walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Postpone early data processing if CH replay detected

This commit is contained in:
Tatsuhiro Tsujikawa 2017-05-16 23:32:57 +09:00
parent 5e59577e93
commit abcdca91ba
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/shrpx_connection.cc
View File

@ -145,6 +145,7 @@ void Connection::disconnect() {
tls.sct_requested = false;
tls.early_data_finish = false;
tls.early_cb_called = false;
tls.postpone_early_data = false;
}
if (fd != -1) {
@ -456,7 +457,8 @@ int Connection::tls_handshake() {
// server waits for EndOfEarlyData and Finished message from
// client, which voids the purpose of 0-RTT data. The left
// over of handshake is done through write_tls or read_tls.
if ((tls.handshake_state == TLS_CONN_WRITE_STARTED ||
if (!tls.postpone_early_data &&
(tls.handshake_state == TLS_CONN_WRITE_STARTED ||
tls.wbuf.rleft()) &&
tls.earlybuf.rleft()) {
rv = 1;
@ -478,7 +480,8 @@ int Connection::tls_handshake() {
}
tls.early_data_finish = true;
// The same reason stated above.
if ((tls.handshake_state == TLS_CONN_WRITE_STARTED ||
if (!tls.postpone_early_data &&
(tls.handshake_state == TLS_CONN_WRITE_STARTED ||
tls.wbuf.rleft()) &&
tls.earlybuf.rleft()) {
rv = 1;

3
src/shrpx_connection.h
View File

@ -94,6 +94,9 @@ struct TLSConnection {
bool early_data_finish;
// true if early_cb gets called.
bool early_cb_called;
// true if processing early data should be postponed until handshake
// finishes.
bool postpone_early_data;
};
struct TCPHint {

7
src/shrpx_tls.cc
View File

@ -613,9 +613,10 @@ int early_cb(SSL *ssl, int *al, void *arg) {
conn->tls.anti_replay_req = nullptr;
if (res.status_code != 0) {
// If we cannot add key/value, just disable 0-RTT early data.
// Note that memcached atomically adds key/value.
conn->tls.early_data_finish = true;
// If we cannot add key/value, just postpone processing 0-RTT
// early data until handshake finishes. Note that memcached
// atomically adds key/value.
conn->tls.postpone_early_data = true;
}
conn->tls.handshake_state = TLS_CONN_NORMAL;