Mercurial > hg > nginx-quic
comparison src/event/ngx_event_quic.c @ 8190:d10118e38943 quic
QUIC: refactored SSL_do_handshake() handling.
No functional changes.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 29 Oct 2020 21:50:49 +0000 |
parents | bb3f4f669417 |
children | 9c3be23ddbe7 |
comparison
equal
deleted
inserted
replaced
8189:bb3f4f669417 | 8190:d10118e38943 |
---|---|
3579 return NGX_ERROR; | 3579 return NGX_ERROR; |
3580 } | 3580 } |
3581 | 3581 |
3582 n = SSL_do_handshake(ssl_conn); | 3582 n = SSL_do_handshake(ssl_conn); |
3583 | 3583 |
3584 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); | |
3585 | |
3586 if (n == -1) { | |
3587 sslerr = SSL_get_error(ssl_conn, n); | |
3588 | |
3589 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | |
3590 sslerr); | |
3591 | |
3592 if (sslerr != SSL_ERROR_WANT_READ) { | |
3593 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); | |
3594 return NGX_ERROR; | |
3595 } | |
3596 | |
3597 } else if (n == 1 && !SSL_in_init(ssl_conn)) { | |
3598 | |
3599 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
3600 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); | |
3601 | |
3602 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
3603 "quic handshake completed successfully"); | |
3604 | |
3605 c->ssl->handshaked = 1; | |
3606 c->ssl->no_wait_shutdown = 1; | |
3607 | |
3608 frame = ngx_quic_alloc_frame(c, 0); | |
3609 if (frame == NULL) { | |
3610 return NGX_ERROR; | |
3611 } | |
3612 | |
3613 /* 12.4 Frames and frame types, figure 8 */ | |
3614 frame->level = ssl_encryption_application; | |
3615 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; | |
3616 ngx_quic_queue_frame(c->quic, frame); | |
3617 | |
3618 if (ngx_quic_send_new_token(c) != NGX_OK) { | |
3619 return NGX_ERROR; | |
3620 } | |
3621 | |
3622 /* | |
3623 * Generating next keys before a key update is received. | |
3624 * See quic-tls 9.4 Header Protection Timing Side-Channels. | |
3625 */ | |
3626 | |
3627 if (ngx_quic_key_update(c, &c->quic->keys[ssl_encryption_application], | |
3628 &c->quic->next_key) | |
3629 != NGX_OK) | |
3630 { | |
3631 return NGX_ERROR; | |
3632 } | |
3633 | |
3634 /* | |
3635 * 4.10.2 An endpoint MUST discard its handshake keys | |
3636 * when the TLS handshake is confirmed | |
3637 */ | |
3638 ngx_quic_discard_ctx(c, ssl_encryption_handshake); | |
3639 } | |
3640 | |
3641 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, | 3584 ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0, |
3642 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", | 3585 "quic SSL_quic_read_level:%d SSL_quic_write_level:%d", |
3643 (int) SSL_quic_read_level(ssl_conn), | 3586 (int) SSL_quic_read_level(ssl_conn), |
3644 (int) SSL_quic_write_level(ssl_conn)); | 3587 (int) SSL_quic_write_level(ssl_conn)); |
3588 | |
3589 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n); | |
3590 | |
3591 if (n <= 0) { | |
3592 sslerr = SSL_get_error(ssl_conn, n); | |
3593 | |
3594 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | |
3595 sslerr); | |
3596 | |
3597 if (sslerr != SSL_ERROR_WANT_READ) { | |
3598 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); | |
3599 return NGX_ERROR; | |
3600 } | |
3601 | |
3602 return NGX_OK; | |
3603 } | |
3604 | |
3605 if (SSL_in_init(ssl_conn)) { | |
3606 return NGX_OK; | |
3607 } | |
3608 | |
3609 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
3610 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); | |
3611 | |
3612 ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, | |
3613 "quic handshake completed successfully"); | |
3614 | |
3615 c->ssl->handshaked = 1; | |
3616 c->ssl->no_wait_shutdown = 1; | |
3617 | |
3618 frame = ngx_quic_alloc_frame(c, 0); | |
3619 if (frame == NULL) { | |
3620 return NGX_ERROR; | |
3621 } | |
3622 | |
3623 /* 12.4 Frames and frame types, figure 8 */ | |
3624 frame->level = ssl_encryption_application; | |
3625 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; | |
3626 ngx_quic_queue_frame(c->quic, frame); | |
3627 | |
3628 if (ngx_quic_send_new_token(c) != NGX_OK) { | |
3629 return NGX_ERROR; | |
3630 } | |
3631 | |
3632 /* | |
3633 * Generating next keys before a key update is received. | |
3634 * See quic-tls 9.4 Header Protection Timing Side-Channels. | |
3635 */ | |
3636 | |
3637 if (ngx_quic_key_update(c, &c->quic->keys[ssl_encryption_application], | |
3638 &c->quic->next_key) | |
3639 != NGX_OK) | |
3640 { | |
3641 return NGX_ERROR; | |
3642 } | |
3643 | |
3644 /* | |
3645 * 4.10.2 An endpoint MUST discard its handshake keys | |
3646 * when the TLS handshake is confirmed | |
3647 */ | |
3648 ngx_quic_discard_ctx(c, ssl_encryption_handshake); | |
3645 | 3649 |
3646 return NGX_OK; | 3650 return NGX_OK; |
3647 } | 3651 } |
3648 | 3652 |
3649 | 3653 |