From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 8 Oct 2025 11:30:12 +0000 (+0200)
Subject: quiche: handle tls fail correctly
X-Git-Tag: rc-8_17_0-1~52
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cc7b12347b06378cf5558636e15d3c19a48d836a;p=thirdparty%2Fcurl.git

quiche: handle tls fail correctly

quiche receive may report a TLS failure after a verified handshake. That
needs to lead to a transfer receive error.

Reported-by: Joshua Rogers
Closes #18934
---

diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
index f5fd20fccb..1ae159bd4c 100644
--- a/lib/vquic/curl_quiche.c
+++ b/lib/vquic/curl_quiche.c
@@ -666,9 +666,11 @@ static CURLcode recv_pkt(const unsigned char *pkt, size_t pktlen,
               X509_verify_cert_error_string(verify_ok));
         return CURLE_PEER_FAILED_VERIFICATION;
       }
+      failf(r->data, "ingress, quiche reports TLS fail");
+      return CURLE_RECV_ERROR;
     }
     else {
-      failf(r->data, "quiche_conn_recv() == %zd", nread);
+      failf(r->data, "quiche reports error %zd on receive", nread);
       return CURLE_RECV_ERROR;
     }
   }