QUIC: refined sending CONNECTION_CLOSE in various packet types.

As per RFC 9000, section 10.2.3, to ensure that peer successfully removed
packet protection, CONNECTION_CLOSE can be sent in multiple packets using
different packet protection levels.

Now it is sent in all protection levels available.
This roughly corresponds to the following paragraph:

* Prior to confirming the handshake, a peer might be unable to process 1-RTT
  packets, so an endpoint SHOULD send a CONNECTION_CLOSE frame in both Handshake
  and 1-RTT packets.  A server SHOULD also send a CONNECTION_CLOSE frame in an
  Initial packet.

In practice, this change allows to avoid sending an Initial packet when we know
the client has handshake keys, by checking if we have discarded initial keys.
Also, this fixes sending CONNECTION_CLOSE when using QuicTLS with old QUIC API,
where TLS stack releases application read keys before handshake confirmation;
it is fixed by sending CONNECTION_CLOSE additionally in a Handshake packet.

diff --git a/src/event/quic/ngx_event_quic.c b/src/event/quic/ngx_event_quic.c
index 4026540dbcfa81f1c7c5b494ed738850422c7b6a..cd8beb3528352d80c0f00e41aad3c7e43aa41144 100644 (file)
--- a/src/event/quic/ngx_event_quic.c
+++ b/src/event/quic/ngx_event_quic.c
@@ -509,9 +509,6 @@ ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc)
              *  to terminate the connection immediately.
              */
 
-            qc->error_level = c->ssl ? SSL_quic_read_level(c->ssl->connection)
-                                     : ssl_encryption_initial;
-
             if (qc->error == (ngx_uint_t) -1) {
                 qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
                 qc->error_app = 0;
@@ -524,17 +521,19 @@ ngx_quic_close_connection(ngx_connection_t *c, ngx_int_t rc)
                            qc->error_app ? "app " : "", qc->error,
                            qc->error_reason ? qc->error_reason : "");
 
-            if (rc == NGX_OK) {
-                ctx = ngx_quic_get_send_ctx(qc, qc->error_level);
-                ngx_add_timer(&qc->close, 3 * ngx_quic_pto(c, ctx));
-            }
+            for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
+                ctx = &qc->send_ctx[i];
 
-            (void) ngx_quic_send_cc(c);
+                if (!ngx_quic_keys_available(qc->keys, ctx->level)) {
+                    continue;
+                }
 
-            if (qc->error_level == ssl_encryption_handshake) {
-                /* for clients that might not have handshake keys */
-                qc->error_level = ssl_encryption_initial;
+                qc->error_level = ctx->level;
                 (void) ngx_quic_send_cc(c);
+
+                if (rc == NGX_OK && !qc->close.timer_set) {
+                    ngx_add_timer(&qc->close, 3 * ngx_quic_pto(c, ctx));
+                }
             }
         }