From 89dda20510bf7dac952a2dc0b5f29deba376e25f Mon Sep 17 00:00:00 2001 From: Vladimir Homutov Date: Fri, 29 Jan 2021 15:53:47 +0300 Subject: QUIC: stateless retry. Previously, quic connection object was created when Retry packet was sent. This is neither necessary nor convenient, and contradicts the idea of retry: protecting from bad clients and saving server resources. Now, the connection is not created, token is verified cryptographically instead of holding it in connection. --- src/http/modules/ngx_http_quic_module.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'src/http/modules/ngx_http_quic_module.c') diff --git a/src/http/modules/ngx_http_quic_module.c b/src/http/modules/ngx_http_quic_module.c index 5314af35b..901d1a563 100644 --- a/src/http/modules/ngx_http_quic_module.c +++ b/src/http/modules/ngx_http_quic_module.c @@ -346,10 +346,8 @@ ngx_http_quic_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child) ngx_conf_merge_value(conf->retry, prev->retry, 0); - if (conf->retry) { - if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) { - return NGX_CONF_ERROR; - } + if (RAND_bytes(conf->token_key, sizeof(conf->token_key)) <= 0) { + return NGX_CONF_ERROR; } ngx_conf_merge_str_value(conf->sr_token_key, prev->sr_token_key, ""); -- cgit