Close connection with PROTOCOL_VIOLATION on decryption failure.

A previously used undefined error code is now replaced with the generic one. Note that quic-transport prescribes keeping connection intact, discarding such QUIC packets individually, in the sense that coalesced packets could be there. This is selectively handled in the next change.
author: Sergey Kandaurov <pluknet@nginx.com> 2020-06-23 11:57:00 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> 2020-06-23 11:57:00 +0300
commit: d7baead1e82f13d26a90894dfbd0f665c45bfd46 (patch)
tree: 2d1d231cac5dcd8bd2504b85ce4c2eb119559920 /src
parent: 82519e1af283a3bd392cbd27419afef0de4180bd (diff)
download: nginx-d7baead1e82f13d26a90894dfbd0f665c45bfd46.tar.gz
nginx-d7baead1e82f13d26a90894dfbd0f665c45bfd46.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/event/ngx_event_quic_protection.c b/src/event/ngx_event_quic_protection.c
index 7162c7703..8afa9e842 100644
--- a/src/event/ngx_event_quic_protection.c
+++ b/src/event/ngx_event_quic_protection.c
@@ -1050,7 +1050,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
     if (ngx_quic_tls_hp(pkt->log, ciphers.hp, secret, mask, sample)
         != NGX_OK)
     {
-        pkt->error = NGX_QUIC_ERR_CRYPTO_ERROR;
+        pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
         return NGX_ERROR;
     }
 
@@ -1130,7 +1130,7 @@ ngx_quic_decrypt(ngx_quic_header_t *pkt, ngx_ssl_conn_t *ssl_conn,
 #endif
 
     if (rc != NGX_OK) {
-        pkt->error = NGX_QUIC_ERR_CRYPTO_ERROR;
+        pkt->error = NGX_QUIC_ERR_PROTOCOL_VIOLATION;
         return rc;
     }
author	Sergey Kandaurov <pluknet@nginx.com>	2020-06-23 11:57:00 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	2020-06-23 11:57:00 +0300
commit	d7baead1e82f13d26a90894dfbd0f665c45bfd46 (patch)
tree	2d1d231cac5dcd8bd2504b85ce4c2eb119559920 /src
parent	82519e1af283a3bd392cbd27419afef0de4180bd (diff)
download	nginx-d7baead1e82f13d26a90894dfbd0f665c45bfd46.tar.gz nginx-d7baead1e82f13d26a90894dfbd0f665c45bfd46.zip