Skip to content

/ curl

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ngtcp2: lack of support for key update makes QUIC connections fail #4612

Closed
bagder opened this issue Nov 17, 2019 · 0 comments
Closed

ngtcp2: lack of support for key update makes QUIC connections fail #4612

bagder opened this issue Nov 17, 2019 · 0 comments
Assignees
@bagder
Labels
HTTP/3

Comments

@bagder
Copy link
Member

@bagder bagder commented Nov 17, 2019
edited

Trying a HTTP/3 request with ngtcp2 from current git master fails. It results in an assert in ngtcp2 due lack of support for the updated way ngtcp2 wants key updates done.

@tatsuhiro-t explained (in this comment) what needs to be done:

The new secret is derived from the previous secret. I think curl has to store the first secret somewhere in struct.

curl/lib/vquic/ngtcp2.c

Line 163 in 7627a2d

static int quic_set_encryption_secrets(SSL *ssl,
provide rx_secret and tx_secret. If level == NGTCP2_CRYPTO_LEVEL_APP, store them somewhere. I plan to store these secrets in ngtcp2_conn in order to make this process easier. For now, application has to do extra step.

In ngtcp2_crypto_update_key, the remembered rx_secret and tx_secret are passed to ngtcp2_crypto_update_key as current_rx_secret and current_tx_secret. The function writes new secret and traffic keys and IVs in the provided buffers.
The length of secret is same as the current one. Once new secret is obtained, application should keep it for the next generation of secrets. It can discard current secrets.
@bagder bagder added the HTTP/3 label Nov 17, 2019
bagder added a commit that referenced this issue Nov 18, 2019
@bagder
ngtcp2: handle key updates as ngtcp2 master branch tells us
Verified
This commit was signed with a verified signature.
bagder Daniel Stenberg
GPG key ID: 5CC908FDB71E12C2 Learn about signing commits
Loading status checks…
da0d367 
Fixes #4612
This was referenced Nov 18, 2019
Closed
Closed
@bagder bagder self-assigned this Nov 18, 2019
@bagder bagder closed this in a72b6b9 Nov 18, 2019
@lock lock bot locked as resolved and limited conversation to collaborators Feb 16, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bagder bagder

Labels
HTTP/3
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

ngtcp2: handle key updates as ngtcp2 master branch tells us
1 participant
@bagder
You can’t perform that action at this time.