]> git.kaiwu.me - nginx.git/commitdiff
QUIC: disabling bidirectional SSL shutdown earlier.
authorSergey Kandaurov <pluknet@nginx.com>
Sun, 6 Dec 2020 14:24:38 +0000 (14:24 +0000)
committerSergey Kandaurov <pluknet@nginx.com>
Sun, 6 Dec 2020 14:24:38 +0000 (14:24 +0000)
Notably, this fixes an issue with Chrome that can emit a "certificate_unknown"
alert during the SSL handshake where c->ssl->no_wait_shutdown is not yet set.

src/event/ngx_event_quic.c

index e1ab107b155c73e3d467ee3354751303ea3ce541..19ee17aaf62c883bfd0974945fc856f1e7edb4a7 100644 (file)
@@ -1563,6 +1563,8 @@ ngx_quic_init_connection(ngx_connection_t *c)
         return NGX_ERROR;
     }
 
+    c->ssl->no_wait_shutdown = 1;
+
     ssl_conn = c->ssl->connection;
 
     if (SSL_set_quic_method(ssl_conn, &quic_method) == 0) {
@@ -3726,7 +3728,6 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_quic_frame_t *frame, void *data)
                    "quic handshake completed successfully");
 
     c->ssl->handshaked = 1;
-    c->ssl->no_wait_shutdown = 1;
 
     frame = ngx_quic_alloc_frame(c, 0);
     if (frame == NULL) {