Mercurial > hg > nginx
annotate auto/lib/openssl/makefile.bcc @ 9191:618132842e7c
QUIC: ignore duplicate PATH_CHALLENGE frames.
According to RFC 9000, an endpoint SHOULD NOT send multiple PATH_CHALLENGE
frames in a single packet. The change adds a check to enforce this claim to
optimize server behavior. Previously each PATH_CHALLENGE always resulted in a
single response datagram being sent to client. The effect of this was however
limited by QUIC flood protection.
Also, PATH_CHALLENGE is explicitly disabled in Initial and Handshake levels,
see RFC 9000, Table 3. However, technically it may be sent by client in 0-RTT
over a new path without actual migration, even though the migration itself is
prohibited during handshake. This allows client to coalesce multiple 0-RTT
packets each carrying a PATH_CHALLENGE and end up with multiple PATH_CHALLENGEs
per datagram. This again leads to suboptimal behavior, see above. Since the
purpose of sending PATH_CHALLENGE frames in 0-RTT is unclear, these frames are
now only allowed in 1-RTT. For 0-RTT they are silently ignored.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Wed, 22 Nov 2023 14:48:12 +0400 |
| parents | d620f497c50f |
| children |
| rev | line source |
|---|---|
|
2838
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
1 |
|
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
2 # Copyright (C) Igor Sysoev |
| 4412 | 3 # Copyright (C) Nginx, Inc. |
|
2838
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
4 |
|
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
5 |
|
2846
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
6 all: |
|
2838
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 cd $(OPENSSL) |
|
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 |
|
3488
92378c49456d
MSVC8 compatibility with OpenSSL 1.0.0
Igor Sysoev <igor@sysoev.ru>
parents:
2846
diff
changeset
|
9 perl Configure BC-32 no-shared --prefix=openssl $(OPENSSL_OPT) |
|
2838
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
|
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 ms\do_nasm |
|
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
12 |
|
ecdc41bf2047
backout r2833: CURDIR was set to Unix style path
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
13 $(MAKE) -f ms\bcb.mak |
|
2846
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
14 $(MAKE) -f ms\bcb.mak install |
|
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
15 |
|
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
16 # Borland's make does not expand "[ch]" in |
|
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
17 # copy "inc32\openssl\*.[ch]" "openssl\include\openssl" |
|
dfec0e090265
fix building OpenSSL on Win32
Igor Sysoev <igor@sysoev.ru>
parents:
2838
diff
changeset
|
18 copy inc32\openssl\*.h openssl\include\openssl |