Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.h @ 7933:a2c34e77cfc1 quic
QUIC: added ALPN checks.
quic-transport draft 29:
section 7:
* authenticated negotiation of an application protocol (TLS uses
ALPN [RFC7301] for this purpose)
...
Endpoints MUST explicitly negotiate an application protocol. This
avoids situations where there is a disagreement about the protocol
that is in use.
section 8.1:
When using ALPN, endpoints MUST immediately close a connection (see
Section 10.3 of [QUIC-TRANSPORT]) with a no_application_protocol TLS
alert (QUIC error code 0x178; see Section 4.10) if an application
protocol is not negotiated.
Changes in ngx_quic_close_quic() function are required to avoid attempts
to generated and send packets without proper keys, what happens in case
of failed ALPN check.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Thu, 18 Jun 2020 13:58:46 +0300 |
parents | 9fe7875ce4bb |
children | e0f92f68e018 |
comparison
equal
deleted
inserted
replaced
7932:4e75267865de | 7933:a2c34e77cfc1 |
---|---|
15 /* Supported drafts: 27, 28 */ | 15 /* Supported drafts: 27, 28 */ |
16 #ifndef NGX_QUIC_DRAFT_VERSION | 16 #ifndef NGX_QUIC_DRAFT_VERSION |
17 #define NGX_QUIC_DRAFT_VERSION 27 | 17 #define NGX_QUIC_DRAFT_VERSION 27 |
18 #endif | 18 #endif |
19 #define NGX_QUIC_VERSION (0xff000000 + NGX_QUIC_DRAFT_VERSION) | 19 #define NGX_QUIC_VERSION (0xff000000 + NGX_QUIC_DRAFT_VERSION) |
20 | |
21 #define NGX_QUIC_ALPN(s) NGX_QUIC_ALPN_DRAFT(s) | |
22 #define NGX_QUIC_ALPN_DRAFT(s) "h3-" #s | |
23 #define NGX_QUIC_ALPN_STR NGX_QUIC_ALPN(NGX_QUIC_DRAFT_VERSION) | |
24 #define NGX_QUIC_ALPN_LEN (sizeof(NGX_QUIC_ALPN_STR) - 1) | |
20 | 25 |
21 #define NGX_QUIC_MAX_SHORT_HEADER 25 /* 1 flags + 20 dcid + 4 pn */ | 26 #define NGX_QUIC_MAX_SHORT_HEADER 25 /* 1 flags + 20 dcid + 4 pn */ |
22 #define NGX_QUIC_MAX_LONG_HEADER 56 | 27 #define NGX_QUIC_MAX_LONG_HEADER 56 |
23 /* 1 flags + 4 version + 2 x (1 + 20) s/dcid + 4 pn + 4 len + token len */ | 28 /* 1 flags + 4 version + 2 x (1 + 20) s/dcid + 4 pn + 4 len + token len */ |
24 | 29 |