[PATCH] QUIC: fixed encryption level in ngx_quic_frame_sendto()

Roman Arutyunyan arut at nginx.com
Thu May 4 15:04:55 UTC 2023

# HG changeset patch
# User Roman Arutyunyan <arut at nginx.com>
# Date 1683212627 -14400
#      Thu May 04 19:03:47 2023 +0400
# Branch quic
# Node ID 99591a6dd409e18adb6bd2a895d940f7c0415080
# Parent  2610c54070bec4e55b6c9d31c16e8526fc8ee1ae
QUIC: fixed encryption level in ngx_quic_frame_sendto().

Previously, ssl_encryption_application was hardcoded.  Before 9553eea74f2a
ngx_quic_frame_sendto() was used only for PATH_CHALLENGE/PATH_RESPONSE, which
are only sent at the application level.  Since 9553eea74f2a,
ngx_quic_frame_sendto() is also used for sending CONNECTION_CLOSE, which can
be sent at initial level after SSL handshake error or rejection.  This
resulted in packet encryption error.  Now level is copied from frame, which
fixes the error.

diff --git a/src/event/quic/ngx_event_quic_output.c b/src/event/quic/ngx_event_quic_output.c
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -1223,7 +1223,7 @@ ngx_quic_frame_sendto(ngx_connection_t *
     static u_char           dst[NGX_QUIC_MAX_UDP_PAYLOAD_SIZE];
     qc = ngx_quic_get_connection(c);
-    ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+    ctx = ngx_quic_get_send_ctx(qc, frame->level);
     ngx_quic_init_packet(c, ctx, &pkt, path);

More information about the nginx-devel mailing list