Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_ssl.c @ 9068:bf2267887014 quic
QUIC: relocated ngx_quic_init_streams() for 0-RTT.
Previously, streams were initialized in early keys handler. However, client
transport parameters may not be available by then. This happens, for example,
when using QuicTLS. Now streams are initialized in ngx_quic_crypto_input()
after calling SSL_do_handshake() for both 0-RTT and 1-RTT.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Tue, 10 Jan 2023 17:24:10 +0400 |
parents | 8c0bccdf2743 |
children | 3c98fa8fef6f |
comparison
equal
deleted
inserted
replaced
9067:6bb884dc7291 | 9068:bf2267887014 |
---|---|
65 != NGX_OK) | 65 != NGX_OK) |
66 { | 66 { |
67 return 0; | 67 return 0; |
68 } | 68 } |
69 | 69 |
70 if (level == ssl_encryption_early_data) { | |
71 if (ngx_quic_init_streams(c) != NGX_OK) { | |
72 return 0; | |
73 } | |
74 } | |
75 | |
76 return 1; | 70 return 1; |
77 } | 71 } |
78 | 72 |
79 | 73 |
80 static int | 74 static int |
136 { | 130 { |
137 return 0; | 131 return 0; |
138 } | 132 } |
139 | 133 |
140 if (level == ssl_encryption_early_data) { | 134 if (level == ssl_encryption_early_data) { |
141 if (ngx_quic_init_streams(c) != NGX_OK) { | |
142 return 0; | |
143 } | |
144 | |
145 return 1; | 135 return 1; |
146 } | 136 } |
147 | 137 |
148 #ifdef NGX_QUIC_DEBUG_CRYPTO | 138 #ifdef NGX_QUIC_DEBUG_CRYPTO |
149 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, | 139 ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, |
453 if (sslerr != SSL_ERROR_WANT_READ) { | 443 if (sslerr != SSL_ERROR_WANT_READ) { |
454 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); | 444 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
455 qc->error_reason = "handshake failed"; | 445 qc->error_reason = "handshake failed"; |
456 return NGX_ERROR; | 446 return NGX_ERROR; |
457 } | 447 } |
458 | 448 } |
459 return NGX_OK; | 449 |
460 } | 450 if (n <= 0 || SSL_in_init(ssl_conn)) { |
461 | 451 if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data) |
462 if (SSL_in_init(ssl_conn)) { | 452 && qc->client_tp_done) |
453 { | |
454 if (ngx_quic_init_streams(c) != NGX_OK) { | |
455 return NGX_ERROR; | |
456 } | |
457 } | |
458 | |
463 return NGX_OK; | 459 return NGX_OK; |
464 } | 460 } |
465 | 461 |
466 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, | 462 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, |
467 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); | 463 "quic ssl cipher:%s", SSL_get_cipher(ssl_conn)); |