]> git.kaiwu.me - nginx.git/commitdiff
QUIC: refactored OCSP validation in preparation for 0-RTT support.
authorSergey Kandaurov <pluknet@nginx.com>
Tue, 26 Oct 2021 14:43:10 +0000 (17:43 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Tue, 26 Oct 2021 14:43:10 +0000 (17:43 +0300)
src/event/quic/ngx_event_quic_ssl.c
src/event/quic/ngx_event_quic_streams.c
src/event/quic/ngx_event_quic_streams.h

index 6e2377eac48969ea06a914bcebc6aedde85ccdc3..bcee112e0d8a5faf98839f35192058565740023d 100644 (file)
@@ -361,7 +361,6 @@ static ngx_int_t
 ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
 {
     int                     n, sslerr;
-    ngx_int_t               rc;
     ngx_buf_t              *b;
     ngx_chain_t            *cl;
     ngx_ssl_conn_t         *ssl_conn;
@@ -463,19 +462,10 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
         return NGX_ERROR;
     }
 
-    rc = ngx_ssl_ocsp_validate(c);
-
-    if (rc == NGX_ERROR) {
+    if (ngx_quic_init_streams(c) != NGX_OK) {
         return NGX_ERROR;
     }
 
-    if (rc == NGX_AGAIN) {
-        c->ssl->handler = ngx_quic_init_streams;
-        return NGX_OK;
-    }
-
-    ngx_quic_init_streams(c);
-
     return NGX_OK;
 }
 
index a49117dc93ef2d2a2ebeaeb1f7b296ba8b08d58d..2ba5ade9740b8eb9cadbd883af14ad868e2a3fd8 100644 (file)
@@ -16,6 +16,7 @@
 static ngx_quic_stream_t *ngx_quic_create_client_stream(ngx_connection_t *c,
     uint64_t id);
 static ngx_int_t ngx_quic_init_stream(ngx_quic_stream_t *qs);
+static void ngx_quic_init_streams_handler(ngx_connection_t *c);
 static ngx_quic_stream_t *ngx_quic_create_stream(ngx_connection_t *c,
     uint64_t id);
 static void ngx_quic_empty_handler(ngx_event_t *ev);
@@ -369,8 +370,37 @@ ngx_quic_init_stream(ngx_quic_stream_t *qs)
 }
 
 
-void
+ngx_int_t
 ngx_quic_init_streams(ngx_connection_t *c)
+{
+    ngx_int_t               rc;
+    ngx_quic_connection_t  *qc;
+
+    qc = ngx_quic_get_connection(c);
+
+    if (qc->streams.initialized) {
+        return NGX_OK;
+    }
+
+    rc = ngx_ssl_ocsp_validate(c);
+
+    if (rc == NGX_ERROR) {
+        return NGX_ERROR;
+    }
+
+    if (rc == NGX_AGAIN) {
+        c->ssl->handler = ngx_quic_init_streams_handler;
+        return NGX_OK;
+    }
+
+    ngx_quic_init_streams_handler(c);
+
+    return NGX_OK;
+}
+
+
+static void
+ngx_quic_init_streams_handler(ngx_connection_t *c)
 {
     ngx_queue_t            *q;
     ngx_quic_stream_t      *qs;
index 95cdfca1c4f8dd4f17846a6d0bf589cf84070d6c..c914fde24b8c3515bf4d8b6d7e5ca926a11df175 100644 (file)
@@ -31,7 +31,7 @@ ngx_int_t ngx_quic_handle_stop_sending_frame(ngx_connection_t *c,
 ngx_int_t ngx_quic_handle_max_streams_frame(ngx_connection_t *c,
     ngx_quic_header_t *pkt, ngx_quic_max_streams_frame_t *f);
 
-void ngx_quic_init_streams(ngx_connection_t *c);
+ngx_int_t ngx_quic_init_streams(ngx_connection_t *c);
 void ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp,
     ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
 ngx_quic_stream_t *ngx_quic_find_stream(ngx_rbtree_t *rbtree,