]> git.kaiwu.me - nginx.git/commitdiff
QUIC: do not verify the selected ALPN protocol.
authorRoman Arutyunyan <arut@nginx.com>
Fri, 17 Jul 2020 21:08:04 +0000 (00:08 +0300)
committerRoman Arutyunyan <arut@nginx.com>
Fri, 17 Jul 2020 21:08:04 +0000 (00:08 +0300)
The right protocol is selected by the HTTP code.  In the QUIC code only verify
that some protocol was selected and trigger an error otherwise.

src/event/ngx_event_quic.c
src/event/ngx_event_quic.h

index 41d30ca102e6f031cac25a941695fa6732ffe808..6696376748492272c9200f787a37e13a55bbf61c 100644 (file)
@@ -417,9 +417,7 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
 
         SSL_get0_alpn_selected(c->ssl->connection, &data, &len);
 
-        if (len != NGX_QUIC_ALPN_LEN
-            || ngx_strncmp(data, NGX_QUIC_ALPN_STR, NGX_QUIC_ALPN_LEN) != 0)
-        {
+        if (len == 0) {
             qc->error = 0x100 + SSL_AD_NO_APPLICATION_PROTOCOL;
             qc->error_reason = "unsupported protocol in ALPN extension";
 
index 783820a2f88d273890d4adc42d586f437cc3d7b9..99c4604078056f01877154efeafd7678adc36721 100644 (file)
 #endif
 #define NGX_QUIC_VERSION  (0xff000000 + NGX_QUIC_DRAFT_VERSION)
 
-#define NGX_QUIC_ALPN(s)         NGX_QUIC_ALPN_DRAFT(s)
-#define NGX_QUIC_ALPN_DRAFT(s)   "h3-" #s
-#define NGX_QUIC_ALPN_STR        NGX_QUIC_ALPN(NGX_QUIC_DRAFT_VERSION)
-#define NGX_QUIC_ALPN_LEN        (sizeof(NGX_QUIC_ALPN_STR) - 1)
-
 #define NGX_QUIC_MAX_SHORT_HEADER            25 /* 1 flags + 20 dcid + 4 pn */
 #define NGX_QUIC_MAX_LONG_HEADER             56
     /* 1 flags + 4 version + 2 x (1 + 20) s/dcid + 4 pn + 4 len + token len */