mirror/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git synced 2026-02-18 11:06:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

MINOR: quic: Do not drop secret key but drop the CRYPTO data

Browse Source 
We need to be able to decrypt late Handshake packets after the TLS secret
keys have been discarded. If not the peer send Handshake packet which have
not been acknowledged. But for such packets, we discard the CRYPTO data.
This commit is contained in:
Frédéric Lécaille
2022-01-03 17:00:35 +01:00
parent ee2b8b377f
commit 917a7dbdc7
2 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/haproxy/quic_tls.h
View File

@@ -459,7 +459,6 @@ static inline void quic_tls_discard_keys(struct quic_enc_level *qel)
{
qel->tls_ctx.rx.flags |= QUIC_FL_TLS_SECRETS_DCD;
qel->tls_ctx.tx.flags |= QUIC_FL_TLS_SECRETS_DCD;
quic_tls_ctx_secs_free(&qel->tls_ctx);
}
/* Derive the initial secrets with <ctx> as QUIC TLS context which is the