| #
56e30325 |
| 17-Oct-2023 |
Matt Caswell |
Ignore retry packets that arrive too late
RFC 9000 s 17.2.5.2 says
> After the client has received and processed an Initial or Retry packet
> from the server, it MUST discard an
Ignore retry packets that arrive too late
RFC 9000 s 17.2.5.2 says
> After the client has received and processed an Initial or Retry packet
> from the server, it MUST discard any subsequent Retry packets that it
> receives.
We were checking for multiple Retry packets, but not if we had already
processed an Initial packet.
Fixes the assertion failure noted in
https://github.com/openssl/openssl/pull/22368#issuecomment-1765618884
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22411)
show more ...
|
| #
70e809b0 |
| 08-Sep-2023 |
Hugo Landau |
QUIC CHANNEL: Add missing duplicate TPARAM handling cases
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/opens
QUIC CHANNEL: Add missing duplicate TPARAM handling cases
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22039)
show more ...
|
| #
982dae89 |
| 11-Sep-2023 |
Matt Caswell |
Ensure QUIC-TLS errors raised during channel start are available to caller
TLS misconfiguration errors should be shown to the application to enable
diagnosis of the problem. Otherwise yo
Ensure QUIC-TLS errors raised during channel start are available to caller
TLS misconfiguration errors should be shown to the application to enable
diagnosis of the problem. Otherwise you just get a generical "internal
error" message.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22066)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
8c792b0c |
| 31-Aug-2023 |
Hugo Landau |
QUIC RXDP: Reuse allocations between ACK frame processing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope
QUIC RXDP: Reuse allocations between ACK frame processing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21917)
show more ...
|
| #
617b459d |
| 09-Aug-2023 |
Hugo Landau |
QUIC CHANNEL: Introduce concept of (non-)addressed mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/opens
QUIC CHANNEL: Introduce concept of (non-)addressed mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
show more ...
|
| #
be96180a |
| 09-Aug-2023 |
Hugo Landau |
QUIC CHANNEL: Cleanup poll descriptor management
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/open
QUIC CHANNEL: Cleanup poll descriptor management
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
show more ...
|
| #
549d0a70 |
| 09-Aug-2023 |
Hugo Landau |
QUIC CHANNEL: Only handle the first protocol error raised
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope
QUIC CHANNEL: Only handle the first protocol error raised
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
show more ...
|
| #
777a8a7f |
| 17-Aug-2023 |
Hugo Landau |
QUIC: Minimally handle version negotiation packets
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/op
QUIC: Minimally handle version negotiation packets
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
show more ...
|
| #
9d6bd3d3 |
| 22-Aug-2023 |
Hugo Landau |
QUIC APL: Implement backpressure on stream creation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/o
QUIC APL: Implement backpressure on stream creation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21811)
show more ...
|
| #
aa433014 |
| 17-Aug-2023 |
Matt Caswell |
Keep sending datagrams while we have data to send
If we've got more data to send than will fit in a single datagram we should
keep generating those datagrams until we've sent it all.
Keep sending datagrams while we have data to send
If we've got more data to send than will fit in a single datagram we should
keep generating those datagrams until we've sent it all.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
show more ...
|
| #
64fd6991 |
| 18-Aug-2023 |
Tomas Mraz |
ossl_quic_tx_packetiser_generate(): Always report if packets were sent
Even in case of later failure we need to flush
the previous packets.
Reviewed-by: Hugo Landau <hlandau@ope
ossl_quic_tx_packetiser_generate(): Always report if packets were sent
Even in case of later failure we need to flush
the previous packets.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
show more ...
|
| #
96014840 |
| 09-Aug-2023 |
Tomas Mraz |
QUIC: Miscellaneous error handling updates
Raise errors when appropriate.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged
QUIC: Miscellaneous error handling updates
Raise errors when appropriate.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
show more ...
|
| #
8fd32a0e |
| 15-Aug-2023 |
Tomas Mraz |
QUIC: Update ping deadline when we receive a packet
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openss
QUIC: Update ping deadline when we receive a packet
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
show more ...
|
| #
b6125b54 |
| 10-Aug-2023 |
Tomas Mraz |
QUIC: Do not discard the INITIAL el too early
RFC says that successful decryption of HANDSHAKE el packet
triggers the discard on server side only.
On client we discard INITIAL e
QUIC: Do not discard the INITIAL el too early
RFC says that successful decryption of HANDSHAKE el packet
triggers the discard on server side only.
On client we discard INITIAL el when we successfully send
a HANDSHAKE packet.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
show more ...
|
| #
cdd91631 |
| 01-Aug-2023 |
Pauli |
quic: process stateless resets
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21649)
|
| #
04c7fb53 |
| 07-Aug-2023 |
Matt Caswell |
NewSessionTickets with an early_data extension must have a valid max value
The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC.
NewSessionTickets with an early_data extension must have a valid max value
The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC. Otherwise it is a PROTOCOL_VIOLATION.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
show more ...
|
| #
b644a932 |
| 02-Aug-2023 |
Matt Caswell |
Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION
An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-han
Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION
An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-handsahke CertificateRequest then this
would be treated as a TLS protocol violation with an "unexpected message"
alert code. However RFC 9001 specifically requires us to treat this as
QUIC PROTOCOL_VIOLATION. So we have to translate the "unexpected message"
alert code in this one instance.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
show more ...
|
| #
f2609004 |
| 09-Aug-2023 |
Hugo Landau |
Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
|
| #
89b0948e |
| 28-Jul-2023 |
Hugo Landau |
QUIC CHANNEL: Tune RXFC default parameters
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pu
QUIC CHANNEL: Tune RXFC default parameters
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
show more ...
|
| #
40c8c756 |
| 26-Jul-2023 |
Hugo Landau |
QUIC APL/CHANNEL: Wire up connection closure reason
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/o
QUIC APL/CHANNEL: Wire up connection closure reason
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
show more ...
|
| #
ed75eb32 |
| 26-Jul-2023 |
Hugo Landau |
QUIC TEST: Test NEW_CONN_ID frames
Fixes https://github.com/openssl/project/issues/86
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
QUIC TEST: Test NEW_CONN_ID frames
Fixes https://github.com/openssl/project/issues/86
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
show more ...
|
| #
17340e87 |
| 26-Jul-2023 |
Hugo Landau |
QUIC TEST: Ensure PING causes ACK generation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/
QUIC TEST: Ensure PING causes ACK generation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
show more ...
|
| #
44cb36d0 |
| 24-Jul-2023 |
Tomas Mraz |
Resolve some of the TODO(QUIC) items
For some of the items we add FUTURE/SERVER/TESTING/MULTIPATH
designation to indicate these do not need to be resolved
in QUIC MVP release.
Resolve some of the TODO(QUIC) items
For some of the items we add FUTURE/SERVER/TESTING/MULTIPATH
designation to indicate these do not need to be resolved
in QUIC MVP release.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21539)
show more ...
|
| #
7a2bb210 |
| 03-Aug-2023 |
Hugo Landau |
QUIC TLS: Rethink error handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
|
