After
fe919fd63b0b, processing QUIC streams was postponed until after handshake
completion, which means that 0-RTT is effectively off. With ssl_ocsp enabled,
it could be further delayed. This differs from how OCSP validation works with
SSL_read_early_data(). With this change, processing QUIC streams is unlocked
when obtaining 0-RTT secret.
secret_len, rsecret);
#endif
- return ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
- cipher, rsecret, secret_len);
+ if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
+ cipher, rsecret, secret_len)
+ != 1)
+ {
+ return 0;
+ }
+
+ if (level == ssl_encryption_early_data) {
+ if (ngx_quic_init_streams(c) != NGX_OK) {
+ return 0;
+ }
+ }
+
+ return 1;
}
}
if (level == ssl_encryption_early_data) {
+ if (ngx_quic_init_streams(c) != NGX_OK) {
+ return 0;
+ }
+
return 1;
}