walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

nghttpx: Postpone early data processing if CH replay detected

This commit is contained in:
Tatsuhiro Tsujikawa 2017-05-16 23:32:57 +09:00
parent 5e59577e93
commit abcdca91ba
3 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/shrpx_connection.cc
View File

@ -145,6 +145,7 @@ void Connection::disconnect() {
tls.sct_requested = false; tls.sct_requested = false;
tls.early_data_finish = false; tls.early_data_finish = false;
tls.early_cb_called = false; tls.early_cb_called = false;
tls.postpone_early_data = false;
} }
if (fd != -1) { if (fd != -1) {
@ -456,7 +457,8 @@ int Connection::tls_handshake() {
// server waits for EndOfEarlyData and Finished message from // server waits for EndOfEarlyData and Finished message from
// client, which voids the purpose of 0-RTT data. The left // client, which voids the purpose of 0-RTT data. The left
// over of handshake is done through write_tls or read_tls. // over of handshake is done through write_tls or read_tls.
if ((tls.handshake_state == TLS_CONN_WRITE_STARTED || if (!tls.postpone_early_data &&
(tls.handshake_state == TLS_CONN_WRITE_STARTED ||
tls.wbuf.rleft()) && tls.wbuf.rleft()) &&
tls.earlybuf.rleft()) { tls.earlybuf.rleft()) {
rv = 1; rv = 1;
@ -478,7 +480,8 @@ int Connection::tls_handshake() {
} }
tls.early_data_finish = true; tls.early_data_finish = true;
// The same reason stated above. // The same reason stated above.
if ((tls.handshake_state == TLS_CONN_WRITE_STARTED || if (!tls.postpone_early_data &&
(tls.handshake_state == TLS_CONN_WRITE_STARTED ||
tls.wbuf.rleft()) && tls.wbuf.rleft()) &&
tls.earlybuf.rleft()) { tls.earlybuf.rleft()) {
rv = 1; rv = 1;

3
src/shrpx_connection.h
View File

@ -94,6 +94,9 @@ struct TLSConnection {
bool early_data_finish; bool early_data_finish;
// true if early_cb gets called. // true if early_cb gets called.
bool early_cb_called; bool early_cb_called;
// true if processing early data should be postponed until handshake
// finishes.
bool postpone_early_data;
}; };
struct TCPHint { struct TCPHint {

7
src/shrpx_tls.cc
View File

@ -613,9 +613,10 @@ int early_cb(SSL *ssl, int *al, void *arg) {
conn->tls.anti_replay_req = nullptr; conn->tls.anti_replay_req = nullptr;
if (res.status_code != 0) { if (res.status_code != 0) {
// If we cannot add key/value, just disable 0-RTT early data. // If we cannot add key/value, just postpone processing 0-RTT
// Note that memcached atomically adds key/value. // early data until handshake finishes. Note that memcached
conn->tls.early_data_finish = true; // atomically adds key/value.
conn->tls.postpone_early_data = true;
} }
conn->tls.handshake_state = TLS_CONN_NORMAL; conn->tls.handshake_state = TLS_CONN_NORMAL;