git.ipfire.org Git - thirdparty/openssl.git/commit

author	Neil Horman <nhorman@openssl.org>
	Sun, 9 Mar 2025 19:19:40 +0000 (15:19 -0400)
committer	Neil Horman <nhorman@openssl.org>
	Wed, 12 Mar 2025 14:28:04 +0000 (10:28 -0400)
commit	2fb4cfe143daa4644cf10b9f1ed3cdd940c5e1f8
tree	f68cbcb9228913ec38bc8c09d08cdd66de584b85	tree
parent	b2762763e9015e778eff0d303a38f0b6082c8591	commit \| diff

Exclude retry test with msquic server from interop

With the addition of larger ml-kem keys in our tls handshake, we've
uncovered a interop failure, as described here:
https://github.com/microsoft/msquic/issues/4905

In short, when we send a client hello that spans multiple datagrams, the
servers sends an ACK frame in a datagram prior to sending its server
hello. msquic however, recomputes a new SCID always when sending its
sserver hello, which is fine nominally, but because in this test the
server sends a retry frame to update the SCID, followed by an ACK using
that SCID (which is an initial packet), msquic violates the RFC in
section 7.2 which states:

Once a client has received a valid Initial packet from the server, it MUST
discard any subsequent packet it receives on that connection with a
different Source Connection ID

Because msquic sent an initial packet with that ACK frame, we are
required to discard subsequent frames on the connection containing a
different SCID.

Until msquic fixes that in their implementation we are going to fail the
retry interop test, so for now, lets exclude the test.

Also, while we're at it, re-add chrome into the client list for our
server tests, as that seems to have been lost during the merge.

Fixes openssl/project#1132

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27014)