QUIC: Do not discard the INITIAL el too early #21713
Conversation
RFC says that successful decryption of HANDSHAKE el packet triggers the discard on server side only. On client we discard INITIAL el when we successfully send a HANDSHAKE packet.
t8m
added
branch: master
|
This fixes interop with quic.tech:4433 |
|
Not sure how to test it so setting |
|
75-test_quicapi.t needs to be adjusted. |
Also adds saving the new trace to ssltraceref-new.txt in test-runs which can be handy when the trace changes and needs to be updated.
Yep, and that is actually the test case. 😁 |
t8m
added
tests: present
|
Aargh... this makes the ssltraceref non-deterministic. |
|
Good catch. LGTM once this passes. |
It seems we're sending PINGs very early. I'll need to investigate that. |
For some reason openssl/openssl#21713 causes SSL_accept_stream() to return NULL now. note that looks OK according to: https://www.openssl.org/docs/manmaster/man3/SSL_accept_stream.html
|
All my interop tests are passing now. |
|
I did a bunch of tests on a "slow" win64 I am not able to reproduce the failing test. |
t8m
force-pushed
the
initial-discard-later
branch
from
8f403f4
to
d878df2
Compare
t8m
force-pushed
the
initial-discard-later
branch
from
096f572
to
56ea15b
Compare
Does it really? The MAX_NAT_INTERVAL is 25s where the the half of max_idle_timeout is 15s |
|
@t8m After more tests in fact it doesn't change anything. |
|
I am getting crazy: I have put a trace in ssl/quic/quic_channel.c near: |
|
Have you ever triggered the actual failure of the test locally? Because I am unable to. It just happens in the CI. |
And use QTEST_FLAG_FAKE_TIME with test_ssl_trace().
t8m
force-pushed
the
initial-discard-later
branch
from
9fe5b14
to
772f5c6
Compare
|
@jfclere another possibility of ping frame is a probe whose deadline is much shorter because it is based on RTT. The faked client time seems to resolve this. So this is now ready for review. |
mattcaswell
removed
the
approval: otc review pending
hlandau
added
approval: done
openssl-machine
removed
the
approval: done
|
This pull request is ready to merge |
openssl-machine
added
the
approval: ready to merge
|
Merged to master branch. Thank you for the reviews. |
RFC says that successful decryption of HANDSHAKE el packet triggers the discard on server side only. On client we discard INITIAL el when we successfully send a HANDSHAKE packet. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
Also adds saving the new trace to ssltraceref-new.txt in test-runs which can be handy when the trace changes and needs to be updated. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
And use QTEST_FLAG_FAKE_TIME with test_ssl_trace(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from #21713)
RFC says that successful decryption of HANDSHAKE el packet triggers the discard on server side only.
On client we discard INITIAL el when we successfully send a HANDSHAKE packet.
Fixes #21607