QUIC: refactored OCSP validation in preparation for 0-RTT support.

2025-07-27 23:56:18 +08:00 · 2021-10-26 17:43:10 +03:00 · 2021-10-26 17:43:10 +03:00 · 2f754d5dcf
commit 2f754d5dcf
parent 12bda330d9
3 changed files with 33 additions and 13 deletions
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@ -361,7 +361,6 @@ static ngx_int_t
 ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
 {
    int                     n, sslerr;
    ngx_int_t               rc;
    ngx_buf_t              *b;
    ngx_chain_t            *cl;
    ngx_ssl_conn_t         *ssl_conn;
@ -463,19 +462,10 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
        return NGX_ERROR;
    }
-    rc = ngx_ssl_ocsp_validate(c);
+    if (ngx_quic_init_streams(c) != NGX_OK) {
    if (rc == NGX_ERROR) {
        return NGX_ERROR;
    }
    if (rc == NGX_AGAIN) {
        c->ssl->handler = ngx_quic_init_streams;
        return NGX_OK;
    }
    ngx_quic_init_streams(c);
    return NGX_OK;
 }
--- a/src/event/quic/ngx_event_quic_streams.c
+++ b/src/event/quic/ngx_event_quic_streams.c
@ -16,6 +16,7 @@
 static ngx_quic_stream_t *ngx_quic_create_client_stream(ngx_connection_t *c,
    uint64_t id);
 static ngx_int_t ngx_quic_init_stream(ngx_quic_stream_t *qs);
 static void ngx_quic_init_streams_handler(ngx_connection_t *c);
 static ngx_quic_stream_t *ngx_quic_create_stream(ngx_connection_t *c,
    uint64_t id);
 static void ngx_quic_empty_handler(ngx_event_t *ev);
@ -369,8 +370,37 @@ ngx_quic_init_stream(ngx_quic_stream_t *qs)
 }
-void
+ngx_int_t
 ngx_quic_init_streams(ngx_connection_t *c)
 {
    ngx_int_t               rc;
    ngx_quic_connection_t  *qc;
    qc = ngx_quic_get_connection(c);
    if (qc->streams.initialized) {
        return NGX_OK;
    }
    rc = ngx_ssl_ocsp_validate(c);
    if (rc == NGX_ERROR) {
        return NGX_ERROR;
    }
    if (rc == NGX_AGAIN) {
        c->ssl->handler = ngx_quic_init_streams_handler;
        return NGX_OK;
    }
    ngx_quic_init_streams_handler(c);
    return NGX_OK;
 }
 static void
 ngx_quic_init_streams_handler(ngx_connection_t *c)
 {
    ngx_queue_t            *q;
    ngx_quic_stream_t      *qs;
--- a/src/event/quic/ngx_event_quic_streams.h
+++ b/src/event/quic/ngx_event_quic_streams.h
@ -31,7 +31,7 @@ ngx_int_t ngx_quic_handle_stop_sending_frame(ngx_connection_t *c,
 ngx_int_t ngx_quic_handle_max_streams_frame(ngx_connection_t *c,
    ngx_quic_header_t *pkt, ngx_quic_max_streams_frame_t *f);
-void ngx_quic_init_streams(ngx_connection_t *c);
+ngx_int_t ngx_quic_init_streams(ngx_connection_t *c);
 void ngx_quic_rbtree_insert_stream(ngx_rbtree_node_t *temp,
    ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel);
 ngx_quic_stream_t *ngx_quic_find_stream(ngx_rbtree_t *rbtree,