diff options
author | Roman Arutyunyan <arut@nginx.com> | 2023-01-10 17:24:10 +0400 |
---|---|---|
committer | Roman Arutyunyan <arut@nginx.com> | 2023-01-10 17:24:10 +0400 |
commit | d76600874c495728b801fd6ec33978194928a6e4 (patch) | |
tree | 4612d68c3fc57de0662dbb05ec00a85733f52ce2 | |
parent | 0065ba68b08b8cf4eaf3c18266d1a93182f196ed (diff) |
QUIC: relocated ngx_quic_init_streams() for 0-RTT.
Previously, streams were initialized in early keys handler. However, client
transport parameters may not be available by then. This happens, for example,
when using QuicTLS. Now streams are initialized in ngx_quic_crypto_input()
after calling SSL_do_handshake() for both 0-RTT and 1-RTT.
-rw-r--r-- | src/event/quic/ngx_event_quic_ssl.c | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c index fd0d8252e..0c982bc62 100644 --- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -67,12 +67,6 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn, return 0; } - if (level == ssl_encryption_early_data) { - if (ngx_quic_init_streams(c) != NGX_OK) { - return 0; - } - } - return 1; } @@ -138,10 +132,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn, } if (level == ssl_encryption_early_data) { - if (ngx_quic_init_streams(c) != NGX_OK) { - return 0; - } - return 1; } @@ -455,11 +445,17 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data) qc->error_reason = "handshake failed"; return NGX_ERROR; } - - return NGX_OK; } - if (SSL_in_init(ssl_conn)) { + if (n <= 0 || SSL_in_init(ssl_conn)) { + if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data) + && qc->client_tp_done) + { + if (ngx_quic_init_streams(c) != NGX_OK) { + return NGX_ERROR; + } + } + return NGX_OK; } |