summarylogtreecommitdiffstats
path: root/noquic_aesni.patch
blob: eca192a372d34b21b715961053171f92387331f5 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

diff --git a/caddyhttp/httpserver/server.go b/caddyhttp/httpserver/server.go
index 7940ac8..71cc657 100644
--- a/caddyhttp/httpserver/server.go
+++ b/caddyhttp/httpserver/server.go
@@ -31,7 +31,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/lucas-clemente/quic-go/h2quic"
 	"github.com/mholt/caddy"
 	"github.com/mholt/caddy/caddyhttp/staticfiles"
 	"github.com/mholt/caddy/caddytls"
@@ -41,7 +40,6 @@ import (
 // Server is the HTTP server implementation.
 type Server struct {
 	Server      *http.Server
-	quicServer  *h2quic.Server
 	sites       []*SiteConfig
 	connTimeout time.Duration // max time to wait for a connection before force stop
 	tlsGovChan  chan struct{} // close to stop the TLS maintenance goroutine
@@ -104,7 +102,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {
 	if s.Server.TLSConfig != nil {
 		// enable QUIC if desired (requires HTTP/2)
 		if HTTP2 && QUIC {
-			s.quicServer = &h2quic.Server{Server: s.Server}
 			s.Server.Handler = s.wrapWithSvcHeaders(s.Server.Handler)
 		}
 
@@ -234,9 +231,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server {
 
 func (s *Server) wrapWithSvcHeaders(previousHandler http.Handler) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if err := s.quicServer.SetQuicHeaders(w.Header()); err != nil {
-			log.Println("[Error] failed to set proper headers for QUIC: ", err)
-		}
 		previousHandler.ServeHTTP(w, r)
 	}
 }
@@ -324,14 +318,6 @@ func (s *Server) Serve(ln net.Listener) error {
 		s.tlsGovChan = caddytls.RotateSessionTicketKeys(s.Server.TLSConfig)
 	}
 
-	defer func() {
-		if s.quicServer != nil {
-			if err := s.quicServer.Close(); err != nil {
-				log.Println("[ERROR] failed to close QUIC server: ", err)
-			}
-		}
-	}()
-
 	err := s.Server.Serve(ln)
 	if err != nil && err != http.ErrServerClosed {
 		return err
@@ -341,10 +327,6 @@ func (s *Server) Serve(ln net.Listener) error {
 
 // ServePacket serves QUIC requests on pc until it is closed.
 func (s *Server) ServePacket(pc net.PacketConn) error {
-	if s.quicServer != nil {
-		err := s.quicServer.Serve(pc.(*net.UDPConn))
-		return fmt.Errorf("serving QUIC connections: %v", err)
-	}
 	return nil
 }
 
diff --git a/caddyhttp/proxy/reverseproxy.go b/caddyhttp/proxy/reverseproxy.go
index c20be0c..884fd4d 100644
--- a/caddyhttp/proxy/reverseproxy.go
+++ b/caddyhttp/proxy/reverseproxy.go
@@ -41,8 +41,6 @@ import (
 
 	"golang.org/x/net/http2"
 
-	"github.com/lucas-clemente/quic-go"
-	"github.com/lucas-clemente/quic-go/h2quic"
 	"github.com/mholt/caddy/caddyhttp/httpserver"
 )
 
@@ -253,13 +251,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int, t
 		rp.Transport = &http.Transport{
 			Dial: socketDial(target.String(), timeout),
 		}
-	} else if target.Scheme == "quic" {
-		rp.Transport = &h2quic.RoundTripper{
-			QuicConfig: &quic.Config{
-				HandshakeTimeout: defaultCryptoHandshakeTimeout,
-				KeepAlive:        true,
-			},
-		}
 	} else if keepalive != http.DefaultMaxIdleConnsPerHost || strings.HasPrefix(target.Scheme, "srv") {
 		dialFunc := rp.dialer.Dial
 		if strings.HasPrefix(target.Scheme, "srv") {
@@ -310,11 +301,6 @@ func (rp *ReverseProxy) UseInsecureTransport() {
 		// No http2.ConfigureTransport() here.
 		// For now this is only added in places where
 		// an http.Transport is actually created.
-	} else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok {
-		if transport.TLSClientConfig == nil {
-			transport.TLSClientConfig = &tls.Config{}
-		}
-		transport.TLSClientConfig.InsecureSkipVerify = true
 	}
 }
 
@@ -329,11 +315,6 @@ func (rp *ReverseProxy) UseOwnCACertificates(CaCertPool *x509.CertPool) {
 		// No http2.ConfigureTransport() here.
 		// For now this is only added in places where
 		// an http.Transport is actually created.
-	} else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok {
-		if transport.TLSClientConfig == nil {
-			transport.TLSClientConfig = &tls.Config{}
-		}
-		transport.TLSClientConfig.RootCAs = CaCertPool
 	}
 }
 
@@ -347,10 +328,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request,
 
 	rp.Director(outreq)
 
-	if outreq.URL.Scheme == "quic" {
-		outreq.URL.Scheme = "https" // Change scheme back to https for QUIC RoundTripper
-	}
-
 	res, err := transport.RoundTrip(outreq)
 	if err != nil {
 		return err