File tree 2 files changed +11
-14
lines changed
2 files changed +11
-14
lines changed Original file line number Diff line number Diff line change @@ -67,8 +67,10 @@ func (a *HandshakeAgent) Run(conn *Connection) {
6767 }
6868 close (conn .ConnectionRestart )
6969 case * RetryPacket :
70- // TODO: Validate this, https://tools.ietf.org/html/draft-ietf-quic-tls-25#section-5.8
71- if ! a .IgnoreRetry && bytes .Equal (conn .DestinationCID , p .OriginalDestinationCID ) && ! a .receivedRetry { // TODO: Check the original_connection_id TP too
70+ // TODO: Validate this, https://tools.ietf.org/html/draft-ietf-quic-tls-27#section-5.8
71+ if ! a .IgnoreRetry && ! a .receivedRetry {
72+ spew .Dump (p )
73+ a .Logger .Println ("A Retry packet was received, restarting the connection" )
7274 a .receivedRetry = true
7375 conn .DestinationCID = p .Header ().(* LongHeader ).SourceCID
7476 tlsTP , alpn := conn .TLSTPHandler , conn .ALPN
@@ -120,6 +122,11 @@ func (a *HandshakeAgent) Run(conn *Connection) {
120122 case i := <- tlsStatus :
121123 s := i .(TLSStatus )
122124 if s .Error != nil {
125+ if s .Completed && a .receivedRetry && ! bytes .Equal (conn .TLSTPHandler .ReceivedParameters .OriginalConnectionId , conn .OriginalDestinationCID ){
126+ a .Logger .Println ("The server include an invalid original_connection_id after sending a Retry" )
127+ s .Completed = false
128+ s .Error = errors .New (fmt .Sprint ("invalid original_connection_id" ))
129+ }
123130 a .HandshakeStatus .Submit (HandshakeStatus {s .Completed , s .Packet , s .Error })
124131 }
125132 tlsCompleted = s .Completed
Original file line number Diff line number Diff line change @@ -270,26 +270,16 @@ func NewInitialPacket(conn *Connection) *InitialPacket {
270270
271271type RetryPacket struct {
272272 abstractPacket
273- OriginalDestinationCID ConnectionID
274273 RetryToken []byte
275274 RetryIntegrityTag [16 ]byte
276275}
277276func ReadRetryPacket (buffer * bytes.Reader , conn * Connection ) * RetryPacket {
278277 p := new (RetryPacket )
279278 h := ReadLongHeader (buffer , conn ) // TODO: This should not be a full-length long header. Retry header ?
280279 p .header = h
281- if conn .Version < 0xff000019 {
282- OCIDL , _ := buffer .ReadByte ()
283- p .OriginalDestinationCID = make ([]byte , OCIDL )
284- buffer .Read (p .OriginalDestinationCID )
285- p .RetryToken = make ([]byte , buffer .Len ())
286- } else {
287- p .RetryToken = make ([]byte , buffer .Len () - len (p .RetryIntegrityTag ))
288- }
280+ p .RetryToken = make ([]byte , buffer .Len () - len (p .RetryIntegrityTag ))
289281 buffer .Read (p .RetryToken )
290- if conn .Version >= 0xff000019 {
291- buffer .Read (p .RetryIntegrityTag [:])
292- }
282+ buffer .Read (p .RetryIntegrityTag [:])
293283 return p
294284}
295285func (p * RetryPacket ) GetRetransmittableFrames () []Frame { return nil }
You can’t perform that action at this time.
0 commit comments