for (i = 0; i < NGX_QUIC_SEND_CTX_LAST; i++) {
ctx = &qc->send_ctx[i];
- if (!ngx_quic_keys_available(qc->keys, ctx->level)) {
+ if (!ngx_quic_keys_available(qc->keys, ctx->level, 1)) {
continue;
}
c->log->action = "decrypting packet";
- if (!ngx_quic_keys_available(qc->keys, pkt->level)) {
+ if (!ngx_quic_keys_available(qc->keys, pkt->level, 0)) {
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"quic no %s keys, ignoring packet",
ngx_quic_level_name(pkt->level));
qc = ngx_quic_get_connection(c);
- if (!ngx_quic_keys_available(qc->keys, level)) {
+ if (!ngx_quic_keys_available(qc->keys, level, 0)
+ && !ngx_quic_keys_available(qc->keys, level, 1))
+ {
return;
}
ngx_uint_t
ngx_quic_keys_available(ngx_quic_keys_t *keys,
- enum ssl_encryption_level_t level)
+ enum ssl_encryption_level_t level, ngx_uint_t is_write)
{
- return keys->secrets[level].client.key.len != 0;
+ if (is_write == 0) {
+ return keys->secrets[level].client.key.len != 0;
+ }
+
+ return keys->secrets[level].server.key.len != 0;
}
enum ssl_encryption_level_t level)
{
keys->secrets[level].client.key.len = 0;
+ keys->secrets[level].server.key.len = 0;
}
enum ssl_encryption_level_t level, const SSL_CIPHER *cipher,
const uint8_t *secret, size_t secret_len);
ngx_uint_t ngx_quic_keys_available(ngx_quic_keys_t *keys,
- enum ssl_encryption_level_t level);
+ enum ssl_encryption_level_t level, ngx_uint_t is_write);
void ngx_quic_keys_discard(ngx_quic_keys_t *keys,
enum ssl_encryption_level_t level);
void ngx_quic_keys_switch(ngx_connection_t *c, ngx_quic_keys_t *keys);
}
if (n <= 0 || SSL_in_init(ssl_conn)) {
- if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data)
+ if (ngx_quic_keys_available(qc->keys, ssl_encryption_early_data, 0)
&& qc->client_tp_done)
{
if (ngx_quic_init_streams(c) != NGX_OK) {
projects / nginx.git / commitdiff