QUIC: fixed using of retired connection id (ticket #2289).

RFC 9000 19.16
 The sequence number specified in a RETIRE_CONNECTION_ID frame MUST NOT
 refer to the Destination Connection ID field of the packet in which the
 frame is contained.

Before the patch, the RETIRE_CONNECTION_ID frame was sent before switching
to the new client id.  If retired client id was currently in use, this lead
to violation of the spec.

1 files changed, 6 insertions, 4 deletions

diff --git a/src/event/quic/ngx_event_quic_connid.c b/src/event/quic/ngx_event_quic_connid.c
index 503a71b4e..d87948021 100644
--- a/src/event/quic/ngx_event_quic_connid.c
+++ b/src/event/quic/ngx_event_quic_connid.c
@@ -77,6 +77,7 @@ ngx_int_t
 ngx_quic_handle_new_connection_id_frame(ngx_connection_t *c,
     ngx_quic_new_conn_id_frame_t *f)
 {
+    uint64_t                seq;
     ngx_str_t               id;
     ngx_queue_t            *q;
     ngx_quic_client_id_t   *cid, *item;
@@ -173,10 +174,7 @@ retire:
         }
 
         /* this connection id must be retired */
-
-        if (ngx_quic_send_retire_connection_id(c, cid->seqnum) != NGX_OK) {
-            return NGX_ERROR;
-        }
+        seq = cid->seqnum;
 
         if (cid->refcnt) {
             /* we are going to retire client id which is in use */
@@ -187,6 +185,10 @@ retire:
         } else {
             ngx_quic_unref_client_id(c, cid);
         }
+
+        if (ngx_quic_send_retire_connection_id(c, seq) != NGX_OK) {
+            return NGX_ERROR;
+        }
     }
 
 done: