mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
QUIC CONFORMANCE: RFC 9000 s. 17.2.2: Enforce no initial token from server
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21135)
This commit is contained in:
parent
08cb9a8327
commit
fd0d593220
@ -1908,6 +1908,19 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch)
|
||||
break;
|
||||
}
|
||||
|
||||
if (!ch->is_server
|
||||
&& ch->qrx_pkt->hdr->type == QUIC_PKT_TYPE_INITIAL
|
||||
&& ch->qrx_pkt->hdr->token_len > 0) {
|
||||
/*
|
||||
* RFC 9000 s. 17.2.2: Clients that receive an Initial packet with a
|
||||
* non-zero Token Length field MUST either discard the packet or
|
||||
* generate a connection error of type PROTOCOL_VIOLATION.
|
||||
*/
|
||||
ossl_quic_channel_raise_protocol_error(ch, QUIC_ERR_PROTOCOL_VIOLATION,
|
||||
0, "client received initial token");
|
||||
break;
|
||||
}
|
||||
|
||||
/* This packet contains frames, pass to the RXDP. */
|
||||
ossl_quic_handle_frames(ch, ch->qrx_pkt); /* best effort */
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user