]> git.kaiwu.me - nginx.git/commit
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.
authorSergey Kandaurov <pluknet@nginx.com>
Thu, 22 Jul 2021 12:00:37 +0000 (15:00 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Thu, 22 Jul 2021 12:00:37 +0000 (15:00 +0300)
commit2b5659f350974dc1659c512d5681971c857c2deb
tree2e849c67585adffb914877556c1cdbec4acbcdbc
parent6157d0b5c1b3a6be7928748df2cda19838889f4f
QUIC: avoid processing 1-RTT with incomplete handshake in OpenSSL.

OpenSSL is known to provide read keys for an encryption level before the
level is active in TLS, following the old BoringSSL API.  In BoringSSL,
it was then fixed to defer releasing read keys until QUIC may use them.
src/event/quic/ngx_event_quic.c