[PATCH] QUIC: relocated ngx_quic_init_streams() for 0-RTT
Roman Arutyunyan
arut at nginx.com
Tue Jan 10 13:30:54 UTC 2023
# HG changeset patch
# User Roman Arutyunyan <arut at nginx.com>
# Date 1673357050 -14400
# Tue Jan 10 17:24:10 2023 +0400
# Branch quic
# Node ID 5a09008e93a3842dc5a372e39617097893293ddf
# Parent 7dac46ecb27d3f488d40b28cd8d07f884046e171
QUIC: relocated ngx_quic_init_streams() for 0-RTT.
Previously, streams were initialized in early keys handler. However, client
transport parameters may not be available by then. This happens, for example,
when using QuicTLS. Now streams are initialized in ngx_quic_crypto_input()
after calling SSL_do_handshake() for both 0-RTT and 1-RTT.
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -67,12 +67,6 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t
return 0;
}
- if (level == ssl_encryption_early_data) {
- if (ngx_quic_init_streams(c) != NGX_OK) {
- return 0;
- }
- }
-
return 1;
}
@@ -138,10 +132,6 @@ ngx_quic_set_encryption_secrets(ngx_ssl_
}
if (level == ssl_encryption_early_data) {
- if (ngx_quic_init_streams(c) != NGX_OK) {
- return 0;
- }
-
return 1;
}
@@ -455,11 +445,17 @@ ngx_quic_crypto_input(ngx_connection_t *
qc->error_reason = "handshake failed";
return NGX_ERROR;
}
-
- return NGX_OK;
}
- if (SSL_in_init(ssl_conn)) {
+ if (n <= 0 || SSL_in_init(ssl_conn)) {
+ if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data)
+ && qc->client_tp_done)
+ {
+ if (ngx_quic_init_streams(c) != NGX_OK) {
+ return NGX_ERROR;
+ }
+ }
+
return NGX_OK;
}
More information about the nginx-devel
mailing list