Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_ssl.c @ 8797:4715f3e669f1 quic
QUIC: updated specification references.
This includes updating citations and further clarification.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 16 Jun 2021 11:55:12 +0300 |
parents | 80d396fd8ee8 |
children | fe919fd63b0b |
comparison
equal
deleted
inserted
replaced
8796:1fec68e322d0 | 8797:4715f3e669f1 |
---|---|
9 #include <ngx_event.h> | 9 #include <ngx_event.h> |
10 #include <ngx_event_quic_connection.h> | 10 #include <ngx_event_quic_connection.h> |
11 | 11 |
12 | 12 |
13 /* | 13 /* |
14 * 7.4. Cryptographic Message Buffering | 14 * RFC 9000, 7.5. Cryptographic Message Buffering |
15 * Implementations MUST support buffering at least 4096 bytes of data | 15 * |
16 * Implementations MUST support buffering at least 4096 bytes of data | |
16 */ | 17 */ |
17 #define NGX_QUIC_MAX_BUFFERED 65535 | 18 #define NGX_QUIC_MAX_BUFFERED 65535 |
18 | 19 |
19 | 20 |
20 #if BORINGSSL_API_VERSION >= 10 | 21 #if BORINGSSL_API_VERSION >= 10 |
196 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 197 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
197 "quic SSL_get_peer_quic_transport_params():" | 198 "quic SSL_get_peer_quic_transport_params():" |
198 " params_len:%ui", client_params_len); | 199 " params_len:%ui", client_params_len); |
199 | 200 |
200 if (client_params_len == 0) { | 201 if (client_params_len == 0) { |
201 /* quic-tls 8.2 */ | 202 /* RFC 9001, 8.2. QUIC Transport Parameters Extension */ |
202 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); | 203 qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION); |
203 qc->error_reason = "missing transport parameters"; | 204 qc->error_reason = "missing transport parameters"; |
204 | 205 |
205 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 206 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
206 "missing transport parameters"); | 207 "missing transport parameters"); |
426 frame = ngx_quic_alloc_frame(c); | 427 frame = ngx_quic_alloc_frame(c); |
427 if (frame == NULL) { | 428 if (frame == NULL) { |
428 return NGX_ERROR; | 429 return NGX_ERROR; |
429 } | 430 } |
430 | 431 |
431 /* 12.4 Frames and frame types, figure 8 */ | |
432 frame->level = ssl_encryption_application; | 432 frame->level = ssl_encryption_application; |
433 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; | 433 frame->type = NGX_QUIC_FT_HANDSHAKE_DONE; |
434 ngx_quic_queue_frame(qc, frame); | 434 ngx_quic_queue_frame(qc, frame); |
435 | 435 |
436 if (qc->conf->retry) { | 436 if (qc->conf->retry) { |
438 return NGX_ERROR; | 438 return NGX_ERROR; |
439 } | 439 } |
440 } | 440 } |
441 | 441 |
442 /* | 442 /* |
443 * RFC 9001, 9.5. Header Protection Timing Side Channels | |
444 * | |
443 * Generating next keys before a key update is received. | 445 * Generating next keys before a key update is received. |
444 * See quic-tls 9.4 Header Protection Timing Side-Channels. | |
445 */ | 446 */ |
446 | 447 |
447 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { | 448 if (ngx_quic_keys_update(c, qc->keys) != NGX_OK) { |
448 return NGX_ERROR; | 449 return NGX_ERROR; |
449 } | 450 } |
450 | 451 |
451 /* | 452 /* |
452 * 4.10.2 An endpoint MUST discard its handshake keys | 453 * RFC 9001, 4.9.2. Discarding Handshake Keys |
453 * when the TLS handshake is confirmed | 454 * |
455 * An endpoint MUST discard its Handshake keys | |
456 * when the TLS handshake is confirmed. | |
454 */ | 457 */ |
455 ngx_quic_discard_ctx(c, ssl_encryption_handshake); | 458 ngx_quic_discard_ctx(c, ssl_encryption_handshake); |
456 | 459 |
457 /* start accepting clients on negotiated number of server ids */ | 460 /* start accepting clients on negotiated number of server ids */ |
458 if (ngx_quic_create_sockets(c) != NGX_OK) { | 461 if (ngx_quic_create_sockets(c) != NGX_OK) { |