]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a969af8) | patch
Augment RETRY validation token
authorAndrew Dinh <andrewd@openssl.org>
Wed, 27 Nov 2024 20:35:16 +0000 (12:35 -0800)
committerNeil Horman <nhorman@openssl.org>
Sat, 11 Jan 2025 21:02:29 +0000 (16:02 -0500)
commit8a96b86ebbe346d62490cdfbe05964979c56ece3
treeb020b721e3a83b0bd2ab5bfd4f8cd62c2dc65e09tree | snapshot
parenta969af858c104b25a0002271802628ecb538f3c9commit | diff
Augment RETRY validation token

Adds fields to the QUIC RETRY packet validation token:
timestamp, remote_addr, odcid, & rscid.

Also adds functionality to validate the token once returned by the client.

Note that this does not encrypt the token yet.

Also check that the RSCID stored in the RETRY validation
token matches the DCID in the header.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26048)
ssl/quic/quic_port.c diff | blob | blame | history
ssl/quic/quic_tserver.c diff | blob | blame | history
test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt diff | blob | blame | history
test/recipes/75-test_quicapi_data/ssltraceref.txt diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git