QUIC: stateless retry.

Previously, quic connection object was created when Retry packet was sent. This is neither necessary nor convenient, and contradicts the idea of retry: protecting from bad clients and saving server resources. Now, the connection is not created, token is verified cryptographically instead of holding it in connection.
author: Vladimir Homutov <vl@nginx.com> 2021-01-29 15:53:47 +0300
committer: Vladimir Homutov <vl@nginx.com> 2021-01-29 15:53:47 +0300
commit: 89dda20510bf7dac952a2dc0b5f29deba376e25f (patch)
tree: b9abd59dfa08a5cf64206619046b9196692a259f /src/stream/ngx_stream_quic_module.c
parent: cd6253430051a823dc31b756e93aeecb5f674af3 (diff)
download: nginx-89dda20510bf7dac952a2dc0b5f29deba376e25f.tar.gz
nginx-89dda20510bf7dac952a2dc0b5f29deba376e25f.zip
1 files changed, 2 insertions, 4 deletions
diff --git a/src/stream/ngx_stream_quic_module.c b/src/stream/ngx_stream_quic_module.c
index eaaaba89a..e6466bba4 100644
--- a/src/stream/ngx_stream_quic_module.c
+++ b/src/stream/ngx_stream_quic_module.c
@@ -305,10 +305,8 @@ ngx_stream_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
 
     ngx_conf_merge_value(conf->retry, prev->retry, 0);
 
-    if (conf->retry) {
-        if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) {
-            return NGX_CONF_ERROR;
-        }
+    if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) {
+        return NGX_CONF_ERROR;
     }
 
     ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, "");
author	Vladimir Homutov <vl@nginx.com>	2021-01-29 15:53:47 +0300
committer	Vladimir Homutov <vl@nginx.com>	2021-01-29 15:53:47 +0300
commit	89dda20510bf7dac952a2dc0b5f29deba376e25f (patch)
tree	b9abd59dfa08a5cf64206619046b9196692a259f /src/stream/ngx_stream_quic_module.c
parent	cd6253430051a823dc31b756e93aeecb5f674af3 (diff)
download	nginx-89dda20510bf7dac952a2dc0b5f29deba376e25f.tar.gz nginx-89dda20510bf7dac952a2dc0b5f29deba376e25f.zip