mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-25 22:56:59 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Stream: detect "listen .. quic" without TLSv1.3.

Browse Source
This commit is contained in:
Sergey Kandaurov 2021-09-29 15:01:56 +03:00
parent 2765b63216
commit 1ea6f35fbf
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/stream/ngx_stream_ssl_module.c
View File

@ -1070,7 +1070,10 @@ ngx_stream_ssl_conf_command_check(ngx_conf_t *cf, void *post, void *data)
static ngx_int_t static ngx_int_t
ngx_stream_ssl_init(ngx_conf_t *cf) ngx_stream_ssl_init(ngx_conf_t *cf)
{ {
ngx_uint_t i;
ngx_stream_listen_t *listen;
ngx_stream_handler_pt *h; ngx_stream_handler_pt *h;
ngx_stream_ssl_conf_t *scf;
ngx_stream_core_main_conf_t *cmcf; ngx_stream_core_main_conf_t *cmcf;
cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module); cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
@ -1082,5 +1085,23 @@ ngx_stream_ssl_init(ngx_conf_t *cf)
*h = ngx_stream_ssl_handler; *h = ngx_stream_ssl_handler;
listen = cmcf->listen.elts;
for (i = 0; i < cmcf->listen.nelts; i++) {
if (!listen[i].quic) {
continue;
}
scf = listen[i].ctx->srv_conf[ngx_stream_ssl_module.ctx_index];
if (scf->certificates && !(scf->protocols & NGX_SSL_TLSv1_3)) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"\"ssl_protocols\" must enable TLSv1.3 for "
"the \"listen ... quic\" directive in %s:%ui",
scf->file, scf->line);
return NGX_ERROR;
}
}
return NGX_OK; return NGX_OK;
} }