nginx: src/event/ngx_event_quic_transport.c comparison

comparison src/event/ngx_event_quic_transport.c @ 8634:831d1960826f quic

QUIC: generate default stateless reset token key. Previously, if quic_stateless_reset_token_key was empty or unspecified, initial stateless reset token was not generated. However subsequent tokens were generated with empty key, which resulted in error with certain SSL libraries, for example OpenSSL. Now a random 32-byte stateless reset token key is generated if none is specified in the configuration. As a result, stateless reset tokens are now generated for all server ids.

author	Roman Arutyunyan <arut@nginx.com>
date	Wed, 11 Nov 2020 21:08:48 +0000
parents	45db1b5c1706
children	ad7ca043edf5

comparison

equal deleted inserted replaced

-:d8b01c2b8931
+:831d1960826f
 if (tp->original_dcid.len) {
 len += ngx_quic_tp_strlen(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
 }
 #endif
-if (tp->sr_enabled) {
+len += ngx_quic_varint_len(NGX_QUIC_TP_SR_TOKEN);
-len += ngx_quic_varint_len(NGX_QUIC_TP_SR_TOKEN);
+len += ngx_quic_varint_len(NGX_QUIC_SR_TOKEN_LEN);
-len += ngx_quic_varint_len(NGX_QUIC_SR_TOKEN_LEN);
+len += NGX_QUIC_SR_TOKEN_LEN;
-len += NGX_QUIC_SR_TOKEN_LEN;
-}
 if (pos == NULL) {
 return len;
 }
 if (tp->original_dcid.len) {
 ngx_quic_tp_str(NGX_QUIC_TP_ORIGINAL_DCID, tp->original_dcid);
 }
 #endif
-if (tp->sr_enabled) {
+ngx_quic_build_int(&p, NGX_QUIC_TP_SR_TOKEN);
-ngx_quic_build_int(&p, NGX_QUIC_TP_SR_TOKEN);
+ngx_quic_build_int(&p, NGX_QUIC_SR_TOKEN_LEN);
-ngx_quic_build_int(&p, NGX_QUIC_SR_TOKEN_LEN);
+p = ngx_cpymem(p, tp->sr_token, NGX_QUIC_SR_TOKEN_LEN);
-p = ngx_cpymem(p, tp->sr_token, NGX_QUIC_SR_TOKEN_LEN);
-}
 return p - pos;
 }

Mercurial > hg > nginx

comparison src/event/ngx_event_quic_transport.c @ 8634:831d1960826f quic