MINOR: quic: No TX secret at EARLY_DATA encryption level

The TLS does not provide us with TX secrets after we have provided it
with 0-RTT data. This is logic: the server does not need to send 0-RTT
data. We must skip the section where such secrets are derived if we do not
want to close the connection with a TLS alert.

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 55c45f964bf0a0904c0c6097c5f36bd4637403f9..d1f1c5beca2f7c0869c9b783b87088918f892861 100644 (file)
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -812,6 +812,10 @@ int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level,
        }
 
        rx->flags |= QUIC_FL_TLS_SECRETS_SET;
+
+       if (!write_secret)
+               goto tp;
+
        if (!quic_tls_derive_keys(tx->aead, tx->hp, tx->md, tx->key, tx->keylen,
                                  tx->iv, tx->ivlen, tx->hp_key, sizeof tx->hp_key,
                                  write_secret, secret_len)) {
@@ -820,6 +824,7 @@ int ha_quic_set_encryption_secrets(SSL *ssl, enum ssl_encryption_level_t level,
        }
 
        tx->flags |= QUIC_FL_TLS_SECRETS_SET;
+ tp:
        if (objt_server(conn->target) && level == ssl_encryption_application) {
                const unsigned char *buf;
                size_t buflen;