QUIC: fixed compat with ciphers other than AES128 (ticket #2500).

Previously, rec.level field was not uninitialized in SSL_provide_quic_data(). As a result, its value was always ssl_encryption_initial. Later in ngx_quic_ciphers() such level resulted in resetting the cipher to TLS1_3_CK_AES_128_GCM_SHA256 and using AES128 to encrypt the packet. Now the level is initialized and the right cipher is used.
author: Roman Arutyunyan <arut@nginx.com> 2023-05-28 11:17:07 +0400
committer: Roman Arutyunyan <arut@nginx.com> 2023-05-28 11:17:07 +0400
commit: cb70d5954c65b5683bc1c104bbf2466b73f4aa2b (patch)
tree: 246397522e346967a40132fffd1707227b40ab77 /src
parent: fddcc30e999e56a9838a5ed818469afcd244f395 (diff)
download: nginx-cb70d5954c65b5683bc1c104bbf2466b73f4aa2b.tar.gz
nginx-cb70d5954c65b5683bc1c104bbf2466b73f4aa2b.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c
index 51430e4b9..63d380e35 100644
--- a/src/event/quic/ngx_event_quic_openssl_compat.c
+++ b/src/event/quic/ngx_event_quic_openssl_compat.c
@@ -463,6 +463,7 @@ SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
         rec.log = c->log;
         rec.number = com->read_record++;
         rec.keys = &com->keys;
+        rec.level = level;
 
         if (level == ssl_encryption_initial) {
             n = ngx_min(len, 65535);
author	Roman Arutyunyan <arut@nginx.com>	2023-05-28 11:17:07 +0400
committer	Roman Arutyunyan <arut@nginx.com>	2023-05-28 11:17:07 +0400
commit	cb70d5954c65b5683bc1c104bbf2466b73f4aa2b (patch)
tree	246397522e346967a40132fffd1707227b40ab77 /src
parent	fddcc30e999e56a9838a5ed818469afcd244f395 (diff)
download	nginx-cb70d5954c65b5683bc1c104bbf2466b73f4aa2b.tar.gz nginx-cb70d5954c65b5683bc1c104bbf2466b73f4aa2b.zip