-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
QUIC: Do not discard the INITIAL el too early #21713
Conversation
RFC says that successful decryption of HANDSHAKE el packet triggers the discard on server side only. On client we discard INITIAL el when we successfully send a HANDSHAKE packet.
This fixes interop with quic.tech:4433 |
Not sure how to test it so setting |
75-test_quicapi.t needs to be adjusted. |
Also adds saving the new trace to ssltraceref-new.txt in test-runs which can be handy when the trace changes and needs to be updated.
Yep, and that is actually the test case. 😁 |
Aargh... this makes the ssltraceref non-deterministic. |
Good catch. LGTM once this passes. |
It seems we're sending PINGs very early. I'll need to investigate that. |
For some reason openssl/openssl#21713 causes SSL_accept_stream() to return NULL now. note that looks OK according to: https://www.openssl.org/docs/manmaster/man3/SSL_accept_stream.html
All my interop tests are passing now. |
I did a bunch of tests on a "slow" win64 I am not able to reproduce the failing test. |
8f403f4
to
d878df2
Compare
096f572
to
56ea15b
Compare
Does it really? The MAX_NAT_INTERVAL is 25s where the the half of max_idle_timeout is 15s |
@t8m After more tests in fact it doesn't change anything. |
I am getting crazy: I have put a trace in ssl/quic/quic_channel.c near: |
Have you ever triggered the actual failure of the test locally? Because I am unable to. It just happens in the CI. |
And use QTEST_FLAG_FAKE_TIME with test_ssl_trace().
9fe5b14
to
772f5c6
Compare
@jfclere another possibility of ping frame is a probe whose deadline is much shorter because it is based on RTT. The faked client time seems to resolve this. So this is now ready for review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good other than using fake time, that doesn't make sense AFAICT.
This pull request is ready to merge |
Merged to master branch. Thank you for the reviews. |
RFC says that successful decryption of HANDSHAKE el packet triggers the discard on server side only. On client we discard INITIAL el when we successfully send a HANDSHAKE packet. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
Also adds saving the new trace to ssltraceref-new.txt in test-runs which can be handy when the trace changes and needs to be updated. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
And use QTEST_FLAG_FAKE_TIME with test_ssl_trace(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
RFC says that successful decryption of HANDSHAKE el packet triggers the discard on server side only.
On client we discard INITIAL el when we successfully send a HANDSHAKE packet.
Fixes #21607