nghttpx: Client always uses simpler TLS handshake

This commit is contained in:
Tatsuhiro Tsujikawa 2022-05-08 10:31:25 +09:00
parent 992181a0de
commit c13a66d26f
2 changed files with 11 additions and 10 deletions

View File

@ -2921,7 +2921,8 @@ SSL/TLS:
accepts. accepts.
Default: )" Default: )"
<< util::utos_unit(config->tls.max_early_data) << R"( << util::utos_unit(config->tls.max_early_data) << R"(
--tls-ktls Enable ktls. --tls-ktls Enable ktls. For server, ktls is enable if
--tls-session-cache-memcached is not configured.
HTTP/2: HTTP/2:
-c, --frontend-http2-max-concurrent-streams=<N> -c, --frontend-http2-max-concurrent-streams=<N>

View File

@ -150,6 +150,13 @@ void Connection::prepare_client_handshake() {
} }
void Connection::prepare_server_handshake() { void Connection::prepare_server_handshake() {
auto &tlsconf = get_config()->tls;
if (proto != Proto::HTTP3 && !tlsconf.session_cache.memcached.host.empty()) {
auto bio = BIO_new(tlsconf.bio_method);
BIO_set_data(bio, this);
SSL_set_bio(tls.ssl, bio, bio);
}
SSL_set_accept_state(tls.ssl); SSL_set_accept_state(tls.ssl);
tls.server_handshake = true; tls.server_handshake = true;
} }
@ -312,13 +319,6 @@ BIO_METHOD *create_bio_method() {
void Connection::set_ssl(SSL *ssl) { void Connection::set_ssl(SSL *ssl) {
tls.ssl = ssl; tls.ssl = ssl;
auto &tlsconf = get_config()->tls;
if (proto != Proto::HTTP3 && !tlsconf.session_cache.memcached.host.empty()) {
auto bio = BIO_new(tlsconf.bio_method);
BIO_set_data(bio, this);
SSL_set_bio(tls.ssl, bio, bio);
}
SSL_set_app_data(tls.ssl, this); SSL_set_app_data(tls.ssl, this);
} }
@ -338,7 +338,7 @@ int Connection::tls_handshake() {
auto &tlsconf = get_config()->tls; auto &tlsconf = get_config()->tls;
if (tlsconf.session_cache.memcached.host.empty()) { if (!tls.server_handshake || tlsconf.session_cache.memcached.host.empty()) {
return tls_handshake_simple(); return tls_handshake_simple();
} }
@ -387,7 +387,7 @@ int Connection::tls_handshake() {
set_ssl(ssl); set_ssl(ssl);
SSL_set_accept_state(tls.ssl); prepare_server_handshake();
tls.handshake_state = TLSHandshakeState::NORMAL; tls.handshake_state = TLSHandshakeState::NORMAL;
break; break;