# HG changeset patch
# User Roman Arutyunyan <a...@nginx.com>
# Date 1683212627 -14400
# Thu May 04 19:03:47 2023 +0400
# Branch quic
# Node ID 99591a6dd409e18adb6bd2a895d940f7c0415080
# Parent 2610c54070bec4e55b6c9d31c16e8526fc8ee1ae
QUIC: fixed encryption level in ngx_quic_frame_sendto().
Previously, ssl_encryption_application was hardcoded. Before 9553eea74f2a
ngx_quic_frame_sendto() was used only for PATH_CHALLENGE/PATH_RESPONSE, which
are only sent at the application level. Since 9553eea74f2a,
ngx_quic_frame_sendto() is also used for sending CONNECTION_CLOSE, which can
be sent at initial level after SSL handshake error or rejection. This
resulted in packet encryption error. Now level is copied from frame, which
fixes the error.
diff --git a/src/event/quic/ngx_event_quic_output.c
b/src/event/quic/ngx_event_quic_output.c
--- a/src/event/quic/ngx_event_quic_output.c
+++ b/src/event/quic/ngx_event_quic_output.c
@@ -1223,7 +1223,7 @@ ngx_quic_frame_sendto(ngx_connection_t *
static u_char dst[NGX_QUIC_MAX_UDP_PAYLOAD_SIZE];
qc = ngx_quic_get_connection(c);
- ctx = ngx_quic_get_send_ctx(qc, ssl_encryption_application);
+ ctx = ngx_quic_get_send_ctx(qc, frame->level);
ngx_quic_init_packet(c, ctx, &pkt, path);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
