]> git.kaiwu.me - nginx.git/commitdiff
QUIC: speeding up processing 0-RTT.
authorSergey Kandaurov <pluknet@nginx.com>
Tue, 26 Oct 2021 14:43:10 +0000 (17:43 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Tue, 26 Oct 2021 14:43:10 +0000 (17:43 +0300)
After fe919fd63b0b, processing QUIC streams was postponed until after handshake
completion, which means that 0-RTT is effectively off.  With ssl_ocsp enabled,
it could be further delayed.  This differs from how OCSP validation works with
SSL_read_early_data().  With this change, processing QUIC streams is unlocked
when obtaining 0-RTT secret.

src/event/quic/ngx_event_quic_ssl.c

index bcee112e0d8a5faf98839f35192058565740023d..8899bc6269b880898f717c11f5c9e7ba1b3308eb 100644 (file)
@@ -71,8 +71,20 @@ ngx_quic_set_read_secret(ngx_ssl_conn_t *ssl_conn,
                    secret_len, rsecret);
 #endif
 
-    return ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
-                                               cipher, rsecret, secret_len);
+    if (ngx_quic_keys_set_encryption_secret(c->pool, 0, qc->keys, level,
+                                            cipher, rsecret, secret_len)
+        != 1)
+    {
+        return 0;
+    }
+
+    if (level == ssl_encryption_early_data) {
+        if (ngx_quic_init_streams(c) != NGX_OK) {
+            return 0;
+        }
+    }
+
+    return 1;
 }
 
 
@@ -131,6 +143,10 @@ ngx_quic_set_encryption_secrets(ngx_ssl_conn_t *ssl_conn,
     }
 
     if (level == ssl_encryption_early_data) {
+        if (ngx_quic_init_streams(c) != NGX_OK) {
+            return 0;
+        }
+
         return 1;
     }