diff options
author | Iru Cai | 2017-12-22 14:08:50 +0800 |
---|---|---|
committer | Iru Cai | 2017-12-22 14:08:50 +0800 |
commit | 0a95e0a331eb57bb3a01fdeec328664969c137a7 (patch) | |
tree | fa52d94ee7cd100f600797d9ad801452d86c7f42 /noquic_aesni.patch | |
download | aur-0a95e0a331eb57bb3a01fdeec328664969c137a7.tar.gz |
first commit
Diffstat (limited to 'noquic_aesni.patch')
-rw-r--r-- | noquic_aesni.patch | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/noquic_aesni.patch b/noquic_aesni.patch new file mode 100644 index 000000000000..9446e2c35f7c --- /dev/null +++ b/noquic_aesni.patch @@ -0,0 +1,133 @@ +diff --git a/caddyhttp/httpserver/server.go b/caddyhttp/httpserver/server.go +index eb854d7..eee1f07 100644 +--- a/caddyhttp/httpserver/server.go ++++ b/caddyhttp/httpserver/server.go +@@ -32,7 +32,6 @@ import ( + "sync" + "time" + +- "github.com/lucas-clemente/quic-go/h2quic" + "github.com/mholt/caddy" + "github.com/mholt/caddy/caddyhttp/staticfiles" + "github.com/mholt/caddy/caddytls" +@@ -41,7 +40,6 @@ import ( + // Server is the HTTP server implementation. + type Server struct { + Server *http.Server +- quicServer *h2quic.Server + listener net.Listener + listenerMu sync.Mutex + sites []*SiteConfig +@@ -104,12 +102,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) { + + // if TLS is enabled, make sure we prepare the Server accordingly + if s.Server.TLSConfig != nil { +- // enable QUIC if desired (requires HTTP/2) +- if HTTP2 && QUIC { +- s.quicServer = &h2quic.Server{Server: s.Server} +- s.Server.Handler = s.wrapWithSvcHeaders(s.Server.Handler) +- } +- + // wrap the HTTP handler with a handler that does MITM detection + tlsh := &tlsHandler{next: s.Server.Handler} + s.Server.Handler = tlsh // this needs to be the "outer" handler when Serve() is called, for type assertion +@@ -236,7 +228,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server { + + func (s *Server) wrapWithSvcHeaders(previousHandler http.Handler) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { +- s.quicServer.SetQuicHeaders(w.Header()) + previousHandler.ServeHTTP(w, r) + } + } +@@ -319,18 +310,11 @@ func (s *Server) Serve(ln net.Listener) error { + } + + err := s.Server.Serve(ln) +- if s.quicServer != nil { +- s.quicServer.Close() +- } + return err + } + + // ServePacket serves QUIC requests on pc until it is closed. + func (s *Server) ServePacket(pc net.PacketConn) error { +- if s.quicServer != nil { +- err := s.quicServer.Serve(pc.(*net.UDPConn)) +- return fmt.Errorf("serving QUIC connections: %v", err) +- } + return nil + } + +diff --git a/caddyhttp/proxy/reverseproxy.go b/caddyhttp/proxy/reverseproxy.go +index 78fbb6b..cc257df 100644 +--- a/caddyhttp/proxy/reverseproxy.go ++++ b/caddyhttp/proxy/reverseproxy.go +@@ -37,8 +37,6 @@ import ( + + "golang.org/x/net/http2" + +- "github.com/lucas-clemente/quic-go" +- "github.com/lucas-clemente/quic-go/h2quic" + "github.com/mholt/caddy/caddyhttp/httpserver" + ) + +@@ -204,12 +202,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int) * + rp.Transport = &http.Transport{ + Dial: socketDial(target.String()), + } +- } else if target.Scheme == "quic" { +- rp.Transport = &h2quic.RoundTripper{ +- QuicConfig: &quic.Config{ +- HandshakeTimeout: defaultCryptoHandshakeTimeout, +- }, +- } + } else if keepalive != http.DefaultMaxIdleConnsPerHost { + // if keepalive is equal to the default, + // just use default transport, to avoid creating +@@ -256,11 +248,6 @@ func (rp *ReverseProxy) UseInsecureTransport() { + // No http2.ConfigureTransport() here. + // For now this is only added in places where + // an http.Transport is actually created. +- } else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok { +- if transport.TLSClientConfig == nil { +- transport.TLSClientConfig = &tls.Config{} +- } +- transport.TLSClientConfig.InsecureSkipVerify = true + } + } + +@@ -276,10 +263,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request, + + rp.Director(outreq) + +- if outreq.URL.Scheme == "quic" { +- outreq.URL.Scheme = "https" // Change scheme back to https for QUIC RoundTripper +- } +- + res, err := transport.RoundTrip(outreq) + if err != nil { + return err +diff --git a/caddytls/config.go b/caddytls/config.go +index 4654c06..3fd340e 100644 +--- a/caddytls/config.go ++++ b/caddytls/config.go +@@ -23,7 +23,6 @@ import ( + "net/url" + "strings" + +- "github.com/codahale/aesnicheck" + "github.com/mholt/caddy" + "github.com/xenolf/lego/acme" + ) +@@ -500,11 +499,6 @@ var defaultCiphersNonAESNI = []uint16{ + // + // See https://github.com/mholt/caddy/issues/1674 + func getPreferredDefaultCiphers() []uint16 { +- if aesnicheck.HasAESNI() { +- return defaultCiphers +- } +- +- // Return a cipher suite that prefers ChaCha20 + return defaultCiphersNonAESNI + } + |