Mercurial > hg > nginx

diff src/event/quic/ngx_event_quic.c @ 9168:ff98ae7d261e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
QUIC: split keys availability checks to read and write sides. Keys may be released by TLS stack in different times, so it makes sense to check this independently as well. This allows to fine-tune what key direction is used when checking keys availability. When discarding, server keys are now marked in addition to client keys.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 31 Aug 2023 19:54:10 +0400
parents f9845e4b5c14
children 4ccb0d973206
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -530,7 +530,7 @@ ngx_quic_close_connection(ngx_connection
             for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
                 ctx = &qc->send_ctx[i];
 
-                if (!ngx_quic_keys_available(qc->keys, ctx->level)) {
+                if (!ngx_quic_keys_available(qc->keys, ctx->level, 1)) {
                     continue;
                 }
 
@@ -959,7 +959,7 @@ ngx_quic_handle_payload(ngx_connection_t
 
     c->log->action = "decrypting packet";
 
-    if (!ngx_quic_keys_available(qc->keys, pkt->level)) {
+    if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
         ngx_log_error(NGX_LOG_INFO, c->log, 0,
                       "quic no %s keys, ignoring packet",
                       ngx_quic_level_name(pkt->level));
@@ -1082,7 +1082,9 @@ ngx_quic_discard_ctx(ngx_connection_t *c
 
     qc = ngx_quic_get_connection(c);
 
-    if (!ngx_quic_keys_available(qc->keys, level)) {
+    if (!ngx_quic_keys_available(qc->keys, level, 0)
+        && !ngx_quic_keys_available(qc->keys, level, 1))
+    {
         return;
     }