diff options
Diffstat (limited to 'noquic_aesni.patch')
-rw-r--r-- | noquic_aesni.patch | 70 |
1 files changed, 37 insertions, 33 deletions
diff --git a/noquic_aesni.patch b/noquic_aesni.patch index c684559e3551..eca192a372d3 100644 --- a/noquic_aesni.patch +++ b/noquic_aesni.patch @@ -1,53 +1,57 @@ diff --git a/caddyhttp/httpserver/server.go b/caddyhttp/httpserver/server.go -index de53cea..1b58e04 100644 +index 7940ac8..71cc657 100644 --- a/caddyhttp/httpserver/server.go +++ b/caddyhttp/httpserver/server.go -@@ -32,7 +32,6 @@ import ( - "sync" +@@ -31,7 +31,6 @@ import ( + "strings" "time" - "github.com/lucas-clemente/quic-go/h2quic" "github.com/mholt/caddy" "github.com/mholt/caddy/caddyhttp/staticfiles" "github.com/mholt/caddy/caddytls" -@@ -42,7 +41,6 @@ import ( +@@ -41,7 +40,6 @@ import ( // Server is the HTTP server implementation. type Server struct { Server *http.Server - quicServer *h2quic.Server - listener net.Listener - listenerMu sync.Mutex sites []*SiteConfig -@@ -105,12 +103,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) { - - // if TLS is enabled, make sure we prepare the Server accordingly + connTimeout time.Duration // max time to wait for a connection before force stop + tlsGovChan chan struct{} // close to stop the TLS maintenance goroutine +@@ -104,7 +102,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) { if s.Server.TLSConfig != nil { -- // enable QUIC if desired (requires HTTP/2) -- if HTTP2 && QUIC { + // enable QUIC if desired (requires HTTP/2) + if HTTP2 && QUIC { - s.quicServer = &h2quic.Server{Server: s.Server} -- s.Server.Handler = s.wrapWithSvcHeaders(s.Server.Handler) -- } -- - // wrap the HTTP handler with a handler that does MITM detection - tlsh := &tlsHandler{next: s.Server.Handler} - s.Server.Handler = tlsh // this needs to be the "outer" handler when Serve() is called, for type assertion -@@ -237,7 +229,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server { + s.Server.Handler = s.wrapWithSvcHeaders(s.Server.Handler) + } + +@@ -234,9 +231,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server { func (s *Server) wrapWithSvcHeaders(previousHandler http.Handler) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { -- s.quicServer.SetQuicHeaders(w.Header()) +- if err := s.quicServer.SetQuicHeaders(w.Header()); err != nil { +- log.Println("[Error] failed to set proper headers for QUIC: ", err) +- } previousHandler.ServeHTTP(w, r) } } -@@ -333,18 +324,11 @@ func (s *Server) Serve(ln net.Listener) error { - if err == http.ErrServerClosed { - err = nil // not an error worth reporting since closing a server is intentional +@@ -324,14 +318,6 @@ func (s *Server) Serve(ln net.Listener) error { + s.tlsGovChan = caddytls.RotateSessionTicketKeys(s.Server.TLSConfig) } -- if s.quicServer != nil { -- s.quicServer.Close() -- } - return err - } + +- defer func() { +- if s.quicServer != nil { +- if err := s.quicServer.Close(); err != nil { +- log.Println("[ERROR] failed to close QUIC server: ", err) +- } +- } +- }() +- + err := s.Server.Serve(ln) + if err != nil && err != http.ErrServerClosed { + return err +@@ -341,10 +327,6 @@ func (s *Server) Serve(ln net.Listener) error { // ServePacket serves QUIC requests on pc until it is closed. func (s *Server) ServePacket(pc net.PacketConn) error { @@ -59,10 +63,10 @@ index de53cea..1b58e04 100644 } diff --git a/caddyhttp/proxy/reverseproxy.go b/caddyhttp/proxy/reverseproxy.go -index 14d4bd7..d8d0622 100644 +index c20be0c..884fd4d 100644 --- a/caddyhttp/proxy/reverseproxy.go +++ b/caddyhttp/proxy/reverseproxy.go -@@ -40,8 +40,6 @@ import ( +@@ -41,8 +41,6 @@ import ( "golang.org/x/net/http2" @@ -71,7 +75,7 @@ index 14d4bd7..d8d0622 100644 "github.com/mholt/caddy/caddyhttp/httpserver" ) -@@ -250,13 +248,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int, t +@@ -253,13 +251,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int, t rp.Transport = &http.Transport{ Dial: socketDial(target.String(), timeout), } @@ -85,7 +89,7 @@ index 14d4bd7..d8d0622 100644 } else if keepalive != http.DefaultMaxIdleConnsPerHost || strings.HasPrefix(target.Scheme, "srv") { dialFunc := rp.dialer.Dial if strings.HasPrefix(target.Scheme, "srv") { -@@ -303,11 +294,6 @@ func (rp *ReverseProxy) UseInsecureTransport() { +@@ -310,11 +301,6 @@ func (rp *ReverseProxy) UseInsecureTransport() { // No http2.ConfigureTransport() here. // For now this is only added in places where // an http.Transport is actually created. @@ -97,7 +101,7 @@ index 14d4bd7..d8d0622 100644 } } -@@ -322,11 +308,6 @@ func (rp *ReverseProxy) UseOwnCACertificates(CaCertPool *x509.CertPool) { +@@ -329,11 +315,6 @@ func (rp *ReverseProxy) UseOwnCACertificates(CaCertPool *x509.CertPool) { // No http2.ConfigureTransport() here. // For now this is only added in places where // an http.Transport is actually created. @@ -109,7 +113,7 @@ index 14d4bd7..d8d0622 100644 } } -@@ -340,10 +321,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request, +@@ -347,10 +328,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request, rp.Director(outreq) |