ngtcp2: lack of support for key update makes QUIC connections fail #4612
Labels
Comments
bagder
added a commit
that referenced
this issue
Nov 18, 2019
This was referenced Nov 18, 2019
Closed
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Trying a HTTP/3 request with ngtcp2 from current git master fails. It results in an assert in ngtcp2 due lack of support for the updated way ngtcp2 wants key updates done.
@tatsuhiro-t explained (in this comment) what needs to be done:
The new secret is derived from the previous secret. I think curl has to store the first secret somewhere in struct.
curl/lib/vquic/ngtcp2.c
Line 163 in 7627a2d
In ngtcp2_crypto_update_key, the remembered rx_secret and tx_secret are passed to ngtcp2_crypto_update_key as current_rx_secret and current_tx_secret. The function writes new secret and traffic keys and IVs in the provided buffers.
The length of secret is same as the current one. Once new secret is obtained, application should keep it for the next generation of secrets. It can discard current secrets.
The text was updated successfully, but these errors were encountered: