]> git.kaiwu.me - nginx.git/commitdiff
QUIC: refactored SSL_do_handshake() handling.
authorSergey Kandaurov <pluknet@nginx.com>
Thu, 29 Oct 2020 21:50:49 +0000 (21:50 +0000)
committerSergey Kandaurov <pluknet@nginx.com>
Thu, 29 Oct 2020 21:50:49 +0000 (21:50 +0000)
No functional changes.

src/event/ngx_event_quic.c

index 3a4ce31c1ae096c185b6c4bf11b0108f8763215d..7962c9d1081b5302c16c8c800bdf9d7a76d3bc46 100644 (file)
@@ -3581,9 +3581,14 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data)
 
     n = SSL_do_handshake(ssl_conn);
 
+    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
+                   "quic SSL_quic_read_level:%d SSL_quic_write_level:%d",
+                   (int) SSL_quic_read_level(ssl_conn),
+                   (int) SSL_quic_write_level(ssl_conn));
+
     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);
 
-    if (n == -1) {
+    if (n <= 0) {
         sslerr = SSL_get_error(ssl_conn, n);
 
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
@@ -3594,54 +3599,53 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data)
             return NGX_ERROR;
         }
 
-    } else if (n == 1 && !SSL_in_init(ssl_conn)) {
+        return NGX_OK;
+    }
 
-        ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                       "quic ssl cipher:%s", SSL_get_cipher(ssl_conn));
+    if (SSL_in_init(ssl_conn)) {
+        return NGX_OK;
+    }
 
-        ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                       "quic handshake completed successfully");
+    ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0,
+                   "quic ssl cipher:%s", SSL_get_cipher(ssl_conn));
 
-        c->ssl->handshaked = 1;
-        c->ssl->no_wait_shutdown = 1;
+    ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0,
+                   "quic handshake completed successfully");
 
-        frame = ngx_quic_alloc_frame(c, 0);
-        if (frame == NULL) {
-            return NGX_ERROR;
-        }
+    c->ssl->handshaked = 1;
+    c->ssl->no_wait_shutdown = 1;
 
-        /* 12.4 Frames and frame types, figure 8 */
-        frame->level = ssl_encryption_application;
-        frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
-        ngx_quic_queue_frame(c->quic, frame);
+    frame = ngx_quic_alloc_frame(c, 0);
+    if (frame == NULL) {
+        return NGX_ERROR;
+    }
 
-        if (ngx_quic_send_new_token(c) != NGX_OK) {
-            return NGX_ERROR;
-        }
+    /* 12.4 Frames and frame types, figure 8 */
+    frame->level = ssl_encryption_application;
+    frame->type = NGX_QUIC_FT_HANDSHAKE_DONE;
+    ngx_quic_queue_frame(c->quic, frame);
 
-        /*
-         * Generating next keys before a key update is received.
-         * See quic-tls 9.4 Header Protection Timing Side-Channels.
-         */
+    if (ngx_quic_send_new_token(c) != NGX_OK) {
+        return NGX_ERROR;
+    }
 
-        if (ngx_quic_key_update(c, &c->quic->keys[ssl_encryption_application],
-                                &c->quic->next_key)
-            != NGX_OK)
-        {
-            return NGX_ERROR;
-        }
+    /*
+     * Generating next keys before a key update is received.
+     * See quic-tls 9.4 Header Protection Timing Side-Channels.
+     */
 
-        /*
-         * 4.10.2 An endpoint MUST discard its handshake keys
-         * when the TLS handshake is confirmed
-         */
-        ngx_quic_discard_ctx(c, ssl_encryption_handshake);
+    if (ngx_quic_key_update(c, &c->quic->keys[ssl_encryption_application],
+                            &c->quic->next_key)
+        != NGX_OK)
+    {
+        return NGX_ERROR;
     }
 
-    ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
-                   "quic SSL_quic_read_level:%d SSL_quic_write_level:%d",
-                   (int) SSL_quic_read_level(ssl_conn),
-                   (int) SSL_quic_write_level(ssl_conn));
+    /*
+     * 4.10.2 An endpoint MUST discard its handshake keys
+     * when the TLS handshake is confirmed
+     */
+    ngx_quic_discard_ctx(c, ssl_encryption_handshake);
 
     return NGX_OK;
 }