| 1 | # HG changeset patch
|
|---|
| 2 | # User Roman Arutyunyan <arut@nginx.com>
|
|---|
| 3 | # Date 1685189041 -14400
|
|---|
| 4 | # Sat May 27 16:04:01 2023 +0400
|
|---|
| 5 | # Node ID 4213b548c7b8f0f9413d79b3c1c78408412dcb3f
|
|---|
| 6 | # Parent 8eae1b4f1c5528b063351804168a6085f5f50b42
|
|---|
| 7 | QUIC: fixed compat with ciphers other than AES128 (ticket #2500).
|
|---|
| 8 |
|
|---|
| 9 | Previously, rec.level field was not uninitialized in SSL_provide_quic_data().
|
|---|
| 10 | As a result, its value was always ssl_encryption_initial. Later in
|
|---|
| 11 | ngx_quic_ciphers() such level resulted in resetting the cipher to
|
|---|
| 12 | TLS1_3_CK_AES_128_GCM_SHA256 and using AES128 to encrypt the packet.
|
|---|
| 13 |
|
|---|
| 14 | Now the level is initialized and the cipher is fixed.
|
|---|
| 15 |
|
|---|
| 16 | diff --git a/src/event/quic/ngx_event_quic_openssl_compat.c b/src/event/quic/ngx_event_quic_openssl_compat.c
|
|---|
| 17 | --- a/src/event/quic/ngx_event_quic_openssl_compat.c
|
|---|
| 18 | +++ b/src/event/quic/ngx_event_quic_openssl_compat.c
|
|---|
| 19 | @@ -463,6 +463,7 @@ SSL_provide_quic_data(SSL *ssl, enum ssl
|
|---|
| 20 | rec.log = c->log;
|
|---|
| 21 | rec.number = com->read_record++;
|
|---|
| 22 | rec.keys = &com->keys;
|
|---|
| 23 | + rec.level = level;
|
|---|
| 24 |
|
|---|
| 25 | if (level == ssl_encryption_initial) {
|
|---|
| 26 | n = ngx_min(len, 65535);
|
|---|
