Mercurial > hg > nginx-quic

diff src/http/modules/ngx_http_quic_module.c @ 8279:dffb66fb783b quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: stateless retry. Previously, quic connection object was created when Retry packet was sent. This is neither necessary nor convenient, and contradicts the idea of retry: protecting from bad clients and saving server resources. Now, the connection is not created, token is verified cryptographically instead of holding it in connection.
author Vladimir Homutov <vl@nginx.com>
date Fri, 29 Jan 2021 15:53:47 +0300
parents e1eb7f4ca9f1
children cef042935003
line wrap: on
line diff
--- a/src/http/modules/ngx_http_quic_module.c
+++ b/src/http/modules/ngx_http_quic_module.c
@@ -346,10 +346,8 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t 
 
     ngx_conf_merge_value(conf->retry, prev->retry, 0);
 
-    if (conf->retry) {
-        if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) {
-            return NGX_CONF_ERROR;
-        }
+    if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) {
+        return NGX_CONF_ERROR;
     }
 
     ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, "");