summarylogtreecommitdiffstats
path: root/noquic_aesni.patch
blob: d7bf215c8dd02ab11205a749bba0814b942e6c5c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
diff --git a/caddyhttp/httpserver/server.go b/caddyhttp/httpserver/server.go
index 5368407b..be52e360 100644
--- a/caddyhttp/httpserver/server.go
+++ b/caddyhttp/httpserver/server.go
@@ -31,7 +31,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/lucas-clemente/quic-go/h2quic"
 	"github.com/caddyserver/caddy"
 	"github.com/caddyserver/caddy/caddyhttp/staticfiles"
 	"github.com/caddyserver/caddy/caddytls"
@@ -41,7 +40,6 @@ import (
 // Server is the HTTP server implementation.
 type Server struct {
 	Server      *http.Server
-	quicServer  *h2quic.Server
 	sites       []*SiteConfig
 	connTimeout time.Duration // max time to wait for a connection before force stop
 	tlsGovChan  chan struct{} // close to stop the TLS maintenance goroutine
@@ -102,12 +100,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {
 
 	// if TLS is enabled, make sure we prepare the Server accordingly
 	if s.Server.TLSConfig != nil {
-		// enable QUIC if desired (requires HTTP/2)
-		if HTTP2 && QUIC {
-			s.quicServer = &h2quic.Server{Server: s.Server}
-			s.Server.Handler = s.wrapWithSvcHeaders(s.Server.Handler)
-		}
-
 		// wrap the HTTP handler with a handler that does MITM detection
 		tlsh := &tlsHandler{next: s.Server.Handler}
 		s.Server.Handler = tlsh // this needs to be the "outer" handler when Serve() is called, for type assertion
@@ -234,9 +226,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server {
 
 func (s *Server) wrapWithSvcHeaders(previousHandler http.Handler) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		if err := s.quicServer.SetQuicHeaders(w.Header()); err != nil {
-			log.Println("[Error] failed to set proper headers for QUIC: ", err)
-		}
 		previousHandler.ServeHTTP(w, r)
 	}
 }
@@ -324,14 +313,6 @@ func (s *Server) Serve(ln net.Listener) error {
 		s.tlsGovChan = caddytls.RotateSessionTicketKeys(s.Server.TLSConfig)
 	}
 
-	defer func() {
-		if s.quicServer != nil {
-			if err := s.quicServer.Close(); err != nil {
-				log.Println("[ERROR] failed to close QUIC server: ", err)
-			}
-		}
-	}()
-
 	err := s.Server.Serve(ln)
 	if err != nil && err != http.ErrServerClosed {
 		return err
@@ -341,10 +322,6 @@ func (s *Server) Serve(ln net.Listener) error {
 
 // ServePacket serves QUIC requests on pc until it is closed.
 func (s *Server) ServePacket(pc net.PacketConn) error {
-	if s.quicServer != nil {
-		err := s.quicServer.Serve(pc.(*net.UDPConn))
-		return fmt.Errorf("serving QUIC connections: %v", err)
-	}
 	return nil
 }
 
diff --git a/caddyhttp/proxy/reverseproxy.go b/caddyhttp/proxy/reverseproxy.go
index a223d353..a4dfd056 100644
--- a/caddyhttp/proxy/reverseproxy.go
+++ b/caddyhttp/proxy/reverseproxy.go
@@ -41,8 +41,6 @@ import (
 
 	"golang.org/x/net/http2"
 
-	"github.com/lucas-clemente/quic-go"
-	"github.com/lucas-clemente/quic-go/h2quic"
 	"github.com/caddyserver/caddy/caddyhttp/httpserver"
 )
 
@@ -253,13 +251,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int, t
 		rp.Transport = &http.Transport{
 			Dial: socketDial(target.String(), timeout),
 		}
-	} else if target.Scheme == "quic" {
-		rp.Transport = &h2quic.RoundTripper{
-			QuicConfig: &quic.Config{
-				HandshakeTimeout: defaultCryptoHandshakeTimeout,
-				KeepAlive:        true,
-			},
-		}
 	} else if keepalive != http.DefaultMaxIdleConnsPerHost || strings.HasPrefix(target.Scheme, "srv") {
 		dialFunc := rp.dialer.Dial
 		if strings.HasPrefix(target.Scheme, "srv") {
@@ -310,11 +301,6 @@ func (rp *ReverseProxy) UseInsecureTransport() {
 		// No http2.ConfigureTransport() here.
 		// For now this is only added in places where
 		// an http.Transport is actually created.
-	} else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok {
-		if transport.TLSClientConfig == nil {
-			transport.TLSClientConfig = &tls.Config{}
-		}
-		transport.TLSClientConfig.InsecureSkipVerify = true
 	}
 }
 
@@ -329,11 +315,6 @@ func (rp *ReverseProxy) UseOwnCACertificates(CaCertPool *x509.CertPool) {
 		// No http2.ConfigureTransport() here.
 		// For now this is only added in places where
 		// an http.Transport is actually created.
-	} else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok {
-		if transport.TLSClientConfig == nil {
-			transport.TLSClientConfig = &tls.Config{}
-		}
-		transport.TLSClientConfig.RootCAs = CaCertPool
 	}
 }
 
@@ -347,10 +328,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request,
 
 	rp.Director(outreq)
 
-	if outreq.URL.Scheme == "quic" {
-		outreq.URL.Scheme = "https" // Change scheme back to https for QUIC RoundTripper
-	}
-
 	res, err := transport.RoundTrip(outreq)
 	if err != nil {
 		return err