summarylogtreecommitdiffstats
path: root/noquic_aesni.patch
blob: c684559e355135de58aa0866125dc999757dc8d9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122

diff --git a/caddyhttp/httpserver/server.go b/caddyhttp/httpserver/server.go
index de53cea..1b58e04 100644
--- a/caddyhttp/httpserver/server.go
+++ b/caddyhttp/httpserver/server.go
@@ -32,7 +32,6 @@ import (
 	"sync"
 	"time"
 
-	"github.com/lucas-clemente/quic-go/h2quic"
 	"github.com/mholt/caddy"
 	"github.com/mholt/caddy/caddyhttp/staticfiles"
 	"github.com/mholt/caddy/caddytls"
@@ -42,7 +41,6 @@ import (
 // Server is the HTTP server implementation.
 type Server struct {
 	Server      *http.Server
-	quicServer  *h2quic.Server
 	listener    net.Listener
 	listenerMu  sync.Mutex
 	sites       []*SiteConfig
@@ -105,12 +103,6 @@ func NewServer(addr string, group []*SiteConfig) (*Server, error) {
 
 	// if TLS is enabled, make sure we prepare the Server accordingly
 	if s.Server.TLSConfig != nil {
-		// enable QUIC if desired (requires HTTP/2)
-		if HTTP2 && QUIC {
-			s.quicServer = &h2quic.Server{Server: s.Server}
-			s.Server.Handler = s.wrapWithSvcHeaders(s.Server.Handler)
-		}
-
 		// wrap the HTTP handler with a handler that does MITM detection
 		tlsh := &tlsHandler{next: s.Server.Handler}
 		s.Server.Handler = tlsh // this needs to be the "outer" handler when Serve() is called, for type assertion
@@ -237,7 +229,6 @@ func makeHTTPServerWithTimeouts(addr string, group []*SiteConfig) *http.Server {
 
 func (s *Server) wrapWithSvcHeaders(previousHandler http.Handler) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		s.quicServer.SetQuicHeaders(w.Header())
 		previousHandler.ServeHTTP(w, r)
 	}
 }
@@ -333,18 +324,11 @@ func (s *Server) Serve(ln net.Listener) error {
 	if err == http.ErrServerClosed {
 		err = nil // not an error worth reporting since closing a server is intentional
 	}
-	if s.quicServer != nil {
-		s.quicServer.Close()
-	}
 	return err
 }
 
 // ServePacket serves QUIC requests on pc until it is closed.
 func (s *Server) ServePacket(pc net.PacketConn) error {
-	if s.quicServer != nil {
-		err := s.quicServer.Serve(pc.(*net.UDPConn))
-		return fmt.Errorf("serving QUIC connections: %v", err)
-	}
 	return nil
 }
 
diff --git a/caddyhttp/proxy/reverseproxy.go b/caddyhttp/proxy/reverseproxy.go
index 14d4bd7..d8d0622 100644
--- a/caddyhttp/proxy/reverseproxy.go
+++ b/caddyhttp/proxy/reverseproxy.go
@@ -40,8 +40,6 @@ import (
 
 	"golang.org/x/net/http2"
 
-	"github.com/lucas-clemente/quic-go"
-	"github.com/lucas-clemente/quic-go/h2quic"
 	"github.com/mholt/caddy/caddyhttp/httpserver"
 )
 
@@ -250,13 +248,6 @@ func NewSingleHostReverseProxy(target *url.URL, without string, keepalive int, t
 		rp.Transport = &http.Transport{
 			Dial: socketDial(target.String(), timeout),
 		}
-	} else if target.Scheme == "quic" {
-		rp.Transport = &h2quic.RoundTripper{
-			QuicConfig: &quic.Config{
-				HandshakeTimeout: defaultCryptoHandshakeTimeout,
-				KeepAlive:        true,
-			},
-		}
 	} else if keepalive != http.DefaultMaxIdleConnsPerHost || strings.HasPrefix(target.Scheme, "srv") {
 		dialFunc := rp.dialer.Dial
 		if strings.HasPrefix(target.Scheme, "srv") {
@@ -303,11 +294,6 @@ func (rp *ReverseProxy) UseInsecureTransport() {
 		// No http2.ConfigureTransport() here.
 		// For now this is only added in places where
 		// an http.Transport is actually created.
-	} else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok {
-		if transport.TLSClientConfig == nil {
-			transport.TLSClientConfig = &tls.Config{}
-		}
-		transport.TLSClientConfig.InsecureSkipVerify = true
 	}
 }
 
@@ -322,11 +308,6 @@ func (rp *ReverseProxy) UseOwnCACertificates(CaCertPool *x509.CertPool) {
 		// No http2.ConfigureTransport() here.
 		// For now this is only added in places where
 		// an http.Transport is actually created.
-	} else if transport, ok := rp.Transport.(*h2quic.RoundTripper); ok {
-		if transport.TLSClientConfig == nil {
-			transport.TLSClientConfig = &tls.Config{}
-		}
-		transport.TLSClientConfig.RootCAs = CaCertPool
 	}
 }
 
@@ -340,10 +321,6 @@ func (rp *ReverseProxy) ServeHTTP(rw http.ResponseWriter, outreq *http.Request,
 
 	rp.Director(outreq)
 
-	if outreq.URL.Scheme == "quic" {
-		outreq.URL.Scheme = "https" // Change scheme back to https for QUIC RoundTripper
-	}
-
 	res, err := transport.RoundTrip(outreq)
 	if err != nil {
 		return err