabled, prev->gso_enabled, 0); - - ngx_conf_merge_str_value(conf->host_key, prev->host_key, ""); - - ngx_conf_merge_uint_value(conf->active_connection_id_limit, - conf->active_connection_id_limit, - 2); - - if (conf->host_key.len == 0) { - - conf->host_key.len = NGX_QUIC_DEFAULT_HOST_KEY_LEN; - conf->host_key.data = ngx_palloc(cf->pool, conf->host_key.len); - if (conf->host_key.data == NULL) { - return NGX_CONF_ERROR; - } - - if (RAND_bytes(conf->host_key.data, NGX_QUIC_DEFAULT_HOST_KEY_LEN) - <= 0) - { - return NGX_CONF_ERROR; - } - } - - if (ngx_quic_derive_key(cf->log, "av_token_key", - &conf->host_key, &ngx_stream_quic_salt, - conf->av_token_key, NGX_QUIC_AV_KEY_LEN) - != NGX_OK) - { - return NGX_CONF_ERROR; - } - - if (ngx_quic_derive_key(cf->log, "sr_token_key", - &conf->host_key, &ngx_stream_quic_salt, - conf->sr_token_key, NGX_QUIC_SR_KEY_LEN) - != NGX_OK) - { - return NGX_CONF_ERROR; - } - - scf = ngx_stream_conf_get_module_srv_conf(cf, ngx_stream_ssl_module); - conf->ssl = &scf->ssl; - - return NGX_CONF_OK; -} - - -static char * -ngx_stream_quic_host_key(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) -{ - ngx_quic_conf_t *qcf = conf; - - u_char *buf; - size_t size; - ssize_t n; - ngx_str_t *value; - ngx_file_t file; - ngx_file_info_t fi; - - if (qcf->host_key.len) { - return "is duplicate"; - } - - buf = NULL; -#if (NGX_SUPPRESS_WARN) - size = 0; -#endif - - value = cf->args->elts; - - if (ngx_conf_full_name(cf->cycle, &value[1], 1) != NGX_OK) { - return NGX_CONF_ERROR; - } - - ngx_memzero(&file, sizeof(ngx_file_t)); - file.name = value[1]; - file.log = cf->log; - - file.fd = ngx_open_file(file.name.data, NGX_FILE_RDONLY, NGX_FILE_OPEN, 0); - - if (file.fd == NGX_INVALID_FILE) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, ngx_errno, - ngx_open_file_n " \"%V\" failed", &file.name); - return NGX_CONF_ERROR; - } - - if (ngx_fd_info(file.fd, &fi) == NGX_FILE_ERROR) { - ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno, - ngx_fd_info_n " \"%V\" failed", &file.name); - goto failed; - } - - size = ngx_file_size(&fi); - - if (size == 0) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "\"%V\" zero key size", &file.name); - goto failed; - } - - buf = ngx_pnalloc(cf->pool, size); - if (buf == NULL) { - goto failed; - } - - n = ngx_read_file(&file, buf, size, 0); - - if (n == NGX_ERROR) { - ngx_conf_log_error(NGX_LOG_CRIT, cf, ngx_errno, - ngx_read_file_n " \"%V\" failed", &file.name); - goto failed; - } - - if ((size_t) n != size) { - ngx_conf_log_error(NGX_LOG_CRIT, cf, 0, - ngx_read_file_n " \"%V\" returned only " - "%z bytes instead of %uz", &file.name, n, size); - goto failed; - } - - qcf->host_key.data = buf; - qcf->host_key.len = n; - - if (ngx_close_file(file.fd) == NGX_FILE_ERROR) { - ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, - ngx_close_file_n " \"%V\" failed", &file.name); - } - - return NGX_CONF_OK; - -failed: - - if (ngx_close_file(file.fd) == NGX_FILE_ERROR) { - ngx_log_error(NGX_LOG_ALERT, cf->log, ngx_errno, - ngx_close_file_n " \"%V\" failed", &file.name); - } - - if (buf) { - ngx_explicit_memzero(buf, size); - } - - return NGX_CONF_ERROR; -} diff --git a/src/stream/ngx_stream_quic_module.h b/src/stream/ngx_stream_quic_module.h deleted file mode 100644 index 6ac4d96f0..000000000 --- a/src/stream/ngx_stream_quic_module.h +++ /dev/null @@ -1,20 +0,0 @@ - -/* - * Copyright (C) Roman Arutyunyan - * Copyright (C) Nginx, Inc. - */ - - -#ifndef _NGX_STREAM_QUIC_H_INCLUDED_ -#define _NGX_STREAM_QUIC_H_INCLUDED_ - - -#include -#include -#include - - -extern ngx_module_t ngx_stream_quic_module; - - -#endif /* _NGX_STREAM_QUIC_H_INCLUDED_ */ diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c index 288d9e9d2..1ba1825ce 100644 --- a/src/stream/ngx_stream_ssl_module.c +++ b/src/stream/ngx_stream_ssl_module.c @@ -9,10 +9,6 @@ #include #include -#if (NGX_QUIC_OPENSSL_COMPAT) -#include -#endif - typedef ngx_int_t (*ngx_ssl_variable_handler_pt)(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s); @@ -1199,10 +1195,7 @@ ngx_stream_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data) static ngx_int_t ngx_stream_ssl_init(ngx_conf_t *cf) { - ngx_uint_t i; - ngx_stream_listen_t *listen; ngx_stream_handler_pt *h; - ngx_stream_ssl_conf_t *scf; ngx_stream_core_main_conf_t *cmcf; cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module); @@ -1214,29 +1207,5 @@ ngx_stream_ssl_init(ngx_conf_t *cf) *h = ngx_stream_ssl_handler; - listen = cmcf->listen.elts; - - for (i = 0; i < cmcf->listen.nelts; i++) { - if (!listen[i].quic) { - continue; - } - - scf = listen[i].ctx->srv_conf[ngx_stream_ssl_module.ctx_index]; - -#if (NGX_QUIC_OPENSSL_COMPAT) - if (ngx_quic_compat_init(cf, scf->ssl.ctx) != NGX_OK) { - return NGX_ERROR; - } -#endif - - if (scf->certificates && !(scf->protocols & NGX_SSL_TLSv1_3)) { - ngx_log_error(NGX_LOG_EMERG, cf->log, 0, - "\"ssl_protocols\" must enable TLSv1.3 for " - "the \"listen ... quic\" directive in %s:%ui", - scf->file, scf->line); - return NGX_ERROR; - } - } - return NGX_OK; } diff --git a/src/stream/ngx_stream_write_filter_module.c b/src/stream/ngx_stream_write_filter_module.c index d8a72f966..07dc7b52e 100644 --- a/src/stream/ngx_stream_write_filter_module.c +++ b/src/stream/ngx_stream_write_filter_module.c @@ -277,12 +277,7 @@ ngx_stream_write_filter(ngx_stream_session_t *s, ngx_chain_t *in, *out = chain; if (chain) { - if (c->shared -#if (NGX_STREAM_QUIC) - && c->quic == NULL -#endif - ) - { + if (c->shared) { ngx_log_error(NGX_LOG_ALERT, c->log, 0, "shared connection is busy"); return NGX_ERROR;