From: Neil Horman Date: Sun, 9 Mar 2025 19:19:40 +0000 (-0400) Subject: Exclude retry test with msquic server from interop X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2fb4cfe143daa4644cf10b9f1ed3cdd940c5e1f8;p=thirdparty%2Fopenssl.git Exclude retry test with msquic server from interop With the addition of larger ml-kem keys in our tls handshake, we've uncovered a interop failure, as described here: https://github.com/microsoft/msquic/issues/4905 In short, when we send a client hello that spans multiple datagrams, the servers sends an ACK frame in a datagram prior to sending its server hello. msquic however, recomputes a new SCID always when sending its sserver hello, which is fine nominally, but because in this test the server sends a retry frame to update the SCID, followed by an ACK using that SCID (which is an initial packet), msquic violates the RFC in section 7.2 which states: Once a client has received a valid Initial packet from the server, it MUST discard any subsequent packet it receives on that connection with a different Source Connection ID Because msquic sent an initial packet with that ACK frame, we are required to discard subsequent frames on the connection containing a different SCID. Until msquic fixes that in their implementation we are going to fail the retry interop test, so for now, lets exclude the test. Also, while we're at it, re-add chrome into the client list for our server tests, as that seems to have been lost during the merge. Fixes openssl/project#1132 Reviewed-by: Saša Nedvědický Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/27014) --- diff --git a/.github/workflows/run_quic_interop.yml b/.github/workflows/run_quic_interop.yml index 1f04ec4b863..43679c96060 100644 --- a/.github/workflows/run_quic_interop.yml +++ b/.github/workflows/run_quic_interop.yml @@ -12,6 +12,9 @@ jobs: matrix: tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing, ipv6] servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy] + exclude: + - clients: msquic + tests: retry fail-fast: false runs-on: ubuntu-latest steps: @@ -39,7 +42,7 @@ jobs: strategy: matrix: tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit, ipv6] - clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl] + clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl, chrome] exclude: - clients: mvfst tests: amplificationlimit