# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1635259390 -10800
# Node ID 66b4ff373dd9f9a5f41c18d083410f9a9b63a82b
# Parent  da112e7f8de6e77ea4ea51f36771ea67d6dc8720
QUIC: refactored OCSP validation in preparation for 0-RTT support.

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -361,7 +361,6 @@ static ngx_int_t
 ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
 {
     int                     n, sslerr;
-    ngx_int_t               rc;
     ngx_buf_t              *b;
     ngx_chain_t            *cl;
     ngx_ssl_conn_t         *ssl_conn;
@@ -463,19 +462,10 @@ ngx_quic_crypto_input(ngx_connection_t *
         return NGX_ERROR;
     }
 
-    rc = ngx_ssl_ocsp_validate(c);
-
-    if (rc == NGX_ERROR) {
+    if (ngx_quic_init_streams(c) != NGX_OK) {
         return NGX_ERROR;
     }
 
-    if (rc == NGX_AGAIN) {
-        c->ssl->handler = ngx_quic_init_streams;
-        return NGX_OK;
-    }
-
-    ngx_quic_init_streams(c);
-
     return NGX_OK;
 }
 
diff --git a/src/event/quic/ngx_event_quic_streams.c b/src/event/quic/ngx_event_quic_streams.c
--- a/src/event/quic/ngx_event_quic_streams.c
+++ b/src/event/quic/ngx_event_quic_streams.c
@@ -16,6 +16,7 @@
 static ngx_quic_stream_t *ngx_quic_create_client_stream(ngx_connection_t *c,
     uint64_t id);
 static ngx_int_t ngx_quic_init_stream(ngx_quic_stream_t *qs);
+static void ngx_quic_init_streams_handler(ngx_connection_t *c);
 static ngx_quic_stream_t *ngx_quic_create_stream(ngx_connection_t *c,
     uint64_t id);
 static void ngx_quic_empty_handler(ngx_event_t *ev);
@@ -369,9 +370,38 @@ ngx_quic_init_stream(ngx_quic_stream_t *
 }
 
 
-void
+ngx_int_t
 ngx_quic_init_streams(ngx_connection_t *c)
 {
+    ngx_int_t               rc;
+    ngx_quic_connection_t  *qc;
+
+    qc = ngx_quic_get_connection(c);
+
+    if (qc->streams.initialized) {
+        return NGX_OK;
+    }
+
+    rc = ngx_ssl_ocsp_validate(c);
+
+    if (rc == NGX_ERROR) {
+        return NGX_ERROR;
+    }
+
+    if (rc == NGX_AGAIN) {
+        c->ssl->handler = ngx_quic_init_streams_handler;
+        return NGX_OK;
+    }
+
+    ngx_quic_init_streams_handler(c);
+
+    return NGX_OK;
+}
+
+
+static void
+ngx_quic_init_streams_handler(ngx_connection_t *c)
+{
     ngx_queue_t            *q;
     ngx_quic_stream_t      *qs;
     ngx_quic_connection_t  *qc;
diff --git a/src/event/quic/ngx_event_quic_streams.h b/src/event/quic/ngx_event_quic_streams.h
--- a/src/event/quic/ngx_event_quic_streams.h
+++ b/src/event/quic/ngx_event_quic_streams.h
@@ -31,7 +31,7 @@ ngx_int_t ngx_quic_handle_stop_sending_f
 ngx_int_t ngx_quic_handle_max_streams_frame(ngx_connection_t *c,
     ngx_quic_header_t *pkt, ngx_quic_max_streams_frame_t *f);
 
-void ngx_quic_init_streams(ngx_connection_t *c);
+ngx_int_t ngx_quic_init_streams(ngx_connection_t *c);
 void ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp,
     ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
 ngx_quic_stream_t *ngx_quic_find_stream(ngx_rbtree_t *rbtree,