]> git.kaiwu.me - nginx.git/commitdiff
Close connection with PROTOCOL_VIOLATION on decryption failure.
authorSergey Kandaurov <pluknet@nginx.com>
Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)
committerSergey Kandaurov <pluknet@nginx.com>
Tue, 23 Jun 2020 08:57:00 +0000 (11:57 +0300)
A previously used undefined error code is now replaced with the generic one.

Note that quic-transport prescribes keeping connection intact, discarding such
QUIC packets individually, in the sense that coalesced packets could be there.
This is selectively handled in the next change.

src/event/ngx_event_quic_protection.c

index 7162c770312c2e6be644e7565a279216c63ff4ac..8afa9e842f4233652af29f032d2e71dfff080edf 100644 (file)
@@ -1050,7 +1050,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
     if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
         != NGX_OK)
     {
-        pkt->error = NGX_QUIC_ERR_CRYPTO_ERROR;
+        pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
         return NGX_ERROR;
     }
 
@@ -1130,7 +1130,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
 #endif
 
     if (rc != NGX_OK) {
-        pkt->error = NGX_QUIC_ERR_CRYPTO_ERROR;
+        pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
         return rc;
     }