Skip to content

Commit

Permalink
MINOR: quic: Correctly wait for the completion of handshakes with ear…
Browse files Browse the repository at this point in the history 
…ly data (aws-lc)

This patch impacts only the haproxy builds against aws-lc TLS stack (USE_OPENSSL_AWSLC).

As mentionned by the boringssl documentation, SSL_do_handshake() completes as soon
as ClientHello is processed and server flight sent (from the TLS stack to the
server endpoint I guess). Into QUIC, the completion has as side effect to discard
the Handshake packet number space. If this handshake completion is not deffered,
the Handshake level CRYPTO data will not be sent to the peer (because of the
assotiated packet number space discarding). According to the documentation,
SSL_in_early_data() may be used to do that. If it returns 1, this means that
the handshake is still in progress but has enough progressed to send half-RTT
data.

This patch is required to make the haproxy builds against aws-lc TLS stack support 0-RTT.
  • Loading branch information
@haproxyFred
haproxyFred committed Jan 23, 2024
1 parent fcc8255 commit 5c88b9f
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions src/quic_ssl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -558,6 +558,28 @@ int qc_ssl_provide_quic_data(struct ncbuf *ncbuf,
goto leave;
}

#if defined(OPENSSL_IS_AWSLC)
/* As a server, if early data is accepted, SSL_do_handshake will
* complete as soon as the ClientHello is processed and server flight sent.
* SSL_write may be used to send half-RTT data. SSL_read will consume early
* data and transition to 1-RTT data as appropriate. Prior to the
* transition, SSL_in_init will report the handshake is still in progress.
* Callers may use it or SSL_in_early_data to defer or reject requests
* as needed.
* (see https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Early-data)
*/

/* If we do not returned here, the handshake is considered as completed/confirmed.
* This has as bad side effect to discard the Handshake packet number space,
* so without sending the Handshake level CRYPTO data.
*/
if (SSL_in_early_data(ctx->ssl)) {
TRACE_PROTO("SSL handshake in progrees with early data",
QUIC_EV_CONN_IO_CB, qc, &state, &ssl_err);
goto out;
}
#endif

TRACE_PROTO("SSL handshake OK", QUIC_EV_CONN_IO_CB, qc, &state);

/* Check the alpn could be negotiated */
Expand Down

0 comments on commit 5c88b9f

Please sign in to comment.