[openssl/openssl] 3a0012: Handle non IO based retry errors in QUIC

Matt Caswell noreply at github.com
Sat Sep 2 14:26:11 UTC 2023 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 3a0012cb52bef4df54bd46946d7ff783c24b4305
      https://github.com/openssl/openssl/commit/3a0012cb52bef4df54bd46946d7ff783c24b4305
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-09-02 (Sat, 02 Sep 2023)

  Changed paths:
    M ssl/quic/quic_impl.c
    M ssl/quic/quic_tls.c

  Log Message:
  -----------
  Handle non IO based retry errors in QUIC

SSL_get_error() may respond with some retry errors that are not IO related.
In particular SSL_ERROR_WANT_RETRY_VERIFY and SSL_ERROR_WANT_X509_LOOKUP.
These can occur during a TLS handshake. If they occur when a QUIC Connection
is performing a TLS handshake then we need to propagate these up to the QCSO.

We also handle SSL_ERROR_WANT_CLIENT_HELLO_CB. This one will only ever
occur on the server side which we don't currently support. However adding
the handling for it now is identical to all the other handling so including
it is no cost, and will be needed when we do add server support.

We are not concerned with SSL_ERROR_WANT_ASYNC or SSL_ERROR_WANT_ASYNC_JOB
since we do not support async operation with QUIC.

Fixes openssl/project#199

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21922)


  Commit: 48724e8a205c732705c3f54a3bd43d7049e77774
      https://github.com/openssl/openssl/commit/48724e8a205c732705c3f54a3bd43d7049e77774
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-09-02 (Sat, 02 Sep 2023)

  Changed paths:
    M doc/designs/quic-design/quic-fault-injector.md
    M test/helpers/quictestlib.c
    M test/helpers/quictestlib.h
    M test/quicapitest.c

  Log Message:
  -----------
  Add a test for QUIC non IO retry errors

Test that errors such as SSL_ERROR_WANT_RETRY_VERIFY are properly
handled by QUIC connections.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21922)


Compare: https://github.com/openssl/openssl/compare/7b8e27bc2e02...48724e8a205c

More information about the openssl-commits mailing list