wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard

Published 20 hours ago verified publisher icon wolfSSL

QUIC session resumption and early data handshake handling.

Open icing opened this issue 3 years ago • 2 comments
trafficstars

Description

In test with ngtcp2 example client using openssl, session resumption against a QUIC wolfssl server failed. The error was tracked down to wolfSSL believing EaryData needs to be handled and returning SUCCESS from wolfSSL_SSL_do_handshake() after the server Finished had been sent.

However the handshake was not complete and ngtcp2 invoked the post_handshake processing for new data arriving from the client. This failed a check in post processing that the ssl->handShakeState actually was HANDSHAKE_DONE.

The workaround in this PR repeats do_handshake until the ssl state acually says it is complete. This way, session resumption works.

Either this alternative do_handshake() is merged for QUIC protocol hanlders. Or we need to fix the 'normal' do_handshake() to no return SUCCESS when early data is expected on a QUIC WOLFSSL.

Testing

Using ngtcp2 example client/server mix with OpenSSL and wolfSSL crypto libraries.

icing avatar Aug 10 '22 13:08 icing

Can one of the wolfSSL admins verify this patch?

wolfSSL-Bot avatar Aug 10 '22 13:08 wolfSSL-Bot

Jenkins test this please

dgarske avatar Aug 10 '22 13:08 dgarske

Thanks for the fast merge, @dgarske !

icing avatar Aug 11 '22 07:08 icing