Mercurial > hg > nginx
comparison src/stream/ngx_stream_quic_module.c @ 8686:dffb66fb783b quic
QUIC: stateless retry.
Previously, quic connection object was created when Retry packet was sent.
This is neither necessary nor convenient, and contradicts the idea of retry:
protecting from bad clients and saving server resources.
Now, the connection is not created, token is verified cryptographically
instead of holding it in connection.
author | Vladimir Homutov <vl@nginx.com> |
---|---|
date | Fri, 29 Jan 2021 15:53:47 +0300 |
parents | 831d1960826f |
children | cef042935003 |
comparison
equal
deleted
inserted
replaced
8685:dbe33ef9cd9a | 8686:dffb66fb783b |
---|---|
303 ngx_conf_merge_uint_value(conf->tp.active_connection_id_limit, | 303 ngx_conf_merge_uint_value(conf->tp.active_connection_id_limit, |
304 prev->tp.active_connection_id_limit, 2); | 304 prev->tp.active_connection_id_limit, 2); |
305 | 305 |
306 ngx_conf_merge_value(conf->retry, prev->retry, 0); | 306 ngx_conf_merge_value(conf->retry, prev->retry, 0); |
307 | 307 |
308 if (conf->retry) { | 308 if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) { |
309 if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) { | 309 return NGX_CONF_ERROR; |
310 return NGX_CONF_ERROR; | |
311 } | |
312 } | 310 } |
313 | 311 |
314 ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); | 312 ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); |
315 | 313 |
316 if (conf->sr_token_key.len == 0) { | 314 if (conf->sr_token_key.len == 0) { |